• State Verified Answer
  • Replies 16 replies
  • Subscribers 68 subscribers
  • Views 8472 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 230609
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to use MQTT+TLS in nRF9160?

Yusuke

I'm working on a project using nRF9160 DK.

How can you use MQTT+TLS in nRF9160?

Where should ca certificate file be stored?

I modified the code below in mqtt_simple project. What code should I modify additionaly?

<prj.conf>
CONFIG_MQTT_LIB_TLS=y

<main.c>

/**@brief Initialize the MQTT client structure
 */
static void client_init(struct mqtt_client *client)
{
	mqtt_client_init(client);

	broker_init();

        /* Add from here */
        static struct mqtt_utf8 password;
	static struct mqtt_utf8 user_name;

	password.utf8 = (u8_t *)MQTT_PASSWORD;
	password.size = strlen(MQTT_PASSWORD);
	user_name.utf8 = (u8_t *)MQTT_USERNAME;
	user_name.size = strlen(MQTT_USERNAME);
        /* to here */

	/* MQTT client configuration */
	client->broker = &broker;
	client->evt_cb = mqtt_evt_handler;
	client->client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID;
	client->client_id.size = strlen(CONFIG_MQTT_CLIENT_ID);
	client->password = &password; // Add here
	client->user_name = &user_name; // Add here
	client->protocol_version = MQTT_VERSION_3_1_0; // originally MQTT_VERSION_3_1_1

	/* MQTT buffers configuration */
	client->rx_buf = rx_buffer;
	client->rx_buf_size = sizeof(rx_buffer);
	client->tx_buf = tx_buffer;
	client->tx_buf_size = sizeof(tx_buffer);

	/* MQTT transport configuration */ 
    /* MODIFIED HERE */
    #if defined(CONFIG_MQTT_LIB_TLS)
       client->transport.type = MQTT_TRANSPORT_SECURE;
       client->transport.tls.config.peer_verify = 0;
       client->transport.tls.config.cipher_count = 0;
       client->transport.tls.config.cipher_list = NULL;
       client->transport.tls.config.sec_tag_count = 0;
       client->transport.tls.config.seg_tag_list = NULL;
       client->transport.tls.config.hostname = NULL;
    #else
       client->transport.type = MQTT_TRANSPORT_NON_SECURE;
    #endif
}

Parents
  • 0

    Hello, please refer to this commit to see how it's done. The certificates should be put in certificates.h.

  • 0 in reply to Hakon

    I modified code but it doesn't work well... Could you give me advice?

    I tested mqtt broker(mosquitto) with tls with another MQTT client and it works fine. The broker should be ok.

    The broker doesn't receive message from the client in this project.

    <console result>

Peripheral              Domain          Status
00 NRF_P0               Non-Secure      OK
01 NRF_CLOCK            Non-Secure      OK
02 NRF_RTC1             Non-Secure      OK
03 NRF_NVMC             Non-Secure      OK
04 NRF_UARTE1           Non-Secure      OK
05 NRF_UARTE2           Secure          SKIP
06 NRF_IPC              Non-Secure      OK
07 NRF_VMC              Non-Secure      OK
08 NRF_FPU              Non-Secure      OK
09 NRF_EGU1             Non-Secure      OK
10 NRF_EGU2             Non-Secure      OK
11 NRF_TWIM2            Non-Secure      OK
12 NRF_SPIM3            Non-Secure      OK
13 NRF_TIMER0           Non-Secure      OK
14 NRF_TIMER1           Non-Secure      OK
15 NRF_TIMER2           Non-Secure      OK
16 NRF_SAADC            Non-Secure      OK
17 NRF_GPIOTE1          Non-Secure      OK

SPM: NS image at 0x8000
SPM: NS MSP at 0x200238e0
SPM: NS reset vector at 0xa2b5
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS v1.14.99-ncs1 *****
The MQTT simple sample started
LTE Link Connecting ...
LTE Link Connected!
IPv4 Address found 0x5e7fda12
ERROR: mqtt_connect -45


    <certificates.h>

#ifndef _CERTIFICATES_H_
#define _CERTIFICATES_H_

#define NRF_CLOUD_CLIENT_PRIVATE_KEY \
    "-----BEGIN RSA PRIVATE KEY-----\n" \
    "MIIEowIBAAKCAQEAyoE5FG1Hf9DFEA1iF9enHtxNGYXI2kBjtXlz9Ckclctx2vJx\n" \
    .
    .
    .
    "QknwSFmfYXNRetEcDylKQEI3mkHxtj/jkDrOLitk0ccNQAeou/cL\n" \
    "-----END RSA PRIVATE KEY-----\n"

#define NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE \
    "-----BEGIN CERTIFICATE-----\n" \
    "MIIDkjCCAnoCFGlpDDWDAA00v8MltxDoTLzJH6EiMA0GCSqGSIb3DQEBCwUAMIGJ\n" \
    .
    .
    .
    "yQyqplp/\n" \
    "-----END CERTIFICATE-----\n"

#define NRF_CLOUD_CA_CERTIFICATE \
    "-----BEGIN CERTIFICATE-----\n" \
    "MIID9TCCAt2gAwIBAgIUSQtJI7ktYmj7qE3tDGGlDTjxrWAwDQYJKoZIhvcNAQEL\n" \
    .
    .
    .
    "agXksMq8cbMC\n" \
    "-----END CERTIFICATE-----\n"

#endif /* _CERTIFICATES_H_ */

    <prj.conf>

# General config
CONFIG_TEST_RANDOM_GENERATOR=y

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS_OFFLOAD=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_NETWORK_MODE_LTE_M=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n
# CONFIG_LTE_EDRX_REQ_ACTT_TYPE="4"
# CONFIG_LTE_EDRX_REQ=y
# CONFIG_LTE_EDRX_REQ_VALUE="0110"
# 0100 81.92sec
# 0101 163.84sec
# 0110 327.68sec
# 0111 655.36sec

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n

# BSD library
CONFIG_BSD_LIBRARY=y

# AT Host
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_AT_HOST_LIBRARY=y

# MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# Appliaction
CONFIG_MQTT_PUB_TOPIC="myPubTopic"
CONFIG_MQTT_SUB_TOPIC="mySubTopic"
CONFIG_MQTT_CLIENT_ID="myClientID"
CONFIG_MQTT_BROKER_HOSTNAME="xxxxxxxxxxxxxx.com"
CONFIG_MQTT_BROKER_PORT=8883
CONFIG_MQTT_KEEPALIVE=300
CONFIG_MQTT_TLS_SEC_TAG=16842753

# Main thread
CONFIG_MAIN_THREAD_PRIORITY=7
CONFIG_MAIN_STACK_SIZE=4096

CONFIG_HEAP_MEM_POOL_SIZE=1024


    <Kconfig>

menu "MQTT simple sample"

config PROVISION_CERTIFICATES
	bool "Provision of certificate"
	help
		Enable run-time provisioning of certificates from the
		certificates header file selected by using CERTIFICATES_FILE

config CERTIFICATES_FILE
	string "Certificates to use"
	depends on PROVISION_CERTIFICATES
	default "certificates.h"

config SEC_TAG
	int "Security tag to use for the connection"
	default 1

config MQTT_PUB_TOPIC
	string "MQTT publish topic"
	default "my/publish/topic"

config MQTT_SUB_TOPIC
	string "MQTT subscribe topic"
	default "my/subscribe/topic"

config MQTT_CLIENT_ID
	string "MQTT Client ID"
	default "my-client-id"

config MQTT_BROKER_HOSTNAME
	string "MQTT broker hostname"
	default "iot.eclipse.org"

config MQTT_BROKER_PORT
	int "MQTT broker port"
	default 1883

config MQTT_MESSAGE_BUFFER_SIZE
	int ""
	default 128

config MQTT_PAYLOAD_BUFFER_SIZE
	int ""
	default 128

config MQTT_KEEPALIVE
	int ""
	default 60

endmenu

menu "Zephyr Kernel"
source "$ZEPHYR_BASE/Kconfig.zephyr"
endmenu

    I copied main.c code below to my project and modified it a little bit.
    https://github.com/joakimtoe/fw-nrfconnect-nrf/commit/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa

    I defined NRF_CLOUD_CLIENT_ID in main.c instedf of in certificates.h

    <main.c>

#include <zephyr.h>
#include <stdio.h>
#include <uart.h>
#include <string.h>

#include <net/mqtt.h>
#include <net/socket.h>
#include <lte_lc.h>

#define MQTT_USERNAME "username"
#define MQTT_PASSWORD "password"
#define NRF_CLOUD_CLIENT_ID CONFIG_MQTT_CLIENT_ID

#if defined(CONFIG_PROVISION_CERTIFICATES)
#if defined(CONFIG_BSD_LIBRARY)
#include "nrf_inbuilt_key.h"
#endif
#include CONFIG_CERTIFICATES_FILE
#endif

#if defined(CONFIG_MQTT_LIB_TLS)
	static sec_tag_t sec_tag_list[] = { CONFIG_SEC_TAG };
#endif

/* Buffers for MQTT client. */
static u8_t rx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE];
static u8_t tx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE];
static u8_t payload_buf[CONFIG_MQTT_PAYLOAD_BUFFER_SIZE];
.
.
.
/**@brief Initialize the MQTT client structure
 */
static void client_init(struct mqtt_client *client)
{
	mqtt_client_init(client);

	broker_init();

    /* Add from here */
    static struct mqtt_utf8 password;
	static struct mqtt_utf8 user_name;

	password.utf8 = (u8_t *)MQTT_PASSWORD;
	password.size = strlen(MQTT_PASSWORD);
	user_name.utf8 = (u8_t *)MQTT_USERNAME;
	user_name.size = strlen(MQTT_USERNAME);
    /* to here */

	/* MQTT client configuration */
	client->broker = &broker;
	client->evt_cb = mqtt_evt_handler;
	client->client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID;
	client->client_id.size = strlen(CONFIG_MQTT_CLIENT_ID);
	client->password = &password; // Add here
	client->user_name = &user_name; // Add here
	client->protocol_version = MQTT_VERSION_3_1_0; // originally MQTT_VERSION_3_1_1

	/* MQTT buffers configuration */
	client->rx_buf = rx_buffer;
	client->rx_buf_size = sizeof(rx_buffer);
	client->tx_buf = tx_buffer;
	client->tx_buf_size = sizeof(tx_buffer);

	/* MQTT transport configuration */ 
    /* MODIFIED HERE */
    #if defined(CONFIG_MQTT_LIB_TLS)
        struct mqtt_sec_config *tls_config = &client->transport.tls.config;
        client->transport.type = MQTT_TRANSPORT_SECURE;

        tls_config->peer_verify = 2;
        tls_config->cipher_count = 0;
        tls_config->cipher_list = NULL;
        tls_config->sec_tag_count = ARRAY_SIZE(sec_tag_list);
        tls_config->sec_tag_list = sec_tag_list;
        tls_config->hostname = CONFIG_MQTT_BROKER_HOSTNAME;
    #else
       client->transport.type = MQTT_TRANSPORT_NON_SECURE;
    #endif
}
.
.
.
static int provision_certificate(void)
{
#if defined(CONFIG_PROVISION_CERTIFICATES)
#if defined(CONFIG_BSD_LIBRARY)
	{
		int err;

		/* Delete certificates */
		nrf_sec_tag_t sec_tag = (nrf_sec_tag_t) sec_tag_list[0];

		for (nrf_key_mgnt_cred_type_t type = 0; type < 5; type++) {
			printk("Deleting certs sec_tag: %d\n", sec_tag);
			err = nrf_inbuilt_key_delete(sec_tag, type);
			printk("nrf_inbuilt_key_delete(%u, %d) => result=%d\n",
				sec_tag, type, err);
		}

#if defined(CA_CERTIFICATE)
		/* Provision CA Certificate. */
		printk("Write ca certs sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_CA_CHAIN,
			CA_CERTIFICATE,
			strlen(CA_CERTIFICATE));
		if (err) {
			printk("CA_CERTIFICATE err: %d\n", err);
			return err;
		}
#endif
#if defined (CLIENT_PRIVATE_KEY)
		/* Provision Private Certificate. */
		printk("Write private cert sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(
			sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT,
			CLIENT_PRIVATE_KEY,
			strlen(CLIENT_PRIVATE_KEY));
		if (err) {
			printk("CLIENT_PRIVATE_KEY err: %d\n", err);
			return err;
		}
#endif
#if defined(CLIENT_PUBLIC_CERTIFICATE)
		/* Provision Public Certificate. */
		printk("Write public cert sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(
			sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT,
			CLIENT_PUBLIC_CERTIFICATE,
			strlen(CLIENT_PUBLIC_CERTIFICATE));
		if (err) {
			printk("CLIENT_PUBLIC_CERTIFICATE err: %d\n",
				err);
			return err;
		}
	}
#endif
#else
	{
		int err;

		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_CA_CERTIFICATE,
			NRF_CLOUD_CA_CERTIFICATE,
			sizeof(NRF_CLOUD_CA_CERTIFICATE));
		if (err < 0) {
			printk("Failed to register ca certificate: %d\n",
				err);
			return err;
		}
		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_PRIVATE_KEY,
			NRF_CLOUD_CLIENT_PRIVATE_KEY,
			sizeof(NRF_CLOUD_CLIENT_PRIVATE_KEY));
		if (err < 0) {
			printk("Failed to register private key: %d\n",
				err);
			return err;
		}
		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_SERVER_CERTIFICATE,
			NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE,
			sizeof(NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE));
		if (err < 0) {
			printk("Failed to register public certificate: %d\n",
				err);
			return err;
		}

	}
#endif /* defined(CONFIG_BSD_LIBRARY) */
#endif /* defined(CONFIG_PROVISION_CERTIFICATES) */

	return 0;
}

void main(void)
{
	int err;

	if (!IS_ENABLED(CONFIG_AT_HOST_LIBRARY)) {
		/* Stop the UART RX for power consumption reasons */
		NRF_UARTE0_NS->TASKS_STOPRX = 1;
		NRF_UARTE1_NS->TASKS_STOPRX = 1;
	}

	printk("The MQTT simple sample started\n");

	provision_certificate();

	modem_configure();

	client_init(&client);

	err = mqtt_connect(&client);
	if (err != 0) {
		printk("ERROR: mqtt_connect %d\n", err); // eror here
		return;
	}

	err = fds_init(&client);
	if (err != 0) {
		printk("ERROR: fds_init %d\n", err);
		return;
	}
	
	while (1) {
	    .
	    .
	}
}

Reply
  • 0 in reply to Hakon

    I modified code but it doesn't work well... Could you give me advice?

    I tested mqtt broker(mosquitto) with tls with another MQTT client and it works fine. The broker should be ok.

    The broker doesn't receive message from the client in this project.

    <console result>

Peripheral              Domain          Status
00 NRF_P0               Non-Secure      OK
01 NRF_CLOCK            Non-Secure      OK
02 NRF_RTC1             Non-Secure      OK
03 NRF_NVMC             Non-Secure      OK
04 NRF_UARTE1           Non-Secure      OK
05 NRF_UARTE2           Secure          SKIP
06 NRF_IPC              Non-Secure      OK
07 NRF_VMC              Non-Secure      OK
08 NRF_FPU              Non-Secure      OK
09 NRF_EGU1             Non-Secure      OK
10 NRF_EGU2             Non-Secure      OK
11 NRF_TWIM2            Non-Secure      OK
12 NRF_SPIM3            Non-Secure      OK
13 NRF_TIMER0           Non-Secure      OK
14 NRF_TIMER1           Non-Secure      OK
15 NRF_TIMER2           Non-Secure      OK
16 NRF_SAADC            Non-Secure      OK
17 NRF_GPIOTE1          Non-Secure      OK

SPM: NS image at 0x8000
SPM: NS MSP at 0x200238e0
SPM: NS reset vector at 0xa2b5
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS v1.14.99-ncs1 *****
The MQTT simple sample started
LTE Link Connecting ...
LTE Link Connected!
IPv4 Address found 0x5e7fda12
ERROR: mqtt_connect -45


    <certificates.h>

#ifndef _CERTIFICATES_H_
#define _CERTIFICATES_H_

#define NRF_CLOUD_CLIENT_PRIVATE_KEY \
    "-----BEGIN RSA PRIVATE KEY-----\n" \
    "MIIEowIBAAKCAQEAyoE5FG1Hf9DFEA1iF9enHtxNGYXI2kBjtXlz9Ckclctx2vJx\n" \
    .
    .
    .
    "QknwSFmfYXNRetEcDylKQEI3mkHxtj/jkDrOLitk0ccNQAeou/cL\n" \
    "-----END RSA PRIVATE KEY-----\n"

#define NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE \
    "-----BEGIN CERTIFICATE-----\n" \
    "MIIDkjCCAnoCFGlpDDWDAA00v8MltxDoTLzJH6EiMA0GCSqGSIb3DQEBCwUAMIGJ\n" \
    .
    .
    .
    "yQyqplp/\n" \
    "-----END CERTIFICATE-----\n"

#define NRF_CLOUD_CA_CERTIFICATE \
    "-----BEGIN CERTIFICATE-----\n" \
    "MIID9TCCAt2gAwIBAgIUSQtJI7ktYmj7qE3tDGGlDTjxrWAwDQYJKoZIhvcNAQEL\n" \
    .
    .
    .
    "agXksMq8cbMC\n" \
    "-----END CERTIFICATE-----\n"

#endif /* _CERTIFICATES_H_ */

    <prj.conf>

# General config
CONFIG_TEST_RANDOM_GENERATOR=y

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS_OFFLOAD=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_NETWORK_MODE_LTE_M=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n
# CONFIG_LTE_EDRX_REQ_ACTT_TYPE="4"
# CONFIG_LTE_EDRX_REQ=y
# CONFIG_LTE_EDRX_REQ_VALUE="0110"
# 0100 81.92sec
# 0101 163.84sec
# 0110 327.68sec
# 0111 655.36sec

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n

# BSD library
CONFIG_BSD_LIBRARY=y

# AT Host
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_AT_HOST_LIBRARY=y

# MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# Appliaction
CONFIG_MQTT_PUB_TOPIC="myPubTopic"
CONFIG_MQTT_SUB_TOPIC="mySubTopic"
CONFIG_MQTT_CLIENT_ID="myClientID"
CONFIG_MQTT_BROKER_HOSTNAME="xxxxxxxxxxxxxx.com"
CONFIG_MQTT_BROKER_PORT=8883
CONFIG_MQTT_KEEPALIVE=300
CONFIG_MQTT_TLS_SEC_TAG=16842753

# Main thread
CONFIG_MAIN_THREAD_PRIORITY=7
CONFIG_MAIN_STACK_SIZE=4096

CONFIG_HEAP_MEM_POOL_SIZE=1024


    <Kconfig>

menu "MQTT simple sample"

config PROVISION_CERTIFICATES
	bool "Provision of certificate"
	help
		Enable run-time provisioning of certificates from the
		certificates header file selected by using CERTIFICATES_FILE

config CERTIFICATES_FILE
	string "Certificates to use"
	depends on PROVISION_CERTIFICATES
	default "certificates.h"

config SEC_TAG
	int "Security tag to use for the connection"
	default 1

config MQTT_PUB_TOPIC
	string "MQTT publish topic"
	default "my/publish/topic"

config MQTT_SUB_TOPIC
	string "MQTT subscribe topic"
	default "my/subscribe/topic"

config MQTT_CLIENT_ID
	string "MQTT Client ID"
	default "my-client-id"

config MQTT_BROKER_HOSTNAME
	string "MQTT broker hostname"
	default "iot.eclipse.org"

config MQTT_BROKER_PORT
	int "MQTT broker port"
	default 1883

config MQTT_MESSAGE_BUFFER_SIZE
	int ""
	default 128

config MQTT_PAYLOAD_BUFFER_SIZE
	int ""
	default 128

config MQTT_KEEPALIVE
	int ""
	default 60

endmenu

menu "Zephyr Kernel"
source "$ZEPHYR_BASE/Kconfig.zephyr"
endmenu

    I copied main.c code below to my project and modified it a little bit.
    https://github.com/joakimtoe/fw-nrfconnect-nrf/commit/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa

    I defined NRF_CLOUD_CLIENT_ID in main.c instedf of in certificates.h

    <main.c>

#include <zephyr.h>
#include <stdio.h>
#include <uart.h>
#include <string.h>

#include <net/mqtt.h>
#include <net/socket.h>
#include <lte_lc.h>

#define MQTT_USERNAME "username"
#define MQTT_PASSWORD "password"
#define NRF_CLOUD_CLIENT_ID CONFIG_MQTT_CLIENT_ID

#if defined(CONFIG_PROVISION_CERTIFICATES)
#if defined(CONFIG_BSD_LIBRARY)
#include "nrf_inbuilt_key.h"
#endif
#include CONFIG_CERTIFICATES_FILE
#endif

#if defined(CONFIG_MQTT_LIB_TLS)
	static sec_tag_t sec_tag_list[] = { CONFIG_SEC_TAG };
#endif

/* Buffers for MQTT client. */
static u8_t rx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE];
static u8_t tx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE];
static u8_t payload_buf[CONFIG_MQTT_PAYLOAD_BUFFER_SIZE];
.
.
.
/**@brief Initialize the MQTT client structure
 */
static void client_init(struct mqtt_client *client)
{
	mqtt_client_init(client);

	broker_init();

    /* Add from here */
    static struct mqtt_utf8 password;
	static struct mqtt_utf8 user_name;

	password.utf8 = (u8_t *)MQTT_PASSWORD;
	password.size = strlen(MQTT_PASSWORD);
	user_name.utf8 = (u8_t *)MQTT_USERNAME;
	user_name.size = strlen(MQTT_USERNAME);
    /* to here */

	/* MQTT client configuration */
	client->broker = &broker;
	client->evt_cb = mqtt_evt_handler;
	client->client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID;
	client->client_id.size = strlen(CONFIG_MQTT_CLIENT_ID);
	client->password = &password; // Add here
	client->user_name = &user_name; // Add here
	client->protocol_version = MQTT_VERSION_3_1_0; // originally MQTT_VERSION_3_1_1

	/* MQTT buffers configuration */
	client->rx_buf = rx_buffer;
	client->rx_buf_size = sizeof(rx_buffer);
	client->tx_buf = tx_buffer;
	client->tx_buf_size = sizeof(tx_buffer);

	/* MQTT transport configuration */ 
    /* MODIFIED HERE */
    #if defined(CONFIG_MQTT_LIB_TLS)
        struct mqtt_sec_config *tls_config = &client->transport.tls.config;
        client->transport.type = MQTT_TRANSPORT_SECURE;

        tls_config->peer_verify = 2;
        tls_config->cipher_count = 0;
        tls_config->cipher_list = NULL;
        tls_config->sec_tag_count = ARRAY_SIZE(sec_tag_list);
        tls_config->sec_tag_list = sec_tag_list;
        tls_config->hostname = CONFIG_MQTT_BROKER_HOSTNAME;
    #else
       client->transport.type = MQTT_TRANSPORT_NON_SECURE;
    #endif
}
.
.
.
static int provision_certificate(void)
{
#if defined(CONFIG_PROVISION_CERTIFICATES)
#if defined(CONFIG_BSD_LIBRARY)
	{
		int err;

		/* Delete certificates */
		nrf_sec_tag_t sec_tag = (nrf_sec_tag_t) sec_tag_list[0];

		for (nrf_key_mgnt_cred_type_t type = 0; type < 5; type++) {
			printk("Deleting certs sec_tag: %d\n", sec_tag);
			err = nrf_inbuilt_key_delete(sec_tag, type);
			printk("nrf_inbuilt_key_delete(%u, %d) => result=%d\n",
				sec_tag, type, err);
		}

#if defined(CA_CERTIFICATE)
		/* Provision CA Certificate. */
		printk("Write ca certs sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_CA_CHAIN,
			CA_CERTIFICATE,
			strlen(CA_CERTIFICATE));
		if (err) {
			printk("CA_CERTIFICATE err: %d\n", err);
			return err;
		}
#endif
#if defined (CLIENT_PRIVATE_KEY)
		/* Provision Private Certificate. */
		printk("Write private cert sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(
			sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT,
			CLIENT_PRIVATE_KEY,
			strlen(CLIENT_PRIVATE_KEY));
		if (err) {
			printk("CLIENT_PRIVATE_KEY err: %d\n", err);
			return err;
		}
#endif
#if defined(CLIENT_PUBLIC_CERTIFICATE)
		/* Provision Public Certificate. */
		printk("Write public cert sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(
			sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT,
			CLIENT_PUBLIC_CERTIFICATE,
			strlen(CLIENT_PUBLIC_CERTIFICATE));
		if (err) {
			printk("CLIENT_PUBLIC_CERTIFICATE err: %d\n",
				err);
			return err;
		}
	}
#endif
#else
	{
		int err;

		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_CA_CERTIFICATE,
			NRF_CLOUD_CA_CERTIFICATE,
			sizeof(NRF_CLOUD_CA_CERTIFICATE));
		if (err < 0) {
			printk("Failed to register ca certificate: %d\n",
				err);
			return err;
		}
		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_PRIVATE_KEY,
			NRF_CLOUD_CLIENT_PRIVATE_KEY,
			sizeof(NRF_CLOUD_CLIENT_PRIVATE_KEY));
		if (err < 0) {
			printk("Failed to register private key: %d\n",
				err);
			return err;
		}
		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_SERVER_CERTIFICATE,
			NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE,
			sizeof(NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE));
		if (err < 0) {
			printk("Failed to register public certificate: %d\n",
				err);
			return err;
		}

	}
#endif /* defined(CONFIG_BSD_LIBRARY) */
#endif /* defined(CONFIG_PROVISION_CERTIFICATES) */

	return 0;
}

void main(void)
{
	int err;

	if (!IS_ENABLED(CONFIG_AT_HOST_LIBRARY)) {
		/* Stop the UART RX for power consumption reasons */
		NRF_UARTE0_NS->TASKS_STOPRX = 1;
		NRF_UARTE1_NS->TASKS_STOPRX = 1;
	}

	printk("The MQTT simple sample started\n");

	provision_certificate();

	modem_configure();

	client_init(&client);

	err = mqtt_connect(&client);
	if (err != 0) {
		printk("ERROR: mqtt_connect %d\n", err); // eror here
		return;
	}

	err = fds_init(&client);
	if (err != 0) {
		printk("ERROR: fds_init %d\n", err);
		return;
	}
	
	while (1) {
	    .
	    .
	}
}

Children
  • 0 in reply to Yusuke

    Hi, Yusuke.

    It's a code that Hakon told me, it looks like this.

    AWS IoT Policy.

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:*",
      "Resource": "*"
    }
  ]
}

    CMakeLists.txt

    #
# Copyright (c) 2018 Nordic Semiconductor
#
# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic
#

cmake_minimum_required(VERSION 3.8.2)

include(../../../cmake/boilerplate.cmake)
include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
project(mqtt-simple)

# NORDIC SDK APP START
target_sources(app PRIVATE src/main.c)
# NORDIC SDK APP END

    Kconfig

    #
# Copyright (c) 2018 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic
#

menu "MQTT simple sample"


config PROVISION_CERTIFICATES
	bool "Provision of certificate"
	help
		Enable run-time provisioning of certificates from the
		certificates header file selected by using CERTIFICATES_FILE

config CERTIFICATES_FILE
	string "Certificates to use"
	depends on PROVISION_CERTIFICATES
	default "certificates.h"

config SEC_TAG
	int "Security tag to use for the connection"
	default 1

config MQTT_PUB_TOPIC
	string "MQTT publish topic"
	default "myTopic/publish"

config MQTT_SUB_TOPIC
	string "MQTT subscribe topic"
	default "myTopic/subscribe"

config MQTT_CLIENT_ID
	string "MQTT Client ID"
	default "nRF9160-DK"

config MQTT_BROKER_HOSTNAME
	string "MQTT broker hostname"
	default "a544w27l82h92-ats.iot.us-east-1.amazonaws.com"

config MQTT_BROKER_PORT
	int "MQTT broker port"
	default 8883

config MQTT_MESSAGE_BUFFER_SIZE
	int ""
	default 128

config MQTT_PAYLOAD_BUFFER_SIZE
	int ""
	default 128

endmenu

menu "Zephyr Kernel"
source "$ZEPHYR_BASE/Kconfig.zephyr"
endmenu

    prj.conf

    # General config
CONFIG_TEST_RANDOM_GENERATOR=y

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS_OFFLOAD=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n

# BSD library
CONFIG_BSD_LIBRARY=y

# AT Host
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_AT_HOST_LIBRARY=y

# MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# Appliaction
#CONFIG_MQTT_PUB_TOPIC="/my/publish/topic"
#CONFIG_MQTT_SUB_TOPIC="/my/subscribe/topic"
#CONFIG_MQTT_CLIENT_ID="my-client-id"
#CONFIG_MQTT_BROKER_HOSTNAME="iot.eclipse.org"
#CONFIG_MQTT_BROKER_PORT=1883

CONFIG_MQTT_PUB_TOPIC="myTopic/publish"
CONFIG_MQTT_SUB_TOPIC="myTopic/subscribe"
CONFIG_MQTT_CLIENT_ID="nRF9160-DK"
CONFIG_MQTT_BROKER_HOSTNAME="a544w27l82h92-ats.iot.us-east-1.amazonaws.com"
CONFIG_MQTT_BROKER_PORT=8883

CONFIG_SEC_TAG=16842753

CONFIG_PROVISION_CERTIFICATES=y
CONFIG_CERTIFICATES_FILE="certificates.h"

# Main thread
CONFIG_MAIN_THREAD_PRIORITY=7
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_HEAP_MEM_POOL_SIZE=1024

CONFIG_NO_OPTIMIZATIONS=y

    main.c

    /*
 * Copyright (c) 2018 Nordic Semiconductor ASA
 *
 * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic
 */

#include <zephyr.h>
#include <stdio.h>
#include <uart.h>
#include <string.h>

#include <net/mqtt.h>
#include <net/socket.h>
#include <lte_lc.h>

#if defined(CONFIG_PROVISION_CERTIFICATES)
#if defined(CONFIG_BSD_LIBRARY)
#include "nrf_inbuilt_key.h"
#endif
//#include CONFIG_CERTIFICATES_FILE
#endif

#include "certificates.h"

#if defined(CONFIG_MQTT_LIB_TLS)
	static sec_tag_t sec_tag_list[] = { CONFIG_SEC_TAG };
#endif

/* Buffers for MQTT client. */
static u8_t rx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE];
static u8_t tx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE];
static u8_t payload_buf[CONFIG_MQTT_PAYLOAD_BUFFER_SIZE];

/* The mqtt client struct */
static struct mqtt_client client;

/* MQTT Broker details. */
static struct sockaddr_storage broker;

/* Connected flag */
static bool connected;

/* File descriptor */
struct pollfd fds;

/**@brief Function to print strings without null-termination
 */
static void data_print(u8_t *prefix, u8_t *data, size_t len)
{
	char buf[len + 1];

	memcpy(buf, data, len);
	buf[len] = 0;
	printk("%s%s\n", prefix, buf);
}

/**@brief Function to publish data on the configured topic
 */
static int data_publish(struct mqtt_client *c, enum mqtt_qos qos,
	u8_t *data, size_t len)
{
	struct mqtt_publish_param param;

	param.message.topic.qos = qos;
	param.message.topic.topic.utf8 = CONFIG_MQTT_PUB_TOPIC;
	param.message.topic.topic.size = strlen(CONFIG_MQTT_PUB_TOPIC);
	param.message.payload.data = data;
	param.message.payload.len = len;
	param.message_id = sys_rand32_get();
	param.dup_flag = 0;
	param.retain_flag = 0;

	data_print("Publish: ", data, len);
	printk("to topic: %s len: %u\n",
		CONFIG_MQTT_PUB_TOPIC,
		(unsigned int)strlen(CONFIG_MQTT_PUB_TOPIC));

	return mqtt_publish(c, &param);
}

/**@brief Function to subscribe to the configured topic
 */
static int subscribe(void)
{
	struct mqtt_topic subscribe_topic = {
		.topic = {
			.utf8 = CONFIG_MQTT_SUB_TOPIC,
			.size = strlen(CONFIG_MQTT_SUB_TOPIC)
		},
		.qos = MQTT_QOS_1_AT_LEAST_ONCE
	};

	const struct mqtt_subscription_list subscription_list = {
		.list = &subscribe_topic,
		.list_count = 1,
		.message_id = 1234
	};

	printk("Subscribing to: %s len %u\n", CONFIG_MQTT_SUB_TOPIC,
		(unsigned int)strlen(CONFIG_MQTT_SUB_TOPIC));

	return mqtt_subscribe(&client, &subscription_list);
}

/**@brief Function to read the published payload.
 */
static int publish_get_payload(struct mqtt_client *c, size_t length)
{
	u8_t *buf = payload_buf;
	u8_t *end = buf + length;

	if (length > sizeof(payload_buf)) {
		return -EMSGSIZE;
	}

	while (buf < end) {
		int ret = mqtt_read_publish_payload(c, buf, end - buf);

		if (ret < 0) {
			if (ret == -EAGAIN) {
				printk("mqtt_read_publish_payload: EAGAIN");
				poll(&fds, 1, K_FOREVER);
				continue;
			}

			return ret;
		}

		if (ret == 0) {
			return -EIO;
		}

		buf += ret;
	}

	return 0;
}

/**@brief MQTT client event handler
 */
void mqtt_evt_handler(struct mqtt_client *const c,
		      const struct mqtt_evt *evt)
{
	int err;

	switch (evt->type) {
	case MQTT_EVT_CONNACK:
		if (evt->result != 0) {
			printk("MQTT connect failed %d\n", evt->result);
			break;
		}

		connected = true;
		printk("[%s:%d] MQTT client connected!\n", __func__, __LINE__);
		subscribe();
		break;

	case MQTT_EVT_DISCONNECT:
		printk("[%s:%d] MQTT client disconnected %d\n", __func__,
		       __LINE__, evt->result);

		connected = false;
		break;

	case MQTT_EVT_PUBLISH: {
		const struct mqtt_publish_param *p = &evt->param.publish;

		printk("[%s:%d] MQTT PUBLISH result=%d len=%d\n", __func__,
		       __LINE__, evt->result, p->message.payload.len);
		err = publish_get_payload(c, p->message.payload.len);
		if (err >= 0) {
			data_print("Received: ", payload_buf,
				p->message.payload.len);
			/* Echo back received data */
			//data_publish(&client, MQTT_QOS_1_AT_LEAST_ONCE,
			//	payload_buf, p->message.payload.len);
		} else {
			printk("mqtt_read_publish_payload: Failed! %d\n", err);
		}
	} break;

	case MQTT_EVT_PUBACK:
		if (evt->result != 0) {
			printk("MQTT PUBACK error %d\n", evt->result);
			break;
		}

		printk("[%s:%d] PUBACK packet id: %u\n", __func__, __LINE__,
				evt->param.puback.message_id);
		break;

	case MQTT_EVT_SUBACK:
		if (evt->result != 0) {
			printk("MQTT SUBACK error %d\n", evt->result);
			break;
		}

		printk("[%s:%d] SUBACK packet id: %u\n", __func__, __LINE__,
				evt->param.suback.message_id);
		break;

	default:
		printk("[%s:%d] default: %d\n", __func__, __LINE__,
				evt->type);
		break;
	}
}

/**@brief Resolves the configured hostname and
 * initializes the MQTT broker structure
 */
static void broker_init(void)
{
	int err;
	struct addrinfo *result;
	struct addrinfo *addr;
	struct addrinfo hints;

	hints.ai_flags = 0;
	hints.ai_family = AF_INET;
	hints.ai_socktype = SOCK_STREAM;
	hints.ai_protocol = 0;

	err = getaddrinfo(CONFIG_MQTT_BROKER_HOSTNAME, NULL, &hints, &result);
	if (err) {
		printk("ERROR: getaddrinfo failed %d\n", err);

		return;
	}

	addr = result;
	err = -ENOENT;

	/* Look for address of the broker. */
	while (addr != NULL) {
		/* IPv4 Address. */
		if (addr->ai_addrlen == sizeof(struct sockaddr_in)) {
			struct sockaddr_in *broker4 =
				((struct sockaddr_in *)&broker);

			broker4->sin_addr.s_addr =
				((struct sockaddr_in *)addr->ai_addr)
				->sin_addr.s_addr;
			broker4->sin_family = AF_INET;
			broker4->sin_port = htons(CONFIG_MQTT_BROKER_PORT);
			printk("IPv4 Address found 0x%08x\n",
				broker4->sin_addr.s_addr);
			break;
		} else {
			printk("ai_addrlen = %u should be %u or %u\n",
				(unsigned int)addr->ai_addrlen,
				(unsigned int)sizeof(struct sockaddr_in),
				(unsigned int)sizeof(struct sockaddr_in6));
		}

		addr = addr->ai_next;
		break;
	}

	/* Free the address. */
	freeaddrinfo(result);
}

/**@brief Initialize the MQTT client structure
 */
static void client_init(struct mqtt_client *client)
{
	mqtt_client_init(client);

	broker_init();

	/* MQTT client configuration */
	client->broker = &broker;
	client->evt_cb = mqtt_evt_handler;
	client->client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID;
	client->client_id.size = strlen(CONFIG_MQTT_CLIENT_ID);
	client->password = NULL;
	client->user_name = NULL;
	client->protocol_version = MQTT_VERSION_3_1_1;

	/* MQTT buffers configuration */
	client->rx_buf = rx_buffer;
	client->rx_buf_size = sizeof(rx_buffer);
	client->tx_buf = tx_buffer;
	client->tx_buf_size = sizeof(tx_buffer);

	/* MQTT transport configuration */
#if defined(CONFIG_MQTT_LIB_TLS)
	struct mqtt_sec_config *tls_config = &client->transport.tls.config;
	
	client->transport.type = MQTT_TRANSPORT_SECURE;

	tls_config->peer_verify = 2;
	tls_config->cipher_count = 0;
	tls_config->cipher_list = NULL;
	tls_config->sec_tag_count = ARRAY_SIZE(sec_tag_list);
	tls_config->sec_tag_list = sec_tag_list;
	tls_config->hostname = CONFIG_MQTT_BROKER_HOSTNAME;
#else
	client->transport.type = MQTT_TRANSPORT_NON_SECURE;
#endif
}

/**@brief Initialize the file descriptor structure used by poll.
 */
static int fds_init(struct mqtt_client *c)
{
	if (c->transport.type == MQTT_TRANSPORT_NON_SECURE) {
		fds.fd = c->transport.tcp.sock;
	} else {
#if defined(CONFIG_MQTT_LIB_TLS)
		fds.fd = c->transport.tls.sock;
#else
		return -ENOTSUP;
#endif
	}

	fds.events = POLLIN;

	return 0;
}

/**@brief Configures modem to provide LTE link. Blocks until link is
 * successfully established.
 */
static void modem_configure(void)
{
#if defined(CONFIG_LTE_LINK_CONTROL)
	if (IS_ENABLED(CONFIG_LTE_AUTO_INIT_AND_CONNECT)) {
		/* Do nothing, modem is already turned on
		 * and connected.
		 */
	} else {
		int err;

		printk("LTE Link Connecting ...\n");
		err = lte_lc_init_and_connect();
		__ASSERT(err == 0, "LTE link could not be established.");
		printk("LTE Link Connected!\n");
	}
#endif
}

static int provision_certificate(void)
{
#if defined(CONFIG_PROVISION_CERTIFICATES)
#if defined(CONFIG_BSD_LIBRARY)
	{
		int err;

		/* Delete certificates */
		nrf_sec_tag_t sec_tag = (nrf_sec_tag_t) sec_tag_list[0];

		for (nrf_key_mgnt_cred_type_t type = 0; type < 5; type++) {
			printk("Deleting certs sec_tag: %d\n", sec_tag);
			err = nrf_inbuilt_key_delete(sec_tag, type);
			printk("nrf_inbuilt_key_delete(%u, %d) => result=%d\n",
				sec_tag, type, err);
		}

#if defined(CA_CERTIFICATE)
		/* Provision CA Certificate. */
		printk("Write ca certs sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_CA_CHAIN,
			CA_CERTIFICATE,
			strlen(CA_CERTIFICATE));
		if (err) {
			printk("CA_CERTIFICATE err: %d\n", err);
			return err;
		}
#endif
#if defined (CLIENT_PRIVATE_KEY)
		/* Provision Private Certificate. */
		printk("Write private cert sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(
			sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT,
			CLIENT_PRIVATE_KEY,
			strlen(CLIENT_PRIVATE_KEY));
		if (err) {
			printk("CLIENT_PRIVATE_KEY err: %d\n", err);
			return err;
		}
#endif
#if defined(CLIENT_PUBLIC_CERTIFICATE)
		/* Provision Public Certificate. */
		printk("Write public cert sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(
			sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT,
			CLIENT_PUBLIC_CERTIFICATE,
			strlen(CLIENT_PUBLIC_CERTIFICATE));
		if (err) {
			printk("CLIENT_PUBLIC_CERTIFICATE err: %d\n",
				err);
			return err;
		}
	}
#endif
#else
	{
		int err;

		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_CA_CERTIFICATE,
			NRF_CLOUD_CA_CERTIFICATE,
			sizeof(NRF_CLOUD_CA_CERTIFICATE));
		if (err < 0) {
			printk("Failed to register ca certificate: %d\n",
				err);
			return err;
		}
		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_PRIVATE_KEY,
			NRF_CLOUD_CLIENT_PRIVATE_KEY,
			sizeof(NRF_CLOUD_CLIENT_PRIVATE_KEY));
		if (err < 0) {
			printk("Failed to register private key: %d\n",
				err);
			return err;
		}
		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_SERVER_CERTIFICATE,
			NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE,
			sizeof(NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE));
		if (err < 0) {
			printk("Failed to register public certificate: %d\n",
				err);
			return err;
		}

	}
#endif /* defined(CONFIG_BSD_LIBRARY) */
#endif /* defined(CONFIG_PROVISION_CERTIFICATES) */

	return 0;
}

void main(void)
{
	int err;

//	if (!IS_ENABLED(CONFIG_AT_HOST_LIBRARY)) {
//		/* Stop the UART RX for power consumption reasons */
//		NRF_UARTE0_NS->TASKS_STOPRX = 1;
//		NRF_UARTE1_NS->TASKS_STOPRX = 1;
//	}

	printk("The MQTT simple sample started\n");

	provision_certificate();

	modem_configure();

	client_init(&client);

	err = mqtt_connect(&client);
	if (err != 0) {
		printk("ERROR: mqtt_connect %d\n", err);
		return;
	}

	err = fds_init(&client);
	if (err != 0) {
		printk("ERROR: fds_init %d\n", err);
		return;
	}

	while (1) {
		err = mqtt_input(&client);
		if (err != 0) {
			printk("ERROR: mqtt_input %d\n", err);
		}

		err = mqtt_live(&client);
		if (err != 0) {
			printk("ERROR: mqtt_live %d\n", err);
		}

		if (poll(&fds, 1, K_SECONDS(CONFIG_MQTT_KEEPALIVE)) < 0) {
			printk("ERROR: poll %d\n", errno);
		}
	}
}

    certificates.h

    /*
 * Copyright (c) 2018 Nordic Semiconductor ASA
 *
 * SPDX-License-Identifier: BSD-5-Clause-Nordic
 */

#define CLIENT_ID "nRF9160-DK"

#define CLIENT_PRIVATE_KEY \
"-----BEGIN RSA PRIVATE KEY-----\n" \
"MIIEowIBAAKCAQEAx4Ye6j54swxVmXg4DgMLq7SGTPDgX//OxX+gIyuElg++Y8Zc\n" \
・
・
・
"9YdCxdXEaJuCQP9Hk/sZntiYWDr+OS0LGLPgwZvx/6zdsgA8fwwo\n" \
"-----END RSA PRIVATE KEY-----\n"



#define CLIENT_PUBLIC_CERTIFICATE \
"-----BEGIN CERTIFICATE-----\n" \
"MIIDWjCCAkKgAwIBAgIVAIZKJS0Jwvc+y4xucM8EsLALOr1HMA0GCSqGSIb3DQEB\n" \
・
・
・
"udQi+rS7NNaOXeRF46P4gAfgSmeSqOAKjrDRsZKYBip1yXclOZFRTUTlvpSYQA==\n" \
"-----END CERTIFICATE-----\n"



#define CA_CERTIFICATE \
"-----BEGIN CERTIFICATE-----\n" \
"MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\n" \
・
・
・
"rqXRfboQnoZsG4q5WTP468SQvvG5\n" \
"-----END CERTIFICATE-----\n"

  • 0 in reply to Kenta

    Hi, KentaM. Thanks a lot!!

    I'm still in trouble. This is the console print.

    SPM: NS image at 0x8000
SPM: NS MSP at 0x200240f0
SPM: NS reset vector at 0xb811
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS v1.14.99-ncs1 *****
The MQTT simple sample started
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 0) => result=2
Deleting certs sec_tag: 16842753
***** BUS FAULT *****
  Precise data bus error
  BFAR Address: 0x3b61bb53
***** Hardware exception *****
Current thread ID = 0x20020410
Faulting instruction address = 0x16ad8
Fatal fault in thread 0x20020410! Aborting.
nrf_inbuilt_key_delete(16842753, 1) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 2) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 3) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 4) => result=14
Write ca certs sec_tag: 16842753
CA_CERTIFICATE err: 14
LTE Link Connecting ...
LTE Link Connected!
ERROR: getaddrinfo failed 22
ERROR: mqtt_connect -47

    This may tell me that certification files are wrong, but MQTT+TLS works fine with another MQTT client with the same three files(CLIENT_PRIVATE_KEY, CLIENT_PUBLIC_CERTIFICATE, CA_CERTIFICATE). These files are self signed and generated by openssl. 

    In my case, I don't use AWS IoT service. I implemented mosquitto MQTT broker on EC2.

    Do you have any comment?

    <certificates.h> *under the src folder

#define CLIENT_ID "myClientID"

#define CLIENT_PRIVATE_KEY \
"-----BEGIN RSA PRIVATE KEY-----\n" \
"MIIEowIBAAKCAQEAyoE5FG1Hf9DFEA1iF9enHtxNGYXI2kBjtXlz9Ckclctx2vJx\n" \
.
.
.
"QknwSFmfYXNRetEcDylKQEI3mkHxtj/jkDrOLitk0ccNQAeou/cL\n" \
"-----END RSA PRIVATE KEY-----\n"

#define CLIENT_PUBLIC_CERTIFICATE \
"-----BEGIN CERTIFICATE-----\n" \
"MIIDkjCCAnoCFGlpDDWDAA00v8MltxDoTLzJH6EiMA0GCSqGSIb3DQEBCwUAMIGJ\n" \
.
.
.
"yQyqplp/\n" \
"-----END CERTIFICATE-----\n"

#define CA_CERTIFICATE \
"-----BEGIN CERTIFICATE-----\n" \
"MIID9TCCAt2gAwIBAgIUSQtJI7ktYmj7qE3tDGGlDTjxrWAwDQYJKoZIhvcNAQEL\n" \
.
.
.
"jmLwN36BmvVGOkXHwOaBgCbFon1negAwX7bO0fXJlwySKO/gIvo1B/FZnP3TdRoD\n" \
"agXksMq8cbMC\n" \
"-----END CERTIFICATE-----\n"

  • 0 in reply to Yusuke

    Ah....

    I use AWS IoT Core without using EC2.

    Because it costs a lot for EC2 instances.

    If the MQTT_MESSAGE_BUFFER_SIZE is too long it will result in a BUS FAULT error.

    日本語でも書いておくと、EC2インスタンスではなく、AWS IoT Coreを使っています。

    EC2インスタンスだとお金いっぱいかかるので。

    AWS IoT Coreでエッジデバイスを登録して、証明書とポリシーを設定及びアタッチしてあります。

    BUS FAULTのエラーはMQTT_MESSAGE_BUFFER_SIZEが長すぎるとエラーになったように思います。

  • 0 in reply to Kenta

    I see. I'll try AWS IoT Core. BTW, Which do you select in Board Name, nrf9160_pca10090ns or nrf9160_pca10090? Since mqtt_simple works with nrf9160_pca10090ns, I choose nrf9160_pca10090ns when implementing TLS.

Related