using wolfSSL library on MPC5748G board with out HSM firmware flashed

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

using wolfSSL library on MPC5748G board with out HSM firmware flashed

Jump to solution
2,623 Views
akhileshkg
Contributor II

on MPC5748G device I intend to use wolfSSL library for  TLS communication with server. I understand that wolfSSL library is integrated with S32 SDK.

while cheing the secure socket demo code I find that for wolfSSL library Initialization MPC5748G must be flashed with HSM firmware!

HSM Firmware is not shared public and needs NDA signing.

My question: Can't I use wolfSSL without having HSM firmware flashed on device? I mean instead of HSM I am ok to use software crypto that wolfSSL should be providing!

This is something priority for us!! Would appreciate your prompt response and help here.

Thanks,

Akhilesh

Labels (1)
Tags (3)
0 Kudos
1 Solution
2,526 Views
akhileshkg
Contributor II

Thanks Lucas. we almost could do the wolfSSL initialization with the MACRO defines. we are trying to use other CA signed certificates with this. will open a new thread in case we face some challenge in certificate usage with that.

for now we can close this thread.

Thanks for your support!

View solution in original post

0 Kudos
7 Replies
2,527 Views
akhileshkg
Contributor II

Thanks Lucas. we almost could do the wolfSSL initialization with the MACRO defines. we are trying to use other CA signed certificates with this. will open a new thread in case we face some challenge in certificate usage with that.

for now we can close this thread.

Thanks for your support!

0 Kudos
939 Views
tejo2one
Contributor III

Hello Akhilesh,

I am currently using MPC5748G, I want to enable SSL without HSM, are you able to enable SSL with sw library ?

Thanks & best regards,

Tejo

 

0 Kudos
2,615 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi Akhilesh,

if you take closer look at source files, you will see that HSM functions are used in aes.c and random.c files.

wolfSSL supports software AES implementation, so this can be easily changed using defines:

lukaszadrapa_0-1613476063728.png

Generation of random numbers is then similar, custom method is also supported.

If you can accept this, no HSM features are needed.

Regards,

Lukas

 

0 Kudos
2,600 Views
jiteshkamboj
Contributor I

Is there any way that the Socket demo examples works without HSM FW and use wolfssl for this? 

I have removed the symbol "NXP_SDK" and Added OPENSSL_EXTRA. Is it correct way to use wolfssl crypto instead of HSM?

0 Kudos
2,591 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Not sure where you changed that exactly. Because the NXP_SDK is used also in other files and there are more dependencies, I would change only mentioned aes.c and random.c files.

Regards,

Lukas

 

0 Kudos
2,575 Views
jiteshkamboj
Contributor I

Thanks, Lucas, I have now created the project freshly and removed all previous changes.

I have added only 2 Preprocessor:

       1. USE_TEST_GENSEED (It is for the Random number generation using wc_GenerateSeed) and

        2. NO_ASN_TIME.

          I have commented the statement: #define NXP_SDK_HSM 

I got logs which I have added in attachments.

What I can understand from the logs that the Certificate is expired.

Can you support how can really get the desired output mention in the lwip_mpc5748g.dox file

0 Kudos
2,553 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

I quickly discussed this with our SW team and since you do not need HSM accelerations, it should use WolfSSL (or any other SSL) implementations as it is from the www.wolfssl.com. Also from there it should get newer CA certificates. But this is out of our scope, unfortunately we can't help here.

Regards,

Lukas

 

0 Kudos