Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WolfSSL port to provide TLS/DLTS sockets #2500

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .gitmodules
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,6 @@
[submodule "tools/sensniff"]
path = tools/sensniff
url = https://github.com/g-oikonomou/sensniff.git
[submodule "apps/wolfssl/wolfssl"]
path = apps/wolfssl/wolfssl
url = https://github.com/wolfssl/wolfssl
84 changes: 84 additions & 0 deletions apps/wolfssl/Makefile.wolfssl
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
wolfssl_src = wolfssl.c

WOLFSSL_ROOT?=wolfssl
SOURCEDIRS+=$(WOLFSSL_ROOT)
CFLAGS+=-I../../apps/wolfssl/$(WOLFSSL_ROOT) -DUSE_WOLFSSL
$(info WOLFSSL: $(WOLFSSL_ROOT))
$(info SOURCEDIRS: $(SOURCEDIRS))
$(info CFLAGS: $(CFLAGS))
#source common to all targets

wolfssl_src += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/asm.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/asn.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/chacha.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/cmac.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/coding.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/compress.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/des3.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/dh.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/dsa.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/ecc.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/error.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/hash.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/hc128.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/hmac.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/idea.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/integer.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/logging.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/md5.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/memory.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/random.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/rsa.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/sha.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/sha256.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/sha512.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/sha3.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/signature.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/srp.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/tfm.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.c \
$(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.c

#WOLFCRYPT_ASM_SOURCE_FILES = $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.S


wolfssl_src += \
$(WOLFSSL_ROOT)/src/internal.c \
$(WOLFSSL_ROOT)/src/tls.c \
$(WOLFSSL_ROOT)/src/wolfio.c \
$(WOLFSSL_ROOT)/src/keys.c \
$(WOLFSSL_ROOT)/src/crl.c \
$(WOLFSSL_ROOT)/src/ssl.c \
$(WOLFSSL_ROOT)/src/sniffer.c \
$(WOLFSSL_ROOT)/src/ocsp.c \
$(WOLFSSL_ROOT)/src/tls13.c

vpath %c ../../apps/$(WOLFSSL_ROOT)/src
vpath %c ../../apps/$(WOLFSSL_ROOT)/wolfcrypt/src

%.d:
@mkdir -p $(OBJECTDIR)/wolfssl/src
@mkdir -p $(OBJECTDIR)/wolfssl/wolfcrypt/src
88 changes: 88 additions & 0 deletions apps/wolfssl/readme.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# WolfSSL module for Contiki OS

This module provides SSL support via WolfSSL.

WolfSSL is Copyright (c) by WolfSSL Inc.

wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
under the GPLv2 or a standard commercial license. For our users who cannot use
wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
Please contact wolfSSL Inc. directly at:

Email: [email protected]
Phone: +1 425 245-8247

More information can be found on the wolfSSL website at www.wolfssl.com.

## Contiki TLS/DTLS API

Specific calls have been create to initialize and connect TLS and DTLS sockets
on top of Contiki's uIP sockets. The API provided in this module is described below.

### SSL Session object

Secure sessions can be created on top of TCP or UDP sockets. For convenience, the
data type `uip_wolfssl_ctx` is used to keep track of the ssl session and the transport socket
associated to it.

### TLS

To create a TLS session from within a process thread, the following shortcut functions
are available:


```C
uip_wolfssl_ctx *tls_socket_register(WOLFSSL_METHOD* method)
```

Create a new TLS session, and associates it to a newly created TCP
socket in uIP. In case of success, it returns a new pointer to a `uip_wolfssl_ctx` object,
keeping track of the TLS session and the associated socket.

`method` is the desired SSL/TLS protocol method used to create the SSL context,
`p` is the invoking process pointer, so that event-driven input/output can be
configured for the associated socket.



```C
int tls_socket_accept(uip_wolfssl_ctx *sk)
```

Replace the current listening socket associated to the SSL/TLS session `sk`
with the new connected socket, and initiate the TLS handshake from the server side.
Returns 0 on success, -1 in case of error.




```C
int tls_socket_connect(uip_wolfssl_ctx *sk, const uip_ipaddr_t *addr, uint16_t port)
```

Initiate a connection to the server, which is expected to be listening at address
`addr`:`port`. Once the TCP socket is connected, a the TLS handshake is initiated
on the client side.
Returns 0 on success, -1 in case of error.


### DTLS



```C
uip_wolfssl_ctx *dtls_socket_register(WOLFSSL_METHOD* method);
```

```C
void dtls_set_endpoint(uip_wolfssl_ctx *sk, const uip_ipaddr_t *addr, uint16_t port);
```









1 change: 1 addition & 0 deletions apps/wolfssl/wolfssl
Submodule wolfssl added at 263769
Loading