TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / e4d4890350f9ce4dd6eecf860dcbb45598334bf3 / . / programs / ssl / dtls_server.c
blob: 48b6c92b079311f887f229277e5547202c320020 [file] [log] [blame]
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]1/*
2 * Simple DTLS server demonstration program
3 *
4 * Copyright (C) 2014, Brainspark B.V.
5 *
Manuel Pégourié-Gonnarde4d48902015-03-06 13:40:52 +0000[diff] [blame^]6 * This file is part of mbed TLS (https://tls.mbed.org)
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
23#if !defined(POLARSSL_CONFIG_FILE)
24#include "polarssl/config.h"
25#else
26#include POLARSSL_CONFIG_FILE
27#endif
28
Manuel Pégourié-Gonnardf2246782015-01-29 13:29:20 +0000[diff] [blame]29#if defined(POLARSSL_PLATFORM_C)
30#include "polarssl/platform.h"
31#else
32#define polarssl_printf printf
33#define polarssl_fprintf fprintf
34#endif
35
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]36#if !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_SSL_PROTO_DTLS) || \
37 !defined(POLARSSL_SSL_COOKIE_C) || !defined(POLARSSL_NET_C) || \
38 !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \
39 !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_RSA_C) || \
40 !defined(POLARSSL_CERTS_C)
41
42#include <stdio.h>
43int main( void )
44{
45 printf( "POLARSSL_SSL_SRV_C and/or POLARSSL_SSL_PROTO_DTLS and/or "
46 "POLARSSL_SSL_COOKIE_C and/or POLARSSL_NET_C and/or "
47 "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C and/or "
48 "POLARSSL_X509_CRT_PARSE_C and/or POLARSSL_RSA_C and/or "
49 "POLARSSL_CERTS_C not defined.\n" );
50 return( 0 );
51}
52#else
53
54#if defined(_WIN32)
55#include <windows.h>
56#endif
57
58#include <string.h>
59#include <stdlib.h>
60#include <stdio.h>
61
62#include "polarssl/entropy.h"
63#include "polarssl/ctr_drbg.h"
64#include "polarssl/certs.h"
65#include "polarssl/x509.h"
66#include "polarssl/ssl.h"
67#include "polarssl/ssl_cookie.h"
68#include "polarssl/net.h"
69#include "polarssl/error.h"
70#include "polarssl/debug.h"
71
72#if defined(POLARSSL_SSL_CACHE_C)
73#include "polarssl/ssl_cache.h"
74#endif
75
76#define READ_TIMEOUT_MS 10000 /* 5 seconds */
77#define DEBUG_LEVEL 0
78
79static void my_debug( void *ctx, int level, const char *str )
80{
81 ((void) level);
82
Manuel Pégourié-Gonnardf2246782015-01-29 13:29:20 +0000[diff] [blame]83 polarssl_fprintf( (FILE *) ctx, "%s", str );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]84 fflush( (FILE *) ctx );
85}
86
87int main( void )
88{
89 int ret, len;
90 int listen_fd;
91 int client_fd = -1;
92 unsigned char buf[1024];
93 const char *pers = "dtls_server";
94 unsigned char client_ip[16] = { 0 };
95 ssl_cookie_ctx cookie_ctx;
96
97 entropy_context entropy;
98 ctr_drbg_context ctr_drbg;
99 ssl_context ssl;
100 x509_crt srvcert;
101 pk_context pkey;
102#if defined(POLARSSL_SSL_CACHE_C)
103 ssl_cache_context cache;
104#endif
105
106 memset( &ssl, 0, sizeof(ssl_context) );
107 ssl_cookie_init( &cookie_ctx );
108#if defined(POLARSSL_SSL_CACHE_C)
109 ssl_cache_init( &cache );
110#endif
111 x509_crt_init( &srvcert );
112 pk_init( &pkey );
113 entropy_init( &entropy );
114
115#if defined(POLARSSL_DEBUG_C)
116 debug_set_threshold( DEBUG_LEVEL );
117#endif
118
119 /*
120 * 1. Load the certificates and private RSA key
121 */
122 printf( "\n . Loading the server cert. and key..." );
123 fflush( stdout );
124
125 /*
126 * This demonstration program uses embedded test certificates.
127 * Instead, you may want to use x509_crt_parse_file() to read the
128 * server and CA certificates, as well as pk_parse_keyfile().
129 */
130 ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
131 strlen( test_srv_crt ) );
132 if( ret != 0 )
133 {
134 printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
135 goto exit;
136 }
137
138 ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
139 strlen( test_ca_list ) );
140 if( ret != 0 )
141 {
142 printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
143 goto exit;
144 }
145
146 ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
147 strlen( test_srv_key ), NULL, 0 );
148 if( ret != 0 )
149 {
150 printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
151 goto exit;
152 }
153
154 printf( " ok\n" );
155
156 /*
157 * 2. Setup the "listening" UDP socket
158 */
159 printf( " . Bind on udp/*/4433 ..." );
160 fflush( stdout );
161
162 if( ( ret = net_bind( &listen_fd, NULL, 4433, NET_PROTO_UDP ) ) != 0 )
163 {
164 printf( " failed\n ! net_bind returned %d\n\n", ret );
165 goto exit;
166 }
167
168 printf( " ok\n" );
169
170 /*
171 * 3. Seed the RNG
172 */
173 printf( " . Seeding the random number generator..." );
174 fflush( stdout );
175
176 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
177 (const unsigned char *) pers,
178 strlen( pers ) ) ) != 0 )
179 {
180 printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
181 goto exit;
182 }
183
184 printf( " ok\n" );
185
186 /*
187 * 4. Setup stuff
188 */
189 printf( " . Setting up the DTLS data..." );
190 fflush( stdout );
191
192 if( ( ret = ssl_init( &ssl ) ) != 0 )
193 {
194 printf( " failed\n ! ssl_init returned %d\n\n", ret );
195 goto exit;
196 }
197
198 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
199 ssl_set_transport( &ssl, SSL_TRANSPORT_DATAGRAM );
200 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
201
202 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
203 ssl_set_dbg( &ssl, my_debug, stdout );
204
205#if defined(POLARSSL_SSL_CACHE_C)
206 ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
207 ssl_cache_set, &cache );
208#endif
209
210 ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
211 if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
212 {
213 printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
214 goto exit;
215 }
216
217 if( ( ret = ssl_cookie_setup( &cookie_ctx,
218 ctr_drbg_random, &ctr_drbg ) ) != 0 )
219 {
220 printf( " failed\n ! ssl_cookie_setup returned %d\n\n", ret );
221 goto exit;
222 }
223
224 ssl_set_dtls_cookies( &ssl, ssl_cookie_write, ssl_cookie_check,
225 &cookie_ctx );
226
227 printf( " ok\n" );
228
229reset:
230#ifdef POLARSSL_ERROR_C
231 if( ret != 0 )
232 {
233 char error_buf[100];
234 polarssl_strerror( ret, error_buf, 100 );
235 printf("Last error was: %d - %s\n\n", ret, error_buf );
236 }
237#endif
238
239 if( client_fd != -1 )
240 net_close( client_fd );
241
242 ssl_session_reset( &ssl );
243
244 /*
245 * 3. Wait until a client connects
246 */
247 client_fd = -1;
248
249 printf( " . Waiting for a remote connection ..." );
250 fflush( stdout );
251
252 if( ( ret = net_accept( listen_fd, &client_fd, client_ip ) ) != 0 )
253 {
254 printf( " failed\n ! net_accept returned %d\n\n", ret );
255 goto exit;
256 }
257
258 /* With UDP, bind_fd is hijacked by client_fd, so bind a new one */
259 if( ( ret = net_bind( &listen_fd, NULL, 4433, NET_PROTO_UDP ) ) != 0 )
260 {
261 printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
262 goto exit;
263 }
264
265 /* For HelloVerifyRequest cookies */
266 if( ( ret = ssl_set_client_transport_id( &ssl, client_ip,
267 sizeof( client_ip ) ) ) != 0 )
268 {
269 printf( " failed\n ! "
270 "ssl_set_client_tranport_id() returned -0x%x\n\n", -ret );
271 goto exit;
272 }
273
274 ssl_set_bio_timeout( &ssl, &client_fd,
275 net_send, net_recv, net_recv_timeout,
276 READ_TIMEOUT_MS );
277
278 printf( " ok\n" );
279
280 /*
281 * 5. Handshake
282 */
283 printf( " . Performing the DTLS handshake..." );
284 fflush( stdout );
285
286 do ret = ssl_handshake( &ssl );
287 while( ret == POLARSSL_ERR_NET_WANT_READ ||
288 ret == POLARSSL_ERR_NET_WANT_WRITE );
289
290 if( ret == POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED )
291 {
292 printf( " hello verification requested\n" );
293 ret = 0;
294 goto reset;
295 }
296 else if( ret != 0 )
297 {
298 printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
299 goto reset;
300 }
301
302 printf( " ok\n" );
303
304 /*
305 * 6. Read the echo Request
306 */
307 printf( " < Read from client:" );
308 fflush( stdout );
309
310 len = sizeof( buf ) - 1;
311 memset( buf, 0, sizeof( buf ) );
312
313 do ret = ssl_read( &ssl, buf, len );
314 while( ret == POLARSSL_ERR_NET_WANT_READ ||
315 ret == POLARSSL_ERR_NET_WANT_WRITE );
316
317 if( ret <= 0 )
318 {
319 switch( ret )
320 {
321 case POLARSSL_ERR_NET_TIMEOUT:
322 printf( " timeout\n\n" );
323 goto reset;
324
325 case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
326 printf( " connection was closed gracefully\n" );
327 ret = 0;
328 goto close_notify;
329
330 default:
331 printf( " ssl_read returned -0x%x\n\n", -ret );
332 goto reset;
333 }
334 }
335
336 len = ret;
337 printf( " %d bytes read\n\n%s\n\n", len, buf );
338
339 /*
340 * 7. Write the 200 Response
341 */
342 printf( " > Write to client:" );
343 fflush( stdout );
344
345 do ret = ssl_write( &ssl, buf, len );
346 while( ret == POLARSSL_ERR_NET_WANT_READ ||
347 ret == POLARSSL_ERR_NET_WANT_WRITE );
348
349 if( ret < 0 )
350 {
351 printf( " failed\n ! ssl_write returned %d\n\n", ret );
352 goto exit;
353 }
354
355 len = ret;
356 printf( " %d bytes written\n\n%s\n\n", len, buf );
357
358 /*
359 * 8. Done, cleanly close the connection
360 */
361close_notify:
362 printf( " . Closing the connection..." );
363
364 /* No error checking, the connection might be closed already */
365 do ret = ssl_close_notify( &ssl );
366 while( ret == POLARSSL_ERR_NET_WANT_WRITE );
367 ret = 0;
368
369 printf( " done\n" );
370
371 goto reset;
372
373 /*
374 * Final clean-ups and exit
375 */
376exit:
377
378#ifdef POLARSSL_ERROR_C
379 if( ret != 0 )
380 {
381 char error_buf[100];
382 polarssl_strerror( ret, error_buf, 100 );
383 printf( "Last error was: %d - %s\n\n", ret, error_buf );
384 }
385#endif
386
387 if( client_fd != -1 )
388 net_close( client_fd );
389
390 x509_crt_free( &srvcert );
391 pk_free( &pkey );
392 ssl_free( &ssl );
393 ssl_cookie_free( &cookie_ctx );
394#if defined(POLARSSL_SSL_CACHE_C)
395 ssl_cache_free( &cache );
396#endif
397 ctr_drbg_free( &ctr_drbg );
398 entropy_free( &entropy );
399
400#if defined(_WIN32)
401 printf( " Press Enter to exit this program.\n" );
402 fflush( stdout ); getchar();
403#endif
404
405 /* Shell can not handle large exit numbers -> 1 for errors */
406 if( ret < 0 )
407 ret = 1;
408
409 return( ret );
410}
411#endif /* POLARSSL_SSL_SRV_C && POLARSSL_SSL_PROTO_DTLS &&
412 POLARSSL_SSL_COOKIE_C && POLARSSL_NET_C && POLARSSL_ENTROPY_C &&
413 POLARSSL_CTR_DRBG_C && POLARSSL_X509_CRT_PARSE_C && POLARSSL_RSA_C
414 && POLARSSL_CERTS_C */