Daniel Pouzzner afa5b0168e fix HAVE_SHA* configurations in IDE/iotsafe/user_settings.h to also set WOLFSSL_SHA*, and in IDE/STM32Cube/default_conf.ftl, IDE/iotsafe/user_settings.h, and examples/configs/user_settings_stm32.h, comment HAVE_SHA* as "old freeRTOS settings.h requires this". 1 month ago
..
Makefile 29e20eeadc Fix to rebase branch on current master 3 years ago
README.md a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2 months ago
ca-cert.c 31a6a2bf59 update copyright to 2024 4 months ago
devices.c a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2 months ago
devices.h 31a6a2bf59 update copyright to 2024 4 months ago
include.am 490eeb4003 Support for IoT-Safe with TLS demo 3 years ago
main.c 31a6a2bf59 update copyright to 2024 4 months ago
memory-tls.c 31a6a2bf59 update copyright to 2024 4 months ago
startup.c a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2 months ago
target.ld 31a6a2bf59 update copyright to 2024 4 months ago
user_settings.h afa5b0168e fix HAVE_SHA* configurations in IDE/iotsafe/user_settings.h to also set WOLFSSL_SHA*, and in IDE/STM32Cube/default_conf.ftl, IDE/iotsafe/user_settings.h, and examples/configs/user_settings_stm32.h, comment HAVE_SHA* as "old freeRTOS settings.h requires this". 1 month ago

README.md

wolfSSL IoT-Safe Example

Evaluation Platform

Including:

* STM32L496AGI6-based low-power discovery mother board
* STM Quectel BG96 modem, plugged into the 'STMod+' connector
* IoT-Safe capable SIM card

Note: The BG96 was tested using firmware BG96MAR02A08M1G_01.012.01.012. If having issues with the demo make sure your BG96 firmware is updated.

Description

This example firmware will run an example TLS 1.2 server using wolfSSL, and a TLS 1.2 client, on the same host, using an IoT-safe applet supporting the IoT.05-v1-IoT standard.

The client and server routines alternate their execution in a single-threaded, cooperative loop.

Client and server communicate to each other using memory buffers to establish a TLS session without the use of TCP/IP sockets.

IoT-Safe interface

In this example, the client is the IoT-safe capable endpoint. First, it creates a wolfSSL context cli_ctx normally:

wolfSSL_CTX_iotsafe_enable(cli_ctx);

In order to activate IoT-safe support in this context, the following function is called:

printf("Client: Enabling IoT Safe in CTX\n");
wolfSSL_CTX_iotsafe_enable(cli_ctx);

Additionally, after the SSL session creation, shown below:

printf("Creating new SSL\n");
cli_ssl = wolfSSL_new(cli_ctx);

the client associates the pre-provisioned keys and the available slots in the IoT safe applet to the current session:

wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CERT_ID);

The applet that has been tested with this demo has the current configuration:

Key slot Name Description
0x02 PRIVKEY_ID pre-provisioned with client ECC key
0x03 ECDH_KEYPAIR_ID can store a keypair generated in the applet, used for shared key derivation
0x04 PEER_PUBKEY_ID used to store the server's public key for key derivation
0x05 PEER_CERT_ID used to store the server's public key to authenticate the peer

The following file is used to read the client's certificate:

File Slot Name Description
0x03 CRT_FILE_ID pre-provisioned with client certificate

Compiling and running

From this directory, run 'make', then use your favorite flash programming software to upload the firmware image.bin to the target board.

1) Using the STM32CubeProgrammer open the image.elf and program to flash. 2) Using ST-Link virtual serial port connect at 115220 3) Hit reset button. 4) The output should look similar to below:

wolfSSL IoT-SAFE demo
Press a key to continue...
.
Initializing modem...
Modem booting...
Modem is on.
System up and running
Initializing wolfSSL...
Initializing modem port
Turning on VDDIO2
Initializing IoTSafe I/O...
Initializing RNG...
Getting RND...
Random bytes: 08ECF538192218569876EAB9D690306C
Starting memory-tls test...
=== SERVER step 0 ===
Setting TLSv1.3 for SECP256R1 key share
=== CLIENT step 0 ===
Client: Creating new CTX
Client: Enabling IoT Safe in CTX
Loading CA
Loaded Server certificate from IoT-Safe, size = 676
Server certificate successfully imported.
Loaded Client certificate from IoT-Safe, size = 867
Client certificate successfully imported.
Creating new SSL object
Setting TLS options: turn on IoT-safe for this socket
Setting TLSv1.3 for SECP256R1 key share
Connecting to server...
=== Cli->Srv: 162
=== SERVER step 1 ===
=== Srv RX: 5
=== Srv RX: 157
=== Srv-Cli: 128
=== Srv-Cli: 28
=== Srv-Cli: 43
=== Srv-Cli: 712
=== Srv-Cli: 100
=== Srv-Cli: 58
=== CLIENT step 1 ===
Connecting to server...
=== Cli RX: 5
=== Cli RX: 123
=== Cli RX: 5
=== Cli RX: 23
=== Cli RX: 5
=== Cli RX: 38
=== Cli RX: 5
=== Cli RX: 707
=== Cli RX: 5
=== Cli RX: 95
=== Cli RX: 5
=== Cli RX: 53
=== Cli->Srv: 902
=== Cli->Srv: 101
=== Cli->Srv: 58
Client connected!
Sending message: hello iot-safe wolfSSL
=== Cli->Srv: 44
wolfSSL client test success!
=== SERVER step 1 ===
=== Srv RX: 5
=== Srv RX: 897
=== Srv RX: 5
=== Srv RX: 96
=== Srv RX: 5
=== Srv RX: 53
wolfSSL accept success!
=== Srv RX: 5
=== Srv RX: 39
++++++ Server received msg from client: 'hello iot-safe wolfSSL'
IoT-Safe TEST SUCCESSFUL

Support

For questions please email support@wolfssl.com