Ashley Mills
DTLS example using CyaSSL 2.7.0 and x509 certs. Doesn't work at present due to DTLS handshake failure. Debugging.
Dependencies: NTPClient VodafoneUSBModem cyassl-lib mbed-rtos mbed-src
Diff: main.cpp
- Revision:
- 0:35b690909566
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/main.cpp Thu Sep 05 15:56:41 2013 +0000
@@ -0,0 +1,366 @@
+#define __DEBUG__ 4 //Maximum verbosity
+#ifndef __MODULE__
+#define __MODULE__ "main.cpp"
+#endif
+
+#define DEBUG_CYASSL 1
+#include "bsd_socket.h"
+#include "mbed.h"
+#include "rtos.h"
+#include "dbg.h"
+#include "cyassl/ssl.h"
+#include "VodafoneUSBModem.h"
+//#include "EthernetInterface.h"
+#include "NTPClient.h"
+
+#include "logging.h"
+
+#define APN_GDSP
+
+#ifdef APN_GDSP
+ #define APN "ppinternetd.gdsp"
+ #define APN_USERNAME ""
+ #define APN_PASSWORD ""
+#endif
+
+#ifdef APN_CONTRACT
+ #define APN "internet"
+ #define APN_USERNAME "web"
+ #define APN_PASSWORD "web"
+#endif
+
+#ifdef APN_PAYG
+ #define APN "smart"
+ #define APN_USERNAME "web"
+ #define APN_PASSWORD "web"
+#endif
+
+#include "certs/device_certificate.h"
+#include "certs/device_private_key.h"
+#include "certs/root_certificate.h"
+
+#include <cyassl/ctaocrypt/types.h>
+
+
+static INLINE unsigned int my_psk_client_cb(CYASSL* ssl, const char* hint,
+ char* identity, unsigned int id_max_len, unsigned char* key,
+ unsigned int key_max_len)
+{
+ (void)ssl;
+ (void)hint;
+ (void)key_max_len;
+
+ DBG("PSK client callback callled.");
+
+ // identity is OpenSSL testing default for openssl s_client, keep same
+ strncpy(identity, "Client_identity", id_max_len);
+
+
+ // test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
+ // unsigned binary
+ key[0] = 26;
+ key[1] = 43;
+ key[2] = 60;
+ key[3] = 77;
+
+ return 4; // length of key in octets or 0 for error
+}
+/*
+
+static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
+ unsigned char* key, unsigned int key_max_len)
+{
+ (void)ssl;
+ (void)key_max_len;
+
+
+ DBG("PSK server callback called.");
+
+ // identity is OpenSSL testing default for openssl s_client, keep same
+ if (strncmp(identity, "Client_identity", 15) != 0)
+ return 0;
+
+ // test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
+ // unsigned binary
+ key[0] = 26;
+ key[1] = 43;
+ key[2] = 60;
+ key[3] = 77;
+
+ return 4; // length of key in octets or 0 for error
+}
+*/
+
+sockaddr_in bindAddr,serverAddress;
+
+bool connectToSocketUDP(char *ipAddress, int port, int *sockfd) {
+ *sockfd = -1;
+ // create the socket
+ if((*sockfd=socket(AF_INET,SOCK_DGRAM,0))<0) {
+ DBG("Error opening socket");
+ return false;
+ }
+ socklen_t sockAddrInLen = sizeof(struct sockaddr_in);
+
+ // bind socket to 11111
+ memset(&bindAddr, 0x00, sockAddrInLen);
+ bindAddr.sin_family = AF_INET; // IP family
+ bindAddr.sin_port = htons(11111);
+ bindAddr.sin_addr.s_addr = IPADDR_ANY; // 32 bit IP representation
+ // call bind
+ if(bind(*sockfd,(const struct sockaddr *)&bindAddr,sockAddrInLen)!=0) {
+ DBG("Error binding socket");
+ perror(NULL);
+ }
+
+ INFO("UDP socket created and bound to: %s:%d",inet_ntoa(bindAddr.sin_addr),ntohs(bindAddr.sin_port));
+
+ // create the socket address
+
+ memset(&serverAddress, 0x00, sizeof(struct sockaddr_in));
+ serverAddress.sin_addr.s_addr = inet_addr(ipAddress);
+ serverAddress.sin_family = AF_INET;
+ serverAddress.sin_port = htons(port);
+
+ // do socket connect
+ //LOG("Connecting socket to %s:%d", inet_ntoa(serverAddress.sin_addr), ntohs(serverAddress.sin_port));
+ if(connect(*sockfd, (const struct sockaddr *)&serverAddress, sizeof(serverAddress))<0) {
+ shutdown(*sockfd,SHUT_RDWR);
+ close(*sockfd);
+ DBG("Could not connect");
+ return false;
+ }
+ return true;
+}
+
+bool connectToSocket(char *ipAddress, int port, int *sockfd) {
+ *sockfd = -1;
+ // create the socket
+ if((*sockfd=socket(AF_INET,SOCK_STREAM,0))<0) {
+ DBG("Error opening socket");
+ return false;
+ }
+
+ // create the socket address
+ sockaddr_in serverAddress;
+ std::memset(&serverAddress, 0, sizeof(struct sockaddr_in));
+ serverAddress.sin_addr.s_addr = inet_addr(ipAddress);
+ serverAddress.sin_family = AF_INET;
+ serverAddress.sin_port = htons(port);
+
+ // do socket connect
+ //LOG("Connecting socket to %s:%d", inet_ntoa(serverAddress.sin_addr), ntohs(serverAddress.sin_port));
+ if(connect(*sockfd, (const struct sockaddr *)&serverAddress, sizeof(serverAddress))<0) {
+ shutdown(*sockfd,SHUT_RDWR);
+ close(*sockfd);
+ DBG("Could not connect");
+ return false;
+ }
+ return true;
+}
+/*
+int handshakeCallback(HandShakeInfo* hinfo) {
+ DBG("Handshake callback called");
+}
+int timeoutCallback(TimeoutInfo *tinfo) {
+ DBG("Timeout callback called");
+}
+*/
+
+
+DigitalOut myled(LED1);
+//#define INTERFACE EthernetInterface
+#define INTERFACE VodafoneUSBModem
+
+void printError(CYASSL *ssl, int resultCode) {
+ int err = CyaSSL_get_error(ssl, resultCode);
+ char errorString[80];
+ CyaSSL_ERR_error_string(err, errorString);
+ DBG("Error: CyaSSL_write %s", errorString);
+}
+
+void debugCallback(const int logLevel,const char *const logMessage) {
+ DBG(logMessage);
+}
+
+
+int main() {
+ DBG_INIT();
+ DBG_SET_SPEED(115200);
+ DBG_SET_NEWLINE("\r\n");
+ DBG("\r\n\r\n\r\n\r\n");
+
+ int ret = 0;
+
+ // init modem
+ INTERFACE modem;
+ // connnect modem to cellular network
+ DBG("connecting to network interface");
+ if(modem.connect(APN,APN_USERNAME,APN_PASSWORD)!=0) {
+ DBG("Error connecting to mobile network");
+ }
+ /*
+ modem.init();
+ if(modem.connect(10000)) {
+ DBG("Error initialising ethernet interface");
+ }
+ */
+ DBG("Connected to network interface");
+
+ //DBG("IP: %s",modem.getIPAddress());
+
+ // need to set the time before doing anything else
+ NTPClient ntp;
+ time_t currentTime = time(NULL);
+ int obtainedTimeSuccessfully = false;
+ // try 100 times and then just force a watchdog reboot
+ for(int i=0; i<100; i++) {
+ obtainedTimeSuccessfully = false;
+
+ if(ntp.setTime("0.pool.ntp.org")==0) {
+ // there is a bug from somewhere which results in a negative timestamp
+ currentTime = time(NULL);
+ if(currentTime>0) {
+ obtainedTimeSuccessfully = true;
+ INFO("Time set successfully, time is now (UTC): %s", ctime(¤tTime));
+ }
+ }
+ if(obtainedTimeSuccessfully) {
+ break;
+ }
+ }
+
+
+ // set SSL method to SSL v3 (TLS v1.2)
+ //CyaSSLv23_client_method();
+
+ CyaSSL_Init();// Initialize CyaSSL
+ if(CyaSSL_Debugging_ON()==0) {
+ DBG("CyaSSL debugging enabled");
+ } else {
+ DBG("CyaSSL debugging not compiled in");
+ }
+
+ CyaSSL_SetLoggingCb(&debugCallback);
+
+
+
+ // set client method
+
+ // TLS
+ //CYASSL_CTX* ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
+
+ // DTLS
+ CYASSL_METHOD* method = CyaDTLSv1_2_client_method();
+ if(method == NULL) {
+ // unable to get method
+ }
+ CYASSL_CTX* ctx;
+ ctx = CyaSSL_CTX_new(method);
+ if(ctx == NULL){
+ DBG("CyaSSL_CTX_new error.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ DBG("Setup SSL context");
+
+
+
+
+ // use pre-shared keys
+ //CyaSSL_CTX_set_psk_client_callback(ctx,my_psk_client_cb);
+ /*
+ if(CyaSSL_CTX_load_verify_buffer(ctx, serverCert, strlen((const char*)serverCert),SSL_FILETYPE_PEM)==0) {
+ DBG("loaded server cert OK");
+ }*/
+
+
+ // load certificates for CA and us
+ // load CA cert
+ ret = CyaSSL_CTX_load_verify_buffer(ctx,rootCertificate, rootCertificateLength,SSL_FILETYPE_ASN1);
+ // load device cert
+ ret = CyaSSL_CTX_use_certificate_buffer(ctx, deviceCertificate, deviceCertificateLength, SSL_FILETYPE_ASN1);
+ // load device private key
+ ret = CyaSSL_CTX_use_PrivateKey_buffer(ctx, devicePrivateKey, devicePrivateKeyLength, SSL_FILETYPE_ASN1);
+
+
+ int sockfd = NULL;
+ //if(!connectToSocketUDP("192.168.1.99", 11111, &sockfd)) {
+ if(!connectToSocketUDP("95.47.118.120", 11111, &sockfd)) {
+ DBG("Error connecting to socket");
+ }
+
+ /*
+ // connect to SSL enabled webserver
+ int sockfd = NULL;
+ if(!connectToSocket("95.47.118.120", 11111, &sockfd)) {
+ DBG("Error connecting to socket");
+ }
+ DBG("Connected to non-SSL socket");
+ */
+
+ // hook into SSL
+ // Create CYASSL object
+ CYASSL* ssl;
+ ssl = CyaSSL_new(ctx);
+ if(ssl == NULL) {
+ DBG("CyaSSL_new error.");
+ exit(EXIT_FAILURE);
+ }
+ DBG("CyaSSL_new OK");
+
+ // setup callbacks for handshake failure
+ /*
+ Timeval timeout;
+ timeout.tv_sec = 5;
+ timeout.tv_usec = 0;
+ ret = CyaSSL_connect_ex(ssl, handshakeCallback, timeoutCallback, timeout);
+ */
+
+ // attach to socket
+ DBG("Attaching CyaSSL to socket");
+ CyaSSL_set_fd(ssl, sockfd);
+ DBG("Attached CyaSSL to socket");
+
+ // DTLS stuff
+ ret = CyaSSL_dtls_set_peer(ssl, &serverAddress, sizeof(serverAddress));
+ if(ret != SSL_SUCCESS) {
+ // failed to set DTLS peer
+ DBG("Failed to set DTLS peer");
+ }
+
+ ret = CyaSSL_dtls(ssl);
+ if(ret) {
+ // SSL session has been configured to use DTLS
+ DBG("DTLS configured");
+ } else {
+ DBG("DTLS not configured");
+ }
+
+
+
+ DBG("Issuing CyaSSL_connect");
+ int result = CyaSSL_connect(ssl);
+ if(result!=SSL_SUCCESS) {
+ DBG("CyaSSL_connect failed");
+ printError(ssl,result);
+ }
+ DBG("CyaSSL_connect OK");
+
+ result = CyaSSL_write(ssl,"onion",5);
+ DBG("Wrote %d things",result);
+ if(result<0) {
+ printError(ssl,result);
+ }
+
+ char buffer[200];
+ int d =0;
+ if((d=CyaSSL_read(ssl, &buffer, 200))>0) {
+ DBG("Received %d bytes: %s",d,buffer);
+ }
+
+ // clean up
+ CyaSSL_CTX_free(ctx);
+ CyaSSL_Cleanup();
+
+}
\ No newline at end of file