写一个基于mbed TLS实现"MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"cipher suite的示例代码
时间: 2023-09-22 15:05:39 浏览: 222
以下是基于mbed TLS实现"MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"cipher suite的示例代码:
```c
#include "mbedtls/config.h"
#include "mbedtls/platform.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/ssl.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/error.h"
#include "mbedtls/x509_crt.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define SERVER_NAME "www.example.com"
#define SERVER_PORT "443"
int main(int argc, char *argv[])
{
int ret;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config ssl_conf;
mbedtls_x509_crt cacert;
mbedtls_net_context server_fd;
char buf[1024];
const char *pers = "mbedtls_tls_dhe_rsa_with_aes_128_gcm_sha256";
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&ssl_conf);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
mbedtls_x509_crt_init(&cacert);
// Initialize the entropy pool and the random number generator
if ((ret = mbedtls_entropy_add_source(&entropy, NULL, 0, MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) {
printf("mbedtls_entropy_add_source returned %d\n", ret);
goto exit;
}
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) {
printf("mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
// Load the trusted CA certificates
if ((ret = mbedtls_x509_crt_parse_file(&cacert, "ca.crt")) != 0) {
printf("mbedtls_x509_crt_parse_file returned %d\n", ret);
goto exit;
}
// Initialize the SSL/TLS context and configure it for client use
if ((ret = mbedtls_ssl_config_defaults(&ssl_conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
printf("mbedtls_ssl_config_defaults returned %d\n", ret);
goto exit;
}
mbedtls_ssl_conf_authmode(&ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
mbedtls_ssl_conf_ca_chain(&ssl_conf, &cacert, NULL);
mbedtls_ssl_conf_rng(&ssl_conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_ciphersuites(&ssl_conf, mbedtls_ssl_list_ciphersuites());
// Set up the SSL/TLS context for the connection to the server
if ((ret = mbedtls_ssl_setup(&ssl, &ssl_conf)) != 0) {
printf("mbedtls_ssl_setup returned %d\n", ret);
goto exit;
}
if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) {
printf("mbedtls_ssl_set_hostname returned %d\n", ret);
goto exit;
}
// Connect to the server
if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME, SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
printf("mbedtls_net_connect returned %d\n", ret);
goto exit;
}
mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
// Perform the SSL/TLS handshake with the server
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
printf("mbedtls_ssl_handshake returned %d\n", ret);
goto exit;
}
}
// Send a request to the server
sprintf(buf, "GET / HTTP/1.1\r\nHost: %s\r\n\r\n", SERVER_NAME);
if ((ret = mbedtls_ssl_write(&ssl, (const unsigned char *) buf, strlen(buf))) != strlen(buf)) {
printf("mbedtls_ssl_write returned %d\n", ret);
goto exit;
}
// Receive the response from the server
do {
memset(buf, 0, sizeof(buf));
ret = mbedtls_ssl_read(&ssl, (unsigned char *) buf, sizeof(buf) - 1);
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
continue;
}
if (ret <= 0) {
break;
}
printf("%s", buf);
} while (1);
exit:
mbedtls_x509_crt_free(&cacert);
mbedtls_ssl_config_free(&ssl_conf);
mbedtls_ssl_free(&ssl);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_net_free(&server_fd);
return ret;
}
```
注意:在运行该示例代码前,需要将ca.crt替换为实际的CA证书文件。
阅读全文