• State TI Thinks Resolved
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 41 subscribers
  • Views 316 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3100: Want to use TLS but not getting how to use certificate

Akhi G
Genius 3410 points
Part Number: CC3100
Other Parts Discussed in Thread: TM4C129ENCPDT, , CC3200

Hi all,

I am using cc3100 with tm4c129encpdt along with ti rtos 2.16.1.14.

I am using FTP right now and want to use ftps client. As far as I know, I have to use TLS and I have gone through the simplelink APIs and got to know how to use tls.

But the point is I am unable to figure it out that how to use root certificate and in which format?

I can not program it in my flash as I do not have serial port open. I want to hardcode my certificate into the program itself but I can not do that because 

Sl_SetSockOpt(sockID, SL_SOL_SOCKET, SL_SO_SECURE_FILES_CA_FILE_NAME, ”rootCA.der”, strlen(“rootCA.der”));

here it needs the filename. Where does this file reside? How to store my server's root certificate? How to use the certificate and in which format?

Thanks,

Akhilesh 

  • 0
    TI__Mastermind 28285 points

    Akhilesh,

    You'll have to create the file on the serial flash, then use that later using the set sock opt. This is done in our AWS plugin for CC3220, so i would look at this for reference.

    http://www.ti.com/tool/SIMPLELINK-SDK-PLUGIN-FOR-AWSIOT

    Also, here is a flash file function from that reference:

    static int flashFile(const char *path, const uint8_t *buffer, uint32_t len)
{
    int32_t ret = -1;
    int32_t fileHandle;

    if (path && buffer) {
        fileHandle = sl_FsOpen((unsigned char *)path,
                SL_FS_CREATE | SL_FS_CREATE_SECURE | SL_FS_CREATE_NOSIGNATURE
                | SL_FS_CREATE_PUBLIC_WRITE | SL_FS_OVERWRITE
                | SL_FS_CREATE_MAX_SIZE(len), NULL);
        if (fileHandle > 0) {
            ret = sl_FsWrite(fileHandle, 0, (unsigned char *)buffer, len);
            sl_FsClose(fileHandle, NULL, NULL, 0);
        }
    }

    return (ret);
}

  • 0 in reply to Vincent Rodriguez
    Genius 3410 points

    Hi Vin,

    I could not find that in the specified examples. Still, I find something similar to this but no of arguments are quite different. I am doing this way-


    int32_t writeCert(uint8_t *data , uint32_t len) {  // data is an array where I have hardcoded the root certificate(.pem format).
    int32_t fHdl, file;
    uint8_t fileName[] = "cert.pem";
    int32_t status;
    uint32_t offset;
    uint32_t writeLen;

    fHdl = sl_FsOpen(fileName, FS_MODE_OPEN_READ |
    FS_MODE_OPEN_WRITE | FS_MODE_OPEN_CREATE(len,0), NULL, &file);
    if( fHdl >= 0 ) {
    offset = 0;
    do {
    if (len < CERT_WRITE_CHUNK_SIZE) {
    writeLen = len;
    } else {
    writeLen = CERT_WRITE_CHUNK_SIZE;
    }
    status = sl_FsWrite(fHdl, offset, &(data[offset]), writeLen);
    offset += writeLen; }while (offset < len);
    sl_FsClose(fHdl,0,0,0);
    return 0;
    } else {
    return -1;
    }
    }

    It returns 0 which means success. 

    But, when I do this-

    sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECURE_FILES_CA_FILE_NAME, "cert.pem", strlen("cert.pem"));

    It is throwing this error-

    DMA error code: 1
    DMA error!!
    Error:assertion failure: A_badContext: bad calling context. See GateMutex API doc for details.
    xdc.runtime.Error.raise: terminating execution

    I am using cc3100. Are the API calls different for cc3100 and cc3200?  Also, I am using sdk1.2

    Thanks

  • 0 in reply to Akhi G
    Genius 3410 points

     

     

    Since no one is answering so I have to tag. 

  • 0 in reply to Akhi G
    TI__Mastermind 28285 points

    Akhilesh,

    Please allow us some time to get back to you due to the holidays. I will try to recreate this next next week and come back to you.

    Best Regards,

    Vince

  • 0 in reply to Vincent Rodriguez
    TI__Mastermind 28285 points

    Akhilesh,

    Try putting it a directory by naming the file "Cert/cert.der". Also please verify that during the creation of the file that you aren't getting errors. Lastly, verify the string for the cert is correct and doesn't contain any invalid characters.

    Best Regards,

    Vince

  • 0 in reply to Vincent Rodriguez
    Genius 3410 points

    Vince, I did not know that. Sorry.

    I am able to write the cert in .der format and it is successful. I am getting error -370 while connecting to the server. I tried so many things. But this error comes every time when I use tls otherwise working fine.

    Actually there is one more post where I asked how to use tls for both simple link and NDK. I have tried using httpcli library also. Plain ftp is working but when I create tls, I am getting -370.

    Same error I am getting when I am using simple link api call to create tls.

    Let me know as I am stuck here.

    Thanks

  • 0 in reply to Akhi G
    TI__Mastermind 38980 points

    Hi Akhilesh,

    We will continue support on your other thread for this topic: https://e2e.ti.com/support/wireless-connectivity/wifi/f/968/t/868177

    Best regards,

    Sarah

  • 0 in reply to Sarah P
    Genius 3410 points

    Yeah sure. Thanks