TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c73079a78cd0a028375b5d0da4a0d471394278c3 / . / programs / ssl / ssl_server.c
blob: 5b86f9ba175ba3487b4ec345c3c1704011029346 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * SSL server demonstration program
3 *
Paul Bakker3c5ef712013-06-25 16:37:45 +0200[diff] [blame]4 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
Manuel Pégourié-Gonnardabd6e022013-09-20 13:30:43 +0200[diff] [blame]26#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]27
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]28#if defined(_WIN32)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]29#include <windows.h>
30#endif
31
32#include <string.h>
33#include <stdlib.h>
34#include <stdio.h>
35
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]36#include "polarssl/entropy.h"
37#include "polarssl/ctr_drbg.h"
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]38#include "polarssl/certs.h"
39#include "polarssl/x509.h"
40#include "polarssl/ssl.h"
41#include "polarssl/net.h"
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]42#include "polarssl/error.h"
Paul Bakkerc73079a2014-04-25 16:34:30 +0200[diff] [blame^]43#include "polarssl/debug.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]44
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]45#if defined(POLARSSL_SSL_CACHE_C)
46#include "polarssl/ssl_cache.h"
47#endif
48
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]49#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]50 !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]51 !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
52 !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]53 !defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]54int main( int argc, char *argv[] )
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]55{
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]56 ((void) argc);
57 ((void) argv);
58
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]59 printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]60 "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]61 "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]62 "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
63 "not defined.\n");
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]64 return( 0 );
65}
66#else
Paul Bakker9a97c5d2013-09-15 17:07:33 +0200[diff] [blame]67
68#define HTTP_RESPONSE \
69 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
70 "<h2>PolarSSL Test Server</h2>\r\n" \
71 "<p>Successful connection using: %s</p>\r\n"
72
73#define DEBUG_LEVEL 0
74
75static void my_debug( void *ctx, int level, const char *str )
76{
Paul Bakkerc73079a2014-04-25 16:34:30 +0200[diff] [blame^]77 ((void) level);
78
79 fprintf( (FILE *) ctx, "%s", str );
80 fflush( (FILE *) ctx );
Paul Bakker9a97c5d2013-09-15 17:07:33 +0200[diff] [blame]81}
82
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]83int main( int argc, char *argv[] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]84{
85 int ret, len;
86 int listen_fd;
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]87 int client_fd = -1;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]88 unsigned char buf[1024];
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]89 const char *pers = "ssl_server";
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]90
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]91 entropy_context entropy;
92 ctr_drbg_context ctr_drbg;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]93 ssl_context ssl;
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200[diff] [blame]94 x509_crt srvcert;
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200[diff] [blame]95 pk_context pkey;
Paul Bakkerd4324102012-09-26 08:29:38 +0000[diff] [blame]96#if defined(POLARSSL_SSL_CACHE_C)
97 ssl_cache_context cache;
98#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]99
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]100 ((void) argc);
101 ((void) argv);
102
Paul Bakker0c226102014-04-17 16:02:36 +0200[diff] [blame]103 memset( &ssl, 0, sizeof(ssl_context) );
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]104#if defined(POLARSSL_SSL_CACHE_C)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]105 ssl_cache_init( &cache );
106#endif
Paul Bakker0c226102014-04-17 16:02:36 +0200[diff] [blame]107 x509_crt_init( &srvcert );
108 pk_init( &pkey );
109 entropy_init( &entropy );
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]110
Paul Bakkerc73079a2014-04-25 16:34:30 +0200[diff] [blame^]111#if defined(POLARSSL_DEBUG_C)
112 debug_set_threshold( DEBUG_LEVEL );
113#endif
114
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]115 /*
116 * 1. Load the certificates and private RSA key
117 */
118 printf( "\n . Loading the server cert. and key..." );
119 fflush( stdout );
120
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]121 /*
122 * This demonstration program uses embedded test certificates.
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]123 * Instead, you may want to use x509_crt_parse_file() to read the
124 * server and CA certificates, as well as pk_parse_keyfile().
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]125 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]126 ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
127 strlen( test_srv_crt ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]128 if( ret != 0 )
129 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]130 printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]131 goto exit;
132 }
133
Manuel Pégourié-Gonnard641de712013-09-25 13:23:33 +0200[diff] [blame]134 ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
135 strlen( test_ca_list ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]136 if( ret != 0 )
137 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]138 printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]139 goto exit;
140 }
141
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]142 ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
143 strlen( test_srv_key ), NULL, 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]144 if( ret != 0 )
145 {
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]146 printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]147 goto exit;
148 }
149
150 printf( " ok\n" );
151
152 /*
153 * 2. Setup the listening TCP socket
154 */
155 printf( " . Bind on https://localhost:4433/ ..." );
156 fflush( stdout );
157
158 if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
159 {
160 printf( " failed\n ! net_bind returned %d\n\n", ret );
161 goto exit;
162 }
163
164 printf( " ok\n" );
165
166 /*
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]167 * 3. Seed the RNG
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]168 */
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]169 printf( " . Seeding the random number generator..." );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]170 fflush( stdout );
171
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]172 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]173 (const unsigned char *) pers,
174 strlen( pers ) ) ) != 0 )
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]175 {
176 printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
177 goto exit;
178 }
179
180 printf( " ok\n" );
181
182 /*
183 * 4. Setup stuff
184 */
185 printf( " . Setting up the SSL data...." );
186 fflush( stdout );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]187
188 if( ( ret = ssl_init( &ssl ) ) != 0 )
189 {
190 printf( " failed\n ! ssl_init returned %d\n\n", ret );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]191 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]192 }
193
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]194 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
195 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
196
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]197 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]198 ssl_set_dbg( &ssl, my_debug, stdout );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]199
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]200#if defined(POLARSSL_SSL_CACHE_C)
201 ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
202 ssl_cache_set, &cache );
203#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]204
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]205 ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200[diff] [blame]206 ssl_set_own_cert( &ssl, &srvcert, &pkey );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]207
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]208 printf( " ok\n" );
209
210reset:
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]211#ifdef POLARSSL_ERROR_C
212 if( ret != 0 )
213 {
214 char error_buf[100];
Paul Bakker03a8a792013-06-30 12:18:08 +0200[diff] [blame]215 polarssl_strerror( ret, error_buf, 100 );
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]216 printf("Last error was: %d - %s\n\n", ret, error_buf );
217 }
218#endif
219
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]220 if( client_fd != -1 )
221 net_close( client_fd );
222
223 ssl_session_reset( &ssl );
224
225 /*
226 * 3. Wait until a client connects
227 */
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]228 client_fd = -1;
229
230 printf( " . Waiting for a remote connection ..." );
231 fflush( stdout );
232
233 if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
234 {
235 printf( " failed\n ! net_accept returned %d\n\n", ret );
236 goto exit;
237 }
238
239 ssl_set_bio( &ssl, net_recv, &client_fd,
240 net_send, &client_fd );
241
242 printf( " ok\n" );
243
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]244 /*
245 * 5. Handshake
246 */
247 printf( " . Performing the SSL/TLS handshake..." );
248 fflush( stdout );
249
250 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
251 {
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]252 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]253 {
254 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]255 goto reset;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]256 }
257 }
258
259 printf( " ok\n" );
260
261 /*
262 * 6. Read the HTTP Request
263 */
264 printf( " < Read from client:" );
265 fflush( stdout );
266
267 do
268 {
269 len = sizeof( buf ) - 1;
270 memset( buf, 0, sizeof( buf ) );
271 ret = ssl_read( &ssl, buf, len );
272
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]273 if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]274 continue;
275
276 if( ret <= 0 )
277 {
278 switch( ret )
279 {
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]280 case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]281 printf( " connection was closed gracefully\n" );
282 break;
283
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]284 case POLARSSL_ERR_NET_CONN_RESET:
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]285 printf( " connection was reset by peer\n" );
286 break;
287
288 default:
Paul Bakker6f3578c2012-04-16 06:46:01 +0000[diff] [blame]289 printf( " ssl_read returned -0x%x\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]290 break;
291 }
292
293 break;
294 }
295
296 len = ret;
297 printf( " %d bytes read\n\n%s", len, (char *) buf );
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]298
299 if( ret > 0 )
300 break;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]301 }
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]302 while( 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]303
304 /*
305 * 7. Write the 200 Response
306 */
307 printf( " > Write to client:" );
308 fflush( stdout );
309
310 len = sprintf( (char *) buf, HTTP_RESPONSE,
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]311 ssl_get_ciphersuite( &ssl ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]312
313 while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
314 {
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]315 if( ret == POLARSSL_ERR_NET_CONN_RESET )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]316 {
317 printf( " failed\n ! peer closed the connection\n\n" );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]318 goto reset;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]319 }
320
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]321 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]322 {
323 printf( " failed\n ! ssl_write returned %d\n\n", ret );
324 goto exit;
325 }
326 }
327
328 len = ret;
329 printf( " %d bytes written\n\n%s\n", len, (char *) buf );
Manuel Pégourié-Gonnard6b0d2682014-03-25 11:24:43 +0100[diff] [blame]330
331 printf( " . Closing the connection..." );
332
333 while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
334 {
335 if( ret != POLARSSL_ERR_NET_WANT_READ &&
336 ret != POLARSSL_ERR_NET_WANT_WRITE )
337 {
338 printf( " failed\n ! ssl_close_notify returned %d\n\n", ret );
339 goto reset;
340 }
341 }
342
343 printf( " ok\n" );
344
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]345 ret = 0;
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]346 goto reset;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]347
348exit:
349
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]350#ifdef POLARSSL_ERROR_C
351 if( ret != 0 )
352 {
353 char error_buf[100];
Paul Bakker03a8a792013-06-30 12:18:08 +0200[diff] [blame]354 polarssl_strerror( ret, error_buf, 100 );
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]355 printf("Last error was: %d - %s\n\n", ret, error_buf );
356 }
357#endif
358
Paul Bakker0c226102014-04-17 16:02:36 +0200[diff] [blame]359 if( client_fd != -1 )
360 net_close( client_fd );
361
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]362 x509_crt_free( &srvcert );
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200[diff] [blame]363 pk_free( &pkey );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]364 ssl_free( &ssl );
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]365#if defined(POLARSSL_SSL_CACHE_C)
366 ssl_cache_free( &cache );
367#endif
Paul Bakker1ffefac2013-09-28 15:23:03 +0200[diff] [blame]368 entropy_free( &entropy );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]369
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]370#if defined(_WIN32)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]371 printf( " Press Enter to exit this program.\n" );
372 fflush( stdout ); getchar();
373#endif
374
375 return( ret );
376}
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]377#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C &&
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]378 POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]379 POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C */