2017-04-05 03:00:08 +08:00
|
|
|
.. _mbedtsl-delsserver-sample:
|
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
mbedTLS DTLS sample server
|
2017-01-07 10:26:24 +08:00
|
|
|
############################
|
|
|
|
|
|
|
|
Overview
|
2017-01-21 07:58:05 +08:00
|
|
|
********
|
2017-01-15 05:49:05 +08:00
|
|
|
This sample code shows a simple DTLS server using mbedTLS on top of Zephyr.
|
2017-01-07 10:26:24 +08:00
|
|
|
|
|
|
|
Building and Running
|
2017-01-21 07:58:05 +08:00
|
|
|
********************
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-06-07 18:18:03 +08:00
|
|
|
Follow the steps for testing :ref:`networking_with_qemu`.
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
In the application directory type:
|
2017-01-07 10:26:24 +08:00
|
|
|
|
|
|
|
.. code-block:: console
|
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
$make run
|
2017-01-07 10:26:24 +08:00
|
|
|
|
|
|
|
.. code-block:: console
|
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
. Seeding the random number generator... ok
|
|
|
|
. Setting up the DTLS structure... ok
|
|
|
|
. Setting connection
|
|
|
|
ok
|
|
|
|
. Setting up ecjpake password ... ok
|
|
|
|
. Performing the TLS handshake...
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-06-14 05:39:10 +08:00
|
|
|
In another terminal window, obtain the mbed TLS code from:
|
|
|
|
https://tls.mbed.org/download-archive
|
|
|
|
and put it in a well known directory on your Linux machine, this will be your
|
|
|
|
client. (We're using version 2.3.0 for this example.)
|
2017-01-07 10:26:24 +08:00
|
|
|
|
|
|
|
Move to that directory and compile the mbedTLS on your host machine
|
|
|
|
|
|
|
|
.. code-block:: console
|
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
tar -xvzf mbedtls-2.3.0-apache.tgz
|
|
|
|
cd mbedtls-2.3.0
|
|
|
|
CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<config-thread.h>'" make
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
./programs/ssl/ssl_client2 server_addr=192.0.2.1 dtls=1 ecjpake_pw=passwd
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
You will get the following output:
|
2017-01-07 10:26:24 +08:00
|
|
|
|
|
|
|
.. code-block:: console
|
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
. Seeding the random number generator... ok
|
|
|
|
. Connecting to udp/192.0.2.1/4433... ok
|
|
|
|
. Setting up the SSL/TLS structure... ok
|
|
|
|
. Performing the SSL/TLS handshake... ok
|
|
|
|
[ Protocol is DTLSv1.2 ]
|
|
|
|
[ Ciphersuite is TLS-ECJPAKE-WITH-AES-128-CCM-8 ]
|
|
|
|
[ Record expansion is 29 ]
|
|
|
|
[ Maximum fragment length is 16384 ]
|
|
|
|
> Write to server: 34 bytes written in 1 fragments
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
GET / HTTP/1.0
|
|
|
|
Extra-header:
|
2017-01-07 10:26:24 +08:00
|
|
|
|
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
< Read from server: 34 bytes read
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
GET / HTTP/1.0
|
|
|
|
Extra-header:
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
. Closing the connection... done
|
2017-01-07 10:26:24 +08:00
|
|
|
|
|
|
|
From the app directory type the screen should display
|
|
|
|
|
|
|
|
.. code-block:: console
|
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
. Performing the TLS handshake... hello verification requested
|
|
|
|
. Setting up ecjpake password ... ok
|
|
|
|
. Performing the TLS handshake... ok
|
|
|
|
< Read from client: 34 bytes read
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
GET / HTTP/1.0
|
|
|
|
Extra-header:
|
2017-01-07 10:26:24 +08:00
|
|
|
|
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
> Write to client: 34 bytes written
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
GET / HTTP/1.0
|
|
|
|
Extra-header:
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
< Read from client: connection was closed gracefully
|
|
|
|
. Closing the connection... done
|
|
|
|
. Setting up ecjpake password ... ok
|
|
|
|
. Performing the TLS handshake...
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-06-13 05:30:03 +08:00
|
|
|
If trying to use IPv6 edit the file prj_qemu_x86.conf and change the line from
|
2017-01-07 10:26:24 +08:00
|
|
|
CONFIG_NET_IPV6=n to CONFIG_NET_IPV6=y
|
|
|
|
|
|
|
|
And run the client on mbedTLS as
|
|
|
|
|
|
|
|
.. code-block:: console
|
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
./programs/ssl/ssl_client2 server_addr=2001:db8::1 dtls=1 ecjpake_pw=passwd
|
2017-01-07 10:26:24 +08:00
|
|
|
|
|
|
|
If the server does not receive the messages, restart the app and try to connect
|
|
|
|
the client again.
|
|
|
|
|
|
|
|
References
|
2017-01-21 07:58:05 +08:00
|
|
|
**********
|
2017-01-07 10:26:24 +08:00
|
|
|
|
2017-01-15 05:49:05 +08:00
|
|
|
* https://tls.mbed.org/
|