FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Request for TLS With MQTT Example for MIMXRT1180-EVK

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Request for TLS With MQTT Example for MIMXRT1180-EVK

2 weeks ago
213 Views
PavanKumarS
Contributor II

Hi,

I am currently working with the MIMXRT1180-EVK and need to implement MQTT over TLS in a bare-metal environment using the LwIP and mbedTLS stack. I have implemented the basic MQTT functionality, But for the TLS part, I noticed that the SDK does not provide an example specifically for MQTT with TLS integration.

I am looking for guidance or an example project that demonstrates how to configure and integrate TLS for secure MQTT communication. If there’s any advice, starting point, or reference that can help with this, it would be greatly appreciated.

Thank you in advance for your support!

Best regards,
Pavan Kumar S.

0 Kudos
Reply
4 Replies

2 weeks ago
155 Views
Harry_Zhang
NXP Employee
NXP Employee

Hi @PavanKumarS 

To securely communicate using MQTT over TLS, you’ll need to:
1. Configure and initialize the LwIP network stack.
2. Set up mbedTLS for secure communication.
3. Modify your existing MQTT client code to use mbedTLS for establishing secure connections.

So i think you can refer to the lwip_httpssrv_mbedTLS_bm_cm33 example.

Harry_Zhang_0-1731926426009.png

This example includes the step 1 and step 2, you just need to modify your existing MQTT client code.

BR

Harry

0 Kudos
Reply

2 weeks ago
132 Views
PavanKumarS
Contributor II
Hi Harry,
Could you kindly clarify what specific changes need to be made in the MQTT client code and what are the functions that has to be modified or added?
0 Kudos
Reply

2 weeks ago
101 Views
Harry_Zhang
NXP Employee
NXP Employee

Hi @PavanKumarS 

1. You can import the lwip_httpssrv_mbedTLS_bm_cm33 example.

Harry_Zhang_0-1732172863821.png

Before line 495, 

Configure and initialize the LwIP network stack.
Set up mbedTLS for secure communication.

NEXT, you only need to complete two steps

Establish a Secure TCP Connection

1. Create a Raw TCP Connection:
Use LwIP to connect to the broker on port 8883 (standard MQTT over TLS port).

struct tcp_pcb *tcp_conn = tcp_new();
tcp_connect(tcp_conn, &broker_ip, MQTT_TLS_PORT, tcp_connected_callback);


2. Wrap the TCP Connection with TLS:
Use mbedtls_ssl_set_bio to bind the LwIP socket to the mbedTLS context:

mbedtls_ssl_set_bio(&ssl, tcp_conn, mbedtls_net_send, mbedtls_net_recv, NULL);


3. Perform the TLS Handshake:

int ret = mbedtls_ssl_handshake(&ssl);
if (ret != 0) {
   printf("TLS handshake failed: -0x%x\n", -ret);
   // Handle error
}

Integrate MQTT with TLS

1. Modify MQTT Client Initialization:
• Pass the mbedTLS ssl context to the MQTT client.
• Replace raw TCP read/write calls with mbedtls_ssl_read and mbedtls_ssl_write.
2. Publish and Subscribe:
• Ensure MQTT publish/subscribe calls are routed through the TLS layer.
3. Handle Broker Disconnects:
• Implement error handling for TLS and MQTT reconnections.

BR

Harry

0 Kudos
Reply

7 hours ago
3 Views
PavanKumarS
Contributor II
Hi @Harry_Zhang,

I'm facing an issue while setting up TLS over MQTT using mbedTLS. Specifically, when I attempt to parse the CA certificate and client private key, I get the following error codes:

1. mbedtls_x509_crt_parse returned -0x2880
2. mbedtls_pk_parse_key returned -15616

Here’s the code I’m using for parsing:

ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *)mbedtls_mosquitto_ca_crt, mbedtls_mosquitto_ca_crt_len);
if(ret != 0) {
PRINTF( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
return -1;
}

ret = mbedtls_pk_parse_key(&client_private_key, (const unsigned char *)client_key, client_key_len, NULL, 0);
if (ret != 0) {
PRINTF(" failed\r\n ! mbedtls_pk_parse_key returned %d\r\n\r\n", ret);
return -1;
}

CA Cert:

const char mbedtls_mosquitto_ca_crt[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL\n"
"BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG\n"
"A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU\n"
"BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv\n"
"by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE\n"
"BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES\n"
"MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp\n"
"dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ\n"
"KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg\n"
"UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW\n"
"Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA\n"
"s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH\n"
"3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo\n"
"E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT\n"
"MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV\n"
"6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL\n"
"BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC\n"
"6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf\n"
"+pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK\n"
"sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839\n"
"LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE\n"
"m/XriWr/Cq4h/JfB7NTsezVslgkBaoU=\n"
"-----END CERTIFICATE-----\n"
;

const size_t mbedtls_mosquitto_ca_crt_len = sizeof(mbedtls_mosquitto_ca_crt);

Client Key:

const char client_key[] =
"-----BEGIN PRIVATE KEY-----\n"
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC2k9rQiTccnvdb\n"
"BblOq+eVjpF6B6SNixLtqUn5JdvA+oQOfDntxn/VRp6iPocnQPzPPcea02D7bo4y\n"
"xk8JeLphNxsVekf7/In9+IKBOZjfEbR8+PMs85yVBZuimgNiBQTLqHZICM4duYpS\n"
"M7NzJo4t8jtaacXTiirZOueL6fMXhZ9JahZRIBskVvgNP53RF5PrvATHtOMFSkGW\n"
"KpoGTXH04a2PBRzkw+6OaQGil/iWHnMYZp5xv8VOEcvSYSZeQPcbTnbJA08OS/nq\n"
"P2dWLlvtf7q34Bs1B0HuJu270MxLdiew/GvhrIMM/FNavRoRJwX72herao0c8hTV\n"
"ao4ez8P7AgMBAAECggEAWw1OjTw5B2WBz1uB6CmT40KH63cfSdWHOY35Da8jMlDd\n"
"BcpPK3UYcFj5KMmNJnbi/Ul+n4h2L74ZXVoHtZ4HOQ89yw7CEnmFqepCz0ZVpj2S\n"
"qNaQk6TkPG9hCAzNzhbZpuVbI558iFdtE4SkJDOgqWpJzlO8rDwWFWKqcdzY9iu9\n"
"nJSVAhS8LSVDhZgDCrj1FAeDDKeWU8AUFxDPRA6St8f5dV/S7+VB72UV/G0MqNQJ\n"
"ay6jWbnNbF21zr9hBsd4s2qrca+ps2p67BVFJHDGv/+7kEHAe2He3YRGYmYxShfh\n"
"+CewG9Dne65BOafkNDXhi2SvWWhDHGD69XHI4np3GQKBgQDpM6YW0o0hA/D6YqLV\n"
"/yj9DrGUMRYug7wXcL1KDzbzEl9MOwMoGZR+N0B1elXTkUmTv9C09231R1L1sT5V\n"
"iJ9msLd/7uuOMQYsyfaYHj7u4kCJTMNvfgB3xiQKK/NdsFOibJnNB9+qadFrqiSe\n"
"oHycTZPPaNFnRiTRjkJTQtA0AwKBgQDIbTtaHBF2HHyHNbKH6EVWh5jaciteZwnZ\n"
"HaVgUCWcUDptWT7ZXqRk40sEJnLhBS+20mU2Q0gsXV3AsRF11Dyl1fQZnVRtJNiw\n"
"azTinVGEayCGDABAefbGFo0U/SVrwK32MdwTgM0RL1P0+owRhoqvOaLS3ep1exiK\n"
"TDERCNx6qQKBgAgLnR5Kc04BSc4Jmx6Q6AQa/qtjKiW+q72PSSiF79pg9uK1Yn1+\n"
"rG3SUCn9Z3qeF5C+XF/x7Vw58rXBQKpIxV8Ql7QVNRE5xcHD0fsbiAZLzfguqsts\n"
"6G05a8LiE0pXK/t9jazSKbhCYFQ7kXnbhZEK6B+OuTK768dDBizDMFWrAoGBAMJm\n"
"IGFARDd5XdePX8Cuq0JIdxu6DRKdglHSjWsjkbdRoboaC/mt8GnihApceKSE8Ui0\n"
"PXMqQ0C0tpCFrlfJKaH4KbEGhrLuQDatZThAOqbjeUJLNZtUMOTlTqYC+17OHm1i\n"
"4wEPttdqPlapBV6iTrWyg5lfoV+dq6nISPcqzx8xAoGARi293eubEGy3zIixmVPH\n"
"XazH4Dlva236fXWbaRhkM916INKE2Y7BJveAb9epOes6+9Lcr/DjgsVc/4mDXvcK\n"
"U083ykGOi7CGbTREJC3uJL8zP3scc8wHfNh9F2nPpdgp5XeM/zsz3h7WizoSQrYM\n"
"U1o8oBFZC/M3NbfHH4RNJfw=\n"
"-----END PRIVATE KEY-----\n"
;

const size_t client_key_len = sizeof(client_key);

am I missing something in the configuration?

0 Kudos
Reply