I want to send data via mqtt protocol. I enable APP_MQTT_SECURE_ENABLE in AppController.h and provide my certificate in the Custom file. My certificate is using Signature Algorithm ecdsa-with-SHA256. When I run the programm on my xdk, the error that occurs is MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG in mbedtls_oid_get_sig_alg function. Any suggestion ?
the ECDSA with SHA256 algorithm is supported by mbedTLS for signature verification.
However in the XDK Workbench, the ECDSA algorithms have been disabled in SDK/XDK110/Common/Config/MbedTLS/MbedtlsConfigTLS.h, concretely the #define MBEDTLS_ECDSA_C.
Here, you can retry with a certificate signed using the RSA algorithms or enable ECDSA in the configuration and re-building mbedtls with this support.
I have also defined the MBEDTLS_ECP_C as required. Now I came to a problem which I cannot debug. For the public key info, the pk_alg is recognised as MBEDTLS_PK_ECKEY, but it cannot idendify the used curve. The used certificate uses elliptic curve P-384 defined by NIST for public key encription. Does this firmware have the supported algorithm for this curve type? If yes, what can possibly be the problem that occurs defined as MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE.
From the mbedTLS website core-features list (https://tls.mbed.org/core-features ) I see that the 384-Bit NIST curve is listed as SECP384R1. This corresponds to the MBEDTLS_ECP_DP_SECP384R1_ENABLED definition that needs to be enabled
Elliptic Curve Cryptography (ECC)mbed TLS has its own big number library for its ECC implementation and supports both Elliptic Curve Ephemeral Diffie Hellman (ECDHE) and ECDSA. The following standardized curves / ECP groups are supported:
- secp192r1 - 192-bits NIST curve
- secp224r1 - 224-bits NIST curve
- secp256r1 - 256-bits NIST curve
- secp384r1 - 384-bits NIST curve
- secp521r1 - 521-bits NIST curve
- secp192k1 - 192-bits Koblitz curve
- secp224k1 - 224-bits Koblitz curve
- secp256k1 - 256-bits Koblitz curve
- bp256r1 - 256-bits Brainpool curve
- bp384r1 - 384-bits Brainpool curve
- bp512r1 - 512-bits Brainpool curve
- m255 - 255-bits Curve25519
Please go to to the mbedTLS support to see if your desired curve is supported by the library. I would recommend to try out the library support using the command-line tools for non-embedded (PC) environment.