Building mbedtls using LWIP library

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library :: Handshake takes too long

antonio

Hi Noam,


Thanks for your answer.

>>Do you use any external SDRAM or just the M3 own memory ?.


I do not have an external SDRAM yet. My application still uses the Demos /programs/ssl/ssl_server/client, which I believe is fairly simple. and need not much memory.


>>Have you been able to run the SSL server demo from mbedTLS ?

I am using the Demo examples. The connection is established, the handshake is what takes too much time.

The LWIP layer works since I can see TCP connection establishment messages on wireshark, and also the initial handshake messages.


once again thanks, I will keep debugging. 



---
Best Regards,
/António, KTH Royal Institute of Technology/Sweden

-------------------------

From: lwip-users <lwip-users-bounces+gonga=[hidden email]> on behalf of Noam Weissman <[hidden email]>
Sent: Thursday, June 8, 2017 15:09
To: Mailing list for lwIP users
Subject: Re: [lwip-users] Building mbedtls using LWIP library :: Handshake takes too long
 

Hi,

 

Do you use any external SDRAM or just the M3 own memory ?... If you do not have any extra RAM

I do not see how you can run HTTPS.. you need around 100-200K RAM to run HTTPS for one page.

The estimate is based that your page hase one or more JS files, one or more images, one or more

CSS files… in all you need 4-6 connections to load a single page and that needs lots of RAM.

 

Every SSL connection needs 16K for receive and 16K for transmit + some overhead. If you tweak

mbedTLS and use a smaller send buffer you may save on RAM but still need about 20+K RAM for

a connection… multiply that by 4-6 that’s a lot.

 

As for hardware acceleration… some M3 have DES, AES, SHA, CRC and RNG engines. This may help but

It is not related to big numbers, as far as I understand.

 

Have you been able to run the SSL server demo from mbedTLS ?... If not then I suggest first run the demo

And then work on your own code.

 

Good luck,

Noam.

 

From: lwip-users [mailto:lwip-users-bounces+noam=[hidden email]] On Behalf Of antonio
Sent: Thursday, June 08, 2017 10:31 AM
To: [hidden email]
Subject: Re: [lwip-users] Building mbedtls using LWIP library :: Handshake takes too long

 

Hi all, I am trying to port mbedTLS to work with my embedded device. My problem is that the handshake procedure never completes, therefore, I am unable to have any HTTPS communication. Further debugging, I noticed that the math computations are taking too long (bignum.c). Is there a way to avoid such a mess ? I am using MC "arm-cortex-m3", which I believe can achieve fast computations. Any kind of optimizations etc is kindly welcome. /Antonio


View this message in context: Re: Building mbedtls using LWIP library :: Handshake takes too long
Sent from the lwip-users mailing list archive at Nabble.com.


_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Building mbedtls using LWIP library :: Handshake takes too long

Noam weissman

Hi Antonio,

 

mbedTLS uses memory allocation (malloc, free…)

 

There are defines in mbedTLS code if you want to use system memory allocation or something else.

System allocation means malloc, free etc…

 

Another memory manager can be using LwIP memory allocation functions or OS memory allocation functions etc…

FreeRTOS normally uses their own memory manager.

 

If you use the default memory allocation function check that you have a heap sufficient for SSL .. sufficient means

minimum 40-45K RAM and up. I found that the hard way… did not work for me (at start).

 

Another problem that I had is that mbedTLS uses system IO… as we are using an embedded micro there is normally

no STDIO and you cannot use printf, gets functions etc.

 

ST is suppling a retarget.c file but you need to hook the functions to your UART or other device. See PUTCHAR_PROTOTYPE

macro for putc function.

 

I am using STM32F4xx and STM32F7xx … these micro’s have a main memory and a fast memory CCM/TCM .. I assigned

All of the CCM (64K) for heap.

 

Good luck,

Noam.

 

From: lwip-users [mailto:lwip-users-bounces+noam=[hidden email]] On Behalf Of Antonio Gonga
Sent: Thursday, June 08, 2017 4:53 PM
To: Mailing list for lwIP users
Subject: Re: [lwip-users] Building mbedtls using LWIP library :: Handshake takes too long

 

Hi Noam,

 

Thanks for your answer.

>>Do you use any external SDRAM or just the M3 own memory ?.

 

I do not have an external SDRAM yet. My application still uses the Demos /programs/ssl/ssl_server/client, which I believe is fairly simple. and need not much memory.


>>Have you been able to run the SSL server demo from mbedTLS ?

I am using the Demo examples. The connection is established, the handshake is what takes too much time.

The LWIP layer works since I can see TCP connection establishment messages on wireshark, and also the initial handshake messages.

 

once again thanks, I will keep debugging. 

 

 

---
Best Regards,
/António, KTH Royal Institute of Technology/Sweden

-------------------------


From: lwip-users <[hidden email]> on behalf of Noam Weissman <[hidden email]>
Sent: Thursday, June 8, 2017 15:09
To: Mailing list for lwIP users
Subject: Re: [lwip-users] Building mbedtls using LWIP library :: Handshake takes too long

 

Hi,

 

Do you use any external SDRAM or just the M3 own memory ?... If you do not have any extra RAM

I do not see how you can run HTTPS.. you need around 100-200K RAM to run HTTPS for one page.

The estimate is based that your page hase one or more JS files, one or more images, one or more

CSS files… in all you need 4-6 connections to load a single page and that needs lots of RAM.

 

Every SSL connection needs 16K for receive and 16K for transmit + some overhead. If you tweak

mbedTLS and use a smaller send buffer you may save on RAM but still need about 20+K RAM for

a connection… multiply that by 4-6 that’s a lot.

 

As for hardware acceleration… some M3 have DES, AES, SHA, CRC and RNG engines. This may help but

It is not related to big numbers, as far as I understand.

 

Have you been able to run the SSL server demo from mbedTLS ?... If not then I suggest first run the demo

And then work on your own code.

 

Good luck,

Noam.

 

From: lwip-users [[hidden email]] On Behalf Of antonio
Sent: Thursday, June 08, 2017 10:31 AM
To: [hidden email]
Subject: Re: [lwip-users] Building mbedtls using LWIP library :: Handshake takes too long

 

Hi all, I am trying to port mbedTLS to work with my embedded device. My problem is that the handshake procedure never completes, therefore, I am unable to have any HTTPS communication. Further debugging, I noticed that the math computations are taking too long (bignum.c). Is there a way to avoid such a mess ? I am using MC "arm-cortex-m3", which I believe can achieve fast computations. Any kind of optimizations etc is kindly welcome. /Antonio


View this message in context: Re: Building mbedtls using LWIP library :: Handshake takes too long
Sent from the lwip-users mailing list archive at Nabble.com.


_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
12