1 //******************************************************************
3 // Copyright 2016 Samsung Electronics All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
21 #include "gtest/gtest.h"
24 #define CAcloseSslConnection CAcloseSslConnectionTest
25 #define CAdecryptSsl CAdecryptSslTest
26 #define CAdeinitSslAdapter CAdeinitSslAdapterTest
27 #define CAencryptSsl CAencryptSslTest
28 #define CAinitSslAdapter CAinitSslAdapterTest
29 #define CAinitiateSslHandshake CAinitiateSslHandshakeTest
30 #define CAsetCredentialTypesCallback CAsetCredentialTypesCallbackTest
31 #define CAsetSslAdapterCallbacks CAsetSslAdapterCallbacksTest
32 #define CAsetSslHandshakeCallback CAsetSslHandshakeCallbackTest
33 #define CAsetTlsCipherSuite CAsetTlsCipherSuiteTest
34 #define CAsslGenerateOwnerPsk CAsslGenerateOwnerPskTest
36 #include "../src/adapter_util/ca_adapter_net_ssl.c"
47 #ifdef HAVE_SYS_TYPES_H
48 #include <sys/types.h>
50 #ifdef HAVE_SYS_SOCKET_H
51 #include <sys/socket.h>
53 #ifdef HAVE_NETINET_IN_H
54 #include <netinet/in.h>
61 #include "../../../../c_common/windows/include/pthread_create.h"
65 /** @todo stop-gap for naming issue. Windows.h does not like us to use ERROR */
69 #endif //HAVE_WINDOWS_H
70 #include "platform_features.h"
73 #define MBED_TLS_DEBUG_LEVEL (4) // Verbose
75 #define SEED "PREDICTED_SEED"
76 #define dummyHandler 0xF123
78 #define SERVER_PORT 4433
79 #define SERVER_NAME "localhost"
80 #define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
82 /* **************************
88 * *************************/
90 unsigned char serverCert[] = {
91 0x30, 0x82, 0x02, 0x39, 0x30, 0x82, 0x01, 0xdf, 0x02, 0x01, 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a,
92 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x7c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
93 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
94 0x09, 0x53, 0x6f, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03,
95 0x55, 0x04, 0x07, 0x0c, 0x08, 0x53, 0x6f, 0x6d, 0x65, 0x63, 0x69, 0x74, 0x79, 0x31, 0x0b, 0x30,
96 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x42, 0x42, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03,
97 0x55, 0x04, 0x0b, 0x0c, 0x0d, 0x53, 0x65, 0x71, 0x75, 0x72, 0x69, 0x74, 0x79, 0x20, 0x50, 0x61,
98 0x72, 0x74, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x6f, 0x62, 0x31,
99 0x14, 0x30, 0x12, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x05,
100 0x6f, 0x62, 0x40, 0x62, 0x62, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x35, 0x31,
101 0x33, 0x31, 0x31, 0x31, 0x37, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x35, 0x31, 0x32, 0x31, 0x33,
102 0x31, 0x31, 0x31, 0x37, 0x5a, 0x30, 0x81, 0xd4, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
103 0x06, 0x13, 0x02, 0x55, 0x41, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x03,
104 0x41, 0x73, 0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x06, 0x47, 0x6f,
105 0x74, 0x68, 0x61, 0x6d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x5a,
106 0x5a, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x42, 0x65, 0x61, 0x6d,
107 0x54, 0x65, 0x61, 0x6d, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
108 0x01, 0x09, 0x01, 0x16, 0x0d, 0x72, 0x61, 0x69, 0x6c, 0x40, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63,
109 0x6f, 0x6d, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x29, 0x75, 0x75, 0x69,
110 0x64, 0x3a, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x2d, 0x33, 0x32, 0x33, 0x32, 0x2d,
111 0x33, 0x32, 0x33, 0x32, 0x2d, 0x33, 0x32, 0x33, 0x32, 0x2d, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32,
112 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x31, 0x34, 0x30, 0x32, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x0c,
113 0x2b, 0x75, 0x73, 0x65, 0x72, 0x69, 0x64, 0x3a, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37,
114 0x2d, 0x36, 0x37, 0x36, 0x37, 0x2d, 0x36, 0x37, 0x36, 0x37, 0x2d, 0x36, 0x37, 0x36, 0x37, 0x2d,
115 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x30, 0x59, 0x30, 0x13,
116 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
117 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xf7, 0x13, 0x5c, 0x73, 0x72, 0xce, 0x10, 0xe5, 0x09,
118 0x97, 0x9a, 0xf8, 0xf2, 0x70, 0xa6, 0x3d, 0x89, 0xf5, 0xc5, 0xe4, 0x44, 0xe2, 0x4a, 0xb6, 0x61,
119 0xa8, 0x12, 0x8d, 0xb4, 0xdc, 0x2b, 0x47, 0x84, 0x60, 0x0c, 0x25, 0x66, 0xe9, 0xe0, 0xe5, 0xac,
120 0x22, 0xbf, 0x15, 0xdc, 0x71, 0xb1, 0x88, 0x4f, 0x16, 0xbf, 0xc2, 0x77, 0x37, 0x76, 0x3f, 0xe0,
121 0x67, 0xc6, 0x1d, 0x23, 0xfe, 0x7c, 0x8b, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
122 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x47, 0xcc, 0x41, 0x8a, 0x27, 0xc7,
123 0xd0, 0xaa, 0xb4, 0xab, 0x85, 0xbf, 0x09, 0x4d, 0x06, 0xd7, 0x7e, 0x0d, 0x39, 0xf9, 0x36, 0xa1,
124 0x3d, 0x96, 0x23, 0xe2, 0x24, 0x64, 0x98, 0x63, 0x21, 0xba, 0x02, 0x21, 0x00, 0xe5, 0x8f, 0x7f,
125 0xf1, 0xa6, 0x82, 0x03, 0x6a, 0x18, 0x7a, 0x54, 0xe7, 0x0e, 0x25, 0x77, 0xd8, 0x46, 0xfa, 0x96,
126 0x8a, 0x7e, 0x14, 0xc4, 0xcb, 0x21, 0x32, 0x3e, 0x89, 0xd9, 0xba, 0x8c, 0x3f
128 int serverCertLen = sizeof(serverCert);
130 unsigned char serverPrivateKey[] = {
131 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x02, 0x51, 0xb5, 0x97, 0xb9, 0xe9, 0xd8, 0x8d, 0x66,
132 0x2b, 0x8a, 0xb3, 0x9c, 0x6a, 0xd2, 0xca, 0x18, 0x21, 0xb9, 0x87, 0x3d, 0xf5, 0x8e, 0xa2, 0x8d,
133 0x38, 0xf6, 0xb7, 0xd2, 0x76, 0x74, 0x99, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
134 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xf7, 0x13, 0x5c, 0x73, 0x72, 0xce, 0x10,
135 0xe5, 0x09, 0x97, 0x9a, 0xf8, 0xf2, 0x70, 0xa6, 0x3d, 0x89, 0xf5, 0xc5, 0xe4, 0x44, 0xe2, 0x4a,
136 0xb6, 0x61, 0xa8, 0x12, 0x8d, 0xb4, 0xdc, 0x2b, 0x47, 0x84, 0x60, 0x0c, 0x25, 0x66, 0xe9, 0xe0,
137 0xe5, 0xac, 0x22, 0xbf, 0x15, 0xdc, 0x71, 0xb1, 0x88, 0x4f, 0x16, 0xbf, 0xc2, 0x77, 0x37, 0x76,
138 0x3f, 0xe0, 0x67, 0xc6, 0x1d, 0x23, 0xfe, 0x7c, 0x8b
141 int serverPrivateKeyLen = sizeof(serverPrivateKey);
143 unsigned char caCert[] = {
144 0x30, 0x82, 0x02, 0x3e, 0x30, 0x82, 0x01, 0xe5, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
145 0x87, 0xa7, 0x68, 0x01, 0x7c, 0xe9, 0xf8, 0xf0, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
146 0x3d, 0x04, 0x03, 0x02, 0x30, 0x7c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
147 0x02, 0x55, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x09, 0x53, 0x6f,
148 0x6d, 0x65, 0x73, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07,
149 0x0c, 0x08, 0x53, 0x6f, 0x6d, 0x65, 0x63, 0x69, 0x74, 0x79, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
150 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x42, 0x42, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0b,
151 0x0c, 0x0d, 0x53, 0x65, 0x71, 0x75, 0x72, 0x69, 0x74, 0x79, 0x20, 0x50, 0x61, 0x72, 0x74, 0x31,
152 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x6f, 0x62, 0x31, 0x14, 0x30, 0x12,
153 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x05, 0x6f, 0x62, 0x40,
154 0x62, 0x62, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37, 0x32, 0x35, 0x31, 0x31, 0x31, 0x36,
155 0x31, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x35, 0x31, 0x35, 0x31, 0x31, 0x31, 0x36, 0x31,
156 0x31, 0x5a, 0x30, 0x7c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
157 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x09, 0x53, 0x6f, 0x6d, 0x65,
158 0x73, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x08,
159 0x53, 0x6f, 0x6d, 0x65, 0x63, 0x69, 0x74, 0x79, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
160 0x0a, 0x0c, 0x02, 0x42, 0x42, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0d,
161 0x53, 0x65, 0x71, 0x75, 0x72, 0x69, 0x74, 0x79, 0x20, 0x50, 0x61, 0x72, 0x74, 0x31, 0x0b, 0x30,
162 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x6f, 0x62, 0x31, 0x14, 0x30, 0x12, 0x06, 0x09,
163 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x05, 0x6f, 0x62, 0x40, 0x62, 0x62,
164 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
165 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x2e, 0xcf, 0xc3, 0xfa, 0x2e,
166 0x04, 0x11, 0x62, 0x34, 0x63, 0x6f, 0xdf, 0xb6, 0x67, 0xfb, 0x5a, 0x50, 0x8c, 0x15, 0x73, 0xc9,
167 0xc1, 0x57, 0x3a, 0x9e, 0xf8, 0xf4, 0xa8, 0x0c, 0x1a, 0xe9, 0x91, 0x51, 0x9d, 0x03, 0x26, 0x48,
168 0xaa, 0x46, 0x84, 0x12, 0x06, 0x2d, 0xfc, 0x66, 0xbe, 0x41, 0xed, 0xfd, 0xcd, 0x32, 0xa3, 0x9b,
169 0x34, 0xf2, 0xaa, 0x95, 0x1f, 0x8e, 0x5d, 0x49, 0x77, 0x80, 0xc2, 0xa3, 0x50, 0x30, 0x4e, 0x30,
170 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x1e, 0x81, 0xc3, 0x62, 0xff, 0x8c,
171 0x5a, 0x98, 0x90, 0xac, 0x2c, 0xc3, 0x65, 0xb9, 0x3f, 0x8f, 0x04, 0x55, 0xfa, 0x7c, 0x30, 0x1f,
172 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x81, 0xc3, 0x62, 0xff,
173 0x8c, 0x5a, 0x98, 0x90, 0xac, 0x2c, 0xc3, 0x65, 0xb9, 0x3f, 0x8f, 0x04, 0x55, 0xfa, 0x7c, 0x30,
174 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, 0x06,
175 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20,
176 0x1c, 0xa1, 0x55, 0xa8, 0x04, 0xbc, 0x5b, 0x00, 0xa8, 0xac, 0x2f, 0xe6, 0xb7, 0x3c, 0x7c, 0xf3,
177 0x7e, 0x93, 0xce, 0xe0, 0xdf, 0x6e, 0x36, 0xe4, 0x36, 0x20, 0xcb, 0x36, 0x9c, 0x13, 0x3b, 0xc4,
178 0x02, 0x20, 0x7f, 0x18, 0x13, 0x7d, 0x1b, 0x8c, 0xe3, 0x5b, 0xd9, 0xac, 0x74, 0x8c, 0xc0, 0xe9,
179 0xbf, 0x1b, 0x48, 0x6f, 0xb6, 0x6a, 0x45, 0x03, 0xa6, 0x5d, 0x4d, 0x65, 0xf7, 0x96, 0xa0, 0x08,
182 int caCertLen = sizeof(caCert);
184 unsigned char control_server_message_ccm[] = {
185 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
186 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
187 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
188 0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65,
189 0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20,
190 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63,
191 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
192 0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
193 0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
194 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x43, 0x4d, 0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
196 int control_server_message_ccm_len = sizeof(control_server_message_ccm);
198 unsigned char control_server_message_ccm8[] = {
199 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
200 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
201 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
202 0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65,
203 0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20,
204 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63,
205 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
206 0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
207 0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
208 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x43, 0x4d, 0x2d, 0x38, 0x3c, 0x2f, 0x70, 0x3e, 0x0d,
211 int control_server_message_ccm8_len = sizeof(control_server_message_ccm8);
213 unsigned char control_server_message_cbc[] = {
214 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
215 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
216 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
217 0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65,
218 0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20,
219 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63,
220 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
221 0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
222 0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
223 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x42, 0x43, 0x2d, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
224 0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
226 int control_server_message_cbc_len = sizeof(control_server_message_cbc);
228 unsigned char control_client_message[] = {
229 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x0d, 0x0a,
232 int control_client_message_len = sizeof(control_client_message);
234 static void error(const char *msg)
240 static int sockfd, newsockfd;
242 static void socketConnect()
245 struct sockaddr_in serv_addr;
246 struct hostent *server;
248 portno = SERVER_PORT;
249 sockfd = socket(AF_INET, SOCK_STREAM, 0);
251 error("ERROR opening socket");
252 server = gethostbyname(SERVER_NAME);
253 if (server == NULL) {
254 fprintf(stderr,"ERROR, no such host\n");
257 //memset((char *) &serv_addr, sizeof(serv_addr));
258 memset((void*)&serv_addr, 0, sizeof(serv_addr));
259 serv_addr.sin_family = AF_INET;
260 memcpy((char *)server->h_addr,
261 (char *)&serv_addr.sin_addr.s_addr,
263 serv_addr.sin_port = htons(portno);
264 if (connect(sockfd,(struct sockaddr *) &serv_addr,sizeof(serv_addr)) < 0)
265 error("ERROR connecting");
268 static ssize_t CATCPPacketSendCB(CAEndpoint_t *, const void *buf, size_t buflen)
271 n = write(sockfd, buf, buflen);
273 error("ERROR writing to socket");
277 char msg[256] = {0}; size_t msglen = 0;
278 static void CATCPPacketReceivedCB(const CASecureEndpoint_t *, const void *data, size_t dataLength)
280 memcpy(msg, data, dataLength);
284 static void PacketReceive(unsigned char *data, int * datalen)
287 char buffer[2048] = {'\0'};
288 n = read(sockfd, buffer, 5);
289 if ((buffer[0] == 0x16 || buffer[0] == 0x14 || buffer[0] == 0x17 || buffer[0] == 0x15)
290 && buffer[1] == 0x03 && buffer[2] == 0x03)
292 int tlslen = (unsigned char)buffer[3] * 0x100 + (unsigned char)buffer[4];
293 n = read(sockfd, buffer + 5, tlslen);
297 error("ERROR reading from socket");
300 memcpy(data, buffer, *datalen);
303 static void socketClose()
308 static void infoCallback_that_loads_x509(PkiInfo_t * inf)
310 inf->crt.data = (uint8_t*)serverCert;
311 inf->crt.len = sizeof(serverCert);
312 inf->key.data = (uint8_t*)serverPrivateKey;
313 inf->key.len = sizeof(serverPrivateKey);
314 inf->ca.data = (uint8_t*)caCert;
315 inf->ca.len = sizeof(caCert);
316 inf->crl.data = NULL;
320 static void socketOpen_server()
323 struct sockaddr_in serv_addr, cli_addr;
326 portno = SERVER_PORT;
327 sockfd = socket(AF_INET, SOCK_STREAM, 0);
329 error("\nERROR opening socket");
330 //bzero((char *) &serv_addr, sizeof(serv_addr));
331 memset((void*)&serv_addr, 0, sizeof(serv_addr));
332 serv_addr.sin_family = AF_INET;
333 serv_addr.sin_addr.s_addr = INADDR_ANY;
334 serv_addr.sin_port = htons(portno);
335 if (bind(sockfd, (struct sockaddr *) &serv_addr,
336 sizeof(serv_addr)) < 0)
337 error("\nERROR on binding");
339 clilen = sizeof(cli_addr);
340 newsockfd = accept(sockfd,
341 (struct sockaddr *) &cli_addr,
344 error("\nERROR on accept");
347 static ssize_t CATCPPacketSendCB_server(CAEndpoint_t *, const void *buf, size_t buflen)
350 n = write(newsockfd,buf,buflen);
352 error("ERROR writing to socket");
356 static void CATCPPacketReceivedCB_server(const CASecureEndpoint_t *, const void *data, size_t dataLength)
358 memcpy(msg, data, dataLength);
361 static void PacketReceive_server(unsigned char *data, int * datalen)
364 char buffer[2048] = {'\0'};
365 n = read(newsockfd, buffer, 5);
367 if (buffer[0] == 0x16 || buffer[0] == 0x14 || buffer[0] == 0x17 || buffer[0] == 0x15)
369 int tlslen = (unsigned char)buffer[3] * 0x100 + (unsigned char)buffer[4];
370 n = read(newsockfd, buffer + 5, tlslen);
374 error("\nERROR reading from socket");
377 memcpy(data, buffer, *datalen);
380 static void socketClose_server()
386 static void clutch(bool * list)
391 const unsigned char IDENTITY[] = ("6767676767676767");
392 const unsigned char RS_CLIENT_PSK[] = ("AAAAAAAAAAAAAAAA");
393 static int32_t GetDtlsPskCredentials( CADtlsPskCredType_t,
394 const unsigned char *, size_t,
395 unsigned char *result, size_t)
403 memcpy(result, IDENTITY, sizeof(IDENTITY));
404 ret = sizeof(IDENTITY);
409 /* **************************
412 * MbedTLS client routine
415 * *************************/
417 #if !defined(MBEDTLS_CONFIG_FILE)
418 #include "mbedtls/config.h"
420 #include MBEDTLS_CONFIG_FILE
423 #if defined(MBEDTLS_PLATFORM_C)
424 #include "mbedtls/platform.h"
428 #define mbedtls_fprintf fprintf
429 #define mbedtls_printf printf
432 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
433 !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
434 !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
435 !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
436 !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
437 static int client( void )
439 mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
440 "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
441 "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
442 "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
448 #include "mbedtls/net.h"
449 #include "mbedtls/debug.h"
450 #include "mbedtls/ssl.h"
451 #include "mbedtls/entropy.h"
452 #include "mbedtls/ctr_drbg.h"
453 #include "mbedtls/error.h"
454 #include "mbedtls/certs.h"
458 #define DEBUG_LEVEL (0)
460 static void my_debug_client( void *ctx, int level,
461 const char *file, int line,
466 mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
467 fflush( (FILE *) ctx );
470 static void * client(void *)
473 mbedtls_net_context server_fd;
475 unsigned char buf[1024];
476 const char *pers = "ssl_client1";
478 mbedtls_entropy_context entropy;
479 mbedtls_ctr_drbg_context ctr_drbg;
480 mbedtls_ssl_context ssl;
481 mbedtls_ssl_config conf;
482 mbedtls_x509_crt cacert;
483 mbedtls_x509_crt owncert;
484 mbedtls_pk_context pkey;
487 * 0. Initialize the RNG and the session data
489 mbedtls_net_init( &server_fd );
490 mbedtls_ssl_init( &ssl );
491 mbedtls_ssl_config_init( &conf );
492 mbedtls_x509_crt_init( &cacert );
493 mbedtls_ctr_drbg_init( &ctr_drbg );
494 mbedtls_pk_init( &pkey );
496 mbedtls_printf( "\n . Seeding the random number generator..." );
499 mbedtls_entropy_init( &entropy );
500 if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
501 (const unsigned char *) pers,
502 strlen( pers ) ) ) != 0 )
504 mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
508 mbedtls_printf( " ok\n" );
511 * 0. Initialize certificates
513 mbedtls_printf( " . Loading the CA root certificate ..." );
515 ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) caCert, caCertLen );
518 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse caCert returned -0x%x\n\n", -ret );
521 ret = mbedtls_x509_crt_parse( &owncert, (const unsigned char *) serverCert, serverCertLen );
524 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse serverCert returned -0x%x\n\n", -ret );
527 ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) serverPrivateKey,
528 serverPrivateKeyLen, NULL, 0 );
531 mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret );
535 mbedtls_printf( " ok (%d skipped)\n", ret );
538 * 1. Start the connection
540 mbedtls_printf( " . Connecting to tcp/%s/%s...", SERVER_NAME, "SERVER_PORT" );
543 if( ( ret = mbedtls_net_connect( &server_fd, "127.0.0.1",
544 "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
546 mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
550 mbedtls_printf( " ok\n" );
555 mbedtls_printf( " . Setting up the SSL/TLS structure..." );
558 if( ( ret = mbedtls_ssl_config_defaults( &conf,
559 MBEDTLS_SSL_IS_CLIENT,
560 MBEDTLS_SSL_TRANSPORT_STREAM,
561 MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
563 mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
567 mbedtls_printf( " ok\n" );
569 /* OPTIONAL is not optimal for security,
570 * but makes interop easier in this simplified example */
571 mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
572 mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
573 mbedtls_ssl_conf_own_cert( &conf, &owncert, &pkey );
574 mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
575 mbedtls_ssl_conf_dbg( &conf, my_debug_client, stdout );
577 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
579 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
583 if( ( ret = mbedtls_ssl_set_hostname( &ssl, "mbed TLS Server 1" ) ) != 0 )
585 mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
589 mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
594 mbedtls_printf( " . Performing the SSL/TLS handshake..." );
597 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
599 if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
601 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
606 mbedtls_printf( " ok\n" );
609 * 5. Verify the server certificate
611 mbedtls_printf( " . Verifying peer X.509 certificate..." );
613 /* In real life, we probably want to bail out when ret != 0 */
614 if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
618 mbedtls_printf( " failed\n" );
620 mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
622 mbedtls_printf( "%s\n", vrfy_buf );
625 mbedtls_printf( " ok\n" );
628 * 3. Write the GET request
630 mbedtls_printf( " > Write to server:" );
633 len = sprintf( (char *) buf, GET_REQUEST );
635 while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
637 if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
639 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
645 mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf );
648 * 7. Read the HTTP response
650 mbedtls_printf( " < Read from server:" );
655 len = sizeof( buf ) - 1;
656 memset( buf, 0, sizeof( buf ) );
657 ret = mbedtls_ssl_read( &ssl, buf, len );
659 if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
662 if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
667 mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret );
673 mbedtls_printf( "\n\nEOF\n\n" );
678 mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
682 mbedtls_ssl_close_notify( &ssl );
686 #ifdef MBEDTLS_ERROR_C
690 mbedtls_strerror( ret, error_buf, 100 );
691 mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
695 mbedtls_net_free( &server_fd );
697 mbedtls_x509_crt_free( &cacert );
698 mbedtls_ssl_free( &ssl );
699 mbedtls_ssl_config_free( &conf );
700 mbedtls_ctr_drbg_free( &ctr_drbg );
701 mbedtls_entropy_free( &entropy );
705 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
706 MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
707 MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C &&
708 MBEDTLS_X509_CRT_PARSE_C */
710 /* **************************
713 * MbedTLS server routine
716 * *************************/
718 #if !defined(MBEDTLS_CONFIG_FILE)
719 #include "mbedtls/config.h"
721 #include MBEDTLS_CONFIG_FILE
724 #if defined(MBEDTLS_PLATFORM_C)
725 #include "mbedtls/platform.h"
729 #define mbedtls_fprintf fprintf
730 #define mbedtls_printf printf
733 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
734 !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
735 !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
736 !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
737 !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
738 !defined(MBEDTLS_PEM_PARSE_C)
739 /* int */void * server( void )
741 mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
742 "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
743 "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
744 "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
745 "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
753 #include "mbedtls/entropy.h"
754 #include "mbedtls/ctr_drbg.h"
755 #include "mbedtls/certs.h"
756 #include "mbedtls/x509.h"
757 #include "mbedtls/ssl.h"
758 #include "mbedtls/net.h"
759 #include "mbedtls/error.h"
760 #include "mbedtls/debug.h"
762 #if defined(MBEDTLS_SSL_CACHE_C)
763 #include "mbedtls/ssl_cache.h"
766 #define HTTP_RESPONSE \
767 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
768 "<h2>mbed TLS Test Server</h2>\r\n" \
770 "<p>Successful connection using: %s</p>\r\n"
772 #define DEBUG_LEVEL (0)
774 static int mbedtls_entropy_func_clutch(void *, unsigned char *output, size_t len)
776 for (uint32_t i = 0; i < len; i++) output[i] = 0x11;
780 static void my_debug( void *ctx, int level,
781 const char *file, int line,
786 mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
787 fflush( (FILE *) ctx );
790 static void * server(void *)
793 mbedtls_net_context listen_fd, client_fd;
794 unsigned char buf[1024];
795 const char *pers = "ssl_server";
797 mbedtls_entropy_context entropy;
798 mbedtls_ctr_drbg_context ctr_drbg;
799 mbedtls_ssl_context ssl;
800 mbedtls_ssl_config conf;
801 mbedtls_x509_crt srvcert;
802 mbedtls_pk_context pkey;
803 #if defined(MBEDTLS_SSL_CACHE_C)
804 mbedtls_ssl_cache_context cache;
807 mbedtls_net_init( &listen_fd );
808 mbedtls_net_init( &client_fd );
809 mbedtls_ssl_init( &ssl );
810 mbedtls_ssl_config_init( &conf );
811 #if defined(MBEDTLS_SSL_CACHE_C)
812 mbedtls_ssl_cache_init( &cache );
814 mbedtls_x509_crt_init( &srvcert );
815 mbedtls_pk_init( &pkey );
816 mbedtls_entropy_init( &entropy );
817 mbedtls_ctr_drbg_init( &ctr_drbg );
819 #if defined(MBEDTLS_DEBUG_C)
820 mbedtls_debug_set_threshold( DEBUG_LEVEL );
824 * 1. Load the certificates and private RSA key
826 mbedtls_printf( "\n . Loading the server cert. and key..." );
830 * This demonstration program uses embedded test certificates.
831 * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
832 * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
834 ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) serverCert, serverCertLen );
837 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
841 ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) caCert, caCertLen );
844 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
848 ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) serverPrivateKey,
849 serverPrivateKeyLen, NULL, 0 );
852 mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
856 mbedtls_printf( " ok\n" );
859 * 2. Setup the listening TCP socket
861 mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
864 if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
866 mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
870 mbedtls_printf( " ok\n" );
875 mbedtls_printf( " . Seeding the random number generator..." );
878 if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func_clutch, &entropy,
879 (const unsigned char *) pers,
880 strlen( pers ) ) ) != 0 )
882 mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
885 mbedtls_printf( " ok\n" );
890 mbedtls_printf( " . Setting up the SSL data...." );
893 if( ( ret = mbedtls_ssl_config_defaults( &conf,
894 MBEDTLS_SSL_IS_SERVER,
895 MBEDTLS_SSL_TRANSPORT_STREAM,
896 MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
898 mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
902 mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
903 mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
905 #if defined(MBEDTLS_SSL_CACHE_C)
906 mbedtls_ssl_conf_session_cache( &conf, &cache,
907 mbedtls_ssl_cache_get,
908 mbedtls_ssl_cache_set );
911 mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
912 if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
914 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
918 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
920 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
924 mbedtls_printf( " ok\n" );
927 #ifdef MBEDTLS_ERROR_C
931 mbedtls_strerror( ret, error_buf, 100 );
932 mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
936 mbedtls_net_free( &client_fd );
938 mbedtls_ssl_session_reset( &ssl );
941 * 3. Wait until a client connects
943 mbedtls_printf( " . Waiting for a remote connection ..." );
946 if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
947 NULL, 0, NULL ) ) != 0 )
949 mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
953 mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
955 mbedtls_printf( " ok\n" );
960 mbedtls_printf( " . Performing the SSL/TLS handshake..." );
963 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
965 if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
967 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
972 mbedtls_printf( " ok\n" );
975 * 6. Read the HTTP Request
977 mbedtls_printf( " < Read from client:" );
982 len = sizeof( buf ) - 1;
983 memset( buf, 0, sizeof( buf ) );
984 ret = mbedtls_ssl_read( &ssl, buf, len );
986 if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
993 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
994 mbedtls_printf( " connection was closed gracefully\n" );
997 case MBEDTLS_ERR_NET_CONN_RESET:
998 mbedtls_printf( " connection was reset by peer\n" );
1002 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
1010 mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
1018 * 7. Write the 200 Response
1020 mbedtls_printf( " > Write to client:" );
1024 len = sprintf( (char *) buf, HTTP_RESPONSE,
1025 mbedtls_ssl_get_ciphersuite( &ssl ) );
1027 while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
1029 if( ret == MBEDTLS_ERR_NET_CONN_RESET )
1031 mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
1035 if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
1037 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
1043 mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
1045 mbedtls_printf( " . Closing the connection..." );
1047 while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
1049 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
1050 ret != MBEDTLS_ERR_SSL_WANT_WRITE )
1052 mbedtls_printf( " failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret );
1057 mbedtls_printf( " ok\n" );
1064 #ifdef MBEDTLS_ERROR_C
1067 char error_buf[100];
1068 mbedtls_strerror( ret, error_buf, 100 );
1069 mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
1073 mbedtls_net_free( &client_fd );
1074 mbedtls_net_free( &listen_fd );
1076 mbedtls_x509_crt_free( &srvcert );
1077 mbedtls_pk_free( &pkey );
1078 mbedtls_ssl_free( &ssl );
1079 mbedtls_ssl_config_free( &conf );
1080 #if defined(MBEDTLS_SSL_CACHE_C)
1081 mbedtls_ssl_cache_free( &cache );
1083 mbedtls_ctr_drbg_free( &ctr_drbg );
1084 mbedtls_entropy_free( &entropy );
1087 mbedtls_printf( " Press Enter to exit this program.\n" );
1093 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
1094 MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
1095 MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C
1096 && MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */
1098 /* **************************
1101 * CAinitSslAdapter test
1104 * *************************/
1106 static int testCAinitSslAdapter()
1110 CAEndpoint_t serverAddr;
1111 serverAddr.adapter = CA_ADAPTER_IP;
1112 serverAddr.flags = CA_SECURE;
1113 serverAddr.port = 4433;
1114 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1115 memcpy(serverAddr.addr, addr, sizeof(addr));
1116 serverAddr.ifindex = 0;
1118 ret = CAinitSslAdapter();
1120 &g_caSslContext == NULL ||
1121 &g_caSslContext->crt == NULL ||
1122 &g_caSslContext->pkey == NULL ||
1123 &g_caSslContext->clientTlsConf == NULL ||
1124 &g_caSslContext->serverTlsConf == NULL ||
1125 &g_caSslContext->rnd == NULL ||
1126 &g_caSslContext->entropy == NULL)
1131 // CAdeinitSslAdapter
1132 ca_mutex_lock(g_sslContextMutex);
1134 mbedtls_x509_crt_free(&g_caSslContext->crt);
1135 mbedtls_pk_free(&g_caSslContext->pkey);
1136 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1137 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1138 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1139 mbedtls_entropy_free(&g_caSslContext->entropy);
1140 OICFree(g_caSslContext);
1141 g_caSslContext = NULL;
1142 ca_mutex_unlock(g_sslContextMutex);
1143 ca_mutex_free(g_sslContextMutex);
1144 g_sslContextMutex = NULL;
1149 // CAinitTlsAdapter()
1150 TEST(TLSAdaper, Test_1)
1153 ret = testCAinitSslAdapter();
1157 /* **************************
1160 * CAsetSslAdapterCallbacks test
1163 * *************************/
1165 static int testCAsetSslAdapterCallbacks()
1168 CAEndpoint_t serverAddr;
1169 serverAddr.adapter = CA_ADAPTER_IP;
1170 serverAddr.flags = CA_SECURE;
1171 serverAddr.port = 4433;
1172 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1173 memcpy(serverAddr.addr, addr, sizeof(addr));
1174 serverAddr.ifindex = 0;
1177 g_sslContextMutex = ca_mutex_new();
1178 ca_mutex_lock(g_sslContextMutex);
1179 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1180 g_caSslContext->peerList = u_arraylist_create();
1181 mbedtls_entropy_init(&g_caSslContext->entropy);
1182 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1183 unsigned char * seed = (unsigned char*) SEED;
1184 mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch,
1185 &g_caSslContext->entropy, seed, sizeof(SEED));
1186 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
1187 mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf);
1188 mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT,
1189 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1190 mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL);
1191 mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random,
1192 &g_caSslContext->rnd);
1193 mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]);
1194 mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3,
1195 MBEDTLS_SSL_MINOR_VERSION_1);
1196 mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1197 mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED);
1198 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
1199 mbedtls_x509_crt_init(&g_caSslContext->ca);
1200 mbedtls_x509_crt_init(&g_caSslContext->crt);
1201 mbedtls_pk_init(&g_caSslContext->pkey);
1202 mbedtls_x509_crl_init(&g_caSslContext->crl);
1203 ca_mutex_unlock(g_sslContextMutex);
1205 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, (CATransportAdapter_t)0);
1206 if (g_caSslContext->adapterCallbacks[0].recvCallback == NULL &&
1207 g_caSslContext->adapterCallbacks[0].sendCallback == NULL &&
1208 g_caSslContext->adapterCallbacks[1].recvCallback == NULL &&
1209 g_caSslContext->adapterCallbacks[1].sendCallback == NULL)
1217 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_IP);
1218 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
1219 if (g_caSslContext->adapterCallbacks[0].recvCallback == CATCPPacketReceivedCB &&
1220 g_caSslContext->adapterCallbacks[0].sendCallback == CATCPPacketSendCB &&
1221 g_caSslContext->adapterCallbacks[1].recvCallback == CATCPPacketReceivedCB &&
1222 g_caSslContext->adapterCallbacks[1].sendCallback == CATCPPacketSendCB)
1231 // CAdeinitSslAdapter
1232 ca_mutex_lock(g_sslContextMutex);
1234 mbedtls_x509_crt_free(&g_caSslContext->crt);
1235 mbedtls_pk_free(&g_caSslContext->pkey);
1236 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1237 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1238 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1239 mbedtls_entropy_free(&g_caSslContext->entropy);
1240 OICFree(g_caSslContext);
1241 g_caSslContext = NULL;
1242 ca_mutex_unlock(g_sslContextMutex);
1243 ca_mutex_free(g_sslContextMutex);
1244 g_sslContextMutex = NULL;
1249 // CAsetSslAdapterCallbacks()
1250 TEST(TLSAdaper, Test_2)
1253 ret = testCAsetSslAdapterCallbacks();
1257 /* **************************
1260 * CAinitiateSslHandshake test
1263 * *************************/
1265 unsigned char predictedClientHello[] = {
1266 0x16, 0x03, 0x01, 0x00, 0x63, 0x01, 0x00, 0x00, 0x5f, 0x03, 0x03, 0x57, 0xf2, 0x5f, 0x21, 0x04,
1267 0xb1, 0x3b, 0xda, 0x55, 0xa4, 0x8e, 0xcc, 0x3f, 0xe9, 0x45, 0x5c, 0xaf, 0xcb, 0x19, 0x2e, 0x1f,
1268 0x4b, 0xd5, 0x84, 0x5c, 0x4b, 0xd7, 0x7d, 0x38, 0xa2, 0xfa, 0x3d, 0x00, 0x00, 0x06, 0xc0, 0xac,
1269 0xc0, 0xae, 0x00, 0xff, 0x01, 0x00, 0x00, 0x30, 0x00, 0x0d, 0x00, 0x16, 0x00, 0x14, 0x06, 0x03,
1270 0x06, 0x01, 0x05, 0x03, 0x05, 0x01, 0x04, 0x03, 0x04, 0x01, 0x03, 0x03, 0x03, 0x01, 0x02, 0x03,
1271 0x02, 0x01, 0x00, 0x0a, 0x00, 0x04, 0x00, 0x02, 0x00, 0x17, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
1272 0x00, 0x16, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00
1274 static unsigned char controlBuf[sizeof(predictedClientHello)];
1275 static char controlBufLen = 0;
1276 static ssize_t CATCPPacketSendCB_forInitHsTest(CAEndpoint_t *, const void * buf, size_t buflen)
1279 n = write(sockfd, buf, buflen);
1281 error("ERROR writing to socket");
1283 memset(controlBuf, 0, sizeof(predictedClientHello));
1284 memcpy(controlBuf, buf, buflen);
1285 controlBufLen = buflen;
1289 static void * test0CAinitiateSslHandshake(void * arg)
1291 CAEndpoint_t serverAddr;
1292 serverAddr.adapter = CA_ADAPTER_TCP;
1293 serverAddr.flags = CA_SECURE;
1294 serverAddr.port = 4433;
1295 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1296 memcpy(serverAddr.addr, addr, sizeof(addr));
1297 serverAddr.ifindex = 0;
1300 g_sslContextMutex = ca_mutex_new();
1301 ca_mutex_lock(g_sslContextMutex);
1302 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1303 g_caSslContext->peerList = u_arraylist_create();
1304 mbedtls_entropy_init(&g_caSslContext->entropy);
1305 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1306 unsigned char * seed = (unsigned char*) SEED;
1307 mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch,
1308 &g_caSslContext->entropy, seed, sizeof(SEED));
1309 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
1310 mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf);
1311 mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT,
1312 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1313 mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL);
1314 mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random,
1315 &g_caSslContext->rnd);
1316 mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]);
1317 mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3,
1318 MBEDTLS_SSL_MINOR_VERSION_1);
1319 mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1320 mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED);
1321 mbedtls_x509_crt_init(&g_caSslContext->ca);
1322 mbedtls_x509_crt_init(&g_caSslContext->crt);
1323 mbedtls_pk_init(&g_caSslContext->pkey);
1324 mbedtls_x509_crl_init(&g_caSslContext->crl);
1325 ca_mutex_unlock(g_sslContextMutex);
1327 // CAsetSslAdapterCallbacks
1328 g_caSslContext->adapterCallbacks[1].recvCallback = CATCPPacketReceivedCB;
1329 g_caSslContext->adapterCallbacks[1].sendCallback = CATCPPacketSendCB_forInitHsTest;
1331 // CAsetPkixInfoCallback
1332 g_getPkixInfoCallback = infoCallback_that_loads_x509;
1334 // CAsetCredentialTypesCallback
1335 g_getCredentialTypesCallback = clutch;
1337 // CAsetTlsCipherSuite
1338 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
1339 tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
1340 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
1341 tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
1342 g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
1344 CAsetPskCredentialsCallback(GetDtlsPskCredentials);
1348 unsigned int unixTime = (unsigned)time(NULL);
1349 CAinitiateSslHandshake(&serverAddr);
1350 predictedClientHello[11] = unixTime >> 24;
1351 predictedClientHello[12] = (unixTime << 8) >> 24;
1352 predictedClientHello[13] = (unixTime << 16) >> 24;
1353 predictedClientHello[14] = (unixTime << 24) >> 24;
1355 // CAcloseTlsConnection
1356 ca_mutex_lock(g_sslContextMutex);
1357 SslEndPoint_t * tep = GetSslPeer(&serverAddr);
1358 mbedtls_ssl_close_notify(&tep->ssl);
1359 RemovePeerFromList(&tep->sep.endpoint);
1360 ca_mutex_unlock(g_sslContextMutex);
1362 // CAdeinitTlsAdapter
1363 ca_mutex_lock(g_sslContextMutex);
1365 mbedtls_x509_crt_free(&g_caSslContext->crt);
1366 mbedtls_pk_free(&g_caSslContext->pkey);
1367 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1368 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1369 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1370 mbedtls_entropy_free(&g_caSslContext->entropy);
1371 OICFree(g_caSslContext);
1372 g_caSslContext = NULL;
1373 ca_mutex_unlock(g_sslContextMutex);
1374 ca_mutex_free(g_sslContextMutex);
1375 g_sslContextMutex = NULL;
1379 if (controlBufLen == sizeof(predictedClientHello) &&
1380 memcmp(predictedClientHello, controlBuf, sizeof(predictedClientHello)) == 0)
1387 *((int*)arg) = 0xFF;
1388 return (void *) 0xFF;
1392 static int test1CAinitiateSslHandshake()
1395 ret = CAinitiateSslHandshake(NULL);
1396 if (CA_STATUS_INVALID_PARAM == ret)
1407 // CAinitiateSslHandshake()
1408 TEST(TLSAdaper, Test_3_0)
1410 pthread_t thread1, thread2;
1414 ret = pthread_create( &thread1, NULL, server, (void*) NULL);
1417 fprintf(stderr, "Error - pthread_create() return code: %d\n", ret);
1423 ret = pthread_create( &thread2, NULL, test0CAinitiateSslHandshake, &arg);
1426 fprintf(stderr, "Error - pthread_create() return code: %d\n", ret);
1435 TEST(TLSAdaper, Test_3_1)
1438 ret = test1CAinitiateSslHandshake();
1442 /* **************************
1448 * *************************/
1450 static void * testCAencryptSsl(void * arg)
1453 CAEndpoint_t serverAddr;
1454 serverAddr.adapter = CA_ADAPTER_TCP;
1455 serverAddr.flags = CA_SECURE;
1456 serverAddr.port = 4433;
1457 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1458 memcpy(serverAddr.addr, addr, sizeof(addr));
1459 serverAddr.ifindex = 0;
1462 g_sslContextMutex = ca_mutex_new();
1463 ca_mutex_lock(g_sslContextMutex);
1464 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1465 g_caSslContext->peerList = u_arraylist_create();
1466 mbedtls_entropy_init(&g_caSslContext->entropy);
1467 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1468 unsigned char * seed = (unsigned char*) SEED;
1469 mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch,
1470 &g_caSslContext->entropy, seed, sizeof(SEED));
1471 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
1472 mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf);
1473 mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT,
1474 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1475 mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL);
1476 mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random,
1477 &g_caSslContext->rnd);
1478 mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]);
1479 mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3,
1480 MBEDTLS_SSL_MINOR_VERSION_1);
1481 mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1482 mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED);
1483 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
1484 mbedtls_x509_crt_init(&g_caSslContext->ca);
1485 mbedtls_x509_crt_init(&g_caSslContext->crt);
1486 mbedtls_pk_init(&g_caSslContext->pkey);
1487 mbedtls_x509_crl_init(&g_caSslContext->crl);
1488 ca_mutex_unlock(g_sslContextMutex);
1490 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
1492 CAsetPkixInfoCallback(infoCallback_that_loads_x509);
1494 // CAsetCredentialTypesCallback
1495 g_getCredentialTypesCallback = clutch;
1497 if (*((int*)arg) == 0)
1499 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
1501 if (*((int*)arg) == 1)
1503 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
1505 else if (*((int*)arg) == 2)
1507 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
1509 CAsetPskCredentialsCallback(GetDtlsPskCredentials);
1513 // CAinitiateSslHandshake
1514 ca_mutex_lock(g_sslContextMutex);
1515 InitiateTlsHandshake(&serverAddr);
1516 ca_mutex_unlock(g_sslContextMutex);
1518 unsigned char buffer[2048] = {'\0'};
1520 CASecureEndpoint_t * sep = (CASecureEndpoint_t *) malloc (sizeof(CASecureEndpoint_t));
1521 sep->endpoint = serverAddr;
1523 for (int i = 0; i < 6; i++)
1525 PacketReceive(buffer, &buflen);
1526 CAdecryptSsl(sep, (uint8_t *)buffer, buflen);
1529 ret = sprintf( (char*)buffer, GET_REQUEST );
1531 CAencryptSsl(&serverAddr, buffer, ret);
1533 PacketReceive(buffer, &buflen);
1534 CAdecryptSsl(sep, (uint8_t *)buffer, buflen);
1536 CAcloseSslConnection(&serverAddr);
1538 // CAdeinitSslAdapter
1539 ca_mutex_lock(g_sslContextMutex);
1541 mbedtls_x509_crt_free(&g_caSslContext->crt);
1542 mbedtls_pk_free(&g_caSslContext->pkey);
1543 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1544 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1545 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1546 mbedtls_entropy_free(&g_caSslContext->entropy);
1547 OICFree(g_caSslContext);
1548 g_caSslContext = NULL;
1549 ca_mutex_unlock(g_sslContextMutex);
1550 ca_mutex_free(g_sslContextMutex);
1551 g_sslContextMutex = NULL;
1555 if (*((int*)arg) == 0)
1557 if (control_server_message_ccm_len == msglen && memcmp(msg, control_server_message_ccm, control_server_message_ccm_len) == 0)
1566 if (*((int*)arg) == 1)
1568 if (control_server_message_ccm8_len == msglen && memcmp(msg, control_server_message_ccm8, control_server_message_ccm8_len) == 0)
1577 else if (*((int*)arg) == 2)
1579 if (control_server_message_cbc_len == msglen && memcmp(msg, control_server_message_cbc, control_server_message_cbc_len) == 0)
1596 *((int*)arg) = 0xFF;
1597 return (void *) 0xFF;
1602 TEST(TLSAdaper, Test_4_0)
1604 pthread_t thread1, thread2;
1608 ret = pthread_create( &thread1, NULL, server, (void*) NULL);
1611 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1617 ret = pthread_create( &thread2, NULL, testCAencryptSsl, &arg);
1620 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1630 TEST(TLSAdaper, Test_4_1)
1632 pthread_t thread1, thread2;
1636 ret = pthread_create( &thread1, NULL, server, (void*) NULL);
1639 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1645 ret = pthread_create( &thread2, NULL, testCAencryptSsl, &arg);
1648 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1658 TEST(TLSAdaper, Test_4_2)
1660 pthread_t thread1, thread2;
1664 ret = pthread_create( &thread1, NULL, server, (void*) NULL);
1667 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1673 ret = pthread_create( &thread2, NULL, testCAencryptSsl, &arg);
1676 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1685 /* **************************
1691 * *************************/
1693 static void * testCAdecryptSsl(void * arg)
1696 unsigned char buffer[2048] = {'\0'};
1699 CAEndpoint_t serverAddr;
1700 serverAddr.adapter = CA_ADAPTER_TCP;
1701 serverAddr.flags = CA_SECURE;
1702 serverAddr.port = 4433;
1703 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1704 memcpy(serverAddr.addr, addr, sizeof(addr));
1705 serverAddr.ifindex = 0;
1708 g_sslContextMutex = ca_mutex_new();
1709 ca_mutex_lock(g_sslContextMutex);
1710 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1711 g_caSslContext->peerList = u_arraylist_create();
1712 mbedtls_entropy_init(&g_caSslContext->entropy);
1713 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1714 unsigned char * seed = (unsigned char*) SEED;
1715 mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch,
1716 &g_caSslContext->entropy, seed, sizeof(SEED));
1717 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
1718 mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf);
1719 mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT,
1720 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1721 mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL);
1722 mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random,
1723 &g_caSslContext->rnd);
1724 mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]);
1725 mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3,
1726 MBEDTLS_SSL_MINOR_VERSION_1);
1727 mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1728 mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED);
1729 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
1730 mbedtls_x509_crt_init(&g_caSslContext->ca);
1731 mbedtls_x509_crt_init(&g_caSslContext->crt);
1732 mbedtls_pk_init(&g_caSslContext->pkey);
1733 mbedtls_x509_crl_init(&g_caSslContext->crl);
1734 ca_mutex_unlock(g_sslContextMutex);
1736 // CAsetTlsAdapterCallbacks
1737 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
1739 // CAsetPkixInfoCallback
1740 CAsetPkixInfoCallback(infoCallback_that_loads_x509);
1742 // CAsetCredentialTypesCallback
1743 g_getCredentialTypesCallback = clutch;
1745 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
1747 CAsetPskCredentialsCallback(GetDtlsPskCredentials);
1751 // CAinitiateSslHandshake
1752 ca_mutex_lock(g_sslContextMutex);
1753 InitiateTlsHandshake(&serverAddr);
1754 ca_mutex_unlock(g_sslContextMutex);
1756 CASecureEndpoint_t * sep = (CASecureEndpoint_t *) malloc (sizeof(CASecureEndpoint_t));
1757 sep->endpoint = serverAddr;
1759 for (int i = 0; i < 6; i++)
1761 PacketReceive(buffer, &buflen);
1762 CAdecryptSsl(sep, (uint8_t *)buffer, buflen);
1765 ret = sprintf((char*)buffer, GET_REQUEST);
1767 CAencryptSsl(&serverAddr, buffer, ret);
1769 PacketReceive(buffer, &buflen);
1770 CAdecryptSsl(sep, (uint8_t *)buffer, buflen);
1772 CAcloseSslConnection(&serverAddr);
1774 // CAdeinitSslAdapter
1775 ca_mutex_lock(g_sslContextMutex);
1777 mbedtls_x509_crt_free(&g_caSslContext->crt);
1778 mbedtls_pk_free(&g_caSslContext->pkey);
1779 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1780 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1781 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1782 mbedtls_entropy_free(&g_caSslContext->entropy);
1783 OICFree(g_caSslContext);
1784 g_caSslContext = NULL;
1785 ca_mutex_unlock(g_sslContextMutex);
1786 ca_mutex_free(g_sslContextMutex);
1787 g_sslContextMutex = NULL;
1791 if (control_server_message_ccm_len == msglen && memcmp(msg, control_server_message_ccm,
1792 control_server_message_ccm_len) == 0)
1799 *((int*)arg) = 0xFF;
1800 return (void *) 0xFF;
1805 TEST(TLSAdaper, Test_5)
1807 pthread_t thread1, thread2;
1811 ret = pthread_create( &thread1, NULL, server, (void*) NULL);
1814 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1820 ret = pthread_create( &thread2, NULL, testCAdecryptSsl, &arg);
1823 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
1832 /* **************************
1835 * CAdeinitSslAdapter test
1838 * *************************/
1840 static int testCAdeinitSslAdapter()
1843 CAEndpoint_t serverAddr;
1844 serverAddr.adapter = CA_ADAPTER_IP;
1845 serverAddr.flags = CA_SECURE;
1846 serverAddr.port = 4433;
1847 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1848 memcpy(serverAddr.addr, addr, sizeof(addr));
1849 serverAddr.ifindex = 0;
1852 g_sslContextMutex = ca_mutex_new();
1853 ca_mutex_lock(g_sslContextMutex);
1854 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1855 g_caSslContext->peerList = u_arraylist_create();
1856 mbedtls_entropy_init(&g_caSslContext->entropy);
1857 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1858 unsigned char * seed = (unsigned char*) SEED;
1859 mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func,
1860 &g_caSslContext->entropy, seed, sizeof(SEED));
1861 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
1862 mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf);
1863 mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT,
1864 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
1865 mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL);
1866 mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random,
1867 &g_caSslContext->rnd);
1868 mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]);
1869 mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3,
1870 MBEDTLS_SSL_MINOR_VERSION_1);
1871 mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1872 mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED);
1873 mbedtls_x509_crt_init(&g_caSslContext->ca);
1874 mbedtls_x509_crt_init(&g_caSslContext->crt);
1875 mbedtls_pk_init(&g_caSslContext->pkey);
1876 mbedtls_x509_crl_init(&g_caSslContext->crl);
1877 ca_mutex_unlock(g_sslContextMutex);
1879 // CAsetTlsAdapterCallbacks
1880 g_caSslContext->adapterCallbacks[1].recvCallback = CATCPPacketReceivedCB;
1881 g_caSslContext->adapterCallbacks[1].sendCallback = CATCPPacketSendCB;
1883 // CAsetPkixInfoCallback
1884 g_getPkixInfoCallback = infoCallback_that_loads_x509;
1886 // CAsetTlsCipherSuite
1887 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
1888 tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
1889 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
1890 tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
1891 g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
1893 CAdeinitSslAdapter();
1895 if (g_caSslContext != NULL ||
1896 g_sslContextMutex != NULL)
1907 // CAdeinitSslAdapter()
1908 TEST(TLSAdaper, Test_6)
1911 ret = testCAdeinitSslAdapter();
1915 /* **************************
1921 * *************************/
1923 static void * testServer(void * arg)
1925 CAEndpoint_t serverAddr;
1926 serverAddr.adapter = CA_ADAPTER_TCP;
1927 serverAddr.flags = CA_SECURE;
1928 serverAddr.port = 4432;
1929 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
1930 memcpy(serverAddr.addr, addr, sizeof(addr));
1931 serverAddr.ifindex = 0;
1932 unsigned char buffer[2048] = {'\0'};
1937 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB_server, CATCPPacketSendCB_server, CA_ADAPTER_TCP);
1938 CAsetPkixInfoCallback(infoCallback_that_loads_x509);
1940 // CAsetCredentialTypesCallback
1941 g_getCredentialTypesCallback = clutch;
1943 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
1945 CAsetPskCredentialsCallback(GetDtlsPskCredentials);
1947 socketOpen_server();
1949 CASecureEndpoint_t * sep = (CASecureEndpoint_t *) malloc (sizeof(CASecureEndpoint_t));
1950 sep->endpoint = serverAddr;
1952 for (int i = 0; i < 7; i++)
1954 PacketReceive_server(buffer, &buflen);
1955 CAdecryptSsl(sep, (uint8_t *)buffer, buflen);
1958 CAcloseSslConnection(&serverAddr);
1960 // CAdeinitSslAdapter
1961 ca_mutex_lock(g_sslContextMutex);
1963 mbedtls_x509_crt_free(&g_caSslContext->crt);
1964 mbedtls_pk_free(&g_caSslContext->pkey);
1965 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1966 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1967 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1968 mbedtls_entropy_free(&g_caSslContext->entropy);
1969 OICFree(g_caSslContext);
1970 g_caSslContext = NULL;
1971 ca_mutex_unlock(g_sslContextMutex);
1972 ca_mutex_free(g_sslContextMutex);
1973 g_sslContextMutex = NULL;
1975 socketClose_server();
1977 if (control_client_message_len == msglen && memcmp(msg, control_client_message,
1978 control_client_message_len) == 0)
1985 *((int*)arg) = 0xFF;
1986 return (void *) 0xFF;
1990 TEST(TLSAdaper, Test_7)
1992 pthread_t thread1, thread2;
1996 ret = pthread_create( &thread1, NULL, testServer, &arg);
1999 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
2005 ret = pthread_create( &thread2, NULL, client, (void*) NULL);
2008 fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
2014 EXPECT_EQ(NULL, arg);
2017 /* **************************
2019 * CAsetPskCredentialsCallback test
2020 * CAsetPkixInfoCallback test
2021 * CAsetCredentialTypesCallback test
2023 * *************************/
2025 static int testCAsetPskCredentialsCallback()
2027 static CAgetPskCredentialsHandler credCallback = (CAgetPskCredentialsHandler)dummyHandler;
2028 CAsetPskCredentialsCallback(credCallback);
2029 if (g_getCredentialsCallback == (CAgetPskCredentialsHandler)dummyHandler)
2039 static int testCAsetPkixInfoCallback()
2041 static CAgetPkixInfoHandler infoCallback = (CAgetPkixInfoHandler)dummyHandler;
2042 CAsetPkixInfoCallback(infoCallback);
2043 if (g_getPkixInfoCallback == (CAgetPkixInfoHandler)dummyHandler)
2053 static int testCAsetCredentialTypesCallback()
2055 static CAgetCredentialTypesHandler credTypesCallback = (CAgetCredentialTypesHandler)dummyHandler;
2056 CAsetCredentialTypesCallback(credTypesCallback);
2057 if (g_getCredentialTypesCallback == (CAgetCredentialTypesHandler)dummyHandler)
2067 // CAsetPskCredentialsCallback()
2068 TEST(TLSAdaper, Test_9_0)
2071 ret = testCAsetPskCredentialsCallback();
2074 // CAsetPkixInfoCallback()
2075 TEST(TLSAdaper, Test_9_1)
2078 ret = testCAsetPkixInfoCallback();
2081 // CAsetCredentialTypesCallback()
2082 TEST(TLSAdaper, Test_9_2)
2085 ret = testCAsetCredentialTypesCallback();
2089 /* **************************
2092 * CAsetTlsCipherSuite test
2095 * *************************/
2097 static int testCAsetTlsCipherSuite()
2099 int ret = 0, status = 0;
2100 CAEndpoint_t serverAddr;
2101 serverAddr.adapter = CA_ADAPTER_TCP;
2102 serverAddr.flags = CA_SECURE;
2103 serverAddr.port = 4433;
2104 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
2105 memcpy(serverAddr.addr, addr, sizeof(addr));
2106 serverAddr.ifindex = 0;
2110 // CAsetCredentialTypesCallback
2111 g_getCredentialTypesCallback = clutch;
2113 status = CAsetTlsCipherSuite(MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA);
2114 if (ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA != g_caSslContext->cipher || status != CA_STATUS_OK)
2119 status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
2120 if (ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM != g_caSslContext->cipher || status != CA_STATUS_OK)
2125 status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
2126 if (ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
2131 status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256);
2132 if (ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256 != g_caSslContext->cipher || status != CA_STATUS_OK)
2137 status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
2138 if (ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
2143 status = CAsetTlsCipherSuite(dummyHandler);
2144 if (CA_STATUS_FAILED != status)
2149 // CAdeinitSslAdapter
2150 ca_mutex_lock(g_sslContextMutex);
2152 mbedtls_x509_crt_free(&g_caSslContext->crt);
2153 mbedtls_pk_free(&g_caSslContext->pkey);
2154 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
2155 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
2156 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
2157 mbedtls_entropy_free(&g_caSslContext->entropy);
2158 OICFree(g_caSslContext);
2159 g_caSslContext = NULL;
2160 ca_mutex_unlock(g_sslContextMutex);
2161 ca_mutex_free(g_sslContextMutex);
2162 g_sslContextMutex = NULL;
2167 // CAinitTlsAdapter()
2168 TEST(TLSAdaper, Test_10)
2171 ret = testCAsetTlsCipherSuite();
2175 static void * testCAsslGenerateOwnerPsk(void * arg)
2178 CAEndpoint_t serverAddr;
2179 serverAddr.adapter = CA_ADAPTER_TCP;
2180 serverAddr.flags = CA_SECURE;
2181 serverAddr.port = 4433;
2182 char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1
2183 memcpy(serverAddr.addr, addr, sizeof(addr));
2184 serverAddr.ifindex = 0;
2186 uint8_t label[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A};
2187 uint8_t rsrcServerDeviceId[] = {0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A};
2188 uint8_t provServerDeviceId[] = {0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A};
2189 uint8_t ownerPsk[0x100] = {0x00};
2190 uint8_t predictedPSK[] = {
2191 0xba, 0x72, 0x16, 0xbc, 0x7f, 0x8c, 0xfe, 0xfc, 0xd0, 0xac, 0x1a, 0x37, 0xad, 0x60, 0xe8, 0x9e,
2192 0xb3, 0x31, 0xa2, 0x30, 0xaf, 0x68, 0xc9, 0xa6, 0x89, 0x8a, 0x04, 0x21, 0x6c, 0xbd, 0x04, 0x08,
2193 0x68, 0x11, 0x54, 0x9e, 0x2a, 0x10, 0x91, 0x94, 0x3c, 0x44, 0x52, 0xc7, 0xfa, 0x78, 0x44, 0x87,
2194 0xea, 0x30, 0x08, 0x5f, 0xc1, 0x64, 0xaa, 0x0d, 0xfd, 0x84, 0x16, 0x83, 0x20, 0xc9, 0x08, 0x65,
2195 0xd2, 0x4a, 0x55, 0x9e, 0x8f, 0x88, 0x3c, 0x57, 0x10, 0xbd, 0x5a, 0x30, 0x01, 0xb4, 0x59, 0x63,
2196 0x64, 0x19, 0x8d, 0xfa, 0x5c, 0x86, 0x92, 0xf7, 0x60, 0x99, 0xdb, 0xae, 0x0e, 0xad, 0x80, 0xf1,
2197 0x82, 0xaf, 0x1b, 0x14, 0x0c, 0x99, 0x13, 0x53, 0x54, 0x33, 0x6a, 0x17, 0x24, 0x5c, 0x9d, 0xdb,
2198 0x5a, 0xfb, 0x73, 0x2f, 0x41, 0xe8, 0xeb, 0x2e, 0x68, 0xfe, 0xee, 0x0b, 0xdc, 0x54, 0x50, 0xf1,
2199 0x1e, 0x16, 0x19, 0x2c, 0x4e, 0xb6, 0x97, 0x9f, 0x9c, 0x32, 0x9c, 0x0e, 0xe0, 0xe1, 0x32, 0x64,
2200 0x16, 0x34, 0x53, 0x8e, 0xc5, 0xe3, 0xe5, 0xbc, 0x2c, 0x10, 0xae, 0x81, 0x2c, 0x1a, 0xb2, 0xb7,
2201 0xa3, 0xbe, 0x0f, 0xab, 0xfd, 0xf7, 0x87, 0x53, 0xcd, 0x3e, 0x31, 0xfb, 0x2d, 0x69, 0x6a, 0xd5,
2202 0xc3, 0x27, 0x04, 0x2b, 0x37, 0x02, 0x91, 0x05, 0x0c, 0x4e, 0x2a, 0xfc, 0x6c, 0x42, 0xe8, 0x37,
2203 0x23, 0x2f, 0x60, 0x6e, 0x0c, 0xed, 0x7c, 0xe0, 0x5f, 0x47, 0xb3, 0x51, 0x86, 0x5b, 0x26, 0x08,
2204 0x2a, 0x05, 0x89, 0xb0, 0xdd, 0x6f, 0xc6, 0x76, 0xc5, 0x2a, 0x60, 0x07, 0x0e, 0xb1, 0x71, 0x67,
2205 0x21, 0x11, 0xf8, 0xb5, 0x52, 0xa3, 0xf3, 0xf0, 0xd4, 0x5f, 0xdf, 0x44, 0x66, 0x23, 0xd8, 0x4e,
2206 0xbd, 0x64, 0x39, 0x43, 0x03, 0x37, 0xaa, 0xd7, 0xea, 0xb3, 0x6d, 0x2f, 0x84, 0x9c, 0x02, 0x49
2210 g_sslContextMutex = ca_mutex_new();
2211 ca_mutex_lock(g_sslContextMutex);
2212 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
2213 g_caSslContext->peerList = u_arraylist_create();
2214 mbedtls_entropy_init(&g_caSslContext->entropy);
2215 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
2216 unsigned char * seed = (unsigned char*) SEED;
2217 mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch,
2218 &g_caSslContext->entropy, seed, sizeof(SEED));
2219 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
2220 mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf);
2221 mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT,
2222 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
2223 mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL);
2224 mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random,
2225 &g_caSslContext->rnd);
2226 mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]);
2227 mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3,
2228 MBEDTLS_SSL_MINOR_VERSION_1);
2229 mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
2230 mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED);
2231 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
2232 mbedtls_x509_crt_init(&g_caSslContext->ca);
2233 mbedtls_x509_crt_init(&g_caSslContext->crt);
2234 mbedtls_pk_init(&g_caSslContext->pkey);
2235 mbedtls_x509_crl_init(&g_caSslContext->crl);
2236 ca_mutex_unlock(g_sslContextMutex);
2238 // CAsetTlsAdapterCallbacks
2239 CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
2241 // CAsetPkixInfoCallback
2242 CAsetPkixInfoCallback(infoCallback_that_loads_x509);
2244 // CAsetCredentialTypesCallback
2245 g_getCredentialTypesCallback = clutch;
2247 CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
2249 CAsetPskCredentialsCallback(GetDtlsPskCredentials);
2253 // CAinitiateSslHandshake
2254 ca_mutex_lock(g_sslContextMutex);
2255 InitiateTlsHandshake(&serverAddr);
2256 ca_mutex_unlock(g_sslContextMutex);
2258 ret = CAsslGenerateOwnerPsk(&serverAddr,
2259 label, sizeof(label),
2260 rsrcServerDeviceId, sizeof(rsrcServerDeviceId),
2261 provServerDeviceId, sizeof(provServerDeviceId),
2264 // CAcloseTlsConnection
2265 ca_mutex_lock(g_sslContextMutex);
2266 SslEndPoint_t * tep = GetSslPeer(&serverAddr);
2267 mbedtls_ssl_close_notify(&tep->ssl);
2268 RemovePeerFromList(&tep->sep.endpoint);
2269 ca_mutex_unlock(g_sslContextMutex);
2271 // CAdeinitTlsAdapter
2272 ca_mutex_lock(g_sslContextMutex);
2274 mbedtls_x509_crt_free(&g_caSslContext->crt);
2275 mbedtls_pk_free(&g_caSslContext->pkey);
2276 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
2277 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
2278 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
2279 mbedtls_entropy_free(&g_caSslContext->entropy);
2280 OICFree(g_caSslContext);
2281 g_caSslContext = NULL;
2282 ca_mutex_unlock(g_sslContextMutex);
2283 ca_mutex_free(g_sslContextMutex);
2284 g_sslContextMutex = NULL;
2288 if (ret == 0 && memcmp(predictedPSK, ownerPsk, sizeof(predictedPSK)) == 0)
2295 *((int*)arg) = 0xFF;
2296 return (void *) 0xFF;
2300 TEST(TLSAdaper, Test_11)
2302 pthread_t thread1, thread2;
2306 ret = pthread_create( &thread1, NULL, server, (void*) NULL);
2309 fprintf(stderr, "Error - pthread_create() return code: %d\n", ret);
2315 ret = pthread_create( &thread2, NULL, testCAsslGenerateOwnerPsk, &arg);
2318 fprintf(stderr, "Error - pthread_create() return code: %d\n", ret);