Building mbedtls using LWIP library

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Building mbedtls using LWIP library

shruthi
Hi,

I am using the LWIP stack(1.4.0 version) as a tap device (tap0) on my Linux system. I have a simple TCP server-client application running on the LWIP stack. Now I want to add TLS over TCP, and I found that mbedTLS is one of the recommended libraries to add TLS support on LWIP. Could you please tell me how to integrate the two?

I want to make the mbedTLS library use the LWIP library APIs instead of the Linux APIs. I am new to both these libraries and I am not sure what changes to make in the Makefiles to build them together. Any advice/suggestions would be appreciated.

Regards,
Shruthi
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

Jan Menzel
Hi Shruthi!
        I'm using mbedtls and lwip on an embedded devices so I can only help
integration both if there are no other tcp/ip-stacks around.
        Basically mbedtls interfaces to any tcp/ip-stack using bsd-socket API.
This is archived using the file net.c, which comes with mbedtls such,
that it builds on multiple platforms. I'd suggest that you carefully
check that all calls to open/close/read/write are correctly linked to
lwip. There might be modifications needed - eventually also in lwip - to
not use the Linux stack. I think that should be all. Please make sure to
enable socked api. You might need to enable support for transmit/receive
timeouts and you might wont to make sure, that lwips errno can be/is
read insight net.c.
        Please check the archive of this list as we had recently some
discussions regarding mbedtls and the configuration of lwip.

        Best regards
                Jan

On 18.04.2017 11:02, shruthi wrote:

> Hi,
>
> I am using the LWIP stack(1.4.0 version) as a *tap device (tap0)* on my
> Linux system. I have a simple TCP server-client application running on the
> LWIP stack. Now I want to add TLS over TCP, and I found that mbedTLS is one
> of the recommended libraries to add TLS support on LWIP. Could you please
> tell me how to integrate the two?
>
> I want to make the mbedTLS library use the LWIP library APIs instead of the
> Linux APIs. I am new to both these libraries and I am not sure what changes
> to make in the Makefiles to build them together. Any advice/suggestions
> would be appreciated.
>
> Regards,
> Shruthi
>
>
>
>
> --
> View this message in context: http://lwip.100.n7.nabble.com/Building-mbedtls-using-LWIP-library-tp29319.html
> Sent from the lwip-users mailing list archive at Nabble.com.
>
> _______________________________________________
> lwip-users mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

Noam weissman
Hi Shruthi,

As a continuation to Jan mail...

I am using mbedTLS 2.42 + LwIP 2.02 and it works for me... after some straggling :-)

I strongly suggest upgrading to LwIP 1.42 as a minimum. As far as I know there were
many fixes from 1.40 to 1.42

mbetTLS has a net_socket.c+h file that is the "porting" file

I am working with ST micro and they have added a porting file named retarget.c ... without it, it will not
work as the mbedTLS uses printf and standard IO.

What micro are you using ?, are you using Linux or another OS. You may need to add some files that are
not part of the mbedTLS library ?


BR,
Noam.

-----Original Message-----
From: lwip-users [mailto:lwip-users-bounces+noam=[hidden email]] On Behalf Of Jan Menzel
Sent: Tuesday, April 18, 2017 12:31 PM
To: [hidden email]
Subject: Re: [lwip-users] Building mbedtls using LWIP library

Hi Shruthi!
        I'm using mbedtls and lwip on an embedded devices so I can only help integration both if there are no other tcp/ip-stacks around.
        Basically mbedtls interfaces to any tcp/ip-stack using bsd-socket API.
This is archived using the file net.c, which comes with mbedtls such, that it builds on multiple platforms. I'd suggest that you carefully check that all calls to open/close/read/write are correctly linked to lwip. There might be modifications needed - eventually also in lwip - to not use the Linux stack. I think that should be all. Please make sure to enable socked api. You might need to enable support for transmit/receive timeouts and you might wont to make sure, that lwips errno can be/is read insight net.c.
        Please check the archive of this list as we had recently some discussions regarding mbedtls and the configuration of lwip.

        Best regards
                Jan

On 18.04.2017 11:02, shruthi wrote:

> Hi,
>
> I am using the LWIP stack(1.4.0 version) as a *tap device (tap0)* on
> my Linux system. I have a simple TCP server-client application running
> on the LWIP stack. Now I want to add TLS over TCP, and I found that
> mbedTLS is one of the recommended libraries to add TLS support on
> LWIP. Could you please tell me how to integrate the two?
>
> I want to make the mbedTLS library use the LWIP library APIs instead
> of the Linux APIs. I am new to both these libraries and I am not sure
> what changes to make in the Makefiles to build them together. Any
> advice/suggestions would be appreciated.
>
> Regards,
> Shruthi
>
>
>
>
> --
> View this message in context:
> http://lwip.100.n7.nabble.com/Building-mbedtls-using-LWIP-library-tp29
> 319.html Sent from the lwip-users mailing list archive at Nabble.com.
>
> _______________________________________________
> lwip-users mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

goldsimon@gmx.de
Noam Weissman wrote:
> I strongly suggest upgrading to LwIP 1.42 as a minimum. As far as I know there were
> many fixes from 1.40 to 1.42

1.42? That version doesn't even exist...

> [..] the mbedTLS uses printf and standard IO.

Really? Last time I checked that was not the case (for me).


Shruti wrote:
> Could you please tell me how to integrate the two?

That's more an mbedTLS question (as long as you use it via sockets, at least: lwIP provides a standard socket layer and mbedTLS should just be able to use it).

If you want to use mbedTLS with lwIP's callback API, have a look into current git master, I'm just working on that. No way to integrate that back into 1.4.x though.


Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

Noam weissman
Simon,

I meant 1.41 ... my mistake :-(

As far as I know 1.41 was the stable version used for a long time before 2.xx

Noam.

-----Original Message-----
From: lwip-users [mailto:lwip-users-bounces+noam=[hidden email]] On Behalf Of Simon Goldschmidt
Sent: Tuesday, April 18, 2017 5:04 PM
To: [hidden email]
Subject: Re: [lwip-users] Building mbedtls using LWIP library

Noam Weissman wrote:
> I strongly suggest upgrading to LwIP 1.42 as a minimum. As far as I
> know there were many fixes from 1.40 to 1.42

1.42? That version doesn't even exist...

> [..] the mbedTLS uses printf and standard IO.

Really? Last time I checked that was not the case (for me).


Shruti wrote:
> Could you please tell me how to integrate the two?

That's more an mbedTLS question (as long as you use it via sockets, at least: lwIP provides a standard socket layer and mbedTLS should just be able to use it).

If you want to use mbedTLS with lwIP's callback API, have a look into current git master, I'm just working on that. No way to integrate that back into 1.4.x though.


Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

Jan Menzel
In reply to this post by goldsimon@gmx.de


On 18.04.2017 16:03, Simon Goldschmidt wrote:
[...]
> If you want to use mbedTLS with lwIP's callback API, have a look into current git master, I'm just working on that. No way to integrate that back into 1.4.x though.

Can you tell me more what improvements you're implementing and how this
will effect the interface to mbedtls?

        Jan

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

goldsimon@gmx.de
In reply to this post by Noam weissman
Noam Weissman wrote:
> As far as I know 1.41 was the stable version used for a long time before 2.xx

That's correct. Nevertheless, it's so old by now that I wouldn't suggest
anyone to upgrade to it. Upgrading to version 2 is *strongly* suggested
as it includes many more bugfixes and new features as well.

Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

goldsimon@gmx.de
In reply to this post by Jan Menzel
Jan Menzel wrote:
> Can you tell me more what improvements you're implementing and how this
> will effect the interface to mbedtls?

No improvements really. I have added an indirection layer to the tcp
callback API that allows to plug in layers between the application (e.g.
HTTP server) and TCP. This is implemented simply by having other 'bio'
callbacks for mbedTLS.

The downside of course is that TLS processing time is done in
tcpip_thread, so it really depends on your overall application use
whether you want to use this layer or sockets. Since mbedTLS allows
registering the callbacks per ssl context, it should be possible to use
both APIs at the same time.

Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

Anmol Sehgal
Hi,

Thank for your responses but my query is regarding compiling the lwip-2.0.2 through NDK-build for android platform, as we want to use lwip-2.0.2 to implement L2TP protocol for the vpn connection.

We downloaded the working git project for LWIP-1.4.1 from the URL: https://github.com/digitalsorcery/LWIPAndroidJNI
And in a similar way, we are trying to build LWIP-2.0.2, as per your suggestion, but getting compilation errors.
The errors faced while trying to compile and make .so file are as below:

[armeabi] SharedLibrary  : liblwip-android.so
C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/api/sockets.c:510: error: undefined reference to 'errno'
C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/api/sockets.c:510: error: undefined reference to 'errno'
C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/api/sockets.c:510: error: undefined reference to 'errno'
C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/api/sockets.c:510: error: undefined reference to 'errno'
C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:391: error: undefined reference to '
sio_open'
C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:132: error: undefined reference to '
sio_send'
C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:140: error: undefined reference to '
sio_send'
C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:145: error: undefined reference to '
sio_send'
C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:150: error: undefined reference to '
sio_send'
C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:337: error: undefined reference to '
sio_read'
C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:437: error: undefined reference to '
sio_tryread'
clang++.exe: error: linker command failed with exit code 1 (use -v to see invocation)



Any help would be appreciated.

Regards,
Anmol

-----Original Message-----
From: lwip-users [mailto:lwip-users-bounces+anmol.sehgal=[hidden email]] On Behalf Of [hidden email]
Sent: 18 April 2017 11:54 PM
To: Mailing list for lwIP users <[hidden email]>
Subject: Re: [lwip-users] Building mbedtls using LWIP library

Jan Menzel wrote:
> Can you tell me more what improvements you're implementing and how
> this will effect the interface to mbedtls?

No improvements really. I have added an indirection layer to the tcp callback API that allows to plug in layers between the application (e.g.
HTTP server) and TCP. This is implemented simply by having other 'bio'
callbacks for mbedTLS.

The downside of course is that TLS processing time is done in tcpip_thread, so it really depends on your overall application use whether you want to use this layer or sockets. Since mbedTLS allows registering the callbacks per ssl context, it should be possible to use both APIs at the same time.

Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

Ajay Bhargav (SiWi)

Hi Anmol,

 

You are replying to wrong thread. This thread (regarding mbedtls) is created by Shruthi.

 

  • Ajay Bhargav

 

From: [hidden email]
Sent: Wednesday, April 19, 2017 11:18 AM
To: [hidden email]
Subject: Re: [lwip-users] Building mbedtls using LWIP library

 

Hi,

 

Thank for your responses but my query is regarding compiling the lwip-2.0.2 through NDK-build for android platform, as we want to use lwip-2.0.2 to implement L2TP protocol for the vpn connection.

 

We downloaded the working git project for LWIP-1.4.1 from the URL: https://github.com/digitalsorcery/LWIPAndroidJNI

And in a similar way, we are trying to build LWIP-2.0.2, as per your suggestion, but getting compilation errors.

The errors faced while trying to compile and make .so file are as below:

 

[armeabi] SharedLibrary  : liblwip-android.so

C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/api/sockets.c:510: error: undefined reference to 'errno'

C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/api/sockets.c:510: error: undefined reference to 'errno'

C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/api/sockets.c:510: error: undefined reference to 'errno'

C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/api/sockets.c:510: error: undefined reference to 'errno'

C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:391: error: undefined reference to '

sio_open'

C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:132: error: undefined reference to '

sio_send'

C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:140: error: undefined reference to '

sio_send'

C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:145: error: undefined reference to '

sio_send'

C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:150: error: undefined reference to '

sio_send'

C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:337: error: undefined reference to '

sio_read'

C:/Users/anmolsehgal/Desktop/LWIPAndroidJNI-master2.0.2/LWIPAndroidJNI-master/jni/lwip-2.0.2/src/netif/slipif.c:437: error: undefined reference to '

sio_tryread'

clang++.exe: error: linker command failed with exit code 1 (use -v to see invocation)

 

 

 

Any help would be appreciated.

 

Regards,

Anmol

 

-----Original Message-----

From: lwip-users [mailto:lwip-users-bounces+anmol.sehgal=[hidden email]] On Behalf Of [hidden email]

Sent: 18 April 2017 11:54 PM

To: Mailing list for lwIP users <[hidden email]>

Subject: Re: [lwip-users] Building mbedtls using LWIP library

 

Jan Menzel wrote:

> Can you tell me more what improvements you're implementing and how

> this will effect the interface to mbedtls?

 

No improvements really. I have added an indirection layer to the tcp callback API that allows to plug in layers between the application (e.g.

HTTP server) and TCP. This is implemented simply by having other 'bio'

callbacks for mbedTLS.

 

The downside of course is that TLS processing time is done in tcpip_thread, so it really depends on your overall application use whether you want to use this layer or sockets. Since mbedTLS allows registering the callbacks per ssl context, it should be possible to use both APIs at the same time.

 

Simon

 

_______________________________________________

lwip-users mailing list

[hidden email]

https://lists.nongnu.org/mailman/listinfo/lwip-users

 

_______________________________________________

lwip-users mailing list

[hidden email]

https://lists.nongnu.org/mailman/listinfo/lwip-users

 


_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

shruthi
In reply to this post by Noam weissman
Thank you all for your suggestions.

Simon wrote:
> If you want to use mbedTLS with lwIP's callback API, have a look into current git master, I'm just working on that. No way to integrate that back into 1.4.x though.

In this case,
1. Is the support available for Unix?
2. Should I install mbedTLS library and specify its location while building the stack or is the library already included in the stack?
3. If the library is already included, are all the APIs needed to setup a TLS connection over TCP available?

Regards,
Shruthi
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

Ajay Bhargav-2
As Simon said, these are more of mbedTLS questions than lwIP

> In this case,
> 1. Is the support available for Unix?
Check file net_sockets.c it uses socket APIs which are directly
compatible with lwIP socket APIs make sure you enable them in
lwipopts.h

> 2. Should I install mbedTLS library and specify its location while building
> the stack or is the library already included in the stack?
I am not sure about what build system you're using so not sure how to
put this, you need to build all of it together

> 3. If the library is already included, are all the APIs needed to setup a
> TLS connection over TCP available?
>
mbedTLS will use net_socket wrapper functions, so you need to use
mbedTLS APIs to make a TLS connection. Check code samples in program
folder of mbedTLS library.

-- Ajay Bhargav

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

goldsimon@gmx.de
In reply to this post by shruthi
wrote shruthi:
> In this case,
> 1. Is the support available for Unix?
Why wouldn't it? lwIP is just a library and using it on Unix is just a
port. If you want to see how it's done, get the latest git master's src
and contrib repositories and build the unix example port  with "mbedtls"
next to the contrib folder and you should get TLS support (mbedTLS code
is *not* included with lwIP).

Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

shruthi
Simon,

This is what I have inferred from what you suggested. Please correct me if I am wrong:

You wrote:
> If you want to see how it's done, get the latest git master's src
and contrib repositories and build the unix example port  with "mbedtls"
next to the contrib folder and you should get TLS support (mbedTLS code
is *not* included with lwIP).

This would still require changing net_sockets.c of mbedTLS library to use LwIP socket functions (like lwip_socket(), lwip_bind(), etc), right? Because by default it uses socket APIs from my Linux stack.

And, if I try to do this, I need to use LwIP library to build mbedTLS library to point to the definitions of all these LwIP socket functions. Is it possible to combine these two libraries?

- Shruthi
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

goldsimon@gmx.de
shruthi wrote:
> You wrote:
>> If you want to see how it's done, get the latest git master's src
>> and contrib repositories and build the unix example port with "mbedtls"
>> next to the contrib folder and you should get TLS support (mbedTLS code
>> is *not* included with lwIP).

You misunderstood me here: That sentence was about using mbedTLS via the *callback API*, not via sockets!
In this case, net_sockets.c is *not* used at all. After all, mbedTLS does not link net_sockets.c, but your
application links it by setting the bio callbacks.

> This would still require changing net_sockets.c of mbedTLS library to use
> LwIP socket functions (like lwip_socket(), lwip_bind(), etc), right? Because
> by default it uses socket APIs from my Linux stack.

Only if you can't use LWIP_COMPAT_SOCKETS.

> And, if I try to do this, I need to use LwIP library to build mbedTLS
> library to point to the definitions of all these LwIP socket functions. Is
> it possible to combine these two libraries?

I'm afraid I don't understand this. And I'm not sure if you do...


Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

shruthi
Thank you, Simon. I understand it better now.

I am able to run the TLS server on LWIP stack (latest version cloned from git) and connect to it with a TLS client running on my Linux stack.

However, when I try to run a TLS client on the LWIP stack, I get an error (err = -13) in "netconn_connect()". It works only if server OR client is on LWIP stack, not both. Any idea what the problem might be? I run into the same problem even with the TCP server and client program, which was working perfectly fine with LWIP 1.4.0 version.

- Shruthi
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

goldsimon@gmx.de
shruthi wrote:
> Any idea what the problem might be?

No, sorry.

Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library

shruthi
In reply to this post by shruthi
Sorry, it was because the MAC address of the server and client stacks were the same. It's now working :). Thank you all for your help.

- Shruthi
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library :: Handshake takes too long

antonio
Hi all, I am trying to port mbedTLS to work with my embedded device. My problem is that the handshake procedure never completes, therefore, I am unable to have any HTTPS communication. Further debugging, I noticed that the math computations are taking too long (bignum.c). Is there a way to avoid such a mess ? I am using MC "arm-cortex-m3", which I believe can achieve fast computations. Any kind of optimizations etc is kindly welcome. /Antonio
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library :: Handshake takes too long

Noam weissman

Hi,

 

Do you use any external SDRAM or just the M3 own memory ?... If you do not have any extra RAM

I do not see how you can run HTTPS.. you need around 100-200K RAM to run HTTPS for one page.

The estimate is based that your page hase one or more JS files, one or more images, one or more

CSS files… in all you need 4-6 connections to load a single page and that needs lots of RAM.

 

Every SSL connection needs 16K for receive and 16K for transmit + some overhead. If you tweak

mbedTLS and use a smaller send buffer you may save on RAM but still need about 20+K RAM for

a connection… multiply that by 4-6 that’s a lot.

 

As for hardware acceleration… some M3 have DES, AES, SHA, CRC and RNG engines. This may help but

It is not related to big numbers, as far as I understand.

 

Have you been able to run the SSL server demo from mbedTLS ?... If not then I suggest first run the demo

And then work on your own code.

 

Good luck,

Noam.

 

From: lwip-users [mailto:lwip-users-bounces+noam=[hidden email]] On Behalf Of antonio
Sent: Thursday, June 08, 2017 10:31 AM
To: [hidden email]
Subject: Re: [lwip-users] Building mbedtls using LWIP library :: Handshake takes too long

 

Hi all, I am trying to port mbedTLS to work with my embedded device. My problem is that the handshake procedure never completes, therefore, I am unable to have any HTTPS communication. Further debugging, I noticed that the math computations are taking too long (bignum.c). Is there a way to avoid such a mess ? I am using MC "arm-cortex-m3", which I believe can achieve fast computations. Any kind of optimizations etc is kindly welcome. /Antonio


View this message in context: Re: Building mbedtls using LWIP library :: Handshake takes too long
Sent from the lwip-users mailing list archive at Nabble.com.


_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
12