From 5ac03256db0fe4ca7e3ad1117d096c3a76368b76 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Fri, 9 Jan 2015 09:46:07 +0100
Subject: backported CyaSSL/OpenSSL support for internal webserver instead of
 MatrixSSL

---
 release/src/router/cyassl/swig/PythonBuild.sh      |   9 +
 release/src/router/cyassl/swig/README              |  44 ++++
 release/src/router/cyassl/swig/cyassl.i            |  42 ++++
 release/src/router/cyassl/swig/cyassl_adds.c       | 208 +++++++++++++++++++
 .../src/router/cyassl/swig/python_cyassl.vcproj    | 225 +++++++++++++++++++++
 release/src/router/cyassl/swig/rsasign.py          |  35 ++++
 release/src/router/cyassl/swig/runme.py            |  30 +++
 7 files changed, 593 insertions(+)
 create mode 100755 release/src/router/cyassl/swig/PythonBuild.sh
 create mode 100644 release/src/router/cyassl/swig/README
 create mode 100644 release/src/router/cyassl/swig/cyassl.i
 create mode 100644 release/src/router/cyassl/swig/cyassl_adds.c
 create mode 100755 release/src/router/cyassl/swig/python_cyassl.vcproj
 create mode 100644 release/src/router/cyassl/swig/rsasign.py
 create mode 100644 release/src/router/cyassl/swig/runme.py

(limited to 'release/src/router/cyassl/swig')

diff --git a/release/src/router/cyassl/swig/PythonBuild.sh b/release/src/router/cyassl/swig/PythonBuild.sh
new file mode 100755
index 00000000..0fc2a880
--- /dev/null
+++ b/release/src/router/cyassl/swig/PythonBuild.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+echo
+swig -python cyassl.i
+pythonIncludes=`python-config --includes`
+pythonLibs=`python-config --libs`
+gcc -c -fpic cyassl_wrap.c -I$pythonIncludes -I/usr/local/cyassl/include -DHAVE_CONFIG_H
+gcc -c -fpic cyassl_adds.c -I/usr/local/cyassl/include
+gcc -shared -flat_namespace  cyassl_adds.o  cyassl_wrap.o -lcyassl -L/usr/local/cyassl/lib $pythonLibs -o _cyassl.so
+python runme.py
diff --git a/release/src/router/cyassl/swig/README b/release/src/router/cyassl/swig/README
new file mode 100644
index 00000000..302bc6be
--- /dev/null
+++ b/release/src/router/cyassl/swig/README
@@ -0,0 +1,44 @@
+
+
+Initial swig interface file
+
+Please send questions to support@yassl.com
+
+
+
+**Python Support**
+
+    For Linux, OS X, or *nix
+
+1) build CyaSSL with fpic on Linux, not needed on OS X
+    ./configure --disable-shared CFLAGS=-fpic
+    make
+    sudo make install
+
+
+2) start the example echoserver from the examples/echoserver directory
+    ./echoserver
+
+3) run ./PtyonBuild.sh from this directory it will
+    a) build the swig wrapper file
+    b) compile the swig wrapper and cyassl wrapper files
+    c) place them into a cyassl shared library for python
+    d) run runme.py which will connect to the CyaSSL echo server, write a
+       string, then read the result and output it
+
+
+    Windows only 
+
+1) Make sure the install path to cyassl doesn't have any spaces anywhere in the
+   directory path because swig doesn't like that
+2) Have python for Windows installed, note install directory
+3) Have swigwin installed, note install directory
+4) Make sure swigwin install direcotry is added to PATH env. variable
+5) Make sure env. variables PYTHON_INCLUDE and PYTHON_LIB are set correctly e.g.
+    PYTHON_INCLUE="c:\Python26\include"
+    PYTHON_LIB="c:\Python26\libs\python26.lib"
+6) Build python_cyassl in Release mode only, Debug build fails to find a debug
+    python library that isn't included by default
+7) The outputs _cyassl.pyd and cyassl.py are the cyassl import library
+8) Can now run python runme.py from the swig directory 
+
diff --git a/release/src/router/cyassl/swig/cyassl.i b/release/src/router/cyassl/swig/cyassl.i
new file mode 100644
index 00000000..8e5c53cc
--- /dev/null
+++ b/release/src/router/cyassl/swig/cyassl.i
@@ -0,0 +1,42 @@
+
+
+%module cyassl
+%{
+    #include "openssl/ssl.h"
+    #include "rsa.h"
+
+    /* defn adds */
+    char* CyaSSL_error_string(int err);
+    int   CyaSSL_connect(SSL*, const char* server, int port);
+    RNG*  GetRng(void);
+    RsaKey* GetRsaPrivateKey(const char* file);
+    void    FillSignStr(unsigned char*, const char*, int);
+%}
+
+
+SSL_METHOD* TLSv1_client_method(void);
+SSL_CTX*    SSL_CTX_new(SSL_METHOD*);
+int         SSL_CTX_load_verify_locations(SSL_CTX*, const char*, const char*);
+SSL*        SSL_new(SSL_CTX*);
+int         SSL_get_error(SSL*, int);
+int         SSL_write(SSL*, const char*, int);
+char*       CyaSSL_error_string(int);
+int         CyaSSL_connect(SSL*, const char* server, int port);
+
+int         RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, RNG* rng);
+
+int         RsaSSL_Verify(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key);
+
+RNG* GetRng(void);
+RsaKey* GetRsaPrivateKey(const char* file);
+void    FillSignStr(unsigned char*, const char*, int);
+
+%include carrays.i
+%include cdata.i
+%array_class(unsigned char, byteArray);
+int         SSL_read(SSL*, unsigned char*, int);
+
+
+#define    SSL_FAILURE      0
+#define    SSL_SUCCESS      1
+
diff --git a/release/src/router/cyassl/swig/cyassl_adds.c b/release/src/router/cyassl/swig/cyassl_adds.c
new file mode 100644
index 00000000..9dfae43b
--- /dev/null
+++ b/release/src/router/cyassl/swig/cyassl_adds.c
@@ -0,0 +1,208 @@
+/* cyassl_adds.c */
+#ifndef _WIN32
+    #define HAVE_CONFIG_H
+#endif
+
+#include "openssl/ssl.h"
+#include "rsa.h"
+#include "asn.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <ctype.h>
+
+#ifdef _WIN32
+    #include <winsock2.h>
+    #include <process.h>
+    #ifdef TEST_IPV6            /* don't require newer SDK for IPV4 */
+	    #include <ws2tcpip.h>
+        #include <wspiapi.h>
+    #endif
+    #define SOCKET_T int
+#else
+    #include <string.h>
+    #include <unistd.h>
+    #include <netdb.h>
+    #include <netinet/in.h>
+    #include <arpa/inet.h>
+    #include <sys/ioctl.h>
+    #include <sys/time.h>
+    #include <sys/types.h>
+    #include <sys/socket.h>
+    #include <pthread.h>
+    #ifdef NON_BLOCKING
+        #include <fcntl.h>
+    #endif
+    #ifdef TEST_IPV6
+        #include <netdb.h>
+    #endif
+    #define SOCKET_T unsigned int
+#endif /* _WIN32 */
+
+#ifdef _MSC_VER
+    /* disable conversion warning */
+    /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
+    #pragma warning(disable:4244 4996)
+#endif
+
+#if defined(__MACH__) || defined(_WIN32)
+    #ifndef _SOCKLEN_T
+        typedef int socklen_t;
+    #endif
+#endif
+
+
+/* HPUX doesn't use socklent_t for third parameter to accept */
+#if !defined(__hpux__)
+    typedef socklen_t* ACCEPT_THIRD_T;
+#else
+    typedef int*       ACCEPT_THIRD_T;
+#endif
+
+
+#ifdef _WIN32
+    #define CloseSocket(s) closesocket(s)
+    #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); }
+#else
+    #define CloseSocket(s) close(s)
+    #define StartTCP() 
+#endif
+
+
+#ifdef TEST_IPV6
+    typedef struct sockaddr_in6 SOCKADDR_IN_T;
+    #define AF_INET_V    AF_INET6
+#else
+    typedef struct sockaddr_in  SOCKADDR_IN_T;
+    #define AF_INET_V    AF_INET
+#endif
+   
+
+enum {
+    SSL_BLOCKING    = 2,
+    SSL_NONBLOCKING = 4
+};
+
+
+static int tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr, const char* peer,
+                       short port)
+{
+    const char* host = peer;
+
+    /* peer could be in human readable form */
+    if (isalpha(peer[0])) {
+        struct hostent* entry = gethostbyname(peer);
+
+        if (entry) {
+            struct sockaddr_in tmp;
+            memset(&tmp, 0, sizeof(struct sockaddr_in));
+            memcpy(&tmp.sin_addr.s_addr, entry->h_addr_list[0],entry->h_length);
+            host = inet_ntoa(tmp.sin_addr);
+        }
+        else
+            return -1;   /* no entry for host */ 
+    }
+
+    *sockfd = socket(AF_INET, SOCK_STREAM, 0);
+    memset(addr, 0, sizeof(SOCKADDR_IN_T));
+
+    addr->sin_family = AF_INET;
+    addr->sin_port = htons(port);
+    addr->sin_addr.s_addr = inet_addr(host);
+
+#ifdef SO_NOSIGPIPE
+    {
+        int on = 1;
+        socklen_t len = sizeof(on);
+        setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len);
+    }
+#endif
+
+    return 0;
+}
+
+
+static int tcp_connect(SOCKET_T* sockfd, const char* ip, short port)
+{
+    SOCKADDR_IN_T addr;
+    int ret = tcp_socket(sockfd, &addr, ip, port);
+    if (ret != 0) return ret;
+
+    if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
+        return -2; /* can't connect */
+
+    return 0;
+}
+    
+
+int CyaSSL_connect(SSL* ssl, const char* server, int port)
+{
+    SOCKET_T sockfd;
+    int ret = tcp_connect(&sockfd, server, port);
+    if (ret != 0) return ret;
+    
+    SSL_set_fd(ssl, sockfd);
+
+    return SSL_connect(ssl);
+}
+
+
+char* CyaSSL_error_string(int err)
+{
+    static char buffer[80];
+
+    return ERR_error_string(err, buffer);
+}
+
+
+RNG* GetRng(void)
+{
+    RNG* rng = (RNG*)malloc(sizeof(RNG));
+
+    if (rng)
+        if (InitRng(rng) != 0) {
+            free(rng);
+            rng = 0;
+        }
+
+    return rng;
+}
+
+
+RsaKey* GetRsaPrivateKey(const char* keyFile)
+{
+    RsaKey* key = (RsaKey*)malloc(sizeof(RsaKey));
+
+    if (key) {
+        byte   tmp[1024];
+        size_t bytes;
+        int    ret;
+        word32 idx = 0;
+        FILE*  file = fopen(keyFile, "rb");
+
+        if (!file) {
+            free(key);
+            return 0;
+        }
+
+        bytes = fread(tmp, 1, sizeof(tmp), file);
+        fclose(file);
+        InitRsaKey(key, 0);
+
+        ret = RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
+        if (ret != 0) {
+            FreeRsaKey(key);
+            free(key);
+            return 0;
+        }
+    }
+    return key;
+}
+
+
+void FillSignStr(unsigned char* dst, const char* src, int size)
+{
+    memcpy(dst, src, size);
+}
+
diff --git a/release/src/router/cyassl/swig/python_cyassl.vcproj b/release/src/router/cyassl/swig/python_cyassl.vcproj
new file mode 100755
index 00000000..d4373a94
--- /dev/null
+++ b/release/src/router/cyassl/swig/python_cyassl.vcproj
@@ -0,0 +1,225 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="9.00"
+	Name="python_cyassl"
+	ProjectGUID="{47A3ABA9-EC54-4788-BC7E-370595B2011A}"
+	RootNamespace="python_cyassl"
+	Keyword="Win32Proj"
+	TargetFrameworkVersion="196613"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="../include;../ctaocrypt/include;&quot;$(PYTHON_INCLUDE)&quot;"
+				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;PYTHON_CYASSL_EXPORTS"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="$(PYTHON_LIB) Ws2_32.lib"
+				OutputFile="_cyassl.pyd"
+				LinkIncremental="2"
+				GenerateDebugInformation="true"
+				SubSystem="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="1"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				EnableIntrinsicFunctions="true"
+				AdditionalIncludeDirectories="../include;../ctaocrypt/include;&quot;$(PYTHON_INCLUDE)&quot;"
+				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;PYTHON_CYASSL_EXPORTS"
+				RuntimeLibrary="2"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="$(PYTHON_LIB) Ws2_32.lib"
+				OutputFile="_cyassl.pyd"
+				LinkIncremental="1"
+				GenerateDebugInformation="true"
+				SubSystem="2"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\cyassl_adds.c"
+				>
+			</File>
+			<File
+				RelativePath=".\cyassl_wrap.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+		<File
+			RelativePath=".\cyassl.i"
+			>
+			<FileConfiguration
+				Name="Debug|Win32"
+				>
+				<Tool
+					Name="VCCustomBuildTool"
+					CommandLine="echo In order to function correctly, please ensure the following environment variables are correctly set:&#x0D;&#x0A;echo PYTHON_INCLUDE: %PYTHON_INCLUDE%&#x0D;&#x0A;echo PYTHON_LIB: %PYTHON_LIB%&#x0D;&#x0A;echo on&#x0D;&#x0A;swig.exe -python $(InputPath)&#x0D;&#x0A;"
+					Outputs="$(InputName)_wrap.c"
+				/>
+			</FileConfiguration>
+			<FileConfiguration
+				Name="Release|Win32"
+				>
+				<Tool
+					Name="VCCustomBuildTool"
+					CommandLine="echo In order to function correctly, please ensure the following environment variables are correctly set:&#x0D;&#x0A;echo PYTHON_INCLUDE: %PYTHON_INCLUDE%&#x0D;&#x0A;echo PYTHON_LIB: %PYTHON_LIB%&#x0D;&#x0A;echo on&#x0D;&#x0A;swig.exe -python $(InputPath)"
+					Outputs="$(InputName)_wrap.c"
+				/>
+			</FileConfiguration>
+		</File>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/release/src/router/cyassl/swig/rsasign.py b/release/src/router/cyassl/swig/rsasign.py
new file mode 100644
index 00000000..ad2e114f
--- /dev/null
+++ b/release/src/router/cyassl/swig/rsasign.py
@@ -0,0 +1,35 @@
+# file: rsasign.py
+
+import cyassl 
+
+
+# start Random Number Generator
+rng = cyassl.GetRng()
+if rng == None:
+    print "Couldn't get an RNG"
+    exit(-1)
+
+# load RSA private key in DER format
+key = cyassl.GetRsaPrivateKey("../certs/client-key.der")
+if key == None:
+    print "Couldn't load DER private key file"
+    exit(-1)
+
+# Make byte Arrays and fill input
+signOutput = cyassl.byteArray(128)   # 128 allows 1024 bit private key
+signStr    = cyassl.byteArray(25)    # input can't be larger then key size
+                                     # 64 for 512 bit 128 for 1024 bit
+cyassl.FillSignStr(signStr, "Everybody gets Friday off", 25)
+
+# Do RSA Sign
+signedSize = cyassl.RsaSSL_Sign(signStr, 25, signOutput, 128, key, rng) 
+
+# Show output 
+print "Signed Size = ", signedSize, " signed array = ", cyassl.cdata(signOutput, signedSize)
+
+# let's verify this worked
+signVerify = cyassl.byteArray(signedSize)
+verifySize = cyassl.RsaSSL_Verify(signOutput, signedSize, signVerify, signedSize, key)
+
+print "Verify Size = ", verifySize, " verify array = ", cyassl.cdata(signVerify, verifySize)
+
diff --git a/release/src/router/cyassl/swig/runme.py b/release/src/router/cyassl/swig/runme.py
new file mode 100644
index 00000000..1734a019
--- /dev/null
+++ b/release/src/router/cyassl/swig/runme.py
@@ -0,0 +1,30 @@
+# file: runme.py
+
+import cyassl 
+
+print ""
+print "Trying to connect to the echo server..."
+
+ctx    = cyassl.SSL_CTX_new(cyassl.TLSv1_client_method())
+ret    = cyassl.SSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem", None)
+ssl    = cyassl.SSL_new(ctx)
+
+ret    = cyassl.CyaSSL_connect(ssl, "localhost", 11111)
+
+if ret != cyassl.SSL_SUCCESS:
+    print "Couldn't do SSL connect"
+    err    = cyassl.SSL_get_error(ssl, 0)
+    print "error string = ", cyassl.CyaSSL_error_string(err)
+    exit(-1)
+
+print "...Connected"
+written = cyassl.SSL_write(ssl, "hello from python\r\n", 19)
+
+if written > 0:
+    print "Wrote ", written, " bytes"
+
+byteArray = cyassl.byteArray(100)
+readBytes = cyassl.SSL_read(ssl, byteArray, 100)
+
+print "server reply: ", cyassl.cdata(byteArray, readBytes) 
+
-- 
cgit v1.2.3-54-g00ecf