Merge pull request #363 from cconlon/se050_tls_example

SE050: add demo SSL/TLS client applications

Author: dgarske

SE050/README.md

@@ -16,29 +16,56 @@ running these examples.
 ## Installing Example Applications
 
 These instructions assume that the SE050 middleware has already been installed
-in Raspbian and is located at `/home/pi/se_mw/simw-top`.
+in Raspbian and is located at `/home/pi/se_mw/simw-top`. Also that wolfSSL has
+been built and installed. See instructions in the wolfSSL repository at
+`wolfcrypt/src/port/nxp/README_SE050.md`.
 
-Before building these demo, the "wolfssl" folder which contains these demos
-should be copied into the SE05x middleware source tree at:
+Example SE050 Pi installation steps:
 
+```sh
+$ cd se_mw/simw-top
+$ mkdir build && cd build
+$ ccmake .
+# Make sure the following are set:
+#    `Host OS` to `Raspbian`
+#    `Host Crypto` to `None` (see HostCrypto section below)
+#    `SMCOM` to `T1oI2C`
+$ c # to configure
+$ g # to generate
+$ q
+$ cmake --build .
+$ sudo make install
 ```
-/home/pi/se_mw/simw-top/demos/wolfssl
+
+Example wolfSSL installation:
+
 ```
+./configure --with-se050=/home/pi/se_mw/simw-top/ --enable-keygen --enable-cryptocb \
+    --disable-examples --disable-crypttests
+make
+sudo make install
+```
+
+Before building these demos, the "wolfssl" folder which contains these demos
+should be copied into the SE05x middleware source tree at: `~/se_mw/simw-top/demos/wolfssl`.
+Example: `cp -r wolfssl ~/se_mw/simw-top/demos/`
 
 This will mean the wolfSSL demo applications will be at:
 
 ```
-/home/pi/se_mw/simw-top/demos/wolfssl/wolfcrypt_benchmark
-/home/pi/se_mw/simw-top/demos/wolfssl/wolfcrypt_generate_csr
-/home/pi/se_mw/simw-top/demos/wolfssl/wolfcrypt_key_cert_insert
-/home/pi/se_mw/simw-top/demos/wolfssl/wolfcrypt_test
+~/se_mw/simw-top/demos/wolfssl/wolfcrypt_benchmark
+~/se_mw/simw-top/demos/wolfssl/wolfcrypt_generate_csr
+~/se_mw/simw-top/demos/wolfssl/wolfcrypt_key_cert_insert
+~/se_mw/simw-top/demos/wolfssl/wolfcrypt_test
+~/se_mw/simw-top/demos/wolfssl/wolfssl_client
+~/se_mw/simw-top/demos/wolfssl/wolfssl_client_cert_key
 ```
 
 The 'wolfssl' demo directory needs to be tied into the CMake build system. Open
 the following file:
 
 ```
-/home/pi/se_mw/simw-top/demos/CMakeLists.txt
+~/se_mw/simw-top/demos/CMakeLists.txt
 ```
 
 Add the following at the bottom of this file:
@@ -50,9 +77,9 @@ ADD_SUBDIRECTORY(wolfssl)
 If the SE05x middleware has not yet been set up for compilation:
 
 ```
-$ cd /home/pi/se_mw/simw-top/scripts
-$ ./create_cmake_projects.py rpi
-$ cd /home/pi/se_mw/simw-top_build/raspbian_native_se050_t1oi2c
+$ cd ~/se_mw/simw-top/scripts
+$ python ./create_cmake_projects.py rpi
+$ cd ~/se_mw/simw-top_build/raspbian_native_se050_t1oi2c
 $ ccmake .
 < adjust options to match SE050 dev kit >
 < 'c', to configure >
@@ -68,6 +95,13 @@ included here need benchmark.c, benchmark.h, test.c, and test.h copied over
 from a valid wolfSSL source tree. See notes in those example README.md files
 for more information.
 
+```
+cp ~/wolfssl/wolfcrypt/benchmark/benchmark.c ./wolfssl/wolfcrypt_benchmark/
+cp ~/wolfssl/wolfcrypt/benchmark/benchmark.h ./wolfssl/wolfcrypt_benchmark/
+cp ~/wolfssl/wolfcrypt/test/test.c ./wolfssl/wolfcrypt_test/
+cp ~/wolfssl/wolfcrypt/test/test.h ./wolfssl/wolfcrypt_test/
+```
+
 ## NXP SE050 EdgeLock Configuration
 
 wolfSSL most recently tested these examples on a Raspberry Pi with NXP
@@ -105,6 +139,22 @@ generated and stored in the SE050. This examples requires that wolfSSL be
 compiled with `--enable-certgen --enable-certreq`. For details, see
 [README.md](./wolfssl/wolfcrypt_generate_csr/README.md).
 
+### wolfSSL SSL/TLS Client Example
+
+This example demonstrates a simple SSL/TLS client, using hardware-based
+cryptography supported inside the SE050. It loads and uses a certificate
+and private key from C arrays/buffers. For a more advanced demo which uses
+the private key directly from the SE050, see the following example. For details,
+see [README.md](./wolfssl/wolfssl_client/README.md).
+
+### wolfSSL SSL/TLS Client Example with Cert and Private Key in SE050
+
+This example demonstrates a simple SSL/TLS client, using hardware-based
+cryptography supported inside the SE050. It loads and uses a certificate
+and private key from C arrays/buffers into the SE050, then does all private key
+operations inside the SE050 for the TLS private key, based on a key ID.
+For details, see [README.md](./wolfssl/wolfssl_client_cert_key/README.md).
+
 ## Support
 
 For support questions and issues, please email wolfSSL at [email protected].

SE050/wolfssl/CMakeLists.txt

@@ -2,3 +2,5 @@ ADD_SUBDIRECTORY(wolfcrypt_benchmark)
 ADD_SUBDIRECTORY(wolfcrypt_test)
 ADD_SUBDIRECTORY(wolfcrypt_key_cert_insert)
 ADD_SUBDIRECTORY(wolfcrypt_generate_csr)
+ADD_SUBDIRECTORY(wolfssl_client)
+ADD_SUBDIRECTORY(wolfssl_client_cert_key)

SE050/wolfssl/wolfcrypt_benchmark/CMakeLists.txt

@@ -12,7 +12,7 @@ ADD_EXECUTABLE(
 
 TARGET_COMPILE_DEFINITIONS(
     ${PROJECT_NAME}
-    PRIVATE SIMW_DEMO_ENABLE__DEMO_WOLFCRYPTBENCHMARK NO_MAIN_DRIVER BENCH_EMBEDDED USE_CERT_BUFFERS_2048 USE_CERT_BUFFERS_256
+    PRIVATE SIMW_DEMO_ENABLE__DEMO_WOLFCRYPTBENCHMARK NO_MAIN_DRIVER BENCH_EMBEDDED USE_CERT_BUFFERS_2048 USE_CERT_BUFFERS_256 USE_FLAT_BENCHMARK_H
 )
 
 TARGET_INCLUDE_DIRECTORIES(

SE050/wolfssl/wolfcrypt_benchmark/benchmark.c

@@ -1,6 +1,6 @@
 /* benchmark.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

SE050/wolfssl/wolfcrypt_benchmark/benchmark.h

@@ -1,6 +1,6 @@
 /* benchmark.h
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

SE050/wolfssl/wolfcrypt_benchmark/wolfcrypt_benchmark.c

@@ -1,6 +1,6 @@
 /* wolfcrypt_benchmark.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

SE050/wolfssl/wolfcrypt_generate_csr/wolfcrypt_generate_csr.c

@@ -1,6 +1,6 @@
 /* wolfcrypt_generate_csr.c 
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

SE050/wolfssl/wolfcrypt_key_cert_insert/wolfcrypt_key_cert_insert.c

@@ -1,6 +1,6 @@
 /* wolfcrypt_key_cert_insert.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

SE050/wolfssl/wolfcrypt_test/CMakeLists.txt

@@ -12,7 +12,7 @@ ADD_EXECUTABLE(
 
 TARGET_COMPILE_DEFINITIONS(
     ${PROJECT_NAME}
-    PRIVATE SIMW_DEMO_ENABLE__DEMO_WOLFCRYPTTEST NO_MAIN_DRIVER BENCH_EMBEDDED USE_CERT_BUFFERS_2048 USE_CERT_BUFFERS_256
+    PRIVATE SIMW_DEMO_ENABLE__DEMO_WOLFCRYPTTEST NO_MAIN_DRIVER BENCH_EMBEDDED USE_CERT_BUFFERS_2048 USE_CERT_BUFFERS_256 USE_FLAT_TEST_H
 )
 
 TARGET_INCLUDE_DIRECTORIES(

SE050/wolfssl/wolfcrypt_test/test.c

@@ -1,6 +1,6 @@
 /* test.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

SE050/wolfssl/wolfcrypt_test/test.h

@@ -1,6 +1,6 @@
 /* test.h
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

SE050/wolfssl/wolfcrypt_test/wolfcrypt_test.c

@@ -1,6 +1,6 @@
 /* wolfcrypt_test.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

SE050/wolfssl/wolfssl_client/CMakeLists.txt

@@ -0,0 +1,34 @@
+PROJECT(wolfssl_client)
+FILE(
+    GLOB
+    files
+    *.c
+)
+
+ADD_EXECUTABLE(
+    ${PROJECT_NAME}
+    ${KSDK_STARTUP_FILE} ${files}
+)
+
+TARGET_COMPILE_DEFINITIONS(
+    ${PROJECT_NAME}
+    PRIVATE SIMW_DEMO_ENABLE__DEMO_WOLFSSL_CLIENT NO_MAIN_DRIVER USE_CERT_BUFFERS_2048 USE_CERT_BUFFERS_256
+)
+
+TARGET_INCLUDE_DIRECTORIES(
+    ${PROJECT_NAME}
+    PRIVATE ${SIMW_TOP_DIR}/sss/ex/inc /home/pi/se_mw/wolfssl
+)
+
+TARGET_LINK_LIBRARIES(
+    ${PROJECT_NAME}
+    SSS_APIs
+    ex_common
+    wolfssl
+)
+
+CREATE_BINARY(${PROJECT_NAME})
+
+IF(SSS_HAVE_HOST_LINUX_LIKE)
+    INSTALL(TARGETS ${PROJECT_NAME} DESTINATION bin)
+ENDIF()

SE050/wolfssl/wolfssl_client/README.md

@@ -0,0 +1,109 @@
+# wolfSSL SSL/TLS Client Demo Application
+
+This demo application runs a wolfSSL TLS example client. It connects to the
+main wolfSSL example server (distributed with wolfSSL proper).
+
+This example client uses SE050-based cryptography inside the module where
+supported. It does not load the client certificate and private key into the
+SE050 module. For a more advanced demo that does load these into the SE050
+and uses the private key directly from the module based on key ID, see the
+wolfSSL client demo located up a directory below, or read the associated
+[README.md](../wolfssl_client_cert_key/README.md) for that demo.
+
+```
+wolfssl_client_cert_key/wolfssl_client_cert_key.c
+```
+
+## Building the Demo
+
+Before building this demo, follow initial setup instructions in the parent
+[README.md](../../README.md).
+
+Compiling the middleware will also compile this demo application:
+
+```
+$ cd /home/pi/se_mw/simw-top_build/raspbian_native_se050_t1oi2c
+$ cmake --build .
+```
+
+## Running the Demo
+
+To run the demo, first start the wolfSSL example server. This demo client
+assumes the server will be available at **127.0.0.1:11111**:
+
+```
+$ cd <wolfssl_directory>
+$ ./examples/server/server
+```
+
+Then, to run this demo:
+
+```
+$ cd /home/pi/se_mw/simw-top_build/raspbian_native_se050_t1oi2c/bin
+$ ./wolfssl_client
+```
+
+On successful run, output similar to the following will print out:
+
+```
+App   :INFO :PlugAndTrust_v04.02.00_20220524
+App   :INFO :Running ./wolfssl_client
+App   :INFO :If you want to over-ride the selection, use ENV=EX_SSS_BOOT_SSS_PORT or pass in command line arguments.
+sss   :INFO :atr (Len=35)
+      00 A0 00 00    03 96 04 03    E8 00 FE 02    0B 03 E8 08
+      01 00 00 00    00 64 00 00    0A 4A 43 4F    50 34 20 41
+      54 50 4F
+sss   :WARN :Communication channel is Plain.
+sss   :WARN :!!!Not recommended for production use.!!!
+App   :INFO :wolfSSL example client
+
+App   :INFO :Running wc_se050_set_config()
+App   :INFO :SE050 config successfully set in wolfSSL
+App   :INFO :Created and configured socket
+App   :INFO :Socket connected
+App   :INFO :Created WOLFSSL_CTX
+App   :INFO :Created WOLFSSL_CTX
+App   :INFO :Loaded CA certs into CTX
+App   :INFO :Loaded client certificate into CTX
+App   :INFO :Loaded client private key into CTX
+App   :INFO :Created new WOLFSSL
+App   :INFO :Set wolfSSL fd
+sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn
+sss   :WARN :Could not delete Key id FFFF
+sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn
+sss   :WARN :Could not delete Key id 10000
+sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn
+sss   :WARN :Could not delete Key id 10001
+sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn
+sss   :WARN :Could not delete Key id 10002
+sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn
+sss   :WARN :Could not delete Key id 10003
+sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn
+sss   :WARN :Could not delete Key id 10004
+sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn
+sss   :WARN :Could not delete Key id 10005
+sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn
+sss   :WARN :Could not delete Key id 10006
+App   :INFO :Sending message to server: GET /index.html HTTP/1.0
+
+
+
+App   :INFO :wolfSSL_write sent 28 bytes
+
+App   :INFO :Server response: I hear you fa shizzle!
+
+App   :INFO :TLS shutdown not complete
+App   :INFO :TLS shutdown complete
+App   :INFO :Done with sample app
+App   :INFO :ex_sss Finished
+```
+
+## Demo Notes
+
+It is expected to see warning messages in the console log about failures to
+delete key ids. wolfCrypt internally tries to delete temporary/test keys,
+and if those keys have not been stored in the SE050 the debug logs will show
+these messages.
+
+See the source code of the demo for more notes about wolfSSL API usage.
+