4 Replies Latest reply on May 29, 2019 6:14 AM by ClMa_3563786

    Demo AWS thing_shadow crash

    ClMa_3563786

      Hello,

       

      I'm using the ISM43362_M3G_L44 evaluation board with FreeRTOS and LwIP, WICED Studio V6.2.

      I would like to make a connection to AWS IoT using the demo application thing_shadow.

       

      I'm using the same certificates as MQTT.fx that succeed to connect.

       

      First, I found a bug in the demo code, file shadow.c l.249:

      /* Get AWS Root CA certificate filename: 'rootca.cer' located @ resources/apps/aws/iot folder */
          resource_get_readonly_buffer( &resources_apps_DIR_aws_DIR_iot_DIR_rootca_cer, 0, SHADOW_CERTIFICATES_MAX_SIZE, &size_out, (const void **)root_ca_certificate);
          if( ret != WICED_SUCCESS )
          {
              WPRINT_APP_INFO(("[Shadow] Fail to read buffer ca, err %d\n", ret));
              return ret;
          }
      

      The ret is not affected by the return of the function and initialized to WICED_ERROR.

       

      Once corrected, I modified the resources\apps\aws\iot\rootca.cer. Through AP, I connect using my computer and upload the certificate, the key and select the wifi.

      Then, the application crashed. I add printf to better understand what was happening.

      Starting WICED vWiced_006.002.001.0002

      Platform ISM43362_M3G_L44 initialised

      Started FreeRTOS v9.0.0

      Initialising LwIP v2.0.3

      DHCP CLIENT hostname WICED IP

      WLAN MAC Address : C4:7F:51:02:70:39

      WLAN Firmware    : wl0: May 16 2018 00:27:03 version 5.90.230.31 FWID 01-61657268

      Please wait, connecting to network...

      (To return to SSID console screen, hold USER switch for 5 seconds during RESET to clear DCT configuration)

      Successfully joined : SSID

      Setting IPv6 link-local address

      Obtaining IPv4 address via DHCP

      IPv6 Network ready IP: FE80::C67F:51FF:FE02:7039

      IPv4 Network ready IP: 192.168.86.59

      [Shadow] Reading Device's certificate and private key from DCT...

      [Shadow] Thing Name: lightbulb

      [Shadow] Shadow State Topic: $aws/things/lightbulb/shadow/update

      [Shadow] Shadow Delta Topic: $aws/things/lightbulb/shadow/update/delta

      [Shadow] Connect to AWS IoT

      [AWS] AWS endpoint: xxxx is atxxx

      [AWS] MQTT Connect

      [AWS] MQTT Connect init

      [AWS] MQTT network init

      [AWS] MQTT network connect

      [AWS] netconn connect

      [AWS] WICED tcp start tls

      [AWS] TLS 1

      [AWS] TLS 3

      [AWS] TLS 4

      [AWS] AES init

      [AWS] AES enc

      [AWS] AES

       

       

      The last line is:

      wiced_result_t wiced_generic_start_tls_with_ciphers( wiced_tls_context_t* tls_context, void* referee, wiced_tls_endpoint_type_t type, wiced_tls_certificate_verification_t verification, const cipher_suite_t* cipher_list[], tls_transport_protocol_t transport_protocol )
      {
      ...
      WPRINT_APP_INFO(("[AWS] TLS 4\n" ));
          if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
                                     (const unsigned char *) pers,
                                     strlen( pers )) ) != 0 )
          {
              WPRINT_APP_INFO(("[AWS] TLS 6\n" ));
              WPRINT_SECURITY_ERROR(( " failed\n  ! mbedtls_ctr_drbg_seed returned -0x%x\n", ret ));
              result = TLS_ERROR;
              goto exit_with_inited_context;
          }
      
          WPRINT_APP_INFO(("[AWS] TLS 5\n" ));
      }
      ....
      

       

      int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
                         int (*f_entropy)(void *, unsigned char *, size_t),
                         void *p_entropy,
                         const unsigned char *custom,
                         size_t len )
      {
          return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy, custom, len,
                                             MBEDTLS_CTR_DRBG_ENTROPY_LEN ) );
      }
      

       

      int mbedtls_ctr_drbg_seed_entropy_len(
                         mbedtls_ctr_drbg_context *ctx,
                         int (*f_entropy)(void *, unsigned char *, size_t),
                         void *p_entropy,
                         const unsigned char *custom,
                         size_t len,
                         size_t entropy_len )
      {
          int ret;
          unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
      
          memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
      
          WPRINT_APP_INFO(("[AWS] AES init\n" ));
          mbedtls_aes_init( &ctx->aes_ctx );
      
          ctx->f_entropy = f_entropy;
          ctx->p_entropy = p_entropy;
      
          ctx->entropy_len = entropy_len;
          ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
      
          WPRINT_APP_INFO(("[AWS] AES enc\n" ));
          /*
           * Initialize with an empty key
           */
          mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS );
      
          WPRINT_APP_INFO(("[AWS] AES\n" ));
          if( ( ret = mbedtls_ctr_drbg_reseed( ctx, custom, len ) ) != 0 )
              return( ret );
      
          return( 0 );
      }
      

       

       

      Could you give more inputs to figure out what is happening ?

      I use the same file with MQTT.fx and the upload to the device. I don't understand why it's crashing.

       

      Thanks

        • 1. Re: Demo AWS thing_shadow crash
          PriyaM_16

          Hello,

          Thanks for pointing out the error in shadow.c file.

          We have modified the code to take the return value and check the ret value as below:

          ret = resource_get_readonly_buffer( &resources_apps_DIR_aws_DIR_iot_DIR_rootca_cer, 0, SHADOW_CE
          RTIFICATES_MAX_SIZE
          , &size_out, (const void **)root_ca_certificate);

           

          The issue seems to be an error in TLS. It looks like the certificates are not handled properly in the snip.

          Can you please replace the following code in get_aws_credentials_from_dct() with the attached code?

          Replace:

          security->certificate           = (uint8_t *)dct_security->certificate;

          security->certificate_length    = strlen( dct_security->certificate );

          security->private_key           = (uint8_t *)dct_security->private_key;

          security->key_length            = strlen( dct_security->private_key );

           

          with this:

          security->certificate = malloc( strlen( dct_security->certificate ) + 1 );

          security->certificate_length    = strlen( dct_security->certificate );

          memset(security->certificate, 0, security->certificate_length + 1);

          memcpy(security->certificate, dct_security->certificate, security->certificate_length );

           

          security->private_key = malloc( strlen( dct_security->private_key ) + 1 );

          security->key_length            = strlen( dct_security->private_key );

          memset(security->private_key, 0, security->key_length + 1);

          memcpy(security->private_key, dct_security->private_key, security->key_length );

          1 of 1 people found this helpful
          • 2. Re: Demo AWS thing_shadow crash
            ClMa_3563786

            Hello,

             

            Thanks for your response. I've done the change but I didn't change the crash.

            The change:

            /* Fix ask by Cypress team */
            //    security->certificate           = (uint8_t *)dct_security->certificate;
            //    security->certificate_length    = strlen( dct_security->certificate );
            //    security->private_key           = (uint8_t *)dct_security->private_key;
            //    security->key_length            = strlen( dct_security->private_key );
                security->certificate = malloc( strlen( dct_security->certificate ) + 1 );
                security->certificate_length    = strlen( dct_security->certificate );
                memset(security->certificate, 0, security->certificate_length + 1);
                memcpy(security->certificate, dct_security->certificate, security->certificate_length );
            
                security->private_key = malloc( strlen( dct_security->private_key ) + 1 );
                security->key_length            = strlen( dct_security->private_key );
                memset(security->private_key, 0, security->key_length + 1);
                memcpy(security->private_key, dct_security->private_key, security->key_length );
                /*******************************/
            

             

            I print out the certificates, they are correctly printed before or after the change.

            Starting WICED vWiced_006.002.001.0002

            Platform ISM43362_M3G_L44 initialised

            Started FreeRTOS v9.0.0

            Initialising LwIP v2.0.3

            DHCP CLIENT hostname WICED IP

            WLAN MAC Address : C4:7F:51:02:70:39

            WLAN Firmware    : wl0: May 16 2018 00:27:03 version 5.90.230.31 FWID 01-61657268

            Please wait, connecting to network...

            (To return to SSID console screen, hold USER switch for 5 seconds during RESET to clear DCT configuration)

            Joining : SSID

            Successfully joined : SSID

            Setting IPv6 link-local address

            Obtaining IPv4 address via DHCP

            IPv6 Network ready IP: FE80::C67F:51FF:FE02:7039

            IPv4 Network ready IP: 192.168.86.62

            [Shadow] Reading Device's certificate and private key from DCT...

            [Shadow] Thing Name: lightbulb

            [Shadow] Shadow State Topic: $aws/things/lightbulb/shadow/update

            [Shadow] Shadow Delta Topic: $aws/things/lightbulb/shadow/update/delta

            [Shadow] Connect to AWS IoT

            [AWS] AWS endpoint: XXXXXX is at XXXXX

            [AWS] MQTT Connect

            [AWS] CA (1208):

            -----BEGIN CERTIFICATE-----

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXX

            -----END CERTIFICATE-----

             

            [AWS] CT (1224):

            -----BEGIN CERTIFICATE-----

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            -----END CERTIFICATE-----

             

            [AWS] PK (1675):

            -----BEGIN RSA PRIVATE KEY-----

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            -----END RSA PRIVATE KEY-----

             

             

            [AWS] MQTT Connect init

            [AWS] MQTT network init

            [AWS] MQTT network connect

            [AWS] netconn connect

            [AWS] WICED tcp start tls

            [AWS] TLS 1

            [AWS] TLS 3

            [AWS] TLS 4

            [AWS] AES init

            [AWS] AES enc

            [AWS] AES

            [AWS] mbedtls_ctr_drbg_reseed ctx = 0x200033a8 func = 0x801e0db

             

             

            Let me know if you need more inputs

             

            Thanks

            • 3. Re: Demo AWS thing_shadow crash
              PriyaM_16

              Hello,

              Are you using the default thing given for testing in WICED or have you created a thing named "lightbulb"?

               

              The thing name created for testing purpose is named DEMO. Kindly enter the thing name as DEMO in the configuration web page.

               

              If you have created a thing of your own, can you please enable the tls logs as mentioned in Debugging TLS in WICED and attach the logs?

              1 of 1 people found this helpful
              • 4. Re: Demo AWS thing_shadow crash
                ClMa_3563786

                I found the issue. It was a stack overflow.

                I've modified the define of the application stack size to 2048 instead of 6144.

                 

                After reverted back to 6144, I didn't have to modify the handling of certificates, only the function return as explained in my original post.

                 


                Thanks for your help