Common functions for the TLS1.2 client/server exchange utility. It is an example of the programmatic use of the ateccx08 engine for TLS1.2 exchange. For details see https://wiki.openssl.org/index.php/SSL/TLS_Client and https://wiki.openssl.org/index.php/Simple_TLS_Server.
More...
#include <stdio.h>
#include <memory.h>
#include <unistd.h>
#include <errno.h>
#include <assert.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#include <engine_meth/ecc_meth.h>
Go to the source code of this file.
|
|
#define | EXCHANGE_VERSION "1.1.0" |
| |
|
#define | PORT_NUMBER_DEFAULT (49917) |
| |
|
#define | CHK_NULL(x) if ((x)==NULL) { sleep(1); exit (1); } |
| |
|
#define | CHK_ERR(err, s) if ((err)==-1) { perror(s); sleep(1); exit(1); } |
| |
|
#define | CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); sleep(2); exit(2); } |
| |
|
| int | setup_engine (const char *engine_id) |
| | setup OpenSSL engine by engine ID More...
|
| |
|
void | init_openssl (void) |
| | Calls OpenSSL standard initialize methods.
|
| |
| SSL_CTX * | create_context (uint32_t is_server) |
| | Creates the SSL context for server or client. More...
|
| |
| int | config_args_ssl_call (SSL_CTX *ctx, SSL_CONF_CTX *cctx) |
| | A modification of the args_ssl_call() function from the openssl aps/s_cb.c file. More...
|
| |
| int | configure_context (SSL_CTX *ctx, const char *ca_path, const char *chain_file, const char *cert_file) |
| | Configures the SSL context for server or client using provided certificates, chain files, and private keys (ATECCX08 token are encoded into the OpenSSL private key files) More...
|
| |
| int | verify_callback (int ok, X509_STORE_CTX *ctx) |
| | A modification of the verify_callback() function from the openssl aps/s_cb.c file. More...
|
| |
| int | load_private_key (const char *engine_id, SSL_CTX *ctx, const char *key_file) |
| | setup OpenSSL engine by engine ID More...
|
| |
|
void | cleanup_openssl (void) |
| | Call OpenSSL standard cleanup methods.
|
| |
| int | connect_client (const char *engine_id, const char *ca_path, const char *chain_file, const char *cert_file, const char *key_file, const char *cipher_list, const char *ip_address, uint16_t port_number) |
| | A complete procedure of connecting client using TLS-1.2 protocol over TCP/IP. More...
|
| |
| int | connect_server (const char *engine_id, const char *ca_path, const char *chain_file, const char *cert_file, const char *key_file, const char *ip_address, uint16_t port_number) |
| | A complete procedure of connecting server using TLS-1.2 protocol over TCP/IP. More...
|
| |
| int | save_private_key (EVP_PKEY *pkey, const char *privkey_fname) |
| |
| int | save_x509_certificate (X509 *x509, const char *cert_fname) |
| |
| int | run_engine_cmds (const char *engine_id, int cmd, char *buffer, int len) |
| |
Common functions for the TLS1.2 client/server exchange utility. It is an example of the programmatic use of the ateccx08 engine for TLS1.2 exchange. For details see https://wiki.openssl.org/index.php/SSL/TLS_Client and https://wiki.openssl.org/index.php/Simple_TLS_Server.
Copyright (c) 2015 Atmel Corporation. All rights reserved.
| int config_args_ssl_call |
( |
SSL_CTX * |
ctx, |
|
|
SSL_CONF_CTX * |
cctx |
|
) |
| |
A modification of the args_ssl_call() function from the openssl aps/s_cb.c file.
- Parameters
-
| [in] | ctx | SSL context |
| [in,out] | cctx | SSL_CONF_CTX |
- Returns
- 0 for success
| int configure_context |
( |
SSL_CTX * |
ctx, |
|
|
const char * |
ca_path, |
|
|
const char * |
chain_file, |
|
|
const char * |
cert_file |
|
) |
| |
Configures the SSL context for server or client using provided certificates, chain files, and private keys (ATECCX08 token are encoded into the OpenSSL private key files)
- Parameters
-
| [in] | ctx | SSL context |
| [in] | ca_path | Path to CA (Certificate Authority) |
| [in] | chain_file | Chain File Name (Certificate Bundle) |
| [in] | cert_file | Certificate File Name |
- Returns
- 1 for success
| int connect_client |
( |
const char * |
engine_id, |
|
|
const char * |
ca_path, |
|
|
const char * |
chain_file, |
|
|
const char * |
cert_file, |
|
|
const char * |
key_file, |
|
|
const char * |
cipher_list, |
|
|
const char * |
ip_address, |
|
|
uint16_t |
port_number |
|
) |
| |
A complete procedure of connecting client using TLS-1.2 protocol over TCP/IP.
- Parameters
-
| [in] | engine_id | Engine ID (use Software libraries if NULL) |
| [in] | ca_path | Path to CA (Certificate Authority) |
| [in] | chain_file | Chain File Name (Certificate Bundle) |
| [in] | cert_file | Certificate File Name |
| [in] | key_file | Private Key File Name |
| [in] | cipher_list | Cipher list string (ECDH-ECDSA-AES128-SHA256, ECDH-ECDSA-AES128-GCM-SHA256, etc) - Must be SHA-256 for ECC508 |
| [in] | ip_address | The server IP address |
| [in] | ip_address | The server port number |
- Returns
- 0 for success
| int connect_server |
( |
const char * |
engine_id, |
|
|
const char * |
ca_path, |
|
|
const char * |
chain_file, |
|
|
const char * |
cert_file, |
|
|
const char * |
key_file, |
|
|
const char * |
ip_address, |
|
|
uint16_t |
port_number |
|
) |
| |
A complete procedure of connecting server using TLS-1.2 protocol over TCP/IP.
- Parameters
-
| [in] | engine_id | Engine ID (use Software libraries if NULL) |
| [in] | ca_path | Path to CA (Certificate Authority) |
| [in] | chain_file | Chain File Name (Certificate Bundle) |
| [in] | cert_file | Certificate File Name |
| [in] | key_file | Private Key File Name |
| [in] | ip_address | The server IP address |
| [in] | ip_address | The server port number |
- Returns
- 0 for success
| SSL_CTX* create_context |
( |
uint32_t |
is_server | ) |
|
Creates the SSL context for server or client.
- Parameters
-
| [in] | is_server | 1 - for server, 0 - for client |
- Returns
- a pointer to SSL_CTX for success, NULL for error
| int load_private_key |
( |
const char * |
engine_id, |
|
|
SSL_CTX * |
ctx, |
|
|
const char * |
key_file |
|
) |
| |
setup OpenSSL engine by engine ID
- Parameters
-
| [in] | engine_id | Engine ID |
| ctx[in] | SSL context |
| key_file[in] | Private Key File Name |
- Returns
- 1 for success, 0 for error
| int run_engine_cmds |
( |
const char * |
engine_id, |
|
|
int |
cmd, |
|
|
char * |
buffer, |
|
|
int |
len |
|
) |
| |
Calls different engine commands by CMD ID
- Parameters
-
| [in] | engine_id | Engine ID (just return if NULL) |
| [in] | cmd | a command to pass to the engine library (for the list of commands see ecc_meth.h file |
| [in,out] | buffer | an optional buffer to pass into the command |
| [in,out] | len | the buffer size |
- Returns
- 1 for success, 0 for error
| int save_private_key |
( |
EVP_PKEY * |
pkey, |
|
|
const char * |
privkey_fname |
|
) |
| |
Saves unencrypted private key in the PEM format. There is no reason to use password/encryption for keys tht are already in the hardware. Here we expect a pointer to the key, not a real key
- Parameters
-
| [in] | pkey | pointer to public/private key structure (private key may be just a tocken, pointing to the hardware) |
| [in] | privkey_fname | Private Key File Name |
- Returns
- 1 for success
| int save_x509_certificate |
( |
X509 * |
x509, |
|
|
const char * |
cert_fname |
|
) |
| |
Saves a certificate in the PEM format
- Parameters
-
| [in] | x509 | pointer to X509 structure with certificate |
| [in] | cert_fname | Certificate file name |
- Returns
- 1 for success
| int setup_engine |
( |
const char * |
engine_id | ) |
|
setup OpenSSL engine by engine ID
- Parameters
-
| [in] | engine_id | Engine ID (just return if NULL) |
- Returns
- 1 for success, 0 for error
| int verify_callback |
( |
int |
ok, |
|
|
X509_STORE_CTX * |
ctx |
|
) |
| |
A modification of the verify_callback() function from the openssl aps/s_cb.c file.
- Parameters
-
| [in] | ok | a parameter allowint to exit from the callback immediately |
| [in,out] | ctx | X509_STORE_CTX |
- Returns
- 0 for success
1.8.10