using wolfSSL library on MPC5748G board with out HSM firmware flashed

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

using wolfSSL library on MPC5748G board with out HSM firmware flashed

ソリューションへジャンプ
3,653件の閲覧回数
akhileshkg
Contributor II

on MPC5748G device I intend to use wolfSSL library for  TLS communication with server. I understand that wolfSSL library is integrated with S32 SDK.

while cheing the secure socket demo code I find that for wolfSSL library Initialization MPC5748G must be flashed with HSM firmware!

HSM Firmware is not shared public and needs NDA signing.

My question: Can't I use wolfSSL without having HSM firmware flashed on device? I mean instead of HSM I am ok to use software crypto that wolfSSL should be providing!

This is something priority for us!! Would appreciate your prompt response and help here.

Thanks,

Akhilesh

ラベル(1)
タグ(3)
0 件の賞賛
返信
1 解決策
3,556件の閲覧回数
akhileshkg
Contributor II

Thanks Lucas. we almost could do the wolfSSL initialization with the MACRO defines. we are trying to use other CA signed certificates with this. will open a new thread in case we face some challenge in certificate usage with that.

for now we can close this thread.

Thanks for your support!

元の投稿で解決策を見る

0 件の賞賛
返信
7 返答(返信)
3,557件の閲覧回数
akhileshkg
Contributor II

Thanks Lucas. we almost could do the wolfSSL initialization with the MACRO defines. we are trying to use other CA signed certificates with this. will open a new thread in case we face some challenge in certificate usage with that.

for now we can close this thread.

Thanks for your support!

0 件の賞賛
返信
1,969件の閲覧回数
tejo2one
Contributor III

Hello Akhilesh,

I am currently using MPC5748G, I want to enable SSL without HSM, are you able to enable SSL with sw library ?

Thanks & best regards,

Tejo

 

0 件の賞賛
返信
3,645件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi Akhilesh,

if you take closer look at source files, you will see that HSM functions are used in aes.c and random.c files.

wolfSSL supports software AES implementation, so this can be easily changed using defines:

lukaszadrapa_0-1613476063728.png

Generation of random numbers is then similar, custom method is also supported.

If you can accept this, no HSM features are needed.

Regards,

Lukas

 

0 件の賞賛
返信
3,630件の閲覧回数
jiteshkamboj
Contributor I

Is there any way that the Socket demo examples works without HSM FW and use wolfssl for this? 

I have removed the symbol "NXP_SDK" and Added OPENSSL_EXTRA. Is it correct way to use wolfssl crypto instead of HSM?

0 件の賞賛
返信
3,621件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Not sure where you changed that exactly. Because the NXP_SDK is used also in other files and there are more dependencies, I would change only mentioned aes.c and random.c files.

Regards,

Lukas

 

0 件の賞賛
返信
3,605件の閲覧回数
jiteshkamboj
Contributor I

Thanks, Lucas, I have now created the project freshly and removed all previous changes.

I have added only 2 Preprocessor:

       1. USE_TEST_GENSEED (It is for the Random number generation using wc_GenerateSeed) and

        2. NO_ASN_TIME.

          I have commented the statement: #define NXP_SDK_HSM 

I got logs which I have added in attachments.

What I can understand from the logs that the Certificate is expired.

Can you support how can really get the desired output mention in the lwip_mpc5748g.dox file

0 件の賞賛
返信
3,583件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

I quickly discussed this with our SW team and since you do not need HSM accelerations, it should use WolfSSL (or any other SSL) implementations as it is from the www.wolfssl.com. Also from there it should get newer CA certificates. But this is out of our scope, unfortunately we can't help here.

Regards,

Lukas

 

0 件の賞賛
返信