Mynewt is a security-oriented OS for IoT.
WolfSSL integration with the Mynewt OS may be found in the /IDE/mynewt
directory in the wolfssl source-tree. Support includes the wolfCrypt test
application which demonstrates the cryptography provided by the wolfCrypt
component of wolfSSL.
wolfssl provides the following mynewt packages:
- crypto/wolfsslwolfssl - wolfSSL SSL/TLS and wolfCrypt cryptography library
- apps/wolfcrypttest - wolfCrypt unit test application
The examples for wolfSSL and Mynewt found in the mynewt directory of
wolfssl-examples (this directory) includes demonstration of additional
wolfSSL capabilities such as TLS.
wolfssl-examples provides the follows mynewt packages:
- apps/wolfsslclienttlsmn - simple client TLS application for
mn_socket
The Mynewt OS has a primary command-line tool called newt which is used to
configure and build Mynewt for targets. Targets include a simulated environment
for Linux hosts, which will be used by the wolfSSL applications. Mynewt installs
to a project directory from which the newt command is run.
- Install Mynewt
newtcommand using instructions found at:
http://mynewt.apache.org/latest/get_started/native_install/index.html
- Create Mynewt project directory (e.g.
mynewt).
In parent folder of new Mynewt project directory:
$ newt new mynewt
NOTE: If problems are encountered creating a new Mynewt project an alternative:
$ git clone git@github.com:apache/mynewt-blinky.git mynewt
$ cd mynewt
$ newt upgrade
- Install wolfSSL support into Mynewt project.
In the wolfssl/IDE/mynewt directory:
$ ./setup path-to-mynewt
- Install wolfSSL examples support into Mynewt project.
In the wolfssl-examples/mynewt directory:
$ ./setup path-to-mynewt
- Create client TLS application for simulator target.
In Mynewt project directory:
$ newt target create wolfsslclienttlsmn_sim
$ newt target set wolfsslclienttlsmn_sim app=apps/wolfsslclienttlsmn
$ newt target set wolfsslclienttlsmn_sim bsp=@apache-mynewt-core/hw/bsp/native
$ newt target set wolfsslclienttlsmn_sim build_profile=debug
- Build client TLS application.
In Mynewt project directory:
$ newt clean wolfsslclienttlsmn_sim
$ newt build wolfsslclienttlsmn_sim
- Run client TLS application
In Mynewt project directory:
$ ./bin/targets/wolfsslclienttlsmn_sim/app/apps/wolfsslclienttlsmn/wolfsslclienttlsmn.elf
The Mynewt simulator will display the linux host device where the application's
uart is accessible via a terminal emulator program such as picocom, screen or
kermit. For example: uart0 at /dev/pts/3
- Connect terminal emulator (e.g. picocom) to simulated application UART.
$ sudo picocom -b 115200 /dev/pts/3
The application will display the Mynewt shell prompt compat> (press ENTER if
shell prompt is not visiable). Entering help will display commands available,
including the wolfssl command with represents the client TLS application.
The client TLS application wolfssl has the following commands:
| command | argument | describe | example |
|---|---|---|---|
| time | "unix timestamp" | To set the time | "time 1532616682" |
| net | udp | create udp socket | "net udp" |
| net | tcp | create tcp socket | "net tcp" |
| net | connect "ipaddress" port | connect "ipaddress" | "net connect 93.184.216.34 443" |
| net | close | close socket | "net close" |
| net | send "string" "ipaddress" "port" | send string | "net send "GET \r\n" 93.184.216.34 80 |
| net | recv "ipaddress" | recv from ipaddress | "net recv 93.184.216.34 80 |
| wolfssl | init | initialize wolfssl library | "wolfssl init" |
| wolfssl | connect | connect via ssl | "wolfssl connect" |
| wolfssl | write "string" | send string via ssl | "wolfssl write "GET /"" |
| wolfssl | read | recv via ssl | "wolfssl recv" |
| wolfssl | clear | finish wolfssl library | "wolfssl clear" |
Get index.html from www.example.com:443 (i.e. 93.184.216.34:443) using
Mynewt TCP networking and the wolfSSL TLS and crypto.
At the Mynewt compat> shell prompt:
net tcp
net connect 93.184.216.34 443
wolfssl init
wolfssl connect
wolfssl write "GET /"
wolfssl read
wolfssl clear
net close
The resulting application output should be similar to the following:
compat> net tcp
001143 mn_socket(TCP) = 0 566b7800
compat> net connect 93.184.216.34 443
005078 93.184.216.34/443
005078 mn_connect() = 0
compat> net_test_writable 0 - 0
wolfssl init
005853 wolfssl contexts are initialized
005854 wolfSSL ctx initialize
compat> wolfssl connect
006517 wolfSSL_connect() = 1
compat> wolfssl write "GET /"
009182 wolfSSL_write() = 4L
compat> wolfssl read
010564 HTTP/1.0 501 Not Implemented
Content-Type: text/html
Content-Length: 357
Connection: close
Date: Wed, 12 Apr 2023 14:49:27 <?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://wwwitle>501 - Not Implemented</title>
</head>
<body>
<h1>501 - Not Implemented</h1>
</body>
</html>
010578
010578 ERROR: wolfSSL_read rc:-1 err:6
compat> wolfssl clear
012551 clear wolfssl contexts
012553 wolfSSL ctx clear
compat> net close
012893 mn_close() = 0
compat>
NOTE: The server-side connection close after reception of data results in the read error.
-
Client TLS example run on Ubuntu 22.04LTS host with wolfSSL v5.6.0.
-
See
wolfssl/IDE/mynewt/README.mdfor details on wolfSSL integration and use of the wolfCrypt test application.
Install:
- git
- expect
- bash
- screen
- newt(v1.4.1 over)
Execute jenkins.sh script on jenkins.
./mynewt/jenkins.sh