mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 11:38:09 +00:00
yotta Readme: edited by Irit
This commit is contained in:
parent
7980096899
commit
231a065909
1 changed files with 31 additions and 19 deletions
|
@ -1,49 +1,51 @@
|
|||
# mbed TLS
|
||||
|
||||
mbed TLS (formerly known as PolarSSL) makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their embedded products, with a minimal code footprint. It offers an SSL library with an intuitive API and readable source code.
|
||||
mbed TLS makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their embedded products, with a minimal code footprint. It offers an SSL library with an intuitive API and readable source code.
|
||||
|
||||
The Beta release of mbed TLS integrates the mbed TLS library into mbed OS, mbed SDK and yotta. This is a preview release intended for evaluation only and is **not recommended for deployment**. It currently implements no secure source of random numbers, weakening its security.
|
||||
**Note:** The current release is beta, and implements no secure source of random numbers, weakening its security.
|
||||
|
||||
Currently the only supported yotta targets are:
|
||||
- `frdm-k64f-gcc` and `frdm-k64f-armcc`
|
||||
- `x86-linux-native` and `x86-osx-native`
|
||||
- `frdm-k64f-gcc`
|
||||
- `frdm-k64f-armcc`
|
||||
- `x86-linux-native`
|
||||
- `x86-osx-native`
|
||||
|
||||
## Sample programs
|
||||
|
||||
This release includes the following examples:
|
||||
|
||||
1. [**Self test:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-selftest) found in `test/example-selftest`. Tests different basic functions in the mbed TLS library.
|
||||
1. [**Self test:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-selftest) Tests different basic functions in the mbed TLS library.
|
||||
|
||||
2. [**Benchmark:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-benchmark) found in `test/example-benchmark`. Measures the time taken to perform basic cryptographic functions used in the library.
|
||||
2. [**Benchmark:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-benchmark) Measures the time taken to perform basic cryptographic functions used in the library.
|
||||
|
||||
3. [**Hashing:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-hashing) found in `test/example-hashing`. Demonstrates the various APIs for computes hashes of data (also known as message digests) with SHA-256.
|
||||
3. [**Hashing:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-hashing) Demonstrates the various APIs for computing hashes of data (also known as message digests) with SHA-256.
|
||||
|
||||
4. [**Authenticated encrypted:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-authcrypt) found in `test/example-authcrypt`. Demonstrates usage of the Cipher API for encrypting and authenticating data with AES-CCM.
|
||||
4. [**Authenticated encryption:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-authcrypt) Demonstrates usage of the Cipher API for encrypting and authenticating data with AES-CCM.
|
||||
|
||||
These examples are integrated as yotta tests, so that they are built automatically when you build mbed TLS. Each of them comes with complete usage instructions as a Readme file in its directory.
|
||||
These examples are integrated as yotta tests, so that they are built automatically when you build mbed TLS. Each of them comes with complete usage instructions as a Readme file in the repository.
|
||||
|
||||
## Performing TLS and DTLS connections
|
||||
|
||||
A high-level API for performing TLS and DTLS connections with mbed TLS in mbed OS is provided in a separate yotta module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). It is the recommended API for TLS and DTLS connections. It is very similar to the API provided by the [sockets](https://github.com/ARMmbed/sockets) module for unencrypted TCP and UDP connections.
|
||||
A high-level API for performing TLS and DTLS connections with mbed TLS in mbed OS is provided in a separate yotta module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). We recommend this API for TLS and DTLS connections. It is very similar to the API provided by the [sockets](https://github.com/ARMmbed/sockets) module for unencrypted TCP and UDP connections.
|
||||
|
||||
The `mbed-tls-sockets` module includes a complete [example TLS client](https://github.com/ARMmbed/mbed-tls-sockets/blob/master/test/tls-client/main.cpp) with [usage instructions](https://github.com/ARMmbed/mbed-tls-sockets/blob/master/test/tls-client/README.md).
|
||||
|
||||
## Configuring mbed TLS features
|
||||
|
||||
mbed TLS makes it easy to disable any feature during compilation that isn't required for a particular project. The default configuration enables all modern and widely-used features, which should meet the needs of new projects, and disables all features that are older or less common, to minimize the code footprint.
|
||||
mbed TLS makes it easy to disable any feature during compilation, if that feature isn't required for a particular project. The default configuration enables all modern and widely-used features, which should meet the needs of new projects, and disables all features that are older or less common, to minimize the code footprint.
|
||||
|
||||
The list of available compilation flags is presented in the fully documented [config.h file](https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/config.h), present in the `mbedtls` directory of the yotta module.
|
||||
The list of available compilation flags is available in the fully documented [config.h file](https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/config.h).
|
||||
|
||||
If you need to adjust those flags, you can provide your own configuration-adjustment file with suitable `#define` and `#undef` statements. These will be included between the default definitions and the sanity checks. Your configuration file should be in your application's include directory, and can be named freely; you just need to let mbed TLS know the file's name. To do that, use yotta's [configuration system](http://docs.yottabuild.org/reference/config.html). The file's name should be in your `config.json` file, under mbedtls, as the key `user-config-file`.
|
||||
|
||||
For example, in an application called `myapp`, if you want to enable the EC J-PAKE key exchange and disable the CBC cipher mode, you can create a file named for example `mbedtls-config-changes.h` in the `myapp` directory containing the following lines:
|
||||
For example, in an application called `myapp`, if you want to enable the EC J-PAKE key exchange and disable the CBC cipher mode, you can create a file named `mbedtls-config-changes.h` in the `myapp` directory containing the following lines:
|
||||
|
||||
#define MBEDTLS_ECJPAKE_C
|
||||
#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
|
||||
#undef MBEDTLS_CIPHER_MODE_CBC
|
||||
|
||||
and then create a file named `config.json` at the root of your application with the following contents:
|
||||
And then create a file named `config.json` at the root of your application with the following contents:
|
||||
|
||||
{
|
||||
"mbedtls": {
|
||||
|
@ -55,7 +57,7 @@ Please note: you need to provide the exact name that will be used in the `#inclu
|
|||
|
||||
## Getting mbed TLS from GitHub
|
||||
|
||||
Like most components of mbed OS, mbed TLS is developed in the open and its source can be found on GitHub: [ARMmbed/mbedtls](https://github.com/ARMmbed/mbedtls). Unlike most other mbed OS components however, you cannot just clone the repository and run `yotta build` from its root. This is because mbed TLS also exists as an independent component, so its repository includes things that are not relevant for mbed OS, as well as other build systems.
|
||||
Like most components of mbed OS, mbed TLS is developed in the open and its source can be found on GitHub: [ARMmbed/mbedtls](https://github.com/ARMmbed/mbedtls). Unlike most other mbed OS components, however, you cannot just clone the repository and run `yotta build` from its root. This is because mbed TLS also exists as an independent component, so its repository includes things that are not relevant for mbed OS, as well as other build systems.
|
||||
|
||||
The way to use mbed TLS from a clone of the GitHub repository is to run the following commands from the root of a checkout:
|
||||
|
||||
|
@ -66,11 +68,20 @@ You can then run any yotta command you would normally run, such as `yotta build`
|
|||
|
||||
## Differences between the standalone and mbed OS editions
|
||||
|
||||
While the two editions share the same code base, there are still a number of differences, mainly in configuration and in integration. You should keep in mind those differences when reading some articles of our [knowledge base](https://tls.mbed.org/kb), as currently the articles are about the standalone edition.
|
||||
While the two editions share the same code base, there are still a number of differences, mainly in configuration and integration. You should keep in mind those differences when reading some articles in our [knowledge base](https://tls.mbed.org/kb), as currently all the articles are about the standalone edition.
|
||||
|
||||
* The mbed OS edition has a smaller set of features enabled by default in `config.h`, in order to reduce footprint. While the default configuration of the standalone edition puts more emphasize on maintaining interoperability with old peers, the mbed OS edition only enables the most modern ciphers and the latest version of (D)TLS.
|
||||
* The following components of mbed TLS are not enabled in the mbed OS edition as mbed OS already includes equivalent facilities: `net.c` and `timing.c`.
|
||||
* The mbed OS edition comes with a fully integrated API for (D)TLS connections in a companion module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets), see "Performing TLS and DTLS connections" above.
|
||||
|
||||
* The following components of mbed TLS are disabled in the mbed OS edition: `net.c` and `timing.c`. This is because mbed OS includes their equivalents.
|
||||
|
||||
* The mbed OS edition comes with a fully integrated API for (D)TLS connections in a companion module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). See "Performing TLS and DTLS connections" above.
|
||||
|
||||
## Other resources
|
||||
|
||||
The [mbed TLS website](https://tls.mbed.org) contains many other useful
|
||||
resources for the developer, such as [developer
|
||||
documentation](https://tls.mbed.org/dev-corner), [knowledgebase
|
||||
articles](https://tls.mbed.org/kb), and a [support forum](https://tls.mbed.org/discussions).
|
||||
|
||||
## Contributing
|
||||
|
||||
|
@ -88,4 +99,5 @@ To contribute, please:
|
|||
|
||||
* Write a test that shows that the bug was fixed or that the feature works as expected.
|
||||
|
||||
* Send a pull request and bug us until it gets merged and published. We will include your name in the ChangeLog :)
|
||||
* Send a pull request and bug us until it gets merged and published. We will include your name in the ChangeLog.
|
||||
|
||||
|
|
Loading…
Reference in a new issue