• State Resolved
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 205 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

LAUNCHCC3220MODASF: tcpechotls falied on SimpleLink SDK 3_30_01_02

Roman Jordan
Expert 1780 points
Part Number: LAUNCHCC3220MODASF

Hello all,

running the TI sample tcpechotls fails with the error output "tcpHandler: failed to load objects".

My versions are:
- CCS 9.3
- SimpleLink SDK 3_30_01_02
- Windows 10 host

The function tcpHandler, file tcpEchoTLS.c, contains the following code lines:

status = SlNetIf_loadSecObj(SLNETIF_SEC_OBJ_TYPE_CERTIFICATE,
         ROOT_CA_CERT_FILE, strlen(ROOT_CA_CERT_FILE), srvCAPem,
         srvCAPemLen, SLNETIF_ID_1);
status |= SlNetIf_loadSecObj(SLNETIF_SEC_OBJ_TYPE_CERTIFICATE,
          TRUSTED_CERT_FILE, strlen(TRUSTED_CERT_FILE), srvCertPem,
          srvCertPemLen, SLNETIF_ID_1);
status |= SlNetIf_loadSecObj(SLNETIF_SEC_OBJ_TYPE_RSA_PRIVATE_KEY,
          PRIVATE_KEY_FILE, strlen(PRIVATE_KEY_FILE)-1, srvKeyPem,
          srvKeyPemLen, SLNETIF_ID_1);
          
The parameter strlen(PRIVATE_KEY_FILE)-1 leads to this error output. Removing the  -1 makes the project runnable.

Because all the SDK samples use the line containing -1 I am not sure about my solution.

Is it a problem on my side or a mistake in the SDK?

Best regards,
Roman

  • 0
    TI__Guru* 96960 points

    Hi Roman,

    We think we understand what is happening here, but need a bit of time to come up with the best solution. We should get back to you in a day or so.

    Todd

  • 0 in reply to ToddMullanix
    Expert 1780 points

    Hi Todd,

    thanks a lot.

    The following is a little confusing when you start with TLS. ;)

    There are three arrays loaded:

    Array - Define - Filename

    srvCAPem - ROOT_CA_CERT_FILE - caCert.pem

    srvCertPem - TRUSTED_CERT_FILE - serverCert.pem

    srvKeyPem - PRIVATE_KEY_FILE - serverKey.pem

        status = SlNetIf_loadSecObj(SLNETIF_SEC_OBJ_TYPE_CERTIFICATE,
                ROOT_CA_CERT_FILE, strlen(ROOT_CA_CERT_FILE), srvCAPem,
                srvCAPemLen, SLNETIF_ID_1);
        status |= SlNetIf_loadSecObj(SLNETIF_SEC_OBJ_TYPE_CERTIFICATE,
                TRUSTED_CERT_FILE, strlen(TRUSTED_CERT_FILE), srvCertPem,
                srvCertPemLen, SLNETIF_ID_1);
        status |= SlNetIf_loadSecObj(SLNETIF_SEC_OBJ_TYPE_RSA_PRIVATE_KEY,
                PRIVATE_KEY_FILE, strlen(PRIVATE_KEY_FILE), srvKeyPem,
                srvKeyPemLen, SLNETIF_ID_1);

    But only two of them are used with the function SlNetSock_secAttribSet: ROOT_CA_CERT_FILE is not loaded.

        secAttribHdl = SlNetSock_secAttribCreate();
        /*status |= SlNetSock_secAttribSet(secAttribHdl,
                SLNETSOCK_SEC_ATTRIB_PEER_ROOT_CA, ROOT_CA_CERT_FILE,
                sizeof(ROOT_CA_CERT_FILE));*/
        status |= SlNetSock_secAttribSet(secAttribHdl,
                SLNETSOCK_SEC_ATTRIB_PRIVATE_KEY, PRIVATE_KEY_FILE,
                sizeof(PRIVATE_KEY_FILE));
        /* Setting up a chain (root set first) */
        /*  status |= SlNetSock_secAttribSet(secAttribHdl,
                SLNETSOCK_SEC_ATTRIB_LOCAL_CERT, ROOT_CA_CERT_FILE,
                sizeof(ROOT_CA_CERT_FILE));*/
        status |= SlNetSock_secAttribSet(secAttribHdl,
                SLNETSOCK_SEC_ATTRIB_LOCAL_CERT, TRUSTED_CERT_FILE,
                sizeof(TRUSTED_CERT_FILE));

    Because ROOT_CA_CERT_FILE is not used it can be deleted and the program still runs.

    Kind regards,
    Roman

  • 0 in reply to Roman Jordan
    TI__Intellectual 1590 points

    Hi Roman,

    You are correct that you need to remove the -1 from strlen(PRIVATE_KEY_FILE)-1. The loadSecObj() function was recently modified to be more strict about the arguments it accepts. The third argument is supposed to be the length of the second argument. With strlen(PRIVATE_KEY_FILE)-1 it would fail this check. 

    I've contacted the team responsible for this example and they should be getting back to me soon with an update on when this will be fixed. 

    You are also correct that the ROOT_CA_CERT_FILE is optional. This is part TLS spec as defined in RFC 5246. It is included in the code just as an example. 

    Regards,

    Dalton

  • 0 in reply to Dalton Verhagen
    Expert 1780 points

    Hi Dalton,

    thanks for your quick answer.

    According to the ROOT_CA_CERT_FILE it will be helpful if you make a notice in the source file or in the readme.md.
    It would be also helpful to show which file content fills the three arrays.

    Best regards,
    Roman