dtls_server.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438
  1. /*
  2. * Simple DTLS server demonstration program
  3. *
  4. * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
  5. * SPDX-License-Identifier: Apache-2.0
  6. *
  7. * Licensed under the Apache License, Version 2.0 (the "License"); you may
  8. * not use this file except in compliance with the License.
  9. * You may obtain a copy of the License at
  10. *
  11. * http://www.apache.org/licenses/LICENSE-2.0
  12. *
  13. * Unless required by applicable law or agreed to in writing, software
  14. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  15. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16. * See the License for the specific language governing permissions and
  17. * limitations under the License.
  18. *
  19. * This file is part of mbed TLS (https://tls.mbed.org)
  20. */
  21. #if !defined(MBEDTLS_CONFIG_FILE)
  22. #include "mbedtls/config.h"
  23. #else
  24. #include MBEDTLS_CONFIG_FILE
  25. #endif
  26. #if defined(MBEDTLS_PLATFORM_C)
  27. #include "mbedtls/platform.h"
  28. #else
  29. #include <stdio.h>
  30. #define mbedtls_printf printf
  31. #define mbedtls_fprintf fprintf
  32. #define mbedtls_time_t time_t
  33. #define mbedtls_exit exit
  34. #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
  35. #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
  36. #endif
  37. /* Uncomment out the following line to default to IPv4 and disable IPv6 */
  38. //#define FORCE_IPV4
  39. #ifdef FORCE_IPV4
  40. #define BIND_IP "0.0.0.0" /* Forces IPv4 */
  41. #else
  42. #define BIND_IP "::"
  43. #endif
  44. #if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
  45. !defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \
  46. !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
  47. !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
  48. !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
  49. !defined(MBEDTLS_TIMING_C)
  50. int main( void )
  51. {
  52. printf( "MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
  53. "MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
  54. "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
  55. "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
  56. "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
  57. "MBEDTLS_TIMING_C not defined.\n" );
  58. return( 0 );
  59. }
  60. #else
  61. #if defined(_WIN32)
  62. #include <windows.h>
  63. #endif
  64. #include <string.h>
  65. #include <stdlib.h>
  66. #include <stdio.h>
  67. #include "mbedtls/entropy.h"
  68. #include "mbedtls/ctr_drbg.h"
  69. #include "mbedtls/certs.h"
  70. #include "mbedtls/x509.h"
  71. #include "mbedtls/ssl.h"
  72. #include "mbedtls/ssl_cookie.h"
  73. #include "mbedtls/net_sockets.h"
  74. #include "mbedtls/error.h"
  75. #include "mbedtls/debug.h"
  76. #include "mbedtls/timing.h"
  77. #if defined(MBEDTLS_SSL_CACHE_C)
  78. #include "mbedtls/ssl_cache.h"
  79. #endif
  80. #define READ_TIMEOUT_MS 10000 /* 5 seconds */
  81. #define DEBUG_LEVEL 0
  82. static void my_debug( void *ctx, int level,
  83. const char *file, int line,
  84. const char *str )
  85. {
  86. ((void) level);
  87. mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
  88. fflush( (FILE *) ctx );
  89. }
  90. int main( void )
  91. {
  92. int ret, len;
  93. mbedtls_net_context listen_fd, client_fd;
  94. unsigned char buf[1024];
  95. const char *pers = "dtls_server";
  96. unsigned char client_ip[16] = { 0 };
  97. size_t cliip_len;
  98. mbedtls_ssl_cookie_ctx cookie_ctx;
  99. mbedtls_entropy_context entropy;
  100. mbedtls_ctr_drbg_context ctr_drbg;
  101. mbedtls_ssl_context ssl;
  102. mbedtls_ssl_config conf;
  103. mbedtls_x509_crt srvcert;
  104. mbedtls_pk_context pkey;
  105. mbedtls_timing_delay_context timer;
  106. #if defined(MBEDTLS_SSL_CACHE_C)
  107. mbedtls_ssl_cache_context cache;
  108. #endif
  109. mbedtls_net_init( &listen_fd );
  110. mbedtls_net_init( &client_fd );
  111. mbedtls_ssl_init( &ssl );
  112. mbedtls_ssl_config_init( &conf );
  113. mbedtls_ssl_cookie_init( &cookie_ctx );
  114. #if defined(MBEDTLS_SSL_CACHE_C)
  115. mbedtls_ssl_cache_init( &cache );
  116. #endif
  117. mbedtls_x509_crt_init( &srvcert );
  118. mbedtls_pk_init( &pkey );
  119. mbedtls_entropy_init( &entropy );
  120. mbedtls_ctr_drbg_init( &ctr_drbg );
  121. #if defined(MBEDTLS_DEBUG_C)
  122. mbedtls_debug_set_threshold( DEBUG_LEVEL );
  123. #endif
  124. /*
  125. * 1. Load the certificates and private RSA key
  126. */
  127. printf( "\n . Loading the server cert. and key..." );
  128. fflush( stdout );
  129. /*
  130. * This demonstration program uses embedded test certificates.
  131. * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
  132. * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
  133. */
  134. ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
  135. mbedtls_test_srv_crt_len );
  136. if( ret != 0 )
  137. {
  138. printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
  139. goto exit;
  140. }
  141. ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
  142. mbedtls_test_cas_pem_len );
  143. if( ret != 0 )
  144. {
  145. printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
  146. goto exit;
  147. }
  148. ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
  149. mbedtls_test_srv_key_len, NULL, 0 );
  150. if( ret != 0 )
  151. {
  152. printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
  153. goto exit;
  154. }
  155. printf( " ok\n" );
  156. /*
  157. * 2. Setup the "listening" UDP socket
  158. */
  159. printf( " . Bind on udp/*/4433 ..." );
  160. fflush( stdout );
  161. if( ( ret = mbedtls_net_bind( &listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 )
  162. {
  163. printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
  164. goto exit;
  165. }
  166. printf( " ok\n" );
  167. /*
  168. * 3. Seed the RNG
  169. */
  170. printf( " . Seeding the random number generator..." );
  171. fflush( stdout );
  172. if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
  173. (const unsigned char *) pers,
  174. strlen( pers ) ) ) != 0 )
  175. {
  176. printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
  177. goto exit;
  178. }
  179. printf( " ok\n" );
  180. /*
  181. * 4. Setup stuff
  182. */
  183. printf( " . Setting up the DTLS data..." );
  184. fflush( stdout );
  185. if( ( ret = mbedtls_ssl_config_defaults( &conf,
  186. MBEDTLS_SSL_IS_SERVER,
  187. MBEDTLS_SSL_TRANSPORT_DATAGRAM,
  188. MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
  189. {
  190. mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
  191. goto exit;
  192. }
  193. mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
  194. mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
  195. #if defined(MBEDTLS_SSL_CACHE_C)
  196. mbedtls_ssl_conf_session_cache( &conf, &cache,
  197. mbedtls_ssl_cache_get,
  198. mbedtls_ssl_cache_set );
  199. #endif
  200. mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
  201. if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
  202. {
  203. printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
  204. goto exit;
  205. }
  206. if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
  207. mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
  208. {
  209. printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
  210. goto exit;
  211. }
  212. mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
  213. &cookie_ctx );
  214. if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
  215. {
  216. printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
  217. goto exit;
  218. }
  219. mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
  220. mbedtls_timing_get_delay );
  221. printf( " ok\n" );
  222. reset:
  223. #ifdef MBEDTLS_ERROR_C
  224. if( ret != 0 )
  225. {
  226. char error_buf[100];
  227. mbedtls_strerror( ret, error_buf, 100 );
  228. printf("Last error was: %d - %s\n\n", ret, error_buf );
  229. }
  230. #endif
  231. mbedtls_net_free( &client_fd );
  232. mbedtls_ssl_session_reset( &ssl );
  233. /*
  234. * 3. Wait until a client connects
  235. */
  236. printf( " . Waiting for a remote connection ..." );
  237. fflush( stdout );
  238. if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
  239. client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
  240. {
  241. printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
  242. goto exit;
  243. }
  244. /* For HelloVerifyRequest cookies */
  245. if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
  246. client_ip, cliip_len ) ) != 0 )
  247. {
  248. printf( " failed\n ! "
  249. "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret );
  250. goto exit;
  251. }
  252. mbedtls_ssl_set_bio( &ssl, &client_fd,
  253. mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
  254. printf( " ok\n" );
  255. /*
  256. * 5. Handshake
  257. */
  258. printf( " . Performing the DTLS handshake..." );
  259. fflush( stdout );
  260. do ret = mbedtls_ssl_handshake( &ssl );
  261. while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
  262. ret == MBEDTLS_ERR_SSL_WANT_WRITE );
  263. if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
  264. {
  265. printf( " hello verification requested\n" );
  266. ret = 0;
  267. goto reset;
  268. }
  269. else if( ret != 0 )
  270. {
  271. printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
  272. goto reset;
  273. }
  274. printf( " ok\n" );
  275. /*
  276. * 6. Read the echo Request
  277. */
  278. printf( " < Read from client:" );
  279. fflush( stdout );
  280. len = sizeof( buf ) - 1;
  281. memset( buf, 0, sizeof( buf ) );
  282. do ret = mbedtls_ssl_read( &ssl, buf, len );
  283. while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
  284. ret == MBEDTLS_ERR_SSL_WANT_WRITE );
  285. if( ret <= 0 )
  286. {
  287. switch( ret )
  288. {
  289. case MBEDTLS_ERR_SSL_TIMEOUT:
  290. printf( " timeout\n\n" );
  291. goto reset;
  292. case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
  293. printf( " connection was closed gracefully\n" );
  294. ret = 0;
  295. goto close_notify;
  296. default:
  297. printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret );
  298. goto reset;
  299. }
  300. }
  301. len = ret;
  302. printf( " %d bytes read\n\n%s\n\n", len, buf );
  303. /*
  304. * 7. Write the 200 Response
  305. */
  306. printf( " > Write to client:" );
  307. fflush( stdout );
  308. do ret = mbedtls_ssl_write( &ssl, buf, len );
  309. while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
  310. ret == MBEDTLS_ERR_SSL_WANT_WRITE );
  311. if( ret < 0 )
  312. {
  313. printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
  314. goto exit;
  315. }
  316. len = ret;
  317. printf( " %d bytes written\n\n%s\n\n", len, buf );
  318. /*
  319. * 8. Done, cleanly close the connection
  320. */
  321. close_notify:
  322. printf( " . Closing the connection..." );
  323. /* No error checking, the connection might be closed already */
  324. do ret = mbedtls_ssl_close_notify( &ssl );
  325. while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
  326. ret = 0;
  327. printf( " done\n" );
  328. goto reset;
  329. /*
  330. * Final clean-ups and exit
  331. */
  332. exit:
  333. #ifdef MBEDTLS_ERROR_C
  334. if( ret != 0 )
  335. {
  336. char error_buf[100];
  337. mbedtls_strerror( ret, error_buf, 100 );
  338. printf( "Last error was: %d - %s\n\n", ret, error_buf );
  339. }
  340. #endif
  341. mbedtls_net_free( &client_fd );
  342. mbedtls_net_free( &listen_fd );
  343. mbedtls_x509_crt_free( &srvcert );
  344. mbedtls_pk_free( &pkey );
  345. mbedtls_ssl_free( &ssl );
  346. mbedtls_ssl_config_free( &conf );
  347. mbedtls_ssl_cookie_free( &cookie_ctx );
  348. #if defined(MBEDTLS_SSL_CACHE_C)
  349. mbedtls_ssl_cache_free( &cache );
  350. #endif
  351. mbedtls_ctr_drbg_free( &ctr_drbg );
  352. mbedtls_entropy_free( &entropy );
  353. #if defined(_WIN32)
  354. printf( " Press Enter to exit this program.\n" );
  355. fflush( stdout ); getchar();
  356. #endif
  357. /* Shell can not handle large exit numbers -> 1 for errors */
  358. if( ret < 0 )
  359. ret = 1;
  360. return( ret );
  361. }
  362. #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
  363. MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
  364. MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C
  365. && MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */