TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / cce9d77745532ecbfd764393f606f4597c41d0e5 / . / programs / x509 / cert_app.c
blob: fca8bc6911bc4377fccb1b8169d4e9605dab186c [file] [log] [blame]
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]1/*
2 * Certificate reading application
3 *
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame^]4 * Copyright (C) 2006-2011, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]9 * All rights reserved.
10 *
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
30#include <string.h>
31#include <stdlib.h>
32#include <stdio.h>
33
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]34#include "polarssl/config.h"
35
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]36#include "polarssl/havege.h"
37#include "polarssl/net.h"
38#include "polarssl/ssl.h"
39#include "polarssl/x509.h"
40
41#define MODE_NONE 0
42#define MODE_FILE 1
43#define MODE_SSL 2
44
45#define DFL_MODE MODE_NONE
46#define DFL_FILENAME "cert.crt"
47#define DFL_SERVER_NAME "localhost"
48#define DFL_SERVER_PORT 4433
49#define DFL_DEBUG_LEVEL 0
50
51/*
52 * global options
53 */
54struct options
55{
56 int mode; /* the mode to run the application in */
57 char *filename; /* filename of the certificate file */
58 char *server_name; /* hostname of the server (client only) */
59 int server_port; /* port on which the ssl service runs */
60 int debug_level; /* level of debugging */
61} opt;
62
63void my_debug( void *ctx, int level, const char *str )
64{
65 if( level < opt.debug_level )
66 {
67 fprintf( (FILE *) ctx, "%s", str );
68 fflush( (FILE *) ctx );
69 }
70}
71
72#define USAGE \
73 "\n usage: cert_app param=<>...\n" \
74 "\n acceptable parameters:\n" \
75 " mode=file|ssl default: none\n" \
76 " filename=%%s default: cert.crt\n" \
77 " server_name=%%s default: localhost\n" \
78 " server_port=%%d default: 4433\n" \
79 " debug_level=%%d default: 0 (disabled)\n" \
80 "\n"
81
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]82#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \
83 !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
84 !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
85 !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO)
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame^]86int main( int argc, char *argv[] )
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]87{
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame^]88 ((void) argc);
89 ((void) argv);
90
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]91 printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or "
92 "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
93 "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
94 "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
95 return( 0 );
96}
97#else
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]98int main( int argc, char *argv[] )
99{
100 int ret = 0, server_fd;
101 unsigned char buf[1024];
102 havege_state hs;
103 ssl_context ssl;
104 ssl_session ssn;
105 x509_cert clicert;
106 rsa_context rsa;
107 int i, j, n;
108 char *p, *q;
109
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]110 /*
111 * Set to sane values
112 */
113 server_fd = 0;
114 memset( &ssl, 0, sizeof( ssl_context ) );
115 memset( &ssn, 0, sizeof( ssl_session ) );
116 memset( &clicert, 0, sizeof( x509_cert ) );
117 memset( &rsa, 0, sizeof( rsa_context ) );
118
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]119 if( argc == 0 )
120 {
121 usage:
122 printf( USAGE );
123 goto exit;
124 }
125
126 opt.mode = DFL_MODE;
127 opt.filename = DFL_FILENAME;
128 opt.server_name = DFL_SERVER_NAME;
129 opt.server_port = DFL_SERVER_PORT;
130 opt.debug_level = DFL_DEBUG_LEVEL;
131
132 for( i = 1; i < argc; i++ )
133 {
134 n = strlen( argv[i] );
135
136 for( j = 0; j < n; j++ )
137 {
138 if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
139 argv[i][j] |= 0x20;
140 }
141
142 p = argv[i];
143 if( ( q = strchr( p, '=' ) ) == NULL )
144 goto usage;
145 *q++ = '\0';
146
147 if( strcmp( p, "mode" ) == 0 )
148 {
149 if( strcmp( q, "file" ) == 0 )
150 opt.mode = MODE_FILE;
151 else if( strcmp( q, "ssl" ) == 0 )
152 opt.mode = MODE_SSL;
153 else
154 goto usage;
155 }
156 else if( strcmp( p, "filename" ) == 0 )
157 opt.filename = q;
158 else if( strcmp( p, "server_name" ) == 0 )
159 opt.server_name = q;
160 else if( strcmp( p, "server_port" ) == 0 )
161 {
162 opt.server_port = atoi( q );
163 if( opt.server_port < 1 || opt.server_port > 65535 )
164 goto usage;
165 }
166 else if( strcmp( p, "debug_level" ) == 0 )
167 {
168 opt.debug_level = atoi( q );
169 if( opt.debug_level < 0 || opt.debug_level > 65535 )
170 goto usage;
171 }
172 else
173 goto usage;
174 }
175
176 if( opt.mode == MODE_FILE )
177 {
178 x509_cert crt;
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]179 memset( &crt, 0, sizeof( x509_cert ) );
180
181 /*
182 * 1.1. Load the certificate
183 */
184 printf( "\n . Loading the certificate ..." );
185 fflush( stdout );
186
187 ret = x509parse_crtfile( &crt, opt.filename );
188
189 if( ret != 0 )
190 {
191 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
192 x509_free( &crt );
193 goto exit;
194 }
195
196 printf( " ok\n" );
197
198 /*
199 * 1.2 Print the certificate
200 */
201 printf( " . Peer certificate information ...\n" );
202 ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", &crt );
203 if( ret == -1 )
204 {
205 printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
206 x509_free( &crt );
207 goto exit;
208 }
209
210 printf( "%s\n", buf );
211
212 x509_free( &crt );
213 }
214 else if( opt.mode == MODE_SSL )
215 {
216 /*
217 * 1. Initialize the RNG and the session data
218 */
219 havege_init( &hs );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]220
221 /*
222 * 2. Start the connection
223 */
224 printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name,
225 opt.server_port );
226 fflush( stdout );
227
228 if( ( ret = net_connect( &server_fd, opt.server_name,
229 opt.server_port ) ) != 0 )
230 {
231 printf( " failed\n ! net_connect returned %d\n\n", ret );
232 goto exit;
233 }
234
235 /*
236 * 3. Setup stuff
237 */
238 if( ( ret = ssl_init( &ssl ) ) != 0 )
239 {
240 printf( " failed\n ! ssl_init returned %d\n\n", ret );
241 goto exit;
242 }
243
244 ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
245 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
246
247 ssl_set_rng( &ssl, havege_rand, &hs );
248 ssl_set_dbg( &ssl, my_debug, stdout );
249 ssl_set_bio( &ssl, net_recv, &server_fd,
250 net_send, &server_fd );
251
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]252 ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]253 ssl_set_session( &ssl, 1, 600, &ssn );
254
255 ssl_set_own_cert( &ssl, &clicert, &rsa );
256
257 ssl_set_hostname( &ssl, opt.server_name );
258
259 /*
260 * 4. Handshake
261 */
262 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
263 {
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]264 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]265 {
266 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
267 goto exit;
268 }
269 }
270
271 printf( " ok\n" );
272
273 /*
274 * 5. Print the certificate
275 */
276 printf( " . Peer certificate information ...\n" );
277 ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", ssl.peer_cert );
278 if( ret == -1 )
279 {
280 printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
281 goto exit;
282 }
283
284 printf( "%s\n", buf );
285
286 ssl_close_notify( &ssl );
287 }
288 else
289 goto usage;
290
291exit:
292
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]293 if( server_fd )
294 net_close( server_fd );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]295 x509_free( &clicert );
296 rsa_free( &rsa );
297 ssl_free( &ssl );
298
299 memset( &ssl, 0, sizeof( ssl ) );
300
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame^]301#if defined(_WIN32)
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]302 printf( " + Press Enter to exit this program.\n" );
303 fflush( stdout ); getchar();
304#endif
305
306 return( ret );
307}
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]308#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_SSL_TLS_C &&
309 POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
310 POLARSSL_X509_PARSE_C && POLARSSL_FS_IO */