Adding STSAFE with mbedTLS client for IoT work

KBhon.1 · ‎2023-01-03

Hello all,

I am working on creating a secure IoT device. The device is configured as MQTT client which will be sending sensors data to the sever over MQTT. I have implemented encryption using mbed-TLS where I confirm server's authenticity with server CA certificate.

Now I wish to implement 2 way authentication where I need to send client certificate to the server for verifying client authenticity by server.

I see it is possible with the help of mbed-TLS but we need to provide private key of the client to mbedTLS which is not possible since we cannot extract private key out of STSAFE.

I have been searching on this from almost a month and I have not been able to find a direct example on implementing this.

Also, the STSAFE examples are not clear about implementing this with mbedTLS.

I am in search of something that links stsfae with mbedTLS for client authentication.

Can anyone please guide me how to implement this?

Benjamin BARATTE · ‎2023-02-06

Hi @Community member ,

I have looked at the test.mosquitto.org and it seems that it does not support the ECDSA, therefore, it's not possible to use the STSAFE-A with this configuration, could you try to setup a local instance of mosquitto server to check if you can use ECDSA. I have seen that the Mosquitto project rely on OpenSSL and should be able to support ECDSA.

In the log, you can see that you send the client hello with the following ciphersuites :

TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256

TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256

TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256

TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256

TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256

TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256

TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256

TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256

why looks good to me.

and you didn't receive server hello, therefore the server didn't match any client ciphersuite and reject the connection, the error -0x7280 is MBEDTLS_ERR_SSL_CONN_EOF, which means that the server has closed the connection.

Regarding the CSR generation, the error -0x5100 is MBEDTLS_ERR_MD_BAD_INPUT_DATA

I see that the ciphersuite does not include SHA384, did you activate the #define MBEDTLS_SHA512_C ? this is mandatory to use SHA384.

Best Regards,

Benjamin

KBhon.1 · ‎2023-02-06

Hi @Benjamin BARATTE

Thanks for sharing your inputs.

I will setup local mosquitto and will try to run it again and will share the results soon.

Apart from this, to enable client authentication, I saw we need to use mbedtls_ssl_conf_own_cert, which needs private key and client certificate, but we can't read and provide private key from stsafe.

Thus I am confused about this and can't think of using it.

Is there another way of doing client authentication?

Thank You.

Best,

Krunal

Benjamin BARATTE · ‎2023-02-06

Hi @Community member ,

in the code provided, you have the clientcert and clientkey structure that are initialized as follow :

// Init MbedTLS structure for client certificate and client key

mbedtls_x509_crt_init( &clientcert );

mbedtls_pk_init( &clientkey );

// Code example to fetch a certificate from STSAFE-A memory (warning if certificate size is more than 507 bytes, the read operation shall be split)

printf("Get Stsafe Certificate : ");

fflush(stdout);

ret = STSAFE_GetCertificate(&stsafe_handle, 0, cert_buf, &cert_buf_size);

if (ret < 0)

{

printf( " failed " ENDL " ! read certificate from STSAFE-A memory -0x%x"ENDL ENDL, -ret );

goto exit;

}

printf("OK" ENDL);

// parse the STSAFE-A certificate for mbedtls_x509_crt structure

// this certificate shall be used in SSL context in mbedtls_ssl_conf_own_cert()

printf("Parse Stsafe Certificate in mbedtls_x509_crt structure : ");

fflush(stdout);

ret = mbedtls_x509_crt_parse( &clientcert, (const unsigned char *)cert_buf, cert_buf_size);

if( ret < 0 )

{

printf( " failed"ENDL" ! mbedtls_x509_crt_parse returned -0x%x" ENDL ENDL, -ret );

goto exit;

}

printf( " OK" ENDL );

// clientkey structure hack to redirect all signature operation to STSAFE-A signature feature

// the STSAFE_GetMbedPK_ECDSAInfo() will use the STSAFE-A private key slot 0 by default

printf("Set STSAFE-A pk_info structure to client key : ");

fflush(stdout);

clientkey.pk_info = STSAFE_GetMbedPK_ECDSAInfo(&stsafe_handle);

printf("OK"ENDL);

after this init, both clientcert and clientkey are ready to use in the mbedtls_ssl_conf_own_cert() function.

The principle here is update the clientkey structure to redirect the sign feature to STSAFE-A wrapper in that case, you don't need to load an actual private key, only init the structure and the ssl context will be able to use it.

Best Regards,

Benjamin

KBhon.1 · ‎2023-02-06

@Benjamin BARATTE ,

Wow, That's great!

I never knew you would make it so simple. 🙂

I will test this out with my local mosquitto server soon and will update you here.

Thank You very much for your help so far!

I really appreciate it.

Have a good day!

Regards,

Krunal

Benjamin BARATTE · ‎2023-02-06

Hi @Community member ,

if Mosquitto does not support ECDSA, you can make a test with openssl server with the following command :

/usr/bin/openssl s_server -accept 4433 -Verify 1 -cert server.crt -key server.key -CAfile client_CA.crt -www -msg -verify_return_error -debug -cipher ECDHE-ECDSA-AES256-GCM-SHA384

you will need to generate a server.key and server.crt and make sure you have the CA that sign your server certificate in your device.

For le client_CA.crt, if you use the STSAFE-A certificate then you can use the following CA certificate

Best Regards,

Benjamin

KBhon.1 · ‎2023-02-06

@Benjamin BARATTE ,

Yes, I have mosquitto's CA certificate to test mosquitto server, and I had been planning to use ST CA certificate provided on the website as client's CA certificate.

Thanks for providing additional info. I will surely try openssl if I can't make mosquitto run.

Will update you here soon.

Thanks 🙂

Regards,

Krunal

KBhon.1 · ‎2023-02-19

@Benjamin BARATTE

Sorry for the delay in replying as I wanted to make sure I tried everything.

Also, Setting up local mosquitto server with SAN (Subject Alternative name) took time.

Finally I managed to setup local mosquitto server. I tested it using MQTT Explorer by providing client, server, CA certificates and it worked. This worked with/without client authentication using MQTT Explorer.

Later I tried running our code (first without client authentication), but it failed to connect.

Next, I tried using your provided command for openSSL, this time also without client authentication, but i am still getting that "no shred ciphers"

Here I have attached errors debug for device and openssl.

From this it seems I am still doing something wrong with the mbedtls configuration.

I have following enabled for medtls_config.h file:

MBEDTLS_ECP_DP_SECP256R1_ENABLED,

MBEDTLS_ECP_DP_SECP384R1_ENABLED

MBEDTLS_ECP_DP_BP256R1_ENABLED,

MBEDTLS_ECP_DP_BP384R1_ENABLED

MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED,

MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED

MBEDTLS_ECDSA_C

MBEDTLS_ECDH_C

disabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED

Benjamin BARATTE · ‎2023-02-27

Hi @Community member ,

I see that the server use AES256 and SHA384 while the client does not propose such ciphersuite.

Did you activate the MBEDTLS_SHA384_C and MBEDTLS_SHA512_C ?

I see in the MbedTLS definition that the AES256 is only linked to the SHA384.

Therefore if you activate the SHA384 (and SHA512) you should provide more ciphersuite and be able to match server preferences.

Best Regards,

Benjamin

KBhon.1 · ‎2023-03-04

Hello @Benjamin BARATTE ,

Thanks for your support so far.

You were right, I had missed to enable MBEDTLS_SHA384_C.

Apart from this, my keys for broker and CA were generated using RSA which I later found that I need to generate ECP certificates and keys for broker and CA too.

I am working on it and have gone further.

Now I generated broker, CA, and client certificates using SECP384R1 and used cipher ECDHE-ECDSA-AES256-GCM-SHA384. So when I provided my generated client certificate, the handshake worked.

Next I incorporated your provided example and tried to use slot0 of stsafe. I noticed slot0 uses NIST-256 so I regenerated my broker, CA certificates using NIST-256 (prime256v1).

The handshake went much further and mbedtls_ecdh_gen_public() function was called from your provided file. However it fails when StSafeA_GenerateKeyPair() is called within this function. Following is the line that returns error "STSAFEA_INVALID_PARAMETER".

status_code = StSafeA_GenerateKeyPair(g_se_handle, STSAFEA_KEY_SLOT_EPHEMERAL, 0x0001U, 1U, 0, curve, size, &reppoint, &x, &y, STSAFEA_MAC_NONE);

On further debugging, I saw it fails at "IS_STSAFEA_HANDLER_VALID_PTR(pStSafeA)" within StSafeA_GenerateKeyPair(), however, I could see in debug it has a valid pointer.

Apart from these points, I am also facing problem with GenerateCSRFromPublicKey() function in your provided example file. Initially it was working, but now it returns error ret = -1. this is the code line that fails.

ret = GenerateCSRFromPublicKey(&stsafe_handle, COUNTRY_STR, ORG_STR, CN_KEY_1, KEY_1_CURVE, X, Y, display_buffer, &csr_size);

I feel now I am very close to getting STSAFE working with mbedTLS, thanks to your support. Waiting for your reply.

Thank You.

KBhon.1 · ‎2023-03-06

Hi @Benjamin BARATTE

Here I have attached my mbedTLS config file.

Please share your thoughts.