TLS handshake in aws_iot_connect() function

RE: TLS handshake in aws_iot_connect() function

Didrik Rokhaug — Mon, 26 Oct 2020 13:02:25 GMT

A TLS handshake will be done if you call connect() on a TLS socket.

A TLS socket is created by calling socket(sa_family, SOCK_STREAM, IPPROTO_TLS_1_2), where sa_family is the IP version (AF_INET for IPv4 or AF_INET6 for IPv6)

RE: TLS handshake in aws_iot_connect() function

ReneDelgado — Sun, 25 Oct 2020 19:25:20 GMT

Hello,

We are porting aws-iot-device-sdk-embedded-C, and TLS handshake is requirement of the connect function parameter,

We want to know which function we need to call from Cortex M33 to trigger that the modem do the TLS handshake.

René D.

RE: TLS handshake in aws_iot_connect() function

Didrik Rokhaug — Mon, 19 Oct 2020 07:55:24 GMT

The TLS stack is in the modem, so the modem will handle the TLS handshake.

Why do you want to know where the TLS handshake happens?

RE: TLS handshake in aws_iot_connect() function

ReneDelgado — Sat, 17 Oct 2020 16:18:51 GMT

Hello, thanks for your answer, it describes very well the calls to the functions. But It not mentioning anything related to TLS Handshake therefore I am not answering my question.

What we want to know is:

Where is the TLS Hanshake done, mentioned in the note that I pasted in my previous comment? The notes are in the Nordic Wiki for that reason I question to your Team.

Best Regards,

René D.

RE: TLS handshake in aws_iot_connect() function

Didrik Rokhaug — Mon, 12 Oct 2020 13:34:38 GMT

Hi,

aws_iot_connect() calls mqtt_connect() which calls client_connect() which calls mqtt_transport_connect().

mqtt_transport_connect() calls transport_fn[client->transport.type].connect(). The MQTT library supports three transport layers, TCP, TLS and websockets. Each of the transports has defined a struct, filled with transport specific functions, and placed those structs in the transport_fn array. This way, the MQTT library can use a single interface for both transports.

As you are using TLS, mqtt_transport_connect() will call mqtt_client_tls_connect() in mqtt_transport_socket_tls.c. In mqtt_client_tls_connect(), you will see the socket be created, and the relevant socket options being set. In the end, mqtt_client_tls_connect() calls connect().

The call to connect() will go through Zephyr's socket offloading layer (you are free to explore the details of this yourself), and end up nrf91_socket_offload_connect() in nrf/lib/bsdlib/nrf91_socket.c. Here, we convert from Zephyr's sockets, to bsdlib's nrf_sockets. The call to connect() ends up converted to a call to nrf_connect().

nrf_connect() is implemented in bsdlib, which is only distributed as a pre-compiled library, so our exploration ends here. However, bsdlib will forward the function call to the modem, which is where the TLS stack resides.

In short, the call to aws_iot_connect() will go through a lot of intermediate functions, before ending up in the modem, which is where the magic happens.

Best regards,

Didrik