wolfssl-w32/IDE/iotsafe/README.md

4.3 KiB

wolfSSL IoT-Safe Example

Evaluation Platform

Including: * STM32L496AGI6-based low-power discovery mother board * STM Quectel BG96 modem, plugged into the 'STMod+' connector * IoT-Safe capable SIM card

Note: The BG96 was tested using firmware BG96MAR02A08M1G_01.012.01.012. If having issues with the demo make sure your BG96 firmware is updated.

Description

This example firmware will run an example TLS 1.2 server using wolfSSL, and a TLS 1.2 client, on the same host, using an IoT-safe applet supporting the IoT.05-v1-IoT standard.

The client and server routines alternate their execution in a single-threaded, cooperative loop.

Client and server communicate to each other using memory buffers to establish a TLS session without the use of TCP/IP sockets.

IoT-Safe interface

In this example, the client is the IoT-safe capable endpoint. First, it creates a wolfSSL context cli_ctx normally:

wolfSSL_CTX_iotsafe_enable(cli_ctx);

In order to activate IoT-safe support in this context, the following function is called:

printf("Client: Enabling IoT Safe in CTX\n");
wolfSSL_CTX_iotsafe_enable(cli_ctx);

Additionally, after the SSL session creation, shown below:

printf("Creating new SSL\n");
cli_ssl = wolfSSL_new(cli_ctx);

the client associates the pre-provisioned keys and the available slots in the IoT safe applet to the current session:

wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CERT_ID);

The applet that has been tested with this demo has the current configuration:

Key slot Name Description
0x02 PRIVKEY_ID pre-provisioned with client ECC key
0x03 ECDH_KEYPAIR_ID can store a keypair generated in the applet, used for shared key derivation
0x04 PEER_PUBKEY_ID used to store the server's public key for key derivation
0x05 PEER_CERT_ID used to store the server's public key to authenticate the peer

The following file is used to read the client's certificate:

File Slot Name Description
0x03 CRT_FILE_ID pre-provisioned with client certificate

Compiling and running

From this directory, run 'make', then use your favorite flash programming software to upload the firmware image.bin to the target board.

  1. Using the STM32CubeProgrammer open the image.elf and program to flash.
  2. Using ST-Link virtual serial port connect at 115220
  3. Hit reset button.
  4. The output should look similar to below:
wolfSSL IoT-SAFE demo
Press a key to continue...
.
Initializing modem...
Modem booting...
Modem is on.
System up and running
Initializing wolfSSL...
Initializing modem port
Turning on VDDIO2
Initializing IoTSafe I/O...
Initializing RNG...
Getting RND...
Random bytes: 08ECF538192218569876EAB9D690306C
Starting memory-tls test...
=== SERVER step 0 ===
Setting TLSv1.3 for SECP256R1 key share
=== CLIENT step 0 ===
Client: Creating new CTX
Client: Enabling IoT Safe in CTX
Loading CA
Loaded Server certificate from IoT-Safe, size = 676
Server certificate successfully imported.
Loaded Client certificate from IoT-Safe, size = 867
Client certificate successfully imported.
Creating new SSL object
Setting TLS options: turn on IoT-safe for this socket
Setting TLSv1.3 for SECP256R1 key share
Connecting to server...
=== Cli->Srv: 162
=== SERVER step 1 ===
=== Srv RX: 5
=== Srv RX: 157
=== Srv-Cli: 128
=== Srv-Cli: 28
=== Srv-Cli: 43
=== Srv-Cli: 712
=== Srv-Cli: 100
=== Srv-Cli: 58
=== CLIENT step 1 ===
Connecting to server...
=== Cli RX: 5
=== Cli RX: 123
=== Cli RX: 5
=== Cli RX: 23
=== Cli RX: 5
=== Cli RX: 38
=== Cli RX: 5
=== Cli RX: 707
=== Cli RX: 5
=== Cli RX: 95
=== Cli RX: 5
=== Cli RX: 53
=== Cli->Srv: 902
=== Cli->Srv: 101
=== Cli->Srv: 58
Client connected!
Sending message: hello iot-safe wolfSSL
=== Cli->Srv: 44
wolfSSL client test success!
=== SERVER step 1 ===
=== Srv RX: 5
=== Srv RX: 897
=== Srv RX: 5
=== Srv RX: 96
=== Srv RX: 5
=== Srv RX: 53
wolfSSL accept success!
=== Srv RX: 5
=== Srv RX: 39
++++++ Server received msg from client: 'hello iot-safe wolfSSL'
IoT-Safe TEST SUCCESSFUL

Support

For questions please email support@wolfssl.com