You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by vysocan76
Pages 1
Hello David,
thanks for reply. I will try the CubeMX crypto lib. Hope it can live together with RTOS ChibiOS HAL I use now.
Adam
Hello,
relating to the crypto HW support, while checking the "STM32 Cryptographic library package V2.0.6" which, I assume, is included in WolfSSL by defines like #ifdef WOLFSSL_STM32_CUBEMX ... #else /* Standard Peripheral Library */. Namely I've included directory STM32F4xx_StdPeriph_Driver with file like stm32f4xx_cryp.c and stm32f4xx_cryp_aes.c, which were required by WolfSSL.
But this STM32F4xx_StdPeriph_Driver itself does not have any function call to included cryptography library like M4_CryptoFW_RngHW_2_0_6.a from STM32_Cryptographic_Library directory.
I must say I'm new to this crypto HW, but I really wonder how this STM library works.
On the other hand there is STM32F4xx_Cryptographic_Templates demo program that requires both STM32F4xx_StdPeriph_Driver directory and the library M4_CryptoFW_RngHW_2_0_6.a. Calling functions like:
AES_CBC_Decrypt_Append
AES_CBC_Decrypt_Finish
AES_CBC_Decrypt_Init
...
Which works on my board.
Any hints are truly welcomed.
Adam
Hello David,
Adding STM32_HAL_V2 did not make the HW crypto work, still same error.
When connecting to api.telegram.org I have AES-GCM and ECC AES-GCM suites enabled. Out of these server chose TLS_DHE_RSA_WITH_AES_128_GCM_SHA256.
I will try to go deeper by the #define to see why my normal arm-none-eabi-gcc math is faster.
Thanks Adam.
One extra thing that I've tried is to remove #define WOLFSSL_DH_CONST, but it did not make any change:
Normal build:
12.4613 seconds
#define USE_FAST_MATH
18.5334 seconds
#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#define WOLFSSL_SP
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
13.8867 seconds
Though disabling HW FPU will make some changes to FAST_MATH but not.
Here is my user_settings.h for reference:
#include <stdint.h>
#include <stm32f4xx_rcc.h>
#define WOLFSSL_STM32F4
//#define NO_STM32_RNG
#define NO_STM32_CRYPTO
//#define NO_STM32_HASH
/* Configuration */
#define WOLFSSL_GENERAL_ALIGNMENT 4
#define HAVE_TM_TYPE
#define WORD64_AVAILABLE
/* ChibiOS + Lwip */
#define HAVE_LWIP_NATIVE
#define WOLFSSL_CHIBIOS
#define USER_TICKS
#define WOLFSSL_USER_CURRTIME
#define XMALLOC_OVERRIDE
//#define USE_WOLF_TIME_T
#define XTIME(tl) (LowResTimer())
/* ARM */
#define RSA_LOW_MEM
#define NO_OLD_RNGNAME
#define SMALL_SESSION_CACHE
#define WOLFSSL_SMALL_STACK // needs + 7KB tread stack size, then faster 14->12 sec
#define TFM_ARM
#define SINGLE_THREADED
#define NO_SIG_WRAPPER
/* Cipher features */
//#define USE_FAST_MATH // Actually adds time to execution
//#define ALT_ECC_SIZE
// tests
//#define WOLFSSL_SP_ARM_CORTEX_M_ASM
//#define WOLFSSL_SP
//#define WOLFSSL_HAVE_SP_RSA
//#define WOLFSSL_HAVE_SP_DH
#define HAVE_FFDHE_2048
#define HAVE_CHACHA
#define HAVE_POLY1305
#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVED25519_SMALL
#define HAVE_ONE_TIME_AUTH
#define WOLFSSL_DH_CONST
//#define WOLFSSL_STATIC_RSA // removing discouraged
//OHS
#define HAVE_AES // ? needed
#define HAVE_AESGCM // Telegram
/* HW RNG support */
unsigned int chibios_rand_generate(void);
int custom_rand_generate_block(unsigned char* output, unsigned int sz);
#define CUSTOM_RAND_GENERATE chibios_rand_generate
#define CUSTOM_RAND_TYPE uint32_t
//#define HAVE_ED25519
#define HAVE_POLY1305
//--#define HAVE_SHA512
//--#define WOLFSSL_SHA512
/* Size/speed config */
//#define USE_SLOW_SHA2
//#define USE_SLOW_SHA512
/* Robustness */
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING
/* Remove Features */
#define NO_WRITEV
//#define NO_DEV_RANDOM
#define NO_FILESYSTEM
#define NO_MAIN_DRIVER
#define NO_MD4
#define NO_RABBIT
#define NO_HC128
#define NO_DSA
#define NO_PWDBASED
#define NO_PSK
#define NO_DES3
#define NO_RC4
// OHS added disable all certificate date checking
#define NO_ASN_TIME
#define DEBUG_WOLFSSL
// OHS special defines
#define WOLFSSL_HEAP_ON_UMM
#define WOLFSSL_USE_SOCKET
#ifndef WOLFSSL_HEAP_ON_UMM
/* Realloc (to use without USE_FAST_MATH) */
void *chHeapRealloc (void *addr, uint32_t size);
#define XREALLOC(p,n,h,t) chHeapRealloc( (p) , (n) )
#endifHello David,
thanks for quick reply.
I did just now replace my wolfssl dir with master. Still I have the same error for AES-GCM.
I wonder if I have my build created correctly. I have ported existing server demo for F7 from ChibiOS and made it a client. I had many problems on begining to compile and link it. There were missing c files in https://github.com/ChibiOS/ChibiOS/blob … wolfssl.mk and some /ports/* files that are not needed for F7 only demo,
Same way I'm puzzled with the speed of the FAST_MATH and WOLFSSL_SP. I just measured again with refreshed library.
Normal build:
12.3792 seconds
#define USE_FAST_MATH
18.5480 seconds
#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#define WOLFSSL_SP
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
13.8819 seconds
Seems opposite to what you've suggested.
Hello,
for my embedded application running ChibiOS with LWIP I'm trying to add a HTTPS client. I've managed to build and run a test client connecting to api.telegram.org. However facing some issues I'm not able to solve for now.
First, for my target I use WOLFSSL_STM32F4 and I imported STM32 HAL Crypto libraries to support HW encryption. With ChibiOS included WolfSSL 4.0.0.7 I did not succeed to compile and link. But moving to newest WolfSSL helped. But somehow I'm unable to pass wolfSSL_connect() without errors like:
...
sent: client key exchange
connect state: FIRST_REPLY_SECOND
connect state: FIRST_REPLY_THIRD
growing output buffer
Shrinking output buffer
sent: change cipher spec
connect state: FIRST_REPLY_FOURTH
wolfSSL Entering SendFinished
growing output buffer
wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return -180
wolfSSL error occurred, error = -320However by defining NO_STM32_CRYPTO this error is gone. I wonder what I might do wrong as I tried to verify the AES HW by running the STM32 test program.
Second, If I keep the SW Crypto on I see very slow "SendClientKeyExchange" section. It actually takes around 12-14 seconds in wc_DhSetCheckKey() doing some magic with prime numbers like fast_mp_montgomery_reduce().
I tried to add USE_FAST_MATH, but that actually add extra 4-5 seconds. Or WOLFSSL_SP which seems negligible.
I wonder if there is any way to speed this part up, or maybe prepare the DH key only once on startup.
Thanks in advance,
Adam
Pages 1
wolfSSL - Embedded SSL Library → Posts by vysocan76
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.019 seconds (96% PHP - 4% DB) with 4 queries