TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 48916f9b670999e53f73f2c6085128ade47eafd8 / . / programs / x509 / cert_app.c
blob: 18c23b28d3cb95d9d466594b58f7293af113ef9d [file] [log] [blame]
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]1/*
2 * Certificate reading application
3 *
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]4 * Copyright (C) 2006-2011, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]9 * All rights reserved.
10 *
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
30#include <string.h>
31#include <stdlib.h>
32#include <stdio.h>
33
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]34#include "polarssl/config.h"
35
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]36#include "polarssl/entropy.h"
37#include "polarssl/ctr_drbg.h"
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]38#include "polarssl/net.h"
39#include "polarssl/ssl.h"
40#include "polarssl/x509.h"
41
42#define MODE_NONE 0
43#define MODE_FILE 1
44#define MODE_SSL 2
45
46#define DFL_MODE MODE_NONE
47#define DFL_FILENAME "cert.crt"
48#define DFL_SERVER_NAME "localhost"
49#define DFL_SERVER_PORT 4433
50#define DFL_DEBUG_LEVEL 0
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]51#define DFL_PERMISSIVE 0
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]52
53/*
54 * global options
55 */
56struct options
57{
58 int mode; /* the mode to run the application in */
59 char *filename; /* filename of the certificate file */
60 char *server_name; /* hostname of the server (client only) */
61 int server_port; /* port on which the ssl service runs */
62 int debug_level; /* level of debugging */
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]63 int permissive; /* permissive parsing */
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]64} opt;
65
66void my_debug( void *ctx, int level, const char *str )
67{
68 if( level < opt.debug_level )
69 {
70 fprintf( (FILE *) ctx, "%s", str );
71 fflush( (FILE *) ctx );
72 }
73}
74
75#define USAGE \
76 "\n usage: cert_app param=<>...\n" \
77 "\n acceptable parameters:\n" \
78 " mode=file|ssl default: none\n" \
79 " filename=%%s default: cert.crt\n" \
80 " server_name=%%s default: localhost\n" \
81 " server_port=%%d default: 4433\n" \
82 " debug_level=%%d default: 0 (disabled)\n" \
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]83 " permissive=%%d default: 0 (disabled)\n" \
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]84 "\n"
85
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]86#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]87 !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
88 !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]89 !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) || \
90 !defined(POLARSSL_CTR_DRBG_C)
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]91int main( int argc, char *argv[] )
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]92{
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]93 ((void) argc);
94 ((void) argv);
95
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]96 printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]97 "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
98 "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]99 "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO and/or "
100 "POLARSSL_CTR_DRBG_C not defined.\n");
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]101 return( 0 );
102}
103#else
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]104int main( int argc, char *argv[] )
105{
106 int ret = 0, server_fd;
107 unsigned char buf[1024];
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]108 entropy_context entropy;
109 ctr_drbg_context ctr_drbg;
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]110 ssl_context ssl;
111 ssl_session ssn;
112 x509_cert clicert;
113 rsa_context rsa;
114 int i, j, n;
115 char *p, *q;
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]116 char *pers = "cert_app";
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]117
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]118 /*
119 * Set to sane values
120 */
121 server_fd = 0;
122 memset( &ssl, 0, sizeof( ssl_context ) );
123 memset( &ssn, 0, sizeof( ssl_session ) );
124 memset( &clicert, 0, sizeof( x509_cert ) );
125 memset( &rsa, 0, sizeof( rsa_context ) );
126
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]127 if( argc == 0 )
128 {
129 usage:
130 printf( USAGE );
131 goto exit;
132 }
133
134 opt.mode = DFL_MODE;
135 opt.filename = DFL_FILENAME;
136 opt.server_name = DFL_SERVER_NAME;
137 opt.server_port = DFL_SERVER_PORT;
138 opt.debug_level = DFL_DEBUG_LEVEL;
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]139 opt.permissive = DFL_PERMISSIVE;
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]140
141 for( i = 1; i < argc; i++ )
142 {
143 n = strlen( argv[i] );
144
145 for( j = 0; j < n; j++ )
146 {
147 if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
148 argv[i][j] |= 0x20;
149 }
150
151 p = argv[i];
152 if( ( q = strchr( p, '=' ) ) == NULL )
153 goto usage;
154 *q++ = '\0';
155
156 if( strcmp( p, "mode" ) == 0 )
157 {
158 if( strcmp( q, "file" ) == 0 )
159 opt.mode = MODE_FILE;
160 else if( strcmp( q, "ssl" ) == 0 )
161 opt.mode = MODE_SSL;
162 else
163 goto usage;
164 }
165 else if( strcmp( p, "filename" ) == 0 )
166 opt.filename = q;
167 else if( strcmp( p, "server_name" ) == 0 )
168 opt.server_name = q;
169 else if( strcmp( p, "server_port" ) == 0 )
170 {
171 opt.server_port = atoi( q );
172 if( opt.server_port < 1 || opt.server_port > 65535 )
173 goto usage;
174 }
175 else if( strcmp( p, "debug_level" ) == 0 )
176 {
177 opt.debug_level = atoi( q );
178 if( opt.debug_level < 0 || opt.debug_level > 65535 )
179 goto usage;
180 }
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]181 else if( strcmp( p, "permissive" ) == 0 )
182 {
183 opt.permissive = atoi( q );
184 if( opt.permissive < 0 || opt.permissive > 1 )
185 goto usage;
186 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]187 else
188 goto usage;
189 }
190
191 if( opt.mode == MODE_FILE )
192 {
193 x509_cert crt;
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]194 x509_cert *cur = &crt;
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]195 memset( &crt, 0, sizeof( x509_cert ) );
196
197 /*
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]198 * 1.1. Load the certificate(s)
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]199 */
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]200 printf( "\n . Loading the certificate(s) ..." );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]201 fflush( stdout );
202
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]203 ret = x509parse_crtfile( &crt, opt.filename );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]204
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]205 if( ret < 0 )
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]206 {
207 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
208 x509_free( &crt );
209 goto exit;
210 }
211
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]212 if( opt.permissive == 0 && ret > 0 )
213 {
214 printf( " failed\n ! x509parse_crt failed to parse %d certificates\n\n", ret );
215 x509_free( &crt );
216 goto exit;
217 }
218
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]219 printf( " ok\n" );
220
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]221
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]222 /*
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]223 * 1.2 Print the certificate(s)
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]224 */
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]225 while( cur != NULL )
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]226 {
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]227 printf( " . Peer certificate information ...\n" );
Paul Bakker5c356d62011-11-25 13:17:45 +0000[diff] [blame]228 ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", cur );
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]229 if( ret == -1 )
230 {
231 printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
232 x509_free( &crt );
233 goto exit;
234 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]235
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]236 printf( "%s\n", buf );
237
238 cur = cur->next;
239 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]240
241 x509_free( &crt );
242 }
243 else if( opt.mode == MODE_SSL )
244 {
245 /*
246 * 1. Initialize the RNG and the session data
247 */
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]248 printf( "\n . Seeding the random number generator..." );
249 fflush( stdout );
250
251 entropy_init( &entropy );
252 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
253 (unsigned char *) pers, strlen( pers ) ) ) != 0 )
254 {
255 printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
256 goto exit;
257 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]258
259 /*
260 * 2. Start the connection
261 */
262 printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name,
263 opt.server_port );
264 fflush( stdout );
265
266 if( ( ret = net_connect( &server_fd, opt.server_name,
267 opt.server_port ) ) != 0 )
268 {
269 printf( " failed\n ! net_connect returned %d\n\n", ret );
270 goto exit;
271 }
272
273 /*
274 * 3. Setup stuff
275 */
276 if( ( ret = ssl_init( &ssl ) ) != 0 )
277 {
278 printf( " failed\n ! ssl_init returned %d\n\n", ret );
279 goto exit;
280 }
281
282 ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
283 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
284
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]285 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]286 ssl_set_dbg( &ssl, my_debug, stdout );
287 ssl_set_bio( &ssl, net_recv, &server_fd,
288 net_send, &server_fd );
289
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]290 ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]291 ssl_set_session( &ssl, 1, 600, &ssn );
292
293 ssl_set_own_cert( &ssl, &clicert, &rsa );
294
295 ssl_set_hostname( &ssl, opt.server_name );
296
297 /*
298 * 4. Handshake
299 */
300 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
301 {
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]302 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]303 {
304 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
305 goto exit;
306 }
307 }
308
309 printf( " ok\n" );
310
311 /*
312 * 5. Print the certificate
313 */
314 printf( " . Peer certificate information ...\n" );
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame^]315 ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
316 ssl.session->peer_cert );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]317 if( ret == -1 )
318 {
319 printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
320 goto exit;
321 }
322
323 printf( "%s\n", buf );
324
325 ssl_close_notify( &ssl );
326 }
327 else
328 goto usage;
329
330exit:
331
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]332 if( server_fd )
333 net_close( server_fd );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]334 x509_free( &clicert );
335 rsa_free( &rsa );
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame^]336 ssl_session_free( &ssn );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]337 ssl_free( &ssl );
338
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]339#if defined(_WIN32)
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]340 printf( " + Press Enter to exit this program.\n" );
341 fflush( stdout ); getchar();
342#endif
343
344 return( ret );
345}
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]346#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]347 POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]348 POLARSSL_X509_PARSE_C && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */