dtls_server.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425
  1. /*
  2. * Simple DTLS server demonstration program
  3. *
  4. * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
  5. * SPDX-License-Identifier: Apache-2.0
  6. *
  7. * Licensed under the Apache License, Version 2.0 (the "License"); you may
  8. * not use this file except in compliance with the License.
  9. * You may obtain a copy of the License at
  10. *
  11. * http://www.apache.org/licenses/LICENSE-2.0
  12. *
  13. * Unless required by applicable law or agreed to in writing, software
  14. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  15. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16. * See the License for the specific language governing permissions and
  17. * limitations under the License.
  18. *
  19. * This file is part of mbed TLS (https://tls.mbed.org)
  20. */
  21. #if !defined(MBEDTLS_CONFIG_FILE)
  22. #include "mbedtls/config.h"
  23. #else
  24. #include MBEDTLS_CONFIG_FILE
  25. #endif
  26. #if defined(MBEDTLS_PLATFORM_C)
  27. #include "mbedtls/platform.h"
  28. #else
  29. #include <stdio.h>
  30. #define mbedtls_printf printf
  31. #define mbedtls_fprintf fprintf
  32. #define mbedtls_time_t time_t
  33. #endif
  34. #if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
  35. !defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \
  36. !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
  37. !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
  38. !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
  39. !defined(MBEDTLS_TIMING_C)
  40. int main( void )
  41. {
  42. printf( "MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
  43. "MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
  44. "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
  45. "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
  46. "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
  47. "MBEDTLS_TIMING_C not defined.\n" );
  48. return( 0 );
  49. }
  50. #else
  51. #if defined(_WIN32)
  52. #include <windows.h>
  53. #endif
  54. #include <string.h>
  55. #include <stdlib.h>
  56. #include <stdio.h>
  57. #include "mbedtls/entropy.h"
  58. #include "mbedtls/ctr_drbg.h"
  59. #include "mbedtls/certs.h"
  60. #include "mbedtls/x509.h"
  61. #include "mbedtls/ssl.h"
  62. #include "mbedtls/ssl_cookie.h"
  63. #include "mbedtls/net_sockets.h"
  64. #include "mbedtls/error.h"
  65. #include "mbedtls/debug.h"
  66. #include "mbedtls/timing.h"
  67. #if defined(MBEDTLS_SSL_CACHE_C)
  68. #include "mbedtls/ssl_cache.h"
  69. #endif
  70. #define READ_TIMEOUT_MS 10000 /* 5 seconds */
  71. #define DEBUG_LEVEL 0
  72. static void my_debug( void *ctx, int level,
  73. const char *file, int line,
  74. const char *str )
  75. {
  76. ((void) level);
  77. mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
  78. fflush( (FILE *) ctx );
  79. }
  80. int main( void )
  81. {
  82. int ret, len;
  83. mbedtls_net_context listen_fd, client_fd;
  84. unsigned char buf[1024];
  85. const char *pers = "dtls_server";
  86. unsigned char client_ip[16] = { 0 };
  87. size_t cliip_len;
  88. mbedtls_ssl_cookie_ctx cookie_ctx;
  89. mbedtls_entropy_context entropy;
  90. mbedtls_ctr_drbg_context ctr_drbg;
  91. mbedtls_ssl_context ssl;
  92. mbedtls_ssl_config conf;
  93. mbedtls_x509_crt srvcert;
  94. mbedtls_pk_context pkey;
  95. mbedtls_timing_delay_context timer;
  96. #if defined(MBEDTLS_SSL_CACHE_C)
  97. mbedtls_ssl_cache_context cache;
  98. #endif
  99. mbedtls_net_init( &listen_fd );
  100. mbedtls_net_init( &client_fd );
  101. mbedtls_ssl_init( &ssl );
  102. mbedtls_ssl_config_init( &conf );
  103. mbedtls_ssl_cookie_init( &cookie_ctx );
  104. #if defined(MBEDTLS_SSL_CACHE_C)
  105. mbedtls_ssl_cache_init( &cache );
  106. #endif
  107. mbedtls_x509_crt_init( &srvcert );
  108. mbedtls_pk_init( &pkey );
  109. mbedtls_entropy_init( &entropy );
  110. mbedtls_ctr_drbg_init( &ctr_drbg );
  111. #if defined(MBEDTLS_DEBUG_C)
  112. mbedtls_debug_set_threshold( DEBUG_LEVEL );
  113. #endif
  114. /*
  115. * 1. Load the certificates and private RSA key
  116. */
  117. printf( "\n . Loading the server cert. and key..." );
  118. fflush( stdout );
  119. /*
  120. * This demonstration program uses embedded test certificates.
  121. * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
  122. * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
  123. */
  124. ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
  125. mbedtls_test_srv_crt_len );
  126. if( ret != 0 )
  127. {
  128. printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
  129. goto exit;
  130. }
  131. ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
  132. mbedtls_test_cas_pem_len );
  133. if( ret != 0 )
  134. {
  135. printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
  136. goto exit;
  137. }
  138. ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
  139. mbedtls_test_srv_key_len, NULL, 0 );
  140. if( ret != 0 )
  141. {
  142. printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
  143. goto exit;
  144. }
  145. printf( " ok\n" );
  146. /*
  147. * 2. Setup the "listening" UDP socket
  148. */
  149. printf( " . Bind on udp/*/4433 ..." );
  150. fflush( stdout );
  151. if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 )
  152. {
  153. printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
  154. goto exit;
  155. }
  156. printf( " ok\n" );
  157. /*
  158. * 3. Seed the RNG
  159. */
  160. printf( " . Seeding the random number generator..." );
  161. fflush( stdout );
  162. if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
  163. (const unsigned char *) pers,
  164. strlen( pers ) ) ) != 0 )
  165. {
  166. printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
  167. goto exit;
  168. }
  169. printf( " ok\n" );
  170. /*
  171. * 4. Setup stuff
  172. */
  173. printf( " . Setting up the DTLS data..." );
  174. fflush( stdout );
  175. if( ( ret = mbedtls_ssl_config_defaults( &conf,
  176. MBEDTLS_SSL_IS_SERVER,
  177. MBEDTLS_SSL_TRANSPORT_DATAGRAM,
  178. MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
  179. {
  180. mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
  181. goto exit;
  182. }
  183. mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
  184. mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
  185. #if defined(MBEDTLS_SSL_CACHE_C)
  186. mbedtls_ssl_conf_session_cache( &conf, &cache,
  187. mbedtls_ssl_cache_get,
  188. mbedtls_ssl_cache_set );
  189. #endif
  190. mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
  191. if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
  192. {
  193. printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
  194. goto exit;
  195. }
  196. if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
  197. mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
  198. {
  199. printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
  200. goto exit;
  201. }
  202. mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
  203. &cookie_ctx );
  204. if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
  205. {
  206. printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
  207. goto exit;
  208. }
  209. mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
  210. mbedtls_timing_get_delay );
  211. printf( " ok\n" );
  212. reset:
  213. #ifdef MBEDTLS_ERROR_C
  214. if( ret != 0 )
  215. {
  216. char error_buf[100];
  217. mbedtls_strerror( ret, error_buf, 100 );
  218. printf("Last error was: %d - %s\n\n", ret, error_buf );
  219. }
  220. #endif
  221. mbedtls_net_free( &client_fd );
  222. mbedtls_ssl_session_reset( &ssl );
  223. /*
  224. * 3. Wait until a client connects
  225. */
  226. printf( " . Waiting for a remote connection ..." );
  227. fflush( stdout );
  228. if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
  229. client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
  230. {
  231. printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
  232. goto exit;
  233. }
  234. /* For HelloVerifyRequest cookies */
  235. if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
  236. client_ip, cliip_len ) ) != 0 )
  237. {
  238. printf( " failed\n ! "
  239. "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret );
  240. goto exit;
  241. }
  242. mbedtls_ssl_set_bio( &ssl, &client_fd,
  243. mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
  244. printf( " ok\n" );
  245. /*
  246. * 5. Handshake
  247. */
  248. printf( " . Performing the DTLS handshake..." );
  249. fflush( stdout );
  250. do ret = mbedtls_ssl_handshake( &ssl );
  251. while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
  252. ret == MBEDTLS_ERR_SSL_WANT_WRITE );
  253. if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
  254. {
  255. printf( " hello verification requested\n" );
  256. ret = 0;
  257. goto reset;
  258. }
  259. else if( ret != 0 )
  260. {
  261. printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
  262. goto reset;
  263. }
  264. printf( " ok\n" );
  265. /*
  266. * 6. Read the echo Request
  267. */
  268. printf( " < Read from client:" );
  269. fflush( stdout );
  270. len = sizeof( buf ) - 1;
  271. memset( buf, 0, sizeof( buf ) );
  272. do ret = mbedtls_ssl_read( &ssl, buf, len );
  273. while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
  274. ret == MBEDTLS_ERR_SSL_WANT_WRITE );
  275. if( ret <= 0 )
  276. {
  277. switch( ret )
  278. {
  279. case MBEDTLS_ERR_SSL_TIMEOUT:
  280. printf( " timeout\n\n" );
  281. goto reset;
  282. case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
  283. printf( " connection was closed gracefully\n" );
  284. ret = 0;
  285. goto close_notify;
  286. default:
  287. printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret );
  288. goto reset;
  289. }
  290. }
  291. len = ret;
  292. printf( " %d bytes read\n\n%s\n\n", len, buf );
  293. /*
  294. * 7. Write the 200 Response
  295. */
  296. printf( " > Write to client:" );
  297. fflush( stdout );
  298. do ret = mbedtls_ssl_write( &ssl, buf, len );
  299. while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
  300. ret == MBEDTLS_ERR_SSL_WANT_WRITE );
  301. if( ret < 0 )
  302. {
  303. printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
  304. goto exit;
  305. }
  306. len = ret;
  307. printf( " %d bytes written\n\n%s\n\n", len, buf );
  308. /*
  309. * 8. Done, cleanly close the connection
  310. */
  311. close_notify:
  312. printf( " . Closing the connection..." );
  313. /* No error checking, the connection might be closed already */
  314. do ret = mbedtls_ssl_close_notify( &ssl );
  315. while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
  316. ret = 0;
  317. printf( " done\n" );
  318. goto reset;
  319. /*
  320. * Final clean-ups and exit
  321. */
  322. exit:
  323. #ifdef MBEDTLS_ERROR_C
  324. if( ret != 0 )
  325. {
  326. char error_buf[100];
  327. mbedtls_strerror( ret, error_buf, 100 );
  328. printf( "Last error was: %d - %s\n\n", ret, error_buf );
  329. }
  330. #endif
  331. mbedtls_net_free( &client_fd );
  332. mbedtls_net_free( &listen_fd );
  333. mbedtls_x509_crt_free( &srvcert );
  334. mbedtls_pk_free( &pkey );
  335. mbedtls_ssl_free( &ssl );
  336. mbedtls_ssl_config_free( &conf );
  337. mbedtls_ssl_cookie_free( &cookie_ctx );
  338. #if defined(MBEDTLS_SSL_CACHE_C)
  339. mbedtls_ssl_cache_free( &cache );
  340. #endif
  341. mbedtls_ctr_drbg_free( &ctr_drbg );
  342. mbedtls_entropy_free( &entropy );
  343. #if defined(_WIN32)
  344. printf( " Press Enter to exit this program.\n" );
  345. fflush( stdout ); getchar();
  346. #endif
  347. /* Shell can not handle large exit numbers -> 1 for errors */
  348. if( ret < 0 )
  349. ret = 1;
  350. return( ret );
  351. }
  352. #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
  353. MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
  354. MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C
  355. && MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */