adam-scislowicz
commented
1 year ago Finding the appropriate expert and will get back to you ASAP.
Closed rakesh5283 closed 1 year ago
adam-scislowicz
commented
1 year ago Finding the appropriate expert and will get back to you ASAP.
johnrhen
commented
1 year ago Hello Rakesh,
We already supply an example of the transport interface in mbedtls_pkcs11_posix.h and mbedtls_pkcs11_posix.c. These are written to use PKCS11 for credential management, but you can rework them to use credentials in the way appropriate to your system. You can see an example of this transport in action in the fleet-provisioning-with-csr demo, which properly initializes and manages Mbed-TLS with coreMQTT.
The important pieces to modify in the mqtt_demo_mutual_auth.c will be changing the context, as send function, and receive function to use the Mbed-TLS equivalents. Additionally, you'll change the function connectToServerWithBackoffRetries to initialize the Mbed-TLS connection with the appropriate parameters. Otherwise, replace occurrences of OpenSSL functions with Mbed-TLS functions as appropriate, such as Openssl_Disconnect.
Let me know if I can give any more help, John
rakesh5283
commented
1 year ago Thanks John,
Yes I took the mqtt_demo_mutual_auth.c file and replace the OpenSSL functions to mbedTLS functions. But when replacing to mbedTLS function which are taken from the fleet-provisioning-with-csr demo.. it asking for the PKCS11 functions internally and I am stuck here, how to rework them to use credentials.
Is there any document or repo to get help on mutual demo.
Appreciate your support.
Thanks Rakesh
rakesh5283
commented
1 year ago Hi,
I think mqtt_mutual_demo_auth.c does not include the PKCS11 crypto functions? and mbedtls_pkcs11_posix.c module required to remove the PKCS11 in case If I dont want to use it..
please guide.
johnrhen
commented
1 year ago mqtt_demo_mutual_auth doesn't use the PKCS11 crypto functions, but it still uses OpenSSL.
You may be able to get some guidance from the FreeRTOS/FreeRTOS implementation of the mbedtls transport interface (transport_mbedtls.c and transport_mbedtls.h). You'll need to adapt it to work with the transport interface in this repository, but this example uses mbedtls by passing in credential objects.
johnrhen
commented
1 year ago I'm marking this issue as resolved due to inactivity, but feel free to reopen if you have any further questions.
Hi,
I want to build the aws iot device sdk -embedded c on our device which is running on the Linux and hardware arm-cortex A5.
I want to use mbedTLS for mqtt mutual authentication demos, the current demo which is using openSSL and its works fine and we are able to send data to AWS IoT Core using openSSL. but our device does not support openSSL 1.1.1 (as AWS IoT Core min requirements).
So we are using mbedTLS and facing so many struggle to build using a mutual authentication demo. Does any help or direct me to build the AWS IoT Core embedded C SDK with mbedTLS library.
Thanks, Rakesh