4.3 KiB
wolfSSL IoT-Safe Example
Evaluation Platform
Including: * STM32L496AGI6-based low-power discovery mother board * STM Quectel BG96 modem, plugged into the 'STMod+' connector * IoT-Safe capable SIM card
Note: The BG96 was tested using firmware BG96MAR02A08M1G_01.012.01.012
. If having issues with the demo make sure your BG96 firmware is updated.
Description
This example firmware will run an example TLS 1.2 server using wolfSSL, and a TLS 1.2 client, on the same host, using an IoT-safe applet supporting the IoT.05-v1-IoT standard.
The client and server routines alternate their execution in a single-threaded, cooperative loop.
Client and server communicate to each other using memory buffers to establish a TLS session without the use of TCP/IP sockets.
IoT-Safe interface
In this example, the client is the IoT-safe capable endpoint. First, it creates
a wolfSSL context cli_ctx
normally:
wolfSSL_CTX_iotsafe_enable(cli_ctx);
In order to activate IoT-safe support in this context, the following function is called:
printf("Client: Enabling IoT Safe in CTX\n");
wolfSSL_CTX_iotsafe_enable(cli_ctx);
Additionally, after the SSL session creation, shown below:
printf("Creating new SSL\n");
cli_ssl = wolfSSL_new(cli_ctx);
the client associates the pre-provisioned keys and the available slots in the IoT safe applet to the current session:
wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CERT_ID);
The applet that has been tested with this demo has the current configuration:
Key slot | Name | Description |
---|---|---|
0x02 | PRIVKEY_ID |
pre-provisioned with client ECC key |
0x03 | ECDH_KEYPAIR_ID |
can store a keypair generated in the applet, used for shared key derivation |
0x04 | PEER_PUBKEY_ID |
used to store the server's public key for key derivation |
0x05 | PEER_CERT_ID |
used to store the server's public key to authenticate the peer |
The following file is used to read the client's certificate:
File Slot | Name | Description |
---|---|---|
0x03 | CRT_FILE_ID |
pre-provisioned with client certificate |
Compiling and running
From this directory, run 'make', then use your favorite flash programming
software to upload the firmware image.bin
to the target board.
- Using the STM32CubeProgrammer open the
image.elf
and program to flash. - Using ST-Link virtual serial port connect at 115220
- Hit reset button.
- The output should look similar to below:
wolfSSL IoT-SAFE demo
Press a key to continue...
.
Initializing modem...
Modem booting...
Modem is on.
System up and running
Initializing wolfSSL...
Initializing modem port
Turning on VDDIO2
Initializing IoTSafe I/O...
Initializing RNG...
Getting RND...
Random bytes: 08ECF538192218569876EAB9D690306C
Starting memory-tls test...
=== SERVER step 0 ===
Setting TLSv1.3 for SECP256R1 key share
=== CLIENT step 0 ===
Client: Creating new CTX
Client: Enabling IoT Safe in CTX
Loading CA
Loaded Server certificate from IoT-Safe, size = 676
Server certificate successfully imported.
Loaded Client certificate from IoT-Safe, size = 867
Client certificate successfully imported.
Creating new SSL object
Setting TLS options: turn on IoT-safe for this socket
Setting TLSv1.3 for SECP256R1 key share
Connecting to server...
=== Cli->Srv: 162
=== SERVER step 1 ===
=== Srv RX: 5
=== Srv RX: 157
=== Srv-Cli: 128
=== Srv-Cli: 28
=== Srv-Cli: 43
=== Srv-Cli: 712
=== Srv-Cli: 100
=== Srv-Cli: 58
=== CLIENT step 1 ===
Connecting to server...
=== Cli RX: 5
=== Cli RX: 123
=== Cli RX: 5
=== Cli RX: 23
=== Cli RX: 5
=== Cli RX: 38
=== Cli RX: 5
=== Cli RX: 707
=== Cli RX: 5
=== Cli RX: 95
=== Cli RX: 5
=== Cli RX: 53
=== Cli->Srv: 902
=== Cli->Srv: 101
=== Cli->Srv: 58
Client connected!
Sending message: hello iot-safe wolfSSL
=== Cli->Srv: 44
wolfSSL client test success!
=== SERVER step 1 ===
=== Srv RX: 5
=== Srv RX: 897
=== Srv RX: 5
=== Srv RX: 96
=== Srv RX: 5
=== Srv RX: 53
wolfSSL accept success!
=== Srv RX: 5
=== Srv RX: 39
++++++ Server received msg from client: 'hello iot-safe wolfSSL'
IoT-Safe TEST SUCCESSFUL
Support
For questions please email support@wolfssl.com