wolf SSL
Example TLS client with wolfSSL, with cert
Dependencies: EthernetInterface NTPClient SDFileSystem mbed-rtos mbed wolfSSL
Diff: client-tls.cpp
- Revision:
- 2:53d82dd5e556
- Parent:
- 1:29638701a63a
- Child:
- 3:25d42ccf2f12
--- a/client-tls.cpp Mon Jul 20 08:30:39 2015 +0000
+++ b/client-tls.cpp Mon Jul 20 08:39:55 2015 +0000
@@ -21,12 +21,30 @@
#include "mbed.h"
#include "EthernetInterface.h"
+#include "SDFileSystem.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <wolfssl/ssl.h> /* wolfSSL security library */
+#include <user_settings.h>
#define MAXDATASIZE (1024*4)
+#ifndef WOLFSSL_NO_VERIFYSERVER
+SDFileSystem sdCard(PTE3, PTE1, PTE2, PTE4, "sd");
+const char* cert = "/sd/cert-file.crt";
+#endif
+
+static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock)
+{
+ return ((TCPSocketConnection *)sock)->receive(buf, sz) ;
+}
+
+static int SocketSend(WOLFSSL* ssl, char *buf, int sz, void *sock)
+{
+ return ((TCPSocketConnection *)sock)->send(buf, sz);
+}
+
static int getline(char *prompt, char *buff, int size)
{
int sz ;
@@ -71,7 +89,7 @@
/*
* clients initial contact with server. Socket to connect to: sock
*/
- int ClientGreet(TCPSocketConnection *socket)
+ int ClientGreet(TCPSocketConnection *socket, WOLFSSL *ssl)
{
/* data to send to the server, data recieved from the server */
char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
@@ -79,14 +97,18 @@
ret = getline("Message for server: ", sendBuff, MAXDATASIZE);
printf("Send[%d]:\n%s\n", ret, sendBuff) ;
- if ((ret = socket->send(sendBuff, strlen(sendBuff)-1)) < 0) {
- printf("Send error: %i", ret);
+ if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) < 0) {
+ /* the message is not able to send, or error trying */
+ ret = wolfSSL_get_error(ssl, 0);
+ printf("Write error: Error: %i\n", ret);
return EXIT_FAILURE;
}
printf("Recieved:\n");
while(1) {
- if ((ret = socket->receive(rcvBuff, sizeof(rcvBuff)-1)) < 0) {
+ if ((ret = wolfSSL_read(ssl, rcvBuff, sizeof(rcvBuff))) < 0) {
if(ret == 0)break ;
+ /* the server failed to send data, or error trying */
+ ret = wolfSSL_get_error(ssl, 0);
printf("Read error. Error: %i\n", ret);
return EXIT_FAILURE;
}
@@ -99,6 +121,51 @@
return ret;
}
+
+/*
+ * applies TLS 1.2 security layer to data being sent.
+ */
+int Security(TCPSocketConnection *socket)
+{
+ WOLFSSL_CTX* ctx;
+ WOLFSSL* ssl; /* create WOLFSSL object */
+ int ret = 0;
+
+ /* create and initiLize WOLFSSL_CTX structure */
+ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
+ printf("SSL_CTX_new error.\n");
+ return EXIT_FAILURE;
+ }
+
+ wolfSSL_SetIORecv(ctx, SocketReceive) ;
+ wolfSSL_SetIOSend(ctx, SocketSend) ;
+
+ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+
+ if ((ssl = wolfSSL_new(ctx)) == NULL) {
+ printf("wolfSSL_new error.\n");
+ return EXIT_FAILURE;
+ }
+
+ wolfSSL_SetIOReadCtx(ssl, (void *)socket) ;
+ wolfSSL_SetIOWriteCtx(ssl, (void *)socket) ;
+
+ ret = wolfSSL_connect(ssl);
+ if (ret == SSL_SUCCESS) {
+ printf("TLS Connected\n") ;
+ ret = ClientGreet(socket, ssl);
+ } else {
+ ret = wolfSSL_get_error(ssl, 0);
+ printf("TLS Connect error. Error: %i\n", ret);
+ }
+ /* frees all data before client termination */
+ wolfSSL_free(ssl);
+ wolfSSL_CTX_free(ctx);
+ wolfSSL_Cleanup();
+
+ return ret;
+}
+
/*
* command line argumentCount and argumentValues
*/
@@ -110,6 +177,7 @@
EthernetInterface eth;
TCPSocketConnection socket;
+ wolfSSL_Init(); /* initialize wolfSSL */
eth.init(); //Use DHCP
eth.connect();
printf("Client Addr: %s\n", eth.getIPAddress());
@@ -123,7 +191,7 @@
}
printf("TCP Connected\n") ;
- ClientGreet(&socket);
+ Security(&socket);
return ;
}