Skip to main content
J
jishnu1234
Graduate
September 18, 2024
Solved

TLSv1.3 in STM32H563 using NetXSecure

  • September 18, 2024
  • 2 replies
  • 3377 views

Hi

I'm trying to setup TLSv1.3 using STM32H63 Nucleo board. I followed the steps in https://github.com/eclipse-threadx/rtos-docs/blob/main/rtos-docs/netx-duo/netx-duo-secure-tls/chapter3.md to enable TLSv1.3 in STM32CubeMX. But all I get from the OpenSSL server is:

 

 

ssl.SSLError: [SSL: NO_SUITABLE_SIGNATURE_ALGORITHM] no suitable signature algorithm (_ssl.c:1006)

 

 

How do I solve this? I checked with the debugger and I can see that this code gets hit

 

 

#if (NX_SECURE_TLS_TLS_1_3_ENABLED)
 if(tls_session->nx_secure_tls_1_3)
 {
 /* Send supported TLS versions extensions (for TLS 1.3). */
 status = _nx_secure_tls_send_clienthello_supported_versions_extension(tls_session, packet_buffer, &length, &extension_length, available_size);
 if(status != NX_SUCCESS)
 {
 return(status);
 }

 

 

Using wireshark I can see that clienthello from the client

 

 

Frame 243: 250 bytes on wire (2000 bits), 250 bytes captured (2000 bits) on interface \Device\NPF_{0B831098-E396-4CE0-B06D-0E743D48CD98}, id 0
 Section number: 1
 Interface id: 0 (\Device\NPF_{0B831098-E396-4CE0-B06D-0E743D48CD98})
 Interface name: \Device\NPF_{0B831098-E396-4CE0-B06D-0E743D48CD98}
 Interface description: Ethernet 2
 Encapsulation type: Ethernet (1)
 Arrival Time: Sep 18, 2024 16:19:29.214045000 W. Europe Daylight Time
 UTC Arrival Time: Sep 18, 2024 14:19:29.214045000 UTC
 Epoch Arrival Time: 1726669169.214045000
 [Time shift for this packet: 0.000000000 seconds]
 [Time delta from previous captured frame: 0.311093000 seconds]
 [Time delta from previous displayed frame: 19.498310000 seconds]
 [Time since reference or first frame: 57.311405000 seconds]
 Frame Number: 243
 Frame Length: 250 bytes (2000 bits)
 Capture Length: 250 bytes (2000 bits)
 [Frame is marked: False]
 [Frame is ignored: False]
 [Protocols in frame: eth:ethertype:ip:tcp:tls]
 [Coloring Rule Name: TCP]
 [Coloring Rule String: tcp]
Ethernet II, Src: STMicroelect_00:00:00 (00:80:e1:00:00:00), Dst: LuxsharePrec_b9:e4:e6 (60:6d:3c:b9:e4:e6)
 Destination: LuxsharePrec_b9:e4:e6 (60:6d:3c:b9:e4:e6)
 Address: LuxsharePrec_b9:e4:e6 (60:6d:3c:b9:e4:e6)
 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
 Source: STMicroelect_00:00:00 (00:80:e1:00:00:00)
 Address: STMicroelect_00:00:00 (00:80:e1:00:00:00)
 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
 Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.5, Dst: 192.168.1.10
 0100 .... = Version: 4
 .... 0101 = Header Length: 20 bytes (5)
 Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
 0000 00.. = Differentiated Services Codepoint: Default (0)
 .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
 Total Length: 236
 Identification: 0x0003 (3)
 000. .... = Flags: 0x0
 0... .... = Reserved bit: Not set
 .0.. .... = Don't fragment: Not set
 ..0. .... = More fragments: Not set
 ...0 0000 0000 0000 = Fragment Offset: 0
 Time to Live: 128
 Protocol: TCP (6)
 Header Checksum: 0xb6a9 [validation disabled]
 [Header checksum status: Unverified]
 Source Address: 192.168.1.5
 Destination Address: 192.168.1.10
Transmission Control Protocol, Src Port: 62509, Dst Port: 6000, Seq: 1, Ack: 1, Len: 196
 Source Port: 62509
 Destination Port: 6000
 [Stream index: 1]
 [Conversation completeness: Complete, WITH_DATA (31)]
 ..0. .... = RST: Absent
 ...1 .... = FIN: Present
 .... 1... = Data: Present
 .... .1.. = ACK: Present
 .... ..1. = SYN-ACK: Present
 .... ...1 = SYN: Present
 [Completeness Flags: ·FDASS]
 [TCP Segment Len: 196]
 Sequence Number: 1 (relative sequence number)
 Sequence Number (raw): 3489658439
 [Next Sequence Number: 197 (relative sequence number)]
 Acknowledgment Number: 1 (relative ack number)
 Acknowledgment number (raw): 3945295425
 0101 .... = Header Length: 20 bytes (5)
 Flags: 0x018 (PSH, ACK)
 000. .... .... = Reserved: Not set
 ...0 .... .... = Accurate ECN: Not set
 .... 0... .... = Congestion Window Reduced: Not set
 .... .0.. .... = ECN-Echo: Not set
 .... ..0. .... = Urgent: Not set
 .... ...1 .... = Acknowledgment: Set
 .... .... 1... = Push: Set
 .... .... .0.. = Reset: Not set
 .... .... ..0. = Syn: Not set
 .... .... ...0 = Fin: Not set
 [TCP Flags: ·······AP···]
 Window: 8192
 [Calculated window size: 8192]
 [Window size scaling factor: -2 (no window scaling used)]
 Checksum: 0xb067 [unverified]
 [Checksum Status: Unverified]
 Urgent Pointer: 0
 [Timestamps]
 [Time since first frame in this TCP stream: 0.451453000 seconds]
 [Time since previous frame in this TCP stream: 0.450463000 seconds]
 [SEQ/ACK analysis]
 [iRTT: 0.000990000 seconds]
 [Bytes in flight: 196]
 [Bytes sent since last PSH flag: 196]
 TCP payload (196 bytes)
Transport Layer Security
 TLSv1.2 Record Layer: Handshake Protocol: Client Hello
 Content Type: Handshake (22)
 Version: TLS 1.2 (0x0303)
 Length: 191
 Handshake Protocol: Client Hello
 Handshake Type: Client Hello (1)
 Length: 187
 Version: TLS 1.2 (0x0303)
 Random: 000000005905b56d8d7d157d43eddf717b97cb45bebba36e904b983a16976d66
 GMT Unix Time: Jan 1, 1970 01:00:00.000000000 W. Europe Standard Time
 Random Bytes: 5905b56d8d7d157d43eddf717b97cb45bebba36e904b983a16976d66
 Session ID Length: 0
 Cipher Suites Length: 24
 Cipher Suites (12 suites)
 Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
 Cipher Suite: TLS_AES_128_CCM_SHA256 (0x1304)
 Cipher Suite: TLS_AES_128_CCM_8_SHA256 (0x1305)
 Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
 Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
 Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
 Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
 Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
 Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
 Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
 Cipher Suite: TLS_PSK_WITH_AES_128_CBC_SHA256 (0x00ae)
 Cipher Suite: TLS_PSK_WITH_AES_128_CCM_8 (0xc0a8)
 Compression Methods Length: 1
 Compression Methods (1 method)
 Compression Method: null (0)
 Extensions Length: 122
 Extension: supported_groups (len=8)
 Type: supported_groups (10)
 Length: 8
 Supported Groups List Length: 6
 Supported Groups (3 groups)
 Supported Group: secp256r1 (0x0017)
 Supported Group: secp384r1 (0x0018)
 Supported Group: secp521r1 (0x0019)
 Extension: ec_point_formats (len=2)
 Type: ec_point_formats (11)
 Length: 2
 EC point formats Length: 1
 Elliptic curves point formats (1)
 EC point format: uncompressed (0)
 Extension: supported_versions (len=5) TLS 1.3, TLS 1.2
 Type: supported_versions (43)
 Length: 5
 Supported Versions length: 4
 Supported Version: TLS 1.3 (0x0304)
 Supported Version: TLS 1.2 (0x0303)
 Extension: key_share (len=71) secp256r1
 Type: key_share (51)
 Length: 71
 Key Share extension
 Client Key Share Length: 69
 Key Share Entry: Group: secp256r1, Key Exchange length: 65
 Group: secp256r1 (23)
 Key Exchange Length: 65
 Key Exchange: 0429c78232b89a29e36d68aa3b422b7847e7b85b95fb955f3b2eb30b321d87e595520b4cb05c57baedd8b42b16bc1ed8240f27d3149448feba1f8979ba47051fe5
 Extension: signature_algorithms (len=16)
 Type: signature_algorithms (13)
 Length: 16
 Signature Hash Algorithms Length: 14
 Signature Hash Algorithms (7 algorithms)
 Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
 Signature Hash Algorithm Hash: SHA256 (4)
 Signature Hash Algorithm Signature: ECDSA (3)
 Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
 Signature Hash Algorithm Hash: SHA384 (5)
 Signature Hash Algorithm Signature: ECDSA (3)
 Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
 Signature Hash Algorithm Hash: SHA512 (6)
 Signature Hash Algorithm Signature: ECDSA (3)
 Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
 Signature Hash Algorithm Hash: SHA256 (4)
 Signature Hash Algorithm Signature: RSA (1)
 Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
 Signature Hash Algorithm Hash: SHA384 (5)
 Signature Hash Algorithm Signature: RSA (1)
 Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
 Signature Hash Algorithm Hash: SHA512 (6)
 Signature Hash Algorithm Signature: RSA (1)
 Signature Algorithm: SHA224 ECDSA (0x0303)
 Signature Hash Algorithm Hash: SHA224 (3)
 Signature Hash Algorithm Signature: ECDSA (3)
 [JA4: t13i120500_300ad538f728_2ddaf29219d6]
 [JA4_r: t13i120500_003c,003d,009c,00ae,1301,1304,1305,c023,c027,c02b,c02f,c0a8_000a,000b,000d,002b,0033_0403,0503,0603,0401,0501,0601,0303]
 [JA3 Fullstring: 771,4865-4868-4869-49195-49199-49187-49191-156-61-60-174-49320,10-11-43-51-13,23-24-25,0]
 [JA3: 0fe05bb12fd3c7ca77de173a4deb6eae]

 

 

which results in a handshake failure

 

Ethernet II, Src: LuxsharePrec_b9:e4:e6 (60:6d:3c:b9:e4:e6), Dst: STMicroelect_00:00:00 (00:80:e1:00:00:00)
 Destination: STMicroelect_00:00:00 (00:80:e1:00:00:00)
 Address: STMicroelect_00:00:00 (00:80:e1:00:00:00)
 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
 Source: LuxsharePrec_b9:e4:e6 (60:6d:3c:b9:e4:e6)
 Address: LuxsharePrec_b9:e4:e6 (60:6d:3c:b9:e4:e6)
 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
 Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.10, Dst: 192.168.1.5
 0100 .... = Version: 4
 .... 0101 = Header Length: 20 bytes (5)
 Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
 0000 00.. = Differentiated Services Codepoint: Default (0)
 .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
 Total Length: 47
 Identification: 0xdb69 (56169)
 010. .... = Flags: 0x2, Don't fragment
 0... .... = Reserved bit: Not set
 .1.. .... = Don't fragment: Set
 ..0. .... = More fragments: Not set
 ...0 0000 0000 0000 = Fragment Offset: 0
 Time to Live: 128
 Protocol: TCP (6)
 Header Checksum: 0x0000 [validation disabled]
 [Header checksum status: Unverified]
 Source Address: 192.168.1.10
 Destination Address: 192.168.1.5
Transmission Control Protocol, Src Port: 6000, Dst Port: 62509, Seq: 1, Ack: 197, Len: 7
 Source Port: 6000
 Destination Port: 62509
 [Stream index: 1]
 [Conversation completeness: Complete, WITH_DATA (31)]
 ..0. .... = RST: Absent
 ...1 .... = FIN: Present
 .... 1... = Data: Present
 .... .1.. = ACK: Present
 .... ..1. = SYN-ACK: Present
 .... ...1 = SYN: Present
 [Completeness Flags: ·FDASS]
 [TCP Segment Len: 7]
 Sequence Number: 1 (relative sequence number)
 Sequence Number (raw): 3945295425
 [Next Sequence Number: 8 (relative sequence number)]
 Acknowledgment Number: 197 (relative ack number)
 Acknowledgment number (raw): 3489658635
 0101 .... = Header Length: 20 bytes (5)
 Flags: 0x018 (PSH, ACK)
 000. .... .... = Reserved: Not set
 ...0 .... .... = Accurate ECN: Not set
 .... 0... .... = Congestion Window Reduced: Not set
 .... .0.. .... = ECN-Echo: Not set
 .... ..0. .... = Urgent: Not set
 .... ...1 .... = Acknowledgment: Set
 .... .... 1... = Push: Set
 .... .... .0.. = Reset: Not set
 .... .... ..0. = Syn: Not set
 .... .... ...0 = Fin: Not set
 [TCP Flags: ·······AP···]
 Window: 64044
 [Calculated window size: 64044]
 [Window size scaling factor: -2 (no window scaling used)]
 Checksum: 0x8381 [unverified]
 [Checksum Status: Unverified]
 Urgent Pointer: 0
 [Timestamps]
 [Time since first frame in this TCP stream: 0.451832000 seconds]
 [Time since previous frame in this TCP stream: 0.000379000 seconds]
 [SEQ/ACK analysis]
 [This is an ACK to the segment in frame: 243]
 [The RTT to ACK the segment was: 0.000379000 seconds]
 [iRTT: 0.000990000 seconds]
 [Bytes in flight: 7]
 [Bytes sent since last PSH flag: 7]
 TCP payload (7 bytes)
Transport Layer Security
 TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
 Content Type: Alert (21)
 Version: TLS 1.2 (0x0303)
 Length: 2
 Alert Message
 Level: Fatal (2)
 Description: Handshake Failure (40)

Am I missing some extra configuration? Any tips would be helpful 

    This topic has been closed for replies.
    Best answer by Guillaume K

    Not sure...

    Comparing with example of MQTT client which uses TLS in Projects\STM32H573I-DK\Applications\NetXDuo\Nx_MQTT_Client I didn't see this call in your code:

     /* allocate space for the certificate coming in from the remote host */
 ret = nx_secure_tls_remote_certificate_allocate(TLS_session_ptr, certificate_ptr, 
 tls_packet_buffer, sizeof(tls_packet_buffer));
 if (ret != TX_SUCCESS)
 {
 Error_Handler();
 }

     

    2 replies

    G
    Guillaume K
    ST Employee
    September 19, 2024

    What is the certificate used by the server ? Is it an RSA certificate ?

    If you are using "openssl s_server" command for your test, please show what is the command line parameters.

    The way the RSA signature is done has changed between TLS 1.2 and TLS 1.3.

    With TLS 1.2 RSA signature were handled with rsa_pkcs1_sha256  signature algorithm (-sigalgs parameter with openssl s_server).

    With TLS 1.3, RSA signature can be handled with rsa_pss_rsae_sha256, rsa_pss_pss_sha256 signature algorithms.

    Currently, Netxduo doesn't support RSA certificates in TLS 1.3 with the new signatures.

    There is an issue in eclipse-threadx netxduo github: Supporting RSA signed client certificates with TLS 1.3 · Issue #161 · eclipse-threadx/netxduo · GitHub

    It is for client certificates, but same problem applies with server certificates.

    You can try to test with "openssl s_server" using an non-RSA certificate (e.g. ECDSA) to see if it works ( with options -cert, -key).

    There is no RSA problem with TLS 1.2.

    Note: there could be other problems with netxduo and TLS 1.3 with cipher suites not supported (SHA384) but it is not in the traces you showed.

     

      J
      jishnu1234Author
      Graduate
      September 19, 2024

      Hi

      Thanks for the reply, I made some progress by using ECDSA certs. Now I get a different error after server hello in the openssl server

      jishnu1234_1-1726744656933.png

       

      100000000A000000:error:0A000438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_s3.c:865:SSL alert number 80
shutting down SSL
CONNECTION CLOSED
ERROR
shutting down SSL
CONNECTION CLOSED

       While debugging I can see this

      jishnu1234_0-1726744569852.png

      With status values of 0x20007.
      I checked if the server can be connected using openssl client mode

      openssl s_client -connect 192.168.1.15:6000 -cert certsv2/client.crt -key certsv2/client_key.key -CAfile certsv2/rootca.crt -tls1_3 -sigalgs "ECDSA+SHA256"

      and it seems to work with that.
      Is there some other NetXDuo thing I'm missing?

       

      G
      Guillaume K
      ST Employee
      September 19, 2024

      Status value 0x20007 could be NX_CRYPTO_PTR_ERROR defined in nx_crypto_const.h.

      It looks like an incorrect netxduo configuration in the code running on the STM32.

      How is the memory allocated ? is there enough memory for a TLS network stack ?

      It's difficult to understand the root cause without the full project sources you are using.

      Did you modify an example provided in Cube H5 package ? (Nx_IPerf, NX_UDP_echo_client, ...)

      The full ServerHello packet details from wireshark , and the full openssl s_server trace (with -trace option) could help.

      J
      jishnu1234Author
      Graduate
      September 19, 2024

      Hi

      I'm attaching the full project zip file. And yes I modified the UDP client to make this project.

      Server Hello from wireshark:

       

       

       

      Transport Layer Security
 TLSv1.3 Record Layer: Handshake Protocol: Server Hello
 Content Type: Handshake (22)
 Version: TLS 1.2 (0x0303)
 Length: 123
 Handshake Protocol: Server Hello
 Handshake Type: Server Hello (2)
 Length: 119
 Version: TLS 1.2 (0x0303)
 Random: 54f7c48d3f72cce5abb776fec83ebc778ff45763bf2dd527b1f8f731a717f687
 Session ID Length: 0
 Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
 Compression Method: null (0)
 Extensions Length: 79
 Extension: supported_versions (len=2) TLS 1.3
 Type: supported_versions (43)
 Length: 2
 Supported Version: TLS 1.3 (0x0304)
 Extension: key_share (len=69) secp256r1
 Type: key_share (51)
 Length: 69
 Key Share extension
 Key Share Entry: Group: secp256r1, Key Exchange length: 65
 Group: secp256r1 (23)
 Key Exchange Length: 65
 Key Exchange: 04c11f5da38e360f98ff1f8a63dc010fc0521f50ec204bdff9875c4c7af4cfce30bcb0d8574fcf496c331c2dd2b5e9488ee6d39fe47772ca9856781044bd06fea3
 [JA3S Fullstring: 771,4865,43-51]
 [JA3S: f4febc55ea12b31ae17cfb7e614afda8]
 TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
 Content Type: Change Cipher Spec (20)
 Version: TLS 1.2 (0x0303)
 Length: 1
 Change Cipher Spec Message
 TLSv1.3 Record Layer: Application Data Protocol: Hypertext Transfer Protocol
 Opaque Type: Application Data (23)
 Version: TLS 1.2 (0x0303)
 Length: 49
 Encrypted Application Data: 7a094fd69013178359f6ecad2437e5c81a0f45167fb78f81f060a25b1e86fdb9a39a9517595e2a46d980252b62ca7b1054
 [Application Data Protocol: Hypertext Transfer Protocol]
 TLSv1.3 Record Layer: Application Data Protocol: Hypertext Transfer Protocol
 Opaque Type: Application Data (23)
 Version: TLS 1.2 (0x0303)
 Length: 977
 Encrypted Application Data [truncated]: 74b0f57482d56f805fd98295ebb6aa27119693bfae2e133ff71ca8693b0c8a089c0aafe2694e1c7d8060457a977c6938d89dbc56b9f6aba681277c8f2eeaf9ce99cbd5f2d7d4e475c9e6ea2f1430593b11530cfc8efc2d677da80d9a86c9bb3b545d4b6
 [Application Data Protocol: Hypertext Transfer Protocol]
 TLSv1.3 Record Layer: Application Data Protocol: Hypertext Transfer Protocol
 Opaque Type: Application Data (23)
 Version: TLS 1.2 (0x0303)
 Length: 96
 Encrypted Application Data: ec0d7dd15d5998d7e6657576ccae5eda666c2ef96160f956c389633d6db8ce64a33e13c80cdf5a9c8009c6d7d72dc51b26967e2a5be3e07e72c18f2506004cce43753ea51a24e68762f06566133c1d254b654b30d8045c29004773c623e89b5b
 [Application Data Protocol: Hypertext Transfer Protocol]
 TLSv1.3 Record Layer: Application Data Protocol: Hypertext Transfer Protocol
 Opaque Type: Application Data (23)
 Version: TLS 1.2 (0x0303)
 Length: 53
 Encrypted Application Data: f89cda87f51a7a9d41e78d53017e3dc3c09225e7d04d188e4874f9d0115d816c6f53aeea971557b5728ee4c585bd6dbbde9b116373
 [Application Data Protocol: Hypertext Transfer Protocol]

       

       

      Attached trace from openssl

       

      G
      Guillaume KAnswer
      ST Employee
      September 19, 2024

      Not sure...

      Comparing with example of MQTT client which uses TLS in Projects\STM32H573I-DK\Applications\NetXDuo\Nx_MQTT_Client I didn't see this call in your code:

       /* allocate space for the certificate coming in from the remote host */
 ret = nx_secure_tls_remote_certificate_allocate(TLS_session_ptr, certificate_ptr, 
 tls_packet_buffer, sizeof(tls_packet_buffer));
 if (ret != TX_SUCCESS)
 {
 Error_Handler();
 }

       

        Terms & ConditionsAccessibility statement