Using SHA256 with Simple MQTT

Hello, i want to use SHA-256 to encrypt a Payload of my outgoing MQTT Messages.

I started to modify the NRF9160 MQTT Example. To test the encryption i copied Code from the sha256 Example.

The psa_crypto_init() will succeed but when i try to use psa_hash_compute with PSA_ALG_SHA256 i get the Error Code -134 which corresponds to "PSA_ERROR_NOT_SUPPORTED".

To fix this i tried to modify the prj.conf with configs i found in other Devzone Threads but it wont change the outcome.

Appreciate any Help

Philipp

  • Hi Philipp

    To fix this i tried to modify the prj.conf with configs i found in other Devzone Threads but it wont change the outcome.

    Can you list the configurations you did try?

    Regards,
    Sigurd Hellesvik

  • Hello, this is my current conf

    #
    # Copyright (c) 2020 Nordic Semiconductor ASA
    #
    # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
    #
    
    # Networking
    CONFIG_NETWORKING=y
    CONFIG_NET_NATIVE=n
    CONFIG_NET_SOCKETS_OFFLOAD=y
    CONFIG_NET_SOCKETS=y
    CONFIG_NET_SOCKETS_POSIX_NAMES=y
    
    # LTE link control
    CONFIG_LTE_LINK_CONTROL=y
    CONFIG_LTE_AUTO_INIT_AND_CONNECT=n
    
    # Modem library
    CONFIG_NRF_MODEM_LIB=y
    
    # Disable Modem traces, since we need UART1 for HCI
    CONFIG_NRF_MODEM_LIB_TRACE_ENABLED=n
    
    # AT host
    CONFIG_AT_HOST_LIBRARY=y
    
    # MQTT
    CONFIG_MQTT_LIB=y
    CONFIG_MQTT_LIB_TLS=y
    CONFIG_MQTT_CLEAN_SESSION=y
    
    # Application
    # CONFIG_MQTT_PUB_TOPIC="my/publish/topic"
    # CONFIG_MQTT_SUB_TOPIC="my/subscribe/topic"
    # CONFIG_MQTT_CLIENT_ID="my-client-id"
    # CONFIG_MQTT_BROKER_HOSTNAME="mqtt.eclipseprojects.io"
    # CONFIG_MQTT_BROKER_PORT=1883
    
    # Button support
    CONFIG_DK_LIBRARY=y
    
    # Enable logging
    CONFIG_LOG=y
    CONFIG_MQTT_SIMPLE_LOG_LEVEL_DBG=y
    
    # Heap and stacks
    CONFIG_HEAP_MEM_POOL_SIZE=16384
    CONFIG_MAIN_STACK_SIZE=8192
    CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
    
    # NewLib C
    CONFIG_NEWLIB_LIBC=y
    CONFIG_MQTT_BROKER_HOSTNAME="dev-gateway.keyota.de"
    CONFIG_MQTT_BROKER_PORT=8883
    CONFIG_MODEM_KEY_MGMT=y
    CONFIG_MODEM_ANTENNA_AT_MAGPIO="AT%XMAGPIO=1,0,0,1,1,1574,1577"
    CONFIG_MODEM_ANTENNA_AT_COEX0="AT%XCOEX0=1,1,1565,1586"
    CONFIG_DEBUG_THREAD_INFO=y
    CONFIG_DEBUG_OPTIMIZATIONS=y
    CONFIG_MQTT_CLIENT_ID="860016040397437"
    CONFIG_BUTTON_EVENT_PUBLISH_MSG="456789:EA4712FF4380FF"
    CONFIG_MQTT_SUB_TOPIC="1/lock/860016040397437_456789"
    CONFIG_MQTT_PUB_TOPIC="1/gateway/860016040397437"
    
    # Enable Bluetooth stack and libraries
    CONFIG_BT=y
    CONFIG_BT_H4=y
    CONFIG_BT_WAIT_NOP=y
    CONFIG_BT_CENTRAL=y
    CONFIG_BT_GATT_CLIENT=y
    CONFIG_BT_GATT_DM=y
    CONFIG_BT_SCAN=y
    CONFIG_BT_SCAN_FILTER_ENABLE=y
    CONFIG_BT_SCAN_UUID_CNT=1
    
    CONFIG_UART_INTERRUPT_DRIVEN=y
    
    # Enable nordic security backend and PSA APIs
    CONFIG_NRF_SECURITY=y
    CONFIG_MBEDTLS_PSA_CRYPTO_C=y
    
    CONFIG_MBEDTLS_ENABLE_HEAP=y
    CONFIG_MBEDTLS_HEAP_SIZE=8192
    CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
    CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y
    
    CONFIG_NRF_SW_LPUART=y
    CONFIG_NRF_SW_LPUART_INT_DRIVEN=y
    
    CONFIG_UART_2_ASYNC=y
    CONFIG_UART_2_INTERRUPT_DRIVEN=n
    CONFIG_UART_2_NRF_HW_ASYNC=y
    CONFIG_UART_2_NRF_HW_ASYNC_TIMER=2
    

    i tried to add

    CONFIG_BUILD_WITH_TFM=y
    CONFIG_NORDIC_SECURITY_BACKEND=y

    but nothing changed.

  • Hi

    From psa_hash_compute():
    "

    PSA_ERROR_NOT_SUPPORTED

    The following conditions can result in this error:

    • alg is not supported or is not a hash algorithm.
    • input_length is too large for the implementation.

    "

    For the first one: Is CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_256_CC3XX enabled?

    For the second one: Are you sure that the input length is not too long?

    Regards,
    Sigurd Hellesvik

  • Thank you for your Help.

    I added CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_256_CC3XX, i also already had CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y enabled in my config but the error stays. The input_length should be okay since i use the same code with the same string from the sha256-examle (which runs without error).

  • Hi

    I have not been able to find an issue with this yet.

    Could you zip your project files and upload them here, so that I can try to replicate the issue?

    Regards,
    Sigurd Hellesvik

Related