WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

update to psk tutorial

pull/1/head
JacobBarthelmeh 2014-06-30 16:31:00 -06:00
parent 3496581846
commit b478df2ac4
1 changed files with 47 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
psk/tutorial-tcp-psk.md
View File

@ -9,27 +9,32 @@ TCP/PSK Tutorial
1. Include the CyaSSL compatibility header:
```#include <cyassl/ssl.h>```
* Change all calls from read() or recv() to CyaSSL_read(), in the simple server
2. Change all calls from read() or recv() to CyaSSL_read(), in the simple server
```read(sockfd, recvline, MAXLINE)```
becomes
```CyaSSL_read(ssl, recvline, MAXLINE)```
* (CyaSSL_read on first use also calls CyaSSL_accept if not explicitly called earlier in code.)
* (CyaSSL_read on first use also calls CyaSSL_accept if not explicitly
called earlier in code.)
* Change all calls from write() or send() to CySSL_write(), in the simple client
3. Change all calls from write() or send() to CySSL_write(), in the simple client
```write(sockfd, sendline, strlen(sendline))```
becomes
```CyaSSL_write(ssl, sendline, strlen(sendline))```
* Run the CyaSSL method to initalize CyaSSL
4. Run the CyaSSL method to initalize CyaSSL
```CyaSSL_Init()```
* Create a ctx pointer that contains using the following process.
```
CYASSL_CTX* ctx;
5. Create a ctx pointer that contains using the following process.
```
CYASSL_CTX* ctx;
if ((ctx = CyaSSL_CTX_new(CyaSSLv23_server_method())) == NULL)
err_sys(“CyaSSL_CTX_new error”);
```
if ((ctx = CyaSSL_CTX_new(CyaSSLv23_server_method())) == NULL)
err_sys(“CyaSSL_CTX_new error”);
```
* In the servers main loop for accepting clients create a CYASSL pointer. Once a new client is accepted create a CyaSSL object and associate that object with the socket that the client is on. After using the CyaSSL object it should be freed and also before closing the program the ctx pointer should be freed and a CyaSSL cleanup method called.
6. In the servers main loop for accepting clients create a CYASSL pointer. Once
a new client is accepted create a CyaSSL object and associate that object with
the socket that the client is on. After using the CyaSSL object it should be
freed and also before closing the program the ctx pointer should be freed and a
CyaSSL cleanup method called.
```
CYASSL* ssl;
@ -44,21 +49,25 @@ CYASSL* ssl;
# Now adding Pre-Shared Keys (PSK) to the CyaSSL Simple Server:
1. Build CyaSSL with pre shared keys enabled executing the following commands in CyaSSLs root directory. Depending on file locations sudo may be needed when running the commands.
1. Build CyaSSL with pre shared keys enabled executing the following commands
in CyaSSLs root directory. Depending on file locations sudo may be needed when
running the commands.
```
./configure --enable-psk
make
make install
```
* Set up the psk suit with using the CyaSSL callback, identity hint, and cipher list methods. These methods get called immediately after the process of setting up ctx.
2. Set up the psk suit with using the CyaSSL callback, identity hint, and cipher list methods. These methods get called immediately after the process of setting up ctx.
```
CyaSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
CyaSSL_CTX_use_psk_identity_hint(ctx, “cyassl server”);
CyaSSL_CTX_set_cipher_list(ctx, “PSK-AES128-CBC-SHA256”);
```
* PSK-AES128-CBC-SHA256 creates the cipher list of having pre shared keys with advanced encryption security using 128 bit key with cipher block chaining using secure hash algorithm.
* PSK-AES128-CBC-SHA256 creates the cipher list of having pre shared keys
with advanced encryption security using 128 bit key with cipher block
chaining using secure hash algorithm.
@ -72,7 +81,9 @@ CyaSSL_CTX_set_cipher_list(ctx, “PSK-AES128-CBC-SHA256”);
* Add the my_psk_server_cb function as follows. This is a function needed that is passed in as an argument to the CyaSSL callback.
3. Add the my_psk_server_cb function as follows. This is a function needed that
is passed in as an argument to the CyaSSL callback.
```
static inline unsigned int my_psk_client_cb(CYASSL* ssl, char* identity, unsigned
char* key, unsigned int key_max_len) {
@ -93,7 +104,6 @@ static inline unsigned int my_psk_client_cb(CYASSL* ssl, char* identity, unsigne
}
```
Example Makefile for Simple Cyass PSK Client:
```
CC=gcc
@ -115,7 +125,12 @@ clean:
The -lcyassl will link the Cyassl Libraries to your program
The makefile for the server is going to be similar to that of the client. If the user wants separate makefiles just make a use the same set up of the client makefile and replace every instance of client-psk with server-psk. To combine make files just add a server-psk with similar ending to each time client-psk is referenced and change the target. There will also need to be a target for when compiling all targets.
The makefile for the server is going to be similar to that of the client. If
the user wants separate makefiles just make a use the same set up of the client
makefile and replace every instance of client-psk with server-psk. To combine
make files just add a server-psk with similar ending to each time client-psk is
referenced and change the target. There will also need to be a target for when
compiling all targets.
```
all: server-psk client-psk
@ -128,21 +143,29 @@ all: server-psk client-psk
# **Concurrent Server**
The main thread accepts clients and for each client accepted a new thread is spawned that then handles the typical server processes.
The main thread accepts clients and for each client accepted a new thread is
spawned that then handles the typical server processes.
1. To use multiple threads include the pthread header file.
**`#include <pthread.h>`**
* When creating multiple threads the state of variables can become an issue. Since in the example, CYASSL_CTX* is not changed after being initially set we can make it a global variable and allow all threads read access while they are processing without having to lock the memory.
2. When creating multiple threads the state of variables can become an issue.
Since in the example, CYASSL_CTX* is not changed after being initially set we
can make it a global variable and allow all threads read access while they are
processing without having to lock the memory.
* After the main thread accepts a client, call the pthread_create function.
3. After the main thread accepts a client, call the pthread_create function.
```
pthread_create(pthread_t* thread, int attribute, void* function, void* arg)
```
* In the example the function passed to pthread_create accepts one void * argument which is the socket the client is on. The function then performs the process of creating a new SSL object, reading and writing to the client, freeing the SSL object, and then terminating the thread.
4. In the example the function passed to pthread_create accepts one void *
argument which is the socket the client is on. The function then performs the
process of creating a new SSL object, reading and writing to the client, freeing
the SSL object, and then terminating the thread.
```
/*
*Process handled by a thread.
@ -180,5 +203,7 @@ pthread_create(pthread_t* thread, int attribute, void* function, void* arg)
pthread_exit( NULL);
}
```
* Void* arg is the argument that gets passed into cyassal_thread when pthread_create is called. In this example that argument is used to pass the socket value that the client for the current thread is on.
5. Void* arg is the argument that gets passed into cyassal_thread when
pthread_create is called. In this example that argument is used to pass the
socket value that the client for the current thread is on.