9 Replies Latest reply on Apr 22, 2016 5:53 PM by mifo

    WICED SDK 3.5.2 SSL/TLS Verify Peer CN Bug

    silengdmr

      WICED SDK 3.5.2  using the Broadcom BCM9WCD1EVAL1 demo board with the apps/demo/aws_iot/pub_sub/publisher project

       

      Using the AWS IoT publisher sample project.  I have generated my client cert and priv key and loaded into resources in project.  These have been tested externally so I know they are good.  The root CA cert is also known to be good.

       

      I modified mqtt_network.c mqtt_network_init() function call and its call to wiced_tls_init_context() and changed the NULL for peer CN to a server name that is totally different than the once I am actually connecting to, and TLS verification is required.

       

      I then placed a lot of WPRINT_APP_INFO() function calls to output debug info to the console to trace out the various return values and determine what paths are being taken.   See below for a trace.

       

      Everything appears okay as we move along the code until run the wiced_tcp_start_tls() function which in turn calls wiced_generic_start_tls_with_ciphers() where in the do while loop for the ssl handshake we have a problem.

       

      The mqtt_network_connect() function will make multiple attempts to connect before giving up.  The first pass the handshake fails with error code 5037 = CERTIFICATE_NAME_MISMATCH.  Okay, that is what I expected using my settings below.  However the do while loop in the mqtt_network_connect() function says that we should try again, so it does.  The problem is that the second attempt PASSES.  Crazy!

       

      Something is not being properly initialized before the next pass is my guess.  Or there is some counter getting maxed out (not reset) and a default return code of success is being returned.  Whatever is going on, I am stuck trying to debug this because there is no source code for the ssl_handshake_client_async() function.

       

      And if I use the proper name in the peer cn parameter in the wiced_tls_init_context() function call, it is exactly the same result for AWS IoT connection.  First pass through is error 5037, second pass is success.  While that seems good, the fact that I can do this with a bad peer cn name means that this verify is not trustworthy and I cannot protect against MITM attacks.

       

      When can we expect a fix?  This was reported back on Aug 18 2015 and it is still not answered or fixed?  Why?

      https://community.broadcom.com/message/18777#18777

       

       

       

      #define MQTT_BROKER_ADDRESS            "AWG29O1L5K0Q3.iot.us-east-1.amazonaws.com"

      wiced_tls_init_context( &socket->tls_context, &socket->tls_identity, "www.google.com" );

       

      #define WICED_TLS_DEFAULT_VERIFICATION   (TLS_VERIFICATION_REQUIRED)

       

      Starting WICED v3.5.2

      Platform BCM943362WCD4 initialised

      Started ThreadX v5.6

      Initialising NetX_Duo v5.7_sp2

      Creating Packet pools

      WWD SDIO interface initialised

      WLAN MAC Address : 40:2C:F4:AF:32:91

      WLAN Firmware    : wl0: Oct 22 2015 15:05:09 version 5.90.230.15 FWID 01-47a517a

      Joining : XXX

      Successfully joined : XXX

      Obtaining IPv4 address via DHCP

      DHCP CLIENT hostname WICED IP

      IPv4 network ready IP: 192.168.1.68

      Setting IPv6 link-local address

      IPv6 network ready IP: FE80:0000:0000:0000:422C:F4FF:FEAF:3291

      Resolving IP address of MQTT broker...

      Resolved Broker IP: 54.85.255.214

       

      [MQTT] Opening connection...

      [mqtt_network.c] mqtt_network_init() wiced_tcp_create_socket() success...

      [mqtt_network.c] mqtt_network_init() using security...

      [mqtt_network.c] mqtt_network_init() wiced_tls_init_root_ca_certificates() success...

      [mqtt_network.c] mqtt_network_init() - wiced_tls_init_identity() success...

      [mqtt_network.c] mqtt_network_init() - wiced_tls_init_context() success...

      [mqtt_network.c] mqtt_network_init() - wiced_tcp_enable_tls() success...

      [mqtt_network.c] mqtt_network_init() - mqtt_network_connect()

              [mqtt_network.c] mqtt_network_connect() try 0

                      [tcpip.c] wiced_tcp_connect() wiced_tcp_start_tls()

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - root_ca_certificates exist

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - identity does exist

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() error 5037...

      error 5037...

       

      result = 5037...

       

              [mqtt_network.c] mqtt_network_connect() try 1

                      [tcpip.c] wiced_tcp_connect() wiced_tcp_start_tls()

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - root_ca_certificates exist

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - identity does exist

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                              [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

      success...

       

      result = 0...

      success...

       

      [mqtt_network.c] mqtt_network_init() - wiced_tcp_register_callbacks() success...

      Success

       

      vikr abirjepatil