mirror of
https://github.com/Cateners/tiny_computer.git
synced 2026-05-21 00:45:49 +08:00
Update code to v1.0.14 (10)
This commit is contained in:
Caten
164
android/extern/wolfssl/IDE/iotsafe/README.md
vendored
Normal file
164
android/extern/wolfssl/IDE/iotsafe/README.md
vendored
Normal file
@@ -0,0 +1,164 @@
|
||||
## wolfSSL IoT-Safe Example
|
||||
|
||||
|
||||
### Evaluation Platform
|
||||
|
||||
* ST [P-L496G-CELL02](https://www.st.com/en/evaluation-tools/p-l496g-cell02.html)
|
||||
|
||||
Including:
|
||||
* STM32L496AGI6-based low-power discovery mother board
|
||||
* STM Quectel BG96 modem, plugged into the 'STMod+' connector
|
||||
* IoT-Safe capable SIM card
|
||||
|
||||
Note: The BG96 was tested using firmware `BG96MAR02A08M1G_01.012.01.012`. If having issues with the demo make sure your BG96 firmware is updated.
|
||||
|
||||
### Description
|
||||
|
||||
This example firmware will run an example TLS 1.2 server using wolfSSL, and a
|
||||
TLS 1.2 client, on the same host, using an IoT-safe applet supporting the
|
||||
[IoT.05-v1-IoT standard](https://www.gsma.com/iot/wp-content/uploads/2019/12/IoT.05-v1-IoT-Security-Applet-Interface-Description.pdf).
|
||||
|
||||
The client and server routines alternate their execution in a single-threaded,
|
||||
cooperative loop.
|
||||
|
||||
Client and server communicate to each other using memory buffers to establish a
|
||||
TLS session without the use of TCP/IP sockets.
|
||||
|
||||
### IoT-Safe interface
|
||||
|
||||
In this example, the client is the IoT-safe capable endpoint. First, it creates
|
||||
a wolfSSL context `cli_ctx` normally:
|
||||
|
||||
```c
|
||||
wolfSSL_CTX_iotsafe_enable(cli_ctx);
|
||||
```
|
||||
|
||||
In order to activate IoT-safe support in this context, the following function is
|
||||
called:
|
||||
|
||||
```c
|
||||
printf("Client: Enabling IoT Safe in CTX\n");
|
||||
wolfSSL_CTX_iotsafe_enable(cli_ctx);
|
||||
```
|
||||
|
||||
|
||||
Additionally, after the SSL session creation, shown below:
|
||||
|
||||
```c
|
||||
printf("Creating new SSL\n");
|
||||
cli_ssl = wolfSSL_new(cli_ctx);
|
||||
```
|
||||
|
||||
the client associates the pre-provisioned keys and the available slots in the
|
||||
IoT safe applet to the current session:
|
||||
|
||||
|
||||
```c
|
||||
wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CERT_ID);
|
||||
```
|
||||
|
||||
The applet that has been tested with this demo has the current configuration:
|
||||
|
||||
Key slot | Name | Description
|
||||
-------|--------|------------------
|
||||
0x02 | `PRIVKEY_ID` | pre-provisioned with client ECC key
|
||||
0x03 | `ECDH_KEYPAIR_ID` | can store a keypair generated in the applet, used for shared key derivation
|
||||
0x04 | `PEER_PUBKEY_ID` | used to store the server's public key for key derivation
|
||||
0x05 | `PEER_CERT_ID` | used to store the server's public key to authenticate the peer
|
||||
|
||||
|
||||
The following file is used to read the client's certificate:
|
||||
|
||||
File Slot | Name | Description
|
||||
----------|------|------------
|
||||
0x03 | `CRT_FILE_ID` | pre-provisioned with client certificate
|
||||
|
||||
|
||||
### Compiling and running
|
||||
|
||||
From this directory, run 'make', then use your favorite flash programming
|
||||
software to upload the firmware `image.bin` to the target board.
|
||||
|
||||
1) Using the STM32CubeProgrammer open the `image.elf` and program to flash.
|
||||
2) Using ST-Link virtual serial port connect at 115220
|
||||
3) Hit reset button.
|
||||
4) The output should look similar to below:
|
||||
|
||||
```
|
||||
wolfSSL IoT-SAFE demo
|
||||
Press a key to continue...
|
||||
.
|
||||
Initializing modem...
|
||||
Modem booting...
|
||||
Modem is on.
|
||||
System up and running
|
||||
Initializing wolfSSL...
|
||||
Initializing modem port
|
||||
Turning on VDDIO2
|
||||
Initializing IoTSafe I/O...
|
||||
Initializing RNG...
|
||||
Getting RND...
|
||||
Random bytes: 08ECF538192218569876EAB9D690306C
|
||||
Starting memory-tls test...
|
||||
=== SERVER step 0 ===
|
||||
Setting TLSv1.3 for SECP256R1 key share
|
||||
=== CLIENT step 0 ===
|
||||
Client: Creating new CTX
|
||||
Client: Enabling IoT Safe in CTX
|
||||
Loading CA
|
||||
Loaded Server certificate from IoT-Safe, size = 676
|
||||
Server certificate successfully imported.
|
||||
Loaded Client certificate from IoT-Safe, size = 867
|
||||
Client certificate successfully imported.
|
||||
Creating new SSL object
|
||||
Setting TLS options: turn on IoT-safe for this socket
|
||||
Setting TLSv1.3 for SECP256R1 key share
|
||||
Connecting to server...
|
||||
=== Cli->Srv: 162
|
||||
=== SERVER step 1 ===
|
||||
=== Srv RX: 5
|
||||
=== Srv RX: 157
|
||||
=== Srv-Cli: 128
|
||||
=== Srv-Cli: 28
|
||||
=== Srv-Cli: 43
|
||||
=== Srv-Cli: 712
|
||||
=== Srv-Cli: 100
|
||||
=== Srv-Cli: 58
|
||||
=== CLIENT step 1 ===
|
||||
Connecting to server...
|
||||
=== Cli RX: 5
|
||||
=== Cli RX: 123
|
||||
=== Cli RX: 5
|
||||
=== Cli RX: 23
|
||||
=== Cli RX: 5
|
||||
=== Cli RX: 38
|
||||
=== Cli RX: 5
|
||||
=== Cli RX: 707
|
||||
=== Cli RX: 5
|
||||
=== Cli RX: 95
|
||||
=== Cli RX: 5
|
||||
=== Cli RX: 53
|
||||
=== Cli->Srv: 902
|
||||
=== Cli->Srv: 101
|
||||
=== Cli->Srv: 58
|
||||
Client connected!
|
||||
Sending message: hello iot-safe wolfSSL
|
||||
=== Cli->Srv: 44
|
||||
wolfSSL client test success!
|
||||
=== SERVER step 1 ===
|
||||
=== Srv RX: 5
|
||||
=== Srv RX: 897
|
||||
=== Srv RX: 5
|
||||
=== Srv RX: 96
|
||||
=== Srv RX: 5
|
||||
=== Srv RX: 53
|
||||
wolfSSL accept success!
|
||||
=== Srv RX: 5
|
||||
=== Srv RX: 39
|
||||
++++++ Server received msg from client: 'hello iot-safe wolfSSL'
|
||||
IoT-Safe TEST SUCCESSFUL
|
||||
```
|
||||
|
||||
## Support
|
||||
|
||||
For questions please email support@wolfssl.com
|
||||
Reference in New Issue
Block a user