1 //******************************************************************
3 // Copyright 2016 Samsung Electronics All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
21 #include "gtest/gtest.h"
24 #define CAcloseSslConnection CAcloseSslConnectionTest
25 #define CAdecryptSsl CAdecryptSslTest
26 #define CAdeinitSslAdapter CAdeinitSslAdapterTest
27 #define CAencryptSsl CAencryptSslTest
28 #define CAinitSslAdapter CAinitSslAdapterTest
29 #define CAinitiateSslHandshake CAinitiateSslHandshakeTest
30 #define CAsetCredentialTypesCallback CAsetCredentialTypesCallbackTest
31 #define CAsetSslAdapterCallbacks CAsetSslAdapterCallbacksTest
32 #define CAsetSslHandshakeCallback CAsetSslHandshakeCallbackTest
33 #define CAsetTlsCipherSuite CAsetTlsCipherSuiteTest
34 #define CAsslGenerateOwnerPsk CAsslGenerateOwnerPskTest
36 #include "../src/adapter_util/ca_adapter_net_ssl.c"
47 #ifdef HAVE_SYS_TYPES_H
48 #include <sys/types.h>
50 #ifdef HAVE_SYS_SOCKET_H
51 #include <sys/socket.h>
53 #ifdef HAVE_NETINET_IN_H
54 #include <netinet/in.h>
61 #include "../../../../c_common/windows/include/pthread_create.h"
65 /** @todo stop-gap for naming issue. Windows.h does not like us to use ERROR */
69 #endif //HAVE_WINDOWS_H
70 #include "platform_features.h"
73 #define MBED_TLS_DEBUG_LEVEL (4) // Verbose
75 #define SEED "PREDICTED_SEED"
76 #define dummyHandler 0xF123
78 #define SERVER_PORT 4433
79 #define SERVER_NAME "localhost"
80 #define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
82 /* **************************
88 * *************************/
90 unsigned char serverCert[] = {
91 0x30, 0x82, 0x02, 0x39, 0x30, 0x82, 0x01, 0xdf, 0x02, 0x01, 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a,
92 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x7c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
93 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
94 0x09, 0x53, 0x6f, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03,
95 0x55, 0x04, 0x07, 0x0c, 0x08, 0x53, 0x6f, 0x6d, 0x65, 0x63, 0x69, 0x74, 0x79, 0x31, 0x0b, 0x30,
96 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x42, 0x42, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03,
97 0x55, 0x04, 0x0b, 0x0c, 0x0d, 0x53, 0x65, 0x71, 0x75, 0x72, 0x69, 0x74, 0x79, 0x20, 0x50, 0x61,
98 0x72, 0x74, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x6f, 0x62, 0x31,
99 0x14, 0x30, 0x12, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x05,
100 0x6f, 0x62, 0x40, 0x62, 0x62, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x35, 0x31,
101 0x33, 0x31, 0x31, 0x31, 0x37, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x35, 0x31, 0x32, 0x31, 0x33,
102 0x31, 0x31, 0x31, 0x37, 0x5a, 0x30, 0x81, 0xd4, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
103 0x06, 0x13, 0x02, 0x55, 0x41, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x03,
104 0x41, 0x73, 0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x06, 0x47, 0x6f,
105 0x74, 0x68, 0x61, 0x6d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x5a,
106 0x5a, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x42, 0x65, 0x61, 0x6d,
107 0x54, 0x65, 0x61, 0x6d, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
108 0x01, 0x09, 0x01, 0x16, 0x0d, 0x72, 0x61, 0x69, 0x6c, 0x40, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63,
109 0x6f, 0x6d, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x29, 0x75, 0x75, 0x69,
110 0x64, 0x3a, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x2d, 0x33, 0x32, 0x33, 0x32, 0x2d,
111 0x33, 0x32, 0x33, 0x32, 0x2d, 0x33, 0x32, 0x33, 0x32, 0x2d, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32,
112 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x31, 0x34, 0x30, 0x32, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x0c,
113 0x2b, 0x75, 0x73, 0x65, 0x72, 0x69, 0x64, 0x3a, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37,
114 0x2d, 0x36, 0x37, 0x36, 0x37, 0x2d, 0x36, 0x37, 0x36, 0x37, 0x2d, 0x36, 0x37, 0x36, 0x37, 0x2d,
115 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x30, 0x59, 0x30, 0x13,
116 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
117 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xf7, 0x13, 0x5c, 0x73, 0x72, 0xce, 0x10, 0xe5, 0x09,
118 0x97, 0x9a, 0xf8, 0xf2, 0x70, 0xa6, 0x3d, 0x89, 0xf5, 0xc5, 0xe4, 0x44, 0xe2, 0x4a, 0xb6, 0x61,
119 0xa8, 0x12, 0x8d, 0xb4, 0xdc, 0x2b, 0x47, 0x84, 0x60, 0x0c, 0x25, 0x66, 0xe9, 0xe0, 0xe5, 0xac,
120 0x22, 0xbf, 0x15, 0xdc, 0x71, 0xb1, 0x88, 0x4f, 0x16, 0xbf, 0xc2, 0x77, 0x37, 0x76, 0x3f, 0xe0,
121 0x67, 0xc6, 0x1d, 0x23, 0xfe, 0x7c, 0x8b, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
122 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x47, 0xcc, 0x41, 0x8a, 0x27, 0xc7,
123 0xd0, 0xaa, 0xb4, 0xab, 0x85, 0xbf, 0x09, 0x4d, 0x06, 0xd7, 0x7e, 0x0d, 0x39, 0xf9, 0x36, 0xa1,
124 0x3d, 0x96, 0x23, 0xe2, 0x24, 0x64, 0x98, 0x63, 0x21, 0xba, 0x02, 0x21, 0x00, 0xe5, 0x8f, 0x7f,
125 0xf1, 0xa6, 0x82, 0x03, 0x6a, 0x18, 0x7a, 0x54, 0xe7, 0x0e, 0x25, 0x77, 0xd8, 0x46, 0xfa, 0x96,
126 0x8a, 0x7e, 0x14, 0xc4, 0xcb, 0x21, 0x32, 0x3e, 0x89, 0xd9, 0xba, 0x8c, 0x3f
128 int serverCertLen = sizeof(serverCert);
130 unsigned char serverPrivateKey[] = {
131 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x02, 0x51, 0xb5, 0x97, 0xb9, 0xe9, 0xd8, 0x8d, 0x66,
132 0x2b, 0x8a, 0xb3, 0x9c, 0x6a, 0xd2, 0xca, 0x18, 0x21, 0xb9, 0x87, 0x3d, 0xf5, 0x8e, 0xa2, 0x8d,
133 0x38, 0xf6, 0xb7, 0xd2, 0x76, 0x74, 0x99, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
134 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xf7, 0x13, 0x5c, 0x73, 0x72, 0xce, 0x10,
135 0xe5, 0x09, 0x97, 0x9a, 0xf8, 0xf2, 0x70, 0xa6, 0x3d, 0x89, 0xf5, 0xc5, 0xe4, 0x44, 0xe2, 0x4a,
136 0xb6, 0x61, 0xa8, 0x12, 0x8d, 0xb4, 0xdc, 0x2b, 0x47, 0x84, 0x60, 0x0c, 0x25, 0x66, 0xe9, 0xe0,
137 0xe5, 0xac, 0x22, 0xbf, 0x15, 0xdc, 0x71, 0xb1, 0x88, 0x4f, 0x16, 0xbf, 0xc2, 0x77, 0x37, 0x76,
138 0x3f, 0xe0, 0x67, 0xc6, 0x1d, 0x23, 0xfe, 0x7c, 0x8b
141 int serverPrivateKeyLen = sizeof(serverPrivateKey);
143 unsigned char caCert[] = {
144 0x30, 0x82, 0x02, 0x3e, 0x30, 0x82, 0x01, 0xe5, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
145 0x87, 0xa7, 0x68, 0x01, 0x7c, 0xe9, 0xf8, 0xf0, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
146 0x3d, 0x04, 0x03, 0x02, 0x30, 0x7c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
147 0x02, 0x55, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x09, 0x53, 0x6f,
148 0x6d, 0x65, 0x73, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07,
149 0x0c, 0x08, 0x53, 0x6f, 0x6d, 0x65, 0x63, 0x69, 0x74, 0x79, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
150 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x42, 0x42, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0b,
151 0x0c, 0x0d, 0x53, 0x65, 0x71, 0x75, 0x72, 0x69, 0x74, 0x79, 0x20, 0x50, 0x61, 0x72, 0x74, 0x31,
152 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x6f, 0x62, 0x31, 0x14, 0x30, 0x12,
153 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x05, 0x6f, 0x62, 0x40,
154 0x62, 0x62, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37, 0x32, 0x35, 0x31, 0x31, 0x31, 0x36,
155 0x31, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x35, 0x31, 0x35, 0x31, 0x31, 0x31, 0x36, 0x31,
156 0x31, 0x5a, 0x30, 0x7c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
157 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x09, 0x53, 0x6f, 0x6d, 0x65,
158 0x73, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x08,
159 0x53, 0x6f, 0x6d, 0x65, 0x63, 0x69, 0x74, 0x79, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
160 0x0a, 0x0c, 0x02, 0x42, 0x42, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0d,
161 0x53, 0x65, 0x71, 0x75, 0x72, 0x69, 0x74, 0x79, 0x20, 0x50, 0x61, 0x72, 0x74, 0x31, 0x0b, 0x30,
162 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x6f, 0x62, 0x31, 0x14, 0x30, 0x12, 0x06, 0x09,
163 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x05, 0x6f, 0x62, 0x40, 0x62, 0x62,
164 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
165 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x2e, 0xcf, 0xc3, 0xfa, 0x2e,
166 0x04, 0x11, 0x62, 0x34, 0x63, 0x6f, 0xdf, 0xb6, 0x67, 0xfb, 0x5a, 0x50, 0x8c, 0x15, 0x73, 0xc9,
167 0xc1, 0x57, 0x3a, 0x9e, 0xf8, 0xf4, 0xa8, 0x0c, 0x1a, 0xe9, 0x91, 0x51, 0x9d, 0x03, 0x26, 0x48,
168 0xaa, 0x46, 0x84, 0x12, 0x06, 0x2d, 0xfc, 0x66, 0xbe, 0x41, 0xed, 0xfd, 0xcd, 0x32, 0xa3, 0x9b,
169 0x34, 0xf2, 0xaa, 0x95, 0x1f, 0x8e, 0x5d, 0x49, 0x77, 0x80, 0xc2, 0xa3, 0x50, 0x30, 0x4e, 0x30,
170 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x1e, 0x81, 0xc3, 0x62, 0xff, 0x8c,
171 0x5a, 0x98, 0x90, 0xac, 0x2c, 0xc3, 0x65, 0xb9, 0x3f, 0x8f, 0x04, 0x55, 0xfa, 0x7c, 0x30, 0x1f,
172 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x81, 0xc3, 0x62, 0xff,
173 0x8c, 0x5a, 0x98, 0x90, 0xac, 0x2c, 0xc3, 0x65, 0xb9, 0x3f, 0x8f, 0x04, 0x55, 0xfa, 0x7c, 0x30,
174 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, 0x06,
175 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20,
176 0x1c, 0xa1, 0x55, 0xa8, 0x04, 0xbc, 0x5b, 0x00, 0xa8, 0xac, 0x2f, 0xe6, 0xb7, 0x3c, 0x7c, 0xf3,
177 0x7e, 0x93, 0xce, 0xe0, 0xdf, 0x6e, 0x36, 0xe4, 0x36, 0x20, 0xcb, 0x36, 0x9c, 0x13, 0x3b, 0xc4,
178 0x02, 0x20, 0x7f, 0x18, 0x13, 0x7d, 0x1b, 0x8c, 0xe3, 0x5b, 0xd9, 0xac, 0x74, 0x8c, 0xc0, 0xe9,
179 0xbf, 0x1b, 0x48, 0x6f, 0xb6, 0x6a, 0x45, 0x03, 0xa6, 0x5d, 0x4d, 0x65, 0xf7, 0x96, 0xa0, 0x08,
182 int caCertLen = sizeof(caCert);
184 unsigned char control_server_message[] = {
185 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
186 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
187 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
188 0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65,
189 0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20,
190 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63,
191 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
192 0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
193 0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
194 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x43, 0x4d, 0x2d, 0x38, 0x3c, 0x2f, 0x70, 0x3e, 0x0d,
197 int control_server_message_len = sizeof(control_server_message);
199 unsigned char control_client_message[] = {
200 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x0d, 0x0a,
203 int control_client_message_len = sizeof(control_client_message);
205 unsigned char caTrustedCrl[] = {
206 0x30, 0x82, 0x03, 0x11, 0x30, 0x82, 0x01, 0xf9, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
207 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x49, 0x31, 0x0b, 0x30, 0x09,
208 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
209 0x04, 0x0a, 0x13, 0x0a, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x25,
210 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20,
211 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
212 0x74, 0x79, 0x20, 0x47, 0x32, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x32, 0x35, 0x30, 0x31, 0x30,
213 0x30, 0x30, 0x33, 0x5a, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x39, 0x30, 0x34, 0x30, 0x31, 0x30, 0x30,
214 0x30, 0x33, 0x5a, 0x30, 0x82, 0x01, 0x48, 0x30, 0x27, 0x02, 0x08, 0x40, 0x3a, 0x89, 0xa6, 0xdf,
215 0x4c, 0xfc, 0xab, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x30, 0x37, 0x34,
216 0x37, 0x5a, 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x15, 0x04, 0x03, 0x0a, 0x01, 0x03,
217 0x30, 0x27, 0x02, 0x08, 0x37, 0x7a, 0xe3, 0xb0, 0x9d, 0x40, 0xe5, 0x42, 0x17, 0x0d, 0x31, 0x35,
218 0x31, 0x30, 0x30, 0x32, 0x31, 0x30, 0x32, 0x33, 0x32, 0x32, 0x5a, 0x30, 0x0c, 0x30, 0x0a, 0x06,
219 0x03, 0x55, 0x1d, 0x15, 0x04, 0x03, 0x0a, 0x01, 0x01, 0x30, 0x27, 0x02, 0x08, 0x59, 0x14, 0xab,
220 0x0a, 0x4c, 0xf7, 0xa1, 0xff, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x36, 0x32, 0x31, 0x34,
221 0x34, 0x31, 0x32, 0x5a, 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x15, 0x04, 0x03, 0x0a,
222 0x01, 0x01, 0x30, 0x27, 0x02, 0x08, 0x6e, 0x8f, 0xb3, 0x78, 0x8f, 0x54, 0x15, 0xbb, 0x17, 0x0d,
223 0x31, 0x36, 0x30, 0x38, 0x31, 0x36, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x5a, 0x30, 0x0c, 0x30,
224 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x15, 0x04, 0x03, 0x0a, 0x01, 0x01, 0x30, 0x27, 0x02, 0x08, 0x23,
225 0x8a, 0x26, 0xd7, 0x52, 0xe4, 0xc2, 0x59, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x34, 0x31, 0x35, 0x31,
226 0x35, 0x30, 0x30, 0x32, 0x31, 0x5a, 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x15, 0x04,
227 0x03, 0x0a, 0x01, 0x03, 0x30, 0x27, 0x02, 0x08, 0x75, 0xdd, 0xb5, 0xf7, 0x03, 0x75, 0x0e, 0x96,
228 0x17, 0x0d, 0x31, 0x36, 0x30, 0x36, 0x30, 0x38, 0x30, 0x39, 0x35, 0x32, 0x34, 0x37, 0x5a, 0x30,
229 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x15, 0x04, 0x03, 0x0a, 0x01, 0x05, 0x30, 0x27, 0x02,
230 0x08, 0x79, 0x61, 0xde, 0x97, 0x96, 0x20, 0x31, 0x87, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x36, 0x31,
231 0x35, 0x31, 0x33, 0x33, 0x34, 0x31, 0x36, 0x5a, 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d,
232 0x15, 0x04, 0x03, 0x0a, 0x01, 0x05, 0x30, 0x27, 0x02, 0x08, 0x01, 0x48, 0x71, 0x3e, 0xaf, 0xd9,
233 0x26, 0x62, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x34, 0x31, 0x35, 0x31, 0x35, 0x30, 0x34, 0x34, 0x34,
234 0x5a, 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x15, 0x04, 0x03, 0x0a, 0x01, 0x03, 0xa0,
235 0x30, 0x30, 0x2e, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
236 0x4a, 0xdd, 0x06, 0x16, 0x1b, 0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6, 0xbb, 0x62, 0x1a,
237 0xba, 0x5a, 0x81, 0x2f, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x14, 0x04, 0x04, 0x02, 0x02, 0x04,
238 0xd1, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
239 0x03, 0x82, 0x01, 0x01, 0x00, 0x49, 0x3d, 0xd3, 0xc0, 0x71, 0x14, 0xf8, 0x55, 0xec, 0x53, 0xeb,
240 0xd9, 0xcd, 0x92, 0xe9, 0x87, 0xd9, 0x85, 0x6f, 0x67, 0x33, 0x8f, 0x72, 0x5f, 0x98, 0x46, 0x6d,
241 0x84, 0xb5, 0x4f, 0xc0, 0x85, 0x11, 0x48, 0xb0, 0x11, 0x46, 0x27, 0xb7, 0x4c, 0x7a, 0x4c, 0xf2,
242 0x6e, 0x24, 0x99, 0xa7, 0xe1, 0xb1, 0x48, 0x86, 0x84, 0x5d, 0xab, 0x27, 0x3a, 0xc4, 0xc3, 0xe5,
243 0x41, 0xa9, 0x4c, 0x30, 0x96, 0x74, 0x8b, 0xca, 0x79, 0x69, 0x8d, 0x9d, 0x9b, 0xea, 0xe3, 0x0e,
244 0x1a, 0x8c, 0xa2, 0x85, 0x1c, 0x87, 0x5d, 0x3b, 0x59, 0x93, 0x54, 0x3b, 0xba, 0x9b, 0x73, 0x91,
245 0x20, 0x72, 0xa6, 0x82, 0x72, 0x0a, 0xb2, 0xe1, 0xc8, 0xfe, 0xcd, 0x18, 0x38, 0x51, 0x36, 0xcf,
246 0x92, 0x0d, 0x35, 0x3d, 0x53, 0xfb, 0xed, 0x0d, 0x53, 0x1d, 0xa3, 0xa1, 0xe8, 0x49, 0x3c, 0x00,
247 0x62, 0xf9, 0xa7, 0x5b, 0x8b, 0x2f, 0x19, 0x84, 0x9d, 0x58, 0x96, 0x69, 0x3b, 0xd5, 0x1c, 0x14,
248 0x15, 0xb3, 0x2f, 0xb0, 0x4e, 0xb6, 0x81, 0xe9, 0x89, 0x15, 0xbf, 0xac, 0xca, 0xc6, 0xf7, 0x53,
249 0xfd, 0x3e, 0xde, 0x83, 0xb8, 0x3f, 0x66, 0xb2, 0x59, 0xaa, 0x20, 0x6b, 0x3c, 0xb0, 0x22, 0x05,
250 0x90, 0x30, 0xdc, 0x59, 0x81, 0x60, 0xbf, 0xd4, 0x77, 0xf4, 0xd7, 0xb6, 0xb4, 0xe5, 0x4c, 0xcf,
251 0xb9, 0x27, 0x9d, 0xe0, 0xd1, 0x5c, 0xea, 0x31, 0xc1, 0x54, 0x42, 0x4a, 0xab, 0xff, 0x33, 0xc6,
252 0x9a, 0xfb, 0xac, 0x47, 0x92, 0xe3, 0xfe, 0x35, 0xaa, 0xbc, 0xa6, 0x2f, 0x6c, 0xd3, 0xf0, 0xe7,
253 0xc4, 0x02, 0x1e, 0x67, 0x94, 0x47, 0x27, 0x8e, 0xbb, 0x91, 0xb7, 0xab, 0x95, 0x04, 0xdd, 0x89,
254 0x41, 0x4e, 0x87, 0xfd, 0xf5, 0x8a, 0x1b, 0x24, 0xf4, 0x3c, 0x41, 0xa2, 0xb0, 0xda, 0x27, 0xbb,
255 0x8b, 0x5b, 0xd2, 0xf9, 0x6a
258 static void error(const char *msg)
264 static int sockfd, newsockfd;
266 static void socketConnect()
269 struct sockaddr_in serv_addr;
270 struct hostent *server;
272 portno = SERVER_PORT;
273 sockfd = socket(AF_INET, SOCK_STREAM, 0);
275 error("ERROR opening socket");
276 server = gethostbyname(SERVER_NAME);
277 if (server == NULL) {
278 fprintf(stderr,"ERROR, no such host\n");
281 //memset((char *) &serv_addr, sizeof(serv_addr));
282 memset((void*)&serv_addr, 0, sizeof(serv_addr));
283 serv_addr.sin_family = AF_INET;
284 memcpy((char *)server->h_addr,
285 (char *)&serv_addr.sin_addr.s_addr,
287 serv_addr.sin_port = htons(portno);
288 if (connect(sockfd,(struct sockaddr *) &serv_addr,sizeof(serv_addr)) < 0)
289 error("ERROR connecting");
292 static void CATCPPacketSendCB(CAEndpoint_t *, const void *buf, uint32_t buflen)
295 n = write(sockfd, buf, buflen);
297 error("ERROR writing to socket");
300 char msg[256] = {0}; int msglen = 0;
301 static void CATCPPacketReceivedCB(const CASecureEndpoint_t *, const void *data, uint32_t dataLength)
303 memcpy(msg, data, dataLength);
307 static void PacketReceive(unsigned char *data, int * datalen)
310 char buffer[2048] = {'\0'};
311 n = read(sockfd, buffer, 5);
312 if ((buffer[0] == 0x16 || buffer[0] == 0x14 || buffer[0] == 0x17 || buffer[0] == 0x15)
313 && buffer[1] == 0x03 && buffer[2] == 0x03)
315 int tlslen = (unsigned char)buffer[3] * 0x100 + (unsigned char)buffer[4];
316 n = read(sockfd, buffer + 5, tlslen);
320 error("ERROR reading from socket");
323 memcpy(data, buffer, *datalen);
326 static void socketClose()
331 static void infoCallback_that_loads_x509(PkiInfo_t * inf)
333 inf->crt.data = (uint8_t*)serverCert;
334 inf->crt.len = sizeof(serverCert);
335 inf->key.data = (uint8_t*)serverPrivateKey;
336 inf->key.len = sizeof(serverPrivateKey);
337 inf->ca.data = (uint8_t*)caCert;
338 inf->ca.len = sizeof(caCert);
339 inf->crl.data = (uint8_t*)caTrustedCrl;
340 inf->crl.len = sizeof(caTrustedCrl);
343 static void socketOpen_server()
346 struct sockaddr_in serv_addr, cli_addr;
349 portno = SERVER_PORT;
350 sockfd = socket(AF_INET, SOCK_STREAM, 0);
352 error("\nERROR opening socket");
353 //bzero((char *) &serv_addr, sizeof(serv_addr));
354 memset((void*)&serv_addr, 0, sizeof(serv_addr));
355 serv_addr.sin_family = AF_INET;
356 serv_addr.sin_addr.s_addr = INADDR_ANY;
357 serv_addr.sin_port = htons(portno);
358 if (bind(sockfd, (struct sockaddr *) &serv_addr,
359 sizeof(serv_addr)) < 0)
360 error("\nERROR on binding");
362 clilen = sizeof(cli_addr);
363 newsockfd = accept(sockfd,
364 (struct sockaddr *) &cli_addr,
367 error("\nERROR on accept");
370 static void CATCPPacketSendCB_server(CAEndpoint_t *, const void *buf, uint32_t buflen)
373 n = write(newsockfd,buf,buflen);
375 error("ERROR writing to socket");
378 static void CATCPPacketReceivedCB_server(const CASecureEndpoint_t *, const void *data, uint32_t dataLength)
380 memcpy(msg, data, dataLength);
383 static void PacketReceive_server(unsigned char *data, int * datalen)
386 char buffer[2048] = {'\0'};
387 n = read(newsockfd, buffer, 5);
389 if (buffer[0] == 0x16 || buffer[0] == 0x14 || buffer[0] == 0x17 || buffer[0] == 0x15)
391 int tlslen = (unsigned char)buffer[3] * 0x100 + (unsigned char)buffer[4];
392 n = read(newsockfd, buffer + 5, tlslen);
396 error("\nERROR reading from socket");
399 memcpy(data, buffer, *datalen);
402 static void socketClose_server()
408 static void clutch(bool * list)
413 const unsigned char IDENTITY[] = ("6767676767676767");
414 const unsigned char RS_CLIENT_PSK[] = ("AAAAAAAAAAAAAAAA");
415 static int32_t GetDtlsPskCredentials( CADtlsPskCredType_t,
416 const unsigned char *, size_t,
417 unsigned char *result, size_t)
425 memcpy(result, IDENTITY, sizeof(IDENTITY));
426 ret = sizeof(IDENTITY);
431 /* **************************
434 * MbedTLS client routine
437 * *************************/
439 #if !defined(MBEDTLS_CONFIG_FILE)
440 #include "mbedtls/config.h"
442 #include MBEDTLS_CONFIG_FILE
445 #if defined(MBEDTLS_PLATFORM_C)
446 #include "mbedtls/platform.h"
450 #define mbedtls_fprintf fprintf
451 #define mbedtls_printf printf
454 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
455 !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
456 !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
457 !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
458 !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
459 static int client( void )
461 mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
462 "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
463 "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
464 "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
470 #include "mbedtls/net.h"
471 #include "mbedtls/debug.h"
472 #include "mbedtls/ssl.h"
473 #include "mbedtls/entropy.h"
474 #include "mbedtls/ctr_drbg.h"
475 #include "mbedtls/error.h"
476 #include "mbedtls/certs.h"
480 #define DEBUG_LEVEL (0)
482 static void my_debug_client( void *ctx, int level,
483 const char *file, int line,
488 mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
489 fflush( (FILE *) ctx );
492 static void * client(void *)
495 mbedtls_net_context server_fd;
497 unsigned char buf[1024];
498 const char *pers = "ssl_client1";
500 mbedtls_entropy_context entropy;
501 mbedtls_ctr_drbg_context ctr_drbg;
502 mbedtls_ssl_context ssl;
503 mbedtls_ssl_config conf;
504 mbedtls_x509_crt cacert;
505 mbedtls_x509_crt owncert;
506 mbedtls_pk_context pkey;
509 * 0. Initialize the RNG and the session data
511 mbedtls_net_init( &server_fd );
512 mbedtls_ssl_init( &ssl );
513 mbedtls_ssl_config_init( &conf );
514 mbedtls_x509_crt_init( &cacert );
515 mbedtls_ctr_drbg_init( &ctr_drbg );
516 mbedtls_pk_init( &pkey );
518 mbedtls_printf( "\n . Seeding the random number generator..." );
521 mbedtls_entropy_init( &entropy );
522 if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
523 (const unsigned char *) pers,
524 strlen( pers ) ) ) != 0 )
526 mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
530 mbedtls_printf( " ok\n" );
533 * 0. Initialize certificates
535 mbedtls_printf( " . Loading the CA root certificate ..." );
537 ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) caCert, caCertLen );
540 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse caCert returned -0x%x\n\n", -ret );
543 ret = mbedtls_x509_crt_parse( &owncert, (const unsigned char *) serverCert, serverCertLen );
546 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse serverCert returned -0x%x\n\n", -ret );
549 ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) serverPrivateKey,
550 serverPrivateKeyLen, NULL, 0 );
553 mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret );
557 mbedtls_printf( " ok (%d skipped)\n", ret );
560 * 1. Start the connection
562 mbedtls_printf( " . Connecting to tcp/%s/%s...", SERVER_NAME, "SERVER_PORT" );
565 if( ( ret = mbedtls_net_connect( &server_fd, "127.0.0.1",
566 "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
568 mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
572 mbedtls_printf( " ok\n" );
577 mbedtls_printf( " . Setting up the SSL/TLS structure..." );
580 if( ( ret = mbedtls_ssl_config_defaults( &conf,
581 MBEDTLS_SSL_IS_CLIENT,
582 MBEDTLS_SSL_TRANSPORT_STREAM,
583 MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
585 mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
589 mbedtls_printf( " ok\n" );
591 /* OPTIONAL is not optimal for security,
592 * but makes interop easier in this simplified example */
593 mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
594 mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
595 mbedtls_ssl_conf_own_cert( &conf, &owncert, &pkey );
596 mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
597 mbedtls_ssl_conf_dbg( &conf, my_debug_client, stdout );
599 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
601 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
605 if( ( ret = mbedtls_ssl_set_hostname( &ssl, "mbed TLS Server 1" ) ) != 0 )
607 mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
611 mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
616 mbedtls_printf( " . Performing the SSL/TLS handshake..." );
619 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
621 if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
623 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
628 mbedtls_printf( " ok\n" );
631 * 5. Verify the server certificate
633 mbedtls_printf( " . Verifying peer X.509 certificate..." );
635 /* In real life, we probably want to bail out when ret != 0 */
636 if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
640 mbedtls_printf( " failed\n" );
642 mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
644 mbedtls_printf( "%s\n", vrfy_buf );
647 mbedtls_printf( " ok\n" );
650 * 3. Write the GET request
652 mbedtls_printf( " > Write to server:" );
655 len = sprintf( (char *) buf, GET_REQUEST );
657 while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
659 if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
661 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
667 mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf );
670 * 7. Read the HTTP response
672 mbedtls_printf( " < Read from server:" );
677 len = sizeof( buf ) - 1;
678 memset( buf, 0, sizeof( buf ) );
679 ret = mbedtls_ssl_read( &ssl, buf, len );
681 if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
684 if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
689 mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret );
695 mbedtls_printf( "\n\nEOF\n\n" );
700 mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
704 mbedtls_ssl_close_notify( &ssl );
708 #ifdef MBEDTLS_ERROR_C
712 mbedtls_strerror( ret, error_buf, 100 );
713 mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
717 mbedtls_net_free( &server_fd );
719 mbedtls_x509_crt_free( &cacert );
720 mbedtls_ssl_free( &ssl );
721 mbedtls_ssl_config_free( &conf );
722 mbedtls_ctr_drbg_free( &ctr_drbg );
723 mbedtls_entropy_free( &entropy );
727 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
728 MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
729 MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C &&
730 MBEDTLS_X509_CRT_PARSE_C */
732 /* **************************
735 * MbedTLS server routine
738 * *************************/
740 #if !defined(MBEDTLS_CONFIG_FILE)
741 #include "mbedtls/config.h"
743 #include MBEDTLS_CONFIG_FILE
746 #if defined(MBEDTLS_PLATFORM_C)
747 #include "mbedtls/platform.h"
751 #define mbedtls_fprintf fprintf
752 #define mbedtls_printf printf
755 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
756 !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
757 !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
758 !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
759 !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
760 !defined(MBEDTLS_PEM_PARSE_C)
761 /* int */void * server( void )
763 mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
764 "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
765 "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
766 "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
767 "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
775 #include "mbedtls/entropy.h"
776 #include "mbedtls/ctr_drbg.h"
777 #include "mbedtls/certs.h"
778 #include "mbedtls/x509.h"
779 #include "mbedtls/ssl.h"
780 #include "mbedtls/net.h"
781 #include "mbedtls/error.h"
782 #include "mbedtls/debug.h"
784 #if defined(MBEDTLS_SSL_CACHE_C)
785 #include "mbedtls/ssl_cache.h"
788 #define HTTP_RESPONSE \
789 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
790 "<h2>mbed TLS Test Server</h2>\r\n" \
792 "<p>Successful connection using: %s</p>\r\n"
794 #define DEBUG_LEVEL (0)
796 static int mbedtls_entropy_func_clutch(void *, unsigned char *output, size_t len)
798 for (uint32_t i = 0; i < len; i++) output[i] = 0x11;
802 static void my_debug( void *ctx, int level,
803 const char *file, int line,
808 mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
809 fflush( (FILE *) ctx );
812 static void * server(void *)
815 mbedtls_net_context listen_fd, client_fd;
816 unsigned char buf[1024];
817 const char *pers = "ssl_server";
819 mbedtls_entropy_context entropy;
820 mbedtls_ctr_drbg_context ctr_drbg;
821 mbedtls_ssl_context ssl;
822 mbedtls_ssl_config conf;
823 mbedtls_x509_crt srvcert;
824 mbedtls_pk_context pkey;
825 #if defined(MBEDTLS_SSL_CACHE_C)
826 mbedtls_ssl_cache_context cache;
829 mbedtls_net_init( &listen_fd );
830 mbedtls_net_init( &client_fd );
831 mbedtls_ssl_init( &ssl );
832 mbedtls_ssl_config_init( &conf );
833 #if defined(MBEDTLS_SSL_CACHE_C)
834 mbedtls_ssl_cache_init( &cache );
836 mbedtls_x509_crt_init( &srvcert );
837 mbedtls_pk_init( &pkey );
838 mbedtls_entropy_init( &entropy );
839 mbedtls_ctr_drbg_init( &ctr_drbg );
841 #if defined(MBEDTLS_DEBUG_C)
842 mbedtls_debug_set_threshold( DEBUG_LEVEL );
846 * 1. Load the certificates and private RSA key
848 mbedtls_printf( "\n . Loading the server cert. and key..." );
852 * This demonstration program uses embedded test certificates.
853 * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
854 * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
856 ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) serverCert, serverCertLen );
859 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
863 ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) caCert, caCertLen );
866 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
870 ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) serverPrivateKey,
871 serverPrivateKeyLen, NULL, 0 );
874 mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
878 mbedtls_printf( " ok\n" );
881 * 2. Setup the listening TCP socket
883 mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
886 if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
888 mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
892 mbedtls_printf( " ok\n" );
897 mbedtls_printf( " . Seeding the random number generator..." );
900 if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func_clutch, &entropy,
901 (const unsigned char *) pers,
902 strlen( pers ) ) ) != 0 )
904 mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
907 mbedtls_printf( " ok\n" );
912 mbedtls_printf( " . Setting up the SSL data...." );
915 if( ( ret = mbedtls_ssl_config_defaults( &conf,
916 MBEDTLS_SSL_IS_SERVER,
917 MBEDTLS_SSL_TRANSPORT_STREAM,
918 MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
920 mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
924 mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
925 mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
927 #if defined(MBEDTLS_SSL_CACHE_C)
928 mbedtls_ssl_conf_session_cache( &conf, &cache,
929 mbedtls_ssl_cache_get,
930 mbedtls_ssl_cache_set );
933 mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
934 if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
936 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
940 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
942 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
946 mbedtls_printf( " ok\n" );
949 #ifdef MBEDTLS_ERROR_C
953 mbedtls_strerror( ret, error_buf, 100 );
954 mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
958 mbedtls_net_free( &client_fd );
960 mbedtls_ssl_session_reset( &ssl );
963 * 3. Wait until a client connects
965 mbedtls_printf( " . Waiting for a remote connection ..." );
968 if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
969 NULL, 0, NULL ) ) != 0 )
971 mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
975 mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
977 mbedtls_printf( " ok\n" );
982 mbedtls_printf( " . Performing the SSL/TLS handshake..." );
985 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
987 if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
989 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
994 mbedtls_printf( " ok\n" );
997 * 6. Read the HTTP Request
999 mbedtls_printf( " < Read from client:" );
1004 len = sizeof( buf ) - 1;
1005 memset( buf, 0, sizeof( buf ) );
1006 ret = mbedtls_ssl_read( &ssl, buf, len );
1008 if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
1015 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
1016 mbedtls_printf( " connection was closed gracefully\n" );
1019 case MBEDTLS_ERR_NET_CONN_RESET:
1020 mbedtls_printf( " connection was reset by peer\n" );
1024 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
1032 mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
1040 * 7. Write the 200 Response
1042 mbedtls_printf( " > Write to client:" );
1046 len = sprintf( (char *) buf, HTTP_RESPONSE,
1047 mbedtls_ssl_get_ciphersuite( &ssl ) );
1049 while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
1051 if( ret == MBEDTLS_ERR_NET_CONN_RESET )
1053 mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
1057 if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
1059 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
1065 mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
1067 mbedtls_printf( " . Closing the connection..." );
1069 while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
1071 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
1072 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
1074 mbedtls_printf( " failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret );
1079 mbedtls_printf( " ok\n" );
1086 #ifdef MBEDTLS_ERROR_C
1089 char error_buf[100];
1090 mbedtls_strerror( ret, error_buf, 100 );
1091 mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
1095 mbedtls_net_free( &client_fd );
1096 mbedtls_net_free( &listen_fd );
1098 mbedtls_x509_crt_free( &srvcert );
1099 mbedtls_pk_free( &pkey );
1100 mbedtls_ssl_free( &ssl );
1101 mbedtls_ssl_config_free( &conf );
1102 #if defined(MBEDTLS_SSL_CACHE_C)
1103 mbedtls_ssl_cache_free( &cache );
1105 mbedtls_ctr_drbg_free( &ctr_drbg );
1106 mbedtls_entropy_free( &entropy );
1109 mbedtls_printf( " Press Enter to exit this program.\n" );
1115 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
1116 MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
1117 MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C
1118 && MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */
1120 /* **************************
1123 * CAinitSslAdapter test
1126 * *************************/
1128 static int testCAinitSslAdapter()
1132 CAEndpoint_t serverAddr;
1133 serverAddr.adapter = CA_ADAPTER_IP;
1134 serverAddr.flags = CA_SECURE;
1135 serverAddr.port = 4433;
1136 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1137 memcpy(serverAddr.addr, addr, sizeof(addr));
1138 serverAddr.ifindex = 0;
1140 ret = CAinitSslAdapter();
1142 &g_caSslContext == NULL ||
1143 &g_caSslContext->crt == NULL ||
1144 &g_caSslContext->pkey == NULL ||
1145 &g_caSslContext->clientTlsConf == NULL ||
1146 &g_caSslContext->serverTlsConf == NULL ||
1147 &g_caSslContext->rnd == NULL ||
1148 &g_caSslContext->entropy == NULL)
1153 // CAdeinitSslAdapter
1154 ca_mutex_lock(g_sslContextMutex);
1156 mbedtls_x509_crt_free(&g_caSslContext->crt);
1157 mbedtls_pk_free(&g_caSslContext->pkey);
1158 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1159 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1160 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1161 mbedtls_entropy_free(&g_caSslContext->entropy);
1162 OICFree(g_caSslContext);
1163 g_caSslContext = NULL;
1164 ca_mutex_unlock(g_sslContextMutex);
1165 ca_mutex_free(g_sslContextMutex);
1166 g_sslContextMutex = NULL;
1171 // CAinitTlsAdapter()
1172 TEST(TLSAdaper, Test_1)
1175 ret = testCAinitSslAdapter();
1179 /* **************************
1182 * CAsetSslAdapterCallbacks test
1185 * *************************/
1187 static int testCAsetSslAdapterCallbacks()
1190 CAEndpoint_t serverAddr;
1191 serverAddr.adapter = CA_ADAPTER_IP;
1192 serverAddr.flags = CA_SECURE;
1193 serverAddr.port = 4433;
1194 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1195 memcpy(serverAddr.addr, addr, sizeof(addr));
1196 serverAddr.ifindex = 0;
1199 g_sslContextMutex = ca_mutex_new();
1200 ca_mutex_lock(g_sslContextMutex);
1201 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1202 g_caSslContext->peerList = u_arraylist_create();
1203 mbedtls_entropy_init(&g_caSslContext->entropy);
1204 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1205 unsigned char * seed = (unsigned char*) SEED;
1206 mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch,
1207 &g_caSslContext->entropy, seed, sizeof(SEED));
1208 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
1209 mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf);
1210 mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT,
1211 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1212 mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL);
1213 mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random,
1214 &g_caSslContext->rnd);
1215 mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]);
1216 mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3,
1217 MBEDTLS_SSL_MINOR_VERSION_1);
1218 mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1219 mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED);
1220 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
1221 mbedtls_x509_crt_init(&g_caSslContext->ca);
1222 mbedtls_x509_crt_init(&g_caSslContext->crt);
1223 mbedtls_pk_init(&g_caSslContext->pkey);
1224 mbedtls_x509_crl_init(&g_caSslContext->crl);
1225 ca_mutex_unlock(g_sslContextMutex);
1227 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, (CATransportAdapter_t)0);
1228 if (g_caSslContext->adapterCallbacks[0].recvCallback == NULL &&
1229 g_caSslContext->adapterCallbacks[0].sendCallback == NULL &&
1230 g_caSslContext->adapterCallbacks[1].recvCallback == NULL &&
1231 g_caSslContext->adapterCallbacks[1].sendCallback == NULL)
1239 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_IP);
1240 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
1241 if (g_caSslContext->adapterCallbacks[0].recvCallback == CATCPPacketReceivedCB &&
1242 g_caSslContext->adapterCallbacks[0].sendCallback == CATCPPacketSendCB &&
1243 g_caSslContext->adapterCallbacks[1].recvCallback == CATCPPacketReceivedCB &&
1244 g_caSslContext->adapterCallbacks[1].sendCallback == CATCPPacketSendCB)
1253 // CAdeinitSslAdapter
1254 ca_mutex_lock(g_sslContextMutex);
1256 mbedtls_x509_crt_free(&g_caSslContext->crt);
1257 mbedtls_pk_free(&g_caSslContext->pkey);
1258 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1259 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1260 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1261 mbedtls_entropy_free(&g_caSslContext->entropy);
1262 OICFree(g_caSslContext);
1263 g_caSslContext = NULL;
1264 ca_mutex_unlock(g_sslContextMutex);
1265 ca_mutex_free(g_sslContextMutex);
1266 g_sslContextMutex = NULL;
1271 // CAsetSslAdapterCallbacks()
1272 TEST(TLSAdaper, Test_2)
1275 ret = testCAsetSslAdapterCallbacks();
1279 /* **************************
1282 * CAinitiateSslHandshake test
1285 * *************************/
1287 unsigned char predictedClientHello[] = {
1288 0x16, 0x03, 0x01, 0x00, 0x63, 0x01, 0x00, 0x00, 0x5f, 0x03, 0x03, 0x57, 0xf2, 0x5f, 0x21, 0x04,
1289 0xb1, 0x3b, 0xda, 0x55, 0xa4, 0x8e, 0xcc, 0x3f, 0xe9, 0x45, 0x5c, 0xaf, 0xcb, 0x19, 0x2e, 0x1f,
1290 0x4b, 0xd5, 0x84, 0x5c, 0x4b, 0xd7, 0x7d, 0x38, 0xa2, 0xfa, 0x3d, 0x00, 0x00, 0x06, 0xc0, 0xae,
1291 0xc0, 0xae, 0x00, 0xff, 0x01, 0x00, 0x00, 0x30, 0x00, 0x0d, 0x00, 0x16, 0x00, 0x14, 0x06, 0x03,
1292 0x06, 0x01, 0x05, 0x03, 0x05, 0x01, 0x04, 0x03, 0x04, 0x01, 0x03, 0x03, 0x03, 0x01, 0x02, 0x03,
1293 0x02, 0x01, 0x00, 0x0a, 0x00, 0x04, 0x00, 0x02, 0x00, 0x17, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
1294 0x00, 0x16, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00
1296 static unsigned char controlBuf[sizeof(predictedClientHello)];
1297 static char controlBufLen = 0;
1298 static void CATCPPacketSendCB_forInitHsTest(CAEndpoint_t *, const void * buf, uint32_t buflen)
1301 n = write(sockfd, buf, buflen);
1303 error("ERROR writing to socket");
1305 memset(controlBuf, 0, sizeof(predictedClientHello));
1306 memcpy(controlBuf, buf, buflen);
1307 controlBufLen = buflen;
1310 static void * test0CAinitiateSslHandshake(void * arg)
1312 CAEndpoint_t serverAddr;
1313 serverAddr.adapter = CA_ADAPTER_TCP;
1314 serverAddr.flags = CA_SECURE;
1315 serverAddr.port = 4433;
1316 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1317 memcpy(serverAddr.addr, addr, sizeof(addr));
1318 serverAddr.ifindex = 0;
1321 g_sslContextMutex = ca_mutex_new();
1322 ca_mutex_lock(g_sslContextMutex);
1323 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1324 g_caSslContext->peerList = u_arraylist_create();
1325 mbedtls_entropy_init(&g_caSslContext->entropy);
1326 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1327 unsigned char * seed = (unsigned char*) SEED;
1328 mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch,
1329 &g_caSslContext->entropy, seed, sizeof(SEED));
1330 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
1331 mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf);
1332 mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT,
1333 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1334 mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL);
1335 mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random,
1336 &g_caSslContext->rnd);
1337 mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]);
1338 mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3,
1339 MBEDTLS_SSL_MINOR_VERSION_1);
1340 mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1341 mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED);
1342 mbedtls_x509_crt_init(&g_caSslContext->ca);
1343 mbedtls_x509_crt_init(&g_caSslContext->crt);
1344 mbedtls_pk_init(&g_caSslContext->pkey);
1345 mbedtls_x509_crl_init(&g_caSslContext->crl);
1346 ca_mutex_unlock(g_sslContextMutex);
1348 // CAsetSslAdapterCallbacks
1349 g_caSslContext->adapterCallbacks[1].recvCallback = CATCPPacketReceivedCB;
1350 g_caSslContext->adapterCallbacks[1].sendCallback = CATCPPacketSendCB_forInitHsTest;
1352 // CAsetPkixInfoCallback
1353 g_getPkixInfoCallback = infoCallback_that_loads_x509;
1355 // CAsetCredentialTypesCallback
1356 g_getCredentialTypesCallback = clutch;
1358 // CAsetTlsCipherSuite
1359 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
1360 tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]);
1361 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
1362 tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]);
1363 g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
1365 CAsetPskCredentialsCallback(GetDtlsPskCredentials);
1369 unsigned int unixTime = (unsigned)time(NULL);
1370 CAinitiateSslHandshake(&serverAddr);
1371 predictedClientHello[11] = unixTime >> 24;
1372 predictedClientHello[12] = (unixTime << 8) >> 24;
1373 predictedClientHello[13] = (unixTime << 16) >> 24;
1374 predictedClientHello[14] = (unixTime << 24) >> 24;
1376 // CAcloseTlsConnection
1377 ca_mutex_lock(g_sslContextMutex);
1378 SslEndPoint_t * tep = GetSslPeer(&serverAddr);
1379 mbedtls_ssl_close_notify(&tep->ssl);
1380 RemovePeerFromList(&tep->sep.endpoint);
1381 ca_mutex_unlock(g_sslContextMutex);
1383 // CAdeinitTlsAdapter
1384 ca_mutex_lock(g_sslContextMutex);
1386 mbedtls_x509_crt_free(&g_caSslContext->crt);
1387 mbedtls_pk_free(&g_caSslContext->pkey);
1388 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1389 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1390 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1391 mbedtls_entropy_free(&g_caSslContext->entropy);
1392 OICFree(g_caSslContext);
1393 g_caSslContext = NULL;
1394 ca_mutex_unlock(g_sslContextMutex);
1395 ca_mutex_free(g_sslContextMutex);
1396 g_sslContextMutex = NULL;
1400 if (controlBufLen == sizeof(predictedClientHello) &&
1401 memcmp(predictedClientHello, controlBuf, sizeof(predictedClientHello)) == 0)
1408 *((int*)arg) = 0xFF;
1409 return (void *) 0xFF;
1413 static int test1CAinitiateSslHandshake()
1416 ret = CAinitiateSslHandshake(NULL);
1417 if (CA_STATUS_INVALID_PARAM == ret)
1428 // CAinitiateSslHandshake()
1429 TEST(TLSAdaper, Test_3_0)
1431 pthread_t thread1, thread2;
1435 ret = pthread_create( &thread1, NULL, server, (void*) NULL);
1438 fprintf(stderr, "Error - pthread_create() return code: %d\n", ret);
1444 ret = pthread_create( &thread2, NULL, test0CAinitiateSslHandshake, &arg);
1447 fprintf(stderr, "Error - pthread_create() return code: %d\n", ret);
1456 TEST(TLSAdaper, Test_3_1)
1459 ret = test1CAinitiateSslHandshake();
1463 /* **************************
1469 * *************************/
1471 static void * testCAencryptSsl(void * arg)
1474 CAEndpoint_t serverAddr;
1475 serverAddr.adapter = CA_ADAPTER_TCP;
1476 serverAddr.flags = CA_SECURE;
1477 serverAddr.port = 4433;
1478 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1479 memcpy(serverAddr.addr, addr, sizeof(addr));
1480 serverAddr.ifindex = 0;
1483 g_sslContextMutex = ca_mutex_new();
1484 ca_mutex_lock(g_sslContextMutex);
1485 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1486 g_caSslContext->peerList = u_arraylist_create();
1487 mbedtls_entropy_init(&g_caSslContext->entropy);
1488 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1489 unsigned char * seed = (unsigned char*) SEED;
1490 mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch,
1491 &g_caSslContext->entropy, seed, sizeof(SEED));
1492 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
1493 mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf);
1494 mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT,
1495 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1496 mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL);
1497 mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random,
1498 &g_caSslContext->rnd);
1499 mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]);
1500 mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3,
1501 MBEDTLS_SSL_MINOR_VERSION_1);
1502 mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1503 mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED);
1504 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
1505 mbedtls_x509_crt_init(&g_caSslContext->ca);
1506 mbedtls_x509_crt_init(&g_caSslContext->crt);
1507 mbedtls_pk_init(&g_caSslContext->pkey);
1508 mbedtls_x509_crl_init(&g_caSslContext->crl);
1509 ca_mutex_unlock(g_sslContextMutex);
1511 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
1513 CAsetPkixInfoCallback(infoCallback_that_loads_x509);
1515 // CAsetCredentialTypesCallback
1516 g_getCredentialTypesCallback = clutch;
1518 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
1519 CAsetPskCredentialsCallback(GetDtlsPskCredentials);
1523 // CAinitiateSslHandshake
1524 ca_mutex_lock(g_sslContextMutex);
1525 InitiateTlsHandshake(&serverAddr);
1526 ca_mutex_unlock(g_sslContextMutex);
1528 unsigned char buffer[2048] = {'\0'};
1530 CASecureEndpoint_t * sep = (CASecureEndpoint_t *) malloc (sizeof(CASecureEndpoint_t));
1531 sep->endpoint = serverAddr;
1533 for (int i = 0; i < 6; i++)
1535 PacketReceive(buffer, &buflen);
1536 CAdecryptSsl(sep, (uint8_t *)buffer, buflen);
1539 ret = sprintf( (char*)buffer, GET_REQUEST );
1541 CAencryptSsl(&serverAddr, buffer, ret);
1543 PacketReceive(buffer, &buflen);
1544 CAdecryptSsl(sep, (uint8_t *)buffer, buflen);
1546 CAcloseSslConnection(&serverAddr);
1548 // CAdeinitSslAdapter
1549 ca_mutex_lock(g_sslContextMutex);
1551 mbedtls_x509_crt_free(&g_caSslContext->crt);
1552 mbedtls_pk_free(&g_caSslContext->pkey);
1553 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1554 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1555 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1556 mbedtls_entropy_free(&g_caSslContext->entropy);
1557 OICFree(g_caSslContext);
1558 g_caSslContext = NULL;
1559 ca_mutex_unlock(g_sslContextMutex);
1560 ca_mutex_free(g_sslContextMutex);
1561 g_sslContextMutex = NULL;
1565 if (control_server_message_len == msglen && memcmp(msg, control_server_message, control_server_message_len) == 0)
1572 *((int*)arg) = 0xFF;
1573 return (void *) 0xFF;
1578 TEST(TLSAdaper, Test_4)
1580 pthread_t thread1, thread2;
1584 ret = pthread_create( &thread1, NULL, server, (void*) NULL);
1587 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1593 ret = pthread_create( &thread2, NULL, testCAencryptSsl, &arg);
1596 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1605 /* **************************
1611 * *************************/
1613 static void * testCAdecryptSsl(void * arg)
1616 unsigned char buffer[2048] = {'\0'};
1619 CAEndpoint_t serverAddr;
1620 serverAddr.adapter = CA_ADAPTER_TCP;
1621 serverAddr.flags = CA_SECURE;
1622 serverAddr.port = 4433;
1623 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1624 memcpy(serverAddr.addr, addr, sizeof(addr));
1625 serverAddr.ifindex = 0;
1628 g_sslContextMutex = ca_mutex_new();
1629 ca_mutex_lock(g_sslContextMutex);
1630 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1631 g_caSslContext->peerList = u_arraylist_create();
1632 mbedtls_entropy_init(&g_caSslContext->entropy);
1633 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1634 unsigned char * seed = (unsigned char*) SEED;
1635 mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch,
1636 &g_caSslContext->entropy, seed, sizeof(SEED));
1637 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
1638 mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf);
1639 mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT,
1640 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1641 mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL);
1642 mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random,
1643 &g_caSslContext->rnd);
1644 mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]);
1645 mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3,
1646 MBEDTLS_SSL_MINOR_VERSION_1);
1647 mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1648 mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED);
1649 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
1650 mbedtls_x509_crt_init(&g_caSslContext->ca);
1651 mbedtls_x509_crt_init(&g_caSslContext->crt);
1652 mbedtls_pk_init(&g_caSslContext->pkey);
1653 mbedtls_x509_crl_init(&g_caSslContext->crl);
1654 ca_mutex_unlock(g_sslContextMutex);
1656 // CAsetTlsAdapterCallbacks
1657 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
1659 // CAsetPkixInfoCallback
1660 CAsetPkixInfoCallback(infoCallback_that_loads_x509);
1662 // CAsetCredentialTypesCallback
1663 g_getCredentialTypesCallback = clutch;
1665 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
1667 CAsetPskCredentialsCallback(GetDtlsPskCredentials);
1671 // CAinitiateSslHandshake
1672 ca_mutex_lock(g_sslContextMutex);
1673 InitiateTlsHandshake(&serverAddr);
1674 ca_mutex_unlock(g_sslContextMutex);
1676 CASecureEndpoint_t * sep = (CASecureEndpoint_t *) malloc (sizeof(CASecureEndpoint_t));
1677 sep->endpoint = serverAddr;
1679 for (int i = 0; i < 6; i++)
1681 PacketReceive(buffer, &buflen);
1682 CAdecryptSsl(sep, (uint8_t *)buffer, buflen);
1685 ret = sprintf((char*)buffer, GET_REQUEST);
1687 CAencryptSsl(&serverAddr, buffer, ret);
1689 PacketReceive(buffer, &buflen);
1690 CAdecryptSsl(sep, (uint8_t *)buffer, buflen);
1692 CAcloseSslConnection(&serverAddr);
1694 // CAdeinitSslAdapter
1695 ca_mutex_lock(g_sslContextMutex);
1697 mbedtls_x509_crt_free(&g_caSslContext->crt);
1698 mbedtls_pk_free(&g_caSslContext->pkey);
1699 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1700 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1701 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1702 mbedtls_entropy_free(&g_caSslContext->entropy);
1703 OICFree(g_caSslContext);
1704 g_caSslContext = NULL;
1705 ca_mutex_unlock(g_sslContextMutex);
1706 ca_mutex_free(g_sslContextMutex);
1707 g_sslContextMutex = NULL;
1711 if (control_server_message_len == msglen && memcmp(msg, control_server_message,
1712 control_server_message_len) == 0)
1719 *((int*)arg) = 0xFF;
1720 return (void *) 0xFF;
1725 TEST(TLSAdaper, Test_5)
1727 pthread_t thread1, thread2;
1731 ret = pthread_create( &thread1, NULL, server, (void*) NULL);
1734 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1740 ret = pthread_create( &thread2, NULL, testCAdecryptSsl, &arg);
1743 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1752 /* **************************
1755 * CAdeinitSslAdapter test
1758 * *************************/
1760 static int testCAdeinitSslAdapter()
1763 CAEndpoint_t serverAddr;
1764 serverAddr.adapter = CA_ADAPTER_IP;
1765 serverAddr.flags = CA_SECURE;
1766 serverAddr.port = 4433;
1767 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1768 memcpy(serverAddr.addr, addr, sizeof(addr));
1769 serverAddr.ifindex = 0;
1772 g_sslContextMutex = ca_mutex_new();
1773 ca_mutex_lock(g_sslContextMutex);
1774 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1775 g_caSslContext->peerList = u_arraylist_create();
1776 mbedtls_entropy_init(&g_caSslContext->entropy);
1777 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1778 unsigned char * seed = (unsigned char*) SEED;
1779 mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func,
1780 &g_caSslContext->entropy, seed, sizeof(SEED));
1781 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
1782 mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf);
1783 mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT,
1784 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1785 mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL);
1786 mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random,
1787 &g_caSslContext->rnd);
1788 mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]);
1789 mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3,
1790 MBEDTLS_SSL_MINOR_VERSION_1);
1791 mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1792 mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED);
1793 mbedtls_x509_crt_init(&g_caSslContext->ca);
1794 mbedtls_x509_crt_init(&g_caSslContext->crt);
1795 mbedtls_pk_init(&g_caSslContext->pkey);
1796 mbedtls_x509_crl_init(&g_caSslContext->crl);
1797 ca_mutex_unlock(g_sslContextMutex);
1799 // CAsetTlsAdapterCallbacks
1800 g_caSslContext->adapterCallbacks[1].recvCallback = CATCPPacketReceivedCB;
1801 g_caSslContext->adapterCallbacks[1].sendCallback = CATCPPacketSendCB;
1803 // CAsetPkixInfoCallback
1804 g_getPkixInfoCallback = infoCallback_that_loads_x509;
1806 // CAsetTlsCipherSuite
1807 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
1808 tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]);
1809 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
1810 tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]);
1811 g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
1813 CAdeinitSslAdapter();
1815 if (g_caSslContext != NULL ||
1816 g_sslContextMutex != NULL)
1827 // CAdeinitSslAdapter()
1828 TEST(TLSAdaper, Test_6)
1831 ret = testCAdeinitSslAdapter();
1835 /* **************************
1841 * *************************/
1843 static void * testServer(void * arg)
1845 CAEndpoint_t serverAddr;
1846 serverAddr.adapter = CA_ADAPTER_TCP;
1847 serverAddr.flags = CA_SECURE;
1848 serverAddr.port = 4432;
1849 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1850 memcpy(serverAddr.addr, addr, sizeof(addr));
1851 serverAddr.ifindex = 0;
1852 unsigned char buffer[2048] = {'\0'};
1857 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB_server, CATCPPacketSendCB_server, CA_ADAPTER_TCP);
1858 CAsetPkixInfoCallback(infoCallback_that_loads_x509);
1860 // CAsetCredentialTypesCallback
1861 g_getCredentialTypesCallback = clutch;
1863 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
1865 CAsetPskCredentialsCallback(GetDtlsPskCredentials);
1867 socketOpen_server();
1869 CASecureEndpoint_t * sep = (CASecureEndpoint_t *) malloc (sizeof(CASecureEndpoint_t));
1870 sep->endpoint = serverAddr;
1872 for (int i = 0; i < 7; i++)
1874 PacketReceive_server(buffer, &buflen);
1875 CAdecryptSsl(sep, (uint8_t *)buffer, buflen);
1878 CAcloseSslConnection(&serverAddr);
1880 // CAdeinitSslAdapter
1881 ca_mutex_lock(g_sslContextMutex);
1883 mbedtls_x509_crt_free(&g_caSslContext->crt);
1884 mbedtls_pk_free(&g_caSslContext->pkey);
1885 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1886 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1887 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1888 mbedtls_entropy_free(&g_caSslContext->entropy);
1889 OICFree(g_caSslContext);
1890 g_caSslContext = NULL;
1891 ca_mutex_unlock(g_sslContextMutex);
1892 ca_mutex_free(g_sslContextMutex);
1893 g_sslContextMutex = NULL;
1895 socketClose_server();
1897 if (control_client_message_len == msglen && memcmp(msg, control_client_message,
1898 control_client_message_len) == 0)
1905 *((int*)arg) = 0xFF;
1906 return (void *) 0xFF;
1910 TEST(TLSAdaper, Test_7)
1912 pthread_t thread1, thread2;
1916 ret = pthread_create( &thread1, NULL, testServer, &arg);
1919 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1925 ret = pthread_create( &thread2, NULL, client, (void*) NULL);
1928 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1934 EXPECT_EQ(NULL, arg);
1937 /* **************************
1939 * CAsetPskCredentialsCallback test
1940 * CAsetPkixInfoCallback test
1941 * CAsetCredentialTypesCallback test
1943 * *************************/
1945 static int testCAsetPskCredentialsCallback()
1947 static CAgetPskCredentialsHandler credCallback = (CAgetPskCredentialsHandler)dummyHandler;
1948 CAsetPskCredentialsCallback(credCallback);
1949 if (g_getCredentialsCallback == (CAgetPskCredentialsHandler)dummyHandler)
1959 static int testCAsetPkixInfoCallback()
1961 static CAgetPkixInfoHandler infoCallback = (CAgetPkixInfoHandler)dummyHandler;
1962 CAsetPkixInfoCallback(infoCallback);
1963 if (g_getPkixInfoCallback == (CAgetPkixInfoHandler)dummyHandler)
1973 static int testCAsetCredentialTypesCallback()
1975 static CAgetCredentialTypesHandler credTypesCallback = (CAgetCredentialTypesHandler)dummyHandler;
1976 CAsetCredentialTypesCallback(credTypesCallback);
1977 if (g_getCredentialTypesCallback == (CAgetCredentialTypesHandler)dummyHandler)
1987 // CAsetPskCredentialsCallback()
1988 TEST(TLSAdaper, Test_9_0)
1991 ret = testCAsetPskCredentialsCallback();
1994 // CAsetPkixInfoCallback()
1995 TEST(TLSAdaper, Test_9_1)
1998 ret = testCAsetPkixInfoCallback();
2001 // CAsetCredentialTypesCallback()
2002 TEST(TLSAdaper, Test_9_2)
2005 ret = testCAsetCredentialTypesCallback();
2009 /* **************************
2012 * CAsetTlsCipherSuite test
2015 * *************************/
2017 static int testCAsetTlsCipherSuite()
2019 int ret = 0, status = 0;
2020 CAEndpoint_t serverAddr;
2021 serverAddr.adapter = CA_ADAPTER_TCP;
2022 serverAddr.flags = CA_SECURE;
2023 serverAddr.port = 4433;
2024 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
2025 memcpy(serverAddr.addr, addr, sizeof(addr));
2026 serverAddr.ifindex = 0;
2030 // CAsetCredentialTypesCallback
2031 g_getCredentialTypesCallback = clutch;
2033 status = CAsetTlsCipherSuite(MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA);
2034 if (ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA != g_caSslContext->cipher || status != CA_STATUS_OK)
2039 status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
2040 if (ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 != g_caSslContext->cipher || status != CA_STATUS_OK)
2045 status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256);
2046 if (ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256 != g_caSslContext->cipher || status != CA_STATUS_OK)
2051 status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
2052 if (ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
2057 status = CAsetTlsCipherSuite(dummyHandler);
2058 if (CA_STATUS_FAILED != status)
2063 // CAdeinitSslAdapter
2064 ca_mutex_lock(g_sslContextMutex);
2066 mbedtls_x509_crt_free(&g_caSslContext->crt);
2067 mbedtls_pk_free(&g_caSslContext->pkey);
2068 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
2069 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
2070 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
2071 mbedtls_entropy_free(&g_caSslContext->entropy);
2072 OICFree(g_caSslContext);
2073 g_caSslContext = NULL;
2074 ca_mutex_unlock(g_sslContextMutex);
2075 ca_mutex_free(g_sslContextMutex);
2076 g_sslContextMutex = NULL;
2081 // CAinitTlsAdapter()
2082 TEST(TLSAdaper, Test_10)
2085 ret = testCAsetTlsCipherSuite();
2089 static void * testCAsslGenerateOwnerPsk(void * arg)
2092 CAEndpoint_t serverAddr;
2093 serverAddr.adapter = CA_ADAPTER_TCP;
2094 serverAddr.flags = CA_SECURE;
2095 serverAddr.port = 4433;
2096 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
2097 memcpy(serverAddr.addr, addr, sizeof(addr));
2098 serverAddr.ifindex = 0;
2100 uint8_t label[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A};
2101 uint8_t rsrcServerDeviceId[] = {0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A};
2102 uint8_t provServerDeviceId[] = {0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A};
2103 uint8_t ownerPsk[0x100] = {0x00};
2104 uint8_t predictedPSK[] = {
2105 0xba, 0x72, 0x16, 0xbc, 0x7f, 0x8c, 0xfe, 0xfc, 0xd0, 0xac, 0x1a, 0x37, 0xad, 0x60, 0xe8, 0x9e,
2106 0xb3, 0x31, 0xa2, 0x30, 0xaf, 0x68, 0xc9, 0xa6, 0x89, 0x8a, 0x04, 0x21, 0x6c, 0xbd, 0x04, 0x08,
2107 0x68, 0x11, 0x54, 0x9e, 0x2a, 0x10, 0x91, 0x94, 0x3c, 0x44, 0x52, 0xc7, 0xfa, 0x78, 0x44, 0x87,
2108 0xea, 0x30, 0x08, 0x5f, 0xc1, 0x64, 0xaa, 0x0d, 0xfd, 0x84, 0x16, 0x83, 0x20, 0xc9, 0x08, 0x65,
2109 0xd2, 0x4a, 0x55, 0x9e, 0x8f, 0x88, 0x3c, 0x57, 0x10, 0xbd, 0x5a, 0x30, 0x01, 0xb4, 0x59, 0x63,
2110 0x64, 0x19, 0x8d, 0xfa, 0x5c, 0x86, 0x92, 0xf7, 0x60, 0x99, 0xdb, 0xae, 0x0e, 0xad, 0x80, 0xf1,
2111 0x82, 0xaf, 0x1b, 0x14, 0x0c, 0x99, 0x13, 0x53, 0x54, 0x33, 0x6a, 0x17, 0x24, 0x5c, 0x9d, 0xdb,
2112 0x5a, 0xfb, 0x73, 0x2f, 0x41, 0xe8, 0xeb, 0x2e, 0x68, 0xfe, 0xee, 0x0b, 0xdc, 0x54, 0x50, 0xf1,
2113 0x1e, 0x16, 0x19, 0x2c, 0x4e, 0xb6, 0x97, 0x9f, 0x9c, 0x32, 0x9c, 0x0e, 0xe0, 0xe1, 0x32, 0x64,
2114 0x16, 0x34, 0x53, 0x8e, 0xc5, 0xe3, 0xe5, 0xbc, 0x2c, 0x10, 0xae, 0x81, 0x2c, 0x1a, 0xb2, 0xb7,
2115 0xa3, 0xbe, 0x0f, 0xab, 0xfd, 0xf7, 0x87, 0x53, 0xcd, 0x3e, 0x31, 0xfb, 0x2d, 0x69, 0x6a, 0xd5,
2116 0xc3, 0x27, 0x04, 0x2b, 0x37, 0x02, 0x91, 0x05, 0x0c, 0x4e, 0x2a, 0xfc, 0x6c, 0x42, 0xe8, 0x37,
2117 0x23, 0x2f, 0x60, 0x6e, 0x0c, 0xed, 0x7c, 0xe0, 0x5f, 0x47, 0xb3, 0x51, 0x86, 0x5b, 0x26, 0x08,
2118 0x2a, 0x05, 0x89, 0xb0, 0xdd, 0x6f, 0xc6, 0x76, 0xc5, 0x2a, 0x60, 0x07, 0x0e, 0xb1, 0x71, 0x67,
2119 0x21, 0x11, 0xf8, 0xb5, 0x52, 0xa3, 0xf3, 0xf0, 0xd4, 0x5f, 0xdf, 0x44, 0x66, 0x23, 0xd8, 0x4e,
2120 0xbd, 0x64, 0x39, 0x43, 0x03, 0x37, 0xaa, 0xd7, 0xea, 0xb3, 0x6d, 0x2f, 0x84, 0x9c, 0x02, 0x49
2124 g_sslContextMutex = ca_mutex_new();
2125 ca_mutex_lock(g_sslContextMutex);
2126 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
2127 g_caSslContext->peerList = u_arraylist_create();
2128 mbedtls_entropy_init(&g_caSslContext->entropy);
2129 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
2130 unsigned char * seed = (unsigned char*) SEED;
2131 mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch,
2132 &g_caSslContext->entropy, seed, sizeof(SEED));
2133 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
2134 mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf);
2135 mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT,
2136 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
2137 mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL);
2138 mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random,
2139 &g_caSslContext->rnd);
2140 mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]);
2141 mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3,
2142 MBEDTLS_SSL_MINOR_VERSION_1);
2143 mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
2144 mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED);
2145 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
2146 mbedtls_x509_crt_init(&g_caSslContext->ca);
2147 mbedtls_x509_crt_init(&g_caSslContext->crt);
2148 mbedtls_pk_init(&g_caSslContext->pkey);
2149 mbedtls_x509_crl_init(&g_caSslContext->crl);
2150 ca_mutex_unlock(g_sslContextMutex);
2152 // CAsetTlsAdapterCallbacks
2153 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
2155 // CAsetPkixInfoCallback
2156 CAsetPkixInfoCallback(infoCallback_that_loads_x509);
2158 // CAsetCredentialTypesCallback
2159 g_getCredentialTypesCallback = clutch;
2161 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
2163 CAsetPskCredentialsCallback(GetDtlsPskCredentials);
2167 // CAinitiateSslHandshake
2168 ca_mutex_lock(g_sslContextMutex);
2169 InitiateTlsHandshake(&serverAddr);
2170 ca_mutex_unlock(g_sslContextMutex);
2172 ret = CAsslGenerateOwnerPsk(&serverAddr,
2173 label, sizeof(label),
2174 rsrcServerDeviceId, sizeof(rsrcServerDeviceId),
2175 provServerDeviceId, sizeof(provServerDeviceId),
2178 // CAcloseTlsConnection
2179 ca_mutex_lock(g_sslContextMutex);
2180 SslEndPoint_t * tep = GetSslPeer(&serverAddr);
2181 mbedtls_ssl_close_notify(&tep->ssl);
2182 RemovePeerFromList(&tep->sep.endpoint);
2183 ca_mutex_unlock(g_sslContextMutex);
2185 // CAdeinitTlsAdapter
2186 ca_mutex_lock(g_sslContextMutex);
2188 mbedtls_x509_crt_free(&g_caSslContext->crt);
2189 mbedtls_pk_free(&g_caSslContext->pkey);
2190 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
2191 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
2192 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
2193 mbedtls_entropy_free(&g_caSslContext->entropy);
2194 OICFree(g_caSslContext);
2195 g_caSslContext = NULL;
2196 ca_mutex_unlock(g_sslContextMutex);
2197 ca_mutex_free(g_sslContextMutex);
2198 g_sslContextMutex = NULL;
2202 if (ret == 0 && memcmp(predictedPSK, ownerPsk, sizeof(predictedPSK)) == 0)
2209 *((int*)arg) = 0xFF;
2210 return (void *) 0xFF;
2214 TEST(TLSAdaper, Test_11)
2216 pthread_t thread1, thread2;
2220 ret = pthread_create( &thread1, NULL, server, (void*) NULL);
2223 fprintf(stderr, "Error - pthread_create() return code: %d\n", ret);
2229 ret = pthread_create( &thread2, NULL, testCAsslGenerateOwnerPsk, &arg);
2232 fprintf(stderr, "Error - pthread_create() return code: %d\n", ret);