mbed TLS DTSL client
+++++++++++
This sample code shows a simple DTSL client using mbed TLS on top of Zephyr
Prerequisites
=============
- PC with Linux.
- screen command and gcc compiler
Procedure
=========
a) Follow the prerequisites described in
https://wiki.zephyrproject.org/view/Networking-with-Qemu
$ git clone https://gerrit.zephyrproject.org/r/net-tools
$ cd net-tools
$ make
b) From a terminal window, type:
$ ./loop-socat.sh
c) Open another terminal window, change directory to the one where net-tools
are
$ cd net-tools
$ sudo ./loop-slip-tap.sh
d) In other terminal window, obtain the mbed TLS code from:
https://tls.mbed.org/download/start/mbedtls-2.3.0-apache.tgz
and put it in a well know directory, in your Linux machine, this will be your
server.
e) cd to that directory and compile the mbedTLS on your host machine
$ tar -xvzf mbedtls-2.3.0-apache.tgz
$ cd mbedtls-2.3.0
$ CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<config-thread.h>'" make
f) Assign the server IP address and start the DTSL server.
$ sudo ip addr add 192.0.2.2/24 dev tap0
$ ./programs/ssl/ssl_server2 dtls=1 ecjpake_pw=passwd
You should see something like this
. Seeding the random number generator... ok
. Bind on udp://*:4433/ ... ok
. Setting up the SSL/TLS structure... ok
. Waiting for a remote connection ...
To stop the server use Ctrl-C and repeat steps described in f) every time
QEMU gets terminated, due the Netwrok interface (tap) being restarted.
g) From the app directory type
$make pristine && make qemu
The screen should display
. Seeding the random number generator... ok
. Setting up the DTLS structure... ok
. Connecting to udp 192.0.2.2:4433... ok
. Setting up ecjpake password ... ok
. Performing the SSL/TLS handshake... ok
> Write to server: ok
. Closing the connection... done
h) In the server side you should see this
. Performing the SSL/TLS handshake... hello verification requested
. Waiting for a remote connection ... ok
. Performing the SSL/TLS handshake... ok
[ Protocol is DTLSv1.2 ]
[ Ciphersuite is TLS-ECJPAKE-WITH-AES-128-CCM-8 ]
[ Record expansion is 29 ]
[ Maximum fragment length is 16384 ]
< Read from client: 18 bytes read
GET / HTTP/1.0
> Write to client: 143 bytes written in 1 fragments
HTTP/1.0 200 OK
Content-Type: text/html
<h2>mbed TLS Test Server</h2>
<p>Successful connection using: TLS-ECJPAKE-WITH-AES-128-CCM-8</p>
. Closing the connection... done
. Waiting for a remote connection ... ok
. Performing the SSL/TLS handshake... failed
! mbedtls_ssl_handshake returned -0x7900
. Waiting for a remote connection ...
Disregard the last handshake failed message, due the closing connection
Troubleshooting
===============
- If the server does not receive the messages, use a network
traffic analyzer, like Wireshark.
- Reset the board
References
==========
[1] https://www.zephyrproject.org/doc/getting_started/getting_started.html
[2] https://wiki.zephyrproject.org/view/Networking-with-Qemu
[3] https://tls.mbed.org/
fe958df4dd