This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

NRF9160 TLS and MQTT

Hello guys,

We are working on the project and using DK 9160. We want to use LTE Cat M1 connection, mqtt tls and we need full functionality embed tls. We started with demo based on the BSD_socket library and as we understood contains partly tls security solution. But when we tried to use mbed tls library ported to Zephyr we had issue with multiple definition. Could you please clarify is it possible to use both libraries (zephyr ebed tls and bsd socket ) in common project?

BR, Denis.

Parents

0 stevenlin over 5 years ago

hi all,

i have same issue about it .

now , i ref https://github.com/joakimtoe/fw-nrfconnect-nrf/commit/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa

add tls mqtt . it can't connect broker. (that return -45)

SPM: NS image at 0xc000
SPM: NS MSP at 0x20025bc0
SPM: NS reset vector at 0xe56d
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS build v1.14.99-ncs3-snapshot2-1266-g8711cfd5d348 *****
The MQTT simple sample started
nrf_inbuilt_key_delete(16842753, 0) => result=0
nrf_inbuilt_key_delete(16842753, 1) => result=0
nrf_inbuilt_key_delete(16842753, 2) => result=0
nrf_inbuilt_key_write => result=0
nrf_inbuilt_key_write => result=0
nrf_inbuilt_key_write => result=0
LTE Link Connecting ...
LTE Link Connected!
IPv4 Address found 5.196.95.208
ERROR: mqtt_connect -45

main.c

#include "nrf_inbuilt_key.h"


//#if !defined(CONFIG_USE_PROVISIONED_CERTIFICATES)
#include "certificates.h"
//#endif


#define CONFIG_CLOUD_CERT_SEC_TAG 16842753
static int provision_certificates(void)
{
	{
		int err;

		/* Delete certificates */
		nrf_sec_tag_t sec_tag = CONFIG_CLOUD_CERT_SEC_TAG;

		for (nrf_key_mgnt_cred_type_t type = 0; type < 3; type++) {
			err = nrf_inbuilt_key_delete(sec_tag, type);
			printk("nrf_inbuilt_key_delete(%u, %d) => result=%d\n",
				sec_tag, type, err);
		}

		/* Provision CA Certificate. */
		err = nrf_inbuilt_key_write(CONFIG_CLOUD_CERT_SEC_TAG,
					NRF_KEY_MGMT_CRED_TYPE_CA_CHAIN,
					CLOUD_CA_CERTIFICATE,
					strlen(CLOUD_CA_CERTIFICATE));
		printk("nrf_inbuilt_key_write => result=%d\n", err);
		if (err) {
			printk("CLOUD_CA_CERTIFICATE err: %d", err);
			return err;
		}

		/* Provision Private Certificate. */
		err = nrf_inbuilt_key_write(
			CONFIG_CLOUD_CERT_SEC_TAG,
			NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT,
			CLOUD_CLIENT_PRIVATE_KEY,
			strlen(CLOUD_CLIENT_PRIVATE_KEY));
		printk("nrf_inbuilt_key_write => result=%d\n", err);
		if (err) {
			printk("NRF_CLOUD_CLIENT_PRIVATE_KEY err: %d", err);
			return err;
		}

		/* Provision Public Certificate. */
		err = nrf_inbuilt_key_write(
			CONFIG_CLOUD_CERT_SEC_TAG,
			NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT,
				 CLOUD_CLIENT_PUBLIC_CERTIFICATE,
				 strlen(CLOUD_CLIENT_PUBLIC_CERTIFICATE));
		printk("nrf_inbuilt_key_write => result=%d\n", err);
		if (err) {
			printk("CLOUD_CLIENT_PUBLIC_CERTIFICATE err: %d",
				err);
			return err;
		}
	}
	return 0;
}

/**@brief Initialize the file descriptor structure used by poll.
 */
static int fds_init(struct mqtt_client *c)
{

    fds.fd = c->transport.tls.sock;

	fds.events = POLLIN;

	return 0;
}


void main(void)
{
	int err;

	printk("The MQTT simple sample started\n");
	provision_certificates();
	modem_configure();

	client_init(&client);

	err = mqtt_connect(&client);
	if (err != 0) {
		printk("ERROR: mqtt_connect %d\n", err);
		return;
	}

	err = fds_init(&client);
	if (err != 0) {
		printk("ERROR: fds_init %d\n", err);
		return;
	}
...
}

certificates.h

#define CLOUD_CLIENT_PRIVATE_KEY \
"-----BEGIN RSA PRIVATE KEY-----\n" \
  "MIIEogIBAAKCAQEArjslJVMR6y7OQf+diPBE546zw9HO3pSxIbC1rN5R/w8mmoHi\n"\
  .....
2kYGR4ow8bWDL3xmThnmCyIRV7bJNqKvzU3U9hArV8=\n"\
"-----END RSA PRIVATE KEY-----\n"

#define CLOUD_CLIENT_PUBLIC_CERTIFICATE \
"-----BEGIN PUBLIC KEY-----\n" \
  "MIIC7zCCAligAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCR0Ix\n"\
  "FzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTESMBAGA1UE\n"\
.....
  "mgb7Y/aMXqTsICCzkL8qzEDb2VQGZU0Gd/LScR6Za1oeA7s=\n"\
"-----END PUBLIC KEY-----\n"

#define CLOUD_CA_CERTIFICATE \
"-----BEGIN CERTIFICATE-----\n" \
  "MIIC8DCCAlmgAwIBAgIJAOD63PlXjJi8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD\n"\
 ....
  "1ZgKJc2zbSQ9fCPxt2W3mdVav66c6fsb7els2W2Iz7gERJSX\n"\
"-----END CERTIFICATE-----\n"

0 Shekhar Suthar over 5 years ago in reply to stevenlin

hello stevenlin

I'm working on same thing so I want to know that, Did you get success in that application because I'm not getting some issues in connection with Azure by certificates.

May be you can help me out
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Martin Lesund over 5 years ago in reply to Shekhar Suthar

Please check out the tutorial: https://devzone.nordicsemi.com/nordic/cellular-iot-guides/b/software-and-protocols/posts/enabling-and-testing-tls-in-mqtt_5f00_simple

If you have any issues please make a new case.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Martin Lesund over 5 years ago in reply to Shekhar Suthar

Please check out the tutorial: https://devzone.nordicsemi.com/nordic/cellular-iot-guides/b/software-and-protocols/posts/enabling-and-testing-tls-in-mqtt_5f00_simple

If you have any issues please make a new case.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data