From 9c1cbfa91f331747f49ff8fc8996f4eaccc773f6 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 27 Jul 2018 11:40:42 +0200 Subject: [PATCH 1/8] WolfSSL port for TLS/DLTS sockets --- .gitmodules | 3 + apps/wolfssl/Makefile.wolfssl | 91 +++++++++++ apps/wolfssl/readme.md | 88 +++++++++++ apps/wolfssl/wolfssl | 1 + apps/wolfssl/wolfssl.c | 232 ++++++++++++++++++++++++++++ apps/wolfssl/wolfssl.h | 48 ++++++ examples/dtls/Makefile | 20 +++ examples/dtls/cert.c | 83 ++++++++++ examples/dtls/dtls-client.c | 135 ++++++++++++++++ examples/dtls/dtls-server.c | 132 ++++++++++++++++ examples/dtls/ecc-key.der | 0 examples/dtls/server-ecc.der | 0 examples/dtls/user_settings.h | 61 ++++++++ examples/ssl-client/Makefile | 13 ++ examples/ssl-client/ssl-client.c | 96 ++++++++++++ examples/ssl-client/user_settings.h | 59 +++++++ examples/ssl-server/Makefile | 15 ++ examples/ssl-server/cert.c | 83 ++++++++++ examples/ssl-server/ecc-key.der | 0 examples/ssl-server/server-ecc.der | 0 examples/ssl-server/ssl-server.c | 99 ++++++++++++ examples/ssl-server/user_settings.h | 59 +++++++ platform/nrf52dk/contiki-main.c | 2 + 23 files changed, 1320 insertions(+) create mode 100644 apps/wolfssl/Makefile.wolfssl create mode 100755 apps/wolfssl/readme.md create mode 160000 apps/wolfssl/wolfssl create mode 100644 apps/wolfssl/wolfssl.c create mode 100644 apps/wolfssl/wolfssl.h create mode 100644 examples/dtls/Makefile create mode 100755 examples/dtls/cert.c create mode 100644 examples/dtls/dtls-client.c create mode 100644 examples/dtls/dtls-server.c create mode 100755 examples/dtls/ecc-key.der create mode 100755 examples/dtls/server-ecc.der create mode 100644 examples/dtls/user_settings.h create mode 100644 examples/ssl-client/Makefile create mode 100644 examples/ssl-client/ssl-client.c create mode 100644 examples/ssl-client/user_settings.h create mode 100644 examples/ssl-server/Makefile create mode 100755 examples/ssl-server/cert.c create mode 100755 examples/ssl-server/ecc-key.der create mode 100755 examples/ssl-server/server-ecc.der create mode 100644 examples/ssl-server/ssl-server.c create mode 100644 examples/ssl-server/user_settings.h diff --git a/.gitmodules b/.gitmodules index 308d06c43a6..ab526f7ad82 100644 --- a/.gitmodules +++ b/.gitmodules @@ -17,3 +17,6 @@ [submodule "tools/sensniff"] path = tools/sensniff url = https://github.com/g-oikonomou/sensniff.git +[submodule "apps/ssl/wolfssl"] + path = apps/wolfssl/wolfssl + url = https://github.com/danielinux/wolfssl diff --git a/apps/wolfssl/Makefile.wolfssl b/apps/wolfssl/Makefile.wolfssl new file mode 100644 index 00000000000..2e59486a6e0 --- /dev/null +++ b/apps/wolfssl/Makefile.wolfssl @@ -0,0 +1,91 @@ +wolfssl_src = wolfssl.c + +WOLFSSL_ROOT?=wolfssl +SOURCEDIRS+=$(WOLFSSL_ROOT) +CFLAGS+=-I../../apps/wolfssl/$(WOLFSSL_ROOT) -DUSE_WOLFSSL +$(info WOLFSSL: $(WOLFSSL_ROOT)) +$(info SOURCEDIRS: $(SOURCEDIRS)) +$(info CFLAGS: $(CFLAGS)) +#source common to all targets + +wolfssl_src += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/asm.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/asn.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/coding.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/compress.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/cryptodev.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/des3.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/dh.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/error.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/hash.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/hc128.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/idea.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/integer.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/logging.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/md2.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/md4.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/md5.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/memory.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/rabbit.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/random.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/sha.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/signature.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/srp.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.c \ + $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.c + +#WOLFCRYPT_ASM_SOURCE_FILES = $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.S + + +wolfssl_src += \ + $(WOLFSSL_ROOT)/src/internal.c \ + $(WOLFSSL_ROOT)/src/tls.c \ + $(WOLFSSL_ROOT)/src/wolfio.c \ + $(WOLFSSL_ROOT)/src/keys.c \ + $(WOLFSSL_ROOT)/src/crl.c \ + $(WOLFSSL_ROOT)/src/ssl.c \ + $(WOLFSSL_ROOT)/src/sniffer.c \ + $(WOLFSSL_ROOT)/src/ocsp.c \ + $(WOLFSSL_ROOT)/src/tls13.c + +vpath %c ../../apps/$(WOLFSSL_ROOT)/src +vpath %c ../../apps/$(WOLFSSL_ROOT)/wolfcrypt/src + +%.d: + @mkdir -p $(OBJECTDIR)/wolfssl/src + @mkdir -p $(OBJECTDIR)/wolfssl/wolfcrypt/src diff --git a/apps/wolfssl/readme.md b/apps/wolfssl/readme.md new file mode 100755 index 00000000000..ced12d20b56 --- /dev/null +++ b/apps/wolfssl/readme.md @@ -0,0 +1,88 @@ +# WolfSSL module for Contiki OS + +This module provides SSL support via WolfSSL. + +WolfSSL is Copyright (c) by WolfSSL Inc. + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use +under the GPLv2 or a standard commercial license. For our users who cannot use +wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available. +Please contact wolfSSL Inc. directly at: + +Email: licensing@wolfssl.com +Phone: +1 425 245-8247 + +More information can be found on the wolfSSL website at www.wolfssl.com. + +## Contiki TLS/DTLS API + +Specific calls have been create to initialize and connect TLS and DTLS sockets +on top of Contiki's uIP sockets. The API provided in this module is described below. + +### SSL Session object + +Secure sessions can be created on top of TCP or UDP sockets. For convenience, the +data type `uip_wolfssl_ctx` is used to keep track of the ssl session and the transport socket +associated to it. + +### TLS + +To create a TLS session from within a process thread, the following shortcut functions +are available: + + +```C + uip_wolfssl_ctx *tls_socket_register(WOLFSSL_METHOD* method) +``` + +Create a new TLS session, and associates it to a newly created TCP +socket in uIP. In case of success, it returns a new pointer to a `uip_wolfssl_ctx` object, +keeping track of the TLS session and the associated socket. + +`method` is the desired SSL/TLS protocol method used to create the SSL context, +`p` is the invoking process pointer, so that event-driven input/output can be +configured for the associated socket. + + + +```C + int tls_socket_accept(uip_wolfssl_ctx *sk) +``` + +Replace the current listening socket associated to the SSL/TLS session `sk` +with the new connected socket, and initiate the TLS handshake from the server side. +Returns 0 on success, -1 in case of error. + + + + +```C + int tls_socket_connect(uip_wolfssl_ctx *sk, const uip_ipaddr_t *addr, uint16_t port) +``` + +Initiate a connection to the server, which is expected to be listening at address +`addr`:`port`. Once the TCP socket is connected, a the TLS handshake is initiated +on the client side. +Returns 0 on success, -1 in case of error. + + +### DTLS + + + +```C + uip_wolfssl_ctx *dtls_socket_register(WOLFSSL_METHOD* method); +``` + +```C + void dtls_set_endpoint(uip_wolfssl_ctx *sk, const uip_ipaddr_t *addr, uint16_t port); +``` + + + + + + + + + diff --git a/apps/wolfssl/wolfssl b/apps/wolfssl/wolfssl new file mode 160000 index 00000000000..5c225138615 --- /dev/null +++ b/apps/wolfssl/wolfssl @@ -0,0 +1 @@ +Subproject commit 5c22513861571eb24aed9348d4491c30a2f6d1c0 diff --git a/apps/wolfssl/wolfssl.c b/apps/wolfssl/wolfssl.c new file mode 100644 index 00000000000..91f2f9b56f1 --- /dev/null +++ b/apps/wolfssl/wolfssl.c @@ -0,0 +1,232 @@ +/* + * **** This file incorporates work covered by the following copyright and **** + * **** permission notice: **** + * + * Copyright (C) 2006-2017 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + */ + +#include +#include +#include +#include "wolfssl.h" +#include +#include "uip.h" +static int wolfssl_is_initialized = 0; + +//#define SSL_DATABUF_LEN (UIP_CONF_BUFFER_SIZE) +#define SSL_DATABUF_LEN (1500) +#define MODE_TLS 0 +#define MODE_DTLS 1 + +int tls_socket_connect(uip_wolfssl_ctx *sk, const uip_ipaddr_t *addr, uint16_t port) +{ + int ret; + if (!sk->ssl) { + sk->ssl = wolfSSL_new(sk->ctx); + wolfSSL_SetIOReadCtx(sk->ssl, sk); + wolfSSL_SetIOWriteCtx(sk->ssl, sk); + } + ret = tcp_socket_connect(&sk->conn.tcp, addr, port); + if (ret < 0) { + return ret; + } + ret = wolfSSL_connect(sk->ssl); + if (ret == SSL_SUCCESS) { + wolfSSL_set_using_nonblock(sk->ssl, 0); + return 0; + } else { + return ret; + } +} + +int tls_socket_accept(uip_wolfssl_ctx *sk) +{ + int ret; + if (sk->ssl_rb_len == 0) + return -2; + if (!sk->ssl) { + sk->ssl = wolfSSL_new(sk->ctx); + wolfSSL_SetIOReadCtx(sk->ssl, sk); + wolfSSL_SetIOWriteCtx(sk->ssl, sk); + } + ret = wolfSSL_accept(sk->ssl); + if (ret == SSL_SUCCESS) { + wolfSSL_set_using_nonblock(sk->ssl, 0); + return 0; + } else { + return ret; + } +} + +static void release_databuf(uip_wolfssl_ctx *ctx) +{ + if (ctx->input_databuf) + free(ctx->input_databuf); + if (ctx->output_databuf) + free(ctx->output_databuf); + if (ctx->ssl_rx_databuf) + free(ctx->ssl_rx_databuf); +} + +void tls_socket_close(uip_wolfssl_ctx *sk) +{ + tcp_socket_close(&sk->conn.tcp); + release_databuf(sk); + wolfSSL_free(sk->ssl); +} + +void dtls_socket_close(uip_wolfssl_ctx *sk) +{ + udp_socket_close(&sk->conn.udp); + release_databuf(sk); + wolfSSL_free(sk->ssl); +} + +/* Called by uIP when a new packet is received from the network. + */ +static int tls_socket_recv_callback(struct tcp_socket *s, + void *ptr, + const uint8_t *input_data_ptr, + int input_data_len) +{ + struct uip_wolfssl_ctx *sk = (struct uip_wolfssl_ctx *)s; + if (sk->ssl_rb_len < SSL_DATABUF_LEN) { + if (input_data_len > (SSL_DATABUF_LEN - sk->ssl_rb_len)) + input_data_len = SSL_DATABUF_LEN - sk->ssl_rb_len; + memcpy(sk->ssl_rx_databuf + sk->ssl_rb_len, input_data_ptr, input_data_len); + sk->ssl_rb_len += input_data_len; + process_post(sk->process, PROCESS_EVENT_POLL, sk); + return 0; /* all data consumed */ + }else { + printf("wolfSSL: Input buffer full!\n"); + return input_data_len; /* keep in input buffer */ + } +} + +void dtls_set_endpoint(struct uip_wolfssl_ctx *sk, const uip_ipaddr_t *addr, uint16_t port) +{ + printf("wolfSSL: Setting peer address and port\n"); + sk->peer_port = port; + memcpy(&sk->peer_addr, addr, sizeof (uip_ipaddr_t)); +} + +static void dtls_socket_recv_callback(struct udp_socket *s, + void *ptr, + const uip_ipaddr_t *source_addr, + uint16_t source_port, + const uip_ipaddr_t *dest_addr, + uint16_t dest_port, + const uint8_t *input_data_ptr, + uint16_t input_data_len) +{ + struct uip_wolfssl_ctx *sk = (struct uip_wolfssl_ctx *)s; + if (sk->ssl_rb_len < SSL_DATABUF_LEN) { + if (input_data_len > (SSL_DATABUF_LEN - sk->ssl_rb_len)) + input_data_len = SSL_DATABUF_LEN - sk->ssl_rb_len; + memcpy(sk->ssl_rx_databuf + sk->ssl_rb_len, input_data_ptr, input_data_len); + sk->ssl_rb_len += input_data_len; + process_post(sk->process, PROCESS_EVENT_POLL, sk); + if (sk->peer_port == 0) { + dtls_set_endpoint(sk, source_addr, source_port); + } + }else { + printf("wolfSSL: Input buffer full!\n"); + } +} + + +static void +tls_socket_event_callback(struct tcp_socket *s, void *ptr, + tcp_socket_event_t ev) +{ +} + +static struct uip_wolfssl_ctx *do_socket_register(WOLFSSL_METHOD* method, int mode) +{ + struct uip_wolfssl_ctx *ctx = NULL; + if (!wolfssl_is_initialized) { + wolfSSL_Init(); + wolfSSL_Debugging_ON(); + wolfssl_is_initialized++; + } + + ctx = malloc(sizeof(uip_wolfssl_ctx)); + if (!ctx) + return ctx; + memset(ctx, 0, sizeof(uip_wolfssl_ctx)); + + /* Allocate buffers for UIP */ + ctx->input_databuf = malloc(SSL_DATABUF_LEN); + ctx->output_databuf = malloc(SSL_DATABUF_LEN); + + /* Allocate RX buffer for TLS socket */ + ctx->ssl_rx_databuf = malloc(SSL_DATABUF_LEN); + + if(!ctx->input_databuf || !ctx->output_databuf || !ctx->ssl_rx_databuf) + goto error; + + ctx->ctx = wolfSSL_CTX_new(method); + ctx->process = PROCESS_CURRENT(); + if (!ctx->ctx) + goto error; + if (MODE_TLS == mode) { + if (tcp_socket_register(&ctx->conn.tcp, NULL, + ctx->input_databuf, SSL_DATABUF_LEN, + ctx->output_databuf, SSL_DATABUF_LEN, + tls_socket_recv_callback, + tls_socket_event_callback) < 0) + + goto error; + wolfSSL_SetIORecv(ctx->ctx, uIPReceive); + wolfSSL_SetIOSend(ctx->ctx, uIPSend); + } else { + if (udp_socket_register(&ctx->conn.udp, NULL, + dtls_socket_recv_callback ) < 0) + goto error; + wolfSSL_SetIORecv(ctx->ctx, uIPReceive); + wolfSSL_SetIOSend(ctx->ctx, uIPSendTo); + } + return ctx; + +error: + if (ctx) { + if (ctx->ctx) + wolfSSL_CTX_free(ctx->ctx); + if (ctx->input_databuf) + free(ctx->input_databuf); + if (ctx->output_databuf) + free(ctx->output_databuf); + if (ctx->ssl_rx_databuf) + free(ctx->ssl_rx_databuf); + free(ctx); + } + return NULL; +} + +struct uip_wolfssl_ctx *tls_socket_register(WOLFSSL_METHOD* method) +{ + return do_socket_register(method, MODE_TLS); +} + +struct uip_wolfssl_ctx *dtls_socket_register(WOLFSSL_METHOD* method) +{ + return do_socket_register(method, MODE_DTLS); +} + diff --git a/apps/wolfssl/wolfssl.h b/apps/wolfssl/wolfssl.h new file mode 100644 index 00000000000..d16a583c282 --- /dev/null +++ b/apps/wolfssl/wolfssl.h @@ -0,0 +1,48 @@ +/* + * **** This file incorporates work covered by the following copyright and **** + * **** permission notice: **** + * + * Copyright (C) 2006-2017 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + */ +#ifndef WOLFSSL_SK_H +#define WOLFSSL_SK_H +#include "wolfssl/ssl.h" +#include "wolfssl/wolfio.h" +#include "user_settings.h" +#include "contiki-net.h" +#include "lib/random.h" +#include "sys/cc.h" +#include + +struct uip_wolfssl_ctx *tls_socket_register(WOLFSSL_METHOD* method); +int tls_socket_accept(uip_wolfssl_ctx *sk); +int tls_socket_connect(uip_wolfssl_ctx *sk, const uip_ipaddr_t *addr, uint16_t port); +void tls_socket_close(uip_wolfssl_ctx *sk); + +struct uip_wolfssl_ctx *dtls_socket_register(WOLFSSL_METHOD* method); +void dtls_set_endpoint(uip_wolfssl_ctx *sk, const uip_ipaddr_t *addr, uint16_t port); +void dtls_socket_close(uip_wolfssl_ctx *sk); + +int wolfssl_tcp_send_cb(WOLFSSL* ssl, char *buf, int sz, void *ctx); +int wolfssl_udp_send_cb(WOLFSSL* ssl, char *buf, int sz, void *ctx); +int wolfssl_recv_cb(WOLFSSL *ssl, char *buf, int sz, void *ctx); +int contiki_rand_generator(); + +#endif diff --git a/examples/dtls/Makefile b/examples/dtls/Makefile new file mode 100644 index 00000000000..62350f7c440 --- /dev/null +++ b/examples/dtls/Makefile @@ -0,0 +1,20 @@ +CONTIKI=../.. +CONTIKI_WITH_IPV4 = 0 +CONTIKI_WITH_IPV6 = 1 +CONTIKI_WITH_RPL = 0 +CONTIKI_WITH_WOLFSSL = 1 +CFLAGS+=-DWOLFSSL_USER_SETTINGS + +ifeq ($(MAKECMDGOALS),) +$(error Please specify whether dtls-client or dtls-server should be built) +endif + +CONTIKI_PROJECT=$(MAKECMDGOALS) +all: $(CONTIKI_PROJECT) + + +APPS=wolfssl + +PROJECT_SOURCEFILES += cert.c + +include $(CONTIKI)/Makefile.include diff --git a/examples/dtls/cert.c b/examples/dtls/cert.c new file mode 100755 index 00000000000..63941a373ec --- /dev/null +++ b/examples/dtls/cert.c @@ -0,0 +1,83 @@ +const unsigned char server_cert[] = { + 0x30, 0x82, 0x03, 0x10, 0x30, 0x82, 0x02, 0xb5, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x09, 0x00, 0xef, 0x46, 0xc7, 0xa4, 0x9b, 0xbb, 0x60, 0xd3, + 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, + 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, + 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, + 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x6c, 0x69, 0x70, 0x74, 0x69, + 0x63, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x03, + 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, + 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, + 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5a, 0x30, 0x81, + 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, + 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x6c, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, + 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x03, 0x45, 0x43, + 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6, 0x4a, + 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36, 0xdb, 0x72, 0x2d, 0xce, 0x94, + 0xea, 0x2b, 0xfa, 0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61, 0x02, + 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a, 0x31, 0x5b, 0x97, 0x92, 0x21, + 0x7f, 0xf0, 0xcf, 0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8, 0x20, + 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8, 0xa3, 0x81, 0xf7, 0x30, 0x81, + 0xf4, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x5d, 0x5d, 0x26, 0xef, 0xac, 0x7e, 0x36, 0xf9, 0x9b, 0x76, 0x15, 0x2b, + 0x4a, 0x25, 0x02, 0x23, 0xef, 0xb2, 0x89, 0x30, 0x30, 0x81, 0xc4, 0x06, + 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, + 0x5d, 0x5d, 0x26, 0xef, 0xac, 0x7e, 0x36, 0xf9, 0x9b, 0x76, 0x15, 0x2b, + 0x4a, 0x25, 0x02, 0x23, 0xef, 0xb2, 0x89, 0x30, 0xa1, 0x81, 0x95, 0xa4, + 0x81, 0x92, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x6c, 0x69, 0x70, + 0x74, 0x69, 0x63, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, + 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, + 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x09, 0x00, 0xef, 0x46, 0xc7, 0xa4, 0x9b, + 0xbb, 0x60, 0xd3, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, + 0x00, 0xf1, 0xd0, 0xa6, 0x3e, 0x83, 0x33, 0x24, 0xd1, 0x7a, 0x05, 0x5f, + 0x1e, 0x0e, 0xbd, 0x7d, 0x6b, 0x33, 0xe9, 0xf2, 0x86, 0xf3, 0xf3, 0x3d, + 0xa9, 0xef, 0x6a, 0x87, 0x31, 0xb3, 0xb7, 0x7e, 0x50, 0x02, 0x21, 0x00, + 0xf0, 0x60, 0xdd, 0xce, 0xa2, 0xdb, 0x56, 0xec, 0xd9, 0xf4, 0xe4, 0xe3, + 0x25, 0xd4, 0xb0, 0xc9, 0x25, 0x7d, 0xca, 0x7a, 0x5d, 0xba, 0xc4, 0xb2, + 0xf6, 0x7d, 0x04, 0xc7, 0xbd, 0x62, 0xc9, 0x20 +}; +unsigned int server_cert_len = 788; +const unsigned char server_key[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x45, 0xb6, 0x69, 0x02, 0x73, + 0x9c, 0x6c, 0x85, 0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac, 0xc4, + 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c, 0x28, 0xdc, 0x34, 0x8d, 0xe1, + 0xa8, 0x09, 0x8c, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xbb, 0x33, 0xac, + 0x4c, 0x27, 0x50, 0x4a, 0xc6, 0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, + 0x36, 0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa, 0xcb, 0x20, 0x09, + 0x39, 0x2c, 0x16, 0xe8, 0x61, 0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, + 0x9a, 0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf, 0x18, 0xda, 0x91, + 0x11, 0x02, 0x34, 0x86, 0xe8, 0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, + 0xd8 +}; +unsigned int server_key_len = 121; diff --git a/examples/dtls/dtls-client.c b/examples/dtls/dtls-client.c new file mode 100644 index 00000000000..72113383641 --- /dev/null +++ b/examples/dtls/dtls-client.c @@ -0,0 +1,135 @@ +/* + * **** This file incorporates work covered by the following copyright and **** + * **** permission notice: **** + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + */ + +#include "contiki-net.h" +#include "sys/cc.h" +#include "wolfssl.h" +#include "uip-debug.h" + +#include +#include +#include + +#define SERVER_PORT 11111 + +extern const unsigned char server_cert[788]; +extern const unsigned long server_cert_len; + +#if NETSTACK_WITH_IPV6 +static void print_local_addresses(void) +{ + int i; + uint8_t state; + + printf("Client IPv6 address:\n"); + for(i = 0; i < UIP_DS6_ADDR_NB; i++) { + state = uip_ds6_if.addr_list[i].state; + if(uip_ds6_if.addr_list[i].isused && (state == ADDR_TENTATIVE || state + == ADDR_PREFERRED)) { + printf(" "); + uip_debug_ipaddr_print(&uip_ds6_if.addr_list[i].ipaddr); + printf("\n"); + if(state == ADDR_TENTATIVE) { + uip_ds6_if.addr_list[i].state = ADDR_PREFERRED; + } + } + } +} +#endif + +static struct uip_wolfssl_ctx *sk = NULL; + +static struct etimer et; + +PROCESS(dtls_client_process, "DTLS process"); +AUTOSTART_PROCESSES(&dtls_client_process); +/*---------------------------------------------------------------------------*/ +PROCESS_THREAD(dtls_client_process, ev, data) +{ + int ret = 0; + char buf[64]; + uip_ipaddr_t server; + PROCESS_BEGIN(); + + + sk = dtls_socket_register(wolfDTLSv1_2_client_method()); + if (!sk) { + while(1) + ; + } + /* Load certificate file for the DTLS client */ + if (wolfSSL_CTX_use_certificate_buffer(sk->ctx, server_cert, + server_cert_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS) + while(1) + ; + + + sk->ssl = wolfSSL_new(sk->ctx); + wolfSSL_SetIOReadCtx(sk->ssl, sk); + wolfSSL_SetIOWriteCtx(sk->ssl, sk); + if (sk->ssl == NULL) { + + while(1) + ; + + } + +#ifdef NETSTACK_CONF_WITH_IPV4 + uip_ipaddr(&server, 172, 18, 0, 1); +#else + uip_ip6addr(&server, 0xfd00, 0, 0, 0, 0, 0, 0, 1); +#endif + + + dtls_set_endpoint(sk, &server, SERVER_PORT); + + do { + etimer_set(&et, CLOCK_SECOND * 5); + PROCESS_WAIT_EVENT_UNTIL(etimer_expired(&et)); + printf("connecting to server...\n"); + ret = wolfSSL_connect(sk->ssl); + if (ret != SSL_SUCCESS) { + free(sk->ssl); + sk->ssl = wolfSSL_new(sk->ctx); + wolfSSL_SetIOReadCtx(sk->ssl, sk); + wolfSSL_SetIOWriteCtx(sk->ssl, sk); + } + PROCESS_PAUSE(); + } while(ret != SSL_SUCCESS); + + PROCESS_WAIT_EVENT(); + do { + ret = wolfSSL_read(sk->ssl, buf, 63); + printf("wolfSSL_read returned %d\r\n", ret); + } while (ret <= 0); + buf[ret] = (char)0; + printf("%s\r\n", buf); + + printf("Closing connection.\r\n"); + dtls_socket_close(sk); + sk->ssl = NULL; + sk->peer_port = 0; + PROCESS_END(); +} +/*---------------------------------------------------------------------------*/ diff --git a/examples/dtls/dtls-server.c b/examples/dtls/dtls-server.c new file mode 100644 index 00000000000..30c5e1055f2 --- /dev/null +++ b/examples/dtls/dtls-server.c @@ -0,0 +1,132 @@ +/* + * **** This file incorporates work covered by the following copyright and **** + * **** permission notice: **** + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + */ +#include "contiki-net.h" +#include "sys/cc.h" +#include "wolfssl.h" +#include "uip-debug.h" + +#include +#include +#include + +#define SERVER_PORT 11111 +#define DEBUG 1 +extern const unsigned char server_cert[788]; +extern const unsigned char server_key[121]; +extern unsigned int server_cert_len; +extern unsigned int server_key_len; + +static struct uip_wolfssl_ctx *sk = NULL; +static struct etimer et; + +static void print_local_addresses(void) +{ + int i; + uint8_t state; + + printf("Server IPv6 address:\n"); + for(i = 0; i < UIP_DS6_ADDR_NB; i++) { + state = uip_ds6_if.addr_list[i].state; + if(uip_ds6_if.addr_list[i].isused && (state == ADDR_TENTATIVE || state + == ADDR_PREFERRED)) { + printf(" "); + uip_debug_ipaddr_print(&uip_ds6_if.addr_list[i].ipaddr); + printf("\n"); + if(state == ADDR_TENTATIVE) { + uip_ds6_if.addr_list[i].state = ADDR_PREFERRED; + } + } + } +} + +static const char Contiki_dtls_string[] = "DTLS OK\r\n"; +PROCESS(dtls_server_process, "DTLS process"); +AUTOSTART_PROCESSES(&dtls_server_process); +/*---------------------------------------------------------------------------*/ +PROCESS_THREAD(dtls_server_process, ev, data) +{ + uip_ipaddr_t ipaddr; + PROCESS_BEGIN(); + uip_ds6_init(); + /* Wait one second */ + uip_ip6addr(&ipaddr, 0xbbbb, 0, 0, 0, 0, 0, 0, 0x1); + uip_ds6_addr_add(&ipaddr, 0, ADDR_AUTOCONF); + + etimer_set(&et, CLOCK_SECOND * 4); + PROCESS_WAIT_EVENT_UNTIL(etimer_expired(&et)); + + print_local_addresses(); + sk = dtls_socket_register(wolfDTLSv1_2_server_method()); + if (!sk) { + while(1) + ; + } + /* Load certificate file for the DTLS server */ + if (wolfSSL_CTX_use_certificate_buffer(sk->ctx, server_cert, + server_cert_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS) + while(1) + ; + + /* Load the private key */ + if (wolfSSL_CTX_use_PrivateKey_buffer(sk->ctx, server_key, + server_key_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS) + while(1) {} + + sk->ssl = wolfSSL_new(sk->ctx); + wolfSSL_SetIOReadCtx(sk->ssl, sk); + wolfSSL_SetIOWriteCtx(sk->ssl, sk); + if (sk->ssl == NULL) { + + while(1) + ; + + } + + if (udp_socket_bind(&sk->conn.udp, SERVER_PORT) < 0) { + while(1) + ; + } + printf("Listening on %d\n", SERVER_PORT); + while(1) { + int ret; + + PROCESS_WAIT_EVENT(); + ret = wolfSSL_accept(sk->ssl); + if (ret != SSL_SUCCESS) { + printf("err: %d\r\n", ret); + continue; + } + printf("Connection accepted\r\n"); + /* Send header */ + printf("Sending 'DTLS OK'...\r\n"); + wolfSSL_write(sk->ssl, Contiki_dtls_string, sizeof(Contiki_dtls_string)); + printf("Closing connection.\r\n"); + dtls_socket_close(sk); + sk->ssl = NULL; + sk->peer_port = 0; + printf("Listening on %d\n", SERVER_PORT); + } + PROCESS_END(); +} +/*---------------------------------------------------------------------------*/ diff --git a/examples/dtls/ecc-key.der b/examples/dtls/ecc-key.der new file mode 100755 index 00000000000..e69de29bb2d diff --git a/examples/dtls/server-ecc.der b/examples/dtls/server-ecc.der new file mode 100755 index 00000000000..e69de29bb2d diff --git a/examples/dtls/user_settings.h b/examples/dtls/user_settings.h new file mode 100644 index 00000000000..b4d52e40fce --- /dev/null +++ b/examples/dtls/user_settings.h @@ -0,0 +1,61 @@ +#include + + +#if defined CONTIKI_TARGET_NATIVE || defined CONTIKI_TARGET_MINIMAL_NET + #define WOLFSSL_GENERAL_ALIGNMENT 8 +#elif defined CONTIKI_TARGET_SKY +# error "16-bit platforms not supported!" +#else + #define NO_64BIT + #define WOLFSSL_GENERAL_ALIGNMENT 4 +#endif + +//#define DEBUG_WOLFSSL +//#define WOLFSSL_LOG_PRINTF + +#define WOLFSSL_CONTIKI +#define WOLFSSL_UIP +#define USER_TICKS +#define WOLFSSL_USER_CURRTIME +#define NO_WOLFSSL_MEMORY +#define RSA_LOW_MEM +#define NO_OLD_RNGNAME +#define SMALL_SESSION_CACHE +#define WOLFSSL_SMALL_STACK +#define WOLFSSL_DTLS + +#define TFM_ARM +#define SINGLE_THREADED +#define NO_SIG_WRAPPER + +#define HAVE_FFDHE_2048 +#define HAVE_CHACHA +#define HAVE_POLY1305 +#define HAVE_ECC +#define HAVE_CURVE25519 +#define CURVED25519_SMALL +#define HAVE_ONE_TIME_AUTH +#define WOLFSSL_DH_CONST +#define WORD64_AVAILABLE + +#define HAVE_ED25519 +#define HAVE_POLY1305 +#define HAVE_SHA512 +#define WOLFSSL_SHA512 + +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +#define NO_WRITEV +#define NO_DEV_RANDOM +#define NO_FILESYSTEM +#define NO_MAIN_DRIVER +#define NO_MD4 +#define NO_RABBIT +#define NO_HC128 + +#include +#include "contiki-net.h" +#include "sys/cc.h" +#include "wolfssl.h" diff --git a/examples/ssl-client/Makefile b/examples/ssl-client/Makefile new file mode 100644 index 00000000000..fc102cf72f4 --- /dev/null +++ b/examples/ssl-client/Makefile @@ -0,0 +1,13 @@ +CONTIKI=../.. +CONTIKI_PROJECT=ssl-client +all: $(CONTIKI_PROJECT) +CONTIKI_WITH_IPV4 = 0 +CONTIKI_WITH_IPV6 = 1 +CONTIKI_WITH_RPL = 0 + +CONTIKI_WITH_WOLFSSL = 1 +CFLAGS+=-DWOLFSSL_USER_SETTINGS + +APPS=wolfssl + +include $(CONTIKI)/Makefile.include diff --git a/examples/ssl-client/ssl-client.c b/examples/ssl-client/ssl-client.c new file mode 100644 index 00000000000..a2dce6952a4 --- /dev/null +++ b/examples/ssl-client/ssl-client.c @@ -0,0 +1,96 @@ +/* + * **** This file incorporates work covered by the following copyright and **** + * **** permission notice: **** + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + */ + +#include "contiki-net.h" +#include "sys/cc.h" +#include "wolfssl.h" + +#include +#include +#include + + +#ifdef NETSTACK_CONF_WITH_IPV4 +#define SET_SERVER_ADDRESS(x) uip_ipaddr((x), 172, 18, 0, 1) +#else +#define SET_SERVER_ADDRESS(x) uip_ip6addr((x), 0xfd00, 0, 0, 0, 0, 0, 0, 1) +#endif + +#define SERVER_PORT 443 +extern const unsigned char server_cert[788]; +extern const unsigned char server_key[121]; +extern unsigned int server_cert_len; +extern unsigned int server_key_len; +static char http_request[200]; + +static struct uip_wolfssl_ctx *sk = NULL; + +struct etimer et; + +static const char Contiki_http_string[] = "GET / HTTP/1.0\r\n"; +static uip_ipaddr_t server_address; +PROCESS(ssl_client_process, "TCP echo process"); +AUTOSTART_PROCESSES(&ssl_client_process); +/*---------------------------------------------------------------------------*/ +PROCESS_THREAD(ssl_client_process, ev, data) +{ + PROCESS_BEGIN(); + + SET_SERVER_ADDRESS(&server_address); + sk = tls_socket_register(wolfSSLv23_client_method()); + if (!sk) { + while(1) + ; + } + + while(1) { + int len; + int ret; + etimer_set(&et, CLOCK_SECOND * 5); + PROCESS_WAIT_EVENT_UNTIL(etimer_expired(&et)); + + printf("Connecting to server:%d\n", SERVER_PORT); + ret = tls_socket_connect(sk, &server_address, SERVER_PORT); + if (ret < 0) { + continue; + } + PROCESS_WAIT_EVENT(); + printf("Connection established\r\n"); + + /* Send request*/ + printf("Sending request...\r\n"); + wolfSSL_write(sk->ssl, Contiki_http_string, sizeof(Contiki_http_string)); + do { + PROCESS_WAIT_EVENT(); + memset(http_request, 0, sizeof(http_request)); + len = wolfSSL_read(sk->ssl, http_request, sizeof(http_request)); + printf("Recv HTTP response (%d bytes)\r\n", len); + } while (len < 4); + printf("Closing connection.\r\n"); + tls_socket_close(sk); + sk->ssl = NULL; + } + PROCESS_END(); +} +/*---------------------------------------------------------------------------*/ diff --git a/examples/ssl-client/user_settings.h b/examples/ssl-client/user_settings.h new file mode 100644 index 00000000000..5ebb94fa75a --- /dev/null +++ b/examples/ssl-client/user_settings.h @@ -0,0 +1,59 @@ +#include + +#if defined CONTIKI_TARGET_NATIVE || defined CONTIKI_TARGET_MINIMAL_NET + #define WOLFSSL_GENERAL_ALIGNMENT 8 + #define TFM_X86_64 +#elif defined CONTIKI_TARGET_SKY +# error "16-bit platforms not supported!" +#else + #define NO_64BIT + #define WOLFSSL_GENERAL_ALIGNMENT 4 + #define TFM_ARM +#endif + +//#define DEBUG_WOLFSSL +//#define WOLFSSL_LOG_PRINTF + +#define WOLFSSL_CONTIKI +#define WOLFSSL_UIP +#define USER_TICKS +#define WOLFSSL_USER_CURRTIME +#define NO_WOLFSSL_MEMORY +#define RSA_LOW_MEM +#define NO_OLD_RNGNAME +#define SMALL_SESSION_CACHE +#define WOLFSSL_SMALL_STACK + +#define SINGLE_THREADED +#define NO_SIG_WRAPPER + +#define HAVE_FFDHE_2048 +#define HAVE_CHACHA +#define HAVE_POLY1305 +#define HAVE_ECC +#define HAVE_CURVE25519 +#define CURVED25519_SMALL +#define HAVE_ONE_TIME_AUTH +#define WOLFSSL_DH_CONST +#define WORD64_AVAILABLE +#define HAVE_ED25519 +#define HAVE_POLY1305 +#define HAVE_SHA512 +#define WOLFSSL_SHA512 + +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +#define NO_WRITEV +#define NO_DEV_RANDOM +#define NO_FILESYSTEM +#define NO_MAIN_DRIVER +#define NO_MD4 +#define NO_RABBIT +#define NO_HC128 + +#include +#include "contiki-net.h" +#include "sys/cc.h" +#include "wolfssl.h" diff --git a/examples/ssl-server/Makefile b/examples/ssl-server/Makefile new file mode 100644 index 00000000000..59f53501f53 --- /dev/null +++ b/examples/ssl-server/Makefile @@ -0,0 +1,15 @@ +CONTIKI=../.. +CONTIKI_PROJECT=ssl-server +all: $(CONTIKI_PROJECT) +CONTIKI_WITH_IPV4 = 0 +CONTIKI_WITH_IPV6 = 1 +CONTIKI_WITH_RPL = 0 +CONTIKI_WITH_WOLFSSL = 1 +CFLAGS+=-DWOLFSSL_USER_SETTINGS + +APPS=wolfssl + +PROJECT_SOURCEFILES += cert.c + + +include $(CONTIKI)/Makefile.include diff --git a/examples/ssl-server/cert.c b/examples/ssl-server/cert.c new file mode 100755 index 00000000000..63941a373ec --- /dev/null +++ b/examples/ssl-server/cert.c @@ -0,0 +1,83 @@ +const unsigned char server_cert[] = { + 0x30, 0x82, 0x03, 0x10, 0x30, 0x82, 0x02, 0xb5, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x09, 0x00, 0xef, 0x46, 0xc7, 0xa4, 0x9b, 0xbb, 0x60, 0xd3, + 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, + 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, + 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, + 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x6c, 0x69, 0x70, 0x74, 0x69, + 0x63, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x03, + 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, + 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, + 0x35, 0x30, 0x38, 0x32, 0x30, 0x30, 0x37, 0x33, 0x38, 0x5a, 0x30, 0x81, + 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, + 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x6c, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, + 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x03, 0x45, 0x43, + 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6, 0x4a, + 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36, 0xdb, 0x72, 0x2d, 0xce, 0x94, + 0xea, 0x2b, 0xfa, 0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61, 0x02, + 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a, 0x31, 0x5b, 0x97, 0x92, 0x21, + 0x7f, 0xf0, 0xcf, 0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8, 0x20, + 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8, 0xa3, 0x81, 0xf7, 0x30, 0x81, + 0xf4, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x5d, 0x5d, 0x26, 0xef, 0xac, 0x7e, 0x36, 0xf9, 0x9b, 0x76, 0x15, 0x2b, + 0x4a, 0x25, 0x02, 0x23, 0xef, 0xb2, 0x89, 0x30, 0x30, 0x81, 0xc4, 0x06, + 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, + 0x5d, 0x5d, 0x26, 0xef, 0xac, 0x7e, 0x36, 0xf9, 0x9b, 0x76, 0x15, 0x2b, + 0x4a, 0x25, 0x02, 0x23, 0xef, 0xb2, 0x89, 0x30, 0xa1, 0x81, 0x95, 0xa4, + 0x81, 0x92, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x6c, 0x69, 0x70, + 0x74, 0x69, 0x63, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, + 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, + 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x09, 0x00, 0xef, 0x46, 0xc7, 0xa4, 0x9b, + 0xbb, 0x60, 0xd3, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, + 0x00, 0xf1, 0xd0, 0xa6, 0x3e, 0x83, 0x33, 0x24, 0xd1, 0x7a, 0x05, 0x5f, + 0x1e, 0x0e, 0xbd, 0x7d, 0x6b, 0x33, 0xe9, 0xf2, 0x86, 0xf3, 0xf3, 0x3d, + 0xa9, 0xef, 0x6a, 0x87, 0x31, 0xb3, 0xb7, 0x7e, 0x50, 0x02, 0x21, 0x00, + 0xf0, 0x60, 0xdd, 0xce, 0xa2, 0xdb, 0x56, 0xec, 0xd9, 0xf4, 0xe4, 0xe3, + 0x25, 0xd4, 0xb0, 0xc9, 0x25, 0x7d, 0xca, 0x7a, 0x5d, 0xba, 0xc4, 0xb2, + 0xf6, 0x7d, 0x04, 0xc7, 0xbd, 0x62, 0xc9, 0x20 +}; +unsigned int server_cert_len = 788; +const unsigned char server_key[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x45, 0xb6, 0x69, 0x02, 0x73, + 0x9c, 0x6c, 0x85, 0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac, 0xc4, + 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c, 0x28, 0xdc, 0x34, 0x8d, 0xe1, + 0xa8, 0x09, 0x8c, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xbb, 0x33, 0xac, + 0x4c, 0x27, 0x50, 0x4a, 0xc6, 0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, + 0x36, 0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa, 0xcb, 0x20, 0x09, + 0x39, 0x2c, 0x16, 0xe8, 0x61, 0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, + 0x9a, 0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf, 0x18, 0xda, 0x91, + 0x11, 0x02, 0x34, 0x86, 0xe8, 0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, + 0xd8 +}; +unsigned int server_key_len = 121; diff --git a/examples/ssl-server/ecc-key.der b/examples/ssl-server/ecc-key.der new file mode 100755 index 00000000000..e69de29bb2d diff --git a/examples/ssl-server/server-ecc.der b/examples/ssl-server/server-ecc.der new file mode 100755 index 00000000000..e69de29bb2d diff --git a/examples/ssl-server/ssl-server.c b/examples/ssl-server/ssl-server.c new file mode 100644 index 00000000000..b180e9d5b67 --- /dev/null +++ b/examples/ssl-server/ssl-server.c @@ -0,0 +1,99 @@ +/* + * **** This file incorporates work covered by the following copyright and **** + * **** permission notice: **** + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + */ + +#include "contiki-net.h" +#include "sys/cc.h" +#include "wolfssl.h" + +#include +#include +#include + +#define SERVER_PORT 443 +extern const unsigned char server_cert[788]; +extern const unsigned char server_key[121]; +extern unsigned int server_cert_len; +extern unsigned int server_key_len; +static char http_request[200]; + +static struct uip_wolfssl_ctx *sk = NULL; + +static const char Contiki_http_string[] = "HTTP/1.0 200 OK\r\n" +"Content-Type: text/html;\r\n\r\n" +"

Server: Contiki ssl-socket example

\r\n\r\n"; +PROCESS(ssl_server_process, "TCP echo process"); +AUTOSTART_PROCESSES(&ssl_server_process); +/*---------------------------------------------------------------------------*/ +PROCESS_THREAD(ssl_server_process, ev, data) +{ + PROCESS_BEGIN(); + printf("\n\nStarting example HTTPS server on port %d\n", SERVER_PORT); + sk = tls_socket_register(wolfSSLv23_server_method()); + if (!sk) { + while(1) + ; + } + /* Load certificate file for the HTTPS server */ + if (wolfSSL_CTX_use_certificate_buffer(sk->ctx, server_cert, + server_cert_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS) + while(1) + ; + + /* Load the private key */ + if (wolfSSL_CTX_use_PrivateKey_buffer(sk->ctx, server_key, + server_key_len, SSL_FILETYPE_ASN1 ) != SSL_SUCCESS) + while(1) {} + /* Create SSL socket */ + tcp_socket_listen(&sk->conn.tcp, SERVER_PORT); + + printf("Listening on %d\n", SERVER_PORT); + while(1) { + int len; + int ret; + + PROCESS_WAIT_EVENT(); + ret = tls_socket_accept(sk); + if (ret < 0) { + printf("Accept returned %d\r\n", ret); + continue; + } + printf("Connection accepted\r\n"); + do { + PROCESS_WAIT_EVENT(); + memset(http_request, 0, sizeof(http_request)); + len = wolfSSL_read(sk->ssl, http_request, sizeof(http_request)); + printf("Recv HTTP request (%d bytes)\r\n", len); + } while (len < 4); + + /* Send header */ + printf("Sending response...\r\n"); + wolfSSL_write(sk->ssl, Contiki_http_string, sizeof(Contiki_http_string)); + printf("Closing connection.\r\n"); + tls_socket_close(sk); + sk->ssl = NULL; + printf("Listening on %d\n", SERVER_PORT); + } + PROCESS_END(); +} +/*---------------------------------------------------------------------------*/ diff --git a/examples/ssl-server/user_settings.h b/examples/ssl-server/user_settings.h new file mode 100644 index 00000000000..300a36eec9b --- /dev/null +++ b/examples/ssl-server/user_settings.h @@ -0,0 +1,59 @@ +#include +#if defined CONTIKI_TARGET_NATIVE || defined CONTIKI_TARGET_MINIMAL_NET + #define WOLFSSL_GENERAL_ALIGNMENT 8 + #define TFM_X86_64 +#elif defined CONTIKI_TARGET_SKY +# error "16-bit platforms not supported!" +#else + #define NO_64BIT + #define WOLFSSL_GENERAL_ALIGNMENT 4 + #define TFM_ARM +#endif + +//#define DEBUG_WOLFSSL +//#define WOLFSSL_LOG_PRINTF + +#define WOLFSSL_CONTIKI +#define WOLFSSL_UIP +#define USER_TICKS +#define WOLFSSL_USER_CURRTIME +#define NO_WOLFSSL_MEMORY +#define RSA_LOW_MEM +#define NO_OLD_RNGNAME +#define SMALL_SESSION_CACHE +#define WOLFSSL_SMALL_STACK + +#define SINGLE_THREADED +#define NO_SIG_WRAPPER + +#define HAVE_FFDHE_2048 +#define HAVE_CHACHA +#define HAVE_POLY1305 +#define HAVE_ECC +#define HAVE_CURVE25519 +#define CURVED25519_SMALL +#define HAVE_ONE_TIME_AUTH +#define WOLFSSL_DH_CONST +#define WORD64_AVAILABLE + +#define HAVE_ED25519 +#define HAVE_POLY1305 +#define HAVE_SHA512 +#define WOLFSSL_SHA512 + +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +#define NO_WRITEV +#define NO_DEV_RANDOM +#define NO_FILESYSTEM +#define NO_MAIN_DRIVER +#define NO_MD4 +#define NO_RABBIT +#define NO_HC128 + +#include +#include "contiki-net.h" +#include "sys/cc.h" +#include "wolfssl.h" diff --git a/platform/nrf52dk/contiki-main.c b/platform/nrf52dk/contiki-main.c index 9181d7faf56..d97e6c6096e 100644 --- a/platform/nrf52dk/contiki-main.c +++ b/platform/nrf52dk/contiki-main.c @@ -133,7 +133,9 @@ main(void) clock_init(); rtimer_init(); +#ifndef USE_WOLFSSL watchdog_init(); +#endif process_init(); // Seed value is ignored since hardware RNG is used. From c51563d1db316bc6c03cc555c3e6895ceb59761b Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 22 Aug 2018 19:12:25 +0200 Subject: [PATCH 2/8] To latest wolfssl tree with contiki support --- apps/wolfssl/wolfssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/wolfssl/wolfssl b/apps/wolfssl/wolfssl index 5c225138615..d7d2fb34af5 160000 --- a/apps/wolfssl/wolfssl +++ b/apps/wolfssl/wolfssl @@ -1 +1 @@ -Subproject commit 5c22513861571eb24aed9348d4491c30a2f6d1c0 +Subproject commit d7d2fb34af51f12f87276927cdcf43b36f70664a From f40069b0f71199ab661e6633963deac14a7440d7 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 24 Aug 2018 14:00:54 +0200 Subject: [PATCH 3/8] Using upstream wolfSSL - contiki/uIP support merged in. --- apps/wolfssl/wolfssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/wolfssl/wolfssl b/apps/wolfssl/wolfssl index d7d2fb34af5..c7dde6c6824 160000 --- a/apps/wolfssl/wolfssl +++ b/apps/wolfssl/wolfssl @@ -1 +1 @@ -Subproject commit d7d2fb34af51f12f87276927cdcf43b36f70664a +Subproject commit c7dde6c6824ea279bc7b716a62ea6dda0dcd3937 From 3e2db204e221d3c00c1056265750da84ec2ba087 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 16 Oct 2018 10:54:41 +0200 Subject: [PATCH 4/8] to latest wolfssl --- apps/wolfssl/wolfssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/wolfssl/wolfssl b/apps/wolfssl/wolfssl index c7dde6c6824..f7eb8bf0801 160000 --- a/apps/wolfssl/wolfssl +++ b/apps/wolfssl/wolfssl @@ -1 +1 @@ -Subproject commit c7dde6c6824ea279bc7b716a62ea6dda0dcd3937 +Subproject commit f7eb8bf08017bb19f8f248284fe9aef048587b7a From a1c42fb0f4260e979da8bde4c9b1e16e1589fdbb Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 16 Oct 2018 11:01:41 +0200 Subject: [PATCH 5/8] Fixed wolfssl remote --- .gitmodules | 4 ++-- examples/dtls/dtls-server.c | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitmodules b/.gitmodules index ab526f7ad82..b3980746266 100644 --- a/.gitmodules +++ b/.gitmodules @@ -17,6 +17,6 @@ [submodule "tools/sensniff"] path = tools/sensniff url = https://github.com/g-oikonomou/sensniff.git -[submodule "apps/ssl/wolfssl"] +[submodule "apps/wolfssl/wolfssl"] path = apps/wolfssl/wolfssl - url = https://github.com/danielinux/wolfssl + url = https://github.com/wolfssl/wolfssl diff --git a/examples/dtls/dtls-server.c b/examples/dtls/dtls-server.c index 30c5e1055f2..baa30b03276 100644 --- a/examples/dtls/dtls-server.c +++ b/examples/dtls/dtls-server.c @@ -94,6 +94,7 @@ PROCESS_THREAD(dtls_server_process, ev, data) while(1) {} sk->ssl = wolfSSL_new(sk->ctx); + wolfSSL_CTX_set_verify(sk->ctx, SSL_VERIFY_NONE, 0); wolfSSL_SetIOReadCtx(sk->ssl, sk); wolfSSL_SetIOWriteCtx(sk->ssl, sk); if (sk->ssl == NULL) { From c5b0f0a1070ce09faf13f450310b4ec6f8c521f7 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Mon, 20 May 2019 11:36:03 +0200 Subject: [PATCH 6/8] Wolfssl support updated --- apps/wolfssl/Makefile.wolfssl | 1 - apps/wolfssl/wolfssl | 2 +- apps/wolfssl/wolfssl.c | 3 +++ apps/wolfssl/wolfssl.h | 10 +++++++--- examples/dtls/user_settings.h | 1 + examples/ssl-client/user_settings.h | 1 + examples/ssl-server/ssl-server.c | 1 - examples/ssl-server/user_settings.h | 1 + 8 files changed, 14 insertions(+), 6 deletions(-) diff --git a/apps/wolfssl/Makefile.wolfssl b/apps/wolfssl/Makefile.wolfssl index 2e59486a6e0..3201c2bd132 100644 --- a/apps/wolfssl/Makefile.wolfssl +++ b/apps/wolfssl/Makefile.wolfssl @@ -20,7 +20,6 @@ wolfssl_src += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/coding.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/compress.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.c \ - $(WOLFSSL_ROOT)/wolfcrypt/src/cryptodev.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/des3.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/dh.c \ diff --git a/apps/wolfssl/wolfssl b/apps/wolfssl/wolfssl index f7eb8bf0801..651087ab5a1 160000 --- a/apps/wolfssl/wolfssl +++ b/apps/wolfssl/wolfssl @@ -1 +1 @@ -Subproject commit f7eb8bf08017bb19f8f248284fe9aef048587b7a +Subproject commit 651087ab5a1b3ae935d1a717011dbc1d153f92d0 diff --git a/apps/wolfssl/wolfssl.c b/apps/wolfssl/wolfssl.c index 91f2f9b56f1..1f5f2d9a090 100644 --- a/apps/wolfssl/wolfssl.c +++ b/apps/wolfssl/wolfssl.c @@ -25,9 +25,12 @@ #include #include #include +#include +#include #include "wolfssl.h" #include #include "uip.h" + static int wolfssl_is_initialized = 0; //#define SSL_DATABUF_LEN (UIP_CONF_BUFFER_SIZE) diff --git a/apps/wolfssl/wolfssl.h b/apps/wolfssl/wolfssl.h index d16a583c282..3365a7cc311 100644 --- a/apps/wolfssl/wolfssl.h +++ b/apps/wolfssl/wolfssl.h @@ -23,13 +23,17 @@ */ #ifndef WOLFSSL_SK_H #define WOLFSSL_SK_H -#include "wolfssl/ssl.h" +#include +#include +#include +#include "wolfssl.h" +#include +#include "uip.h" #include "wolfssl/wolfio.h" -#include "user_settings.h" #include "contiki-net.h" #include "lib/random.h" #include "sys/cc.h" -#include +#include struct uip_wolfssl_ctx *tls_socket_register(WOLFSSL_METHOD* method); int tls_socket_accept(uip_wolfssl_ctx *sk); diff --git a/examples/dtls/user_settings.h b/examples/dtls/user_settings.h index b4d52e40fce..80d8c2898b2 100644 --- a/examples/dtls/user_settings.h +++ b/examples/dtls/user_settings.h @@ -59,3 +59,4 @@ #include "contiki-net.h" #include "sys/cc.h" #include "wolfssl.h" +#include diff --git a/examples/ssl-client/user_settings.h b/examples/ssl-client/user_settings.h index 5ebb94fa75a..9053ccc2457 100644 --- a/examples/ssl-client/user_settings.h +++ b/examples/ssl-client/user_settings.h @@ -57,3 +57,4 @@ #include "contiki-net.h" #include "sys/cc.h" #include "wolfssl.h" +#include diff --git a/examples/ssl-server/ssl-server.c b/examples/ssl-server/ssl-server.c index b180e9d5b67..a326420e836 100644 --- a/examples/ssl-server/ssl-server.c +++ b/examples/ssl-server/ssl-server.c @@ -25,7 +25,6 @@ #include "contiki-net.h" #include "sys/cc.h" #include "wolfssl.h" - #include #include #include diff --git a/examples/ssl-server/user_settings.h b/examples/ssl-server/user_settings.h index 300a36eec9b..52da4972eae 100644 --- a/examples/ssl-server/user_settings.h +++ b/examples/ssl-server/user_settings.h @@ -57,3 +57,4 @@ #include "contiki-net.h" #include "sys/cc.h" #include "wolfssl.h" +#include From f9eed8cad5c4f621dfa69e0e947420a6f54e848f Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Mon, 20 May 2019 11:56:26 +0200 Subject: [PATCH 7/8] wolfSSL: Reduced number of modules compiled-in --- apps/wolfssl/Makefile.wolfssl | 6 ------ examples/dtls/user_settings.h | 2 ++ examples/ssl-client/user_settings.h | 2 ++ examples/ssl-server/user_settings.h | 3 +++ 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/apps/wolfssl/Makefile.wolfssl b/apps/wolfssl/Makefile.wolfssl index 3201c2bd132..07da719de10 100644 --- a/apps/wolfssl/Makefile.wolfssl +++ b/apps/wolfssl/Makefile.wolfssl @@ -9,11 +9,8 @@ $(info CFLAGS: $(CFLAGS)) #source common to all targets wolfssl_src += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.c \ - $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/asm.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/asn.c \ - $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.c \ - $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.c \ @@ -38,15 +35,12 @@ wolfssl_src += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/idea.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/integer.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/logging.c \ - $(WOLFSSL_ROOT)/wolfcrypt/src/md2.c \ - $(WOLFSSL_ROOT)/wolfcrypt/src/md4.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/md5.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/memory.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.c \ - $(WOLFSSL_ROOT)/wolfcrypt/src/rabbit.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/random.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.c \ $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.c \ diff --git a/examples/dtls/user_settings.h b/examples/dtls/user_settings.h index 80d8c2898b2..b6023fcc0ab 100644 --- a/examples/dtls/user_settings.h +++ b/examples/dtls/user_settings.h @@ -54,6 +54,8 @@ #define NO_MD4 #define NO_RABBIT #define NO_HC128 +#define NO_RC4 +#define NO_DES3 #include #include "contiki-net.h" diff --git a/examples/ssl-client/user_settings.h b/examples/ssl-client/user_settings.h index 9053ccc2457..dcd6502addd 100644 --- a/examples/ssl-client/user_settings.h +++ b/examples/ssl-client/user_settings.h @@ -52,6 +52,8 @@ #define NO_MD4 #define NO_RABBIT #define NO_HC128 +#define NO_RC4 +#define NO_DES3 #include #include "contiki-net.h" diff --git a/examples/ssl-server/user_settings.h b/examples/ssl-server/user_settings.h index 52da4972eae..314a33187ab 100644 --- a/examples/ssl-server/user_settings.h +++ b/examples/ssl-server/user_settings.h @@ -52,6 +52,9 @@ #define NO_MD4 #define NO_RABBIT #define NO_HC128 +#define NO_RC4 +#define NO_DES3 + #include #include "contiki-net.h" From 047bd48299ff9fb815005623da4cddd33ae451ca Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Sat, 25 May 2019 09:13:43 +0200 Subject: [PATCH 8/8] To latest wolfSSL --- apps/wolfssl/wolfssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/wolfssl/wolfssl b/apps/wolfssl/wolfssl index 651087ab5a1..263769765c5 160000 --- a/apps/wolfssl/wolfssl +++ b/apps/wolfssl/wolfssl @@ -1 +1 @@ -Subproject commit 651087ab5a1b3ae935d1a717011dbc1d153f92d0 +Subproject commit 263769765c51e920812521f72cb4c6fd26539d7c