- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I'm using the ISM43362_M3G_L44 evaluation board with FreeRTOS and LwIP, WICED Studio V6.2.
I would like to make a connection to AWS IoT using the demo application thing_shadow.
I'm using the same certificates as MQTT.fx that succeed to connect.
First, I found a bug in the demo code, file shadow.c l.249:
/* Get AWS Root CA certificate filename: 'rootca.cer' located @ resources/apps/aws/iot folder */
resource_get_readonly_buffer( &resources_apps_DIR_aws_DIR_iot_DIR_rootca_cer, 0, SHADOW_CERTIFICATES_MAX_SIZE, &size_out, (const void **)root_ca_certificate);
if( ret != WICED_SUCCESS )
{
WPRINT_APP_INFO(("[Shadow] Fail to read buffer ca, err %d\n", ret));
return ret;
}
The ret is not affected by the return of the function and initialized to WICED_ERROR.
Once corrected, I modified the resources\apps\aws\iot\rootca.cer. Through AP, I connect using my computer and upload the certificate, the key and select the wifi.
Then, the application crashed. I add printf to better understand what was happening.
Starting WICED vWiced_006.002.001.0002
Platform ISM43362_M3G_L44 initialised
Started FreeRTOS v9.0.0
Initialising LwIP v2.0.3
DHCP CLIENT hostname WICED IP
WLAN MAC Address : C4:7F:51:02:70:39
WLAN Firmware : wl0: May 16 2018 00:27:03 version 5.90.230.31 FWID 01-61657268
Please wait, connecting to network...
(To return to SSID console screen, hold USER switch for 5 seconds during RESET to clear DCT configuration)
Successfully joined : SSID
Setting IPv6 link-local address
Obtaining IPv4 address via DHCP
IPv6 Network ready IP: FE80::C67F:51FF:FE02:7039
IPv4 Network ready IP: 192.168.86.59
[Shadow] Reading Device's certificate and private key from DCT...
[Shadow] Thing Name: lightbulb
[Shadow] Shadow State Topic: $aws/things/lightbulb/shadow/update
[Shadow] Shadow Delta Topic: $aws/things/lightbulb/shadow/update/delta
[Shadow] Connect to AWS IoT
[AWS] AWS endpoint: xxxx is atxxx
[AWS] MQTT Connect
[AWS] MQTT Connect init
[AWS] MQTT network init
[AWS] MQTT network connect
[AWS] netconn connect
[AWS] WICED tcp start tls
[AWS] TLS 1
[AWS] TLS 3
[AWS] TLS 4
[AWS] AES init
[AWS] AES enc
[AWS] AES
The last line is:
wiced_result_t wiced_generic_start_tls_with_ciphers( wiced_tls_context_t* tls_context, void* referee, wiced_tls_endpoint_type_t type, wiced_tls_certificate_verification_t verification, const cipher_suite_t* cipher_list[], tls_transport_protocol_t transport_protocol )
{
...
WPRINT_APP_INFO(("[AWS] TLS 4\n" ));
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers )) ) != 0 )
{
WPRINT_APP_INFO(("[AWS] TLS 6\n" ));
WPRINT_SECURITY_ERROR(( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", ret ));
result = TLS_ERROR;
goto exit_with_inited_context;
}
WPRINT_APP_INFO(("[AWS] TLS 5\n" ));
}
....
int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len )
{
return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy, custom, len,
MBEDTLS_CTR_DRBG_ENTROPY_LEN ) );
}
int mbedtls_ctr_drbg_seed_entropy_len(
mbedtls_ctr_drbg_context *ctx,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len,
size_t entropy_len )
{
int ret;
unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
WPRINT_APP_INFO(("[AWS] AES init\n" ));
mbedtls_aes_init( &ctx->aes_ctx );
ctx->f_entropy = f_entropy;
ctx->p_entropy = p_entropy;
ctx->entropy_len = entropy_len;
ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
WPRINT_APP_INFO(("[AWS] AES enc\n" ));
/*
* Initialize with an empty key
*/
mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS );
WPRINT_APP_INFO(("[AWS] AES\n" ));
if( ( ret = mbedtls_ctr_drbg_reseed( ctx, custom, len ) ) != 0 )
return( ret );
return( 0 );
}
Could you give more inputs to figure out what is happening ?
I use the same file with MQTT.fx and the upload to the device. I don't understand why it's crashing.
Thanks
Solved! Go to Solution.
- Labels:
-
AWS
-
Debug
-
WICED Studio
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the issue. It was a stack overflow.
I've modified the define of the application stack size to 2048 instead of 6144.
After reverted back to 6144, I didn't have to modify the handling of certificates, only the function return as explained in my original post.
Thanks for your help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thanks for pointing out the error in shadow.c file.
We have modified the code to take the return value and check the ret value as below:
ret = resource_get_readonly_buffer( &resources_apps_DIR_aws_DIR_iot_DIR_rootca_cer, 0, SHADOW_CE
RTIFICATES_MAX_SIZE, &size_out, (const void **)root_ca_certificate);
The issue seems to be an error in TLS. It looks like the certificates are not handled properly in the snip.
Can you please replace the following code in get_aws_credentials_from_dct() with the attached code?
Replace:
security->certificate = (uint8_t *)dct_security->certificate;
security->certificate_length = strlen( dct_security->certificate );
security->private_key = (uint8_t *)dct_security->private_key;
security->key_length = strlen( dct_security->private_key );
with this:
security->certificate = malloc( strlen( dct_security->certificate ) + 1 );
security->certificate_length = strlen( dct_security->certificate );
memset(security->certificate, 0, security->certificate_length + 1);
memcpy(security->certificate, dct_security->certificate, security->certificate_length );
security->private_key = malloc( strlen( dct_security->private_key ) + 1 );
security->key_length = strlen( dct_security->private_key );
memset(security->private_key, 0, security->key_length + 1);
memcpy(security->private_key, dct_security->private_key, security->key_length );
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thanks for your response. I've done the change but I didn't change the crash.
The change:
/* Fix ask by Cypress team */
// security->certificate = (uint8_t *)dct_security->certificate;
// security->certificate_length = strlen( dct_security->certificate );
// security->private_key = (uint8_t *)dct_security->private_key;
// security->key_length = strlen( dct_security->private_key );
security->certificate = malloc( strlen( dct_security->certificate ) + 1 );
security->certificate_length = strlen( dct_security->certificate );
memset(security->certificate, 0, security->certificate_length + 1);
memcpy(security->certificate, dct_security->certificate, security->certificate_length );
security->private_key = malloc( strlen( dct_security->private_key ) + 1 );
security->key_length = strlen( dct_security->private_key );
memset(security->private_key, 0, security->key_length + 1);
memcpy(security->private_key, dct_security->private_key, security->key_length );
/*******************************/
I print out the certificates, they are correctly printed before or after the change.
Starting WICED vWiced_006.002.001.0002
Platform ISM43362_M3G_L44 initialised
Started FreeRTOS v9.0.0
Initialising LwIP v2.0.3
DHCP CLIENT hostname WICED IP
WLAN MAC Address : C4:7F:51:02:70:39
WLAN Firmware : wl0: May 16 2018 00:27:03 version 5.90.230.31 FWID 01-61657268
Please wait, connecting to network...
(To return to SSID console screen, hold USER switch for 5 seconds during RESET to clear DCT configuration)
Joining : SSID
Successfully joined : SSID
Setting IPv6 link-local address
Obtaining IPv4 address via DHCP
IPv6 Network ready IP: FE80::C67F:51FF:FE02:7039
IPv4 Network ready IP: 192.168.86.62
[Shadow] Reading Device's certificate and private key from DCT...
[Shadow] Thing Name: lightbulb
[Shadow] Shadow State Topic: $aws/things/lightbulb/shadow/update
[Shadow] Shadow Delta Topic: $aws/things/lightbulb/shadow/update/delta
[Shadow] Connect to AWS IoT
[AWS] AWS endpoint: XXXXXX is at XXXXX
[AWS] MQTT Connect
[AWS] CA (1208):
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
[AWS] CT (1224):
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
[AWS] PK (1675):
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
[AWS] MQTT Connect init
[AWS] MQTT network init
[AWS] MQTT network connect
[AWS] netconn connect
[AWS] WICED tcp start tls
[AWS] TLS 1
[AWS] TLS 3
[AWS] TLS 4
[AWS] AES init
[AWS] AES enc
[AWS] AES
[AWS] mbedtls_ctr_drbg_reseed ctx = 0x200033a8 func = 0x801e0db
Let me know if you need more inputs
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Are you using the default thing given for testing in WICED or have you created a thing named "lightbulb"?
The thing name created for testing purpose is named DEMO. Kindly enter the thing name as DEMO in the configuration web page.
If you have created a thing of your own, can you please enable the tls logs as mentioned in Debugging TLS in WICED and attach the logs?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the issue. It was a stack overflow.
I've modified the define of the application stack size to 2048 instead of 6144.
After reverted back to 6144, I didn't have to modify the handling of certificates, only the function return as explained in my original post.
Thanks for your help