2 of 2 people found this helpful
I could not reproduce the compile error in WICED 5.0.1. In addition to #define USE_AES_256_GCM_CIPHER, you also need to #define USE_SHA384_MAC so that the cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled.
To reproduce the compile error in WICED 5.0.1:
Must also add the cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 to my_ciphers in file wiced_tls.c.
static const cipher_suite_t* my_ciphers =
#if defined( USE_RSA_KEYSCHEME ) && defined( USE_AES_256_GCM_CIPHER ) && defined( USE_SHA384_MAC )
#endif /* if defined( USE_RSA_KEYSCHEME ) && defined( USE_AES_256_GCM_CIPHER ) && defined( USE_SHA384_MAC ) */
Will see the linker error:
build/snip.https_server-BCM943362WCD4/libraries/Supplicant_BESL.a(tls_cipher_suites.o):(.rodata.TLS_RSA_WITH_AES_256_GCM_SHA384+0x8): undefined reference to `aes_256_gcm_cipher_driver'
tools/makefiles/wiced_elf.mk:265: recipe for target 'build/snip.https_server-BCM943362WCD4/binary/snip.https_server-BCM943362WCD4.elf' failed
make.exe: *** [build/snip.https_server-BCM943362WCD4/binary/snip.https_server-BCM943362WCD4.elf] Error 1
Makefile:348: recipe for target 'main_app' failed
make: *** [main_app] Error 2
We need a quick solution to this issue as we are required to support these two ciphers with AES-256-GCM
I have a solution for swapping between the RSA and ECC key/certificate pairs but need the AES-256-GCM cipher.
Thank you for the information. I have reproduced the build error and raised a ticket internally. I will discuss this issue tomorrow with the engineer and get back to you.
Thanks for the update, do you have a WICED 5.2 release date?
We are targeting the first week of September, after the holiday.
Cypress will use mbedTLS in the upcoming WICED 5.2 release. This will support the ciphers that you requested.
Will mbedTLS source code included in WICED SDK release?
Honestly, the most headache issue about the TLS library is when there is an issue found, we only get a TLS error code and no way to debug and trace the issue. Any issue related TLS needs to *wait* cypress to provide the fix (and it usually takes Months).
It will be helpful if WICED SDK include mbedTLS source code rather than binary library.
Yes, AES_256_GCM ciphers are all working with RSA and ECC signed certificates