From 3724feec1fde6a5ae2f93acc99edc2dbae827a7f Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Wed, 23 Aug 2023 17:42:10 +0900 Subject: [PATCH] TLS client --- RPi-Pico/CMakeLists.txt | 160 ++++++---- RPi-Pico/config/user_settings.h | 10 +- RPi-Pico/include/wolf/tcp.h | 6 +- RPi-Pico/src/bench_main.c | 12 + RPi-Pico/src/tcp.c | 123 ++++---- RPi-Pico/src/tcpClient_main.c | 16 +- RPi-Pico/src/test_main.c | 53 ++++ RPi-Pico/src/tlsClient_main.c | 190 +++++++++++ RPi-Pico/user_settings.h | 542 -------------------------------- 9 files changed, 426 insertions(+), 686 deletions(-) create mode 100644 RPi-Pico/src/test_main.c create mode 100644 RPi-Pico/src/tlsClient_main.c delete mode 100644 RPi-Pico/user_settings.h diff --git a/RPi-Pico/CMakeLists.txt b/RPi-Pico/CMakeLists.txt index 097ce17e..9a0496ac 100644 --- a/RPi-Pico/CMakeLists.txt +++ b/RPi-Pico/CMakeLists.txt @@ -13,20 +13,13 @@ endif() project(wolf_pico_examples C CXX ASM) set(CMAKE_C_STANDARD 11) set(CMAKE_CXX_STANDARD 17) +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O3") +#set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O3") + # Initialize the SDK pico_sdk_init() -message("Example cmake project including wolfSSL with user_settings.h") - -# add global define to include user_settings.h -add_compile_definitions(WOLFSSL_USER_SETTINGS) -add_compile_definitions(WOLFSSL_USER_SETTINGS_ASM) -set(BUILD_SHARED_LIBS OFF) -set(WOLFSSL_EXAMPLES OFF) -set(WOLFSSL_CRYPT_TESTS OFF) -set(WOLFSSL_USER_SETTINGS ON) - include_directories(config) include_directories(include) include_directories(${PICO_SDK_PATH}/src/rp2_common/pico_lwip/include) @@ -34,82 +27,79 @@ include_directories(${PICO_SDK_PATH}/lib/lwip/contrib/ports/freertos/include) include_directories(${PICO_SDK_PATH}/lib/lwip/src/include) include_directories(${PICO_SDK_PATH}/src/rp2_common/pico_async_context/include) -add_subdirectory(wolfssl) -target_link_libraries(wolfssl PRIVATE +set(WOLFSSL_ROOT $ENV{WOLFSSL_ROOT}) +include_directories(${WOLFSSL_ROOT}) + +file(GLOB_RECURSE WOLFSSL_SRC + "${WOLFSSL_ROOT}/src/*.c" + "${WOLFSSL_ROOT}/wolfcrypt/src/*.c" ) +list(REMOVE_ITEM WOLFSSL_SRC EXCLUDE REGEX + "${WOLFSSL_ROOT}/src/bio.c" + "${WOLFSSL_ROOT}/src/conf.c" + "${WOLFSSL_ROOT}/src/pk.c" + "${WOLFSSL_ROOT}/src/ssl_asn1.c" + "${WOLFSSL_ROOT}/src/ssl_bn.c" + "${WOLFSSL_ROOT}/src/ssl_misc.c" + "${WOLFSSL_ROOT}/src/x509.c" + "${WOLFSSL_ROOT}/src/x509_str.c" + "${WOLFSSL_ROOT}/wolfcrypt/src/evp.c" + "${WOLFSSL_ROOT}/wolfcrypt/src/misc.c" +) + +add_library(wolfssl STATIC + ${WOLFSSL_SRC} +) +target_include_directories(wolfssl PRIVATE + ${CMAKE_CURRENT_SOURCE_DIR}/config + ) +target_compile_definitions(wolfssl PRIVATE + WOLFSSL_USER_SETTINGS + WOLFSSL_SP_ARM_THUMB_ASM +) + + +add_executable(testwolfcrypt + src/test_main.c + src/blink.c + ${WOLFSSL_ROOT}/wolfcrypt/test/test.c +) + +pico_enable_stdio_usb(testwolfcrypt 1) +pico_enable_stdio_uart(testwolfcrypt 0) +target_compile_definitions(testwolfcrypt PRIVATE + WOLFSSL_USER_SETTINGS +) + +target_link_libraries(testwolfcrypt + wolfssl + pico_stdlib + pico_cyw43_arch_none + pico_rand +) +pico_add_extra_outputs(testwolfcrypt) + add_executable(benchmark src/bench_main.c src/blink.c - wolfssl/wolfcrypt/benchmark/benchmark.c + ${WOLFSSL_ROOT}/wolfcrypt/benchmark/benchmark.c ) pico_enable_stdio_usb(benchmark 1) pico_enable_stdio_uart(benchmark 0) target_compile_definitions(benchmark PRIVATE - + WOLFSSL_USER_SETTINGS ) + target_link_libraries(benchmark wolfssl pico_stdlib pico_cyw43_arch_none pico_rand - #FreeRTOS-Kernel-Heap4 # FreeRTOS kernel and dynamic heap ) pico_add_extra_outputs(benchmark) -if(0) - add_executable(TCPclient - src/blink.c - # src/TCPclient.c - src/TCPclient_main.c - ) - - # enable usb output, disable uart output - pico_enable_stdio_usb(TCPclient 1) - pico_enable_stdio_uart(TCPclient 0) - - target_compile_definitions(TCPclient PRIVATE - - # CYW43_NETUTILS - # PICO_CYW43_ARCH_FREERTOS - TEST_TCP_SERVER_IP=\"${TEST_TCP_SERVER_IP}\" - WIFI_SSID=\"${WIFI_SSID}\" - WIFI_PASSWORD=\"${WIFI_PASSWORD}\" - PICO_CYW43_ARCH_POLL - NO_SYS=1 - - # SYS_LIGHTWEIGHT_PROT=1 - ) - - target_link_libraries(TCPclient - pico_stdlib - pico_rand - - # pico_cyw43_arch_lwip_sys_freertos - # pico_cyw43_arch_lwip_poll - # pico_cyw43_arch_none - - pico_lwip - # pico_lwip_core4 - # pico_lwip_core6 - pico_cyw43_arch - pico_lwip_nosys - pico_async_context_poll - # pico_lwip_iperf - - # pico_lwip_freertos - # pico_async_context_freertos - # pico_lwip_port - # pico_cyw43_driver - # pico_lwip_api - pico_lwip_netif - # FreeRTOS-Kernel - # FreeRTOS-Kernel-Heap4 # FreeRTOS kernel and dynamic heap - ) - - pico_add_extra_outputs(TCPclient) -endif() add_executable(Wifi src/blink.c @@ -151,6 +141,7 @@ pico_enable_stdio_usb(tcp_Client 1) pico_enable_stdio_uart(tcp_Client 0) target_compile_definitions(tcp_Client PRIVATE + WOLFSSL_USER_SETTINGS WIFI_SSID=\"${WIFI_SSID}\" WIFI_PASSWORD=\"${WIFI_PASSWORD}\" TEST_TCP_SERVER_IP=\"${TEST_TCP_SERVER_IP}\" @@ -167,4 +158,37 @@ target_link_libraries(tcp_Client pico_async_context_poll ) -pico_add_extra_outputs(tcp_Client) \ No newline at end of file +pico_add_extra_outputs(tcp_Client) + + +add_executable(tls_Client + src/blink.c + src/wifi.c + src/tcp.c + src/tlsClient_main.c +) + +# enable usb output, disable uart output +pico_enable_stdio_usb(tls_Client 1) +pico_enable_stdio_uart(tls_Client 0) + +target_compile_definitions(tls_Client PRIVATE + WOLFSSL_USER_SETTINGS + WIFI_SSID=\"${WIFI_SSID}\" + WIFI_PASSWORD=\"${WIFI_PASSWORD}\" + TEST_TCP_SERVER_IP=\"${TEST_TCP_SERVER_IP}\" + PICO_CYW43_ARCH_POLL + NO_SYS=1 +) + +target_link_libraries(tls_Client + pico_stdlib + pico_rand + pico_lwip + pico_cyw43_arch + pico_lwip_nosys + pico_async_context_poll + wolfssl +) + +pico_add_extra_outputs(tls_Client) diff --git a/RPi-Pico/config/user_settings.h b/RPi-Pico/config/user_settings.h index d43aec23..3b06094a 100644 --- a/RPi-Pico/config/user_settings.h +++ b/RPi-Pico/config/user_settings.h @@ -32,8 +32,12 @@ extern "C" { #endif +#include #define TARGET_EMBEDDED +extern time_t myTime(time_t *); +#define XTIME(t) myTime(t) + /* ------------------------------------------------------------------------- */ /* Platform */ /* ------------------------------------------------------------------------- */ @@ -106,7 +110,9 @@ extern "C" /* Maximum math bits (Max RSA key bits * 2) */ #define FP_MAX_BITS 4096 #endif +#endif +#if 1 /* half as much memory but twice as slow */ // #define RSA_LOW_MEM @@ -121,7 +127,7 @@ extern "C" /* DH */ #undef NO_DH -#if 0 +#if 1 /* Use table for DH instead of -lm (math) lib dependency */ #if 1 #define WOLFSSL_DH_CONST @@ -140,7 +146,7 @@ extern "C" #define HAVE_ECC /* Manually define enabled curves */ -#define ECC_USER_CURVES +//#define ECC_USER_CURVES #ifdef ECC_USER_CURVES /* Manual Curve Selection */ diff --git a/RPi-Pico/include/wolf/tcp.h b/RPi-Pico/include/wolf/tcp.h index a6836988..44038998 100644 --- a/RPi-Pico/include/wolf/tcp.h +++ b/RPi-Pico/include/wolf/tcp.h @@ -29,7 +29,7 @@ #include "wolf/common.h" #define DEBUG_printf printf -#define BUF_SIZE 2048 +#define BUF_SIZE (4096*2) typedef struct { struct tcp_pcb *tcp_pcb; @@ -45,5 +45,5 @@ typedef struct { WOLF_SOCKET_T *wolf_TCPsocket(void); static err_t wolf_TCPfree(WOLF_SOCKET_T *); bool wolf_TCPconnect(WOLF_SOCKET_T *, const char*, uint32_t); -size_t wolf_TCPwrite(WOLF_SOCKET_T *, const unsigned char *, uint32_t); -size_t wolf_TCPread(WOLF_SOCKET_T *, unsigned char *, uint32_t); \ No newline at end of file +int wolf_TCPread (WOLF_SOCKET_T *, unsigned char *, long unsigned int); +int wolf_TCPwrite(WOLF_SOCKET_T *, const unsigned char *, long unsigned int); \ No newline at end of file diff --git a/RPi-Pico/src/bench_main.c b/RPi-Pico/src/bench_main.c index 7f055690..11e428c8 100644 --- a/RPi-Pico/src/bench_main.c +++ b/RPi-Pico/src/bench_main.c @@ -20,6 +20,9 @@ */ #include + +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/ssl.h" #include #include @@ -27,6 +30,8 @@ #include "pico/cyw43_arch.h" #include "wolf/blink.h" + + int main(int argc, char **argv) { int i; @@ -37,3 +42,10 @@ int main(int argc, char **argv) printf("End: %d\n", ret); return ret; } + +#include +time_t myTime(time_t *t) +{ + *t = (((2023 - 1970) * 12 + 8) * 30 * 24 * 60 * 60); + return *t; +} \ No newline at end of file diff --git a/RPi-Pico/src/tcp.c b/RPi-Pico/src/tcp.c index e160c234..c211ea43 100644 --- a/RPi-Pico/src/tcp.c +++ b/RPi-Pico/src/tcp.c @@ -23,13 +23,12 @@ #include "pico/cyw43_arch.h" #include "pico/stdlib.h" -#include "lwip/pbuf.h" -#include "lwip/tcp.h" -//#include "lwip/ip_addr.h" +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/ssl.h" #include "wolf/tcp.h" -#define DEBUG_printf printf -#define BUF_SIZE 2048 +#include "lwip/pbuf.h" +#include "lwip/tcp.h" #define TEST_ITERATIONS 10 #define POLL_TIME_S 5 @@ -37,6 +36,18 @@ #define TEST_TASK_PRIORITY (tskIDLE_PRIORITY + 2UL) #define BLINK_TASK_PRIORITY (tskIDLE_PRIORITY + 1UL) +static void dump_bytes(const uint8_t *p, uint32_t len) +{ + for (; len; len--, p++) { + if (((unsigned long)p & 0x07) == 0) { + DEBUG_printf("\n"); + } + DEBUG_printf("%02x ", *p); + } + DEBUG_printf("\n"); +} + + err_t wolf_TCPclose(WOLF_SOCKET_T *sock) { err_t err = ERR_OK; @@ -48,8 +59,7 @@ err_t wolf_TCPclose(WOLF_SOCKET_T *sock) tcp_recv(sock->tcp_pcb, NULL); tcp_err(sock->tcp_pcb, NULL); err = tcp_close(sock->tcp_pcb); - if (err != ERR_OK) - { + if (err != ERR_OK) { DEBUG_printf("close failed %d, calling abort\n", err); tcp_abort(sock->tcp_pcb); err = ERR_ABRT; @@ -60,8 +70,6 @@ err_t wolf_TCPclose(WOLF_SOCKET_T *sock) return err; } -// Called with results of operation -// Called with results of operation static err_t tcp_result(WOLF_SOCKET_T *sock, int status) { if (status == 0) { @@ -100,29 +108,24 @@ static err_t lwip_cb_client_sent(void *arg, struct tcp_pcb *tpcb, u16_t len) static err_t lwip_cb_client_connected(void *arg, struct tcp_pcb *tpcb, err_t err) { - char msg[] = "Hello Server"; - WOLF_SOCKET_T *sock = (WOLF_SOCKET_T *)arg; if (err != ERR_OK) { - printf("connect failed %d\n", err); + DEBUG_printf("connect failed %d\n", err); return tcp_result(arg, err); } sock->connected = true; - DEBUG_printf("Connected.\n"); return ERR_OK; } static err_t lwip_cb_client_poll(void *arg, struct tcp_pcb *tpcb) { - DEBUG_printf("tcp_client_poll\n"); return tcp_result(arg, -1); // no response is an error? } static void lwip_cb_client_err(void *arg, err_t err) { - if (err != ERR_ABRT) - { + if (err != ERR_ABRT) { DEBUG_printf("tcp_client_err %d\n", err); tcp_result(arg, err); } @@ -131,36 +134,20 @@ static void lwip_cb_client_err(void *arg, err_t err) static err_t lwip_cb_client_recv(void *arg, struct tcp_pcb *tpcb, struct pbuf *p, err_t err) { WOLF_SOCKET_T *sock = (WOLF_SOCKET_T *)arg; - if (!p) - { + if (!p) { return tcp_result(arg, -1); } - // this method is callback from lwIP, so cyw43_arch_lwip_begin is not required, however you - // can use this method to cause an assertion in debug mode, if this method is called when - // cyw43_arch_lwip_begin IS needed + cyw43_arch_lwip_check(); if (p->tot_len > 0) { - DEBUG_printf("recv %d err %d\n", p->tot_len, err); - // Receive the buffer const uint16_t buffer_left = BUF_SIZE - sock->buffer_len; sock->buffer_len += pbuf_copy_partial(p, sock->buffer + sock->buffer_len, p->tot_len > buffer_left ? buffer_left : p->tot_len, 0); tcp_recved(tpcb, p->tot_len); + DEBUG_printf("sock->buffer_len = %d\n", sock->buffer_len); } pbuf_free(p); - - // If we have received the whole buffer, send it back to the server - if (sock->buffer_len == BUF_SIZE) - { - DEBUG_printf("Writing %d bytes to server\n", sock->buffer_len); - err_t err = tcp_write(tpcb, sock->buffer, sock->buffer_len, TCP_WRITE_FLAG_COPY); - if (err != ERR_OK) - { - DEBUG_printf("Failed to write data %d\n", err); - return tcp_result(arg, -1); - } - } return ERR_OK; } @@ -170,8 +157,7 @@ bool wolf_TCPconnect(WOLF_SOCKET_T *sock, const char *ip, uint32_t port) DEBUG_printf("wolf_TCPconnect: Connecting to %s port %u\n", ip4addr_ntoa(&sock->remote_addr), port); sock->tcp_pcb = tcp_new_ip_type(IP_GET_TYPE(&sock->remote_addr)); - if (!sock->tcp_pcb) - { + if (!sock->tcp_pcb) { DEBUG_printf("failed to create pcb\n"); return false; } @@ -184,18 +170,20 @@ bool wolf_TCPconnect(WOLF_SOCKET_T *sock, const char *ip, uint32_t port) sock->buffer_len = 0; - // cyw43_arch_lwip_begin/end should be used around calls into lwIP to ensure correct locking. - // You can omit them if you are in a callback from lwIP. Note that when using pico_cyw_arch_poll - // these calls are a no-op and can be omitted, but it is a good practice to use them in - // case you switch the cyw43_arch type later. cyw43_arch_lwip_begin(); err_t err = tcp_connect(sock->tcp_pcb, &sock->remote_addr, port, lwip_cb_client_connected); cyw43_arch_lwip_end(); if (err == ERR_OK) - DEBUG_printf("wolf_TCPconnect: Connected"); - else + DEBUG_printf("wolf_TCPconnect: Connecting"); + else { DEBUG_printf("wolf_TCPconnect: Failed"); - return err == ERR_OK; + return WOLF_FAIL; + } + while (sock->connected != true) { + cyw43_arch_poll(); + cyw43_arch_wait_for_work_until(make_timeout_time_ms(1000)); + } + return WOLF_SUCCESS; } // get a new TCP client @@ -210,32 +198,53 @@ WOLF_SOCKET_T *wolf_TCPsocket() return sock; } -size_t wolf_TCPwrite(WOLF_SOCKET_T *sock, const unsigned char *buff, uint32_t len) +int wolf_TCPwrite(WOLF_SOCKET_T *sock, const unsigned char *buff, long unsigned int len) { - return tcp_write(sock->tcp_pcb, buff, len, TCP_WRITE_FLAG_COPY); + int ret; + int i; + + DEBUG_printf("wolf_TCPread(%lx, %lx, %d)\n", sock, buff, len); + sock->sent_len = 0; + ret = tcp_write(sock->tcp_pcb, buff, len, TCP_WRITE_FLAG_COPY); + + if (ret == ERR_OK) { + tcp_output(sock->tcp_pcb); + } + while(sock->sent_len < len) { + putchar('>'); + cyw43_arch_poll(); + cyw43_arch_wait_for_work_until(make_timeout_time_ms(1000)); + } + putchar('\n'); + return (int)len; } -size_t wolf_TCPread(WOLF_SOCKET_T *sock, unsigned char *buff, uint32_t len) +int wolf_TCPread(WOLF_SOCKET_T *sock, unsigned char *buff, long unsigned int len) { int recv_len; int remained; + int i; + #define POLLING 200 + + DEBUG_printf("wolf_TCPread(%lx, %lx, %d)\n", sock, buff, len); - while(1) { + for(i=0; ibuffer_len > 0) { recv_len = len < sock->buffer_len ? len : sock->buffer_len; - memcpy(sock->buffer, buff,recv_len); - if(recv_len == len) { + memcpy(buff, sock->buffer, recv_len); + if(recv_len >= len) { remained = sock->buffer_len - recv_len; sock->buffer_len = remained; - memcpy(sock->buffer, sock->buffer+recv_len, remained); + for(i=0; ibuffer[i] = sock->buffer[i+recv_len]; } else sock->buffer_len = 0; - return recv_len; - } else { - printf("cyw43_arch_poll()\n"); - cyw43_arch_poll(); - cyw43_arch_wait_for_work_until(make_timeout_time_ms(1000)); - } + DEBUG_printf("\n"); + return recv_len; + } + DEBUG_printf(">"); + cyw43_arch_poll(); + cyw43_arch_wait_for_work_until(make_timeout_time_ms(1000)); } } \ No newline at end of file diff --git a/RPi-Pico/src/tcpClient_main.c b/RPi-Pico/src/tcpClient_main.c index 8393e23c..1152a622 100644 --- a/RPi-Pico/src/tcpClient_main.c +++ b/RPi-Pico/src/tcpClient_main.c @@ -31,17 +31,6 @@ #define TCP_PORT 1111 -static void dump_bytes(const uint8_t *p, uint32_t len) -{ - for (; len; len--, p++) { - if (((unsigned long)p & 0x07) == 0) { - printf("\n"); - } - printf("%02x ", *p); - } - printf("\n"); -} - void tcpClient_test(void) { int i; @@ -57,7 +46,7 @@ void tcpClient_test(void) printf("ERROR:wolf_TCPsocke()\n"); return; } - if (!wolf_TCPconnect(sock, TEST_TCP_SERVER_IP, TCP_PORT)) { + if (wolf_TCPconnect(sock, TEST_TCP_SERVER_IP, TCP_PORT) != WOLF_SUCCESS) { printf("ERROR:wolf_TCPconnect()\n"); goto exit; } @@ -75,8 +64,7 @@ void tcpClient_test(void) DEBUG_printf("Failed to read data. err=%d\n", err); goto exit; } - DEBUG_printf("Read data %d bytes\n", err); - dump_bytes(buffer, err); + DEBUG_printf("Read data %d bytes: %s\n", err, buffer); exit: free(sock); diff --git a/RPi-Pico/src/test_main.c b/RPi-Pico/src/test_main.c new file mode 100644 index 00000000..8c224a6a --- /dev/null +++ b/RPi-Pico/src/test_main.c @@ -0,0 +1,53 @@ +/* bench_main.c + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/ssl.h" +#include + +#include +#include "pico/stdlib.h" +#include "pico/cyw43_arch.h" +#include "wolf/blink.h" + +int main(int argc, char **argv) +{ + int i; + int ret; + + blink(10, WOLF_BLINK_INIT); + + wolfSSL_Init(); + wolfSSL_Debugging_ON(); + + ret = wolfcrypt_test(NULL); + printf("End: %d\n", ret); + return ret; +} + +#include +time_t myTime(time_t *t) +{ + *t = (((2023 - 1970) * 12 + 8) * 30 * 24 * 60 * 60); + return *t; +} \ No newline at end of file diff --git a/RPi-Pico/src/tlsClient_main.c b/RPi-Pico/src/tlsClient_main.c new file mode 100644 index 00000000..25a53c06 --- /dev/null +++ b/RPi-Pico/src/tlsClient_main.c @@ -0,0 +1,190 @@ +/* tcpClient_main.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include "pico/stdlib.h" +#include "pico/cyw43_arch.h" + +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/ssl.h" + +#include "wolf/common.h" +#include "wolf/tcp.h" +#include "wolf/wifi.h" +#include "wolf/blink.h" +#include "lwip/tcp.h" + +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/ssl.h" + +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 +#include + +#define TCP_PORT 1111 + +int wolf_cb_TCPwrite(WOLFSSL *ssl, const unsigned char *buff, long unsigned int len, void *ctx) +{ + (void)ssl; + unsigned long ret; + WOLF_SOCKET_T *sock = (WOLF_SOCKET_T *)ctx; + + printf("wolf_cb_TCPwrite(%lx, %d, %lx)\n", (unsigned long)buff, len, (unsigned long)ctx); + ret = wolf_TCPwrite(sock, buff, len); + printf("ret = %d\n", ret); + return ret; +} + +int wolf_cb_TCPread(WOLFSSL *ssl, unsigned char *buff, long unsigned int len, void *ctx) +{ + (void)ssl; + WOLF_SOCKET_T *sock = (WOLF_SOCKET_T *)ctx; + int ret; + + printf("wolf_cb_TCPread(%lx, %d, %lx)\n", (unsigned long)buff, len, (unsigned long)ctx); + ret = wolf_TCPread(sock, buff, len); + printf("ret = %d\n", ret); + return ret; +} + +void tlsClient_test(void) +{ + int i; + int ret; +#define BUFF_SIZE 2048 + static char buffer[BUFF_SIZE]; + char msg[] = "Hello Server"; + + WOLF_SOCKET_T *sock = NULL; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + + printf("tlsClient_test\n"); + /* Initialize wolfSSL */ + wolfSSL_Init(); + wolfSSL_Debugging_ON(); + + if ((ctx = wolfSSL_CTX_new((wolfTLSv1_2_client_method()))) == NULL) { + printf("ERROR:wolfSSL_CTX_new()\n"); + return; + } + printf("wolfSSL_CTX_new: %lx\n", (unsigned long)ctx); + /* Load client certificates into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, + sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1)) != WOLFSSL_SUCCESS) { + printf("ERROR: failed to load CA cert. %d\n", ret); + goto exit; + } + printf("wolfSSL_SetIO: "); + wolfSSL_SetIORecv(ctx, (CallbackIORecv)wolf_cb_TCPread); + wolfSSL_SetIOSend(ctx, (CallbackIOSend)wolf_cb_TCPwrite); + printf("Done "); + + if ((sock = wolf_TCPsocket()) == NULL) { + printf("ERROR:wolf_TCPsocke()\n"); + return; + } + printf("wolf_TCPsocket: %lx\n", (unsigned long)sock); + if ((ret = wolf_TCPconnect(sock, TEST_TCP_SERVER_IP, TCP_PORT) != WOLF_SUCCESS)) { + printf("ERROR:wolf_TCPconnect\n"); + goto exit; + } + printf("wolf_TCPconnect: %d\n", ret); + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + ret = -1; + goto exit; + } + printf("wolfSSL_SetIOctx: "); + wolfSSL_SetIOReadCtx(ssl, sock); + wolfSSL_SetIOWriteCtx(ssl, sock); + printf("Done\n"); + + if ((ret = wolfSSL_connect(ssl)) != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to connect to wolfSSL(%d)\n", + wolfSSL_get_error(ssl, ret)); + goto exit; + } + + DEBUG_printf("Writing to server: %s\n", msg); + ret = wolfSSL_write(ssl, msg, strlen(msg)); + if (ret < 0) { + DEBUG_printf("Failed to write data. err=%d\n", ret); + goto exit; + } + DEBUG_printf("Writen data %d bytes\n", ret); + + ret = wolfSSL_read(ssl, buffer, BUFF_SIZE); + if (ret < 0) { + DEBUG_printf("Failed to read data. err=%d\n", ret); + goto exit; + } + DEBUG_printf("Read data %d bytes\nMessage: %s", ret, buffer); + + +exit: + if (ssl) + wolfSSL_free(ssl); /* Free the wolfSSL object */ + if (sock) + free(sock); /* Close the connection to the server */ + if (ctx) + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ + +} + +void main(void) +{ + blink(20, 1); + printf("Started main_task\n"); + + cyw43_arch_enable_sta_mode(); + printf("Connecting to Wi-Fi...\n"); + printf("WIFI_SSID=%s, WIFI_PASSWORD=%s\n", WIFI_SSID, WIFI_PASSWORD); + if (wolf_wifiConnect(WIFI_SSID, WIFI_PASSWORD, CYW43_AUTH_WPA2_AES_PSK, 30000)) { + printf("failed to connect.\n"); + return; + } else { + printf("Connected.\n"); + } + cyw43_arch_lwip_begin(); + printf("\nReady, starting TLS client\n"); + + tlsClient_test(); + + cyw43_arch_lwip_end(); + cyw43_arch_deinit(); + + printf("End of iperf client\n"); +} + +void lwip_example_app_platform_assert(const char *msg, int line, const char *file) +{ + printf("Assertion \"%s\" failed at line %d in %s\n", msg, line, file); + fflush(NULL); +} + +#include +time_t myTime(time_t *t) +{ + *t = (((2023 - 1970) * 365 + (8 * 30)) * 24 * 60 * 60); + return *t; +} \ No newline at end of file diff --git a/RPi-Pico/user_settings.h b/RPi-Pico/user_settings.h deleted file mode 100644 index d43aec23..00000000 --- a/RPi-Pico/user_settings.h +++ /dev/null @@ -1,542 +0,0 @@ -/* user_settings.h - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/* Example wolfSSL user settings with #if 0/1 gates to enable/disable algorithms and features. - * This file is included with wolfssl/wolfcrypt/settings.h when WOLFSSL_USER_SETTINGS is defined. - * Based on IDE/GCC-ARM/Headers/user_settings.h - */ - -#ifndef WOLFSSL_USER_SETTINGS_H -#define WOLFSSL_USER_SETTINGS_H - -#ifdef __cplusplus -extern "C" -{ -#endif - -#define TARGET_EMBEDDED - -/* ------------------------------------------------------------------------- */ -/* Platform */ -/* ------------------------------------------------------------------------- */ -#define WOLFSSL_GENERAL_ALIGNMENT 4 -#define SIZEOF_LONG_LONG 8 -#if 0 -#define NO_64BIT /* disable use of 64-bit variables */ -#endif - -#ifdef TARGET_EMBEDDED -/* disable mutex locking */ -#define SINGLE_THREADED - -/* reduce stack use. For variables over 100 bytes allocate from heap */ -#define WOLFSSL_SMALL_STACK - -/* Disable the built-in socket support and use the IO callbacks. - * Set IO callbacks with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend - */ -#define WOLFSSL_USER_IO -#endif - -/* ------------------------------------------------------------------------- */ -/* Math Configuration */ -/* ------------------------------------------------------------------------- */ -/* Wolf Single Precision Math */ -#if 1 -#define WOLFSSL_HAVE_SP_RSA -#define WOLFSSL_HAVE_SP_DH -#define WOLFSSL_HAVE_SP_ECC -// #define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */ -// #define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */ - -// #define WOLFSSL_SP_CACHE_RESISTANT -// #define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */ -#define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */ - - // #define WOLFSSL_SP_NO_MALLOC - // #define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */ - -#ifdef TARGET_EMBEDDED -/* use smaller version of code */ -//#define WOLFSSL_SP_SMALL -#else -/* SP Assembly Speedups - specific to chip type */ -#define WOLFSSL_SP_ASM -#endif - // #define WOLFSSL_SP_X86_64 - // #define WOLFSSL_SP_X86 - // #define WOLFSSL_SP_ARM32_ASM - // #define WOLFSSL_SP_ARM64_ASM - // #define WOLFSSL_SP_ARM_THUMB_ASM - // #define WOLFSSL_SP_ARM_CORTEX_M_ASM -#elif 1 -/* Fast Math (tfm.c) (stack based and timing resistant) */ -#define USE_FAST_MATH -#define TFM_TIMING_RESISTANT -#else -/* Normal (integer.c) (heap based, not timing resistant) - not recommended*/ -#define USE_INTEGER_HEAP_MATH -#endif - -/* ------------------------------------------------------------------------- */ -/* Crypto */ -/* ------------------------------------------------------------------------- */ -/* RSA */ -#undef NO_RSA -#if 0 -#ifdef USE_FAST_MATH -/* Maximum math bits (Max RSA key bits * 2) */ -#define FP_MAX_BITS 4096 -#endif - -/* half as much memory but twice as slow */ -// #define RSA_LOW_MEM - -/* Enables blinding mode, to prevent timing attacks */ -#define WC_RSA_BLINDING - -/* RSA PSS Support */ -#define WC_RSA_PSS -#else -#define NO_RSA -#endif - -/* DH */ -#undef NO_DH -#if 0 -/* Use table for DH instead of -lm (math) lib dependency */ -#if 1 -#define WOLFSSL_DH_CONST -#define HAVE_FFDHE_2048 - // #define HAVE_FFDHE_4096 - // #define HAVE_FFDHE_6144 - // #define HAVE_FFDHE_8192 -#endif -#else -#define NO_DH -#endif - -/* ECC */ -#undef HAVE_ECC -#if 1 -#define HAVE_ECC - -/* Manually define enabled curves */ -#define ECC_USER_CURVES - -#ifdef ECC_USER_CURVES -/* Manual Curve Selection */ -// #define HAVE_ECC192 -// #define HAVE_ECC224 -#undef NO_ECC256 - // #define HAVE_ECC384 - // #define HAVE_ECC521 -#endif - -/* Fixed point cache (speeds repeated operations against same private key) */ -// #define FP_ECC -#ifdef FP_ECC -/* Bits / Entries */ -#define FP_ENTRIES 2 -#define FP_LUT 4 -#endif - -/* Optional ECC calculation method */ -/* Note: doubles heap usage, but slightly faster */ -#define ECC_SHAMIR - -/* Reduces heap usage, but slower */ -#define ECC_TIMING_RESISTANT - -/* Compressed ECC Key Support */ -// #define HAVE_COMP_KEY - -/* Use alternate ECC size for ECC math */ -#ifdef USE_FAST_MATH -/* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ -#if defined(NO_RSA) && defined(NO_DH) -/* Custom fastmath size if not using RSA/DH */ -#define FP_MAX_BITS (256 * 2) -#else -/* use heap allocation for ECC points */ -#define ALT_ECC_SIZE - - /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */ - // #define FP_MAX_BITS_ECC (256 * 2) -#endif - -/* Speedups specific to curve */ -#ifndef NO_ECC256 -#define TFM_ECC256 -#endif -#endif -#endif - -/* AES */ -#undef NO_AES -#if 1 -#define HAVE_AES_CBC - -/* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */ -#define HAVE_AESGCM -#if 0 //TARGET_EMBEDDED -#define GCM_SMALL -#else -#define GCM_TABLE_4BIT -#endif - - // #define WOLFSSL_AES_DIRECT - // #define HAVE_AES_ECB - // #define WOLFSSL_AES_COUNTER - // #define HAVE_AESCCM -#else -#define NO_AES -#endif - -/* DES3 */ -#undef NO_DES3 -#if 0 -#else -#define NO_DES3 -#endif - -/* ChaCha20 / Poly1305 */ -#undef HAVE_CHACHA -#undef HAVE_POLY1305 -#if 1 -#define HAVE_CHACHA -#define HAVE_POLY1305 - -/* Needed for Poly1305 */ -#define HAVE_ONE_TIME_AUTH -#endif - -/* Ed25519 / Curve25519 */ -#undef HAVE_CURVE25519 -#undef HAVE_ED25519 -#if 1 -#define HAVE_CURVE25519 -#define HAVE_ED25519 /* ED25519 Requires SHA512 */ - - /* Optionally use small math (less flash usage, but much slower) */ -#if 0 -#define CURVED25519_SMALL -#endif -#endif - -/* Ed448 / Curve448 */ -#undef HAVE_CURVE448 -#undef HAVE_ED448 -#if 1 -#define HAVE_CURVE448 -#define HAVE_ED448 /* ED448 Requires SHA512 */ - - /* Optionally use small math (less flash usage, but much slower) */ -#if 0 -#define CURVED448_SMALL -#endif -#endif -/* ------------------------------------------------------------------------- */ -/* Hashing */ -/* ------------------------------------------------------------------------- */ -/* Sha */ -#undef NO_SHA -#if 1 - /* 1k smaller, but 25% slower */ - // #define USE_SLOW_SHA -#else -#define NO_SHA -#endif - -/* Sha256 */ -#undef NO_SHA256 -#if 1 -/* not unrolled - ~2k smaller and ~25% slower */ -// #define USE_SLOW_SHA256 - -/* Sha224 */ -#if 0 -#define WOLFSSL_SHA224 -#endif -#else -#define NO_SHA256 -#endif - -/* Sha512 */ -#undef WOLFSSL_SHA512 -#if 1 -#define WOLFSSL_SHA512 - - /* Sha384 */ -#undef WOLFSSL_SHA384 -#if 1 -#define WOLFSSL_SHA384 -#endif - - /* over twice as small, but 50% slower */ - //#define USE_SLOW_SHA512 -#endif - -/* Sha3 */ -#undef WOLFSSL_SHA3 -#if 1 -#define WOLFSSL_SHA3 -#endif - -/* MD5 */ -#undef NO_MD5 -#if 0 - -#else -#define NO_MD5 -#endif - -/* HKDF */ -#undef HAVE_HKDF -#if 1 -#define HAVE_HKDF -#endif - -/* CMAC */ -#undef WOLFSSL_CMAC -#if 0 -#define WOLFSSL_CMAC -#endif - -/* ------------------------------------------------------------------------- */ -/* Benchmark / Test */ -/* ------------------------------------------------------------------------- */ -#ifdef TARGET_EMBEDDED -/* Use reduced benchmark / test sizes */ -#define BENCH_EMBEDDED -#endif - -/* Use test buffers from array (not filesystem) */ -#ifndef NO_FILESYSTEM -#define USE_CERT_BUFFERS_256 -#define USE_CERT_BUFFERS_2048 -#endif - - /* ------------------------------------------------------------------------- */ - /* Debugging */ - /* ------------------------------------------------------------------------- */ - -#undef DEBUG_WOLFSSL -#undef NO_ERROR_STRINGS -#if 0 -#define DEBUG_WOLFSSL -#else -#if 0 -#define NO_ERROR_STRINGS -#endif -#endif - -/* ------------------------------------------------------------------------- */ -/* Memory */ -/* ------------------------------------------------------------------------- */ - -/* Override Memory API's */ -#if 0 -#define XMALLOC_OVERRIDE - - /* prototypes for user heap override functions */ - /* Note: Realloc only required for normal math */ -#include /* for size_t */ - extern void *myMalloc(size_t n, void* heap, int type); - extern void myFree(void *p, void* heap, int type); - extern void *myRealloc(void *p, size_t n, void* heap, int type); - -#define XMALLOC(n, h, t) myMalloc(n, h, t) -#define XFREE(p, h, t) myFree(p, h, t) -#define XREALLOC(p, n, h, t) myRealloc(p, n, h, t) -#endif - -#if 0 - /* Static memory requires fast math */ -#define WOLFSSL_STATIC_MEMORY - - /* Disable fallback malloc/free */ -#define WOLFSSL_NO_MALLOC -#if 1 -#define WOLFSSL_MALLOC_CHECK /* trap malloc failure */ -#endif -#endif - -/* Memory callbacks */ -#if 0 -#undef USE_WOLFSSL_MEMORY -#define USE_WOLFSSL_MEMORY - - /* Use this to measure / print heap usage */ -#if 0 -#define WOLFSSL_TRACK_MEMORY -#define WOLFSSL_DEBUG_MEMORY -#endif -#else -#ifndef WOLFSSL_STATIC_MEMORY -#define NO_WOLFSSL_MEMORY - /* Otherwise we will use stdlib malloc, free and realloc */ -#endif -#endif - -/* ------------------------------------------------------------------------- */ -/* Port */ -/* ------------------------------------------------------------------------- */ - -/* Override Current Time */ -#if 0 - /* Allows custom "custom_time()" function to be used for benchmark */ -#define WOLFSSL_USER_CURRTIME -#define WOLFSSL_GMTIME -#define USER_TICKS - extern unsigned long my_time(unsigned long* timer); -#define XTIME my_time -#endif - -/* ------------------------------------------------------------------------- */ -/* RNG */ -/* ------------------------------------------------------------------------- */ - -/* Choose RNG method */ -#if 1 -/* Custom Seed Source */ - /* Size of returned HW RNG value */ -//#define CUSTOM_RAND_TYPE unsigned int -unsigned long get_rand_32(void); -#undef CUSTOM_RAND_GENERATE -#define CUSTOM_RAND_GENERATE get_rand_32 -#endif - -#if 1 -/* Use built-in P-RNG (SHA256 based) with HW RNG */ -/* P-RNG + HW RNG (P-RNG is ~8K) */ -#undef HAVE_HASHDRBG -#define HAVE_HASHDRBG -#else -#undef WC_NO_HASHDRBG -#define WC_NO_HASHDRBG -#endif - -#if 0 -/* Bypass P-RNG and use only HW RNG */ -extern int my_rng_gen_block(unsigned char *output, unsigned int sz); -#undef CUSTOM_RAND_GENERATE_BLOCK -#define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block -#endif - - -/* ------------------------------------------------------------------------- */ -/* Custom Standard Lib */ -/* ------------------------------------------------------------------------- */ -/* Allows override of all standard library functions */ -#undef STRING_USER -#if 0 -#define STRING_USER - -#include - -#define USE_WOLF_STRSEP -#define XSTRSEP(s1, d) wc_strsep((s1), (d)) - -#define USE_WOLF_STRTOK -#define XSTRTOK(s1, d, ptr) wc_strtok((s1), (d), (ptr)) - -#define XSTRNSTR(s1, s2, n) mystrnstr((s1), (s2), (n)) - -#define XMEMCPY(d, s, l) memcpy((d), (s), (l)) -#define XMEMSET(b, c, l) memset((b), (c), (l)) -#define XMEMCMP(s1, s2, n) memcmp((s1), (s2), (n)) -#define XMEMMOVE(d, s, l) memmove((d), (s), (l)) - -#define XSTRLEN(s1) strlen((s1)) -#define XSTRNCPY(s1, s2, n) strncpy((s1), (s2), (n)) -#define XSTRSTR(s1, s2) strstr((s1), (s2)) - -#define XSTRNCMP(s1, s2, n) strncmp((s1), (s2), (n)) -#define XSTRNCAT(s1, s2, n) strncat((s1), (s2), (n)) -#define XSTRNCASECMP(s1, s2, n) strncasecmp((s1), (s2), (n)) - -#define XSNPRINTF snprintf -#endif - - /* ------------------------------------------------------------------------- */ - /* Enable Features */ - /* ------------------------------------------------------------------------- */ - -#define WOLFSSL_TLS13 -#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */ -#define HAVE_TLS_EXTENSIONS -#define HAVE_SUPPORTED_CURVES -#define WOLFSSL_BASE64_ENCODE - -// #define WOLFSSL_KEY_GEN /* For RSA Key gen only */ -// #define KEEP_PEER_CERT -// #define HAVE_COMP_KEY - -/* TLS Session Cache */ -#if 0 -#define SMALL_SESSION_CACHE -#else -#define NO_SESSION_CACHE -#endif - -/* ------------------------------------------------------------------------- */ -/* Disable Features */ -/* ------------------------------------------------------------------------- */ -// #define NO_WOLFSSL_SERVER -// #define NO_WOLFSSL_CLIENT -// #define NO_CRYPT_TEST -// #define NO_CRYPT_BENCHMARK -// #define WOLFCRYPT_ONLY - -/* do not warm when file is included to be built and not required to be */ -#//define WOLFSSL_IGNORE_FILE_WARN - - /* In-lining of misc.c functions */ - /* If defined, must include wolfcrypt/src/misc.c in build */ - /* Slower, but about 1k smaller */ - // #define NO_INLINE - -#ifdef TARGET_EMBEDDED -#define NO_FILESYSTEM -#define NO_WRITEV -#define NO_MAIN_DRIVER -#define NO_DEV_RANDOM -#endif - -#define NO_OLD_TLS -#define NO_PSK - -#define NO_DSA -#define NO_RC4 -#define NO_MD4 -#define NO_PWDBASED - // #define NO_CODING - // #define NO_ASN_TIME - // #define NO_CERTS - // #define NO_SIG_WRAPPER - -#ifdef __cplusplus -} -#endif - -#endif /* WOLFSSL_USER_SETTINGS_H */ -