I am new to mbedtls and LwIP.
I'm trying to use Nuvoton M467 and its BSP m460bsp to implement HTTPS server.
In this BSP, the mbedtls version is 3.1.0 and the LwIP version is STABLE-2.1.2
I've set the following 4 macro value:
LWIP_ALTCP_TLS_MBEDTLS to 1 in altcp_tls_mbedtls_opts.h
HTTPD_ENABLE_HTTPS to 1 in httpd_opts.h
LWIP_ALTCP to 1 in opt.h
LWIP_ALTCP_TLS to 1 in opt.h
In mbedtls_config.h, I've:
#define MBEDTLS_ENTROPY_HARDWARE_ALT
//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
The following are my partial snippet of main.c
#include "lwip/api.h"
#include "lwip/altcp_tls.h"
#include "mbedtls/test/certs.h"
#define USE_DHCP
#ifdef USE_DHCP
#include "lwip/ip4_addr.h"
#include "lwip/dhcp.h"
#include "lwip/prot/dhcp.h"
#include "lwip/autoip.h"
#include "lwip/prot/autoip.h"
#endif
/*-----------------------------------------------------------*/
/*
* Function declaration
*/
static void vTcpTask( void *pvParameters );
int main(void)
{
/* Configure the hardware ready to run the test. */
prvSetupHardware();
BaseType_t xResult;
xTaskCreate( vTcpTask, "TcpTask", 500, NULL, 2, NULL );
vStartPolledQueueTasks( mainQUEUE_POLL_PRIORITY );
vStartSemaphoreTasks( mainSEM_TEST_PRIORITY );
vStartGenericQueueTasks( tskIDLE_PRIORITY );
vStartQueueSetTasks();
printf("[AP code] FreeRTOS is starting ...\n");
/* Start the scheduler. */
vTaskStartScheduler();
/* If all is well, the scheduler will now be running, and the following line
will never be reached. If the following line does execute, then there was
insufficient FreeRTOS heap memory available for the idle and/or timer tasks
to be created. See the memory management section on the FreeRTOS web site
for more details. */
for( ;; );
}
static void vTcpTask( void *pvParameters )
{
ip_addr_t ipaddr;
ip_addr_t netmask;
ip_addr_t gw;
struct altcp_tls_config *conf;
/* To enable LWIP_DHCP 1 in lwipopts.h */
IP4_ADDR(&gw, 0, 0, 0, 0);
IP4_ADDR(&ipaddr, 0, 0, 0, 0);
IP4_ADDR(&netmask, 0, 0, 0, 0);
tcpip_init(NULL, NULL);
netif_add(&netif, &ipaddr, &netmask, &gw, NULL, ethernetif_init, tcpip_input);
netif_set_default(&netif);
netif_set_up(&netif);
printf("\nDHCP starting ...\n");
if(dhcp_start(&netif) == ERR_OK)
{
while(dhcp_supplied_address(&netif) == 0)
{
vTaskDelay(5000);
break;
}
}
else
{
printf("DHCP fail\n");
while(1) {}
}
printf("IP address: %s\n", ip4addr_ntoa(&netif.ip_addr));
printf("Subnet mask: %s\n", ip4addr_ntoa(&netif.netmask));
printf("Default gateway: %s\n", ip4addr_ntoa(&netif.gw));
if((uint32_t)netif.ip_addr.addr == 0)
{
printf("Get IP fail\n");
while(1) {}
}
NVIC_EnableIRQ(CRPT_IRQn);
PRNG_ENABLE_INT(CRPT);
SHA_ENABLE_INT(CRPT);
AES_ENABLE_INT(CRPT);
//mbedtls_test_srv_key is from mbedtls-3.1.0/tests/src/certs.c
//mbedtls_test_srv_crt is from mbedtls-3.1.0/tests/src/certs.c
conf = altcp_tls_create_config_server_privkey_cert((u8_t *) mbedtls_test_srv_key, mbedtls_test_srv_key_len,
NULL, 0, (u8_t *) mbedtls_test_srv_crt, mbedtls_test_srv_crt_len);
LWIP_ASSERT("Failed to create https server config", conf != NULL);
httpd_inits(conf);
http_set_cgi_handlers(CGIs, 1);
vTaskSuspend( NULL );
}
Because mbedtls_hardware_poll() is not implemented in mbedtls, I try to add it in entropy_poll.c shown as follows:
int mbedtls_hardware_poll( void *data, unsigned char *output, size_t len,
size_t *olen )
{
#if 0 //Hardware; RNG has some problem, it will freeze when executing RNG_Open();
((void) data);
/* Initial Random Number Generator */
RNG_Open();
// Use the RNG_EntropyPoll function to generate randomness data
// You can adjust the generated data length as needed
if (RNG_EntropyPoll(output, len) < 0)
{
// If the length of the generated data does not match, an error is returned
//return -1;
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
*olen = len;
return 0;
#endif
#if 0 //software v1
((void) data);
// Use the srand() function to set the seed for random number generation.
// You can choose a different seed value if needed, such as the current time or other random source.
srand(12345); // Set the seed to 12345, you can change it to other values.
// Use the rand() function to generate simulated randomness data
#if 0
for (size_t i = 0; i < len; i++)
{
output[i] = (unsigned char)rand();
}
*olen = len;
#else
*output = (unsigned char)rand();
*olen = 1;
#endif
return 0;
#endif
#if 1 //software v2
uint32_t i = 0;
uint32_t j = 0;
uint32_t round_len = len >> 2;
while(j < round_len)
{
union
{
uint8_t byte[4];
uint32_t number;
} temp;
temp.number = rand();
output[i++] = temp.byte[0];
output[i++] = temp.byte[1];
output[i++] = temp.byte[2];
output[i++] = temp.byte[3];
j++;
}
while(i < len)
{
output[i++] = rand();
}
if(olen)
{
*olen = len;
}
return 0;
#endif
}
The UART console output is the following:
[AP code] FreeRTOS is starting ...
mii:: Reset PHY, PASS.
mii:: 100M FULLDUPLEX
Wait for UDP data ...
DHCP starting ...
IP address: 192.168.0.208
Subnet mask: 255.255.255.0
Default gateway: 192.168.0.1
altcp_tls: TCP_WND is smaller than the RX decryption buffer, connection RX might stall!
mbedtls_ctr_drbg_seed doesn't return failed. However, ping 192.168.0.208 from my PC is failed.
The mbedtls_config.h (more than 3000 lines) I modified: mbedtls_config.h
altcp_tls_mbedtls.c (more than 1000 lines) I modified: altcp_tls_mbedtls.c
After I comment mbedtls_ctr_drbg_seed this part in altcp_tls_mbedtls.c just like the following, I can successfully ping the target from my PC. But I think "Seed the RNG" should be necessary.
#if 0
/* Seed the RNG */
ret = mbedtls_ctr_drbg_seed(&conf->ctr_drbg, mbedtls_entropy_func, &conf->entropy, (const unsigned char *) personalization, strlen( personalization));
if (ret != 0) {
LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ctr_drbg_seed failed: %d\n", ret));
altcp_mbedtls_free_config(conf);
return NULL;
}
#endif
I can't figure out why mbedtls_ctr_drbg_seed() will cause TCP connection failed?
Thanks in advance.
I tried to use mbedtls_debug_set_threshold(4); to set the threshold error level to Verbose.
Debug levels
- 0 No debug
- 1 Error
- 2 State change
- 3 Informational
- 4 Verbose
But can't get more info from UART console output.