mirror of
https://github.com/zephyrproject-rtos/zephyr
synced 2025-09-03 03:31:56 +00:00
15a151a0a0
The example entropy_source implementation should write entropy to the output buffer rather than to the context pointer which in this example happens to be NULL. Take the opportunity to reorganize the entropy_source to use all of the entropy provided by a call to sys_rand32_get() rather than just 1/4 of it. The entropy_source() callback from mbedtls is given a maximum amount of entropy to return, rather than a minimum amount. Hence it makes more sense to deliver exactly one chunk (32 bits) of entropy from the call to sys_rand32_get() per call and let the mbedtls entropy handler worry about how much entropy we actually need to collect (ie the threshold). Change-Id: I57ed438de5cb1223619fde0fb8039d6eca284646 Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com> |
||
|---|---|---|
| .. | ||
| src | ||
| Makefile | ||
| prj_arduino_101.conf | ||
| prj_qemu_x86.conf | ||
| README.rst | ||
| testcase.ini | ||
mbedTLS DTLS client #################### Overview ******** This sample code shows a simple DTLS client using mbed TLS on top of Zephyr Building and running ******************** Follow the steps for testing :ref:`networking with Qemu <networking_with_qemu>`. Obtain the mbed TLS code from: https://tls.mbed.org/download/start/mbedtls-2.3.0-apache.tgz and put it in a well known directory on your Linux machine, this will be your server. change to that directory and compile the mbedTLS on your host machine: .. code-block:: console $ tar -xvzf mbedtls-2.3.0-apache.tgz $ cd mbedtls-2.3.0 $ CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<config-thread.h>'" make Assign the server IP address and start the DTLS server. .. code-block:: console $ sudo ip addr add 192.0.2.2/24 dev tap0 $ ./programs/ssl/ssl_server2 dtls=1 ecjpake_pw=passwd .. code-block:: console . Seeding the random number generator... ok . Bind on udp://*:4433/ ... ok . Setting up the SSL/TLS structure... ok . Waiting for a remote connection ... To stop the server use Ctrl-C and repeat steps described in f) every time QEMU gets terminated, due the Netwrok interface (tap) being restarted. From the application directory type .. code-block:: console $ make run This will result in Qemu running with the following output: .. code-block:: console . Seeding the random number generator... ok . Setting up the DTLS structure... ok . Connecting to udp 192.0.2.2:4433... ok . Setting up ecjpake password ... ok . Performing the SSL/TLS handshake... ok > Write to server: ok . Closing the connection... done On the server side you should see this .. code-block:: console . Performing the SSL/TLS handshake... hello verification requested . Waiting for a remote connection ... ok . Performing the SSL/TLS handshake... ok [ Protocol is DTLSv1.2 ] [ Ciphersuite is TLS-ECJPAKE-WITH-AES-128-CCM-8 ] [ Record expansion is 29 ] [ Maximum fragment length is 16384 ] < Read from client: 18 bytes read GET / HTTP/1.0 > Write to client: 143 bytes written in 1 fragments HTTP/1.0 200 OK Content-Type: text/html <h2>mbed TLS Test Server</h2> <p>Successful connection using: TLS-ECJPAKE-WITH-AES-128-CCM-8</p> . Closing the connection... done . Waiting for a remote connection ... ok . Performing the SSL/TLS handshake... failed ! mbedtls_ssl_handshake returned -0x7900 . Waiting for a remote connection ... Disregard the last handshake failed message, due the closing connection. If the server does not receive the messages, use a network traffic analyzer, like Wireshark. Reset the board. References ********** - https://tls.mbed.org/