# MBEDTLS

- mbedTLS is an open-source SSL/TLS library that provides tools for secure communications over networks.
- It is lightweight and modular, making it a popular choice for embedded devices and other constrained environments. 


## Basic Concepts of TLS/SSL in mbedTLS

- TLS (Transport Layer Security): TLS is a protocol for securing communications over a network.
- SSL (Secure Sockets Layer): SSL is the predecessor of TLS. mbedTLS supports TLS/SSL protocols.
- Public/Private Key Encryption: TLS uses asymmetric encryption (public and private key pairs) to exchange symmetric session keys for secure data exchange.
- Certificates: Certificates are used to validate the identity of servers and clients.

## Key Components of mbedTLS

- ```mbedtls_ssl_context```: This structure represents the state of an SSL connection.
- ```mbedtls_ssl_config```: Configuration settings for SSL, such as certificates, keys, and protocols.
- ```mbedtls_net_context```: Used for network connections (e.g., TCP).
- ```mbedtls_x509_crt```: Represents an X.509 certificate used in the handshake process.
- ```mbedtls_pk_context```: Used to store private keys.


## Establishing a TLS/SSL Connection

1. **Initialize mbedTLS structures** : Initialize the necessary structures like the SSL context, configuration, and network context.
2. **Load the certificates and private keys** : Load the trusted CA certificates, client certificates, and private key into the corresponding structures.
3. **Setup SSL configuration** : Configure the SSL context to use the appropriate protocols and credentials.
4. **Establish the network connection** : Use mbedtls_net_connect() to connect to the server using TCP.
5. **Perform the SSL handshake** : The handshake authenticates the server and sets up the session encryption.
6. **Send/Receive secured data** : After the handshake, data can be securely sent and received using mbedtls_ssl_write() and mbedtls_ssl_read().
7. **Close the connection and cleanup** : Always free allocated resources once you’re done.

## Debugging and Error Handling

1. Verbose Logging: Enable verbose logging to see detailed output of what’s happening under the hood.

```
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_debug_set_threshold(4);  // 0 = No debug, 4 = Maximum debug level
```

2. Handling Errors: Most mbedTLS functions return an integer code, which is typically negative on errors. Use the following to print readable error messages:

```
char error_buf[100];
mbedtls_strerror(ret, error_buf, 100);
printf("Error: %s\n", error_buf);
```