altcp_tls_mbedtls: MBEDTLS_ECP_RESTARTABLE

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

altcp_tls_mbedtls: MBEDTLS_ECP_RESTARTABLE

Giuseppe Modugno
I tried to enable MBEDTLS_ECP_RESTARTABLE option in config.h of mbedTLS.
This option (and the use of mbedtls_ecp_set_max_ops()) limits the number
of operations made during expensive ECC crypto functions. It's important
in my NO_SYS application, because I need to serve other "tasks" in a
resonable time and TLS handshake could take even 5 seconds!

However I think the layer altcp_tls_mbedtls isn't compatible with
MBEDTLS_ECP_RESTARTABLE. Indeed mbedtls_ssl_handshake() could return
MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, but this return value isn't managed
in altcp_mbedtls_lower_recv_process().
Also mbedtls_ssl_read() and mbedtls_ssl_write() could return
MBEDTLS_ECP_RESTARTABLE.

When one of the above functions return
MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, the application should call the
function again with the same input parameters.

I'd like to invest some time to add MBEDTLS_ECP_RESTARTABLE support in
altcp_tls_mbedtls, but I need some help how to do. I think we need a
crypto_in_progress flag in altcp_mbedtls_state_t that is set when
MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS is returned.
In poll callback we call again the function when the flag is set.

However we don't have a poll callbak during handshake: the final poll
callback will be set after successfull handshake. Do I create and use a
temporary poll callback to set in altcp_mbedtls_setup_callbacks()?

After handshake, mbedtls_ssl_read() and mbedtls_ssl_write() could return
MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS. So this situation must be faced too.
Any help?



_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: altcp_tls_mbedtls: MBEDTLS_ECP_RESTARTABLE

Giuseppe Modugno
Il 24/06/2019 18:04, Giuseppe Modugno ha scritto:

> I tried to enable MBEDTLS_ECP_RESTARTABLE option in config.h of
> mbedTLS. This option (and the use of mbedtls_ecp_set_max_ops()) limits
> the number of operations made during expensive ECC crypto functions.
> It's important in my NO_SYS application, because I need to serve other
> "tasks" in a resonable time and TLS handshake could take even 5 seconds!
>
> However I think the layer altcp_tls_mbedtls isn't compatible with
> MBEDTLS_ECP_RESTARTABLE. Indeed mbedtls_ssl_handshake() could return
> MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, but this return value isn't
> managed in altcp_mbedtls_lower_recv_process().
> Also mbedtls_ssl_read() and mbedtls_ssl_write() could return
> MBEDTLS_ECP_RESTARTABLE.
>
> When one of the above functions return
> MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, the application should call the
> function again with the same input parameters.
>
> I'd like to invest some time to add MBEDTLS_ECP_RESTARTABLE support in
> altcp_tls_mbedtls, but I need some help how to do. I think we need a
> crypto_in_progress flag in altcp_mbedtls_state_t that is set when
> MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS is returned.
> In poll callback we call again the function when the flag is set.

No it doesn't work. Poll callback is called only 2 times a second.
mbedtls_handshake() must be called several times until it doesn't return
CRYPTO_IN_PROGRESS. With poll callback the handshake would take too much
time.

Another possibility is to fire a timeout that is already expired:
sys_timeout(0, ...).

Do you think there's a better solution?

>
> However we don't have a poll callbak during handshake: the final poll
> callback will be set after successfull handshake. Do I create and use
> a temporary poll callback to set in altcp_mbedtls_setup_callbacks()?
>
> After handshake, mbedtls_ssl_read() and mbedtls_ssl_write() could
> return MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS. So this situation must be
> faced too. Any help?
>
>

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: altcp_tls_mbedtls: MBEDTLS_ECP_RESTARTABLE

goldsimon@gmx.de
"Giuseppe Modugno" wrote:
> No it doesn't work. Poll callback is called only 2 times a second.
> mbedtls_handshake() must be called several times until it doesn't return
> CRYPTO_IN_PROGRESS. With poll callback the handshake would take too much
> time.
>
> Another possibility is to fire a timeout that is already expired:
> sys_timeout(0, ...).
>
> Do you think there's a better solution?

Not really. If you implement the sys_timeout() thing, you might want to
find a solution that doesn't use one sys_timeout() per connection. And
a fallback to using 'poll' might be good as well (as sys_timeout() can
fail due to lack of resources).

Regards,
Simon

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: altcp_tls_mbedtls: MBEDTLS_ECP_RESTARTABLE

Giuseppe Modugno
Il 25/06/2019 14:29, Simon Goldschmidt ha scritto:

> "Giuseppe Modugno" wrote:
>> No it doesn't work. Poll callback is called only 2 times a second.
>> mbedtls_handshake() must be called several times until it doesn't return
>> CRYPTO_IN_PROGRESS. With poll callback the handshake would take too much
>> time.
>>
>> Another possibility is to fire a timeout that is already expired:
>> sys_timeout(0, ...).
>>
>> Do you think there's a better solution?
> Not really. If you implement the sys_timeout() thing, you might want to
> find a solution that doesn't use one sys_timeout() per connection.
In my case I have only one TLS connection, so it's not important.
> And
> a fallback to using 'poll' might be good as well (as sys_timeout() can
> fail due to lack of resources).

As I said, poll can't be used because it is called only two times per
second.



_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: altcp_tls_mbedtls: MBEDTLS_ECP_RESTARTABLE

goldsimon@gmx.de
Am 25.06.2019 um 16:40 schrieb Giuseppe Modugno:

> Il 25/06/2019 14:29, Simon Goldschmidt ha scritto:
>> "Giuseppe Modugno" wrote:
>>> No it doesn't work. Poll callback is called only 2 times a second.
>>> mbedtls_handshake() must be called several times until it doesn't return
>>> CRYPTO_IN_PROGRESS. With poll callback the handshake would take too much
>>> time.
>>>
>>> Another possibility is to fire a timeout that is already expired:
>>> sys_timeout(0, ...).
>>>
>>> Do you think there's a better solution?
>> Not really. If you implement the sys_timeout() thing, you might want to
>> find a solution that doesn't use one sys_timeout() per connection.
> In my case I have only one TLS connection, so it's not important.
>> And
>> a fallback to using 'poll' might be good as well (as sys_timeout() can
>> fail due to lack of resources).
>
> As I said, poll can't be used because it is called only two times per
> second.

Well, I got that. And my thought was wrong, sys_timeout() asserts hard
when its pool is empty, so a fallback to poll cannot be implemented...

Regards,
Simon

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel