Zilog EZ80F91AZA Uživatelský manuál Strana 1

Copyright ©2011 Zilog®, Inc. All rights reserved.www.zilog.comUM020107-1211User ManualeZ80® Family of MicroprocessorsZTP Network Security SSL Plug-In

UM020107-1211 IntroductionZTP Network Security SSL Plug-InUser Manual4The handshake protocol module is responsible for establishing SSL sessions. Th

UM020107-1211 IntroductionZTP Network Security SSL Plug-InUser Manual5•SSL3_ClientInit •SSL3_ServerInit•TLS1_ClientInit •TLs1_ServerInitClient mode

UM020107-1211 IntroductionZTP Network Security SSL Plug-InUser Manual6This user manual explains these concepts and offers a considerable amount of i

UM020107-1211 IntroductionZTP Network Security SSL Plug-InUser Manual7the client and server both encrypt the digest and send it to the other side fo

UM020107-1211 SSL Handshake ProtocolsZTP Network Security SSL Plug-InUser Manual8SSL Handshake ProtocolsThis chapter presents an overview of the SSL

UM020107-1211 SSL Handshake ProtocolsZTP Network Security SSL Plug-InUser Manual9tion defined for a particular cipher suite used. The entire record

UM020107-1211 SSL Handshake ProtocolsZTP Network Security SSL Plug-InUser Manual10Cipher. A cipher is an algorithm that transforms plain text into e

UM020107-1211 SSL Handshake ProtocolsZTP Network Security SSL Plug-InUser Manual11involved before encrypted data transfer occurs. Figure 3 displays

UM020107-1211 SSL Handshake ProtocolsZTP Network Security SSL Plug-InUser Manual12ple of the block size. The block cipher algorithm uses a key to co

UM020107-1211 Getting StartedZTP Network Security SSL Plug-InUser Manual13Getting StartedThis chapter is a summary of the steps required to run the

UM020107-1211iiZTP Network Security SSL Plug-InUser ManualThis publication is subject to replacement by a later edition. To determine whether a later

UM020107-1211 Getting StartedZTP Network Security SSL Plug-InUser Manual14Figure 4 displays the directory structure of a ZTP-based system after this

UM020107-1211 Getting StartedZTP Network Security SSL Plug-InUser Manual15Figure 4. Directory Structure for a ZTP-Based Source System

UM020107-1211 Getting StartedZTP Network Security SSL Plug-InUser Manual16Figure 5 displays the directory structure of a ZTP-based library system af

UM020107-1211 Getting StartedZTP Network Security SSL Plug-InUser Manual17Build the SSL Demo ApplicationObserve the following procedure to build the

UM020107-1211 Getting StartedZTP Network Security SSL Plug-InUser Manual18Send an Encrypted MessageObserve the following procedure to send an encryp

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual19SSL ConfigurationBefore customizing the SSL demo project or adding SSL s

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual20SSL Configuration using ZDS IIThis section explains how to configure the

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual21Adding SSL Headers to the List of Include PathsTo access the SSL API, it

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual22The code fragment that follows shows an example of how to initialize the

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual23Each of the xxxs_ClientInit APIs is a null function returning a variable

UM020107-1211 Revision HistoryZTP Network Security SSL Plug-InUser ManualiiiRevision HistoryEach instance in the Revision History table below reflec

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual24Client Mode or Server Mode SupportWhen each of the SSL handshake protoco

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual25Each of the four supported digest algorithms has an entry that follows t

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual26NullHash_New,SHA1_New,NullHash_New};Care must be taken while removing th

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual27algorithms, there is a possibility that the client and server will be ab

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual28NullCipher_New};It is important to keep the CipherGen array synchronized

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual29tificate and, therefore, the public key. A field within the certificate

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual30If an application does not use a particular PKI algorithm, its entry in

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual31When the ZTP Network Security SSL Plug-In is operating in client mode, i

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual32#define TLS_RSA_WITH_AES_128_CBC_SHA 0x2F00#define TLS_DH_DSS_WITH_3DES_

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual33For export cipher suites using a 40-bit effective symmetric key, the cip

Revision History UM020107-1211ivZTP Network Security SSL Plug-InUser Manual

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual34and MacSize fields. Lastly, the IsValid flag is set to TRUE so that this

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual35The first entry in every cipher suite table must indicate a NULL cipher

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual36CipherGen table. For additional information about configuring the HashGe

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual37exchange algorithm (DHE in this example). The second public key algorith

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual38MIGKAkEA3uxiDPwIuoU6r22inWehs84FBTvrD8bQufdCltw6RAoV+DM5PHkyMLoH\KEThy65

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual39prime:00:84:5f:92:80:12:59:11:5a:5d:22:84:e9:8d:6e:fc:1b:6b:e4:7d:bb:76:

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual40however, the ZTP Network Security SSL Plug-In does not currently recogni

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual41process continues until the client obtains a certificate from a trusted

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual42{2, // 2 certificates in this chainBASE64_DER_ENCODED_DATA,// All certs

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual43required, a public/private key pair). Third party utilities can also be

UM020107-1211 Table of ContentsZTP Network Security SSL Plug-InUser ManualvTable of ContentsRevision History. . . . . . . . . . . . . . . . . . . .

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual44req command not to DES-encrypt the private key. The Base64-encoded data

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual45 C = US ST = CA L

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual46SSL_BYTE SrvrCrt[] = {"\MIIBvzCCAWmgAwIBAgICEjQwDQYJKoZIhvcNAQEEBQA

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual47 {NULLPTR, 0}, {NULLPTR, 0} }};5. Lastly, to initialize the SSL server,

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual48Certificate VerificationPrior to using X.509 certificates, SSL clients a

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual49#define SSL_X509_SIGNATURE_VERIFIED 0x04#define SSL_X509_SELF_SIGNED 0x0

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual50The SSL protocol layer internally sets the SSL_X509_TRUSTED flag on all

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual51asymmetric key exchange/agreement algorithm) that the subject of the cer

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual52The digital signature standard (DSS) specification does not permit the u

UM020107-1211 SSL ConfigurationZTP Network Security SSL Plug-InUser Manual53expire too fast, then extra public key operations must be performed, res

UM020107-1211 Table of ContentsZTP Network Security SSL Plug-InUser ManualviAppendix A. Default SSL Cipher Suites . . . . . . . . . . . . . . . . .

UM020107-1211 How to Use the HTTPS ServerZTP Network Security SSL Plug-InUser Manual54How to Use the HTTPS ServerThe SSL libraries contain an HTTPS

UM020107-1211 How to Use the HTTPS ServerZTP Network Security SSL Plug-InUser Manual55When multiple SSL protocols are enabled, preference is given t

UM020107-1211 How to Use the HTTPS ServerZTP Network Security SSL Plug-InUser Manual56generated when the CA issues a valid certificate in which the

UM020107-1211 Creating SSL ApplicationsZTP Network Security SSL Plug-InUser Manual57Creating SSL ApplicationsThis chapter explains how to migrate a

UM020107-1211 Creating SSL ApplicationsZTP Network Security SSL Plug-InUser Manual58INT16 sockfd;INT16 confd;struct sockaddr_in server;struct sockad

UM020107-1211 Creating SSL ApplicationsZTP Network Security SSL Plug-InUser Manual592. To receive TCP data over the TCP-SSL connection, the recv API

Creating SSL Applications UM020107-121160ZTP Network Security SSL Plug-InUser ManualClient ApplicationsThis section presents steps that a ZTP TCP cl

UM020107-1211 Creating SSL ApplicationsZTP Network Security SSL Plug-InUser Manual61This API opens the SSL socket (SSL) and requests an SSL connecti

Creating SSL Applications UM020107-121162ZTP Network Security SSL Plug-InUser Manual

UM020107-1211 ZTP Network Security SSL Plug-InUser Manual63Appendix A. Default SSL Cipher SuitesThis appendix identifies the subset of the cipher sui

UM020107-1211 IntroductionZTP Network Security SSL Plug-InUser Manual1IntroductionZilog’s TCP/IP Network Security SSL Plug-In provides security for

UM020107-1211 ZTP Network Security SSL Plug-InUser Manual64When SSLv2 was drafted, the U.S. export laws restricted the length of the encryption keys

UM020107-1211 ZTP Network Security SSL Plug-InUser Manual65When SSLv3 was drafted, the U.S. export laws restricted the length of the encryption keys

UM020107-1211 ZTP Network Security SSL Plug-InUser Manual66Table 10 shows the cipher suites defined in the TLS version 1 specification, and indicates

UM020107-1211 ZTP Network Security SSL Plug-InUser Manual67When SSLv3 was drafted, the U.S. export laws restricted the length of the encryption keys

UM020107-1211 ZTP Network Security SSL Plug-InUser Manual68

UM020107-1211 ZTP Network Security SSL Plug-InUser Manual69Appendix B. Advanced Topic: Creating Private Cipher SuitesWhen the SSL specifications were

UM020107-121170ZTP Network Security SSL Plug-InUser ManualThis mnemonic indicates that RSA will be used for authentication and key exchange; 128-bit

UM020107-1211 ZTP Network Security SSL Plug-InUser Manual71Appendix C. Diffie-Hellman Private KeysAlthough this implementation supports the establish

UM020107-121172ZTP Network Security SSL Plug-InUser Manual

UM020107-1211 Customer SupportZTP Network Security SSL Plug-InUser Manual73Customer SupportTo share comments, get your technical questions answered

UM020107-1211 IntroductionZTP Network Security SSL Plug-InUser Manual2•Supported digest algorithms:–MD5 – SHA1– Keyed MD5 (HMAC_MD5)– Keyed SHA1 (HM

UM020107-1211 IntroductionZTP Network Security SSL Plug-InUser Manual3Each of the following SSL modules is described in this section. •TCP Interface