RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity

wolfSSL pkg with examples

Browse Source
This commit is contained in:
kaleb-himes 2017-07-10 13:33:07 -06:00 committed by Daniele Lacamera
parent 88e07c06d2
commit b3f32f83bb
40 changed files with 2929 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
examples/dtls-wolfssl/Makefile Normal file
View File

@ -0,0 +1,57 @@
# name of your application
APPLICATION = dtls_wolfssl
# If no BOARD is found in the environment, use this default:
BOARD ?= native
# This has to be the absolute path to the RIOT base directory:
RIOTBASE ?= $(CURDIR)/../..
# wolfSSL supports 32-bit architectures only
BOARD_BLACKLIST := arduino-duemilanove arduino-mega2560 arduino-uno chronos \
jiminy-mega256rfr2 mega-xplained msb-430 msb-430h telosb \
waspmote-pro wsn430-v1_3b wsn430-v1_4 z1
BOARD_INSUFFICIENT_MEMORY := airfy-beacon b-l072z-lrwan1 bluepill calliope-mini \
cc2650-launchpad cc2650stk hifive1 maple-mini \
microbit nrf51dongle nrf6310 nucleo-f031k6 \
nucleo-f042k6 nucleo-f303k8 nucleo-l031k6 nucleo-f030r8 \
nucleo-f070rb nucleo-f072rb nucleo-f103rb nucleo-f302r8 nucleo-f334r8 \
nucleo-l053r8 nucleo-l073rz opencm904 \
spark-core stm32f0discovery stm32mindev yunjia-nrf51822
# Include packages that pull up and auto-init the link layer.
# NOTE: 6LoWPAN will be included if IEEE802.15.4 devices are present
USEMODULE += gnrc_netdev_default
USEMODULE += auto_init_gnrc_netif
# Specify the mandatory networking modules for IPv6 and UDP
USEMODULE += gnrc_ipv6_default
USEMODULE += gnrc_sock_udp
# Add also the shell, some shell commands
USEMODULE += shell
USEMODULE += shell_commands
USEPKG += wolfssl
USEMODULE += wolfcrypt
USEMODULE += wolfssl
USEMODULE += wolfcrypt-test
USEMODULE += wolfcrypt_ecc
USEMODULE += wolfssl_dtls
#CFLAGS+=-g -ggdb3
CFLAGS += -DDTLS_DEFAULT_PORT=$(DTLS_PORT) -DDTLS_WOLFSSL
# FIXME: This is a temporary patch taken from the TinyDTLS example to ensure proper stack allocation
CFLAGS += -DTHREAD_STACKSIZE_MAIN=\(3*THREAD_STACKSIZE_DEFAULT\)
# Comment this out to disable code in RIOT that does safety checking
# which is not needed in a production environment but helps in the
# development process:
CFLAGS += -DDEVELHELP
# Change this to 0 show compiler invocation lines by default:
QUIET ?= 0
include $(RIOTBASE)/Makefile.include

43
examples/dtls-wolfssl/README.md Normal file
View File

@ -0,0 +1,43 @@
# dtls_wolfssl example
This example shows how to use DTLS with wolfSSL
## SOCK vs. Socket
This example is configured to use socks instead of sockets (over GNRC).
It's possible to use sockets, which give a more similar approach to the
UNIX version of wolfSSL.
## Fast configuration (Between RIOT instances)
### Prepare the bridge interface linking two tuntap
```bash
./../../dist/tools/tapsetup/tapsetup --create 2
```
## Testing
### Run the server
```bash
$ make all; PORT=tap1 make term
> ifconfig
```
*copy the server address*
```bash
> dtlss
```
### Run the client
```bash
$ PORT=tap0 make term
> dtlsc <IPv6's server address[%netif]>
```
### Testing against host endpoints
Riot-to-host can be tested against the DTLS examples provided in the [wolfSSL-examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/dtls) repository.
## Boards
Boards that do not support the `../gnrc_networking` example are included
in the `BOARD_INSUFFICIENT_MEMORY`, plus the board `cc2650stk`.

83
examples/dtls-wolfssl/cert.c Normal file
View File

@ -0,0 +1,83 @@
const unsigned char server_cert[] = {
0x30, 0x82, 0x03, 0x10, 0x30, 0x82, 0x02, 0xb5, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x09, 0x00, 0xef, 0x46, 0xc7, 0xa4, 0x9b, 0xbb, 0x60, 0xd3,
0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f,
0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06,
0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x6c, 0x69, 0x70, 0x74, 0x69,
0x63, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x03,
0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31,
0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30,
0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5a, 0x30, 0x81,
0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65,
0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
0x04, 0x0a, 0x0c, 0x07, 0x45, 0x6c, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31,
0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x03, 0x45, 0x43,
0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
0x42, 0x00, 0x04, 0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6, 0x4a,
0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36, 0xdb, 0x72, 0x2d, 0xce, 0x94,
0xea, 0x2b, 0xfa, 0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61, 0x02,
0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a, 0x31, 0x5b, 0x97, 0x92, 0x21,
0x7f, 0xf0, 0xcf, 0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8, 0x20,
0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8, 0xa3, 0x81, 0xf7, 0x30, 0x81,
0xf4, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
0x5d, 0x5d, 0x26, 0xef, 0xac, 0x7e, 0x36, 0xf9, 0x9b, 0x76, 0x15, 0x2b,
0x4a, 0x25, 0x02, 0x23, 0xef, 0xb2, 0x89, 0x30, 0x30, 0x81, 0xc4, 0x06,
0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14,
0x5d, 0x5d, 0x26, 0xef, 0xac, 0x7e, 0x36, 0xf9, 0x9b, 0x76, 0x15, 0x2b,
0x4a, 0x25, 0x02, 0x23, 0xef, 0xb2, 0x89, 0x30, 0xa1, 0x81, 0x95, 0xa4,
0x81, 0x92, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30,
0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x6c, 0x69, 0x70,
0x74, 0x69, 0x63, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b,
0x0c, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66,
0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06,
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10,
0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c,
0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x09, 0x00, 0xef, 0x46, 0xc7, 0xa4, 0x9b,
0xbb, 0x60, 0xd3, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05,
0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48,
0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21,
0x00, 0xf1, 0xd0, 0xa6, 0x3e, 0x83, 0x33, 0x24, 0xd1, 0x7a, 0x05, 0x5f,
0x1e, 0x0e, 0xbd, 0x7d, 0x6b, 0x33, 0xe9, 0xf2, 0x86, 0xf3, 0xf3, 0x3d,
0xa9, 0xef, 0x6a, 0x87, 0x31, 0xb3, 0xb7, 0x7e, 0x50, 0x02, 0x21, 0x00,
0xf0, 0x60, 0xdd, 0xce, 0xa2, 0xdb, 0x56, 0xec, 0xd9, 0xf4, 0xe4, 0xe3,
0x25, 0xd4, 0xb0, 0xc9, 0x25, 0x7d, 0xca, 0x7a, 0x5d, 0xba, 0xc4, 0xb2,
0xf6, 0x7d, 0x04, 0xc7, 0xbd, 0x62, 0xc9, 0x20
};
unsigned int server_cert_len = 788;
const unsigned char server_key[] = {
0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x45, 0xb6, 0x69, 0x02, 0x73,
0x9c, 0x6c, 0x85, 0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac, 0xc4,
0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c, 0x28, 0xdc, 0x34, 0x8d, 0xe1,
0xa8, 0x09, 0x8c, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xbb, 0x33, 0xac,
0x4c, 0x27, 0x50, 0x4a, 0xc6, 0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f,
0x36, 0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa, 0xcb, 0x20, 0x09,
0x39, 0x2c, 0x16, 0xe8, 0x61, 0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93,
0x9a, 0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf, 0x18, 0xda, 0x91,
0x11, 0x02, 0x34, 0x86, 0xe8, 0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89,
0xd8
};
unsigned int server_key_len = 121;

128
examples/dtls-wolfssl/dtls-client.c Normal file
View File

@ -0,0 +1,128 @@
/*
* Copyright (C) 2015 Freie Universität Berlin
* Copyright (C) 2018 Inria
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/*
* **** This file incorporates work covered by the following copyright and ****
* **** permission notice: ****
*
* Copyright (C) 2006-2018 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*
*/
#include <wolfssl/ssl.h>
#include <sock_tls.h>
#include <net/sock.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define SERVER_PORT 11111
extern const unsigned char server_cert[788];
extern const unsigned long server_cert_len;
static sock_tls_t skv;
static sock_tls_t *sk = &skv;
int dtls_client(int argc, char **argv)
{
int ret = 0;
char buf[64] = "Hello from DTLS client!";
int iface;
char *addr_str = argv[1];
sock_udp_ep_t local = SOCK_IPV6_EP_ANY;
sock_udp_ep_t remote = SOCK_IPV6_EP_ANY;
/* Parsing <address>[:<iface>]:Port */
iface = ipv6_addr_split_iface(addr_str);
if (iface == -1) {
if (gnrc_netif_numof() == 1) {
/* assign the single interface found in gnrc_netif_numof() */
remote.netif = (uint16_t)gnrc_netif_iter(NULL)->pid;
}
}
else {
if (gnrc_netif_get_by_pid(iface) == NULL) {
puts("ERROR: interface not valid");
return -1;
}
remote.netif = (uint16_t)gnrc_netif_iter(NULL)->pid;
}
if (ipv6_addr_from_str((ipv6_addr_t *)remote.addr.ipv6, addr_str) == NULL) {
puts("ERROR: unable to parse destination address");
return -1;
}
if (argc != 2) {
printf("Usage: %s <server-address>\n", argv[0]);
return -1;
}
remote.port = SERVER_PORT;
if (sock_dtls_create(sk, &local, &remote, 0, wolfDTLSv1_2_client_method()) != 0) {
puts("ERROR: Unable to create DTLS sock");
return -1;
}
/* Disable certificate validation from the client side */
wolfSSL_CTX_set_verify(sk->ctx, SSL_VERIFY_NONE, 0);
/* Load certificate file for the DTLS client */
if (wolfSSL_CTX_use_certificate_buffer(sk->ctx, server_cert,
server_cert_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS)
{
printf("Error loading cert buffer\n");
return -1;
}
/* attempt to connect until the connection is successful */
do {
printf("connecting to server...\n");
if (sock_dtls_session_create(sk) < 0)
return -1;
ret = wolfSSL_connect(sk->ssl);
if (ret != SSL_SUCCESS) {
sock_dtls_session_destroy(sk);
}
} while(ret != SSL_SUCCESS);
/* set remote endpoint */
sock_dtls_set_endpoint(sk, &remote);
/* send the hello message */
wolfSSL_write(sk->ssl, buf, strlen(buf));
/* wait for a reply, indefinitely */
do {
ret = wolfSSL_read(sk->ssl, buf, 63);
printf("wolfSSL_read returned %d\r\n", ret);
} while (ret <= 0);
buf[ret] = (char)0;
printf("Received: '%s'\r\n", buf);
/* Clean up and exit. */
printf("Closing connection.\r\n");
sock_dtls_session_destroy(sk);
sock_dtls_close(sk);
return 0;
}

135
examples/dtls-wolfssl/dtls-server.c Normal file
View File

@ -0,0 +1,135 @@
/*
* Copyright (C) 2015 Freie Universität Berlin
* Copyright (C) 2018 Inria
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/*
* **** This file incorporates work covered by the following copyright and ****
* **** permission notice: ****
*
* Copyright (C) 2006-2018 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*
*/
/**
* @ingroup examples
* @{
*
* @file
* @brief Demonstrating DTLS 1.2 client using wolfSSL
*
* @author Daniele Lacamera <daniele@wolfssl.com>
* @}
*/
#include <wolfssl/ssl.h>
#include <sock_tls.h>
#include <stdio.h>
#include <inttypes.h>
#include <net/sock/udp.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define SERVER_PORT 11111
#define DEBUG 1
extern const unsigned char server_cert[788];
extern const unsigned char server_key[121];
extern unsigned int server_cert_len;
extern unsigned int server_key_len;
static sock_tls_t skv;
static sock_tls_t *sk = &skv;
static const char Test_dtls_string[] = "DTLS OK!";
int dtls_server(int argc, char **argv)
{
char buf[64];
int ret;
sock_udp_ep_t local = SOCK_IPV6_EP_ANY;
local.port = SERVER_PORT;
(void)argc;
(void)argv;
if (sock_dtls_create(sk, &local, NULL, 0, wolfDTLSv1_2_server_method()) != 0) {
printf("ERROR: Unable to create DTLS sock\r\n");
return -1;
}
/* Load certificate file for the DTLS server */
if (wolfSSL_CTX_use_certificate_buffer(sk->ctx, server_cert,
server_cert_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS)
{
printf("Failed to load certificate from memory.\r\n");
return -1;
}
/* Load the private key */
if (wolfSSL_CTX_use_PrivateKey_buffer(sk->ctx, server_key,
server_key_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS)
{
printf("Failed to load private key from memory.\r\n");
return -1;
}
/* Create the DTLS session */
ret = sock_dtls_session_create(sk);
if (ret < 0)
{
printf("Failed to create DTLS session (err: %s)\r\n", strerror(-ret));
return -1;
}
printf("Listening on %d\n", SERVER_PORT);
while(1) {
/* Wait until a new client connects */
ret = wolfSSL_accept(sk->ssl);
if (ret != SSL_SUCCESS) {
continue;
}
/* Wait until data is received */
printf("Connection accepted\r\n");
ret = wolfSSL_read(sk->ssl, buf, 64);
if (ret > 0) {
buf[ret] = (char)0;
printf("Received '%s'\r\n", buf);
}
/* Send reply */
printf("Sending 'DTLS OK'...\r\n");
wolfSSL_write(sk->ssl, Test_dtls_string, sizeof(Test_dtls_string));
/* Cleanup/shutdown */
printf("Closing connection.\r\n");
sock_dtls_session_destroy(sk);
sock_dtls_close(sk);
break;
}
return 0;
}

76
examples/dtls-wolfssl/main.c Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright (C) 2015 Freie Universität Berlin
* Copyright (C) 2018 Inria
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup examples
* @{
*
* @file
* @brief Example application for DTLS 1.2 using wolfSSL
*
* @author Daniele Lacamera <daniele@wolfssl.com>
*
* @}
*/
#include <stdio.h>
#include <wolfssl/ssl.h>
#include "shell.h"
#include "msg.h"
#ifdef WITH_RIOT_SOCKETS
#error RIOT-OS is set to use sockets but this DTLS app is configured for socks.
#endif
#define MAIN_QUEUE_SIZE (8)
static msg_t _main_msg_queue[MAIN_QUEUE_SIZE];
extern int dtls_client(int argc, char **argv);
extern int dtls_server(int argc, char **argv);
#ifdef MODULE_WOLFCRYPT_TEST
extern int wolfcrypt_test(void* args);
static int wolftest(int argc, char **argv)
{
(void)argc;
(void)argv;
wolfcrypt_test(NULL);
return 0;
}
#endif
static const shell_command_t shell_commands[] = {
{ "dtlsc", "Start a DTLS client", dtls_client },
{ "dtlss", "Start and stop a DTLS server", dtls_server },
#ifdef MODULE_WOLFCRYPT_TEST
{ "wolftest", "Perform wolfcrypt porting test", wolftest },
#endif
{ NULL, NULL, NULL }
};
int main(void)
{
/* we need a message queue for the thread running the shell in order to
* receive potentially fast incoming networking packets */
msg_init_queue(_main_msg_queue, MAIN_QUEUE_SIZE);
puts("RIOT wolfSSL DTLS testing implementation");
wolfSSL_Init();
wolfSSL_Debugging_ON();
/* start shell */
puts("All up, running the shell now");
char line_buf[SHELL_DEFAULT_BUFSIZE];
shell_run(shell_commands, line_buf, SHELL_DEFAULT_BUFSIZE);
/* should be never reached */
return 0;
}

55
examples/wolfssl_client/Makefile Normal file
View File

@ -0,0 +1,55 @@
APPLICATION = wolf_client
# This has to be the absolute path to the RIOT base directory:
RIOTBASE ?= $(CURDIR)/../..
# If no BOARD is found in the environment, use this default:
BOARD ?= native
# lwIP's memory management doesn't seem to work on non 32-bit platforms at the
# moment.
BOARD_BLACKLIST := arduino-uno arduino-duemilanove arduino-mega2560 chronos \
msb-430 msb-430h telosb waspmote-pro wsn430-v1_3b \
wsn430-v1_4 z1 jiminy-mega256rfr2 mega-xplained
BOARD_INSUFFICIENT_MEMORY = nucleo-f031k6 nucleo-f042k6 nucleo-l031k6 nucleo-f030r8 \
nucleo-f303k8 nucleo-f334r8 nucleo-l053r8 \
stm32f0discovery
LWIP_IPV4 ?= 1
ifneq (0, $(LWIP_IPV4))
USEMODULE += ipv4_addr
USEMODULE += lwip_arp
USEMODULE += lwip_ipv4
CFLAGS += -DETHARP_SUPPORT_STATIC_ENTRIES=1
LWIP_IPV6 ?= 0
else
LWIP_IPV6 ?= 1
endif
ifneq (0, $(LWIP_IPV6))
USEMODULE += ipv6_addr
USEMODULE += lwip_ipv6_autoconfig
endif
USEMODULE += inet_csum
USEMODULE += lwip_netdev
USEMODULE += lwip_sock_tcp
USEMODULE += netdev_eth
USEMODULE += netdev_test
USEMODULE += ps
#CFLAGS += ??
# Change this to 0 show compiler invocation lines by default:
QUIET ?= 1
# May need these for seeding wolfCrypt DRBG
#USEMODULE += random
#USEMODULE += prng_minstd
USEPKG += wolfssl
USEMODULE += wolfssl_socket wolfcrypt_rsa wolfcrypt_dh
include $(RIOTBASE)/Makefile.include

4
examples/wolfssl_client/README.md Normal file
View File

@ -0,0 +1,4 @@
# wolfSSL on RIOT
This application demonstrates an SSL/TLS client
from [wolfSSL Inc](https://www.wolfssl.com) on RIOT.

43
examples/wolfssl_client/application_user_settings.h Normal file
View File

@ -0,0 +1,43 @@
/*
* example
*/
#ifndef APPLICATION_USER_SETTINGS_H
#define APPLICATION_USER_SETTINGS_H
#ifdef __cplusplus
extern "C" {
#endif
#undef WOLFSSL_RIOT_OS
#define WOLFSSL_RIOT_OS
#undef NO_MAIN_DRIVER
#define NO_MAIN_DRIVER
#undef HAVE_ECC
#define HAVE_ECC
#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
#undef ECC_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#undef WC_RSA_BLINDING
#define WC_RSA_BLINDING
#undef SINGLE_THREADED
#define SINGLE_THREADED
#undef NO_FILESYSTEM
#define NO_FILESYSTEM
#undef USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_2048
#ifdef __cplusplus
}
#endif
#endif /* APPLICATION_USER_SETTINGS_H */

87
examples/wolfssl_client/certs/ca-cert.pem Normal file
View File

@ -0,0 +1,87 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b7:b6:90:33:66:1b:6b:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
36:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88:
3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9:
8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed:
1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69:
35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23:
fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09:
fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce:
fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b:
e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3:
bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66:
da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae:
26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f:
1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6:
50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c:
55:a3:77:76
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI
Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U
uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO
BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z
v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j
Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg==
-----END CERTIFICATE-----

158
examples/wolfssl_client/main.c Normal file
View File

@ -0,0 +1,158 @@
/*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/**
* @ingroup examples
* @{
*
* @file
* @brief wolfSSL client example
*
* @author Kaleb J. Himes <kaleb@wolfssl.com>
*
* @}
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
/* socket includes */
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <unistd.h>
/* wolfSSL */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#define DEFAULT_PORT 11111
int main(void)
{
int sockfd;
struct sockaddr_in servAddr;
char buff[22] = "Hello wolfSSL Server!\0";
char server_ip[10] = "127.0.0.1\0";
size_t len;
/* declare wolfSSL objects */
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
/*----------------------------------------------------------------------------*/
/* TLS Setup:
* This section will need resolved on a per-device basis depending on the
* available TCP/IP stack
*/
/*----------------------------------------------------------------------------*/
/* Create a socket that uses an internet IPv4 address,
* Sets the socket to be stream based (TCP),
* 0 means choose the default protocol. */
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
fprintf(stderr, "ERROR: failed to create the socket\n");
exit(-1);
}
/* Initialize the server address struct with zeros */
memset(&servAddr, 0, sizeof(servAddr));
/* Fill in the server address */
servAddr.sin_family = AF_INET; /* using IPv4 */
servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
/* Get the server IPv4 address from the command line call */
if (inet_pton(AF_INET, server_ip, &servAddr.sin_addr) != 1) {
fprintf(stderr, "ERROR: invalid address\n");
exit(-1);
}
/* Connect to the server */
if (connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr)) == -1) {
fprintf(stderr, "ERROR: failed to connect\n");
exit(-1);
}
/*----------------------------------------------------------------------------*/
/* END TCP SETUP, BEGIN TLS */
/*----------------------------------------------------------------------------*/
/* Initialize wolfSSL */
wolfSSL_Init();
/* Create and initialize WOLFSSL_CTX */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
exit(-1);
}
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
sizeof_ca_cert_der_2048,
SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load ca buffer\n");
exit(-1);
}
/* Create a WOLFSSL object */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
exit(-1);
}
/* Attach wolfSSL to the socket */
wolfSSL_set_fd(ssl, sockfd);
/* Connect to wolfSSL on the server side */
if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to connect to wolfSSL\n");
exit(-1);
}
/* Get a message for the server from stdin */
printf("Message for server: %s\n", buff);
len = strnlen(buff, sizeof(buff));
/* Send the message to the server */
if (wolfSSL_write(ssl, buff, len) != (int) len) {
fprintf(stderr, "ERROR: failed to write\n");
exit(-1);
}
/* Read the server data into our buff array */
memset(buff, 0, sizeof(buff));
if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
fprintf(stderr, "ERROR: failed to read\n");
exit(-1);
}
/* Print to stdout any data the server sends */
printf("Server sent a reply!\n");
printf("Server Response was: %s\n", buff);
/* Cleanup and exit */
wolfSSL_free(ssl); /* Free the wolfSSL object */
wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
close(sockfd); /* Close the connection to the server */
exit(0); /* Return reporting a success */
}

57
examples/wolfssl_server/Makefile Normal file
View File

@ -0,0 +1,57 @@
APPLICATION = wolf_server
# This has to be the absolute path to the RIOT base directory:
RIOTBASE ?= $(CURDIR)/../..
# If no BOARD is found in the environment, use this default:
BOARD ?= native
# lwIP's memory management doesn't seem to work on non 32-bit platforms at the
# moment.
BOARD_BLACKLIST := arduino-uno arduino-duemilanove arduino-mega2560 chronos \
msb-430 msb-430h telosb waspmote-pro wsn430-v1_3b \
wsn430-v1_4 z1 jiminy-mega256rfr2 mega-xplained
BOARD_INSUFFICIENT_MEMORY = nucleo-f031k6 nucleo-f042k6 nucleo-l031k6 nucleo-f030r8 \
nucleo-f303k8 nucleo-f334r8 nucleo-l053r8 \
stm32f0discovery
LWIP_IPV4 ?= 1
ifneq (0, $(LWIP_IPV4))
USEMODULE += ipv4_addr
USEMODULE += lwip_arp
USEMODULE += lwip_ipv4
CFLAGS += -DETHARP_SUPPORT_STATIC_ENTRIES=1
LWIP_IPV6 ?= 0
else
LWIP_IPV6 ?= 1
endif
ifneq (0, $(LWIP_IPV6))
USEMODULE += ipv6_addr
USEMODULE += lwip_ipv6_autoconfig
endif
USEMODULE += inet_csum
USEMODULE += lwip_netdev
USEMODULE += lwip_sock_tcp
USEMODULE += netdev_eth
USEMODULE += netdev_test
USEMODULE += ps
#DISABLE_MODULE += auto_init
#CFLAGS += ??
# Change this to 0 show compiler invocation lines by default:
QUIET ?= 1
# May need these for seeding wolfCrypt DRBG
#USEMODULE += random
#USEMODULE += prng_minstd
USEPKG += wolfssl
USEMODULE += wolfssl_socket wolfcrypt_rsa wolfcrypt_dh
include $(RIOTBASE)/Makefile.include

4
examples/wolfssl_server/README.md Normal file
View File

@ -0,0 +1,4 @@
# wolfSSL on RIOT
This application demonstrates an SSL/TLS server
from [wolfSSL Inc](https://www.wolfssl.com) on RIOT.

41
examples/wolfssl_server/application_user_settings.h Normal file
View File

@ -0,0 +1,41 @@
/*
* example
*/
#ifndef APPLICATION_USER_SETTINGS_H
#define APPLICATION_USER_SETTINGS_H
#ifdef __cplusplus
extern "C" {
#endif
#undef WOLFSSL_RIOT_OS
#define WOLFSSL_RIOT_OS
#undef NO_MAIN_DRIVER
#define NO_MAIN_DRIVER
#undef HAVE_ECC
#define HAVE_ECC
#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
#undef ECC_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#undef WC_RSA_BLINDING
#define WC_RSA_BLINDING
#undef NO_FILESYSTEM
#define NO_FILESYSTEM
#undef SINGLE_THREADED
#define SINGLE_THREADED
#undef USE_CERT_BUFFER_2048
#define USE_CERT_BUFFERS_2048
#ifdef __cplusplus
}
#endif
#endif /* APPLICATION_USER_SETTINGS_H */

173
examples/wolfssl_server/certs/server-cert.pem Normal file
View File

@ -0,0 +1,173 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
51:fe:2a:df:07:7e:43:ca:66:8d:15:c4:2b:db:57:b2:06:6d:
0d:90:66:ff:a5:24:9c:14:ef:81:f2:a4:ab:99:a9:6a:49:20:
a5:d2:71:e7:1c:3c:99:07:c7:47:fc:e8:96:b4:f5:42:30:ce:
39:01:4b:d1:c2:e8:bc:95:84:87:ce:55:5d:97:9f:cf:78:f3:
56:9b:a5:08:6d:ac:f6:a5:5c:c4:ef:3e:2a:39:a6:48:26:29:
7b:2d:e0:cd:a6:8c:57:48:0b:bb:31:32:c2:bf:d9:43:4c:47:
25:18:81:a8:c9:33:82:41:9b:ba:61:86:d7:84:93:17:24:25:
36:ca:4d:63:6b:4f:95:79:d8:60:e0:1e:f5:ac:c1:8a:a1:b1:
7e:85:8e:87:20:2f:08:31:ad:5e:c6:4a:c8:61:f4:9e:07:1e:
a2:22:ed:73:7c:85:ee:fa:62:dc:50:36:aa:fd:c7:9d:aa:18:
04:fb:ea:cc:2c:68:9b:b3:a9:c2:96:d8:c1:cc:5a:7e:f7:0d:
9e:08:e0:9d:29:8b:84:46:8f:d3:91:6a:b5:b8:7a:5c:cc:4f:
55:01:b8:9a:48:a0:94:43:ca:25:47:52:0a:f7:f4:be:b0:d1:
71:6d:a5:52:4a:65:50:b2:ad:4e:1d:e0:6c:01:d8:fb:43:80:
e6:e4:0c:37
-----BEGIN CERTIFICATE-----
MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx
MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU
sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk
q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s
9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl
NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2
qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig
lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMNw==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b7:b6:90:33:66:1b:6b:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Aug 11 20:07:37 2016 GMT
Not After : May 8 20:07:37 2019 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
36:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B7:B6:90:33:66:1B:6B:23
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88:
3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9:
8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed:
1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69:
35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23:
fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09:
fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce:
fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b:
e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3:
bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66:
da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae:
26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f:
1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6:
50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c:
55:a3:77:76
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI
Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U
uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO
BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z
v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j
Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg==
-----END CERTIFICATE-----

27
examples/wolfssl_server/certs/server-key.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7
qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf
P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj
xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk
wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC
Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv
n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd
x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y
oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz
0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB
QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD
LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8
ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8
yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT
3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N
zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB
hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv
VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB
qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf
H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza
1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ
c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe
9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY
dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n
WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA=
-----END RSA PRIVATE KEY-----

189
examples/wolfssl_server/main.c Normal file
View File

@ -0,0 +1,189 @@
/*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/**
* @ingroup examples
* @{
*
* @file
* @brief wolfSSL server example
*
* @author Kaleb J. Himes <kaleb@wolfssl.com>
*
* @}
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
/* socket includes */
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <unistd.h>
/* wolfSSL */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#define DEFAULT_PORT 11111
int main(void)
{
int sockfd;
struct sockaddr_in servAddr;
struct sockaddr_in clientAddr;
socklen_t size = sizeof(clientAddr);
char buff[256];
int shutdown = 0;
/* declare wolfSSL objects */
WOLFSSL_CTX* ctx;
puts("This is the wolfSSL Server!");
puts("Server is running on 127.0.0.1 and listening on port 11111");
/*----------------------------------------------------------------------------*/
/* TLS Setup:
* This section will need resolved on a per-device basis depending on the
* available TCP/IP stack
*/
/*----------------------------------------------------------------------------*/
/* Create a socket that uses an internet IPv4 address,
* Sets the socket to be stream based (TCP),
* 0 means choose the default protocol. */
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
fprintf(stderr, "ERROR: failed to create the socket\n");
return -1;
}
/* Initialize the server address struct with zeros */
memset(&servAddr, 0, sizeof(servAddr));
/* Fill in the server address */
servAddr.sin_family = AF_INET; /* using IPv4 */
servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */
/* Bind the server socket to our port */
if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) {
fprintf(stderr, "ERROR: failed to bind\n");
return -1;
}
/* Listen for a new connection, allow 5 pending connections */
if (listen(sockfd, 5) == -1) {
fprintf(stderr, "ERROR: failed to listen\n");
return -1;
}
/* Initialize wolfSSL */
wolfSSL_Init();
/* Create and initialize WOLFSSL_CTX */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
return -1;
}
/* Load server certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048,
SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load server_cert_der_2048\n");
return -1;
}
/* Load server key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
sizeof_server_key_der_2048,
SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load server_key_der_2048\n");
return -1;
}
/* Continue to accept clients until shutdown is issued */
while (!shutdown) {
int connd;
size_t len;
WOLFSSL* ssl;
printf("Waiting for a connection...\n");
/* Accept client connections */
if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size))
== -1) {
fprintf(stderr, "ERROR: failed to accept the connection\n\n");
return -1;
}
/* Create a WOLFSSL object */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
return -1;
}
/* Attach wolfSSL to the socket */
wolfSSL_set_fd(ssl, connd);
printf("Client connected successfully\n");
/* Read the client data into our buff array */
memset(buff, 0, sizeof(buff));
if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
fprintf(stderr, "ERROR: failed to read\n");
return -1;
}
/* Print to stdout any data the client sends */
printf("Client sent a message!\n");
printf("Client said: %s\n", buff);
/* Check for server shutdown command */
if (strncmp(buff, "shutdown", 8) == 0) {
printf("Shutdown command issued!\n");
shutdown = 1;
}
/* Write our reply into buff */
strncpy(buff, "I hear ya fa shizzle!\n", sizeof(buff) - 1);
len = strnlen(buff, sizeof(buff));
printf("Sending reply to client, reply reads: %s\n", buff);
/* Reply back to the client */
if (wolfSSL_write(ssl, buff, len) != (int) len) {
fprintf(stderr, "ERROR: failed to write\n");
return -1;
}
/* Cleanup after this connection */
wolfSSL_free(ssl); /* Free the wolfSSL object */
close(connd); /* Close the connection to the client */
}
printf("Shutdown complete\n");
/* Cleanup and return */
wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
close(sockfd); /* Close the socket listening for clients */
return 0; /* Return reporting a success */
}

17
pkg/wolfssl/Makefile Normal file
View File

@ -0,0 +1,17 @@
PKG_NAME=wolfssl
PKG_URL=https://github.com/danielinux/wolfssl.git
#PKG_URL=https://github.com/wolfssl/wolfssl.git
PKG_VERSION=d871e777d3e944adf66afb698bb930434739231b
PKG_LICENSE=GPLv2
.PHONY: all
all: # Nothing to do here when building
prepare:
cp Makefile.wolfssl $(PKG_BUILDDIR)/src/Makefile
cp Makefile.wolfcrypt $(PKG_BUILDDIR)/wolfcrypt/src/Makefile
touch $(PKG_BUILDDIR)/wolfssl.a
cp Makefile.wolfcrypt-test $(PKG_BUILDDIR)/wolfcrypt/test/Makefile
cp Makefile.wolfcrypt-benchmark $(PKG_BUILDDIR)/wolfcrypt/benchmark/Makefile
include $(RIOTBASE)/pkg/pkg.mk

77
pkg/wolfssl/Makefile.dep Normal file
View File

@ -0,0 +1,77 @@
ifneq (,$(filter wolfcrypt-test,$(USEMODULE)))
USEMODULE += wolfcrypt
USEMODULE += wolfcrypt_coding
endif
ifneq (,$(filter wolfcrypt-benchmark,$(USEMODULE)))
USEMODULE += wolfcrypt
USEMODULE += wolfcrypt_coding
endif
ifneq (,$(filter wolfcrypt_poly1305,$(USEMODULE)))
ifneq (,$(filter wolfcrypt_chacha,$(USEMODULE)))
USEMODULE += wolfcrypt_chacha20_poly1305
endif
endif
ifneq (,$(filter wolfcrypt_ed25519,$(USEMODULE)))
USEMODULE += wolfcrypt_sha512
endif
ifneq (,$(filter wolfcrypt_aes,$(USEMODULE)))
USEMODULE += wolfcrypt_cmac
USEMODULE += wolfcrypt_coding
endif
ifneq (,$(filter wolfcrypt_pwdbased,$(USEMODULE)))
USEMODULE += wolfcrypt_pkcs12
endif
ifneq (,$(filter wolfcrypt_asn,$(USEMODULE)))
USEMODULE += wolfcrypt_pkcs12
endif
ifneq (,$(filter wolfssl_tls13,$(USEMODULE)))
USEMODULE += wolfcrypt_aes
USEMODULE += sock_tls
endif
ifneq (,$(filter wolfssl_dtls,$(USEMODULE)))
USEMODULE += sock_tls
endif
ifneq (,$(filter sock_tls,$(USEMODULE)))
USEMODULE += wolfcrypt
USEMODULE += wolfcrypt_aes
USEMODULE += wolfcrypt_asn
USEMODULE += wolfcrypt_hmac
USEMODULE += wolfcrypt_md5
USEMODULE += wolfcrypt_sha
USEMODULE += wolfcrypt_random
USEMODULE += wolfssl_internal
USEMODULE += wolfssl_wolfio
USEMODULE += wolfssl_keys
USEMODULE += wolfssl_ssl
USEMODULE += wolfssl_tls
endif
ifneq (,$(filter wolfssl_socket,$(USEMODULE)))
USEMODULE += wolfcrypt
USEMODULE += wolfcrypt_aes
USEMODULE += wolfcrypt_asn
USEMODULE += wolfcrypt_hmac
USEMODULE += wolfcrypt_md5
USEMODULE += wolfcrypt_sha
USEMODULE += wolfcrypt_random
USEMODULE += wolfssl_internal
USEMODULE += wolfssl_wolfio
USEMODULE += wolfssl_keys
USEMODULE += wolfssl_ssl
USEMODULE += wolfssl_tls
USEMODULE += posix_sockets
endif
ifneq (,$(filter wolfcrypt_random,$(USEMODULE)))
USEMODULE += random
endif

37
pkg/wolfssl/Makefile.include Normal file
View File

@ -0,0 +1,37 @@
CFLAGS += -DWOLFSSL_USER_SETTINGS=1
CFLAGS += -DWOLFSSL_RIOT_OS=1
INCLUDES += -I$(PKGDIRBASE)/../../../
INCLUDES += -I$(PKGDIRBASE)/wolfssl
INCLUDES += -I$(RIOTBASE)/pkg/wolfssl/sock_tls
INCLUDES += -I$(RIOTBASE)/pkg/wolfssl/include
# One current limitation is that it is not possible to build `wolfcrypt` without
# including `wolfssl`.
# It would require some changes:
# * Use a different name for the `wolfssl` implementation to differenciate from
# the package directory
# * Declare `wolfssl` a PSEUDOMODULES
# * Remove the archive in Makefile.include for packages as they could be
# PSEUDOMODULES
# `$(USEPKG:%=$(BINDIR)/%.a):`
ifneq (,$(filter wolfcrypt,$(USEMODULE)))
DIRS += $(PKGDIRBASE)/wolfssl/wolfcrypt/src
endif
ifneq (,$(filter wolfcrypt-test,$(USEMODULE)))
DIRS += $(PKGDIRBASE)/wolfssl/wolfcrypt/test
endif
ifneq (,$(filter wolfcrypt-benchmark,$(USEMODULE)))
DIRS += $(PKGDIRBASE)/wolfssl/wolfcrypt/benchmark
endif
ifneq (,$(filter wolfssl,$(USEPKG)))
DIRS += $(PKGDIRBASE)/wolfssl/src
endif
ifneq (,$(filter sock_tls,$(USEMODULE)))
DIRS += $(RIOTBASE)/pkg/wolfssl/sock_tls
endif
# wolfcrypt implements different options using pseudomodules
PSEUDOMODULES += wolfcrypt_%
# wolfssl implements different options using pseudomodules (ocsp, dtls, crl, etc.)
PSEUDOMODULES += wolfssl_%

33
pkg/wolfssl/Makefile.wolfcrypt Normal file
View File

@ -0,0 +1,33 @@
MODULE = wolfcrypt
SUBMODULES += 1
# Do not fail for module that do not have a file
SUBMODULES_NOFORCE = 1
NO_AUTO_SRC = 1
#-------------------------------------------------------------#
# Default CRYPTO source files #
#-------------------------------------------------------------#
SRC += error.c \
hash.c \
logging.c \
wc_encrypt.c \
wc_port.c \
wolfmath.c
#-------------------------------------------------------------#
# Optional CRYPTO source files, enabled by default #
#-------------------------------------------------------------#
# Enabled by default
SRC += sha.c
SRC += sha256.c
SRC += fe_low_mem.c
SRC += ge_low_mem.c
SRC += sp_int.c
SRC += sp_c32.c
include $(RIOTBASE)/Makefile.base

8
pkg/wolfssl/Makefile.wolfcrypt-benchmark Normal file
View File

@ -0,0 +1,8 @@
MODULE = wolfcrypt-benchmark
NO_AUTO_SRC = 1
#Add to enable wolfcrypt crypto benchmark
SRC += benchmark.c
include $(RIOTBASE)/Makefile.base

8
pkg/wolfssl/Makefile.wolfcrypt-test Normal file
View File

@ -0,0 +1,8 @@
MODULE = wolfcrypt-test
NO_AUTO_SRC = 1
#Add to enable wolfcrypt self tests
SRC += test.c
include $(RIOTBASE)/Makefile.base

8
pkg/wolfssl/Makefile.wolfssl Normal file
View File

@ -0,0 +1,8 @@
MODULE = wolfssl
NO_AUTO_SRC = 1
SUBMODULES += 1
SUBMODULES_NOFORCE = 1
include $(RIOTBASE)/Makefile.base

184
pkg/wolfssl/doc.txt Normal file
View File

@ -0,0 +1,184 @@
/**
* @defgroup pkg_wolfssl Embedded SSL/TLS library
* @ingroup pkg
* @ingroup sys
* @brief Provides SSL/TLS solution
*
* # Introduction
*
* This package provides an embedded SSL/TLS library specifically developed for
* memory-constrained devices.
*
* # License
*
* wolfSSLs software is available under two distinct licensing models:
* open source and standard commercial licensing.
*
* Open Source
*
* wolfSSL (formerly CyaSSL) offers multiple products including, but not limited
* to:
*
* wolfSSL
* wolfCrypt
* wolfMQTT
* wolfSSH
*
* These software products are free software downloads and may be modified to
* the needs of the user as long as the user adheres to version two of the GPL
* License. The GPLv2 license can be found on the gnu.org website
* (http://www.gnu.org/licenses/old-licenses/gpl-2.0.html).
*
*
* Commercial Licensing
*
* Businesses and enterprises who wish to incorporate wolfSSL products into
* proprietary appliances or other commercial software products for
* re-distribution must license commercial versions. Commercial licenses for
* wolfSSL, yaSSL, and wolfCrypt are available. Licenses are generally issued
* for one product and include unlimited royalty-free distribution. Custom
* licensing terms are also available.
*
* Commercial licenses are also available for wolfMQTT and wolfSSH.
* Please contact licensing@wolfssl.com with inquiries.
*
* @see https://github.com/wolfssl/wolfssl.git
*
*
* wolfSSL is securing over 2 billion end points today and is one of the
* industry leading SSL/TLS/Cryptographic providers for embedded systems and the
* IoT space. wolfSSL is very excited to be working with the RIOT-OS team!
*
* You can easily take advantage of wolfSSL by using the following in your
* application Makefile:
*
* ```makefile
* USEPKG += wolfssl
* ```
*
* Don't forget to use the wolfSSL settings header in your app. This header
* should always be included FIRST preceding any other wolfSSL headers to
* ensure the correct configuration is picked up when including other wolfSSL
* headers:
*
* ```c
* #include <wolfssl/wolfcrypt/settings.h>
* ```
*
* FEATURES:
*
* Because wolfSSL was designed with embedded systems in mind the library is
* extremely modular. There are very fiew dependancies in wolfSSL Cryptographic
* library and we have chosen to setup the pkg makefile to allow for easy
* modification by developers. We chose to include the core of our library in a
* singular list and then seperate out the features that a developer may or may
* not wish to use by default. Please reference the Makefile.wolfssl in
* "<RIOT-root>/pkg/wolfssl" directory. wolfSSL has chosen to enable a
* significant portion of our wolfcrypt functionality by default and provided
* informative comments to explain how a feature might be enabled/disabled.
*
* Features should be controlled with the header "user_settings.h" in the root
* directory of the application. Since RIOT uses the "Empty Translation Unit"
* warning in combination with the "-Werror" flag you will need to exclude
* source files from your application by modifying the Makefile.wolfssl in the
* "<RIOT-root>/pkg/wolfssl" directory when disabling a feature or adding a
* feature that wolfSSL chose to leave out by default.
*
* Default ENABLED Features are:
* aes, arc4, asn, coding, des3, dh, dsa, hmac, md4, md5, pkcs12, pwdbased,
* rabbit, random, rsa, sha, sha256, signature, tfm (fast math), ecc, and memory
*
* Default DISABLED Features are:
* integer (normal math), misc (included inline by default), md2, pkcs7,
* chacha, poly1305, ripemd, sha3 (keccak), sha512, srp, hc128, idea,
* blake2b (sha3 runner-up IE sha3 alternative to keccak), camellia, compress,
* curve25519, ed25519, cmac, evp, and asm
*
* EXAMPLES:
*
* wolfSSL has provided a few examples of using this package in the RIOT
* examples directory. To test these do any of the following:
*
* Benchmark Example:
*
* ```makefile
* cd <path-to>/RIOT/examples/wolfssl_crypto_benchmark
* make
* ./bin/native/wolfssl_crypto_benchmark.elf
* ```
*
* Crypto Test Example:
*
* ```makefile
* cd <path-to>/RIOT/examples/wolfssl_crypto_test
* make
* ./bin/native/wolfssl_crypto_test.elf
* ```
*
* Client and Server Example(s):
*
* ```makefile
* cd <path-to>/RIOT/examples/wolfssl_server
* make
* ./bin/native/wolf_server.elf
* ```
*
* Now open a second terminal and do...
*
* ```makefile
* cd <path-to>/RIOT/examples/wolfssl_client
* make
* ./bin/native/wolf_client.elf
* ```
*
* You should see the following output:
*
* SERVER OUTPUT:
*
* ```makefile
* RIOT native interrupts/signals initialized.
* LED_RED_OFF
* LED_GREEN_ON
* RIOT native board initialized.
* RIOT native hardware initialization complete.
*
* main(): This is RIOT!
* This is the wolfSSL Server!
* Server is running on 127.0.0.1 and listening on port 11111
* Waiting for a connection...
* Client connected successfully
* Client sent a message!
* Client said: Hello wolfSSL Server!
* Sending reply to client, reply reads: I hear ya fa shizzle!
*
* Waiting for a connection...
* ```
*
* After the client connection the server cleans up and returns to wait for
* another client connection. You can kill the server with a Ctrl+C (SIG INT) or
* by modifying the client to send the string "shutdown" instead of
* "Hello wolfSSL Server!".
*
* CLIENT OUTPUT:
*
* ```makefile
* RIOT native interrupts/signals initialized.
* LED_RED_OFF
* LED_GREEN_ON
* RIOT native board initialized.
* RIOT native hardware initialization complete.
*
* main(): This is RIOT!
* Message for server: Hello wolfSSL Server!
* Server sent a reply!
* Server Response was: I hear ya fa shizzle!
* ```
*
* At this point the client simply terminates and does nothing interesting.
*
* QUESTIONS / CONCERNS / FEEDBACK:
*
* For any questions, concerns, or other feedback please contact
* support@wolfssl.com anytime, we are always happy to help in any way we can!!
*
*/

308
pkg/wolfssl/include/user_settings.h Normal file
View File

@ -0,0 +1,308 @@
/* user_settings.h : custom configuration for wolfcrypt/wolfSSL */
#ifndef USER_SETTINGS_H
#define USER_SETTINGS_H
#ifdef __cplusplus
extern "C" {
#endif
/* System */
#ifndef WOLFSSL_RIOT_OS
# define WOLFSSL_RIOT_OS 1
#endif
#include <random.h>
#define CUSTOM_RAND_GENERATE random_uint32
#define CUSTOM_RAND_TYPE uint32_t
#define NO_WRITEV
#define NO_DEV_RANDOM
#define NO_FILESYSTEM
#define NO_WOLFSSL_MEMORY
#define NO_MAIN_DRIVER
#define NO_SIG_WRAPPER
#define NO_OLD_RNGNAME
#define WOLFSSL_SMALL_STACK
/* Single precision math */
#define WOLFSSL_SP_MATH
#define WOLFSSL_SP_SMALL
#define SP_WORD_SIZE 32
#ifndef MODULE_WOLFSSL_SOCKET
# define WOLFSSL_GNRC
# define WOLFSSL_USER_IO
#endif
#ifndef MODULE_WOLFSSL_TLS
# ifndef MODULE_WOLFSSL_TLS13
# define WOLFCRYPT_ONLY
# else
# define NO_OLD_TLS
# endif
#endif
#ifdef BOARD_NATIVE
//# define WOLFSSL_GENERAL_ALIGNMENT 8
#else
# define WOLFSSL_GENERAL_ALIGNMENT 4
# ifdef CPU_ARM
# define TFM_ARM
# endif
#endif
/* defined somewhere else */
int strncasecmp(const char *s1, const char * s2, unsigned int sz);
/* Fixme: add mt */
#define SINGLE_THREADED
/* Global settings */
#define SMALL_SESSION_CACHE
#define WOLFSSL_DH_CONST
#define WORD64_AVAILABLE
#define TFM_TIMING_RESISTANT
#define USE_CERT_BUFFERS_2048
#define NO_RC4
/* Random */
#undef WC_NO_RNG
#ifndef MODULE_WOLFCRYPT_RANDOM
# define WC_NO_RNG
#endif
/* DTLS */
#undef WOLFSSL_DTLS
#ifdef MODULE_WOLFSSL_DTLS
# define WOLFSSL_DTLS
#endif
/* FFDHE_2048 */
#undef HAVE_FFDHE_2048
#ifdef MODULE_WOLFCRYPT_FFDHE_2048
# define HAVE_FFDHE_2048
#endif
/* ChaCha20 */
#undef HAVE_CHACHA
#ifdef MODULE_WOLFCRYPT_CHACHA
# define HAVE_CHACHA
#endif
/* Poly 1305 */
#undef HAVE_POLY1305
#ifdef MODULE_WOLFCRYPT_POLY1305
# define HAVE_POLY1305
# define HAVE_ONE_TIME_AUTH
#endif
/* x25519 */
#undef HAVE_CURVE25519
#ifdef MODULE_WOLFCRYPT_CURVE25519
# define HAVE_CURVE25519
# define CURVE25519_SMALL
#endif
/* ed25519 */
#undef HAVE_ED25519
#ifdef MODULE_WOLFCRYPT_ED25519
# define HAVE_ED25519
# define ED25519_SMALL
#endif
/* AES */
#undef NO_AES
#undef NO_CODING
#undef NO_CMAC
#ifndef MODULE_WOLFCRYPT_AES
# define NO_AES
#endif
#ifndef MODULE_WOLFCRYPT_CMAC
# define NO_CMAC
#endif
#ifndef MODULE_WOLFCRYPT_CODING
# define NO_CODING
#endif
/* ASN */
#ifndef MODULE_WOLFCRYPT_ASN
# define NO_ASN
#endif
/* HMAC */
#ifndef MODULE_WOLFCRYPT_HMAC
# define NO_HMAC
#endif
#undef NO_SHA
#ifndef MODULE_WOLFCRYPT_SHA
# define NO_SHA
#else
# define USE_SLOW_SHA
# define USE_SLOW_SHA2
#endif
/* SHA-2 */
#undef HAVE_SHA512
#undef HAVE_SHA384
#undef WOLFSSL_SHA384
#undef WOLFSSL_SHA512
#ifdef MODULE_WOLFCRYPT_SHA512
# define HAVE_SHA384
# define HAVE_SHA512
# define WOLFSSL_SHA384
# define WOLFSSL_SHA512
# define USE_SLOW_SHA512
#endif
/* SHA-3 Keccac */
#undef WOLFSSL_SHA3
#ifdef MODULE_WOLFCRYPT_SHA3
# define WOLFSSL_SHA3
#endif
/* ecc */
#undef HAVE_ECC
#ifdef MODULE_WOLFCRYPT_ECC
#define HAVE_ECC
#define FP_ECC
#define WOLFSSL_HAVE_SP_ECC
#define ECC_TIMING_RESISTANT
#endif
#undef HAVE_BLAKE2B
#ifdef MODULE_WOLFCRYPT_BLAKE2B
# define HAVE_BLAKE2B
#endif
#undef HAVE_CAMELLIA
#ifdef MODULE_WOLFCRYPT_CAMELLIA
# define HAVE_CAMELLIA
#endif
#undef HAVE_IDEA
#ifdef MODULE_WOLFCRYPT_IDEA
# define HAVE_IDEA
#endif
#undef HAVE_HC128
#ifdef MODULE_WOLFCRYPT_HC128
# define HAVE_HC128
#endif
#undef HAVE_PKCS7
#ifdef MODULE_WOLFCRYPT_PKCS7
# define HAVE_PKCS7
#endif
/* PKCS12 */
#undef NO_PKCS12
#ifndef MODULE_WOLFCRYPT_PKCS12
# define NO_PKCS12
#endif
/* PWDBASED */
#undef NO_PWDBASED
#ifndef MODULE_WOLFCRYPT_PWDBASED
# define NO_PWDBASED
#endif
#undef HAVE_LIBZ
#ifdef MODULE_WOLFCRYPT_COMPRESS
# define HAVE_LIBZ
#endif
/* rsa */
#ifdef MODULE_WOLFCRYPT_RSA
# define HAVE_RSA
# define RSA_LOW_MEM
# define WC_RSA_BLINDING
#else
# define NO_RSA
#endif
/* 3-DES */
#undef NO_DES3
#ifndef MODULE_WOLFCRYPT_DES3
# define NO_DES3
#endif
/* DH */
#undef NO_DH
#ifndef MODULE_WOLFCRYPT_DH
# define NO_DH
#endif
/* DSA */
#undef NO_DSA
#ifndef MODULE_WOLFCRYPT_DSA
# define NO_DSA
#endif
/* MD2 */
#undef WOLFSSL_MD2
#ifdef MODULE_WOLFSSL_MD2
#define WOLFSSL_MD2
#endif
/* MD4 */
#undef NO_MD4
#ifndef MODULE_WOLFCRYPT_MD4
# define NO_MD4
#endif
/* RABBIT */
#undef NO_RABBIT
#ifndef MODULE_WOLFCRYPT_RABBIT
# define NO_RABBIT
#endif
/* MD5 */
#undef NO_MD5
#ifndef MODULE_WOLFCRYPT_MD5
# define NO_MD5
#endif
/* ripe-md */
#undef WOLFSSL_RIPEMD
#ifdef MODULE_WOLFCRYPT_RIPEMD
# define WOLFSSL_RIPEMD
#endif
/* signature wrapper */
#undef NO_SIG_WRAPPER
#ifndef MODULE_WOLFCRYPT_SIGNATURE
# define NO_SIG_WRAPPER
#endif
/* SRP */
#undef HAVE_SRP
#ifdef MODULE_WOLFCRYPT_SRP
#define HAVE_SRP
#endif
/** TLS Options **/
#undef HAVE_OCSP
#ifdef MODULE_WOLFSSL_OCSP
#define HAVE_OCSP
#endif
#undef HAVE_CRL
#ifdef MODULE_WOLFSSL_CRL
#define HAVE_CRL
#endif
#undef HAVE_TLS13
#ifdef MODULE_WOLFSSL_TLS13
#define HAVE_TLS13
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define BUILD_TLS_AES_128_GCM_SHA256
#endif
#ifdef __cplusplus
}
#endif
#endif /* USER_SETTINGS_H */

3
pkg/wolfssl/sock_tls/Makefile Normal file
View File

@ -0,0 +1,3 @@
MODULE := sock_tls
include $(RIOTBASE)/Makefile.base

119
pkg/wolfssl/sock_tls/sock_tls.c Normal file
View File

@ -0,0 +1,119 @@
/* Copyright (C) 2014 Freie Universität Berlin
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*
* **** This file incorporates work covered by the following copyright and ****
* **** permission notice: ****
*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*
*/
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <net/sock.h>
#include <wolfssl/ssl.h>
#define MODE_TLS 0
#define MODE_DTLS 1
void sock_dtls_close(sock_tls_t *sk)
{
sock_udp_close(&sk->conn.udp);
}
void sock_dtls_set_endpoint(sock_tls_t *sk, const sock_udp_ep_t *addr)
{
printf("wolfSSL: Setting peer address and port\n");
memcpy(&sk->peer_addr, addr, sizeof (sock_udp_ep_t));
}
int sock_dtls_create(sock_tls_t *sock, const sock_udp_ep_t *local, const sock_udp_ep_t *remote, uint16_t flags, WOLFSSL_METHOD *method)
{
int ret;
if (!sock)
return -EINVAL;
XMEMSET(sock, 0, sizeof(sock_tls_t));
sock->ctx = wolfSSL_CTX_new(method);
if (!sock->ctx)
return -ENOMEM;
ret = sock_udp_create(&sock->conn.udp, local, remote, flags);
if (ret < 0) {
XFREE(sock->ctx, NULL, 0);
return ret;
}
if (remote) {
XMEMCPY(&sock->peer_addr, remote, sizeof(sock_udp_ep_t));
}
wolfSSL_SetIORecv(sock->ctx, GNRC_Receive);
wolfSSL_SetIOSend(sock->ctx, GNRC_SendTo);
return 0;
}
static int tls_session_create(sock_tls_t *sk)
{
if (!sk || !sk->ctx)
return -EINVAL;
sk->ssl = wolfSSL_new(sk->ctx);
if (sk->ssl == NULL) {
printf("Error allocating ssl session\n");
return -ENOMEM;
}
wolfSSL_SetIOReadCtx(sk->ssl, sk);
wolfSSL_SetIOWriteCtx(sk->ssl, sk);
return 0;
}
static void tls_session_destroy(sock_tls_t *sk)
{
if (!sk || sk->ssl)
return;
wolfSSL_free(sk->ssl);
}
int sock_dtls_session_create(sock_tls_t *sk)
{
return tls_session_create(sk);
}
void sock_dtls_session_destroy(sock_tls_t *sk)
{
tls_session_destroy(sk);
}
#ifdef MODULE_SOCK_TCP
/* TODO */
#endif
#include <ctype.h>
int strncasecmp(const char *s1, const char * s2, unsigned int sz)
{
for( ; sz>0; sz--)
if(toupper(*s1++) != toupper(*s2++))
return 1;
return 0;
}

339
pkg/wolfssl/sock_tls/sock_tls.h Normal file
View File

@ -0,0 +1,339 @@
/* @defgroup module sock_tls
* @ingroup pkg_wolfssl
* @brief Sock submodule for TLS/DTLS sessions
*
* How To Use
* ----------
* First you need to @ref including-modules "include" a module that implements
* this API in your application's Makefile.
*
* The `sock_tls` module requires the `wolfssl` package.
*
* The application's Makefile should at lease contain the following:
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {Makefile}
*
* USEPKG += wolfssl
* USEMODULE+=sock_tls
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
*
* ### A Simple DTLS Server
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c}
* #include <wolfssl/ssl.h>
* #include <sock_tls.h>
*
* #include <stdio.h>
* #include <inttypes.h>
*
* #include <net/sock/udp.h>
*
* #include <stdio.h>
* #include <stdlib.h>
* #include <string.h>
*
* #define SERVER_PORT 11111
* #define DEBUG 1
* extern const unsigned char server_cert[788];
* extern const unsigned char server_key[121];
* extern unsigned int server_cert_len;
* extern unsigned int server_key_len;
*
* static sock_tls_t skv;
* static sock_tls_t *sk = &skv;
* static const char Test_dtls_string[] = "DTLS OK!";
*
* int main(void)
* {
* char buf[64];
* int ret;
* sock_udp_ep_t local = SOCK_IPV6_EP_ANY;
* local.port = SERVER_PORT;
*
* if (sock_dtls_create(sk, &local, NULL, 0, wolfDTLSv1_2_server_method()) != 0) {
* printf("Failed to create DTLS socket context\r\n");
* return -1;
* }
* if (wolfSSL_CTX_use_certificate_buffer(sk->ctx, server_cert,
* server_cert_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS)
* {
* printf("Failed to load certificate from memory.\r\n");
* return -1;
* }
*
* if (wolfSSL_CTX_use_PrivateKey_buffer(sk->ctx, server_key,
* server_key_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS)
* {
* printf("Failed to load private key from memory.\r\n");
* return -1;
* }
* ret = sock_dtls_session_create(sk);
* if (ret < 0)
* {
* printf("Failed to create DTLS session (err: %s)\r\n", strerror(-ret));
* return -1;
* }
* printf("Listening on %d\n", SERVER_PORT);
* while(1) {
* ret = wolfSSL_accept(sk->ssl);
* if (ret != SSL_SUCCESS) {
* continue;
* }
* printf("Connection accepted\r\n");
* ret = wolfSSL_read(sk->ssl, buf, 64);
* if (ret > 0) {
* buf[ret] = (char)0;
* printf("Received '%s'\r\n", buf);
* }
* printf("Sending 'DTLS OK'...\r\n");
* wolfSSL_write(sk->ssl, Test_dtls_string, sizeof(Test_dtls_string));
* printf("Closing connection.\r\n");
* sock_dtls_session_destroy(sk);
* sock_dtls_close(sk);
* break;
* }
* return 0;
* }
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
* Above you see a simple DTLS echo server. It is important to at least include
* @ref including-modules "include" the IPv6 module of your networking
* implementation (e.g. `gnrc_ipv6_default` for @ref net_gnrc GNRC) and at least
* one network device.
* A separate file should define the buffers used as certificate and private key,
* in the variables `server_cert`, `private_key` respectively.
*
* After including all the needed header files, we use a global object to store
* the context for incoming DTLS communication. The object contains the reference
* to the wolfSSL context, the SSL session and the underlying transport socket.
*
* For simplicity, we will refer to the address of the object in the static memory,
* through the pointer `sk`.
*
* A constant test string is used later as a reply to incoming connections.
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c}
* static sock_tls_t skv;
* static sock_tls_t *sk = &skv;
*
* static const char Test_dtls_string[] = "DTLS OK!";
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
* In the same way as a normal @ref net_sock_udp "UDP socket", in order to be able to
* listen for incoming packets, we bind the `sock` by setting a local endpoint with
* a port (`11111` in this case).
*
* We then proceed to create the `sock`. It is bound to `local` and thus listens
* for UDP packets with @ref udp_hdr_t::dst_port "destination port" `12345`.
* Since we don't need any further configuration we set the flags to 0.
* The method argument determines which kind of wolfSSL context is associated to
* the socket.
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c}
* sock_udp_ep_t local = SOCK_IPV6_EP_ANY;
* local.port = SERVER_PORT;
*
* if (sock_dtls_create(sk, &local, NULL, 0, wolfDTLSv1_2_server_method()) != 0) {
* printf("ERROR: Unable to create DTLS sock\r\n");
* return -1;
* }
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
* By default, all sock_tls operations in a DTLS context are blocking for a
* limited amount of time, which depends on the DTLS session timeout. To modify
* the timeout, use `wolfSSL_dtls_set_timeout_init(sk->ssl)`.
*
* Certificate and private key for the server context are loaded from a previously
* initialized section in memory:
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c}
* if (wolfSSL_CTX_use_certificate_buffer(sk->ctx, server_cert,
* server_cert_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS)
* {
* printf("Failed to load certificate from memory.\r\n");
* return -1;
* }
*
* if (wolfSSL_CTX_use_PrivateKey_buffer(sk->ctx, server_key,
* server_key_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS)
* {
* printf("Failed to load private key from memory.\r\n");
* return -1;
* }
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
* Once the context is configured, the SSL session can be initialized.
*
* The listening sock automatically takes care of the DTLS handshake.
* When the session is established, `wolfSSL_accept()` will finally return
* `SSL_SUCCESS`.
*
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c}
* ret = sock_dtls_session_create(sk);
* if (ret < 0)
* {
* printf("Failed to create DTLS session (err: %s)\r\n", strerror(-ret));
* return -1;
* }
* printf("Listening on %d\n", SERVER_PORT);
* while(1) {
* ret = wolfSSL_accept(sk->ssl);
* if (ret != SSL_SUCCESS) {
* continue;
* }
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
* At this point, the session is established, and encrypted data can be exchanged
* using `wolfSSL_read()` and `wolfSSL_write()`:
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c}
* ret = wolfSSL_read(sk->ssl, buf, 64);
* if (ret > 0) {
* buf[ret] = (char)0;
* printf("Received '%s'\r\n", buf);
* }
* printf("Sending 'DTLS OK'...\r\n");
* wolfSSL_write(sk->ssl, Test_dtls_string, sizeof(Test_dtls_string));
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
* The session is terminated, and the associated socket is closed.
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c}
* sock_dtls_session_destroy(sk);
* sock_dtls_close(sk);
* break;
* }
* return 0;
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
*/
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <net/sock.h>
#include <wolfssl/ssl.h>
#ifndef SOCK_TLS_H
#define SOCK_TLS_H
#ifdef __cplusplus
extern "C" {
#endif
#define MODE_TLS 0
#define MODE_DTLS 1
#define MODE_TLS 0
#define MODE_DTLS 1
/**
* @brief Creates a new DTLS sock object.
*
* @pre `(sock != NULL)`
* @pre `(remote == NULL) || (remote->port != 0)`
*
* @param[out] sock The resulting sock object.
* @param[in] local Local end point for the sock object.
* May be NULL.
* sock_udp_ep_t::netif must either be
* @ref SOCK_ADDR_ANY_NETIF or equal to
* sock_udp_ep_t::netif of @p remote if `remote != NULL`.
* If NULL @ref sock_udp_send() may bind implicitly.
* sock_udp_ep_t::port may also be 0 to bind the `sock` to
* an ephemeral port.
* @param[in] remote Remote end point for the sock object.
* May be `NULL` but then the `remote` parameter of
* @ref sock_udp_send() may not be `NULL` or it will
* always error with return value -ENOTCONN.
* sock_udp_ep_t::port must not be 0 if `remote != NULL`.
* sock_udp_ep_t::netif must either be
* @ref SOCK_ADDR_ANY_NETIF or equal to sock_udp_ep_t::netif
* of @p local if `local != NULL`.
* @param[in] flags Flags for the sock object. See also
* [sock flags](@ref net_sock_flags).
* May be 0.
* @param[in] method Defines the SSL or TLS protocol for the client or server to use.
* There are several options for selecting the desired protocol.
* wolfSSL currently supports DTLS 1.0, and DTLS 1.2. Each of these
* protocols have a corresponding function that can be used as last
* argument to `sock_dtls_create`. The possible client and server
* protocol options are: `wolfDTLSv1_client_method()`, `wolfDTLSv1_server_method()`,
* `wolfDTLSv1_2_client_method()` and `wolfDTLSv1_server_method`.
*
* @return 0 on success.
* @return -EADDRINUSE, if `local != NULL` and @p local is already used
* elsewhere or if `local->port == 0` but the pool of ephemeral ports
* is depleted
* @return -EAFNOSUPPORT, if `local != NULL` or `remote != NULL` and
* sock_udp_ep_t::family of @p local or @p remote is not supported.
* @return -EINVAL, if sock_udp_ep_t::addr of @p remote is an invalid address.
* @return -EINVAL, if sock_udp_ep_t::netif of @p local or @p remote are not a
* valid interfaces or contradict each other (i.e.
* `(local->netif != remote->netif) &&
* ((local->netif != SOCK_ADDR_ANY_NETIF) ||
* (remote->netif != SOCK_ADDR_ANY_NETIF))` if neither is `NULL`).
* @return -ENOMEM, if not enough resources can be provided for `sock` to be
* created, 0 upon success.
*/
int sock_dtls_create(sock_tls_t *sock, const sock_udp_ep_t *local, const sock_udp_ep_t *remote, uint16_t flags, WOLFSSL_METHOD *method);
/**
* @brief Sets the endpoint address for the remote DTLS peer associated to this sock object
*
* @pre `(sk != NULL)`
* @pre `(addr != NULL)`
*
* @param[in] sock The resulting sock object.
* @param[in] addr Remote end point for the DTLS session.
*
*/
void sock_dtls_set_endpoint(sock_tls_t *sk, const sock_udp_ep_t *addr);
/**
* @brief Creates a new DTLS session from an existing `sock_tls_t` object.
*
* @pre `(sk != NULL)`
*
* @param[in] sock The sock object previously created using @ref sock_dtls_create
*
* @return 0 on success.
* @return -EINVAL, if @sock is null or the SSL context is not initialized yet.
* @return -ENOMEM, if not enough resources can be provided for the session to be
* created
*/
int sock_dtls_session_create(sock_tls_t *sk);
/**
* @brief Destroys the DTLS session associated to the sock object.
*
* @pre `(sk != NULL)`
*
* @param[in] sk The sock object containing the session to destroy.
*
*/
void sock_dtls_session_destroy(sock_tls_t *sk);
/**
* @brief Closes the socket connection associated to the DTLS session.
*
* @pre `(sk != NULL)`
*
* @param[in] sk The sock object containing the UDP socket to close.
*
*/
void sock_dtls_close(sock_tls_t *sk);
#ifdef MODULE_SOCK_TCP
/* TODO */
#endif
#ifdef __cplusplus
}
#endif
#endif /* SOCK_TLS_H */

25
tests/wolfcrypt-ed25519-verify/Makefile Normal file
View File

@ -0,0 +1,25 @@
# name of your application
APPLICATION = wolfcrypt-ed25519-verify
# If no BOARD is found in the environment, use this default:
BOARD ?= native
# This has to be the absolute path to the RIOT base directory:
RIOTBASE ?= $(CURDIR)/../..
# Comment this out to disable code in RIOT that does safety checking
# which is not needed in a production environment but helps in the
# development process:
DEVELHELP ?= 1
# Change this to 0 show compiler invocation lines by default:
QUIET ?= 1
CFLAGS+=-DNO_ED25519_SIGN -DNO_ED25519_KEY_EXPORT
USEPKG +=wolfssl
USEMODULE += wolfssl
USEMODULE += wolfcrypt
USEMODULE += wolfcrypt_ed25519
include $(RIOTBASE)/Makefile.include

16
tests/wolfcrypt-ed25519-verify/README.md Normal file
View File

@ -0,0 +1,16 @@
# wolfCrypt Ed25519 verify routine test
This is a demo of a signature verification using wolfCrypt.
wolfCrypt is part of [wolfSSL](https://www.wolfss.com) which provides several different cryptographic services.
In this test, a text message is signed using Edwards-curve digital signature algorithm,
using the Ed25519 signature scheme.
## How it works
The message and its signature are hardcoded in the example. To create a new
signed message, you may use the host-application `ed25519_sign_msg` under `tools/`,
which generates a new EdDSA key pair, and produces a signature for the test message.
The demo verifies the authenticity of the message via `wc_ed25519_verify_msg`.

91
tests/wolfcrypt-ed25519-verify/main.c Normal file
View File

@ -0,0 +1,91 @@
/*
* Copyright (C) 2014 Freie Universität Berlin
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*
* **** This file incorporates work covered by the following copyright and ****
* **** permission notice: ****
*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*
*/
/**
* @ingroup examples
* @{
*
* @file
* @brief ed25519 signature verification application
*
* @author wolfSSL <info@wolfssl.com>
*
* @}
*/
#include <stdio.h>
#include <stdint.h>
#include <wolfssl/wolfcrypt/ed25519.h>
const uint8_t ed_public_key[ED25519_KEY_SIZE] = {
0x9A, 0xBC, 0xA2, 0xE2, 0x4D, 0x19, 0x9E, 0x02,
0x72, 0x69, 0x19, 0xE1, 0x05, 0x39, 0x3A, 0x08,
0xC9, 0x9C, 0xDD, 0xA9, 0x28, 0x45, 0x8B, 0x37,
0x9E, 0xCA, 0x20, 0x02, 0xBC, 0x7A, 0x2E, 0xC2
};
const uint8_t msg[] = "Hello World!";
const uint8_t msg_signature[ED25519_SIG_SIZE] = {
0x8A, 0xD3, 0xEA, 0x8F, 0x08, 0x8B, 0x8C, 0x41,
0x61, 0x36, 0x51, 0xF4, 0x49, 0x6E, 0xD2, 0xCB,
0xD6, 0xAC, 0x7B, 0x61, 0xD8, 0x3B, 0xE0, 0x1C,
0xA7, 0xED, 0x72, 0x33, 0xA3, 0xB4, 0xE7, 0xBA,
0x90, 0x47, 0xC9, 0xAE, 0x48, 0x48, 0x4A, 0x78,
0x46, 0x63, 0x25, 0x44, 0xA5, 0x82, 0x0F, 0x4A,
0x9A, 0x5A, 0x0E, 0x3F, 0xF5, 0xB1, 0x97, 0xAD,
0xB5, 0x48, 0x26, 0x45, 0xD6, 0xC7, 0x00, 0x06
};
int main(void)
{
int stat;
int ret;
ed25519_key key;
printf("You are running RIOT on a(n) %s board.\n", RIOT_BOARD);
printf("This board features a(n) %s MCU.\n", RIOT_MCU);
printf("\n\n\n");
wc_ed25519_init(&key);
puts("Starting ed25519 test.");
ret = wc_ed25519_import_public(ed_public_key, ED25519_KEY_SIZE, &key);
if (ret != 0) {
printf("Error importing public key for signature verification (%d)\n", ret);
return 1;
}
if ((wc_ed25519_verify_msg(msg_signature, ED25519_SIG_SIZE, msg, 12, &stat, &key) < 0) || (stat == 0)) {
printf("The signature is not valid!\n");
} else {
printf("The signature is valid!\n");
}
return 0;
}

8
tests/wolfcrypt-ed25519-verify/tools/Makefile Normal file
View File

@ -0,0 +1,8 @@
all: ed25519_sign_msg
ed25519_sign_msg: ed25519_sign_msg.c
gcc -o $@ $^ -lwolfssl -DHAVE_ED25519 -DWOLFCRYPT_ONLY -DTFM_TIMING_RESISTANT -DNO_RSA -DECC_TIMING_RESISTANT
clean:
@rm -f ed25519_sign_msg

98
tests/wolfcrypt-ed25519-verify/tools/ed25519_sign_msg.c Normal file
View File

@ -0,0 +1,98 @@
/*
* Copyright (C) 2014 Freie Universität Berlin
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*
* **** This file incorporates work covered by the following copyright and ****
* **** permission notice: ****
* Copyright (C) 2006-2018 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*
*/
#include <stdint.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/ed25519.h>
void print_buf(uint8_t *buf, int len)
{
int i;
for (i = 0; i < len; i++) {
int p = i % 8;
if (p == 0)
printf("\t");
printf("0x%02X", buf[i]);
if (i < len - 1)
printf(",");
if (p == 7)
printf("\n");
else
printf(" ");
}
}
void print_key(void *key_in)
{
uint8_t * key = key_in;
print_buf(key, ED25519_KEY_SIZE);
}
void print_sig(void *sig_in)
{
uint8_t * sig = sig_in;
print_buf(sig, ED25519_SIG_SIZE);
}
int main(void)
{
uint8_t priv[ED25519_KEY_SIZE], pub[ED25519_KEY_SIZE];
uint8_t sig[ED25519_SIG_SIZE];
uint32_t outlen;
RNG rng;
ed25519_key key;
wc_ed25519_init(&key);
wc_InitRng(&rng);
if (wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key) != 0) {
printf("Failed to create ED25519 key!\n");
exit(1);
}
outlen = ED25519_KEY_SIZE;
wc_ed25519_export_private_only(&key, priv, &outlen);
printf("const uint8_t ed_private_key[ED25519_KEY_SIZE] = {\n");
print_key(priv);
printf("};\n\n");
outlen = ED25519_KEY_SIZE;
wc_ed25519_export_public(&key, pub, &outlen);
printf("const uint8_t ed_public_key[ED25519_KEY_SIZE] = {\n");
print_key(pub);
printf("};\n\n");
printf("const uint8_t msg[] = \"Hello World!\";\n\n");
printf("const uint8_t msg_signature[ED25519_SIG_SIZE] = {\n");
outlen = ED25519_SIG_SIZE;
wc_ed25519_sign_msg("Hello World!", 12, sig, &outlen, &key);
print_sig(sig);
printf("};\n\n");
exit(0);
}

48
tests/wolfssl_crypto_benchmark/Makefile Normal file
View File

@ -0,0 +1,48 @@
APPLICATION = wolf_crypto_benchark
# If no BOARD is found in the environment, use this default:
#BOARD ?= native
BOARD ?= samd21-xpro #Currently missing implementation for strncasecmp
#BOARD ?= pic32-wifire
#BOARD ?= frdm-k64f
#BOARD ?= stm32f4discovery
# BOARD_WHITELIST := To Be Determined
# BOARD_BLACKLIST := To Be Determined
# BOARD_INSUFFICIENT_MEMORY := To Be Determined
# This has to be the absolute path to the RIOT base directory:
RIOTBASE ?= $(CURDIR)/../..
# Used for inserting debug symbols into library for portability
# testing on Ubuntu 16.04 LTS w/ gcc v 5.4.0
#CFLAGS += -g
#LDFLAGS += -g
# Necessary to set the stacksize on Ubuntu Native device when using
# gcc v 5.4.0 on 16.04 LTS
# This is an optimized stack value based on testing, if you observe
# a segmentation fault please increase this stack size.
CFLAGS += -DTHREAD_STACKSIZE_MAIN=20000
# Change this to 0 show compiler invocation lines by default:
QUIET ?= 1
# May need these for seeding wolfCrypt DRBG
#USEMODULE += random
#USEMODULE += prng_minstd
USEPKG += wolfssl
USEMODULE += wolfcrypt wolfcrypt-benchmark wolfcrypt_sha512 wolfcrypt_curve25519 \
wolfcrypt_ed25519 wolfcrypt_chacha wolfcrypt_poly1305 wolfcrypt_aes \
wolfcrypt_ecc wolfcrypt_asn wolfcrypt_random
ifneq (native, $(BOARD))
# for TCP/IP recommend working with lwip or other third-party TCP/IP stack.
# Also need third-party string library if attempting to use ecc that will
# implement strncasecomp
# USEPKG += lwip
# export CFLAGS += "-DHAVE_LWIP_NATIVE=1"
endif
include $(RIOTBASE)/Makefile.include

4
tests/wolfssl_crypto_benchmark/README.md Normal file
View File

@ -0,0 +1,4 @@
# wolfSSL on RIOT
This application measures the performance of wolfCrypt libraries in wolfSSL
from [wolfSSL Inc](https://www.wolfssl.com) on RIOT.

44
tests/wolfssl_crypto_benchmark/main.c Normal file
View File

@ -0,0 +1,44 @@
/*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/**
* @ingroup examples
* @{
*
* @file
* @brief wolfSSL cryptographic benchmark application
*
* @author Kaleb J. Himes <kaleb@wolfssl.com>
*
* @}
*/
#include <stdio.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfcrypt/benchmark/benchmark.h>
int main(void)
{
puts("wolfSSL Crypto Benchmarks!");
benchmark_test(NULL);
return 0;
}

47
tests/wolfssl_crypto_test/Makefile Normal file
View File

@ -0,0 +1,47 @@
APPLICATION = wolf_crypto_test
# If no BOARD is found in the environment, use this default:
#BOARD ?= native
#BOARD ?= samd21-xpro #Currently missing implementation for strncasecmp
#BOARD ?= pic32-wifire
#BOARD ?= frdm-k64f
BOARD ?= stm32f4discovery
# BOARD_WHITELIST := To Be Determined
# BOARD_BLACKLIST := To Be Determined
# BOARD_INSUFFICIENT_MEMORY := To Be Determined
# This has to be the absolute path to the RIOT base directory:
RIOTBASE ?= $(CURDIR)/../..
# Used for inserting debug symbols into library for portability
# testing on Ubuntu 16.04 LTS w/ gcc v 5.4.0
#CFLAGS += -g
#LDFLAGS += -g
# Necessary to set the stacksize on Ubuntu Native device when using
# gcc v 5.4.0 on 16.04 LTS
# This is an optimized stack value based on testing, if you observe
# a segmentation fault please increase this stack size.
CFLAGS += -DTHREAD_STACKSIZE_MAIN=35000
# Change this to 0 show compiler invocation lines by default:
QUIET ?= 1
# May need these for seeding wolfCrypt DRBG
#USEMODULE += prng_minstd
USEPKG += wolfssl
USEMODULE += wolfcrypt wolfcrypt-test wolfcrypt_sha512 wolfcrypt_curve25519 \
wolfcrypt_ed25519 wolfcrypt_chacha wolfcrypt_poly1305 wolfcrypt_aes \
wolfcrypt_ecc wolfcrypt_asn wolfcrypt_random
ifneq (native, $(BOARD))
# for TCP/IP recommend working with lwip or other third-party TCP/IP stack.
# Also need third-party string library if attempting to use ecc that will
# implement strncasecomp
# USEPKG += lwip
# export CFLAGS += "-DHAVE_LWIP_NATIVE=1"
endif
include $(RIOTBASE)/Makefile.include

4
tests/wolfssl_crypto_test/README.md Normal file
View File

@ -0,0 +1,4 @@
# wolfSSL on RIOT
This application demonstrates the underlying wolfCrypt libraries in wolfSSL
from [wolfSSL Inc](https://www.wolfssl.com) on RIOT.

43
tests/wolfssl_crypto_test/main.c Normal file
View File

@ -0,0 +1,43 @@
/*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/**
* @ingroup examples
* @{
*
* @file
* @brief wolfSSL cryptographic library test
*
* @author Kaleb J. Himes <kaleb@wolfssl.com>
*
* @}
*/
#include <stdio.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfcrypt/test/test.h>
int main(void)
{
puts("wolfSSL Crypto Test!");
wolfcrypt_test(NULL);
return 0;
}