blob: 1c6fec280829327ffe09836a77efe8b496564d31 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +00001/*
2 * SSL server demonstration program
3 *
Paul Bakkercce9d772011-11-18 14:26:47 +00004 * Copyright (C) 2006-2011, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +00005 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +00008 *
Paul Bakker77b385e2009-07-28 17:23:11 +00009 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +000010 *
Paul Bakker5121ce52009-01-03 21:22:43 +000011 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
Paul Bakkercce9d772011-11-18 14:26:47 +000030#if defined(_WIN32)
Paul Bakker5121ce52009-01-03 21:22:43 +000031#include <windows.h>
32#endif
33
34#include <string.h>
35#include <stdlib.h>
36#include <stdio.h>
37
Paul Bakker5690efc2011-05-26 13:16:06 +000038#include "polarssl/config.h"
39
Paul Bakker40e46942009-01-03 21:51:57 +000040#include "polarssl/havege.h"
41#include "polarssl/certs.h"
42#include "polarssl/x509.h"
43#include "polarssl/ssl.h"
44#include "polarssl/net.h"
Paul Bakker5121ce52009-01-03 21:22:43 +000045
46#define HTTP_RESPONSE \
47 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
Paul Bakkereaca51d2010-08-16 12:00:14 +000048 "<h2>PolarSSL Test Server</h2>\r\n" \
49 "<p>Successful connection using: %s</p>\r\n"
Paul Bakker5121ce52009-01-03 21:22:43 +000050
51/*
52 * Computing a "safe" DH-1024 prime can take a very
53 * long time, so a precomputed value is provided below.
54 * You may run dh_genprime to generate a new value.
55 */
56char *my_dhm_P =
57 "E4004C1F94182000103D883A448B3F80" \
58 "2CE4B44A83301270002C20D0321CFD00" \
59 "11CCEF784C26A400F43DFB901BCA7538" \
60 "F2C6B176001CF5A0FD16D2C48B1D0C1C" \
61 "F6AC8E1DA6BCC3B4E1F96B0564965300" \
62 "FFA1D0B601EB2800F489AA512C4B248C" \
63 "01F76949A60BB7F00A40B1EAB64BDD48" \
64 "E8A700D60B7F1200FA8E77B0A979DABF";
65
66char *my_dhm_G = "4";
67
68/*
69 * Sorted by order of preference
70 */
Paul Bakkere3166ce2011-01-27 17:40:50 +000071int my_ciphersuites[] =
Paul Bakker5121ce52009-01-03 21:22:43 +000072{
73 SSL_EDH_RSA_AES_256_SHA,
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +000074 SSL_EDH_RSA_CAMELLIA_256_SHA,
Paul Bakker77a43582010-06-15 21:32:46 +000075 SSL_EDH_RSA_AES_128_SHA,
76 SSL_EDH_RSA_CAMELLIA_128_SHA,
Paul Bakker5121ce52009-01-03 21:22:43 +000077 SSL_EDH_RSA_DES_168_SHA,
78 SSL_RSA_AES_256_SHA,
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +000079 SSL_RSA_CAMELLIA_256_SHA,
Paul Bakker5121ce52009-01-03 21:22:43 +000080 SSL_RSA_AES_128_SHA,
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +000081 SSL_RSA_CAMELLIA_128_SHA,
Paul Bakker5121ce52009-01-03 21:22:43 +000082 SSL_RSA_DES_168_SHA,
83 SSL_RSA_RC4_128_SHA,
84 SSL_RSA_RC4_128_MD5,
85 0
86};
87
88#define DEBUG_LEVEL 0
89
Paul Bakkerff60ee62010-03-16 21:09:09 +000090void my_debug( void *ctx, int level, const char *str )
Paul Bakker5121ce52009-01-03 21:22:43 +000091{
92 if( level < DEBUG_LEVEL )
93 {
94 fprintf( (FILE *) ctx, "%s", str );
95 fflush( (FILE *) ctx );
96 }
97}
98
99/*
100 * These session callbacks use a simple chained list
101 * to store and retrieve the session information.
102 */
103ssl_session *s_list_1st = NULL;
104ssl_session *cur, *prv;
105
106static int my_get_session( ssl_context *ssl )
107{
108 time_t t = time( NULL );
109
110 if( ssl->resume == 0 )
111 return( 1 );
112
113 cur = s_list_1st;
114 prv = NULL;
115
116 while( cur != NULL )
117 {
118 prv = cur;
119 cur = cur->next;
120
Paul Bakkercce9d772011-11-18 14:26:47 +0000121 if( ssl->timeout != 0 && (int) ( t - prv->start ) > ssl->timeout )
Paul Bakker5121ce52009-01-03 21:22:43 +0000122 continue;
123
Paul Bakkere3166ce2011-01-27 17:40:50 +0000124 if( ssl->session->ciphersuite != prv->ciphersuite ||
Paul Bakker5121ce52009-01-03 21:22:43 +0000125 ssl->session->length != prv->length )
126 continue;
127
128 if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
129 continue;
130
131 memcpy( ssl->session->master, prv->master, 48 );
132 return( 0 );
133 }
134
135 return( 1 );
136}
137
138static int my_set_session( ssl_context *ssl )
139{
140 time_t t = time( NULL );
141
142 cur = s_list_1st;
143 prv = NULL;
144
145 while( cur != NULL )
146 {
Paul Bakkercce9d772011-11-18 14:26:47 +0000147 if( ssl->timeout != 0 && (int) ( t - cur->start ) > ssl->timeout )
Paul Bakker5121ce52009-01-03 21:22:43 +0000148 break; /* expired, reuse this slot */
149
150 if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
151 break; /* client reconnected */
152
153 prv = cur;
154 cur = cur->next;
155 }
156
157 if( cur == NULL )
158 {
159 cur = (ssl_session *) malloc( sizeof( ssl_session ) );
160 if( cur == NULL )
161 return( 1 );
162
163 if( prv == NULL )
164 s_list_1st = cur;
165 else prv->next = cur;
166 }
167
168 memcpy( cur, ssl->session, sizeof( ssl_session ) );
169
170 return( 0 );
171}
172
Paul Bakker5690efc2011-05-26 13:16:06 +0000173#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
174 !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_SSL_TLS_C) || \
175 !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
176 !defined(POLARSSL_RSA_C)
Paul Bakkercce9d772011-11-18 14:26:47 +0000177int main( int argc, char *argv[] )
Paul Bakker5690efc2011-05-26 13:16:06 +0000178{
Paul Bakkercce9d772011-11-18 14:26:47 +0000179 ((void) argc);
180 ((void) argv);
181
Paul Bakker5690efc2011-05-26 13:16:06 +0000182 printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_HAVEGE_C "
183 "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
184 "POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n");
185 return( 0 );
186}
187#else
Paul Bakkercce9d772011-11-18 14:26:47 +0000188int main( int argc, char *argv[] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000189{
190 int ret, len;
191 int listen_fd;
Paul Bakker7eb013f2011-10-06 12:37:39 +0000192 int client_fd = -1;
Paul Bakker5121ce52009-01-03 21:22:43 +0000193 unsigned char buf[1024];
194
195 havege_state hs;
196 ssl_context ssl;
197 ssl_session ssn;
198 x509_cert srvcert;
199 rsa_context rsa;
200
Paul Bakkercce9d772011-11-18 14:26:47 +0000201 ((void) argc);
202 ((void) argv);
203
Paul Bakker5121ce52009-01-03 21:22:43 +0000204 /*
205 * 1. Load the certificates and private RSA key
206 */
207 printf( "\n . Loading the server cert. and key..." );
208 fflush( stdout );
209
210 memset( &srvcert, 0, sizeof( x509_cert ) );
211
212 /*
213 * This demonstration program uses embedded test certificates.
214 * Instead, you may want to use x509parse_crtfile() to read the
215 * server and CA certificates, as well as x509parse_keyfile().
216 */
217 ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
218 strlen( test_srv_crt ) );
219 if( ret != 0 )
220 {
221 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
222 goto exit;
223 }
224
225 ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
226 strlen( test_ca_crt ) );
227 if( ret != 0 )
228 {
229 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
230 goto exit;
231 }
232
Paul Bakker91b41592011-05-05 12:01:31 +0000233 rsa_init( &rsa, RSA_PKCS_V15, 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000234 ret = x509parse_key( &rsa, (unsigned char *) test_srv_key,
235 strlen( test_srv_key ), NULL, 0 );
236 if( ret != 0 )
237 {
238 printf( " failed\n ! x509parse_key returned %d\n\n", ret );
239 goto exit;
240 }
241
242 printf( " ok\n" );
243
244 /*
245 * 2. Setup the listening TCP socket
246 */
247 printf( " . Bind on https://localhost:4433/ ..." );
248 fflush( stdout );
249
250 if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
251 {
252 printf( " failed\n ! net_bind returned %d\n\n", ret );
253 goto exit;
254 }
255
256 printf( " ok\n" );
257
258 /*
Paul Bakker5121ce52009-01-03 21:22:43 +0000259 * 4. Setup stuff
260 */
261 printf( " . Setting up the RNG and SSL data...." );
262 fflush( stdout );
263
Paul Bakker7eb013f2011-10-06 12:37:39 +0000264 memset( &ssl, 0, sizeof( ssl ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000265 havege_init( &hs );
266
267 if( ( ret = ssl_init( &ssl ) ) != 0 )
268 {
269 printf( " failed\n ! ssl_init returned %d\n\n", ret );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000270 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000271 }
272
Paul Bakker5121ce52009-01-03 21:22:43 +0000273 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
274 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
275
276 ssl_set_rng( &ssl, havege_rand, &hs );
277 ssl_set_dbg( &ssl, my_debug, stdout );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000278
Paul Bakker5121ce52009-01-03 21:22:43 +0000279 ssl_set_scb( &ssl, my_get_session,
280 my_set_session );
281
Paul Bakkere3166ce2011-01-27 17:40:50 +0000282 ssl_set_ciphersuites( &ssl, my_ciphersuites );
Paul Bakker5121ce52009-01-03 21:22:43 +0000283 ssl_set_session( &ssl, 1, 0, &ssn );
284
285 memset( &ssn, 0, sizeof( ssl_session ) );
286
Paul Bakker40ea7de2009-05-03 10:18:48 +0000287 ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
Paul Bakker5121ce52009-01-03 21:22:43 +0000288 ssl_set_own_cert( &ssl, &srvcert, &rsa );
289 ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
290
Paul Bakker7eb013f2011-10-06 12:37:39 +0000291 printf( " ok\n" );
292
293reset:
294 if( client_fd != -1 )
295 net_close( client_fd );
296
297 ssl_session_reset( &ssl );
298
299 /*
300 * 3. Wait until a client connects
301 */
Paul Bakkercce9d772011-11-18 14:26:47 +0000302#if defined(_WIN32_WCE)
303 {
304 SHELLEXECUTEINFO sei;
305
306 ZeroMemory( &sei, sizeof( SHELLEXECUTEINFO ) );
307
308 sei.cbSize = sizeof( SHELLEXECUTEINFO );
309 sei.fMask = 0;
310 sei.hwnd = 0;
311 sei.lpVerb = _T( "open" );
312 sei.lpFile = _T( "https://localhost:4433/" );
313 sei.lpParameters = NULL;
314 sei.lpDirectory = NULL;
315 sei.nShow = SW_SHOWNORMAL;
316
317 ShellExecuteEx( &sei );
318 }
319#elif defined(_WIN32)
Paul Bakker7eb013f2011-10-06 12:37:39 +0000320 ShellExecute( NULL, "open", "https://localhost:4433/",
321 NULL, NULL, SW_SHOWNORMAL );
322#endif
323
324 client_fd = -1;
325
326 printf( " . Waiting for a remote connection ..." );
327 fflush( stdout );
328
329 if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
330 {
331 printf( " failed\n ! net_accept returned %d\n\n", ret );
332 goto exit;
333 }
334
335 ssl_set_bio( &ssl, net_recv, &client_fd,
336 net_send, &client_fd );
337
338 printf( " ok\n" );
339
Paul Bakker5121ce52009-01-03 21:22:43 +0000340 /*
341 * 5. Handshake
342 */
343 printf( " . Performing the SSL/TLS handshake..." );
344 fflush( stdout );
345
346 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
347 {
Paul Bakker831a7552011-05-18 13:32:51 +0000348 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000349 {
350 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000351 goto reset;
Paul Bakker5121ce52009-01-03 21:22:43 +0000352 }
353 }
354
355 printf( " ok\n" );
356
357 /*
358 * 6. Read the HTTP Request
359 */
360 printf( " < Read from client:" );
361 fflush( stdout );
362
363 do
364 {
365 len = sizeof( buf ) - 1;
366 memset( buf, 0, sizeof( buf ) );
367 ret = ssl_read( &ssl, buf, len );
368
Paul Bakker831a7552011-05-18 13:32:51 +0000369 if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000370 continue;
371
372 if( ret <= 0 )
373 {
374 switch( ret )
375 {
Paul Bakker40e46942009-01-03 21:51:57 +0000376 case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
Paul Bakker5121ce52009-01-03 21:22:43 +0000377 printf( " connection was closed gracefully\n" );
378 break;
379
Paul Bakker40e46942009-01-03 21:51:57 +0000380 case POLARSSL_ERR_NET_CONN_RESET:
Paul Bakker5121ce52009-01-03 21:22:43 +0000381 printf( " connection was reset by peer\n" );
382 break;
383
384 default:
385 printf( " ssl_read returned %d\n", ret );
386 break;
387 }
388
389 break;
390 }
391
392 len = ret;
393 printf( " %d bytes read\n\n%s", len, (char *) buf );
394 }
395 while( 0 );
396
397 /*
398 * 7. Write the 200 Response
399 */
400 printf( " > Write to client:" );
401 fflush( stdout );
402
403 len = sprintf( (char *) buf, HTTP_RESPONSE,
Paul Bakkere3166ce2011-01-27 17:40:50 +0000404 ssl_get_ciphersuite( &ssl ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000405
406 while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
407 {
Paul Bakker40e46942009-01-03 21:51:57 +0000408 if( ret == POLARSSL_ERR_NET_CONN_RESET )
Paul Bakker5121ce52009-01-03 21:22:43 +0000409 {
410 printf( " failed\n ! peer closed the connection\n\n" );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000411 goto reset;
Paul Bakker5121ce52009-01-03 21:22:43 +0000412 }
413
Paul Bakker831a7552011-05-18 13:32:51 +0000414 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000415 {
416 printf( " failed\n ! ssl_write returned %d\n\n", ret );
417 goto exit;
418 }
419 }
420
421 len = ret;
422 printf( " %d bytes written\n\n%s\n", len, (char *) buf );
423
424 ssl_close_notify( &ssl );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000425 goto reset;
Paul Bakker5121ce52009-01-03 21:22:43 +0000426
427exit:
428
429 net_close( client_fd );
430 x509_free( &srvcert );
431 rsa_free( &rsa );
432 ssl_free( &ssl );
433
434 cur = s_list_1st;
435 while( cur != NULL )
436 {
437 prv = cur;
438 cur = cur->next;
439 memset( prv, 0, sizeof( ssl_session ) );
440 free( prv );
441 }
442
443 memset( &ssl, 0, sizeof( ssl_context ) );
444
Paul Bakkercce9d772011-11-18 14:26:47 +0000445#if defined(_WIN32)
Paul Bakker5121ce52009-01-03 21:22:43 +0000446 printf( " Press Enter to exit this program.\n" );
447 fflush( stdout ); getchar();
448#endif
449
450 return( ret );
451}
Paul Bakker5690efc2011-05-26 13:16:06 +0000452#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_HAVEGE_C &&
453 POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
454 POLARSSL_RSA_C */