wolf SSL / Mbed OS Example-TLSClient

Simple TLS Client with wolfSSL

Dependencies:   wolfSSL

client-tls.cpp@107:b989df522437, 2020-06-05 (annotated)

Committer:
wolfSSL
Date:
Fri Jun 05 00:32:49 2020 +0000
Revision:
107:b989df522437
wolfSSL4.4.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 107:b989df522437 1 /* client-tcp.c
wolfSSL 107:b989df522437 2 *
wolfSSL 107:b989df522437 3 * Copyright (C) 2006-2017 wolfSSL Inc.
wolfSSL 107:b989df522437 4 *
wolfSSL 107:b989df522437 5 * This file is part of wolfSSL. (formerly known as CyaSSL)
wolfSSL 107:b989df522437 6 *
wolfSSL 107:b989df522437 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 107:b989df522437 8 * it under the terms of the GNU General Public License as published by
wolfSSL 107:b989df522437 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 107:b989df522437 10 * (at your option) any later version.
wolfSSL 107:b989df522437 11 *
wolfSSL 107:b989df522437 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 107:b989df522437 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 107:b989df522437 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 107:b989df522437 15 * GNU General Public License for more details.
wolfSSL 107:b989df522437 16 *
wolfSSL 107:b989df522437 17 * You should have received a copy of the GNU General Public License
wolfSSL 107:b989df522437 18 * along with this program; if not, write to the Free Software
wolfSSL 107:b989df522437 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 107:b989df522437 20 */
wolfSSL 107:b989df522437 21
wolfSSL 107:b989df522437 22 #include "mbed.h"
wolfSSL 107:b989df522437 23
wolfSSL 107:b989df522437 24 #include <stdio.h>
wolfSSL 107:b989df522437 25 #include <stdlib.h>
wolfSSL 107:b989df522437 26 #include <string.h>
wolfSSL 107:b989df522437 27
wolfSSL 107:b989df522437 28 #include <wolfssl/ssl.h> /* wolfSSL security library */
wolfSSL 107:b989df522437 29 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 107:b989df522437 30 #include <wolfssl/certs_test.h> /* memory image test certs */
wolfSSL 107:b989df522437 31 #include <user_settings.h>
wolfSSL 107:b989df522437 32
wolfSSL 107:b989df522437 33 #define MAXDATASIZE (1024*4)
wolfSSL 107:b989df522437 34
wolfSSL 107:b989df522437 35 static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock)
wolfSSL 107:b989df522437 36 {
wolfSSL 107:b989df522437 37 int recvd;
wolfSSL 107:b989df522437 38
wolfSSL 107:b989df522437 39 recvd = ((TCPSocket *)sock)->recv(buf, sz) ;
wolfSSL 107:b989df522437 40 if(recvd > 0)return recvd;
wolfSSL 107:b989df522437 41 else if (recvd == 0) {
wolfSSL 107:b989df522437 42 return WOLFSSL_CBIO_ERR_CONN_CLOSE;
wolfSSL 107:b989df522437 43 }
wolfSSL 107:b989df522437 44 else if (recvd == EWOULDBLOCK) /* for non-blocing */
wolfSSL 107:b989df522437 45 return WOLFSSL_CBIO_ERR_WANT_READ;
wolfSSL 107:b989df522437 46 else
wolfSSL 107:b989df522437 47 return WOLFSSL_CBIO_ERR_GENERAL;
wolfSSL 107:b989df522437 48 }
wolfSSL 107:b989df522437 49
wolfSSL 107:b989df522437 50 static int SocketSend(WOLFSSL* ssl, char *buf, int sz, void *sock)
wolfSSL 107:b989df522437 51 {
wolfSSL 107:b989df522437 52 int sent;
wolfSSL 107:b989df522437 53 sent = ((TCPSocket *)sock)->send(buf, sz);
wolfSSL 107:b989df522437 54
wolfSSL 107:b989df522437 55 if(sent > 0)return sent;
wolfSSL 107:b989df522437 56 else if (sent == 0) {
wolfSSL 107:b989df522437 57 return WOLFSSL_CBIO_ERR_CONN_CLOSE;
wolfSSL 107:b989df522437 58 }
wolfSSL 107:b989df522437 59 else if (sent == EWOULDBLOCK) /* for non-blocing */
wolfSSL 107:b989df522437 60 return WOLFSSL_CBIO_ERR_WANT_WRITE;
wolfSSL 107:b989df522437 61 else
wolfSSL 107:b989df522437 62 return WOLFSSL_CBIO_ERR_GENERAL;
wolfSSL 107:b989df522437 63 }
wolfSSL 107:b989df522437 64
wolfSSL 107:b989df522437 65
wolfSSL 107:b989df522437 66
wolfSSL 107:b989df522437 67 static int getline(char *prompt, char *buff, int size)
wolfSSL 107:b989df522437 68 {
wolfSSL 107:b989df522437 69 int sz ;
wolfSSL 107:b989df522437 70
wolfSSL 107:b989df522437 71 printf("%s", prompt) ;
wolfSSL 107:b989df522437 72 for(sz = 0 ; (sz < size) && ((*buff = getchar()) != '\r'); sz++, buff++) {
wolfSSL 107:b989df522437 73 putchar(*buff) ;
wolfSSL 107:b989df522437 74 if(*buff == '\\') {
wolfSSL 107:b989df522437 75 if(++sz >= size)break ;
wolfSSL 107:b989df522437 76 *buff = getchar() ;
wolfSSL 107:b989df522437 77 putchar(*buff) ;
wolfSSL 107:b989df522437 78 switch(*buff) {
wolfSSL 107:b989df522437 79 case 'n' :
wolfSSL 107:b989df522437 80 *buff = '\n' ;
wolfSSL 107:b989df522437 81 break ;
wolfSSL 107:b989df522437 82 case 'r' :
wolfSSL 107:b989df522437 83 *buff = '\r' ;
wolfSSL 107:b989df522437 84 break ;
wolfSSL 107:b989df522437 85 case 't' :
wolfSSL 107:b989df522437 86 *buff = '\t' ;
wolfSSL 107:b989df522437 87 break ;
wolfSSL 107:b989df522437 88 case '\\':
wolfSSL 107:b989df522437 89 *buff = '\\' ;
wolfSSL 107:b989df522437 90 break ;
wolfSSL 107:b989df522437 91 default:
wolfSSL 107:b989df522437 92 buff[1] = buff[0] ;
wolfSSL 107:b989df522437 93 buff[0] = '\\' ;
wolfSSL 107:b989df522437 94 buff++ ;
wolfSSL 107:b989df522437 95 }
wolfSSL 107:b989df522437 96 } else if(*buff == '\b') {
wolfSSL 107:b989df522437 97 if(sz >= 2) {
wolfSSL 107:b989df522437 98 buff-=2 ;
wolfSSL 107:b989df522437 99 sz-=2;
wolfSSL 107:b989df522437 100 }
wolfSSL 107:b989df522437 101 }
wolfSSL 107:b989df522437 102 } ;
wolfSSL 107:b989df522437 103 putchar('\n') ;
wolfSSL 107:b989df522437 104 *buff = '\0' ;
wolfSSL 107:b989df522437 105 return sz ;
wolfSSL 107:b989df522437 106 }
wolfSSL 107:b989df522437 107
wolfSSL 107:b989df522437 108 /*
wolfSSL 107:b989df522437 109 * clients initial contact with server. Socket to connect to: sock
wolfSSL 107:b989df522437 110 */
wolfSSL 107:b989df522437 111 int ClientGreet(TCPSocket *socket, WOLFSSL *ssl)
wolfSSL 107:b989df522437 112 {
wolfSSL 107:b989df522437 113 /* data to send to the server, data recieved from the server */
wolfSSL 107:b989df522437 114 char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
wolfSSL 107:b989df522437 115 int ret ;
wolfSSL 107:b989df522437 116
wolfSSL 107:b989df522437 117 ret = getline("Message for server: ", sendBuff, MAXDATASIZE);
wolfSSL 107:b989df522437 118 printf("Send[%d]:\n%s\n", ret, sendBuff) ;
wolfSSL 107:b989df522437 119 if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) < 0) {
wolfSSL 107:b989df522437 120 /* the message is not able to send, or error trying */
wolfSSL 107:b989df522437 121 ret = wolfSSL_get_error(ssl, 0);
wolfSSL 107:b989df522437 122 printf("Write error[%d]\n", ret, wc_GetErrorString(ret));
wolfSSL 107:b989df522437 123 return EXIT_FAILURE;
wolfSSL 107:b989df522437 124 }
wolfSSL 107:b989df522437 125
wolfSSL 107:b989df522437 126 if ((ret = wolfSSL_read(ssl, rcvBuff, sizeof(rcvBuff)-1)) < 0) {
wolfSSL 107:b989df522437 127 /* the server failed to send data, or error trying */
wolfSSL 107:b989df522437 128 ret = wolfSSL_get_error(ssl, 0);
wolfSSL 107:b989df522437 129 printf("Read error[%d], %s\n", ret, wc_GetErrorString(ret));
wolfSSL 107:b989df522437 130 return EXIT_FAILURE;
wolfSSL 107:b989df522437 131 }
wolfSSL 107:b989df522437 132 rcvBuff[ret] = '\0' ;
wolfSSL 107:b989df522437 133 printf("Recieved: %s\n", rcvBuff);
wolfSSL 107:b989df522437 134
wolfSSL 107:b989df522437 135 return ret;
wolfSSL 107:b989df522437 136 }
wolfSSL 107:b989df522437 137
wolfSSL 107:b989df522437 138
wolfSSL 107:b989df522437 139 /*
wolfSSL 107:b989df522437 140 * applies TLS 1.2 security layer to data being sent.
wolfSSL 107:b989df522437 141 */
wolfSSL 107:b989df522437 142 int Security(TCPSocket *socket)
wolfSSL 107:b989df522437 143 {
wolfSSL 107:b989df522437 144 WOLFSSL_METHOD* method = 0;
wolfSSL 107:b989df522437 145 WOLFSSL_CTX* ctx = 0;
wolfSSL 107:b989df522437 146 WOLFSSL* ssl = 0; /* create WOLFSSL object */
wolfSSL 107:b989df522437 147 int ret = 0;
wolfSSL 107:b989df522437 148
wolfSSL 107:b989df522437 149 const unsigned char *cert = ca_cert_der_2048;
wolfSSL 107:b989df522437 150 int sizeof_cert = sizeof_ca_cert_der_2048;
wolfSSL 107:b989df522437 151
wolfSSL 107:b989df522437 152 #ifdef WOLFSSL_TLS13
wolfSSL 107:b989df522437 153 char tls_version[2];
wolfSSL 107:b989df522437 154 int tlsVer = 0 ;
wolfSSL 107:b989df522437 155
wolfSSL 107:b989df522437 156 while((tlsVer != 2) && (tlsVer != 3)){
wolfSSL 107:b989df522437 157 getline("TLS ver(2/3): ", tls_version, sizeof(tls_version)) ;
wolfSSL 107:b989df522437 158 tlsVer = atoi(tls_version);
wolfSSL 107:b989df522437 159 }
wolfSSL 107:b989df522437 160 if(tlsVer == 3)method = wolfTLSv1_3_client_method();
wolfSSL 107:b989df522437 161 else method = wolfTLSv1_2_client_method();
wolfSSL 107:b989df522437 162 #else
wolfSSL 107:b989df522437 163 method = wolfTLSv1_2_client_method();
wolfSSL 107:b989df522437 164 #endif
wolfSSL 107:b989df522437 165
wolfSSL 107:b989df522437 166 /* create and initiLize WOLFSSL_CTX structure */
wolfSSL 107:b989df522437 167 if ((ctx = wolfSSL_CTX_new(method)) == NULL) {
wolfSSL 107:b989df522437 168 printf("SSL_CTX_new error.\n");
wolfSSL 107:b989df522437 169 return EXIT_FAILURE;
wolfSSL 107:b989df522437 170 }
wolfSSL 107:b989df522437 171 wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
wolfSSL 107:b989df522437 172 wolfSSL_SetIORecv(ctx, SocketReceive) ;
wolfSSL 107:b989df522437 173 wolfSSL_SetIOSend(ctx, SocketSend) ;
wolfSSL 107:b989df522437 174 if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
wolfSSL 107:b989df522437 175 sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1))!= WOLFSSL_SUCCESS){
wolfSSL 107:b989df522437 176 printf("can't load buffer ca file(%d)\n", ret);
wolfSSL 107:b989df522437 177 return EXIT_FAILURE;
wolfSSL 107:b989df522437 178 }
wolfSSL 107:b989df522437 179 if ((ssl = wolfSSL_new(ctx)) == NULL) {
wolfSSL 107:b989df522437 180 printf("wolfSSL_new error.\n");
wolfSSL 107:b989df522437 181 return EXIT_FAILURE;
wolfSSL 107:b989df522437 182 }
wolfSSL 107:b989df522437 183
wolfSSL 107:b989df522437 184 wolfSSL_SetIOReadCtx(ssl, (void *)socket) ;
wolfSSL 107:b989df522437 185 wolfSSL_SetIOWriteCtx(ssl, (void *)socket) ;
wolfSSL 107:b989df522437 186
wolfSSL 107:b989df522437 187 ret = wolfSSL_connect(ssl);
wolfSSL 107:b989df522437 188 if (ret == SSL_SUCCESS) {
wolfSSL 107:b989df522437 189 printf("TLS Connected\n") ;
wolfSSL 107:b989df522437 190 ret = ClientGreet(socket, ssl);
wolfSSL 107:b989df522437 191 } else {
wolfSSL 107:b989df522437 192 ret = wolfSSL_get_error(ssl, 0);
wolfSSL 107:b989df522437 193 printf("TLS Connect error[%d], %s\n", ret, wc_GetErrorString(ret));
wolfSSL 107:b989df522437 194 return EXIT_FAILURE;
wolfSSL 107:b989df522437 195 }
wolfSSL 107:b989df522437 196 /* frees all data before client termination */
wolfSSL 107:b989df522437 197 wolfSSL_shutdown(ssl);
wolfSSL 107:b989df522437 198 wolfSSL_free(ssl);
wolfSSL 107:b989df522437 199 wolfSSL_CTX_free(ctx);
wolfSSL 107:b989df522437 200 wolfSSL_Cleanup();
wolfSSL 107:b989df522437 201
wolfSSL 107:b989df522437 202 return ret;
wolfSSL 107:b989df522437 203 }
wolfSSL 107:b989df522437 204
wolfSSL 107:b989df522437 205 /*
wolfSSL 107:b989df522437 206 * command line argumentCount and argumentValues
wolfSSL 107:b989df522437 207 */
wolfSSL 107:b989df522437 208 void net_main(const void *av)
wolfSSL 107:b989df522437 209 {
wolfSSL 107:b989df522437 210 char server_addr[40] ;
wolfSSL 107:b989df522437 211 char server_port[10] ;
wolfSSL 107:b989df522437 212 NetworkInterface *net;
wolfSSL 107:b989df522437 213 SocketAddress a;
wolfSSL 107:b989df522437 214 TCPSocket socket;
wolfSSL 107:b989df522437 215 int port;
wolfSSL 107:b989df522437 216
wolfSSL 107:b989df522437 217 printf("Starting TLS Client,...\n") ;
wolfSSL 107:b989df522437 218 wolfSSL_Init(); /* initialize wolfSSL */
wolfSSL 107:b989df522437 219 /* wolfSSL_Debugging_ON(); */
wolfSSL 107:b989df522437 220 net = NetworkInterface::get_default_instance();
wolfSSL 107:b989df522437 221 if (!net) {
wolfSSL 107:b989df522437 222 printf("Error! No network inteface found.\n");
wolfSSL 107:b989df522437 223 return;
wolfSSL 107:b989df522437 224 }
wolfSSL 107:b989df522437 225
wolfSSL 107:b989df522437 226 while(1) {
wolfSSL 107:b989df522437 227 if(net->connect() == 0)break;
wolfSSL 107:b989df522437 228 printf("Retry Init\n") ;
wolfSSL 107:b989df522437 229 }
wolfSSL 107:b989df522437 230
wolfSSL 107:b989df522437 231 net->get_ip_address(&a);
wolfSSL 107:b989df522437 232 printf("Client Addr: %s\n", a.get_ip_address() ? a.get_ip_address() : "None");
wolfSSL 107:b989df522437 233
wolfSSL 107:b989df522437 234 getline((char *)"Server Addr: ", server_addr, sizeof(server_addr)) ;
wolfSSL 107:b989df522437 235 getline((char *)"Server Port: ", server_port, sizeof(server_port)) ;
wolfSSL 107:b989df522437 236
wolfSSL 107:b989df522437 237 if (socket.open(net) != 0) {
wolfSSL 107:b989df522437 238 printf("Error! socket.open()\n");
wolfSSL 107:b989df522437 239 }
wolfSSL 107:b989df522437 240 port = atoi(server_port);
wolfSSL 107:b989df522437 241 while (socket.connect(server_addr, port) < 0) {
wolfSSL 107:b989df522437 242 printf("Unable to connect to (%s) on port (%s)\n", server_addr, server_port);
wolfSSL 107:b989df522437 243 wait(1.0);
wolfSSL 107:b989df522437 244 }
wolfSSL 107:b989df522437 245 printf("TCP Connected\n") ;
wolfSSL 107:b989df522437 246
wolfSSL 107:b989df522437 247 Security(&socket);
wolfSSL 107:b989df522437 248 return ;
wolfSSL 107:b989df522437 249 }
wolfSSL 107:b989df522437 250
wolfSSL 107:b989df522437 251 int main(void)
wolfSSL 107:b989df522437 252 {
wolfSSL 107:b989df522437 253 DigitalOut myled(LED1);
wolfSSL 107:b989df522437 254 #define STACK_SIZE 24000
wolfSSL 107:b989df522437 255 Thread t(net_main, NULL, osPriorityNormal, STACK_SIZE);
wolfSSL 107:b989df522437 256
wolfSSL 107:b989df522437 257 while(1){
wolfSSL 107:b989df522437 258 myled = 1;
wolfSSL 107:b989df522437 259 wait(0.5) ;
wolfSSL 107:b989df522437 260 myled = 0;
wolfSSL 107:b989df522437 261 wait(0.5) ;
wolfSSL 107:b989df522437 262 }
wolfSSL 107:b989df522437 263 }