client-tls.c 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266
  1. /* client-tls.c
  2. *
  3. * Copyright (C) 2006-2024 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #include <stdlib.h>
  22. #include <stdio.h>
  23. #include <string.h>
  24. /* socket includes */
  25. #include <sys/socket.h>
  26. #include <arpa/inet.h>
  27. #include <netinet/in.h>
  28. #include <unistd.h>
  29. /* wolfSSL */
  30. #include <wolfssl/options.h>
  31. #include <wolfssl/ssl.h>
  32. /* malloc out buffer and fill it with converted DER to PEM
  33. * returns pem size on success
  34. */
  35. static int convertDerToPem(int type, char* file, unsigned char **out)
  36. {
  37. int derSz, pemSz;
  38. unsigned char der[4096];
  39. unsigned char *pem;
  40. FILE* f;
  41. f = fopen(file, "rb");
  42. if (f == NULL) {
  43. fprintf(stderr, "unable to open cert file %s\n", file);
  44. return -1;
  45. }
  46. derSz = fread(der, 1, sizeof(der), f);
  47. fclose(f);
  48. pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, type);
  49. if (pemSz <= 0) {
  50. fprintf(stderr, "issue getting pem size needed\n");
  51. return -1;
  52. }
  53. pem = (unsigned char*)malloc(pemSz);
  54. if (pem == NULL) {
  55. fprintf(stderr, "issue malloc'ing pem size needed\n");
  56. return -1;
  57. }
  58. pemSz = wc_DerToPemEx(der, derSz, pem, pemSz, NULL, type);
  59. if (pemSz <= 0) {
  60. fprintf(stderr, "issue %d converting der to pem\n", pemSz);
  61. free(pem);
  62. return -1;
  63. }
  64. *out = pem;
  65. return pemSz;
  66. }
  67. int main(int argc, char** argv)
  68. {
  69. int sockfd;
  70. struct sockaddr_in servAddr;
  71. char buff[256];
  72. size_t len;
  73. int ret;
  74. int port;
  75. int pemSz;
  76. unsigned char *pem;
  77. FILE* f;
  78. /* declare wolfSSL objects */
  79. WOLFSSL_CTX* ctx;
  80. WOLFSSL* ssl;
  81. /* Check for proper calling convention */
  82. if (argc != 6) {
  83. printf("usage: %s <port> <IPv4 address> <CA PEM> <cert DER> <key DER>\n",
  84. argv[0]);
  85. return 0;
  86. }
  87. port = atoi(argv[1]);
  88. /* Create a socket that uses an internet IPv4 address,
  89. * Sets the socket to be stream based (TCP),
  90. * 0 means choose the default protocol. */
  91. if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
  92. fprintf(stderr, "ERROR: failed to create the socket\n");
  93. ret = -1;
  94. goto end;
  95. }
  96. /* Initialize the server address struct with zeros */
  97. memset(&servAddr, 0, sizeof(servAddr));
  98. /* Fill in the server address */
  99. servAddr.sin_family = AF_INET; /* using IPv4 */
  100. servAddr.sin_port = htons(port); /* on DEFAULT_PORT */
  101. /* Get the server IPv4 address from the command line call */
  102. if (inet_pton(AF_INET, argv[2], &servAddr.sin_addr) != 1) {
  103. fprintf(stderr, "ERROR: invalid address\n");
  104. ret = -1;
  105. goto end;
  106. }
  107. /* Connect to the server */
  108. if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr)))
  109. == -1) {
  110. fprintf(stderr, "ERROR: failed to connect\n");
  111. goto end;
  112. }
  113. /*---------------------------------*/
  114. /* Start of security */
  115. /*---------------------------------*/
  116. /* Initialize wolfSSL */
  117. if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) {
  118. fprintf(stderr, "ERROR: Failed to initialize the library\n");
  119. goto socket_cleanup;
  120. }
  121. /* Create and initialize WOLFSSL_CTX */
  122. if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) {
  123. fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
  124. ret = -1;
  125. goto socket_cleanup;
  126. }
  127. /* load cert and convert DER to PEM using dynamic length */
  128. pemSz = convertDerToPem(CERT_TYPE, argv[4], &pem);
  129. if (pemSz <= 0) {
  130. fprintf(stderr, "ERROR: converting DER cert to PEM\n");
  131. ret = -1;
  132. goto socket_cleanup;
  133. }
  134. if (wolfSSL_CTX_use_certificate_buffer(ctx, pem, pemSz,
  135. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  136. fprintf(stderr, "issue loading in pem cert\n");
  137. ret = -1;
  138. free(pem);
  139. goto socket_cleanup;
  140. }
  141. free(pem);
  142. /* load key and convert DER to PEM using dynamic length */
  143. pemSz = convertDerToPem(PRIVATEKEY_TYPE, argv[5], &pem);
  144. if (pemSz <= 0) {
  145. fprintf(stderr, "ERROR: converting DER key to PEM\n");
  146. ret = -1;
  147. goto socket_cleanup;
  148. }
  149. if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, pem, pemSz,
  150. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  151. fprintf(stderr, "issue loading in pem key\n");
  152. ret = -1;
  153. free(pem);
  154. goto socket_cleanup;
  155. }
  156. free(pem);
  157. /* Load client certificates into WOLFSSL_CTX */
  158. f = fopen(argv[3], "rb");
  159. if (f == NULL) {
  160. fprintf(stderr, "unable to open %s\n", argv[3]);
  161. ret = -1;
  162. goto socket_cleanup;
  163. }
  164. fseek(f, 0, SEEK_END);
  165. pemSz = ftell(f);
  166. rewind(f);
  167. pem = malloc(pemSz);
  168. if (pem == NULL) {
  169. fclose(f);
  170. ret = -1;
  171. goto socket_cleanup;
  172. }
  173. pemSz = fread(pem, 1, pemSz, f);
  174. fclose(f);
  175. ret = wolfSSL_CTX_load_verify_buffer(ctx, pem, pemSz, WOLFSSL_FILETYPE_PEM);
  176. if (ret != SSL_SUCCESS) {
  177. fprintf(stderr, "ERROR %d: failed to load %s, please check the file.\n",
  178. ret, argv[3]);
  179. free(pem);
  180. goto ctx_cleanup;
  181. }
  182. free(pem);
  183. /* Create a WOLFSSL object */
  184. if ((ssl = wolfSSL_new(ctx)) == NULL) {
  185. fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
  186. ret = -1;
  187. goto ctx_cleanup;
  188. }
  189. /* Attach wolfSSL to the socket */
  190. if ((ret = wolfSSL_set_fd(ssl, sockfd)) != WOLFSSL_SUCCESS) {
  191. fprintf(stderr, "ERROR: Failed to set the file descriptor\n");
  192. goto cleanup;
  193. }
  194. /* Connect to wolfSSL on the server side */
  195. if ((ret = wolfSSL_connect(ssl)) != SSL_SUCCESS) {
  196. fprintf(stderr, "ERROR: failed to connect to wolfSSL\n");
  197. goto cleanup;
  198. }
  199. /* Get a message for the server from stdin */
  200. printf("Message for server: ");
  201. memset(buff, 0, sizeof(buff));
  202. if (fgets(buff, sizeof(buff), stdin) == NULL) {
  203. fprintf(stderr, "ERROR: failed to get message for server\n");
  204. ret = -1;
  205. goto cleanup;
  206. }
  207. len = strnlen(buff, sizeof(buff));
  208. /* Send the message to the server */
  209. if ((ret = wolfSSL_write(ssl, buff, len)) != len) {
  210. fprintf(stderr, "ERROR: failed to write entire message\n");
  211. fprintf(stderr, "%d bytes of %d bytes were sent", ret, (int) len);
  212. goto cleanup;
  213. }
  214. /* Read the server data into our buff array */
  215. memset(buff, 0, sizeof(buff));
  216. if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) == -1) {
  217. fprintf(stderr, "ERROR: failed to read\n");
  218. goto cleanup;
  219. }
  220. /* Print to stdout any data the server sends */
  221. printf("Server: %s\n", buff);
  222. /* Cleanup and return */
  223. cleanup:
  224. wolfSSL_free(ssl); /* Free the wolfSSL object */
  225. ctx_cleanup:
  226. wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
  227. wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
  228. socket_cleanup:
  229. close(sockfd); /* Close the connection to the server */
  230. end:
  231. return ret; /* Return reporting a success */
  232. }