UM1723 User Manual - STMicroelectronics
Contents
1. 24 d DoclD025805 Rev 2 UM1723 SSL TLS protocol overview 1 1 Note 1 2 g SSL TLS protocol overview The Secure Socket Layer SSL and Transport Layer Security TLS protocols provide communications security over the Internet and allow client server applications to communicate in a way that is private and reliable These protocols are layered above a transport protocol such as TCP IP SSL is the standard security technology for creating an encrypted link between server and client This link ensures that all communication data remains private and secure The major objectives of SSL TLS are e Provide data integrity between two communicating applications e Protect information transmitted between server and client e Authenticate the server to the client e Allow the client and server to select the cryptographic algorithms that they both support e Optionally authenticate the client to the server e Use public key encryption techniques to generate shared secrets e Establish an encrypted SSL connection History of the SSL TLS protocols SSL was developed by Netscape in 1994 to secure transactions over the Internet Soon after the Internet Engineering Task Force IETF began work to develop a standard protocol to provide the same functionality e SSL 1 0 Netscape 1993 Internal Netscape design e SSL 2 0 Netscape 1994 This version contained a number of security flaws e SSL 3 0 Netsc2. MSv33025V2 SSL Alert protocol The SSL Alert protocol signals problems with the SSL session ranging from simple warnings unknown certificate revoked certificate expired certificate to fatal error messages that immediately terminate the SSL connection Change Cipher Spec protocol The SSL Change Cipher Spec protocol consists of a single message that indicates the end of the SSL Handshake protocol DoclD025805 Rev 2 9 26 PolarSSL library UM1723 2 2 1 2 2 10 26 PolarSSL library Overview PolarSSL is a light weight open source cryptographic and SSL TLS library written in C This library contains all needed functions to implement an SSL TLS server or client It contains also a set of hashing functions and cryptographic algorithms Library features e SSL 3 0 TLS 1 0 TLS 1 1 and TLS 1 2 client server support Symmetric encryption algorithms AES Blowfish Triple DES 3DES DES ARC4 Camellia XTEA e Modes of operation ECB CBC CFB CTR GCM e Hash algorithms MD2 MD4 MD5 SHA 1 SHA 224 SHA 256 SHA 384 SHA 512 e Software random number generator HAVEGE CTR DRBG e X509 certificates CRLs Keys and ASN 1 e Public key cryptography RSA and Diffie Hellman DHM key exchange The source code of the PolarSSL library can be downloaded from this link http polarssl org License PolarSSL is licensed according to the dual licensing model PolarSSL is available under the open source
3. L UM1723 yf i life augmented User Manual STM32Cube PolarSSL example Note June 2015 Introduction The STM32Cube initiative was originated by STMicroelectronics to ease developers life by reducing development efforts time and cost STM32Cube covers the STM32 portfolio STM32Cube Version 1 x includes e The STM32CubeMX a graphical software configuration tool that allows to generate C initialization code using graphical wizards s A comprehensive embedded software platform delivered per series such as STM32CubeF4 for STM32F4 series The STM32Cube HAL an STM32 abstraction layer embedded software ensuring maximized portability across the STM32 portfolio A consistent set of middleware components such as RTOS USB TCP IP and graphics A All embedded software utilities coming with a full set of examples With the increasing number of embedded devices interconnected over the network hardware based cryptographic capabilities are required to ensure secure transactions The integrated Ethernet MAC and cryptographic processor of the STM32 make it best fits for such applications The embedded Ethernet features a 10 100 Mbit s MAC it supports both the Media Independent Interface MII and the Reduced Media Independent Interface RMII giving developers the flexibility to connect to the PHY of their choice Performance is further enhanced through the use of a dedicated DMA controller and hardware checksums for t
4. 2 Ly UM1723 Contents 8 Revision history 25 d DoclD025805 Rev 2 3 26 List of figures UM1723 List of figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 4 26 SSL application architecture 6 SSL sub protocols 6 SSL Handshake protocol 7 Handshake protocol to resume an SSL session 9 SSL Record protocol bua edu rA eee te dae beet edness 9 SSL client demonstration architecture 15 SSL client application 0 00 02 eee ee 16 The ssl server application windoW 16 HyperTerminal window R ieroci tarir trant EEOAE m res 17 SSL server application architecture 18 The SSL server application 19 HTML page displayed on successful connection 19 HyperTerminal SSL server connection status 20 SSL clientthreadflowchart 23 SSL serverthreadflowchart
5. 1 SSL application architecture Application layer SSL TLS layer TCP layer IP layer Physical layer MS33023V1 1 3 SSL TLS sub protocols The SSL TLS protocol includes four sub protocols the SSL Record protocol the SSL Handshake protocol the SSL Alert protocol and the SSL Change Cipher Spec protocol Figure 2 SSL sub protocols Application Y Handshake 7 v 5 Alert ccs E a v Y Record v v TCP IP MS33024V1 6 26 DoclD025805 Rev 2 Ly UM1723 SSL TLS protocol overview 1 3 1 SSL Handshake protocol The SSL session state is controlled by the SSL Handshake protocol This protocol uses the SSL Record protocol to exchange a series of messages between SSL server and SSL client when they first start communicating This message exchanging is designed to facilitate the following actions e The protocol version e Allow the client and server to select the cryptographic algorithms or ciphers that they both support Authenticate the server to the client e Optionally authenticate the client to the server e Use public key encryption techniques to generate shared secrets e Establish an encrypted SSL connection Figure 3 SSL Handshake protocol Client ClientHello Certificate ClientKeyExchange CertificateVerify ChangeCipherSpec Finis
6. GPL version two license as well as under a commercial license for closed source projects For detailed information about licensing please refer to this link https polarssl org g DoclD025805 Rev 2 UM1723 STM32 hardware cryptography 3 3 1 3 2 3 3 Note d STM32 hardware cryptography As described in Section 2 PolarSSL library the PolarSSL library contains a set of symmetric encryption algorithms AES 128 192 256 Triple DES hashing functions MD5 SHA 1 SHA 2 and a software random number generator All these functions and algorithms are needed to implement SSL TLS applications To off load the CPU from encryption decryption hash and RNG random number generator tasks all these functions and algorithms are implemented using the hardware acceleration AES 128 192 256 Triple DES MD5 SHA 1 SHA 2 and analog RNG through the STM32Cube HAL APIs Cryptographic processor The cryptographic processor can be used to both encipher and decipher data using the Triple DES or AES algorithm It is a fully compliant implementation of the following standards e The data encryption standard DES and Triple DES TDES as defined by the Federal Information Processing Standards Publication FIPS PUB 46 3 1999 October 25 It follows the American National Standards Institute ANSI X9 52 standard e The advanced encryption standard AES as defined by Federal Information Processing Standards Publication FIP
7. S PUB 197 2001 November 26 The CRYP processor may be used for both encryption and decryption in the Electronic codebook ECB mode the Cipher block chaining CBC mode or the Counter CTR mode in AES only Random number generator The RNG processor is a random number generator based on a continuous analog noise that provides a random 32 bit value to the host when it is read Hash processor The hash processor is a fully compliant implementation of the SHA secure hash algorithm the message digest algorithm 5 hash algorithm and the HMAC keyed hash message authentication code algorithm suitable for a variety of applications It computes a message digest 160 bits for the SHA 1 algorithm 256 bits for the SHA 256 algorithm and 224 bits for the SHA 224 algorithm 128 bits for the MD5 algorithm for messages of up to 2 64 1 bits while HMAC algorithms provide a way of authenticating messages by means of hash functions HMAC algorithms consist in calling the SHA 1 SHA 224 SHA 256 or MD5 hash function twice For more detailed information refer to the CRYP HASH and RNG sections of the STM32 device Reference Manual DoclD025805 Rev 2 11 26 Description of the package UM1723 4 4 1 4 2 4 2 1 Note 12 26 Description of the package This package contains two applications running on top of the PolarSSL library and LwIP stack in RTOS mode s SSL Client This application proves the ability of the STM32F4xx de
8. aiting for a remote connection Performing the SSL TLS handshake Read from client 18 bytes read HTTP 1 6 gt Write to client 148 bytes written HTTP 1 200 OK Content Type text html lt h2 gt PolarSSL Test Server lt h2 gt Kp gt Successful connection using TLS DHE RSA WITH AES 256 CBC SHA256 lt p gt Waiting for a remote connection HyperTerminal HyperTerminal window Figure 9 displays the status of the SSL client application running on the STM32F4xx device write and read messages e Status of SSL structures SSL context SSL session SSL RNG e Client request to the server GET e The received message contains the result of Handshake protocol for example Successful connection using SSL EDH RSA AES 256 SHA DoclD025805 Rev 2 d UM1723 Using the applications Figure 9 HyperTerminal window ssl server HyperTerminal File Edit Yiew Call Transfer Help DE 55 28 Maiting for a remote connection ok Performing the SSL TLS handshake ok Read from client 331 bytes read Write to client Successfully write 947 bytes to client Maiting for a remote connection ok Performing the SSL TLS handshake ok Read from client 331 bytes read Write to client Successfully write 947 bytes to client Waiting for a remote connection _ lt Connected 0 02 05 Auto detect 9600 8 N 1 5 2 SSL server application This demonstra
9. ape 1996 All Internet browsers support this version of the protocol e TLS 1 0 IETF 1999 This version was defined in RFC 2246 as an upgrade to SSL 3 0 The differences between this protocol and SSL 3 0 are not dramatic but they are significant enough that TLS 1 0 and SSL 3 0 do not inter operate e TLS 1 1 IETF 2006 This version was defined in RFC 4346 It is an update from TLS version 1 0 e TLS 1 2 IETF 2008 This version was defined in RFC 5246 It is based on the earlier TLS 1 1 The SSL TLS protocols are referred by SSL throughout this document SSL TLS application layers An application using SSL TLS protocol consists generally of five layers e Application layer the Application Layer refers to the higher level protocols used by most applications for network communication e SSL TLS layer the SSL TLS layer provides security communication over the Internet DoclD025805 Rev 2 5 26 SSL TLS protocol overview UM1723 e TCP layer the Transport Layer responsibilities include end to end message transfer capabilities independent of the underlying network along with error control segmentation flow control congestion control and application addressing e P layer the Internet Protocol layer is responsible for addressing hosts and routing packets from a source host to the destination host e Physical layer the Physical Layer consists of the basic hardware transmission technologies of a network Figure
10. d mode user has to fill the Medialnterface parameter of Init structure when initializing the Ethernet peripheral Refer to the readme file provided within PolarSSL example of the device to know about the available PHY interface modes on the supported boards DoclD025805 Rev 2 Ly UM1723 Description of the package 4 2 2 4 3 d MAC and IP address settings The default MAC address is set to 00 00 00 00 00 02 To change this address modify the six bytes defined in the stm32f4xx hal cont H file The default IP address is set to 192 168 0 10 To change this address modify the six bytes defined in the main h file Evaluation boards settings Before running the PolarSSL example have a look on the associated readme file to know how to configure the board jumpers for correct operation DoclD025805 Rev 2 13 26 Using the applications UM1723 5 5 1 14 26 Using the applications SSL client application This demonstration consists of using the STM324xx EVAL evaluation board as a client that connects to a secure server to provide the SSL Handshake protocol Architecture of the application The SSL client demonstration as shown in Figure 6 contains five threads LED task blink LED4 every 200 ms Ethernet input thread the low level layer was set to detect the reception of frames by interrupts So when the Ethernet controller receives a valid frame it generates an interrupt In the handling
11. e cable is not connected else the Red LED of the evaluation board will turn on When the user connects again the cable the Ethernet traffic will resume and network interface will be set up If an LCD controller is used a message is displayed to inform user about the new IP address either with static or dynamic allocation otherwise the Yellow LED of the evaluation board will turn on How to port the application on a different hardware When another hardware platform is used the user has to check the GPIO configuration into the HAL ETH Msplnit function for the Ethernet peripheral also HAL PPP Msplnit or HAL Msplnit if the application needs more PPP peripheral g DoclD025805 Rev 2 UM1723 Additional information Appendix A Additional information Figure 14 SSL client thread flowchart Start memset Allocate all Memory buf v havege _ init Initialize the RNG and the session data v ret net connect Start the connection o c ret 0 yes v ret ssl init Initialize an SSL context mme yes Y v ret ssl write Send application data dice yes v ret ssl read Read the HTTP response lt v net close Close the connection v ssl free Cleanup all memory MS18969V1 d DoclD025805 Rev 2 23 26 Additio
12. e protocol 7 1 3 2 SSL Record protocol 2 222 gs UWA KA 9 1 3 3 SSL Alert protocol IIIA eee ene 9 1 3 4 Change Cipher Spec protocol 9 2 PolarSSL library 10 2 1 OVEINVIOW ssa aara TER RET AAA 10 2 2 LICENSE s sex aes wok Oe de S AA Modes es je i Ra 10 3 STM32 hardware cryptography 11 3 1 Cryptographic processor 11 3 2 Random number generator 11 3 3 Hash processor 11 4 Description of the package 12 4 1 Package directories susce ad ke qu RR A RR bees a Rn cR CILE REGN ve we 12 4 2 Application settings 12 4 2 1 PHY interface configuration 12 4 2 2 MAC and IP address settings 13 4 3 Evaluation boards settings 13 5 Using the applications 14 5 1 SSL client application 14 5 2 SSL server application 17 6 Conclusion saxa ure a 9 9 EE R RR u aa E R RR RE RR RRR R RE 21 7 FAQ aa aa Wi aa kaa Wa aa DE EE 22 Appendix A Additionalinformation 23 2 26 DoclD025805 Rev
13. function of this interrupt a binary semaphore is created to wake up the Ethernet task This task transfers the input frames to the TCP IP stack Ethernet link thread handles Ethernet cable connection and disconnection process TCP IP thread all packet processing input and output is done inside this thread The application threads communicate with this thread using message boxes and semaphores SSL client thread this task handles the SSL Handshake protocol It connects to an SSL server and performs the following Initializes SSL structures SSL context SSL session SSL RNG Connects to a SSL server Sets up the SSL session Handles the SSL Handshake protocol Writes a message to the server Reads a message from the server Sends these messages through USART Closes the connection Cleans all SSL structures g DoclD025805 Rev 2 UM1723 Using the applications Note d Figure 6 SSL client demonstration architecture SSL client thread PolarSSL SSL TLS 3 LwIP a 4 TCP IP Thread o Ethernet Thread STM32Cube Library MS33027V2 How to use the application First connect the STM324xx EVAL evaluation board as follows Ethernet link connect to a remote PC through a crossover Ethernet cable or to the local network through a straight Ethernet cable RS232 link used with HyperTerminal like ap
14. hat is not recognized by the browser or when the certificate was issued to a different web address d DoclD025805 Rev 2 UM1723 Conclusion 6 Conclusion This user manual describes two STM32F4xx applications that implement the PolarSSL library with the STM32Cube drivers The first one demonstrates the ability of the STM32F4xx devices to exchange messages with a server through an SSL connection This application allows the STM32 to connect to a secure web server The second one is a combination of HTTP with SSL protocol to provide encryption and secure identification of the server This application allows the user to connect to an STM32 using the SSL protocol from a web browser d DoclD025805 Rev 2 21 26 FAQ UM1723 22 26 FAQ How to choose between static or dynamic DHCP IP address allocation When the macro define USE_DHCP located in main h is commented a static IP address is assigned to the STM32 microcontroller by default 192 168 0 10 this value can be modified from main h file If the macro define USE DHCP is uncommented the DHCP protocol is enabled and the STM32 will act as a DHCP client How the application behaves when the Ethernet cable is disconnected When the cable is disconnected the Ethernet peripheral stops both transmission and reception traffics also the network interface will be set down If an LCD controller is used a message is displayed to inform the user that th
15. he IP UDP TCP and ICMP protocols The hardware cryptographic processor supports AES 128 192 256 Triple DES DES SHA 1 SHA 2 MD5 and RNG Secure Sockets Layer SSL and Transport Layer Security TLS cryptographic protocols provide security for communications over networks such as the Internet and allow client and server applications to communicate in a way that is private and secure The purpose of this user manual is to present an SSL Client Server example built on top of STM32Cube HAL drivers and the PolarSSL library a free SSL TLS library This document is applicable to all STM32 Series featuring an Ethernet peripheral and hardware cryptographic processor for simplicity reason STM32F4xx and STM32CubeF4 are used as reference platform within all the documents The same description file names and screenshot are applicable as well to other Series offering Ethernet connectivity such as STM32F217xx and STM32F756xx To know more about the PolarSSLexample implementation on STM32 Series refer to the documentation provided within the associated STM32Cube firmware package e g DoclD025805 Rev 2 1 26 www st com Contents UM1723 Contents 1 SSL TLS protocol overview 5 1 1 History of the SSL TLS protocols 5 1 2 SSL TLS application layers 5 1 3 SSL TLS sub protocols 6 1 3 1 SSL Handshak
16. hed Application data Optional Server ServerHello Certificate ServerKeyExchange CertificateRequest ServerHelloDone ChangeCipherSpec Finished Application data The following description is the procedure for SSL Handshake protocol 1 Theclient sends a ClientHello message specifying the highest SSL protocol version it supports a random number a list of cipher suites and compression methods 2 Server responds with a ServerHello message that contains the chosen protocol version another random number cipher suite and compression method from the choices offered by the client and the session ID Note The client and the server must support at least one common cipher suite or else the Handshake protocol fails The server generally chooses the strongest common cipher suite they both support 3 The server sends its digital certificate in an optional certificate message for example the server uses X 509 digital certificates 4 Ifno certificate is sent an optional ServerKeyExchange message is sent containing the server public information d DoclD025805 Rev 2 7 26 SSL TLS protocol overview UM1723 Note Note 8 26 5 If the server requires a digital certificate for client authentication an optional CertificateRequest message is appended 6 The server sends a ServerHelloDone message indicating the end of this phase of negotiation 7 If the server has sen
17. med 2 The server checks its session cache for a match If a match is found and the server is willing to re establish the connection under the specified session state it sends a ServerHello message with the same Session ID value 3 Both client and server must send ChangeCipherSpec messages and proceed directly to the finished messages 4 Once the re establishment is complete the client and server may begin to exchange encrypted application data If a Session ID match is not found the server generates a new session ID and the client and server perform a full Handshake protocol 1 RFC 5246 The TLS protocol version 1 2 d DoclD025805 Rev 2 UM1723 SSL TLS protocol overview 1 3 2 1 3 3 1 3 4 d Figure 4 Handshake protocol to resume an SSL session Server Client Lal 4 am e ientHello ServerHello ChangeCipherSpec Finished ChangeCipherSpec Finished Application data Application data SSL Record protocol The Record protocol takes messages to be transmitted fragments the data into manageable blocks optionally compresses the data applies a MAC encrypts and transmits the results The received data is decrypted verified decompressed and reassembled then delivered to higher level clients Figure 5 SSL Record protocol Application data l F2 Fn Fragment Compression Authentication Encryption
18. nal information UM1723 Figure 15 SSL server thread flowchart C is Load the certificate v Bind on https port y Wait until a client connects no E Clien x connects es ye Initialize the RNG and the session data Y ret ssl_ handshake Handshake protocol Eu E no yes ret ssl read Read the HTTP Request E yes ret ssl write Write the response 4 v net_ close Close the connection Y ssl free Cleanup all memory End MS18968V1 24 26 DoclD025805 Rev 2 d UM1723 Revision history 8 Revision history Table 1 Document revision history Date Revision Changes 27 Mar 2014 1 Initial release Updated Section 3 STM32 hardware cryptography Section 4 Description of the package Section 4 2 1 PHY interface configuration Section 4 3 Evaluation boards settings Section 5 1 SSL client application 5 Jun 2015 2 d DoclD025805 Rev 2 25 26 UM1723 IMPORTANT NOTICE PLEASE READ CAREFULLY STMicroelectronics NV and its subsidiaries ST reserve the right to make changes corrections enhancements modifications and improvements to ST products and or to this document at any time without notice Purchasers should obtain the latest relevant information on ST product
19. nd their status Server LinkThr IDLE TCP IP LED4 Blocked R Ready D Deleted S Suspended HTTP 1 0 200 OK Content Type text html PolarSSL Test Server Successful connection using TLS DHE RSA WITH AES 256 CBC SH The user can monitor the connection status of the SSL server application running on STM32F4xx device using the HyperTerminal window This window Figure 13 shows e The status of connection SSL structures and Handshake protocol e The size of the client request message e The size of the server response html page d DoclD025805 Rev 2 19 26 Using the applications UM1723 Note 20 26 Figure 13 HyperTerminal SSL server connection status ssl server HyperTerminal File Edit Yiew Call Transfer Help De 55 0B Waiting for a remote connection ok Performing the SSL TLS handshake ok Read from client 331 bytes read Write to client Successfully write 94 bytes to client Waiting for a remote connection ok Performing the SSL TLS handshake ok Read from client 331 bytes read Write to client Successfully write 94 bytes to client Waiting for a remote connection lt Connected 0 02 05 Auto detect 9600 8 N 1 The first time that the user connects to the server he receives a warning message from the browser about the certificate presented This warning occurs when the certificate has been issued by a certification authority CA t
20. plication to display debug messages connect a null modem female female RS232 cable between the USART connector of the STM324xx EVAL evaluation board and the PC serial port To run the SSL client example proceed as follows Build and program the SSL client code in the STM32F4xx Flash Run the SSL server application on the remote PC and run ss server exe under Utilities PC_Software ssl_server This application then waits for a client connection on https port 443 Start the STM324xx EVAL evaluation board Monitor the connection status in the SSL server application window and HyperTerminal window Ensure that the remote PC IP address is the same address as defined in ssl client c file define SSL SERVER NAME 192 168 0 1 If a firewall is used the user must be sure that the ss server application accepts connection requests If it does not the firewall will reject the client requests DoclD025805 Rev 2 15 26 Using the applications UM1723 16 26 SSL Server HyperTerminal ssl_server exe The ssl server exe application window is shown in Figure 8 The SSL server application displays the connection request status all exchanged messages between the server and the client are displayed Figure 8 The ssl server application window ct C ssl_server exe jo Loading the server cert and key Bind on https localhost 4433 Seeding the random number generator Setting up the SSL data ok W
21. s before placing orders ST products are sold pursuant to ST s terms and conditions of sale in place at the time of order acknowledgement Purchasers are solely responsible for the choice selection and use of ST products and ST assumes no liability for application assistance or the design of Purchasers products No license express or implied to any intellectual property right is granted by ST herein Resale of ST products with provisions different from the information set forth herein shall void any warranty granted by ST for such product ST and the ST logo are trademarks of ST All other product or service names are the property of their respective owners Information in this document supersedes and replaces information previously supplied in any prior versions of this document 2015 STMicroelectronics All rights reserved d 26 26 DoclD025805 Rev 2
22. t a CertificateRequest message the client must send its X 509 client certificate in a Certificate message 8 Theclient sends a ClientKeyExchange message This message contains the premaster secret number used in the generation of the symmetric encryption keys and the message authentication code MAC keys The client encrypts pre master secret number with the public key of the server The public key is sent by the server in the digital certificate or in ServerKeyExchange message 9 Ifthe client sent a digital certificate to the server the client sends a CertificateVerify message signed with the client s private key By verifying the signature of this message the server can explicitly verify the ownership of the client digital certificate 10 The client sends a ChangeCipherSpec message announcing that the new parameters cipher method keys have been loaded 11 The client sends a finished message it is the first message encrypted with the new cipher method and keys 12 The server responds with a ChangeCipherSpec and a finished message from its end 13 The SSL Handshake protocol ends and the encrypted exchange of application data can be started Resuming SSL session When the client and the server decide to resume a previous session or to duplicate an existing session instead of negotiating new security parameters the message flow is as follows 1 Theclient sends a ClientHello message using the Session ID of the session to be resu
23. tion consists of setting up the STM32 device as an SSL server that waits for a SSL client request to make the connection Architecture of the application The SSL server demonstration contains six threads The LED Ethernet input Ethernet link and TCP_IP threads are the same as the SSL client application threads SSL server thread this thread creates an SSL connection and waits for the client request to make the secure connection When the connection is established the client sends Get request to load the html page This page contains information about the tasks running in this demonstration The SSL server task also sends the status of the connection through the USART DHCP Client thread This thread is used to configure the IP address by DHCP To enable the DHCP client uncomment the define USE_DHCP in main h file d DoclD025805 Rev 2 17 26 Using the applications UM1723 Note 18 26 Figure 10 SSL server application architecture SSL client thread PolarSSL SSL TLS LwIP TCP IP Thread SOLM9914 Ethernet Thread STM32Cube Library MS33027V2 How to use the application First connect the STM324xx EVAL evaluation board as follows e Ethernet link connect to a remote PC through a crossover Ethernet cable or to the local network through a straight Ethernet cable e RS232 link used with HyperTerminal like application
24. to display debug messages To run the SSL server demonstration e Build and program the SSL server code in the STM32F4xx Flash e Start the STM324xx EVAL board e Open a web browser such as Internet Explorer or Firefox and type https followed by the IP address of the board in the browser by default type https 192 168 0 10 If a firewall is present user must be sure that the HTTPS port accepts the connection requests If it does not the firewall will reject the connection DoclD025805 Rev 2 g UM1723 Using the applications Figure 11 The SSL server application pum mc au Ethernet GN Ethernet etwork cabe P I I I I I L qd unde ms sar R 232 cable l 7 fordebug STM32 I I URN SSL Server I I 7 l I l C b I Ij I l WES I I I N C i SSL Client TH I E E AA E On successful connection a page is displayed showing the running tasks and their status This page contains also the number of page hits and the list of cipher suites used in the connection Figure 12 HTML page displayed on successful connection 7 Mozilla Firefox File Edit View History Bookmarks Tools Help https 192 168 0 10 index html Z https 192 168 0 tofindex htm el Most Visited Getting Started Customize Links Windows Marketplace STM32Cube SSL server Demo using STM32F417xx HW Crypto Page Hits 70 The list of tasks a
25. vice to exchange messages with a server over TCP IP connectivity through a SSL connection This application allows the user to connect the STM324xx EVAL board to a secure web server with SSL protocol s SSL Server This application is a combination of HTTP with SSL protocol to provide encryption and secure identification of the server This application allows the user to connect from a web browser to a STM324xx EVAL evaluation board using SSL protocol These two applications are located under Projects STM324xx_EVAL Applications PolarSSL where STM324xx EVAL refers to STM32F4xx evaluation board such as STM324xG EVAL for STM32F407xx 417xx devices Package directories The package contains two applications running on top of PolarSSL LwIP FreeRTOS and STM32F4Cube HAL and BSP drivers The firmware is composed from the following modules e Drivers contains the SMT32Cube drivers of the MCU CMSIS BSP drivers HAL drivers e Middleware contains libraries and protocol components LwIP TCP IP stack PolarSSL library FreeRTOS e Projects contains the source file and configurations of each application Application settings PHY interface configuration The Ethernet peripheral is interfaced with an external PHY to provide physical layer communication The PHY registers definition are located under the HAL configuration file stm32fAxx hal conf h The PHY operates following two modes MII and RMII to select the require
Download Pdf Manuals
Related Search