using wolfSSL library on MPC5748G board with out HSM firmware flashed

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

using wolfSSL library on MPC5748G board with out HSM firmware flashed

跳至解决方案
3,645 次查看
akhileshkg
Contributor II

on MPC5748G device I intend to use wolfSSL library for  TLS communication with server. I understand that wolfSSL library is integrated with S32 SDK.

while cheing the secure socket demo code I find that for wolfSSL library Initialization MPC5748G must be flashed with HSM firmware!

HSM Firmware is not shared public and needs NDA signing.

My question: Can't I use wolfSSL without having HSM firmware flashed on device? I mean instead of HSM I am ok to use software crypto that wolfSSL should be providing!

This is something priority for us!! Would appreciate your prompt response and help here.

Thanks,

Akhilesh

标签 (1)
标记 (3)
0 项奖励
回复
1 解答
3,548 次查看
akhileshkg
Contributor II

Thanks Lucas. we almost could do the wolfSSL initialization with the MACRO defines. we are trying to use other CA signed certificates with this. will open a new thread in case we face some challenge in certificate usage with that.

for now we can close this thread.

Thanks for your support!

在原帖中查看解决方案

0 项奖励
回复
7 回复数
3,549 次查看
akhileshkg
Contributor II

Thanks Lucas. we almost could do the wolfSSL initialization with the MACRO defines. we are trying to use other CA signed certificates with this. will open a new thread in case we face some challenge in certificate usage with that.

for now we can close this thread.

Thanks for your support!

0 项奖励
回复
1,961 次查看
tejo2one
Contributor III

Hello Akhilesh,

I am currently using MPC5748G, I want to enable SSL without HSM, are you able to enable SSL with sw library ?

Thanks & best regards,

Tejo

 

0 项奖励
回复
3,637 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi Akhilesh,

if you take closer look at source files, you will see that HSM functions are used in aes.c and random.c files.

wolfSSL supports software AES implementation, so this can be easily changed using defines:

lukaszadrapa_0-1613476063728.png

Generation of random numbers is then similar, custom method is also supported.

If you can accept this, no HSM features are needed.

Regards,

Lukas

 

0 项奖励
回复
3,622 次查看
jiteshkamboj
Contributor I

Is there any way that the Socket demo examples works without HSM FW and use wolfssl for this? 

I have removed the symbol "NXP_SDK" and Added OPENSSL_EXTRA. Is it correct way to use wolfssl crypto instead of HSM?

0 项奖励
回复
3,613 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Not sure where you changed that exactly. Because the NXP_SDK is used also in other files and there are more dependencies, I would change only mentioned aes.c and random.c files.

Regards,

Lukas

 

0 项奖励
回复
3,597 次查看
jiteshkamboj
Contributor I

Thanks, Lucas, I have now created the project freshly and removed all previous changes.

I have added only 2 Preprocessor:

       1. USE_TEST_GENSEED (It is for the Random number generation using wc_GenerateSeed) and

        2. NO_ASN_TIME.

          I have commented the statement: #define NXP_SDK_HSM 

I got logs which I have added in attachments.

What I can understand from the logs that the Certificate is expired.

Can you support how can really get the desired output mention in the lwip_mpc5748g.dox file

0 项奖励
回复
3,575 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

I quickly discussed this with our SW team and since you do not need HSM accelerations, it should use WolfSSL (or any other SSL) implementations as it is from the www.wolfssl.com. Also from there it should get newer CA certificates. But this is out of our scope, unfortunately we can't help here.

Regards,

Lukas

 

0 项奖励
回复