ctx = wolfssl.wolfSSL_CTX_new(wolfssl.wolfTLSv1_client_method())
if ctx == None:
print "Couldn't get SSL CTX for TLSv1"
exit(-1)
ret = wolfssl.wolfSSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem", None)
if ret != wolfssl.SSL_SUCCESS:
print "Couldn't do SSL_CTX_load_verify_locations "
print "error string = ", ret
exit(-1)
ssl = wolfssl.wolfSSL_new(ctx)
ret = wolfssl.wolfSSL_swig_connect(ssl, "localhost", 11111)
if ret != wolfssl.SSL_SUCCESS:
print "Couldn't do SSL connect"
err = wolfssl.wolfSSL_get_error(ssl, 0)
print "error string = ", wolfssl.wolfSSL_error_string(err)
exit(-1)
print "...Connected"
written = wolfssl.wolfSSL_write(ssl, "hello from python\r\n", 19)
if written > 0:
print "Wrote ", written, " bytes"
byteArray = wolfssl.byteArray(100)
readBytes = wolfssl.wolfSSL_read(ssl, byteArray, 100)
print "server reply: ", wolfssl.cdata(byteArray, readBytes)
if ctx == None:
print "Couldn't get SSL CTX for TLSv1"
exit(-1)
ret = wolfssl.wolfSSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem",
None)
if ret != wolfssl.SSL_SUCCESS:
print "Couldn't do SSL_CTX_load_verify_locations "
print "error string = ", ret
exit(-1)
ssl = wolfssl.wolfSSL_new(ctx)
ret = wolfssl.wolfSSL_swig_connect(ssl, "localhost", 11111)
if ret != wolfssl.SSL_SUCCESS:
print "Couldn't do SSL connect"
err = wolfssl.wolfSSL_get_error(ssl, 0)
print "error string = ", wolfssl.wolfSSL_error_string(err)
exit(-1)
print "...Connected"
written = wolfssl.wolfSSL_write(ssl, "hello from python\r\n", 19)
if written > 0:
print "Wrote ", written, " bytes"
byteArray = wolfssl.byteArray(100)
readBytes = wolfssl.wolfSSL_read(ssl, byteArray, 100)
print "server reply: ", wolfssl.cdata(byteArray, readBytes)
password = ''.join(
random.choice(string.ascii_uppercase + string.digits)
for x in range(PASSWORD_LENGTH))
salt = os.urandom(SALT_LENGTH)
key = wolfssl.byteArray(KEY_LENGTH)
# params:
# key :: bytearray output
# passwd :: bytearray password that is used to derive the key
# pLen :: password length
# salt :: bytearray salt
# sLen :: salt length
# iterations :: number of iterations
# kLen :: key length
# hashType :: int, SHA256 stands for 2
# purpose :: int, not really sure what it does, 1 was used in the tests
wolfssl.wc_PKCS12_PBKDF(key, to_c_byte_array(password), PASSWORD_LENGTH,
to_c_byte_array(salt), SALT_LENGTH, ITERATIONS,
KEY_LENGTH, SHA256, 1)
key = wolfssl.cdata(key, KEY_LENGTH)
assert len(
key
) == KEY_LENGTH, "Generated key has length %s, whereas should have length %s" % (
len(key), KEY_LENGTH)
print 'Generated key: %s\nfor password: %s' % (key, password)
print 'Bytes:'
print[b for b in key]
salt = os.urandom(SALT_LENGTH)
key = wolfssl.byteArray(KEY_LENGTH)
# params:
# key :: bytearray output
# passwd :: bytearray password that is used to derive the key
# pLen :: password length
# salt :: bytearray salt
# sLen :: salt length
# iterations :: number of iterations
# kLen :: key length
# hashType :: int, SHA256 stands for 2
# purpose :: int, not really sure what it does, 1 was used in the tests
wolfssl.wc_PKCS12_PBKDF(
key,
to_c_byte_array(password),
PASSWORD_LENGTH,
to_c_byte_array(salt),
SALT_LENGTH,
ITERATIONS,
KEY_LENGTH,
SHA256,
1,
)
key = wolfssl.cdata(key, KEY_LENGTH)
assert len(key) == KEY_LENGTH, "Generated key has length %s, whereas should have length %s" % (len(key), KEY_LENGTH)
print "Generated key: %s\nfor password: %s" % (key, password)
print "Bytes:"
print [b for b in key]
if rng == None:
print "Couldn't get an RNG"
exit(-1)
# load RSA private key in DER format
key = wolfssl.GetRsaPrivateKey("../certs/client-key.der")
if key == None:
print "Couldn't load DER private key file"
exit(-1)
# Make byte Arrays and fill input
signOutput = wolfssl.byteArray(128) # 128 allows 1024 bit private key
signStr = wolfssl.byteArray(25) # input can't be larger then key size
# 64 for 512 bit 128 for 1024 bit
wolfssl.FillSignStr(signStr, "Everybody gets Friday off", 25)
# Do RSA Sign
signedSize = wolfssl.RsaSSL_Sign(signStr, 25, signOutput, 128, key, rng)
# Show output
print "Signed Size = ", signedSize, " signed array = ", wolfssl.cdata(
signOutput, signedSize)
# let's verify this worked
signVerify = wolfssl.byteArray(signedSize)
verifySize = wolfssl.RsaSSL_Verify(signOutput, signedSize, signVerify,
signedSize, key)
print "Verify Size = ", verifySize, " verify array = ", wolfssl.cdata(
signVerify, verifySize)
# start Random Number Generator
rng = wolfssl.GetRng()
if rng == None:
print "Couldn't get an RNG"
exit(-1)
# load RSA private key in DER format
key = wolfssl.GetRsaPrivateKey("../certs/client-key.der")
if key == None:
print "Couldn't load DER private key file"
exit(-1)
# Make byte Arrays and fill input
signOutput = wolfssl.byteArray(128) # 128 allows 1024 bit private key
signStr = wolfssl.byteArray(25) # input can't be larger then key size
# 64 for 512 bit 128 for 1024 bit
wolfssl.FillSignStr(signStr, "Everybody gets Friday off", 25)
# Do RSA Sign
signedSize = wolfssl.RsaSSL_Sign(signStr, 25, signOutput, 128, key, rng)
# Show output
print "Signed Size = ", signedSize, " signed array = ", wolfssl.cdata(signOutput, signedSize)
# let's verify this worked
signVerify = wolfssl.byteArray(signedSize)
verifySize = wolfssl.RsaSSL_Verify(signOutput, signedSize, signVerify, signedSize, key)
print "Verify Size = ", verifySize, " verify array = ", wolfssl.cdata(signVerify, verifySize)
