ssl_server.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405
  1. /*
  2. * SSL server demonstration program
  3. *
  4. * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
  5. * SPDX-License-Identifier: Apache-2.0
  6. *
  7. * Licensed under the Apache License, Version 2.0 (the "License"); you may
  8. * not use this file except in compliance with the License.
  9. * You may obtain a copy of the License at
  10. *
  11. * http://www.apache.org/licenses/LICENSE-2.0
  12. *
  13. * Unless required by applicable law or agreed to in writing, software
  14. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  15. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16. * See the License for the specific language governing permissions and
  17. * limitations under the License.
  18. *
  19. * This file is part of mbed TLS (https://tls.mbed.org)
  20. */
  21. #if !defined(MBEDTLS_CONFIG_FILE)
  22. #include "mbedtls/config.h"
  23. #else
  24. #include MBEDTLS_CONFIG_FILE
  25. #endif
  26. #if defined(MBEDTLS_PLATFORM_C)
  27. #include "mbedtls/platform.h"
  28. #else
  29. #include <stdio.h>
  30. #include <stdlib.h>
  31. #define mbedtls_time time
  32. #define mbedtls_time_t time_t
  33. #define mbedtls_fprintf fprintf
  34. #define mbedtls_printf printf
  35. #define mbedtls_exit exit
  36. #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
  37. #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
  38. #endif
  39. #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
  40. !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
  41. !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
  42. !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
  43. !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
  44. !defined(MBEDTLS_PEM_PARSE_C)
  45. int main( void )
  46. {
  47. mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
  48. "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
  49. "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
  50. "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
  51. "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
  52. return( 0 );
  53. }
  54. #else
  55. #include <stdlib.h>
  56. #include <string.h>
  57. #if defined(_WIN32)
  58. #include <windows.h>
  59. #endif
  60. #include "mbedtls/entropy.h"
  61. #include "mbedtls/ctr_drbg.h"
  62. #include "mbedtls/certs.h"
  63. #include "mbedtls/x509.h"
  64. #include "mbedtls/ssl.h"
  65. #include "mbedtls/net_sockets.h"
  66. #include "mbedtls/error.h"
  67. #include "mbedtls/debug.h"
  68. #if defined(MBEDTLS_SSL_CACHE_C)
  69. #include "mbedtls/ssl_cache.h"
  70. #endif
  71. #define HTTP_RESPONSE \
  72. "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
  73. "<h2>mbed TLS Test Server</h2>\r\n" \
  74. "<p>Successful connection using: %s</p>\r\n"
  75. #define DEBUG_LEVEL 0
  76. static void my_debug( void *ctx, int level,
  77. const char *file, int line,
  78. const char *str )
  79. {
  80. ((void) level);
  81. mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
  82. fflush( (FILE *) ctx );
  83. }
  84. int main( void )
  85. {
  86. int ret, len;
  87. mbedtls_net_context listen_fd, client_fd;
  88. unsigned char buf[1024];
  89. const char *pers = "ssl_server";
  90. mbedtls_entropy_context entropy;
  91. mbedtls_ctr_drbg_context ctr_drbg;
  92. mbedtls_ssl_context ssl;
  93. mbedtls_ssl_config conf;
  94. mbedtls_x509_crt srvcert;
  95. mbedtls_pk_context pkey;
  96. #if defined(MBEDTLS_SSL_CACHE_C)
  97. mbedtls_ssl_cache_context cache;
  98. #endif
  99. mbedtls_net_init( &listen_fd );
  100. mbedtls_net_init( &client_fd );
  101. mbedtls_ssl_init( &ssl );
  102. mbedtls_ssl_config_init( &conf );
  103. #if defined(MBEDTLS_SSL_CACHE_C)
  104. mbedtls_ssl_cache_init( &cache );
  105. #endif
  106. mbedtls_x509_crt_init( &srvcert );
  107. mbedtls_pk_init( &pkey );
  108. mbedtls_entropy_init( &entropy );
  109. mbedtls_ctr_drbg_init( &ctr_drbg );
  110. #if defined(MBEDTLS_DEBUG_C)
  111. mbedtls_debug_set_threshold( DEBUG_LEVEL );
  112. #endif
  113. /*
  114. * 1. Load the certificates and private RSA key
  115. */
  116. mbedtls_printf( "\n . Loading the server cert. and key..." );
  117. fflush( stdout );
  118. /*
  119. * This demonstration program uses embedded test certificates.
  120. * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
  121. * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
  122. */
  123. ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
  124. mbedtls_test_srv_crt_len );
  125. if( ret != 0 )
  126. {
  127. mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
  128. goto exit;
  129. }
  130. ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
  131. mbedtls_test_cas_pem_len );
  132. if( ret != 0 )
  133. {
  134. mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
  135. goto exit;
  136. }
  137. ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
  138. mbedtls_test_srv_key_len, NULL, 0 );
  139. if( ret != 0 )
  140. {
  141. mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
  142. goto exit;
  143. }
  144. mbedtls_printf( " ok\n" );
  145. /*
  146. * 2. Setup the listening TCP socket
  147. */
  148. mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
  149. fflush( stdout );
  150. if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
  151. {
  152. mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
  153. goto exit;
  154. }
  155. mbedtls_printf( " ok\n" );
  156. /*
  157. * 3. Seed the RNG
  158. */
  159. mbedtls_printf( " . Seeding the random number generator..." );
  160. fflush( stdout );
  161. if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
  162. (const unsigned char *) pers,
  163. strlen( pers ) ) ) != 0 )
  164. {
  165. mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
  166. goto exit;
  167. }
  168. mbedtls_printf( " ok\n" );
  169. /*
  170. * 4. Setup stuff
  171. */
  172. mbedtls_printf( " . Setting up the SSL data...." );
  173. fflush( stdout );
  174. if( ( ret = mbedtls_ssl_config_defaults( &conf,
  175. MBEDTLS_SSL_IS_SERVER,
  176. MBEDTLS_SSL_TRANSPORT_STREAM,
  177. MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
  178. {
  179. mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
  180. goto exit;
  181. }
  182. mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
  183. mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
  184. #if defined(MBEDTLS_SSL_CACHE_C)
  185. mbedtls_ssl_conf_session_cache( &conf, &cache,
  186. mbedtls_ssl_cache_get,
  187. mbedtls_ssl_cache_set );
  188. #endif
  189. mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
  190. if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
  191. {
  192. mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
  193. goto exit;
  194. }
  195. if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
  196. {
  197. mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
  198. goto exit;
  199. }
  200. mbedtls_printf( " ok\n" );
  201. reset:
  202. #ifdef MBEDTLS_ERROR_C
  203. if( ret != 0 )
  204. {
  205. char error_buf[100];
  206. mbedtls_strerror( ret, error_buf, 100 );
  207. mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
  208. }
  209. #endif
  210. mbedtls_net_free( &client_fd );
  211. mbedtls_ssl_session_reset( &ssl );
  212. /*
  213. * 3. Wait until a client connects
  214. */
  215. mbedtls_printf( " . Waiting for a remote connection ..." );
  216. fflush( stdout );
  217. if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
  218. NULL, 0, NULL ) ) != 0 )
  219. {
  220. mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
  221. goto exit;
  222. }
  223. mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
  224. mbedtls_printf( " ok\n" );
  225. /*
  226. * 5. Handshake
  227. */
  228. mbedtls_printf( " . Performing the SSL/TLS handshake..." );
  229. fflush( stdout );
  230. while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
  231. {
  232. if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
  233. {
  234. mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
  235. goto reset;
  236. }
  237. }
  238. mbedtls_printf( " ok\n" );
  239. /*
  240. * 6. Read the HTTP Request
  241. */
  242. mbedtls_printf( " < Read from client:" );
  243. fflush( stdout );
  244. do
  245. {
  246. len = sizeof( buf ) - 1;
  247. memset( buf, 0, sizeof( buf ) );
  248. ret = mbedtls_ssl_read( &ssl, buf, len );
  249. if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
  250. continue;
  251. if( ret <= 0 )
  252. {
  253. switch( ret )
  254. {
  255. case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
  256. mbedtls_printf( " connection was closed gracefully\n" );
  257. break;
  258. case MBEDTLS_ERR_NET_CONN_RESET:
  259. mbedtls_printf( " connection was reset by peer\n" );
  260. break;
  261. default:
  262. mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
  263. break;
  264. }
  265. break;
  266. }
  267. len = ret;
  268. mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
  269. if( ret > 0 )
  270. break;
  271. }
  272. while( 1 );
  273. /*
  274. * 7. Write the 200 Response
  275. */
  276. mbedtls_printf( " > Write to client:" );
  277. fflush( stdout );
  278. len = sprintf( (char *) buf, HTTP_RESPONSE,
  279. mbedtls_ssl_get_ciphersuite( &ssl ) );
  280. while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
  281. {
  282. if( ret == MBEDTLS_ERR_NET_CONN_RESET )
  283. {
  284. mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
  285. goto reset;
  286. }
  287. if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
  288. {
  289. mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
  290. goto exit;
  291. }
  292. }
  293. len = ret;
  294. mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
  295. mbedtls_printf( " . Closing the connection..." );
  296. while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
  297. {
  298. if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
  299. ret != MBEDTLS_ERR_SSL_WANT_WRITE )
  300. {
  301. mbedtls_printf( " failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret );
  302. goto reset;
  303. }
  304. }
  305. mbedtls_printf( " ok\n" );
  306. ret = 0;
  307. goto reset;
  308. exit:
  309. #ifdef MBEDTLS_ERROR_C
  310. if( ret != 0 )
  311. {
  312. char error_buf[100];
  313. mbedtls_strerror( ret, error_buf, 100 );
  314. mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
  315. }
  316. #endif
  317. mbedtls_net_free( &client_fd );
  318. mbedtls_net_free( &listen_fd );
  319. mbedtls_x509_crt_free( &srvcert );
  320. mbedtls_pk_free( &pkey );
  321. mbedtls_ssl_free( &ssl );
  322. mbedtls_ssl_config_free( &conf );
  323. #if defined(MBEDTLS_SSL_CACHE_C)
  324. mbedtls_ssl_cache_free( &cache );
  325. #endif
  326. mbedtls_ctr_drbg_free( &ctr_drbg );
  327. mbedtls_entropy_free( &entropy );
  328. #if defined(_WIN32)
  329. mbedtls_printf( " Press Enter to exit this program.\n" );
  330. fflush( stdout ); getchar();
  331. #endif
  332. return( ret );
  333. }
  334. #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
  335. MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
  336. MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C
  337. && MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */