TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / daba4f67cccf6fa2f4a71f6be3e5da353671412f / . / programs / ssl / dtls_server.c
blob: b2b0111141b2c9c71d6063bc9ab47a8d3d516019 [file] [log] [blame]
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]1/*
2 * Simple DTLS server demonstration program
3 *
Manuel Pégourié-Gonnard6fb81872015-07-27 11:11:48 +0200[diff] [blame]4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Bence Szépkútif744bd72020-06-05 13:02:18 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 *
7 * This file is provided under the Apache License 2.0, or the
8 * GNU General Public License v2.0 or later.
9 *
10 * **********
11 * Apache License 2.0:
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]24 *
Bence Szépkútif744bd72020-06-05 13:02:18 +0200[diff] [blame]25 * **********
26 *
27 * **********
28 * GNU General Public License v2.0 or later:
29 *
30 * This program is free software; you can redistribute it and/or modify
31 * it under the terms of the GNU General Public License as published by
32 * the Free Software Foundation; either version 2 of the License, or
33 * (at your option) any later version.
34 *
35 * This program is distributed in the hope that it will be useful,
36 * but WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38 * GNU General Public License for more details.
39 *
40 * You should have received a copy of the GNU General Public License along
41 * with this program; if not, write to the Free Software Foundation, Inc.,
42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43 *
44 * **********
45 *
Manuel Pégourié-Gonnarde4d48902015-03-06 13:40:52 +0000[diff] [blame]46 * This file is part of mbed TLS (https://tls.mbed.org)
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]47 */
48
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]49#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]50#include "mbedtls/config.h"
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]51#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]52#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]53#endif
54
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]55#if defined(MBEDTLS_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]56#include "mbedtls/platform.h"
Manuel Pégourié-Gonnardf2246782015-01-29 13:29:20 +0000[diff] [blame]57#else
Manuel Pégourié-Gonnarde3c41ad2015-05-13 10:04:32 +0200[diff] [blame]58#include <stdio.h>
Krzysztof Stachowiak3b0c4302019-04-24 14:24:46 +0200[diff] [blame]59#include <stdlib.h>
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]60#define mbedtls_printf printf
61#define mbedtls_fprintf fprintf
Simon Butcherdb0feca2016-05-17 00:03:14 +0100[diff] [blame]62#define mbedtls_time_t time_t
Manuel Pégourié-Gonnard3ef6a6d2018-12-10 14:31:45 +0100[diff] [blame]63#define mbedtls_exit exit
64#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
65#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
Manuel Pégourié-Gonnardf2246782015-01-29 13:29:20 +0000[diff] [blame]66#endif
67
Simon Butcher6fd96ad2018-05-12 18:23:32 +0100[diff] [blame]68/* Uncomment out the following line to default to IPv4 and disable IPv6 */
69//#define FORCE_IPV4
70
71#ifdef FORCE_IPV4
72#define BIND_IP "0.0.0.0" /* Forces IPv4 */
73#else
74#define BIND_IP "::"
75#endif
76
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]77#if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
78 !defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \
79 !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
80 !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
Manuel Pégourié-Gonnarde3c41ad2015-05-13 10:04:32 +0200[diff] [blame]81 !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
82 !defined(MBEDTLS_TIMING_C)
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]83
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]84int main( void )
85{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]86 printf( "MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
87 "MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
88 "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
89 "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
Manuel Pégourié-Gonnarde3c41ad2015-05-13 10:04:32 +0200[diff] [blame]90 "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
91 "MBEDTLS_TIMING_C not defined.\n" );
Krzysztof Stachowiak3b0c4302019-04-24 14:24:46 +0200[diff] [blame]92 mbedtls_exit( 0 );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]93}
94#else
95
96#if defined(_WIN32)
97#include <windows.h>
98#endif
99
100#include <string.h>
101#include <stdlib.h>
102#include <stdio.h>
103
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]104#include "mbedtls/entropy.h"
105#include "mbedtls/ctr_drbg.h"
106#include "mbedtls/certs.h"
107#include "mbedtls/x509.h"
108#include "mbedtls/ssl.h"
109#include "mbedtls/ssl_cookie.h"
Andres AG788aa4a2016-09-14 14:32:09 +0100[diff] [blame]110#include "mbedtls/net_sockets.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]111#include "mbedtls/error.h"
112#include "mbedtls/debug.h"
Manuel Pégourié-Gonnard56273da2015-05-26 12:19:45 +0200[diff] [blame]113#include "mbedtls/timing.h"
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]114
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]115#if defined(MBEDTLS_SSL_CACHE_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]116#include "mbedtls/ssl_cache.h"
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]117#endif
118
119#define READ_TIMEOUT_MS 10000 /* 5 seconds */
120#define DEBUG_LEVEL 0
121
Simon Butcher63cb97e2018-12-06 17:43:31 +0000[diff] [blame]122
Manuel Pégourié-Gonnard61ee3512015-06-23 17:35:03 +0200[diff] [blame]123static void my_debug( void *ctx, int level,
124 const char *file, int line,
125 const char *str )
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]126{
127 ((void) level);
128
Manuel Pégourié-Gonnard61ee3512015-06-23 17:35:03 +0200[diff] [blame]129 mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]130 fflush( (FILE *) ctx );
131}
132
133int main( void )
134{
135 int ret, len;
Manuel Pégourié-Gonnard5db64322015-06-30 15:40:39 +0200[diff] [blame]136 mbedtls_net_context listen_fd, client_fd;
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]137 unsigned char buf[1024];
138 const char *pers = "dtls_server";
139 unsigned char client_ip[16] = { 0 };
Manuel Pégourié-Gonnard0b104b02015-05-14 21:52:40 +0200[diff] [blame]140 size_t cliip_len;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]141 mbedtls_ssl_cookie_ctx cookie_ctx;
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]142
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]143 mbedtls_entropy_context entropy;
144 mbedtls_ctr_drbg_context ctr_drbg;
145 mbedtls_ssl_context ssl;
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]146 mbedtls_ssl_config conf;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]147 mbedtls_x509_crt srvcert;
148 mbedtls_pk_context pkey;
Manuel Pégourié-Gonnarde3c41ad2015-05-13 10:04:32 +0200[diff] [blame]149 mbedtls_timing_delay_context timer;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]150#if defined(MBEDTLS_SSL_CACHE_C)
151 mbedtls_ssl_cache_context cache;
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]152#endif
153
Manuel Pégourié-Gonnard5db64322015-06-30 15:40:39 +0200[diff] [blame]154 mbedtls_net_init( &listen_fd );
155 mbedtls_net_init( &client_fd );
Manuel Pégourié-Gonnard41d479e2015-04-29 00:48:22 +0200[diff] [blame]156 mbedtls_ssl_init( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]157 mbedtls_ssl_config_init( &conf );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]158 mbedtls_ssl_cookie_init( &cookie_ctx );
159#if defined(MBEDTLS_SSL_CACHE_C)
160 mbedtls_ssl_cache_init( &cache );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]161#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]162 mbedtls_x509_crt_init( &srvcert );
163 mbedtls_pk_init( &pkey );
164 mbedtls_entropy_init( &entropy );
Manuel Pégourié-Gonnardec160c02015-04-28 22:52:30 +0200[diff] [blame]165 mbedtls_ctr_drbg_init( &ctr_drbg );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]166
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]167#if defined(MBEDTLS_DEBUG_C)
168 mbedtls_debug_set_threshold( DEBUG_LEVEL );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]169#endif
170
171 /*
172 * 1. Load the certificates and private RSA key
173 */
174 printf( "\n . Loading the server cert. and key..." );
175 fflush( stdout );
176
177 /*
178 * This demonstration program uses embedded test certificates.
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]179 * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
180 * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]181 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]182 ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
183 mbedtls_test_srv_crt_len );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]184 if( ret != 0 )
185 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]186 printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]187 goto exit;
188 }
189
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]190 ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
191 mbedtls_test_cas_pem_len );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]192 if( ret != 0 )
193 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]194 printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]195 goto exit;
196 }
197
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]198 ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
199 mbedtls_test_srv_key_len, NULL, 0 );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]200 if( ret != 0 )
201 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]202 printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]203 goto exit;
204 }
205
206 printf( " ok\n" );
207
208 /*
209 * 2. Setup the "listening" UDP socket
210 */
211 printf( " . Bind on udp/*/4433 ..." );
212 fflush( stdout );
213
Simon Butcher6fd96ad2018-05-12 18:23:32 +0100[diff] [blame]214 if( ( ret = mbedtls_net_bind( &listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 )
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]215 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]216 printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]217 goto exit;
218 }
219
220 printf( " ok\n" );
221
222 /*
223 * 3. Seed the RNG
224 */
225 printf( " . Seeding the random number generator..." );
226 fflush( stdout );
227
Manuel Pégourié-Gonnardec160c02015-04-28 22:52:30 +0200[diff] [blame]228 if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]229 (const unsigned char *) pers,
230 strlen( pers ) ) ) != 0 )
231 {
Manuel Pégourié-Gonnardec160c02015-04-28 22:52:30 +0200[diff] [blame]232 printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]233 goto exit;
234 }
235
236 printf( " ok\n" );
237
238 /*
239 * 4. Setup stuff
240 */
241 printf( " . Setting up the DTLS data..." );
242 fflush( stdout );
243
Manuel Pégourié-Gonnard419d5ae2015-05-04 19:32:36 +0200[diff] [blame]244 if( ( ret = mbedtls_ssl_config_defaults( &conf,
245 MBEDTLS_SSL_IS_SERVER,
Manuel Pégourié-Gonnardb31c5f62015-06-17 13:53:47 +0200[diff] [blame]246 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
247 MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]248 {
249 mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
250 goto exit;
251 }
252
Manuel Pégourié-Gonnard6729e792015-05-11 09:50:24 +0200[diff] [blame]253 mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
254 mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]255
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]256#if defined(MBEDTLS_SSL_CACHE_C)
Manuel Pégourié-Gonnard6729e792015-05-11 09:50:24 +0200[diff] [blame]257 mbedtls_ssl_conf_session_cache( &conf, &cache,
Manuel Pégourié-Gonnard5cb33082015-05-06 18:06:26 +0100[diff] [blame]258 mbedtls_ssl_cache_get,
259 mbedtls_ssl_cache_set );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]260#endif
261
Manuel Pégourié-Gonnard6729e792015-05-11 09:50:24 +0200[diff] [blame]262 mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
263 if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]264 {
Manuel Pégourié-Gonnard6729e792015-05-11 09:50:24 +0200[diff] [blame]265 printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]266 goto exit;
267 }
268
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]269 if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
270 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]271 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]272 printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]273 goto exit;
274 }
275
Manuel Pégourié-Gonnard6729e792015-05-11 09:50:24 +0200[diff] [blame]276 mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]277 &cookie_ctx );
278
Manuel Pégourié-Gonnard06939ce2015-05-11 11:25:46 +0200[diff] [blame]279 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
280 {
281 printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
282 goto exit;
283 }
284
Manuel Pégourié-Gonnarde3c41ad2015-05-13 10:04:32 +0200[diff] [blame]285 mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
286 mbedtls_timing_get_delay );
287
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]288 printf( " ok\n" );
289
290reset:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]291#ifdef MBEDTLS_ERROR_C
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]292 if( ret != 0 )
293 {
294 char error_buf[100];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]295 mbedtls_strerror( ret, error_buf, 100 );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]296 printf("Last error was: %d - %s\n\n", ret, error_buf );
297 }
298#endif
299
Manuel Pégourié-Gonnard3d7d00a2015-06-30 15:55:03 +0200[diff] [blame]300 mbedtls_net_free( &client_fd );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]301
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]302 mbedtls_ssl_session_reset( &ssl );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]303
304 /*
305 * 3. Wait until a client connects
306 */
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]307 printf( " . Waiting for a remote connection ..." );
308 fflush( stdout );
309
Manuel Pégourié-Gonnard5db64322015-06-30 15:40:39 +0200[diff] [blame]310 if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
Manuel Pégourié-Gonnard0b104b02015-05-14 21:52:40 +0200[diff] [blame]311 client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]312 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]313 printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]314 goto exit;
315 }
316
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]317 /* For HelloVerifyRequest cookies */
Manuel Pégourié-Gonnard0b104b02015-05-14 21:52:40 +0200[diff] [blame]318 if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
319 client_ip, cliip_len ) ) != 0 )
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]320 {
321 printf( " failed\n ! "
Manuel Pégourié-Gonnard151dc772015-05-14 13:55:51 +0200[diff] [blame]322 "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]323 goto exit;
324 }
325
Manuel Pégourié-Gonnard1b511f92015-05-06 15:54:23 +0100[diff] [blame]326 mbedtls_ssl_set_bio( &ssl, &client_fd,
Manuel Pégourié-Gonnard97fd52c2015-05-06 15:38:52 +0100[diff] [blame]327 mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]328
329 printf( " ok\n" );
330
331 /*
332 * 5. Handshake
333 */
334 printf( " . Performing the DTLS handshake..." );
335 fflush( stdout );
336
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]337 do ret = mbedtls_ssl_handshake( &ssl );
Manuel Pégourié-Gonnard88369942015-05-06 16:19:31 +0100[diff] [blame]338 while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
339 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]340
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]341 if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]342 {
343 printf( " hello verification requested\n" );
344 ret = 0;
345 goto reset;
346 }
347 else if( ret != 0 )
348 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]349 printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]350 goto reset;
351 }
352
353 printf( " ok\n" );
354
355 /*
356 * 6. Read the echo Request
357 */
358 printf( " < Read from client:" );
359 fflush( stdout );
360
361 len = sizeof( buf ) - 1;
362 memset( buf, 0, sizeof( buf ) );
363
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]364 do ret = mbedtls_ssl_read( &ssl, buf, len );
Manuel Pégourié-Gonnard88369942015-05-06 16:19:31 +0100[diff] [blame]365 while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
366 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]367
368 if( ret <= 0 )
369 {
370 switch( ret )
371 {
Manuel Pégourié-Gonnard88369942015-05-06 16:19:31 +0100[diff] [blame]372 case MBEDTLS_ERR_SSL_TIMEOUT:
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]373 printf( " timeout\n\n" );
374 goto reset;
375
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]376 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]377 printf( " connection was closed gracefully\n" );
378 ret = 0;
379 goto close_notify;
380
381 default:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]382 printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]383 goto reset;
384 }
385 }
386
387 len = ret;
388 printf( " %d bytes read\n\n%s\n\n", len, buf );
389
390 /*
391 * 7. Write the 200 Response
392 */
393 printf( " > Write to client:" );
394 fflush( stdout );
395
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]396 do ret = mbedtls_ssl_write( &ssl, buf, len );
Manuel Pégourié-Gonnard88369942015-05-06 16:19:31 +0100[diff] [blame]397 while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
398 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]399
400 if( ret < 0 )
401 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]402 printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]403 goto exit;
404 }
405
406 len = ret;
407 printf( " %d bytes written\n\n%s\n\n", len, buf );
408
409 /*
410 * 8. Done, cleanly close the connection
411 */
412close_notify:
413 printf( " . Closing the connection..." );
414
415 /* No error checking, the connection might be closed already */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]416 do ret = mbedtls_ssl_close_notify( &ssl );
Manuel Pégourié-Gonnard88369942015-05-06 16:19:31 +0100[diff] [blame]417 while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]418 ret = 0;
419
420 printf( " done\n" );
421
422 goto reset;
423
424 /*
425 * Final clean-ups and exit
426 */
427exit:
428
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]429#ifdef MBEDTLS_ERROR_C
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]430 if( ret != 0 )
431 {
432 char error_buf[100];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]433 mbedtls_strerror( ret, error_buf, 100 );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]434 printf( "Last error was: %d - %s\n\n", ret, error_buf );
435 }
436#endif
437
Manuel Pégourié-Gonnard3d7d00a2015-06-30 15:55:03 +0200[diff] [blame]438 mbedtls_net_free( &client_fd );
439 mbedtls_net_free( &listen_fd );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]440
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]441 mbedtls_x509_crt_free( &srvcert );
442 mbedtls_pk_free( &pkey );
443 mbedtls_ssl_free( &ssl );
Manuel Pégourié-Gonnarddef0bbe2015-05-04 14:56:36 +0200[diff] [blame]444 mbedtls_ssl_config_free( &conf );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]445 mbedtls_ssl_cookie_free( &cookie_ctx );
446#if defined(MBEDTLS_SSL_CACHE_C)
447 mbedtls_ssl_cache_free( &cache );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]448#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]449 mbedtls_ctr_drbg_free( &ctr_drbg );
450 mbedtls_entropy_free( &entropy );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]451
452#if defined(_WIN32)
453 printf( " Press Enter to exit this program.\n" );
454 fflush( stdout ); getchar();
455#endif
456
457 /* Shell can not handle large exit numbers -> 1 for errors */
458 if( ret < 0 )
459 ret = 1;
460
Krzysztof Stachowiak3b0c4302019-04-24 14:24:46 +0200[diff] [blame]461 mbedtls_exit( ret );
Manuel Pégourié-Gonnarde63582a2014-10-14 11:47:21 +0200[diff] [blame]462}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]463#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
464 MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
465 MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C
Manuel Pégourié-Gonnarde3c41ad2015-05-13 10:04:32 +0200[diff] [blame]466 && MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */