Example TLS client with wolfSSL, with cert
Dependencies: EthernetInterface NTPClient SDFileSystem mbed-rtos mbed wolfSSL
Revision 2:53d82dd5e556, committed 2015-07-20
- Comitter:
- wolfSSL
- Date:
- Mon Jul 20 08:39:55 2015 +0000
- Parent:
- 1:29638701a63a
- Child:
- 3:25d42ccf2f12
- Commit message:
- client-tls
Changed in this revision
client-tls.cpp | Show annotated file Show diff for this revision Revisions of this file |
--- a/client-tls.cpp Mon Jul 20 08:30:39 2015 +0000 +++ b/client-tls.cpp Mon Jul 20 08:39:55 2015 +0000 @@ -21,12 +21,30 @@ #include "mbed.h" #include "EthernetInterface.h" +#include "SDFileSystem.h" #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <wolfssl/ssl.h> /* wolfSSL security library */ +#include <user_settings.h> #define MAXDATASIZE (1024*4) +#ifndef WOLFSSL_NO_VERIFYSERVER +SDFileSystem sdCard(PTE3, PTE1, PTE2, PTE4, "sd"); +const char* cert = "/sd/cert-file.crt"; +#endif + +static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock) +{ + return ((TCPSocketConnection *)sock)->receive(buf, sz) ; +} + +static int SocketSend(WOLFSSL* ssl, char *buf, int sz, void *sock) +{ + return ((TCPSocketConnection *)sock)->send(buf, sz); +} + static int getline(char *prompt, char *buff, int size) { int sz ; @@ -71,7 +89,7 @@ /* * clients initial contact with server. Socket to connect to: sock */ - int ClientGreet(TCPSocketConnection *socket) + int ClientGreet(TCPSocketConnection *socket, WOLFSSL *ssl) { /* data to send to the server, data recieved from the server */ char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0}; @@ -79,14 +97,18 @@ ret = getline("Message for server: ", sendBuff, MAXDATASIZE); printf("Send[%d]:\n%s\n", ret, sendBuff) ; - if ((ret = socket->send(sendBuff, strlen(sendBuff)-1)) < 0) { - printf("Send error: %i", ret); + if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) < 0) { + /* the message is not able to send, or error trying */ + ret = wolfSSL_get_error(ssl, 0); + printf("Write error: Error: %i\n", ret); return EXIT_FAILURE; } printf("Recieved:\n"); while(1) { - if ((ret = socket->receive(rcvBuff, sizeof(rcvBuff)-1)) < 0) { + if ((ret = wolfSSL_read(ssl, rcvBuff, sizeof(rcvBuff))) < 0) { if(ret == 0)break ; + /* the server failed to send data, or error trying */ + ret = wolfSSL_get_error(ssl, 0); printf("Read error. Error: %i\n", ret); return EXIT_FAILURE; } @@ -99,6 +121,51 @@ return ret; } + +/* + * applies TLS 1.2 security layer to data being sent. + */ +int Security(TCPSocketConnection *socket) +{ + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; /* create WOLFSSL object */ + int ret = 0; + + /* create and initiLize WOLFSSL_CTX structure */ + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { + printf("SSL_CTX_new error.\n"); + return EXIT_FAILURE; + } + + wolfSSL_SetIORecv(ctx, SocketReceive) ; + wolfSSL_SetIOSend(ctx, SocketSend) ; + + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); + + if ((ssl = wolfSSL_new(ctx)) == NULL) { + printf("wolfSSL_new error.\n"); + return EXIT_FAILURE; + } + + wolfSSL_SetIOReadCtx(ssl, (void *)socket) ; + wolfSSL_SetIOWriteCtx(ssl, (void *)socket) ; + + ret = wolfSSL_connect(ssl); + if (ret == SSL_SUCCESS) { + printf("TLS Connected\n") ; + ret = ClientGreet(socket, ssl); + } else { + ret = wolfSSL_get_error(ssl, 0); + printf("TLS Connect error. Error: %i\n", ret); + } + /* frees all data before client termination */ + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + wolfSSL_Cleanup(); + + return ret; +} + /* * command line argumentCount and argumentValues */ @@ -110,6 +177,7 @@ EthernetInterface eth; TCPSocketConnection socket; + wolfSSL_Init(); /* initialize wolfSSL */ eth.init(); //Use DHCP eth.connect(); printf("Client Addr: %s\n", eth.getIPAddress()); @@ -123,7 +191,7 @@ } printf("TCP Connected\n") ; - ClientGreet(&socket); + Security(&socket); return ; }