Outline
Design mbed tls libraries can be easily integrated with existing (embedded) applications, and provide building blocks for the communications security, cryptography and key management. This tutorial will help you learn how to perform these steps.
mbed tls is designed to be as loosely coupled, so that you only need to integrate part you need, without the need to focus on the rest. It also brings a very low memory footprint and build the footprint mbed tls. By eliminating the system you do not need parts, you can build upgrade from version low as 45kB to 300kB more typical version, in order to achieve a more comprehensive functionality.
mbed tls is designed to be portable to embedded C language environment as the main target, running like ARM and AVR to PCS and iPad, iphones and even the xbox on such embedded platform.
Stack explained (Stack explanation)
The purpose of this tutorial is to show you how to make sure your communications client and server with the mbed tls in. Let's start showing major components involved. 
From bottom to top:
- Hardware (Hardware)
Hardware platform provides physical processors, storage, memory, and network interface
-
OS (Operating System)
operating system provides a standard Ethernet drivers and services. This depends on the operating system, including scheduling, security thread, and a full network stack. -
Network stack (Network Stack)
depending on the operating system, or fully integrated network stack, or is a separate module that provides an abstraction layer from the network interface. The most commonly used is lwIP TCP / IP stack and uIP the TCP / the IP Stack . -
mbed TLS SSL / TLS Library
based on the network interface, mbed tls abstraction layer provides a secure communications. -
The client application (Client Application)
client applications using mbed tls itself abstract secure communications.
The mbed tls integrated into the application very dependent on the exact steps above a specific component in the basic tutorial, we will assume that integrates a BSD-like TCP / IP stack of the operating system
SSL / TLS Description
ssl / tls portion provides the use mbed tls ssl / tls by establishing a secure communication channel and a communication method.
- The basic requirements are:
- Initializing a SSL / TLS context
- The implementation of a SSL / TLS Handshake (handshake)
- Transmission / reception data
- A notice to the other connection is closed
- A channel and the parameters are many ways to set the callback function.
- Role endpoint (endpoint role), the client and the server
- Authentication Mode: Should certificate validation
- Host-to-host communication channel: transmitting and receiving functions
- Random number generator (RNG) function
- For encryption / decryption of password
- Certificate verification
- Session Control: Session get and set functions
- Certificate and key exchange processing parameters X.509
mbed by creating a SSL / TLS client and server to establish a communication channel and TLS communication .SSL by SSL / / TLS certificate store portion directly dependent on the analysis, and the symmetric and asymmetric hash module by providing a framework.
reference
- mbedTLS (PolarSSL) ideas and simple function Notes (Client terminal
- mbedtls Installation and Getting Started
- mbed TLS Knowledge Base
from: https://blog.csdn.net/z2066411585/article/details/79178325
