From b3f32f83bb8283b0ff17c403cf1feb9d71b91f67 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Mon, 10 Jul 2017 13:33:07 -0600 Subject: [PATCH] wolfSSL pkg with examples --- examples/dtls-wolfssl/Makefile | 57 +++ examples/dtls-wolfssl/README.md | 43 +++ examples/dtls-wolfssl/cert.c | 83 +++++ examples/dtls-wolfssl/dtls-client.c | 128 +++++++ examples/dtls-wolfssl/dtls-server.c | 135 +++++++ examples/dtls-wolfssl/main.c | 76 ++++ examples/wolfssl_client/Makefile | 55 +++ examples/wolfssl_client/README.md | 4 + .../application_user_settings.h | 43 +++ examples/wolfssl_client/certs/ca-cert.pem | 87 +++++ examples/wolfssl_client/main.c | 158 ++++++++ examples/wolfssl_server/Makefile | 57 +++ examples/wolfssl_server/README.md | 4 + .../application_user_settings.h | 41 +++ examples/wolfssl_server/certs/server-cert.pem | 173 +++++++++ examples/wolfssl_server/certs/server-key.pem | 27 ++ examples/wolfssl_server/main.c | 189 ++++++++++ pkg/wolfssl/Makefile | 17 + pkg/wolfssl/Makefile.dep | 77 ++++ pkg/wolfssl/Makefile.include | 37 ++ pkg/wolfssl/Makefile.wolfcrypt | 33 ++ pkg/wolfssl/Makefile.wolfcrypt-benchmark | 8 + pkg/wolfssl/Makefile.wolfcrypt-test | 8 + pkg/wolfssl/Makefile.wolfssl | 8 + pkg/wolfssl/doc.txt | 184 ++++++++++ pkg/wolfssl/include/user_settings.h | 308 ++++++++++++++++ pkg/wolfssl/sock_tls/Makefile | 3 + pkg/wolfssl/sock_tls/sock_tls.c | 119 ++++++ pkg/wolfssl/sock_tls/sock_tls.h | 339 ++++++++++++++++++ tests/wolfcrypt-ed25519-verify/Makefile | 25 ++ tests/wolfcrypt-ed25519-verify/README.md | 16 + tests/wolfcrypt-ed25519-verify/main.c | 91 +++++ tests/wolfcrypt-ed25519-verify/tools/Makefile | 8 + .../tools/ed25519_sign_msg.c | 98 +++++ tests/wolfssl_crypto_benchmark/Makefile | 48 +++ tests/wolfssl_crypto_benchmark/README.md | 4 + tests/wolfssl_crypto_benchmark/main.c | 44 +++ tests/wolfssl_crypto_test/Makefile | 47 +++ tests/wolfssl_crypto_test/README.md | 4 + tests/wolfssl_crypto_test/main.c | 43 +++ 40 files changed, 2929 insertions(+) create mode 100644 examples/dtls-wolfssl/Makefile create mode 100644 examples/dtls-wolfssl/README.md create mode 100644 examples/dtls-wolfssl/cert.c create mode 100644 examples/dtls-wolfssl/dtls-client.c create mode 100644 examples/dtls-wolfssl/dtls-server.c create mode 100644 examples/dtls-wolfssl/main.c create mode 100644 examples/wolfssl_client/Makefile create mode 100644 examples/wolfssl_client/README.md create mode 100644 examples/wolfssl_client/application_user_settings.h create mode 100644 examples/wolfssl_client/certs/ca-cert.pem create mode 100644 examples/wolfssl_client/main.c create mode 100644 examples/wolfssl_server/Makefile create mode 100644 examples/wolfssl_server/README.md create mode 100644 examples/wolfssl_server/application_user_settings.h create mode 100644 examples/wolfssl_server/certs/server-cert.pem create mode 100644 examples/wolfssl_server/certs/server-key.pem create mode 100644 examples/wolfssl_server/main.c create mode 100644 pkg/wolfssl/Makefile create mode 100644 pkg/wolfssl/Makefile.dep create mode 100644 pkg/wolfssl/Makefile.include create mode 100644 pkg/wolfssl/Makefile.wolfcrypt create mode 100644 pkg/wolfssl/Makefile.wolfcrypt-benchmark create mode 100644 pkg/wolfssl/Makefile.wolfcrypt-test create mode 100644 pkg/wolfssl/Makefile.wolfssl create mode 100644 pkg/wolfssl/doc.txt create mode 100644 pkg/wolfssl/include/user_settings.h create mode 100644 pkg/wolfssl/sock_tls/Makefile create mode 100644 pkg/wolfssl/sock_tls/sock_tls.c create mode 100644 pkg/wolfssl/sock_tls/sock_tls.h create mode 100644 tests/wolfcrypt-ed25519-verify/Makefile create mode 100644 tests/wolfcrypt-ed25519-verify/README.md create mode 100644 tests/wolfcrypt-ed25519-verify/main.c create mode 100644 tests/wolfcrypt-ed25519-verify/tools/Makefile create mode 100644 tests/wolfcrypt-ed25519-verify/tools/ed25519_sign_msg.c create mode 100644 tests/wolfssl_crypto_benchmark/Makefile create mode 100644 tests/wolfssl_crypto_benchmark/README.md create mode 100644 tests/wolfssl_crypto_benchmark/main.c create mode 100644 tests/wolfssl_crypto_test/Makefile create mode 100644 tests/wolfssl_crypto_test/README.md create mode 100644 tests/wolfssl_crypto_test/main.c diff --git a/examples/dtls-wolfssl/Makefile b/examples/dtls-wolfssl/Makefile new file mode 100644 index 0000000000..fbb6a5a9db --- /dev/null +++ b/examples/dtls-wolfssl/Makefile @@ -0,0 +1,57 @@ +# name of your application +APPLICATION = dtls_wolfssl + +# If no BOARD is found in the environment, use this default: +BOARD ?= native + +# This has to be the absolute path to the RIOT base directory: +RIOTBASE ?= $(CURDIR)/../.. + +# wolfSSL supports 32-bit architectures only +BOARD_BLACKLIST := arduino-duemilanove arduino-mega2560 arduino-uno chronos \ + jiminy-mega256rfr2 mega-xplained msb-430 msb-430h telosb \ + waspmote-pro wsn430-v1_3b wsn430-v1_4 z1 + +BOARD_INSUFFICIENT_MEMORY := airfy-beacon b-l072z-lrwan1 bluepill calliope-mini \ + cc2650-launchpad cc2650stk hifive1 maple-mini \ + microbit nrf51dongle nrf6310 nucleo-f031k6 \ + nucleo-f042k6 nucleo-f303k8 nucleo-l031k6 nucleo-f030r8 \ + nucleo-f070rb nucleo-f072rb nucleo-f103rb nucleo-f302r8 nucleo-f334r8 \ + nucleo-l053r8 nucleo-l073rz opencm904 \ + spark-core stm32f0discovery stm32mindev yunjia-nrf51822 + +# Include packages that pull up and auto-init the link layer. +# NOTE: 6LoWPAN will be included if IEEE802.15.4 devices are present +USEMODULE += gnrc_netdev_default +USEMODULE += auto_init_gnrc_netif +# Specify the mandatory networking modules for IPv6 and UDP +USEMODULE += gnrc_ipv6_default +USEMODULE += gnrc_sock_udp + +# Add also the shell, some shell commands +USEMODULE += shell +USEMODULE += shell_commands + +USEPKG += wolfssl +USEMODULE += wolfcrypt +USEMODULE += wolfssl +USEMODULE += wolfcrypt-test +USEMODULE += wolfcrypt_ecc +USEMODULE += wolfssl_dtls + +#CFLAGS+=-g -ggdb3 + +CFLAGS += -DDTLS_DEFAULT_PORT=$(DTLS_PORT) -DDTLS_WOLFSSL + +# FIXME: This is a temporary patch taken from the TinyDTLS example to ensure proper stack allocation +CFLAGS += -DTHREAD_STACKSIZE_MAIN=\(3*THREAD_STACKSIZE_DEFAULT\) + +# Comment this out to disable code in RIOT that does safety checking +# which is not needed in a production environment but helps in the +# development process: +CFLAGS += -DDEVELHELP + +# Change this to 0 show compiler invocation lines by default: +QUIET ?= 0 + +include $(RIOTBASE)/Makefile.include diff --git a/examples/dtls-wolfssl/README.md b/examples/dtls-wolfssl/README.md new file mode 100644 index 0000000000..07599fe71d --- /dev/null +++ b/examples/dtls-wolfssl/README.md @@ -0,0 +1,43 @@ +# dtls_wolfssl example + +This example shows how to use DTLS with wolfSSL + +## SOCK vs. Socket + +This example is configured to use socks instead of sockets (over GNRC). +It's possible to use sockets, which give a more similar approach to the +UNIX version of wolfSSL. + +## Fast configuration (Between RIOT instances) + +### Prepare the bridge interface linking two tuntap + +```bash + ./../../dist/tools/tapsetup/tapsetup --create 2 +``` + +## Testing + +### Run the server +```bash +$ make all; PORT=tap1 make term +> ifconfig +``` +*copy the server address* + +```bash +> dtlss +``` +### Run the client +```bash +$ PORT=tap0 make term +> dtlsc +``` +### Testing against host endpoints + +Riot-to-host can be tested against the DTLS examples provided in the [wolfSSL-examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/dtls) repository. + +## Boards + +Boards that do not support the `../gnrc_networking` example are included +in the `BOARD_INSUFFICIENT_MEMORY`, plus the board `cc2650stk`. diff --git a/examples/dtls-wolfssl/cert.c b/examples/dtls-wolfssl/cert.c new file mode 100644 index 0000000000..63941a373e --- /dev/null +++ b/examples/dtls-wolfssl/cert.c @@ -0,0 +1,83 @@ +const unsigned char server_cert[] = { + 0x30, 0x82, 0x03, 0x10, 0x30, 0x82, 0x02, 0xb5, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x09, 0x00, 0xef, 0x46, 0xc7, 0xa4, 0x9b, 0xbb, 0x60, 0xd3, + 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, + 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, + 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, + 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x6c, 0x69, 0x70, 0x74, 0x69, + 0x63, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x03, + 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, + 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, + 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5a, 0x30, 0x81, + 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, + 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x6c, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, + 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x03, 0x45, 0x43, + 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6, 0x4a, + 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36, 0xdb, 0x72, 0x2d, 0xce, 0x94, + 0xea, 0x2b, 0xfa, 0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61, 0x02, + 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a, 0x31, 0x5b, 0x97, 0x92, 0x21, + 0x7f, 0xf0, 0xcf, 0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8, 0x20, + 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8, 0xa3, 0x81, 0xf7, 0x30, 0x81, + 0xf4, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x5d, 0x5d, 0x26, 0xef, 0xac, 0x7e, 0x36, 0xf9, 0x9b, 0x76, 0x15, 0x2b, + 0x4a, 0x25, 0x02, 0x23, 0xef, 0xb2, 0x89, 0x30, 0x30, 0x81, 0xc4, 0x06, + 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, + 0x5d, 0x5d, 0x26, 0xef, 0xac, 0x7e, 0x36, 0xf9, 0x9b, 0x76, 0x15, 0x2b, + 0x4a, 0x25, 0x02, 0x23, 0xef, 0xb2, 0x89, 0x30, 0xa1, 0x81, 0x95, 0xa4, + 0x81, 0x92, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x6c, 0x69, 0x70, + 0x74, 0x69, 0x63, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, + 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, + 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x09, 0x00, 0xef, 0x46, 0xc7, 0xa4, 0x9b, + 0xbb, 0x60, 0xd3, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, + 0x00, 0xf1, 0xd0, 0xa6, 0x3e, 0x83, 0x33, 0x24, 0xd1, 0x7a, 0x05, 0x5f, + 0x1e, 0x0e, 0xbd, 0x7d, 0x6b, 0x33, 0xe9, 0xf2, 0x86, 0xf3, 0xf3, 0x3d, + 0xa9, 0xef, 0x6a, 0x87, 0x31, 0xb3, 0xb7, 0x7e, 0x50, 0x02, 0x21, 0x00, + 0xf0, 0x60, 0xdd, 0xce, 0xa2, 0xdb, 0x56, 0xec, 0xd9, 0xf4, 0xe4, 0xe3, + 0x25, 0xd4, 0xb0, 0xc9, 0x25, 0x7d, 0xca, 0x7a, 0x5d, 0xba, 0xc4, 0xb2, + 0xf6, 0x7d, 0x04, 0xc7, 0xbd, 0x62, 0xc9, 0x20 +}; +unsigned int server_cert_len = 788; +const unsigned char server_key[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x45, 0xb6, 0x69, 0x02, 0x73, + 0x9c, 0x6c, 0x85, 0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac, 0xc4, + 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c, 0x28, 0xdc, 0x34, 0x8d, 0xe1, + 0xa8, 0x09, 0x8c, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xbb, 0x33, 0xac, + 0x4c, 0x27, 0x50, 0x4a, 0xc6, 0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, + 0x36, 0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa, 0xcb, 0x20, 0x09, + 0x39, 0x2c, 0x16, 0xe8, 0x61, 0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, + 0x9a, 0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf, 0x18, 0xda, 0x91, + 0x11, 0x02, 0x34, 0x86, 0xe8, 0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, + 0xd8 +}; +unsigned int server_key_len = 121; diff --git a/examples/dtls-wolfssl/dtls-client.c b/examples/dtls-wolfssl/dtls-client.c new file mode 100644 index 0000000000..3af8f0f4e2 --- /dev/null +++ b/examples/dtls-wolfssl/dtls-client.c @@ -0,0 +1,128 @@ +/* + * Copyright (C) 2015 Freie Universität Berlin + * Copyright (C) 2018 Inria + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ +/* + * **** This file incorporates work covered by the following copyright and **** + * **** permission notice: **** + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + */ + +#include +#include +#include + +#include +#include +#include + +#define SERVER_PORT 11111 + +extern const unsigned char server_cert[788]; +extern const unsigned long server_cert_len; + +static sock_tls_t skv; +static sock_tls_t *sk = &skv; + +int dtls_client(int argc, char **argv) +{ + int ret = 0; + char buf[64] = "Hello from DTLS client!"; + int iface; + char *addr_str = argv[1]; + sock_udp_ep_t local = SOCK_IPV6_EP_ANY; + sock_udp_ep_t remote = SOCK_IPV6_EP_ANY; + + /* Parsing
[:]:Port */ + iface = ipv6_addr_split_iface(addr_str); + if (iface == -1) { + if (gnrc_netif_numof() == 1) { + /* assign the single interface found in gnrc_netif_numof() */ + remote.netif = (uint16_t)gnrc_netif_iter(NULL)->pid; + } + } + else { + if (gnrc_netif_get_by_pid(iface) == NULL) { + puts("ERROR: interface not valid"); + return -1; + } + remote.netif = (uint16_t)gnrc_netif_iter(NULL)->pid; + } + if (ipv6_addr_from_str((ipv6_addr_t *)remote.addr.ipv6, addr_str) == NULL) { + puts("ERROR: unable to parse destination address"); + return -1; + } + if (argc != 2) { + printf("Usage: %s \n", argv[0]); + return -1; + } + remote.port = SERVER_PORT; + if (sock_dtls_create(sk, &local, &remote, 0, wolfDTLSv1_2_client_method()) != 0) { + puts("ERROR: Unable to create DTLS sock"); + return -1; + } + + /* Disable certificate validation from the client side */ + wolfSSL_CTX_set_verify(sk->ctx, SSL_VERIFY_NONE, 0); + + /* Load certificate file for the DTLS client */ + if (wolfSSL_CTX_use_certificate_buffer(sk->ctx, server_cert, + server_cert_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS) + { + printf("Error loading cert buffer\n"); + return -1; + } + + /* attempt to connect until the connection is successful */ + do { + printf("connecting to server...\n"); + if (sock_dtls_session_create(sk) < 0) + return -1; + ret = wolfSSL_connect(sk->ssl); + if (ret != SSL_SUCCESS) { + sock_dtls_session_destroy(sk); + } + } while(ret != SSL_SUCCESS); + + /* set remote endpoint */ + sock_dtls_set_endpoint(sk, &remote); + + /* send the hello message */ + wolfSSL_write(sk->ssl, buf, strlen(buf)); + + /* wait for a reply, indefinitely */ + do { + ret = wolfSSL_read(sk->ssl, buf, 63); + printf("wolfSSL_read returned %d\r\n", ret); + } while (ret <= 0); + buf[ret] = (char)0; + printf("Received: '%s'\r\n", buf); + + /* Clean up and exit. */ + printf("Closing connection.\r\n"); + sock_dtls_session_destroy(sk); + sock_dtls_close(sk); + return 0; +} diff --git a/examples/dtls-wolfssl/dtls-server.c b/examples/dtls-wolfssl/dtls-server.c new file mode 100644 index 0000000000..417f59eff2 --- /dev/null +++ b/examples/dtls-wolfssl/dtls-server.c @@ -0,0 +1,135 @@ +/* + * Copyright (C) 2015 Freie Universität Berlin + * Copyright (C) 2018 Inria + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ +/* + * **** This file incorporates work covered by the following copyright and **** + * **** permission notice: **** + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + */ + +/** + * @ingroup examples + * @{ + * + * @file + * @brief Demonstrating DTLS 1.2 client using wolfSSL + * + * @author Daniele Lacamera + * @} + */ + +#include +#include + +#include +#include + +#include + +#include +#include +#include + +#define SERVER_PORT 11111 +#define DEBUG 1 +extern const unsigned char server_cert[788]; +extern const unsigned char server_key[121]; +extern unsigned int server_cert_len; +extern unsigned int server_key_len; + +static sock_tls_t skv; +static sock_tls_t *sk = &skv; + +static const char Test_dtls_string[] = "DTLS OK!"; + +int dtls_server(int argc, char **argv) +{ + char buf[64]; + int ret; + sock_udp_ep_t local = SOCK_IPV6_EP_ANY; + local.port = SERVER_PORT; + + (void)argc; + (void)argv; + + if (sock_dtls_create(sk, &local, NULL, 0, wolfDTLSv1_2_server_method()) != 0) { + printf("ERROR: Unable to create DTLS sock\r\n"); + return -1; + } + + /* Load certificate file for the DTLS server */ + if (wolfSSL_CTX_use_certificate_buffer(sk->ctx, server_cert, + server_cert_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS) + { + printf("Failed to load certificate from memory.\r\n"); + return -1; + } + + /* Load the private key */ + if (wolfSSL_CTX_use_PrivateKey_buffer(sk->ctx, server_key, + server_key_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS) + { + printf("Failed to load private key from memory.\r\n"); + return -1; + } + + /* Create the DTLS session */ + ret = sock_dtls_session_create(sk); + if (ret < 0) + { + printf("Failed to create DTLS session (err: %s)\r\n", strerror(-ret)); + return -1; + } + + printf("Listening on %d\n", SERVER_PORT); + while(1) { + + /* Wait until a new client connects */ + ret = wolfSSL_accept(sk->ssl); + if (ret != SSL_SUCCESS) { + continue; + } + + /* Wait until data is received */ + printf("Connection accepted\r\n"); + ret = wolfSSL_read(sk->ssl, buf, 64); + if (ret > 0) { + buf[ret] = (char)0; + printf("Received '%s'\r\n", buf); + } + + /* Send reply */ + printf("Sending 'DTLS OK'...\r\n"); + wolfSSL_write(sk->ssl, Test_dtls_string, sizeof(Test_dtls_string)); + + /* Cleanup/shutdown */ + printf("Closing connection.\r\n"); + sock_dtls_session_destroy(sk); + sock_dtls_close(sk); + break; + } + return 0; +} diff --git a/examples/dtls-wolfssl/main.c b/examples/dtls-wolfssl/main.c new file mode 100644 index 0000000000..904ae06612 --- /dev/null +++ b/examples/dtls-wolfssl/main.c @@ -0,0 +1,76 @@ +/* + * Copyright (C) 2015 Freie Universität Berlin + * Copyright (C) 2018 Inria + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + + +/** + * @ingroup examples + * @{ + * + * @file + * @brief Example application for DTLS 1.2 using wolfSSL + * + * @author Daniele Lacamera + * + * @} + */ + +#include +#include + +#include "shell.h" +#include "msg.h" + + +#ifdef WITH_RIOT_SOCKETS +#error RIOT-OS is set to use sockets but this DTLS app is configured for socks. +#endif + +#define MAIN_QUEUE_SIZE (8) +static msg_t _main_msg_queue[MAIN_QUEUE_SIZE]; + +extern int dtls_client(int argc, char **argv); +extern int dtls_server(int argc, char **argv); + +#ifdef MODULE_WOLFCRYPT_TEST +extern int wolfcrypt_test(void* args); +static int wolftest(int argc, char **argv) +{ + (void)argc; + (void)argv; + wolfcrypt_test(NULL); + return 0; +} +#endif + +static const shell_command_t shell_commands[] = { + { "dtlsc", "Start a DTLS client", dtls_client }, + { "dtlss", "Start and stop a DTLS server", dtls_server }, +#ifdef MODULE_WOLFCRYPT_TEST + { "wolftest", "Perform wolfcrypt porting test", wolftest }, +#endif + { NULL, NULL, NULL } +}; + +int main(void) +{ + /* we need a message queue for the thread running the shell in order to + * receive potentially fast incoming networking packets */ + msg_init_queue(_main_msg_queue, MAIN_QUEUE_SIZE); + puts("RIOT wolfSSL DTLS testing implementation"); + wolfSSL_Init(); + wolfSSL_Debugging_ON(); + + /* start shell */ + puts("All up, running the shell now"); + char line_buf[SHELL_DEFAULT_BUFSIZE]; + shell_run(shell_commands, line_buf, SHELL_DEFAULT_BUFSIZE); + + /* should be never reached */ + return 0; +} diff --git a/examples/wolfssl_client/Makefile b/examples/wolfssl_client/Makefile new file mode 100644 index 0000000000..136f9a6959 --- /dev/null +++ b/examples/wolfssl_client/Makefile @@ -0,0 +1,55 @@ +APPLICATION = wolf_client + +# This has to be the absolute path to the RIOT base directory: +RIOTBASE ?= $(CURDIR)/../.. + +# If no BOARD is found in the environment, use this default: +BOARD ?= native + +# lwIP's memory management doesn't seem to work on non 32-bit platforms at the +# moment. +BOARD_BLACKLIST := arduino-uno arduino-duemilanove arduino-mega2560 chronos \ + msb-430 msb-430h telosb waspmote-pro wsn430-v1_3b \ + wsn430-v1_4 z1 jiminy-mega256rfr2 mega-xplained +BOARD_INSUFFICIENT_MEMORY = nucleo-f031k6 nucleo-f042k6 nucleo-l031k6 nucleo-f030r8 \ + nucleo-f303k8 nucleo-f334r8 nucleo-l053r8 \ + stm32f0discovery + +LWIP_IPV4 ?= 1 + +ifneq (0, $(LWIP_IPV4)) + USEMODULE += ipv4_addr + USEMODULE += lwip_arp + USEMODULE += lwip_ipv4 + CFLAGS += -DETHARP_SUPPORT_STATIC_ENTRIES=1 + LWIP_IPV6 ?= 0 +else + LWIP_IPV6 ?= 1 +endif + +ifneq (0, $(LWIP_IPV6)) + USEMODULE += ipv6_addr + USEMODULE += lwip_ipv6_autoconfig +endif + +USEMODULE += inet_csum +USEMODULE += lwip_netdev +USEMODULE += lwip_sock_tcp +USEMODULE += netdev_eth +USEMODULE += netdev_test +USEMODULE += ps + +#CFLAGS += ?? + +# Change this to 0 show compiler invocation lines by default: +QUIET ?= 1 + +# May need these for seeding wolfCrypt DRBG +#USEMODULE += random +#USEMODULE += prng_minstd + +USEPKG += wolfssl +USEMODULE += wolfssl_socket wolfcrypt_rsa wolfcrypt_dh + + +include $(RIOTBASE)/Makefile.include diff --git a/examples/wolfssl_client/README.md b/examples/wolfssl_client/README.md new file mode 100644 index 0000000000..ad74383517 --- /dev/null +++ b/examples/wolfssl_client/README.md @@ -0,0 +1,4 @@ +# wolfSSL on RIOT + +This application demonstrates an SSL/TLS client +from [wolfSSL Inc](https://www.wolfssl.com) on RIOT. diff --git a/examples/wolfssl_client/application_user_settings.h b/examples/wolfssl_client/application_user_settings.h new file mode 100644 index 0000000000..0608b2f195 --- /dev/null +++ b/examples/wolfssl_client/application_user_settings.h @@ -0,0 +1,43 @@ +/* + * example + */ +#ifndef APPLICATION_USER_SETTINGS_H +#define APPLICATION_USER_SETTINGS_H + + +#ifdef __cplusplus +extern "C" { +#endif + +#undef WOLFSSL_RIOT_OS +#define WOLFSSL_RIOT_OS + +#undef NO_MAIN_DRIVER +#define NO_MAIN_DRIVER + +#undef HAVE_ECC +#define HAVE_ECC + +#undef TFM_TIMING_RESISTANT +#define TFM_TIMING_RESISTANT + +#undef ECC_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT + +#undef WC_RSA_BLINDING +#define WC_RSA_BLINDING + +#undef SINGLE_THREADED +#define SINGLE_THREADED + +#undef NO_FILESYSTEM +#define NO_FILESYSTEM + +#undef USE_CERT_BUFFERS_2048 +#define USE_CERT_BUFFERS_2048 + +#ifdef __cplusplus +} +#endif + +#endif /* APPLICATION_USER_SETTINGS_H */ diff --git a/examples/wolfssl_client/certs/ca-cert.pem b/examples/wolfssl_client/certs/ca-cert.pem new file mode 100644 index 0000000000..f48487b3b9 --- /dev/null +++ b/examples/wolfssl_client/certs/ca-cert.pem @@ -0,0 +1,87 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b7:b6:90:33:66:1b:6b:23 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:B7:B6:90:33:66:1B:6B:23 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== +-----END CERTIFICATE----- diff --git a/examples/wolfssl_client/main.c b/examples/wolfssl_client/main.c new file mode 100644 index 0000000000..f475e3866a --- /dev/null +++ b/examples/wolfssl_client/main.c @@ -0,0 +1,158 @@ +/* + * Copyright (C) 2006-2017 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/** + * @ingroup examples + * @{ + * + * @file + * @brief wolfSSL client example + * + * @author Kaleb J. Himes + * + * @} + */ + +#include +#include +#include + +/* socket includes */ +#include +#include +#include +#include + +/* wolfSSL */ +#include +#include + +#define DEFAULT_PORT 11111 + +int main(void) +{ + int sockfd; + struct sockaddr_in servAddr; + char buff[22] = "Hello wolfSSL Server!\0"; + char server_ip[10] = "127.0.0.1\0"; + size_t len; + + /* declare wolfSSL objects */ + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + +/*----------------------------------------------------------------------------*/ +/* TLS Setup: + * This section will need resolved on a per-device basis depending on the + * available TCP/IP stack + */ +/*----------------------------------------------------------------------------*/ + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + fprintf(stderr, "ERROR: failed to create the socket\n"); + exit(-1); + } + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); + + /* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + + /* Get the server IPv4 address from the command line call */ + if (inet_pton(AF_INET, server_ip, &servAddr.sin_addr) != 1) { + fprintf(stderr, "ERROR: invalid address\n"); + exit(-1); + } + + /* Connect to the server */ + if (connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr)) == -1) { + fprintf(stderr, "ERROR: failed to connect\n"); + exit(-1); + } +/*----------------------------------------------------------------------------*/ +/* END TCP SETUP, BEGIN TLS */ +/*----------------------------------------------------------------------------*/ + + /* Initialize wolfSSL */ + wolfSSL_Init(); + + /* Create and initialize WOLFSSL_CTX */ + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); + exit(-1); + } + + /* Load client certificates into WOLFSSL_CTX */ + if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, + sizeof_ca_cert_der_2048, + SSL_FILETYPE_ASN1) != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load ca buffer\n"); + exit(-1); + } + + /* Create a WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + exit(-1); + } + + /* Attach wolfSSL to the socket */ + wolfSSL_set_fd(ssl, sockfd); + + /* Connect to wolfSSL on the server side */ + if (wolfSSL_connect(ssl) != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to connect to wolfSSL\n"); + exit(-1); + } + + /* Get a message for the server from stdin */ + printf("Message for server: %s\n", buff); + len = strnlen(buff, sizeof(buff)); + + /* Send the message to the server */ + if (wolfSSL_write(ssl, buff, len) != (int) len) { + fprintf(stderr, "ERROR: failed to write\n"); + exit(-1); + } + + /* Read the server data into our buff array */ + memset(buff, 0, sizeof(buff)); + if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) { + fprintf(stderr, "ERROR: failed to read\n"); + exit(-1); + } + + /* Print to stdout any data the server sends */ + printf("Server sent a reply!\n"); + printf("Server Response was: %s\n", buff); + + /* Cleanup and exit */ + wolfSSL_free(ssl); /* Free the wolfSSL object */ + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ + close(sockfd); /* Close the connection to the server */ + + exit(0); /* Return reporting a success */ +} diff --git a/examples/wolfssl_server/Makefile b/examples/wolfssl_server/Makefile new file mode 100644 index 0000000000..3cd10015f0 --- /dev/null +++ b/examples/wolfssl_server/Makefile @@ -0,0 +1,57 @@ +APPLICATION = wolf_server + +# This has to be the absolute path to the RIOT base directory: +RIOTBASE ?= $(CURDIR)/../.. + + +# If no BOARD is found in the environment, use this default: +BOARD ?= native +# lwIP's memory management doesn't seem to work on non 32-bit platforms at the +# moment. +BOARD_BLACKLIST := arduino-uno arduino-duemilanove arduino-mega2560 chronos \ + msb-430 msb-430h telosb waspmote-pro wsn430-v1_3b \ + wsn430-v1_4 z1 jiminy-mega256rfr2 mega-xplained +BOARD_INSUFFICIENT_MEMORY = nucleo-f031k6 nucleo-f042k6 nucleo-l031k6 nucleo-f030r8 \ + nucleo-f303k8 nucleo-f334r8 nucleo-l053r8 \ + stm32f0discovery + +LWIP_IPV4 ?= 1 + +ifneq (0, $(LWIP_IPV4)) + USEMODULE += ipv4_addr + USEMODULE += lwip_arp + USEMODULE += lwip_ipv4 + CFLAGS += -DETHARP_SUPPORT_STATIC_ENTRIES=1 + LWIP_IPV6 ?= 0 +else + LWIP_IPV6 ?= 1 +endif + +ifneq (0, $(LWIP_IPV6)) + USEMODULE += ipv6_addr + USEMODULE += lwip_ipv6_autoconfig +endif + +USEMODULE += inet_csum +USEMODULE += lwip_netdev +USEMODULE += lwip_sock_tcp +USEMODULE += netdev_eth +USEMODULE += netdev_test +USEMODULE += ps + +#DISABLE_MODULE += auto_init + +#CFLAGS += ?? + +# Change this to 0 show compiler invocation lines by default: +QUIET ?= 1 + +# May need these for seeding wolfCrypt DRBG +#USEMODULE += random +#USEMODULE += prng_minstd + +USEPKG += wolfssl +USEMODULE += wolfssl_socket wolfcrypt_rsa wolfcrypt_dh + + +include $(RIOTBASE)/Makefile.include diff --git a/examples/wolfssl_server/README.md b/examples/wolfssl_server/README.md new file mode 100644 index 0000000000..66667f4257 --- /dev/null +++ b/examples/wolfssl_server/README.md @@ -0,0 +1,4 @@ +# wolfSSL on RIOT + +This application demonstrates an SSL/TLS server +from [wolfSSL Inc](https://www.wolfssl.com) on RIOT. diff --git a/examples/wolfssl_server/application_user_settings.h b/examples/wolfssl_server/application_user_settings.h new file mode 100644 index 0000000000..f2b254f3f5 --- /dev/null +++ b/examples/wolfssl_server/application_user_settings.h @@ -0,0 +1,41 @@ +/* + * example + */ +#ifndef APPLICATION_USER_SETTINGS_H +#define APPLICATION_USER_SETTINGS_H +#ifdef __cplusplus +extern "C" { +#endif + +#undef WOLFSSL_RIOT_OS +#define WOLFSSL_RIOT_OS + +#undef NO_MAIN_DRIVER +#define NO_MAIN_DRIVER + +#undef HAVE_ECC +#define HAVE_ECC + +#undef TFM_TIMING_RESISTANT +#define TFM_TIMING_RESISTANT + +#undef ECC_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT + +#undef WC_RSA_BLINDING +#define WC_RSA_BLINDING + +#undef NO_FILESYSTEM +#define NO_FILESYSTEM + +#undef SINGLE_THREADED +#define SINGLE_THREADED + +#undef USE_CERT_BUFFER_2048 +#define USE_CERT_BUFFERS_2048 + +#ifdef __cplusplus +} +#endif + +#endif /* APPLICATION_USER_SETTINGS_H */ diff --git a/examples/wolfssl_server/certs/server-cert.pem b/examples/wolfssl_server/certs/server-cert.pem new file mode 100644 index 0000000000..870a3c7f88 --- /dev/null +++ b/examples/wolfssl_server/certs/server-cert.pem @@ -0,0 +1,173 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:B7:B6:90:33:66:1B:6B:23 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 51:fe:2a:df:07:7e:43:ca:66:8d:15:c4:2b:db:57:b2:06:6d: + 0d:90:66:ff:a5:24:9c:14:ef:81:f2:a4:ab:99:a9:6a:49:20: + a5:d2:71:e7:1c:3c:99:07:c7:47:fc:e8:96:b4:f5:42:30:ce: + 39:01:4b:d1:c2:e8:bc:95:84:87:ce:55:5d:97:9f:cf:78:f3: + 56:9b:a5:08:6d:ac:f6:a5:5c:c4:ef:3e:2a:39:a6:48:26:29: + 7b:2d:e0:cd:a6:8c:57:48:0b:bb:31:32:c2:bf:d9:43:4c:47: + 25:18:81:a8:c9:33:82:41:9b:ba:61:86:d7:84:93:17:24:25: + 36:ca:4d:63:6b:4f:95:79:d8:60:e0:1e:f5:ac:c1:8a:a1:b1: + 7e:85:8e:87:20:2f:08:31:ad:5e:c6:4a:c8:61:f4:9e:07:1e: + a2:22:ed:73:7c:85:ee:fa:62:dc:50:36:aa:fd:c7:9d:aa:18: + 04:fb:ea:cc:2c:68:9b:b3:a9:c2:96:d8:c1:cc:5a:7e:f7:0d: + 9e:08:e0:9d:29:8b:84:46:8f:d3:91:6a:b5:b8:7a:5c:cc:4f: + 55:01:b8:9a:48:a0:94:43:ca:25:47:52:0a:f7:f4:be:b0:d1: + 71:6d:a5:52:4a:65:50:b2:ad:4e:1d:e0:6c:01:d8:fb:43:80: + e6:e4:0c:37 +-----BEGIN CERTIFICATE----- +MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx +MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO +BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn +f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X +GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM +QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq +0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ +6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU +sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj +s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h +MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK +Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk +q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s +9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl +NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2 +qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig +lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMNw== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b7:b6:90:33:66:1b:6b:23 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:B7:B6:90:33:66:1B:6B:23 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== +-----END CERTIFICATE----- diff --git a/examples/wolfssl_server/certs/server-key.pem b/examples/wolfssl_server/certs/server-key.pem new file mode 100644 index 0000000000..d1627f4d4a --- /dev/null +++ b/examples/wolfssl_server/certs/server-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7 +qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf +P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj +xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk +wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC +Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv +n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd +x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y +oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz +0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB +QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD +LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8 +ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8 +yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT +3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N +zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB +hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv +VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB +qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf +H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza +1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ +c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe +9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY +dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n +WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA= +-----END RSA PRIVATE KEY----- diff --git a/examples/wolfssl_server/main.c b/examples/wolfssl_server/main.c new file mode 100644 index 0000000000..d59d3cd534 --- /dev/null +++ b/examples/wolfssl_server/main.c @@ -0,0 +1,189 @@ +/* + * Copyright (C) 2006-2017 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/** + * @ingroup examples + * @{ + * + * @file + * @brief wolfSSL server example + * + * @author Kaleb J. Himes + * + * @} + */ + +#include +#include +#include + +/* socket includes */ +#include +#include +#include +#include + +/* wolfSSL */ +#include +#include + +#define DEFAULT_PORT 11111 + +int main(void) +{ + int sockfd; + struct sockaddr_in servAddr; + struct sockaddr_in clientAddr; + socklen_t size = sizeof(clientAddr); + char buff[256]; + int shutdown = 0; + + /* declare wolfSSL objects */ + WOLFSSL_CTX* ctx; + + puts("This is the wolfSSL Server!"); + puts("Server is running on 127.0.0.1 and listening on port 11111"); + +/*----------------------------------------------------------------------------*/ +/* TLS Setup: + * This section will need resolved on a per-device basis depending on the + * available TCP/IP stack + */ +/*----------------------------------------------------------------------------*/ + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + fprintf(stderr, "ERROR: failed to create the socket\n"); + return -1; + } + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); + + /* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */ + + /* Bind the server socket to our port */ + if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) { + fprintf(stderr, "ERROR: failed to bind\n"); + return -1; + } + + /* Listen for a new connection, allow 5 pending connections */ + if (listen(sockfd, 5) == -1) { + fprintf(stderr, "ERROR: failed to listen\n"); + return -1; + } + + /* Initialize wolfSSL */ + wolfSSL_Init(); + + /* Create and initialize WOLFSSL_CTX */ + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); + return -1; + } + + /* Load server certificates into WOLFSSL_CTX */ + if (wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, + sizeof_server_cert_der_2048, + SSL_FILETYPE_ASN1) != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load server_cert_der_2048\n"); + return -1; + } + + /* Load server key into WOLFSSL_CTX */ + if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, + sizeof_server_key_der_2048, + SSL_FILETYPE_ASN1) != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load server_key_der_2048\n"); + return -1; + } + + /* Continue to accept clients until shutdown is issued */ + while (!shutdown) { + int connd; + size_t len; + WOLFSSL* ssl; + printf("Waiting for a connection...\n"); + + /* Accept client connections */ + if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) + == -1) { + fprintf(stderr, "ERROR: failed to accept the connection\n\n"); + return -1; + } + + /* Create a WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + return -1; + } + + /* Attach wolfSSL to the socket */ + wolfSSL_set_fd(ssl, connd); + + printf("Client connected successfully\n"); + + /* Read the client data into our buff array */ + memset(buff, 0, sizeof(buff)); + if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) { + fprintf(stderr, "ERROR: failed to read\n"); + return -1; + } + + /* Print to stdout any data the client sends */ + printf("Client sent a message!\n"); + printf("Client said: %s\n", buff); + + /* Check for server shutdown command */ + if (strncmp(buff, "shutdown", 8) == 0) { + printf("Shutdown command issued!\n"); + shutdown = 1; + } + + /* Write our reply into buff */ + strncpy(buff, "I hear ya fa shizzle!\n", sizeof(buff) - 1); + len = strnlen(buff, sizeof(buff)); + printf("Sending reply to client, reply reads: %s\n", buff); + + /* Reply back to the client */ + if (wolfSSL_write(ssl, buff, len) != (int) len) { + fprintf(stderr, "ERROR: failed to write\n"); + return -1; + } + + /* Cleanup after this connection */ + wolfSSL_free(ssl); /* Free the wolfSSL object */ + close(connd); /* Close the connection to the client */ + } + + printf("Shutdown complete\n"); + + /* Cleanup and return */ + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ + close(sockfd); /* Close the socket listening for clients */ + return 0; /* Return reporting a success */ +} diff --git a/pkg/wolfssl/Makefile b/pkg/wolfssl/Makefile new file mode 100644 index 0000000000..9c7f448938 --- /dev/null +++ b/pkg/wolfssl/Makefile @@ -0,0 +1,17 @@ +PKG_NAME=wolfssl +PKG_URL=https://github.com/danielinux/wolfssl.git +#PKG_URL=https://github.com/wolfssl/wolfssl.git +PKG_VERSION=d871e777d3e944adf66afb698bb930434739231b +PKG_LICENSE=GPLv2 + +.PHONY: all +all: # Nothing to do here when building + +prepare: + cp Makefile.wolfssl $(PKG_BUILDDIR)/src/Makefile + cp Makefile.wolfcrypt $(PKG_BUILDDIR)/wolfcrypt/src/Makefile + touch $(PKG_BUILDDIR)/wolfssl.a + cp Makefile.wolfcrypt-test $(PKG_BUILDDIR)/wolfcrypt/test/Makefile + cp Makefile.wolfcrypt-benchmark $(PKG_BUILDDIR)/wolfcrypt/benchmark/Makefile + +include $(RIOTBASE)/pkg/pkg.mk diff --git a/pkg/wolfssl/Makefile.dep b/pkg/wolfssl/Makefile.dep new file mode 100644 index 0000000000..ae64fc9b6a --- /dev/null +++ b/pkg/wolfssl/Makefile.dep @@ -0,0 +1,77 @@ + +ifneq (,$(filter wolfcrypt-test,$(USEMODULE))) + USEMODULE += wolfcrypt + USEMODULE += wolfcrypt_coding +endif + +ifneq (,$(filter wolfcrypt-benchmark,$(USEMODULE))) + USEMODULE += wolfcrypt + USEMODULE += wolfcrypt_coding +endif + +ifneq (,$(filter wolfcrypt_poly1305,$(USEMODULE))) + ifneq (,$(filter wolfcrypt_chacha,$(USEMODULE))) + USEMODULE += wolfcrypt_chacha20_poly1305 + endif +endif + +ifneq (,$(filter wolfcrypt_ed25519,$(USEMODULE))) + USEMODULE += wolfcrypt_sha512 +endif + +ifneq (,$(filter wolfcrypt_aes,$(USEMODULE))) + USEMODULE += wolfcrypt_cmac + USEMODULE += wolfcrypt_coding +endif + +ifneq (,$(filter wolfcrypt_pwdbased,$(USEMODULE))) + USEMODULE += wolfcrypt_pkcs12 +endif + +ifneq (,$(filter wolfcrypt_asn,$(USEMODULE))) + USEMODULE += wolfcrypt_pkcs12 +endif + +ifneq (,$(filter wolfssl_tls13,$(USEMODULE))) + USEMODULE += wolfcrypt_aes + USEMODULE += sock_tls +endif + +ifneq (,$(filter wolfssl_dtls,$(USEMODULE))) + USEMODULE += sock_tls +endif + +ifneq (,$(filter sock_tls,$(USEMODULE))) + USEMODULE += wolfcrypt + USEMODULE += wolfcrypt_aes + USEMODULE += wolfcrypt_asn + USEMODULE += wolfcrypt_hmac + USEMODULE += wolfcrypt_md5 + USEMODULE += wolfcrypt_sha + USEMODULE += wolfcrypt_random + USEMODULE += wolfssl_internal + USEMODULE += wolfssl_wolfio + USEMODULE += wolfssl_keys + USEMODULE += wolfssl_ssl + USEMODULE += wolfssl_tls +endif + +ifneq (,$(filter wolfssl_socket,$(USEMODULE))) + USEMODULE += wolfcrypt + USEMODULE += wolfcrypt_aes + USEMODULE += wolfcrypt_asn + USEMODULE += wolfcrypt_hmac + USEMODULE += wolfcrypt_md5 + USEMODULE += wolfcrypt_sha + USEMODULE += wolfcrypt_random + USEMODULE += wolfssl_internal + USEMODULE += wolfssl_wolfio + USEMODULE += wolfssl_keys + USEMODULE += wolfssl_ssl + USEMODULE += wolfssl_tls + USEMODULE += posix_sockets +endif + +ifneq (,$(filter wolfcrypt_random,$(USEMODULE))) + USEMODULE += random +endif diff --git a/pkg/wolfssl/Makefile.include b/pkg/wolfssl/Makefile.include new file mode 100644 index 0000000000..5bf3471bcc --- /dev/null +++ b/pkg/wolfssl/Makefile.include @@ -0,0 +1,37 @@ +CFLAGS += -DWOLFSSL_USER_SETTINGS=1 +CFLAGS += -DWOLFSSL_RIOT_OS=1 +INCLUDES += -I$(PKGDIRBASE)/../../../ +INCLUDES += -I$(PKGDIRBASE)/wolfssl +INCLUDES += -I$(RIOTBASE)/pkg/wolfssl/sock_tls +INCLUDES += -I$(RIOTBASE)/pkg/wolfssl/include + +# One current limitation is that it is not possible to build `wolfcrypt` without +# including `wolfssl`. +# It would require some changes: +# * Use a different name for the `wolfssl` implementation to differenciate from +# the package directory +# * Declare `wolfssl` a PSEUDOMODULES +# * Remove the archive in Makefile.include for packages as they could be +# PSEUDOMODULES +# `$(USEPKG:%=$(BINDIR)/%.a):` +ifneq (,$(filter wolfcrypt,$(USEMODULE))) + DIRS += $(PKGDIRBASE)/wolfssl/wolfcrypt/src +endif +ifneq (,$(filter wolfcrypt-test,$(USEMODULE))) + DIRS += $(PKGDIRBASE)/wolfssl/wolfcrypt/test +endif +ifneq (,$(filter wolfcrypt-benchmark,$(USEMODULE))) + DIRS += $(PKGDIRBASE)/wolfssl/wolfcrypt/benchmark +endif +ifneq (,$(filter wolfssl,$(USEPKG))) + DIRS += $(PKGDIRBASE)/wolfssl/src +endif +ifneq (,$(filter sock_tls,$(USEMODULE))) + DIRS += $(RIOTBASE)/pkg/wolfssl/sock_tls +endif + +# wolfcrypt implements different options using pseudomodules +PSEUDOMODULES += wolfcrypt_% + +# wolfssl implements different options using pseudomodules (ocsp, dtls, crl, etc.) +PSEUDOMODULES += wolfssl_% diff --git a/pkg/wolfssl/Makefile.wolfcrypt b/pkg/wolfssl/Makefile.wolfcrypt new file mode 100644 index 0000000000..e1d26727eb --- /dev/null +++ b/pkg/wolfssl/Makefile.wolfcrypt @@ -0,0 +1,33 @@ +MODULE = wolfcrypt + +SUBMODULES += 1 + +# Do not fail for module that do not have a file +SUBMODULES_NOFORCE = 1 + +NO_AUTO_SRC = 1 + +#-------------------------------------------------------------# +# Default CRYPTO source files # +#-------------------------------------------------------------# +SRC += error.c \ + hash.c \ + logging.c \ + wc_encrypt.c \ + wc_port.c \ + wolfmath.c + +#-------------------------------------------------------------# +# Optional CRYPTO source files, enabled by default # +#-------------------------------------------------------------# + +# Enabled by default +SRC += sha.c +SRC += sha256.c +SRC += fe_low_mem.c +SRC += ge_low_mem.c +SRC += sp_int.c +SRC += sp_c32.c + + +include $(RIOTBASE)/Makefile.base diff --git a/pkg/wolfssl/Makefile.wolfcrypt-benchmark b/pkg/wolfssl/Makefile.wolfcrypt-benchmark new file mode 100644 index 0000000000..1ba757edaf --- /dev/null +++ b/pkg/wolfssl/Makefile.wolfcrypt-benchmark @@ -0,0 +1,8 @@ +MODULE = wolfcrypt-benchmark + +NO_AUTO_SRC = 1 + +#Add to enable wolfcrypt crypto benchmark +SRC += benchmark.c + +include $(RIOTBASE)/Makefile.base diff --git a/pkg/wolfssl/Makefile.wolfcrypt-test b/pkg/wolfssl/Makefile.wolfcrypt-test new file mode 100644 index 0000000000..462b980024 --- /dev/null +++ b/pkg/wolfssl/Makefile.wolfcrypt-test @@ -0,0 +1,8 @@ +MODULE = wolfcrypt-test + +NO_AUTO_SRC = 1 + +#Add to enable wolfcrypt self tests +SRC += test.c + +include $(RIOTBASE)/Makefile.base diff --git a/pkg/wolfssl/Makefile.wolfssl b/pkg/wolfssl/Makefile.wolfssl new file mode 100644 index 0000000000..e760f1c2be --- /dev/null +++ b/pkg/wolfssl/Makefile.wolfssl @@ -0,0 +1,8 @@ +MODULE = wolfssl + +NO_AUTO_SRC = 1 +SUBMODULES += 1 +SUBMODULES_NOFORCE = 1 + + +include $(RIOTBASE)/Makefile.base diff --git a/pkg/wolfssl/doc.txt b/pkg/wolfssl/doc.txt new file mode 100644 index 0000000000..62eb190ecd --- /dev/null +++ b/pkg/wolfssl/doc.txt @@ -0,0 +1,184 @@ +/** + * @defgroup pkg_wolfssl Embedded SSL/TLS library + * @ingroup pkg + * @ingroup sys + * @brief Provides SSL/TLS solution + * + * # Introduction + * + * This package provides an embedded SSL/TLS library specifically developed for + * memory-constrained devices. + * + * # License + * + * wolfSSL’s software is available under two distinct licensing models: + * open source and standard commercial licensing. + * + * Open Source + * + * wolfSSL (formerly CyaSSL) offers multiple products including, but not limited + * to: + * + * wolfSSL + * wolfCrypt + * wolfMQTT + * wolfSSH + * + * These software products are free software downloads and may be modified to + * the needs of the user as long as the user adheres to version two of the GPL + * License. The GPLv2 license can be found on the gnu.org website + * (http://www.gnu.org/licenses/old-licenses/gpl-2.0.html). + * + * + * Commercial Licensing + * + * Businesses and enterprises who wish to incorporate wolfSSL products into + * proprietary appliances or other commercial software products for + * re-distribution must license commercial versions. Commercial licenses for + * wolfSSL, yaSSL, and wolfCrypt are available. Licenses are generally issued + * for one product and include unlimited royalty-free distribution. Custom + * licensing terms are also available. + * + * Commercial licenses are also available for wolfMQTT and wolfSSH. + * Please contact licensing@wolfssl.com with inquiries. + * + * @see https://github.com/wolfssl/wolfssl.git + * + * + * wolfSSL is securing over 2 billion end points today and is one of the + * industry leading SSL/TLS/Cryptographic providers for embedded systems and the + * IoT space. wolfSSL is very excited to be working with the RIOT-OS team! + * + * You can easily take advantage of wolfSSL by using the following in your + * application Makefile: + * + * ```makefile + * USEPKG += wolfssl + * ``` + * + * Don't forget to use the wolfSSL settings header in your app. This header + * should always be included FIRST preceding any other wolfSSL headers to + * ensure the correct configuration is picked up when including other wolfSSL + * headers: + * + * ```c + * #include + * ``` + * + * FEATURES: + * + * Because wolfSSL was designed with embedded systems in mind the library is + * extremely modular. There are very fiew dependancies in wolfSSL Cryptographic + * library and we have chosen to setup the pkg makefile to allow for easy + * modification by developers. We chose to include the core of our library in a + * singular list and then seperate out the features that a developer may or may + * not wish to use by default. Please reference the Makefile.wolfssl in + * "/pkg/wolfssl" directory. wolfSSL has chosen to enable a + * significant portion of our wolfcrypt functionality by default and provided + * informative comments to explain how a feature might be enabled/disabled. + * + * Features should be controlled with the header "user_settings.h" in the root + * directory of the application. Since RIOT uses the "Empty Translation Unit" + * warning in combination with the "-Werror" flag you will need to exclude + * source files from your application by modifying the Makefile.wolfssl in the + * "/pkg/wolfssl" directory when disabling a feature or adding a + * feature that wolfSSL chose to leave out by default. + * + * Default ENABLED Features are: + * aes, arc4, asn, coding, des3, dh, dsa, hmac, md4, md5, pkcs12, pwdbased, + * rabbit, random, rsa, sha, sha256, signature, tfm (fast math), ecc, and memory + * + * Default DISABLED Features are: + * integer (normal math), misc (included inline by default), md2, pkcs7, + * chacha, poly1305, ripemd, sha3 (keccak), sha512, srp, hc128, idea, + * blake2b (sha3 runner-up IE sha3 alternative to keccak), camellia, compress, + * curve25519, ed25519, cmac, evp, and asm + * + * EXAMPLES: + * + * wolfSSL has provided a few examples of using this package in the RIOT + * examples directory. To test these do any of the following: + * + * Benchmark Example: + * + * ```makefile + * cd /RIOT/examples/wolfssl_crypto_benchmark + * make + * ./bin/native/wolfssl_crypto_benchmark.elf + * ``` + * + * Crypto Test Example: + * + * ```makefile + * cd /RIOT/examples/wolfssl_crypto_test + * make + * ./bin/native/wolfssl_crypto_test.elf + * ``` + * + * Client and Server Example(s): + * + * ```makefile + * cd /RIOT/examples/wolfssl_server + * make + * ./bin/native/wolf_server.elf + * ``` + * + * Now open a second terminal and do... + * + * ```makefile + * cd /RIOT/examples/wolfssl_client + * make + * ./bin/native/wolf_client.elf + * ``` + * + * You should see the following output: + * + * SERVER OUTPUT: + * + * ```makefile + * RIOT native interrupts/signals initialized. + * LED_RED_OFF + * LED_GREEN_ON + * RIOT native board initialized. + * RIOT native hardware initialization complete. + * + * main(): This is RIOT! + * This is the wolfSSL Server! + * Server is running on 127.0.0.1 and listening on port 11111 + * Waiting for a connection... + * Client connected successfully + * Client sent a message! + * Client said: Hello wolfSSL Server! + * Sending reply to client, reply reads: I hear ya fa shizzle! + * + * Waiting for a connection... + * ``` + * + * After the client connection the server cleans up and returns to wait for + * another client connection. You can kill the server with a Ctrl+C (SIG INT) or + * by modifying the client to send the string "shutdown" instead of + * "Hello wolfSSL Server!". + * + * CLIENT OUTPUT: + * + * ```makefile + * RIOT native interrupts/signals initialized. + * LED_RED_OFF + * LED_GREEN_ON + * RIOT native board initialized. + * RIOT native hardware initialization complete. + * + * main(): This is RIOT! + * Message for server: Hello wolfSSL Server! + * Server sent a reply! + * Server Response was: I hear ya fa shizzle! + * ``` + * + * At this point the client simply terminates and does nothing interesting. + * + * QUESTIONS / CONCERNS / FEEDBACK: + * + * For any questions, concerns, or other feedback please contact + * support@wolfssl.com anytime, we are always happy to help in any way we can!! + * + */ diff --git a/pkg/wolfssl/include/user_settings.h b/pkg/wolfssl/include/user_settings.h new file mode 100644 index 0000000000..e94bc93e43 --- /dev/null +++ b/pkg/wolfssl/include/user_settings.h @@ -0,0 +1,308 @@ +/* user_settings.h : custom configuration for wolfcrypt/wolfSSL */ + +#ifndef USER_SETTINGS_H +#define USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* System */ +#ifndef WOLFSSL_RIOT_OS +# define WOLFSSL_RIOT_OS 1 +#endif +#include +#define CUSTOM_RAND_GENERATE random_uint32 +#define CUSTOM_RAND_TYPE uint32_t +#define NO_WRITEV +#define NO_DEV_RANDOM +#define NO_FILESYSTEM +#define NO_WOLFSSL_MEMORY +#define NO_MAIN_DRIVER +#define NO_SIG_WRAPPER +#define NO_OLD_RNGNAME +#define WOLFSSL_SMALL_STACK + +/* Single precision math */ +#define WOLFSSL_SP_MATH +#define WOLFSSL_SP_SMALL +#define SP_WORD_SIZE 32 + + +#ifndef MODULE_WOLFSSL_SOCKET +# define WOLFSSL_GNRC +# define WOLFSSL_USER_IO +#endif + +#ifndef MODULE_WOLFSSL_TLS +# ifndef MODULE_WOLFSSL_TLS13 +# define WOLFCRYPT_ONLY +# else +# define NO_OLD_TLS +# endif +#endif + +#ifdef BOARD_NATIVE +//# define WOLFSSL_GENERAL_ALIGNMENT 8 +#else +# define WOLFSSL_GENERAL_ALIGNMENT 4 +# ifdef CPU_ARM +# define TFM_ARM +# endif +#endif + +/* defined somewhere else */ +int strncasecmp(const char *s1, const char * s2, unsigned int sz); + +/* Fixme: add mt */ +#define SINGLE_THREADED + +/* Global settings */ +#define SMALL_SESSION_CACHE +#define WOLFSSL_DH_CONST +#define WORD64_AVAILABLE +#define TFM_TIMING_RESISTANT +#define USE_CERT_BUFFERS_2048 +#define NO_RC4 + +/* Random */ +#undef WC_NO_RNG +#ifndef MODULE_WOLFCRYPT_RANDOM +# define WC_NO_RNG +#endif + + +/* DTLS */ +#undef WOLFSSL_DTLS +#ifdef MODULE_WOLFSSL_DTLS +# define WOLFSSL_DTLS +#endif + +/* FFDHE_2048 */ +#undef HAVE_FFDHE_2048 +#ifdef MODULE_WOLFCRYPT_FFDHE_2048 +# define HAVE_FFDHE_2048 +#endif + +/* ChaCha20 */ +#undef HAVE_CHACHA +#ifdef MODULE_WOLFCRYPT_CHACHA +# define HAVE_CHACHA +#endif + +/* Poly 1305 */ +#undef HAVE_POLY1305 +#ifdef MODULE_WOLFCRYPT_POLY1305 +# define HAVE_POLY1305 +# define HAVE_ONE_TIME_AUTH +#endif + +/* x25519 */ +#undef HAVE_CURVE25519 +#ifdef MODULE_WOLFCRYPT_CURVE25519 +# define HAVE_CURVE25519 +# define CURVE25519_SMALL +#endif + +/* ed25519 */ +#undef HAVE_ED25519 +#ifdef MODULE_WOLFCRYPT_ED25519 +# define HAVE_ED25519 +# define ED25519_SMALL +#endif + +/* AES */ +#undef NO_AES +#undef NO_CODING +#undef NO_CMAC +#ifndef MODULE_WOLFCRYPT_AES +# define NO_AES +#endif +#ifndef MODULE_WOLFCRYPT_CMAC +# define NO_CMAC +#endif +#ifndef MODULE_WOLFCRYPT_CODING +# define NO_CODING +#endif + +/* ASN */ +#ifndef MODULE_WOLFCRYPT_ASN +# define NO_ASN +#endif + +/* HMAC */ +#ifndef MODULE_WOLFCRYPT_HMAC +# define NO_HMAC +#endif + +#undef NO_SHA +#ifndef MODULE_WOLFCRYPT_SHA +# define NO_SHA +#else +# define USE_SLOW_SHA +# define USE_SLOW_SHA2 +#endif + +/* SHA-2 */ +#undef HAVE_SHA512 +#undef HAVE_SHA384 +#undef WOLFSSL_SHA384 +#undef WOLFSSL_SHA512 +#ifdef MODULE_WOLFCRYPT_SHA512 +# define HAVE_SHA384 +# define HAVE_SHA512 +# define WOLFSSL_SHA384 +# define WOLFSSL_SHA512 +# define USE_SLOW_SHA512 +#endif + +/* SHA-3 Keccac */ +#undef WOLFSSL_SHA3 +#ifdef MODULE_WOLFCRYPT_SHA3 +# define WOLFSSL_SHA3 +#endif + +/* ecc */ +#undef HAVE_ECC +#ifdef MODULE_WOLFCRYPT_ECC + #define HAVE_ECC + #define FP_ECC + #define WOLFSSL_HAVE_SP_ECC + #define ECC_TIMING_RESISTANT +#endif + +#undef HAVE_BLAKE2B +#ifdef MODULE_WOLFCRYPT_BLAKE2B +# define HAVE_BLAKE2B +#endif + +#undef HAVE_CAMELLIA +#ifdef MODULE_WOLFCRYPT_CAMELLIA +# define HAVE_CAMELLIA +#endif + +#undef HAVE_IDEA +#ifdef MODULE_WOLFCRYPT_IDEA +# define HAVE_IDEA +#endif + +#undef HAVE_HC128 +#ifdef MODULE_WOLFCRYPT_HC128 +# define HAVE_HC128 +#endif + +#undef HAVE_PKCS7 +#ifdef MODULE_WOLFCRYPT_PKCS7 +# define HAVE_PKCS7 +#endif + +/* PKCS12 */ +#undef NO_PKCS12 +#ifndef MODULE_WOLFCRYPT_PKCS12 +# define NO_PKCS12 +#endif + +/* PWDBASED */ +#undef NO_PWDBASED +#ifndef MODULE_WOLFCRYPT_PWDBASED +# define NO_PWDBASED +#endif + +#undef HAVE_LIBZ +#ifdef MODULE_WOLFCRYPT_COMPRESS +# define HAVE_LIBZ +#endif + +/* rsa */ +#ifdef MODULE_WOLFCRYPT_RSA +# define HAVE_RSA +# define RSA_LOW_MEM +# define WC_RSA_BLINDING +#else +# define NO_RSA +#endif + +/* 3-DES */ +#undef NO_DES3 +#ifndef MODULE_WOLFCRYPT_DES3 +# define NO_DES3 +#endif + +/* DH */ +#undef NO_DH +#ifndef MODULE_WOLFCRYPT_DH +# define NO_DH +#endif + +/* DSA */ +#undef NO_DSA +#ifndef MODULE_WOLFCRYPT_DSA +# define NO_DSA +#endif + +/* MD2 */ +#undef WOLFSSL_MD2 +#ifdef MODULE_WOLFSSL_MD2 + #define WOLFSSL_MD2 +#endif + +/* MD4 */ +#undef NO_MD4 +#ifndef MODULE_WOLFCRYPT_MD4 +# define NO_MD4 +#endif + +/* RABBIT */ +#undef NO_RABBIT +#ifndef MODULE_WOLFCRYPT_RABBIT +# define NO_RABBIT +#endif + +/* MD5 */ +#undef NO_MD5 +#ifndef MODULE_WOLFCRYPT_MD5 +# define NO_MD5 +#endif + +/* ripe-md */ +#undef WOLFSSL_RIPEMD +#ifdef MODULE_WOLFCRYPT_RIPEMD +# define WOLFSSL_RIPEMD +#endif + +/* signature wrapper */ +#undef NO_SIG_WRAPPER +#ifndef MODULE_WOLFCRYPT_SIGNATURE +# define NO_SIG_WRAPPER +#endif + +/* SRP */ +#undef HAVE_SRP +#ifdef MODULE_WOLFCRYPT_SRP + #define HAVE_SRP +#endif + +/** TLS Options **/ +#undef HAVE_OCSP +#ifdef MODULE_WOLFSSL_OCSP + #define HAVE_OCSP +#endif + +#undef HAVE_CRL +#ifdef MODULE_WOLFSSL_CRL + #define HAVE_CRL +#endif + +#undef HAVE_TLS13 +#ifdef MODULE_WOLFSSL_TLS13 + #define HAVE_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define BUILD_TLS_AES_128_GCM_SHA256 +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* USER_SETTINGS_H */ diff --git a/pkg/wolfssl/sock_tls/Makefile b/pkg/wolfssl/sock_tls/Makefile new file mode 100644 index 0000000000..df6e8e323f --- /dev/null +++ b/pkg/wolfssl/sock_tls/Makefile @@ -0,0 +1,3 @@ +MODULE := sock_tls + +include $(RIOTBASE)/Makefile.base diff --git a/pkg/wolfssl/sock_tls/sock_tls.c b/pkg/wolfssl/sock_tls/sock_tls.c new file mode 100644 index 0000000000..fc522241e8 --- /dev/null +++ b/pkg/wolfssl/sock_tls/sock_tls.c @@ -0,0 +1,119 @@ +/* Copyright (C) 2014 Freie Universität Berlin + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + * + * **** This file incorporates work covered by the following copyright and **** + * **** permission notice: **** + * + * Copyright (C) 2006-2017 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + */ + +#include +#include +#include + +#include +#include + +#define MODE_TLS 0 +#define MODE_DTLS 1 + +void sock_dtls_close(sock_tls_t *sk) +{ + sock_udp_close(&sk->conn.udp); +} + +void sock_dtls_set_endpoint(sock_tls_t *sk, const sock_udp_ep_t *addr) +{ + printf("wolfSSL: Setting peer address and port\n"); + memcpy(&sk->peer_addr, addr, sizeof (sock_udp_ep_t)); +} + +int sock_dtls_create(sock_tls_t *sock, const sock_udp_ep_t *local, const sock_udp_ep_t *remote, uint16_t flags, WOLFSSL_METHOD *method) +{ + int ret; + if (!sock) + return -EINVAL; + XMEMSET(sock, 0, sizeof(sock_tls_t)); + sock->ctx = wolfSSL_CTX_new(method); + if (!sock->ctx) + return -ENOMEM; + + ret = sock_udp_create(&sock->conn.udp, local, remote, flags); + if (ret < 0) { + XFREE(sock->ctx, NULL, 0); + return ret; + } + if (remote) { + XMEMCPY(&sock->peer_addr, remote, sizeof(sock_udp_ep_t)); + } + wolfSSL_SetIORecv(sock->ctx, GNRC_Receive); + wolfSSL_SetIOSend(sock->ctx, GNRC_SendTo); + return 0; +} + +static int tls_session_create(sock_tls_t *sk) +{ + if (!sk || !sk->ctx) + return -EINVAL; + sk->ssl = wolfSSL_new(sk->ctx); + if (sk->ssl == NULL) { + printf("Error allocating ssl session\n"); + return -ENOMEM; + } + wolfSSL_SetIOReadCtx(sk->ssl, sk); + wolfSSL_SetIOWriteCtx(sk->ssl, sk); + return 0; +} + +static void tls_session_destroy(sock_tls_t *sk) +{ + if (!sk || sk->ssl) + return; + wolfSSL_free(sk->ssl); +} + +int sock_dtls_session_create(sock_tls_t *sk) +{ + return tls_session_create(sk); +} + +void sock_dtls_session_destroy(sock_tls_t *sk) +{ + tls_session_destroy(sk); +} + + +#ifdef MODULE_SOCK_TCP +/* TODO */ +#endif + + + +#include +int strncasecmp(const char *s1, const char * s2, unsigned int sz) +{ + for( ; sz>0; sz--) + if(toupper(*s1++) != toupper(*s2++)) + return 1; + return 0; +} diff --git a/pkg/wolfssl/sock_tls/sock_tls.h b/pkg/wolfssl/sock_tls/sock_tls.h new file mode 100644 index 0000000000..8738cf284d --- /dev/null +++ b/pkg/wolfssl/sock_tls/sock_tls.h @@ -0,0 +1,339 @@ +/* @defgroup module sock_tls + * @ingroup pkg_wolfssl + * @brief Sock submodule for TLS/DTLS sessions + * + * How To Use + * ---------- + * First you need to @ref including-modules "include" a module that implements + * this API in your application's Makefile. + * + * The `sock_tls` module requires the `wolfssl` package. + * + * The application's Makefile should at lease contain the following: + * + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {Makefile} + * + * USEPKG += wolfssl + * USEMODULE+=sock_tls + * + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * + * + * ### A Simple DTLS Server + * + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c} + * #include + * #include + * + * #include + * #include + * + * #include + * + * #include + * #include + * #include + * + * #define SERVER_PORT 11111 + * #define DEBUG 1 + * extern const unsigned char server_cert[788]; + * extern const unsigned char server_key[121]; + * extern unsigned int server_cert_len; + * extern unsigned int server_key_len; + * + * static sock_tls_t skv; + * static sock_tls_t *sk = &skv; + * static const char Test_dtls_string[] = "DTLS OK!"; + * + * int main(void) + * { + * char buf[64]; + * int ret; + * sock_udp_ep_t local = SOCK_IPV6_EP_ANY; + * local.port = SERVER_PORT; + * + * if (sock_dtls_create(sk, &local, NULL, 0, wolfDTLSv1_2_server_method()) != 0) { + * printf("Failed to create DTLS socket context\r\n"); + * return -1; + * } + * if (wolfSSL_CTX_use_certificate_buffer(sk->ctx, server_cert, + * server_cert_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS) + * { + * printf("Failed to load certificate from memory.\r\n"); + * return -1; + * } + * + * if (wolfSSL_CTX_use_PrivateKey_buffer(sk->ctx, server_key, + * server_key_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS) + * { + * printf("Failed to load private key from memory.\r\n"); + * return -1; + * } + * ret = sock_dtls_session_create(sk); + * if (ret < 0) + * { + * printf("Failed to create DTLS session (err: %s)\r\n", strerror(-ret)); + * return -1; + * } + * printf("Listening on %d\n", SERVER_PORT); + * while(1) { + * ret = wolfSSL_accept(sk->ssl); + * if (ret != SSL_SUCCESS) { + * continue; + * } + * printf("Connection accepted\r\n"); + * ret = wolfSSL_read(sk->ssl, buf, 64); + * if (ret > 0) { + * buf[ret] = (char)0; + * printf("Received '%s'\r\n", buf); + * } + * printf("Sending 'DTLS OK'...\r\n"); + * wolfSSL_write(sk->ssl, Test_dtls_string, sizeof(Test_dtls_string)); + * printf("Closing connection.\r\n"); + * sock_dtls_session_destroy(sk); + * sock_dtls_close(sk); + * break; + * } + * return 0; + * } + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * + * Above you see a simple DTLS echo server. It is important to at least include + * @ref including-modules "include" the IPv6 module of your networking + * implementation (e.g. `gnrc_ipv6_default` for @ref net_gnrc GNRC) and at least + * one network device. + * A separate file should define the buffers used as certificate and private key, + * in the variables `server_cert`, `private_key` respectively. + * + * After including all the needed header files, we use a global object to store + * the context for incoming DTLS communication. The object contains the reference + * to the wolfSSL context, the SSL session and the underlying transport socket. + * + * For simplicity, we will refer to the address of the object in the static memory, + * through the pointer `sk`. + * + * A constant test string is used later as a reply to incoming connections. + * + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c} + * static sock_tls_t skv; + * static sock_tls_t *sk = &skv; + * + * static const char Test_dtls_string[] = "DTLS OK!"; + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * + * In the same way as a normal @ref net_sock_udp "UDP socket", in order to be able to + * listen for incoming packets, we bind the `sock` by setting a local endpoint with + * a port (`11111` in this case). + * + * We then proceed to create the `sock`. It is bound to `local` and thus listens + * for UDP packets with @ref udp_hdr_t::dst_port "destination port" `12345`. + * Since we don't need any further configuration we set the flags to 0. + * The method argument determines which kind of wolfSSL context is associated to + * the socket. +* + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c} + * sock_udp_ep_t local = SOCK_IPV6_EP_ANY; + * local.port = SERVER_PORT; + * + * if (sock_dtls_create(sk, &local, NULL, 0, wolfDTLSv1_2_server_method()) != 0) { + * printf("ERROR: Unable to create DTLS sock\r\n"); + * return -1; + * } + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * + * By default, all sock_tls operations in a DTLS context are blocking for a + * limited amount of time, which depends on the DTLS session timeout. To modify + * the timeout, use `wolfSSL_dtls_set_timeout_init(sk->ssl)`. + * + * Certificate and private key for the server context are loaded from a previously + * initialized section in memory: + * + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c} + * if (wolfSSL_CTX_use_certificate_buffer(sk->ctx, server_cert, + * server_cert_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS) + * { + * printf("Failed to load certificate from memory.\r\n"); + * return -1; + * } + * + * if (wolfSSL_CTX_use_PrivateKey_buffer(sk->ctx, server_key, + * server_key_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS) + * { + * printf("Failed to load private key from memory.\r\n"); + * return -1; + * } + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * + * Once the context is configured, the SSL session can be initialized. + * + * The listening sock automatically takes care of the DTLS handshake. + * When the session is established, `wolfSSL_accept()` will finally return + * `SSL_SUCCESS`. + * + * + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c} + * ret = sock_dtls_session_create(sk); + * if (ret < 0) + * { + * printf("Failed to create DTLS session (err: %s)\r\n", strerror(-ret)); + * return -1; + * } + * printf("Listening on %d\n", SERVER_PORT); + * while(1) { + * ret = wolfSSL_accept(sk->ssl); + * if (ret != SSL_SUCCESS) { + * continue; + * } + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * + * At this point, the session is established, and encrypted data can be exchanged + * using `wolfSSL_read()` and `wolfSSL_write()`: + * + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c} + * ret = wolfSSL_read(sk->ssl, buf, 64); + * if (ret > 0) { + * buf[ret] = (char)0; + * printf("Received '%s'\r\n", buf); + * } + * printf("Sending 'DTLS OK'...\r\n"); + * wolfSSL_write(sk->ssl, Test_dtls_string, sizeof(Test_dtls_string)); + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * + * The session is terminated, and the associated socket is closed. + * + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {.c} + * sock_dtls_session_destroy(sk); + * sock_dtls_close(sk); + * break; + * } + * return 0; + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * + */ + + + +#include +#include +#include + +#include +#include + +#ifndef SOCK_TLS_H +#define SOCK_TLS_H +#ifdef __cplusplus +extern "C" { +#endif +#define MODE_TLS 0 +#define MODE_DTLS 1 + +#define MODE_TLS 0 +#define MODE_DTLS 1 +/** + * @brief Creates a new DTLS sock object. + * + * @pre `(sock != NULL)` + * @pre `(remote == NULL) || (remote->port != 0)` + * + * @param[out] sock The resulting sock object. + * @param[in] local Local end point for the sock object. + * May be NULL. + * sock_udp_ep_t::netif must either be + * @ref SOCK_ADDR_ANY_NETIF or equal to + * sock_udp_ep_t::netif of @p remote if `remote != NULL`. + * If NULL @ref sock_udp_send() may bind implicitly. + * sock_udp_ep_t::port may also be 0 to bind the `sock` to + * an ephemeral port. + * @param[in] remote Remote end point for the sock object. + * May be `NULL` but then the `remote` parameter of + * @ref sock_udp_send() may not be `NULL` or it will + * always error with return value -ENOTCONN. + * sock_udp_ep_t::port must not be 0 if `remote != NULL`. + * sock_udp_ep_t::netif must either be + * @ref SOCK_ADDR_ANY_NETIF or equal to sock_udp_ep_t::netif + * of @p local if `local != NULL`. + * @param[in] flags Flags for the sock object. See also + * [sock flags](@ref net_sock_flags). + * May be 0. + * @param[in] method Defines the SSL or TLS protocol for the client or server to use. + * There are several options for selecting the desired protocol. + * wolfSSL currently supports DTLS 1.0, and DTLS 1.2. Each of these + * protocols have a corresponding function that can be used as last + * argument to `sock_dtls_create`. The possible client and server + * protocol options are: `wolfDTLSv1_client_method()`, `wolfDTLSv1_server_method()`, + * `wolfDTLSv1_2_client_method()` and `wolfDTLSv1_server_method`. + * + * @return 0 on success. + * @return -EADDRINUSE, if `local != NULL` and @p local is already used + * elsewhere or if `local->port == 0` but the pool of ephemeral ports + * is depleted + * @return -EAFNOSUPPORT, if `local != NULL` or `remote != NULL` and + * sock_udp_ep_t::family of @p local or @p remote is not supported. + * @return -EINVAL, if sock_udp_ep_t::addr of @p remote is an invalid address. + * @return -EINVAL, if sock_udp_ep_t::netif of @p local or @p remote are not a + * valid interfaces or contradict each other (i.e. + * `(local->netif != remote->netif) && + * ((local->netif != SOCK_ADDR_ANY_NETIF) || + * (remote->netif != SOCK_ADDR_ANY_NETIF))` if neither is `NULL`). + * @return -ENOMEM, if not enough resources can be provided for `sock` to be + * created, 0 upon success. + */ +int sock_dtls_create(sock_tls_t *sock, const sock_udp_ep_t *local, const sock_udp_ep_t *remote, uint16_t flags, WOLFSSL_METHOD *method); + +/** + * @brief Sets the endpoint address for the remote DTLS peer associated to this sock object + * + * @pre `(sk != NULL)` + * @pre `(addr != NULL)` + * + * @param[in] sock The resulting sock object. + * @param[in] addr Remote end point for the DTLS session. + * + */ +void sock_dtls_set_endpoint(sock_tls_t *sk, const sock_udp_ep_t *addr); + +/** + * @brief Creates a new DTLS session from an existing `sock_tls_t` object. + * + * @pre `(sk != NULL)` + * + * @param[in] sock The sock object previously created using @ref sock_dtls_create + * + * @return 0 on success. + * @return -EINVAL, if @sock is null or the SSL context is not initialized yet. + * @return -ENOMEM, if not enough resources can be provided for the session to be + * created + */ +int sock_dtls_session_create(sock_tls_t *sk); + +/** + * @brief Destroys the DTLS session associated to the sock object. + * + * @pre `(sk != NULL)` + * + * @param[in] sk The sock object containing the session to destroy. + * + */ +void sock_dtls_session_destroy(sock_tls_t *sk); + +/** + * @brief Closes the socket connection associated to the DTLS session. + * + * @pre `(sk != NULL)` + * + * @param[in] sk The sock object containing the UDP socket to close. + * + */ +void sock_dtls_close(sock_tls_t *sk); + + +#ifdef MODULE_SOCK_TCP +/* TODO */ +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* SOCK_TLS_H */ diff --git a/tests/wolfcrypt-ed25519-verify/Makefile b/tests/wolfcrypt-ed25519-verify/Makefile new file mode 100644 index 0000000000..7e11c9f782 --- /dev/null +++ b/tests/wolfcrypt-ed25519-verify/Makefile @@ -0,0 +1,25 @@ +# name of your application +APPLICATION = wolfcrypt-ed25519-verify + +# If no BOARD is found in the environment, use this default: +BOARD ?= native + +# This has to be the absolute path to the RIOT base directory: +RIOTBASE ?= $(CURDIR)/../.. + +# Comment this out to disable code in RIOT that does safety checking +# which is not needed in a production environment but helps in the +# development process: +DEVELHELP ?= 1 + +# Change this to 0 show compiler invocation lines by default: +QUIET ?= 1 + +CFLAGS+=-DNO_ED25519_SIGN -DNO_ED25519_KEY_EXPORT + +USEPKG +=wolfssl +USEMODULE += wolfssl +USEMODULE += wolfcrypt +USEMODULE += wolfcrypt_ed25519 + +include $(RIOTBASE)/Makefile.include diff --git a/tests/wolfcrypt-ed25519-verify/README.md b/tests/wolfcrypt-ed25519-verify/README.md new file mode 100644 index 0000000000..926379b8da --- /dev/null +++ b/tests/wolfcrypt-ed25519-verify/README.md @@ -0,0 +1,16 @@ +# wolfCrypt Ed25519 verify routine test + +This is a demo of a signature verification using wolfCrypt. + +wolfCrypt is part of [wolfSSL](https://www.wolfss.com) which provides several different cryptographic services. + +In this test, a text message is signed using Edwards-curve digital signature algorithm, +using the Ed25519 signature scheme. + +## How it works + +The message and its signature are hardcoded in the example. To create a new +signed message, you may use the host-application `ed25519_sign_msg` under `tools/`, +which generates a new EdDSA key pair, and produces a signature for the test message. + +The demo verifies the authenticity of the message via `wc_ed25519_verify_msg`. diff --git a/tests/wolfcrypt-ed25519-verify/main.c b/tests/wolfcrypt-ed25519-verify/main.c new file mode 100644 index 0000000000..bf24ec4517 --- /dev/null +++ b/tests/wolfcrypt-ed25519-verify/main.c @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2014 Freie Universität Berlin + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + * + * **** This file incorporates work covered by the following copyright and **** + * **** permission notice: **** + * + * Copyright (C) 2006-2017 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + */ + +/** + * @ingroup examples + * @{ + * + * @file + * @brief ed25519 signature verification application + * + * @author wolfSSL + * + * @} + */ + +#include +#include +#include + +const uint8_t ed_public_key[ED25519_KEY_SIZE] = { + 0x9A, 0xBC, 0xA2, 0xE2, 0x4D, 0x19, 0x9E, 0x02, + 0x72, 0x69, 0x19, 0xE1, 0x05, 0x39, 0x3A, 0x08, + 0xC9, 0x9C, 0xDD, 0xA9, 0x28, 0x45, 0x8B, 0x37, + 0x9E, 0xCA, 0x20, 0x02, 0xBC, 0x7A, 0x2E, 0xC2 +}; + +const uint8_t msg[] = "Hello World!"; + +const uint8_t msg_signature[ED25519_SIG_SIZE] = { + 0x8A, 0xD3, 0xEA, 0x8F, 0x08, 0x8B, 0x8C, 0x41, + 0x61, 0x36, 0x51, 0xF4, 0x49, 0x6E, 0xD2, 0xCB, + 0xD6, 0xAC, 0x7B, 0x61, 0xD8, 0x3B, 0xE0, 0x1C, + 0xA7, 0xED, 0x72, 0x33, 0xA3, 0xB4, 0xE7, 0xBA, + 0x90, 0x47, 0xC9, 0xAE, 0x48, 0x48, 0x4A, 0x78, + 0x46, 0x63, 0x25, 0x44, 0xA5, 0x82, 0x0F, 0x4A, + 0x9A, 0x5A, 0x0E, 0x3F, 0xF5, 0xB1, 0x97, 0xAD, + 0xB5, 0x48, 0x26, 0x45, 0xD6, 0xC7, 0x00, 0x06 +}; + + +int main(void) +{ + int stat; + int ret; + ed25519_key key; + printf("You are running RIOT on a(n) %s board.\n", RIOT_BOARD); + printf("This board features a(n) %s MCU.\n", RIOT_MCU); + printf("\n\n\n"); + wc_ed25519_init(&key); + puts("Starting ed25519 test."); + + ret = wc_ed25519_import_public(ed_public_key, ED25519_KEY_SIZE, &key); + if (ret != 0) { + printf("Error importing public key for signature verification (%d)\n", ret); + return 1; + } + if ((wc_ed25519_verify_msg(msg_signature, ED25519_SIG_SIZE, msg, 12, &stat, &key) < 0) || (stat == 0)) { + printf("The signature is not valid!\n"); + } else { + printf("The signature is valid!\n"); + } + + return 0; +} diff --git a/tests/wolfcrypt-ed25519-verify/tools/Makefile b/tests/wolfcrypt-ed25519-verify/tools/Makefile new file mode 100644 index 0000000000..5de7fe1490 --- /dev/null +++ b/tests/wolfcrypt-ed25519-verify/tools/Makefile @@ -0,0 +1,8 @@ +all: ed25519_sign_msg + + +ed25519_sign_msg: ed25519_sign_msg.c + gcc -o $@ $^ -lwolfssl -DHAVE_ED25519 -DWOLFCRYPT_ONLY -DTFM_TIMING_RESISTANT -DNO_RSA -DECC_TIMING_RESISTANT + +clean: + @rm -f ed25519_sign_msg diff --git a/tests/wolfcrypt-ed25519-verify/tools/ed25519_sign_msg.c b/tests/wolfcrypt-ed25519-verify/tools/ed25519_sign_msg.c new file mode 100644 index 0000000000..20de88e548 --- /dev/null +++ b/tests/wolfcrypt-ed25519-verify/tools/ed25519_sign_msg.c @@ -0,0 +1,98 @@ +/* + * Copyright (C) 2014 Freie Universität Berlin + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + * + * **** This file incorporates work covered by the following copyright and **** + * **** permission notice: **** + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + */ +#include + +#include +#include + +void print_buf(uint8_t *buf, int len) +{ + int i; + for (i = 0; i < len; i++) { + int p = i % 8; + if (p == 0) + printf("\t"); + printf("0x%02X", buf[i]); + if (i < len - 1) + printf(","); + if (p == 7) + printf("\n"); + else + printf(" "); + } +} + +void print_key(void *key_in) +{ + uint8_t * key = key_in; + print_buf(key, ED25519_KEY_SIZE); +} + +void print_sig(void *sig_in) +{ + uint8_t * sig = sig_in; + print_buf(sig, ED25519_SIG_SIZE); +} + + +int main(void) +{ + uint8_t priv[ED25519_KEY_SIZE], pub[ED25519_KEY_SIZE]; + uint8_t sig[ED25519_SIG_SIZE]; + uint32_t outlen; + RNG rng; + ed25519_key key; + + wc_ed25519_init(&key); + wc_InitRng(&rng); + if (wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key) != 0) { + printf("Failed to create ED25519 key!\n"); + exit(1); + } + + outlen = ED25519_KEY_SIZE; + wc_ed25519_export_private_only(&key, priv, &outlen); + printf("const uint8_t ed_private_key[ED25519_KEY_SIZE] = {\n"); + print_key(priv); + printf("};\n\n"); + + outlen = ED25519_KEY_SIZE; + wc_ed25519_export_public(&key, pub, &outlen); + printf("const uint8_t ed_public_key[ED25519_KEY_SIZE] = {\n"); + print_key(pub); + printf("};\n\n"); + + printf("const uint8_t msg[] = \"Hello World!\";\n\n"); + printf("const uint8_t msg_signature[ED25519_SIG_SIZE] = {\n"); + outlen = ED25519_SIG_SIZE; + wc_ed25519_sign_msg("Hello World!", 12, sig, &outlen, &key); + print_sig(sig); + printf("};\n\n"); + exit(0); +} diff --git a/tests/wolfssl_crypto_benchmark/Makefile b/tests/wolfssl_crypto_benchmark/Makefile new file mode 100644 index 0000000000..f1ff7f4cef --- /dev/null +++ b/tests/wolfssl_crypto_benchmark/Makefile @@ -0,0 +1,48 @@ +APPLICATION = wolf_crypto_benchark + +# If no BOARD is found in the environment, use this default: +#BOARD ?= native +BOARD ?= samd21-xpro #Currently missing implementation for strncasecmp +#BOARD ?= pic32-wifire +#BOARD ?= frdm-k64f +#BOARD ?= stm32f4discovery + +# BOARD_WHITELIST := To Be Determined +# BOARD_BLACKLIST := To Be Determined +# BOARD_INSUFFICIENT_MEMORY := To Be Determined + +# This has to be the absolute path to the RIOT base directory: +RIOTBASE ?= $(CURDIR)/../.. + +# Used for inserting debug symbols into library for portability +# testing on Ubuntu 16.04 LTS w/ gcc v 5.4.0 +#CFLAGS += -g +#LDFLAGS += -g + +# Necessary to set the stacksize on Ubuntu Native device when using +# gcc v 5.4.0 on 16.04 LTS +# This is an optimized stack value based on testing, if you observe +# a segmentation fault please increase this stack size. +CFLAGS += -DTHREAD_STACKSIZE_MAIN=20000 + +# Change this to 0 show compiler invocation lines by default: +QUIET ?= 1 + +# May need these for seeding wolfCrypt DRBG +#USEMODULE += random +#USEMODULE += prng_minstd + +USEPKG += wolfssl +USEMODULE += wolfcrypt wolfcrypt-benchmark wolfcrypt_sha512 wolfcrypt_curve25519 \ + wolfcrypt_ed25519 wolfcrypt_chacha wolfcrypt_poly1305 wolfcrypt_aes \ + wolfcrypt_ecc wolfcrypt_asn wolfcrypt_random + +ifneq (native, $(BOARD)) +# for TCP/IP recommend working with lwip or other third-party TCP/IP stack. +# Also need third-party string library if attempting to use ecc that will +# implement strncasecomp +# USEPKG += lwip +# export CFLAGS += "-DHAVE_LWIP_NATIVE=1" +endif + +include $(RIOTBASE)/Makefile.include diff --git a/tests/wolfssl_crypto_benchmark/README.md b/tests/wolfssl_crypto_benchmark/README.md new file mode 100644 index 0000000000..b568a7f5ea --- /dev/null +++ b/tests/wolfssl_crypto_benchmark/README.md @@ -0,0 +1,4 @@ +# wolfSSL on RIOT + +This application measures the performance of wolfCrypt libraries in wolfSSL +from [wolfSSL Inc](https://www.wolfssl.com) on RIOT. diff --git a/tests/wolfssl_crypto_benchmark/main.c b/tests/wolfssl_crypto_benchmark/main.c new file mode 100644 index 0000000000..e85377614f --- /dev/null +++ b/tests/wolfssl_crypto_benchmark/main.c @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2006-2017 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/** + * @ingroup examples + * @{ + * + * @file + * @brief wolfSSL cryptographic benchmark application + * + * @author Kaleb J. Himes + * + * @} + */ + +#include + +#include +#include + + +int main(void) +{ + puts("wolfSSL Crypto Benchmarks!"); + benchmark_test(NULL); + return 0; +} diff --git a/tests/wolfssl_crypto_test/Makefile b/tests/wolfssl_crypto_test/Makefile new file mode 100644 index 0000000000..785defc446 --- /dev/null +++ b/tests/wolfssl_crypto_test/Makefile @@ -0,0 +1,47 @@ +APPLICATION = wolf_crypto_test + +# If no BOARD is found in the environment, use this default: +#BOARD ?= native +#BOARD ?= samd21-xpro #Currently missing implementation for strncasecmp +#BOARD ?= pic32-wifire +#BOARD ?= frdm-k64f +BOARD ?= stm32f4discovery + +# BOARD_WHITELIST := To Be Determined +# BOARD_BLACKLIST := To Be Determined +# BOARD_INSUFFICIENT_MEMORY := To Be Determined + +# This has to be the absolute path to the RIOT base directory: +RIOTBASE ?= $(CURDIR)/../.. + +# Used for inserting debug symbols into library for portability +# testing on Ubuntu 16.04 LTS w/ gcc v 5.4.0 +#CFLAGS += -g +#LDFLAGS += -g + +# Necessary to set the stacksize on Ubuntu Native device when using +# gcc v 5.4.0 on 16.04 LTS +# This is an optimized stack value based on testing, if you observe +# a segmentation fault please increase this stack size. +CFLAGS += -DTHREAD_STACKSIZE_MAIN=35000 + +# Change this to 0 show compiler invocation lines by default: +QUIET ?= 1 + +# May need these for seeding wolfCrypt DRBG +#USEMODULE += prng_minstd + +USEPKG += wolfssl +USEMODULE += wolfcrypt wolfcrypt-test wolfcrypt_sha512 wolfcrypt_curve25519 \ + wolfcrypt_ed25519 wolfcrypt_chacha wolfcrypt_poly1305 wolfcrypt_aes \ + wolfcrypt_ecc wolfcrypt_asn wolfcrypt_random + +ifneq (native, $(BOARD)) +# for TCP/IP recommend working with lwip or other third-party TCP/IP stack. +# Also need third-party string library if attempting to use ecc that will +# implement strncasecomp +# USEPKG += lwip +# export CFLAGS += "-DHAVE_LWIP_NATIVE=1" +endif + +include $(RIOTBASE)/Makefile.include diff --git a/tests/wolfssl_crypto_test/README.md b/tests/wolfssl_crypto_test/README.md new file mode 100644 index 0000000000..690f937a70 --- /dev/null +++ b/tests/wolfssl_crypto_test/README.md @@ -0,0 +1,4 @@ +# wolfSSL on RIOT + +This application demonstrates the underlying wolfCrypt libraries in wolfSSL +from [wolfSSL Inc](https://www.wolfssl.com) on RIOT. diff --git a/tests/wolfssl_crypto_test/main.c b/tests/wolfssl_crypto_test/main.c new file mode 100644 index 0000000000..efa72d4793 --- /dev/null +++ b/tests/wolfssl_crypto_test/main.c @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2006-2017 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/** + * @ingroup examples + * @{ + * + * @file + * @brief wolfSSL cryptographic library test + * + * @author Kaleb J. Himes + * + * @} + */ + +#include + +#include +#include + +int main(void) +{ + puts("wolfSSL Crypto Test!"); + wolfcrypt_test(NULL); + return 0; +}