mg_tls_init EC private key too short

[vballdrummer]

• My goal is:
  Use built-in TLS stack with self-signed certs

• My actions were:

1. Build libmongoose.a with compiler CFLAGS += -DMG_TLS=MG_TLS_BUILTIN
2. Link libmongoose.a with my server app
3. Used the test/certs/generate.sh script to create (EC prime256v1) CA key/cert, and server key/cert files;
4. Concatenated server+ca certs to create fullchain.pem (cat server.crt ca.crt > fullchain.pem)
5. load these into struct mg_tls_opts
6. call mg_tls_init() to complete TLS handshake

    switch (ev) {
        case MG_EV_ACCEPT: {
            if (conn->is_tls) {
                struct mg_tls_opts opts = {};
                opts.cert = mg_str("/var/www/certs/fullchain.pem");
                opts.key  = mg_str("/var/tls/keys/server.key");  
                mg_tls_init(conn, &opts);
            }
            // nothing to do on :80
            break;
        }

• My expectation was:
  Successful TLS handshake

• The result I saw:
  mg_tls_init EC private key too short

[INFO] 43855509 3 mongoose.c:9925:accept_conn  3 9 accepted 192.168.1.46:61852 -> 0.0.0.0:443
[INFO] 4385550a 1 mongoose.c:13437:mg_tls_init EC private key too short
[INFO] 4385552e 3 mongoose.c:9775:read_conn    3 9 0:0:0 -2 err 115
[INFO] 43855530 3 mongoose.c:9925:accept_conn  4 10 accepted 192.168.1.46:59328 -> 0.0.0.0:443
[INFO] 43855532 1 mongoose.c:13437:mg_tls_init EC private key too short
[INFO] 43855557 3 mongoose.c:9775:read_conn    4 10 0:0:0 -2 err 115
[INFO] 43855558 3 mongoose.c:9925:accept_conn  5 11 accepted 192.168.1.46:64804 -> 0.0.0.0:443
[INFO] 4385555c 1 mongoose.c:13437:mg_tls_init EC private key too short

• My question is:
  Why does mongoose think the EC prime256v1 private key (from generate.sh) is too short?

Environment

• mongoose version: 7.20, Commit : f96f52f
• Compiler/IDE and SDK: Arm GNU Toolchain 11.3.1
• Target hardware/board: n/a
• Connectivity chip/module: n/a
• Target RTOS/OS (if applicable): Ubuntu 24.04, Linux kernel 5.15.167

[scaprile]

4. Concatenated server+ca certs to create fullchain.pem (cat server.crt ca.crt > fullchain.pem)

I don't see any of our examples or tutorials where we do or suggest something like that.
Please see our documentation, and follow the guidelines in our tutorials.
Specifically https://mongoose.ws/documentation/tutorials/tls/
Thank you

[vballdrummer]

I did as you suggested and used only the server.pem from generate.sh and received the same failure and error message.
(now using ...
opts.cert = mg_str("/var/www/certs/server.pem");
opts.key = mg_str("/var/tls/keys/server.key");
If you notice in the OP, mongoose is not complaining about the full cert chain, it fails to load the server.key as produced by generate.sh.

I used openssl to verify the server.key is in fact 256bit EC (bits altered to post this safely)

$ openssl ec -in server.key -text -noout
read EC key
Private-Key: (256 bit)
priv:
    a7:14:b8:2d:5c:a3:91:6e:2f:78:91:e4:85:6b:32:
    d9:27:c5:aa:63:1d:c4:f1:9a:7b:53:e8:41:92:dc:
    8f:5b
pub:
    04:7d:2b:e6:91:4a:8c:19:f3:55:7d:b0:44:bb:62:
    8e:36:18:a1:c7:d2:79:4f:6a:8d:e3:92:c1:58:7a:
    3e:d4:91:5f:2c:a8:b6:ea:0f:71:9c:56:2d:84:c9:
    6b:4f:da:38:e2:9d:47:91:23:6c:b5:7e:4f:12:85:
    c6:99:52:7f:1a
ASN1 OID: prime256v1
NIST CURVE: P-256

Why does the embedded TLS stack fail to read/recognize this as a valid key?

[scaprile]

You are not feeding the key file, you are feeding a string with the file name. Please read the docs and do as the docs instruct; we do not do what you are doing in any of our examples or docs, and specifically, the doc I linked for you yesterday, has a section named "How-to-load-credentials" https://mongoose.ws/documentation/tutorials/tls/#how-to-load-credentials that shows how you have to do that,
thing that you're not doing properly

BTW, generate.sh does not create .pem but .crt files; you're free to change the name but please do not modify the generated files

[vballdrummer]

Ah, ok that was a dumb mistake on my part. Thanks for the response.