From d6f5f815e100b60e5cce04beb91e890f2a00428b Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 17 Aug 2021 11:12:40 -0700 Subject: [PATCH] Fix for `srp_test_digest` return code checking. Added GCC-ARM TLS server example. --- IDE/GCC-ARM/Makefile | 4 +- IDE/GCC-ARM/Makefile.server | 7 ++ IDE/GCC-ARM/Source/armtarget.c | 2 +- IDE/GCC-ARM/Source/tls_client.c | 22 ++-- IDE/GCC-ARM/Source/tls_server.c | 206 ++++++++++++++++++++++++++++++++ wolfcrypt/test/test.c | 6 +- 6 files changed, 231 insertions(+), 16 deletions(-) create mode 100644 IDE/GCC-ARM/Makefile.server create mode 100644 IDE/GCC-ARM/Source/tls_server.c diff --git a/IDE/GCC-ARM/Makefile b/IDE/GCC-ARM/Makefile index ba4010c42..e24939b9b 100644 --- a/IDE/GCC-ARM/Makefile +++ b/IDE/GCC-ARM/Makefile @@ -1,6 +1,6 @@ BUILD_DIR = ./Build -all: WolfSSLStaticLib WolfCryptTest WolfCryptBench WolfSSLClient +all: WolfSSLStaticLib WolfCryptTest WolfCryptBench WolfSSLClient WolfSSLServer WolfCryptTest: $(MAKE) -f Makefile.test @@ -8,6 +8,8 @@ WolfCryptBench: $(MAKE) -f Makefile.bench WolfSSLClient: $(MAKE) -f Makefile.client +WolfSSLServer: + $(MAKE) -f Makefile.server WolfSSLStaticLib: $(MAKE) -f Makefile.static diff --git a/IDE/GCC-ARM/Makefile.server b/IDE/GCC-ARM/Makefile.server new file mode 100644 index 000000000..7eaac91ee --- /dev/null +++ b/IDE/GCC-ARM/Makefile.server @@ -0,0 +1,7 @@ +# Project name +BIN = WolfSSLServer +SRC_C = ./Source/tls_server.c + +all: build_hex + +include Makefile.common diff --git a/IDE/GCC-ARM/Source/armtarget.c b/IDE/GCC-ARM/Source/armtarget.c index c718c6ba5..5f659a6cb 100644 --- a/IDE/GCC-ARM/Source/armtarget.c +++ b/IDE/GCC-ARM/Source/armtarget.c @@ -71,7 +71,7 @@ void reset_handler(void) /* Init heap */ __heap_start__[0] = 0; - __heap_start__[1] = ((uint32_t)__heap_end__ - (uint32_t)__heap_start__); + __heap_start__[1] = ((uintptr_t)__heap_end__ - (uintptr_t)__heap_start__); #endif /* USE_WOLF_ARM_STARTUP */ /* Start main */ diff --git a/IDE/GCC-ARM/Source/tls_client.c b/IDE/GCC-ARM/Source/tls_client.c index 66ea21626..fb04f8e17 100644 --- a/IDE/GCC-ARM/Source/tls_client.c +++ b/IDE/GCC-ARM/Source/tls_client.c @@ -23,7 +23,7 @@ #include #include -#ifndef WOLFCRYPT_ONLY +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_CLIENT) #include #include @@ -100,11 +100,11 @@ static int tls_client(void) /*---------------------*/ /* for no peer auth: */ /*---------------------*/ - wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0); /*---------------------*/ /* end peer auth option*/ /*---------------------*/ - if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != SSL_SUCCESS) { + if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); printf("CTXset_cipher_list failed, error: %d\n", ret); goto fail; @@ -123,14 +123,14 @@ static int tls_client(void) } /* non blocking accept and connect */ - ret = SSL_FAILURE; + ret = WOLFSSL_FAILURE; - while (ret != SSL_SUCCESS) { + while (ret != WOLFSSL_SUCCESS) { /* client connect */ ret = wolfSSL_connect(ssl); error = wolfSSL_get_error(ssl, 0); - if (ret != SSL_SUCCESS) { - if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) { + if (ret != WOLFSSL_SUCCESS) { + if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) { /* Fail */ printf("wolfSSL connect failed with return code %d\n", error); goto fail; @@ -146,7 +146,7 @@ static int tls_client(void) ret = wolfSSL_write(ssl, msg, msgSz); error = wolfSSL_get_error(ssl, 0); if (ret != msgSz) { - if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) { + if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) { /* Write failed */ goto fail; } @@ -159,7 +159,7 @@ static int tls_client(void) ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1); error = wolfSSL_get_error(ssl, 0); if (ret < 0) { - if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) { + if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) { /* Can put print here, the server enters a loop waiting to read * a confirmation message at this point */ // printf("client read failed\n"); @@ -186,14 +186,14 @@ fail: return -1; } -#endif +#endif /* !WOLFCRYPT_ONLY && !NO_WOLFSSL_CLIENT */ int main(void) { int ret; -#ifndef WOLFCRYPT_ONLY +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_CLIENT) wolfSSL_Init(); ret = tls_client(); diff --git a/IDE/GCC-ARM/Source/tls_server.c b/IDE/GCC-ARM/Source/tls_server.c new file mode 100644 index 000000000..b0628f723 --- /dev/null +++ b/IDE/GCC-ARM/Source/tls_server.c @@ -0,0 +1,206 @@ +/* tls_server.c + * + * Copyright (C) 2006-2021 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#include +#include + +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_SERVER) + +#include +#include +#include + +#define MAXSZ 1024 + +/*------------------------------------------------------------------------*/ +/* TLS SERVER */ +/*------------------------------------------------------------------------*/ +static int CbIORecv(WOLFSSL *ssl, char *buf, int sz, void *ctx) +{ + int ret = WOLFSSL_CBIO_ERR_GENERAL; + + (void)ssl; + (void)ctx; + + /* TODO: Exchange data over your own transport */ + #warning TODO: Implement your own recv data transport +#if 0 + ret = usart_read_buffer_wait(&cdc_uart_module, buf, sz); + if (ret == STATUS_ERR_TIMEOUT) + return WOLFSSL_CBIO_ERR_WANT_READ; + + return (ret == STATUS_OK) ? sz : WOLFSSL_CBIO_ERR_GENERAL; +#else + return ret; +#endif +} + +static int CbIOSend(WOLFSSL *ssl, char *buf, int sz, void *ctx) +{ + int ret = WOLFSSL_CBIO_ERR_GENERAL; + + (void)ssl; + (void)ctx; + + /* TODO: Exchange data over your own transport */ + #warning TODO: Implement your own send data transport +#if 0 + ret = usart_write_buffer_wait(&cdc_uart_module, buf, sz); + if (ret == STATUS_ERR_TIMEOUT) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + + return (ret == STATUS_OK) ? sz : WOLFSSL_CBIO_ERR_GENERAL; +#else + return ret; +#endif +} + +static int tls_server(void) +{ + char reply[MAXSZ]; + int ret, error; + WOLFSSL* ssl = NULL; + WOLFSSL_CTX* ctx = NULL; + + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) { + printf("CTXnew failed.\n"); + goto fail; + } + + /*------------------------------------------------------------------------*/ + /* ECDHE-ECDSA */ + /*------------------------------------------------------------------------*/ + /*--------------------*/ + /* for peer auth use: */ + /*--------------------*/ + // wolfSSL_CTX_load_verify_buffer(ctx, rsa_key_der_1024, + // sizeof_rsa_key_der_1024, SSL_FILETYPE_ASN1); + // wolfSSL_CTX_load_verify_buffer(ctx, server_cert_der_1024, + // sizeof_server_cert_der_1024, SSL_FILETYPE_ASN1); + /*---------------------*/ + /* for no peer auth: */ + /*---------------------*/ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0); + /*---------------------*/ + /* end peer auth option*/ + /*---------------------*/ + if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); + printf("CTXset_cipher_list failed, error: %d\n", ret); + goto fail; + } + /*------------------------------------------------------------------------*/ + /* END CIPHER SUITE OPTIONS */ + /*------------------------------------------------------------------------*/ + wolfSSL_CTX_SetIORecv(ctx, CbIORecv); + wolfSSL_CTX_SetIOSend(ctx, CbIOSend); + + if ((ssl = wolfSSL_new(ctx)) == NULL) { + error = wolfSSL_get_error(ssl, 0); + printf("wolfSSL_new failed %d\n", error); + wolfSSL_CTX_free(ctx); + return -1; + } + + /* non blocking accept and connect */ + ret = WOLFSSL_FAILURE; + + while (ret != WOLFSSL_SUCCESS) { + /* server accept */ + ret = wolfSSL_accept(ssl); + error = wolfSSL_get_error(ssl, 0); + if (ret != WOLFSSL_SUCCESS) { + if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) { + /* Fail */ + printf("wolfSSL accept failed with return code %d\n", error); + goto fail; + } + } + /* Success */ + } + + /* read and write */ + while (1) { + /* server read */ + ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1); + error = wolfSSL_get_error(ssl, 0); + if (ret < 0) { + if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) { + /* Can put print here, the server enters a loop waiting to read + * a confirmation message at this point */ + // printf("server read failed\n"); + goto fail; + } + continue; + } + else { + /* Can put print here, the server enters a loop waiting to read + * a confirmation message at this point */ + reply[ret] = '\0'; + // printf("Server Received Reply: %s\n", reply); + break; + } + + } + + while (1) { + /* server write / echo */ + ret = wolfSSL_write(ssl, reply, XSTRLEN(reply)); + error = wolfSSL_get_error(ssl, 0); + if (ret != XSTRLEN(reply)) { + if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) { + /* Write failed */ + goto fail; + } + } + /* Write succeeded */ + break; + } + + return 0; + +fail: + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + + return -1; +} +#endif /* !WOLFCRYPT_ONLY && !NO_WOLFSSL_SERVER */ + + +int main(void) +{ + int ret; + +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_SERVER) + wolfSSL_Init(); + + ret = tls_server(); + + wolfSSL_Cleanup(); +#else + ret = NOT_COMPILED_IN; +#endif + + return ret; +} diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 7b24f2ffd..9ab2af2b1 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -17331,17 +17331,17 @@ WOLFSSL_TEST_SUBROUTINE int srp_test(void) return ret; #endif #ifndef NO_SHA256 - srp_test_digest(SRP_TYPE_SHA256); + ret = srp_test_digest(SRP_TYPE_SHA256); if (ret != 0) return ret; #endif #ifdef WOLFSSL_SHA384 - srp_test_digest(SRP_TYPE_SHA384); + ret = srp_test_digest(SRP_TYPE_SHA384); if (ret != 0) return ret; #endif #ifdef WOLFSSL_SHA512 - srp_test_digest(SRP_TYPE_SHA512); + ret = srp_test_digest(SRP_TYPE_SHA512); if (ret != 0) return ret; #endif