• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..10-Feb-2022-

MakefileH A D10-Feb-20223.3 KiB11583

README.mdH A D10-Feb-20224.3 KiB165132

ca-cert.cH A D10-Feb-202226.3 KiB433396

devices.cH A D10-Feb-202212.4 KiB460328

devices.hH A D10-Feb-20229.6 KiB303184

include.amH A D10-Feb-2022506 1814

main.cH A D10-Feb-20223.3 KiB14398

memory-tls.cH A D10-Feb-202212.6 KiB425313

startup.cH A D10-Feb-20227.1 KiB228172

target.ldH A D10-Feb-20221.8 KiB7766

user_settings.hH A D10-Feb-20224.3 KiB17894

README.md

1## wolfSSL IoT-Safe Example
2
3
4### Evaluation Platform
5
6  * ST [P-L496G-CELL02](https://www.st.com/en/evaluation-tools/p-l496g-cell02.html)
7
8Including:
9    * STM32L496AGI6-based low-power discovery mother board
10    * STM Quectel BG96 modem, plugged into the 'STMod+' connector
11    * IoT-Safe capable SIM card
12
13Note: The BG96 was tested using firmware `BG96MAR02A08M1G_01.012.01.012`. If having issues with the demo make sure your BG96 firmware is updated.
14
15### Description
16
17This example firmware will run an example TLS 1.2 server using wolfSSL, and a
18TLS 1.2 client, on the same host, using an IoT-safe applet supporting the
19[IoT.05-v1-IoT standard](https://www.gsma.com/iot/wp-content/uploads/2019/12/IoT.05-v1-IoT-Security-Applet-Interface-Description.pdf).
20
21The client and server routines alternate their execution in a single-threaded,
22cooperative loop.
23
24Client and server communicate to each other using memory buffers to establish a
25TLS session without the use of TCP/IP sockets.
26
27### IoT-Safe interface
28
29In this example, the client is the IoT-safe capable endpoint. First, it creates
30a wolfSSL context `cli_ctx` normally:
31
32```c
33wolfSSL_CTX_iotsafe_enable(cli_ctx);
34```
35
36In order to activate IoT-safe support in this context, the following function is
37called:
38
39```c
40printf("Client: Enabling IoT Safe in CTX\n");
41wolfSSL_CTX_iotsafe_enable(cli_ctx);
42```
43
44
45Additionally, after the SSL session creation, shown below:
46
47```c
48printf("Creating new SSL\n");
49cli_ssl = wolfSSL_new(cli_ctx);
50```
51
52the client associates the pre-provisioned keys and the available slots in the
53IoT safe applet to the current session:
54
55
56```c
57wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CERT_ID);
58```
59
60The applet that has been tested with this demo has the current configuration:
61
62   Key slot | Name | Description
63   -------|--------|------------------
64   0x02 | `PRIVKEY_ID` | pre-provisioned with client ECC key
65   0x03 | `ECDH_KEYPAIR_ID` | can store a keypair generated in the applet, used for shared key derivation
66   0x04 | `PEER_PUBKEY_ID` | used to store the server's public key for key derivation
67   0x05 | `PEER_CERT_ID` | used to store the server's public key to authenticate the peer
68
69
70The following file is used to read the client's certificate:
71
72  File Slot | Name | Description
73  ----------|------|------------
74  0x03 | `CRT_FILE_ID` | pre-provisioned with client certificate
75
76
77### Compiling and running
78
79From this directory, run 'make', then use your favorite flash programming
80software to upload the firmware `image.bin` to the target board.
81
821) Using the STM32CubeProgrammer open the `image.elf` and program to flash.
832) Using ST-Link virtual serial port connect at 115220
843) Hit reset button.
854) The output should look similar to below:
86
87```
88wolfSSL IoT-SAFE demo
89Press a key to continue...
90.
91Initializing modem...
92Modem booting...
93Modem is on.
94System up and running
95Initializing wolfSSL...
96Initializing modem port
97Turning on VDDIO2
98Initializing IoTSafe I/O...
99Initializing RNG...
100Getting RND...
101Random bytes: 08ECF538192218569876EAB9D690306C
102Starting memory-tls test...
103=== SERVER step 0 ===
104Setting TLSv1.3 for SECP256R1 key share
105=== CLIENT step 0 ===
106Client: Creating new CTX
107Client: Enabling IoT Safe in CTX
108Loading CA
109Loaded Server certificate from IoT-Safe, size = 676
110Server certificate successfully imported.
111Loaded Client certificate from IoT-Safe, size = 867
112Client certificate successfully imported.
113Creating new SSL object
114Setting TLS options: turn on IoT-safe for this socket
115Setting TLSv1.3 for SECP256R1 key share
116Connecting to server...
117=== Cli->Srv: 162
118=== SERVER step 1 ===
119=== Srv RX: 5
120=== Srv RX: 157
121=== Srv-Cli: 128
122=== Srv-Cli: 28
123=== Srv-Cli: 43
124=== Srv-Cli: 712
125=== Srv-Cli: 100
126=== Srv-Cli: 58
127=== CLIENT step 1 ===
128Connecting to server...
129=== Cli RX: 5
130=== Cli RX: 123
131=== Cli RX: 5
132=== Cli RX: 23
133=== Cli RX: 5
134=== Cli RX: 38
135=== Cli RX: 5
136=== Cli RX: 707
137=== Cli RX: 5
138=== Cli RX: 95
139=== Cli RX: 5
140=== Cli RX: 53
141=== Cli->Srv: 902
142=== Cli->Srv: 101
143=== Cli->Srv: 58
144Client connected!
145Sending message: hello iot-safe wolfSSL
146=== Cli->Srv: 44
147wolfSSL client test success!
148=== SERVER step 1 ===
149=== Srv RX: 5
150=== Srv RX: 897
151=== Srv RX: 5
152=== Srv RX: 96
153=== Srv RX: 5
154=== Srv RX: 53
155wolfSSL accept success!
156=== Srv RX: 5
157=== Srv RX: 39
158++++++ Server received msg from client: 'hello iot-safe wolfSSL'
159IoT-Safe TEST SUCCESSFUL
160```
161
162## Support
163
164For questions please email support@wolfssl.com
165