Wolfssl [version 0.0.2; documenting]

It soundsvery close… wondering how your memory pool is sizing up?

Keep up the great work. I should have my prototype fabrications done later today, and I’ll be in a position to play with some new code configurations next week.

I believe we have a working prototype. I fixed the time bug. I was using HAL_Timer_Milliseconds() which is seconds since boot up instead of Time.now() which is the Unix epoch we are looking for.

The working prototype wolfiot.cpp and library is committed to github. EDIT: now on the master.

I have a bunch of debugging turned on. If we scale back on the number of routines being accessed, we can reduce the firmware size.

This is very raw access. The webduino library has nice routines for processing the response from the server capturing the header and data. That will take some additional effort to adapt. The void WebServer::processConnection(uint8_t sock) routine is specific for a server, but should be reusable for a client connection.

This is enough for me to proceed back up the rabbit hole I climbed down. I will be happy to take code updates via github pull requests.

Prototype firmware size:

   text	   data	    bss	    dec	    hex	filename
 124652	    216	   2308	 127176	  1f0c8	../../wolfiot/target/wolfiot.elf

Transcript of working Publish event.

From the Photon:

Serial connection closed.  Attempting to reconnect...
Serial monitor opened successfully:
Synced with time server.
Time now: 1500669750
Processing CA PEM file
Adding a CA
Got Cert Header
Got Algo ID
Getting Cert Name
ltime: 1500669750
timeDiff: 0
tim_p: 1500669750
ltime: 1500669750
timeDiff: 0
tim_p: 1500669750
Getting Cert Name
Got Subject Name
Got Key
Parsed Past Key
	Parsed new CA
	Freeing Parsed CA
	Freeing der CA
		OK Freeing der CA
   Processed a CA
Processed at least one valid CA. Other stuff OK
Checking cert signature type
Got Cert Header
Got Algo ID
Getting Cert Name
ltime: 1500669750
timeDiff: 0
tim_p: 1500669750
ltime: 1500669750
timeDiff: 0
tim_p: 1500669750
Getting Cert Name
Got Subject Name
Got Key
Not ECDSA cert signature
Connected to data.iot.us-west-2.amazonaws.com
SSL version is TLSv1.2
Header size: 194
handshake not complete, trying to finish
Growing output buffer
Shrinking output buffer
connect state: CLIENT_HELLO_SENT
Growing input buffer
received record layer msg
processing server hello
More messages in record
received record layer msg
processing certificate
Loading peer's cert chain
	Put another cert into chain
	Put another cert into chain
Got Cert Header
Got Algo ID
Getting Cert Name
ltime: 1500669750
timeDiff: 0
tim_p: 1500669750
ltime: 1500669750
timeDiff: 0
tim_p: 1500669750
Getting Cert Name
Got Subject Name
Got Key
Parsed Past Key
Certificate Policy extension not supported yet.
	Unsupported name type, skipping
About to verify certificate signature
Adding CA from chain
Adding a CA
Got Cert Header
Got Algo ID
Getting Cert Name
ltime: 1500669750
timeDiff: 0
tim_p: 1500669750
ltime: 1500669750
timeDiff: 0
tim_p: 1500669750
Getting Cert Name
Got Subject Name
Got Key
Parsed Past Key
Certificate Policy extension not supported yet.
	Unsupported name type, skipping
	Parsed new CA
	Freeing Parsed CA
	Freeing der CA
		OK Freeing der CA
Verifying Peer's cert
Got Cert Header
Got Algo ID
Getting Cert Name
ltime: 1500669750
timeDiff: 0
tim_p: 1500669750
ltime: 1500669750
timeDiff: 0
tim_p: 1500669750
Getting Cert Name
Got Subject Name
Got Key
Parsed Past Key
Certificate Policy extension not supported yet.
About to verify certificate signature
Verified Peer's cert
More messages in record
received record layer msg
processing server key exchange
More messages in record
received record layer msg
processing certificate request
More messages in record
received record layer msg
processing server hello done
connect state: HELLO_AGAIN
connect state: HELLO_AGAIN_REPLY
connect state: FIRST_REPLY_DONE
Growing output buffer
Shrinking output buffer
sent: certificate
connect state: FIRST_REPLY_FIRST
Growing output buffer
Shrinking output buffer
sent: client key exchange
connect state: FIRST_REPLY_SECOND
Growing output buffer
Trying RSA client cert
Shrinking output buffer
sent: certificate verify
connect state: FIRST_REPLY_THIRD
Growing output buffer
Shrinking output buffer
sent: change cipher spec
connect state: FIRST_REPLY_FOURTH
Growing output buffer
Shrinking output buffer
sent: finished
connect state: FINISHED_DONE
received record layer msg
got CHANGE CIPHER SPEC
received record layer msg
processing finished
connect state: SECOND_REPLY_DONE
Shrinking input buffer
Growing output buffer
Shrinking output buffer
Bytes written: 194
Data payload size: 89
Growing output buffer
Shrinking output buffer
Bytes written: 89
SSL cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
client.available():128
Server response: Growing input buffer
received record layer msg
got app DATA
HTTP/1.1 200 OK
content-type: application/json
content-length: 65
date: Fri, 21 Jul 2017 20:42:33 GMT
x-amzn-RequestId: 2fa3dc62-fadb-2e5f-5529-b5a2f8d51fb2
connection: Keep-Alive

{"message":"OK","traceId":"2fa3dc62-fadb-2e5f-552Shrinking input buffer
9-b5a2f8d51fb2"}
CTX ref count not 0 yet, no free
Connection complete.

Log messages as seen on AWS CloudWatch, this matches the traceId above.

2017-07-21 20:42:33.258 TRACEID:2fa3dc62-fadb-2e5f-5529-b5a2f8d51fb2 PRINCIPALID:752497542b54204429ce0b82a081b83e8603828e44689547ab73ceef3a0a83f7 [INFO] EVENT:PublishEvent TOPICNAME:temperatureA MESSAGE:PublishIn Status: SUCCESS
2017-07-21 20:42:33.258 TRACEID:2fa3dc62-fadb-2e5f-5529-b5a2f8d51fb2 PRINCIPALID:752497542b54204429ce0b82a081b83e8603828e44689547ab73ceef3a0a83f7 [INFO] EVENT:PublishEvent MESSAGE: IpAddress: 216.115.122.132 SourcePort: 44531

A python mqtt client (subscriber) to AWS IoT to show that the message was seen as sent from the Photon.

$ ./runBasic.sh 
2017-07-21 12:41:57,851 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Paho MQTT Client init.
2017-07-21 12:41:57,852 - AWSIoTPythonSDK.core.protocol.mqttCore - INFO - ClientID: basicPubSub
2017-07-21 12:41:57,853 - AWSIoTPythonSDK.core.protocol.mqttCore - INFO - Protocol: MQTTv3.1.1
2017-07-21 12:41:57,853 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Register Paho MQTT Client callbacks.
2017-07-21 12:41:57,854 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - mqttCore init.
2017-07-21 12:41:57,855 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Load CAFile from: VeriSignAmazonG5.pem
2017-07-21 12:41:57,855 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Load Key from: 752497542b-private.pem.key
2017-07-21 12:41:57,856 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Load Cert from: 752497542b-certificate.pem.crt
2017-07-21 12:41:57,857 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Custom setting for backoff timing: baseReconnectTime = 1 sec
2017-07-21 12:41:57,857 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Custom setting for backoff timing: maximumReconnectTime = 32 sec
2017-07-21 12:41:57,858 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Custom setting for backoff timing: minimumConnectTime = 20 sec
2017-07-21 12:41:57,859 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Custom setting for publish queueing: queueSize = -1
2017-07-21 12:41:57,860 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Custom setting for publish queueing: dropBehavior = Drop Newest
2017-07-21 12:41:57,860 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Custom setting for draining interval: 0.5 sec
2017-07-21 12:41:57,861 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Set maximum connect/disconnect timeout to be 10 second.
2017-07-21 12:41:57,862 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Set maximum MQTT operation timeout to be 5 second
2017-07-21 12:41:57,863 - AWSIoTPythonSDK.core.protocol.mqttCore - INFO - Connection type: TLSv1.2 Mutual Authentication
2017-07-21 12:41:58,423 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Connect result code 0
2017-07-21 12:41:58,424 - AWSIoTPythonSDK.core.protocol.mqttCore - INFO - Connected to AWS IoT.
2017-07-21 12:41:58,425 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Connect time consumption: 130.0ms.
2017-07-21 12:41:58,426 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Started a subscribe request 1
2017-07-21 12:41:58,535 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - _resubscribeCount: -1
2017-07-21 12:41:58,537 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Subscribe request 1 sent.
2017-07-21 12:41:58,543 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Subscribe request 1 succeeded. Time consumption: 110.0ms.
2017-07-21 12:41:58,543 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Recover subscribe context for the next request: subscribeSent: False
2017-07-21 12:42:18,424 - AWSIoTPythonSDK.core.util.progressiveBackoffCore - DEBUG - stableConnection: Resetting the backoff time to: 1 sec.
Received a new message: 
{ "serialNumber": "G030JF053216F1BS", "clickType": "SINGLE", "batteryVoltage": "2000mV" }
from topic: 
temperatureA
--------------
4 Likes

Give that man a cigar!
This is fantastic news @cermak.
Thank you for providing your chops for this port!

I will be able to vet this next week and report my experiences here.

The wolfssl library is published as 0.0.1 in the cloud. It should be available via the Build IDE, Particle DEV, Particle CLI and the local toolchain. If there is a kind soul working with po-utils to test things out, that would be great.

I’ve confirmed that I can generate a firmware binary using the Particle CLI and Particle DEV. I think I’ve beaten the cloud into submission, er wait, maybe that is the other way around? :head_bandage: @ScruffR provided a lot of help and suggestions. I can see a bit better how the pieces are fitting together – hopefully, I can make some better swipes that the documentation. (I think the big gotcha for me was I was attempting to compile the project and the library in the same tree. This goes against the guidance in the forum/documentation that things need to be largely in independent units.)

Once you set the library.properties with the project with whatever version of wolfiot.ino or wolfiot.cpp with certificates in that file or the external Private.h, you should get a binary. If you do the full song and dance out at the AWS IoT, you should see the data payload (you have to do the song and dance first to get the certs to put in your code…). I will see about a short tutorial that outlines the steps to setup a thingy.

In Particle DEV, this is the basic project with the reference to the library. Hit compile and away you go. It is magic. @jimini - hope this works! Give it a whirl and let me know and we can see about one additional example snippet for Lambda.

Do not try and look at the library on the Build IDE (web). All my attempts have met with failure. There is just too much code! Download it using the Particle CLI, make needed changes and use a private copy to perform the build. If you can use the library as is, you do not need to create a private copy.

The base size of the firmware when compiled is 90k. There is not a lot of extra room.

I am no where near done with the documentation for this. This is just announcing that the library is a bit more accessible now for testing.

3 Likes

I had to verify an electron was working. The sample code does work, though we should add a code snippet to be sure it is connected to the internet. Be aware, this will eat up your data plan with all the TLS/cert negotiation.

Electron:

Compiling code for electron

Including:
    src/Private.h
    src/wolfiot.cpp
    project.properties
attempting to compile firmware 
downloading binary from: /v1/binaries/597cf304248a1c30a58fad5c
saving to: electron_firmware_1501360879598.bin
Memory use: 
   text	   data	    bss	    dec	    hex	filename
  90172	    216	   2360	  92748	  16a4c	/workspace/target/workspace.elf

Serial monitor opened successfully:
Synced with time server.
Trying to reconnect...
Trying to reconnect...
Trying to reconnect...
Connected to data.iot.us-west-2.amazonaws.com
SSL version is TLSv1.2
Header size: 194
Bytes written: 194
Data payload size: 89
Bytes written: 89
SSL cipher suite: NONE
client.available():128
Server response:
HTTP/1.1 200 OK
content-type: application/json
content-length: 65
date: Sat, 29 Jul 2017 20:45:15 GMT
x-amzn-RequestId: 34779326-f4e1-3ece-dffc-2aebf5a9f72a
connection: Keep-Alive

{"message":"OK","traceId":"34779326-f4e1-3ece-dffc-2aebf5a9f72a"}
Connection complete.

I am going to remove the wolfmqtt port from the title of this post. There are several forks/tracks that will happen now that the wolfssl library is operating. I or others will open separate threads.

2 Likes

I couldn’t stand it…

I had to try integrating and building with this … using the wolfssl_client.ino as an example framework, I’ve integrated all the example SSL client specifics into my “test” app, and IT BUILDS! (woot!)

I’ve got some additional message construction work to do with my json POST request content for the API, but in the meantime I wanted to report here that it’s thumbs up so far :+1: @cermak

I’ll get another chance on Monday to finalize payloads and ping against my API endpoint.

@cermak, Just checking in - looks like you’ve done some amazing work!

How did you go with testing over the last few months? Is it good and stable?

I’m using the MQTT-TLS library at the moment, but having issues with it blocking my OTA updates and slowing down the Particle web API calls.

Would greatly welcome giving your library a shot if it is good to go? :slight_smile: