• AVR Freaks

Helpful ReplyHot!PIC32 and TLS 1.2

Page: 123 > Showing page 1 of 3
Author
tomashal
New Member
  • Total Posts : 13
  • Reward points : 0
  • Joined: 2010/01/14 03:56:52
  • Location: 0
  • Status: offline
2015/10/13 07:02:47 (permalink)
0

PIC32 and TLS 1.2

We are going to start a project where we need to communicate with a webserver. Our plan is to use PIC32. But this server requires TLS 1.2, and I'm not sure how complicated this is with PIC32.
 
Does anyone have experience of implementing TLS 1.2 with PIC32?
 
#1
pwright
Senior Member
  • Total Posts : 63
  • Reward points : 0
  • Joined: 2013/10/21 10:58:15
  • Location: Chandler, AZ
  • Status: offline
Re: PIC32 and TLS 1.2 2015/10/13 08:28:28 (permalink)
0
Look at the wolfssl_tcp_client demo application under apps/tcpip.  That is a simple application that uses the wolfssl library to communicate with a webserver, in both secure and unsecure mode.  The wolfssl library uses anywhere from SSL 3.0 to TLS 1.2.  It can also be configured to only access TLS 1.2 if you want.
#2
tomashal
New Member
  • Total Posts : 13
  • Reward points : 0
  • Joined: 2010/01/14 03:56:52
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2015/10/15 02:14:43 (permalink)
0
Thanks for your answer!
I'll have a look at it. And as I understand from wolfSSL webpage, this will cost 5000 USD to use?
 
#3
Adrian B
Super Member
  • Total Posts : 80
  • Reward points : 0
  • Joined: 2014/04/16 10:03:07
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2015/10/15 12:42:06 (permalink)
3 (1)
That demo application is not a webserver! It is a raw server socket listening on port 443 and spitting out "Nothing here" plus some HTTP formatting tags whenever somebody connects to it.
 
And, yes WollfSSL is $5000 per SKU for commercial use. Otherwise is free.
#4
jgvicke
Super Member
  • Total Posts : 458
  • Reward points : 0
  • Joined: 2010/09/28 20:18:24
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2015/10/23 18:48:20 (permalink) ☄ Helpfulby stephaneC 2016/09/05 05:53:51
5 (3)
I just went through all the license options with Wolf in great detail because I wanted to have encryption on my webserver as well, and there are some things that are not published well.
  • Currently the demo is only a socket connection as mentioned above. They are working to integrate it into the HTTP server (supposedly for Harmony 1.07) but it would take a lot of work to use it in 1.06 for the web interface. It is possible, and there are people that have already done it, but it isn't simple.
  • Here is the big issue. WolfSSL uses the GPLv2 license for their "free" version. GPLv2 is NOT compatible with the Microchip License. IE if you want to use Harmony, or any microchip library for that matter (including PLIB stuff), you cannot use WolfSSL for free. I guess you could use it for free for personal use because you are not distributing any code, but as soon as you release a product with it, you are violating either Microchip's or WolfSSL's licenses.
  • Their pricing structure is $5k for a single product, single SKU number. $25k is for a single product line, but multiple SKU numbers (think multiple security cameras, all are cameras, but 1 is a static mount and 1 is a pan/tilt/zoom, that would require the $25k level). There is another level up for multiple product lines in the same category, each with multiple SKU numbers, and I think that one was $50k. Then the top level was company wide, it covers any product your company makes, and I think that one was $100k. The other thing they don't tell you on the site is if you want to purchase a license, they also want you to sign up for their yearly support package, which is also >$1k per year. If you want support from them getting WolfSSL into your product, you have to purchase the support package. All of these price options only get you the current release, to get new updates you have to pay the support packages.
Bottom line, if you want to use WolfSSL with Microchip, plan to pay out the nose for it. To be fair, I was unable to find a cheaper alternative, and once it is integrated into Harmony, having an easy integration is worth quite a bit.
 
Let me know if you have any other questions that I didn't cover.
 
John Vickers

PIC32 Helpful Tools I have made:
https://rebrand.ly/PIC32MZ144PinMapping
https://rebrand.ly/PIC32MX100PinMapping

Feel free to email me if you have any suggestions for any of these tools.
#5
NorthGuy
Super Member
  • Total Posts : 5573
  • Reward points : 0
  • Joined: 2014/02/23 14:23:23
  • Location: Northern Canada
  • Status: offline
Re: PIC32 and TLS 1.2 2015/10/23 19:45:38 (permalink)
5 (2)
jgvicke
... I think that one was $50k. Then the top level was company wide, it covers any product your company makes, and I think that one was $100k ...



For that kind of money I'll write you a very efficient TLS implementation specifically tailored for your particular processor and you will have your own source :)
#6
jgvicke
Super Member
  • Total Posts : 458
  • Reward points : 0
  • Joined: 2010/09/28 20:18:24
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2015/10/24 05:12:32 (permalink)
2 (2)
The one thing I will give them that supports their pricing structure (but unfortunately doesn't matter to most people) is that they are FIPS validated. If you need to do anything with the military, they require FIPS validated encryption, and that can take more than a year and on the low side cost $50k (easily more than $100k if you have to do a 2nd round). From that side, their stuff is a steal for ease of integration and already being FIPS validated.
 
The down side is most of us want encryption for just standard products, and for us FIPS is not at all needed. So the huge price tags are pretty ridiculous. I would pay $5k for the company wide license no problem, and even accept that it wouldn't cover future releases, but that is about all I would consider at the moment.
 
John Vickers

PIC32 Helpful Tools I have made:
https://rebrand.ly/PIC32MZ144PinMapping
https://rebrand.ly/PIC32MX100PinMapping

Feel free to email me if you have any suggestions for any of these tools.
#7
malaugh
Super Member
  • Total Posts : 400
  • Reward points : 0
  • Joined: 2011/03/31 14:04:42
  • Location: San Diego
  • Status: offline
Re: PIC32 and TLS 1.2 2015/10/24 10:37:36 (permalink)
3.5 (2)
Did anyone look at mbed TLS (used to be called PolarSSL).  This seems to be equivalent in code size and features to WolfSSL, but is Apache licensed, which means you can use it without fees.  I am currently evaluating this, I have it working on the PC and have just started porting it to the Microchip stack.
#8
jgvicke
Super Member
  • Total Posts : 458
  • Reward points : 0
  • Joined: 2010/09/28 20:18:24
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2015/10/24 11:19:56 (permalink)
0
I think you should be fine on the license side of things. I hope you are able to successfully port it into the Harmony Stack. If you do you can share it with the TCP/IP team and they can make it easier in future versions of harmony.
 
John Vickers

PIC32 Helpful Tools I have made:
https://rebrand.ly/PIC32MZ144PinMapping
https://rebrand.ly/PIC32MX100PinMapping

Feel free to email me if you have any suggestions for any of these tools.
#9
tomashal
New Member
  • Total Posts : 13
  • Reward points : 0
  • Joined: 2010/01/14 03:56:52
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2015/11/11 23:34:43 (permalink)
4 (2)
Thanks for the input!
 
This product is estimated to 100pcs. If we want to use WolfSSL, 5000$ will add 50$ to each unit. I'm afraid that is not possible. The option for us is to use something else (mbed TLS?) or look at something else than PIC32.
 
Regards, Tomas
#10
muellernick
Super Member
  • Total Posts : 473
  • Reward points : 0
  • Joined: 2015/01/06 23:58:23
  • Location: Germany
  • Status: offline
Re: PIC32 and TLS 1.2 2015/11/12 00:53:52 (permalink)
3 (1)
I'm in need for TLS too.
Yesterday, I phoned with Segger. They do offer TLS for 3980 EUR. Didn't read the fine print yet (yearly feeds? update cost? per unit cost?) but the 4 k€ seem to be the end price.
To try it, you need to buy a development-only-version for 1194 €. No free trial.
 
Think we will order it this week. The pressure for us to implement TLS is really high. And having implemented it, will save us money.
 
I'll report back ...
 
linkylinky: https://www.segger.com/emssl.html
 
Nick
#11
jgvicke
Super Member
  • Total Posts : 458
  • Reward points : 0
  • Joined: 2010/09/28 20:18:24
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2015/11/17 21:13:36 (permalink)
3 (1)
For that price, why don't you use WolfSSL which is integrated into the stack for you. It is about the same price.
 
John Vickers

PIC32 Helpful Tools I have made:
https://rebrand.ly/PIC32MZ144PinMapping
https://rebrand.ly/PIC32MX100PinMapping

Feel free to email me if you have any suggestions for any of these tools.
#12
concertinaman
Bug Sorter
  • Total Posts : 250
  • Reward points : 0
  • Joined: 2007/06/14 05:56:58
  • Location: UK
  • Status: offline
Re: PIC32 and TLS 1.2 2015/11/18 09:05:35 (permalink)
3 (1)
jgvicke
For that price, why don't you use WolfSSL which is integrated into the stack for you. It is about the same price.
John Vickers



Hmm!
I read that differently.
The segger licence for "Single Developer Single Platform" is price x1. That's EU3980 for any number of products providing single compiler/cpu, against wolf's $25k to $50k from your quote above.
 
#13
jgvicke
Super Member
  • Total Posts : 458
  • Reward points : 0
  • Joined: 2010/09/28 20:18:24
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2015/11/18 09:15:36 (permalink)
3 (1)
You are correct, I was assuming a small project like the one discussed above, which could be just the $5K. If you are going to put it in lots of projects, then I understand the decision.
 
Another option you may want to look at is if you can find an RTOS that is easier to use with Harmony that has TLS 1.2 built into it.
 
John Vickers

PIC32 Helpful Tools I have made:
https://rebrand.ly/PIC32MZ144PinMapping
https://rebrand.ly/PIC32MX100PinMapping

Feel free to email me if you have any suggestions for any of these tools.
#14
muellernick
Super Member
  • Total Posts : 473
  • Reward points : 0
  • Joined: 2015/01/06 23:58:23
  • Location: Germany
  • Status: offline
Re: PIC32 and TLS 1.2 2015/11/19 01:33:55 (permalink)
3 (1)
Feedback ...
 
So I got the license right now. I'll have to finish a small part before diving into SSL. I'll keep you updated!
 
Segger charges for developer seats and for compiler. In the case of PIC32MX vs. PIC32MZ, I'm not sure. As the MZ comes with a crypto engine, there might be a difference. I guess a look at the code will show. But I wouldn't be angry if they charge extra when switching from MX to MZ.
 
Yearly maintenance fee is 25% or 30%. Fair price!
 
 
Nick
#15
RISC
Super Member
  • Total Posts : 5376
  • Reward points : 0
  • Status: offline
Re: PIC32 and TLS 1.2 2015/11/21 16:18:51 (permalink)
3 (1)
Hi,
There is another company providing SSL libraries for PIC32MX / PIC32MZ / ENC28J60 and ENC424/J600 under GPLv2 + commercial licenses. This company is Oryx and the SSL library is CycloneSSL.
Regards
#16
jgvicke
Super Member
  • Total Posts : 458
  • Reward points : 0
  • Joined: 2010/09/28 20:18:24
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2015/11/21 16:26:26 (permalink)
0
Just remember that GPLv2 is not compatible with Harmony or PLIB.
 
John Vickers

PIC32 Helpful Tools I have made:
https://rebrand.ly/PIC32MZ144PinMapping
https://rebrand.ly/PIC32MX100PinMapping

Feel free to email me if you have any suggestions for any of these tools.
#17
SecMss
New Member
  • Total Posts : 27
  • Reward points : 0
  • Joined: 2013/01/17 02:42:14
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/01/18 00:56:54 (permalink)
0
Hi,
I'm using Harmony 1.6 for my project. I would like to integrate a TLS server module and a TLS client module and a clear http module . I started from the example web_server_nvm_mpfs, but when I add the module WolfSSL with Harmony Configurator, the .h file link is automatically inserted, but this file doesn't exist, as shown in the compilation: "../../../../../ framework / crypto / src / coding.c: 47: 35: fatal error: crypto / src / config.h: No such file or directory ".
My question is this: Can we integrate a server and a client operating in secure mode, with a webserver operating in unsecure mode, using the current version of Harmony?
#18
NKurzman
A Guy on the Net
  • Total Posts : 17707
  • Reward points : 0
  • Joined: 2008/01/16 19:33:48
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/01/18 03:17:19 (permalink)
3 (1)
You need to lisence Wolf SSL separately.
It is not a free add on.
#19
jgvicke
Super Member
  • Total Posts : 458
  • Reward points : 0
  • Joined: 2010/09/28 20:18:24
  • Location: 0
  • Status: offline
Re: PIC32 and TLS 1.2 2016/01/18 05:29:53 (permalink)
0
NK is right, and there is lots of discussion on the forums for the cost of WolfSSL, but in short you will drop at least $5K and possibly more depending on your product. Also good to note, there is a free license for WolfSSL, but it is NOT compatible with the Harmony license. If you use WolfSSL with Harmony without paying for it, you will be violating both licenses.
 
As for the technical side, once you have WolfSSL integrated, you can specify which connections use it. You can have 1 socket on port A encrypted, and 1 socket on port B unencrypted.
 
Likewise you can have 1 webpage unencrypted, and have it link to one that will be encrypted. If you go to an address at http:// it will be unencrypted, and https:// will be encrypted. On the server side you can also force encryption is particular pages are accessed, even if the user went to a http:// address.
 
Now for the Harmony version. 1.6 has WolfSSL integrated enough to do socket connections, but if you want to encrypt webpages I would hold of for 1.7 which should be released in the next few weeks. I think it was supposed to be released in Feb.
 
John Vickers
post edited by jgvicke - 2016/01/18 05:32:21

PIC32 Helpful Tools I have made:
https://rebrand.ly/PIC32MZ144PinMapping
https://rebrand.ly/PIC32MX100PinMapping

Feel free to email me if you have any suggestions for any of these tools.
#20
Page: 123 > Showing page 1 of 3
Jump to:
© 2019 APG vNext Commercial Version 4.5