9b6cf56a6e
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes. * Fix for sniffer with TLS v1.3 session tickets. * Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly). * Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code. * Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing. * Fix for static ephemeral loading of file buffer. * Added sniffer Curve25519 support and test case. * Fix for sniffer to not use ECC for X25519 if both are set. * Fix Curve448 public export when only private is set. * Fix for `dh_generate_test` for small stack size. * Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc. * Fix invalid comment.
wolfSSL IoT-Safe Example
Evaluation Platform
Including: * STM32L496AGI6-based low-power discovery mother board * STM Quectel BG96 modem, plugged into the 'STMod+' connector * IoT-Safe capable SIM card
Note: The BG96 was tested using firmware BG96MAR02A08M1G_01.012.01.012. If having issues with the demo make sure your BG96 firmware is updated.
Description
This example firmware will run an example TLS 1.2 server using wolfSSL, and a TLS 1.2 client, on the same host, using an IoT-safe applet supporting the IoT.05-v1-IoT standard.
The client and server routines alternate their execution in a single-threaded, cooperative loop.
Client and server communicate to each other using memory buffers to establish a TLS session without the use of TCP/IP sockets.
IoT-Safe interface
In this example, the client is the IoT-safe capable endpoint. First, it creates
a wolfSSL context cli_ctx normally:
wolfSSL_CTX_iotsafe_enable(cli_ctx);
In order to activate IoT-safe support in this context, the following function is called:
printf("Client: Enabling IoT Safe in CTX\n");
wolfSSL_CTX_iotsafe_enable(cli_ctx);
Additionally, after the SSL session creation, shown below:
printf("Creating new SSL\n");
cli_ssl = wolfSSL_new(cli_ctx);
the client associates the pre-provisioned keys and the available slots in the IoT safe applet to the current session:
wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CERT_ID);
The applet that has been tested with this demo has the current configuration:
| Key slot | Name | Description |
|---|---|---|
| 0x02 | PRIVKEY_ID |
pre-provisioned with client ECC key |
| 0x03 | ECDH_KEYPAIR_ID |
can store a keypair generated in the applet, used for shared key derivation |
| 0x04 | PEER_PUBKEY_ID |
used to store the server's public key for key derivation |
| 0x05 | PEER_CERT_ID |
used to store the server's public key to authenticate the peer |
The following file is used to read the client's certificate:
| File Slot | Name | Description |
|---|---|---|
| 0x03 | CRT_FILE_ID |
pre-provisioned with client certificate |
Compiling and running
From this directory, run 'make', then use your favorite flash programming
software to upload the firmware image.bin to the target board.
- Using the STM32CubeProgrammer open the
image.elfand program to flash. - Using ST-Link virtual serial port connect at 115220
- Hit reset button.
- The output should look similar to below:
wolfSSL IoT-SAFE demo
Press a key to continue...
.
Initializing modem...
Modem booting...
Modem is on.
System up and running
Initializing wolfSSL...
Initializing modem port
Turning on VDDIO2
Initializing IoTSafe I/O...
Initializing RNG...
Getting RND...
Random bytes: 08ECF538192218569876EAB9D690306C
Starting memory-tls test...
=== SERVER step 0 ===
Setting TLSv1.3 for SECP256R1 key share
=== CLIENT step 0 ===
Client: Creating new CTX
Client: Enabling IoT Safe in CTX
Loading CA
Loaded Server certificate from IoT-Safe, size = 676
Server certificate successfully imported.
Loaded Client certificate from IoT-Safe, size = 867
Client certificate successfully imported.
Creating new SSL object
Setting TLS options: turn on IoT-safe for this socket
Setting TLSv1.3 for SECP256R1 key share
Connecting to server...
=== Cli->Srv: 162
=== SERVER step 1 ===
=== Srv RX: 5
=== Srv RX: 157
=== Srv-Cli: 128
=== Srv-Cli: 28
=== Srv-Cli: 43
=== Srv-Cli: 712
=== Srv-Cli: 100
=== Srv-Cli: 58
=== CLIENT step 1 ===
Connecting to server...
=== Cli RX: 5
=== Cli RX: 123
=== Cli RX: 5
=== Cli RX: 23
=== Cli RX: 5
=== Cli RX: 38
=== Cli RX: 5
=== Cli RX: 707
=== Cli RX: 5
=== Cli RX: 95
=== Cli RX: 5
=== Cli RX: 53
=== Cli->Srv: 902
=== Cli->Srv: 101
=== Cli->Srv: 58
Client connected!
Sending message: hello iot-safe wolfSSL
=== Cli->Srv: 44
wolfSSL client test success!
=== SERVER step 1 ===
=== Srv RX: 5
=== Srv RX: 897
=== Srv RX: 5
=== Srv RX: 96
=== Srv RX: 5
=== Srv RX: 53
wolfSSL accept success!
=== Srv RX: 5
=== Srv RX: 39
++++++ Server received msg from client: 'hello iot-safe wolfSSL'
IoT-Safe TEST SUCCESSFUL
Support
For questions please email support@wolfssl.com