Using SHA256 with Simple MQTT

Hello, i want to use SHA-256 to encrypt a Payload of my outgoing MQTT Messages.

I started to modify the NRF9160 MQTT Example. To test the encryption i copied Code from the sha256 Example.

The psa_crypto_init() will succeed but when i try to use psa_hash_compute with PSA_ALG_SHA256 i get the Error Code -134 which corresponds to "PSA_ERROR_NOT_SUPPORTED".

To fix this i tried to modify the prj.conf with configs i found in other Devzone Threads but it wont change the outcome.

Appreciate any Help

Philipp

Parents
  • Hi Philipp

    To fix this i tried to modify the prj.conf with configs i found in other Devzone Threads but it wont change the outcome.

    Can you list the configurations you did try?

    Regards,
    Sigurd Hellesvik

  • Hello, this is my current conf

    #
    # Copyright (c) 2020 Nordic Semiconductor ASA
    #
    # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
    #
    
    # Networking
    CONFIG_NETWORKING=y
    CONFIG_NET_NATIVE=n
    CONFIG_NET_SOCKETS_OFFLOAD=y
    CONFIG_NET_SOCKETS=y
    CONFIG_NET_SOCKETS_POSIX_NAMES=y
    
    # LTE link control
    CONFIG_LTE_LINK_CONTROL=y
    CONFIG_LTE_AUTO_INIT_AND_CONNECT=n
    
    # Modem library
    CONFIG_NRF_MODEM_LIB=y
    
    # Disable Modem traces, since we need UART1 for HCI
    CONFIG_NRF_MODEM_LIB_TRACE_ENABLED=n
    
    # AT host
    CONFIG_AT_HOST_LIBRARY=y
    
    # MQTT
    CONFIG_MQTT_LIB=y
    CONFIG_MQTT_LIB_TLS=y
    CONFIG_MQTT_CLEAN_SESSION=y
    
    # Application
    # CONFIG_MQTT_PUB_TOPIC="my/publish/topic"
    # CONFIG_MQTT_SUB_TOPIC="my/subscribe/topic"
    # CONFIG_MQTT_CLIENT_ID="my-client-id"
    # CONFIG_MQTT_BROKER_HOSTNAME="mqtt.eclipseprojects.io"
    # CONFIG_MQTT_BROKER_PORT=1883
    
    # Button support
    CONFIG_DK_LIBRARY=y
    
    # Enable logging
    CONFIG_LOG=y
    CONFIG_MQTT_SIMPLE_LOG_LEVEL_DBG=y
    
    # Heap and stacks
    CONFIG_HEAP_MEM_POOL_SIZE=16384
    CONFIG_MAIN_STACK_SIZE=8192
    CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
    
    # NewLib C
    CONFIG_NEWLIB_LIBC=y
    CONFIG_MQTT_BROKER_HOSTNAME="dev-gateway.keyota.de"
    CONFIG_MQTT_BROKER_PORT=8883
    CONFIG_MODEM_KEY_MGMT=y
    CONFIG_MODEM_ANTENNA_AT_MAGPIO="AT%XMAGPIO=1,0,0,1,1,1574,1577"
    CONFIG_MODEM_ANTENNA_AT_COEX0="AT%XCOEX0=1,1,1565,1586"
    CONFIG_DEBUG_THREAD_INFO=y
    CONFIG_DEBUG_OPTIMIZATIONS=y
    CONFIG_MQTT_CLIENT_ID="860016040397437"
    CONFIG_BUTTON_EVENT_PUBLISH_MSG="456789:EA4712FF4380FF"
    CONFIG_MQTT_SUB_TOPIC="1/lock/860016040397437_456789"
    CONFIG_MQTT_PUB_TOPIC="1/gateway/860016040397437"
    
    # Enable Bluetooth stack and libraries
    CONFIG_BT=y
    CONFIG_BT_H4=y
    CONFIG_BT_WAIT_NOP=y
    CONFIG_BT_CENTRAL=y
    CONFIG_BT_GATT_CLIENT=y
    CONFIG_BT_GATT_DM=y
    CONFIG_BT_SCAN=y
    CONFIG_BT_SCAN_FILTER_ENABLE=y
    CONFIG_BT_SCAN_UUID_CNT=1
    
    CONFIG_UART_INTERRUPT_DRIVEN=y
    
    # Enable nordic security backend and PSA APIs
    CONFIG_NRF_SECURITY=y
    CONFIG_MBEDTLS_PSA_CRYPTO_C=y
    
    CONFIG_MBEDTLS_ENABLE_HEAP=y
    CONFIG_MBEDTLS_HEAP_SIZE=8192
    CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
    CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y
    
    CONFIG_NRF_SW_LPUART=y
    CONFIG_NRF_SW_LPUART_INT_DRIVEN=y
    
    CONFIG_UART_2_ASYNC=y
    CONFIG_UART_2_INTERRUPT_DRIVEN=n
    CONFIG_UART_2_NRF_HW_ASYNC=y
    CONFIG_UART_2_NRF_HW_ASYNC_TIMER=2
    

    i tried to add

    CONFIG_BUILD_WITH_TFM=y
    CONFIG_NORDIC_SECURITY_BACKEND=y

    but nothing changed.

Reply
  • Hello, this is my current conf

    #
    # Copyright (c) 2020 Nordic Semiconductor ASA
    #
    # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
    #
    
    # Networking
    CONFIG_NETWORKING=y
    CONFIG_NET_NATIVE=n
    CONFIG_NET_SOCKETS_OFFLOAD=y
    CONFIG_NET_SOCKETS=y
    CONFIG_NET_SOCKETS_POSIX_NAMES=y
    
    # LTE link control
    CONFIG_LTE_LINK_CONTROL=y
    CONFIG_LTE_AUTO_INIT_AND_CONNECT=n
    
    # Modem library
    CONFIG_NRF_MODEM_LIB=y
    
    # Disable Modem traces, since we need UART1 for HCI
    CONFIG_NRF_MODEM_LIB_TRACE_ENABLED=n
    
    # AT host
    CONFIG_AT_HOST_LIBRARY=y
    
    # MQTT
    CONFIG_MQTT_LIB=y
    CONFIG_MQTT_LIB_TLS=y
    CONFIG_MQTT_CLEAN_SESSION=y
    
    # Application
    # CONFIG_MQTT_PUB_TOPIC="my/publish/topic"
    # CONFIG_MQTT_SUB_TOPIC="my/subscribe/topic"
    # CONFIG_MQTT_CLIENT_ID="my-client-id"
    # CONFIG_MQTT_BROKER_HOSTNAME="mqtt.eclipseprojects.io"
    # CONFIG_MQTT_BROKER_PORT=1883
    
    # Button support
    CONFIG_DK_LIBRARY=y
    
    # Enable logging
    CONFIG_LOG=y
    CONFIG_MQTT_SIMPLE_LOG_LEVEL_DBG=y
    
    # Heap and stacks
    CONFIG_HEAP_MEM_POOL_SIZE=16384
    CONFIG_MAIN_STACK_SIZE=8192
    CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
    
    # NewLib C
    CONFIG_NEWLIB_LIBC=y
    CONFIG_MQTT_BROKER_HOSTNAME="dev-gateway.keyota.de"
    CONFIG_MQTT_BROKER_PORT=8883
    CONFIG_MODEM_KEY_MGMT=y
    CONFIG_MODEM_ANTENNA_AT_MAGPIO="AT%XMAGPIO=1,0,0,1,1,1574,1577"
    CONFIG_MODEM_ANTENNA_AT_COEX0="AT%XCOEX0=1,1,1565,1586"
    CONFIG_DEBUG_THREAD_INFO=y
    CONFIG_DEBUG_OPTIMIZATIONS=y
    CONFIG_MQTT_CLIENT_ID="860016040397437"
    CONFIG_BUTTON_EVENT_PUBLISH_MSG="456789:EA4712FF4380FF"
    CONFIG_MQTT_SUB_TOPIC="1/lock/860016040397437_456789"
    CONFIG_MQTT_PUB_TOPIC="1/gateway/860016040397437"
    
    # Enable Bluetooth stack and libraries
    CONFIG_BT=y
    CONFIG_BT_H4=y
    CONFIG_BT_WAIT_NOP=y
    CONFIG_BT_CENTRAL=y
    CONFIG_BT_GATT_CLIENT=y
    CONFIG_BT_GATT_DM=y
    CONFIG_BT_SCAN=y
    CONFIG_BT_SCAN_FILTER_ENABLE=y
    CONFIG_BT_SCAN_UUID_CNT=1
    
    CONFIG_UART_INTERRUPT_DRIVEN=y
    
    # Enable nordic security backend and PSA APIs
    CONFIG_NRF_SECURITY=y
    CONFIG_MBEDTLS_PSA_CRYPTO_C=y
    
    CONFIG_MBEDTLS_ENABLE_HEAP=y
    CONFIG_MBEDTLS_HEAP_SIZE=8192
    CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
    CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y
    
    CONFIG_NRF_SW_LPUART=y
    CONFIG_NRF_SW_LPUART_INT_DRIVEN=y
    
    CONFIG_UART_2_ASYNC=y
    CONFIG_UART_2_INTERRUPT_DRIVEN=n
    CONFIG_UART_2_NRF_HW_ASYNC=y
    CONFIG_UART_2_NRF_HW_ASYNC_TIMER=2
    

    i tried to add

    CONFIG_BUILD_WITH_TFM=y
    CONFIG_NORDIC_SECURITY_BACKEND=y

    but nothing changed.

Children
  • Hi

    From psa_hash_compute():
    "

    PSA_ERROR_NOT_SUPPORTED

    The following conditions can result in this error:

    • alg is not supported or is not a hash algorithm.
    • input_length is too large for the implementation.

    "

    For the first one: Is CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_256_CC3XX enabled?

    For the second one: Are you sure that the input length is not too long?

    Regards,
    Sigurd Hellesvik

  • Thank you for your Help.

    I added CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_256_CC3XX, i also already had CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y enabled in my config but the error stays. The input_length should be okay since i use the same code with the same string from the sha256-examle (which runs without error).

  • Hi

    I have not been able to find an issue with this yet.

    Could you zip your project files and upload them here, so that I can try to replicate the issue?

    Regards,
    Sigurd Hellesvik

  • I recreated my Project combining the mqtt_simple and sha256 examples.

    7870.mqtt_simple.zip

  • Hi

    When I run your project, this is the log I get, and it seems like it works fine.
    Do you get something else in the log?

    [00:00:00.544,158] <inf> mqtt_simple: The MQTT simple sample started
    [00:00:00.544,189] <inf> mqtt_simple: Starting SHA256 example...
    [00:00:00.544,189] <inf> mqtt_simple: Hashing using SHA256...
    [00:00:00.544,342] <inf> mqtt_simple: Hashing successful!
    [00:00:00.544,372] <inf> mqtt_simple: ---- Plaintext (len: 100): ----
    [00:00:00.544,403] <inf> mqtt_simple: Content:
                                          45 78 61 6d 70 6c 65 20  73 74 72 69 6e 67 20 74 |Example  string t
                                          6f 20 64 65 6d 6f 6e 73  74 72 61 74 65 20 62 61 |o demons trate ba
                                          73 69 63 20 75 73 61 67  65 20 6f 66 20 53 48 41 |sic usag e of SHA
                                          32 35 36 2e 00 00 00 00  00 00 00 00 00 00 00 00 |256..... ........
                                          00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |........ ........
                                          00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |........ ........
                                          00 00 00 00                                      |....             
    [00:00:00.544,403] <inf> mqtt_simple: ---- Plaintext end  ----
    [00:00:00.544,433] <inf> mqtt_simple: ---- SHA256 hash (len: 32): ----
    [00:00:00.544,433] <inf> mqtt_simple: Content:
                                          1f a2 7b 31 e2 4c c0 e3  f6 d8 d5 ab f6 1d 87 9f |..{1.L.. ........
                                          fb cb cc 2d d4 9c 49 ab  59 cf 9e 54 c2 80 65 56 |...-..I. Y..T..eV
    [00:00:00.544,464] <inf> mqtt_simple: ---- SHA256 hash end  ----
    [00:00:00.544,464] <inf> mqtt_simple: Verifying the SHA256 hash...
    [00:00:00.544,647] <inf> mqtt_simple: SHA256 verification successful!
    [00:00:00.544,647] <inf> mqtt_simple: Example finished successfully!
    [00:00:00.544,647] <inf> mqtt_simple: Disabling PSM and eDRX
    [00:00:00.551,605] <inf> mqtt_simple: LTE Link Connecting...
    [00:00:03.630,035] <inf> mqtt_simple: LTE Link Connected!
    [00:00:03.770,172] <inf> mqtt_simple: IPv4 Address found 137.135.83.217
    [00:00:03.770,629] <dbg> mqtt_simple: client_id_get: client_id = nrf-352656109434228
    [00:00:04.178,894] <inf> mqtt_simple: MQTT client connected
    [00:00:04.178,894] <inf> mqtt_simple: Subscribing to: my/subscribe/topic len 18
    [00:00:04.420,806] <inf> mqtt_simple: SUBACK packet id: 1234

    Regards,
    Sigurd Hellesvik

Related