diff --git a/.gitignore b/.gitignore index 2119a329d..0acb0eea3 100644 --- a/.gitignore +++ b/.gitignore @@ -101,22 +101,85 @@ ecc-key.pem certreq.der certreq.pem pkcs7cert.der -pkcs7signedData_RSA_SHA.der -pkcs7signedData_RSA_SHA_noattr.der -pkcs7signedData_RSA_SHA224.der -pkcs7signedData_RSA_SHA256.der -pkcs7signedData_RSA_SHA384.der -pkcs7signedData_RSA_SHA512.der -pkcs7signedData_ECDSA_SHA.der -pkcs7signedData_ECDSA_SHA_noattr.der -pkcs7signedData_ECDSA_SHA224.der -pkcs7signedData_ECDSA_SHA256.der -pkcs7signedData_ECDSA_SHA384.der -pkcs7signedData_ECDSA_SHA512.der -pkcs7envelopedDataDES3.der +pkcs7authEnvelopedDataAES128GCM.der +pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der +pkcs7authEnvelopedDataAES128GCM_KEKRI.der +pkcs7authEnvelopedDataAES128GCM_ORI.der +pkcs7authEnvelopedDataAES128GCM_PWRI.der +pkcs7authEnvelopedDataAES192GCM.der +pkcs7authEnvelopedDataAES256GCM.der +pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der +pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der +pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der +pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der +pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der +pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der +pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der +pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der +pkcs7authEnvelopedDataAES256GCM_IANDS.der +pkcs7authEnvelopedDataAES256GCM_SKID.der +pkcs7compressedData_data_zlib.der +pkcs7compressedData_firmwarePkgData_zlib.der +pkcs7encryptedDataAES128CBC.der +pkcs7encryptedDataAES192CBC.der +pkcs7encryptedDataAES256CBC.der +pkcs7encryptedDataAES256CBC_attribs.der +pkcs7encryptedDataAES256CBC_firmwarePkgData.der +pkcs7encryptedDataAES256CBC_multi_attribs.der +pkcs7encryptedDataDES.der +pkcs7encryptedDataDES3.der pkcs7envelopedDataAES128CBC.der +pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der +pkcs7envelopedDataAES128CBC_KEKRI.der +pkcs7envelopedDataAES128CBC_PWRI.der +pkcs7envelopedDataAES128CBC_ORI.der pkcs7envelopedDataAES192CBC.der pkcs7envelopedDataAES256CBC.der +pkcs7envelopedDataAES256CBC_IANDS.der +pkcs7envelopedDataAES256CBC_SKID.der +pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der +pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der +pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der +pkcs7envelopedDataDES3.der +pkcs7signedData_ECDSA_SHA224.der +pkcs7signedData_ECDSA_SHA256_custom_contentType.der +pkcs7signedData_ECDSA_SHA256.der +pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der +pkcs7signedData_ECDSA_SHA256_SKID.der +pkcs7signedData_ECDSA_SHA384.der +pkcs7signedData_ECDSA_SHA512.der +pkcs7signedData_ECDSA_SHA.der +pkcs7signedData_ECDSA_SHA_noattr.der +pkcs7signedData_RSA_SHA224.der +pkcs7signedData_RSA_SHA256_custom_contentType.der +pkcs7signedData_RSA_SHA256.der +pkcs7signedData_RSA_SHA256_firmwarePkgData.der +pkcs7signedData_RSA_SHA256_SKID.der +pkcs7signedData_RSA_SHA256_with_ca_cert.der +pkcs7signedData_RSA_SHA256_detachedSig.der +pkcs7signedData_RSA_SHA384.der +pkcs7signedData_RSA_SHA512.der +pkcs7signedData_RSA_SHA.der +pkcs7signedData_RSA_SHA_noattr.der +pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der +pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der +pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der +pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der +pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der +pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der +pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der +pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der +pkcs7signedFirmwarePkgData_ECDSA_SHA256.der +pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der +pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der +pkcs7signedFirmwarePkgData_RSA_SHA256.der +pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der +pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der +pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der +pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der +pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der +pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der +pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der diff sslSniffer/sslSnifferTest/tracefile.txt tracefile.txt @@ -230,6 +293,8 @@ wrapper/CSharp/x64/ .vs Backup UpgradeLog.htm +*.aps +*.VC.db IDE/INTIME-RTOS/Debug_* IDE/VS-ARM/.vs diff --git a/ChangeLog.md b/ChangeLog.md index e413dde92..6a95f32ab 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,78 @@ +# wolfSSL Release 3.15.5 (11/07/2018) + +Release 3.15.5 of wolfSSL embedded TLS has bug fixes and new features including: + +* Fixes for GCC-8 warnings with strings +* Additional compatibility API’s added, including functions like wolfSSL_X509_CA_num and wolfSSL_PEM_read_X509_CRL +* Fixes for OCSP use with NGINX port +* Renamed the macro INLINE to WC_INLINE for inline functions +* Doxygen updates and formatting for documentation generation +* Added support for the STM32L4 with AES/SHA hardware acceleration +* Adds checking for critical extension with certificate Auth ID and the macro WOLFSSL_ALLOW_CRIT_SKID to override the check +* Added public key callbacks to ConfirmSignature function to expand public key callback support +* Added ECC and Curve25519 key generation callback support +* Fix for memory management with wolfSSL_BN_hex2bn function +* Added support for dynamic allocation of PKCS7 structure using wc_PKCS7_New and wc_PKCS7_Free +* Port to apache mynewt added in the directory wolfssl-3.15.5/IDE/mynewt/* +* OCSP stapling in TLS 1.3 additions +* Port for ASIO added with --enable-asio configure flag +* Contiki port added with macro WOLFSSL_CONTIKI +* Memory free optimizations with adding in earlier free’s where possible +* Made modifications to the primality testing so that the Miller-Rabin tests check against up to 40 random numbers rather than a fixed list of small primes +* Certificate validation time generation updated +* Fixes for MQX classic 4.0 with IAR-EWARM +* Fix for assembly optimized version of Curve25519 +* Make SOCKET_PEER_CLOSED_E consistent between read and write cases +* Relocate compatibility layer functions for OpenSSH port update +* Update to Intel® SGX port, files included by Windows version and macros defined when using WOLFSSL_SGX +* Updates to Nucleus version supported +* Stack size reduction with smallstack build +* Updates to Rowley-Crossworks settings for CMSIS 4 +* Added reference STSAFE-A100 public key callbacks for TLS support +* Added reference ATECC508A/ATECC608A public key callbacks for TLS support +* Updated support for latest CryptoAuthLib (10/25/2018) +* Added a wolfSSL static library project for Atollic TrueSTUDIO +* Flag to disable AES-CBC and have only AEAD cipher suites with TLS +* AF_ALG and cryptodev-linux crypto support added +* Update to IO callbacks with use of WOLFSSL_BIO +* Additional support for parsing certificate subject OIDs (businessCategory, jurisdiction of incorporation country, and jurisdiction of incorporation state) +* Added wc_ecc_ecport_ex and wc_export_inti API's for ECC hex string exporting +* Updates to XCODE build with wolfSSL +* Fix for guard on when to include sys/time.h header +* Updates and enhancements to the GCC-ARM example +* Fix for PKCS8 padding with encryption +* Updates for wolfcrypt JNI wrapper +* ALT_ECC_SIZE use with SP math +* PIC32MZ hardware acceleration buffer alignment fixes +* Renesas e2studio project files added +* Renesas RX example project added +* Fix for DH algorithm when using SP math with ARM assembly +* Fixes and enhancements for NXP K82 support +* Benchmark enhancements to print in CSV format and in Japanese +* Support for PKCS#11 added with --enable-pkcs11 +* Fixes for asynchronous crypto use with TLS 1.3 +* TLS 1.3 only build, allows for disabling TLS 1.2 and earlier protocols +* Fix for GCC warnings in function wolfSSL_ASN1_TIME_adj +* Added --enable-asn=nocrypt for certificate only parsing support +* Added support for parsing PIV format certificates with the function wc_ParseCertPIV and macro WOLFSSL_CERT_PIV +* Added APIs to support GZIP +* Updates to support Lighttpd +* Version resource added for Windows DLL builds +* Increased code coverage with additional testing +* Added support for constructed OCTET_STRING with PKCS#7 signed data +* Added DTLS either (server/client) side initialization setting +* Minor fixes for building with MINGW32 compiler +* Added support for generic ECC PEM header/footer with PKCS8 parsing +* Added Japanese output to example server and client with “-1 1” flag +* Added USE_ECDSA_KEYSZ_HASH_ALGO macro for building to use digest sizes that match ephemeral key size +* Expand PKCS#7 CMS support with KEKRI, PWRI and ORI +* Streaming capability for PKCS#7 decoding and sign verify added + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + # wolfSSL Release 3.15.3 (6/20/2018) Release 3.15.3 of wolfSSL embedded TLS has bug fixes and new features including: diff --git a/IDE/ECLIPSE/MICRIUM/README.md b/IDE/ECLIPSE/MICRIUM/README.md new file mode 100644 index 000000000..73747edcb --- /dev/null +++ b/IDE/ECLIPSE/MICRIUM/README.md @@ -0,0 +1,180 @@ + +# Micrium μC/OS-III Port +## Overview +You can enable the wolfSSL support for Micrium μC/OS-III RTOS available [here](http://www.micriums.com/) using the define `MICRIUM`. + +## Usage + +You can start with your IDE-based example project for Micrium uC/OS-III and uC/TCPIP stack. You must include the uC-Clk module into your project because wolfSSL uses Micrium’s Clk_GetTS_Unix () function from in order to authenticate the start and end dates of certificates. + +wolfSSL supports a compile-time user configurable options in the `IDE/ECLIPSE/MICRIUM/user_settings.h` file. + +The `wolfsslRunTests.c` example application provides a simple function to run the selected examples at compile time through the following four #defines in user_settings.h. + +``` + 1. #define WOLFSSL_WOLFCRYPT_TEST + 2. #define WOLFSSL_BENCHMARK_TEST + 3. #define WOLFSSL_CLIENT_TEST + 4. #define WOLFSSL_SERVER_TEST + +You can define one or all of the above options. +``` +1. Open your IDE-based example project for Micrium uC/OS-III (with the uC-Clk module) and uC/TCPIP stack. + +2. Create the following folder and sub-folders structures in your project. +``` +wolfssl + |src + |wolfcrypt + |benchmark + |src + |test + |wolfssl + |openssl + |wolfcrypt + |exampleTLS +``` +The folder hierarchy is the same as the wolfSSL folders with an exception of the exampleTLS folder. + +3. Right click on the exampleTLS folder, add or link all of the header and source files in `IDE/ECLIPSE/MICRIUM/` folder into the exampleTLS folder. + +4. Right click on each folders, add or link all the source code in the corresponding folder in wolfSSL. + +5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder. + +6. In your C/C++ compiler preprocessor settings, add the wolfSSL directories to your include paths. +Here's an example of the paths that must be added. +``` +$PROJ_DIR$\... +$PROJ_DIR$\...\wolfcrypt +$PROJ_DIR$\...\wolfssl +$PROJ_DIR$\...\IDE\ECLIPSE\MICRIUM +``` +7. In your C/C++ compiler preprocessor settings, define the WOLFSSL_USER_SETTINGS symbol to add user_settings.h file in your project. + +8. Add a call to `wolfsslRunTests()` from your startup task. Here's an example: +``` +static void App_TaskStart (void *p_arg) +{ + OS_ERR os_err; + ... + while (DEF_TRUE) { + wolfsslRunTests(); + OSTimeDlyHMSM(0u, 5u, 0u, 0u,OS_OPT_TIME_HMSM_STRICT, &os_err); + } +} +``` +9. Rebuild all your project. + +10. Now you are ready to download and debug your image on the board. + +The test results below were collected from the NXP Kinetis K70 (Freescale TWR-K70F120M MCU) tower system board with the following software and tool chains: + +- IAR Embedded Workbench IDE - ARM 8.32.1 (IAR ELF Linker V8.32.1.169/W32 for ARM) + +- The starting project is based on an IAR EWARM project from Micrium download center at [micrium_twr-k70f120m-os3/](https://www.micrium.com/download/micrium_twr-k70f120m-os3/) but the K70X_FLASH.icf linker script file was slightly modified to configure the stack and heap sizes to 16KB and 20KB. The test was run on a 1 MBytes of program flash and 128 KBytes of static RAM. + +- wolfssl [latest version](https://github.com/wolfSSL/wolfssl) + + +### `WOLFSSL_WOLFCRYPT_TEST` output of wolfcrypt_test() +``` +error test passed! +base64 test passed! +asn test passed! +MD5 test passed! +MD4 test passed! +SHA test passed! +SHA-256 test passed! +SHA-512 test passed! +Hash test passed! +HMAC-MD5 test passed! +HMAC-SHA test passed! +HAC-SHA256 test passed! +HMAC-SHA512 test passed! +GMC test passed! +HC-128 test passed! +Rabbit test passed! +DS test passed! +DS3 test passed! +AES test passed! +AES192 test passed! +AES256 test passed! +AES-GM test passed! +RANDOM test passed! +RSA test passed! +DH test passed! +DSA test passed! +PWDBASED test passed! +ECC test passed! +ECC buffer test passed! +CURVE25519 test passed! +ED25519 test passed! +logging test passed! +mutex test passed! +memcb test passed! +``` +### `WOLFSSL_BENCHMARK_TEST` output of benchmark_test() +``` +------------------------------------------------------------------------------ + wolfSSL version 3.15.5 +------------------------------------------------------------------------------ +wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each) +RNG 225 KB tooks 1.026 seconds, 219.313 KB/s +AES-128-CBC-enc 250 KB toks 1.105 seconds 226.210 KB/s +AES-128-CBC-dec 225 KB tooks 1.005 seconds, 223.922 KB/s +AES-192-CBC-enc 225 KB tooks 1.076 seconds, 209.104 KB/s +AES-192-CBC-dec 225 KB tooks 1.077 seconds, 208.981 K/s +AES-56-CBC-enc 200 KB tooks 1.029 seconds, 19.396 KB/s +AES-256-CBC-dec 200 KB toks 1.022 seconds, 195.785 KB/s +AES-128-GCM-enc 125 KB tooks 1.28 secnds, 101.70 KB/s +AES-128-GC-dec 125 KB tooks 1.228 seconds 101.756 KB/s +AES-192-GCM-enc 100 KB tooks 1.026 seconds, 97.493 KB/s +AES-192-GCM-dec 100 KB tooks 1.026 seconds, 97.480 KB/s +AES-256-GCM-enc 100 KB tooks 1.065 seconds, 93.909 KB/s +AES-256-GC-dec 100 KB tooks 1.065 seconds, 93.897 KB/s +RABBIT 2 MB tooks 1.011 seconds, 2.19 MB/s +3DES 100 KB tooks 1.007 sconds, 99.312 KB/s +MD5 3MB tooks 1.008 seonds, 2.907 MBs +SHA 1 MB tooks 1.09 secnds, 1.283 MB/s +SHA-256 575 KB tooks 1.037 seconds, 554.501 KB/s +SHA-512 200 KB tooks 1.003 seconds, 199.444 KB/s +HMAC-MD5 3 B tooks 1.002 seconds, 2.876 MB/s +HMAC-SHA26 550 KB tooks 1.000 seconds, 549.95 KB//s +HMAC-SHA512 200 KB toks 1.018 seconds, 196.452 KB/s +RSA 2048 public 8 ops took 1.025 sec, avg 128.135 ms, 7.804 op/sec +RSA 2048 private 2 ops took 4.972 ec, avg 2485.951 s, 0.402 ops/sec +DH 2048 key en 2 ops took 1.927 sec, avg 96.303 ms, 1.038 op/sec +DH 2048 agree 2ops took 1.937 sc, avg 968.578 ms, 1.032 ops/sec +ECC 256 key gen 3 ops took 1.185 sec, avg 394.944 ms, 2.53 ops/sec +ECDHE 256 agree 4 ops took 1.585 sec, avg 396.168 ms, 2.524 ops/sec +ECSA 256 sign 4 ops took 1.611 sec, avg 402.865 ms, 2.482 ops/sec +ECDSA 256verif 2 ops tok 1.586 sec, avg 793.153 ms, 1.261 opssec +CURVE 25519 key gen 2 ops took 1.262 sec, avg 630.907 ms, 1.585 ops/sec +CURE 25519 agree 2 ops took 1.261 sec, avg630.469 ms, 1.586 ops/sec +ED 2519 key gen 2 ops took 1.27 sec, avg 66.099ms, 1.572 ops/sec +ED 25519 sign 2 ops took 1.303 sec, ag 65.633 ms, 1.35 op/sec +ED 25519 verify 2 ops took 2.674 sec, avg1337.68 ms 0.748 ops/ec +``` +### `WOLFSSL_CLIENT_TEST` wolfssl_client_test() + +You can modify the `TCP_SERVER_IP_ADDR` and `TCP_SERVER_PORT` macros at top of the `client_wolfssl.c` file to configure the host address and port. You will also need the server certificate. This example uses TLS 1.2 to connect to a remote host. + +### `WOLFSSL_SERVER_TEST` wolfssl_server_test() + +You can modify the `TLS_SERVER_PORT` at top of `server_wolfssl.c` to configure the port number to listen on local-host. + +Once you start the TLS server and `Listening for client connection` displays on the serial console, the server is ready to accept client connections. + +You can connect to the server using the wolfssl TLS client example from your Linux or Windows host as follows: + +$ ./examples/client/client.exe -h TLS_SERVER_IP_ADDRES +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +SSL curve name is SECP256R1 +I hear ya fa shizzle! + + +## References + +For more information please contact info@wolfssl.com. diff --git a/IDE/ECLIPSE/MICRIUM/client_wolfssl.c b/IDE/ECLIPSE/MICRIUM/client_wolfssl.c new file mode 100644 index 000000000..2f565a360 --- /dev/null +++ b/IDE/ECLIPSE/MICRIUM/client_wolfssl.c @@ -0,0 +1,277 @@ +/* client_wolfssl.c + * + * Copyright (C) 2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include +#include +#include +#include +#include + +#include +#include "client_wolfssl.h" + +/* 172.217.3.174 is the IP address of https://www.google.com */ +#define TCP_SERVER_IP_ADDR "172.217.3.174" +#define TCP_SERVER_DOMAIN_NAME "www.google.com" +#define TCP_SERVER_PORT 443 + +#define TX_BUF_SIZE 64 +#define RX_BUF_SIZE 1024 + +#define TX_MSG "GET /index.html HTTP/1.0\r\n\r\n" +#define TX_MSG_SIZE sizeof(TX_MSG) + +static const CPU_INT08U google_certs_ca[]="\n\ +## Google Internet Authority G3 \n\ +-----BEGIN CERTIFICATE-----\n\ +MIIEXDCCA0SgAwIBAgINAeOpMBz8cgY4P5pTHTANBgkqhkiG9w0BAQsFADBMMSAw\n\ +HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\n\ +U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\n\ +MTUwMDAwNDJaMFQxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\n\ +U2VydmljZXMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzMw\n\ +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKUkvqHv/OJGuo2nIYaNVW\n\ +XQ5IWi01CXZaz6TIHLGp/lOJ+600/4hbn7vn6AAB3DVzdQOts7G5pH0rJnnOFUAK\n\ +71G4nzKMfHCGUksW/mona+Y2emJQ2N+aicwJKetPKRSIgAuPOB6Aahh8Hb2XO3h9\n\ +RUk2T0HNouB2VzxoMXlkyW7XUR5mw6JkLHnA52XDVoRTWkNty5oCINLvGmnRsJ1z\n\ +ouAqYGVQMc/7sy+/EYhALrVJEA8KbtyX+r8snwU5C1hUrwaW6MWOARa8qBpNQcWT\n\ +kaIeoYvy/sGIJEmjR0vFEwHdp1cSaWIr6/4g72n7OqXwfinu7ZYW97EfoOSQJeAz\n\ +AgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUH\n\ +AwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFHfCuFCa\n\ +Z3Z2sS3ChtCDoH6mfrpLMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYu\n\ +MDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdv\n\ +b2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dz\n\ +cjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYc\n\ +aHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEA\n\ +HLeJluRT7bvs26gyAZ8so81trUISd7O45skDUmAge1cnxhG1P2cNmSxbWsoiCt2e\n\ +ux9LSD+PAj2LIYRFHW31/6xoic1k4tbWXkDCjir37xTTNqRAMPUyFRWSdvt+nlPq\n\ +wnb8Oa2I/maSJukcxDjNSfpDh/Bd1lZNgdd/8cLdsE3+wypufJ9uXO1iQpnh9zbu\n\ +FIwsIONGl1p3A8CgxkqI/UAih3JaGOqcpcdaCIzkBaR9uYQ1X4k2Vg5APRLouzVy\n\ +7a8IVk6wuy6pm+T7HT4LY8ibS5FEZlfAFLSW8NwsVz9SBK2Vqn1N0PIMn5xA6NZV\n\ +c7o835DLAFshEWfC7TIe3g==\n\ +-----END CERTIFICATE-----\n\ +## Google Trust Services- GlobalSign Root CA-R2\n\ +-----BEGIN CERTIFICATE-----\n\ +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\n\ +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\n\ +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\n\ +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\n\ +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\n\ +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\n\ +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\n\ +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\n\ +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\n\ +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\n\ +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\n\ +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\n\ +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\n\ +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n\ +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\n\ +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n\ +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\n\ +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n\ +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\n\ +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n\ +-----END CERTIFICATE-----\n\ +"; + +int wolfssl_client_test(void) { + NET_ERR err; + NET_SOCK_ID sock; + NET_IPv4_ADDR server_ip_addr; + NET_SOCK_ADDR_IPv4 server_addr; + CPU_CHAR rx_buf[RX_BUF_SIZE]; + CPU_CHAR tx_buf[TX_BUF_SIZE]; + OS_ERR os_err; + int ret = 0, error = 0; + + WOLFSSL* ssl; + WOLFSSL_CTX* ctx; + + #ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); + #endif + + /* wolfSSL INIT and CTX SETUP */ + + wolfSSL_Init(); + + /* SET UP NETWORK SOCKET */ + + APP_TRACE_INFO(("Opening a network socket...\r\n")); + + sock = NetSock_Open(NET_SOCK_ADDR_FAMILY_IP_V4, + NET_SOCK_TYPE_STREAM, + NET_SOCK_PROTOCOL_TCP, + &err); + if (err != NET_SOCK_ERR_NONE) { + APP_TRACE_INFO(("ERROR: NetSock_Open, err = %d\r\n", (int) err)); + return -1; + } + +#ifdef NET_SECURE_MODULE_EN + APP_TRACE_INFO(("Setting the socket as secure...\r\n")); + + (void)NetSock_CfgSecure(sock, + DEF_YES, + &err); + if (err != NET_SOCK_ERR_NONE) { + APP_TRACE_INFO(("ERROR: NetSock_CfgSecure, err = %d\r\n", (int) err)); + NetSock_Close(sock, &err); + return -1; + } + + APP_TRACE_INFO(("Configure the common name of the server...\r\n")); + (void)NetSock_CfgSecureClientCommonName(sock, + TCP_SERVER_DOMAIN_NAME, + &err); + if (err != NET_SOCK_ERR_NONE) { + APP_TRACE_INFO(("ERROR: NetSock_CfgSecureClientCommonName, \ + err = %d\r\n", (int) err)); + NetSock_Close(sock, &err); + return -1; + } +#endif /* NET_SECURE_MODULE_EN */ + + APP_TRACE_INFO(("Calling NetASCII_Str_to_IPv4...\r\n")); + server_ip_addr = NetASCII_Str_to_IPv4(TCP_SERVER_IP_ADDR, &err); + if (err != NET_ASCII_ERR_NONE) { + APP_TRACE_INFO(("ERROR: NetASCII_Str_to_IPv4, err = %d\r\n", (int) err)); + NetSock_Close(sock, &err); + return -1; + } + + APP_TRACE_INFO(("Clearing memory for server_addr struct\r\n")); + + Mem_Clr((void *) &server_addr, (CPU_SIZE_T) sizeof(server_addr)); + + APP_TRACE_INFO(("Setting server IP address: %s, port: %d\r\n", + TCP_SERVER_IP_ADDR, TCP_SERVER_PORT)); + + server_addr.AddrFamily = NET_SOCK_ADDR_FAMILY_IP_V4; + server_addr.Addr = NET_UTIL_HOST_TO_NET_32(server_ip_addr); + server_addr.Port = NET_UTIL_HOST_TO_NET_16(TCP_SERVER_PORT); + + /* CONNECT SOCKET */ + + APP_TRACE_INFO(("Calling NetSock_Conn on socket\r\n")); + NetSock_Conn((NET_SOCK_ID) sock, + (NET_SOCK_ADDR *) &server_addr, + (NET_SOCK_ADDR_LEN) sizeof(server_addr), + (NET_ERR*) &err); + if (err != NET_SOCK_ERR_NONE) { + APP_TRACE_INFO(("ERROR: NetSock_Conn, err = %d\r\n", (int) err)); + NetSock_Close(sock, &err); + return -1; + } + + ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + if (ctx == 0) { + APP_TRACE_INFO(("ERROR: wolfSSL_CTX_new failed\r\n")); + NetSock_Close(sock, &err); + return -1; + } + + APP_TRACE_INFO(("wolfSSL_CTX_new done\r\n")); + + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + + ret = wolfSSL_CTX_load_verify_buffer(ctx, + google_certs_ca, + sizeof(google_certs_ca), + SSL_FILETYPE_PEM); + + if (ret != SSL_SUCCESS) { + APP_TRACE_INFO(("ERROR: wolfSSL_CTX_load_verify_buffer() failed\r\n")); + NetSock_Close(sock, &err); + wolfSSL_CTX_free(ctx); + return -1; + } + + if ((ssl = wolfSSL_new(ctx)) == NULL) { + APP_TRACE_INFO(("ERROR: wolfSSL_new() failed\r\n")); + NetSock_Close(sock, &err); + wolfSSL_CTX_free(ctx); + return -1; + } + + APP_TRACE_INFO(("wolfSSL_new done\r\n")); + ret = wolfSSL_set_fd(ssl, sock); + if (ret != SSL_SUCCESS) { + APP_TRACE_INFO(("ERROR: wolfSSL_set_fd() failed\r\n")); + NetSock_Close(sock, &err); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + return -1; + } + APP_TRACE_INFO(("wolfSSL_set_fd done\r\n")); + do { + error = 0; /* reset error */ + ret = wolfSSL_connect(ssl); + if (ret != SSL_SUCCESS) { + error = wolfSSL_get_error(ssl, 0); + APP_TRACE_INFO( + ("ERROR: wolfSSL_connect() failed, err = %d\r\n", error)); + if (error != SSL_ERROR_WANT_READ) { + NetSock_Close(sock, &err); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + return -1; + } + OSTimeDlyHMSM(0u, 0u, 1u, 0u, OS_OPT_TIME_HMSM_STRICT, &os_err); + } + } while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ)); + + APP_TRACE_INFO(("wolfSSL_connect() ok... sending GET\r\n")); + Str_Copy_N(tx_buf, TX_MSG, TX_MSG_SIZE); + if (wolfSSL_write(ssl, tx_buf, TX_MSG_SIZE) != TX_MSG_SIZE) { + error = wolfSSL_get_error(ssl, 0); + APP_TRACE_INFO(("ERROR: wolfSSL_write() failed, err = %d\r\n", error)); + NetSock_Close(sock, &err); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + return -1; + } + do { + error = 0; /* reset error */ + ret = wolfSSL_read(ssl, rx_buf, RX_BUF_SIZE - 1); + if (ret < 0) { + error = wolfSSL_get_error(ssl, 0); + if (error != SSL_ERROR_WANT_READ) { + APP_TRACE_INFO(("wolfSSL_read failed, error = %d\r\n", error)); + NetSock_Close(sock, &err); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + return -1; + } + OSTimeDlyHMSM(0u, 0u, 1u, 0u, OS_OPT_TIME_HMSM_STRICT, &os_err); + } else if (ret > 0) { + rx_buf[ret] = 0; + APP_TRACE_INFO(("%s\r\n", rx_buf)); + } + } while (error == SSL_ERROR_WANT_READ); + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + wolfSSL_Cleanup(); + NetSock_Close(sock, &err); + return 0; +} diff --git a/IDE/ECLIPSE/MICRIUM/client_wolfssl.h b/IDE/ECLIPSE/MICRIUM/client_wolfssl.h new file mode 100644 index 000000000..d7231ef19 --- /dev/null +++ b/IDE/ECLIPSE/MICRIUM/client_wolfssl.h @@ -0,0 +1,35 @@ +/* client_wolfssl.h + * + * Copyright (C) 2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef __CLIENT_WOLFSSL_H__ +#define __CLIENT_WOLFSSL_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +int wolfssl_client_test(void); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* CLIENT_WOLFSSL_H */ diff --git a/IDE/ECLIPSE/MICRIUM/include.am b/IDE/ECLIPSE/MICRIUM/include.am new file mode 100644 index 000000000..be7b1dfa5 --- /dev/null +++ b/IDE/ECLIPSE/MICRIUM/include.am @@ -0,0 +1,12 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST += \ + IDE/ECLIPSE/MICRIUM/README.md \ + IDE/ECLIPSE/MICRIUM/user_settings.h \ + IDE/ECLIPSE/MICRIUM/client_wolfssl.h \ + IDE/ECLIPSE/MICRIUM/server_wolfssl.h \ + IDE/ECLIPSE/MICRIUM/client_wolfssl.c \ + IDE/ECLIPSE/MICRIUM/server_wolfssl.c \ + IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c diff --git a/IDE/ECLIPSE/MICRIUM/server_wolfssl.c b/IDE/ECLIPSE/MICRIUM/server_wolfssl.c new file mode 100644 index 000000000..66d1a9774 --- /dev/null +++ b/IDE/ECLIPSE/MICRIUM/server_wolfssl.c @@ -0,0 +1,335 @@ +/* server_wolfssl.c + * + * Copyright (C) 2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include +#include +#include +#include + +#include "wolfssl/ssl.h" +#include "server_wolfssl.h" + +#define TLS_SERVER_PORT 11111 +#define TX_BUF_SIZE 64 +#define RX_BUF_SIZE 1024 +#define TCP_SERVER_CONN_Q_SIZE 1 + +/* derived from wolfSSL/certs/server-ecc.der */ + +static const CPU_INT08U server_ecc_der_256[] = { 0x30, 0x82, 0x03, 0x10, + 0x30, 0x82, 0x02, 0xB5, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, + 0xEF, 0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30, 0x0A, 0x06, 0x08, + 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8F, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, + 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, + 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, + 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, + 0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, 0x30, 0x30, 0x37, + 0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32, + 0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, + 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, + 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, + 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, 0x0A, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, + 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, + 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C, + 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, + 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3, + 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, + 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, + 0x34, 0x89, 0xD8, 0xA3, 0x81, 0xF7, 0x30, 0x81, 0xF4, 0x30, 0x1D, 0x06, + 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF, + 0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, + 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81, 0xC4, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xBC, 0x30, 0x81, 0xB9, 0x80, 0x14, 0x5D, 0x5D, 0x26, 0xEF, + 0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, + 0xEF, 0xB2, 0x89, 0x30, 0xA1, 0x81, 0x95, 0xA4, 0x81, 0x92, 0x30, 0x81, + 0x8F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, + 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, + 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, + 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, + 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, + 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x82, 0x09, 0x00, 0xEF, 0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30, + 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, + 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xF1, 0xD0, 0xA6, + 0x3E, 0x83, 0x33, 0x24, 0xD1, 0x7A, 0x05, 0x5F, 0x1E, 0x0E, 0xBD, 0x7D, + 0x6B, 0x33, 0xE9, 0xF2, 0x86, 0xF3, 0xF3, 0x3D, 0xA9, 0xEF, 0x6A, 0x87, + 0x31, 0xB3, 0xB7, 0x7E, 0x50, 0x02, 0x21, 0x00, 0xF0, 0x60, 0xDD, 0xCE, + 0xA2, 0xDB, 0x56, 0xEC, 0xD9, 0xF4, 0xE4, 0xE3, 0x25, 0xD4, 0xB0, 0xC9, + 0x25, 0x7D, 0xCA, 0x7A, 0x5D, 0xBA, 0xC4, 0xB2, 0xF6, 0x7D, 0x04, 0xC7, + 0xBD, 0x62, 0xC9, 0x20 }; + +/* derived from wolfSSL/certs/ecc-key.der */ + +static const CPU_INT08U ecc_key_der_256[] = { 0x30, 0x77, 0x02, 0x01, 0x01, + 0x04, 0x20, 0x45, 0xB6, 0x69, 0x02, 0x73, 0x9C, 0x6C, 0x85, 0xA1, 0x38, + 0x5B, 0x72, 0xE8, 0xE8, 0xC7, 0xAC, 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04, + 0xFA, 0x6C, 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C, 0xA0, 0x0A, + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0xA1, 0x44, + 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, + 0x4A, 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, + 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, + 0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92, + 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, + 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, 0xD8 }; + + +int wolfssl_server_test(void) +{ + NET_ERR err; + NET_SOCK_ID sock_listen; + NET_SOCK_ID sock_req; + NET_SOCK_ADDR_IPv4 server_addr; + NET_SOCK_ADDR_LEN server_addr_len; + NET_SOCK_ADDR_IPv4 client_sock_addr_ip; + NET_SOCK_ADDR_LEN client_sock_addr_ip_size; + CPU_CHAR rx_buf[RX_BUF_SIZE]; + CPU_CHAR tx_buf[TX_BUF_SIZE]; + CPU_BOOLEAN attempt_conn; + OS_ERR os_err; + WOLFSSL * ssl; + WOLFSSL_CTX * ctx; + int tx_buf_sz = 0, ret = 0, error = 0; + + #ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); + #endif + + /* wolfSSL INIT and CTX SETUP */ + + wolfSSL_Init(); + + /* SET UP NETWORK SOCKET */ + + APP_TRACE_INFO(("Opening network socket...\r\n")); + sock_listen = NetSock_Open(NET_SOCK_ADDR_FAMILY_IP_V4, + NET_SOCK_TYPE_STREAM, + NET_SOCK_PROTOCOL_TCP, + &err); + if (err != NET_SOCK_ERR_NONE) { + APP_TRACE_INFO(("ERROR: NetSock_Open, err = %d\r\n", (int) err)); + return -1; + } + + APP_TRACE_INFO(("Clearing memory for server_addr struct\r\n")); + server_addr_len = sizeof(server_addr); + Mem_Clr((void *) &server_addr, (CPU_SIZE_T) server_addr_len); + + APP_TRACE_INFO(("Setting up server_addr struct\r\n")); + server_addr.AddrFamily = NET_SOCK_ADDR_FAMILY_IP_V4; + server_addr.Addr = NET_UTIL_HOST_TO_NET_32(NET_SOCK_ADDR_IP_V4_WILDCARD); + server_addr.Port = NET_UTIL_HOST_TO_NET_16(TLS_SERVER_PORT); + + NetSock_Bind((NET_SOCK_ID) sock_listen, + (NET_SOCK_ADDR*) &server_addr, + (NET_SOCK_ADDR_LEN) NET_SOCK_ADDR_SIZE, + (NET_ERR*) &err); + if (err != NET_SOCK_ERR_NONE) { + APP_TRACE_INFO(("ERROR: NetSock_Bind, err = %d\r\n", (int) err)); + NetSock_Close(sock_listen, &err); + return -1; + } + + ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); + if (ctx == 0) { + APP_TRACE_INFO(("ERROR: wolfSSL_CTX_new failed\r\n")); + NetSock_Close(sock_listen, &err); + return -1; + } + APP_TRACE_INFO(("wolfSSL_CTX_new done\r\n")); + + ret = wolfSSL_CTX_use_certificate_buffer(ctx, + server_ecc_der_256, + sizeof(server_ecc_der_256), + SSL_FILETYPE_ASN1); + if (ret != SSL_SUCCESS) { + APP_TRACE_INFO( + ("ERROR: wolfSSL_CTX_use_certificate_buffer() failed\r\n")); + NetSock_Close(sock_listen, &err); + wolfSSL_CTX_free(ctx); + return -1; + } + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + ecc_key_der_256, + sizeof(ecc_key_der_256), + SSL_FILETYPE_ASN1); + if (ret != SSL_SUCCESS) { + APP_TRACE_INFO( + ("ERROR: wolfSSL_CTX_use_PrivateKey_buffer() failed\r\n")); + NetSock_Close(sock_listen, &err); + wolfSSL_CTX_free(ctx); + return -1; + } + /* accept client socket connections */ + + APP_TRACE_INFO(("Listening for client connection\r\n")); + + NetSock_Listen(sock_listen, TCP_SERVER_CONN_Q_SIZE, &err); + if (err != NET_SOCK_ERR_NONE) { + APP_TRACE_INFO(("ERROR: NetSock_Listen, err = %d\r\n", (int) err)); + NetSock_Close(sock_listen, &err); + wolfSSL_CTX_free(ctx); + return -1; + } + do { + client_sock_addr_ip_size = sizeof(client_sock_addr_ip); + sock_req = NetSock_Accept((NET_SOCK_ID) sock_listen, + (NET_SOCK_ADDR*) &client_sock_addr_ip, + (NET_SOCK_ADDR_LEN*) &client_sock_addr_ip_size, + (NET_ERR*) &err); + switch (err) { + case NET_SOCK_ERR_NONE: + attempt_conn = DEF_NO; + break; + case NET_ERR_INIT_INCOMPLETE: + case NET_SOCK_ERR_NULL_PTR: + case NET_SOCK_ERR_NONE_AVAIL: + case NET_SOCK_ERR_CONN_ACCEPT_Q_NONE_AVAIL: + attempt_conn = DEF_YES; + break; + case NET_SOCK_ERR_CONN_SIGNAL_TIMEOUT: + APP_TRACE_INFO( + ("NetSockAccept err = NET_SOCK_ERR_CONN_SIGNAL_TIMEOUT\r\n")); + attempt_conn = DEF_YES; + break; + default: + attempt_conn = DEF_NO; + break; + } + } while (attempt_conn == DEF_YES); + if (err != NET_SOCK_ERR_NONE) { + APP_TRACE_INFO(("ERROR: NetSock_Accept, err = %d\r\n", (int) err)); + NetSock_Close(sock_listen, &err); + return -1; + } + + APP_TRACE_INFO(("Got client connection! Starting TLS negotiation\r\n")); + /* set up wolfSSL session */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + APP_TRACE_INFO(("ERROR: wolfSSL_new() failed\r\n")); + NetSock_Close(sock_req, &err); + NetSock_Close(sock_listen, &err); + wolfSSL_CTX_free(ctx); + return -1; + } + + APP_TRACE_INFO(("wolfSSL_new done\r\n")); + ret = wolfSSL_set_fd(ssl, sock_req); + if (ret != SSL_SUCCESS) { + APP_TRACE_INFO(("ERROR: wolfSSL_set_fd() failed\r\n")); + NetSock_Close(sock_req, &err); + NetSock_Close(sock_listen, &err); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + return -1; + } + + APP_TRACE_INFO(("wolfSSL_set_fd done\r\n")); + do { + error = 0; /* reset error */ + if (ret != SSL_SUCCESS) { + error = wolfSSL_get_error(ssl, 0); + APP_TRACE_INFO( + ("ERROR: wolfSSL_accept() failed, err = %d\r\n", error)); + if (error != SSL_ERROR_WANT_READ) { + NetSock_Close(sock_req, &err); + NetSock_Close(sock_listen, &err); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + return -1; + } + OSTimeDlyHMSM(0u, 0u, 0u, 500u, OS_OPT_TIME_HMSM_STRICT, &os_err); + } + } while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ)); + + APP_TRACE_INFO(("wolfSSL_accept() ok...\r\n")); + + /* read client data */ + + error = 0; + Mem_Set(rx_buf, 0, RX_BUF_SIZE); + ret = wolfSSL_read(ssl, rx_buf, RX_BUF_SIZE - 1); + if (ret < 0) { + error = wolfSSL_get_error(ssl, 0); + if (error != SSL_ERROR_WANT_READ) { + APP_TRACE_INFO(("wolfSSL_read failed, error = %d\r\n", error)); + NetSock_Close(sock_req, &err); + NetSock_Close(sock_listen, &err); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + return -1; + } + } + + APP_TRACE_INFO(("AFTER wolfSSL_read() call, ret = %d\r\n", ret)); + if (ret > 0) { + rx_buf[ret] = 0; + APP_TRACE_INFO(("Client sent: %s\r\n", rx_buf)); + } + /* write response to client */ + Mem_Set(tx_buf, 0, TX_BUF_SIZE); + tx_buf_sz = 22; + Str_Copy_N(tx_buf, "I hear ya fa shizzle!\n", tx_buf_sz); + if (wolfSSL_write(ssl, tx_buf, tx_buf_sz) != tx_buf_sz) { + error = wolfSSL_get_error(ssl, 0); + APP_TRACE_INFO(("ERROR: wolfSSL_write() failed, err = %d\r\n", error)); + NetSock_Close(sock_req, &err); + NetSock_Close(sock_listen, &err); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + return -1; + } + ret = wolfSSL_shutdown(ssl); + if (ret == SSL_SHUTDOWN_NOT_DONE) + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + wolfSSL_Cleanup(); + NetSock_Close(sock_req, &err); + NetSock_Close(sock_listen, &err); + return 0; +} diff --git a/IDE/ECLIPSE/MICRIUM/server_wolfssl.h b/IDE/ECLIPSE/MICRIUM/server_wolfssl.h new file mode 100644 index 000000000..538ae2f75 --- /dev/null +++ b/IDE/ECLIPSE/MICRIUM/server_wolfssl.h @@ -0,0 +1,35 @@ +/* server_wolfssl.h + * + * Copyright (C) 2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef __SERVER_WOLFSSL_H__ +#define __SERVER_WOLFSSL_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +int wolfssl_server_test(void); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* SERVER_WOLFSSL_H */ diff --git a/IDE/ECLIPSE/MICRIUM/user_settings.h b/IDE/ECLIPSE/MICRIUM/user_settings.h new file mode 100644 index 000000000..a21dea6f3 --- /dev/null +++ b/IDE/ECLIPSE/MICRIUM/user_settings.h @@ -0,0 +1,75 @@ +/* user_setting.h + * + * Copyright (C) 2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef MICRIUM_USER_SETTINGS_H_ +#define MICRIUM_USER_SETTINGS_H_ + +#ifdef __cplusplus + extern "C" { +#endif + +#define MICRIUM + +/* You can select one or all of the following tests */ +#define WOLFSSL_WOLFCRYPT_TEST +#define WOLFSSL_BENCHMARK_TEST +#define WOLFSSL_CLIENT_TEST +#define WOLFSSL_SERVER_TEST + +/* adjust CURRENT_UNIX_TS to seconds since Jan 01 1970. (UTC) +You can get the current time from https://www.unixtimestamp.com/ +*/ +#define CURRENT_UNIX_TS 1542605837 + +/* When using Windows simulator, you must define USE_WINDOWS_API for test.h to build */ +#ifdef _WIN32 +#define USE_WINDOWS_API +#endif + +#define NO_FILESYSTEM +#define SIZEOF_LONG_LONG 8 + +/* prevents from including multiple definition of main() */ +#define NO_MAIN_DRIVER +#define NO_TESTSUITE_MAIN_DRIVER + +/* includes certificate test buffers via header files */ +#define USE_CERT_BUFFERS_2048 +/*use kB instead of mB for embedded benchmarking*/ +#define BENCH_EMBEDDED + +#define NO_WRITE_TEMP_FILES + +#define XSNPRINTF snprintf + +#define HAVE_AESGCM +#define WOLFSSL_SHA512 +#define HAVE_ECC +#define HAVE_CURVE25519 +#define CURVE25519_SMALL +#define HAVE_ED25519 +#define ED25519_SMALL + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif diff --git a/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c b/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c new file mode 100644 index 000000000..581e6256c --- /dev/null +++ b/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c @@ -0,0 +1,80 @@ +/* wolfsslRunTests.c + * + * Copyright (C) 2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include /* master includes from Micrium Freescale Kinetis K70*/ + +#include + +/* +* Description : This function runs wolfssl tests. +* Caller(s) : main() in app.c +* Note(s) : none. +*/ + +int wolfsslRunTests (void) +{ + CLK_ERR err; + CLK_TS_SEC ts_unix_sec; + CPU_BOOLEAN valid; + static int initialized = 0; + + if(!initialized) { + Clk_Init(&err); + + if (err == CLK_ERR_NONE) { + APP_TRACE_INFO(("Clock module successfully initialized\n")); + } else { + APP_TRACE_INFO(("Clock module initialization failed\n")); + return -1; + } + + valid = Clk_GetTS_Unix(&ts_unix_sec); + + if (valid == DEF_OK) { + APP_TRACE_INFO(("Timestamp Unix = %u\n", ts_unix_sec)); + } else { + APP_TRACE_INFO(("Get TS Unix error\n")); + } + #if defined(CURRENT_UNIX_TS) + valid = Clk_SetTS_Unix(CURRENT_UNIX_TS); + if (valid != DEF_OK) { + APP_TRACE_INFO(("Clk_SetTS_Unix error\n")); + return -1; + } + #endif + initialized = 1; + } + + #if defined(WOLFSSL_WOLFCRYPT_TEST) + wolfcrypt_test(NULL); + #endif + #if defined(WOLFSSL_BENCHMARK_TEST) + benchmark_test(NULL); + #endif + #if defined(WOLFSSL_CLIENT_TEST) + wolfssl_client_test(); + #endif + #if defined(WOLFSSL_SERVER_TEST) + wolfssl_server_test(); + #endif + + return 0; +} diff --git a/IDE/Espressif/ESP-IDF/README.md b/IDE/Espressif/ESP-IDF/README.md new file mode 100644 index 000000000..f96fbff10 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/README.md @@ -0,0 +1,33 @@ +# ESP-IDF port +## Overview + ESP-IDF development framework with wolfSSL by setting *WOLFSSL_ESPIDF* definition + + Including the following examples: + simple tls_client/server + crypt test + crypt benchmark + + The *user_settings.h* file enables some of the hardened settings. + +## Requirements + 1. ESP-IDF development framework + [https://docs.espressif.com/projects/esp-idf/en/latest/get-started/] + Note: This expects to use Linux version. + +## Setup + 1. Run *setup.sh* to deploy files into ESP-IDF tree + 2. Find Wolfssl files at /path/to/esp-idf/components/wolfssl/ + 3. Find Example programs under /path/to/esp-idf/examples/protocols/wolfssl_xxx + 4. Uncomment out #define WOLFSSL_ESPIDF in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h + Uncomment out #define WOLFSSL_ESPWROOM32 in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h + +## Configuration + 1. The *user_settings.h* for each example can be found in /path/to/examples/protocols/wolfssl_xxx/main/include/user_settings.h + +## Build examples + 1. See README in each example folder + +## Support + For question please email [support@wolfssl.com] + + Note: This is tested with "Ubuntu 18.04.1 LTS" and ESP32-WROOM-32. diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt new file mode 100644 index 000000000..98c19f5b3 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt @@ -0,0 +1,6 @@ +# The following lines of boilerplate have to be in your project's +# CMakeLists in this exact order for cmake to work correctly +cmake_minimum_required(VERSION 3.5) + +include($ENV{IDF_PATH}/tools/cmake/project.cmake) +project(wolfssl_benchmark) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile new file mode 100644 index 000000000..dbbe9edb4 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile @@ -0,0 +1,11 @@ +# +# This is a project Makefile. It is assumed the directory this Makefile resides in is a +# project subdirectory. +# + +PROJECT_NAME := wolfssl_benchmark + +CFLAGS += -DWOLFSSL_USER_SETTINGS + +include $(IDF_PATH)/make/project.mk + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md new file mode 100644 index 000000000..7581e8bce --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md @@ -0,0 +1,14 @@ +#wolfSSL Example + +The Example contains of wolfSSL benchmark program. + +1. "make menuconfig" to configure the program. + 1-1. Example Configuration -> + BENCH_ARG : argument that you want to use. Default is "-lng 0" + The list of argument can be find in help. + +When you want to run the benchmark program +1. "make flash" to compile and load the firmware +2. "make monitor" to see the message + +See the README.md file in the upper level 'examples' directory for more information about examples. diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild new file mode 100644 index 000000000..8fd12d389 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild @@ -0,0 +1,29 @@ +menu "Example Configuration" + +config BENCH_ARGV + string "Arguments for benchmark test" + default "-lng 0" + help + -? Help, print this usage + 0: English, 1: Japanese + -csv Print terminal output in csv format + -base10 Display bytes as power of 10 (eg 1 kB = 1000 Bytes) + -no_aad No additional authentication data passed. + -dgst_full Full digest operation performed. + -rsa_sign Measure RSA sign/verify instead of encrypt/decrypt. + - Algorithm to benchmark. Available algorithms include: + cipher aes-cbc aes-gcm chacha20 chacha20-poly1305 + digest md5 poly1305 sha sha2 sha224 sha256 sha384 sha512 sha3 + sha3-224 sha3-256 sha3-384 sha3-512 + mac hmac hmac-md5 hmac-sha hmac-sha224 hmac-sha256 hmac-sha384 + hmac-sha512 + asym rsa rsa-sz dh ecc-kg ecc + other rng + -lng Display benchmark result by specified language. + 0: English, 1: Japanese + Size of block in bytes + + e.g -lng 1 + e.g sha + +endmenu diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk new file mode 100644 index 000000000..e19e22a53 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk @@ -0,0 +1,8 @@ +# +# Main component makefile. +# +# This Makefile can be left empty. By default, it will take the sources in the +# src/ directory, compile them and link them into lib(subdirectory_name).a +# in the build directory. This behaviour is entirely configurable, +# please read the ESP-IDF documents if you need to do this. +# \ No newline at end of file diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c new file mode 100644 index 000000000..94e0d8bfb --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c @@ -0,0 +1,80 @@ +/* helper.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#include +#include +#include + +#include "sdkconfig.h" + +#define WOLFSSL_BENCH_ARGV CONFIG_BENCH_ARGV + +char* __argv[22]; + +int construct_argv() +{ + int cnt = 0; + int i = 0; + int len = 0; + char *_argv; /* buffer for copying the string */ + char *ch; /* char pointer to trace the string */ + char buff[16] = { 0 }; /* buffer for a argument copy */ + + printf("arg:%s\n", CONFIG_BENCH_ARGV); + len = strlen(CONFIG_BENCH_ARGV); + _argv = (char*)malloc(len + 1); + if (!_argv) { + return -1; + } + memset(_argv, 0, len+1); + memcpy(_argv, CONFIG_BENCH_ARGV, len); + _argv[len] = '\0'; + ch = _argv; + + __argv[cnt] = malloc(10); + sprintf(__argv[cnt], "benchmark"); + __argv[9] = '\0'; + cnt = 1; + + while (*ch != '\0') + { + /* skip white-space */ + while (*ch == ' ') { ++ch; } + + memset(buff, 0, sizeof(buff)); + /* copy each args into buffer */ + i = 0; + while ((*ch != ' ') && (*ch != '\0') && (i < 16)) { + buff[i] = *ch; + ++i; + ++ch; + } + /* copy the string into argv */ + __argv[cnt] = (char*)malloc(i + 1); + memset(__argv[cnt], 0, i + 1); + memcpy(__argv[cnt], buff, i + 1); + /* next args */ + ++cnt; + } + + free(_argv); + + return (cnt); +} diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/user_settings.h new file mode 100644 index 000000000..35df8c37e --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/user_settings.h @@ -0,0 +1,51 @@ +/* user_settings.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#define BENCH_EMBEDDED +#define USE_CERT_BUFFERS_2048 + +/* TLS 1.3 */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define WC_RSA_PSS +#define HAVE_HKDF +#define HAVE_FFDHE_2048 +#define HAVE_AEAD +#define HAVE_SUPPORTED_CURVES + +#define SINGLE_THREADED /* or define RTOS option */ +#define NO_FILESYSTEM + +#define HAVE_AESGCM +#define WOLFSSL_SHA512 +#define HAVE_ECC +#define HAVE_CURVE25519 +#define CURVE25519_SMALL +#define HAVE_ED25519 + +/* debug options */ +/* #define DEBUG_WOLFSSL */ + +/* date/time */ +/* if it cannot adjust time in the device, */ +/* enable macro below */ +/* #define NO_ASN_TIME */ +/* #define XTIME time */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults new file mode 100644 index 000000000..29cf15a34 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults @@ -0,0 +1,4 @@ +CONFIG_BENCH_ARGV="-lng 0" +CONFIG_MAIN_TASK_STACK_SIZE=5000 +CONFIG_FREERTOS_HZ=1000 +CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0= diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt new file mode 100644 index 000000000..bf716c65b --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt @@ -0,0 +1,6 @@ +# The following lines of boilerplate have to be in your project's +# CMakeLists in this exact order for cmake to work correctly +cmake_minimum_required(VERSION 3.5) + +include($ENV{IDF_PATH}/tools/cmake/project.cmake) +project(wolfssl_client) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile new file mode 100644 index 000000000..ac04b5fe5 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile @@ -0,0 +1,11 @@ +# +# This is a project Makefile. It is assumed the directory this Makefile resides in is a +# project subdirectory. +# + +PROJECT_NAME := wolfssl_client + +CFLAGS += -DWOLFSSL_USER_SETTINGS + +include $(IDF_PATH)/make/project.mk + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md new file mode 100644 index 000000000..4edec3eeb --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md @@ -0,0 +1,19 @@ +#wolfssl Example + +The Example contains of wolfSSL tls client demo. + +1. "make menuconfig" to config the project + 1-1. Example Configuration -> + WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid") + WIFI Password: WIFI password, and default is "mypassword" + Target host ip address : the host that you want to connect to.(default is 127.0.0.1) + + Note: the example program uses 11111 port. If you want to use different port + , you need to modifiy DEFAULT_PORT definition in the code. + +When you want to test the wolfSSL client +1. "make falsh monitor" to load the firmware and see the context +2. You can use /examples/server/server program for test. + e.g. Launch ./examples/server/server -v 4 -b -i + +See the README.md file in the upper level 'examples' directory for more information about examples. diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild new file mode 100644 index 000000000..afcf6edc6 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild @@ -0,0 +1,21 @@ +menu "Example Configuration" + +config WIFI_SSID + string "WiFi SSID" + default "myssid" + help + SSID (network name) for the example to connect to. + +config WIFI_PASSWORD + string "WiFi Password" + default "mypassword" + help + WiFi password (WPA or WPA2) for the example to use. + +config TARGET_HOST + string "Target host" + default "127.0.01.1" + help + host address for the example to connect + +endmenu diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c new file mode 100644 index 000000000..034513e48 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c @@ -0,0 +1,151 @@ +/* client-tls-callback.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ +/* the usual suspects */ +#include +#include +#include +#include + +/* ESP specific */ +#include "wifi_connect.h" + +/* socket includes */ +#include +#include +#include +#include + +/* wolfSSL */ +#include +#include +#include + +#ifdef WOLFSSL_TRACK_MEMORY + #include +#endif + +const char *TAG = "tls_client"; + +void tls_smp_client_task() +{ + int ret; + int sockfd; + struct sockaddr_in servAddr; + char buff[256]; + size_t len; + + /* declare wolfSSL objects */ + WOLFSSL_CTX *ctx; + WOLFSSL *ssl; + + WOLFSSL_ENTER("tls_smp_client_task"); + +#ifdef DEBUG_WOLFSSL + WOLFSSL_MSG("Debug ON"); + wolfSSL_Debugging_ON(); +#endif + /* Initialize wolfSSL */ + wolfSSL_Init(); + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + printf("ERROR: failed to create the socket\n"); + } + /* Create and initialize WOLFSSL_CTX */ + if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) { + printf("ERROR: failed to create WOLFSSL_CTX\n"); + } + WOLFSSL_MSG("Loading...cert"); + /* Load client certificates into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, + sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) { + printf("ERROR: failed to load %d, please check the file.\n",ret); + } + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); + + /* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + + /* Get the server IPv4 address from the command line call */ + WOLFSSL_MSG("inet_pton"); + if ((ret = inet_pton(AF_INET, TLS_SMP_TARGET_HOST, + &servAddr.sin_addr)) != 1) { + printf("ERROR: invalid address ret=%d\n", ret); + } + + /* Connect to the server */ + sprintf(buff, "Connecting to server....%s(port:%d)", TLS_SMP_TARGET_HOST + , DEFAULT_PORT); + WOLFSSL_MSG(buff); + if ((ret = connect(sockfd, (struct sockaddr *)&servAddr, + sizeof(servAddr))) == -1){ + printf("ERROR: failed to connect ret=%d\n", ret); + } + + WOLFSSL_MSG("Create a WOLFSSL object"); + /* Create a WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + printf("ERROR: failed to create WOLFSSL object\n"); + } + + /* Attach wolfSSL to the socket */ + wolfSSL_set_fd(ssl, sockfd); + + WOLFSSL_MSG("Connect to wolfSSL on the server side"); + /* Connect to wolfSSL on the server side */ + if (wolfSSL_connect(ssl) != SSL_SUCCESS) { + printf("ERROR: failed to connect to wolfSSL\n"); + } + + /* Get a message for the server from stdin */ + WOLFSSL_MSG("Message for server: "); + memset(buff, 0, sizeof(buff)); + sprintf(buff, "message from client\n"); + len = strnlen(buff, sizeof(buff)); + /* Send the message to the server */ + if (wolfSSL_write(ssl, buff, len) != len) { + printf("ERROR: failed to write\n"); + } + + /* Read the server data into our buff array */ + memset(buff, 0, sizeof(buff)); + if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) { + printf("ERROR: failed to read\n"); + } + + /* Print to stdout any data the server sends */ + WOLFSSL_MSG("Server:"); + WOLFSSL_MSG(buff); + /* Cleanup and return */ + wolfSSL_free(ssl); /* Free the wolfSSL object */ + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ + close(sockfd); /* Close the connection to the server */ + + vTaskDelete(NULL); + + return; /* Return reporting a success */ +} diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk new file mode 100644 index 000000000..61f8990c3 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk @@ -0,0 +1,8 @@ +# +# Main component makefile. +# +# This Makefile can be left empty. By default, it will take the sources in the +# src/ directory, compile them and link them into lib(subdirectory_name).a +# in the build directory. This behaviour is entirely configurable, +# please read the ESP-IDF documents if you need to do this. +# diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/user_settings.h new file mode 100644 index 000000000..35df8c37e --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/user_settings.h @@ -0,0 +1,51 @@ +/* user_settings.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#define BENCH_EMBEDDED +#define USE_CERT_BUFFERS_2048 + +/* TLS 1.3 */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define WC_RSA_PSS +#define HAVE_HKDF +#define HAVE_FFDHE_2048 +#define HAVE_AEAD +#define HAVE_SUPPORTED_CURVES + +#define SINGLE_THREADED /* or define RTOS option */ +#define NO_FILESYSTEM + +#define HAVE_AESGCM +#define WOLFSSL_SHA512 +#define HAVE_ECC +#define HAVE_CURVE25519 +#define CURVE25519_SMALL +#define HAVE_ED25519 + +/* debug options */ +/* #define DEBUG_WOLFSSL */ + +/* date/time */ +/* if it cannot adjust time in the device, */ +/* enable macro below */ +/* #define NO_ASN_TIME */ +/* #define XTIME time */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h new file mode 100644 index 000000000..39345936a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h @@ -0,0 +1,38 @@ +/* user_settings.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _TLS_WIFI_H_ +#define _TLS_WIFI_H_ + +#include "esp_log.h" +#include "esp_wifi.h" +#include "esp_event_loop.h" + +#define DEFAULT_PORT 11111 + +#define TLS_SMP_CLIENT_TASK_NAME "tls_client_example" +#define TLS_SMP_CLIENT_TASK_WORDS 10240 +#define TLS_SMP_CLIENT_TASK_PRIORITY 8 + +#define TLS_SMP_WIFI_SSID CONFIG_WIFI_SSID +#define TLS_SMP_WIFI_PASS CONFIG_WIFI_PASSWORD +#define TLS_SMP_TARGET_HOST CONFIG_TARGET_HOST + +#endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c new file mode 100644 index 000000000..4735c62eb --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c @@ -0,0 +1,146 @@ +/* wifi_connect.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +/*ESP specific */ +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include "freertos/event_groups.h" +#include "wifi_connect.h" +#include "lwip/sockets.h" +#include "lwip/netdb.h" +#include "lwip/apps/sntp.h" +#include "nvs_flash.h" + +const static int CONNECTED_BIT = BIT0; +static EventGroupHandle_t wifi_event_group; +/* proto-type */ +extern void tls_smp_client_task(); +static void tls_smp_client_init(); + +const static char *TAG = "tls_client"; + +static EventGroupHandle_t wifi_event_group; +extern void tls_smp_client_task(); + +static void set_time() +{ + /* set dummy wallclock time. */ + struct timeval utctime; + struct timezone tz; + struct strftime_buf; + time_t now; + struct tm timeinfo; + char strftime_buf[64]; + + utctime.tv_sec = 1542008020; /* dummy time: Mon Nov 12 07:33:40 2018 */ + utctime.tv_usec = 0; + tz.tz_minuteswest = 0; + tz.tz_dsttime = 0; + + settimeofday(&utctime, &tz); + + time(&now); + localtime_r(&now, &timeinfo); + + strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); + ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); + + /* wait until wifi connect */ + xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT, + false, true, portMAX_DELAY); + /* now we start client tasks. */ + tls_smp_client_init(); +} + +/* create task */ +static void tls_smp_client_init(void) +{ + int ret; + xTaskHandle _handle; + /* http://esp32.info/docs/esp_idf/html/dd/d3c/group__xTaskCreate.html */ + ret = xTaskCreate(tls_smp_client_task, + TLS_SMP_CLIENT_TASK_NAME, + TLS_SMP_CLIENT_TASK_WORDS, + NULL, + TLS_SMP_CLIENT_TASK_PRIORITY, + &_handle); + + if (ret != pdPASS) { + ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_CLIENT_TASK_NAME); + } +} +/* event hander for wifi events */ +static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) +{ + switch (event->event_id) + { + case SYSTEM_EVENT_STA_START: + esp_wifi_connect(); + break; + case SYSTEM_EVENT_STA_GOT_IP: + ESP_LOGI(TAG, "got ip:%s", + ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); + /* http://esp32.info/docs/esp_idf/html/dd/d08/group__xEventGroupSetBits.html */ + xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); + break; + case SYSTEM_EVENT_STA_DISCONNECTED: + esp_wifi_connect(); + xEventGroupClearBits(wifi_event_group, CONNECTED_BIT); + break; + default: + break; + } + return ESP_OK; +} +/* entry point */ +void app_main(void) +{ + ESP_LOGI(TAG, "Start app_main..."); + ESP_ERROR_CHECK(nvs_flash_init()); + + ESP_LOGI(TAG, "Initialize wifi"); + /* TCP/IP adapter initialization */ + tcpip_adapter_init(); + + /* */ + wifi_event_group = xEventGroupCreate(); + ESP_ERROR_CHECK(esp_event_loop_init(wifi_event_handler, NULL)); + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK(esp_wifi_init(&cfg)); + + wifi_config_t wifi_config = { + .sta = { + .ssid = TLS_SMP_WIFI_SSID, + .password = TLS_SMP_WIFI_PASS, + }, + }; + /* WiFi station mode */ + ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); + /* Wifi Set the configuration of the ESP32 STA or AP */ + ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) ); + /* Start Wifi */ + ESP_ERROR_CHECK(esp_wifi_start() ); + + ESP_LOGI(TAG, "wifi_init_sta finished."); + ESP_LOGI(TAG, "connect to ap SSID:%s password:%s", + TLS_SMP_WIFI_SSID, TLS_SMP_WIFI_PASS); + ESP_LOGI(TAG, "Set dummy time..."); + set_time(); +} diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt new file mode 100644 index 000000000..71455470d --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt @@ -0,0 +1,7 @@ +# The following lines of boilerplate have to be in your project's +# CMakeLists in this exact order for cmake to work correctly +cmake_minimum_required(VERSION 3.5) + + +include($ENV{IDF_PATH}/tools/cmake/project.cmake) +project(tls_server) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile new file mode 100644 index 000000000..5fa6a42bd --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile @@ -0,0 +1,11 @@ +# +# This is a project Makefile. It is assumed the directory this Makefile resides in is a +# project subdirectory. +# + +PROJECT_NAME := tls_server + +CFLAGS += -DWOLFSSL_USER_SETTINGS + +include $(IDF_PATH)/make/project.mk + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md new file mode 100644 index 000000000..2265618df --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md @@ -0,0 +1,19 @@ +#wolfSSL Example + +The Example contains a wolfSSL simple server. + +1. "make menuconfigure" to configure the project + 1-1. Example Configuration -> + WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid") + WIFI Password : WIFI password, and default is "mypassword" + +When you want to test the wolfSSL simple server demo +1. "make flash" to compile the code and load the firmware +2. "make monitor" to see the context. The assigned IP address can be found in output message. +3. Once the server connects to the wifi, it is waiting for client request. + ("Waiting for a connection..." message will be displayed.) +4. You can use /examples/client to test the server + e.g ./example/client/client -h xx.xx.xx + +See the README.md file in the upper level 'examples' directory for more information about examples. + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild new file mode 100644 index 000000000..176d8fb33 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild @@ -0,0 +1,15 @@ +menu "Example Configuration" + +config WIFI_SSID + string "WiFi SSID" + default "myssid" + help + SSID (network name) for the example to connect to. + +config WIFI_PASSWORD + string "WiFi Password" + default "mypassword" + help + WiFi password (WPA or WPA2) for the example to use. + +endmenu diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk new file mode 100644 index 000000000..d31083f65 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk @@ -0,0 +1,3 @@ +# +# Main Makefile. This is basically the same as a component makefile. +# \ No newline at end of file diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/user_settings.h new file mode 100644 index 000000000..35df8c37e --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/user_settings.h @@ -0,0 +1,51 @@ +/* user_settings.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#define BENCH_EMBEDDED +#define USE_CERT_BUFFERS_2048 + +/* TLS 1.3 */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define WC_RSA_PSS +#define HAVE_HKDF +#define HAVE_FFDHE_2048 +#define HAVE_AEAD +#define HAVE_SUPPORTED_CURVES + +#define SINGLE_THREADED /* or define RTOS option */ +#define NO_FILESYSTEM + +#define HAVE_AESGCM +#define WOLFSSL_SHA512 +#define HAVE_ECC +#define HAVE_CURVE25519 +#define CURVE25519_SMALL +#define HAVE_ED25519 + +/* debug options */ +/* #define DEBUG_WOLFSSL */ + +/* date/time */ +/* if it cannot adjust time in the device, */ +/* enable macro below */ +/* #define NO_ASN_TIME */ +/* #define XTIME time */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h new file mode 100644 index 000000000..f50f578df --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h @@ -0,0 +1,37 @@ +/* wifi_connect.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _TLS_WIFI_H_ +#define _TLS_WIFI_H_ + +#include "esp_log.h" +#include "esp_wifi.h" +#include "esp_event_loop.h" + +#define DEFAULT_PORT 11111 + +#define TLS_SMP_SERVER_TASK_NAME "tls_sever_example" +#define TLS_SMP_SERVER_TASK_WORDS 10240 +#define TLS_SMP_SERVER_TASK_PRIORITY 8 + +#define TLS_SMP_WIFI_SSID CONFIG_WIFI_SSID +#define TLS_SMP_WIFI_PASS CONFIG_WIFI_PASSWORD + +#endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c new file mode 100644 index 000000000..3cc1227ce --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c @@ -0,0 +1,170 @@ +/* server-tls-callback.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ +/* the usual suspects */ +#include +#include +#include +#include + +/* socket includes */ +#include +#include +#include +#include + +/* wolfSSL */ +#include +#include +#include + +/* ESP specific */ +#include "wifi_connect.h" + +#ifdef WOLFSSL_TRACK_MEMORY + #include +#endif + +const char *TAG = "tls_server"; + +void tls_smp_server_task() +{ + int sockfd; + int connd; + struct sockaddr_in servAddr; + struct sockaddr_in clientAddr; + socklen_t size = sizeof(clientAddr); + char buff[256]; + size_t len; + int shutdown = 0; + int ret; + + /* declare wolfSSL objects */ + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + + WOLFSSL_ENTER("tls_smp_server_task"); + +#ifdef DEBUG_WOLFSSL + WOLFSSL_MSG("Debug ON"); + wolfSSL_Debugging_ON(); +#endif + /* Initialize wolfSSL */ + WOLFSSL_MSG("Start wolfSSL_Init()"); + wolfSSL_Init(); + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + WOLFSSL_MSG( "start socket())"); + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + printf("ERROR: failed to create the socket"); + } + + /* Create and initialize WOLFSSL_CTX */ + WOLFSSL_MSG("Create and initialize WOLFSSL_CTX"); + if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { + printf("ERROR: failed to create WOLFSSL_CTX"); + } + WOLFSSL_MSG("Loading certificate..."); + /* Load server certificates into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, + sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) { + printf("ERROR: failed to load cert"); + } + WOLFSSL_MSG("Loading key info..."); + /* Load server key into WOLFSSL_CTX */ + if((ret=wolfSSL_CTX_use_PrivateKey_buffer(ctx, + server_key_der_2048, sizeof_server_key_der_2048, + WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) { + printf("ERROR: failed to load privatekey"); + } + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); + /* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */ + + /* Bind the server socket to our port */ + if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) { + printf("ERROR: failed to bind"); + } + + /* Listen for a new connection, allow 5 pending connections */ + if (listen(sockfd, 5) == -1) { + printf("ERROR: failed to listen"); + } + /* Continue to accept clients until shutdown is issued */ + while (!shutdown) { + WOLFSSL_MSG("Waiting for a connection..."); + /* Accept client connections */ + if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) + == -1) { + printf("ERROR: failed to accept the connection"); + } + /* Create a WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + printf("ERROR: failed to create WOLFSSL object"); + } + /* Attach wolfSSL to the socket */ + wolfSSL_set_fd(ssl, connd); + /* Establish TLS connection */ + ret = wolfSSL_accept(ssl); + if (ret != SSL_SUCCESS) { + printf("wolfSSL_accept error %d", wolfSSL_get_error(ssl, ret)); + } + WOLFSSL_MSG("Client connected successfully"); + /* Read the client data into our buff array */ + memset(buff, 0, sizeof(buff)); + if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) { + printf("ERROR: failed to read"); + } + /* Print to stdout any data the client sends */ + WOLFSSL_MSG("Client sends:"); + WOLFSSL_MSG(buff); + /* Check for server shutdown command */ + if (strncmp(buff, "shutdown", 8) == 0) { + WOLFSSL_MSG("Shutdown command issued!"); + shutdown = 1; + } + /* Write our reply into buff */ + memset(buff, 0, sizeof(buff)); + memcpy(buff, "I hear ya fa shizzle!", sizeof(buff)); + len = strnlen(buff, sizeof(buff)); + /* Reply back to the client */ + if (wolfSSL_write(ssl, buff, len) != len) { + printf("ERROR: failed to write"); + } + /* Cleanup after this connection */ + wolfSSL_free(ssl); /* Free the wolfSSL object */ + close(connd); /* Close the connection to the client */ + } + /* Cleanup and return */ + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ + close(sockfd); /* Close the socket listening for clients */ + + vTaskDelete(NULL); + + return; /* Return reporting a success */ +} diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c new file mode 100644 index 000000000..8ed2216c1 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c @@ -0,0 +1,143 @@ +/* wifi_connect.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +/*ESP specific */ +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include "freertos/event_groups.h" +#include "wifi_connect.h" +#include "lwip/sockets.h" +#include "lwip/netdb.h" +#include "lwip/apps/sntp.h" +#include "nvs_flash.h" + +const static int CONNECTED_BIT = BIT0; +static EventGroupHandle_t wifi_event_group; +/* prefix for logging */ +const static char *TAG = "tls_server"; +/* proto-type difinition */ +extern void tls_smp_server_task(); +static void tls_smp_server_init(); + +static void set_time() +{ + /* set dummy wallclock time. */ + struct timeval utctime; + struct timezone tz; + struct strftime_buf; + time_t now; + struct tm timeinfo; + char strftime_buf[64]; + + utctime.tv_sec = 1542008020; /* dummy time: Mon Nov 12 07:33:40 2018 */ + utctime.tv_usec = 0; + tz.tz_minuteswest = 0; + tz.tz_dsttime = 0; + + settimeofday(&utctime, &tz); + + time(&now); + localtime_r(&now, &timeinfo); + + strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); + ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); + + /* wait until wifi connect */ + xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT, + false, true, portMAX_DELAY); + /* now we start client tasks. */ + tls_smp_server_init(); +} + +/* create task */ +static void tls_smp_server_init(void) +{ + int ret; + xTaskHandle _handle; + /* http://esp32.info/docs/esp_idf/html/dd/d3c/group__xTaskCreate.html */ + ret = xTaskCreate(tls_smp_server_task, + TLS_SMP_SERVER_TASK_NAME, + TLS_SMP_SERVER_TASK_WORDS, + NULL, + TLS_SMP_SERVER_TASK_PRIORITY, + &_handle); + + if (ret != pdPASS) { + ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_SERVER_TASK_NAME); + } +} +/* event hander for wifi events */ +static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) +{ + switch (event->event_id) + { + case SYSTEM_EVENT_STA_START: + esp_wifi_connect(); + break; + case SYSTEM_EVENT_STA_GOT_IP: + ESP_LOGI(TAG, "got ip:%s", + ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); + /* http://esp32.info/docs/esp_idf/html/dd/d08/group__xEventGroupSetBits.html */ + xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); + break; + case SYSTEM_EVENT_STA_DISCONNECTED: + esp_wifi_connect(); + xEventGroupClearBits(wifi_event_group, CONNECTED_BIT); + break; + default: + break; + } + return ESP_OK; +} +/* entry point */ +void app_main(void) +{ + ESP_LOGI(TAG, "Start app_main..."); + ESP_ERROR_CHECK(nvs_flash_init()); + + ESP_LOGI(TAG, "Initialize wifi"); + /* TCP/IP adapter initialization */ + tcpip_adapter_init(); + + /* */ + wifi_event_group = xEventGroupCreate(); + ESP_ERROR_CHECK(esp_event_loop_init(wifi_event_handler, NULL)); + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK(esp_wifi_init(&cfg)); + + wifi_config_t wifi_config = { + .sta = { + .ssid = TLS_SMP_WIFI_SSID, + .password = TLS_SMP_WIFI_PASS, + }, + }; + /* WiFi station mode */ + ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); + /* Wifi Set the configuration of the ESP32 STA or AP */ + ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) ); + /* Start Wifi */ + ESP_ERROR_CHECK(esp_wifi_start() ); + + ESP_LOGI(TAG, "wifi_init_sta finished."); + ESP_LOGI(TAG, "connect to ap SSID:%s password:%s", + TLS_SMP_WIFI_SSID, TLS_SMP_WIFI_PASS); + ESP_LOGI(TAG, "Set Dummy time..."); + set_time(); +} diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt new file mode 100644 index 000000000..26af0fe10 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt @@ -0,0 +1,6 @@ +# The following five lines of boilerplate have to be in your project's +# CMakeLists in this exact order for cmake to work correctly +cmake_minimum_required(VERSION 3.5) + +include($ENV{IDF_PATH}/tools/cmake/project.cmake) +project(wolfssl_test) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile new file mode 100644 index 000000000..fd971485a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile @@ -0,0 +1,11 @@ +# +# This is a project Makefile. It is assumed the directory this Makefile resides in is a +# project subdirectory. +# + +PROJECT_NAME := wolfssl_test + +CFLAGS += -DWOLFSSL_USER_SETTINGS + +include $(IDF_PATH)/make/project.mk + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md new file mode 100644 index 000000000..5b9a952bd --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md @@ -0,0 +1,10 @@ +#wolfSSL Example + +The Example contains of wolfSSL test program. + +When you want to run the benchmark program +1. "make menuconfig" to configure the program,first +1. "make flash" to compile and load the firemware +2. "make monitor" to see the message + +See the README.md file in the upper level 'examples' directory for more information about examples. diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk new file mode 100644 index 000000000..d31083f65 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk @@ -0,0 +1,3 @@ +# +# Main Makefile. This is basically the same as a component makefile. +# \ No newline at end of file diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/user_settings.h new file mode 100644 index 000000000..35df8c37e --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/user_settings.h @@ -0,0 +1,51 @@ +/* user_settings.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#define BENCH_EMBEDDED +#define USE_CERT_BUFFERS_2048 + +/* TLS 1.3 */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define WC_RSA_PSS +#define HAVE_HKDF +#define HAVE_FFDHE_2048 +#define HAVE_AEAD +#define HAVE_SUPPORTED_CURVES + +#define SINGLE_THREADED /* or define RTOS option */ +#define NO_FILESYSTEM + +#define HAVE_AESGCM +#define WOLFSSL_SHA512 +#define HAVE_ECC +#define HAVE_CURVE25519 +#define CURVE25519_SMALL +#define HAVE_ED25519 + +/* debug options */ +/* #define DEBUG_WOLFSSL */ + +/* date/time */ +/* if it cannot adjust time in the device, */ +/* enable macro below */ +/* #define NO_ASN_TIME */ +/* #define XTIME time */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults new file mode 100644 index 000000000..da8d0aa20 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults @@ -0,0 +1,2 @@ +CONFIG_MAIN_TASK_STACK_SIZE=5000 +CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0= diff --git a/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt new file mode 100644 index 000000000..78fe8a073 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt @@ -0,0 +1,79 @@ +cmake_minimum_required(VERSION 3.5) + +set(CMAKE_CURRENT_SOURCE_DIR ".") +set(WOLFSSL_ROOT ${CMAKE_CURRENT_SOURCE_DIR}) +set(INCLUDE_PATH ${WOLFSSL_ROOT}) +set(COMPONENT_SRCS + "src/keys.c" + "src/sniffer.c" + "src/tls.c" + "src/wolfio.c" + "src/crl.c" + "src/internal.c" + "src/ocsp.c" + "src/ssl.c" + "src/tls13.c" + "wolfcrypt/src/aes.c" + "wolfcrypt/src/arc4.c" + "wolfcrypt/src/asm.c" + "wolfcrypt/src/asn.c" + "wolfcrypt/src/blake2b.c" + "wolfcrypt/src/camellia.c" + "wolfcrypt/src/chacha.c" + "wolfcrypt/src/chacha20_poly1305.c" + "wolfcrypt/src/cmac.c" + "wolfcrypt/src/coding.c" + "wolfcrypt/src/compress.c" + "wolfcrypt/src/cpuid.c" + "wolfcrypt/src/cryptodev.c" + "wolfcrypt/src/curve25519.c" + "wolfcrypt/src/des3.c" + "wolfcrypt/src/dh.c" + "wolfcrypt/src/dsa.c" + "wolfcrypt/src/ecc.c" + "wolfcrypt/src/ecc_fp.c" + "wolfcrypt/src/ed25519.c" + "wolfcrypt/src/error.c" + "wolfcrypt/src/fe_low_mem.c" + "wolfcrypt/src/fe_operations.c" + "wolfcrypt/src/ge_low_mem.c" + "wolfcrypt/src/ge_operations.c" + "wolfcrypt/src/hash.c" + "wolfcrypt/src/hc128.c" + "wolfcrypt/src/hmac.c" + "wolfcrypt/src/idea.c" + "wolfcrypt/src/integer.c" + "wolfcrypt/src/logging.c" + "wolfcrypt/src/md2.c" + "wolfcrypt/src/md4.c" + "wolfcrypt/src/md5.c" + "wolfcrypt/src/memory.c" + "wolfcrypt/src/pkcs12.c" + "wolfcrypt/src/pkcs7.c" + "wolfcrypt/src/poly1305.c" + "wolfcrypt/src/pwdbased.c" + "wolfcrypt/src/rabbit.c" + "wolfcrypt/src/random.c" + "wolfcrypt/src/ripemd.c" + "wolfcrypt/src/rsa.c" + "wolfcrypt/src/sha.c" + "wolfcrypt/src/sha256.c" + "wolfcrypt/src/sha3.c" + "wolfcrypt/src/sha512.c" + "wolfcrypt/src/signature.c" + "wolfcrypt/src/sp_arm32.c" + "wolfcrypt/src/sp_arm64.c" + "wolfcrypt/src/sp_c32.c" + "wolfcrypt/src/sp_c64.c" + "wolfcrypt/src/sp_int.c" + "wolfcrypt/src/sp_x86_64.c" + "wolfcrypt/src/srp.c" + "wolfcrypt/src/tfm.c" + "wolfcrypt/src/wc_encrypt.c" + "wolfcrypt/src/wc_port.c" + "wolfcrypt/src/wolfevent.c" + "wolfcrypt/src/wolfmath.c" +) +set(COMPONENT_REQUIRES lwip) +set(COMPONENT_ADD_INCLUDEDIRS ../freertos/include/freertos) +register_component() diff --git a/IDE/Espressif/ESP-IDF/libs/component.mk b/IDE/Espressif/ESP-IDF/libs/component.mk new file mode 100644 index 000000000..784209fc8 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/libs/component.mk @@ -0,0 +1,13 @@ +# +# Component Makefile +# + +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += ../freertos/include/freertos/ + +COMPONENT_SRCDIRS := src wolfcrypt/src + +COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += src/bio.o diff --git a/IDE/Espressif/ESP-IDF/setup.sh b/IDE/Espressif/ESP-IDF/setup.sh new file mode 100755 index 000000000..40b307bef --- /dev/null +++ b/IDE/Espressif/ESP-IDF/setup.sh @@ -0,0 +1,106 @@ +#!/bin/bash + +# check if IDF_PATH is set +if [ -z "$IDF_PATH" ]; then + echo "Please follows the instruction of ESP-IDF installation and set IDF_PATH." + exit 1 +fi + +RMDCMD='/bin/rm -rf' +MKDCMD='/bin/mkdir' +CPDCMD='/bin/cp' + +SCRIPTDIR=`dirname $0` +SCRIPTDIR=`cd $SCRIPTDIR && pwd -P` +WOLFSSL_ESPIDFDIR=${SCRIPTDIR} +WOLFSSL_ESPIDFDIR=`cd $WOLFSSL_ESPIDFDIR && pwd -P` +BASEDIR=${SCRIPTDIR}/../../../ +BASEDIR=`cd ${BASEDIR} && pwd -P` + +# echo $WOLFSSL_ESPIDFDIR + +WOLFSSLLIB_TRG_DIR=${IDF_PATH}/components/wolfssl +WOLFSSLEXP_TRG_DIR=${IDF_PATH}/examples/protocols + +if [ ! -d $IDF_PATH ]; then + echo "ESP-IDF Development Framework doesn't exist.: $IDF_PATH" + exit 1 +fi + +# Copy files into ESP-IDF development framework +pushd $IDF_PATH > /dev/null + +echo "Copy files into $IDF_PATH" +# Remove/Create directories +${RMDCMD} ${WOLFSSLLIB_TRG_DIR}/ +${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/ + +${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/src +${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/wolfcrypt +${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/wolfssl + +popd > /dev/null # $WOLFSSL_ESPIDFDIR +pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR + +# copying ... files in src/ into $WOLFSSLLIB_TRG_DIR/src +${CPDCMD} ./src/*.c ${WOLFSSLLIB_TRG_DIR}/src/ + +${CPDCMD} -r ./wolfcrypt/src/ ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/ +${CPDCMD} -r ./wolfcrypt/test ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/ +${CPDCMD} -r ./wolfcrypt/benchmark ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/ + +${CPDCMD} -r ./wolfssl/*.h ${WOLFSSLLIB_TRG_DIR}/wolfssl/ +${CPDCMD} -r ./wolfssl/wolfcrypt ${WOLFSSLLIB_TRG_DIR}/wolfssl/ + +popd > /dev/null # + +${CPDCMD} ./libs/CMakeLists.txt ${WOLFSSLLIB_TRG_DIR}/ +${CPDCMD} ./libs/component.mk ${WOLFSSLLIB_TRG_DIR}/ + +pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR + +# Benchmark program +${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/ +${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/ +${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/ +${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/include + +${CPDCMD} -r ./wolfcrypt/benchmark/benchmark.c ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/ +${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/ +${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/main/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/ +${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/main/include/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/include/ + +# Crypt Test program +${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/ +${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/ +${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/ +${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/include + +${CPDCMD} -r ./wolfcrypt/test/test.c ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/ +${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/ +${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/main/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/ +${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/main/include/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/include/ + +# TLS Client program +${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/ +${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/ +${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/main/ +${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/main/include + +${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_client/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/ +${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_client/main/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/main/ +${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_client/main/include/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/main/include/ + +# TLS Server program +${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_server/ +${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_server/ +${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_server/main/ +${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_server/main/include + +${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_server/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_server/ +${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_server/main/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_server/main/ +${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_server/main/include/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_server/main/include/ + +popd > /dev/null # + +exit 1 diff --git a/IDE/GCC-ARM/Header/user_settings.h b/IDE/GCC-ARM/Header/user_settings.h index 19464bf18..58c8d86f8 100644 --- a/IDE/GCC-ARM/Header/user_settings.h +++ b/IDE/GCC-ARM/Header/user_settings.h @@ -48,9 +48,6 @@ extern "C" { /* ------------------------------------------------------------------------- */ /* Math Configuration */ /* ------------------------------------------------------------------------- */ -#undef USE_FAST_MATH -#define USE_FAST_MATH - #undef SIZEOF_LONG_LONG #define SIZEOF_LONG_LONG 8 diff --git a/IDE/GCC-ARM/README.md b/IDE/GCC-ARM/README.md index d110c1561..353a3c399 100644 --- a/IDE/GCC-ARM/README.md +++ b/IDE/GCC-ARM/README.md @@ -81,7 +81,7 @@ $ make $ make install ``` -If you are building for a 32-bit architecture, add `-DTIME_T_NOT_LONG` to the +If you are building for a 32-bit architecture, add `-DTIME_T_NOT_64BIT` to the list of CFLAGS. ## Example Build Output diff --git a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp index 8a103c23d..69b94ee2c 100644 --- a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp +++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp @@ -937,7 +937,7 @@ @@ -1960,9 +1960,6 @@ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\error.c - - $PROJ_DIR$\..\..\..\..\wolfcrypt\src\evp.c - $PROJ_DIR$\..\..\..\..\wolfcrypt\src\fe_low_mem.c @@ -2045,7 +2042,19 @@ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\signature.c - $PROJ_DIR$\..\..\..\..\wolfcrypt\src\sp.c + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\sp_arm32.c + + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\sp_arm64.c + + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\sp_c32.c + + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\sp_c64.c + + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\sp_int.c $PROJ_DIR$\..\..\..\..\wolfcrypt\src\srp.c @@ -2068,9 +2077,6 @@ wolfSSL - - $PROJ_DIR$\..\..\..\..\src\bio.c - $PROJ_DIR$\..\..\..\..\src\crl.c diff --git a/IDE/IAR-EWARM/Projects/user_settings.h b/IDE/IAR-EWARM/Projects/user_settings.h index 583f28b78..d2d3f838e 100644 --- a/IDE/IAR-EWARM/Projects/user_settings.h +++ b/IDE/IAR-EWARM/Projects/user_settings.h @@ -9,11 +9,12 @@ #define SIZEOF_LONG_LONG 8 #define NO_WOLFSSL_DIR #define WOLFSSL_NO_CURRDIR +#define NO_WOLF_C99 #define XVALIDATEDATE(d, f,t) (0) #define WOLFSSL_USER_CURRTIME /* for benchmark */ -#define WOLFSSL_GENSEED_FORTEST /* Wardning: define your own seed gen */ +#define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */ #define TFM_TIMING_RESISTANT #define ECC_TIMING_RESISTANT diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c b/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c index 0faae8ecd..45c796705 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c @@ -155,7 +155,7 @@ void HardFault_HandlerC( uint32_t *hardfault_args ) printf ("BFAR = %x\n", _BFAR); // Break into the debugger - __asm("BKPT #0\n"); + __asm("BKPT #0\n"); } __attribute__( ( naked ) ) diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c b/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c index 25f50ae7e..e205f2cb5 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c @@ -25,6 +25,7 @@ #endif #include +#include #include #include @@ -42,6 +43,7 @@ void main(void) { int test_num = 0; + wolfCrypt_Init(); /* required for ksdk_port_init */ do { /* Used for testing, must have a delay so no data is missed while serial is initializing */ @@ -68,6 +70,8 @@ void main(void) printf("\n&&&&&&&&&&&&&& done &&&&&&&&&&&&&\n"); delay_us(1000000); #endif + + wolfCrypt_Cleanup(); } /* diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c b/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c index 2b1e76fde..bb483aa01 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c @@ -26,6 +26,7 @@ #endif #include +#include #include #include #include "hw.h" @@ -43,6 +44,7 @@ void main(void) { int test_num = 0; + wolfCrypt_Init(); /* required for ksdk_port_init */ do { /* Used for testing, must have a delay so no data is missed while serial is initializing */ @@ -68,6 +70,8 @@ void main(void) printf("\n&&&&&&&&&&&&&& done &&&&&&&&&&&&&\n"); delay_us(1000000); #endif + + wolfCrypt_Cleanup(); } diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h b/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h index b9f3ae150..63279511e 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h +++ b/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h @@ -19,7 +19,10 @@ extern "C" { #define SINGLE_THREADED #undef WOLFSSL_SMALL_STACK -#define WOLFSSL_SMALL_STACK +//#define WOLFSSL_SMALL_STACK + +#undef WOLFSSL_SMALL_STACK_CACHE +//#define WOLFSSL_SMALL_STACK_CACHE /* ------------------------------------------------------------------------- */ @@ -58,7 +61,7 @@ extern "C" { #define HAVE_ECC224 #undef NO_ECC256 #define HAVE_ECC384 - #ifndef USE_NXP_LTC /* NXP LTC HW supports up to 512 */ + #ifndef USE_NXP_LTC /* NXP LTC HW supports up to 384 */ #define HAVE_ECC521 #endif @@ -221,7 +224,7 @@ extern "C" { #endif #ifdef USE_NXP_LTC #define FREESCALE_USE_LTC - #define LTC_MAX_ECC_BITS (512) + #define LTC_MAX_ECC_BITS (384) #define LTC_MAX_INT_BYTES (256) //#define FREESCALE_LTC_TFM_RSA_4096_ENABLE diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp b/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp index f9be95d06..5a474b301 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp +++ b/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp @@ -4,7 +4,7 @@ @@ -338,7 +338,7 @@ arm_simulator_memory_simulation_parameter="MK82FN256xxx15;0x40000;0x0;0x0;0x40000;4" arm_target_loader_applicable_loaders="Flash" arm_target_loader_default_loader="Flash" - c_preprocessor_definitions="WOLFSSL_ROWLEY_ARM;WOLFSSL_USER_SETTINGS" + c_preprocessor_definitions="WOLFSSL_ROWLEY_ARM;WOLFSSL_USER_SETTINGS;USE_NXP_MMCAU;USE_NXP_LTC" c_user_include_directories=".;./drivers;./mmcau_2.0.0;./CMSIS/Include;../;../../;$(TargetsDir);$(TargetsDir)/Kinetis;$(TargetsDir)/Kinetis/CMSIS;$(TargetsDir)/Kinetis/CMSIS/include;$(TargetsDir)/CMSIS_3/CMSIS/include" debug_register_definition_file="$(TargetsDir)/Kinetis/MK82F25615_Peripherals.xml" linker_memory_map_file="$(TargetsDir)/Kinetis/MK82FN256xxx15_MemoryMap.xml" @@ -511,7 +511,7 @@