1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
|
/* server-tls.c
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
/* socket includes */
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <unistd.h>
/* wolfSSL */
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h> /* functions for blob/cover*/
#define DEFAULT_PORT 11111
#define ECC_KEY_SIZE 32
#undef USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_256
#include <wolfssl/certs_test.h>
/* creates a blob then opens it, returns 0 on success */
static int test_blob(byte* key, int keySz)
{
int ret, i;
byte out[keySz + WC_CAAM_BLOB_SZ];
int outSz;
int keyOutSz;
byte keymod[WC_CAAM_BLACK_KEYMOD_SZ];
int keymodSz = WC_CAAM_BLACK_KEYMOD_SZ;
/* using a key mod of all 1's */
XMEMSET(keymod, 1, keymodSz);
/* example of creating black blog with key for later */
outSz = keySz + WC_CAAM_BLOB_SZ;
ret = wc_caamCreateBlob_ex(key, keySz, out, (word32*)&outSz,
WC_CAAM_BLOB_BLACK, keymod, keymodSz);
if (ret != 0) {
printf("Error creating black blob\n");
return -1;
}
printf("created black blob :");
for (i = 0; i < outSz; i++)
printf("%02X,", out[i]);
printf("\n");
/* open black blob and overwrite key, this is to show that the opened blob
* can be used for the upcoming TLS connection */
memset(key, 0, keySz);
keyOutSz = keySz;
ret = wc_caamOpenBlob_ex(out, outSz, key, (word32*)&keyOutSz,
WC_CAAM_BLOB_BLACK, keymod, keymodSz);
if (ret != 0) {
printf("Error opening black blob\n");
}
return ret;
}
/* example of covering an existing key and then making a black blob with it
* note that generating an ECC completely in secure memory already covered can
* be done by call wc_ecc_make_key */
int cover(ecc_key* keyOut, const byte* der, word32 derSz)
{
int ret;
ecc_key notSecure;
word32 idx = 0;
/* format bit plus public key x and y parameter */
byte x963[(ECC_KEY_SIZE*2) + 1];
word32 x963Sz = (ECC_KEY_SIZE*2) + 1;
/* uncovered private key */
byte d[ECC_KEY_SIZE];
word32 dSz = ECC_KEY_SIZE;
byte blackKey[ECC_KEY_SIZE + WC_CAAM_MAC_SZ];
word32 blackKeySz = ECC_KEY_SIZE + WC_CAAM_MAC_SZ;
/* The DER buffer for test case does not contain a black key, here we will
* extract the key information, cover it (make it a black key), and then
* import that into 'keyOut' which will create a secure partition on import.
*
* These steps of covering and importing can be avoided with a call to
* wc_ecc_make_key which creates a new black key that never leaves the CAAM.
* The cover process is only being used to make use of an existing key that
* matches the test certificate.
*/
wc_ecc_init(¬Secure);
if (wc_EccPrivateKeyDecode(der, &idx, ¬Secure, derSz) != 0) {
printf("Error extracting ECC der buffer\n");
ret = -1;
goto done;
}
/* Get the uncovered key values */
if (wc_ecc_export_private_raw(¬Secure, NULL, NULL, NULL, NULL, d, &dSz)
!= 0) {
printf("Error getting ecc key values\n");
ret = -1;
goto done;
}
if (wc_ecc_export_x963(¬Secure, x963, &x963Sz) != 0) {
printf("Error getting ecc public key\n");
ret = -1;
goto done;
}
/* Cover up the private key (make it a black key, encrypting with AES-CCM)*/
XMEMSET(blackKey, 0, blackKeySz);
if (wc_caamCoverKey(d, dSz, blackKey, &blackKeySz, 0) != 0) {
printf("Error covering up the private key\n");
ret = -1;
goto done;
}
/* Sanity check to compare covered key versus plain text */
if (XMEMCMP(d, blackKey, dSz) == 0) {
printf("Something went wrong with key cover!!\n");
ret = -1;
goto done;
}
if (test_blob(blackKey, blackKeySz - WC_CAAM_MAC_SZ) != 0) {
printf("test blob failed\n");
ret = -1;
goto done;
}
/* zero out the plain text buffer and free key */
XMEMSET(d, 0, dSz);
/* Import the black key into a ecc_key structure (this step tries to create
* a partition of secure memory marked CPS)
*/
ret = wc_ecc_import_private_key(blackKey, blackKeySz, x963, x963Sz, keyOut);
if (ret != 0) {
printf("Error importing black key into secure memory %d\n", ret);
wc_ecc_free(keyOut);
goto done;
}
printf("blackKeySz = %d, virtual secure address ecc_key.blackKey = 0x%08X\n",
blackKeySz, keyOut->blackKey);
ret = 0;
done:
wc_ecc_free(¬Secure);
return ret;
}
/* callback function for creating ECC signatures */
static int TLS_ECC_Sign_callback(WOLFSSL* ssl, const unsigned char* in,
unsigned int inSz, unsigned char* out, word32* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx)
{
ecc_key* blackKey;
printf("Using ECC sign callback\n");
if (ctx == NULL) {
printf("Was expecting a black key passed along with WOLFSSL\n");
return -1;
}
blackKey = (ecc_key*)ctx;
return wc_ecc_sign_hash(in, inSz, out, outSz, NULL, blackKey);
}
/* callback function to do ECDH operation in TLS handshake */
static int TLS_ECDH_callback(WOLFSSL* ssl, struct ecc_key* otherKey,
unsigned char* pubKeyDer, word32* pubKeySz,
unsigned char* out, word32* outlen,
int side, void* ctx)
{
int ret= -1;
printf("Using ECDH callback\n");
if (ctx == NULL) {
printf("Was expecting a black key passed along with WOLFSSH\n");
return -1;
}
/* this is being called from client end */
if (side == WOLFSSL_CLIENT_END) {
}
/* this is being called from server end */
if (side == WOLFSSL_SERVER_END) {
ecc_key pub;
wc_ecc_init(&pub);
if (wc_ecc_import_x963(pubKeyDer, *pubKeySz, &pub) != 0) {
printf("Issue decoding the public key to generate shared secret\n");
wc_ecc_free(&pub);
return -1;
}
/* otherKey is the ephemeral private key created with ECDHE cipher
* suites. As long as EccKeyGenCb has not been set this key was created
* with wc_ecc_make_key_ex, which when used with NIST P256 it will
* automatically try to create a secure black key
*/
ret = wc_ecc_shared_secret(otherKey, &pub, out, outlen);
wc_ecc_free(&pub);
}
return ret;
}
int main()
{
int sockfd;
int connd = 0;
struct sockaddr_in servAddr;
struct sockaddr_in clientAddr;
socklen_t size = sizeof(clientAddr);
char buff[256];
size_t len;
int ret;
const char* reply = "I hear ya fa shizzle!\n";
ecc_key blackKey;
/* declare wolfSSL objects */
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
/* Initialize wolfSSL */
if (wolfSSL_Init() != WOLFSSL_SUCCESS) {
fprintf(stderr, "issue with wolfSSL_Init()\n");
return -1;
}
wolfSSL_Debugging_ON();
wc_ecc_init(&blackKey);
/* Create a socket that uses an internet IPv4 address,
* Sets the socket to be stream based (TCP),
* 0 means choose the default protocol. */
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
fprintf(stderr, "ERROR: failed to create the socket\n");
goto end;
}
/* Create and initialize WOLFSSL_CTX */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
goto end;
}
/* Load server certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_buffer(ctx, serv_ecc_der_256,
sizeof_serv_ecc_der_256, SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
printf("error loading in certificate buffer\n");
goto end;
}
// wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256, sizeof_ecc_key_der_256, SSL_FILETYPE_ASN1);
if (cover(&blackKey, ecc_key_der_256, sizeof_ecc_key_der_256) != 0) {
printf("error covering up key\n");
goto end;
}
/* set signing callback to use during TLS connection */
wolfSSL_CTX_SetEccSignCb(ctx, TLS_ECC_Sign_callback);
/* set ECDH shared secret callback to use during TLS connection */
wolfSSL_CTX_SetEccSharedSecretCb(ctx, TLS_ECDH_callback);
/* Initialize the server address struct with zeros */
memset(&servAddr, 0, sizeof(servAddr));
/* Fill in the server address */
servAddr.sin_family = AF_INET; /* using IPv4 */
servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */
/* Bind the server socket to our port */
if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) {
fprintf(stderr, "ERROR: failed to bind\n");
goto end;
}
/* Listen for a new connection, allow 5 pending connections */
if (listen(sockfd, 5) == -1) {
fprintf(stderr, "ERROR: failed to listen\n");
goto end;
}
/* Continue to accept clients until shutdown is issued */
printf("Waiting for a connection...\n");
/* Accept client connections */
if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) == -1) {
fprintf(stderr, "ERROR: failed to accept the connection\n\n");
goto end;
}
/* Create a WOLFSSL object */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
goto end;
}
/* Attach wolfSSL to the socket */
wolfSSL_set_fd(ssl, connd);
/* associate the covered up black key with the WOLFSSH structure,
* this will then get passed as the last argument to the callbacks */
wolfSSL_SetEccSignCtx(ssl, (void*)&blackKey);
wolfSSL_SetEccSharedSecretCtx(ssl, (void*)&blackKey);
/* Establish TLS connection */
ret = wolfSSL_accept(ssl);
if (ret != SSL_SUCCESS) {
fprintf(stderr, "wolfSSL_accept error = %d\n",
wolfSSL_get_error(ssl, ret));
goto end;
}
printf("Client connected successfully\n");
/* Read the client data into our buff array */
memset(buff, 0, sizeof(buff));
if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
fprintf(stderr, "ERROR: failed to read\n");
goto end;
}
/* Print to stdout any data the client sends */
printf("Client: %s\n", buff);
/* Write our reply into buff */
memset(buff, 0, sizeof(buff));
memcpy(buff, reply, strlen(reply));
len = strnlen(buff, sizeof(buff));
/* Reply back to the client */
if (wolfSSL_write(ssl, buff, len) != len) {
fprintf(stderr, "ERROR: failed to write\n");
goto end;
}
end:
/* Cleanup after this connection */
wolfSSL_free(ssl); /* Free the wolfSSL object */
close(connd); /* Close the connection to the client */
wc_ecc_free(&blackKey);
printf("Shutdown complete\n");
/* Cleanup and return */
wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
close(sockfd); /* Close the socket listening for clients */
return 0; /* Return reporting a success */
}
|
