LWIP altcp_mbedtls webserver performance issue

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

LWIP altcp_mbedtls webserver performance issue

Amr Elsayed
Hi Guys,

I am using the LWIP altcp_mbedtls and httpd for implementing a webserver on STM32F437 which has a Cryptography processor ,Hash processor, and random generator, I am using LWIP RAW API's.
First I was using RSA for handshaking. it was very very slow stuck on Big_num processing. After studying a bit I found that ECC would be much faster than RSA in handshaking. so currently I am using ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, and is much faster. however is still slow (not practical) on the STM32F437 and when loading multiple pages It only loads one page then stops. also for some browsers the handshaking is not successful and using wireshark I get from the client (browser) "Alert (Unknown Message)" packet.
My Question is, is it applicable to use STM32F437 and mbedtls with LWIP to implement a secure webserver ? or for such controller I should use altcp_mbedtls for only clients not a server specially webserver ?
If it should work smooth Then what I am doing wrong ?  I am sharing below my "mbedtls_config.h" and "lwip_opts.h". the microcontroller Speed is 180MHz , has 2MB Flash and 256 KB RAM.
----------------------------------------------------------------------------------------------------
"mbedtls_config.h"
/* System support */
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_PLATFORM_MEMORY
/* mbed TLS feature support */
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2

/* mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_GCM_C
#define MBEDTLS_MD_C
//#define MBEDTLS_NET_C
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C

/* For test certificates */
#define MBEDTLS_BASE64_C
#define MBEDTLS_CERTS_C
#define MBEDTLS_PEM_PARSE_C

/* Save RAM at the expense of ROM */
#define MBEDTLS_AES_ROM_TABLES

/* Disable double-width division */
#define MBEDTLS_NO_UDBL_DIVISION

/* Save RAM by adjusting to our exact needs */
#define MBEDTLS_ECP_MAX_BITS   384
#define MBEDTLS_MPI_MAX_SIZE    48 // 384 bits is 48 bytes

/* Save RAM at the expense of speed, see ecp.h */
#define MBEDTLS_ECP_WINDOW_SIZE        2
#define MBEDTLS_ECP_FIXED_POINT_OPTIM  0

/* Significant speed benefit at the expense of some ROM */
#define MBEDTLS_ECP_NIST_OPTIM

/*
 * You should adjust this to the exact number of sources you're using: default
 * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones.
 * Minimum is 2 for the entropy test suite.
 */
#define MBEDTLS_ENTROPY_MAX_SOURCES 2

/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES                        \
    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,    \
    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

/*
 * Save RAM at the expense of interoperability: do this only if you control
 * both ends of the connection!  (See coments in "mbedtls/ssl.h".)
 * The minimum size here depends on the certificate chain used as well as the
 * typical size of records.
 */
#define MBEDTLS_SSL_MAX_CONTENT_LEN             2048

#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
#define MBEDTLS_CAMELLIA_C

/* Customize the entropy data generation */
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_ENTROPY_HARDWARE_ALT

-------------------------------------------------------------------------------------------
"lwip_opts.h" 

#define SYS_LIGHTWEIGHT_PROT    0
#define ETHARP_TRUST_IP_MAC     0
#define IP_REASSEMBLY           0
#define IP_FRAG                 0
#define ARP_QUEUEING            0
#define NO_SYS                  0
#define MEM_ALIGNMENT           4
#define MEM_SIZE                (10*1024)
#define MEMP_NUM_PBUF           100
#define MEMP_NUM_UDP_PCB        6
#define MEMP_NUM_TCP_PCB        10
#define MEMP_NUM_TCP_PCB_LISTEN 5
#define MEMP_NUM_TCP_SEG        12
#define MEMP_NUM_SYS_TIMEOUT    10
#define PBUF_POOL_SIZE          10
#define PBUF_POOL_BUFSIZE       1524
#define LWIP_TCP                1
#define TCP_TTL                 255
#define TCP_QUEUE_OOSEQ         0
#define TCP_MSS                 (1500 - 40)   /* TCP_MSS = (Ethernet MTU - IP header size - TCP header size) */
#define TCP_SND_BUF             (4*TCP_MSS)
#define TCP_SND_QUEUELEN        (2* TCP_SND_BUF/TCP_MSS)
#define TCP_WND                 (2*TCP_MSS)
#define LWIP_ICMP                       1
#define LWIP_DHCP               1
#define LWIP_UDP                1
#define UDP_TTL                 255
#define LWIP_STATS 0
#define LWIP_PROVIDE_ERRNO 1
#define LWIP_NETIF_LINK_CALLBACK        1
#define CHECKSUM_BY_HARDWARE 


#ifdef CHECKSUM_BY_HARDWARE
  /* CHECKSUM_GEN_IP==0: Generate checksums by hardware for outgoing IP packets.*/
  #define CHECKSUM_GEN_IP                 0
  /* CHECKSUM_GEN_UDP==0: Generate checksums by hardware for outgoing UDP packets.*/
  #define CHECKSUM_GEN_UDP                0
  /* CHECKSUM_GEN_TCP==0: Generate checksums by hardware for outgoing TCP packets.*/
  #define CHECKSUM_GEN_TCP                0 
  /* CHECKSUM_CHECK_IP==0: Check checksums by hardware for incoming IP packets.*/
  #define CHECKSUM_CHECK_IP               0
  /* CHECKSUM_CHECK_UDP==0: Check checksums by hardware for incoming UDP packets.*/
  #define CHECKSUM_CHECK_UDP              0
  /* CHECKSUM_CHECK_TCP==0: Check checksums by hardware for incoming TCP packets.*/
  #define CHECKSUM_CHECK_TCP              0
  /* CHECKSUM_CHECK_ICMP==0: Check checksums by hardware for incoming ICMP packets.*/  
  #define CHECKSUM_GEN_ICMP               0
#else
  /* CHECKSUM_GEN_IP==1: Generate checksums in software for outgoing IP packets.*/
  #define CHECKSUM_GEN_IP                 1
  /* CHECKSUM_GEN_UDP==1: Generate checksums in software for outgoing UDP packets.*/
  #define CHECKSUM_GEN_UDP                1
  /* CHECKSUM_GEN_TCP==1: Generate checksums in software for outgoing TCP packets.*/
  #define CHECKSUM_GEN_TCP                1
  /* CHECKSUM_CHECK_IP==1: Check checksums in software for incoming IP packets.*/
  #define CHECKSUM_CHECK_IP               1
  /* CHECKSUM_CHECK_UDP==1: Check checksums in software for incoming UDP packets.*/
  #define CHECKSUM_CHECK_UDP              1
  /* CHECKSUM_CHECK_TCP==1: Check checksums in software for incoming TCP packets.*/
  #define CHECKSUM_CHECK_TCP              1
  /* CHECKSUM_CHECK_ICMP==1: Check checksums by hardware for incoming ICMP packets.*/  
  #define CHECKSUM_GEN_ICMP               1
#endif
#define LWIP_NETCONN                    1
#define LWIP_SOCKET                     0
#define LWIP_DEBUG                      0
#define TCPIP_THREAD_NAME              "TCP/IP"
#define TCPIP_THREAD_STACKSIZE          1000
#define TCPIP_MBOX_SIZE                 5
#define DEFAULT_UDP_RECVMBOX_SIZE       2000
#define DEFAULT_TCP_RECVMBOX_SIZE       2000
#define DEFAULT_ACCEPTMBOX_SIZE         2000
#define DEFAULT_THREAD_STACKSIZE        500
#define TCPIP_THREAD_PRIO               (configMAX_PRIORITIES - 2)
#define LWIP_COMPAT_MUTEX               1

Thanks and Best Regards,
Amr Elsayed.
Founder & Engineer @ The-DIY-Life.


_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: LWIP altcp_mbedtls webserver performance issue

goldsimon@gmx.de
Amr Elsayed wrote:
> Hi Guys,

> I am using the LWIP altcp_mbedtls and httpd for implementing a webserver
> on STM32F437 which has a Cryptography processor ,Hash processor, and
> random generator [..]

mbedTLS does not use the hardware functions of this chip by default, you
need to add that by yourself (*). We do have a https webserver running on such
a chip at 80 MHz, so it should definitively be possible. We do have an external
helper chip doing the RSA though...

(*) you might find examples for STM in the embed-os repository

Regards,
Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: LWIP altcp_mbedtls webserver performance issue

Amr Elsayed
Dear Simon,
Thank you for the response, Can you share with me the chip name for the RSA ? I have implemented  the cryptography hardware accelerators on mbedtls library from ST examples, the accelerators are used in AES, DES, MD5, SHA1, SHA256 , and Entropy for the random generator. that's why the encryption is fast but the problem is only the Handshaking, as Far as I got, There's no hardware accelerators examples from ST for RSA. 

Thanks and Best Regards,
Amr Elsayed.
Founder & Engineer @ The-DIY-Life


On Wed, 17 Apr 2019 at 12:20, Simon Goldschmidt <[hidden email]> wrote:
Amr Elsayed wrote:
> Hi Guys,

> I am using the LWIP altcp_mbedtls and httpd for implementing a webserver
> on STM32F437 which has a Cryptography processor ,Hash processor, and
> random generator [..]

mbedTLS does not use the hardware functions of this chip by default, you
need to add that by yourself (*). We do have a https webserver running on such
a chip at 80 MHz, so it should definitively be possible. We do have an external
helper chip doing the RSA though...

(*) you might find examples for STM in the embed-os repository

Regards,
Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: LWIP altcp_mbedtls webserver performance issue

wilkxt

czw., 18 kwi 2019 o 10:04 Amr Elsayed <[hidden email]> napisał(a):
Dear Simon,
Thank you for the response, Can you share with me the chip name for the RSA ? I have implemented  the cryptography hardware accelerators on mbedtls library from ST examples, the accelerators are used in AES, DES, MD5, SHA1, SHA256 , and Entropy for the random generator. that's why the encryption is fast but the problem is only the Handshaking, as Far as I got, There's no hardware accelerators examples from ST for RSA. 

Thanks and Best Regards,
Amr Elsayed.
Founder & Engineer @ The-DIY-Life


On Wed, 17 Apr 2019 at 12:20, Simon Goldschmidt <[hidden email]> wrote:
Amr Elsayed wrote:
> Hi Guys,

> I am using the LWIP altcp_mbedtls and httpd for implementing a webserver
> on STM32F437 which has a Cryptography processor ,Hash processor, and
> random generator [..]

mbedTLS does not use the hardware functions of this chip by default, you
need to add that by yourself (*). We do have a https webserver running on such
a chip at 80 MHz, so it should definitively be possible. We do have an external
helper chip doing the RSA though...

(*) you might find examples for STM in the embed-os repository

Regards,
Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users


--
pozdrawiam
tomek

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: LWIP altcp_mbedtls webserver performance issue

goldsimon@gmx.de
In reply to this post by Amr Elsayed
Amr Elsayed wrote:
> Thank you for the response, Can you share with me the chip name for the RSA ?

No, sorry, I'm not involved in the details there. But as Tomek wrote, the
ATECC508A (or also the ATECC608A) should do a good job for ECDH.

> I have implemented  the cryptography hardware accelerators on mbedtls library
> from ST examples, the accelerators are used in AES, DES, MD5, SHA1, SHA256 ,
> and Entropy for the random generator.

It's a shame that ST doesn't provide official code for integration into mbedtls...

> that's why the encryption is fast but the problem is only the Handshaking,
> as Far as I got, There's no hardware accelerators examples from ST for RSA.

No, the STM32 don't support anything to speed up RSA or ECDH.

Regards,
Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users