int selftest( int argc, char *argv[] )
{
int ret = 0, v;
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
unsigned char buf[1000000];
#endif
if( argc == 2 && strcmp( argv[1], "-quiet" ) == 0 )
v = 0;
else
{
v = 1;
mbedtls_printf( "\n" );
}
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) );
#endif
#if defined(MBEDTLS_MD2_C)
if( ( ret = mbedtls_md2_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_MD4_C)
if( ( ret = mbedtls_md4_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_MD5_C)
if( ( ret = mbedtls_md5_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
if( ( ret = mbedtls_ripemd160_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_SHA1_C)
if( ( ret = mbedtls_sha1_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_SHA256_C)
if( ( ret = mbedtls_sha256_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_SHA512_C)
if( ( ret = mbedtls_sha512_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_ARC4_C)
if( ( ret = mbedtls_arc4_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_DES_C)
if( ( ret = mbedtls_des_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_AES_C)
if( ( ret = mbedtls_aes_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
if( ( ret = mbedtls_gcm_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
if( ( ret = mbedtls_ccm_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_BASE64_C)
if( ( ret = mbedtls_base64_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_BIGNUM_C)
if( ( ret = mbedtls_mpi_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_RSA_C)
if( ( ret = mbedtls_rsa_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_X509_USE_C)
if( ( ret = mbedtls_x509_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_XTEA_C)
if( ( ret = mbedtls_xtea_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_CAMELLIA_C)
if( ( ret = mbedtls_camellia_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
if( ( ret = mbedtls_ctr_drbg_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_HMAC_DRBG_C)
if( ( ret = mbedtls_hmac_drbg_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_ECP_C)
if( ( ret = mbedtls_ecp_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_DHM_C)
if( ( ret = mbedtls_dhm_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_ENTROPY_C)
if( ( ret = mbedtls_entropy_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_PKCS5_C)
if( ( ret = mbedtls_pkcs5_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_TIMING_C)
if( ( ret = mbedtls_timing_self_test( v ) ) != 0 )
return( ret );
#endif
#else
mbedtls_printf( " POLARSSL_SELF_TEST not defined.\n" );
#endif
if( v != 0 )
{
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_memory_buffer_alloc_status();
#endif
}
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
if( ( ret = mbedtls_memory_buffer_alloc_self_test( v ) ) != 0 )
return( ret );
#endif
if( v != 0 )
{
mbedtls_printf( " [ All tests passed ]\n\n" );
#if defined(_WIN32)
mbedtls_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
}
return( ret );
}
int main( int argc, char *argv[] )
{
int i;
unsigned char tmp[200];
char title[TITLE_LEN];
todo_list todo;
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
unsigned char alloc_buf[HEAP_SIZE] = { 0 };
#endif
if( argc <= 1 )
{
memset( &todo, 1, sizeof( todo ) );
}
else
{
memset( &todo, 0, sizeof( todo ) );
for( i = 1; i < argc; i++ )
{
if( strcmp( argv[i], "md4" ) == 0 )
todo.md4 = 1;
else if( strcmp( argv[i], "md5" ) == 0 )
todo.md5 = 1;
else if( strcmp( argv[i], "ripemd160" ) == 0 )
todo.ripemd160 = 1;
else if( strcmp( argv[i], "sha1" ) == 0 )
todo.sha1 = 1;
else if( strcmp( argv[i], "sha256" ) == 0 )
todo.sha256 = 1;
else if( strcmp( argv[i], "sha512" ) == 0 )
todo.sha512 = 1;
else if( strcmp( argv[i], "arc4" ) == 0 )
todo.arc4 = 1;
else if( strcmp( argv[i], "des3" ) == 0 )
todo.des3 = 1;
else if( strcmp( argv[i], "des" ) == 0 )
todo.des = 1;
else if( strcmp( argv[i], "aes_cbc" ) == 0 )
todo.aes_cbc = 1;
else if( strcmp( argv[i], "aes_gcm" ) == 0 )
todo.aes_gcm = 1;
else if( strcmp( argv[i], "aes_ccm" ) == 0 )
todo.aes_ccm = 1;
else if( strcmp( argv[i], "aes_cmac" ) == 0 )
todo.aes_cmac = 1;
else if( strcmp( argv[i], "des3_cmac" ) == 0 )
todo.des3_cmac = 1;
else if( strcmp( argv[i], "camellia" ) == 0 )
todo.camellia = 1;
else if( strcmp( argv[i], "blowfish" ) == 0 )
todo.blowfish = 1;
else if( strcmp( argv[i], "havege" ) == 0 )
todo.havege = 1;
else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
todo.ctr_drbg = 1;
else if( strcmp( argv[i], "hmac_drbg" ) == 0 )
todo.hmac_drbg = 1;
else if( strcmp( argv[i], "rsa" ) == 0 )
todo.rsa = 1;
else if( strcmp( argv[i], "dhm" ) == 0 )
todo.dhm = 1;
else if( strcmp( argv[i], "ecdsa" ) == 0 )
todo.ecdsa = 1;
else if( strcmp( argv[i], "ecdh" ) == 0 )
todo.ecdh = 1;
else
{
mbedtls_printf( "Unrecognized option: %s\n", argv[i] );
mbedtls_printf( "Available options: " OPTIONS );
}
}
}
mbedtls_printf( "\n" );
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) );
#endif
memset( buf, 0xAA, sizeof( buf ) );
memset( tmp, 0xBB, sizeof( tmp ) );
#if defined(MBEDTLS_MD4_C)
if( todo.md4 )
TIME_AND_TSC( "MD4", mbedtls_md4_ret( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_MD5_C)
if( todo.md5 )
TIME_AND_TSC( "MD5", mbedtls_md5_ret( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
if( todo.ripemd160 )
TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ret( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_SHA1_C)
if( todo.sha1 )
TIME_AND_TSC( "SHA-1", mbedtls_sha1_ret( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_SHA256_C)
if( todo.sha256 )
TIME_AND_TSC( "SHA-256", mbedtls_sha256_ret( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(MBEDTLS_SHA512_C)
if( todo.sha512 )
TIME_AND_TSC( "SHA-512", mbedtls_sha512_ret( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(MBEDTLS_ARC4_C)
if( todo.arc4 )
{
mbedtls_arc4_context arc4;
mbedtls_arc4_init( &arc4 );
mbedtls_arc4_setup( &arc4, tmp, 32 );
TIME_AND_TSC( "ARC4", mbedtls_arc4_crypt( &arc4, BUFSIZE, buf, buf ) );
mbedtls_arc4_free( &arc4 );
}
#endif
#if defined(MBEDTLS_DES_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if( todo.des3 )
{
mbedtls_des3_context des3;
mbedtls_des3_init( &des3 );
mbedtls_des3_set3key_enc( &des3, tmp );
TIME_AND_TSC( "3DES",
mbedtls_des3_crypt_cbc( &des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
mbedtls_des3_free( &des3 );
}
if( todo.des )
{
mbedtls_des_context des;
mbedtls_des_init( &des );
mbedtls_des_setkey_enc( &des, tmp );
TIME_AND_TSC( "DES",
mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
mbedtls_des_free( &des );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CMAC_C)
if( todo.des3_cmac )
{
unsigned char output[8];
const mbedtls_cipher_info_t *cipher_info;
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_DES_EDE3_ECB );
TIME_AND_TSC( "3DES-CMAC",
mbedtls_cipher_cmac( cipher_info, tmp, 192, buf,
BUFSIZE, output ) );
}
#endif /* MBEDTLS_CMAC_C */
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if( todo.aes_cbc )
{
int keysize;
mbedtls_aes_context aes;
mbedtls_aes_init( &aes );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
mbedtls_snprintf( title, sizeof( title ), "AES-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
mbedtls_aes_setkey_enc( &aes, tmp, keysize );
TIME_AND_TSC( title,
mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
}
mbedtls_aes_free( &aes );
}
#endif
#if defined(MBEDTLS_GCM_C)
if( todo.aes_gcm )
{
int keysize;
mbedtls_gcm_context gcm;
mbedtls_gcm_init( &gcm );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
mbedtls_snprintf( title, sizeof( title ), "AES-GCM-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
mbedtls_gcm_setkey( &gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize );
TIME_AND_TSC( title,
mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp,
12, NULL, 0, buf, buf, 16, tmp ) );
mbedtls_gcm_free( &gcm );
}
}
#endif
#if defined(MBEDTLS_CCM_C)
if( todo.aes_ccm )
{
int keysize;
mbedtls_ccm_context ccm;
mbedtls_ccm_init( &ccm );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
mbedtls_snprintf( title, sizeof( title ), "AES-CCM-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
mbedtls_ccm_setkey( &ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize );
TIME_AND_TSC( title,
mbedtls_ccm_encrypt_and_tag( &ccm, BUFSIZE, tmp,
12, NULL, 0, buf, buf, tmp, 16 ) );
mbedtls_ccm_free( &ccm );
}
}
#endif
#if defined(MBEDTLS_CMAC_C)
if( todo.aes_cmac )
{
unsigned char output[16];
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_type_t cipher_type;
int keysize;
for( keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB;
keysize <= 256;
keysize += 64, cipher_type++ )
{
mbedtls_snprintf( title, sizeof( title ), "AES-CMAC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
cipher_info = mbedtls_cipher_info_from_type( cipher_type );
TIME_AND_TSC( title,
mbedtls_cipher_cmac( cipher_info, tmp, keysize,
buf, BUFSIZE, output ) );
}
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
TIME_AND_TSC( "AES-CMAC-PRF-128",
mbedtls_aes_cmac_prf_128( tmp, 16, buf, BUFSIZE,
output ) );
}
#endif /* MBEDTLS_CMAC_C */
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
if( todo.camellia )
{
int keysize;
mbedtls_camellia_context camellia;
mbedtls_camellia_init( &camellia );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
mbedtls_snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
mbedtls_camellia_setkey_enc( &camellia, tmp, keysize );
TIME_AND_TSC( title,
mbedtls_camellia_crypt_cbc( &camellia, MBEDTLS_CAMELLIA_ENCRYPT,
BUFSIZE, tmp, buf, buf ) );
}
mbedtls_camellia_free( &camellia );
}
#endif
#if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
if( todo.blowfish )
{
int keysize;
mbedtls_blowfish_context blowfish;
mbedtls_blowfish_init( &blowfish );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
mbedtls_snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
mbedtls_blowfish_setkey( &blowfish, tmp, keysize );
TIME_AND_TSC( title,
mbedtls_blowfish_crypt_cbc( &blowfish, MBEDTLS_BLOWFISH_ENCRYPT, BUFSIZE,
tmp, buf, buf ) );
}
mbedtls_blowfish_free( &blowfish );
}
#endif
#if defined(MBEDTLS_HAVEGE_C)
if( todo.havege )
{
mbedtls_havege_state hs;
mbedtls_havege_init( &hs );
TIME_AND_TSC( "HAVEGE", mbedtls_havege_random( &hs, buf, BUFSIZE ) );
mbedtls_havege_free( &hs );
}
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
if( todo.ctr_drbg )
{
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ctr_drbg_init( &ctr_drbg );
if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1);
TIME_AND_TSC( "CTR_DRBG (NOPR)",
if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
mbedtls_exit(1) );
if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1);
mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON );
TIME_AND_TSC( "CTR_DRBG (PR)",
if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
mbedtls_exit(1) );
mbedtls_ctr_drbg_free( &ctr_drbg );
}
int mbedtls_self_test()
{
int ret = 0, v;
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
unsigned char buf[1000000];
#endif
void *pointer;
/*
* The C standard doesn't guarantee that all-bits-0 is the representation
* of a NULL pointer. We do however use that in our code for initializing
* structures, which should work on every modern platform. Let's be sure.
*/
memset( &pointer, 0, sizeof( void * ) );
if( pointer != NULL )
{
mbedtls_printf( "all-bits-zero is not a NULL pointer\n" );
return( 1 );
}
/*
* Make sure we have a snprintf that correctly zero-terminates
*/
if( run_test_snprintf() != 0 )
{
mbedtls_printf( "the snprintf implementation is broken\n" );
return( 0 );
}
v = 1;
mbedtls_printf( "\n" );
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) );
#endif
#if defined(MBEDTLS_MD2_C)
if( ( ret = mbedtls_md2_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_MD4_C)
if( ( ret = mbedtls_md4_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_MD5_C)
if( ( ret = mbedtls_md5_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
if( ( ret = mbedtls_ripemd160_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_SHA1_C)
if( ( ret = mbedtls_sha1_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_SHA256_C)
if( ( ret = mbedtls_sha256_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_SHA512_C)
if( ( ret = mbedtls_sha512_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_ARC4_C)
if( ( ret = mbedtls_arc4_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_DES_C)
if( ( ret = mbedtls_des_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_AES_C)
if( ( ret = mbedtls_aes_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
if( ( ret = mbedtls_gcm_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
if( ( ret = mbedtls_ccm_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_BASE64_C)
if( ( ret = mbedtls_base64_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_BIGNUM_C)
if( ( ret = mbedtls_mpi_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_RSA_C)
if( ( ret = mbedtls_rsa_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_X509_USE_C)
if( ( ret = mbedtls_x509_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_XTEA_C)
if( ( ret = mbedtls_xtea_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_CAMELLIA_C)
if( ( ret = mbedtls_camellia_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
if( ( ret = mbedtls_ctr_drbg_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_HMAC_DRBG_C)
if( ( ret = mbedtls_hmac_drbg_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_ECP_C)
if( ( ret = mbedtls_ecp_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_ECJPAKE_C)
if( ( ret = mbedtls_ecjpake_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_DHM_C)
if( ( ret = mbedtls_dhm_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_ENTROPY_C)
if( ( ret = mbedtls_entropy_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(MBEDTLS_PKCS5_C)
if( ( ret = mbedtls_pkcs5_self_test( v ) ) != 0 )
return( ret );
#endif
/* Slow tests last */
#if defined(MBEDTLS_TIMING_C)
if( ( ret = mbedtls_timing_self_test( v ) ) != 0 )
return( ret );
#endif
#else
mbedtls_printf( " MBEDTLS_SELF_TEST not defined.\n" );
#endif
if( v != 0 )
{
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_memory_buffer_alloc_status();
#endif
}
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
if( ( ret = mbedtls_memory_buffer_alloc_self_test( v ) ) != 0 )
return( ret );
#endif
// if( v != 0 )
// {
// mbedtls_printf( " [ All tests passed ]\n\n" );
//#if defined(_WIN32)
// mbedtls_printf( " Press Enter to exit this program.\n" );
// fflush( stdout ); getchar();
//#endif
// }
return( ret );
}
void dtls_client(void)
{
int ret = exit_ok;
struct udp_context ctx;
struct dtls_timing_context timer;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_platform_set_printf(printf);
/*
* 0. Initialize and setup stuff
*/
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_printf("\n . Seeding the random number generator...");
mbedtls_entropy_init(&entropy);
mbedtls_entropy_add_source(&entropy, entropy_source, NULL,
MBEDTLS_ENTROPY_MAX_GATHER,
MBEDTLS_ENTROPY_SOURCE_STRONG);
if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *)pers,
strlen(pers)) != 0) {
ret = ctr_drbg_seed_failed;
mbedtls_printf
(" failed\n ! mbedtls_ctr_drbg_seed returned 0x%x\n", ret);
goto exit;
}
mbedtls_printf(" ok\n");
mbedtls_printf(" . Setting up the DTLS structure...");
ret = mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT);
if (ret != 0) {
ret = ssl_config_defaults_failed;
mbedtls_printf(" failed! returned 0x%x\n\n", ret);
goto exit;
}
/* Modify this to change the default timeouts for the DTSL handshake */
/* mbedtls_ssl_conf_handshake_timeout( &conf, min, max ); */
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold(DEBUG_THRESHOLD);
#endif
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, NULL);
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init(heap, sizeof(heap));
#endif
if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
ret = ssl_setup_failed;
mbedtls_printf
(" failed\n ! mbedtls_ssl_setup returned 0x%x\n\n", ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
* 1. Start the connection
*/
mbedtls_printf(" . Connecting to udp %d.%d.%d.%d:%d...",
SERVER_IPADDR0, SERVER_IPADDR1, SERVER_IPADDR2,
SERVER_IPADDR3, SERVER_PORT);
if (udp_init(&ctx) != 0) {
ret = connect_failed;
mbedtls_printf(" failed\n ! udp_init returned 0x%x\n\n", ret);
goto exit;
}
mbedtls_printf(" ok\n");
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_printf(" . Setting up ecjpake password ...");
if (mbedtls_ssl_set_hs_ecjpake_password
(&ssl, ecjpake_pw, ECJPAKE_PW_SIZE) != 0) {
mbedtls_printf(" failed! set ecjpake password returned %d\n\n",
ssl_setup_failed);
goto exit;
}
#endif
mbedtls_printf(" ok\n");
mbedtls_ssl_set_timer_cb(&ssl, &timer, dtls_timing_set_delay,
dtls_timing_get_delay);
mbedtls_ssl_set_bio(&ssl, &ctx, udp_tx, udp_rx, NULL);
mbedtls_printf(" . Performing the SSL/TLS handshake...");
ret = mbedtls_ssl_handshake(&ssl);
if (ret != 0) {
ret = ssl_handshake_failed;
mbedtls_printf
(" failed\n ! mbedtls_ssl_handshake returned 0x%x\n", ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
* 2. Write the GET request and close the connection
*/
mbedtls_printf(" > Write to server:");
if (mbedtls_ssl_write(&ssl, (const unsigned char *)GET_REQUEST,
sizeof(GET_REQUEST) - 1) <= 0) {
ret = ssl_write_failed;
mbedtls_printf
(" failed\n ! mbedtls_ssl_write returned 0x%x\n\n", ret);
goto exit;
}
mbedtls_printf(" ok\n");
mbedtls_printf(" . Closing the connection...");
mbedtls_ssl_close_notify(&ssl);
mbedtls_printf(" done\n");
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
}
int main( void )
{
int ret;
mbedtls_net_context listen_fd, client_fd;
const char pers[] = "ssl_pthread_server";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_config conf;
mbedtls_x509_crt srvcert;
mbedtls_x509_crt cachain;
mbedtls_pk_context pkey;
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
unsigned char alloc_buf[100000];
#endif
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_context cache;
#endif
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
#endif
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_init( &cache );
#endif
mbedtls_x509_crt_init( &srvcert );
mbedtls_x509_crt_init( &cachain );
mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
memset( threads, 0, sizeof(threads) );
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_mutex_init( &debug_mutex );
base_info.config = &conf;
/*
* We use only a single entropy source that is used in all the threads.
*/
mbedtls_entropy_init( &entropy );
/*
* 1. Load the certificates and private RSA key
*/
mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
goto exit;
}
ret = mbedtls_x509_crt_parse( &cachain, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
goto exit;
}
mbedtls_pk_init( &pkey );
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 1b. Seed the random number generator
*/
mbedtls_printf( " . Seeding the random number generator..." );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
-ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 1c. Prepare SSL configuration
*/
mbedtls_printf( " . Setting up the SSL data...." );
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
-ret );
goto exit;
}
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_mutexed_debug, stdout );
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
* MBEDTLS_THREADING_C is set.
*/
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
#endif
mbedtls_ssl_conf_ca_chain( &conf, &cachain, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
*/
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
reset:
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf( " [ main ] Last error was: -0x%04x - %s\n", -ret, error_buf );
}
#endif
/*
* 3. Wait until a client connects
*/
mbedtls_printf( " [ main ] Waiting for a remote connection\n" );
if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 )
{
mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n", ret );
goto exit;
}
mbedtls_printf( " [ main ] ok\n" );
mbedtls_printf( " [ main ] Creating a new thread\n" );
if( ( ret = thread_create( &client_fd ) ) != 0 )
{
mbedtls_printf( " [ main ] failed: thread_create returned %d\n", ret );
mbedtls_net_free( &client_fd );
goto reset;
}
ret = 0;
goto reset;
exit:
mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free( &cache );
#endif
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_ssl_config_free( &conf );
mbedtls_net_free( &listen_fd );
mbedtls_mutex_free( &debug_mutex );
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
#endif
#if defined(_WIN32)
mbedtls_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
MbedTls::MbedTls(void)
{
mbedtls_memory_buffer_alloc_init(mMemory, sizeof(mMemory));
}
static void init_heap(void)
{
mbedtls_memory_buffer_alloc_init(_mbedtls_heap, sizeof(_mbedtls_heap));
}
void tls_client(void)
{
int ret = exit_ok;
struct tcp_context ctx;
ctx.timeout = MBEDTLS_NETWORK_TIMEOUT;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt ca;
#endif
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_platform_set_printf(PRINT);
/*
* 0. Initialize and setup stuff
*/
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init(&ca);
#endif
mbedtls_printf("\n . Seeding the random number generator...");
mbedtls_entropy_init(&entropy);
mbedtls_entropy_add_source(&entropy, entropy_source, NULL,
MBEDTLS_ENTROPY_MAX_GATHER,
MBEDTLS_ENTROPY_SOURCE_STRONG);
if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *)pers,
strlen(pers)) != 0) {
ret = ctr_drbg_seed_failed;
mbedtls_printf
(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
-ret);
goto exit;
}
mbedtls_printf(" ok\n");
mbedtls_printf(" . Setting up the SSL/TLS structure...");
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
ret = ssl_config_defaults_failed;
mbedtls_printf
(" failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
-ret);
goto exit;
}
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init(heap, sizeof(heap));
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
(const unsigned char *)psk_id, sizeof(psk_id) - 1);
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if (mbedtls_x509_crt_parse_der(&ca, ca_cert, sizeof(ca_cert)) != 0) {
ret = x509_crt_parse_failed;
mbedtls_printf
(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
-ret);
goto exit;
}
mbedtls_ssl_conf_ca_chain(&conf, &ca, NULL);
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
#endif
if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
ret = ssl_setup_failed;
mbedtls_printf
(" failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret);
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if (mbedtls_ssl_set_hostname(&ssl, HOSTNAME) != 0) {
ret = hostname_failed;
mbedtls_printf
(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
ret);
goto exit;
}
#endif
mbedtls_printf(" ok\n");
/*
* 1. Start the connection
*/
mbedtls_printf(" . Connecting to tcp %s...", SERVER_ADDR);
if (tcp_set_local_addr(&ctx, LOCAL_ADDR) != 0) {
printk("tcp set_local_addr error\n");
goto exit;
}
if (tcp_init(&ctx, SERVER_ADDR, SERVER_PORT) != 0) {
ret = connect_failed;
mbedtls_printf(" failed\n ! tcp_init returned -0x%x\n\n",
-ret);
goto exit;
}
mbedtls_printf(" ok\n");
mbedtls_ssl_set_bio(&ssl, &ctx, tcp_tx, tcp_rx, NULL);
mbedtls_printf(" . Performing the SSL/TLS handshake...");
if (mbedtls_ssl_handshake(&ssl) != 0) {
ret = ssl_handshake_failed;
mbedtls_printf
(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
-ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
* 2. Write the GET request and close the connection
*/
mbedtls_printf(" > Write to server:");
if (mbedtls_ssl_write(&ssl, (const unsigned char *)GET_REQUEST,
sizeof(GET_REQUEST) - 1) <= 0) {
ret = ssl_write_failed;
mbedtls_printf
(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret);
goto exit;
}
mbedtls_printf(" ok\n");
mbedtls_printf(" . Closing the connection...");
mbedtls_ssl_close_notify(&ssl);
mbedtls_printf(" done\n");
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_free(&ca);
#endif
}
int main(void)
{
int v, suites_tested = 0, suites_failed = 0;
void *pointer;
mbedtls_platform_set_printf(MBEDTLS_PRINT);
TC_START("Performing mbedTLS crypto tests:");
/*
* The C standard doesn't guarantee that all-bits-0 is the representation
* of a NULL pointer. We do however use that in our code for initializing
* structures, which should work on every modern platform. Let's be sure.
*/
memset(&pointer, 0, sizeof(void *));
if (pointer != NULL) {
mbedtls_printf("all-bits-zero is not a NULL pointer\n");
mbedtls_exit(MBEDTLS_EXIT_FAILURE);
}
/*
* Make sure we have a snprintf that correctly zero-terminates
*/
if (run_test_snprintf() != 0) {
mbedtls_printf("the snprintf implementation is broken\n");
mbedtls_exit(MBEDTLS_EXIT_FAILURE);
}
v = 1;
mbedtls_printf("\n");
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));
#endif
#if defined(MBEDTLS_MD2_C)
if (mbedtls_md2_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_MD4_C)
if (mbedtls_md4_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_MD5_C)
if (mbedtls_md5_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
if (mbedtls_ripemd160_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_SHA1_C)
if (mbedtls_sha1_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_SHA256_C)
if (mbedtls_sha256_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_SHA512_C)
if (mbedtls_sha512_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_ARC4_C)
if (mbedtls_arc4_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_DES_C)
if (mbedtls_des_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_AES_C)
if (mbedtls_aes_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
if (mbedtls_gcm_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
if (mbedtls_ccm_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_BASE64_C)
if (mbedtls_base64_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_BIGNUM_C)
if (mbedtls_mpi_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_RSA_C)
if (mbedtls_rsa_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_X509_USE_C)
if (mbedtls_x509_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_XTEA_C)
if (mbedtls_xtea_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_CAMELLIA_C)
if (mbedtls_camellia_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
if (mbedtls_ctr_drbg_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_HMAC_DRBG_C)
if (mbedtls_hmac_drbg_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_ecp_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_ECJPAKE_C)
if (mbedtls_ecjpake_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_DHM_C)
if (mbedtls_dhm_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_ENTROPY_C)
#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
create_entropy_seed_file();
#endif
if (mbedtls_entropy_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_PKCS5_C)
if (mbedtls_pkcs5_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
/* Slow tests last */
#if defined(MBEDTLS_TIMING_C)
if (mbedtls_timing_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
#else
mbedtls_printf(" MBEDTLS_SELF_TEST not defined.\n");
#endif
if (v != 0) {
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_memory_buffer_alloc_status();
#endif
}
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
if (mbedtls_memory_buffer_alloc_self_test(v) != 0) {
suites_failed++;
}
suites_tested++;
#endif
if (v != 0) {
mbedtls_printf(" Executed %d test suites\n\n", suites_tested);
if (suites_failed > 0) {
mbedtls_printf(" [ %d tests FAIL ]\n\n",
suites_failed);
TC_END_RESULT(TC_FAIL);
TC_END_REPORT(TC_FAIL);
} else {
mbedtls_printf(" [ All tests PASS ]\n\n");
TC_END_RESULT(TC_PASS);
TC_END_REPORT(TC_PASS);
}
#if defined(_WIN32)
mbedtls_printf(" Press Enter to exit this program.\n");
fflush(stdout);
getchar();
#endif
}
while (1) {
};
}
void dtls_server(void)
{
int len, ret = 0;
struct udp_context ctx;
struct dtls_timing_context timer;
struct zoap_packet zpkt;
struct net_pkt *pkt;
struct net_buf *frag;
mbedtls_ssl_cookie_ctx cookie_ctx;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_platform_set_printf(printk);
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold(DEBUG_THRESHOLD);
#endif
/*
* Initialize and setup
*/
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_entropy_init(&entropy);
mbedtls_entropy_add_source(&entropy, entropy_source, NULL,
MBEDTLS_ENTROPY_MAX_GATHER,
MBEDTLS_ENTROPY_SOURCE_STRONG);
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *)pers, strlen(pers));
if (ret != 0) {
mbedtls_printf(" failed!\n"
" mbedtls_ctr_drbg_seed returned -0x%x\n", -ret);
goto exit;
}
ret = mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT);
if (ret != 0) {
mbedtls_printf(" failed!\n"
" mbedtls_ssl_config_defaults returned -0x%x\n",
-ret);
goto exit;
}
/* Modify this to change the default timeouts for the DTLS handshake */
/* mbedtls_ssl_conf_handshake_timeout( &conf, min, max ); */
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, NULL);
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init(heap, sizeof(heap));
#endif
ret = mbedtls_ssl_cookie_setup(&cookie_ctx, mbedtls_ctr_drbg_random,
&ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed!\n"
" mbedtls_ssl_cookie_setup returned -0x%x\n",
-ret);
goto exit;
}
mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write,
mbedtls_ssl_cookie_check, &cookie_ctx);
ret = mbedtls_ssl_setup(&ssl, &conf);
if (ret != 0) {
mbedtls_printf(" failed!\n"
" mbedtls_ssl_setup returned -0x%x\n", -ret);
goto exit;
}
ret = udp_init(&ctx);
if (ret != 0) {
mbedtls_printf(" failed!\n udp_init returned 0x%x\n", ret);
goto exit;
}
reset:
mbedtls_ssl_session_reset(&ssl);
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
ret =
mbedtls_ssl_conf_psk(&conf, psk, strlen(psk), psk_id,
strlen(psk_id));
if (ret != 0) {
mbedtls_printf(" failed!\n mbedtls_ssl_conf_psk"
" returned -0x%04X\n", -ret);
goto exit;
}
#endif
mbedtls_ssl_set_timer_cb(&ssl, &timer, dtls_timing_set_delay,
dtls_timing_get_delay);
mbedtls_ssl_set_bio(&ssl, &ctx, udp_tx, udp_rx, NULL);
/* For HelloVerifyRequest cookies */
ctx.client_id = (char)ctx.remaining;
ret = mbedtls_ssl_set_client_transport_id(&ssl, &ctx.client_id,
sizeof(char));
if (ret != 0) {
mbedtls_printf(" failed!\n"
" mbedtls_ssl_set_client_transport_id()"
" returned -0x%x\n", -ret);
goto exit;
}
curr_ctx = &ssl;
do {
ret = mbedtls_ssl_handshake(&ssl);
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
ret = 0;
goto reset;
}
if (ret != 0) {
mbedtls_printf(" failed!\n"
" mbedtls_ssl_handshake returned -0x%x\n",
-ret);
goto reset;
}
do {
/* Read the request */
pkt = net_pkt_get_reserve(&zoap_pkt_slab, 0, K_NO_WAIT);
if (!pkt) {
mbedtls_printf("Could not get packet from slab\n");
goto exit;
}
frag = net_buf_alloc(&zoap_data_pool, K_NO_WAIT);
if (!frag) {
mbedtls_printf("Could not get frag from pool\n");
goto exit;
}
net_pkt_frag_add(pkt, frag);
len = ZOAP_BUF_SIZE - 1;
memset(frag->data, 0, ZOAP_BUF_SIZE);
ret = mbedtls_ssl_read(&ssl, frag->data, len);
if (ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
continue;
}
if (ret <= 0) {
net_pkt_unref(pkt);
switch (ret) {
case MBEDTLS_ERR_SSL_TIMEOUT:
mbedtls_printf(" timeout\n");
goto reset;
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf(" connection was closed"
" gracefully\n");
goto close_notify;
default:
mbedtls_printf(" mbedtls_ssl_read"
" returned -0x%x\n", -ret);
goto reset;
}
}
len = ret;
frag->len = len;
ret = zoap_packet_parse(&zpkt, pkt);
if (ret) {
mbedtls_printf("Could not parse packet\n");
goto exit;
}
ret = zoap_handle_request(&zpkt, resources,
(const struct sockaddr *)&ssl);
if (ret < 0) {
mbedtls_printf("No handler for such request (%d)\n",
ret);
}
net_pkt_unref(pkt);
} while (1);
close_notify:
/* No error checking, the connection might be closed already */
do {
ret = mbedtls_ssl_close_notify(&ssl);
} while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
ret = 0;
mbedtls_printf(" done\n");
goto reset;
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
}
