Topic: Windows Iot Raspberry Pi

I am attempting to implement WolfSsl into Windows IOT on the Raspberry Pi.
I have had success in in compiling and deploying wolfssl.dll on the pi.

I am using the CSharp wrapper and am having success with with a lot of the functions.
I am using the wolfssl-tls-server as the example of code to implement.

My problem arises with the fact that microsoft does not implement the System.Net.Sockets.TcpListener.AcceptSockets

So this code fails.
    fd = tcp.AcceptSocket();

I can accept connections using StreamSocketListener() however this does not expose the socket
and so this API is not possible, AFAIK.
if (wolfssl.set_fd(ssl, fd) != wolfssl.SUCCESS)

I know I am missing something trivial but so far have not managed to work it out.

Any help would be appreciated.  Thanks in advance.
Happy New Year

Share

Re: Windows Iot Raspberry Pi

I wont edit my previous post in case others they follow the same path as I did.
I have progressed a little bit and have edited the Wolf_CSharp wrapper that was provided as best I can for the moment.
I will continue to update this as I learn more. 

Feel free to review the attached file and assist if anyone can as I feel I have addressed some incompatibilities with the Universal Windows Platform (UWP).  It is poorly written as it has little error checking and needs more work.

Currently I am getting stuck at.
ssl = wolfssl.new_ssl(ctx);

From my debug I am not getting a IO(ctx). 

I will continue on my won but any help would be appreciated.

Thanks in advance

Post's attachments

wolfSSLuAP.cs 58.77 kb, 2 downloads since 2017-01-03 

You don't have the permssions to download the attachments of this post.

Share

Re: Windows Iot Raspberry Pi

Apologies for double post but I can only attach one file at a time.
Attached is the debug window

Post's attachments

New_ssl failure_io.set.ctx.png
New_ssl failure_io.set.ctx.png 40.68 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

Re: Windows Iot Raspberry Pi

Hello duckula,

This looks like wolfSSL_new is returning NULL. One reason for that could be if no certificate/key was set in WOLFSSL_CTX and PSK is not used.

To set key and certificate use

wolfssl.CTX_use_certificate_file
wolfssl.CTX_use_PrivateKey_file

The return value for these should also be checked to make sure the file could be read.

Alternatively to set PSK use

wolfssl.CTX_use_psk_identity_hint
wolfssl.CTX_set_psk_server_callback

Another thing to be conscious of when build the C# wrapper is that it should have the same settings as what was used when building the wolfSSL library. By default the Visual Studio solution packaged with wolfSSL in wolfssl/wrapper/CSharp/ takes care of this. The preprocessor defines used or macros in user_settings.h should be used for both building wolfSSL and building the C# application.

For wolfSSLCbIOSend and wolfSSLCbIORecv you can log custom call backs to handle sending and receiving data over TCP. See wolfSSL-Example-IOCallbacks.cs for an example of this. The use of custom IO callbacks was added for users who want to use their own TCP calls without modifying the C# wrapper. This allows for a users application to be maintained more easily with future wolfSSL updates.

Regards,
Jacob

Share

Re: Windows Iot Raspberry Pi

Hi Jacob,

You are quite right, I did not build the dll from the CSharp folder and hence did not have the desired extra settings.
This fix my wolfSSL_new issue and I have started doing exactly what you said using wolfSSLCbIOSend and wolfSSLCbIORecv.

I have a successfully implemented wolfSSLCbIORecv which was interesting by itself, just finished testing.
Seems StreamSockets behaves strangely.

I am now working out a way of implementing wolfSSLCbIOSend. 
My simple method I was trying before is not able to complete. 
I will stick with it as I am happy with my progress and learning all the ways not to do things.

Thanks for the reply and all the effort from the team in creating this library. 
The examples are excellent and easy to understand.  I just needed to stare at them a couple days to get my head around it.

Regards

Share

Re: Windows Iot Raspberry Pi

Hi duckula,

That's good news that it is past wolfSSL_new. What behavior is StreamSockets having? I recommend using the overloaded read/write that accept byte arrays as a parameter if not using them currently.

Something to consider with the custom IO call backs is that the set_fd function is creating an association between the socket object and the ssl object. Then each time the ssl is passed to the custom callback the associated socket object is also passed. If not being able to use socket objects the following two functions may need to be wrapped with C# code to replace that association and use a StreamSocket object instead.

wolfSSL_SetIOWriteCtx(sslCtx, ptr); //pass along the socket for writing to
wolfSSL_SetIOReadCtx(sslCtx, ptr); //pass along the socket for reading from

C# wrappers for these functions are not currently in wolfSSL.cs but use of the functions can be seen in set_fd.

Can you tell us some about your project and use case? It is the first case I've seen with the C# wrapper on a Raspberry PI.

Regards,
Jacob

Share

Re: Windows Iot Raspberry Pi

Hi Jacob,
I feel like a pioneer. lol.  I am attempting to make a basic https server.

I also have wolfSSLCbIOSend working now.

The strange behaviour I was finding with the Stream.Socket was that it would not let me break up the stream into byte chunks as needed by wolfSSLCbIORecv.  Any request of this manner resulted in 0 data received (all 0's).
Instead I accept the whole stream and store in a global variable (I know, I know) then break it into smaller chunks for the subsequent calls of wolfSSLCbIORecv until the buffer is empty.

So far from my wireshark logs I see.
Client Hello
Server Hello
Certificate
Server Hello Done
Client Key Exchange <--  This is where it currently dies.

From what I can tell I never try to receive the client key exchange. wolfSSLCbIORecv is called but I am getting a dispose error that I cant quite tell what is disposed or when?.
The socket looks like its not disposed and con is passing through.
Would those commands help me in this case??  It seem as though things are working in relation to wolfSSL I think its some garbage collection occurring but I just haven't manage to track it down yet.

Weekend is coming I shall try more.  I am so close.  I will post my code once I tidy it up to save others heart ache.

Thanks for your time
Duckula.

Share

Re: Windows Iot Raspberry Pi

Hey duckula,

Thanks for the project information, it sounds interesting.

Is the disposed error always at the same time when the program is executed ie always at Client Key Exchange? Those two previous API will be helpful if having problems with the parameter "ctx" in the IO callbacks. I'm not sure if that is the case here.

Which cipher suite is the client and server agreeing on? PSK could run into issues at the client key exchange portion if no psk callback is set.

It sounds like this will take some debugging though and stepping through the Recv callback function to narrow down which object is trying to be accessed while having been disposed of.

Regards,
Jacob

Share

Re: Windows Iot Raspberry Pi

Hi Jacob.
WE DID IT!!  Yes it was always giving an error in the same spot.
My problem was with my method of the reading of the socket.  It was closing the connection for receiving but leaving it open for writing.  Hence the socket was not completely disposed and creating a headache for debugging.

I am writing some instructions about how to implement everything on the Pi.  As I retrace my steps I remembered something dodgy I had to do earlier.
In order to compile I had to edit random.c in the wolfssl.

int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
    if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL,
                            CRYPT_VERIFYCONTEXT))
        return WINCRYPT_E;
    if (!CryptGenRandom(os->handle, sz, output))
        return CRYPTGEN_E;
    CryptReleaseContext(os->handle, 0);
    return 0;
}

Can you think of any methods that doesn't use this API as it does not appear to be available in platform 10.0.10240.0.

Thanks again for all your help.  Hopefully my instructions will save others a lot of time.

Regards

Share

Re: Windows Iot Raspberry Pi

Hello,

Thanks to you @Dackula ! I did the same problem since 1 week ..

Re: Windows Iot Raspberry Pi

Hey duckula,

That's great!! I have been thinking some about the generate seed function in this case. Finding a good source of entropy is in many ways the building block for network security. I can't think of one to suggest off the top of my head but do suggest that it is one that has had a lot of third party analysis done on it.

There is a couple spots in the code for creating custom random seed generation functions. These two spots are with the macro CUSTOM_RAND_GENERATE_SEED and CUSTOM_RAND_GENERATE_SEED_OS currently around about line 1146 in random.c.

Regards,
Jacob

Share