TLS PSK (preshared keys) PSK_KEYSCHEME

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
chli_2118906
Level 3
Level 3
First like received

I am working on a software design using WICED-SDK-3.3.1 and BCM943362WCD4.

My application is conducive to using preshared keys instead of certificates for a number of reasons. Does anybody know how to use the BESL library to support PSK?  I’ve studied every file that I can find and there is reference to PSK in several places including “cipher_suites.c” and “cipher_suites.h”.  Studing the files that are included, it appears that BESL is a fork of TropicSSL and it looks like TropicSSL supports PSK.  Unfortunately wiced_tls.c has no functions related to PSK and there are no sample files and no API documents that I can find that refer to PSK.  Any help would be appreciated as the BESL appears to be the way to go for TLS on WICED and I’d hate to go to the effort to port WolfSSL to WICED just because it is not documented anywhere.

cypherbridge

0 Likes
6 Replies
Anonymous
Not applicable

Hi Chuck,

WICED is certainly an open platform so anything can be ported to it. 

But duplicating a significant part of the BESL library to add a single function,

well it seems there could be a better use of your time.  Would you port a new BLE stack?

Probably not.  The goal of WICED is to provide an integrated platform so users can

value add at the application level.

I would also point out that speculation that uSSL is a fork of TropicSSL is incorrect.

To give a little background, as per the README, we are the OEM suppliers of uSSL SDK included in WICED SDK.

The Broadcom WICED team adapted uSSL into WICED, including modifications adding it to the platform framework. 

They call the shots on what goes into WICED, including new features and bugfixes, and we don't have any direct control over it.


However, at Cypherbridge our mission is to deliver the best possible leading edge solutions for embedded IoT security and

connectivity.  We do offer an option for WICED customers to work with us directly for support and upgrades,

including customized builds. To get the latest and greatest features and direct technical support, please contact us

on our WICED support page, include your company contact information, and we can take it from there.

www.cypherbridge.com/WICED.html

Best Regards,

Steve DeLaney

President

Cypherbridge Systems

0 Likes

Thanks Steve, I speculated that BESL was a fork based upon the copyrights in many of the crypto includes:

/* Originally taken from TropicSSL

  • https://gitorious.org/tropicssl/

  • commit: 92bb3462dfbdb4568c92be19e8904129a17b1eed

I regard that as a positive thing, not a negative thing. I noted in the LICENSE.txt file:

SSL/TLS object files and headers are licensed by Broadcom, Inc from Cypherbridge Systems, LLC.

According to a TropicSSL site, TropicSSL is an unofficial fork of PolarSSL/XySSL. PolarSSL is now the mbed TLS, and closely related XySSL. Having a heritage that ARM has endorsed, in my mind is not a bad thing, so my intent was not to insult you or anybody else.

Regarding the effort to port for a single function, that is hard to say. I've merged/ported several different TLS stacks recently on various projects. The effort is time consuming, but not impossible and I'd much rather figure out how to get access to the function if that is possible. Based upon studying the files where source is included, I also speculated that the BESL stack supported PSK and it might not be impossible to use PSK, and it might just be an issue of knowing how. Anyway, I'm open to ideas as to how I might get there. I am currently using the system as designed but I certainly believe that in my application, PSK is a better answer.

Chuck Link

0 Likes
Anonymous
Not applicable

Hi Chuck, no offense given or taken.   I get it.  You need a solution to add PSK

Please register at

www.cypherbridge.com/WICED.html

Regards,

Steve

0 Likes
KaHi_2151451
Level 2
Level 2
5 likes given First like received First like given

Hi chucklink

You mentioned wolfSSL is not documented anywhere, were you referring to the process of porting wolfSSL to WICED specifically or just the library itself?

If the library,  documentation can be found here: https://www.wolfssl.com/wolfSSL/Docs.html

If you were referring to the overall process and you can not get TropicSSL working please shoot us a note  support@wolfssl.com. We'll see what we can do to help! wolfSSL has full PSK support.

Kind Regards,

Kaleb

0 Likes

Kaleb,

i was not referring to WolfSSL documentation, I was referring to the WICED library that is provided only as object code and certain aspects were not fully documented. 

I have evaluated WolfSSL in other platforms and I fully believe that WolfSSL is one of the premier TLS implementations for embedded. 

You will ill find my details in your DB.  we could talk offline about my focus.  Anyway, I have very high regard for your products.

Best Regards,

Chuck

0 Likes

Hi Chuck,

Thank you for the feedback, it is always nice to know our efforts are helping others! If you ever have any direct questions please don't hesitate to contact us info@wolfssl.com or support@wolfssl.com

Cheers,

Kaleb

0 Likes