122 lines
3.0 KiB
Plaintext
122 lines
3.0 KiB
Plaintext
mbed TLS DTSL client
|
|
+++++++++++
|
|
|
|
This sample code shows a simple DTSL client using mbed TLS on top of Zephyr
|
|
|
|
|
|
Prerequisites
|
|
=============
|
|
|
|
- PC with Linux.
|
|
- screen command and gcc compiler
|
|
|
|
|
|
Procedure
|
|
=========
|
|
|
|
a) Follow the prerequisites described in
|
|
https://wiki.zephyrproject.org/view/Networking-with-Qemu
|
|
|
|
$ git clone https://gerrit.zephyrproject.org/r/net-tools
|
|
$ cd net-tools
|
|
$ make
|
|
|
|
b) From a terminal window, type:
|
|
|
|
$ ./loop-socat.sh
|
|
|
|
c) Open another terminal window, change directory to the one where net-tools
|
|
are
|
|
$ cd net-tools
|
|
$ sudo ./loop-slip-tap.sh
|
|
|
|
d) In other terminal window, obtain the mbed TLS code from:
|
|
|
|
https://tls.mbed.org/download/start/mbedtls-2.3.0-apache.tgz
|
|
|
|
and put it in a well know directory, in your Linux machine, this will be your
|
|
server.
|
|
|
|
e) cd to that directory and compile the mbedTLS on your host machine
|
|
|
|
$ tar -xvzf mbedtls-2.3.0-apache.tgz
|
|
$ cd mbedtls-2.3.0
|
|
$ CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<config-thread.h>'" make
|
|
|
|
f) Assign the server IP address and start the DTSL server.
|
|
|
|
$ sudo ip addr add 192.0.2.2/24 dev tap0
|
|
$ ./programs/ssl/ssl_server2 dtls=1 ecjpake_pw=passwd
|
|
|
|
You should see something like this
|
|
|
|
. Seeding the random number generator... ok
|
|
. Bind on udp://*:4433/ ... ok
|
|
. Setting up the SSL/TLS structure... ok
|
|
. Waiting for a remote connection ...
|
|
|
|
To stop the server use Ctrl-C and repeat steps described in f) every time
|
|
QEMU gets terminated, due the Netwrok interface (tap) being restarted.
|
|
|
|
|
|
g) From the app directory type
|
|
|
|
$make pristine && make qemu
|
|
|
|
The screen should display
|
|
|
|
|
|
. Seeding the random number generator... ok
|
|
. Setting up the DTLS structure... ok
|
|
. Connecting to udp 192.0.2.2:4433... ok
|
|
. Setting up ecjpake password ... ok
|
|
. Performing the SSL/TLS handshake... ok
|
|
> Write to server: ok
|
|
. Closing the connection... done
|
|
|
|
h) In the server side you should see this
|
|
|
|
. Performing the SSL/TLS handshake... hello verification requested
|
|
. Waiting for a remote connection ... ok
|
|
. Performing the SSL/TLS handshake... ok
|
|
[ Protocol is DTLSv1.2 ]
|
|
[ Ciphersuite is TLS-ECJPAKE-WITH-AES-128-CCM-8 ]
|
|
[ Record expansion is 29 ]
|
|
[ Maximum fragment length is 16384 ]
|
|
< Read from client: 18 bytes read
|
|
|
|
GET / HTTP/1.0
|
|
|
|
> Write to client: 143 bytes written in 1 fragments
|
|
|
|
HTTP/1.0 200 OK
|
|
Content-Type: text/html
|
|
|
|
<h2>mbed TLS Test Server</h2>
|
|
<p>Successful connection using: TLS-ECJPAKE-WITH-AES-128-CCM-8</p>
|
|
|
|
. Closing the connection... done
|
|
. Waiting for a remote connection ... ok
|
|
. Performing the SSL/TLS handshake... failed
|
|
! mbedtls_ssl_handshake returned -0x7900
|
|
|
|
. Waiting for a remote connection ...
|
|
|
|
Disregard the last handshake failed message, due the closing connection
|
|
|
|
|
|
Troubleshooting
|
|
===============
|
|
|
|
- If the server does not receive the messages, use a network
|
|
traffic analyzer, like Wireshark.
|
|
|
|
- Reset the board
|
|
|
|
References
|
|
==========
|
|
|
|
[1] https://www.zephyrproject.org/doc/getting_started/getting_started.html
|
|
[2] https://wiki.zephyrproject.org/view/Networking-with-Qemu
|
|
[3] https://tls.mbed.org/
|