Topic: WolfMQTT PIC32

Two years ago I started testing WolfMQTT with PIC32 and you helped me solve the problem I was having connecting to a broker. The project was delayed and has now started up again.
I am using the wolfmqtt_demo example to communicate with different brokers using PIC32MZ. Without TLS it works fine but adding TLS 1.3 only works with the test.mosquitto.org broker.
The next step is to use it with an Amazon broker (AWS) that we use to communicate, I have the certificates and the private key in PEM format but it does not communicate successfully:

MQTT pub/sub demo has been started
>MQTT Task - Client Start: QoS 0, broker a3oellqp4u1niz-ats.iot.us-east-2.amazonaws.com
MQTT Task - run message: WMQTT_NETGlue_Initialize, res: 0
MQTT Task - run message: MqttClient_Init, res: 0
MQTT Task - run message: MqttClient_SetDisconnectCallback, res: 0
WMQTT_NET_GLUE Info: Started Connect
WMQTT_NET_GLUE Info: Connected Successfully
WMQTT_NET_GLUE Info: Start TLS
WMQTT_NET_GLUE Error: TLS Negotiation, occurred in func: WMQTT_NETGlue_Connect, line: 328,
MQTT Task - run message: MqttClient_NetConnect, res: -6
MQTT Task - MQTT cycle Failed in state: 6, error code: -6!

I don't know if I'm using correctly the certificates and the key in the project (I modify them in the erts_test.h file, I converted them to DER format). Would you know how to help me with this issue? Microchip support has not responded to me.

Share

Re: WolfMQTT PIC32

Hello Juan,

Thanks for reaching out. Great to hear that you are back to using wolfMQTT.

Could you enable DEBUG_WOLFSSL in the configuration and add a line to the application to call to wolfSSL_Debugging_ON(). This will enable debug logging for wolfSSL.

Thanks,
Eric @ wolfSSL Support

Re: WolfMQTT PIC32

Thanks for response, tomorrow I will test

Share

Re: WolfMQTT PIC32

embhorn wrote:

Hello Juan,

Thanks for reaching out. Great to hear that you are back to using wolfMQTT.

Could you enable DEBUG_WOLFSSL in the configuration and add a line to the application to call to wolfSSL_Debugging_ON(). This will enable debug logging for wolfSSL.

Thanks,
Eric @ wolfSSL Support

Hi, Eric.

I already enabled DEBUG_WOLFSSL and added wolfSSL_Debugging_ON() (it is already added in the mqtt_socket() file when enabling DEBUG_WOLFSSL) but I don't see it showing me messages, where should they be seen?

Also, in the directory \wolfMQTT\examples\aws there is an example for the communication I need but I don't know how to include it in my project or how to do it in Harmony v3, is there a guide on how to build the project?

Share

Re: WolfMQTT PIC32

Yeah, I am going back and trying to enable debug logging in my MCH project, and it is not trivial!

For using the AWS example, it is somewhat complicated by the `NET_GLUE` layer that MCH added. But you should be able to figure out which parts are different by reviewing the example:
https://github.com/wolfSSL/wolfMQTT/blo … s/awsiot.c

You should pay attention to the `mqtt_aws_tls_cb` and the `mqtt_aws_tls_verify_cb`. Also note that the topic must include the AWS device name (see `AWSIOT_PUBLISH_TOPIC` in the example).

Re: WolfMQTT PIC32

Okay, I've enabled debug by using a custom logging function:

In Harmony3\net_apps_pic32mz\apps\wolfmqtt_demo\firmware\src\config\pic32mz_ef_sk\net_pres\pres\net_pres_enc_glue.c

Add the debug header:

#include "system/debug/sys_debug.h"

Add just before NET_PRES_EncProviderStreamClientInit0

void NET_PRES_LogFunc(const int logLevel, const char *const logMessage)
{
    /* Skip WANT_READ and WANT_WRITE errors */
    if ((strstr("-323", logMessage) == NULL) && 
        (strstr("-327", logMessage) == NULL))
        SYS_CONSOLE_PRINT("%s\r\n", logMessage);
}

Then in NET_PRES_EncProviderStreamClientInit0, add the section #ifdef DEBUG_WOLFSSL

bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject)
{
    const uint8_t * caCertsPtr;
    int32_t caCertsLen;
    if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0))
    {
        return false;
    }
    if (_net_pres_wolfsslUsers == 0)
    {
    #ifdef DEBUG_WOLFSSL
        wolfSSL_SetLoggingCb(NET_PRES_LogFunc);
        wolfSSL_Debugging_ON();
    #endif
        wolfSSL_Init();
        _net_pres_wolfsslUsers++;
    }

Lastly, add "#define DEBUG_WOLFSSL" to configuration.h

Re: WolfMQTT PIC32

Its not perfect (maybe the debug log buffer gets overrun), but here is a sample of using the demo to connect to a local mosquitto broker with TLS enabled:

TCP/IP Stack: Initialization Started
TCP/IP Stack: Initialization Ended - success
    Interface PIC32INT on host MCHPBOARD_E     - NBNS disabled
Created the mqtt Commands
PIC32INT IP Address: 0.0.0.0
PIC32INT IP Address: 192.168.86.38
mqtt start
MQTT pub/sub demo has been started
>MQTT Task - Client Start: QoS 0, broker 192.168.86.43
MQTT Task - run message: WMQTT_NETGlue_Initialize, res: 0
MQTT Task - run message: MqttClient_Init, res: 0
MQTT Task - run message: MqttClient_SetDisconnectCallback, res: 0
WMQTT_NET_GLUE Info: Started Connect
WMQTT_NET_GLUE Info: Connected Successfully
WMQTT_NET_GLUE Info: Start TLS
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering SSLv23_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
        Unsupported name type, skipping
wolfSSL Enter   FreeingwolfSSL SignaturwolfSSL wolfSSL ShrinkinreceivedprocessiwolfSSL wolfSSL wolfSSL wolfSSL Leaving RsaVerify, return 51
wolfSSL Leaving DoServerKeyExchange, return 0
Shrinking input buffer

wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakwolfSSL Leaving EccMakeKey, return 0
wolfSSL Entering EccSharedSecret
wolfSSL Leaving EccSharedSecret, return 0
growing output buffer

Shrinking output buffer

wolfSSL Leaving SendClientKeyExchange, return 0
sent: client key exchange
connect state: FIRST_REPLY_SECOND
connect state: FIRST_REPLY_THIRD
growing output buffer

Shrinking output buffer

sent: change cipher spec
connect state: FIRST_REPLY_FOURTH
wolfSSL Entering SendFinished
growing output buffer

wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
Shrinking output buffer

wolfSSL Leaving SendFinished, return 0
sent: finished
connect state: FINISHED_DONE
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolwolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL receivedwolfSSL wolfSSL wolfSSL wolfSSL wolfSSL MQTT TaswolfSSL wolfSSL wolfSSL wolfSSL MQTT Tas

Re: WolfMQTT PIC32

Thanks, Eric. I will test it.

Share

Re: WolfMQTT PIC32

Hi, Eric. I got this:


TCP/IP Stack: Initialization Started
TCP/IP Stack: Initialization Ended - success
    Interface PIC32INT on host MCHPBOARD_E     - NBNS disabled
Created the mqtt Commands
PIC32INT IP Address: 0.0.0.0
PIC32INT IP Address: 172.16.1.124
mqtt start
MQTT pub/sub demo has been started
>MQTT Task - Client Start: QoS 0, broker a3oellqp4u1niz-ats.iot.us-east-2.amazonaws.com
MQTT Task - run message: WMQTT_NETGlue_Initialize, res: 0
MQTT Task - run message: MqttClient_Init, res: 0
MQTT Task - run message: MqttClient_SetDisconnectCallback, res: 0
WMQTT_NET_GLUE Info: Started Connect
WMQTT_NET_GLUE Info: Connected Successfully
WMQTT_NET_GLUE Info: Start TLS
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering SSLv23_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_verify
wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return -140
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
WMQTT_NET_GLUE Error: TLS Negotiation, occurred in func: WMQTT_NETGlue_Connect, line: 328,
MQTT Task - run message: MqttClient_NetConnect, res: -6
wolfSSL Entering SSL_free
wolfSSL Leaving SSL_free, return 0
MQTT Task - MQTT cycle Failed in state: 6, error code: -6!


Comparing results, the problem starts at wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return -140. I have the CA file, the client's certificate and the client's private key.
With a MQTT client it connects to the Amazon broker. I add the values from the files to certs_test.h doing the conversion to DER format and got the above results.
I must be doing something wrong, could it be the conversion or misplacing the values in certs_test.h? Or do I need any additional information? I will keeping testing.


Thanks for your attention.

Share

Re: WolfMQTT PIC32

Hi Juan,

"-140" corresponds to a ASN_PARSE_E error. So yes, probably something is wrong in the cert buffer you are passing in.

Here is a perl script we use that coverts DER to a C array:
https://github.com/wolfSSL/wolfssl/blob … /dertoc.pl

You could also try getting the wolfMQTT AWS example to work first, then try modifying for your specific project:
https://github.com/wolfSSL/wolfMQTT/blo … s/awsiot.c

The example uses PEM certs / keys in buffers.

Thanks,