diff --git a/IDE/ARDUINO/README.md b/IDE/ARDUINO/README.md index f7d9788b6..4c4e10da4 100644 --- a/IDE/ARDUINO/README.md +++ b/IDE/ARDUINO/README.md @@ -2,10 +2,11 @@ ##### Reformatting wolfSSL as a compatible Arduino Library This is a shell script that will re-organize the wolfSSL library to be -compatible with Arduino projects. The Arduino IDE requires a library's source -files to be in the library's root directory with a header file in the name of -the library. This script moves all src/ files to the `IDE/ARDUINO/wolfSSL` -directory and creates a stub header file called `wolfssl.h`. +compatible with Arduino projects that use Arduino IDE 1.5.0 or newer. +The Arduino IDE requires a library's source files to be in the library's root +directory with a header file in the name of the library. This script moves all +src/ files to the `IDE/ARDUINO/wolfSSL/src` directory and creates a stub header +file called `wolfssl.h` inside that directory. Step 1: To configure wolfSSL with Arduino, enter the following from within the wolfssl/IDE/ARDUINO directory: @@ -15,7 +16,7 @@ wolfssl/IDE/ARDUINO directory: Step 2: Copy the directory wolfSSL that was just created to: `~/Documents/Arduino/libraries/` directory so the Arduino IDE can find it. -Step 3: Edit `/wolfSSL/user_settings.h` +Step 3: Edit `/wolfSSL/src/user_settings.h` If building for Intel Galileo platform add: `#define INTEL_GALILEO`. Add any other custom settings, for a good start see the examples in wolfssl root "/examples/configs/user_settings_*.h" diff --git a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino index b50e9f126..61362ae98 100644 --- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino +++ b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino @@ -19,10 +19,18 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + This was original tested with Intel Galileo acting as the Client, with a +laptop acting as a server using the server example provided in examples/server. +Legacy Ardunio v1.86 was used to compile and program the Galileo +*/ +#define USE_CERT_BUFFERS_2048 #include #include #include +#include + const char host[] = "192.168.1.148"; /* server to connect to */ const int port = 11111; /* port on server to connect to */ @@ -37,123 +45,132 @@ WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; void setup() { - WOLFSSL_METHOD* method; + WOLFSSL_METHOD* method; + /* Initialize Return Code */ + int rc; + Serial.begin(9600); + /* Delay need to ensure connection to server */ + delay(4000); - Serial.begin(9600); - - method = wolfTLSv1_2_client_method(); - if (method == NULL) { - Serial.println("unable to get method"); + method = wolfTLSv1_2_client_method(); + if (method == NULL) { + Serial.println("unable to get method"); return; - } - ctx = wolfSSL_CTX_new(method); - if (ctx == NULL) { - Serial.println("unable to get ctx"); + } + ctx = wolfSSL_CTX_new(method); + if (ctx == NULL) { + Serial.println("unable to get ctx"); + return; + } + /* initialize wolfSSL using callback functions */ + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); + rc = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,\ + sizeof_ca_cert_der_2048,\ + WOLFSSL_FILETYPE_ASN1); + Serial.print("\n\n Return code of load_verify is:"); + Serial.println(rc); + Serial.println(""); + rc = wolfSSL_CTX_use_certificate_buffer(ctx, client_cert_der_2048,\ + sizeof_client_cert_der_2048,\ + WOLFSSL_FILETYPE_ASN1); + Serial.print("\n\n Return code of use_certificate_buffer is:"); + Serial.println(rc); + Serial.println(""); + rc = wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,\ + sizeof_client_key_der_2048,\ + WOLFSSL_FILETYPE_ASN1); + Serial.print("\n\n Return code of use_PrivateKey_buffer is:"); + Serial.println(rc); + Serial.println(""); + wolfSSL_SetIOSend(ctx, EthernetSend); + wolfSSL_SetIORecv(ctx, EthernetReceive); return; - } - /* initialize wolfSSL using callback functions */ - wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); - wolfSSL_SetIOSend(ctx, EthernetSend); - wolfSSL_SetIORecv(ctx, EthernetReceive); - - return; } int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) { - int sent = 0; - - sent = client.write((byte*)msg, sz); - - return sent; + int sent = 0; + sent = client.write((byte*)msg, sz); + return sent; } int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) { - int ret = 0; - - while (client.available() > 0 && ret < sz) { - reply[ret++] = client.read(); - } - - return ret; + int ret = 0; + while (client.available() > 0 && ret < sz) { + reply[ret++] = client.read(); + } + return ret; } void loop() { - int err = 0; - int input = 0; - int total_input = 0; - char msg[32] = "hello wolfssl!"; - int msgSz = (int)strlen(msg); - char errBuf[80]; - char reply[80]; - const char* cipherName; - - if (reconnect) { - reconnect--; - - if (client.connect(host, port)) { - - Serial.print("Connected to "); - Serial.println(host); - - ssl = wolfSSL_new(ctx); - if (ssl == NULL) { - Serial.println("Unable to allocate SSL object"); - return; - } - - err = wolfSSL_connect(ssl); - if (err != WOLFSSL_SUCCESS) { - err = wolfSSL_get_error(ssl, 0); - wolfSSL_ERR_error_string(err, errBuf); - Serial.print("TLS Connect Error: "); - Serial.println(errBuf); - } - - Serial.print("SSL version is "); - Serial.println(wolfSSL_get_version(ssl)); - - cipherName = wolfSSL_get_cipher(ssl); - Serial.print("SSL cipher suite is "); - Serial.println(cipherName); - - if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) { - - Serial.print("Server response: "); - /* wait for data */ - while (!client.available()) {} - /* read data */ - while (wolfSSL_pending(ssl)) { - input = wolfSSL_read(ssl, reply, sizeof(reply) - 1); - total_input += input; - if (input < 0) { - err = wolfSSL_get_error(ssl, 0); - wolfSSL_ERR_error_string(err, errBuf); - Serial.print("TLS Read Error: "); - Serial.println(errBuf); - break; - } else if (input > 0) { - reply[input] = '\0'; - Serial.print(reply); - } else { - Serial.println(); - } - } - } else { - err = wolfSSL_get_error(ssl, 0); - wolfSSL_ERR_error_string(err, errBuf); - Serial.print("TLS Write Error: "); - Serial.println(errBuf); - } - - wolfSSL_shutdown(ssl); - wolfSSL_free(ssl); - - client.stop(); - Serial.println("Connection complete."); - reconnect = 0; - } else { - Serial.println("Trying to reconnect..."); + int err = 0; + int input = 0; + int total_input = 0; + char msg[32] = "hello wolfssl!"; + int msgSz = (int)strlen(msg); + char errBuf[80]; + char reply[80]; + const char* cipherName; + if (reconnect) { + reconnect--; + if (client.connect(host, port)) { + Serial.print("Connected to "); + Serial.println(host); + ssl = wolfSSL_new(ctx); + if (ssl == NULL) { + Serial.println("Unable to allocate SSL object"); + return; + } + err = wolfSSL_connect(ssl); + if (err != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + wolfSSL_ERR_error_string(err, errBuf); + Serial.print("TLS Connect Error: "); + Serial.println(errBuf); + } + Serial.print("SSL version is "); + Serial.println(wolfSSL_get_version(ssl)); + cipherName = wolfSSL_get_cipher(ssl); + Serial.print("SSL cipher suite is "); + Serial.println(cipherName); + if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) { + Serial.print("Server response: "); + /* wait for data */ + while (!client.available()) {} + /* read data */ + while (wolfSSL_pending(ssl)) { + input = wolfSSL_read(ssl, reply, sizeof(reply) - 1); + total_input += input; + if (input < 0) { + err = wolfSSL_get_error(ssl, 0); + wolfSSL_ERR_error_string(err, errBuf); + Serial.print("TLS Read Error: "); + Serial.println(errBuf); + break; + } + else if (input > 0) { + reply[input] = '\0'; + Serial.print(reply); + } + else { + Serial.println(); + } + } + } + else { + err = wolfSSL_get_error(ssl, 0); + wolfSSL_ERR_error_string(err, errBuf); + Serial.print("TLS Write Error: "); + Serial.println(errBuf); + } + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + client.stop(); + Serial.println("Connection complete."); + reconnect = 0; + } + else { + Serial.println("Trying to reconnect..."); + } } - } - delay(1000); + delay(1000); } diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh index e1267a862..107f99b1c 100755 --- a/IDE/ARDUINO/wolfssl-arduino.sh +++ b/IDE/ARDUINO/wolfssl-arduino.sh @@ -4,86 +4,141 @@ # an Arduino project # run as bash ./wolfssl-arduino.sh +ROOT_DIR="/wolfSSL" +ROOT_SRC_DIR="${ROOT_DIR}/src" +WOLFSSL_SRC="${ROOT_SRC_DIR}/src" +WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl" +WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt" +WOLFCRYPT_SRC="${WOLFCRYPT_ROOT}/src" +WOLFCRYPT_HEADERS="${WOLFSSL_HEADERS}/wolfcrypt" +OPENSSL_DIR="${WOLFSSL_HEADERS}/openssl" +WOLFSSL_VERSION="5.6.4" + +# TOP indicates the file directory comes from the top level of the wolfssl repo +TOP_DIR="../.." +WOLFSSL_SRC_TOP="${TOP_DIR}/src" +WOLFSSL_HEADERS_TOP="${TOP_DIR}/wolfssl" +WOLFCRYPT_ROOT_TOP="${TOP_DIR}/wolfcrypt" +WOLFCRYPT_SRC_TOP="${WOLFCRYPT_ROOT_TOP}/src" +WOLFCRYPT_HEADERS_TOP="${WOLFSSL_HEADERS_TOP}/wolfcrypt" +OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl" + + +# TODO: Parse version number +WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2) + + DIR=${PWD##*/} -space(){ - echo "" >> "$1" -} - if [ "$DIR" = "ARDUINO" ]; then - if [ ! -d "wolfSSL" ]; then - mkdir wolfSSL + if [ ! -d ".${ROOT_DIR}" ]; then + mkdir .${ROOT_DIR} + fi + if [ ! -d ".${ROOT_SRC_DIR}" ]; then + mkdir .${ROOT_SRC_DIR} fi - cp ../../src/*.c ./wolfSSL - cp ../../wolfcrypt/src/*.c ./wolfSSL + if [ ! -d ".${WOLFSSL_HEADERS}" ]; then + mkdir .${WOLFSSL_HEADERS} + fi - if [ ! -d "wolfSSL/wolfssl" ]; then - mkdir wolfSSL/wolfssl + cp ${WOLFSSL_HEADERS_TOP}/*.h .${WOLFSSL_HEADERS} + if [ ! -d ".${WOLFCRYPT_HEADERS}" ]; then + mkdir .${WOLFCRYPT_HEADERS} fi - cp ../../wolfssl/*.h ./wolfSSL/wolfssl - if [ ! -d "wolfSSL/wolfssl/wolfcrypt" ]; then - mkdir wolfSSL/wolfssl/wolfcrypt - fi - cp ../../wolfssl/wolfcrypt/*.h ./wolfSSL/wolfssl/wolfcrypt + cp ${WOLFCRYPT_HEADERS_TOP}/*.h .${WOLFCRYPT_HEADERS} - # support misc.c as include in wolfcrypt/src - if [ ! -d "./wolfSSL/wolfcrypt" ]; then - mkdir ./wolfSSL/wolfcrypt + # Add in source files to wolfcrypt/src + if [ ! -d ".${WOLFCRYPT_ROOT}" ]; then + mkdir .${WOLFCRYPT_ROOT} fi - if [ ! -d "./wolfSSL/wolfcrypt/src" ]; then - mkdir ./wolfSSL/wolfcrypt/src + if [ ! -d ".${WOLFCRYPT_SRC}" ]; then + mkdir .${WOLFCRYPT_SRC} fi - cp ../../wolfcrypt/src/misc.c ./wolfSSL/wolfcrypt/src - cp ../../wolfcrypt/src/asm.c ./wolfSSL/wolfcrypt/src - + cp ${WOLFCRYPT_SRC_TOP}/*.c .${WOLFCRYPT_SRC} + + # Add in source files to top level src folders + if [ ! -d ".${WOLFSSL_SRC}" ]; then + mkdir .${WOLFSSL_SRC} + fi + cp ${WOLFSSL_SRC_TOP}/*.c .${WOLFSSL_SRC} # put bio and evp as includes - mv ./wolfSSL/bio.c ./wolfSSL/wolfssl - mv ./wolfSSL/evp.c ./wolfSSL/wolfssl + cp .${WOLFSSL_SRC}/bio.c .${WOLFSSL_HEADERS} + cp .${WOLFCRYPT_SRC}/evp.c .${WOLFSSL_HEADERS} # make a copy of evp.c and bio.c for ssl.c to include inline - cp ./wolfSSL/wolfssl/evp.c ./wolfSSL/wolfcrypt/src/evp.c - cp ./wolfSSL/wolfssl/bio.c ./wolfSSL/wolfcrypt/src/bio.c + cp .${WOLFSSL_HEADERS}/evp.c .${WOLFCRYPT_SRC}/evp.c + cp .${WOLFSSL_HEADERS}/bio.c .${WOLFCRYPT_SRC}/bio.c # copy openssl compatibility headers to their appropriate location - if [ ! -d "./wolfSSL/wolfssl/openssl" ]; then - mkdir ./wolfSSL/wolfssl/openssl + if [ ! -d ".${OPENSSL_DIR}" ]; then + mkdir .${OPENSSL_DIR} fi - cp ../../wolfssl/openssl/* ./wolfSSL/wolfssl/openssl + cp ${OPENSSL_DIR_TOP}/* .${OPENSSL_DIR} - echo "/* Generated wolfSSL header file for Arduino */" > ./wolfSSL/wolfssl.h - echo "#include " >> ./wolfSSL/wolfssl.h - echo "#include " >> ./wolfSSL/wolfssl.h - echo "#include " >> ./wolfSSL/wolfssl.h - if [ ! -f "./wolfSSL/user_settings.h" ]; then - echo "/* Generated wolfSSL user_settings.h file for Arduino */" > ./wolfSSL/user_settings.h - echo "#ifndef ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h - echo "#define ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h - space ./wolfSSL/user_settings.h - echo "/* Platform */" >> ./wolfSSL/user_settings.h - echo "#define WOLFSSL_ARDUINO" >> ./wolfSSL/user_settings.h - space ./wolfSSL/user_settings.h - echo "/* Math library (remove this to use normal math)*/" >> ./wolfSSL/user_settings.h - echo "#define USE_FAST_MATH" >> ./wolfSSL/user_settings.h - echo "#define TFM_NO_ASM" >> ./wolfSSL/user_settings.h - space ./wolfSSL/user_settings.h - echo "/* RNG DEFAULT !!FOR TESTING ONLY!! */" >> ./wolfSSL/user_settings.h - echo "/* comment out the error below to get started w/ bad entropy source" >> ./wolfSSL/user_settings.h - echo " * This will need fixed before distribution but is OK to test with */" >> ./wolfSSL/user_settings.h - echo "#error \"needs solved, see: https://www.wolfssl.com/docs/porting-guide/\"" >> ./wolfSSL/user_settings.h - echo "#define WOLFSSL_GENSEED_FORTEST" >> ./wolfSSL/user_settings.h - space ./wolfSSL/user_settings.h - echo "#endif /* ARDUINO_USER_SETTINGS_H */" >> ./wolfSSL/user_settings.h + cat > .${ROOT_SRC_DIR}/wolfssl.h < +#include +#include +EOF + + +# Creates user_settings file if one does not exist + if [ ! -f ".${ROOT_SRC_DIR}/user_settings.h" ]; then + cat > .${ROOT_SRC_DIR}/user_settings.h < ./wolfSSL/wolfssl/wolfcrypt/settings.h - echo "#ifndef WOLFSSL_USER_SETTINGS" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h - echo " #define WOLFSSL_USER_SETTINGS" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h - echo "#endif /* WOLFSSL_USER_SETTINGS */" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h - echo " /* wolfSSL Generated ARDUINO settings: END */" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h - cat ./wolfSSL/wolfssl/wolfcrypt/settings.h.bak >> ./wolfSSL/wolfssl/wolfcrypt/settings.h + cp .${WOLFCRYPT_HEADERS}/settings.h .${WOLFCRYPT_HEADERS}/settings.h.bak + cat > .${WOLFCRYPT_HEADERS}/settings.h <> .${WOLFCRYPT_HEADERS}/settings.h + + #Creating library.properties file based off of: + #https://arduino.github.io/arduino-cli/0.35/library-specification/#libraryproperties-file-format + + cat > .${ROOT_DIR}/library.properties < +sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments. +paragraph=Manual: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html. +category=Communication +url=https://www.wolfssl.com/ +architectures=* + +EOF else echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"