1 /*
2  *  SSL client demonstration program
3  *
4  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  *
19  *  This file is part of mbed TLS (https://tls.mbed.org)
20  */
21 
22 #if !defined(MBEDTLS_CONFIG_FILE)
23 #include "mbedtls/config.h"
24 #else
25 #include MBEDTLS_CONFIG_FILE
26 #endif
27 
28 #if defined(MBEDTLS_PLATFORM_C)
29 #include "mbedtls/platform.h"
30 #else
31 #include <stdio.h>
32 #include <stdlib.h>
33 #define mbedtls_time       time
34 #define mbedtls_time_t     time_t
35 #define mbedtls_fprintf    fprintf
36 #define mbedtls_printf     printf
37 #endif
38 
39 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
40     !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
41     !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) ||         \
42     !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
43     !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
main(void)44 int main( void )
45 {
46     mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
47            "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
48            "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
49            "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
50            "not defined.\n");
51     return( 0 );
52 }
53 #else
54 
55 #include "mbedtls/net_sockets.h"
56 #include "mbedtls/debug.h"
57 #include "mbedtls/ssl.h"
58 #include "mbedtls/entropy.h"
59 #include "mbedtls/ctr_drbg.h"
60 #include "mbedtls/error.h"
61 #include "mbedtls/certs.h"
62 
63 #include <string.h>
64 
65 #define SERVER_PORT "4433"
66 #define SERVER_NAME "localhost"
67 #define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
68 
69 #define DEBUG_LEVEL 1
70 
my_debug(void * ctx,int level,const char * file,int line,const char * str)71 static void my_debug( void *ctx, int level,
72                       const char *file, int line,
73                       const char *str )
74 {
75     ((void) level);
76 
77     mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
78     fflush(  (FILE *) ctx  );
79 }
80 
main(void)81 int main( void )
82 {
83     int ret, len;
84     mbedtls_net_context server_fd;
85     uint32_t flags;
86     unsigned char buf[1024];
87     const char *pers = "ssl_client1";
88 
89     mbedtls_entropy_context entropy;
90     mbedtls_ctr_drbg_context ctr_drbg;
91     mbedtls_ssl_context ssl;
92     mbedtls_ssl_config conf;
93     mbedtls_x509_crt cacert;
94 
95 #if defined(MBEDTLS_DEBUG_C)
96     mbedtls_debug_set_threshold( DEBUG_LEVEL );
97 #endif
98 
99     /*
100      * 0. Initialize the RNG and the session data
101      */
102     mbedtls_net_init( &server_fd );
103     mbedtls_ssl_init( &ssl );
104     mbedtls_ssl_config_init( &conf );
105     mbedtls_x509_crt_init( &cacert );
106     mbedtls_ctr_drbg_init( &ctr_drbg );
107 
108     mbedtls_printf( "\n  . Seeding the random number generator..." );
109     fflush( stdout );
110 
111     mbedtls_entropy_init( &entropy );
112     if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
113                                (const unsigned char *) pers,
114                                strlen( pers ) ) ) != 0 )
115     {
116         mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
117         goto exit;
118     }
119 
120     mbedtls_printf( " ok\n" );
121 
122     /*
123      * 0. Initialize certificates
124      */
125     mbedtls_printf( "  . Loading the CA root certificate ..." );
126     fflush( stdout );
127 
128     ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
129                           mbedtls_test_cas_pem_len );
130     if( ret < 0 )
131     {
132         mbedtls_printf( " failed\n  !  mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
133         goto exit;
134     }
135 
136     mbedtls_printf( " ok (%d skipped)\n", ret );
137 
138     /*
139      * 1. Start the connection
140      */
141     mbedtls_printf( "  . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT );
142     fflush( stdout );
143 
144     if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,
145                                          SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
146     {
147         mbedtls_printf( " failed\n  ! mbedtls_net_connect returned %d\n\n", ret );
148         goto exit;
149     }
150 
151     mbedtls_printf( " ok\n" );
152 
153     /*
154      * 2. Setup stuff
155      */
156     mbedtls_printf( "  . Setting up the SSL/TLS structure..." );
157     fflush( stdout );
158 
159     if( ( ret = mbedtls_ssl_config_defaults( &conf,
160                     MBEDTLS_SSL_IS_CLIENT,
161                     MBEDTLS_SSL_TRANSPORT_STREAM,
162                     MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
163     {
164         mbedtls_printf( " failed\n  ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
165         goto exit;
166     }
167 
168     mbedtls_printf( " ok\n" );
169 
170     /* OPTIONAL is not optimal for security,
171      * but makes interop easier in this simplified example */
172     mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
173     mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
174     mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
175     mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
176 
177     if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
178     {
179         mbedtls_printf( " failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret );
180         goto exit;
181     }
182 
183     if( ( ret = mbedtls_ssl_set_hostname( &ssl, "mbed TLS Server 1" ) ) != 0 )
184     {
185         mbedtls_printf( " failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
186         goto exit;
187     }
188 
189     mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
190 
191     /*
192      * 4. Handshake
193      */
194     mbedtls_printf( "  . Performing the SSL/TLS handshake..." );
195     fflush( stdout );
196 
197     while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
198     {
199         if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
200         {
201             mbedtls_printf( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
202             goto exit;
203         }
204     }
205 
206     mbedtls_printf( " ok\n" );
207 
208     /*
209      * 5. Verify the server certificate
210      */
211     mbedtls_printf( "  . Verifying peer X.509 certificate..." );
212 
213     /* In real life, we probably want to bail out when ret != 0 */
214     if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
215     {
216         char vrfy_buf[512];
217 
218         mbedtls_printf( " failed\n" );
219 
220         mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), "  ! ", flags );
221 
222         mbedtls_printf( "%s\n", vrfy_buf );
223     }
224     else
225         mbedtls_printf( " ok\n" );
226 
227     /*
228      * 3. Write the GET request
229      */
230     mbedtls_printf( "  > Write to server:" );
231     fflush( stdout );
232 
233     len = sprintf( (char *) buf, GET_REQUEST );
234 
235     while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
236     {
237         if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
238         {
239             mbedtls_printf( " failed\n  ! mbedtls_ssl_write returned %d\n\n", ret );
240             goto exit;
241         }
242     }
243 
244     len = ret;
245     mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf );
246 
247     /*
248      * 7. Read the HTTP response
249      */
250     mbedtls_printf( "  < Read from server:" );
251     fflush( stdout );
252 
253     do
254     {
255         len = sizeof( buf ) - 1;
256         memset( buf, 0, sizeof( buf ) );
257         ret = mbedtls_ssl_read( &ssl, buf, len );
258 
259         if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
260             continue;
261 
262         if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
263             break;
264 
265         if( ret < 0 )
266         {
267             mbedtls_printf( "failed\n  ! mbedtls_ssl_read returned %d\n\n", ret );
268             break;
269         }
270 
271         if( ret == 0 )
272         {
273             mbedtls_printf( "\n\nEOF\n\n" );
274             break;
275         }
276 
277         len = ret;
278         mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
279     }
280     while( 1 );
281 
282     mbedtls_ssl_close_notify( &ssl );
283 
284 exit:
285 
286 #ifdef MBEDTLS_ERROR_C
287     if( ret != 0 )
288     {
289         char error_buf[100];
290         mbedtls_strerror( ret, error_buf, 100 );
291         mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
292     }
293 #endif
294 
295     mbedtls_net_free( &server_fd );
296 
297     mbedtls_x509_crt_free( &cacert );
298     mbedtls_ssl_free( &ssl );
299     mbedtls_ssl_config_free( &conf );
300     mbedtls_ctr_drbg_free( &ctr_drbg );
301     mbedtls_entropy_free( &entropy );
302 
303 #if defined(_WIN32)
304     mbedtls_printf( "  + Press Enter to exit this program.\n" );
305     fflush( stdout ); getchar();
306 #endif
307 
308     return( ret );
309 }
310 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
311           MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
312           MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C &&
313           MBEDTLS_X509_CRT_PARSE_C */
314