wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-05-06 09:16:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

wolfSSL as a Zephyr module

Browse Source
This commit is contained in:
Maxime Vincent
2021-07-29 11:11:20 +02:00
parent 0ec848e2bd
commit 9d562a59bc
34 changed files with 265 additions and 311 deletions
Download Patch File Download Diff File Expand all files Collapse all files
zephyr/samples/wolfssl_test/CMakeLists.txt
+9
View File
@@ -0,0 +1,9 @@
cmake_minimum_required(VERSION 3.13.1)
include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
project(wolfssl_test)
target_sources(app PRIVATE ${ZEPHYR_WOLFSSL_MODULE_DIR}/wolfcrypt/test/test.c)
target_include_directories(app PRIVATE ${ZEPHYR_WOLFSSL_MODULE_DIR}/wolfcrypt/test)
target_sources(app PRIVATE ${app_sources})
add_definitions(-DWOLFSSL_USER_SETTINGS)
zephyr/samples/wolfssl_test/README
+12
View File
@@ -0,0 +1,12 @@
wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
under the GPLv2 or a standard commercial license. For our users who cannot use
wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
Please contact wolfSSL Inc. directly at:
Email: licensing@wolfssl.com
Phone: +1 425 245-8247
More information can be found on the wolfSSL website at www.wolfssl.com.
zephyr/samples/wolfssl_test/install_test.sh
Executable
+49
View File
@@ -0,0 +1,49 @@
#!/bin/sh
WOLFSSL_SRC_DIR=../../..
if [ ! -d $WOLFSSL_SRC_DIR ]; then
echo "Directory does not exist: $WOLFSSL_SRC_DIR"
exit 1
fi
if [ ! -f $WOLFSSL_SRC_DIR/wolfcrypt/test/test.c ]; then
echo "Missing source file: $WOLFSSL_SRC_DIR/wolfcrypt/test/test.h"
exit 1
fi
ZEPHYR_DIR=
if [ $# -ne 1 ]; then
echo "Need location of zephyr project as a command line argument"
exit 1
else
ZEPHYR_DIR=$1
fi
if [ ! -d $ZEPHR_DIR ]; then
echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
exit 1
fi
ZEPHYR_SAMPLES_DIR=$ZEPHYR_DIR/zephyr/samples/modules
if [ ! -d $ZEPHYR_SAMPLES_DIR ]; then
echo "Zephyr samples/modules directory does not exist: $ZEPHYR_SAMPLES_DIR"
exit 1
fi
ZEPHYR_WOLFSSL_DIR=$ZEPHYR_SAMPLES_DIR/wolfssl_test
echo "wolfSSL directory:"
echo " $ZEPHYR_WOLFSSL_DIR"
rm -rf $ZEPHYR_WOLFSSL_DIR
mkdir $ZEPHYR_WOLFSSL_DIR
echo "Copy in Build files ..."
cp -r * $ZEPHYR_WOLFSSL_DIR/
rm $ZEPHYR_WOLFSSL_DIR/$0
echo "Copy Source Code ..."
rm -rf $ZEPHYR_WOLFSSL_DIR/src
mkdir $ZEPHYR_WOLFSSL_DIR/src
cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/test/test.c $ZEPHYR_WOLFSSL_DIR/src/
cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/test/test.h $ZEPHYR_WOLFSSL_DIR/src/
echo "Done"
zephyr/samples/wolfssl_test/prj.conf
+16
View File
@@ -0,0 +1,16 @@
CONFIG_MAIN_STACK_SIZE=32768
CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=16384
# TLS configuration
CONFIG_WOLFSSL=y
CONFIG_WOLFSSL_BUILTIN=y
# Logging
CONFIG_PRINTK=y
CONFIG_WOLFSSL_DEBUG=y
# Entropy
CONFIG_ENTROPY_GENERATOR=y
CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
zephyr/samples/wolfssl_test/sample.yaml
+7
View File
@@ -0,0 +1,7 @@
common:
min_flash: 65
min_ram: 36
tags: crypto wolfssl userspace random
tests:
crypto.wolfssl_test:
platform_whitelist: qemu_x86
zephyr/samples/wolfssl_tls_sock/CMakeLists.txt
+8
View File
@@ -0,0 +1,8 @@
cmake_minimum_required(VERSION 3.13.1)
include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
project(wolfssl_tls_threaded)
FILE(GLOB app_sources src/*.c)
target_sources(app PRIVATE ${app_sources})
add_definitions(-DWOLFSSL_USER_SETTINGS)
zephyr/samples/wolfssl_tls_sock/README
+12
View File
@@ -0,0 +1,12 @@
wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
under the GPLv2 or a standard commercial license. For our users who cannot use
wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
Please contact wolfSSL Inc. directly at:
Email: licensing@wolfssl.com
Phone: +1 425 245-8247
More information can be found on the wolfSSL website at www.wolfssl.com.
zephyr/samples/wolfssl_tls_sock/install_sample.sh
Executable
+31
View File
@@ -0,0 +1,31 @@
#!/bin/sh
ZEPHYR_DIR=
if [ $# -ne 1 ]; then
echo "Need location of zephyr project as a command line argument"
exit 1
else
ZEPHYR_DIR=$1
fi
if [ ! -d $ZEPHR_DIR ]; then
echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
exit 1
fi
ZEPHYR_SAMPLES_DIR=$ZEPHYR_DIR/zephyr/samples/modules
if [ ! -d $ZEPHYR_SAMPLES_DIR ]; then
echo "Zephyr samples/module directory does not exist: $ZEPHYR_SAMPLES_DIR"
exit 1
fi
ZEPHYR_WOLFSSL_DIR=$ZEPHYR_SAMPLES_DIR/wolfssl_tls_sock
echo "wolfSSL directory:"
echo " $ZEPHYR_WOLFSSL_DIR"
rm -rf $ZEPHYR_WOLFSSL_DIR
mkdir $ZEPHYR_WOLFSSL_DIR
echo "Copy in Sample files ..."
cp -r * $ZEPHYR_WOLFSSL_DIR/
rm $ZEPHYR_WOLFSSL_DIR/$0
echo "Done"
zephyr/samples/wolfssl_tls_sock/prj.conf
+52
View File
@@ -0,0 +1,52 @@
# Kernel options
CONFIG_MAIN_STACK_SIZE=16384
CONFIG_ENTROPY_GENERATOR=y
CONFIG_INIT_STACKS=y
CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
# General config
CONFIG_NEWLIB_LIBC=y
# Networking config
CONFIG_NETWORKING=y
CONFIG_NET_IPV4=y
CONFIG_NET_IPV6=n
CONFIG_NET_TCP=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_NET_TEST=y
CONFIG_NET_LOOPBACK=y
CONFIG_DNS_RESOLVER=y
CONFIG_DNS_SERVER_IP_ADDRESSES=y
CONFIG_DNS_SERVER1="192.0.2.2"
# Network driver config
CONFIG_TEST_RANDOM_GENERATOR=y
# Network address config
CONFIG_NET_CONFIG_SETTINGS=y
CONFIG_NET_CONFIG_NEED_IPV4=y
CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.0.2.1"
CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.0.2.2"
CONFIG_NET_CONFIG_MY_IPV4_GW="192.0.2.2"
CONFIG_NET_PKT_TX_COUNT=10
# Network debug config
#CONFIG_NET_LOG=y
#CONFIG_NET_PKT_LOG_LEVEL_DBG=y
# Logging
CONFIG_PRINTK=y
#CONFIG_WOLFSSL_DEBUG=y
# TLS configuration
CONFIG_WOLFSSL=y
CONFIG_WOLFSSL_BUILTIN=y
CONFIG_WOLFSSL_TLS_VERSION_1_2=y
CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y
zephyr/samples/wolfssl_tls_sock/sample.yaml
+9
View File
@@ -0,0 +1,9 @@
common:
harness: crypto
tags: crypto
sample:
description: wolfSSL TLS test application
name: wolfSSL TLS Test
tests:
test:
platform_whitelist: qemu_x86
zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
+502
View File
@@ -0,0 +1,502 @@
/* tls_sock.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#define USE_CERT_BUFFERS_2048
#include <wolfssl/certs_test.h>
#include <wolfssl/test.h>
#ifdef WOLFSSL_ZEPHYR
#define printf printk
#endif
#define BUFFER_SIZE 2048
#define STATIC_MEM_SIZE (96*1024)
#define THREAD_STACK_SIZE (12*1024)
#define MAX_SEND_SIZE 256
/* The stack to use in the server's thread. */
K_THREAD_STACK_DEFINE(server_stack, THREAD_STACK_SIZE);
#ifdef WOLFSSL_STATIC_MEMORY
static WOLFSSL_HEAP_HINT* HEAP_HINT_SERVER;
static WOLFSSL_HEAP_HINT* HEAP_HINT_CLIENT;
static byte gMemoryServer[STATIC_MEM_SIZE];
static byte gMemoryClient[STATIC_MEM_SIZE];
#else
#define HEAP_HINT_SERVER NULL
#define HEAP_HINT_CLIENT NULL
#endif /* WOLFSSL_STATIC_MEMORY */
/* Application data to send. */
static const char msgHTTPGet[] = "GET /index.html HTTP/1.0\r\n\r\n";
static const char msgHTTPIndex[] =
"HTTP/1.1 200 OK\n"
"Content-Type: text/html\n"
"Connection: close\n"
"\n"
"<html>\n"
"<head>\n"
"<title>Welcome to wolfSSL!</title>\n"
"</head>\n"
"<body>\n"
"<p>wolfSSL has successfully performed handshake!</p>\n"
"</body>\n"
"</html>\n";
/* Create a new wolfSSL client with a server CA certificate. */
static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
{
int ret = 0;
WOLFSSL_CTX* client_ctx = NULL;
WOLFSSL* client_ssl = NULL;
/* Create and initialize WOLFSSL_CTX */
if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
HEAP_HINT_CLIENT)) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
ret = -1;
}
if (ret == 0) {
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_cert_der_2048,
sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) !=
WOLFSSL_SUCCESS) {
printf("ERROR: failed to load CA certificate\n");
ret = -1;
}
}
if (ret == 0) {
/* Create a WOLFSSL object */
if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) {
printf("ERROR: failed to create WOLFSSL object\n");
ret = -1;
}
}
if (ret == 0) {
/* Return newly created wolfSSL context and object */
*ctx = client_ctx;
*ssl = client_ssl;
}
else {
if (client_ssl != NULL)
wolfSSL_free(client_ssl);
if (client_ctx != NULL)
wolfSSL_CTX_free(client_ctx);
}
return ret;
}
/* Client connecting to server using TLS */
static int wolfssl_client_connect(WOLFSSL* ssl)
{
int ret = 0;
if (wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
printf("wolfSSL Error: %d\n", wolfSSL_get_error(ssl, -1));
if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
ret = -1;
}
return ret;
}
/* Create a new wolfSSL server with a certificate for authentication. */
static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
{
int ret = 0;
WOLFSSL_CTX* server_ctx = NULL;
WOLFSSL* server_ssl = NULL;
/* Create and initialize WOLFSSL_CTX */
if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
HEAP_HINT_SERVER)) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
ret = -1;
}
if (ret == 0) {
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_buffer(server_ctx,
server_cert_der_2048, sizeof_server_cert_der_2048,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: failed to load server certificate\n");
ret = -1;
}
}
if (ret == 0) {
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_buffer(server_ctx,
server_key_der_2048, sizeof_server_key_der_2048,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: failed to load server key\n");
ret = -1;
}
}
if (ret == 0) {
/* Create a WOLFSSL object */
if ((server_ssl = wolfSSL_new(server_ctx)) == NULL) {
printf("ERROR: failed to create WOLFSSL object\n");
ret = -1;
}
}
if (ret == 0) {
/* Return newly created wolfSSL context and object */
*ctx = server_ctx;
*ssl = server_ssl;
}
else {
if (server_ssl != NULL)
wolfSSL_free(server_ssl);
if (server_ctx != NULL)
wolfSSL_CTX_free(server_ctx);
}
return ret;
}
/* Server accepting a client using TLS */
static int wolfssl_server_accept(WOLFSSL* ssl)
{
int ret = 0;
if (wolfSSL_accept(ssl) != WOLFSSL_SUCCESS) {
printf("wolfSSL Error: %d\n", wolfSSL_get_error(ssl, -1));
if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
ret = -1;
}
return ret;
}
/* Send application data. */
static int wolfssl_send(WOLFSSL* ssl, const char* msg)
{
int ret = 0;
int len;
printf("Sending:\n%s\n", msg);
len = wolfSSL_write(ssl, msg, XSTRLEN(msg));
if (len < 0)
ret = len;
else if (len != XSTRLEN(msg))
ret = -1;
return ret;
}
/* Receive application data. */
static int wolfssl_recv(WOLFSSL* ssl)
{
int ret;
byte reply[256];
ret = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (ret > 0) {
reply[ret] = '\0';
printf("Received:\n%s\n", reply);
ret = 1;
}
else if (wolfSSL_want_read(ssl) || wolfSSL_want_write(ssl))
ret = 0;
return ret;
}
/* Free the WOLFSSL object and context. */
static void wolfssl_free(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
{
if (ssl != NULL)
wolfSSL_free(ssl);
if (ctx != NULL)
wolfSSL_CTX_free(ctx);
}
/* Display the static memory usage. */
static void wolfssl_memstats(WOLFSSL* ssl)
{
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_MEM_CONN_STATS ssl_stats;
XMEMSET(&ssl_stats, 0 , sizeof(ssl_stats));
if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
printf("static memory was not used with ssl");
else {
printf("*** This is memory state before wolfSSL_free is called\n");
printf("peak connection memory = %d\n", ssl_stats.peakMem);
printf("current memory in use = %d\n", ssl_stats.curMem);
printf("peak connection allocs = %d\n", ssl_stats.peakAlloc);
printf("current connection allocs = %d\n",ssl_stats.curAlloc);
printf("total connection allocs = %d\n",ssl_stats.totalAlloc);
printf("total connection frees = %d\n\n", ssl_stats.totalFr);
}
#else
(void)ssl;
#endif
}
/* Start the server thread. */
void start_thread(THREAD_FUNC func, func_args* args, THREAD_TYPE* thread)
{
k_thread_create(thread, server_stack, K_THREAD_STACK_SIZEOF(server_stack),
func, args, NULL, NULL, 5, 0, K_NO_WAIT);
}
void join_thread(THREAD_TYPE thread)
{
/* Threads are handled in the kernel. */
}
int wolfssl_server_accept_tcp(WOLFSSL* ssl, SOCKET_T* fd, SOCKET_T* acceptfd)
{
int ret = 0;
SOCKET_T sockfd;
SOCKET_T clientfd = WOLFSSL_SOCKET_INVALID;
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
word16 port = 443;
struct sockaddr_in bind_addr;
sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
bind_addr.sin_family = AF_INET;
bind_addr.sin_addr.s_addr = htonl(INADDR_ANY);
bind_addr.sin_port = htons(port);
if (bind(sockfd, (struct sockaddr *)&bind_addr, sizeof(bind_addr)) != 0)
ret = -1;
if (ret == 0) {
*fd = sockfd;
printf("Server Listen\n");
listen(sockfd, 5);
if (WOLFSSL_SOCKET_IS_INVALID(sockfd))
ret = -1;
}
if (ret == 0) {
printf("Server Accept\n");
clientfd = accept(sockfd, (struct sockaddr*)&client,
(ACCEPT_THIRD_T)&client_len);
if (WOLFSSL_SOCKET_IS_INVALID(clientfd))
ret = -1;
}
if (ret == 0) {
*acceptfd = clientfd;
tcp_set_nonblocking(&clientfd);
printf("Server has client\n");
if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS)
ret = -1;
}
return ret;
}
/* Thread to do the server operations. */
void server_thread(void* arg1, void* arg2, void* arg3)
{
int ret = 0;
WOLFSSL_CTX* server_ctx = NULL;
WOLFSSL* server_ssl = NULL;
SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
SOCKET_T clientfd = WOLFSSL_SOCKET_INVALID;
#ifdef WOLFSSL_STATIC_MEMORY
if (wc_LoadStaticMemory(&HEAP_HINT_SERVER, gMemoryServer,
sizeof(gMemoryServer),
WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
printf("unable to load static memory");
ret = -1;
}
if (ret == 0)
#endif
ret = wolfssl_server_new(&server_ctx, &server_ssl);
if (ret == 0)
ret = wolfssl_server_accept_tcp(server_ssl, &sockfd, &clientfd);
while (ret == 0) {
k_sleep(Z_TIMEOUT_TICKS(100));
ret = wolfssl_server_accept(server_ssl);
if (ret == 0 && wolfSSL_is_init_finished(server_ssl))
break;
}
/* Receive HTTP request */
while (ret == 0) {
ret = wolfssl_recv(server_ssl);
}
if (ret == 1)
ret = 0;
/* Send HTTP response */
if (ret == 0)
ret = wolfssl_send(server_ssl, msgHTTPIndex);
printf("Server Return: %d\n", ret);
#ifdef WOLFSSL_STATIC_MEMORY
printf("Server Memory Stats\n");
#endif
wolfssl_memstats(server_ssl);
wolfssl_free(server_ctx, server_ssl);
if (clientfd != WOLFSSL_SOCKET_INVALID)
CloseSocket(clientfd);
if (sockfd != WOLFSSL_SOCKET_INVALID)
CloseSocket(sockfd);
}
int wolfssl_client_connect_tcp(WOLFSSL* ssl, SOCKET_T* fd)
{
int ret = 0;
SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
static struct addrinfo hints;
struct addrinfo* res;
XMEMSET(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
if (getaddrinfo("192.0.2.1", "443", &hints, &res) != 0)
ret = -1;
if (ret == 0) {
printf("Client socket\n");
sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (WOLFSSL_SOCKET_IS_INVALID(sockfd))
ret = -1;
}
if (ret == 0) {
*fd = sockfd;
tcp_set_nonblocking(&sockfd);
printf("Client Connect\n");
if (connect(sockfd, res->ai_addr, res->ai_addrlen) != 0)
ret = -1;
}
if (ret == 0) {
printf("Client Connected\n");
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS)
ret = -1;
}
return ret;
}
/* Thread to do the client operations. */
void client_thread()
{
int ret = 0;
WOLFSSL_CTX* client_ctx = NULL;
WOLFSSL* client_ssl = NULL;
SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
#ifdef WOLFSSL_STATIC_MEMORY
if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
sizeof(gMemoryClient),
WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
printf("unable to load static memory");
ret = -1;
}
if (ret == 0)
#endif
{
/* Client connection */
ret = wolfssl_client_new(&client_ctx, &client_ssl);
}
if (ret == 0)
ret = wolfssl_client_connect_tcp(client_ssl, &sockfd);
while (ret == 0) {
k_sleep(Z_TIMEOUT_TICKS(10));
ret = wolfssl_client_connect(client_ssl);
if (ret == 0 && wolfSSL_is_init_finished(client_ssl))
break;
}
if (ret == 0) {
printf("Handshake complete\n");
/* Send HTTP request */
ret = wolfssl_send(client_ssl, msgHTTPGet);
}
/* Receive HTTP response */
while (ret == 0) {
k_sleep(Z_TIMEOUT_TICKS(10));
ret = wolfssl_recv(client_ssl);
}
if (ret == 1)
ret = 0;
printf("Client Return: %d\n", ret);
#ifdef WOLFSSL_STATIC_MEMORY
printf("Client Memory Stats\n");
#endif
wolfssl_memstats(client_ssl);
wolfssl_free(client_ctx, client_ssl);
if (sockfd != WOLFSSL_SOCKET_INVALID)
CloseSocket(sockfd);
}
int main()
{
THREAD_TYPE serverThread;
wolfSSL_Init();
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
/* Start server */
start_thread(server_thread, NULL, &serverThread);
k_sleep(Z_TIMEOUT_TICKS(100));
client_thread();
join_thread(serverThread);
wolfSSL_Cleanup();
printf("Done\n");
return 0;
}
zephyr/samples/wolfssl_tls_thread/CMakeLists.txt
+8
View File
@@ -0,0 +1,8 @@
cmake_minimum_required(VERSION 3.13.1)
include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
project(wolfssl_tls_threaded)
FILE(GLOB app_sources src/*.c)
target_sources(app PRIVATE ${app_sources})
add_definitions(-DWOLFSSL_USER_SETTINGS)
zephyr/samples/wolfssl_tls_thread/README
+12
View File
@@ -0,0 +1,12 @@
wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
under the GPLv2 or a standard commercial license. For our users who cannot use
wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
Please contact wolfSSL Inc. directly at:
Email: licensing@wolfssl.com
Phone: +1 425 245-8247
More information can be found on the wolfSSL website at www.wolfssl.com.
zephyr/samples/wolfssl_tls_thread/install_sample.sh
Executable
+31
View File
@@ -0,0 +1,31 @@
#!/bin/sh
ZEPHYR_DIR=
if [ $# -ne 1 ]; then
echo "Need location of zephyr project as a command line argument"
exit 1
else
ZEPHYR_DIR=$1
fi
if [ ! -d $ZEPHR_DIR ]; then
echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
exit 1
fi
ZEPHYR_SAMPLES_DIR=$ZEPHYR_DIR/zephyr/samples/modules
if [ ! -d $ZEPHYR_SAMPLES_DIR ]; then
echo "Zephyr samples/modules directory does not exist: $ZEPHYR_SAMPLES_DIR"
exit 1
fi
ZEPHYR_WOLFSSL_DIR=$ZEPHYR_SAMPLES_DIR/wolfssl_tls_thread
echo "wolfSSL directory:"
echo " $ZEPHYR_WOLFSSL_DIR"
rm -rf $ZEPHYR_WOLFSSL_DIR
mkdir $ZEPHYR_WOLFSSL_DIR
echo "Copy in Sample files ..."
cp -r * $ZEPHYR_WOLFSSL_DIR/
rm $ZEPHYR_WOLFSSL_DIR/$0
echo "Done"
zephyr/samples/wolfssl_tls_thread/prj.conf
+28
View File
@@ -0,0 +1,28 @@
# Kernel options
CONFIG_MAIN_STACK_SIZE=16384
CONFIG_ENTROPY_GENERATOR=y
CONFIG_INIT_STACKS=y
CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
# Networking
CONFIG_NETWORKING=y
CONFIG_NET_TEST=y
CONFIG_NET_LOOPBACK=y
CONFIG_NET_IPV4=y
CONFIG_NET_IPV6=y
CONFIG_NET_SOCKETS=y
CONFIG_DNS_RESOLVER=y
# Logging
CONFIG_PRINTK=y
#CONFIG_WOLFSSL_DEBUG=y
# TLS configuration
CONFIG_WOLFSSL=y
CONFIG_WOLFSSL_BUILTIN=y
CONFIG_WOLFSSL_TLS_VERSION_1_2=y
CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y
zephyr/samples/wolfssl_tls_thread/sample.yaml
+9
View File
@@ -0,0 +1,9 @@
common:
harness: crypto
tags: crypto
sample:
description: wolfSSL TLS test application
name: wolfSSL TLS Test
tests:
test:
platform_whitelist: qemu_x86
zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c
+501
View File
@@ -0,0 +1,501 @@
/* tls_threaded.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#define USE_CERT_BUFFERS_2048
#include <wolfssl/certs_test.h>
#include <wolfssl/test.h>
#ifdef WOLFSSL_ZEPHYR
#define printf printk
#endif
#define BUFFER_SIZE 2048
#define STATIC_MEM_SIZE (96*1024)
#define THREAD_STACK_SIZE (12*1024)
/* The stack to use in the server's thread. */
K_THREAD_STACK_DEFINE(server_stack, THREAD_STACK_SIZE);
#ifdef WOLFSSL_STATIC_MEMORY
static WOLFSSL_HEAP_HINT* HEAP_HINT_SERVER;
static WOLFSSL_HEAP_HINT* HEAP_HINT_CLIENT;
static byte gMemoryServer[STATIC_MEM_SIZE];
static byte gMemoryClient[STATIC_MEM_SIZE];
#else
#define HEAP_HINT_SERVER NULL
#define HEAP_HINT_CLIENT NULL
#endif /* WOLFSSL_STATIC_MEMORY */
/* Buffer to hold data for client to read. */
unsigned char client_buffer[BUFFER_SIZE];
int client_buffer_sz = 0;
wolfSSL_Mutex client_mutex;
/* Buffer to hold data for server to read. */
unsigned char server_buffer[BUFFER_SIZE];
int server_buffer_sz = 0;
wolfSSL_Mutex server_mutex;
/* Application data to send. */
static const char msgHTTPGet[] = "GET /index.html HTTP/1.0\r\n\r\n";
static const char msgHTTPIndex[] =
"HTTP/1.1 200 OK\n"
"Content-Type: text/html\n"
"Connection: close\n"
"\n"
"<html>\n"
"<head>\n"
"<title>Welcome to wolfSSL!</title>\n"
"</head>\n"
"<body>\n"
"<p>wolfSSL has successfully performed handshake!</p>\n"
"</body>\n"
"</html>\n";
/* wolfSSL client wants to read data from the server. */
static int recv_client(WOLFSSL* ssl, char* buff, int sz, void* ctx)
{
wc_LockMutex(&client_mutex);
if (client_buffer_sz > 0) {
/* Take as many bytes is available or requested from buffer. */
if (sz > client_buffer_sz)
sz = client_buffer_sz;
XMEMCPY(buff, client_buffer, sz);
if (sz < client_buffer_sz) {
XMEMMOVE(client_buffer, client_buffer + sz, client_buffer_sz - sz);
}
client_buffer_sz -= sz;
}
else
sz = WOLFSSL_CBIO_ERR_WANT_READ;
wc_UnLockMutex(&client_mutex);
return sz;
}
/* wolfSSL client wants to write data to the server. */
static int send_client(WOLFSSL* ssl, char* buff, int sz, void* ctx)
{
wc_LockMutex(&server_mutex);
if (server_buffer_sz < BUFFER_SIZE)
{
/* Put in as many bytes requested or will fit in buffer. */
if (sz > BUFFER_SIZE - server_buffer_sz)
sz = BUFFER_SIZE - server_buffer_sz;
XMEMCPY(server_buffer + server_buffer_sz, buff, sz);
server_buffer_sz += sz;
}
else
sz = WOLFSSL_CBIO_ERR_WANT_WRITE;
wc_UnLockMutex(&server_mutex);
return sz;
}
/* wolfSSL server wants to read data from the client. */
static int recv_server(WOLFSSL* ssl, char* buff, int sz, void* ctx)
{
wc_LockMutex(&server_mutex);
if (server_buffer_sz > 0) {
/* Take as many bytes is available or requested from buffer. */
if (sz > server_buffer_sz)
sz = server_buffer_sz;
XMEMCPY(buff, server_buffer, sz);
if (sz < server_buffer_sz) {
XMEMMOVE(server_buffer, server_buffer + sz, server_buffer_sz - sz);
}
server_buffer_sz -= sz;
}
else
sz = WOLFSSL_CBIO_ERR_WANT_READ;
wc_UnLockMutex(&server_mutex);
return sz;
}
/* wolfSSL server wants to write data to the client. */
static int send_server(WOLFSSL* ssl, char* buff, int sz, void* ctx)
{
wc_LockMutex(&client_mutex);
if (client_buffer_sz < BUFFER_SIZE)
{
/* Put in as many bytes requested or will fit in buffer. */
if (sz > BUFFER_SIZE - client_buffer_sz)
sz = BUFFER_SIZE - client_buffer_sz;
XMEMCPY(client_buffer + client_buffer_sz, buff, sz);
client_buffer_sz += sz;
}
else
sz = WOLFSSL_CBIO_ERR_WANT_WRITE;
wc_UnLockMutex(&client_mutex);
return sz;
}
/* Create a new wolfSSL client with a server CA certificate. */
static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
{
int ret = 0;
WOLFSSL_CTX* client_ctx = NULL;
WOLFSSL* client_ssl = NULL;
/* Create and initialize WOLFSSL_CTX */
if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
HEAP_HINT_CLIENT)) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
ret = -1;
}
if (ret == 0) {
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_cert_der_2048,
sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) !=
WOLFSSL_SUCCESS) {
printf("ERROR: failed to load CA certificate\n");
ret = -1;
}
}
if (ret == 0) {
/* Register callbacks */
wolfSSL_SetIORecv(client_ctx, recv_client);
wolfSSL_SetIOSend(client_ctx, send_client);
/* Create a WOLFSSL object */
if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) {
printf("ERROR: failed to create WOLFSSL object\n");
ret = -1;
}
}
if (ret == 0) {
/* make wolfSSL object nonblocking */
wolfSSL_set_using_nonblock(client_ssl, 1);
/* Return newly created wolfSSL context and object */
*ctx = client_ctx;
*ssl = client_ssl;
}
else {
if (client_ssl != NULL)
wolfSSL_free(client_ssl);
if (client_ctx != NULL)
wolfSSL_CTX_free(client_ctx);
}
return ret;
}
/* Client connecting to server using TLS */
static int wolfssl_client_connect(WOLFSSL* ssl)
{
int ret = 0;
if (wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
ret = -1;
}
return ret;
}
/* Create a new wolfSSL server with a certificate for authentication. */
static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
{
int ret = 0;
WOLFSSL_CTX* server_ctx = NULL;
WOLFSSL* server_ssl = NULL;
/* Create and initialize WOLFSSL_CTX */
if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
HEAP_HINT_SERVER)) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
ret = -1;
}
if (ret == 0) {
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_buffer(server_ctx,
server_cert_der_2048, sizeof_server_cert_der_2048,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: failed to load server certificate\n");
ret = -1;
}
}
if (ret == 0) {
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_buffer(server_ctx,
server_key_der_2048, sizeof_server_key_der_2048,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: failed to load server key\n");
ret = -1;
}
}
if (ret == 0) {
/* Register callbacks */
wolfSSL_SetIORecv(server_ctx, recv_server);
wolfSSL_SetIOSend(server_ctx, send_server);
/* Create a WOLFSSL object */
if ((server_ssl = wolfSSL_new(server_ctx)) == NULL) {
printf("ERROR: failed to create WOLFSSL object\n");
ret = -1;
}
}
if (ret == 0) {
/* make wolfSSL object nonblocking */
wolfSSL_set_using_nonblock(server_ssl, 1);
/* Return newly created wolfSSL context and object */
*ctx = server_ctx;
*ssl = server_ssl;
}
else {
if (server_ssl != NULL)
wolfSSL_free(server_ssl);
if (server_ctx != NULL)
wolfSSL_CTX_free(server_ctx);
}
return ret;
}
/* Server accepting a client using TLS */
static int wolfssl_server_accept(WOLFSSL* ssl)
{
int ret = 0;
if (wolfSSL_accept(ssl) != WOLFSSL_SUCCESS) {
if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
ret = -1;
}
return ret;
}
/* Send application data. */
static int wolfssl_send(WOLFSSL* ssl, const char* msg)
{
int ret = 0;
int len;
printf("Sending:\n%s\n", msg);
len = wolfSSL_write(ssl, msg, XSTRLEN(msg));
if (len < 0)
ret = len;
else if (len != XSTRLEN(msg))
ret = -1;
return ret;
}
/* Receive application data. */
static int wolfssl_recv(WOLFSSL* ssl)
{
int ret;
byte reply[256];
ret = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (ret > 0) {
reply[ret] = '\0';
printf("Received:\n%s\n", reply);
ret = 1;
}
else if (wolfSSL_want_read(ssl) || wolfSSL_want_write(ssl))
ret = 0;
return ret;
}
/* Free the WOLFSSL object and context. */
static void wolfssl_free(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
{
if (ssl != NULL)
wolfSSL_free(ssl);
if (ctx != NULL)
wolfSSL_CTX_free(ctx);
}
/* Display the static memory usage. */
static void wolfssl_memstats(WOLFSSL* ssl)
{
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_MEM_CONN_STATS ssl_stats;
XMEMSET(&ssl_stats, 0 , sizeof(ssl_stats));
if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
printf("static memory was not used with ssl");
else {
printf("*** This is memory state before wolfSSL_free is called\n");
printf("peak connection memory = %d\n", ssl_stats.peakMem);
printf("current memory in use = %d\n", ssl_stats.curMem);
printf("peak connection allocs = %d\n", ssl_stats.peakAlloc);
printf("current connection allocs = %d\n",ssl_stats.curAlloc);
printf("total connection allocs = %d\n",ssl_stats.totalAlloc);
printf("total connection frees = %d\n\n", ssl_stats.totalFr);
}
#else
(void)ssl;
#endif
}
/* Start the server thread. */
void start_thread(THREAD_FUNC func, func_args* args, THREAD_TYPE* thread)
{
k_thread_create(thread, server_stack, K_THREAD_STACK_SIZEOF(server_stack),
func, args, NULL, NULL, 5, 0, K_NO_WAIT);
}
void join_thread(THREAD_TYPE thread)
{
/* Threads are handled in the kernel. */
}
/* Thread to do the server operations. */
void server_thread(void* arg1, void* arg2, void* arg3)
{
int ret = 0;
WOLFSSL_CTX* server_ctx = NULL;
WOLFSSL* server_ssl = NULL;
#ifdef WOLFSSL_STATIC_MEMORY
if (wc_LoadStaticMemory(&HEAP_HINT_SERVER, gMemoryServer,
sizeof(gMemoryServer),
WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
printf("unable to load static memory");
ret = -1;
}
if (ret == 0)
#endif
ret = wolfssl_server_new(&server_ctx, &server_ssl);
while (ret == 0) {
ret = wolfssl_server_accept(server_ssl);
if (ret == 0 && wolfSSL_is_init_finished(server_ssl))
break;
}
/* Receive HTTP request */
while (ret == 0) {
ret = wolfssl_recv(server_ssl);
}
if (ret == 1)
ret = 0;
/* Send HTTP response */
if (ret == 0)
ret = wolfssl_send(server_ssl, msgHTTPIndex);
printf("Server Return: %d\n", ret);
#ifdef WOLFSSL_STATIC_MEMORY
printf("Server Memory Stats\n");
#endif
wolfssl_memstats(server_ssl);
wolfssl_free(server_ctx, server_ssl);
}
int main()
{
int ret = 0;
WOLFSSL_CTX* client_ctx = NULL;
WOLFSSL* client_ssl = NULL;
THREAD_TYPE serverThread;
wolfSSL_Init();
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
wc_InitMutex(&client_mutex);
wc_InitMutex(&server_mutex);
/* Start server */
start_thread(server_thread, NULL, &serverThread);
#ifdef WOLFSSL_STATIC_MEMORY
if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
sizeof(gMemoryClient),
WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
printf("unable to load static memory");
ret = -1;
}
if (ret == 0)
#endif
{
/* Client connection */
ret = wolfssl_client_new(&client_ctx, &client_ssl);
}
while (ret == 0) {
ret = wolfssl_client_connect(client_ssl);
if (ret == 0 && wolfSSL_is_init_finished(client_ssl))
break;
k_sleep(Z_TIMEOUT_TICKS(10));
}
if (ret == 0) {
printf("Handshake complete\n");
/* Send HTTP request */
ret = wolfssl_send(client_ssl, msgHTTPGet);
}
/* Receive HTTP response */
while (ret == 0) {
k_sleep(Z_TIMEOUT_TICKS(10));
ret = wolfssl_recv(client_ssl);
}
if (ret == 1)
ret = 0;
printf("Client Return: %d\n", ret);
join_thread(serverThread);
#ifdef WOLFSSL_STATIC_MEMORY
printf("Client Memory Stats\n");
#endif
wolfssl_memstats(client_ssl);
wolfssl_free(client_ctx, client_ssl);
wolfSSL_Cleanup();
printf("Done\n");
return (ret == 0) ? 0 : 1;
}