1 /*
2 * Simple DTLS client demonstration program
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22 #if !defined(MBEDTLS_CONFIG_FILE)
23 #include "mbedtls/config.h"
24 #else
25 #include MBEDTLS_CONFIG_FILE
26 #endif
27
28 #if defined(MBEDTLS_PLATFORM_C)
29 #include "mbedtls/platform.h"
30 #else
31 #include <stdio.h>
32 #define mbedtls_printf printf
33 #define mbedtls_fprintf fprintf
34 #endif
35
36 #if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
37 !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \
38 !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
39 !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
40 !defined(MBEDTLS_CERTS_C)
main(void)41 int main( void )
42 {
43 mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
44 "MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
45 "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
46 "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
47 "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" );
48 return( 0 );
49 }
50 #else
51
52 #include <string.h>
53
54 #include "mbedtls/net_sockets.h"
55 #include "mbedtls/debug.h"
56 #include "mbedtls/ssl.h"
57 #include "mbedtls/entropy.h"
58 #include "mbedtls/ctr_drbg.h"
59 #include "mbedtls/error.h"
60 #include "mbedtls/certs.h"
61 #include "mbedtls/timing.h"
62
63 #define SERVER_PORT "4433"
64 #define SERVER_NAME "localhost"
65 #define SERVER_ADDR "127.0.0.1" /* forces IPv4 */
66 #define MESSAGE "Echo this"
67
68 #define READ_TIMEOUT_MS 1000
69 #define MAX_RETRY 5
70
71 #define DEBUG_LEVEL 0
72
my_debug(void * ctx,int level,const char * file,int line,const char * str)73 static void my_debug( void *ctx, int level,
74 const char *file, int line,
75 const char *str )
76 {
77 ((void) level);
78
79 mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
80 fflush( (FILE *) ctx );
81 }
82
main(int argc,char * argv[])83 int main( int argc, char *argv[] )
84 {
85 int ret, len;
86 mbedtls_net_context server_fd;
87 uint32_t flags;
88 unsigned char buf[1024];
89 const char *pers = "dtls_client";
90 int retry_left = MAX_RETRY;
91
92 mbedtls_entropy_context entropy;
93 mbedtls_ctr_drbg_context ctr_drbg;
94 mbedtls_ssl_context ssl;
95 mbedtls_ssl_config conf;
96 mbedtls_x509_crt cacert;
97 mbedtls_timing_delay_context timer;
98
99 ((void) argc);
100 ((void) argv);
101
102 #if defined(MBEDTLS_DEBUG_C)
103 mbedtls_debug_set_threshold( DEBUG_LEVEL );
104 #endif
105
106 /*
107 * 0. Initialize the RNG and the session data
108 */
109 mbedtls_net_init( &server_fd );
110 mbedtls_ssl_init( &ssl );
111 mbedtls_ssl_config_init( &conf );
112 mbedtls_x509_crt_init( &cacert );
113 mbedtls_ctr_drbg_init( &ctr_drbg );
114
115 mbedtls_printf( "\n . Seeding the random number generator..." );
116 fflush( stdout );
117
118 mbedtls_entropy_init( &entropy );
119 if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
120 (const unsigned char *) pers,
121 strlen( pers ) ) ) != 0 )
122 {
123 mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
124 goto exit;
125 }
126
127 mbedtls_printf( " ok\n" );
128
129 /*
130 * 0. Load certificates
131 */
132 mbedtls_printf( " . Loading the CA root certificate ..." );
133 fflush( stdout );
134
135 ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
136 mbedtls_test_cas_pem_len );
137 if( ret < 0 )
138 {
139 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
140 goto exit;
141 }
142
143 mbedtls_printf( " ok (%d skipped)\n", ret );
144
145 /*
146 * 1. Start the connection
147 */
148 mbedtls_printf( " . Connecting to udp/%s/%s...", SERVER_NAME, SERVER_PORT );
149 fflush( stdout );
150
151 if( ( ret = mbedtls_net_connect( &server_fd, SERVER_ADDR,
152 SERVER_PORT, MBEDTLS_NET_PROTO_UDP ) ) != 0 )
153 {
154 mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
155 goto exit;
156 }
157
158 mbedtls_printf( " ok\n" );
159
160 /*
161 * 2. Setup stuff
162 */
163 mbedtls_printf( " . Setting up the DTLS structure..." );
164 fflush( stdout );
165
166 if( ( ret = mbedtls_ssl_config_defaults( &conf,
167 MBEDTLS_SSL_IS_CLIENT,
168 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
169 MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
170 {
171 mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
172 goto exit;
173 }
174
175 /* OPTIONAL is usually a bad choice for security, but makes interop easier
176 * in this simplified example, in which the ca chain is hardcoded.
177 * Production code should set a proper ca chain and use REQUIRED. */
178 mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
179 mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
180 mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
181 mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
182
183 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
184 {
185 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
186 goto exit;
187 }
188
189 if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
190 {
191 mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
192 goto exit;
193 }
194
195 mbedtls_ssl_set_bio( &ssl, &server_fd,
196 mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
197
198 mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
199 mbedtls_timing_get_delay );
200
201 mbedtls_printf( " ok\n" );
202
203 /*
204 * 4. Handshake
205 */
206 mbedtls_printf( " . Performing the SSL/TLS handshake..." );
207 fflush( stdout );
208
209 do ret = mbedtls_ssl_handshake( &ssl );
210 while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
211 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
212
213 if( ret != 0 )
214 {
215 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
216 goto exit;
217 }
218
219 mbedtls_printf( " ok\n" );
220
221 /*
222 * 5. Verify the server certificate
223 */
224 mbedtls_printf( " . Verifying peer X.509 certificate..." );
225
226 /* In real life, we would have used MBEDTLS_SSL_VERIFY_REQUIRED so that the
227 * handshake would not succeed if the peer's cert is bad. Even if we used
228 * MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */
229 if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
230 {
231 char vrfy_buf[512];
232
233 mbedtls_printf( " failed\n" );
234
235 mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
236
237 mbedtls_printf( "%s\n", vrfy_buf );
238 }
239 else
240 mbedtls_printf( " ok\n" );
241
242 /*
243 * 6. Write the echo request
244 */
245 send_request:
246 mbedtls_printf( " > Write to server:" );
247 fflush( stdout );
248
249 len = sizeof( MESSAGE ) - 1;
250
251 do ret = mbedtls_ssl_write( &ssl, (unsigned char *) MESSAGE, len );
252 while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
253 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
254
255 if( ret < 0 )
256 {
257 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
258 goto exit;
259 }
260
261 len = ret;
262 mbedtls_printf( " %d bytes written\n\n%s\n\n", len, MESSAGE );
263
264 /*
265 * 7. Read the echo response
266 */
267 mbedtls_printf( " < Read from server:" );
268 fflush( stdout );
269
270 len = sizeof( buf ) - 1;
271 memset( buf, 0, sizeof( buf ) );
272
273 do ret = mbedtls_ssl_read( &ssl, buf, len );
274 while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
275 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
276
277 if( ret <= 0 )
278 {
279 switch( ret )
280 {
281 case MBEDTLS_ERR_SSL_TIMEOUT:
282 mbedtls_printf( " timeout\n\n" );
283 if( retry_left-- > 0 )
284 goto send_request;
285 goto exit;
286
287 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
288 mbedtls_printf( " connection was closed gracefully\n" );
289 ret = 0;
290 goto close_notify;
291
292 default:
293 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret );
294 goto exit;
295 }
296 }
297
298 len = ret;
299 mbedtls_printf( " %d bytes read\n\n%s\n\n", len, buf );
300
301 /*
302 * 8. Done, cleanly close the connection
303 */
304 close_notify:
305 mbedtls_printf( " . Closing the connection..." );
306
307 /* No error checking, the connection might be closed already */
308 do ret = mbedtls_ssl_close_notify( &ssl );
309 while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
310 ret = 0;
311
312 mbedtls_printf( " done\n" );
313
314 /*
315 * 9. Final clean-ups and exit
316 */
317 exit:
318
319 #ifdef MBEDTLS_ERROR_C
320 if( ret != 0 )
321 {
322 char error_buf[100];
323 mbedtls_strerror( ret, error_buf, 100 );
324 mbedtls_printf( "Last error was: %d - %s\n\n", ret, error_buf );
325 }
326 #endif
327
328 mbedtls_net_free( &server_fd );
329
330 mbedtls_x509_crt_free( &cacert );
331 mbedtls_ssl_free( &ssl );
332 mbedtls_ssl_config_free( &conf );
333 mbedtls_ctr_drbg_free( &ctr_drbg );
334 mbedtls_entropy_free( &entropy );
335
336 #if defined(_WIN32)
337 mbedtls_printf( " + Press Enter to exit this program.\n" );
338 fflush( stdout ); getchar();
339 #endif
340
341 /* Shell can not handle large exit numbers -> 1 for errors */
342 if( ret < 0 )
343 ret = 1;
344
345 return( ret );
346 }
347 #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
348 MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
349 MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_CERTS_C &&
350 MBEDTLS_PEM_PARSE_C */
351
