├── .gitignore ├── README.md ├── aes.go ├── blake2.go ├── chacha_poly.go ├── curve25519.go ├── ecc.go ├── examples ├── README.md ├── aes-encrypt │ └── aes-encrypt.go ├── certs │ ├── ca-cert.pem │ ├── server-cert.pem │ └── server-key.pem ├── client │ ├── client-dtls.go │ ├── client-psk.go │ └── client.go ├── ecc-sign-verify │ └── ecc-sign-verify.go ├── hash │ └── fileHash.go └── server │ ├── server-dtls.go │ ├── server-psk.go │ └── server.go ├── fips.go ├── generateOptions.sh ├── go.mod ├── hash.go ├── hmac.go ├── misc.go ├── random.go ├── sha.go └── ssl.go /.gitignore: -------------------------------------------------------------------------------- 1 | examples/client/client 2 | examples/client/client-psk 3 | examples/client/client-dtls 4 | examples/server/server 5 | examples/server/server-psk 6 | examples/server/server-dtls 7 | examples/aes-encrypt/aes-encrypt 8 | examples/ecc-sign-verify/ecc-sign-verify 9 | examples/hash/fileHash 10 | go.mod 11 | options.go 12 | path.txt 13 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # wolfSSL Golang Wrapper 2 | 3 | This repository contains a very light wrapper around wolfSSL for GO, a server/client example, and some example wolfCrypt applications. 4 | 5 | ## Usage 6 | 7 | To use the wolfSSL go module, first build and install wolfSSL as shown below. 8 | 9 | ``` 10 | git clone https://github.com/wolfSSL/wolfssl 11 | ./autogen.sh 12 | ./configure 13 | make 14 | sudo make install 15 | ``` 16 | 17 | Then clone the go-wolfssl repo and run the `./generateOptions.sh` script to customize go-wolfssl to the same feature set as wolfSSL. This script will generate an `options.go` file that will keep go-wolfssl and wolfSSL in sync. `generateOptions` should be run any time you change your wolfSSL configure options. If the path to your wolfSSL directory is `../wolfssl`, just run: 18 | ``` 19 | git clone https://github.com/wolfSSL/go-wolfssl 20 | cd go-wolfssl 21 | ./generateOptions.sh 22 | ``` 23 | 24 | If you have a different path to your wolfSSL directory, run the script with the right path: 25 | ``` 26 | ./generateOptions ../files/wolfSSL 27 | ``` 28 | 29 | To install the wrapper module, run these commands: 30 | ``` 31 | go get -u github.com/wolfssl/go-wolfssl 32 | go mod edit -replace github.com/wolfssl/go-wolfssl= 33 | ``` 34 | 35 | ## Running the TLS Server/Client example 36 | 37 | The example `.go` files are located in the `client` and `server` directories. 38 | 39 | To build the server, run : 40 | ``` 41 | cd examples/server 42 | go build server.go 43 | ``` 44 | 45 | To build the client, run : 46 | ``` 47 | cd examples/client 48 | go build client.go 49 | ``` 50 | 51 | **NOTE**: Make sure to run both the server and client from within their directories or change the certificate and key paths in the code so that the files are found. 52 | 53 | See [examples/README.md](examples/README.md) for details on building/running the other examples. 54 | 55 | **NOTE**: If you have wolfSSL installed in a non-standard location, edit the `CFLAGS` and `LDFLAGS` specifications in the `*.go` source files to correspond to your custom installation path. 56 | 57 | ## Support 58 | 59 | For inquiries, suggestions and feedback please contact support@wolfssl.com. 60 | -------------------------------------------------------------------------------- /aes.go: -------------------------------------------------------------------------------- 1 | /* aes.go 2 | * 3 | * Copyright (C) 2006-2022 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package wolfSSL 23 | 24 | // #cgo CFLAGS: -g -Wall -I/usr/include -I/usr/include/wolfssl -I/usr/local/include -I/usr/local/include/wolfssl 25 | // #cgo LDFLAGS: -L/usr/local/lib -lwolfssl 26 | // #include 27 | // #include 28 | // #include 29 | // #ifdef NO_AES 30 | // #define AES_BLOCK_SIZE 1 31 | // #define AES_128_KEY_SIZE 1 32 | // #define AES_192_KEY_SIZE 1 33 | // #define AES_256_KEY_SIZE 1 34 | // #define AES_ENCRYPTION 1 35 | // #define AES_DECRYPTION 1 36 | // typedef struct Aes {} Aes; 37 | // int wc_AesInit(Aes* aes, void* heap, int devid) { 38 | // return -174; 39 | // } 40 | // int wc_AesFree(Aes* aes) { 41 | // return -174; 42 | // } 43 | // int wc_AesSetKey(Aes* aes, const byte* key, word32 len, 44 | // const byte* iv, int dir) { 45 | // return -174; 46 | // } 47 | // #ifndef HAVE_AES_CBC 48 | // int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { 49 | // return -174; 50 | // } 51 | // int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { 52 | // return -174; 53 | // } 54 | // #endif 55 | // #endif 56 | import "C" 57 | import ( 58 | "unsafe" 59 | ) 60 | 61 | const AES_IV_SIZE = int(C.AES_IV_SIZE) 62 | const AES_BLOCK_SIZE = int(C.AES_BLOCK_SIZE) 63 | const AES_128_KEY_SIZE = int(C.AES_128_KEY_SIZE) 64 | const AES_192_KEY_SIZE = int(C.AES_192_KEY_SIZE) 65 | const AES_256_KEY_SIZE = int(C.AES_256_KEY_SIZE) 66 | const AES_ENCRYPTION = int(C.AES_ENCRYPTION) 67 | const AES_DECRYPTION = int(C.AES_DECRYPTION) 68 | 69 | const INVALID_DEVID = int(C.INVALID_DEVID) 70 | 71 | type Aes = C.struct_Aes 72 | 73 | func Wc_AesInit(aes *C.struct_Aes, heap []byte , devId int) int { 74 | /* TODO: HANDLE NON NIL HEAP */ 75 | return int(C.wc_AesInit(aes, unsafe.Pointer(nil), C.int(devId))) 76 | } 77 | 78 | func Wc_AesFree(aes *C.struct_Aes) { 79 | C.wc_AesFree(aes) 80 | } 81 | 82 | func Wc_AesSetKey(aes *C.struct_Aes, key []byte, length int, iv []byte, dir int) int { 83 | return int(C.wc_AesSetKey(aes, (*C.uchar)(unsafe.Pointer(&key[0])), C.word32(length), 84 | (*C.uchar)(unsafe.Pointer(&iv[0])), C.int(dir))) 85 | } 86 | 87 | func Wc_AesCbcEncrypt(aes *C.struct_Aes, out []byte, in []byte, sz int) int { 88 | return int(C.wc_AesCbcEncrypt(aes, (*C.uchar)(unsafe.Pointer(&out[0])), 89 | (*C.uchar)(unsafe.Pointer(&in[0])), C.word32(sz))) 90 | } 91 | 92 | func Wc_AesCbcDecrypt(aes *C.struct_Aes, out []byte, in []byte, sz int) int { 93 | return int(C.wc_AesCbcDecrypt(aes, (*C.uchar)(unsafe.Pointer(&out[0])), 94 | (*C.uchar)(unsafe.Pointer(&in[0])), C.word32(sz))) 95 | } 96 | 97 | func Wc_AesGcmSetKey(aes *C.struct_Aes, key []byte, length int) int { 98 | return int(C.wc_AesGcmSetKey(aes, (*C.uchar)(unsafe.Pointer(&key[0])), C.word32(length))) 99 | } 100 | 101 | func Wc_AesGcmEncrypt(aes *C.struct_Aes, outCipher, inPlain, inIv, outAuthTag, inAAD []byte) int { 102 | var sanInAAD *C.uchar 103 | if len(inAAD) > 0 { 104 | sanInAAD = (*C.uchar)(unsafe.Pointer(&inAAD[0])) 105 | } else { 106 | sanInAAD = (*C.uchar)(unsafe.Pointer(nil)) 107 | } 108 | var sanInPlain *C.uchar 109 | if len(inPlain) > 0 { 110 | sanInPlain = (*C.uchar)(unsafe.Pointer(&inPlain[0])) 111 | } else { 112 | emptyStringArray := []byte("") 113 | sanInPlain = (*C.uchar)(unsafe.Pointer(&emptyStringArray)) 114 | } 115 | var sanOutCipher *C.uchar 116 | if len(outCipher) > 0 { 117 | sanOutCipher = (*C.uchar)(unsafe.Pointer(&outCipher[0])) 118 | } else { 119 | outCipher = make([]byte, AES_BLOCK_SIZE) 120 | sanOutCipher = (*C.uchar)(unsafe.Pointer(&outCipher[0])) 121 | } 122 | ret := int(C.wc_AesGcmEncrypt(aes, sanOutCipher, sanInPlain, C.word32(len(inPlain)), 123 | (*C.uchar)(unsafe.Pointer(&inIv[0])), C.word32(len(inIv)), 124 | (*C.uchar)(unsafe.Pointer(&outAuthTag[0])), C.word32(len(outAuthTag)), sanInAAD, C.word32(len(inAAD)))) 125 | return ret 126 | } 127 | 128 | func Wc_AesGcmDecrypt(aes *C.struct_Aes, outPlain, inCipher, inIv, inAuthTag, inAAD []byte) int { 129 | var sanInAAD *C.uchar 130 | if len(inAAD) > 0 { 131 | sanInAAD = (*C.uchar)(unsafe.Pointer(&inAAD[0])) 132 | } else { 133 | sanInAAD = (*C.uchar)(unsafe.Pointer(nil)) 134 | } 135 | var sanInCipher *C.uchar 136 | if len(inCipher) > 0 { 137 | sanInCipher = (*C.uchar)(unsafe.Pointer(&inCipher[0])) 138 | } else { 139 | emptyStringArray := []byte("") 140 | sanInCipher = (*C.uchar)(unsafe.Pointer(&emptyStringArray)) 141 | } 142 | 143 | ret := int(C.wc_AesGcmDecrypt(aes, (*C.uchar)(unsafe.Pointer(&outPlain[0])), sanInCipher, C.word32(len(inCipher)), 144 | (*C.uchar)(unsafe.Pointer(&inIv[0])), C.word32(len(inIv)), 145 | (*C.uchar)(unsafe.Pointer(&inAuthTag[0])), C.word32(len(inAuthTag)), sanInAAD, C.word32(len(inAAD)))) 146 | return ret 147 | 148 | } 149 | 150 | func Wc_AesGcm_Appended_Tag_Encrypt(aes *C.struct_Aes, outCipher, inPlain, inIv, inAAD []byte) ([]byte, int) { 151 | var outAuthTag [AES_BLOCK_SIZE]byte 152 | var longOutCipher []byte 153 | 154 | if len(outCipher) < (len(inPlain) + AES_BLOCK_SIZE) { 155 | longOutCipher = make([]byte, len(inPlain) + AES_BLOCK_SIZE) 156 | } else { 157 | longOutCipher = outCipher 158 | } 159 | 160 | ret := Wc_AesGcmEncrypt(aes, longOutCipher[:(len(longOutCipher)-AES_BLOCK_SIZE)], inPlain, inIv, outAuthTag[:], inAAD) 161 | copy(longOutCipher[(len(longOutCipher)-AES_BLOCK_SIZE):], outAuthTag[:]) 162 | return longOutCipher, ret 163 | } 164 | 165 | func Wc_AesGcm_Appended_Tag_Decrypt(aes *C.struct_Aes, outPlain, inCipher, inIv, inAAD []byte) int { 166 | var inAuthTag [AES_BLOCK_SIZE]byte 167 | copy(inAuthTag[:], inCipher[(len(inCipher)-AES_BLOCK_SIZE):]) 168 | ret := Wc_AesGcmDecrypt(aes, outPlain, inCipher[:(len(inCipher)-AES_BLOCK_SIZE)], inIv, inAuthTag[:], inAAD) 169 | return ret 170 | } 171 | 172 | /* TODO: Move function below to appropriate .go file */ 173 | func Wc_PBKDF2(out []byte, pwd []byte, pLen int, salt []byte, saltLen int, iter int, kLen int, typeH int) int { 174 | return int(C.wc_PBKDF2((*C.uchar)(unsafe.Pointer(&out[0])), (*C.uchar)(unsafe.Pointer(&pwd[0])), C.int(pLen), 175 | (*C.uchar)(unsafe.Pointer(&salt[0])), C.int(saltLen), C.int(iter), C.int(kLen), C.int(typeH))) 176 | } 177 | 178 | -------------------------------------------------------------------------------- /blake2.go: -------------------------------------------------------------------------------- 1 | /* blake2s.go 2 | * 3 | * Copyright (C) 2006-2024 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package wolfSSL 23 | 24 | // #include 25 | // #include 26 | // #include 27 | // #ifndef HAVE_BLAKE2S 28 | // typedef struct Blake2s {} Blake2s; 29 | // void wc_Blake2s_HMAC(byte *out, const byte *in, const byte *key, word32 outlen, word32 inlen, word32 keylen) { 30 | // return; 31 | // } 32 | // int wc_InitBlake2s(Blake2s* b, word32 digestSz) { 33 | // return -174; 34 | // } 35 | // int wc_InitBlake2s_WithKey(Blake2s* b, word32 digestSz, byte *key, word32 keylen) { 36 | // return -174; 37 | // } 38 | // int wc_Blake2sUpdate(Blake2s* b2s, byte* data, word32 sz) { 39 | // return -174; 40 | // } 41 | // int wc_Blake2sFinal(Blake2s* b2s, byte* data, word32 reqSz) { 42 | // return -174; 43 | // } 44 | // #endif 45 | import "C" 46 | import ( 47 | "unsafe" 48 | ) 49 | 50 | const WC_BLAKE2S_256_DIGEST_SIZE = 32 51 | const WC_BLAKE2S_128_DIGEST_SIZE = 16 52 | 53 | const WC_BLAKE2S_256_BLOCK_SIZE = 64 54 | 55 | type Blake2s = C.struct_Blake2s 56 | 57 | func Wc_InitBlake2s(blake2s *C.struct_Blake2s, digestSz int) int { 58 | return int(C.wc_InitBlake2s(blake2s, C.word32(digestSz))) 59 | } 60 | 61 | func Wc_InitBlake2s_WithKey(blake2s *C.struct_Blake2s, digestSz int, key []byte) int { 62 | return int(C.wc_InitBlake2s_WithKey(blake2s, C.word32(digestSz), 63 | (*C.uchar)(unsafe.Pointer(&key[0])), C.word32(len(key)))) 64 | } 65 | 66 | func Wc_Blake2sUpdate(blake2s *C.struct_Blake2s, in []byte, sz int) int { 67 | var sanIn *C.uchar 68 | if len(in) > 0 { 69 | sanIn = (*C.uchar)(unsafe.Pointer(&in[0])) 70 | } else { 71 | sanIn = (*C.uchar)(unsafe.Pointer(nil)) 72 | } 73 | 74 | return int(C.wc_Blake2sUpdate(blake2s, sanIn, C.word32(sz))) 75 | } 76 | 77 | func Wc_Blake2sFinal(blake2s *C.struct_Blake2s, out []byte, requestSz int) int { 78 | return int(C.wc_Blake2sFinal(blake2s, (*C.uchar)(unsafe.Pointer(&out[0])), 79 | C.word32(requestSz))) 80 | } 81 | 82 | func Wc_Blake2s_HMAC(out []byte, in, key []byte, outlen int) { 83 | var state Blake2s 84 | var x_key [WC_BLAKE2S_256_BLOCK_SIZE]byte 85 | var i_hash [WC_BLAKE2S_256_DIGEST_SIZE]byte 86 | 87 | i := 0 88 | 89 | inlen := len(in) 90 | keylen := len(key) 91 | 92 | if outlen != WC_BLAKE2S_256_DIGEST_SIZE { 93 | return 94 | } 95 | 96 | if keylen > WC_BLAKE2S_256_BLOCK_SIZE { 97 | Wc_InitBlake2s(&state, WC_BLAKE2S_256_DIGEST_SIZE) 98 | Wc_Blake2sUpdate(&state, key, keylen) 99 | Wc_Blake2sFinal(&state, x_key[:], 0) 100 | } else { 101 | copy(x_key[:], key) 102 | for i = keylen; i < WC_BLAKE2S_256_BLOCK_SIZE; i++ { 103 | x_key[i] = 0 104 | } 105 | } 106 | 107 | for i = 0; i < WC_BLAKE2S_256_BLOCK_SIZE; i++ { 108 | x_key[i] ^= 0x36 109 | } 110 | 111 | Wc_InitBlake2s(&state, WC_BLAKE2S_256_DIGEST_SIZE) 112 | Wc_Blake2sUpdate(&state, x_key[:], WC_BLAKE2S_256_BLOCK_SIZE) 113 | Wc_Blake2sUpdate(&state, in, inlen) 114 | Wc_Blake2sFinal(&state, i_hash[:], 0) 115 | 116 | for i = 0; i < WC_BLAKE2S_256_BLOCK_SIZE; i++ { 117 | x_key[i] ^= 0x5c ^ 0x36 118 | } 119 | 120 | Wc_InitBlake2s(&state, WC_BLAKE2S_256_DIGEST_SIZE) 121 | Wc_Blake2sUpdate(&state, x_key[:], WC_BLAKE2S_256_BLOCK_SIZE) 122 | Wc_Blake2sUpdate(&state, i_hash[:], WC_BLAKE2S_256_DIGEST_SIZE) 123 | Wc_Blake2sFinal(&state, i_hash[:], 0) 124 | 125 | copy(out[:], i_hash[:]) 126 | zeroMemory(i_hash[:]) 127 | zeroMemory(x_key[:]) 128 | } 129 | -------------------------------------------------------------------------------- /chacha_poly.go: -------------------------------------------------------------------------------- 1 | /* chacha_poly.go 2 | * 3 | * Copyright (C) 2006-2024 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package wolfSSL 23 | 24 | // #include 25 | // #include 26 | // #ifndef HAVE_CHACHA 27 | // #define CHACHA20_POLY1305_AEAD_KEYSIZE 1 28 | // #define CHACHA20_POLY1305_AEAD_IV_SIZE 1 29 | // #define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 1 30 | // #define XCHACHA20_POLY1305_AEAD_NONCE_SIZE 1 31 | // int wc_ChaCha20Poly1305_Encrypt( 32 | // byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], 33 | // byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], 34 | // byte* inAAD, word32 inAADLen, 35 | // byte* inPlaintext, word32 inPlaintextLen, 36 | // byte* outCiphertext, 37 | // byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]) { 38 | // return -174; 39 | // } 40 | // int wc_ChaCha20Poly1305_Decrypt( 41 | // byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], 42 | // byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], 43 | // byte* inAAD, word32 inAADLen, 44 | // byte* inCiphertext, word32 inCiphertextLen, 45 | // byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], 46 | // byte* outPlaintext) { 47 | // return -174; 48 | // } 49 | // #endif 50 | // #ifndef HAVE_XCHACHA 51 | // int wc_XChaCha20Poly1305_Encrypt( 52 | // byte *dst, size_t dst_space, 53 | // const byte *src, size_t src_len, 54 | // const byte *ad, size_t ad_len, 55 | // const byte *nonce, size_t nonce_len, 56 | // const byte *key, size_t key_len) { 57 | // return -174; 58 | // } 59 | // int wc_XChaCha20Poly1305_Decrypt( 60 | // byte *dst, size_t dst_space, 61 | // const byte *src, size_t src_len, 62 | // const byte *ad, size_t ad_len, 63 | // const byte *nonce, size_t nonce_len, 64 | // const byte *key, size_t key_len) { 65 | // return -174; 66 | // } 67 | // #endif 68 | import "C" 69 | import ( 70 | "unsafe" 71 | ) 72 | 73 | const CHACHA20_POLY1305_AEAD_KEYSIZE = int(C.CHACHA20_POLY1305_AEAD_KEYSIZE) 74 | const CHACHA20_POLY1305_AEAD_IV_SIZE = int(C.CHACHA20_POLY1305_AEAD_IV_SIZE) 75 | const CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE = int(C.CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) 76 | const XCHACHA20_POLY1305_AEAD_NONCE_SIZE = int(C.XCHACHA20_POLY1305_AEAD_NONCE_SIZE) 77 | const CHACHA20_POLY1305_AEAD_NONCE_SIZE = XCHACHA20_POLY1305_AEAD_NONCE_SIZE/2 78 | 79 | func Wc_ChaCha20Poly1305_Encrypt(inKey, inIv, inAAD, inPlain, outCipher, outAuthTag []byte) int { 80 | var sanInAAD *C.uchar 81 | if len(inAAD) > 0 { 82 | sanInAAD = (*C.uchar)(unsafe.Pointer(&inAAD[0])) 83 | } else { 84 | sanInAAD = (*C.uchar)(unsafe.Pointer(nil)) 85 | } 86 | var sanInPlain *C.uchar 87 | if len(inPlain) > 0 { 88 | sanInPlain = (*C.uchar)(unsafe.Pointer(&inPlain[0])) 89 | } else { 90 | sanInPlain = (*C.uchar)(unsafe.Pointer(nil)) 91 | } 92 | var sanOutCipher *C.uchar 93 | if len(outCipher) > 0 { 94 | sanOutCipher = (*C.uchar)(unsafe.Pointer(&outCipher[0])) 95 | } else { 96 | emptyStringArray := []byte("") 97 | sanOutCipher = (*C.uchar)(unsafe.Pointer(&emptyStringArray)) 98 | } 99 | return int(C.wc_ChaCha20Poly1305_Encrypt((*C.uchar)(unsafe.Pointer(&inKey[0])), (*C.uchar)(unsafe.Pointer(&inIv[0])), 100 | sanInAAD, C.word32(len(inAAD)), sanInPlain, C.word32(len(inPlain)), 101 | sanOutCipher, (*C.uchar)(unsafe.Pointer(&outAuthTag[0])))) 102 | } 103 | 104 | func Wc_ChaCha20Poly1305_Decrypt(inKey, inIv, inAAD, inCipher, inAuthTag , outPlain []byte) int { 105 | var sanInAAD *C.uchar 106 | if len(inAAD) > 0 { 107 | sanInAAD = (*C.uchar)(unsafe.Pointer(&inAAD[0])) 108 | } else { 109 | sanInAAD = (*C.uchar)(unsafe.Pointer(nil)) 110 | } 111 | var sanInCipher *C.uchar 112 | if len(inCipher) > 0 { 113 | sanInCipher = (*C.uchar)(unsafe.Pointer(&inCipher[0])) 114 | } else { 115 | emptyStringArray := []byte("") 116 | sanInCipher = (*C.uchar)(unsafe.Pointer(&emptyStringArray)) 117 | } 118 | 119 | return int(C.wc_ChaCha20Poly1305_Decrypt((*C.uchar)(unsafe.Pointer(&inKey[0])), (*C.uchar)(unsafe.Pointer(&inIv[0])), 120 | sanInAAD, C.word32(len(inAAD)), sanInCipher, C.word32(len(inCipher)), 121 | (*C.uchar)(unsafe.Pointer(&inAuthTag[0])), (*C.uchar)(unsafe.Pointer(&outPlain[0])))) 122 | } 123 | 124 | func Wc_ChaCha20Poly1305_Appended_Tag_Encrypt(inKey, inIv, inAAD, inPlain, outCipher []byte) ([]byte, int) { 125 | var outAuthTag [CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]byte 126 | var longOutCipher []byte 127 | 128 | if len(outCipher) < (len(inPlain) + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) { 129 | longOutCipher = make([]byte, len(inPlain) + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) 130 | } else { 131 | longOutCipher = outCipher 132 | } 133 | 134 | ret := Wc_ChaCha20Poly1305_Encrypt(inKey, inIv, inAAD, inPlain, longOutCipher[:(len(longOutCipher)-CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE)], outAuthTag[:]) 135 | copy(longOutCipher[(len(longOutCipher)-CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE):], outAuthTag[:]) 136 | return longOutCipher, ret 137 | } 138 | 139 | func Wc_ChaCha20Poly1305_Appended_Tag_Decrypt(inKey, inIv, inAAD, inCipher, outPlain []byte) int { 140 | var inAuthTag [CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]byte 141 | copy(inAuthTag[:], inCipher[(len(inCipher)-CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE):]) 142 | ret := Wc_ChaCha20Poly1305_Decrypt(inKey, inIv, inAAD, inCipher[:(len(inCipher)-CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE)], inAuthTag[:] , outPlain) 143 | return ret 144 | } 145 | 146 | func Wc_XChaCha20Poly1305_Encrypt(outCipher, inPlain, inAAD, inIv, inKey []byte) int { 147 | var sanInAAD *C.uchar 148 | if len(inAAD) > 0 { 149 | sanInAAD = (*C.uchar)(unsafe.Pointer(&inAAD[0])) 150 | } else { 151 | sanInAAD = (*C.uchar)(unsafe.Pointer(nil)) 152 | } 153 | var sanInPlain *C.uchar 154 | if len(inPlain) > 0 { 155 | sanInPlain = (*C.uchar)(unsafe.Pointer(&inPlain[0])) 156 | } else { 157 | sanInPlain = (*C.uchar)(unsafe.Pointer(nil)) 158 | } 159 | return int(C.wc_XChaCha20Poly1305_Encrypt((*C.uchar)(unsafe.Pointer(&outCipher[0])), C.size_t(len(outCipher)), 160 | sanInPlain, C.size_t(len(inPlain)), sanInAAD, C.size_t(len(inAAD)), 161 | (*C.uchar)(unsafe.Pointer(&inIv[0])), C.size_t(len(inIv)), 162 | (*C.uchar)(unsafe.Pointer(&inKey[0])), C.size_t(len(inKey)))) 163 | } 164 | 165 | func Wc_XChaCha20Poly1305_Decrypt(outPlain, inCipher, inAAD, inIv, inKey []byte) int { 166 | var sanInAAD *C.uchar 167 | if len(inAAD) > 0 { 168 | sanInAAD = (*C.uchar)(unsafe.Pointer(&inAAD[0])) 169 | } else { 170 | sanInAAD = (*C.uchar)(unsafe.Pointer(nil)) 171 | } 172 | var sanInCipher *C.uchar 173 | if len(inCipher) > 0 { 174 | sanInCipher = (*C.uchar)(unsafe.Pointer(&inCipher[0])) 175 | } else { 176 | sanInCipher = (*C.uchar)(unsafe.Pointer(nil)) 177 | } 178 | return int(C.wc_XChaCha20Poly1305_Decrypt((*C.uchar)(unsafe.Pointer(&outPlain[0])), C.size_t(len(outPlain)), 179 | sanInCipher, C.size_t(len(inCipher)), sanInAAD, C.size_t(len(inAAD)), 180 | (*C.uchar)(unsafe.Pointer(&inIv[0])), C.size_t(len(inIv)), 181 | (*C.uchar)(unsafe.Pointer(&inKey[0])), C.size_t(len(inKey)))) 182 | } 183 | -------------------------------------------------------------------------------- /curve25519.go: -------------------------------------------------------------------------------- 1 | /* curve25519.go 2 | * 3 | * Copyright (C) 2006-2024 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package wolfSSL 23 | 24 | // #include 25 | // #include 26 | // #include 27 | // #ifndef HAVE_CURVE25519 28 | // typedef struct curve25519_key {} curve25519_key; 29 | // #define EC25519_LITTLE_ENDIAN 1 30 | // int wc_curve25519_init(curve25519_key* key) { 31 | // return -174; 32 | // } 33 | // void wc_curve25519_free(curve25519_key* key) { 34 | // return; 35 | // } 36 | // int wc_curve25519_import_private(const byte* priv, word32 privSz, curve25519_key* key) { 37 | // return -174; 38 | // } 39 | // int wc_curve25519_import_public(const byte* in, word32 inLen, curve25519_key* key) { 40 | // return -174; 41 | // } 42 | // int wc_curve25519_export_private_raw(curve25519_key* key, byte* out, word32* outLen) { 43 | // return -174; 44 | // } 45 | // int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) { 46 | // return -174; 47 | // } 48 | // int wc_curve25519_make_priv(WC_RNG* rng, int keysize, byte* priv) { 49 | // return -174; 50 | // } 51 | // int wc_curve25519_make_pub(int public_size, byte* pub, int private_size, byte* priv) { 52 | // return -174; 53 | // } 54 | // int wc_curve25519_shared_secret_ex(curve25519_key* private_key, 55 | // curve25519_key* public_key, 56 | // byte* out, word32* outlen, int endian) { 57 | // return -174; 58 | // } 59 | // int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, 60 | // curve25519_key* key, int endian) { 61 | // return -174; 62 | // } 63 | // int wc_curve25519_import_public_ex(const byte* in, word32 inLen, 64 | // curve25519_key* key, int endian) { 65 | // return -174; 66 | // } 67 | // #endif 68 | import "C" 69 | import ( 70 | "unsafe" 71 | ) 72 | 73 | type Curve25519_key = C.struct_curve25519_key 74 | 75 | func Wc_curve25519_init(key *C.struct_curve25519_key) int { 76 | return int(C.wc_curve25519_init(key)) 77 | } 78 | 79 | func Wc_curve25519_free(key *C.struct_curve25519_key) { 80 | C.wc_curve25519_free(key) 81 | } 82 | 83 | func Wc_curve25519_make_key(rng *C.struct_WC_RNG, keySize int, key *C.struct_curve25519_key) int { 84 | return int(C.wc_curve25519_make_key(rng, C.int(keySize), key)) 85 | } 86 | 87 | func Wc_curve25519_make_pub(pub, priv []byte) int { 88 | return int(C.wc_curve25519_make_pub(C.int(len(pub)),(*C.uchar)(unsafe.Pointer(&pub[0])), 89 | C.int(len(priv)), (*C.uchar)(unsafe.Pointer(&priv[0])))) 90 | } 91 | 92 | func Wc_curve25519_make_priv(rng *C.struct_WC_RNG, priv []byte) int { 93 | return int(C.wc_curve25519_make_priv(rng, 94 | C.int(len(priv)), (*C.uchar)(unsafe.Pointer(&priv[0])))) 95 | } 96 | 97 | func Wc_curve25519_import_private(priv []byte, key *C.struct_curve25519_key) int { 98 | return int(C.wc_curve25519_import_private_ex((*C.uchar)(unsafe.Pointer(&priv[0])), 99 | C.word32(len(priv)), key, C.EC25519_LITTLE_ENDIAN)) 100 | } 101 | 102 | func Wc_curve25519_import_public(pub []byte, key *C.struct_curve25519_key) int { 103 | return int(C.wc_curve25519_import_public_ex((*C.uchar)(unsafe.Pointer(&pub[0])), 104 | C.word32(len(pub)), key, C.EC25519_LITTLE_ENDIAN)) 105 | } 106 | 107 | func Wc_curve25519_export_private_raw(key *C.struct_curve25519_key, priv []byte) int { 108 | outLen := len(priv) 109 | return int(C.wc_curve25519_export_private_raw(key, (*C.uchar)(unsafe.Pointer(&priv[0])), (*C.word32)(unsafe.Pointer(&outLen)))) 110 | } 111 | 112 | func Wc_curve25519_shared_secret(privKey, pubKey *C.struct_curve25519_key, out []byte) int { 113 | outLen := len(out) 114 | return int(C.wc_curve25519_shared_secret_ex(privKey, pubKey, (*C.uchar)(unsafe.Pointer(&out[0])), 115 | (*C.word32)(unsafe.Pointer(&outLen)), C.EC25519_LITTLE_ENDIAN)) 116 | } 117 | -------------------------------------------------------------------------------- /ecc.go: -------------------------------------------------------------------------------- 1 | /* ecc.go 2 | * 3 | * Copyright (C) 2006-2022 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package wolfSSL 23 | 24 | // #include 25 | // #include 26 | // #include 27 | // #include 28 | // #ifndef HAVE_ECC 29 | // #define ECC_MAX_SIG_SIZE 1 30 | // typedef struct ecc_key {} ecc_key; 31 | // int wc_ecc_init(ecc_key *key) { 32 | // return -174; 33 | // } 34 | // int wc_ecc_free(ecc_key *key) { 35 | // return -174; 36 | // } 37 | // int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key) { 38 | // return -174; 39 | // } 40 | // int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, 41 | // WC_RNG* rng, ecc_key* key) { 42 | // return -174; 43 | // } 44 | // int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, 45 | // word32 hashlen, int* res, ecc_key* key) { 46 | // return -174; 47 | // } 48 | // #endif 49 | import "C" 50 | import ( 51 | "unsafe" 52 | ) 53 | 54 | const ECC_MAX_SIG_SIZE = int(C.ECC_MAX_SIG_SIZE) 55 | 56 | type Ecc_key = C.struct_ecc_key 57 | 58 | const ECC_SECP256R1 = int(C.ECC_SECP256R1) 59 | 60 | func Wc_ecc_init(key *C.struct_ecc_key) int { 61 | return int(C.wc_ecc_init(key)) 62 | } 63 | 64 | func Wc_ecc_free(key *C.struct_ecc_key) int { 65 | return int(C.wc_ecc_free(key)) 66 | } 67 | 68 | func Wc_ecc_make_key(rng *C.struct_WC_RNG, keySize int, key *C.struct_ecc_key) int { 69 | return int(C.wc_ecc_make_key(rng, C.int(keySize), key)) 70 | } 71 | 72 | func Wc_ecc_make_pub_in_priv(key *C.struct_ecc_key) int { 73 | return int(C.wc_ecc_make_pub(key, nil)) 74 | } 75 | 76 | func Wc_ecc_set_rng(key *C.struct_ecc_key, rng *C.struct_WC_RNG) int { 77 | return int(C.wc_ecc_set_rng(key, rng)) 78 | } 79 | 80 | func Wc_ecc_export_private_only(key *C.struct_ecc_key, out []byte, outLen *int) int { 81 | cOutLen := C.word32(*outLen) 82 | ret := int(C.wc_ecc_export_private_only(key, (*C.byte)(unsafe.Pointer(&out[0])), &cOutLen)) 83 | *outLen = int(cOutLen) 84 | return ret 85 | } 86 | 87 | func Wc_ecc_export_x963_ex(key *C.struct_ecc_key, out []byte, outLen *int, compressed int) int { 88 | cOutLen := C.word32(*outLen) 89 | ret := int(C.wc_ecc_export_x963_ex(key, (*C.byte)(unsafe.Pointer(&out[0])), &cOutLen, C.int(compressed))) 90 | *outLen = int(cOutLen) 91 | return ret 92 | } 93 | 94 | func Wc_ecc_import_private_key_ex(priv []byte, privSz int, pub []byte, pubSz int, key *C.struct_ecc_key, curveId int) int { 95 | privPtr := (*C.byte)(unsafe.Pointer(&priv[0])) 96 | var pubPtr *C.byte 97 | 98 | if pubSz > 0 { 99 | pubPtr = (*C.byte)(unsafe.Pointer(&pub[0])) 100 | } 101 | 102 | return int(C.wc_ecc_import_private_key_ex(privPtr, C.word32(privSz), pubPtr, C.word32(pubSz), key, C.int(curveId))) 103 | } 104 | 105 | func Wc_ecc_import_x963_ex(pubKey []byte, pubSz int, key *C.struct_ecc_key, curveID int) int { 106 | return int(C.wc_ecc_import_x963_ex((*C.uchar)(unsafe.Pointer(&pubKey[0])), C.word32(pubSz), key, C.int(curveID))) 107 | } 108 | 109 | func Wc_ecc_sign_hash(in []byte, inLen int, out []byte, outLen *int, rng *C.struct_WC_RNG, key *C.struct_ecc_key) int { 110 | return int(C.wc_ecc_sign_hash((*C.uchar)(unsafe.Pointer(&in[0])), C.word32(inLen), 111 | (*C.uchar)(unsafe.Pointer(&out[0])), (*C.word32)(unsafe.Pointer(outLen)), rng, key)) 112 | } 113 | 114 | func Wc_ecc_verify_hash(sig []byte, sigLen int, hash []byte, hashLen int, res *int, key *C.struct_ecc_key) int { 115 | return int(C.wc_ecc_verify_hash((*C.uchar)(unsafe.Pointer(&sig[0])), C.word32(sigLen), 116 | (*C.uchar)(unsafe.Pointer(&hash[0])), C.word32(sigLen), (*C.int)(unsafe.Pointer(res)), key)) 117 | } 118 | 119 | func Wc_ecc_shared_secret(privKey, pubKey *C.struct_ecc_key, out []byte, outLen *int) int { 120 | cOutLen := C.word32(*outLen) 121 | ret := int(C.wc_ecc_shared_secret(privKey, pubKey, (*C.uchar)(unsafe.Pointer(&out[0])), &cOutLen)) 122 | *outLen = int(cOutLen) 123 | return ret 124 | } 125 | -------------------------------------------------------------------------------- /examples/README.md: -------------------------------------------------------------------------------- 1 | ## Building the TLS Server/Client example 2 | 3 | A simple TLS 1.2 server/client demonstration. The example `.go` files are located in the `client` and `server` directories. 4 | 5 | To build the server, run : 6 | ``` 7 | go build server.go 8 | ``` 9 | 10 | To build the client, run : 11 | ``` 12 | go build client.go 13 | ``` 14 | 15 | **NOTE**: Make sure to run both the server and client from within their directories or change the certificate and key paths in the code so that the files are found. 16 | 17 | ## Building the DTLS Server/Client example 18 | 19 | A simple DTLS 1.2 server/client demonstration. The example `.go` files are located in the `client` and `server` directories. 20 | 21 | To build the server, run : 22 | ``` 23 | go build server-dtls.go 24 | ``` 25 | 26 | To build the client, run : 27 | ``` 28 | go build client-dtls.go 29 | ``` 30 | 31 | ## Building the PSK TLS Server/Client example 32 | 33 | A simple TLS 1.3 PSK server/client demonstration. The example `.go` files are located in the `client` and `server` directories. 34 | 35 | To build the server, run : 36 | ``` 37 | go build server-psk.go 38 | ``` 39 | 40 | To build the client, run : 41 | ``` 42 | go build client-psk.go 43 | ``` 44 | 45 | 46 | ## Building the AES encryption example 47 | 48 | An application using wolfCrypt AES to encrypt/decrypt files. Located in `aes-encypt` directory. 49 | 50 | To build the app, run : 51 | ``` 52 | go build aes-encypt.go 53 | ``` 54 | 55 | The usage is as shown below. 56 | ``` 57 | ./aes-encrypt 58 | ``` 59 | 60 | ## Building the hash example 61 | 62 | An application to hash input files with the chosen algorithm. Located in `hash` directory. 63 | 64 | To build the app, run : 65 | ``` 66 | go build fileHash.go 67 | ``` 68 | 69 | The usage is as shown below. 70 | ``` 71 | ./hash 72 | ``` 73 | 74 | ## Building the ecc sign/verify example 75 | 76 | An application that tests ecc sign/verify on a sha512 hash with different key sizes. Located in `ecc-sign-verify` directory. 77 | 78 | To build the app, run : 79 | ``` 80 | go build ecc-sign-verify.go 81 | ``` 82 | 83 | -------------------------------------------------------------------------------- /examples/aes-encrypt/aes-encrypt.go: -------------------------------------------------------------------------------- 1 | /* aes-encrypt.go 2 | * 3 | * Copyright (C) 2006-2022 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package main 23 | 24 | import ( 25 | "os" 26 | "fmt" 27 | "golang.org/x/term" 28 | "strconv" 29 | wolfSSL "github.com/wolfssl/go-wolfssl" 30 | ) 31 | 32 | const SALT_SIZE = 8 33 | 34 | func sizeCheck(size *int) { 35 | if *size == 128 { 36 | *size = wolfSSL.AES_128_KEY_SIZE 37 | } else if *size == 192 { 38 | *size = wolfSSL.AES_192_KEY_SIZE 39 | } else if *size == 256 { 40 | *size = wolfSSL.AES_256_KEY_SIZE 41 | } else { 42 | fmt.Println("Invalid AES key size. Use 128, 192 or 256") 43 | os.Exit(1) 44 | } 45 | } 46 | 47 | func getPass() []byte { 48 | 49 | fmt.Printf("Enter password: ") 50 | 51 | stdin := int(os.Stdin.Fd()) 52 | pass, err := term.ReadPassword(stdin) 53 | if err != nil { 54 | println(err.Error()) 55 | os.Exit(1) 56 | } 57 | 58 | fmt.Println() 59 | 60 | return pass 61 | } 62 | 63 | func AesEncrypt(aes wolfSSL.Aes, inFile string, outFile string, size int) { 64 | var rng wolfSSL.WC_RNG 65 | var input []byte 66 | var output []byte 67 | var iv []byte = make([]byte, wolfSSL.AES_BLOCK_SIZE) 68 | var salt []byte = make([]byte, SALT_SIZE) 69 | 70 | var length int 71 | var inputLength int 72 | var padCounter int = 0 73 | var i int 74 | 75 | key := getPass() 76 | 77 | readIn, err := os.ReadFile(inFile) 78 | if err != nil { 79 | println(err.Error()) 80 | os.Exit(1) 81 | } 82 | 83 | inputLength = len(readIn) 84 | length = inputLength 85 | i = inputLength 86 | 87 | for length % wolfSSL.AES_BLOCK_SIZE != 0 { 88 | length++ 89 | padCounter++ 90 | } 91 | 92 | input = make([]byte, length) 93 | output = make([]byte, length) 94 | copy(input[0:length-padCounter], readIn[:]) 95 | 96 | for i < length { 97 | input[i] = byte(padCounter) 98 | i++ 99 | } 100 | 101 | ret := wolfSSL.Wc_InitRng(&rng) 102 | if ret != 0 { 103 | fmt.Println("Failed to initialize RNG") 104 | os.Exit(1) 105 | } 106 | 107 | ret = wolfSSL.Wc_RNG_GenerateBlock(&rng, iv, wolfSSL.AES_BLOCK_SIZE) 108 | if ret != 0 { 109 | fmt.Println("Failed to generate RNG block") 110 | os.Exit(1) 111 | } 112 | 113 | ret = wolfSSL.Wc_RNG_GenerateBlock(&rng, salt, SALT_SIZE) 114 | if ret != 0 { 115 | fmt.Println("Failed to generate RNG block") 116 | os.Exit(1) 117 | } 118 | 119 | if padCounter == 0 { 120 | salt[0] = 0 121 | } else if salt[0] == 0 { 122 | salt[0] = 1 123 | } 124 | 125 | ret = wolfSSL.Wc_PBKDF2(key, key, len(key), salt, SALT_SIZE, 4096, size, wolfSSL.WC_SHA256) 126 | if ret != 0 { 127 | fmt.Println("Failed to stretch key") 128 | os.Exit(1) 129 | } 130 | 131 | ret = wolfSSL.Wc_AesSetKey(&aes, key, size, iv, wolfSSL.AES_ENCRYPTION) 132 | if ret != 0 { 133 | fmt.Println("Failed to set AES key", ret) 134 | os.Exit(1) 135 | } 136 | 137 | ret = wolfSSL.Wc_AesCbcEncrypt(&aes, output, input, length) 138 | if ret != 0 { 139 | fmt.Println("Failed AES encrypt") 140 | os.Exit(1) 141 | } 142 | 143 | out, err := os.Create(outFile) 144 | if err != nil { 145 | println(err.Error()) 146 | os.Exit(1) 147 | } 148 | 149 | _, err = out.Write(salt[0:SALT_SIZE]) 150 | _, err = out.Write(iv[0:wolfSSL.AES_BLOCK_SIZE]) 151 | _, err = out.Write(output[0:length]) 152 | if err != nil { 153 | println(err.Error()) 154 | } 155 | 156 | ret = wolfSSL.Wc_FreeRng(&rng) 157 | if ret != 0 { 158 | fmt.Println("Failed to free RNG") 159 | os.Exit(1) 160 | } 161 | } 162 | 163 | func AesDecrypt(aes wolfSSL.Aes, inFile string, outFile string, size int) { 164 | var rng wolfSSL.WC_RNG 165 | var output []byte 166 | var iv []byte = make([]byte, wolfSSL.AES_BLOCK_SIZE) 167 | var salt []byte = make([]byte, SALT_SIZE) 168 | 169 | var length int 170 | var inputLength int 171 | var i int = 0 172 | 173 | input, err := os.ReadFile(inFile) 174 | if err != nil { 175 | println(err.Error()) 176 | os.Exit(1) 177 | } 178 | 179 | inputLength = len(input) 180 | length = inputLength 181 | 182 | output = make([]byte, length) 183 | 184 | key := getPass() 185 | 186 | for i < SALT_SIZE { 187 | salt[i] = input[i] 188 | i++ 189 | } 190 | 191 | i = SALT_SIZE 192 | for i < (wolfSSL.AES_BLOCK_SIZE + SALT_SIZE) { 193 | iv[i - SALT_SIZE] = input[i] 194 | i++ 195 | } 196 | 197 | ret := wolfSSL.Wc_InitRng(&rng) 198 | if ret != 0 { 199 | fmt.Println("Failed to initialize RNG") 200 | os.Exit(1) 201 | } 202 | 203 | ret = wolfSSL.Wc_PBKDF2(key, key, len(key), salt, SALT_SIZE, 4096, size, wolfSSL.WC_SHA256) 204 | if ret != 0 { 205 | fmt.Println("Failed to stretch key") 206 | os.Exit(1) 207 | } 208 | 209 | ret = wolfSSL.Wc_AesSetKey(&aes, key, size, iv, wolfSSL.AES_DECRYPTION) 210 | if ret != 0 { 211 | fmt.Println("Failed to set AES key", ret) 212 | os.Exit(1) 213 | } 214 | 215 | length -= (wolfSSL.AES_BLOCK_SIZE + SALT_SIZE) 216 | 217 | i = 0 218 | for i < length { 219 | input[i] = input[i + (SALT_SIZE + wolfSSL.AES_BLOCK_SIZE)] 220 | i++ 221 | } 222 | 223 | ret = wolfSSL.Wc_AesCbcDecrypt(&aes, output, input, length) 224 | if ret != 0 { 225 | fmt.Println("Failed AES encrypt",ret) 226 | os.Exit(1) 227 | } 228 | 229 | out, err := os.Create(outFile) 230 | if err != nil { 231 | println(err.Error()) 232 | os.Exit(1) 233 | } 234 | 235 | _, err = out.Write(output[0:length]) 236 | if err != nil { 237 | println(err.Error()) 238 | } 239 | 240 | ret = wolfSSL.Wc_FreeRng(&rng) 241 | if ret != 0 { 242 | fmt.Println("Failed to free RNG") 243 | os.Exit(1) 244 | } 245 | } 246 | 247 | func main() { 248 | /* Ensure file and keySize are given as args */ 249 | if len(os.Args) != 5 { 250 | fmt.Println("Usage: ./aes-encrypt "); 251 | os.Exit(1) 252 | } 253 | 254 | var aes wolfSSL.Aes 255 | 256 | inFile := os.Args[1] 257 | outFile := os.Args[2] 258 | operation := os.Args[3] 259 | size, _ := strconv.Atoi(os.Args[4]) 260 | 261 | sizeCheck(&size) 262 | 263 | wolfSSL.Wc_AesInit(&aes, nil, wolfSSL.INVALID_DEVID) 264 | 265 | if operation == "enc" { 266 | AesEncrypt(aes, inFile, outFile, size) 267 | } else if operation == "dec" { 268 | AesDecrypt(aes, inFile, outFile, size) 269 | } else { 270 | fmt.Println("Invalid operation. Please use enc or dec."); 271 | fmt.Println("Usage: ./aesEncrypt "); 272 | } 273 | 274 | wolfSSL.Wc_AesFree(&aes) 275 | } 276 | -------------------------------------------------------------------------------- /examples/certs/ca-cert.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 5 | 26:8c:93:f9:f9:f4:1e:b3:01:72:94:55:67:6d:e2:f8:3d:da:e9:f4 6 | Signature Algorithm: sha256WithRSAEncryption 7 | Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com 8 | Validity 9 | Not Before: Feb 15 12:50:24 2022 GMT 10 | Not After : Nov 11 12:50:24 2024 GMT 11 | Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com 12 | Subject Public Key Info: 13 | Public Key Algorithm: rsaEncryption 14 | RSA Public-Key: (2048 bit) 15 | Modulus: 16 | 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: 17 | f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: 18 | de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: 19 | 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: 20 | 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: 21 | 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: 22 | a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: 23 | a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: 24 | 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: 25 | 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: 26 | 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: 27 | 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: 28 | de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: 29 | cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: 30 | b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: 31 | 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: 32 | ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: 33 | 36:79 34 | Exponent: 65537 (0x10001) 35 | X509v3 extensions: 36 | X509v3 Subject Key Identifier: 37 | 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 38 | X509v3 Authority Key Identifier: 39 | keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 40 | DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com 41 | serial:26:8C:93:F9:F9:F4:1E:B3:01:72:94:55:67:6D:E2:F8:3D:DA:E9:F4 42 | 43 | X509v3 Basic Constraints: 44 | CA:TRUE 45 | X509v3 Subject Alternative Name: 46 | DNS:example.com, IP Address:127.0.0.1 47 | X509v3 Extended Key Usage: 48 | TLS Web Server Authentication, TLS Web Client Authentication 49 | Signature Algorithm: sha256WithRSAEncryption 50 | 62:e4:1b:28:3c:9d:d2:60:a9:55:be:6a:f6:20:f2:da:e8:a1: 51 | 1a:97:b1:90:77:82:ed:c7:77:29:53:33:18:10:62:e0:bd:93: 52 | 1b:d2:d6:a1:80:43:1d:64:f1:42:92:ec:b7:b8:f0:6b:da:59: 53 | 83:f4:b8:87:e6:fc:70:21:ea:62:32:70:68:14:0e:dc:b4:f1: 54 | 66:e2:6e:ab:d2:72:6f:da:df:71:f6:3d:27:97:7d:be:e1:d1: 55 | ac:16:ad:d7:4f:aa:9d:0c:1e:6e:a9:5e:7d:57:5b:3c:c7:6d: 56 | d2:f2:5c:c3:dc:3d:36:99:8e:ab:c0:7f:13:a5:f4:67:8b:e2: 57 | a6:51:31:f1:03:91:00:a8:c4:c5:1d:7f:35:62:b8:1d:a0:a5: 58 | ab:ec:32:68:ee:f3:ca:48:16:9f:f4:1e:7e:ea:fa:b0:86:15: 59 | 52:36:6c:4b:58:44:a7:eb:20:78:6e:7e:e8:00:40:ac:98:d8: 60 | 53:f3:13:4b:b8:98:66:50:63:ed:af:e5:a4:f6:c9:90:1c:84: 61 | 0a:09:45:2f:a1:e1:37:63:b5:43:8c:a0:2e:7f:c4:d4:e1:ae: 62 | b7:b9:45:13:f8:70:d5:79:06:4f:82:83:4b:98:d7:56:47:64: 63 | 9a:6a:6d:8e:7a:9d:ef:83:0f:6b:75:0e:47:22:92:f3:b4:b2: 64 | 84:61:1f:1c 65 | -----BEGIN CERTIFICATE----- 66 | MIIE/zCCA+egAwIBAgIUJoyT+fn0HrMBcpRVZ23i+D3a6fQwDQYJKoZIhvcNAQEL 67 | BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC 68 | b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY 69 | MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv 70 | bGZzc2wuY29tMB4XDTIyMDIxNTEyNTAyNFoXDTI0MTExMTEyNTAyNFowgZQxCzAJ 71 | BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw 72 | DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP 73 | d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t 74 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ry 75 | TXUQ8bY1n9/KfQOY06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQ 76 | u2lSEAMvqPOVxfGLYlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkc 77 | rMft8nyVsJWCfUlcOM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfa 78 | QG/YIdxzG0ItU5z+Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+j 79 | JtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02 80 | eQIDAQABo4IBRTCCAUEwHQYDVR0OBBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHU 81 | BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD 82 | VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G 83 | A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 84 | dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU 85 | JoyT+fn0HrMBcpRVZ23i+D3a6fQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl 86 | eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw 87 | DQYJKoZIhvcNAQELBQADggEBAGLkGyg8ndJgqVW+avYg8trooRqXsZB3gu3HdylT 88 | MxgQYuC9kxvS1qGAQx1k8UKS7Le48GvaWYP0uIfm/HAh6mIycGgUDty08WbibqvS 89 | cm/a33H2PSeXfb7h0awWrddPqp0MHm6pXn1XWzzHbdLyXMPcPTaZjqvAfxOl9GeL 90 | 4qZRMfEDkQCoxMUdfzViuB2gpavsMmju88pIFp/0Hn7q+rCGFVI2bEtYRKfrIHhu 91 | fugAQKyY2FPzE0u4mGZQY+2v5aT2yZAchAoJRS+h4TdjtUOMoC5/xNThrre5RRP4 92 | cNV5Bk+Cg0uY11ZHZJpqbY56ne+DD2t1DkcikvO0soRhHxw= 93 | -----END CERTIFICATE----- 94 | -------------------------------------------------------------------------------- /examples/certs/server-cert.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 1 (0x1) 5 | Signature Algorithm: sha256WithRSAEncryption 6 | Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com 7 | Validity 8 | Not Before: Feb 15 12:50:24 2022 GMT 9 | Not After : Nov 11 12:50:24 2024 GMT 10 | Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = Support, CN = www.wolfssl.com, emailAddress = info@wolfssl.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | RSA Public-Key: (2048 bit) 14 | Modulus: 15 | 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: 16 | 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: 17 | f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: 18 | f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: 19 | 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: 20 | 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: 21 | 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: 22 | 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: 23 | 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: 24 | 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: 25 | dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: 26 | e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: 27 | 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: 28 | c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: 29 | ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: 30 | b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: 31 | a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: 32 | ad:d7 33 | Exponent: 65537 (0x10001) 34 | X509v3 extensions: 35 | X509v3 Subject Key Identifier: 36 | B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C 37 | X509v3 Authority Key Identifier: 38 | keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 39 | DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com 40 | serial:26:8C:93:F9:F9:F4:1E:B3:01:72:94:55:67:6D:E2:F8:3D:DA:E9:F4 41 | 42 | X509v3 Basic Constraints: 43 | CA:TRUE 44 | X509v3 Subject Alternative Name: 45 | DNS:example.com, IP Address:127.0.0.1 46 | X509v3 Extended Key Usage: 47 | TLS Web Server Authentication, TLS Web Client Authentication 48 | Signature Algorithm: sha256WithRSAEncryption 49 | 4b:88:54:a8:57:f0:62:4d:b3:c5:8c:d2:02:0a:89:19:45:63: 50 | 8e:37:5c:a9:f7:8c:c5:7c:9d:19:b4:5d:b6:a4:29:4d:97:da: 51 | 6e:3c:27:ec:02:5c:fb:e2:93:6f:b6:1a:dc:5e:25:1f:be:ab: 52 | 6f:37:ff:d6:98:67:7c:f7:53:84:3b:e6:f7:22:ef:52:b0:8f: 53 | 9d:4e:2f:41:2a:7d:2f:f8:02:1e:f5:cd:9a:b2:68:68:d6:ef: 54 | ed:6a:96:a0:84:6f:0c:5e:7b:44:f9:6f:d0:00:6f:dd:83:6a: 55 | d9:d9:17:9d:32:9a:ea:4b:87:f9:12:45:3e:b8:de:20:fe:f4: 56 | b8:3f:f4:99:61:a6:2b:97:1b:7c:a0:90:cf:e9:3b:cd:94:ce: 57 | 85:df:fb:6a:2b:67:5b:8c:28:de:e6:0b:4b:68:5b:b3:4a:3e: 58 | 10:3b:0c:d8:c8:f1:3e:3d:cc:2f:16:76:24:43:b6:3b:fd:cf: 59 | 2f:07:0f:15:31:59:5e:cd:84:a9:82:05:1f:0c:97:56:5d:90: 60 | 49:bd:84:47:ec:07:b9:cf:fa:a0:56:9b:ae:e2:a9:96:b2:62: 61 | 02:4a:fa:42:d5:23:dc:1c:6b:5c:41:3d:f2:73:e8:ed:32:93: 62 | cc:f7:02:5a:b4:be:84:ca:73:26:9f:03:2c:b3:74:96:20:7e: 63 | 12:ea:e5:ef 64 | -----BEGIN CERTIFICATE----- 65 | MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx 66 | EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh 67 | d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz 68 | bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjIwMjE1 69 | MTI1MDI0WhcNMjQxMTExMTI1MDI0WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM 70 | B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO 71 | BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG 72 | SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP 73 | ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn 74 | f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X 75 | GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM 76 | QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq 77 | 0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ 78 | 6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW 79 | BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t 80 | M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh 81 | bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL 82 | DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG 83 | 9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFCaMk/n59B6zAXKUVWdt4vg92un0MAwG 84 | A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l 85 | BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBLiFSo 86 | V/BiTbPFjNICCokZRWOON1yp94zFfJ0ZtF22pClNl9puPCfsAlz74pNvthrcXiUf 87 | vqtvN//WmGd891OEO+b3Iu9SsI+dTi9BKn0v+AIe9c2asmho1u/tapaghG8MXntE 88 | +W/QAG/dg2rZ2RedMprqS4f5EkU+uN4g/vS4P/SZYaYrlxt8oJDP6TvNlM6F3/tq 89 | K2dbjCje5gtLaFuzSj4QOwzYyPE+PcwvFnYkQ7Y7/c8vBw8VMVlezYSpggUfDJdW 90 | XZBJvYRH7Ae5z/qgVpuu4qmWsmICSvpC1SPcHGtcQT3yc+jtMpPM9wJatL6EynMm 91 | nwMss3SWIH4S6uXv 92 | -----END CERTIFICATE----- 93 | Certificate: 94 | Data: 95 | Version: 3 (0x2) 96 | Serial Number: 97 | 26:8c:93:f9:f9:f4:1e:b3:01:72:94:55:67:6d:e2:f8:3d:da:e9:f4 98 | Signature Algorithm: sha256WithRSAEncryption 99 | Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com 100 | Validity 101 | Not Before: Feb 15 12:50:24 2022 GMT 102 | Not After : Nov 11 12:50:24 2024 GMT 103 | Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com 104 | Subject Public Key Info: 105 | Public Key Algorithm: rsaEncryption 106 | RSA Public-Key: (2048 bit) 107 | Modulus: 108 | 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: 109 | f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: 110 | de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: 111 | 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: 112 | 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: 113 | 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: 114 | a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: 115 | a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: 116 | 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: 117 | 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: 118 | 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: 119 | 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: 120 | de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: 121 | cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: 122 | b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: 123 | 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: 124 | ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: 125 | 36:79 126 | Exponent: 65537 (0x10001) 127 | X509v3 extensions: 128 | X509v3 Subject Key Identifier: 129 | 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 130 | X509v3 Authority Key Identifier: 131 | keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 132 | DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com 133 | serial:26:8C:93:F9:F9:F4:1E:B3:01:72:94:55:67:6D:E2:F8:3D:DA:E9:F4 134 | 135 | X509v3 Basic Constraints: 136 | CA:TRUE 137 | X509v3 Subject Alternative Name: 138 | DNS:example.com, IP Address:127.0.0.1 139 | X509v3 Extended Key Usage: 140 | TLS Web Server Authentication, TLS Web Client Authentication 141 | Signature Algorithm: sha256WithRSAEncryption 142 | 62:e4:1b:28:3c:9d:d2:60:a9:55:be:6a:f6:20:f2:da:e8:a1: 143 | 1a:97:b1:90:77:82:ed:c7:77:29:53:33:18:10:62:e0:bd:93: 144 | 1b:d2:d6:a1:80:43:1d:64:f1:42:92:ec:b7:b8:f0:6b:da:59: 145 | 83:f4:b8:87:e6:fc:70:21:ea:62:32:70:68:14:0e:dc:b4:f1: 146 | 66:e2:6e:ab:d2:72:6f:da:df:71:f6:3d:27:97:7d:be:e1:d1: 147 | ac:16:ad:d7:4f:aa:9d:0c:1e:6e:a9:5e:7d:57:5b:3c:c7:6d: 148 | d2:f2:5c:c3:dc:3d:36:99:8e:ab:c0:7f:13:a5:f4:67:8b:e2: 149 | a6:51:31:f1:03:91:00:a8:c4:c5:1d:7f:35:62:b8:1d:a0:a5: 150 | ab:ec:32:68:ee:f3:ca:48:16:9f:f4:1e:7e:ea:fa:b0:86:15: 151 | 52:36:6c:4b:58:44:a7:eb:20:78:6e:7e:e8:00:40:ac:98:d8: 152 | 53:f3:13:4b:b8:98:66:50:63:ed:af:e5:a4:f6:c9:90:1c:84: 153 | 0a:09:45:2f:a1:e1:37:63:b5:43:8c:a0:2e:7f:c4:d4:e1:ae: 154 | b7:b9:45:13:f8:70:d5:79:06:4f:82:83:4b:98:d7:56:47:64: 155 | 9a:6a:6d:8e:7a:9d:ef:83:0f:6b:75:0e:47:22:92:f3:b4:b2: 156 | 84:61:1f:1c 157 | -----BEGIN CERTIFICATE----- 158 | MIIE/zCCA+egAwIBAgIUJoyT+fn0HrMBcpRVZ23i+D3a6fQwDQYJKoZIhvcNAQEL 159 | BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC 160 | b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY 161 | MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv 162 | bGZzc2wuY29tMB4XDTIyMDIxNTEyNTAyNFoXDTI0MTExMTEyNTAyNFowgZQxCzAJ 163 | BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw 164 | DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP 165 | d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t 166 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ry 167 | TXUQ8bY1n9/KfQOY06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQ 168 | u2lSEAMvqPOVxfGLYlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkc 169 | rMft8nyVsJWCfUlcOM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfa 170 | QG/YIdxzG0ItU5z+Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+j 171 | JtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02 172 | eQIDAQABo4IBRTCCAUEwHQYDVR0OBBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHU 173 | BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD 174 | VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G 175 | A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 176 | dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU 177 | JoyT+fn0HrMBcpRVZ23i+D3a6fQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl 178 | eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw 179 | DQYJKoZIhvcNAQELBQADggEBAGLkGyg8ndJgqVW+avYg8trooRqXsZB3gu3HdylT 180 | MxgQYuC9kxvS1qGAQx1k8UKS7Le48GvaWYP0uIfm/HAh6mIycGgUDty08WbibqvS 181 | cm/a33H2PSeXfb7h0awWrddPqp0MHm6pXn1XWzzHbdLyXMPcPTaZjqvAfxOl9GeL 182 | 4qZRMfEDkQCoxMUdfzViuB2gpavsMmju88pIFp/0Hn7q+rCGFVI2bEtYRKfrIHhu 183 | fugAQKyY2FPzE0u4mGZQY+2v5aT2yZAchAoJRS+h4TdjtUOMoC5/xNThrre5RRP4 184 | cNV5Bk+Cg0uY11ZHZJpqbY56ne+DD2t1DkcikvO0soRhHxw= 185 | -----END CERTIFICATE----- 186 | -------------------------------------------------------------------------------- /examples/certs/server-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7 3 | qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf 4 | P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj 5 | xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk 6 | wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC 7 | Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv 8 | n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd 9 | x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y 10 | oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz 11 | 0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB 12 | QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD 13 | LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8 14 | ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8 15 | yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT 16 | 3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N 17 | zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB 18 | hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv 19 | VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB 20 | qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf 21 | H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza 22 | 1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ 23 | c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe 24 | 9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY 25 | dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n 26 | WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /examples/client/client-dtls.go: -------------------------------------------------------------------------------- 1 | /* client-dtls.go 2 | * 3 | * Copyright (C) 2006-2023 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package main 23 | 24 | import ( 25 | "net" 26 | "os" 27 | "fmt" 28 | "strconv" 29 | wolfSSL "github.com/wolfssl/go-wolfssl" 30 | ) 31 | 32 | /* Connection configuration constants */ 33 | const ( 34 | CONN_HOST = "127.0.0.1" 35 | CONN_PORT = "11111" 36 | CONN_TYPE = "udp4" 37 | ) 38 | 39 | func main() { 40 | /* Client Certificate path */ 41 | CERT_FILE := "../certs/ca-cert.pem" 42 | 43 | /* Initialize wolfSSL */ 44 | wolfSSL.WolfSSL_Init() 45 | 46 | /* Create WOLFSSL_CTX with Dtls v1.2 */ 47 | ctx := wolfSSL.WolfSSL_CTX_new(wolfSSL.WolfDTLSv1_2_client_method()) 48 | if ctx == nil { 49 | fmt.Println(" CTX new Failed"); 50 | os.Exit(1) 51 | } 52 | 53 | /* Load client certificate into WOLFSSL_CTX */ 54 | ret := wolfSSL.WolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, nil) 55 | if ret != wolfSSL.WOLFSSL_SUCCESS { 56 | fmt.Println("Failed to load ", CERT_FILE); 57 | os.Exit(1) 58 | } 59 | 60 | /* Create a WOLFSSL object */ 61 | ssl := wolfSSL.WolfSSL_new(ctx) 62 | if ssl == nil { 63 | fmt.Println(" wolfSSL_new failed"); 64 | os.Exit(1) 65 | } 66 | 67 | /* Get address of TCP end point */ 68 | tcpAddr, err := net.ResolveUDPAddr(CONN_TYPE, CONN_HOST+":"+CONN_PORT) 69 | if err != nil { 70 | println("ResolveTCPAddr failed:", err.Error()) 71 | os.Exit(1) 72 | } 73 | 74 | /* Dial the recieved TCP address */ 75 | conn, err := net.DialUDP(CONN_TYPE, nil, tcpAddr) 76 | if err != nil { 77 | println("Dial failed:", err.Error()) 78 | os.Exit(1) 79 | } 80 | 81 | port, err := strconv.Atoi(CONN_PORT) 82 | if err != nil { 83 | println("strconv failed:", err.Error()) 84 | os.Exit(1) 85 | } 86 | 87 | /* Create and set the DTLS peer */ 88 | addr := wolfSSL.WolfSSL_dtls_create_peer(port, CONN_HOST); 89 | wolfSSL.WolfSSL_dtls_set_peer(ssl, addr, 16) 90 | 91 | /* Retrieve file descriptor from net.*TCPConn type */ 92 | file,err := conn.File() 93 | fd := file.Fd() 94 | wolfSSL.WolfSSL_set_fd(ssl, int(fd)) 95 | 96 | /* Connect to wolfSSL on the server side */ 97 | ret = wolfSSL.WolfSSL_connect(ssl); 98 | if ret != wolfSSL.WOLFSSL_SUCCESS { 99 | fmt.Println(" wolfSSL_connect error ", ret); 100 | os.Exit(1) 101 | } else { 102 | fmt.Println("Succesfully Connected!"); 103 | } 104 | 105 | /* Create the message and send to server */ 106 | message := []byte("Can you hear me?") 107 | sz := uintptr(len(message)) 108 | 109 | ret = wolfSSL.WolfSSL_write(ssl, message, sz) 110 | if uintptr(ret) != sz { 111 | fmt.Println(" wolfSSL_write failed "); 112 | os.Exit(1) 113 | } 114 | 115 | 116 | /* Recieve then print the message from server */ 117 | buf := make([]byte, 256) 118 | ret = wolfSSL.WolfSSL_read(ssl, buf, 256) 119 | if ret == -1 { 120 | fmt.Println(" wolfSSL_read failed "); 121 | } else { 122 | fmt.Println("Server says : ", string(buf)); 123 | } 124 | 125 | /* Shutdown wolfSSL */ 126 | wolfSSL.WolfSSL_shutdown(ssl) 127 | /* Free allocated DTLS peer */ 128 | wolfSSL.WolfSSL_set_fd(ssl, int(fd)) 129 | /* Free wolfSSL and wolfSSL_CTX objects */ 130 | wolfSSL.WolfSSL_free(ssl) 131 | wolfSSL.WolfSSL_CTX_free(ctx) 132 | /* Cleanup the wolfSSL environment */ 133 | wolfSSL.WolfSSL_Cleanup() 134 | 135 | /* Close the connection */ 136 | conn.Close() 137 | } 138 | -------------------------------------------------------------------------------- /examples/client/client-psk.go: -------------------------------------------------------------------------------- 1 | /* client-psk.go 2 | * 3 | * Copyright (C) 2006-2023 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package main 23 | 24 | //#cgo CFLAGS: -g -Wall -I/usr/include 25 | //#include 26 | //#include 27 | //#include 28 | //#define PSK_KEY_LEN 4 29 | //unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint, 30 | // char* identity, unsigned int id_max_len, unsigned char* key, 31 | // unsigned int key_max_len) 32 | //{ 33 | // (void)ssl; 34 | // (void)hint; 35 | // (void)key_max_len; 36 | // 37 | // strncpy(identity, "Client_identity", id_max_len); 38 | // 39 | // key[0] = 26; 40 | // key[1] = 43; 41 | // key[2] = 60; 42 | // key[3] = 77; 43 | // 44 | // return PSK_KEY_LEN; 45 | //} 46 | import "C" 47 | import ( 48 | "net" 49 | "os" 50 | "fmt" 51 | wolfSSL "github.com/wolfssl/go-wolfssl" 52 | ) 53 | 54 | /* Connection configuration constants */ 55 | const ( 56 | CONN_HOST = "localhost" 57 | CONN_PORT = "11111" 58 | CONN_TYPE = "tcp" 59 | ) 60 | 61 | func main() { 62 | /* Initialize wolfSSL */ 63 | wolfSSL.WolfSSL_Init() 64 | 65 | /* Create WOLFSSL_CTX with tlsv12 */ 66 | ctx := wolfSSL.WolfSSL_CTX_new(wolfSSL.WolfTLSv1_3_client_method()) 67 | if ctx == nil { 68 | fmt.Println(" CTX new Failed"); 69 | os.Exit(1) 70 | } 71 | 72 | wolfSSL.WolfSSL_CTX_set_psk_client_callback(ctx, C.my_psk_client_cb); 73 | 74 | /* Create a WOLFSSL object */ 75 | ssl := wolfSSL.WolfSSL_new(ctx) 76 | if ssl == nil { 77 | fmt.Println(" wolfSSL_new failed"); 78 | os.Exit(1) 79 | } 80 | 81 | /* Get address of TCP end point */ 82 | tcpAddr, err := net.ResolveTCPAddr(CONN_TYPE, CONN_HOST+":"+CONN_PORT) 83 | if err != nil { 84 | println("ResolveTCPAddr failed:", err.Error()) 85 | os.Exit(1) 86 | } 87 | 88 | /* Dial the recieved TCP address */ 89 | conn, err := net.DialTCP(CONN_TYPE, nil, tcpAddr) 90 | if err != nil { 91 | println("Dial failed:", err.Error()) 92 | os.Exit(1) 93 | } 94 | 95 | /* Retrieve file descriptor from net.*TCPConn type */ 96 | file,err := conn.File() 97 | fd := file.Fd() 98 | wolfSSL.WolfSSL_set_fd(ssl, int(fd)) 99 | 100 | /* Connect to wolfSSL on the server side */ 101 | ret := wolfSSL.WolfSSL_connect(ssl); 102 | if ret != wolfSSL.WOLFSSL_SUCCESS { 103 | fmt.Println(" wolfSSL_connect error ", ret); 104 | os.Exit(1) 105 | } else { 106 | fmt.Println("Succesfully Connected!"); 107 | } 108 | 109 | /* Create the message and send to server */ 110 | message := []byte("Can you hear me?") 111 | sz := uintptr(len(message)) 112 | 113 | ret = wolfSSL.WolfSSL_write(ssl, message, sz) 114 | if uintptr(ret) != sz { 115 | fmt.Println(" wolfSSL_write failed "); 116 | os.Exit(1) 117 | } 118 | 119 | 120 | /* Recieve then print the message from server */ 121 | buf := make([]byte, 256) 122 | ret = wolfSSL.WolfSSL_read(ssl, buf, 256) 123 | if ret == -1 { 124 | fmt.Println(" wolfSSL_read failed "); 125 | } else { 126 | fmt.Println("Server says : ", string(buf)); 127 | } 128 | 129 | /* Shutdown wolfSSL */ 130 | wolfSSL.WolfSSL_shutdown(ssl) 131 | /* Free wolfSSL and wolfSSL_CTX objects */ 132 | wolfSSL.WolfSSL_free(ssl) 133 | wolfSSL.WolfSSL_CTX_free(ctx) 134 | /* Cleanup the wolfSSL environment */ 135 | wolfSSL.WolfSSL_Cleanup() 136 | 137 | /* Close the connection */ 138 | conn.Close() 139 | } 140 | -------------------------------------------------------------------------------- /examples/client/client.go: -------------------------------------------------------------------------------- 1 | /* client.go 2 | * 3 | * Copyright (C) 2006-2022 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package main 23 | 24 | import ( 25 | "net" 26 | "os" 27 | "fmt" 28 | wolfSSL "github.com/wolfssl/go-wolfssl" 29 | ) 30 | 31 | /* Connection configuration constants */ 32 | const ( 33 | CONN_HOST = "localhost" 34 | CONN_PORT = "11111" 35 | CONN_TYPE = "tcp" 36 | ) 37 | 38 | func main() { 39 | /* Client Certificate path */ 40 | CERT_FILE := "../certs/ca-cert.pem" 41 | 42 | /* Initialize wolfSSL */ 43 | wolfSSL.WolfSSL_Init() 44 | 45 | /* Create WOLFSSL_CTX with tlsv12 */ 46 | ctx := wolfSSL.WolfSSL_CTX_new(wolfSSL.WolfTLSv1_2_client_method()) 47 | if ctx == nil { 48 | fmt.Println(" CTX new Failed"); 49 | os.Exit(1) 50 | } 51 | 52 | /* Load client certificate into WOLFSSL_CTX */ 53 | ret := wolfSSL.WolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, nil) 54 | if ret != wolfSSL.WOLFSSL_SUCCESS { 55 | fmt.Println("Failed to load ", CERT_FILE); 56 | os.Exit(1) 57 | } 58 | 59 | /* Create a WOLFSSL object */ 60 | ssl := wolfSSL.WolfSSL_new(ctx) 61 | if ssl == nil { 62 | fmt.Println(" wolfSSL_new failed"); 63 | os.Exit(1) 64 | } 65 | 66 | /* Get address of TCP end point */ 67 | tcpAddr, err := net.ResolveTCPAddr(CONN_TYPE, CONN_HOST+":"+CONN_PORT) 68 | if err != nil { 69 | println("ResolveTCPAddr failed:", err.Error()) 70 | os.Exit(1) 71 | } 72 | 73 | /* Dial the recieved TCP address */ 74 | conn, err := net.DialTCP(CONN_TYPE, nil, tcpAddr) 75 | if err != nil { 76 | println("Dial failed:", err.Error()) 77 | os.Exit(1) 78 | } 79 | 80 | /* Retrieve file descriptor from net.*TCPConn type */ 81 | file,err := conn.File() 82 | fd := file.Fd() 83 | wolfSSL.WolfSSL_set_fd(ssl, int(fd)) 84 | 85 | /* Connect to wolfSSL on the server side */ 86 | ret = wolfSSL.WolfSSL_connect(ssl); 87 | if ret != wolfSSL.WOLFSSL_SUCCESS { 88 | fmt.Println(" wolfSSL_connect error ", ret); 89 | os.Exit(1) 90 | } else { 91 | fmt.Println("Succesfully Connected!"); 92 | } 93 | 94 | /* Create the message and send to server */ 95 | message := []byte("Can you hear me?") 96 | sz := uintptr(len(message)) 97 | 98 | ret = wolfSSL.WolfSSL_write(ssl, message, sz) 99 | if uintptr(ret) != sz { 100 | fmt.Println(" wolfSSL_write failed "); 101 | os.Exit(1) 102 | } 103 | 104 | 105 | /* Recieve then print the message from server */ 106 | buf := make([]byte, 256) 107 | ret = wolfSSL.WolfSSL_read(ssl, buf, 256) 108 | if ret == -1 { 109 | fmt.Println(" wolfSSL_read failed "); 110 | } else { 111 | fmt.Println("Server says : ", string(buf)); 112 | } 113 | 114 | /* Shutdown wolfSSL */ 115 | wolfSSL.WolfSSL_shutdown(ssl) 116 | /* Free wolfSSL and wolfSSL_CTX objects */ 117 | wolfSSL.WolfSSL_free(ssl) 118 | wolfSSL.WolfSSL_CTX_free(ctx) 119 | /* Cleanup the wolfSSL environment */ 120 | wolfSSL.WolfSSL_Cleanup() 121 | 122 | /* Close the connection */ 123 | conn.Close() 124 | } 125 | -------------------------------------------------------------------------------- /examples/ecc-sign-verify/ecc-sign-verify.go: -------------------------------------------------------------------------------- 1 | /* ecc-sign-verify.go 2 | * 3 | * Copyright (C) 2006-2022 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package main 23 | 24 | import ( 25 | "os" 26 | "fmt" 27 | wolfSSL "github.com/wolfssl/go-wolfssl" 28 | ) 29 | 30 | const BYTE_SZ = 8 31 | 32 | func sign_verify(eccKeySz int, hash []byte, printSig int) { 33 | /* Declare variables */ 34 | var key wolfSSL.Ecc_key 35 | var rng wolfSSL.WC_RNG 36 | var sig []byte = nil 37 | var max int = wolfSSL.ECC_MAX_SIG_SIZE 38 | 39 | /* Algorithm for mod EG: (C / B) + (C % B != 0 ? 1:0) 40 | * equivalent to the calculation below */ 41 | byteField := int((eccKeySz + (BYTE_SZ - 1)) / BYTE_SZ) 42 | 43 | fmt.Println("Signing sha512 hash with key of size", eccKeySz, "and byteField of", byteField) 44 | 45 | sig = make([]byte, max) 46 | 47 | /* Initialize ecc key */ 48 | ret := wolfSSL.Wc_ecc_init(&key) 49 | if ret != 0 { 50 | fmt.Println("Failed to initialize ecc_key") 51 | os.Exit(1) 52 | } 53 | 54 | /* Initialize rng */ 55 | ret = wolfSSL.Wc_InitRng(&rng) 56 | if ret != 0 { 57 | fmt.Println("Failed to initialize rng") 58 | os.Exit(1) 59 | } 60 | 61 | /* Make ecc key with calculated byteField */ 62 | ret = wolfSSL.Wc_ecc_make_key(&rng, byteField, &key) 63 | if ret != 0 { 64 | fmt.Println("Failed to make ecc key") 65 | os.Exit(1) 66 | } 67 | 68 | /* Sign the sha512 hash with ecc key*/ 69 | ret = wolfSSL.Wc_ecc_sign_hash(hash, len(hash), sig, &max, &rng, &key) 70 | if ret != 0 { 71 | fmt.Println("Failed to sign hash") 72 | os.Exit(1) 73 | } 74 | 75 | /* Print signature hex, decided by printSig in main() */ 76 | if printSig != 0 { 77 | fmt.Printf("Signature: % x \n", string(sig[0:max])) 78 | } 79 | 80 | verified := 0 81 | 82 | /* Verify the hash with the signature and ensure verified var is set to 1*/ 83 | ret = wolfSSL.Wc_ecc_verify_hash(sig, max, hash, len(hash), &verified, &key) 84 | if ret != 0 || verified != 1 { 85 | fmt.Println("Failed to verify hash") 86 | os.Exit(1) 87 | } 88 | 89 | fmt.Println("Successfully verified signature w/ ecc key size", eccKeySz,"!") 90 | } 91 | 92 | func main() { 93 | var hash []byte 94 | var str []byte 95 | var printSig int = 0 //change to 1 to print the signature hex 96 | 97 | /* Example string to test ecc signing */ 98 | str = []byte("String to hash and test sign/verify") 99 | 100 | 101 | /* Create sha512 hash of the test string */ 102 | hash = make([]byte, wolfSSL.WC_SHA512_DIGEST_SIZE) 103 | wolfSSL.Wc_Sha512Hash(str, len(str), hash) 104 | 105 | /* Test sign/verify for different key sizes */ 106 | sign_verify(48, hash, printSig) 107 | sign_verify(112, hash, printSig) 108 | sign_verify(128, hash, printSig) 109 | sign_verify(192, hash, printSig) 110 | sign_verify(256, hash, printSig) 111 | sign_verify(320, hash, printSig) 112 | sign_verify(348, hash, printSig) 113 | 114 | } 115 | -------------------------------------------------------------------------------- /examples/hash/fileHash.go: -------------------------------------------------------------------------------- 1 | /* fileHash.go 2 | * 3 | * Copyright (C) 2006-2022 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package main 23 | 24 | import ( 25 | "os" 26 | "fmt" 27 | wolfSSL "github.com/wolfssl/go-wolfssl" 28 | ) 29 | 30 | func main() { 31 | /* Ensure file and alg are given as args */ 32 | if len(os.Args) != 3 { 33 | fmt.Println("Usage: ./file-hash "); 34 | os.Exit(1) 35 | } 36 | 37 | var out []byte 38 | alg := os.Args[1] 39 | inFile := os.Args[2] 40 | 41 | /* Read in the file to be hashed */ 42 | str, err := os.ReadFile(inFile) 43 | if err != nil { 44 | println(err.Error()) 45 | os.Exit(1) 46 | } 47 | 48 | var ret int 49 | 50 | /* Hash the input based on chosen algorithm */ 51 | if alg == "sha" { 52 | out = make([]byte, wolfSSL.WC_SHA_DIGEST_SIZE ) 53 | ret = wolfSSL.Wc_ShaHash(str, len(str), out) 54 | } else if alg == "sha256" { 55 | out = make([]byte, wolfSSL.WC_SHA256_DIGEST_SIZE ) 56 | ret = wolfSSL.Wc_Sha256Hash(str, len(str), out) 57 | } else if alg == "sha384" { 58 | out = make([]byte, wolfSSL.WC_SHA384_DIGEST_SIZE ) 59 | ret = wolfSSL.Wc_Sha384Hash(str, len(str), out) 60 | } else if alg == "sha512" { 61 | out = make([]byte, wolfSSL.WC_SHA512_DIGEST_SIZE ) 62 | ret = wolfSSL.Wc_Sha512Hash(str, len(str), out) 63 | } else if alg == "md5" { 64 | out = make([]byte, wolfSSL.WC_MD5_DIGEST_SIZE ) 65 | ret = wolfSSL.Wc_Md5Hash(str, len(str), out) 66 | } else { 67 | fmt.Println("Invalid algorithm. Please use sha, sha256, sha384, sha512, or md5."); 68 | os.Exit(1) 69 | } 70 | 71 | 72 | if ret != 0 { 73 | fmt.Println("Error. Hash func returned", ret); 74 | os.Exit(1) 75 | } else { 76 | fmt.Printf("% x \n", string(out)) 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /examples/server/server-dtls.go: -------------------------------------------------------------------------------- 1 | /* server-dtls.go 2 | * 3 | * Copyright (C) 2006-2023 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package main 23 | 24 | import ( 25 | "fmt" 26 | "net" 27 | "os" 28 | wolfSSL "github.com/wolfssl/go-wolfssl" 29 | ) 30 | 31 | /* Connection configuration constants */ 32 | const ( 33 | CONN_HOST = "127.0.0.1" 34 | CONN_PORT = "11111" 35 | CONN_TYPE = "udp4" 36 | ) 37 | 38 | func main() { 39 | /* Server Key and Certificate paths */ 40 | CERT_FILE := "../certs/server-cert.pem" 41 | KEY_FILE := "../certs/server-key.pem" 42 | 43 | /* Initialize wolfSSL */ 44 | wolfSSL.WolfSSL_Init() 45 | 46 | /* Create WOLFSSL_CTX with Dtls v1.2 */ 47 | ctx := wolfSSL.WolfSSL_CTX_new(wolfSSL.WolfDTLSv1_2_server_method()) 48 | if ctx == nil { 49 | fmt.Println(" WolfSSL_CTX_new Failed"); 50 | os.Exit(1) 51 | } 52 | 53 | /* Load server certificates into WOLFSSL_CTX */ 54 | ret := wolfSSL.WolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, wolfSSL.SSL_FILETYPE_PEM) 55 | if ret != wolfSSL.WOLFSSL_SUCCESS { 56 | fmt.Println("Error: WolfSSL_CTX_use_certificate Failed"); 57 | os.Exit(1) 58 | } 59 | 60 | /* Load server key into WOLFSSL_CTX */ 61 | ret = wolfSSL.WolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, wolfSSL.SSL_FILETYPE_PEM) 62 | if ret != wolfSSL.WOLFSSL_SUCCESS { 63 | fmt.Println("Error: WolfSSL_CTX_use_PrivateKey Failed"); 64 | os.Exit(1) 65 | } 66 | 67 | udpAd, _ := net.ResolveUDPAddr(CONN_TYPE, CONN_HOST+":"+CONN_PORT) 68 | /* Listen for incoming connections */ 69 | conn, err := net.ListenUDP(CONN_TYPE, udpAd) 70 | if err != nil { 71 | fmt.Println("Error listening:", err.Error()) 72 | os.Exit(1) 73 | } 74 | /* Close the listener when the application closes */ 75 | defer conn.Close() 76 | fmt.Println("Listening on " + CONN_HOST + ":" + CONN_PORT) 77 | buffer := make([]byte, 5) 78 | _, addr, err := conn.ReadFromUDP(buffer) 79 | /* Listen for an incoming connection */ 80 | c , err := net.DialUDP(CONN_TYPE, nil, addr) 81 | if err != nil { 82 | fmt.Println("Error accepting: ", err.Error()) 83 | } 84 | 85 | /* Create a WOLFSSL object */ 86 | ssl := wolfSSL.WolfSSL_new(ctx) 87 | if ssl == nil { 88 | fmt.Println(" WolfSSL_new Failed"); 89 | os.Exit(1) 90 | } 91 | 92 | /* Retrieve file descriptor from net.Conn type */ 93 | file,err := conn.File()//(*net.Conn).File() 94 | fd := file.Fd() 95 | wolfSSL.WolfSSL_set_fd(ssl, int(fd)) 96 | 97 | /* Establish TLS connection */ 98 | ret = wolfSSL.WolfSSL_accept(ssl); 99 | if ret != wolfSSL.WOLFSSL_SUCCESS { 100 | fmt.Println(" WolfSSL_accept error ", ret); 101 | e:= wolfSSL.WolfSSL_get_error(ssl, 0) 102 | // who := wolfSSL.WolfSSL_ERR_reason_error_string(e) 103 | fmt.Println(" WolfSSL_accept error ",e ) 104 | os.Exit(1) 105 | } else { 106 | fmt.Println("Client Succesfully Connected!"); 107 | } 108 | 109 | buf := make([]byte, 256) 110 | 111 | /* Recieve then print the message from client */ 112 | ret = wolfSSL.WolfSSL_read(ssl, buf, 256) 113 | if ret == -1 { 114 | fmt.Println(" WolfSSL_read failed "); 115 | } else { 116 | fmt.Println("Client says : ", string(buf)); 117 | } 118 | 119 | /* Create the message and send to client */ 120 | reply := []byte("I hear ya fashizzle!") 121 | sz := uintptr(len(reply)) 122 | 123 | ret = wolfSSL.WolfSSL_write(ssl, reply, sz) 124 | if uintptr(ret) != sz { 125 | fmt.Println(" WolfSSL_write failed "); 126 | os.Exit(1) 127 | } 128 | 129 | /* Shutdown wolfSSL */ 130 | wolfSSL.WolfSSL_shutdown(ssl) 131 | /* Free wolfSSL and wolfSSL_CTX objects */ 132 | wolfSSL.WolfSSL_free(ssl) 133 | wolfSSL.WolfSSL_CTX_free(ctx) 134 | /* Cleanup the wolfSSL environment */ 135 | wolfSSL.WolfSSL_Cleanup() 136 | 137 | /* Close the connection */ 138 | conn.Close() 139 | } 140 | 141 | -------------------------------------------------------------------------------- /examples/server/server-psk.go: -------------------------------------------------------------------------------- 1 | /* server-psk.go 2 | * 3 | * Copyright (C) 2006-2023 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package main 23 | 24 | //#cgo CFLAGS: -g -Wall -I/usr/include 25 | //#include 26 | //#include 27 | //#include 28 | //#define PSK_KEY_LEN 4 29 | // unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, 30 | // unsigned char* key, unsigned int key_max_len) 31 | //{ 32 | // (void)ssl; 33 | // (void)key_max_len; 34 | // 35 | // if (strncmp(identity, "Client_identity", 15) != 0) { 36 | // return 0; 37 | // } 38 | // 39 | // key[0] = 26; 40 | // key[1] = 43; 41 | // key[2] = 60; 42 | // key[3] = 77; 43 | // 44 | // return PSK_KEY_LEN; 45 | //} 46 | import "C" 47 | import ( 48 | "fmt" 49 | "net" 50 | "os" 51 | wolfSSL "github.com/wolfssl/go-wolfssl" 52 | ) 53 | 54 | /* Connection configuration constants */ 55 | const ( 56 | CONN_HOST = "localhost" 57 | CONN_PORT = "11111" 58 | CONN_TYPE = "tcp" 59 | ) 60 | 61 | func main() { 62 | /* Initialize wolfSSL */ 63 | wolfSSL.WolfSSL_Init() 64 | 65 | /* Create WOLFSSL_CTX with tlsv13 */ 66 | ctx := wolfSSL.WolfSSL_CTX_new(wolfSSL.WolfTLSv1_3_server_method()) 67 | if ctx == nil { 68 | fmt.Println(" WolfSSL_CTX_new Failed"); 69 | os.Exit(1) 70 | } 71 | 72 | wolfSSL.WolfSSL_CTX_set_psk_server_callback(ctx, C.my_psk_server_cb) 73 | 74 | ret := wolfSSL.WolfSSL_CTX_use_psk_identity_hint(ctx, "wolfssl server"); 75 | if ret != wolfSSL.WOLFSSL_SUCCESS { 76 | fmt.Println(" WolfSSL_CTX_use_psk_identity_hint ", ret); 77 | fmt.Println(" Ensure wolfSSL is configured with --enable-psk and you've run ./generateOptions.sh"); 78 | os.Exit(1) 79 | } 80 | /* Listen for incoming connections */ 81 | l, err := net.Listen(CONN_TYPE, CONN_HOST+":"+CONN_PORT) 82 | if err != nil { 83 | fmt.Println("Error listening:", err.Error()) 84 | os.Exit(1) 85 | } 86 | /* Close the listener when the application closes */ 87 | defer l.Close() 88 | fmt.Println("Listening on " + CONN_HOST + ":" + CONN_PORT) 89 | 90 | /* Listen for an incoming connection */ 91 | conn, err := l.Accept() 92 | if err != nil { 93 | fmt.Println("Error accepting: ", err.Error()) 94 | } 95 | 96 | /* Create a WOLFSSL object */ 97 | ssl := wolfSSL.WolfSSL_new(ctx) 98 | if ssl == nil { 99 | fmt.Println(" WolfSSL_new Failed"); 100 | os.Exit(1) 101 | } 102 | 103 | /* Retrieve file descriptor from net.Conn type */ 104 | file,err := conn.(*net.TCPConn).File() 105 | fd := file.Fd() 106 | wolfSSL.WolfSSL_set_fd(ssl, int(fd)) 107 | 108 | /* Establish TLS connection */ 109 | ret = wolfSSL.WolfSSL_accept(ssl); 110 | if ret != wolfSSL.WOLFSSL_SUCCESS { 111 | fmt.Println(" WolfSSL_accept error ", ret); 112 | os.Exit(1) 113 | } else { 114 | fmt.Println("Client Succesfully Connected!"); 115 | } 116 | 117 | buf := make([]byte, 256) 118 | 119 | /* Recieve then print the message from client */ 120 | ret = wolfSSL.WolfSSL_read(ssl, buf, 256) 121 | if ret == -1 { 122 | fmt.Println(" WolfSSL_read failed "); 123 | } else { 124 | fmt.Println("Client says : ", string(buf)); 125 | } 126 | 127 | /* Create the message and send to client */ 128 | reply := []byte("I hear ya fashizzle!") 129 | sz := uintptr(len(reply)) 130 | 131 | ret = wolfSSL.WolfSSL_write(ssl, reply, sz) 132 | if uintptr(ret) != sz { 133 | fmt.Println(" WolfSSL_write failed "); 134 | os.Exit(1) 135 | } 136 | 137 | /* Shutdown wolfSSL */ 138 | wolfSSL.WolfSSL_shutdown(ssl) 139 | /* Free wolfSSL and wolfSSL_CTX objects */ 140 | wolfSSL.WolfSSL_free(ssl) 141 | wolfSSL.WolfSSL_CTX_free(ctx) 142 | /* Cleanup the wolfSSL environment */ 143 | wolfSSL.WolfSSL_Cleanup() 144 | 145 | /* Close the connection */ 146 | conn.Close() 147 | } 148 | 149 | -------------------------------------------------------------------------------- /examples/server/server.go: -------------------------------------------------------------------------------- 1 | /* server.go 2 | * 3 | * Copyright (C) 2006-2022 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package main 23 | 24 | import ( 25 | "fmt" 26 | "net" 27 | "os" 28 | wolfSSL "github.com/wolfssl/go-wolfssl" 29 | ) 30 | 31 | /* Connection configuration constants */ 32 | const ( 33 | CONN_HOST = "localhost" 34 | CONN_PORT = "11111" 35 | CONN_TYPE = "tcp" 36 | ) 37 | 38 | func main() { 39 | /* Server Key and Certificate paths */ 40 | CERT_FILE := "../certs/server-cert.pem" 41 | KEY_FILE := "../certs/server-key.pem" 42 | 43 | /* Initialize wolfSSL */ 44 | wolfSSL.WolfSSL_Init() 45 | 46 | /* Create WOLFSSL_CTX with tlsv12 */ 47 | ctx := wolfSSL.WolfSSL_CTX_new(wolfSSL.WolfTLSv1_2_server_method()) 48 | if ctx == nil { 49 | fmt.Println(" WolfSSL_CTX_new Failed"); 50 | os.Exit(1) 51 | } 52 | 53 | /* Load server certificates into WOLFSSL_CTX */ 54 | ret := wolfSSL.WolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, wolfSSL.SSL_FILETYPE_PEM) 55 | if ret != wolfSSL.WOLFSSL_SUCCESS { 56 | fmt.Println("Error: WolfSSL_CTX_use_certificate Failed"); 57 | os.Exit(1) 58 | } 59 | 60 | /* Load server key into WOLFSSL_CTX */ 61 | ret = wolfSSL.WolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, wolfSSL.SSL_FILETYPE_PEM) 62 | if ret != wolfSSL.WOLFSSL_SUCCESS { 63 | fmt.Println("Error: WolfSSL_CTX_use_PrivateKey Failed"); 64 | os.Exit(1) 65 | } 66 | 67 | /* Listen for incoming connections */ 68 | l, err := net.Listen(CONN_TYPE, CONN_HOST+":"+CONN_PORT) 69 | if err != nil { 70 | fmt.Println("Error listening:", err.Error()) 71 | os.Exit(1) 72 | } 73 | /* Close the listener when the application closes */ 74 | defer l.Close() 75 | fmt.Println("Listening on " + CONN_HOST + ":" + CONN_PORT) 76 | 77 | /* Listen for an incoming connection */ 78 | conn, err := l.Accept() 79 | if err != nil { 80 | fmt.Println("Error accepting: ", err.Error()) 81 | } 82 | 83 | /* Create a WOLFSSL object */ 84 | ssl := wolfSSL.WolfSSL_new(ctx) 85 | if ssl == nil { 86 | fmt.Println(" WolfSSL_new Failed"); 87 | os.Exit(1) 88 | } 89 | 90 | /* Retrieve file descriptor from net.Conn type */ 91 | file,err := conn.(*net.TCPConn).File() 92 | fd := file.Fd() 93 | wolfSSL.WolfSSL_set_fd(ssl, int(fd)) 94 | 95 | /* Establish TLS connection */ 96 | ret = wolfSSL.WolfSSL_accept(ssl); 97 | if ret != wolfSSL.WOLFSSL_SUCCESS { 98 | fmt.Println(" WolfSSL_accept error ", ret); 99 | os.Exit(1) 100 | } else { 101 | fmt.Println("Client Succesfully Connected!"); 102 | } 103 | 104 | buf := make([]byte, 256) 105 | 106 | /* Recieve then print the message from client */ 107 | ret = wolfSSL.WolfSSL_read(ssl, buf, 256) 108 | if ret == -1 { 109 | fmt.Println(" WolfSSL_read failed "); 110 | } else { 111 | fmt.Println("Client says : ", string(buf)); 112 | } 113 | 114 | /* Create the message and send to client */ 115 | reply := []byte("I hear ya fashizzle!") 116 | sz := uintptr(len(reply)) 117 | 118 | ret = wolfSSL.WolfSSL_write(ssl, reply, sz) 119 | if uintptr(ret) != sz { 120 | fmt.Println(" WolfSSL_write failed "); 121 | os.Exit(1) 122 | } 123 | 124 | /* Shutdown wolfSSL */ 125 | wolfSSL.WolfSSL_shutdown(ssl) 126 | /* Free wolfSSL and wolfSSL_CTX objects */ 127 | wolfSSL.WolfSSL_free(ssl) 128 | wolfSSL.WolfSSL_CTX_free(ctx) 129 | /* Cleanup the wolfSSL environment */ 130 | wolfSSL.WolfSSL_Cleanup() 131 | 132 | /* Close the connection */ 133 | conn.Close() 134 | } 135 | 136 | -------------------------------------------------------------------------------- /fips.go: -------------------------------------------------------------------------------- 1 | /* fips.go 2 | * 3 | * Copyright (C) 2006-2024 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package wolfSSL 23 | 24 | // #include 25 | // #include 26 | // #include 27 | // #include 28 | // #ifndef WC_RNG_SEED_CB 29 | // typedef int (*wc_RngSeed_Cb)(OS_Seed* os, byte* seed, word32 sz); 30 | // int wc_SetSeed_Cb(wc_RngSeed_Cb cb) { 31 | // return -174; 32 | // } 33 | // #endif 34 | // #define WC_SPKRE_F(x,y) wolfCrypt_SetPrivateKeyReadEnable_fips((x),(y)) 35 | // #ifdef HAVE_FIPS 36 | // int WC_PRIVATE_KEY_LOCK(void) { 37 | // return WC_SPKRE_F(0,WC_KEYTYPE_ALL); 38 | // } 39 | // int WC_PRIVATE_KEY_UNLOCK(void) { 40 | // return WC_SPKRE_F(1,WC_KEYTYPE_ALL); 41 | // } 42 | // #else 43 | // int WC_PRIVATE_KEY_LOCK(void) { 44 | // return -174; 45 | // } 46 | // int WC_PRIVATE_KEY_UNLOCK(void) { 47 | // return -174; 48 | // } 49 | // int wc_RunAllCast_fips(void) { 50 | // return -174; 51 | // } 52 | // #endif 53 | import "C" 54 | 55 | func Wc_SetDefaultSeed_Cb() int { 56 | return int(C.wc_SetSeed_Cb((C.wc_RngSeed_Cb)(C.wc_GenerateSeed))) 57 | } 58 | 59 | func PRIVATE_KEY_LOCK() int { 60 | return int(C.WC_PRIVATE_KEY_LOCK()) 61 | } 62 | 63 | func PRIVATE_KEY_UNLOCK() int { 64 | return int(C.WC_PRIVATE_KEY_UNLOCK()) 65 | } 66 | 67 | func Wc_RunAllCast_fips() int { 68 | return int(C.wc_RunAllCast_fips()) 69 | } 70 | -------------------------------------------------------------------------------- /generateOptions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | OPTIONS_H="../wolfssl/wolfssl/options.h" 4 | 5 | if [ ! -z $1 ];then 6 | WOLFSSL_PATH=$1 7 | echo "Path to wolfSSL was supplied." 8 | 9 | if [ -f "$WOLFSSL_PATH/wolfssl/options.h" ];then 10 | OPTIONS_H="$WOLFSSL_PATH/wolfssl/options.h" 11 | else 12 | echo "Couldn't find options.h, please supply the correct path to wolfSSL." 13 | exit 99 14 | fi 15 | else 16 | echo "No path given, defaulting to ../wolfssl path." 17 | if [ ! -d ../wolfssl ];then 18 | echo "Couldn't find wolfSSL in default path, please supply the correct path to wolfSSL." 19 | exit 99 20 | fi 21 | fi 22 | 23 | rm -f options.go 24 | echo "package wolfSSL" >> options.go 25 | echo "" >> options.go 26 | echo "// #cgo CFLAGS: -g -Wall -I/usr/include -I/usr/include/wolfssl" >> options.go 27 | echo "// #cgo LDFLAGS: -L/usr/local/lib -lwolfssl -lm" >> options.go 28 | sed 's/^/\/\/ /' $OPTIONS_H >> options.go 29 | echo "options.go generated." 30 | 31 | exit 0 32 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/wolfssl/go-wolfssl 2 | 3 | go 1.13 4 | -------------------------------------------------------------------------------- /hash.go: -------------------------------------------------------------------------------- 1 | /* hash.go 2 | * 3 | * Copyright (C) 2006-2022 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package wolfSSL 23 | 24 | // #include 25 | // #include 26 | // #ifdef NO_MD5 27 | // #define WC_MD5_DIGEST_SIZE 1 28 | // int wc_Md5Hash(const byte* data, word32 len, byte* hash) { 29 | // return -174; 30 | // } 31 | // #endif 32 | // #ifdef NO_SHA 33 | // #define WC_SHA_DIGEST_SIZE 1 34 | // int wc_ShaHash(const byte* data, word32 len, byte* hash) { 35 | // return -174; 36 | // } 37 | // #endif 38 | // #ifdef NO_SHA256 39 | // int wc_Sha256Hash(const byte* data, word32 len, byte* hash) { 40 | // return -174; 41 | // } 42 | // #endif 43 | // #ifndef WOLFSSL_SHA384 44 | // #define WC_SHA384_DIGEST_SIZE 1 45 | // int wc_Sha384Hash(const byte* data, word32 len, byte* hash) { 46 | // return -174; 47 | // } 48 | // #endif 49 | // #ifndef WOLFSSL_SHA512 50 | // int wc_Sha512Hash(const byte* data, word32 len, byte* hash) { 51 | // return -174; 52 | // } 53 | // #endif 54 | import "C" 55 | import ( 56 | "unsafe" 57 | ) 58 | 59 | const WC_MD5_DIGEST_SIZE = int(C.WC_MD5_DIGEST_SIZE) 60 | const WC_SHA_DIGEST_SIZE = int(C.WC_SHA_DIGEST_SIZE) 61 | const WC_SHA256_DIGEST_SIZE = int(C.WC_SHA256_DIGEST_SIZE) 62 | const WC_SHA384_DIGEST_SIZE = int(C.WC_SHA384_DIGEST_SIZE) 63 | const WC_SHA512_DIGEST_SIZE = int(C.WC_SHA512_DIGEST_SIZE) 64 | 65 | const WC_SHA256 = int(C.WC_SHA256) 66 | 67 | func Wc_Md5Hash(input []byte, inputSz int, output []byte) int { 68 | return int(C.wc_Md5Hash((*C.uchar)(unsafe.Pointer(&input[0])), 69 | C.word32(inputSz), (*C.uchar)(unsafe.Pointer(&output[0])))) 70 | } 71 | 72 | func Wc_ShaHash(input []byte, inputSz int, output []byte) int { 73 | return int(C.wc_ShaHash((*C.uchar)(unsafe.Pointer(&input[0])), 74 | C.word32(inputSz), (*C.uchar)(unsafe.Pointer(&output[0])))) 75 | } 76 | 77 | func Wc_Sha256Hash(input []byte, inputSz int, output []byte) int { 78 | return int(C.wc_Sha256Hash((*C.uchar)(unsafe.Pointer(&input[0])), 79 | C.word32(inputSz), (*C.uchar)(unsafe.Pointer(&output[0])))) 80 | } 81 | 82 | func Wc_Sha384Hash(input []byte, inputSz int, output []byte) int { 83 | return int(C.wc_Sha384Hash((*C.uchar)(unsafe.Pointer(&input[0])), 84 | C.word32(inputSz), (*C.uchar)(unsafe.Pointer(&output[0])))) 85 | } 86 | 87 | func Wc_Sha512Hash(input []byte, inputSz int, output []byte) int { 88 | return int(C.wc_Sha512Hash((*C.uchar)(unsafe.Pointer(&input[0])), 89 | C.word32(inputSz), (*C.uchar)(unsafe.Pointer(&output[0])))) 90 | } 91 | -------------------------------------------------------------------------------- /hmac.go: -------------------------------------------------------------------------------- 1 | /* hmac.go 2 | * 3 | * Copyright (C) 2006-2024 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package wolfSSL 23 | 24 | // #include 25 | // #include 26 | import "C" 27 | import ( 28 | "unsafe" 29 | ) 30 | 31 | type Hmac = C.struct_Hmac 32 | 33 | func Wc_HmacInit(hmac *C.struct_Hmac, heap unsafe.Pointer, devId int) int { 34 | return int(C.wc_HmacInit(hmac, heap, C.int(devId))) 35 | } 36 | 37 | func Wc_HmacFree(hmac *C.struct_Hmac) { 38 | C.wc_HmacFree(hmac) 39 | } 40 | 41 | func Wc_HmacSetKey(hmac *C.struct_Hmac, hash int, key []byte, keySz int) int { 42 | var sanKey *C.uchar 43 | if len(key) > 0 { 44 | sanKey = (*C.uchar)(unsafe.Pointer(&key[0])) 45 | } else { 46 | sanKey = (*C.uchar)(unsafe.Pointer(nil)) 47 | } 48 | return int(C.wc_HmacSetKey(hmac, C.int(hash), sanKey, C.word32(keySz))) 49 | } 50 | 51 | func Wc_HmacUpdate(hmac *C.struct_Hmac, in []byte, inSz int) int { 52 | var sanIn *C.uchar 53 | if len(in) > 0 { 54 | sanIn = (*C.uchar)(unsafe.Pointer(&in[0])) 55 | } else { 56 | sanIn = (*C.uchar)(unsafe.Pointer(nil)) 57 | } 58 | 59 | return int(C.wc_HmacUpdate(hmac, sanIn, C.word32(inSz))) 60 | } 61 | 62 | func Wc_HmacFinal(hmac *C.struct_Hmac, out []byte) int { 63 | return int(C.wc_HmacFinal(hmac, (*C.uchar)(unsafe.Pointer(&out[0])))) 64 | } 65 | 66 | func Wc_HKDF(hashType int, inputKey []byte, inputKeySz int, salt []byte, 67 | saltSz int, info []byte, infoSz int, out []byte, outSz int) int { 68 | return int(C.wc_HKDF(C.int(hashType), (*C.uchar)(unsafe.Pointer(&inputKey[0])), 69 | C.word32(inputKeySz), (*C.uchar)(unsafe.Pointer(&salt[0])), 70 | C.word32(saltSz), (*C.uchar)(unsafe.Pointer(&info[0])), 71 | C.word32(infoSz), (*C.uchar)(unsafe.Pointer(&out[0])), 72 | C.word32(outSz))) 73 | } 74 | -------------------------------------------------------------------------------- /misc.go: -------------------------------------------------------------------------------- 1 | /* misc.go 2 | * 3 | * Copyright (C) 2006-2024 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package wolfSSL 23 | 24 | func ConstantCompare(a, b []byte, length int) int { 25 | var result byte = 0 26 | for i := 0; i < length; i++ { 27 | result |= a[i] ^ b[i] 28 | } 29 | 30 | if result == 0 { 31 | return 1 32 | } else { 33 | return 0 34 | } 35 | } 36 | 37 | func zeroMemory(b []byte) { 38 | for i := range b { 39 | b[i] = 0 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /random.go: -------------------------------------------------------------------------------- 1 | /* random.go 2 | * 3 | * Copyright (C) 2006-2022 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package wolfSSL 23 | 24 | // #include 25 | // #include 26 | // #ifdef WC_NO_RNG 27 | // typedef struct WC_RNG {} WC_RNG; 28 | // int wc_InitRng(WC_RNG* rng) { 29 | // return -174; 30 | // } 31 | // int wc_FreeRng(WC_RNG* rng) { 32 | // return -174; 33 | // } 34 | // int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz) { 35 | // return -174; 36 | // } 37 | // #endif 38 | import "C" 39 | import ( 40 | "unsafe" 41 | ) 42 | 43 | type WC_RNG = C.struct_WC_RNG 44 | 45 | func Wc_InitRng(rng *C.struct_WC_RNG) int { 46 | return int(C.wc_InitRng(rng)) 47 | } 48 | 49 | func Wc_FreeRng(rng *C.struct_WC_RNG) int { 50 | return int(C.wc_FreeRng(rng)) 51 | } 52 | 53 | func Wc_RNG_GenerateBlock(rng *C.struct_WC_RNG, b []byte, sz int) int { 54 | return int(C.wc_RNG_GenerateBlock(rng, (*C.uchar)(unsafe.Pointer(&b[0])), 55 | C.word32(sz))) 56 | } 57 | -------------------------------------------------------------------------------- /sha.go: -------------------------------------------------------------------------------- 1 | /* sha.go 2 | * 3 | * Copyright (C) 2006-2024 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package wolfSSL 23 | 24 | // #include 25 | // #include 26 | import "C" 27 | import ( 28 | "unsafe" 29 | ) 30 | 31 | type Wc_Sha256 = C.struct_wc_Sha256 32 | 33 | func Wc_InitSha256_ex(sha *C.struct_wc_Sha256, heap unsafe.Pointer, devId int) int { 34 | return int(C.wc_InitSha256_ex(sha, heap, C.int(devId))) 35 | } 36 | 37 | func Wc_Sha256Free(sha *C.struct_wc_Sha256) { 38 | C.wc_Sha256Free(sha) 39 | } 40 | 41 | func Wc_Sha256Update(sha *C.struct_wc_Sha256, in []byte, inSz int) int { 42 | var sanIn *C.uchar 43 | if len(in) > 0 { 44 | sanIn = (*C.uchar)(unsafe.Pointer(&in[0])) 45 | } else { 46 | sanIn = (*C.uchar)(unsafe.Pointer(nil)) 47 | } 48 | 49 | return int(C.wc_Sha256Update(sha, sanIn, C.word32(inSz))) 50 | } 51 | 52 | func Wc_Sha256Final(sha *C.struct_wc_Sha256, out []byte) int { 53 | return int(C.wc_Sha256Final(sha, (*C.uchar)(unsafe.Pointer(&out[0])))) 54 | } 55 | -------------------------------------------------------------------------------- /ssl.go: -------------------------------------------------------------------------------- 1 | /* ssl.go 2 | * 3 | * Copyright (C) 2006-2022 wolfSSL Inc. 4 | * 5 | * This file is part of wolfSSL. 6 | * 7 | * wolfSSL is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfSSL is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | package wolfSSL 23 | 24 | // #include 25 | // #include 26 | // #ifdef NO_PSK 27 | // typedef unsigned int (*pskCb)(); 28 | // int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint) { 29 | // return -174; 30 | // } 31 | // void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx, pskCb cb) {} 32 | // void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx, pskCb cb) {} 33 | // void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX* ctx, pskCb cb) {} 34 | // void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX* ctx, pskCb cb) {} 35 | // #endif 36 | // #ifndef WOLFSSL_DTLS 37 | // WOLFSSL_METHOD* wolfDTLSv1_2_server_method(void) { 38 | // return NULL; 39 | // } 40 | // WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void) { 41 | // return NULL; 42 | // } 43 | // void* wolfSSL_dtls_create_peer(int port, char* ip) { 44 | // return NULL; 45 | // } 46 | // int wolfSSL_dtls_free_peer(void* addr) { 47 | // return -174; 48 | // } 49 | // #endif 50 | // #ifndef WOLFSSL_DTLS13 51 | // WOLFSSL_METHOD* wolfDTLSv1_3_server_method(void) { 52 | // return NULL; 53 | // } 54 | // WOLFSSL_METHOD* wolfDTLSv1_3_client_method(void) { 55 | // return NULL; 56 | // } 57 | // #endif 58 | // #ifndef HAVE_WRITE_DUP 59 | // WOLFSSL* wolfSSL_write_dup(WOLFSSL* ssl) { 60 | // return NULL; 61 | // } 62 | // #endif 63 | import "C" 64 | import ( 65 | "unsafe" 66 | ) 67 | 68 | const SSL_FILETYPE_PEM = 1 69 | const WOLFSSL_SUCCESS = 1 70 | 71 | type WOLFSSL = C.struct_WOLFSSL 72 | type WOLFSSL_CTX = C.struct_WOLFSSL_CTX 73 | 74 | func WolfSSL_Init() { 75 | C.wolfSSL_Init() 76 | } 77 | 78 | func WolfSSL_Cleanup() { 79 | C.wolfSSL_Cleanup() 80 | } 81 | 82 | func WolfSSL_CTX_new(method *C.struct_WOLFSSL_METHOD) *C.struct_WOLFSSL_CTX { 83 | return C.wolfSSL_CTX_new(method) 84 | } 85 | 86 | func WolfSSL_CTX_free(ctx *C.struct_WOLFSSL_CTX) { 87 | C.wolfSSL_CTX_free(ctx) 88 | } 89 | 90 | func WolfSSL_CTX_set_cipher_list(ctx *C.struct_WOLFSSL_CTX, list string) int { 91 | c_list := C.CString(list) 92 | defer C.free(unsafe.Pointer(c_list)) 93 | return int(C.wolfSSL_CTX_set_cipher_list(ctx, c_list)) 94 | } 95 | 96 | func WolfSSL_new(ctx *C.struct_WOLFSSL_CTX) *C.struct_WOLFSSL { 97 | return C.wolfSSL_new(ctx) 98 | } 99 | 100 | func WolfSSL_write_dup(ssl *C.struct_WOLFSSL) *C.struct_WOLFSSL { 101 | return C.wolfSSL_write_dup(ssl) 102 | } 103 | 104 | func WolfSSL_connect(ssl *C.struct_WOLFSSL) int { 105 | return int(C.wolfSSL_connect(ssl)) 106 | } 107 | 108 | func WolfSSL_shutdown(ssl *C.struct_WOLFSSL) { 109 | C.wolfSSL_shutdown(ssl) 110 | } 111 | 112 | func WolfSSL_free(ssl *C.struct_WOLFSSL) { 113 | C.wolfSSL_free(ssl) 114 | } 115 | 116 | func WolfTLSv1_2_server_method() *C.struct_WOLFSSL_METHOD { 117 | return C.wolfTLSv1_2_server_method() 118 | } 119 | 120 | func WolfTLSv1_2_client_method() *C.struct_WOLFSSL_METHOD { 121 | return C.wolfTLSv1_2_client_method() 122 | } 123 | 124 | func WolfTLSv1_3_server_method() *C.struct_WOLFSSL_METHOD { 125 | return C.wolfTLSv1_3_server_method() 126 | } 127 | 128 | func WolfTLSv1_3_client_method() *C.struct_WOLFSSL_METHOD { 129 | return C.wolfTLSv1_3_client_method() 130 | } 131 | 132 | func WolfDTLSv1_2_server_method() *C.struct_WOLFSSL_METHOD { 133 | return C.wolfDTLSv1_2_server_method() 134 | } 135 | 136 | func WolfDTLSv1_2_client_method() *C.struct_WOLFSSL_METHOD { 137 | return C.wolfDTLSv1_2_client_method() 138 | } 139 | 140 | func WolfDTLSv1_3_server_method() *C.struct_WOLFSSL_METHOD { 141 | return C.wolfDTLSv1_3_server_method() 142 | } 143 | 144 | func WolfDTLSv1_3_client_method() *C.struct_WOLFSSL_METHOD { 145 | return C.wolfDTLSv1_3_client_method() 146 | } 147 | 148 | func WolfSSL_dtls_create_peer(port int, ip string) unsafe.Pointer { 149 | c_ip := C.CString(ip) 150 | defer C.free(unsafe.Pointer(c_ip)) 151 | return C.wolfSSL_dtls_create_peer(C.int(port), c_ip) 152 | } 153 | 154 | func WolfSSL_dtls_set_peer(ssl *C.struct_WOLFSSL, addr unsafe.Pointer, peerSz int) int { 155 | return int(C.wolfSSL_dtls_set_peer(ssl, addr, C.uint(peerSz))) 156 | } 157 | 158 | func WolfSSL_dtls_free_peer(addr unsafe.Pointer) int { 159 | return int(C.wolfSSL_dtls_free_peer(addr)) 160 | } 161 | 162 | func WolfSSL_CTX_set_psk_server_callback(ctx *C.struct_WOLFSSL_CTX, cb unsafe.Pointer) { 163 | C.wolfSSL_CTX_set_psk_server_callback(ctx, (*[0]byte)(cb)) 164 | } 165 | 166 | func WolfSSL_CTX_set_psk_client_callback(ctx *C.struct_WOLFSSL_CTX, cb unsafe.Pointer) { 167 | C.wolfSSL_CTX_set_psk_client_callback(ctx, (*[0]byte)(cb)) 168 | } 169 | 170 | func WolfSSL_CTX_set_psk_server_tls13_callback(ctx *C.struct_WOLFSSL_CTX, cb unsafe.Pointer) { 171 | C.wolfSSL_CTX_set_psk_server_tls13_callback(ctx, (*[0]byte)(cb)) 172 | } 173 | 174 | func WolfSSL_CTX_set_psk_client_tls13_callback(ctx *C.struct_WOLFSSL_CTX, cb unsafe.Pointer) { 175 | C.wolfSSL_CTX_set_psk_client_tls13_callback(ctx, (*[0]byte)(cb)) 176 | } 177 | 178 | func WolfSSL_CTX_use_psk_identity_hint(ctx *C.struct_WOLFSSL_CTX, hint string) int { 179 | c_hint := C.CString(hint) 180 | defer C.free(unsafe.Pointer(c_hint)) 181 | return int(C.wolfSSL_CTX_use_psk_identity_hint(ctx, c_hint)) 182 | } 183 | 184 | func WolfSSL_CTX_load_verify_locations(ctx *C.struct_WOLFSSL_CTX, cert string, 185 | path []byte) int { 186 | cert_file := C.CString(cert) 187 | defer C.free(unsafe.Pointer(cert_file)) 188 | /* TODO: HANDLE NON NIL PATH */ 189 | return int(C.wolfSSL_CTX_load_verify_locations(ctx, cert_file, 190 | (*C.char)(unsafe.Pointer(nil)))) 191 | } 192 | 193 | func WolfSSL_CTX_use_certificate_file(ctx *C.struct_WOLFSSL_CTX, cert string, 194 | format int) int { 195 | cert_file := C.CString(cert) 196 | defer C.free(unsafe.Pointer(cert_file)) 197 | return int(C.wolfSSL_CTX_use_certificate_file(ctx, cert_file, C.int(format))) 198 | } 199 | 200 | func WolfSSL_CTX_use_PrivateKey_file(ctx *C.struct_WOLFSSL_CTX, key string, 201 | format int) int { 202 | key_file := C.CString(key) 203 | defer C.free(unsafe.Pointer(key_file)) 204 | return int(C.wolfSSL_CTX_use_PrivateKey_file(ctx, key_file, C.int(format))) 205 | } 206 | 207 | func WolfSSL_set_fd(ssl *C.struct_WOLFSSL, fd int) { 208 | C.wolfSSL_set_fd(ssl, C.int(fd)) 209 | } 210 | 211 | func WolfSSL_accept(ssl *C.struct_WOLFSSL) int { 212 | return int(C.wolfSSL_accept(ssl)) 213 | } 214 | 215 | func WolfSSL_read(ssl *C.struct_WOLFSSL, data []byte, sz uintptr) int { 216 | return int(C.wolfSSL_read(ssl, unsafe.Pointer(&data[0]), C.int(sz))) 217 | } 218 | 219 | func WolfSSL_write(ssl *C.struct_WOLFSSL, data []byte, sz uintptr) int { 220 | return int(C.wolfSSL_write(ssl, unsafe.Pointer(&data[0]), C.int(sz))) 221 | } 222 | 223 | func WolfSSL_get_error(ssl *C.struct_WOLFSSL, ret int) int { 224 | return int(C.wolfSSL_get_error(ssl, C.int(ret))) 225 | } 226 | 227 | func WolfSSL_ERR_error_string(ret int, data []byte) string { 228 | return C.GoString(C.wolfSSL_ERR_error_string(C.ulong(ret), (*C.char)(unsafe.Pointer(&data[0])))) 229 | } 230 | 231 | func WolfSSL_get_cipher_name(ssl *C.struct_WOLFSSL) string { 232 | return C.GoString(C.wolfSSL_get_cipher_name(ssl)) 233 | } 234 | 235 | func WolfSSL_get_version(ssl *C.struct_WOLFSSL) string { 236 | return C.GoString(C.wolfSSL_get_version(ssl)) 237 | } 238 | 239 | func WolfSSL_lib_version() string { 240 | return C.GoString(C.wolfSSL_lib_version()) 241 | } 242 | 243 | func WolfSSL_Debugging_ON() { 244 | C.wolfSSL_Debugging_ON() 245 | } 246 | 247 | func WolfSSL_Debugging_OFF() { 248 | C.wolfSSL_Debugging_OFF() 249 | } 250 | --------------------------------------------------------------------------------