Skip to content

Instantly share code, notes, and snippets.

@kakopappa

kakopappa/secure-mbedtls-server.c

Last active May 23, 2023 15:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kakopappa/f47075920ee980773585eb2189f0468f to your computer and use it in GitHub Desktop.
Save kakopappa/f47075920ee980773585eb2189f0468f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
secure-mbedtls-server.c
int ret, len;
mbedtls_net_context listen_fd, client_fd;
unsigned char buf[1024];
const char *pers = "ssl_server";
int port = 443
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_x509_crt srvcert;
mbedtls_pk_context pkey;
mbedtls_net_init(&listen_fd);
mbedtls_net_init(&client_fd);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
ESP_LOGE(TAG, " . Seeding the random number generator...");
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
ESP_LOGE(TAG, " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
return -1;
}
ESP_LOGE(TAG, " ok\n");
const char* cert =
"-----BEGIN CERTIFICATE-----\n"
"-----END CERTIFICATE-----\n";
const char * key =
"-----BEGIN RSA PRIVATE KEY-----\n"
"-----END RSA PRIVATE KEY-----\n";
ESP_LOGE(TAG, "\n . Loading the server cert. and key...");
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char*)cert, strlen(cert) + 1);
if (ret != 0) {
char errorBuf[100];
mbedtls_strerror(ret, errorBuf, sizeof(errorBuf));
ESP_LOGE(TAG, "Certificate parsing srvcert error: ");
return -1;
}
ESP_LOGE(TAG, " ok\n");
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char*)key, strlen(key) + 1, NULL, 0);
if (ret != 0) {
char errorBuf[100];
mbedtls_strerror(ret, errorBuf, sizeof(errorBuf));
ESP_LOGE(TAG, "Private key parsing error: ");
//ESP_LOGE(TAG, "%s" errorBuf);
return -1;
}
ESP_LOGE(TAG, " ok\n");
if ((ret = mbedtls_net_bind(&listen_fd, NULL, "443", MBEDTLS_NET_PROTO_TCP)) != 0) {
ESP_LOGE(TAG, " failed\n ! mbedtls_net_bind returned %d\n\n", ret);
return -1;
}
ESP_LOGE(TAG, " ok\n");
ESP_LOGE(TAG, " . Setting up the SSL data....");
mbedtls_ssl_conf_min_version(&conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
if ((ret = mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
return -1;
}
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
ESP_LOGE(TAG," failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
return -1;
}
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
ESP_LOGE(TAG," failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
return -1;
}
ESP_LOGE(TAG," ok\n");
ESP_LOGI(TAG, "Created listening socket on port %d", port);
ESP_LOGE(TAG," . Waiting for a remote connection ...");
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
NULL, 0, NULL)) != 0) {
ESP_LOGE(TAG," failed\n ! mbedtls_net_accept returned %d\n\n", ret);
return -1;
}
ESP_LOGE(TAG," . Accepting connection ...");
mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
ESP_LOGE(TAG, " ok\n");
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment