From 2d1ef4dd38cdc68c7cb40b4723a4122fa7f38f85 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 31 Jul 2023 11:03:10 -0400 Subject: [PATCH] First commit --- crypto/MagicCrypto/MagicCrypto.patch | 28 ++++ crypto/MagicCrypto/Makefile | 20 +++ crypto/MagicCrypto/README.md | 5 + crypto/MagicCrypto/client.c | 200 ++++++++++++++++++++++++ crypto/MagicCrypto/common.h | 56 +++++++ crypto/MagicCrypto/server.c | 223 +++++++++++++++++++++++++++ 6 files changed, 532 insertions(+) create mode 100644 crypto/MagicCrypto/MagicCrypto.patch create mode 100644 crypto/MagicCrypto/Makefile create mode 100644 crypto/MagicCrypto/README.md create mode 100644 crypto/MagicCrypto/client.c create mode 100644 crypto/MagicCrypto/common.h create mode 100644 crypto/MagicCrypto/server.c diff --git a/crypto/MagicCrypto/MagicCrypto.patch b/crypto/MagicCrypto/MagicCrypto.patch new file mode 100644 index 00000000..ab4b4a48 --- /dev/null +++ b/crypto/MagicCrypto/MagicCrypto.patch @@ -0,0 +1,28 @@ +diff --git a/include/mcapi.h b/include/mcapi.h +index ba426d8..278a8a4 100644 +--- a/include/mcapi.h ++++ b/include/mcapi.h +@@ -62,8 +62,8 @@ MCAPI MC_RV MC_GetVersion(OUT MC_VERSION *pVersion); + MCAPI MC_RV MC_GetStatus(OUT MC_UINT *pFlag); + + MCAPI MC_RV MC_Initialize(IN MC_VOID *pInitArgs); +-MCAPI MC_RV MC_Finalize(); +-MCAPI MC_RV MC_Selftest(); ++MCAPI MC_RV MC_Finalize(MC_VOID); ++MCAPI MC_RV MC_Selftest(MC_VOID); + MCAPI MC_STR MC_GetErrorString(MC_RV nRv); + + MCAPI MC_RV MC_OpenSession(OUT MC_HSESSION *phSession); +diff --git a/include/mcapi_error.h b/include/mcapi_error.h +index c389d22..07ea9fc 100644 +--- a/include/mcapi_error.h ++++ b/include/mcapi_error.h +@@ -55,7 +55,7 @@ + #define MC_ERR_NOT_ENOUGH_BUFFER MC_ERR_BASE+27 + #define MC_ERR_NOT_SESSION_OBJECT MC_ERR_BASE+28 + +-//MC_STR MC_GetErrorString(MC_RV rv); ++/* MC_STR MC_GetErrorString(MC_RV rv); */ + + + #endif /* _MC_HEADER_9330603E_D03D_4B8B_9746_9ED098D8A5CB */ diff --git a/crypto/MagicCrypto/Makefile b/crypto/MagicCrypto/Makefile new file mode 100644 index 00000000..8305f677 --- /dev/null +++ b/crypto/MagicCrypto/Makefile @@ -0,0 +1,20 @@ +bin_files = client server +all: $(bin_files) + +DEPS=common.h + +CC=gcc +#CC=clang -fsanitize=address + +DEBUGOPT= +#DEBUGOPT=-DWOLFSSL_DEBUG_TLS -DDEBUG_WOLFSSL -DDEBUG_CRYPTOCB +#DEBUGOPT=-DWOLFSSL_DEBUG_TLS -DDEBUG_WOLFSSL + +COMMONOPT=-O0 -g -I.. -Iinclude -Llib -lwolfssl -lMagicCrypto -lm -DWOLF_CRYPTO_CB +#COMMONOPT=-O0 -g -I../ -Iinclude -lwolfssl -Llib -lMagicCrypto -lm + +%: %.c $(DEPS) + $(CC) $< $(DEBUGOPT) $(COMMONOPT) -o $@ + +clean: + rm -f $(bin_files) diff --git a/crypto/MagicCrypto/README.md b/crypto/MagicCrypto/README.md new file mode 100644 index 00000000..ec2d8511 --- /dev/null +++ b/crypto/MagicCrypto/README.md @@ -0,0 +1,5 @@ +# MagicCrypto example usage with wolfSSL +Place this folder into wolfssl/MagicCrypto. You will need to compile wolfSSL with: +./configure --enable-ariagcm --disable-shared --enable-cryptocb --enable-all && make -j16 src/libwolfssl.la + +Then simply doing `make` in the MagicCrypto folder will produce a client and server example. This uses some certificates from the wolfSSL repo. To run, simply start `./server` and `./client 127.0.0.1` in the MagicCrypto folder. diff --git a/crypto/MagicCrypto/client.c b/crypto/MagicCrypto/client.c new file mode 100644 index 00000000..82f3067e --- /dev/null +++ b/crypto/MagicCrypto/client.c @@ -0,0 +1,200 @@ +/* client-tls-cryptocb.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include "common.h" + +static void error_out(char* msg, int err) +{ + printf("Failed at %s with code %d\n", msg, err); + exit(1); +} + +int main(int argc, char** argv) +{ + int ret = 0; +#ifdef WOLF_CRYPTO_CB + int sockfd; + struct sockaddr_in servAddr; + char buff[256]; + size_t len; + + /* declare wolfSSL objects */ + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + +#if defined(DEBUG_WOLFSSL) + wolfSSL_Debugging_ON(); +#endif + + /* Check for proper calling convention */ + if (argc != 2) { + printf("usage: %s \n", argv[0]); + return 0; + } + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + fprintf(stderr, "ERROR: failed to create the socket\n"); + ret = -1; + goto end; + } + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); + + /* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + + /* Get the server IPv4 address from the command line call */ + if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr) != 1) { + fprintf(stderr, "ERROR: invalid address\n"); + ret = -1; + goto end; + } + + /* Connect to the server */ + if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr))) + == -1) { + fprintf(stderr, "ERROR: failed to connect\n"); + goto end; + } + + /*---------------------------------*/ + /* Start of wolfSSL initialization and configuration */ + /*---------------------------------*/ + /* Initialize wolfSSL */ + if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: Failed to initialize the library\n"); + goto socket_cleanup; + } + + /* Create and initialize WOLFSSL_CTX */ + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); + ret = -1; + goto socket_cleanup; + } + + /* Load client certificates into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CA_FILE, NULL)) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CA_FILE); + goto ctx_cleanup; + } + + /* Load client ecc certificates into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_use_certificate_chain_file(ctx, CLIENT_ECC_FILE)) != + WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CLIENT_ECC_FILE); + goto ctx_cleanup; + } + + /* Load client ecc key into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, CLIENT_KEY_FILE, SSL_FILETYPE_PEM)) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CLIENT_KEY_FILE); + goto ctx_cleanup; + } + + if ((ret = wolfSSL_CTX_set_cipher_list(ctx, CIPHER_LIST)) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to set cipher list\n"); + goto ctx_cleanup; + } + + if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to set supported curve\n"); + goto ctx_cleanup; + } + + /* Create a WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + ret = -1; + goto ctx_cleanup; + } + + /* Attach wolfSSL to the socket */ + if ((ret = wolfSSL_set_fd(ssl, sockfd)) != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: Failed to set the file descriptor\n"); + goto cleanup; + } + + /* Connect to wolfSSL on the server side */ + if ((ret = wolfSSL_connect(ssl)) != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to connect to wolfSSL\n"); + goto cleanup; + } + + /* Get a message for the server from stdin */ + printf("Message for server: "); + memset(buff, 0, sizeof(buff)); + if (fgets(buff, sizeof(buff), stdin) == NULL) { + fprintf(stderr, "ERROR: failed to get message for server\n"); + ret = -1; + goto cleanup; + } + len = strnlen(buff, sizeof(buff)); + + /* Send the message to the server */ + if ((ret = wolfSSL_write(ssl, buff, len)) != len) { + fprintf(stderr, "ERROR: failed to write entire message\n"); + fprintf(stderr, "%d bytes of %d bytes were sent", ret, (int) len); + goto cleanup; + } + + /* Read the server data into our buff array */ + memset(buff, 0, sizeof(buff)); + if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) == -1) { + fprintf(stderr, "ERROR: failed to read\n"); + goto cleanup; + } + + /* Print to stdout any data the server sends */ + printf("Server: %s\n", buff); + + ret = 0; + + /* Cleanup and return */ +cleanup: + if (ret != 0) { + fprintf(stderr,"SSL Error: %s\n",wolfSSL_ERR_error_string(wolfSSL_get_error(ssl,0), NULL)); + } + wolfSSL_free(ssl); /* Free the wolfSSL object */ +ctx_cleanup: + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ +socket_cleanup: + close(sockfd); /* Close the connection to the server */ +end: + +#else + printf("Please configure wolfSSL with --enable-cryptocb and try again\n"); +#endif /* WOLF_CRYPTO_CB */ + return ret; /* Return reporting a success */ +} diff --git a/crypto/MagicCrypto/common.h b/crypto/MagicCrypto/common.h new file mode 100644 index 00000000..c462385c --- /dev/null +++ b/crypto/MagicCrypto/common.h @@ -0,0 +1,56 @@ +/* client-tls-cryptocb.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef COMMON_H +#define COMMON_H + +/* the usual suspects */ +#include +#include +#include + +/* socket includes */ +#include +#include +#include +#include + +/* wolfSSL */ +#include +#include +#include +#include +#include +#include + +#define DEFAULT_PORT 11111 + +#define CA_FILE "../certs/ca-ecc-cert.pem" + +#define CLIENT_ECC_FILE "../certs/intermediate/client-chain-ecc.pem" +#define SERVER_ECC_FILE "../certs/intermediate/server-chain-ecc.pem" +#define CLIENT_KEY_FILE "../certs/ecc-client-key.pem" +#define SERVER_KEY_FILE "../certs/ecc-key.pem" + +#define CIPHER_LIST "ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ECDSA-ARIA256-GCM-SHA384" +//#define CIPHER_LIST "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384" + +#endif /* COMMON_H */ diff --git a/crypto/MagicCrypto/server.c b/crypto/MagicCrypto/server.c new file mode 100644 index 00000000..5d62ac2f --- /dev/null +++ b/crypto/MagicCrypto/server.c @@ -0,0 +1,223 @@ +/* server-tls.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include "common.h" + +static void error_out(char* msg, int err) +{ + printf("Failed at %s with code %d\n", msg, err); + exit(1); +} + +int main() +{ + int sockfd = SOCKET_INVALID; + int connd = SOCKET_INVALID; + struct sockaddr_in servAddr; + struct sockaddr_in clientAddr; + socklen_t size = sizeof(clientAddr); + char buff[256]; + size_t len; + int shutdown = 0; + int ret; + const char* reply = "I hear ya fa shizzle!\n"; + + /* declare wolfSSL objects */ + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + +#if defined(DEBUG_WOLFSSL) + wolfSSL_Debugging_ON(); +#endif + + /* Initialize wolfSSL */ + wolfSSL_Init(); + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + fprintf(stderr, "ERROR: failed to create the socket\n"); + ret = -1; + goto exit; + } + + /* Create and initialize WOLFSSL_CTX */ + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); + ret = -1; + goto exit; + } + + /* Load client certificates into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CA_FILE, NULL)) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CA_FILE); + goto exit; + } + + /* Load client ecc certificates into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_use_certificate_chain_file(ctx, SERVER_ECC_FILE)) != + WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + SERVER_ECC_FILE); + goto exit; + } + + /* Load client ecc key into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, SERVER_KEY_FILE, SSL_FILETYPE_PEM)) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + SERVER_KEY_FILE); + goto exit; + } + + if ((ret = wolfSSL_CTX_set_cipher_list(ctx, CIPHER_LIST)) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to set cipher list\n"); + goto exit; + } + + + if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to set supported curve\n"); + goto exit; + } + + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); + + /* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */ + + + + /* Bind the server socket to our port */ + if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) { + fprintf(stderr, "ERROR: failed to bind\n"); + ret = -1; + goto exit; + } + + /* Listen for a new connection, allow 5 pending connections */ + if (listen(sockfd, 5) == -1) { + fprintf(stderr, "ERROR: failed to listen\n"); + ret = -1; + goto exit; + } + + + + /* Continue to accept clients until shutdown is issued */ + while (!shutdown) { + printf("Waiting for a connection...\n"); + + /* Accept client connections */ + if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) + == -1) { + fprintf(stderr, "ERROR: failed to accept the connection\n\n"); + ret = -1; + goto exit; + } + + /* Create a WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + ret = -1; + goto exit; + } + + /* Attach wolfSSL to the socket */ + wolfSSL_set_fd(ssl, connd); + + /* Establish TLS connection */ + ret = wolfSSL_accept(ssl); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "wolfSSL_accept error = %d\n", + wolfSSL_get_error(ssl, ret)); + goto exit; + } + + + printf("Client connected successfully\n"); + + + + /* Read the client data into our buff array */ + memset(buff, 0, sizeof(buff)); + if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) == -1) { + fprintf(stderr, "ERROR: failed to read\n"); + goto exit; + } + + /* Print to stdout any data the client sends */ + printf("Client: %s\n", buff); + + /* Check for server shutdown command */ + if (strncmp(buff, "shutdown", 8) == 0) { + printf("Shutdown command issued!\n"); + shutdown = 1; + } + + + + /* Write our reply into buff */ + memset(buff, 0, sizeof(buff)); + memcpy(buff, reply, strlen(reply)); + len = strnlen(buff, sizeof(buff)); + + /* Reply back to the client */ + if ((ret = wolfSSL_write(ssl, buff, len)) != len) { + fprintf(stderr, "ERROR: failed to write\n"); + goto exit; + } + + /* Notify the client that the connection is ending */ + wolfSSL_shutdown(ssl); + printf("Shutdown complete\n"); + + /* Cleanup after this connection */ + wolfSSL_free(ssl); /* Free the wolfSSL object */ + ssl = NULL; + close(connd); /* Close the connection to the client */ + } + + ret = 0; + +exit: + /* Cleanup and return */ + if (ssl) + wolfSSL_free(ssl); /* Free the wolfSSL object */ + if (connd != SOCKET_INVALID) + close(connd); /* Close the connection to the client */ + if (sockfd != SOCKET_INVALID) + close(sockfd); /* Close the socket listening for clients */ + if (ctx) + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ + + return ret; /* Return reporting a success */ +}