NetX secure TLS handshake time
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-02-27 05:08 AM
hi all,
I am trying to implement a TCP echo device on STM32U585 controller. here the TCP/IP communication is over ethernet as well as USB (CDC ECM). The communication channel is protected using TLS encryption.
here am using NetX stack as the TCP/IP stack and using the NetX secure for the TLS implementation's can able to establish a secure connection between the TLS client(my board) and server (OpenSSL server running on host PC).
the problem is when am using ECC ciphers(scep521r1) my TLS handshake is taking around 24 seconds and the same code when using RSA certificates taking max of 1 to 2 seconds.
am using self signed certificates created using the OpenSSL(for both RSA and ECC).while reading the documentation its mentioned that ECC is supporting the NetX secure. And am using the scep521r1 curve for creating the keys adn certificates.
am using the APIs as mentioned in the documentation
adding root ca certificate for the verification
ps:
am using chain of certificate for the authentication but even if we are using only 1 layer of certificate(server and root ca) also this problem is there.
can anyone help me to resolve this issue
many thanks ....
- Labels:
-
AzureRTOS
-
Ethernet
-
STM32Cube MCU Packages
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-03-05 08:27 AM
Hello @sabari1
Are you developing your own custom board? Have you tried this example STM32CubeU5/Projects/STM32U575I-EV/Applications/USBX/Ux_Device_CDC_ECM at c8fcb26ff629cf7c2a3b2c60e6121625eaa5ca2d · STMicroelectronics/STM32CubeU5 (github.com) as a starting point for CDC ECM using U575 Eval board?
To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
I'm out of offce with limited access to my emails.
Happy New Year!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-03-10 10:35 PM
hi
yes i am creating my own custom board and i already implemented the CDC ECM,USB RNDIS and ethernet code for the communication taken reference from the ST given examples. when I was using plain communication without TLS everything works fine and even when am using TLS with RSA keys and certificates everything works perfectly fine but the same is not working when am using ECC certificates and keys .while using ECC certificates the TLS handshake is taking more than 24 second to complete the TLS handshake.
am using NETX Secure library stack with NETX stack for the TLS over TCP communication (from ST example) and this communication can be over the medium Ethernet and USB.
here my main task is to optimize the TLS handshake time when am using ECC certificates (with RSA certificate everything works fine).my doubt is the NETX secure stack is taking more time while processing with the ECC certificates.
if possible please provide proper guidance or some reference to use ECC with NETX Secure stack...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-03-11 06:17 AM
Hi @sabari1
Sorry, I couldn't find resources to be of further assistance. I wish I could have helped more.
To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
I'm out of offce with limited access to my emails.
Happy New Year!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-03-11 10:44 AM
Hello @sabari1 ,
ECC521 is quite demanding in term of CPU. Did you check with ECC-P256?
Best regards
Jocelyn
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-03-28 10:11 PM
hi
I tried with secp256,secp384,secp521 the time consumption I different while using each one of them to complete the handshake.
secp256 ----> 1.5 sec
secp384----> 3 sec
secp521----> 10 sec
these are the the time consumption while using corresponding curves to complete the TLS handshake with only root CA and server certificate in picture.
since the final product is used in payment gateway we need to provide maximum security as possible so I need to use the secp521 curve.
stm32u585 supporting PKA, is there any way that I can use the PKA to accelerate the process. and one question is is Netx secure supports the hardware accelerators while processing the ECC.
or which the is the best way that i can use the ECC with secp521 with minimal handshake time in stm32u585 co ntroller.
any reference regarding this will be a great help for me
with regards sabarinath