Merge pull request #393 from bandi13/addMagicCrypto

Add magic crypto example

Author: JacobBarthelmeh

crypto/MagicCrypto/MagicCrypto.patch

@@ -0,0 +1,28 @@
+diff --git a/include/mcapi.h b/include/mcapi.h
+index ba426d8..278a8a4 100644
+--- a/include/mcapi.h
++++ b/include/mcapi.h
+@@ -62,8 +62,8 @@ MCAPI MC_RV MC_GetVersion(OUT MC_VERSION *pVersion);
+ MCAPI MC_RV MC_GetStatus(OUT MC_UINT *pFlag);
+ 
+ MCAPI MC_RV MC_Initialize(IN MC_VOID *pInitArgs);
+-MCAPI MC_RV MC_Finalize();
+-MCAPI MC_RV MC_Selftest();
++MCAPI MC_RV MC_Finalize(MC_VOID);
++MCAPI MC_RV MC_Selftest(MC_VOID);
+ MCAPI MC_STR MC_GetErrorString(MC_RV nRv);
+ 
+ MCAPI MC_RV MC_OpenSession(OUT MC_HSESSION *phSession);
+diff --git a/include/mcapi_error.h b/include/mcapi_error.h
+index c389d22..07ea9fc 100644
+--- a/include/mcapi_error.h
++++ b/include/mcapi_error.h
+@@ -55,7 +55,7 @@
+ #define MC_ERR_NOT_ENOUGH_BUFFER			MC_ERR_BASE+27
+ #define MC_ERR_NOT_SESSION_OBJECT			MC_ERR_BASE+28
+ 
+-//MC_STR MC_GetErrorString(MC_RV rv);
++/* MC_STR MC_GetErrorString(MC_RV rv); */
+ 
+ 
+ #endif /* _MC_HEADER_9330603E_D03D_4B8B_9746_9ED098D8A5CB */

crypto/MagicCrypto/Makefile

@@ -0,0 +1,19 @@
+bin_files = client server
+all: $(bin_files)
+
+DEPS=common.h
+
+CC=gcc
+#CC=clang -fsanitize=address
+
+DEBUGOPT=
+#DEBUGOPT=-DWOLFSSL_DEBUG_TLS -DDEBUG_WOLFSSL -DDEBUG_CRYPTOCB
+#DEBUGOPT=-DWOLFSSL_DEBUG_TLS -DDEBUG_WOLFSSL
+
+COMMONOPT=-O0 -g -IMagicCrypto/include -lwolfssl -lm -DWOLF_CRYPTO_CB 
+
+%: %.c $(DEPS)
+	$(CC) $< $(DEBUGOPT) $(COMMONOPT) -o $@
+
+clean:
+	rm -f $(bin_files)

crypto/MagicCrypto/README.md

@@ -0,0 +1,15 @@
+# Overview
+The MagicCrypto library is created by [Dream Security](https://dreamsecurity.com) which contains a certified implementation of the [ARIA cipher](https://en.wikipedia.org/wiki/ARIA_(cipher)) that is used by the South Korean government. This example makes use of the wolfSSL bindings to create a TLS 1.2 connection.
+
+# Compiling
+You will need to compile wolfSSL with:
+./configure --enable-ariagcm --enable-cryptocb && make install
+
+You will need to have the MagicCrypto headers and library in the wolfSSL source directory. You may need to apply the patch file to clear up some of the compiler warnings.
+
+Once the wolfSSL library in installed, you can run `make` in this folder to generate the sample client and server applications. You may need to modify the Makefile to point to the MagicCrypto includes directory.
+
+# Usage
+The sample applications depend on using the certificates found in the wolfSSL source directory. You should execute them from the folder containing the 'certs' folder. Alternatively, you can modify the `#define` in 'common.h'.
+
+To run, simply start `./server` and `./client 127.0.0.1`.

crypto/MagicCrypto/client.c

@@ -0,0 +1,200 @@
+/* client-tls-cryptocb.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include "common.h"
+
+static void error_out(char* msg, int err)
+{
+    printf("Failed at %s with code %d\n", msg, err);
+    exit(1);
+}
+
+int main(int argc, char** argv)
+{
+    int                ret = 0;
+#ifdef WOLF_CRYPTO_CB
+    int                sockfd;
+    struct sockaddr_in servAddr;
+    char               buff[256];
+    size_t             len;
+
+    /* declare wolfSSL objects */
+    WOLFSSL_CTX* ctx;
+    WOLFSSL*     ssl;
+
+#if defined(DEBUG_WOLFSSL)
+        wolfSSL_Debugging_ON();
+#endif
+
+    /* Check for proper calling convention */
+    if (argc != 2) {
+        printf("usage: %s <IPv4 address>\n", argv[0]);
+        return 0;
+    }
+
+    /* Create a socket that uses an internet IPv4 address,
+     * Sets the socket to be stream based (TCP),
+     * 0 means choose the default protocol. */
+    if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
+        fprintf(stderr, "ERROR: failed to create the socket\n");
+        ret = -1;
+        goto end;
+    }
+
+    /* Initialize the server address struct with zeros */
+    memset(&servAddr, 0, sizeof(servAddr));
+
+    /* Fill in the server address */
+    servAddr.sin_family = AF_INET;             /* using IPv4      */
+    servAddr.sin_port   = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
+
+    /* Get the server IPv4 address from the command line call */
+    if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr) != 1) {
+        fprintf(stderr, "ERROR: invalid address\n");
+        ret = -1;
+        goto end;
+    }
+
+    /* Connect to the server */
+    if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr)))
+         == -1) {
+        fprintf(stderr, "ERROR: failed to connect\n");
+        goto end;
+    }
+
+    /*---------------------------------*/
+    /* Start of wolfSSL initialization and configuration */
+    /*---------------------------------*/
+    /* Initialize wolfSSL */
+    if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) {
+        fprintf(stderr, "ERROR: Failed to initialize the library\n");
+        goto socket_cleanup;
+    }
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
+        fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+        goto socket_cleanup;
+    }
+
+    /* Load client certificates into WOLFSSL_CTX */
+    if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CA_FILE, NULL))
+         != SSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
+                CA_FILE);
+        goto ctx_cleanup;
+    }
+
+    /* Load client ecc certificates into WOLFSSL_CTX */
+    if ((ret = wolfSSL_CTX_use_certificate_chain_file(ctx, CLIENT_ECC_FILE)) !=
+            WOLFSSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
+                CLIENT_ECC_FILE);
+        goto ctx_cleanup;
+    }
+
+    /* Load client ecc key into WOLFSSL_CTX */
+    if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, CLIENT_KEY_FILE, SSL_FILETYPE_PEM))
+        != WOLFSSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
+                CLIENT_KEY_FILE);
+        goto ctx_cleanup;
+    }
+
+    if ((ret = wolfSSL_CTX_set_cipher_list(ctx, CIPHER_LIST))
+            != WOLFSSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to set cipher list\n");
+        goto ctx_cleanup;
+    }
+
+    if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1))
+            != WOLFSSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to set supported curve\n");
+        goto ctx_cleanup;
+    }
+
+    /* Create a WOLFSSL object */
+    if ((ssl = wolfSSL_new(ctx)) == NULL) {
+        fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
+        ret = -1;
+        goto ctx_cleanup;
+    }
+
+    /* Attach wolfSSL to the socket */
+    if ((ret = wolfSSL_set_fd(ssl, sockfd)) != WOLFSSL_SUCCESS) {
+        fprintf(stderr, "ERROR: Failed to set the file descriptor\n");
+        goto cleanup;
+    }
+
+    /* Connect to wolfSSL on the server side */
+    if ((ret = wolfSSL_connect(ssl)) != SSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to connect to wolfSSL\n");
+        goto cleanup;
+    }
+
+    /* Get a message for the server from stdin */
+    printf("Message for server: ");
+    memset(buff, 0, sizeof(buff));
+    if (fgets(buff, sizeof(buff), stdin) == NULL) {
+        fprintf(stderr, "ERROR: failed to get message for server\n");
+        ret = -1;
+        goto cleanup;
+    }
+    len = strnlen(buff, sizeof(buff));
+
+    /* Send the message to the server */
+    if ((ret = wolfSSL_write(ssl, buff, len)) != len) {
+        fprintf(stderr, "ERROR: failed to write entire message\n");
+        fprintf(stderr, "%d bytes of %d bytes were sent", ret, (int) len);
+        goto cleanup;
+    }
+
+    /* Read the server data into our buff array */
+    memset(buff, 0, sizeof(buff));
+    if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) == -1) {
+        fprintf(stderr, "ERROR: failed to read\n");
+        goto cleanup;
+    }
+
+    /* Print to stdout any data the server sends */
+    printf("Server: %s\n", buff);
+
+    ret = 0;
+
+    /* Cleanup and return */
+cleanup:
+    if (ret != 0) {
+        fprintf(stderr,"SSL Error: %s\n",wolfSSL_ERR_error_string(wolfSSL_get_error(ssl,0), NULL));
+    }
+    wolfSSL_free(ssl);      /* Free the wolfSSL object                  */
+ctx_cleanup:
+    wolfSSL_CTX_free(ctx);  /* Free the wolfSSL context object          */
+    wolfSSL_Cleanup();      /* Cleanup the wolfSSL environment          */
+socket_cleanup:
+    close(sockfd);          /* Close the connection to the server       */
+end:
+
+#else
+    printf("Please configure wolfSSL with --enable-cryptocb and try again\n");
+#endif /* WOLF_CRYPTO_CB */
+    return ret;               /* Return reporting a success               */
+}

crypto/MagicCrypto/common.h

@@ -0,0 +1,56 @@
+/* client-tls-cryptocb.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifndef COMMON_H
+#define COMMON_H
+
+/* the usual suspects */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+/* socket includes */
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <unistd.h>
+
+/* wolfSSL */
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/cryptocb.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/port/aria/aria-cryptocb.h>
+
+#define DEFAULT_PORT 11111
+
+#define CA_FILE "./certs/ca-ecc-cert.pem"
+
+#define CLIENT_ECC_FILE    "./certs/intermediate/client-chain-ecc.pem"
+#define SERVER_ECC_FILE    "./certs/intermediate/server-chain-ecc.pem"
+#define CLIENT_KEY_FILE    "./certs/ecc-client-key.pem"
+#define SERVER_KEY_FILE    "./certs/ecc-key.pem"
+
+#define CIPHER_LIST "ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ECDSA-ARIA256-GCM-SHA384"
+//#define CIPHER_LIST "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384"
+
+#endif /* COMMON_H */