wolf SSL / Mbed 2 deprecated Example-client-tls-cert

Example TLS client with wolfSSL, with cert

Dependencies:   EthernetInterface NTPClient SDFileSystem mbed-rtos mbed wolfSSL

client-tls.cpp@6:e636986882e8, 2015-07-24 (annotated)

Committer:
wolfSSL
Date:
Fri Jul 24 04:27:38 2015 +0000
Revision:
6:e636986882e8
Parent:
5:26b87ccd43d1 
retry eth.connect

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:ea20b58bf112 1 /* client-tcp.c
wolfSSL 0:ea20b58bf112 2 *
wolfSSL 0:ea20b58bf112 3 * Copyright (C) 2006-2015 wolfSSL Inc.
wolfSSL 0:ea20b58bf112 4 *
wolfSSL 0:ea20b58bf112 5 * This file is part of wolfSSL. (formerly known as CyaSSL)
wolfSSL 0:ea20b58bf112 6 *
wolfSSL 0:ea20b58bf112 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 0:ea20b58bf112 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:ea20b58bf112 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:ea20b58bf112 10 * (at your option) any later version.
wolfSSL 0:ea20b58bf112 11 *
wolfSSL 0:ea20b58bf112 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 0:ea20b58bf112 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:ea20b58bf112 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:ea20b58bf112 15 * GNU General Public License for more details.
wolfSSL 0:ea20b58bf112 16 *
wolfSSL 0:ea20b58bf112 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:ea20b58bf112 18 * along with this program; if not, write to the Free Software
wolfSSL 0:ea20b58bf112 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:ea20b58bf112 20 */
wolfSSL 0:ea20b58bf112 21
wolfSSL 0:ea20b58bf112 22 #include "mbed.h"
wolfSSL 0:ea20b58bf112 23 #include "EthernetInterface.h"
wolfSSL 5:26b87ccd43d1 24 #include "NTPClient.h"
wolfSSL 0:ea20b58bf112 25 #include <stdio.h>
wolfSSL 0:ea20b58bf112 26 #include <stdlib.h>
wolfSSL 0:ea20b58bf112 27 #include <string.h>
wolfSSL 2:53d82dd5e556 28 #include <wolfssl/ssl.h> /* wolfSSL security library */
wolfSSL 3:25d42ccf2f12 29 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 2:53d82dd5e556 30 #include <user_settings.h>
wolfSSL 0:ea20b58bf112 31
wolfSSL 0:ea20b58bf112 32 #define MAXDATASIZE (1024*4)
wolfSSL 0:ea20b58bf112 33
wolfSSL 5:26b87ccd43d1 34 #if defined(NO_FILESYSTEM)
wolfSSL 5:26b87ccd43d1 35 #define USE_CERT_BUFFERS_2048
wolfSSL 5:26b87ccd43d1 36 #include <wolfssl/certs_test.h>
wolfSSL 5:26b87ccd43d1 37 #else
wolfSSL 5:26b87ccd43d1 38 #include "SDFileSystem.h"
wolfSSL 5:26b87ccd43d1 39 SDFileSystem sdCard(PTE3, PTE1, PTE2, PTE4, "sd");
wolfSSL 5:26b87ccd43d1 40 const char* certFile = "/sd/ca-cert.pem";
wolfSSL 5:26b87ccd43d1 41 #endif
wolfSSL 5:26b87ccd43d1 42
wolfSSL 2:53d82dd5e556 43 static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock)
wolfSSL 2:53d82dd5e556 44 {
wolfSSL 2:53d82dd5e556 45 return ((TCPSocketConnection *)sock)->receive(buf, sz) ;
wolfSSL 2:53d82dd5e556 46 }
wolfSSL 2:53d82dd5e556 47
wolfSSL 2:53d82dd5e556 48 static int SocketSend(WOLFSSL* ssl, char *buf, int sz, void *sock)
wolfSSL 2:53d82dd5e556 49 {
wolfSSL 2:53d82dd5e556 50 return ((TCPSocketConnection *)sock)->send(buf, sz);
wolfSSL 2:53d82dd5e556 51 }
wolfSSL 2:53d82dd5e556 52
wolfSSL 0:ea20b58bf112 53 static int getline(char *prompt, char *buff, int size)
wolfSSL 0:ea20b58bf112 54 {
wolfSSL 0:ea20b58bf112 55 int sz ;
wolfSSL 0:ea20b58bf112 56
wolfSSL 0:ea20b58bf112 57 printf("%s", prompt) ;
wolfSSL 0:ea20b58bf112 58 for(sz = 0 ; (sz < size) && ((*buff = getchar()) != '\r'); sz++, buff++) {
wolfSSL 0:ea20b58bf112 59 putchar(*buff) ;
wolfSSL 0:ea20b58bf112 60 if(*buff == '\\') {
wolfSSL 0:ea20b58bf112 61 if(++sz >= size)break ;
wolfSSL 0:ea20b58bf112 62 *buff = getchar() ;
wolfSSL 0:ea20b58bf112 63 putchar(*buff) ;
wolfSSL 0:ea20b58bf112 64 switch(*buff) {
wolfSSL 0:ea20b58bf112 65 case 'n' :
wolfSSL 0:ea20b58bf112 66 *buff = '\n' ;
wolfSSL 0:ea20b58bf112 67 break ;
wolfSSL 0:ea20b58bf112 68 case 'r' :
wolfSSL 0:ea20b58bf112 69 *buff = '\r' ;
wolfSSL 0:ea20b58bf112 70 break ;
wolfSSL 0:ea20b58bf112 71 case 't' :
wolfSSL 0:ea20b58bf112 72 *buff = '\t' ;
wolfSSL 0:ea20b58bf112 73 break ;
wolfSSL 0:ea20b58bf112 74 case '\\':
wolfSSL 0:ea20b58bf112 75 *buff = '\\' ;
wolfSSL 0:ea20b58bf112 76 break ;
wolfSSL 0:ea20b58bf112 77 default:
wolfSSL 0:ea20b58bf112 78 buff[1] = buff[0] ;
wolfSSL 0:ea20b58bf112 79 buff[0] = '\\' ;
wolfSSL 0:ea20b58bf112 80 buff++ ;
wolfSSL 0:ea20b58bf112 81 }
wolfSSL 0:ea20b58bf112 82 } else if(*buff == '\b') {
wolfSSL 0:ea20b58bf112 83 if(sz >= 2) {
wolfSSL 0:ea20b58bf112 84 buff-=2 ;
wolfSSL 0:ea20b58bf112 85 sz-=2;
wolfSSL 0:ea20b58bf112 86 }
wolfSSL 0:ea20b58bf112 87 }
wolfSSL 0:ea20b58bf112 88 } ;
wolfSSL 0:ea20b58bf112 89 putchar('\n') ;
wolfSSL 0:ea20b58bf112 90 *buff = '\0' ;
wolfSSL 0:ea20b58bf112 91 return sz ;
wolfSSL 0:ea20b58bf112 92 }
wolfSSL 0:ea20b58bf112 93
wolfSSL 0:ea20b58bf112 94 /*
wolfSSL 0:ea20b58bf112 95 * clients initial contact with server. Socket to connect to: sock
wolfSSL 0:ea20b58bf112 96 */
wolfSSL 2:53d82dd5e556 97 int ClientGreet(TCPSocketConnection *socket, WOLFSSL *ssl)
wolfSSL 0:ea20b58bf112 98 {
wolfSSL 0:ea20b58bf112 99 /* data to send to the server, data recieved from the server */
wolfSSL 0:ea20b58bf112 100 char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
wolfSSL 0:ea20b58bf112 101 int ret ;
wolfSSL 0:ea20b58bf112 102
wolfSSL 0:ea20b58bf112 103 ret = getline("Message for server: ", sendBuff, MAXDATASIZE);
wolfSSL 0:ea20b58bf112 104 printf("Send[%d]:\n%s\n", ret, sendBuff) ;
wolfSSL 2:53d82dd5e556 105 if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) < 0) {
wolfSSL 2:53d82dd5e556 106 /* the message is not able to send, or error trying */
wolfSSL 2:53d82dd5e556 107 ret = wolfSSL_get_error(ssl, 0);
wolfSSL 3:25d42ccf2f12 108 printf("Write error[%d]\n", ret, wc_GetErrorString(ret));
wolfSSL 0:ea20b58bf112 109 return EXIT_FAILURE;
wolfSSL 0:ea20b58bf112 110 }
wolfSSL 0:ea20b58bf112 111 printf("Recieved:\n");
wolfSSL 0:ea20b58bf112 112 while(1) {
wolfSSL 3:25d42ccf2f12 113 if ((ret = wolfSSL_read(ssl, rcvBuff, sizeof(rcvBuff)-1)) < 0) {
wolfSSL 0:ea20b58bf112 114 if(ret == 0)break ;
wolfSSL 2:53d82dd5e556 115 /* the server failed to send data, or error trying */
wolfSSL 2:53d82dd5e556 116 ret = wolfSSL_get_error(ssl, 0);
wolfSSL 3:25d42ccf2f12 117 printf("Read error[%d], %s\n", ret, wc_GetErrorString(ret));
wolfSSL 0:ea20b58bf112 118 return EXIT_FAILURE;
wolfSSL 0:ea20b58bf112 119 }
wolfSSL 0:ea20b58bf112 120 rcvBuff[ret] = '\0' ;
wolfSSL 0:ea20b58bf112 121 printf("%s", rcvBuff);
wolfSSL 0:ea20b58bf112 122 if((rcvBuff[ret-3] == '\n')&&
wolfSSL 0:ea20b58bf112 123 (rcvBuff[ret-2] == '\n')&&
wolfSSL 0:ea20b58bf112 124 (rcvBuff[ret-1] == '\n'))break ;
wolfSSL 0:ea20b58bf112 125 }
wolfSSL 0:ea20b58bf112 126 return ret;
wolfSSL 0:ea20b58bf112 127 }
wolfSSL 0:ea20b58bf112 128
wolfSSL 2:53d82dd5e556 129
wolfSSL 2:53d82dd5e556 130 /*
wolfSSL 2:53d82dd5e556 131 * applies TLS 1.2 security layer to data being sent.
wolfSSL 2:53d82dd5e556 132 */
wolfSSL 2:53d82dd5e556 133 int Security(TCPSocketConnection *socket)
wolfSSL 2:53d82dd5e556 134 {
wolfSSL 2:53d82dd5e556 135 WOLFSSL_CTX* ctx;
wolfSSL 2:53d82dd5e556 136 WOLFSSL* ssl; /* create WOLFSSL object */
wolfSSL 2:53d82dd5e556 137 int ret = 0;
wolfSSL 2:53d82dd5e556 138
wolfSSL 2:53d82dd5e556 139 /* create and initiLize WOLFSSL_CTX structure */
wolfSSL 2:53d82dd5e556 140 if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
wolfSSL 2:53d82dd5e556 141 printf("SSL_CTX_new error.\n");
wolfSSL 2:53d82dd5e556 142 return EXIT_FAILURE;
wolfSSL 2:53d82dd5e556 143 }
wolfSSL 2:53d82dd5e556 144
wolfSSL 2:53d82dd5e556 145 wolfSSL_SetIORecv(ctx, SocketReceive) ;
wolfSSL 2:53d82dd5e556 146 wolfSSL_SetIOSend(ctx, SocketSend) ;
wolfSSL 2:53d82dd5e556 147
wolfSSL 5:26b87ccd43d1 148 #ifndef NO_FILESYSTEM
wolfSSL 5:26b87ccd43d1 149 if (wolfSSL_CTX_load_verify_locations(ctx, certFile,0) != SSL_SUCCESS)
wolfSSL 5:26b87ccd43d1 150 printf("can't load ca file\n");
wolfSSL 5:26b87ccd43d1 151 #else
wolfSSL 5:26b87ccd43d1 152 if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
wolfSSL 5:26b87ccd43d1 153 sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
wolfSSL 5:26b87ccd43d1 154 printf("can't load ca data");
wolfSSL 5:26b87ccd43d1 155 #endif
wolfSSL 5:26b87ccd43d1 156
wolfSSL 2:53d82dd5e556 157 if ((ssl = wolfSSL_new(ctx)) == NULL) {
wolfSSL 2:53d82dd5e556 158 printf("wolfSSL_new error.\n");
wolfSSL 2:53d82dd5e556 159 return EXIT_FAILURE;
wolfSSL 2:53d82dd5e556 160 }
wolfSSL 6:e636986882e8 161 wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
wolfSSL 2:53d82dd5e556 162 wolfSSL_SetIOReadCtx(ssl, (void *)socket) ;
wolfSSL 2:53d82dd5e556 163 wolfSSL_SetIOWriteCtx(ssl, (void *)socket) ;
wolfSSL 2:53d82dd5e556 164
wolfSSL 2:53d82dd5e556 165 ret = wolfSSL_connect(ssl);
wolfSSL 2:53d82dd5e556 166 if (ret == SSL_SUCCESS) {
wolfSSL 2:53d82dd5e556 167 printf("TLS Connected\n") ;
wolfSSL 2:53d82dd5e556 168 ret = ClientGreet(socket, ssl);
wolfSSL 2:53d82dd5e556 169 } else {
wolfSSL 2:53d82dd5e556 170 ret = wolfSSL_get_error(ssl, 0);
wolfSSL 3:25d42ccf2f12 171 printf("TLS Connect error[%d], %s\n", ret, wc_GetErrorString(ret));
wolfSSL 6:e636986882e8 172 return EXIT_FAILURE;
wolfSSL 2:53d82dd5e556 173 }
wolfSSL 2:53d82dd5e556 174 /* frees all data before client termination */
wolfSSL 2:53d82dd5e556 175 wolfSSL_free(ssl);
wolfSSL 2:53d82dd5e556 176 wolfSSL_CTX_free(ctx);
wolfSSL 2:53d82dd5e556 177 wolfSSL_Cleanup();
wolfSSL 2:53d82dd5e556 178
wolfSSL 2:53d82dd5e556 179 return ret;
wolfSSL 2:53d82dd5e556 180 }
wolfSSL 2:53d82dd5e556 181
wolfSSL 0:ea20b58bf112 182 /*
wolfSSL 0:ea20b58bf112 183 * command line argumentCount and argumentValues
wolfSSL 0:ea20b58bf112 184 */
wolfSSL 1:29638701a63a 185 void net_main(const void *av)
wolfSSL 0:ea20b58bf112 186 {
wolfSSL 1:29638701a63a 187 char server_addr[40] ;
wolfSSL 1:29638701a63a 188 char server_port[10] ;
wolfSSL 4:ebcf8e2d846a 189
wolfSSL 3:25d42ccf2f12 190 wolfSSL_Init(); /* initialize wolfSSL */
wolfSSL 3:25d42ccf2f12 191 /* wolfSSL_Debugging_ON(); */
wolfSSL 0:ea20b58bf112 192 EthernetInterface eth;
wolfSSL 0:ea20b58bf112 193 TCPSocketConnection socket;
wolfSSL 4:ebcf8e2d846a 194
wolfSSL 0:ea20b58bf112 195 eth.init(); //Use DHCP
wolfSSL 6:e636986882e8 196 while(1) {
wolfSSL 6:e636986882e8 197 if(eth.connect() == 0)break ;
wolfSSL 6:e636986882e8 198 printf("Retry\n") ;
wolfSSL 6:e636986882e8 199 }
wolfSSL 0:ea20b58bf112 200 printf("Client Addr: %s\n", eth.getIPAddress());
wolfSSL 0:ea20b58bf112 201
wolfSSL 5:26b87ccd43d1 202 NTPClient ntp;
wolfSSL 5:26b87ccd43d1 203 if(ntp.setTime("ntp.jst.mfeed.ad.jp") != 0){
wolfSSL 5:26b87ccd43d1 204 printf("NTP Error\n") ;
wolfSSL 5:26b87ccd43d1 205 return ;
wolfSSL 5:26b87ccd43d1 206 }
wolfSSL 5:26b87ccd43d1 207
wolfSSL 0:ea20b58bf112 208 getline("Server Addr: ", server_addr, sizeof(server_addr)) ;
wolfSSL 0:ea20b58bf112 209 getline("Server Port: ", server_port, sizeof(server_port)) ;
wolfSSL 0:ea20b58bf112 210
wolfSSL 0:ea20b58bf112 211 while (socket.connect(server_addr, atoi(server_port)) < 0) {
wolfSSL 3:25d42ccf2f12 212 printf("Unable to connect to (%s) on port (%s)\n", server_addr, server_port);
wolfSSL 4:ebcf8e2d846a 213 wait(1.0);
wolfSSL 0:ea20b58bf112 214 }
wolfSSL 0:ea20b58bf112 215 printf("TCP Connected\n") ;
wolfSSL 0:ea20b58bf112 216
wolfSSL 2:53d82dd5e556 217 Security(&socket);
wolfSSL 1:29638701a63a 218 return ;
wolfSSL 1:29638701a63a 219 }
wolfSSL 1:29638701a63a 220
wolfSSL 1:29638701a63a 221 int main(void)
wolfSSL 1:29638701a63a 222 {
wolfSSL 1:29638701a63a 223 #define STACK_SIZE 24000
wolfSSL 1:29638701a63a 224 Thread t(net_main, NULL, osPriorityNormal, STACK_SIZE);
wolfSSL 1:29638701a63a 225 while(1)wait(1.0) ;
wolfSSL 0:ea20b58bf112 226 }