• State Not Answered
  • Replies 5 replies
  • Subscribers 75 subscribers
  • Views 719 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 321475
Options

MBEDTLS minimun configuration for uOSCORE

luca-aa

Hi, I'm new to this blog and I hope someone can help me. I need to add OSCORE encryption on the COAP protocol on my project. I haven't found any exaustive application examples around. Initially I've activated these configurations in the project.


CONFIG_UOSCORE=y
CONFIG_ZCBOR=y
CONFIG_ZCBOR_CANONICAL=y
CONFIG_MBEDTLS=y

I read that they are all the necessary to make uoscore work. But they are not enough. I've got these errors:

C:/ncs/v2.5.0/modules/lib/uoscore-uedhoc/src/common/crypto_wrapper.c: In function 'shared_secret_derive':
C:/ncs/v2.5.0/modules/lib/uoscore-uedhoc/src/common/crypto_wrapper.c:738:45: warning: implicit declaration of function 'mbedtls_pk_ec'; did you mean 'mbedtls_pk_free'? [-Wimplicit-function-declaration]
738 | mbedtls_ecp_group_load(&mbedtls_pk_ec(ctx_verify)->grp,

| mbedtls_pk_free
C:/ncs/v2.5.0/modules/lib/uoscore-uedhoc/src/common/crypto_wrapper.c:738:70: error: invalid type argument of '->' (have 'int')
738 | mbedtls_ecp_group_load(&mbedtls_pk_ec(ctx_verify)->grp,
| ^~
C:/ncs/v2.5.0/modules/lib/uoscore-uedhoc/src/common/crypto_wrapper.c:744:70: error: invalid type argument of '->' (have 'int')
744 | mbedtls_ecp_decompress(&mbedtls_pk_ec(ctx_verify)->grp, pk,

That sound strange to me. Why OSCORE reference the pk functions?

Anyway, my need is to understand which is the minimum mbedtls configuration to let uOSCORE compile and work with default encryption methods (AES and SHA256)?

Help me please. Thank you.

Parents
  • 0

    Hi,

    I must admitt we don't have any experience with using uOSCORE, but that said, it looks like you need these configs:

    CONFIG_MBEDTLS_PK_C=y
CONFIG_MBEDTLS_ECP_C=y

  • 0 in reply to Einar Thorsrud
    Further information about what's going wrong in oscore initialization.
    I saw that, on library initialization, mbedtls function psa_import_key is called and return error code PSA_ERROR_NOT_SUPPORTED.
    So, not wrong parameters but some kind of hardware incompatibility or maybe unfinished work on library.
    It looks unusable
  • 0 in reply to luca-aa

    Hi,

    Generally, when you get PSA_ERROR_NOT_SUPPORTED returned from a PSA API call that means that there is no support for the algorithm, key size, or simmilar that is used. This could be just becaue support for that specific feature is not enabled (see Feature configurations and driver support), or that we don't have any support for that algorithm. If you check the parmeters for the call when you get this error, we can see if it is just a configuration that is missing.

    As mentionned, we don't have any experience with uOSCORE though so, there may be several issues that needs to be resolved.

  • 0 in reply to Einar Thorsrud

    Hi Einar,

    I have good news. The uOSCORE library is working now. But sincerely I don't understand the reason. This is what I did:

    As I said in the beginning I started introducing COAP and OSCORE in UDP sample changing the UDP packet into a COAP one.

    As the error I figured out (PSA_ERROR_NOT_SUPPORTED) is coming from MBEDTLS I decide to individually test the encryption and hashing functions. I have tried to compile AES128, SHA256 and HMAC sample and all of these were working fine.

    Starting from HMAC sample I've introduced uOSCORE library initialization, generate a COAP packet and crypt with oscore. All of these steps were ok. 

    Finally I introduced modem configuration and packet sending. That's all. Everything is working now. Starting from HMAC instead of UDP sample. The only difference is that previously I was using sheduled work for sending messages (as UDP sample do) and now I send it from main thread. But I don't think that it could affect MBEDTLS or OSCORE library operations.

    Anyway maybe I'll try to further investigate.

    Thank you

Reply
  • 0 in reply to Einar Thorsrud

    Hi Einar,

    I have good news. The uOSCORE library is working now. But sincerely I don't understand the reason. This is what I did:

    As I said in the beginning I started introducing COAP and OSCORE in UDP sample changing the UDP packet into a COAP one.

    As the error I figured out (PSA_ERROR_NOT_SUPPORTED) is coming from MBEDTLS I decide to individually test the encryption and hashing functions. I have tried to compile AES128, SHA256 and HMAC sample and all of these were working fine.

    Starting from HMAC sample I've introduced uOSCORE library initialization, generate a COAP packet and crypt with oscore. All of these steps were ok. 

    Finally I introduced modem configuration and packet sending. That's all. Everything is working now. Starting from HMAC instead of UDP sample. The only difference is that previously I was using sheduled work for sending messages (as UDP sample do) and now I send it from main thread. But I don't think that it could affect MBEDTLS or OSCORE library operations.

    Anyway maybe I'll try to further investigate.

    Thank you

Children
No Data
Related
Terms of service