TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e12abf90cebd1837781a2b8feb8b4255ee8a72d2 / . / programs / x509 / cert_app.c
blob: 0c1fc006f8ed724d338f53489046d8d49a27a558 [file] [log] [blame]
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]1/*
2 * Certificate reading application
3 *
Manuel Pégourié-Gonnard0edee5e2015-01-26 15:29:40 +0000[diff] [blame]4 * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnarde12abf92015-01-28 17:13:45 +0000[diff] [blame^]6 * This file is part of mbed TLS (https://polarssl.org)
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]7 *
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
23#ifndef _CRT_SECURE_NO_DEPRECATE
24#define _CRT_SECURE_NO_DEPRECATE 1
25#endif
26
27#include <string.h>
28#include <stdlib.h>
29#include <stdio.h>
30
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]31#include "polarssl/config.h"
32
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]33#include "polarssl/entropy.h"
34#include "polarssl/ctr_drbg.h"
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]35#include "polarssl/net.h"
36#include "polarssl/ssl.h"
37#include "polarssl/x509.h"
38
39#define MODE_NONE 0
40#define MODE_FILE 1
41#define MODE_SSL 2
42
43#define DFL_MODE MODE_NONE
44#define DFL_FILENAME "cert.crt"
45#define DFL_SERVER_NAME "localhost"
46#define DFL_SERVER_PORT 4433
47#define DFL_DEBUG_LEVEL 0
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]48#define DFL_PERMISSIVE 0
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]49
50/*
51 * global options
52 */
53struct options
54{
55 int mode; /* the mode to run the application in */
Paul Bakkere0225e42013-06-06 12:52:24 +0200[diff] [blame]56 const char *filename; /* filename of the certificate file */
57 const char *server_name; /* hostname of the server (client only) */
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]58 int server_port; /* port on which the ssl service runs */
59 int debug_level; /* level of debugging */
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]60 int permissive; /* permissive parsing */
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]61} opt;
62
63void my_debug( void *ctx, int level, const char *str )
64{
65 if( level < opt.debug_level )
66 {
67 fprintf( (FILE *) ctx, "%s", str );
68 fflush( (FILE *) ctx );
69 }
70}
71
72#define USAGE \
73 "\n usage: cert_app param=<>...\n" \
74 "\n acceptable parameters:\n" \
75 " mode=file|ssl default: none\n" \
76 " filename=%%s default: cert.crt\n" \
77 " server_name=%%s default: localhost\n" \
78 " server_port=%%d default: 4433\n" \
79 " debug_level=%%d default: 0 (disabled)\n" \
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]80 " permissive=%%d default: 0 (disabled)\n" \
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]81 "\n"
82
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]83#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]84 !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
85 !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]86 !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) || \
87 !defined(POLARSSL_CTR_DRBG_C)
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]88int main( int argc, char *argv[] )
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]89{
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]90 ((void) argc);
91 ((void) argv);
92
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]93 printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]94 "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
95 "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]96 "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO and/or "
97 "POLARSSL_CTR_DRBG_C not defined.\n");
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]98 return( 0 );
99}
100#else
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]101int main( int argc, char *argv[] )
102{
103 int ret = 0, server_fd;
104 unsigned char buf[1024];
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]105 entropy_context entropy;
106 ctr_drbg_context ctr_drbg;
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]107 ssl_context ssl;
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]108 x509_cert clicert;
109 rsa_context rsa;
110 int i, j, n;
111 char *p, *q;
Paul Bakkere0225e42013-06-06 12:52:24 +0200[diff] [blame]112 const char *pers = "cert_app";
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]113
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]114 /*
115 * Set to sane values
116 */
117 server_fd = 0;
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]118 memset( &clicert, 0, sizeof( x509_cert ) );
119 memset( &rsa, 0, sizeof( rsa_context ) );
120
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]121 if( argc == 0 )
122 {
123 usage:
124 printf( USAGE );
125 goto exit;
126 }
127
128 opt.mode = DFL_MODE;
129 opt.filename = DFL_FILENAME;
130 opt.server_name = DFL_SERVER_NAME;
131 opt.server_port = DFL_SERVER_PORT;
132 opt.debug_level = DFL_DEBUG_LEVEL;
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]133 opt.permissive = DFL_PERMISSIVE;
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]134
135 for( i = 1; i < argc; i++ )
136 {
137 n = strlen( argv[i] );
138
139 for( j = 0; j < n; j++ )
140 {
141 if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
142 argv[i][j] |= 0x20;
143 }
144
145 p = argv[i];
146 if( ( q = strchr( p, '=' ) ) == NULL )
147 goto usage;
148 *q++ = '\0';
149
150 if( strcmp( p, "mode" ) == 0 )
151 {
152 if( strcmp( q, "file" ) == 0 )
153 opt.mode = MODE_FILE;
154 else if( strcmp( q, "ssl" ) == 0 )
155 opt.mode = MODE_SSL;
156 else
157 goto usage;
158 }
159 else if( strcmp( p, "filename" ) == 0 )
160 opt.filename = q;
161 else if( strcmp( p, "server_name" ) == 0 )
162 opt.server_name = q;
163 else if( strcmp( p, "server_port" ) == 0 )
164 {
165 opt.server_port = atoi( q );
166 if( opt.server_port < 1 || opt.server_port > 65535 )
167 goto usage;
168 }
169 else if( strcmp( p, "debug_level" ) == 0 )
170 {
171 opt.debug_level = atoi( q );
172 if( opt.debug_level < 0 || opt.debug_level > 65535 )
173 goto usage;
174 }
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000[diff] [blame]175 else if( strcmp( p, "permissive" ) == 0 )
176 {
177 opt.permissive = atoi( q );
178 if( opt.permissive < 0 || opt.permissive > 1 )
179 goto usage;
180 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]181 else
182 goto usage;
183 }
184
185 if( opt.mode == MODE_FILE )
186 {
187 x509_cert crt;
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]188 x509_cert *cur = &crt;
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]189 memset( &crt, 0, sizeof( x509_cert ) );
190
191 /*
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]192 * 1.1. Load the certificate(s)
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]193 */
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]194 printf( "\n . Loading the certificate(s) ..." );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]195 fflush( stdout );
196
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]197 ret = x509parse_crtfile( &crt, opt.filename );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]198
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]199 if( ret < 0 )
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]200 {
201 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
202 x509_free( &crt );
203 goto exit;
204 }
205
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]206 if( opt.permissive == 0 && ret > 0 )
207 {
208 printf( " failed\n ! x509parse_crt failed to parse %d certificates\n\n", ret );
209 x509_free( &crt );
210 goto exit;
211 }
212
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]213 printf( " ok\n" );
214
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]215
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]216 /*
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]217 * 1.2 Print the certificate(s)
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]218 */
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]219 while( cur != NULL )
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]220 {
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]221 printf( " . Peer certificate information ...\n" );
Paul Bakker5c356d62011-11-25 13:17:45 +0000[diff] [blame]222 ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", cur );
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]223 if( ret == -1 )
224 {
225 printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
226 x509_free( &crt );
227 goto exit;
228 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]229
Paul Bakker14cb63a2011-11-25 12:44:31 +0000[diff] [blame]230 printf( "%s\n", buf );
231
232 cur = cur->next;
233 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]234
235 x509_free( &crt );
236 }
237 else if( opt.mode == MODE_SSL )
238 {
239 /*
240 * 1. Initialize the RNG and the session data
241 */
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]242 printf( "\n . Seeding the random number generator..." );
243 fflush( stdout );
244
245 entropy_init( &entropy );
246 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakkere0225e42013-06-06 12:52:24 +0200[diff] [blame]247 (const unsigned char *) pers,
248 strlen( pers ) ) ) != 0 )
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]249 {
250 printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
251 goto exit;
252 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]253
254 /*
255 * 2. Start the connection
256 */
257 printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name,
258 opt.server_port );
259 fflush( stdout );
260
261 if( ( ret = net_connect( &server_fd, opt.server_name,
262 opt.server_port ) ) != 0 )
263 {
264 printf( " failed\n ! net_connect returned %d\n\n", ret );
265 goto exit;
266 }
267
268 /*
269 * 3. Setup stuff
270 */
271 if( ( ret = ssl_init( &ssl ) ) != 0 )
272 {
273 printf( " failed\n ! ssl_init returned %d\n\n", ret );
274 goto exit;
275 }
276
277 ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
278 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
279
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]280 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]281 ssl_set_dbg( &ssl, my_debug, stdout );
282 ssl_set_bio( &ssl, net_recv, &server_fd,
283 net_send, &server_fd );
284
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]285 ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]286
287 ssl_set_own_cert( &ssl, &clicert, &rsa );
288
289 ssl_set_hostname( &ssl, opt.server_name );
290
291 /*
292 * 4. Handshake
293 */
294 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
295 {
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]296 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]297 {
298 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
Paul Bakker9a736322012-11-14 12:39:52 +0000[diff] [blame]299 ssl_free( &ssl );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]300 goto exit;
301 }
302 }
303
304 printf( " ok\n" );
305
306 /*
307 * 5. Print the certificate
308 */
309 printf( " . Peer certificate information ...\n" );
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]310 ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
311 ssl.session->peer_cert );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]312 if( ret == -1 )
313 {
314 printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
Paul Bakker9a736322012-11-14 12:39:52 +0000[diff] [blame]315 ssl_free( &ssl );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]316 goto exit;
317 }
318
319 printf( "%s\n", buf );
320
321 ssl_close_notify( &ssl );
Paul Bakker9a736322012-11-14 12:39:52 +0000[diff] [blame]322 ssl_free( &ssl );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]323 }
324 else
325 goto usage;
326
327exit:
328
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]329 if( server_fd )
330 net_close( server_fd );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]331 x509_free( &clicert );
332 rsa_free( &rsa );
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]333
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]334#if defined(_WIN32)
Paul Bakker4fc45522010-03-18 20:11:58 +0000[diff] [blame]335 printf( " + Press Enter to exit this program.\n" );
336 fflush( stdout ); getchar();
337#endif
338
339 return( ret );
340}
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]341#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]342 POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]343 POLARSSL_X509_PARSE_C && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */