wolfssl-w32/IDE/iotsafe/README.md

165 lines
4.3 KiB
Markdown

## wolfSSL IoT-Safe Example
### Evaluation Platform
* ST [P-L496G-CELL02](https://www.st.com/en/evaluation-tools/p-l496g-cell02.html)
Including:
* STM32L496AGI6-based low-power discovery mother board
* STM Quectel BG96 modem, plugged into the 'STMod+' connector
* IoT-Safe capable SIM card
Note: The BG96 was tested using firmware `BG96MAR02A08M1G_01.012.01.012`. If having issues with the demo make sure your BG96 firmware is updated.
### Description
This example firmware will run an example TLS 1.2 server using wolfSSL, and a
TLS 1.2 client, on the same host, using an IoT-safe applet supporting the
[IoT.05-v1-IoT standard](https://www.gsma.com/iot/wp-content/uploads/2019/12/IoT.05-v1-IoT-Security-Applet-Interface-Description.pdf).
The client and server routines alternate their execution in a single-threaded,
cooperative loop.
Client and server communicate to each other using memory buffers to establish a
TLS session without the use of TCP/IP sockets.
### IoT-Safe interface
In this example, the client is the IoT-safe capable endpoint. First, it creates
a wolfSSL context `cli_ctx` normally:
```c
wolfSSL_CTX_iotsafe_enable(cli_ctx);
```
In order to activate IoT-safe support in this context, the following function is
called:
```c
printf("Client: Enabling IoT Safe in CTX\n");
wolfSSL_CTX_iotsafe_enable(cli_ctx);
```
Additionally, after the SSL session creation, shown below:
```c
printf("Creating new SSL\n");
cli_ssl = wolfSSL_new(cli_ctx);
```
the client associates the pre-provisioned keys and the available slots in the
IoT safe applet to the current session:
```c
wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CERT_ID);
```
The applet that has been tested with this demo has the current configuration:
Key slot | Name | Description
-------|--------|------------------
0x02 | `PRIVKEY_ID` | pre-provisioned with client ECC key
0x03 | `ECDH_KEYPAIR_ID` | can store a keypair generated in the applet, used for shared key derivation
0x04 | `PEER_PUBKEY_ID` | used to store the server's public key for key derivation
0x05 | `PEER_CERT_ID` | used to store the server's public key to authenticate the peer
The following file is used to read the client's certificate:
File Slot | Name | Description
----------|------|------------
0x03 | `CRT_FILE_ID` | pre-provisioned with client certificate
### Compiling and running
From this directory, run 'make', then use your favorite flash programming
software to upload the firmware `image.bin` to the target board.
1) Using the STM32CubeProgrammer open the `image.elf` and program to flash.
2) Using ST-Link virtual serial port connect at 115220
3) Hit reset button.
4) The output should look similar to below:
```
wolfSSL IoT-SAFE demo
Press a key to continue...
.
Initializing modem...
Modem booting...
Modem is on.
System up and running
Initializing wolfSSL...
Initializing modem port
Turning on VDDIO2
Initializing IoTSafe I/O...
Initializing RNG...
Getting RND...
Random bytes: 08ECF538192218569876EAB9D690306C
Starting memory-tls test...
=== SERVER step 0 ===
Setting TLSv1.3 for SECP256R1 key share
=== CLIENT step 0 ===
Client: Creating new CTX
Client: Enabling IoT Safe in CTX
Loading CA
Loaded Server certificate from IoT-Safe, size = 676
Server certificate successfully imported.
Loaded Client certificate from IoT-Safe, size = 867
Client certificate successfully imported.
Creating new SSL object
Setting TLS options: turn on IoT-safe for this socket
Setting TLSv1.3 for SECP256R1 key share
Connecting to server...
=== Cli->Srv: 162
=== SERVER step 1 ===
=== Srv RX: 5
=== Srv RX: 157
=== Srv-Cli: 128
=== Srv-Cli: 28
=== Srv-Cli: 43
=== Srv-Cli: 712
=== Srv-Cli: 100
=== Srv-Cli: 58
=== CLIENT step 1 ===
Connecting to server...
=== Cli RX: 5
=== Cli RX: 123
=== Cli RX: 5
=== Cli RX: 23
=== Cli RX: 5
=== Cli RX: 38
=== Cli RX: 5
=== Cli RX: 707
=== Cli RX: 5
=== Cli RX: 95
=== Cli RX: 5
=== Cli RX: 53
=== Cli->Srv: 902
=== Cli->Srv: 101
=== Cli->Srv: 58
Client connected!
Sending message: hello iot-safe wolfSSL
=== Cli->Srv: 44
wolfSSL client test success!
=== SERVER step 1 ===
=== Srv RX: 5
=== Srv RX: 897
=== Srv RX: 5
=== Srv RX: 96
=== Srv RX: 5
=== Srv RX: 53
wolfSSL accept success!
=== Srv RX: 5
=== Srv RX: 39
++++++ Server received msg from client: 'hello iot-safe wolfSSL'
IoT-Safe TEST SUCCESSFUL
```
## Support
For questions please email support@wolfssl.com