427

Here are some goodies (source code, tools and documentation) to play with the Elektor E-lock* Secure Server Board (130280).

Here are some goodies (source code, tools and documentation) to play with the Elektor E-lock* Secure Server Board (130280).

  • Connect the Secure Server Board (SSB) to the same network as your test computer.
  • Run ISLRaw.exe to find the SSB. Once found, you can attribute it an IP address.
  • You will be asked to load the server certificates. Make sure you have (created) valid ones. See the documents below for details on how to create certificates.
  • Run ISLElektor.exe to connect to the SSB and play with it. You must enter the IP you setup before and port number 2013. Then clic connect. Connecting can take up to 20 seconds.

*) Buy the E-lock in the Elektor shop: http://www.elektor.com/130280-91

A Microsoft Visual C++ 2010 Express project is attached below to show how to communicate with the server. It is a command line utility that takes the server IP address and the port number (2013) as parameters. When the certificate and key files are valid it will connect to the server, switch the relays on, wait one second, switch the relays and disconnect. You can use this project as a starting point for your own applications.

The server commands are detailed in the attached documents.

The project includes parts of the open source library cyassl (http://www.yassl.com/). This is a secure wrapper for standard socket functions like read, write, send and recv (cyassl_read, cyassl_write, etc.). You have to feed it the certificates before you can connect to a secure server. It is not necessary to compile cyassl first, it is all one big project.

If you prefer you can create a library for cyassl and use it for instance with Mingw or on Linux or Mac. Many different platforms are supported. See also the remarks on compiling cyassl below.

Pitfalls

  • Certificates expire. If you can ping the server but you cannot connect to it while its LED blinks at the normal unconnect rate of about 2 Hz, it may be that your certificates have expired. Create new certificates to solve this.
  • Restore factory settings erase main application. If you boot the board with JP3 in place, the server will revert to its factory settings. This may/will also erase its main application, making it impossible to connect to the server afterwards. If this is the case the LED will blink fast (>2 Hz). The solution is to set the server's IP address using ISLRaw, then reboot the server without JP3, set again the server's IP address using ISLRaw, then use ISLElektor to upload the (new) firmware to the server (this takes about a minute). After setting once more the server's IP address with ISLRaw you can upload the certificates and finally connect again to the server.
  • CYASSL is needed. To build a project for communicating with the server you need an SSL library. We have used the Open Source library CYASSL 2.8.0. Download it from www.yassl.com. Try to see if you can compile the library without errors for your platform.
  • Once the library compiles successfully, add the following code fragment to the top of the file "settings.h" (in the folder "cyassl-2.8.0\cyassl\ctaocrypt\"):
 
#define WIN_SOCLUTIONS
 
#ifdef WIN_SOCLUTIONS
    #define NO_CYASSL_SERVER
    #define USE_WINDOWS_API
    #define NO_DES
    #define NO_DES3
    #define NO_DSA
    #define NO_MD4
    #define NO_RC4
    #define NO_RABBIT
    #define NO_HC128
    #define NO_PSK
    #define CYASSL_SHA512
    #define CYASSL_SHA384
    #define HAVE_AESGCM
    #define GCM_TABLE
#endif
 
  • Replace line 3166 of the file cyassl-2.8.0\src\internal.c with this
     
        //WIN_SOCLUTIONS is a TLS client and does not verify Certificate signature
#ifndef WIN_SOCLUTIONS
        ret = ParseCertRelative(&dCert, CERT_TYPE, !ssl->options.verifyNone,
                                ssl->ctx->cm);
#else
        ret = ParseCertRelative(&dCert, CERT_TYPE, ssl->options.verifyNone,
                                ssl->ctx->cm);
#endif
 
  • Replace line 2032 of the file cyassl-2.8.0\src\ssl.c with this
     
        //WIN_SOCLUTIONS is a TLS client and does not verify Certificate signature
#ifdef WIN_SOCLUTIONS
    ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm);
#else
    ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
#endif
 
  • Recompile the CYASSL library. If you now see errors or multiple definitions, your compiler project or makefile probably defines some symbols that you don't want. You or your makefile must not define OPENSSL_EXTRA. Compilation may produce some type cast warnings but no errors.

If you experience problems with cyassl refer to the manual (http://www.yassl.com/yaSSL/Docs-cyassl-manual-toc.html).

It may be useful to make cyassl verbose so it will output debug messages. To do so, build the library with the constant DEBUG_CYASSL defined _AND_ by calling CyaSSL_Debugging_ON() somewhere at the beginning of your program.

The attached archive "130499-cyassl-as-library.ZIP" contains a project showing how to use cyassl as a library in your own project.

The attached file "bpl.zip" contains the BPL and DLL files that are needed to run the precompiled tools. They are now also included in the file "ISLElektor050314.zip" below.

 

 

Â