wolf SSL
Simple TLS Client with wolfSSL
Revision 107:b989df522437, committed 2020-06-05
- Comitter:
- wolfSSL
- Date:
- Fri Jun 05 00:32:49 2020 +0000
- Parent:
- 106:d323dd088ba2
- Child:
- 108:85c8df586bdf
- Commit message:
- wolfSSL4.4.0
Changed in this revision
--- a/CONTRIBUTING.md Fri Nov 22 16:00:04 2019 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,5 +0,0 @@ -# Contributing to Mbed OS - -Mbed OS is an open-source, device software platform for the Internet of Things. Contributions are an important part of the platform, and our goal is to make it as simple as possible to become a contributor. - -To encourage productive collaboration, as well as robust, consistent and maintainable code, we have a set of guidelines for [contributing to Mbed OS](https://os.mbed.com/docs/mbed-os/latest/contributing/index.html).
--- a/README.md Fri Nov 22 16:00:04 2019 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,64 +0,0 @@ - -# Blinky Mbed OS example - -The example project is part of the [Arm Mbed OS Official Examples](https://os.mbed.com/code/) and is the [getting started example for Mbed OS](https://os.mbed.com/docs/mbed-os/v5.14/quick-start/index.html). It contains an application that repeatedly blinks an LED on supported [Mbed boards](https://os.mbed.com/platforms/). - -You can build the project with all supported [Mbed OS build tools](https://os.mbed.com/docs/mbed-os/latest/tools/index.html). However, this example project specifically refers to the command-line interface tool [Arm Mbed CLI](https://github.com/ARMmbed/mbed-cli#installing-mbed-cli). -(Note: To see a rendered example you can import into the Arm Online Compiler, please see our [import quick start](https://os.mbed.com/docs/mbed-os/latest/quick-start/online-with-the-online-compiler.html#importing-the-code).) - -1. [Install Mbed CLI](https://os.mbed.com/docs/mbed-os/latest/quick-start/offline-with-mbed-cli.html). - -1. Clone this repository on your system, and change the current directory to where the project was cloned: - - ```bash - $ git clone git@github.com:armmbed/mbed-os-example-blinky && cd mbed-os-example-blinky - ``` - - Alternatively, you can download the example project with Arm Mbed CLI using the `import` subcommand: - - ```bash - $ mbed import mbed-os-example-blinky && cd mbed-os-example-blinky - ``` - - -## Application functionality - -The `main()` function is the single thread in the application. It toggles the state of a digital output connected to an LED on the board. - -## Building and running - -1. Connect a USB cable between the USB port on the board and the host computer. -2. <a name="build_cmd"></a> Run the following command to build the example project and program the microcontroller flash memory: - ```bash - $ mbed compile -m <TARGET> -t <TOOLCHAIN> --flash - ``` -The binary is located at `./BUILD/<TARGET>/<TOOLCHAIN>/mbed-os-example-blinky.bin`. - -Alternatively, you can manually copy the binary to the board, which you mount on the host computer over USB. - -Depending on the target, you can build the example project with the `GCC_ARM`, `ARM` or `IAR` toolchain. After installing Arm Mbed CLI, run the command below to determine which toolchain supports your target: - -```bash -$ mbed compile -S -``` - -## Expected output -The LED on your target turns on and off every 500 milliseconds. - - -## Troubleshooting -If you have problems, you can review the [documentation](https://os.mbed.com/docs/latest/tutorials/debugging.html) for suggestions on what could be wrong and how to fix it. - -## Related Links - -* [Mbed OS Stats API](https://os.mbed.com/docs/latest/apis/mbed-statistics.html). -* [Mbed OS Configuration](https://os.mbed.com/docs/latest/reference/configuration.html). -* [Mbed OS Serial Communication](https://os.mbed.com/docs/latest/tutorials/serial-communication.html). -* [Mbed OS bare metal](https://os.mbed.com/docs/mbed-os/latest/reference/mbed-os-bare-metal.html). -* [Mbed boards](https://os.mbed.com/platforms/). - -### License and contributions - -The software is provided under Apache-2.0 license. Contributions to this project are accepted under the same license. Please see contributing.md for more info. - -This project contains code from other projects. The original license text is included in those source files. They must comply with our license guide.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/client-tls.cpp Fri Jun 05 00:32:49 2020 +0000
@@ -0,0 +1,263 @@
+/* client-tcp.c
+ *
+ * Copyright (C) 2006-2017 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include "mbed.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <wolfssl/ssl.h> /* wolfSSL security library */
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/certs_test.h> /* memory image test certs */
+#include <user_settings.h>
+
+#define MAXDATASIZE (1024*4)
+
+static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock)
+{
+ int recvd;
+
+ recvd = ((TCPSocket *)sock)->recv(buf, sz) ;
+ if(recvd > 0)return recvd;
+ else if (recvd == 0) {
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ }
+ else if (recvd == EWOULDBLOCK) /* for non-blocing */
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+ else
+ return WOLFSSL_CBIO_ERR_GENERAL;
+}
+
+static int SocketSend(WOLFSSL* ssl, char *buf, int sz, void *sock)
+{
+ int sent;
+ sent = ((TCPSocket *)sock)->send(buf, sz);
+
+ if(sent > 0)return sent;
+ else if (sent == 0) {
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ }
+ else if (sent == EWOULDBLOCK) /* for non-blocing */
+ return WOLFSSL_CBIO_ERR_WANT_WRITE;
+ else
+ return WOLFSSL_CBIO_ERR_GENERAL;
+}
+
+
+
+static int getline(char *prompt, char *buff, int size)
+{
+ int sz ;
+
+ printf("%s", prompt) ;
+ for(sz = 0 ; (sz < size) && ((*buff = getchar()) != '\r'); sz++, buff++) {
+ putchar(*buff) ;
+ if(*buff == '\\') {
+ if(++sz >= size)break ;
+ *buff = getchar() ;
+ putchar(*buff) ;
+ switch(*buff) {
+ case 'n' :
+ *buff = '\n' ;
+ break ;
+ case 'r' :
+ *buff = '\r' ;
+ break ;
+ case 't' :
+ *buff = '\t' ;
+ break ;
+ case '\\':
+ *buff = '\\' ;
+ break ;
+ default:
+ buff[1] = buff[0] ;
+ buff[0] = '\\' ;
+ buff++ ;
+ }
+ } else if(*buff == '\b') {
+ if(sz >= 2) {
+ buff-=2 ;
+ sz-=2;
+ }
+ }
+ } ;
+ putchar('\n') ;
+ *buff = '\0' ;
+ return sz ;
+}
+
+/*
+ * clients initial contact with server. Socket to connect to: sock
+ */
+int ClientGreet(TCPSocket *socket, WOLFSSL *ssl)
+{
+ /* data to send to the server, data recieved from the server */
+ char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
+ int ret ;
+
+ ret = getline("Message for server: ", sendBuff, MAXDATASIZE);
+ printf("Send[%d]:\n%s\n", ret, sendBuff) ;
+ if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) < 0) {
+ /* the message is not able to send, or error trying */
+ ret = wolfSSL_get_error(ssl, 0);
+ printf("Write error[%d]\n", ret, wc_GetErrorString(ret));
+ return EXIT_FAILURE;
+ }
+
+ if ((ret = wolfSSL_read(ssl, rcvBuff, sizeof(rcvBuff)-1)) < 0) {
+ /* the server failed to send data, or error trying */
+ ret = wolfSSL_get_error(ssl, 0);
+ printf("Read error[%d], %s\n", ret, wc_GetErrorString(ret));
+ return EXIT_FAILURE;
+ }
+ rcvBuff[ret] = '\0' ;
+ printf("Recieved: %s\n", rcvBuff);
+
+ return ret;
+}
+
+
+/*
+ * applies TLS 1.2 security layer to data being sent.
+ */
+int Security(TCPSocket *socket)
+{
+ WOLFSSL_METHOD* method = 0;
+ WOLFSSL_CTX* ctx = 0;
+ WOLFSSL* ssl = 0; /* create WOLFSSL object */
+ int ret = 0;
+
+ const unsigned char *cert = ca_cert_der_2048;
+ int sizeof_cert = sizeof_ca_cert_der_2048;
+
+ #ifdef WOLFSSL_TLS13
+ char tls_version[2];
+ int tlsVer = 0 ;
+
+ while((tlsVer != 2) && (tlsVer != 3)){
+ getline("TLS ver(2/3): ", tls_version, sizeof(tls_version)) ;
+ tlsVer = atoi(tls_version);
+ }
+ if(tlsVer == 3)method = wolfTLSv1_3_client_method();
+ else method = wolfTLSv1_2_client_method();
+ #else
+ method = wolfTLSv1_2_client_method();
+ #endif
+
+ /* create and initiLize WOLFSSL_CTX structure */
+ if ((ctx = wolfSSL_CTX_new(method)) == NULL) {
+ printf("SSL_CTX_new error.\n");
+ return EXIT_FAILURE;
+ }
+ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
+ wolfSSL_SetIORecv(ctx, SocketReceive) ;
+ wolfSSL_SetIOSend(ctx, SocketSend) ;
+ if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
+ sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1))!= WOLFSSL_SUCCESS){
+ printf("can't load buffer ca file(%d)\n", ret);
+ return EXIT_FAILURE;
+ }
+ if ((ssl = wolfSSL_new(ctx)) == NULL) {
+ printf("wolfSSL_new error.\n");
+ return EXIT_FAILURE;
+ }
+
+ wolfSSL_SetIOReadCtx(ssl, (void *)socket) ;
+ wolfSSL_SetIOWriteCtx(ssl, (void *)socket) ;
+
+ ret = wolfSSL_connect(ssl);
+ if (ret == SSL_SUCCESS) {
+ printf("TLS Connected\n") ;
+ ret = ClientGreet(socket, ssl);
+ } else {
+ ret = wolfSSL_get_error(ssl, 0);
+ printf("TLS Connect error[%d], %s\n", ret, wc_GetErrorString(ret));
+ return EXIT_FAILURE;
+ }
+ /* frees all data before client termination */
+ wolfSSL_shutdown(ssl);
+ wolfSSL_free(ssl);
+ wolfSSL_CTX_free(ctx);
+ wolfSSL_Cleanup();
+
+ return ret;
+}
+
+/*
+ * command line argumentCount and argumentValues
+ */
+void net_main(const void *av)
+{
+ char server_addr[40] ;
+ char server_port[10] ;
+ NetworkInterface *net;
+ SocketAddress a;
+ TCPSocket socket;
+ int port;
+
+ printf("Starting TLS Client,...\n") ;
+ wolfSSL_Init(); /* initialize wolfSSL */
+ /* wolfSSL_Debugging_ON(); */
+ net = NetworkInterface::get_default_instance();
+ if (!net) {
+ printf("Error! No network inteface found.\n");
+ return;
+ }
+
+ while(1) {
+ if(net->connect() == 0)break;
+ printf("Retry Init\n") ;
+ }
+
+ net->get_ip_address(&a);
+ printf("Client Addr: %s\n", a.get_ip_address() ? a.get_ip_address() : "None");
+
+ getline((char *)"Server Addr: ", server_addr, sizeof(server_addr)) ;
+ getline((char *)"Server Port: ", server_port, sizeof(server_port)) ;
+
+ if (socket.open(net) != 0) {
+ printf("Error! socket.open()\n");
+ }
+ port = atoi(server_port);
+ while (socket.connect(server_addr, port) < 0) {
+ printf("Unable to connect to (%s) on port (%s)\n", server_addr, server_port);
+ wait(1.0);
+ }
+ printf("TCP Connected\n") ;
+
+ Security(&socket);
+ return ;
+}
+
+int main(void)
+{
+ DigitalOut myled(LED1);
+#define STACK_SIZE 24000
+ Thread t(net_main, NULL, osPriorityNormal, STACK_SIZE);
+
+ while(1){
+ myled = 1;
+ wait(0.5) ;
+ myled = 0;
+ wait(0.5) ;
+ }
+}
\ No newline at end of file
--- a/main.cpp Fri Nov 22 16:00:04 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,23 +0,0 @@
-/* mbed Microcontroller Library
- * Copyright (c) 2019 ARM Limited
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#include "mbed.h"
-#include "platform/mbed_thread.h"
-
-
-// Blinking rate in milliseconds
-#define BLINKING_RATE_MS 500
-
-
-int main()
-{
- // Initialise the digital pin LED1 as an output
- DigitalOut led(LED1);
-
- while (true) {
- led = !led;
- thread_sleep_for(BLINKING_RATE_MS);
- }
-}
Binary file resources/official_armmbed_example_badge.png has changed
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/user_settings.h Fri Jun 05 00:32:49 2020 +0000 @@ -0,0 +1,41 @@ +#include <stddef.h> + + #define WOLFSSL_CMSIS_RTOS + #define WOLFSSL_USER_IO + #define NO_WRITEV + #define NO_DEV_RANDOM + + #define HAVE_ECC + #define HAVE_AESGCM + #define WOLFSSL_GENSEED_FORTEST + + #define WOLFSSL_TLS13 + #define HAVE_SUPPORTED_CURVES + #define HAVE_TLS_EXTENSIONS + #define WC_RSA_PSS + #define HAVE_HKDF + #define HAVE_FFDHE_2048 + #define TLS13_SUPPORTS_0RTT + + #define WOLFSSL_SHA384 + #define WOLFSSL_SHA512 + #define HAVE_CURVE25519 + #define HAVE_ED25519 /* with HAVE_SHA512 */ + #define HAVE_POLY1305 + #define HAVE_CHACHA + #define HAVE_ONE_TIME_AUTH + + #define NO_SESSION_CACHE // For Small RAM + #define NO_WOLFSSL_DIR + + //#define DEBUG_WOLFSSL + + + #define SIZEOF_LONG_LONG 8 + /* Options for Sample program */ + //#define WOLFSSL_NO_VERIFYSERVER + + + /* Options for test */ + #define USE_CERT_BUFFERS_2048 /* use test certs */ + #define NO_ASN_TIME /* No cert date validity check */ \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wolfSSL.lib Fri Jun 05 00:32:49 2020 +0000 @@ -0,0 +1,1 @@ +http://developer.mbed.org/users/wolfSSL/code/wolfSSL/#a5f916481144