TLS Credential: cannot make Amazon root CA 2 and 4 to work

Hello,

We are working on an NRF5340/NRF7002 based project with NCS 2.7.0 SDK.
We have been able to get Amazon Root CA 1 and 3 working with the following .conf:

# Wifi is nrf7002 based
CONFIG_WIFI=y
CONFIG_WIFI_NRF700X=y
CONFIG_NRF700X_P2P_MODE=n
CONFIG_NRF700X_MAX_TX_PENDING_QLEN=12
CONFIG_NRF_WIFI_IF_AUTO_START=n
CONFIG_NRF_WIFI_LOW_POWER=y
CONFIG_NRF_WIFI_RPU_RECOVERY=y

# WPA supplicant
CONFIG_WPA_SUPP=y
CONFIG_WPA_SUPP_CRYPTO_WEP=n
CONFIG_WPA_SUPP_NO_DEBUG=y

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_NET_IPV4=y
CONFIG_NET_IPV6=y
CONFIG_NET_UDP=y
CONFIG_NET_TCP=y
CONFIG_NET_DHCPV4=y
CONFIG_NET_CONFIG_SETTINGS=n
# CONFIG_NET_CONFIG_INIT_TIMEOUT=0
# CONFIG_NET_CONFIG_AUTO_INIT=n

CONFIG_NET_NATIVE=y
CONFIG_DNS_RESOLVER=y

# Need 16 FDs for WiFi
CONFIG_POSIX_MAX_FDS=16

# Net Management
CONFIG_NET_L2_ETHERNET=y # This is mandatory even for WIFI 
CONFIG_NET_L2_WIFI_MGMT=y
CONFIG_NET_MAX_CONTEXTS=4
CONFIG_NET_SOCKETS_OFFLOAD=n

// HTTP
CONFIG_HTTP_CLIENT=y
CONFIG_NET_TCP_KEEPALIVE=y
CONFIG_JSON_LIBRARY=y
CONFIG_BASE64=y
CONFIG_OHTTP_SIGNATURE=y
CONFIG_TINYCRYPT_SHA256_HMAC=y

#TLS 
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
CONFIG_TLS_CREDENTIALS=y
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_RSA_C=y
CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y

CONFIG_PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY=y
CONFIG_PSA_WANT_RSA_KEY_SIZE_2048=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=61440
CONFIG_MBEDTLS_DEBUG=n
CONFIG_MBEDTLS_DEBUG_C=n

Now with this config when I replace Amazon Root CA 1 and 3 by the 2 and 4, I always get a -22 error on the socket opening.

The examples I found in the DevAcademy uses Amazon Root CA 1 and I did not found any document explaining how to make it work with certificate using "sha384WithRSAEncryption" like amazon root CA 2 and "ecdsa-with-SHA384" like Amazon root CA 4.

 

I have tried playing with different setting in the .conf with no success... 
Is there any kConfig combination that is recommended, an example or a documentation that could help us with this issue ? 

For information, credentials are added using "tls_credential_add", certificate are converted from .pem to const uint8_t * see attached files 

 8244.certificates.h

 

Parents
  • Hi again

    Here's a suggested memory optimization overlay from our developers. For reference, setting the heap_size config to 25000 with this configuration should be sufficient for your requirement and cover up to 1Mbps throughput.

    Best regards,

    Simon

  • Hello,

    Thanks for the suggestion, however there must be some dependencies that I have missed to mention because anything less than 80000 on WIFI_DATA_HEAP_SIZE  does not work.
    When I say that I does not work, the device hang on boot, locked in "net_if_up" function, the function just never returns...
    Here is my wifi configuration overlay:

    # Wifi is nrf7002 based
    CONFIG_WIFI=y
    CONFIG_WIFI_NRF70=y
    CONFIG_NRF70_AP_MODE=n
    CONFIG_NRF70_P2P_MODE=n
    CONFIG_NRF70_MAX_TX_PENDING_QLEN=12
    CONFIG_NRF70_QSPI_LOW_POWER=y
    CONFIG_NRF_WIFI_IF_AUTO_START=n
    CONFIG_NRF_WIFI_LOW_POWER=y
    CONFIG_NRF_WIFI_RPU_RECOVERY=y
    CONFIG_WIFI_READY_LIB=y
    
    # WPA supplicant
    CONFIG_WIFI_NM_WPA_SUPPLICANT=y
    CONFIG_WIFI_NM_WPA_SUPPLICANT_WEP=n
    CONFIG_WIFI_NM_WPA_SUPPLICANT_NO_DEBUG=y
    
    # Memory
    # Must not be changed
    CONFIG_HEAP_MEM_POOL_SIZE=40144
    # Must not be changed 
    CONFIG_NRF_WIFI_CTRL_HEAP_SIZE=20000
    # This value can be changed depending on the wanted throughput of WiFi
    CONFIG_NRF_WIFI_DATA_HEAP_SIZE=89000
    
    # Networking
    CONFIG_NETWORKING=y
    CONFIG_NET_SOCKETS=y
    CONFIG_POSIX_API=y
    CONFIG_NET_IPV4=y
    CONFIG_NET_UDP=y
    CONFIG_NET_TCP=y
    CONFIG_NET_DHCPV4=y
    CONFIG_NET_CONFIG_SETTINGS=n
    # CONFIG_NET_CONFIG_INIT_TIMEOUT=0
    # CONFIG_NET_CONFIG_AUTO_INIT=n
    
    
    CONFIG_NET_NATIVE=y
    CONFIG_DNS_RESOLVER=y
    
    # Need 16 FDs for WiFi
    CONFIG_POSIX_MAX_FDS=32
    CONFIG_NET_IPV6=y
    
    
    # Net Management
    CONFIG_NET_L2_ETHERNET=y # This is mandatory even for WIFI 
    CONFIG_NET_L2_WIFI_MGMT=y
    CONFIG_NET_MGMT_EVENT=y
    CONFIG_NET_L2_ETHERNET_MGMT=y
    CONFIG_NET_MAX_CONTEXTS=4
    CONFIG_NET_SOCKETS_OFFLOAD=n
    
    CONFIG_NET_MGMT_EVENT_QUEUE_TIMEOUT=5000
    

    Is there anything, that could cause this higher memory requirement ? 
    Also, if I can boot up the device and make it communicate properly with 90000, will it still be the case after multiple net_if_up/net_if_down or if the network configuration changes ?

    Thank you for your help 

    Have a nice day, 

    Charles 

Reply
  • Hello,

    Thanks for the suggestion, however there must be some dependencies that I have missed to mention because anything less than 80000 on WIFI_DATA_HEAP_SIZE  does not work.
    When I say that I does not work, the device hang on boot, locked in "net_if_up" function, the function just never returns...
    Here is my wifi configuration overlay:

    # Wifi is nrf7002 based
    CONFIG_WIFI=y
    CONFIG_WIFI_NRF70=y
    CONFIG_NRF70_AP_MODE=n
    CONFIG_NRF70_P2P_MODE=n
    CONFIG_NRF70_MAX_TX_PENDING_QLEN=12
    CONFIG_NRF70_QSPI_LOW_POWER=y
    CONFIG_NRF_WIFI_IF_AUTO_START=n
    CONFIG_NRF_WIFI_LOW_POWER=y
    CONFIG_NRF_WIFI_RPU_RECOVERY=y
    CONFIG_WIFI_READY_LIB=y
    
    # WPA supplicant
    CONFIG_WIFI_NM_WPA_SUPPLICANT=y
    CONFIG_WIFI_NM_WPA_SUPPLICANT_WEP=n
    CONFIG_WIFI_NM_WPA_SUPPLICANT_NO_DEBUG=y
    
    # Memory
    # Must not be changed
    CONFIG_HEAP_MEM_POOL_SIZE=40144
    # Must not be changed 
    CONFIG_NRF_WIFI_CTRL_HEAP_SIZE=20000
    # This value can be changed depending on the wanted throughput of WiFi
    CONFIG_NRF_WIFI_DATA_HEAP_SIZE=89000
    
    # Networking
    CONFIG_NETWORKING=y
    CONFIG_NET_SOCKETS=y
    CONFIG_POSIX_API=y
    CONFIG_NET_IPV4=y
    CONFIG_NET_UDP=y
    CONFIG_NET_TCP=y
    CONFIG_NET_DHCPV4=y
    CONFIG_NET_CONFIG_SETTINGS=n
    # CONFIG_NET_CONFIG_INIT_TIMEOUT=0
    # CONFIG_NET_CONFIG_AUTO_INIT=n
    
    
    CONFIG_NET_NATIVE=y
    CONFIG_DNS_RESOLVER=y
    
    # Need 16 FDs for WiFi
    CONFIG_POSIX_MAX_FDS=32
    CONFIG_NET_IPV6=y
    
    
    # Net Management
    CONFIG_NET_L2_ETHERNET=y # This is mandatory even for WIFI 
    CONFIG_NET_L2_WIFI_MGMT=y
    CONFIG_NET_MGMT_EVENT=y
    CONFIG_NET_L2_ETHERNET_MGMT=y
    CONFIG_NET_MAX_CONTEXTS=4
    CONFIG_NET_SOCKETS_OFFLOAD=n
    
    CONFIG_NET_MGMT_EVENT_QUEUE_TIMEOUT=5000
    

    Is there anything, that could cause this higher memory requirement ? 
    Also, if I can boot up the device and make it communicate properly with 90000, will it still be the case after multiple net_if_up/net_if_down or if the network configuration changes ?

    Thank you for your help 

    Have a nice day, 

    Charles 

Children
No Data
Related