110 lines
2.7 KiB
Plaintext
110 lines
2.7 KiB
Plaintext
mbed TLS ssl client
|
|
+++++++++++
|
|
|
|
This sample code shows a simple client using mbed TLS on top of Zephyr
|
|
|
|
|
|
Prerequisites
|
|
=============
|
|
|
|
- Galileo Gen 2 Development Board
|
|
- USB to UART TTL (CH340, FTDI or equivalent)
|
|
- PC with Linux.
|
|
- screen command and gcc compiler
|
|
- LAN for testing purposes
|
|
|
|
|
|
Procedure
|
|
=========
|
|
|
|
a) Change the server, netmask and client addresses according to your network
|
|
in src/tcp_cfg.h.
|
|
|
|
b) From a terminal window, type:
|
|
|
|
$ cd $ZEPHYR_BASE/samples/net/mbedtls_sslclient
|
|
$ mkdir qemu_build && cd qemu_build
|
|
$ cmake -DBOARD=<board to use> ..
|
|
|
|
c) Copy the binary (outdir/zephyr.strip) to the Galileo's boot
|
|
device. Insert the boot device.
|
|
|
|
d) Plug the USB side of the USB-UART cable to the PC.
|
|
Connect the USB-UART cable to the Galileo.
|
|
Connect the Galileo to the LAN.
|
|
|
|
e) Open a terminal window, type:
|
|
|
|
screen /dev/ttyUSB0 115200
|
|
|
|
f) Obtain the mbed TLS code from and put it in a well know directory, in
|
|
your Linux machine, this will be your server.
|
|
|
|
- https://tls.mbed.org/download/start/mbedtls-2.3.0-apache.tgz
|
|
|
|
g) cd to that directory and start the server using a the preshared key
|
|
|
|
# tar -xvzf mbedtls-2.3.0-apache.tgz
|
|
# cd mbedtls-2.3.0
|
|
# CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<config-ccm-psk-tls1_2.h>'" make
|
|
# ./programs/ssl/ssl_server2 psk=000102030405060708090a0b0c0d0e0f
|
|
|
|
You should see something like this
|
|
|
|
. Seeding the random number generator... ok
|
|
. Bind on tcp://*:4433/ ... ok
|
|
. Setting up the SSL/TLS structure... ok
|
|
. Waiting for a remote connection ...
|
|
|
|
|
|
h) Power-up the board
|
|
|
|
i) 'screen' will show this after a few seconds:
|
|
|
|
WARNING: no console will be available to OS
|
|
error: no suitable video mode found.
|
|
|
|
. Seeding the random number generator... ok
|
|
. Setting up the SSL/TLS structure... ok
|
|
. Connecting to tcp/localhost/4433... ok
|
|
. Performing the SSL/TLS handshake... ok
|
|
> Write to server: ok
|
|
. Closing the connection... done
|
|
|
|
j) The server side should print
|
|
|
|
. Waiting for a remote connection ... ok
|
|
. Performing the SSL/TLS handshake... ok
|
|
[ Protocol is TLSv1.2 ]
|
|
[ Ciphersuite is TLS-PSK-WITH-AES-256-CCM-8 ]
|
|
[ Record expansion is 21 ]
|
|
< Read from client: 18 bytes read
|
|
|
|
GET / HTTP/1.0
|
|
|
|
> Write to client: 139 bytes written in 1 fragments
|
|
|
|
HTTP/1.0 200 OK
|
|
Content-Type: text/html
|
|
|
|
<h2>mbed TLS Test Server</h2>
|
|
<p>Successful connection using: TLS-PSK-WITH-AES-256-CCM-8</p>
|
|
|
|
. Closing the connection... done
|
|
|
|
|
|
Troubleshooting
|
|
===============
|
|
|
|
- If the server does not receive the messages, use a network
|
|
traffic analyzer, like Wireshark.
|
|
|
|
- Reset the board
|
|
|
|
References
|
|
==========
|
|
|
|
[1] https://www.zephyrproject.org/doc/getting_started/getting_started.html
|
|
[2] https://www.zephyrproject.org/doc/boards/x86/galileo/doc/galileo.html
|
|
[3] https://tls.mbed.org/
|