wolf SSL / Mbed 2 deprecated Example-client-tls-cert

Example TLS client with wolfSSL, with cert

Dependencies:   EthernetInterface NTPClient SDFileSystem mbed-rtos mbed wolfSSL

client-tls.cpp@3:25d42ccf2f12, 2015-07-21 (annotated)

Committer:
wolfSSL
Date:
Tue Jul 21 11:38:01 2015 +0000
Revision:
3:25d42ccf2f12
Parent:
2:53d82dd5e556
Child:
4:ebcf8e2d846a
Server varidation

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:ea20b58bf112 1 /* client-tcp.c
wolfSSL 0:ea20b58bf112 2 *
wolfSSL 0:ea20b58bf112 3 * Copyright (C) 2006-2015 wolfSSL Inc.
wolfSSL 0:ea20b58bf112 4 *
wolfSSL 0:ea20b58bf112 5 * This file is part of wolfSSL. (formerly known as CyaSSL)
wolfSSL 0:ea20b58bf112 6 *
wolfSSL 0:ea20b58bf112 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 0:ea20b58bf112 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:ea20b58bf112 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:ea20b58bf112 10 * (at your option) any later version.
wolfSSL 0:ea20b58bf112 11 *
wolfSSL 0:ea20b58bf112 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 0:ea20b58bf112 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:ea20b58bf112 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:ea20b58bf112 15 * GNU General Public License for more details.
wolfSSL 0:ea20b58bf112 16 *
wolfSSL 0:ea20b58bf112 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:ea20b58bf112 18 * along with this program; if not, write to the Free Software
wolfSSL 0:ea20b58bf112 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:ea20b58bf112 20 */
wolfSSL 0:ea20b58bf112 21
wolfSSL 0:ea20b58bf112 22 #include "mbed.h"
wolfSSL 0:ea20b58bf112 23 #include "EthernetInterface.h"
wolfSSL 3:25d42ccf2f12 24 #include "NTPClient.h"
wolfSSL 2:53d82dd5e556 25 #include "SDFileSystem.h"
wolfSSL 0:ea20b58bf112 26 #include <stdio.h>
wolfSSL 0:ea20b58bf112 27 #include <stdlib.h>
wolfSSL 0:ea20b58bf112 28 #include <string.h>
wolfSSL 2:53d82dd5e556 29 #include <wolfssl/ssl.h> /* wolfSSL security library */
wolfSSL 3:25d42ccf2f12 30 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 2:53d82dd5e556 31 #include <user_settings.h>
wolfSSL 0:ea20b58bf112 32
wolfSSL 0:ea20b58bf112 33 #define MAXDATASIZE (1024*4)
wolfSSL 0:ea20b58bf112 34
wolfSSL 3:25d42ccf2f12 35 #if !defined(WOLFSSL_NO_VERIFYSERVER)
wolfSSL 3:25d42ccf2f12 36 #if defined(NO_FILESYSTEM)
wolfSSL 3:25d42ccf2f12 37 #define USE_CERT_BUFFERS_2048
wolfSSL 3:25d42ccf2f12 38 #include <wolfssl/certs_test.h>
wolfSSL 3:25d42ccf2f12 39 #else
wolfSSL 3:25d42ccf2f12 40 SDFileSystem sdCard(PTE3, PTE1, PTE2, PTE4, "sd");
wolfSSL 3:25d42ccf2f12 41 const char* certFile = "/sd/ca-cert.pem";
wolfSSL 3:25d42ccf2f12 42 #endif
wolfSSL 2:53d82dd5e556 43 #endif
wolfSSL 2:53d82dd5e556 44
wolfSSL 2:53d82dd5e556 45 static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock)
wolfSSL 2:53d82dd5e556 46 {
wolfSSL 2:53d82dd5e556 47 return ((TCPSocketConnection *)sock)->receive(buf, sz) ;
wolfSSL 2:53d82dd5e556 48 }
wolfSSL 2:53d82dd5e556 49
wolfSSL 2:53d82dd5e556 50 static int SocketSend(WOLFSSL* ssl, char *buf, int sz, void *sock)
wolfSSL 2:53d82dd5e556 51 {
wolfSSL 2:53d82dd5e556 52 return ((TCPSocketConnection *)sock)->send(buf, sz);
wolfSSL 2:53d82dd5e556 53 }
wolfSSL 2:53d82dd5e556 54
wolfSSL 0:ea20b58bf112 55 static int getline(char *prompt, char *buff, int size)
wolfSSL 0:ea20b58bf112 56 {
wolfSSL 0:ea20b58bf112 57 int sz ;
wolfSSL 0:ea20b58bf112 58
wolfSSL 0:ea20b58bf112 59 printf("%s", prompt) ;
wolfSSL 0:ea20b58bf112 60 for(sz = 0 ; (sz < size) && ((*buff = getchar()) != '\r'); sz++, buff++) {
wolfSSL 0:ea20b58bf112 61 putchar(*buff) ;
wolfSSL 0:ea20b58bf112 62 if(*buff == '\\') {
wolfSSL 0:ea20b58bf112 63 if(++sz >= size)break ;
wolfSSL 0:ea20b58bf112 64 *buff = getchar() ;
wolfSSL 0:ea20b58bf112 65 putchar(*buff) ;
wolfSSL 0:ea20b58bf112 66 switch(*buff) {
wolfSSL 0:ea20b58bf112 67 case 'n' :
wolfSSL 0:ea20b58bf112 68 *buff = '\n' ;
wolfSSL 0:ea20b58bf112 69 break ;
wolfSSL 0:ea20b58bf112 70 case 'r' :
wolfSSL 0:ea20b58bf112 71 *buff = '\r' ;
wolfSSL 0:ea20b58bf112 72 break ;
wolfSSL 0:ea20b58bf112 73 case 't' :
wolfSSL 0:ea20b58bf112 74 *buff = '\t' ;
wolfSSL 0:ea20b58bf112 75 break ;
wolfSSL 0:ea20b58bf112 76 case '\\':
wolfSSL 0:ea20b58bf112 77 *buff = '\\' ;
wolfSSL 0:ea20b58bf112 78 break ;
wolfSSL 0:ea20b58bf112 79 default:
wolfSSL 0:ea20b58bf112 80 buff[1] = buff[0] ;
wolfSSL 0:ea20b58bf112 81 buff[0] = '\\' ;
wolfSSL 0:ea20b58bf112 82 buff++ ;
wolfSSL 0:ea20b58bf112 83 }
wolfSSL 0:ea20b58bf112 84 } else if(*buff == '\b') {
wolfSSL 0:ea20b58bf112 85 if(sz >= 2) {
wolfSSL 0:ea20b58bf112 86 buff-=2 ;
wolfSSL 0:ea20b58bf112 87 sz-=2;
wolfSSL 0:ea20b58bf112 88 }
wolfSSL 0:ea20b58bf112 89 }
wolfSSL 0:ea20b58bf112 90 } ;
wolfSSL 0:ea20b58bf112 91 putchar('\n') ;
wolfSSL 0:ea20b58bf112 92 *buff = '\0' ;
wolfSSL 0:ea20b58bf112 93 return sz ;
wolfSSL 0:ea20b58bf112 94 }
wolfSSL 0:ea20b58bf112 95
wolfSSL 0:ea20b58bf112 96 /*
wolfSSL 0:ea20b58bf112 97 * clients initial contact with server. Socket to connect to: sock
wolfSSL 0:ea20b58bf112 98 */
wolfSSL 2:53d82dd5e556 99 int ClientGreet(TCPSocketConnection *socket, WOLFSSL *ssl)
wolfSSL 0:ea20b58bf112 100 {
wolfSSL 0:ea20b58bf112 101 /* data to send to the server, data recieved from the server */
wolfSSL 0:ea20b58bf112 102 char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
wolfSSL 0:ea20b58bf112 103 int ret ;
wolfSSL 0:ea20b58bf112 104
wolfSSL 0:ea20b58bf112 105 ret = getline("Message for server: ", sendBuff, MAXDATASIZE);
wolfSSL 0:ea20b58bf112 106 printf("Send[%d]:\n%s\n", ret, sendBuff) ;
wolfSSL 2:53d82dd5e556 107 if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) < 0) {
wolfSSL 2:53d82dd5e556 108 /* the message is not able to send, or error trying */
wolfSSL 2:53d82dd5e556 109 ret = wolfSSL_get_error(ssl, 0);
wolfSSL 3:25d42ccf2f12 110 printf("Write error[%d]\n", ret, wc_GetErrorString(ret));
wolfSSL 0:ea20b58bf112 111 return EXIT_FAILURE;
wolfSSL 0:ea20b58bf112 112 }
wolfSSL 0:ea20b58bf112 113 printf("Recieved:\n");
wolfSSL 0:ea20b58bf112 114 while(1) {
wolfSSL 3:25d42ccf2f12 115 if ((ret = wolfSSL_read(ssl, rcvBuff, sizeof(rcvBuff)-1)) < 0) {
wolfSSL 0:ea20b58bf112 116 if(ret == 0)break ;
wolfSSL 2:53d82dd5e556 117 /* the server failed to send data, or error trying */
wolfSSL 2:53d82dd5e556 118 ret = wolfSSL_get_error(ssl, 0);
wolfSSL 3:25d42ccf2f12 119 printf("Read error[%d], %s\n", ret, wc_GetErrorString(ret));
wolfSSL 0:ea20b58bf112 120 return EXIT_FAILURE;
wolfSSL 0:ea20b58bf112 121 }
wolfSSL 0:ea20b58bf112 122 rcvBuff[ret] = '\0' ;
wolfSSL 0:ea20b58bf112 123 printf("%s", rcvBuff);
wolfSSL 0:ea20b58bf112 124 if((rcvBuff[ret-3] == '\n')&&
wolfSSL 0:ea20b58bf112 125 (rcvBuff[ret-2] == '\n')&&
wolfSSL 0:ea20b58bf112 126 (rcvBuff[ret-1] == '\n'))break ;
wolfSSL 0:ea20b58bf112 127 }
wolfSSL 0:ea20b58bf112 128 return ret;
wolfSSL 0:ea20b58bf112 129 }
wolfSSL 0:ea20b58bf112 130
wolfSSL 2:53d82dd5e556 131
wolfSSL 2:53d82dd5e556 132 /*
wolfSSL 2:53d82dd5e556 133 * applies TLS 1.2 security layer to data being sent.
wolfSSL 2:53d82dd5e556 134 */
wolfSSL 2:53d82dd5e556 135 int Security(TCPSocketConnection *socket)
wolfSSL 2:53d82dd5e556 136 {
wolfSSL 2:53d82dd5e556 137 WOLFSSL_CTX* ctx;
wolfSSL 2:53d82dd5e556 138 WOLFSSL* ssl; /* create WOLFSSL object */
wolfSSL 2:53d82dd5e556 139 int ret = 0;
wolfSSL 2:53d82dd5e556 140
wolfSSL 2:53d82dd5e556 141 /* create and initiLize WOLFSSL_CTX structure */
wolfSSL 2:53d82dd5e556 142 if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
wolfSSL 2:53d82dd5e556 143 printf("SSL_CTX_new error.\n");
wolfSSL 2:53d82dd5e556 144 return EXIT_FAILURE;
wolfSSL 2:53d82dd5e556 145 }
wolfSSL 2:53d82dd5e556 146
wolfSSL 2:53d82dd5e556 147 wolfSSL_SetIORecv(ctx, SocketReceive) ;
wolfSSL 2:53d82dd5e556 148 wolfSSL_SetIOSend(ctx, SocketSend) ;
wolfSSL 2:53d82dd5e556 149
wolfSSL 3:25d42ccf2f12 150 #ifdef WOLFSSL_NO_VERIFYSERVER
wolfSSL 2:53d82dd5e556 151 wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
wolfSSL 3:25d42ccf2f12 152 #else
wolfSSL 3:25d42ccf2f12 153 #ifndef NO_FILESYSTEM
wolfSSL 3:25d42ccf2f12 154 if (wolfSSL_CTX_load_verify_locations(ctx, certFile,0) != SSL_SUCCESS)
wolfSSL 3:25d42ccf2f12 155 printf("can't load ca file\n");
wolfSSL 3:25d42ccf2f12 156 #else
wolfSSL 3:25d42ccf2f12 157 if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
wolfSSL 3:25d42ccf2f12 158 sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
wolfSSL 3:25d42ccf2f12 159 printf("can't load ca data");
wolfSSL 3:25d42ccf2f12 160 #endif
wolfSSL 3:25d42ccf2f12 161 #endif
wolfSSL 2:53d82dd5e556 162
wolfSSL 2:53d82dd5e556 163 if ((ssl = wolfSSL_new(ctx)) == NULL) {
wolfSSL 2:53d82dd5e556 164 printf("wolfSSL_new error.\n");
wolfSSL 2:53d82dd5e556 165 return EXIT_FAILURE;
wolfSSL 2:53d82dd5e556 166 }
wolfSSL 2:53d82dd5e556 167
wolfSSL 2:53d82dd5e556 168 wolfSSL_SetIOReadCtx(ssl, (void *)socket) ;
wolfSSL 2:53d82dd5e556 169 wolfSSL_SetIOWriteCtx(ssl, (void *)socket) ;
wolfSSL 2:53d82dd5e556 170
wolfSSL 2:53d82dd5e556 171 ret = wolfSSL_connect(ssl);
wolfSSL 2:53d82dd5e556 172 if (ret == SSL_SUCCESS) {
wolfSSL 2:53d82dd5e556 173 printf("TLS Connected\n") ;
wolfSSL 2:53d82dd5e556 174 ret = ClientGreet(socket, ssl);
wolfSSL 2:53d82dd5e556 175 } else {
wolfSSL 2:53d82dd5e556 176 ret = wolfSSL_get_error(ssl, 0);
wolfSSL 3:25d42ccf2f12 177 printf("TLS Connect error[%d], %s\n", ret, wc_GetErrorString(ret));
wolfSSL 2:53d82dd5e556 178 }
wolfSSL 2:53d82dd5e556 179 /* frees all data before client termination */
wolfSSL 2:53d82dd5e556 180 wolfSSL_free(ssl);
wolfSSL 2:53d82dd5e556 181 wolfSSL_CTX_free(ctx);
wolfSSL 2:53d82dd5e556 182 wolfSSL_Cleanup();
wolfSSL 2:53d82dd5e556 183
wolfSSL 2:53d82dd5e556 184 return ret;
wolfSSL 2:53d82dd5e556 185 }
wolfSSL 2:53d82dd5e556 186
wolfSSL 0:ea20b58bf112 187 /*
wolfSSL 0:ea20b58bf112 188 * command line argumentCount and argumentValues
wolfSSL 0:ea20b58bf112 189 */
wolfSSL 1:29638701a63a 190 void net_main(const void *av)
wolfSSL 0:ea20b58bf112 191 {
wolfSSL 1:29638701a63a 192 char server_addr[40] ;
wolfSSL 1:29638701a63a 193 char server_port[10] ;
wolfSSL 3:25d42ccf2f12 194
wolfSSL 3:25d42ccf2f12 195 wolfSSL_Init(); /* initialize wolfSSL */
wolfSSL 3:25d42ccf2f12 196 /* wolfSSL_Debugging_ON(); */
wolfSSL 0:ea20b58bf112 197 EthernetInterface eth;
wolfSSL 0:ea20b58bf112 198 TCPSocketConnection socket;
wolfSSL 0:ea20b58bf112 199 eth.init(); //Use DHCP
wolfSSL 0:ea20b58bf112 200 eth.connect();
wolfSSL 0:ea20b58bf112 201 printf("Client Addr: %s\n", eth.getIPAddress());
wolfSSL 0:ea20b58bf112 202
wolfSSL 3:25d42ccf2f12 203 #ifndef WOLFSSL_NO_VERIFYSERVER
wolfSSL 3:25d42ccf2f12 204 NTPClient ntp;
wolfSSL 3:25d42ccf2f12 205 if(ntp.setTime("ntp.jst.mfeed.ad.jp") != 0){
wolfSSL 3:25d42ccf2f12 206 printf("NTP Error\n") ;
wolfSSL 3:25d42ccf2f12 207 return ;
wolfSSL 3:25d42ccf2f12 208 }
wolfSSL 3:25d42ccf2f12 209 #endif
wolfSSL 3:25d42ccf2f12 210
wolfSSL 0:ea20b58bf112 211 getline("Server Addr: ", server_addr, sizeof(server_addr)) ;
wolfSSL 0:ea20b58bf112 212 getline("Server Port: ", server_port, sizeof(server_port)) ;
wolfSSL 0:ea20b58bf112 213
wolfSSL 0:ea20b58bf112 214 while (socket.connect(server_addr, atoi(server_port)) < 0) {
wolfSSL 3:25d42ccf2f12 215 printf("Unable to connect to (%s) on port (%s)\n", server_addr, server_port);
wolfSSL 3:25d42ccf2f12 216 wait(1.0) ;
wolfSSL 0:ea20b58bf112 217 }
wolfSSL 0:ea20b58bf112 218 printf("TCP Connected\n") ;
wolfSSL 0:ea20b58bf112 219
wolfSSL 2:53d82dd5e556 220 Security(&socket);
wolfSSL 1:29638701a63a 221 return ;
wolfSSL 1:29638701a63a 222 }
wolfSSL 1:29638701a63a 223
wolfSSL 1:29638701a63a 224 int main(void)
wolfSSL 1:29638701a63a 225 {
wolfSSL 1:29638701a63a 226 #define STACK_SIZE 24000
wolfSSL 1:29638701a63a 227 Thread t(net_main, NULL, osPriorityNormal, STACK_SIZE);
wolfSSL 1:29638701a63a 228 while(1)wait(1.0) ;
wolfSSL 0:ea20b58bf112 229 }