• State Resolved
  • Locked Locked
  • Replies 8 replies
  • Subscribers 31 subscribers
  • Views 655 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

MCU-PLUS-SDK-AM263X: Lwip HTTPS Server Example

Eitan Halpern
Prodigy 80 points
Part Number: MCU-PLUS-SDK-AM263X

In the example documentation found here: https://software-dl.ti.com/mcu-plus-sdk/esd/AM263X/09_00_00_35/exports/docs/api_guide_am263x/EXAMPLES_CPSW_LWIP_HTTPS.html

It states "Convert .pem and .key files to byte array. This will produce a header file with the byte array of certificate/key and the size of the array."

I'd like some clarification on exactly what to do here. I don't see a ".key" file and the line that follows only shows conversion of the "server-csr.pem" file. 

Exactly which files should the hex dumps in server_certificates.h be replaced with? The note mentions "certificate.pem" and "key.pem" but I don't see those files.

Thank you. 

  • 0
    TI__Mastermind 44314 points

    Hi  

    We have recived the request and started looking into the issue we will get back to you early next week.

  • 0
    TI__Genius 16272 points

    Hi Eitan,

    Apologies for the documentation not being clear. I'll update the documentation to be self-explanatory.

    In case you are generating your own certificates and self-signing them, on following the steps mentioned in the same documentation link, you will generate the following files.

    You need to convert the server-prk.pem (server key) and server-cer.pem (server certificate) to hex and replace the same in server_certificates.h file.

    Let me know if you face any problems.

    Regards,
    Shaunak

  • 0 in reply to Shaunak Deshpande
    Prodigy 80 points

    Thank you for the clarification.  I tried those steps and am now getting the error below. I'm using OpenSSL 1.1.1w.

    [Cortex_R5_0] ==========================
       CPSW HTTPS TCP     
==========================
EnetAppUtils_reduceCoreMacAllocation: Reduced Mac Address Allocation for CoreId:0 From 4 To 2 
EnetPhy_bindDriver: PHY 3: OUI:080028 Model:0f Ver:01 <-> 'dp83869' : OK

PHY 3 is alive
PHY 12 is alive
Starting lwIP, local interface IP is dhcp-enabled
[LWIPIF_LWIP] NETIF INIT SUCCESS
Host MAC address-0 : 34:08:e1:80:81:c7

Enet IF UP Event. Local interface IP:0.0.0.0
[LWIPIF_LWIP] Enet has been started successfully
Waiting for network UP ...
Waiting for network UP ...
Cpsw_handleLinkUp: Port 1: Link up: 1-Gbps Full-Duplex

MAC Port 1: link up
Network Link UP Event
Waiting for network UP ...
Enet IF UP Event. Local interface IP:192.168.0.7
Network is UP ...
Failed to create TLS confighttpd_init: altcp_tls_new failedASSERT: 7.22528s: C:/ti/mcu_plus_sdk_am263x_09_00_00_35/examples/networking/lwip/cpsw_lwip_https/httpd.c:httpd_inits:1387: 0 failed !!!

  • 0 in reply to Eitan Halpern
    TI__Genius 16272 points

    Hi Eltan Halpern,

    The httpd_inits() function seems to be returning a NULL protocol control block for TLS. There could be various potential factors causing this issue such as Insufficient memory to allocate a new PCB, Callback functions not being configured correctly. 

    Will it be possible for you to share your project as a ZIP file? It would be easier and quicker to debug the issue. 

    Regards,
    Shaunak

  • 0 in reply to Shaunak Deshpande
    Prodigy 80 points

    The project I'm using is mcu_plus_sdk_am263x_09_00_00_35\examples\networking\lwip\cpsw_lwip_https with only server_certificates.h modified (my version is attached). 

    Thank you. 




     server_certificates.h

  • 0 in reply to Eitan Halpern
    TI__Genius 16272 points

    Hi Eitan, I'll try out the shared file and get back to you with an update or fix before the end of the week

    Regards,
    Shaunak

  • +1 in reply to Shaunak Deshpande
    TI__Genius 16272 points

    Hi Eitan,

    I seem to have root-caused it to the certificate format. MbedTLS seems to expect the certificates in DER format instead of PEM. The documentation misses out on some steps to convert the certificates from PEM format to DER format before converting them to the hex array. Apologies for the documentation not being spot-on.

    I'll update the official documentation, but to get you unblocked, I will also share the steps below:

    1. Generate unencrypted 2048-bits RSA private key for the certificate authority (CA)

    openssl genrsa -out ca-prk.pem 2048

    2. Generate certificate signing request (CSR)

    openssl req -new -sha256 -key ca-prk.pem -out ca-csr.pem -subj "/C={country}/ST={state}/L={locality}/O={organization} CA"

    3. Self-sign the CSR and to generate a certificate for the CA

    openssl x509 -req -signkey ca-prk.pem -in ca-csr.pem -out ca-cer.pem -days 3650

    4. Generate unencrypted 2048-bits RSA private key for the server (CA)

    openssl genrsa -out server-prk.pem 2048

    5. Generate CSR for the server

    openssl req -new -sha256 -key server-prk.pem -out server-csr.pem -subj "/C={country}/ST={state}/L={locality}/O={organization}/CN={common name, ex. 127.0.0.1}"Code

    6. View the server CSR and verify the contents

    openssl req -in server-csr.pem -noout -text

    7.  Sign the server CSR

    openssl x509 -req -sha256 -in server-csr.pem -CA ca-cer.pem -CAkey ca-prk.pem -CAcreateserial -out server-cer.pem -days 365

    Follow the steps below to convert certificates from PEM to DER format.

    For certificate:

    openssl x509 -outform der -in ca-cer.pem -out certificate.der

    For keys:

    openssl rsa -outform der -in ca-prk.pem -out keys.der

    Now, use the hex dumps created above in your server_certificates.h and it should work. I tried generating new certificates on my end and it worked.

    Regards,
    Shaunak

  • 0 in reply to Shaunak Deshpande
    Prodigy 80 points

    This works! Thank you!