Rough and ready demo of axTLS with 3G modem
Dependencies: VodafoneUSBModem_bleedingedge axTLS mbed-rtos mbed
Revision 0:795bb54e1ee8, committed 2013-05-13
- Comitter:
- ashleymills
- Date:
- Mon May 13 18:18:37 2013 +0000
- Child:
- 1:db88ff473b1a
- Commit message:
- init
Changed in this revision
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/VodafoneUSBModem_bleedingedge.lib Mon May 13 18:18:37 2013 +0000 @@ -0,0 +1,1 @@ +http://mbed.org/users/donatien/code/VodafoneUSBModem_bleedingedge/#51dc1f37cc9a
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/axTLS.lib Mon May 13 18:18:37 2013 +0000 @@ -0,0 +1,1 @@ +axTLS#5a29fd060ac8
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/main.cpp Mon May 13 18:18:37 2013 +0000 @@ -0,0 +1,208 @@ +#define __DEBUG__ 4 //Maximum verbosity +#ifndef __MODULE__ +#define __MODULE__ "main.cpp" +#endif + +#include "mbed.h" +#include "rtos.h" +#include "VodafoneUSBModem.h" +#include "ssl.h" +#include "socket.h" +#include "cert.h" + +#define APN_PAYG + +#ifdef APN_GDSP + #define APN "ppinternetd.gdsp" + #define APN_USERNAME "" + #define APN_PASSWORD "" +#endif + +#ifdef APN_CONTRACT + #define APN "internet" + #define APN_USERNAME "web" + #define APN_PASSWORD "web" +#endif + +#ifdef APN_PAYG + #define APN "smart" + #define APN_USERNAME "web" + #define APN_PASSWORD "web" +#endif + +DigitalOut myled(LED1); + +static void display_cipher(SSL *ssl) +{ + printf("CIPHER is "); + switch (ssl_get_cipher_id(ssl)) + { + case SSL_AES128_SHA: + printf("AES128-SHA"); + break; + + case SSL_AES256_SHA: + printf("AES256-SHA"); + break; + + case SSL_RC4_128_SHA: + printf("RC4-SHA"); + break; + + case SSL_RC4_128_MD5: + printf("RC4-MD5"); + break; + + default: + printf("Unknown - %d", ssl_get_cipher_id(ssl)); + break; + } + + printf("\r\n"); +} + + +bool connectToSocket(char *ipAddress, int port, int *sockfd) { + *sockfd = -1; + // create the socket + if((*sockfd=socket(AF_INET,SOCK_STREAM,0))<0) { + DBG("Error opening socket"); + return false; + } + + // create the socket address + sockaddr_in serverAddress; + std::memset(&serverAddress, 0, sizeof(struct sockaddr_in)); + serverAddress.sin_addr.s_addr = inet_addr(ipAddress); + serverAddress.sin_family = AF_INET; + serverAddress.sin_port = htons(port); + + // do socket connect + //LOG("Connecting socket to %s:%d", inet_ntoa(serverAddress.sin_addr), ntohs(serverAddress.sin_port)); + if(connect(*sockfd, (const struct sockaddr *)&serverAddress, sizeof(serverAddress))<0) { + ::close(*sockfd); + DBG("Could not connect"); + return false; + } + return true; +} + +void finishOnError() { + DigitalOut l1(LED1); + while(1) { + Thread::wait(1000); + l1 = !l1; + } +} + +void finishOnOK() { + DigitalOut l(LED2); + while(1) { + Thread::wait(1000); + l = !l; + } +} + +int main() { + DBG_INIT(); + DBG_SET_SPEED(115200); + DBG_SET_NEWLINE("\r\n"); + + set_time(1368461860); + + // init modem + VodafoneUSBModem modem; + + // SSL stuff + uint32_t sslOptions = SSL_DISPLAY_CERTS|SSL_DISPLAY_STATES|SSL_SERVER_VERIFY_LATER; + SSL_CTX *ssl_ctx; + SSL *ssl = NULL; + /* + char **ca_cert, **cert; + int cert_size, ca_cert_size; + cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET); + ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET); + ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size); + cert = (char **)calloc(1, sizeof(char *)*cert_size); + */ + uint8_t session_id[SSL_SESSION_ID_SIZE]; + int res; + + if((ssl_ctx = ssl_ctx_new(sslOptions, SSL_DEFAULT_CLNT_SESS)) == NULL) { + DBG("Error: Client context is invalid"); + finishOnError(); + } + + if((res = ssl_obj_memory_load(ssl_ctx,SSL_OBJ_X509_CACERT, default_certificate, default_certificate_len,NULL)) != SSL_OK) { + DBG("Error loading CA cert\r\n"); + } + + + // connnect modem to cellular network + DBG("connecting to mobile network"); + if(modem.connect(APN,APN_USERNAME,APN_PASSWORD)!=0) { + DBG("Error connecting to mobile network"); + finishOnError(); + } + DBG("Connected to mobile network"); + + + // connect to socket over which TLS will be spoken + int sockfd = NULL; + if(!connectToSocket("95.47.118.120", 4433, &sockfd)) { + DBG("Error connecting to socket"); + modem.disconnect(); + finishOnError(); + } + DBG("Connected to non-SSL socket"); + + ssl = ssl_client_new(ssl_ctx, sockfd, session_id,sizeof(session_id)); + if(ssl==NULL) { + DBG("SSL client is NULL"); + modem.disconnect(); + finishOnError(); + } + if((res = ssl_handshake_status(ssl)) != SSL_OK) { + DBG("Error conecting ssl client"); + modem.disconnect(); + finishOnError(); + } + const char *common_name = ssl_get_cert_dn(ssl,SSL_X509_CERT_COMMON_NAME); + if(common_name) { + printf("Server Common Name: %s\r\n", common_name); + } + + display_cipher(ssl); + + + + DBG("SSL connected ok"); + // verify cert + if((res=ssl_verify_cert(ssl))!= SSL_OK) { + DBG("Failed to verify certifcate\r\n"); + ssl_display_error(res); + modem.disconnect(); + finishOnError(); + } + + DBG("Server certificate verified\r\n"); + + ssl_write(ssl,"hello\r\n",7); + + // dump responses + uint8_t *read_buffer = NULL; + while(1) { + int bytesRead = ssl_read(ssl,&read_buffer); + if(bytesRead>0) { + DBG("GOT(%d): \"%s\"",bytesRead,read_buffer); + } else if(bytesRead==0) { + DBG("WARNING: TLS handshake incomplete"); + } else { + break; + } + Thread::wait(300); + } + + modem.disconnect(); + finishOnOK(); +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mbed-rtos.lib Mon May 13 18:18:37 2013 +0000 @@ -0,0 +1,1 @@ +http://mbed.org/users/mbed_official/code/mbed-rtos/#db1fc233faa9
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mbed.bld Mon May 13 18:18:37 2013 +0000 @@ -0,0 +1,1 @@ +http://mbed.org/users/mbed_official/code/mbed/builds/b3110cd2dd17 \ No newline at end of file