David Garske 9b6cf56a6e Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335) | 3 years ago | |
---|---|---|
.. | ||
Makefile | 3 years ago | |
README.md | 3 years ago | |
ca-cert.c | 3 years ago | |
devices.c | 3 years ago | |
devices.h | 3 years ago | |
include.am | 3 years ago | |
main.c | 3 years ago | |
memory-tls.c | 3 years ago | |
startup.c | 3 years ago | |
target.ld | 3 years ago | |
user_settings.h | 3 years ago |
Including:
* STM32L496AGI6-based low-power discovery mother board
* STM Quectel BG96 modem, plugged into the 'STMod+' connector
* IoT-Safe capable SIM card
Note: The BG96 was tested using firmware BG96MAR02A08M1G_01.012.01.012
. If having issues with the demo make sure your BG96 firmware is updated.
This example firmware will run an example TLS 1.2 server using wolfSSL, and a TLS 1.2 client, on the same host, using an IoT-safe applet supporting the IoT.05-v1-IoT standard.
The client and server routines alternate their execution in a single-threaded, cooperative loop.
Client and server communicate to each other using memory buffers to establish a TLS session without the use of TCP/IP sockets.
In this example, the client is the IoT-safe capable endpoint. First, it creates
a wolfSSL context cli_ctx
normally:
wolfSSL_CTX_iotsafe_enable(cli_ctx);
In order to activate IoT-safe support in this context, the following function is called:
printf("Client: Enabling IoT Safe in CTX\n");
wolfSSL_CTX_iotsafe_enable(cli_ctx);
Additionally, after the SSL session creation, shown below:
printf("Creating new SSL\n");
cli_ssl = wolfSSL_new(cli_ctx);
the client associates the pre-provisioned keys and the available slots in the IoT safe applet to the current session:
wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CERT_ID);
The applet that has been tested with this demo has the current configuration:
Key slot | Name | Description |
---|---|---|
0x02 | PRIVKEY_ID |
pre-provisioned with client ECC key |
0x03 | ECDH_KEYPAIR_ID |
can store a keypair generated in the applet, used for shared key derivation |
0x04 | PEER_PUBKEY_ID |
used to store the server's public key for key derivation |
0x05 | PEER_CERT_ID |
used to store the server's public key to authenticate the peer |
The following file is used to read the client's certificate:
File Slot | Name | Description |
---|---|---|
0x03 | CRT_FILE_ID |
pre-provisioned with client certificate |
From this directory, run 'make', then use your favorite flash programming
software to upload the firmware image.bin
to the target board.
1) Using the STM32CubeProgrammer open the image.elf
and program to flash.
2) Using ST-Link virtual serial port connect at 115220
3) Hit reset button.
4) The output should look similar to below:
wolfSSL IoT-SAFE demo
Press a key to continue...
.
Initializing modem...
Modem booting...
Modem is on.
System up and running
Initializing wolfSSL...
Initializing modem port
Turning on VDDIO2
Initializing IoTSafe I/O...
Initializing RNG...
Getting RND...
Random bytes: 08ECF538192218569876EAB9D690306C
Starting memory-tls test...
=== SERVER step 0 ===
Setting TLSv1.3 for SECP256R1 key share
=== CLIENT step 0 ===
Client: Creating new CTX
Client: Enabling IoT Safe in CTX
Loading CA
Loaded Server certificate from IoT-Safe, size = 676
Server certificate successfully imported.
Loaded Client certificate from IoT-Safe, size = 867
Client certificate successfully imported.
Creating new SSL object
Setting TLS options: turn on IoT-safe for this socket
Setting TLSv1.3 for SECP256R1 key share
Connecting to server...
=== Cli->Srv: 162
=== SERVER step 1 ===
=== Srv RX: 5
=== Srv RX: 157
=== Srv-Cli: 128
=== Srv-Cli: 28
=== Srv-Cli: 43
=== Srv-Cli: 712
=== Srv-Cli: 100
=== Srv-Cli: 58
=== CLIENT step 1 ===
Connecting to server...
=== Cli RX: 5
=== Cli RX: 123
=== Cli RX: 5
=== Cli RX: 23
=== Cli RX: 5
=== Cli RX: 38
=== Cli RX: 5
=== Cli RX: 707
=== Cli RX: 5
=== Cli RX: 95
=== Cli RX: 5
=== Cli RX: 53
=== Cli->Srv: 902
=== Cli->Srv: 101
=== Cli->Srv: 58
Client connected!
Sending message: hello iot-safe wolfSSL
=== Cli->Srv: 44
wolfSSL client test success!
=== SERVER step 1 ===
=== Srv RX: 5
=== Srv RX: 897
=== Srv RX: 5
=== Srv RX: 96
=== Srv RX: 5
=== Srv RX: 53
wolfSSL accept success!
=== Srv RX: 5
=== Srv RX: 39
++++++ Server received msg from client: 'hello iot-safe wolfSSL'
IoT-Safe TEST SUCCESSFUL
For questions please email support@wolfssl.com