- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm using studio 4.1.1. Is there an easy way to add a new field in the DCT to support root certificate downloads similar to what is currently done with the private certificate and the private key?
I tried adding it after the DCT_MISC_SECTION section per the comments in the platform_dct.h file but the dct_write function doesn't even seem to handle the DCT_MISC_SECTION correctly along with any sections after it (bytes_to_copy calculates a negative number in reference to the version info).
Since I'm not using OTA2, I also tried just adding the new field to the platform_dct_security_t struct and adding code to read/write the new field where the other fields are handled.. But that causes other problems.
typedef struct
{
char private_key[ PRIVATE_KEY_SIZE ];
char certificate[ CERTIFICATE_SIZE ];
uint8_t cooee_key [ COOEE_KEY_SIZE ];
char root_cert [ CERTIFICATE_SIZE ]; //added
} platform_dct_security_t;
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just added a field in platform_dct_misc_config_t structure like this.
typedef struct
{
uint32_t wifi_flags; /* Wi-Fi Misc Flags */
char root_cert[ CERTIFICATE_SIZE ];
} platform_dct_misc_config_t;
I modified to the snip.dct_read_write application like this and I was able to add the certificate
/* Print original mesh value */
WPRINT_APP_INFO( ( "Original\r\n" ) );
WPRINT_APP_INFO( ( "wifi flags: 0x%lx\r\n", misc_dct->wifi_flags ) );
WPRINT_APP_INFO( ( "certificate: %s\r\n", misc_dct->root_cert ) );
WPRINT_APP_INFO( ( " mesh: %ld\r\n", misc_dct->wifi_flags & WIFI_FLAG_MESH ) );
/* Modify mesh value */
misc_dct->wifi_flags ^= WIFI_FLAG_MESH;
strcpy((misc_dct->root_cert),httpbin_root_ca_certificate);
/* write it out */
wiced_dct_write( (const void*) misc_dct, DCT_MISC_SECTION, 0, sizeof(*misc_dct) );
/* unlock & lock again (re-reads dct) */
WPRINT_APP_INFO( ( "Changed wifi_flag WIFI_FLAG_MESH \r\n" ) );
wiced_dct_read_unlock( misc_dct, WICED_TRUE );
wiced_dct_read_lock( (void**) &misc_dct, WICED_TRUE, DCT_MISC_SECTION, 0, sizeof( *misc_dct ) );
/* Print changed mesh value */
WPRINT_APP_INFO( ( "wifi flags: 0x%lx\r\n", misc_dct->wifi_flags ) );
WPRINT_APP_INFO( ( "certificate: %s\r\n", misc_dct->root_cert ) );
WPRINT_APP_INFO( ( "mesh: %ld\r\n", misc_dct->wifi_flags & WIFI_FLAG_MESH ) );
/* restore original */
/* Modify mesh value */
misc_dct->wifi_flags ^= WIFI_FLAG_MESH;
/* write it out */
wiced_dct_write( (const void*) misc_dct, DCT_MISC_SECTION, 0, sizeof(*misc_dct) );
/* unlock & lock again (re-reads dct) */
wiced_dct_read_unlock( misc_dct, WICED_TRUE );
wiced_dct_read_lock( (void**) &misc_dct, WICED_TRUE, DCT_MISC_SECTION, 0, sizeof( *misc_dct ) );
/* Print restored mesh value */
WPRINT_APP_INFO( ( "Restored wifi_flag WIFI_FLAG_MESH \r\n" ) );
WPRINT_APP_INFO( ( "wifi flags: 0x%lx\r\n", misc_dct->wifi_flags ) );
WPRINT_APP_INFO( ( " mesh: %ld\r\n", misc_dct->wifi_flags & WIFI_FLAG_MESH ) );
/* release the read lock */
wiced_dct_read_unlock( misc_dct, WICED_TRUE );
Could you please tell what are the things that you are doing differently and what is the error log corresponding to that?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you accounted for the fact that LARGEST_DCT_SUB_STRUCTURE_SIZE is 4k and that CERTIFICATE_SIZE is also 4k? This makes the data stored in the misc section larger than the buffer used to move it around.
Also the comment in platform_dct_data_t says to add it AFTER the misc section not in it /* If you need to add anything to the DCT, add it here, in a new structure */
Furthermore, as mentioned in my original post, the dct write function /* Calculate how many bytes need to be written after the end of the header to the start of the dct_version structure */ and the misc section is after the version not before so we get a negative bytes_to_copy.
I'm just trying to get the root cert downloadable without breaking everything. I would prefer to just add it to the security_credentials structure.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I’m not sure where the problem actually is, I’m just pointing to things that are causing problems when trying to add in or below the misc section.
When I add the root_cert storage location to this structure the AWS connection will no longer work even when I don’t load anything into this location and just use the compiled in default root cert. The connection is closed by the server . Removing this storage location AWS works fine. When I use this storage location for an MQTT secure connection to a MQTT broker the connection works fine.
typedef struct
{
char private_key[ PRIVATE_KEY_SIZE ];
char certificate[ CERTIFICATE_SIZE ];
uint8_t cooee_key ;
char root_cert ; //added
} platform_dct_security_t;
So basically, what causes the AWS connection to fail by just increasing the memory used for the DCT storage?
What error log are you referring to?
The only thing I know is that I get an ERROR 4 when I try to open the connection to AWS caused by a ERROR_QUEUE_INIT from a wiced_tcp_start_tls error
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So far anything I do to put any storage into the dct causes the compiled in default root certificate to give me an error 5035 when I try to connect to AWS.
RESULT_ENUM( prefix, UNTRUSTED_CERTIFICATE, 5035 ), /**< */ \
Note: I am not using the storage location to hold anything at this point. I take my working code, add a buffer that will be used to eventually store a root cert. And AWS gives me this error. I remove the buffer and AWS is happy. If I add all the stuff I need to actually use the buffer and download certs and keys for a MQTT server, this also works.
On another entirely different front if I take my working AWS code and try to use the new AWSCA1 root cert with a "-ats" added to my endpoint I also get a 5035 error. No extra buffer, new cert is compiled in replacing the old Symantec cert.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
got it working. Had to reduce the CERTIFICATE_SIZE from 4K to 3K.