WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Improve TLS example to accept STDIN and "exit" command. Improve documentation.

pull/293/head
David Garske 2022-02-15 13:51:57 -08:00
parent 809e5351bb
commit 1b6974e4ee
6 changed files with 97 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
btle/ecies/README.md
View File

@ -5,6 +5,8 @@ This example demonstrates a lightweight method for exchanging data securely over
The first phase is key establishment, which is done through ECDH and HDKF. ECC was chosen for these examples because its lightweight and widely used. The first phase is key establishment, which is done through ECDH and HDKF. ECC was chosen for these examples because its lightweight and widely used.
Then salt exchanged for each message to prevent reply attacks. The encryption is done with AES CBC. The data integrity is done using HMAC-SHA256. Then salt exchanged for each message to prevent reply attacks. The encryption is done with AES CBC. The data integrity is done using HMAC-SHA256.
The peer's key should be validated against a known key or certificate. Client should hash and verify this public key against trusted certificate (already exchanged) out of band. An ECC signature is about 65 bytes.
## ECC Encrypt/Decrypt Example ## ECC Encrypt/Decrypt Example
See `BTLESecureMessageExchange.pdf` for details. See `BTLESecureMessageExchange.pdf` for details.
@ -24,7 +26,7 @@ sudo make install
``` ```
#define HAVE_ECC #define HAVE_ECC
#define HAVE_ECC_ENCRYP #define HAVE_ECC_ENCRYPT
#define HAVE_HKDF #define HAVE_HKDF
``` ```
@ -34,11 +36,29 @@ Use two consoles and STDIN to exchange data between the client and server.
From the client enter a message and hit enter. This will be encrypted and sent to the server. The server will decrypt, print and re-encrypt the message and send it back to the client (echo). From the client enter a message and hit enter. This will be encrypted and sent to the server. The server will decrypt, print and re-encrypt the message and send it back to the client (echo).
Type "exit" to close the connection.
``` ```
./ecc-server % ./ecc-server
./ecc-client Waiting for client
Recv 16: asdf
Recv 16: exit
Exit, closing connection
``` ```
```
% ./ecc-client
Enter text to send:
asdf
Recv 16: asdf
Enter text to send:
exit
Recv 16: exit
Exit, closing connection
```
Note: The messages are padded to the AES block size 16-bytes.
### Debugging ### Debugging
To enable debugging or switch to using a static version of wolfSSL edit the `Makefile` and uncomment `CFLAGS+=$(DEBUG_FLAGS)` and `STATIC_LIB+=$(LIB_PATH)/lib/libwolfssl.a`. Then comment out `LIBS+=$(DYN_LIB) -lm`. To enable debugging or switch to using a static version of wolfSSL edit the `Makefile` and uncomment `CFLAGS+=$(DEBUG_FLAGS)` and `STATIC_LIB+=$(LIB_PATH)/lib/libwolfssl.a`. Then comment out `LIBS+=$(DYN_LIB) -lm`.

8
btle/ecies/ecc-client.c
View File

@ -151,9 +151,11 @@ int main(int argc, char** argv)
} }
/* get message to send */ /* get message to send */
plainSz = sizeof(plain); printf("Enter text to send:\n");
plainSz = sizeof(plain)-1;
fgets((char*)plain, plainSz, stdin); fgets((char*)plain, plainSz, stdin);
plainSz = strlen((char*)plain); plainSz = strlen((char*)plain);
/* pad message at 16 bytes for AES block size */
ret = btle_msg_pad(plain, (int*)&plainSz, devCtx); ret = btle_msg_pad(plain, (int*)&plainSz, devCtx);
if (ret != 0) { if (ret != 0) {
printf("btle_msg_pad failed %d\n", ret); printf("btle_msg_pad failed %d\n", ret);
@ -194,8 +196,10 @@ int main(int argc, char** argv)
printf("Recv %d: %s\n", plainSz, plain); printf("Recv %d: %s\n", plainSz, plain);
/* check for exit flag */ /* check for exit flag */
if (strstr((char*)plain, "EXIT")) if (strcasestr((char*)plain, "EXIT")) {
printf("Exit, closing connection\n");
break; break;
}
/* reset context (reset my salt) */ /* reset context (reset my salt) */
ret = wc_ecc_ctx_reset(cliCtx, &rng); ret = wc_ecc_ctx_reset(cliCtx, &rng);

5
btle/ecies/ecc-server.c
View File

@ -57,6 +57,7 @@ int main(int argc, char** argv)
} }
/* open BTLE */ /* open BTLE */
printf("Waiting for client\n");
ret = btle_open(&devCtx, BTLE_ROLE_SERVER); ret = btle_open(&devCtx, BTLE_ROLE_SERVER);
if (ret != 0) { if (ret != 0) {
printf("btle_open failed %d!\n", ret); printf("btle_open failed %d!\n", ret);
@ -188,8 +189,10 @@ int main(int argc, char** argv)
} }
/* check for exit flag */ /* check for exit flag */
if (strstr((char*)plain, "EXIT")) if (strcasestr((char*)plain, "EXIT")) {
printf("Exit, closing connection\n");
break; break;
}
/* reset context (reset my salt) */ /* reset context (reset my salt) */
ret = wc_ecc_ctx_reset(srvCtx, &rng); ret = wc_ecc_ctx_reset(srvCtx, &rng);

21
btle/tls/README.md
View File

@ -16,22 +16,33 @@ sudo make install
Use two consoles run the examples to send a test message securely. The server will present an ECC server certificate and the client will validate it. Use two consoles run the examples to send a test message securely. The server will present an ECC server certificate and the client will validate it.
The client will attempt STDIN input and the server will echo. Use "exit" to close the connection.
``` ```
% ./server-tls13-btle % ./server-tls13-btle
Waiting for client Waiting for client
TLS accepting TLS accepting
TLS Accept handshake done TLS Accept handshake done
Read (0): Testing 1, 2 and 3 Read (5): asdf
Sent (0): Testing 1, 2 and 3 Sent (5): asdf
Read (5): exit
Sent (5): exit
Exit, closing connection
``` ```
``` ```
% ./client-tls13-btle % ./client-tls13-btle
TLS connecting TLS connecting
TLS Connect handshake done TLS Connect handshake done
Sending test string Enter text to send:
Sent (0): Testing 1, 2 and 3 asdf
Read (0): Testing 1, 2 and 3 Sent (5): asdf
Read (5): asdf
Enter text to send:
exit
Sent (5): exit
Read (5): exit
Exit, closing connection
``` ```
### Debugging ### Debugging

35
btle/tls/client-tls13-btle.c
View File

@ -87,8 +87,8 @@ int main(int argc, char** argv)
WOLFSSL_CTX* ctx = NULL; WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL; WOLFSSL* ssl = NULL;
CbCtx_t cBctx; CbCtx_t cBctx;
const char testStr[] = "Testing 1, 2 and 3"; byte plain[BTLE_MSG_MAX_SIZE];
byte readBuf[100]; word32 plainSz;
memset(&cBctx, 0, sizeof(cBctx)); memset(&cBctx, 0, sizeof(cBctx));
@ -166,19 +166,32 @@ int main(int argc, char** argv)
} }
printf("TLS Connect handshake done\n"); printf("TLS Connect handshake done\n");
printf("Sending test string\n"); while (1) {
do { /* get message to send */
ret = wolfSSL_write(ssl, testStr, XSTRLEN(testStr)); printf("Enter text to send:\n");
err = wolfSSL_get_error(ssl, ret);
} while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE); plainSz = sizeof(plain)-1;
printf("Sent (%d): %s\n", err, testStr); fgets((char*)plain, plainSz, stdin);
plainSz = strlen((char*)plain);
XMEMSET(readBuf, 0, sizeof(readBuf));
do { do {
ret = wolfSSL_read(ssl, readBuf, sizeof(readBuf)-1); ret = wolfSSL_write(ssl, plain, plainSz);
err = wolfSSL_get_error(ssl, ret); err = wolfSSL_get_error(ssl, ret);
} while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE); } while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE);
printf("Read (%d): %s\n", err, readBuf); printf("Sent (%d): %s\n", ret, plain);
do {
ret = wolfSSL_read(ssl, plain, sizeof(plain)-1);
err = wolfSSL_get_error(ssl, ret);
} while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE);
printf("Read (%d): %s\n", ret, plain);
/* check for exit flag */
if (strcasestr((char*)plain, "EXIT")) {
printf("Exit, closing connection\n");
break;
}
};
ret = 0; /* Success */ ret = 0; /* Success */

14
btle/tls/server-tls13-btle.c
View File

@ -162,19 +162,27 @@ int main(int argc, char** argv)
} }
printf("TLS Accept handshake done\n"); printf("TLS Accept handshake done\n");
while (1) {
/* Waiting for data to echo */ /* Waiting for data to echo */
XMEMSET(echoBuffer, 0, sizeof(echoBuffer)); memset(echoBuffer, 0, sizeof(echoBuffer));
do { do {
ret = wolfSSL_read(ssl, echoBuffer, sizeof(echoBuffer)-1); ret = wolfSSL_read(ssl, echoBuffer, sizeof(echoBuffer)-1);
err = wolfSSL_get_error(ssl, ret); err = wolfSSL_get_error(ssl, ret);
} while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE); } while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE);
printf("Read (%d): %s\n", err, echoBuffer); printf("Read (%d): %s\n", ret, echoBuffer);
do { do {
ret = wolfSSL_write(ssl, echoBuffer, XSTRLEN((char*)echoBuffer)); ret = wolfSSL_write(ssl, echoBuffer, XSTRLEN((char*)echoBuffer));
err = wolfSSL_get_error(ssl, ret); err = wolfSSL_get_error(ssl, ret);
} while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE); } while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE);
printf("Sent (%d): %s\n", err, echoBuffer); printf("Sent (%d): %s\n", ret, echoBuffer);
/* check for exit flag */
if (strcasestr((char*)echoBuffer, "EXIT")) {
printf("Exit, closing connection\n");
break;
}
}
ret = 0; /* Success */ ret = 0; /* Success */