States of HTTPS libraries/firmware & cloud services

Firmware Libraries
1

Native Particle data transport and encryption

Device, cloud and webhook encryption are described in summary here with a pointer to the reference implementation.

There is no additional cost when building your project firmware. The services are there an there are several posts to incorporate webhooks to attach to various cloud service.

Searching the form will pull up a great many posts and/or tutorials and there is a great deal of overlap between posts. There are plenty of solutions.

Roll your own data transport

There are at least three SSL/TLS libraries in various stages of porting to the Particle platform. These come at GREAT cost. There is very little room left for a custom application.

mbedTLS : published as TlsTcpClient library within the WebIDE. Currently at version 0.1.15. Source: mbedTLS Website: mbedTLS also known as PolarSSL and armMBED.

wolfssl: published as wolfssl currently at version 0.0.1.

axtls : unpublished, still a work in progress.

glowfi.sh: Source: Glowfish IO Website: It looks like the website has vanished? Has this been discontinued?

All these libraries may start small (60-70k). The compiler does a great job at reducing firmware size if functions are not being called or utilized. As you begin to tap into more of the SSL/TLS library for encryption/decryption, the firmware size will go up. Sometimes substantially until it will no longer fit within the 128k allowed.

Services

Amazon

The wolfssl@0.0.1 will work with AWS IoT as demonstrated here. You have to manually construct your header and body messages and install the thing keys into the firmware.

There are several folks asking about AWS API gateway. There are several forum posts about firmware status to support AWS API. It turns out this is not so easy. I’d like to wrap this up to continue with projects below so I can get on with other things.

Ubidots

I’d like to be able to get something working with the API (https://things.ubidots.com) as to expand the Particle Ubidots 2.1.12 library to use all the available API calls. I am perfectly content at the moment pushing data back and forth via python on a BBB/RPi3.

Losant

It would also be nice to talk to the losant platform for MQTT/Node-Red work.

5 Likes
2

@cermak Thank you for good summary. In addition mbedTLS can use in Apache license.

mbedTLS(TlsTcpClient) library use for server certification only now, because of this TLS library fail in calloc error(need more RAM!!) in client private rsa certification.

TlsTcpClient library maybe connect to the Amazon IoT, it would be done with very size down version TLS(cipher suite target is only Amazon IoT just one).
But I think TLS/SSL tcp client must connect to the several TLS/SSL Servers not only Amazon IoT/Web Server. This limited TLS tcp client idea is not good.

Of course, TlsTcpClient can connect to the normal HTTPS server(Amazon API gateway or others), but it can’t use the client private certification now.

And I have a next idea, mbedTLS(TlsTcpClient) include into the Photon firmware with original build.
But this idea is bad, because of WebIDE developer can’t use it.

I will try to develop/update mbedTLS(TlsTcpClient) for it can use the client private certification, but in basically, I think Photon ram/data size is too small for using the TLS/SSL.
So I wish when Particle will release new hardware, it have a hardware rsa/aes acceleration and over 256k application ram area.

3

Another way to do this is to split the library into two parts and use a pair of Particle devices. Communication between devices is your choice to do the encrypt/decrypt.

4

Your idea is nice, but it will be needed a security on the two pari Particle device communication. And I think developer are hard to use split TLS library and two Particle.

5

@hirotakaster
Have you tried:

#define MBEDTLS_SSL_MAX_CONTENT_LEN 8192
or
#define MBEDTLS_SSL_MAX_CONTENT_LEN 12000

It reduces the amount of RAM used by mbedtls, but at the expense of limiting the send/receive size.

6

MBEDTLS_SSL_MAX_CONTENT_LEN optoin is no effect.