• AVR Freaks

Helpful ReplyHot!PIC32 and TLS 1.2

Page: < 123 > Showing page 2 of 3
Author
hevats
Junior Member
  • Total Posts : 48
  • Reward points : 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/01/29 10:50:07 (permalink)
0
Maybe some of us can come together and write our own implementation... Having been here for sometime I know there is no lack of required skill-set, though this task is above my skills for sure :P
 
Anyone interested can contribute and share the cost... which I believe would be a fraction required for licensing any off-the-shelf solution (BTW they never work off-the-shelf) We can either make it closed source, only for people who pay or open to all.
 
I'm interested in the PLIB version myself, not having harmonious relations with Harmony yet!
 
Just to put on record, I'll be willing to contribute to any such plans.
#21
NorthGuy
Super Member
  • Total Posts : 5590
  • Reward points : 0
  • Joined: 2014/02/23 14:23:23
  • Location: Northern Canada
  • Status: offline
Re: PIC32 and TLS 1.2 2016/01/29 11:07:16 (permalink)
3 (1)
I implemented SSL once for x86. I had plain version, version optimized for MMX (imagine there used to be processors without MMX), and version optimized for SSE2. It was about twice as fast as OpenSSL back then.
 
There are two hard parts in it - efficient code for big-number arithmetic (because you need it fast) and parsing of DER certificates (because of sheer amount of bureaucracy involved).
 
#22
malaugh
Super Member
  • Total Posts : 400
  • Reward points : 0
  • Joined: 2011/03/31 14:04:42
  • Location: San Diego
  • Status: offline
Re: PIC32 and TLS 1.2 2016/01/31 20:11:12 (permalink) ☄ Helpfulby stephaneC 2016/09/05 05:58:44
5 (1)
We just finished an SSL project at my company.  After getting it to work with the Microchip WolfSSL sample code, we substituted WolfSSL for mbedTLS.  Took about 3 weeks to get it running, and we had to do some work to slim it down, but we got our firmware working with 1MB flash on an MZ processor.  Works good, and no license fees, mbedTLS has a LGPL license, which means you do not need to open source your own code..  This is using the Microchip MLA stack (not the Harmony stack). 
 
post edited by malaugh - 2016/01/31 20:13:28
#23
RISC
Super Member
  • Total Posts : 5376
  • Reward points : 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/01/31 23:48:50 (permalink)
0
Hi,
Is it allowed by the mbedTLS license to port it to non ARM architectures ?
Regards
 
#24
concertinaman
Bug Sorter
  • Total Posts : 250
  • Reward points : 0
  • Joined: 2007/06/14 05:56:58
  • Location: UK
  • Status: offline
Re: PIC32 and TLS 1.2 2016/02/01 02:28:14 (permalink)
5 (1)
My understanding is yes.
Mbed TLS uses the apache license and there is nothing in that to preclude porting to MIPS.
Its one of a couple of free options we are looking at for an upcoming project, the other being openpicus 
#25
vlm
New Member
  • Total Posts : 2
  • Reward points : 0
  • Joined: 2016/04/08 00:31:33
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/04/08 15:11:00 (permalink)
3 (1)
malaugh
We just finished an SSL project at my company.  After getting it to work with the Microchip WolfSSL sample code, we substituted WolfSSL for mbedTLS.  Took about 3 weeks to get it running, and we had to do some work to slim it down, but we got our firmware working with 1MB flash on an MZ processor.  Works good, and no license fees, mbedTLS has a LGPL license, which means you do not need to open source your own code..  This is using the Microchip MLA stack (not the Harmony stack). 
 




Malaugh, we are facing the exact same issue and have been struggling with Microchip for months now.   We are not using Harmony due to the too many bugs and are using the old but proven PLIB stack which works great and is stable except for the fact that we need a SSL / TLS web server.
 
Have you managed to do this with mbedTLS and if so what is the memory size?  We are on PIC32MX - so no luxury of 1MB memory ;-(
 
#26
malaugh
Super Member
  • Total Posts : 400
  • Reward points : 0
  • Joined: 2011/03/31 14:04:42
  • Location: San Diego
  • Status: offline
Re: PIC32 and TLS 1.2 2016/04/11 07:24:20 (permalink)
3 (1)
Hi Vim
 
Yes, we finished the project.  The unit with the firmware that includes mbedTLS is currently in beta trial.  Below is the memory map from Mplab-X.  The design includes the IOT MQTT protocol and a web server with around 20k of web page HTML.  As you can see, the total memory is 481,124 bytes of program memory, and 50,204 bytes of RAM memory.  It would fit in ab MX CPU, but not much room for expansion.  We have a separate bootloader that takes about 52K program memory that is not included in this total, so our true memory usage is 481 + 52 = 533K which would put us outside the 512K limit for the MX.   Any reason for not switching to the MZ?  Its only a couple of bucks more money.  We switched from the MX to the MZ when we added the mbedTLS library, but are not using harmony.  We found that MLA TCP/IP stack would recompile without modification for the new CPU since it does not use any PLIB calls. We do have one issue now though.  We may switch to the new "N" WiFi modules, but Microchip are only supporting Harmony with this chip, no MLA updates, and the driver code is only in library form, no source code.  I am not sure what the PIC16/PIC24 guys will do, since MLA is still being used for those CPUs.
 
<?xml version="1.0" encoding="UTF-8"?>
<project>                                  
  <executable name="dist/RELEASE/production/my_unit.elf">                 
    <memory name="program">                 
      <units>bytes</units>                 
      <length>2057344</length>                 
      <used>481124</used>                     
      <free>1576220</free>                     
    </memory>                              
    <memory name="data">              
      <units>bytes</units>                 
      <length>524288</length>                 
      <used>50204</used>                     
      <free>474084</free>                     
    </memory>                              
  </executable>                            
</project>                                 


 
#27
vlm
New Member
  • Total Posts : 2
  • Reward points : 0
  • Joined: 2016/04/08 00:31:33
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/04/11 07:30:02 (permalink)
3 (1)
Malaugh,
 
we plan on modifying our hardware and move to the MZ modules.  However we need to support "old" customers running the MX modules and as such we need a SSL TLS solution.
 
We would just need a SSL TLS capable web server (no other bells & whistles like the IOT MQTT protocol).   If I may ask: how much memory did the mbedTLS module require? Was it difficult to implement? (we are most certainly not guru's like you Smile: Smile )
#28
malaugh
Super Member
  • Total Posts : 400
  • Reward points : 0
  • Joined: 2011/03/31 14:04:42
  • Location: San Diego
  • Status: offline
Re: PIC32 and TLS 1.2 2016/04/11 15:59:27 (permalink)
3 (1)
Hi Vim
 
I do not have exact numbers for the additional memory. My best guess would be 200K to 250K.  The stack is around 150k - 200K, MQTT around 50K, and the serial connection plus other general firmware around 40K.  Its not that difficult to port embedTLS. The code it is very well organized. You need to replace the driver which is normal Berkley socket calls with the weird Microchip socket API.
 
 
#29
NKurzman
A Guy on the Net
  • Total Posts : 17720
  • Reward points : 0
  • Joined: 2008/01/16 19:33:48
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/04/11 19:15:01 (permalink)
0
malaugh
 
Are you saying to feel that mbedTLS could be added tot he Harmony Stack without out a crazy amount of effort?
Adding to the Hooks the WolfSSL use would be reasonable.  I assume they will stop rearranging everything at some point. Or are you just talking MLA at this point.
And the Lisence would allow it and Harmony to be sold without distributing Source or Binary?
 
Depending on how WolfSSL defines a SKU the cost could be a deal killer for me. 
#30
malaugh
Super Member
  • Total Posts : 400
  • Reward points : 0
  • Joined: 2011/03/31 14:04:42
  • Location: San Diego
  • Status: offline
Re: PIC32 and TLS 1.2 2016/04/11 20:08:34 (permalink) ☄ Helpfulby stephaneC 2016/09/05 06:02:04
5 (1)
From my reading of the WolfSSL licensing: 1 SKU = $5,000.  I have not contacted them so can't be sure.
 
I have no experience with Harmony, so I cant say how much effort it would be.   For MLA we had to take the mbedTLS driver (the file is called net.c) and substitute the Berkley socket API (bind, read, write, select etc) with the equivalent calls in the Microsoft Stack API.  Its a little more complicated, I am simplifying here, but that's the basis of it.  The other change is embedTLS stores the certificates and private key as files, and uses the file system API (fopen, fread) to read the information, we had to substitute this for storing data in memory and supplying a new driver.
 
Hope this helps.
#31
NKurzman
A Guy on the Net
  • Total Posts : 17720
  • Reward points : 0
  • Joined: 2008/01/16 19:33:48
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/04/11 20:18:25 (permalink)
3 (1)
I guess I will need to take a look at it.  But I do not need TLS for testing.  It is all internal.  So I have time.
 
My Issue is 1 controller is used in different system that are just more powerful versions of each other (choose the size you need). So it that $5K or $50K
#32
muellernick
Super Member
  • Total Posts : 473
  • Reward points : 0
  • Joined: 2015/01/06 23:58:23
  • Location: Germany
  • Status: offline
Re: PIC32 and TLS 1.2 2016/04/13 03:07:08 (permalink)
3 (1)
May I suggest emSSL from SEGGER (once again; shameless plug)?
 
I'm using it for TLS1.2, and I'm happy with it. Costs 4000 € with a "one CPU license". Means that you can use it on several products, as long as it is the same CPU. And CPU means family. SEGGER writes, that it is actually a license for a compiler. As the PIC32MX and PIC32MZ use the same compiler, that would allow you to use both CPUs. But I'm really not in that legalese crap! I use it on one CPU.
 
There is an issue with emSSL, that is it is blocking (relevant if you use Harmony and no RTOS). I found a nasty way around that and it works (search for SEGGER in this forum for more information).
 
Memory footprint is tiny. You can get along with just 4 k per SSL-connection, currently I use 12 k (and haven't investigated in having more than one SSL-connection).
Code seems to be like 60k if you restrict protocols and if running as client. Server works too, but no experience. A SSL-server running on my device will be a later step for an extended application around end of that year
 
From switching on power to having a working SSL-connection and sending the first bytes, it takes just 2 to 3 seconds. That includes all the setup of other tasks.
 
Oh, and running at 40 MHz on a PIC32MX.
 
 
Nick, happy camper
#33
hevats
Junior Member
  • Total Posts : 48
  • Reward points : 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/04/22 02:25:51 (permalink)
0
Hi malaugh

Would it be possible to provide your code to others in this community? I understand your work would be of commercial nature, just wanted to ask anyway.

If possible, maybe you (your company) can sell it to people (like us) who need TLS on the MLA stack, like a paid licensed version.

If it could be opensourced (I know I ask too much!) it would benefit a lot of people. We can find someway to pay you back... don't know how. For myself, I can offer free PCB samples to you and anyone who helps with the code (I'm part owner of a large PCB company in HK)
 
In any case, excellent work! Please do keep us informed of further progress.
post edited by hevats - 2016/04/22 02:42:38
#34
malaugh
Super Member
  • Total Posts : 400
  • Reward points : 0
  • Joined: 2011/03/31 14:04:42
  • Location: San Diego
  • Status: offline
Re: PIC32 and TLS 1.2 2016/04/22 07:07:19 (permalink)
0
Its tough,  I get paid to write firmware, so my work is the property of my company.  I do not have the code as an isolated piece, its all jumbled in with the proprietary code that goes into our product.  Having said that, let me see what I can do.
#35
hevats
Junior Member
  • Total Posts : 48
  • Reward points : 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/04/22 07:43:39 (permalink)
0
Thanks a lot! I would understand if all you can provide is advice & direction, which is truly appreciated.
#36
swissembedded
Starting Member
  • Total Posts : 81
  • Reward points : 0
  • Joined: 2013/05/24 00:11:03
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/06/25 13:04:00 (permalink)
0
Hi Malaugh,
I'm also interested in your port.
Best Dani
#37
malaugh
Super Member
  • Total Posts : 400
  • Reward points : 0
  • Joined: 2011/03/31 14:04:42
  • Location: San Diego
  • Status: offline
Re: PIC32 and TLS 1.2 2016/06/27 08:32:01 (permalink)
0
Now we have the mbedTLS working, we are looking into another solution for some of our existing products. We need to lower our costs, support TLS1.2, and would like to support 'N" WiFi. I have been looking at our options.
 
We plan on switching WiFi chips.  Our current WiFi chip is the MRF24WG0MA.   I looked at the available WiFi chips, and its seems like the Atmel ATWINC1500 is the best choice for us.  It has a built in stack, is much cheaper that our current WiFi chip (and Microchip's MRF24WN0M replacement), and has TLS1.2 support.  We will not need to burden the CPU with stack or TLS support so we can save some time and money here also.  This decision is made easier for us since Atmel is now owned by Microchip.  
 
We are currently looking at how to Marry the WIC1500 into our existing code.  Atmel supplies a library that uses a standard Berkley API and talks to the WiFi module over a SPI interface using the same interface pins as our current WiFi chip. We just need to provide the low level driver to transfer the data with the SPI interface.
 
I will keep you posted on our progress.
post edited by malaugh - 2016/06/27 08:38:08
#38
kseg
Starting Member
  • Total Posts : 65
  • Reward points : 0
  • Joined: 2016/05/26 07:30:47
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/07/01 21:33:18 (permalink)
0
malaugh
...
We switched from the MX to the MZ when we added the mbedTLS library, but are not using harmony.  We found that MLA TCP/IP stack would recompile without modification for the new CPU since it does not use any PLIB calls. 
...                  



Hello Malaugh,
 
Seems you already ported MCHP TCP/IP Stack for PIC32MZ project successfully. Now I am also porting it for my first PIC32MZ project. I only want to implement the TCPIPDemo(HTTP2 Web service) not TLS. But my port never works fine. My application always is blocked in "TCPFlush()".  I took a lots of time to fix this issue, but no luck for me. I only know that there are cache things I didn't handler correctly because my application can run fine if cache is disabled
Now I want to know how to handler cache things correctly in MCHP TCP/IP Stack if cache is enabled.
Would you give me some advice or direction?
post edited by kseg - 2016/07/01 21:36:09
#39
hevats
Junior Member
  • Total Posts : 48
  • Reward points : 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/08/14 04:00:02 (permalink)
0
Bit off topic, anyone going to USA Masters? Would be great to meet face to face...
#40
Page: < 123 > Showing page 2 of 3
Jump to:
© 2019 APG vNext Commercial Version 4.5