1 Reply by rrsuj

(4 replies, posted in wolfSSL)

Hi Jacob,
Everything works fine. Thank you for your support. I was waiting to reply you because I wanted to confirm that no other issues were there regarding wolfssl.

Best regards

Go to forum: wolfSSL

2 Reply by rrsuj

(4 replies, posted in wolfSSL)

Hi Jacob,
Thank you very much for your reply. Definitely I did not handle that 5 bytes issue, because my client receive callback function is almost identical to server receive callback. Here it is-

int ClientRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
{
        char endbuf[4];
        printf("/*-------------------RCV SZ: %d ------------------*/\n", sz);
        int j=0;
        struct xbee_pkt *pkt;
        xbee_err ret;
        while(1){

                if ((ret=xbee_conRx(con, &pkt, NULL)) != XBEE_ENONE){
                        xbee_log(xbee, -1, "xbee_conRx() returned for whileloop");
                        printf("Nothing rcvd\n");
                        usleep(100000);
                        continue;
                }

                if ((pkt)->dataLen > 0) {
                        memcpy(endbuf, (pkt)->data, 3);
                        if(!strncmp(endbuf,"END",3)){
                                xbee_pktFree(pkt);
                                break;
                        }

                        int hlpbuf[3]={0}, k=0, num;
                        for(k;k<((pkt)->dataLen/2);k++){
                                memcpy(hlpbuf,(pkt)->data+2*k,2);
                                num = (int)strtoul(hlpbuf, NULL, 16);
                                *(buf+j+k)=num;
                                printf("TTPACKT %02X \n", (unsigned char) *(buf+j+k));
                        }
                        j=j+((pkt)->dataLen/2);
                        if (xbee_pktFree(pkt) != XBEE_ENONE) return 1;
                }
        }
        sz = j; 
        buf[sz] = 0;
        int i;
        printf("Client WANTS TO READ: %d bytes\n", sz);
        printf("/*------------------- CLIENT READING ------------------*/\n");
        for (i = 0; i < sz; i++) {
            printf("%02x ", (unsigned char) buf[i]);
            if (i > 0 && (i % 16) == 0)
                printf("\n");
        }
        printf("\n/*------------------- CLIENT READING END ------------------*/\n");
        return sz;
}

And it is set up by -


    WOLFSSL_CTX* cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
    if (cli_ctx == NULL) err_sys("bad client ctx new");

    int retssl = wolfSSL_CTX_load_verify_locations(cli_ctx, CACERT, NULL);
    if (retssl != SSL_SUCCESS) err_sys("bad ca load");

    wolfSSL_SetIOSend(cli_ctx, ClientSend);
    wolfSSL_SetIORecv(cli_ctx, ClientRecv);

    WOLFSSL* cli_ssl = wolfSSL_new(cli_ctx);
    if (cli_ctx == NULL) err_sys("bad client new");

    retssl = wolfSSL_connect(cli_ssl);
    if (retssl != SSL_SUCCESS) err_sys("bad client tls connect");

I understood what you describe, but I am not sure how to implement that in my code. I have to try and check.

Best regards

Go to forum: wolfSSL

3 Topic by rrsuj

(4 replies, posted in wolfSSL)

Hi,
I have already used libxbee3 https://github.com/attie/libxbee3 to communicate between two XBee Zigbee module, where the server and client codes are communicating over ZigBee without any trouble.

Now I am trying to integrate TLS connection between them using wolfSSL. As libxbee3 abstracts the serial socket, I have no direct access to it. So I am trying to use wolfSSL memory-tls code https://github.com/wolfSSL/wolfssl-exam … mory-tls.c to communicate between the server and client.

My client send callback (libxbee3 sends little more than 64 bytes at a time, so I chose 64 bytes):

int ClientSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
{
        printf("/*-------------------Send SZ: %d ------------------*/\n", sz);
        int i=64, j=0, k;
        char tmpbuf[65]={0};
        char endbuf[]="END";

        int tcnt=sz*2;
        char asciiString[tcnt +1];
        for (k = 0; k<sz; k++) {
                sprintf(asciiString+2*k,"%02X", (unsigned char) *(buf+k));
        }
        asciiString[tcnt] = 0;

        while((tcnt-j)>64){
                memset(tmpbuf,0,sizeof(tmpbuf));
                memcpy(tmpbuf,asciiString+j,i);
                if ((xbee_conTx(con, NULL, tmpbuf)) != XBEE_ENONE) {
                        xbee_log(xbee, -1, "xbee_conTx() returned for sendloop");
                }
                else{
                        j=j+i;
                }
        }
        memset(tmpbuf,0,sizeof(tmpbuf));
        memcpy(tmpbuf,asciiString+j,(tcnt-j));
        if ((xbee_conTx(con, NULL, tmpbuf)) != XBEE_ENONE) {
                xbee_log(xbee, -1, "xbee_conTx() returned for last remaining bytes");
        }
        if ((xbee_conTx(con, NULL, endbuf)) != XBEE_ENONE) {
                xbee_log(xbee, -1, "xbee_conTx() returned for ENDBUF");
        }

        printf("/*------------------- CLIENT SENDING ------------------*/\n");
        for (k = 0; k < sz; k++) {
            if (k > 0 && (k % 16) == 0)
                printf("\n");
            printf("%02x ", (unsigned char) buf[k]);
        }
        printf("\n/*------------------- CLIENT SENDING END ------------------*/\n");
        return sz;
}

And my server receive callback:

int ServerRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
{
        char endbuf[4];
        int i, j=0;
        xbee_err ret;
        struct xbee_pkt *pkt;
        memset(buf,0,sizeof(buf));
        while(1){
                if((ret=xbee_conRx(localCon, &pkt, NULL)) != XBEE_ENONE){
                        xbee_log(xbee, -1, "xbee_conRx() returned for whileloop");
                        printf("Nothing rcvd\n");
                        continue;
                }
                if ((pkt)->dataLen > 0) {
                        memcpy(endbuf, (pkt)->data, 3);
                        if(!strncmp(endbuf,"END",3)){
                                xbee_pktFree(pkt);
                                break;
                        }

                        int hlpbuf[3]={0}, k=0, num;
                        for(k;k<((pkt)->dataLen/2);k++){
                                memcpy(hlpbuf,(pkt)->data+2*k,2);
                                num = (int)strtoul(hlpbuf, NULL, 16);
                                *(buf+j+k)=num;
                        }
                        j=j+((pkt)->dataLen/2);
                        if (xbee_pktFree(pkt) != XBEE_ENONE) return 1;
                }
        }

        *(buf+j)='\0';
        sz = j;
        printf("SERVER WANTS TO READ: %d bytes\n", sz);
        printf("/*------------------- SERVER READING ------------------*/\n");
        for (i = 0; i < sz; i++) {
            if (i > 0 && (i % 16) == 0)
                printf("\n");
            printf("%02x ", (unsigned char) *(buf+i));
        }
        printf("\n/*------------------- SERVER READING ------------------*/\n");
        return sz;
}

Both Server send and Client receive callback are similar to above. When I run the code the client sends 148 bytes of data and then trying to receive using the receive callback:

/*-------------------Send SZ: 148 ------------------*/
/*------------------- CLIENT SENDING ------------------*/
16 03 03 00 8f 01 00 00 8b 03 03 c2 97 2f eb c4 
53 e7 1e 4f c8 23 1c c3 90 f6 9f 4e 18 88 f7 a4 
5d a7 f9 73 7d 08 80 5c 96 56 42 00 00 30 c0 2c 
c0 2b c0 30 c0 2f 00 9f 00 9e cc a9 cc a8 cc aa 
c0 27 c0 23 c0 28 c0 24 c0 0a c0 09 c0 14 c0 13 
00 6b 00 67 00 39 00 33 cc 14 cc 13 cc 15 01 00 
00 32 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 
06 01 05 01 04 01 02 01 00 0b 00 02 01 00 00 0a 
00 0e 00 0c 00 10 00 13 00 15 00 17 00 18 00 19 
00 17 00 00 
/*------------------- CLIENT SENDING END ------------------*/
/*-------------------RCV SZ: 5 ------------------*/
Nothing rcvd
Nothing rcvd
Nothing rcvd
...

But the server is only receiving, and then give an error without trying to send back anything:

SERVER WANTS TO READ: 148 bytes
/*------------------- SERVER READING ------------------*/
16 03 03 00 8f 01 00 00 8b 03 03 c2 97 2f eb c4 
53 e7 1e 4f c8 23 1c c3 90 f6 9f 4e 18 88 f7 a4 
5d a7 f9 73 7d 08 80 5c 96 56 42 00 00 30 c0 2c 
c0 2b c0 30 c0 2f 00 9f 00 9e cc a9 cc a8 cc aa 
c0 27 c0 23 c0 28 c0 24 c0 0a c0 09 c0 14 c0 13 
00 6b 00 67 00 39 00 33 cc 14 cc 13 cc 15 01 00 
00 32 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 
06 01 05 01 04 01 02 01 00 0b 00 02 01 00 00 0a 
00 0e 00 0c 00 10 00 13 00 15 00 17 00 18 00 19 
00 17 00 00 
/*------------------- SERVER READING ------------------*/
wolfSSL error: bad server tls accept

How could I check what the problem is? Why is it not working? The ssl setup code for the client and server are identical to memory-tls.c.

Please help me to find the issue.

Thank you.

Best regards

Go to forum: wolfSSL

4 Reply by rrsuj

(4 replies, posted in wolfSSL)

Hi Kaleb,
Thank you very much for your great walk-through. Certainly it will help me to achieve my goals.

Best regards

Go to forum: wolfSSL

5 Reply by rrsuj

(4 replies, posted in wolfSSL)

Hi Kaleb,
My goal is to find how low footprint can I achieve with wolfssl for-

option 1: moderate secure communication (first question)
option 2: good level of secure communication (second question)

Then I can select the low cost board (arduino or similar) for my IoT research poject based on ZigBee, BLE etc (where such level of security is not present by default in the system).


I am not a cryptographer, so I found it difficult to understand removing which feature would affect which cipher suite. So I asked the question, because I saw another question about AES where only four files were required for the secure operation.

Best regards

Go to forum: wolfSSL

6 Topic by rrsuj

(4 replies, posted in wolfSSL)

Hi,
I have two enquiries. I have executed the "./wolfssl-arduino.sh" script within the wolfssl/IDE/ARDUINO directory.

Now my first question is-  if I want TLS1.2 with only the following cipher suites:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Then only which files do I need to provide inside the "wolfSSL" directory?

Second question: If I want only following cipher suites:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Then only which files do I need to provide inside the "wolfSSL" directory?

Thank you.

Go to forum: wolfSSL