Topic: HTTPS client on SMT32F437

Hello,

for my embedded application running ChibiOS with LWIP I'm trying to add a HTTPS client. I've managed to build and run a test client connecting to api.telegram.org. However facing some issues I'm not able to solve for now.

First, for my target I use WOLFSSL_STM32F4 and I imported STM32 HAL Crypto libraries to support HW encryption. With ChibiOS included WolfSSL 4.0.0.7 I did not succeed to compile and link. But moving to newest WolfSSL helped. But somehow I'm unable to pass wolfSSL_connect() without errors like:

...
  sent: client key exchange
  connect state: FIRST_REPLY_SECOND
  connect state: FIRST_REPLY_THIRD
  growing output buffer
  Shrinking output buffer
  sent: change cipher spec
  connect state: FIRST_REPLY_FOURTH
   wolfSSL Entering SendFinished
  growing output buffer
   wolfSSL Entering BuildMessage
    wolfSSL Leaving BuildMessage, return -180
  wolfSSL error occurred, error = -320

However by defining NO_STM32_CRYPTO this error is gone. I wonder what I might do wrong as I tried to verify the AES HW by running the STM32 test program.

Second, If I keep the SW Crypto on I see very slow "SendClientKeyExchange" section. It actually takes around 12-14 seconds in wc_DhSetCheckKey() doing some magic with prime numbers like fast_mp_montgomery_reduce().
I tried to add USE_FAST_MATH, but that actually add extra 4-5 seconds. Or WOLFSSL_SP which seems negligible.
I wonder if there is any way to speed this part up, or maybe prepare the DH key only once on startup.

Thanks in advance,
Adam

Share

Re: HTTPS client on SMT32F437

Hi vysocan76,

When you updated to the latest wolfSSL release did you pull latest master?

There have been some STM32 fixes after v4.5.0 here:
https://github.com/wolfSSL/wolfssl/pull/2996
https://github.com/wolfSSL/wolfssl/pull/3169

This error "AES_GCM_AUTH_E     = -180,  /* AES-GCM Authentication check failure */" is resolved with those PR's.

For the second issue with DH performance.... Those are complex math operations. You have three options.
1. Normal math (interger.c) don't define USE_FAST_MATH. This uses heap and is the smallest and slowest.
2. Use Fast math (tfm.c) define USE_FAST_MATH. This uses stack and is slightly faster.
3. Use Single Precision (sp_int.c) math. Define WOLFSSL_SP_DH. If you want to leverage CortexM speedups also define WOLFSSL_SP_ARM_CORTEX_M_ASM and it will use the sp_cortexm.c which is your fastest option.

SP build options are documented in the code here:
https://github.com/wolfSSL/wolfssl/blob … _int.c#L42

Thanks,
David Garske, wolfSSL

Share

Re: HTTPS client on SMT32F437

Hello David,
thanks for quick reply.

I did just now replace my wolfssl dir with master. Still I have the same error for AES-GCM.

I wonder if I have my build created correctly. I have ported existing server demo for F7 from ChibiOS and made it a client. I had many problems on begining to compile and link it. There were missing c files in https://github.com/ChibiOS/ChibiOS/blob … wolfssl.mk and some /ports/* files that are not needed for F7 only demo,

Same way I'm puzzled with the speed of the FAST_MATH and WOLFSSL_SP. I just measured again with refreshed library.
Normal build:
12.3792 seconds

#define USE_FAST_MATH
18.5480 seconds

#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#define WOLFSSL_SP
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
13.8819 seconds

Seems opposite to what you've suggested.

Share

4 (edited by vysocan76 2020-10-24 02:21:16)

Re: HTTPS client on SMT32F437

Though disabling HW FPU will make some changes to FAST_MATH but not.

Here is my user_settings.h for reference:

#include <stdint.h>
#include <stm32f4xx_rcc.h>
#define WOLFSSL_STM32F4

//#define NO_STM32_RNG
#define NO_STM32_CRYPTO
//#define NO_STM32_HASH

/* Configuration */
#define WOLFSSL_GENERAL_ALIGNMENT 4
#define HAVE_TM_TYPE
#define WORD64_AVAILABLE

/* ChibiOS + Lwip */
#define HAVE_LWIP_NATIVE 
#define WOLFSSL_CHIBIOS 

#define USER_TICKS 
#define WOLFSSL_USER_CURRTIME 
#define XMALLOC_OVERRIDE 
//#define USE_WOLF_TIME_T
#define XTIME(tl)       (LowResTimer())

/* ARM  */    
#define RSA_LOW_MEM
#define NO_OLD_RNGNAME  
#define SMALL_SESSION_CACHE
#define WOLFSSL_SMALL_STACK // needs + 7KB tread stack size, then faster 14->12 sec

#define TFM_ARM
#define SINGLE_THREADED
#define NO_SIG_WRAPPER
        
/* Cipher features */
//#define USE_FAST_MATH // Actually adds time to execution
//#define ALT_ECC_SIZE
// tests
//#define WOLFSSL_SP_ARM_CORTEX_M_ASM
//#define WOLFSSL_SP
//#define WOLFSSL_HAVE_SP_RSA
//#define WOLFSSL_HAVE_SP_DH

#define HAVE_FFDHE_2048
#define HAVE_CHACHA
#define HAVE_POLY1305
#define HAVE_ECC 
#define HAVE_CURVE25519
#define CURVED25519_SMALL
#define HAVE_ONE_TIME_AUTH
#define WOLFSSL_DH_CONST
//#define WOLFSSL_STATIC_RSA // removing discouraged
//OHS
#define HAVE_AES // ? needed
#define HAVE_AESGCM // Telegram
        
/* HW RNG support */
unsigned int chibios_rand_generate(void);
int custom_rand_generate_block(unsigned char* output, unsigned int sz);

#define CUSTOM_RAND_GENERATE chibios_rand_generate
#define CUSTOM_RAND_TYPE uint32_t

//#define HAVE_ED25519
#define HAVE_POLY1305
//--#define HAVE_SHA512
//--#define WOLFSSL_SHA512


/* Size/speed config */
//#define USE_SLOW_SHA2
//#define USE_SLOW_SHA512

/* Robustness */
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING

/* Remove Features */
#define NO_WRITEV
//#define NO_DEV_RANDOM
#define NO_FILESYSTEM
#define NO_MAIN_DRIVER
#define NO_MD4
#define NO_RABBIT
#define NO_HC128
#define NO_DSA
#define NO_PWDBASED
#define NO_PSK
#define NO_DES3
#define NO_RC4

// OHS added disable all certificate date checking
#define NO_ASN_TIME
#define DEBUG_WOLFSSL

// OHS special defines
#define WOLFSSL_HEAP_ON_UMM
#define WOLFSSL_USE_SOCKET

#ifndef WOLFSSL_HEAP_ON_UMM
/* Realloc (to use without USE_FAST_MATH) */
void *chHeapRealloc (void *addr, uint32_t size);
#define XREALLOC(p,n,h,t) chHeapRealloc( (p) , (n) )
#endif

Share

Re: HTTPS client on SMT32F437

One extra thing that I've tried is to remove #define WOLFSSL_DH_CONST, but it did not make any change:
Normal build:
12.4613 seconds

#define USE_FAST_MATH
18.5334 seconds

#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#define WOLFSSL_SP
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
13.8867 seconds

Share

Re: HTTPS client on SMT32F437

Hi vysocan76,

You might try adding `STM32_HAL_V2` to see if that will help.

Also you might try adding SP ECC support (WOLFSSL_HAVE_SP_ECC). If you are using ECDHE it will improve handshake time.

Can you tell me what cipher suite TLS is using?

If you are using USE_FAST_MATH with TFM_ARM that will be faster than normal math. And the SP WOLFSSL_SP_ARM_CORTEX_M_ASM is several times faster than that.

There is a good article https://www.wolfssl.com/user-generated- … wlib-nano/ that might help.

Thanks,
David Garske, wolfSSL

Share

Re: HTTPS client on SMT32F437

Hello David,

Adding STM32_HAL_V2 did not make the HW crypto work, still same error.

When connecting to api.telegram.org I have AES-GCM and ECC AES-GCM suites enabled. Out of these server chose TLS_DHE_RSA_WITH_AES_128_GCM_SHA256.

I will try to go deeper by the #define to see why my normal arm-none-eabi-gcc math is faster.

Thanks Adam.

Share

Re: HTTPS client on SMT32F437

Hello,

relating to the crypto HW support, while checking the "STM32 Cryptographic library package V2.0.6" which, I assume, is included in WolfSSL by defines like #ifdef WOLFSSL_STM32_CUBEMX ... #else /* Standard Peripheral Library */. Namely I've included directory STM32F4xx_StdPeriph_Driver with file like stm32f4xx_cryp.c and stm32f4xx_cryp_aes.c, which were required by WolfSSL.

But this STM32F4xx_StdPeriph_Driver itself does not have any function call to included cryptography library like M4_CryptoFW_RngHW_2_0_6.a from STM32_Cryptographic_Library directory. 

I must say I'm new to this crypto HW, but I really wonder how this STM library works.

On the other hand there is STM32F4xx_Cryptographic_Templates demo program that requires both STM32F4xx_StdPeriph_Driver directory and the library M4_CryptoFW_RngHW_2_0_6.a. Calling functions like:
AES_CBC_Decrypt_Append
AES_CBC_Decrypt_Finish
AES_CBC_Decrypt_Init
...
Which works on my board.

Any hints are truly welcomed.
Adam

Share

Re: HTTPS client on SMT32F437

Hi vysocan76,

It looks like you are using the Standard Peripheral Library, which means you would not define WOLFSSL_STM32_CUBEMX. You might consider switching to the Cube HAL, which is still supported by ST. The SPL is end of life.

Thanks,
David Garske, wolfSSL

Share

Re: HTTPS client on SMT32F437

Hello David,

thanks for reply. I will try the CubeMX crypto lib. Hope it can live together with RTOS ChibiOS HAL I use now.

Adam

Share