Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wolfCrypt CSharp Wrapper #3166

Merged
merged 8 commits into from
Oct 8, 2024
Merged

wolfCrypt CSharp Wrapper #3166

merged 8 commits into from
Oct 8, 2024

Conversation

dgarske
Copy link
Contributor

@dgarske dgarske commented Jul 27, 2020

Description

  • Adds RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing to the CSharp wrapper.
  • Adds GitHub action for building the CSharp wrapper solution and running wolfCrypt test and a TLS server/client example.
  • Adds "new" API's for wolfCrypt for platforms that cannot tolerate the structs directly.
  • Fixes for several scan-build warnings.

@dgarske dgarske self-assigned this Jul 27, 2020
@dgarske dgarske force-pushed the csharp_wolfcrypt branch from 06aa280 to c51f2dc Compare July 29, 2021 20:47
@wolfSSL-Bot
Copy link

Can one of the admins verify this patch?

@dgarske
Copy link
Contributor Author

dgarske commented Aug 12, 2024

Retest this please

Failed "PRB-single-flag.txt_140" -> FAIL: scripts/openssl.test

Verification: OK
---
New, TLSv1.2, Cipher is DHE-RSA-AES128-SHA256
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES128-SHA256
    Session-ID: 603095B7951650878661715FD3F8986C9AA55554190CF76174CE4EF8A4621486
    Session-ID-ctx: 
    Master-Key: 10EEBC6975E0DF1DE3B1DDA67AC867EFCAE0C677AE8CD4C6F693E89FF39F038427CCE6F0C5EF2D52B992430B161FE6F9
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1723481638
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
client failed! Suite = DHE-RSA-AES128-SHA256 version = 3
in cleanup
killing server: OpenSSL_RSA (51839)
killing server: wolfSSL_RSA (58911)
killing server: OpenSSL_ECDH[E]-ECDSA (64612)
killing server: wolfSSL_ECDH[E]-ECDSA (58911)
FAIL scripts/openssl.test (exit status: 1)

@dgarske dgarske requested review from JacobBarthelmeh and removed request for JacobBarthelmeh August 22, 2024 23:31
@dgarske dgarske force-pushed the csharp_wolfcrypt branch 4 times, most recently from a5e7c91 to 315cc9c Compare August 23, 2024 19:08
@dgarske
Copy link
Contributor Author

dgarske commented Aug 26, 2024

@wolfSSL-Bot , this work is at a good checkpoint to review. More work is planned for the wolfCrypt CSharp wrapper, but the ECC, ED25519/Curve25519 and RSA should be ready/done.

@dgarske dgarske force-pushed the csharp_wolfcrypt branch 2 times, most recently from 840bfdc to 0b0cd76 Compare September 3, 2024 16:55
@dgarske
Copy link
Contributor Author

dgarske commented Sep 4, 2024

Retest this please. Multi-test failure, but history not retained long enough

@dgarske dgarske requested a review from douzzer September 5, 2024 19:41
@dgarske dgarske assigned wolfSSL-Bot and douzzer and unassigned dgarske and aidangarske Sep 5, 2024
wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs Outdated Show resolved Hide resolved
wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs Outdated Show resolved Hide resolved
wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs Outdated Show resolved Hide resolved
@dgarske
Copy link
Contributor Author

dgarske commented Sep 11, 2024

@aidangarske PR has merge conflicts and needs rebase / force-push.

wrapper/CSharp/README.md Outdated Show resolved Hide resolved
wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs Outdated Show resolved Hide resolved
@dgarske dgarske assigned wolfSSL-Bot and unassigned dgarske Sep 24, 2024
@dgarske dgarske force-pushed the csharp_wolfcrypt branch 2 times, most recently from 6c118e1 to 71aacf4 Compare September 25, 2024 00:44
gasbytes
gasbytes previously approved these changes Sep 26, 2024
Copy link
Contributor

@douzzer douzzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

analyzers found some issues. these should all reproduce easily using wolfssl-multi-test.sh.

[sanitizer-all-intelasm-c-fallback-fuzzer] [11 of 36] [f5e0ae6d3a]
    seed=2082989074
    configure...   real 0m21.179s  user 0m8.599s  sys 0m14.451s
    build...   real 2m36.996s  user 10m21.038s  sys 0m18.323s
    check...   real 0m32.027s  user 0m30.537s  sys 0m21.660s

=================================================================
==1028==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4 byte(s) in 1 object(s) allocated from:
    #0 0x7f32f32f9837 in malloc /tmp/portage/sys-devel/gcc-14.1.1_p20240720/work/gcc-14-20240720/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7f32f1b52e10 in wc_debug_CipherLifecycleInit wolfcrypt/src/memory.c:1681
    #2 0x5587f122f991 in aesccm_128_test wolfcrypt/test/test.c:15870
    #3 0x5587f12cde1c in aesccm_test wolfcrypt/test/test.c:16062
    #4 0x5587f1333ccd in cryptocb_test wolfcrypt/test/test.c:58640
    #5 0x5587f1338e66 in wolfcrypt_test wolfcrypt/test/test.c:2364
    #6 0x5587f136d7bf in testsuite_test testsuite/testsuite.c:178
    #7 0x7f32f0444189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #8 0x7f32f044424a in __libc_start_main_impl ../csu/libc-start.c:360
    #9 0x5587f122a9b4 in _start ../sysdeps/x86_64/start.S:115

Direct leak of 4 byte(s) in 1 object(s) allocated from:
    #0 0x7f32f32f9837 in malloc /tmp/portage/sys-devel/gcc-14.1.1_p20240720/work/gcc-14-20240720/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7f32f1b52e10 in wc_debug_CipherLifecycleInit wolfcrypt/src/memory.c:1681
    #2 0x5587f122f991 in aesccm_128_test wolfcrypt/test/test.c:15870
    #3 0x5587f133821e in aesccm_test wolfcrypt/test/test.c:16062
    #4 0x5587f133821e in wolfcrypt_test wolfcrypt/test/test.c:1948
    #5 0x5587f136d7bf in testsuite_test testsuite/testsuite.c:178
    #6 0x7f32f0444189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #7 0x7f32f044424a in __libc_start_main_impl ../csu/libc-start.c:360
    #8 0x5587f122a9b4 in _start ../sysdeps/x86_64/start.S:115

SUMMARY: AddressSanitizer: 8 byte(s) leaked in 2 allocation(s).
    sanitizer-all-intelasm-c-fallback-fuzzer fail_analytic_check
    failed config: '--srcdir' '.' '--disable-jobserver' '--enable-option-checking=fatal' '--enable-all' '--enable-testcert' '--enable-intelasm' 'CPPFLAGS=-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWOLFSSL_OLD_PRIME_CHECK' 'CC=gcc-14' 'LDFLAGS=-g -fno-omit-frame-pointer -fsanitize-recover=all -fsanitize=address,pointer-subtract,leak,undefined,float-cast-overflow,float-divide-by-zero,bounds-strict -fsanitize-recover=all ' 'CFLAGS=-DWC_DEBUG_CIPHER_LIFECYCLE -g -fno-omit-frame-pointer -fsanitize=address,pointer-subtract,leak,undefined,float-cast-overflow,float-divide-by-zero,bounds-strict -fsanitize-recover=all --param=max-vartrack-size=128000000 -DWC_AES_C_DYNAMIC_FALLBACK -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING'
    BUILD_ENV: 'FAIL_BUILD_CODENAME=fail_analytic_build' 'MAX_FIPS_CODE_SZ=10000000'
    RUN_ENV: 'LD_LIBRARY_PATH=/tmp/tmp.4346_11739/wolfssl_test_workdir.1723/wolfssl/src/.libs:/usr/lib/gcc/x86_64-pc-linux-gnu/14:/usr/lib/gcc/x86_64-pc-linux-gnu/14/32' 'ASAN_OPTIONS=halt_on_error=0 color=always log_path=sanitizer_log.asan ' 'UBSAN_OPTIONS=halt_on_error=0 color=always log_path=sanitizer_log.ubsan ' 'LSAN_OPTIONS=halt_on_error=0 color=always log_path=sanitizer_log.lsan ' 'MSAN_OPTIONS=halt_on_error=0 color=always log_path=sanitizer_log.msan ' 'TSAN_OPTIONS=halt_on_error=0 color=always log_path=sanitizer_log.tsan '
[fips-140-3-dev-optest-acvp-sp-noasm] [28 of 36] [f5e0ae6d3a]
    setting up FIPS "dev"... done [fips="master" (09a71ef37e), wolfCrypt=current OID under test (f5e0ae6d3a)]
    configure...   real 0m11.077s  user 0m4.037s  sys 0m8.120s
    build...   real 0m11.427s  user 1m4.288s  sys 0m6.745s
    fixing FIPS hash... done.
    check...   real 0m6.303s  user 0m7.792s  sys 0m2.193s
    build op_test...   real 0m3.957s  user 0m3.758s  sys 0m0.185s
    run op_test...                                byte* in: INVALID
                               word32 sz: VALID
                        STATUS INDICATOR: -173 (Bad function argument) line 3913
                        --- end case ---
                      --- start case ---
                              struct Aes: VALID
                               byte* out: VALID
                                byte* in: VALID
                               word32 sz: SKIPPED (depend on operator to get right or optional)
                        STATUS INDICATORdouble free or corruption (out)
optest failed with status 134.
    fips-140-3-dev-optest-acvp-sp-noasm fail_run_optest
    failed config: '--srcdir' '.' '--disable-jobserver' '--enable-option-checking=fatal' '--enable-sp-math-all' '--disable-asm' 'CPPFLAGS=-DHAVE_FORCE_FIPS_FAILURE -DWOLFSSL_DH_EXTRA -DNO_WOLFSSL_CIPHER_SUITE_TEST -DWOLFSSL_DH_EXTRA -pedantic' '--enable-fips=dev'
[clang-tidy-asn-template-sp-all-small-stack] [36 of 36] [f5e0ae6d3a]
    configure...   real 0m27.054s  user 0m11.874s  sys 0m17.074s
    build...01ce04733a (<[email protected]> 2024-09-24 14:29:46 -0700 14063)     aes->isAllocated = 0;
/tmp/tmp.4346_11739/wolfssl_test_workdir.1723/wolfssl/wolfcrypt/src/aes.c:14063:22: warning: Access to field 'isAllocated' results in a dereference of a null pointer (loaded from variable 'aes') [clang-analyzer-core.NullDereference]
14063 |     aes->isAllocated = 0;
|                      ^
[...]
    clang-tidy-asn-template-sp-all-small-stack fail_build
    failed config: '--srcdir' '.' '--disable-jobserver' '--enable-option-checking=fatal' '--enable-all' '--enable-testcert' '--enable-asn=template' '--enable-sp-math-all' '--enable-smallstack' '--enable-smallstackcache' 'CPPFLAGS=-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWOLFSSL_OLD_PRIME_CHECK -pedantic -DSP_ALLOC -DWOLFSSL_CLANG_TIDY' 'CC=/home/douzzer/com/wolfssl/src/testing/git-hooks/clang-tidy-builder.sh' 'CLANG=/usr/lib/llvm/20/bin/clang-20' 'CFLAGS=-Wunreachable-code-aggressive -Wthread-safety -Wloop-analysis -Wenum-compare-conditional -fcolor-diagnostics -fcomplete-member-pointers -Wheader-hygiene -Wstring-conversion -Wtautological-overlap-compare -Wno-language-extension-token -Wunreachable-code-break -Wunreachable-code-return -Wimplicit-fallthrough'
    BUILD_ENV: 'CLANG_TIDY=/usr/lib/llvm/20/bin/clang-tidy' 'CLANG=/usr/lib/llvm/20/bin/clang-20' 'CLANG_TIDY_EXTRA_ARGS=--use-color=1 -line-filter=[{"name":"asn1.h","lines":[[1,166]]},{"name":".c"},{"name":".h"},{"name":".s"},{"name":".S"},{"name":".i"}]' 'CLANG_OVERRIDE_CFLAGS=' 'FAIL_BUILD_CODENAME=fail_analytic_build' 'MAX_FIPS_CODE_SZ=10000000'

aidangarske and others added 6 commits October 5, 2024 11:44
* Adds RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing to the CSharp wrapper.
* Adds GitHub action for building the CSharp wrapper solution and running wolfCrypt test and a TLS server/client example.
* Adds "new" API's for wolfCrypt for platforms that cannot tolerate the structs directly.
* Fixes for several scan-build warnings.
Copy link
Contributor

@douzzer douzzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note that several of the affected files under wrapper/, both existing and new in this PR, lack EOF linebreaks. OK to fix in a followup PR.

@douzzer douzzer merged commit 4a37947 into wolfSSL:master Oct 8, 2024
140 checks passed
@bandi13 bandi13 mentioned this pull request Oct 9, 2024
@dgarske dgarske deleted the csharp_wolfcrypt branch October 28, 2024 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants