TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9a73632fd9f4e08047b88230c24aa2133c8f880e / . / programs / x509 / cert_app.c
blob: 2fb0c854e2ac9b3521ac9c41f3cd70fe31e766d4 [file] [log] [blame]
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]1/*
2 * Certificate reading application
3 *
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]4 * Copyright (C) 2006-2011, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]9 * All rights reserved.
10 *
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
30#include <string.h>
31#include <stdlib.h>
32#include <stdio.h>
33
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]34#include "polarssl/config.h"
35
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]36#include "polarssl/entropy.h"
37#include "polarssl/ctr_drbg.h"
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]38#include "polarssl/net.h"
39#include "polarssl/ssl.h"
40#include "polarssl/x509.h"
41
42#define MODE_NONE 0
43#define MODE_FILE 1
44#define MODE_SSL 2
45
46#define DFL_MODE MODE_NONE
47#define DFL_FILENAME "cert.crt"
48#define DFL_SERVER_NAME "localhost"
49#define DFL_SERVER_PORT 4433
50#define DFL_DEBUG_LEVEL 0
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]51#define DFL_PERMISSIVE 0
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]52
53/*
54 * global options
55 */
56struct options
57{
58 int mode; /* the mode to run the application in */
59 char *filename; /* filename of the certificate file */
60 char *server_name; /* hostname of the server (client only) */
61 int server_port; /* port on which the ssl service runs */
62 int debug_level; /* level of debugging */
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]63 int permissive; /* permissive parsing */
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]64} opt;
65
66void my_debug( void *ctx, int level, const char *str )
67{
68 if( level < opt.debug_level )
69 {
70 fprintf( (FILE *) ctx, "%s", str );
71 fflush( (FILE *) ctx );
72 }
73}
74
75#define USAGE \
76 "\n usage: cert_app param=<>...\n" \
77 "\n acceptable parameters:\n" \
78 " mode=file|ssl default: none\n" \
79 " filename=%%s default: cert.crt\n" \
80 " server_name=%%s default: localhost\n" \
81 " server_port=%%d default: 4433\n" \
82 " debug_level=%%d default: 0 (disabled)\n" \
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]83 " permissive=%%d default: 0 (disabled)\n" \
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]84 "\n"
85
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]86#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]87 !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
88 !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]89 !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) || \
90 !defined(POLARSSL_CTR_DRBG_C)
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]91int main( int argc, char *argv[] )
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]92{
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]93 ((void) argc);
94 ((void) argv);
95
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]96 printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]97 "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
98 "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]99 "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO and/or "
100 "POLARSSL_CTR_DRBG_C not defined.\n");
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]101 return( 0 );
102}
103#else
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]104int main( int argc, char *argv[] )
105{
106 int ret = 0, server_fd;
107 unsigned char buf[1024];
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]108 entropy_context entropy;
109 ctr_drbg_context ctr_drbg;
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]110 ssl_context ssl;
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]111 x509_cert clicert;
112 rsa_context rsa;
113 int i, j, n;
114 char *p, *q;
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]115 char *pers = "cert_app";
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]116
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]117 /*
118 * Set to sane values
119 */
120 server_fd = 0;
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]121 memset( &clicert, 0, sizeof( x509_cert ) );
122 memset( &rsa, 0, sizeof( rsa_context ) );
123
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]124 if( argc == 0 )
125 {
126 usage:
127 printf( USAGE );
128 goto exit;
129 }
130
131 opt.mode = DFL_MODE;
132 opt.filename = DFL_FILENAME;
133 opt.server_name = DFL_SERVER_NAME;
134 opt.server_port = DFL_SERVER_PORT;
135 opt.debug_level = DFL_DEBUG_LEVEL;
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]136 opt.permissive = DFL_PERMISSIVE;
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]137
138 for( i = 1; i < argc; i++ )
139 {
140 n = strlen( argv[i] );
141
142 for( j = 0; j < n; j++ )
143 {
144 if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
145 argv[i][j] |= 0x20;
146 }
147
148 p = argv[i];
149 if( ( q = strchr( p, '=' ) ) == NULL )
150 goto usage;
151 *q++ = '\0';
152
153 if( strcmp( p, "mode" ) == 0 )
154 {
155 if( strcmp( q, "file" ) == 0 )
156 opt.mode = MODE_FILE;
157 else if( strcmp( q, "ssl" ) == 0 )
158 opt.mode = MODE_SSL;
159 else
160 goto usage;
161 }
162 else if( strcmp( p, "filename" ) == 0 )
163 opt.filename = q;
164 else if( strcmp( p, "server_name" ) == 0 )
165 opt.server_name = q;
166 else if( strcmp( p, "server_port" ) == 0 )
167 {
168 opt.server_port = atoi( q );
169 if( opt.server_port < 1 || opt.server_port > 65535 )
170 goto usage;
171 }
172 else if( strcmp( p, "debug_level" ) == 0 )
173 {
174 opt.debug_level = atoi( q );
175 if( opt.debug_level < 0 || opt.debug_level > 65535 )
176 goto usage;
177 }
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]178 else if( strcmp( p, "permissive" ) == 0 )
179 {
180 opt.permissive = atoi( q );
181 if( opt.permissive < 0 || opt.permissive > 1 )
182 goto usage;
183 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]184 else
185 goto usage;
186 }
187
188 if( opt.mode == MODE_FILE )
189 {
190 x509_cert crt;
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]191 x509_cert *cur = &crt;
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]192 memset( &crt, 0, sizeof( x509_cert ) );
193
194 /*
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]195 * 1.1. Load the certificate(s)
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]196 */
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]197 printf( "\n . Loading the certificate(s) ..." );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]198 fflush( stdout );
199
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]200 ret = x509parse_crtfile( &crt, opt.filename );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]201
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]202 if( ret < 0 )
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]203 {
204 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
205 x509_free( &crt );
206 goto exit;
207 }
208
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]209 if( opt.permissive == 0 && ret > 0 )
210 {
211 printf( " failed\n ! x509parse_crt failed to parse %d certificates\n\n", ret );
212 x509_free( &crt );
213 goto exit;
214 }
215
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]216 printf( " ok\n" );
217
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]218
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]219 /*
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]220 * 1.2 Print the certificate(s)
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]221 */
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]222 while( cur != NULL )
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]223 {
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]224 printf( " . Peer certificate information ...\n" );
Paul Bakker5c356d62011-11-25 13:17:45 +0000[diff] [blame]225 ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", cur );
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]226 if( ret == -1 )
227 {
228 printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
229 x509_free( &crt );
230 goto exit;
231 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]232
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]233 printf( "%s\n", buf );
234
235 cur = cur->next;
236 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]237
238 x509_free( &crt );
239 }
240 else if( opt.mode == MODE_SSL )
241 {
242 /*
243 * 1. Initialize the RNG and the session data
244 */
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]245 printf( "\n . Seeding the random number generator..." );
246 fflush( stdout );
247
248 entropy_init( &entropy );
249 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
250 (unsigned char *) pers, strlen( pers ) ) ) != 0 )
251 {
252 printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
253 goto exit;
254 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]255
256 /*
257 * 2. Start the connection
258 */
259 printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name,
260 opt.server_port );
261 fflush( stdout );
262
263 if( ( ret = net_connect( &server_fd, opt.server_name,
264 opt.server_port ) ) != 0 )
265 {
266 printf( " failed\n ! net_connect returned %d\n\n", ret );
267 goto exit;
268 }
269
270 /*
271 * 3. Setup stuff
272 */
273 if( ( ret = ssl_init( &ssl ) ) != 0 )
274 {
275 printf( " failed\n ! ssl_init returned %d\n\n", ret );
276 goto exit;
277 }
278
279 ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
280 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
281
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]282 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]283 ssl_set_dbg( &ssl, my_debug, stdout );
284 ssl_set_bio( &ssl, net_recv, &server_fd,
285 net_send, &server_fd );
286
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]287 ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]288
289 ssl_set_own_cert( &ssl, &clicert, &rsa );
290
291 ssl_set_hostname( &ssl, opt.server_name );
292
293 /*
294 * 4. Handshake
295 */
296 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
297 {
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]298 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]299 {
300 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
Paul Bakker9a736322012-11-14 12:39:52 +0000[diff] [blame^]301 ssl_free( &ssl );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]302 goto exit;
303 }
304 }
305
306 printf( " ok\n" );
307
308 /*
309 * 5. Print the certificate
310 */
311 printf( " . Peer certificate information ...\n" );
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]312 ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
313 ssl.session->peer_cert );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]314 if( ret == -1 )
315 {
316 printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
Paul Bakker9a736322012-11-14 12:39:52 +0000[diff] [blame^]317 ssl_free( &ssl );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]318 goto exit;
319 }
320
321 printf( "%s\n", buf );
322
323 ssl_close_notify( &ssl );
Paul Bakker9a736322012-11-14 12:39:52 +0000[diff] [blame^]324 ssl_free( &ssl );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]325 }
326 else
327 goto usage;
328
329exit:
330
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]331 if( server_fd )
332 net_close( server_fd );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]333 x509_free( &clicert );
334 rsa_free( &rsa );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]335
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]336#if defined(_WIN32)
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]337 printf( " + Press Enter to exit this program.\n" );
338 fflush( stdout ); getchar();
339#endif
340
341 return( ret );
342}
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]343#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]344 POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]345 POLARSSL_X509_PARSE_C && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */