AWS with existing certifcates

#1

If you are asking a question, please follow this template:

  1. My goal is:

To provision the Things on AWS directly (not using aws-iot-setup) or use an existing Thing key/certificate.

  1. My actions are:

Create the certificate and keys via the AWS console, attach a policy and a thing.
Download the files to the device (esp8266) and set the mos.yml with the correct values

  • [“mqtt.server”, “12345.iot.eu-west-1.amazonaws.com:8883”]
    • [“mqtt.enable”, true]
    • [“mqtt.ssl_cert”, “aws-esp8266_12345.crt.pem”]
    • [“mqtt.ssl_key”, “aws-esp8266_12345.key.pem”]
    • [“mqtt.ssl_ca_cert”, “root-CA.crt”]
    • [“aws.shadow.thing_name”, “esp8266_2518EA”]
    • [“aws.thing_name”, “esp8266_123456”]
    • [“device.id”, “esp8266_123456”]
  1. The result I see is:

[Apr 9 10:26:00.414] mgos_mongoose.c:66 New heap free LWM: 24408
[Apr 9 10:26:00.421] mg_ssl_if_mbedtls.c:35 0x3fff2cbc ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
[Apr 9 10:26:01.127] SW ECDH curve 3
[Apr 9 10:26:06.341] E:M 136 (18 blocks)
[Apr 9 10:26:06.343]
[Apr 9 10:26:06.344] Exception 29 @ 0x4000e1b2, vaddr 0x00000000
[Apr 9 10:26:06.347] A0: 0x4028764b A1: 0x3ffff540 A2: 0x00000000 A3: 0x00000000
[Apr 9 10:26:06.353] A4: 0x00000088 A5: 0x00000000 A6: 0x00000080 A7: 0x00000008
[Apr 9 10:26:06.359] A8: 0x3ffe83cc A9: 0x00000190 A10: 0x00000000 A11: 0x0000007c
[Apr 9 10:26:06.364] A12: 0x00000000 A13: 0x00000088 A14: 0x00000000 A15: 0x3fff1ae8
[Apr 9 10:26:06.370]
[Apr 9 10:26:06.370] (exc SP: 0x3ffff3a0)
[Apr 9 10:26:06.372]
[Apr 9 10:26:06.372] — BEGIN CORE DUMP —
[Apr 9 10:26:06.374] mos: catching core dump

If I provision via aws-iot-setup and replace the files with the generated ones it works ok.
The certificate/key generated via AWS console also work fine using another application.

  1. My expectation & question is:

I seem to have read everything on this and still cant get it to work (unless my googleFu is on the wane).
Just trying to get a tool to analyse the log dumps to see if that throws anymore light on the subject.

0 Likes

#2

You’re out of RAM.
What available RAM do you have prior to connection to AWS IoT?

This is how to trace free RAM in C:

LOG(LL_INFO, ("free ram: %d", mgos_get_free_heap_size()));
0 Likes

#3

Hi,

The device is running the sample JS app and reporting mem with state.ram_free = Sys.free_ram();

[Apr 9 12:06:23.382] online: false {"ram_free":36744,"uptime":5.284549,"btnCount":0,"on":false} [Apr 9 12:06:24.382] online: false {"ram_free":36744,"uptime":6.284306,"btnCount":0,"on":false} [Apr 9 12:06:25.382] online: false {"ram_free":36744,"uptime":7.284427,"btnCount":0,"on":false} [Apr 9 12:06:25.758] ip:192.168.1.74,mask:255.255.255.0,gw:192.168.1.1 [Apr 9 12:06:25.762] mgos_net.c:101 WiFi STA: ready, IP 192.168.1.74, GW 192.168.1.1, DNS 192.168.1.8 [Apr 9 12:06:25.771] mgos_mqtt.c:427 MQTT connecting to XXXXX.iot.eu-west-1.amazonaws.com:8883 [Apr 9 12:06:26.048] mgos_mongoose.c:66 New heap free LWM: 27832 [Apr 9 12:06:26.382] online: false {"ram_free":29980,"uptime":8.284619,"btnCount":0,"on":false} [Apr 9 12:06:27.382] online: false {"ram_free":29980,"uptime":9.284388,"btnCount":0,"on":false} [Apr 9 12:06:28.382] online: false {"ram_free":29980,"uptime":10.284339,"btnCount":0,"on":false} [Apr 9 12:06:29.382] online: false {"ram_free":29980,"uptime":11.284337,"btnCount":0,"on":false} [Apr 9 12:06:30.371] mgos_mongoose.c:66 New heap free LWM: 27776 [Apr 9 12:06:30.389] online: false {"ram_free":29700,"uptime":12.290995,"btnCount":0,"on":false} [Apr 9 12:06:30.430] mgos_mongoose.c:66 New heap free LWM: 27472 [Apr 9 12:06:30.493] mgos_mongoose.c:66 New heap free LWM: 24488 [Apr 9 12:06:30.500] mgos_mongoose.c:66 New heap free LWM: 24272 [Apr 9 12:06:30.507] mg_ssl_if_mbedtls.c:35 0x3fff2afc ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 [Apr 9 12:06:31.211] SW ECDH curve 3 [Apr 9 12:06:36.390] E:M 136 (18 blocks) [Apr 9 12:06:36.392] [Apr 9 12:06:36.392] Exception 29 @ 0x4000e1b2, vaddr 0x00000000 [Apr 9 12:06:36.396] A0: 0x4028764b A1: 0x3ffff540 A2: 0x00000000 A3: 0x00000000 [Apr 9 12:06:36.402] A4: 0x00000088 A5: 0x00000000 A6: 0x00000080 A7: 0x00000008 [Apr 9 12:06:36.408] A8: 0x3ffe83cc A9: 0x00000190 A10: 0x00000000 A11: 0x0000007c [Apr 9 12:06:36.413] A12: 0x00000000 A13: 0x00000088 A14: 0x00000000 A15: 0x3fff16c0 [Apr 9 12:06:36.419] [Apr 9 12:06:36.419] (exc SP: 0x3ffff3a0)

Does the RSA (as opposed to the elliptic curve that the aws-iot-setup creates ) key processing take all the memory?

I’m part way through writing a C version of the AWS demo app.

Thanks,

Pete

0 Likes

#4

Seems to work fine using C so will go down that route for now…

0 Likes

#5

EC should be more RAM efficient - JS code should also work.

0 Likes

#6

Nope, no joy with the JS version using my certificates.
Works like a charm with C and the same.

Works fine with Js and the ones generated by the aws-iot-setup tool too.

0 Likes

#7

Stripping this back and starting again I’ve found that its a memory issue on my devices:

NodeMCU 8266 board

Mongoose OS 2.12.1 (20190410-090522/2.12.1-gdd403d6)
CPU: ESP8266EX, 160 MHz, RAM: 52328 total, 50124 free

Using JS and using the least includes I can it will connect with my certificates and keys to AWS and have access to the shadow functions.

Adding the api_gpio.js caused the app to fail so I stripped back things again and as a minimum I used:

load(‘api_aws.js’);
load(‘api_timer.js’);
load(‘api_shadow.js’);
load(‘api_mqtt.js’);
load(‘api_gpio.js’);
load(‘api_sys.js’);

And these libs:

libs:

This works but I’d like to read an DHT11 but if I add these the app crashes at the point of connecting to AWS

mgos_mongoose.c:66 New heap free LWM: 26160
[Apr 10 10:11:04.769] mg_ssl_if_mbedtls.c:35 0x3fff2fdc ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
[Apr 10 10:11:05.461] SW ECDH curve 3

0 Likes