126 Reply by embhorn

(1 replies, posted in wolfSSL)

Hi khalesiakram,

Could you tell us a bit about your project?

Please check out the STM32 Cube Pack which we provide:
https://github.com/wolfSSL/wolfssl/tree … /STM32Cube

Let us know if there are any questions. You can also email support@wolfssl.com with any questions.

Thanks,
Eric, wolfSSL Support

Go to forum: wolfSSL

127 Reply by embhorn

(1 replies, posted in wolfSSL)

Hello alex23,

Yes, certainly larger keys would take longer to break using brute force.

I recommend trying out the benchmarking utility to help determine the most performant key size / algorithm for your application.
https://github.com/wolfSSL/wolfssl/tree … /benchmark

Thanks,
Eric @ wolfSSL Support

Go to forum: wolfSSL

128 Reply by embhorn

(1 replies, posted in wolfMQTT)

Hi Alvaro,

Thanks for your kind words. This sounds like a very cool project!

We have examples of setting up wolfTPM to establish a TLS connection:
https://github.com/wolfSSL/wolfTPM/tree … amples/tls

wolfMQTT would then be able to use that connection natively:
https://github.com/wolfSSL/wolfMQTT/tre … mqttclient

I'd recommend sending an email to our support channel. This will allow us to better prioritize any questions you might have.
support@wolfssl.com

Kind regards,
Eric @ wolfSSL Support

Go to forum: wolfMQTT

129 Reply by embhorn

(1 replies, posted in wolfSSL)

Hello Jon,

Thanks for joining the wolfSSL Forums. This is not currently supported, but we could achieve this type of separation using the crypto callbacks feature. We would like to discuss this in more detail with you. Could you please send us an email to facts@wolfssl.com ?

https://github.com/wolfSSL/wolfssl-exam … cryptocb.c

Thanks,
Eric @wolfSSL Support

Go to forum: wolfSSL

130 Reply by embhorn

(5 replies, posted in wolfMQTT)

Hi Maryy,

Does the broker send an alert? Could you share a pcap showing the error?

Go to forum: wolfMQTT

131 Reply by embhorn

(5 replies, posted in wolfMQTT)

Hello Maryy

Thanks for joining the wolfSSL Forums.

I just ran the example locally and the Azure broker is responding:

eric@ubuntu:~/repos/wolfMQTT$ ./examples/azure/azureiothub
AzureIoTHub Client: QoS 1, Use TLS 1
MQTT Net Init: Success (0)
SharedAccessSignature sr=wolfMQTT.azure-devices.net%2fdevices%2fdemoDevice&sig=AJSJJtqi3z653SrfxhElRJzwxM2Mo5NFfIIF7smxxb4%3d&se=1664210350
MQTT Init: Success (0)
NetConnect: Host wolfMQTT.azure-devices.net, Port 8883, Timeout 5000 ms, Use TLS 1
MQTT TLS Setup (1)
MQTT TLS Verify Callback for azureiothub: PreVerify 0, Error -188 (certificate verify failed)
  Subject's domain name is MSFT BALT RS256 CA
  Allowing cert anyways
MQTT TLS Verify Callback for azureiothub: PreVerify 1, Error 0 (none)
  Subject's domain name is *.azure-devices.net
MQTT Socket Connect: Success (0)
MQTT Connect: Proto (v3.1.1), Success (0)
MQTT Connect Ack: Return Code 0, Session Present 0
MQTT Subscribe: Success (0)
  Topic devices/demoDevice/messages/devicebound/#, Qos 1, Return Code 1
MQTT Publish: Topic devices/demoDevice/messages/events/, Success (0)
MQTT Waiting for message...
^CReceived SIGINT
MQTT Message Wait: Error (Network) (-8)
MQTT Socket Disconnect: Success (0)

By default, the example overrides the CA verification. You can load the correct CA using the -A option when executing the example.

eric@ubuntu:~/repos/wolfMQTT$ wget https://cacerts.digicert.com/BaltimoreCyberTrustRoot.crt.pem -O examples/azure/balt.pem
eric@ubuntu:~/repos/wolfMQTT$ ./examples/azure/azureiothub -A examples/azure/balt.pem 
AzureIoTHub Client: QoS 1, Use TLS 1
MQTT Net Init: Success (0)
SharedAccessSignature sr=wolfMQTT.azure-devices.net%2fdevices%2fdemoDevice&sig=J7LQ4exmfD6ol0%2funAcYVzkj7AH8F4pRrrjFxB8aDpY%3d&se=1664212327
MQTT Init: Success (0)
NetConnect: Host wolfMQTT.azure-devices.net, Port 8883, Timeout 5000 ms, Use TLS 1
MQTT TLS Setup (1)
MQTT TLS Verify Callback for azureiothub: PreVerify 1, Error 0 (none)
  Subject's domain name is MSFT BALT RS256 CA
MQTT TLS Verify Callback for azureiothub: PreVerify 1, Error 0 (none)
  Subject's domain name is *.azure-devices.net
MQTT Socket Connect: Success (0)
MQTT Connect: Proto (v3.1.1), Success (0)
MQTT Connect Ack: Return Code 0, Session Present 0
MQTT Subscribe: Success (0)
  Topic devices/demoDevice/messages/devicebound/#, Qos 1, Return Code 1
MQTT Publish: Topic devices/demoDevice/messages/events/, Success (0)
MQTT Waiting for message...
^CReceived SIGINT
MQTT Message Wait: Error (Network) (-8)
MQTT Socket Disconnect: Success (0)

Go to forum: wolfMQTT

132 Reply by embhorn

(1 replies, posted in wolfSSL)

Hello Luiz,

Thanks for your message. It looks like this could be a feature request. Please send an email to support@wolfssl.com and we can help register this as a formal feature request.

Thanks,
Eric @ wolfSSL Support

Go to forum: wolfSSL

133 Reply by embhorn

(2 replies, posted in wolfSSL)

Hi Bogdan,

Please check your email for a response from our ZenDesk portal.

Thanks,
Eric @ wolfSSL Support

Go to forum: wolfSSL

134 Reply by embhorn

(2 replies, posted in wolfSSL)

Hello beaverknight,

Thanks for joining the wolfSSL Forums. I've created a crude test app from your example. Could you please add error checking and supply the example key file to get a reproducible test case for us to evaluate?

Could you tell us a bit about your project and the intended goals?

Kind regards,
Eric @ wolfSSL Support

Go to forum: wolfSSL

135 Reply by embhorn

(18 replies, posted in wolfMQTT)

Hi Juan,

I'd suggest sending an email to support@wolfssl.com where we can better prioritize getting you some assistance.

Go to forum: wolfMQTT

136 Reply by embhorn

(18 replies, posted in wolfMQTT)

Here is the pcap I mentioned earlier. Can you please provide the packet capture from the failed connection?

Go to forum: wolfMQTT

137 Reply by embhorn

(18 replies, posted in wolfMQTT)

Here is a pcap of the wolfMQTT example awsiot running from linux. From your log, it seems there is a problem with the cipher change after the handshake. Can you please share the wolfSSL settings from configuration.h?

Go to forum: wolfMQTT

138 Reply by embhorn

(4 replies, posted in wolfSSL)

Ah, yes!

This works:

./examples/client/client -h api.abuseipdb.com -p 443 -g -S api.abuseipdb.com -v 4 -j

Go to forum: wolfSSL

139 Reply by embhorn

(4 replies, posted in wolfSSL)

Hello BerHav,

Thanks for joining the wolfSSL Forums. I was able to reproduce the issue with the wolfSSL client example in linux. I'll review with the team tomorrow.

./examples/client/client -h api.abuseipdb.com -p 443 -g

connect state: CLIENT_HELLO_SENT
SSL version error
wolfSSL Entering SendAlert
growing output buffer
Shrinking output buffer
wolfSSL Leaving SendAlert, return 0
wolfSSL error occurred, error = 326 line:10162 file:src/internal.c
wolfSSL error occurred, error = 326 line:12350 file:src/ssl.c
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -326
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -326
wolfSSL Entering ERR_error_string
wolfSSL_connect error -326, record layer version error

Go to forum: wolfSSL

140 Reply by embhorn

(3 replies, posted in wolfCrypt)

Oh, that's great! I think you'll find our repository of ATECC demos very useful:
https://github.com/wolfSSL/microchip-atecc-demos

Go to forum: wolfCrypt

141 Reply by embhorn

(3 replies, posted in wolfCrypt)

Hi Pokemon,

Thanks for joining the wolfSSL Forums. Perhaps it would be helpful to review some SE implementations. Here is a good reference:
https://github.com/wolfSSL/wolfssl/tree … ort/silabs
https://github.com/wolfSSL/wolfssl/blob … labs_ecc.c

What platform is your SE using?

Thanks,
Eric @ wolfSSL Support

Go to forum: wolfCrypt

142 Reply by embhorn

(18 replies, posted in wolfMQTT)

Hi Juan,

"-140" corresponds to a ASN_PARSE_E error. So yes, probably something is wrong in the cert buffer you are passing in.

Here is a perl script we use that coverts DER to a C array:
https://github.com/wolfSSL/wolfssl/blob … /dertoc.pl

You could also try getting the wolfMQTT AWS example to work first, then try modifying for your specific project:
https://github.com/wolfSSL/wolfMQTT/blo … s/awsiot.c

The example uses PEM certs / keys in buffers.

Thanks,

Go to forum: wolfMQTT

143 Reply by embhorn

(18 replies, posted in wolfMQTT)

Its not perfect (maybe the debug log buffer gets overrun), but here is a sample of using the demo to connect to a local mosquitto broker with TLS enabled:

TCP/IP Stack: Initialization Started
TCP/IP Stack: Initialization Ended - success
    Interface PIC32INT on host MCHPBOARD_E     - NBNS disabled
Created the mqtt Commands
PIC32INT IP Address: 0.0.0.0
PIC32INT IP Address: 192.168.86.38
mqtt start
MQTT pub/sub demo has been started
>MQTT Task - Client Start: QoS 0, broker 192.168.86.43
MQTT Task - run message: WMQTT_NETGlue_Initialize, res: 0
MQTT Task - run message: MqttClient_Init, res: 0
MQTT Task - run message: MqttClient_SetDisconnectCallback, res: 0
WMQTT_NET_GLUE Info: Started Connect
WMQTT_NET_GLUE Info: Connected Successfully
WMQTT_NET_GLUE Info: Start TLS
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering SSLv23_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
        Unsupported name type, skipping
wolfSSL Enter   FreeingwolfSSL SignaturwolfSSL wolfSSL ShrinkinreceivedprocessiwolfSSL wolfSSL wolfSSL wolfSSL Leaving RsaVerify, return 51
wolfSSL Leaving DoServerKeyExchange, return 0
Shrinking input buffer

wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakwolfSSL Leaving EccMakeKey, return 0
wolfSSL Entering EccSharedSecret
wolfSSL Leaving EccSharedSecret, return 0
growing output buffer

Shrinking output buffer

wolfSSL Leaving SendClientKeyExchange, return 0
sent: client key exchange
connect state: FIRST_REPLY_SECOND
connect state: FIRST_REPLY_THIRD
growing output buffer

Shrinking output buffer

sent: change cipher spec
connect state: FIRST_REPLY_FOURTH
wolfSSL Entering SendFinished
growing output buffer

wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
Shrinking output buffer

wolfSSL Leaving SendFinished, return 0
sent: finished
connect state: FINISHED_DONE
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolwolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL receivedwolfSSL wolfSSL wolfSSL wolfSSL wolfSSL MQTT TaswolfSSL wolfSSL wolfSSL wolfSSL MQTT Tas

Go to forum: wolfMQTT

144 Reply by embhorn

(18 replies, posted in wolfMQTT)

Okay, I've enabled debug by using a custom logging function:

In Harmony3\net_apps_pic32mz\apps\wolfmqtt_demo\firmware\src\config\pic32mz_ef_sk\net_pres\pres\net_pres_enc_glue.c

Add the debug header:

#include "system/debug/sys_debug.h"

Add just before NET_PRES_EncProviderStreamClientInit0

void NET_PRES_LogFunc(const int logLevel, const char *const logMessage)
{
    /* Skip WANT_READ and WANT_WRITE errors */
    if ((strstr("-323", logMessage) == NULL) && 
        (strstr("-327", logMessage) == NULL))
        SYS_CONSOLE_PRINT("%s\r\n", logMessage);
}

Then in NET_PRES_EncProviderStreamClientInit0, add the section #ifdef DEBUG_WOLFSSL

bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject)
{
    const uint8_t * caCertsPtr;
    int32_t caCertsLen;
    if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0))
    {
        return false;
    }
    if (_net_pres_wolfsslUsers == 0)
    {
    #ifdef DEBUG_WOLFSSL
        wolfSSL_SetLoggingCb(NET_PRES_LogFunc);
        wolfSSL_Debugging_ON();
    #endif
        wolfSSL_Init();
        _net_pres_wolfsslUsers++;
    }

Lastly, add "#define DEBUG_WOLFSSL" to configuration.h

Go to forum: wolfMQTT

145 Reply by embhorn

(18 replies, posted in wolfMQTT)

Yeah, I am going back and trying to enable debug logging in my MCH project, and it is not trivial!

For using the AWS example, it is somewhat complicated by the `NET_GLUE` layer that MCH added. But you should be able to figure out which parts are different by reviewing the example:
https://github.com/wolfSSL/wolfMQTT/blo … s/awsiot.c

You should pay attention to the `mqtt_aws_tls_cb` and the `mqtt_aws_tls_verify_cb`. Also note that the topic must include the AWS device name (see `AWSIOT_PUBLISH_TOPIC` in the example).

Go to forum: wolfMQTT

146 Reply by embhorn

(3 replies, posted in wolfTPM)

For a private key, you can use wolfTPM2_RsaDecrypt

Go to forum: wolfTPM

147 Reply by embhorn

(18 replies, posted in wolfMQTT)

Hello Juan,

Thanks for reaching out. Great to hear that you are back to using wolfMQTT.

Could you enable DEBUG_WOLFSSL in the configuration and add a line to the application to call to wolfSSL_Debugging_ON(). This will enable debug logging for wolfSSL.

Thanks,
Eric @ wolfSSL Support

Go to forum: wolfMQTT

148 Reply by embhorn

(3 replies, posted in wolfTPM)

Hello Federico,

We are delighted to hear that you are finding the wolfTPM library useful!

To accomplish an encrypt operation without padding, you can use wolfTPM2_RsaEncrypt with the padScheme parameter set to TPM_ALG_NULL.

Here is an example:
https://github.com/wolfSSL/wolfTPM/blob … #L326-L342

Let us know if there are questions.

Thanks,
Eric @ wolfSSL Support

Go to forum: wolfTPM

149 Reply by embhorn

(2 replies, posted in wolfSSL)

Hello Scotty,

The callback is being triggered for each error encountered. There are checks for "valid-from" and "expiration", each could be triggered if the system time and date are invalid.

You can override the date errors like this:
https://github.com/wolfSSL/wolfssl/blob … st.h#L2829

Or is you know the time will always be invalid, you can bypass cert date checking in the wolfSSL config by defining `NO_ASN_TIME`.

I'll review the CA signer issue with the team tomorrow. I suspect it could be the order that the certs are loaded. Could you please enable debug logging and share the log showing the signer error?

Thanks,
Eric @ wolfSSL Support

Go to forum: wolfSSL

150 Reply by embhorn

(10 replies, posted in wolfCrypt)

Hello stroebeljc,

Certainly! Here is an example from our repository:
https://github.com/wolfSSL/wolfssl-exam … mple.c#L67

Let us know if there are questions.

Thanks,
Eric @ wolfSSL Support

Go to forum: wolfCrypt