| mbed TLS DTSL client |
| +++++++++++ |
| |
| This sample code shows a simple DTSL client using mbed TLS on top of Zephyr |
| |
| |
| Prerequisites |
| ============= |
| |
| - PC with Linux. |
| - screen command and gcc compiler |
| |
| |
| Procedure |
| ========= |
| |
| a) Follow the prerequisites described in |
| https://wiki.zephyrproject.org/view/Networking-with-Qemu |
| |
| $ git clone https://gerrit.zephyrproject.org/r/net-tools |
| $ cd net-tools |
| $ make |
| |
| b) From a terminal window, type: |
| |
| $ ./loop-socat.sh |
| |
| c) Open another terminal window, change directory to the one where net-tools |
| are |
| $ cd net-tools |
| $ sudo ./loop-slip-tap.sh |
| |
| d) In other terminal window, obtain the mbed TLS code from: |
| |
| https://tls.mbed.org/download/start/mbedtls-2.3.0-apache.tgz |
| |
| and put it in a well know directory, in your Linux machine, this will be your |
| server. |
| |
| e) cd to that directory and compile the mbedTLS on your host machine |
| |
| $ tar -xvzf mbedtls-2.3.0-apache.tgz |
| $ cd mbedtls-2.3.0 |
| $ CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<config-thread.h>'" make |
| |
| f) Assign the server IP address and start the DTSL server. |
| |
| $ sudo ip addr add 192.0.2.2/24 dev tap0 |
| $ ./programs/ssl/ssl_server2 dtls=1 ecjpake_pw=passwd |
| |
| You should see something like this |
| |
| . Seeding the random number generator... ok |
| . Bind on udp://*:4433/ ... ok |
| . Setting up the SSL/TLS structure... ok |
| . Waiting for a remote connection ... |
| |
| To stop the server use Ctrl-C and repeat steps described in f) every time |
| QEMU gets terminated, due the Netwrok interface (tap) being restarted. |
| |
| |
| g) From the app directory type |
| |
| $make pristine && make qemu |
| |
| The screen should display |
| |
| |
| . Seeding the random number generator... ok |
| . Setting up the DTLS structure... ok |
| . Connecting to udp 192.0.2.2:4433... ok |
| . Setting up ecjpake password ... ok |
| . Performing the SSL/TLS handshake... ok |
| > Write to server: ok |
| . Closing the connection... done |
| |
| h) In the server side you should see this |
| |
| . Performing the SSL/TLS handshake... hello verification requested |
| . Waiting for a remote connection ... ok |
| . Performing the SSL/TLS handshake... ok |
| [ Protocol is DTLSv1.2 ] |
| [ Ciphersuite is TLS-ECJPAKE-WITH-AES-128-CCM-8 ] |
| [ Record expansion is 29 ] |
| [ Maximum fragment length is 16384 ] |
| < Read from client: 18 bytes read |
| |
| GET / HTTP/1.0 |
| |
| > Write to client: 143 bytes written in 1 fragments |
| |
| HTTP/1.0 200 OK |
| Content-Type: text/html |
| |
| <h2>mbed TLS Test Server</h2> |
| <p>Successful connection using: TLS-ECJPAKE-WITH-AES-128-CCM-8</p> |
| |
| . Closing the connection... done |
| . Waiting for a remote connection ... ok |
| . Performing the SSL/TLS handshake... failed |
| ! mbedtls_ssl_handshake returned -0x7900 |
| |
| . Waiting for a remote connection ... |
| |
| Disregard the last handshake failed message, due the closing connection |
| |
| |
| Troubleshooting |
| =============== |
| |
| - If the server does not receive the messages, use a network |
| traffic analyzer, like Wireshark. |
| |
| - Reset the board |
| |
| References |
| ========== |
| |
| [1] https://www.zephyrproject.org/doc/getting_started/getting_started.html |
| [2] https://wiki.zephyrproject.org/view/Networking-with-Qemu |
| [3] https://tls.mbed.org/ |
