Tuesday, February 1, 2011

STM32 Discovery: Porting Polar SSL

Well my next step was porting polarSSL to the arm STM32 chip.  I needed this for one of my current project so I am writing how I got it to work.  I will be starting from the buffered usart project.
Setting up PolarSLL
So the first thing you need for this task is polar SSL.  you can get it here.  Copy over the 2 folders: Library and include. Next we will need to add the include folder to our include path.  right click on Target and go to the options. Head over to the C/C++ tab.  hit the "..." button next to the Include path text box.  Then hit the square thing next to the x in the next dialog.  Finlay click the "..." button and go find the include folder you just pasted.

From here I would add a new group and call it pollarssl.  Then I would add all the files that were in the library folder we just copied over.  You will need to add all the C files though to your project.

Building the main

Now we want to copy the main from ssl_client1.c.  you can find it in the source of pollarSSL in the programs\ssl\ folder or here.  You also want to keep the code that is all ready in your main.  like stm32_Init (); and the initialization of the buffer.
Before we make any changes, we will need to add #include "polarssl/ssl.h". Also, I added this dummy function on top of my main.
int notRandom(void* param)
    return 0xE3A576DC;
I will go threw, later, how to use the ADC and a random signal generator to make this really random

Now the changes we need to do.  First we will not be using havege so we can remove the following lines:
havege_state hs;
     * 0. Initialize the RNG and the session data
    havege_init( &hs );
    memset( &ssn, 0, sizeof( ssl_session ) );
I also remove the net connect code
printf( "\n  . Connecting to tcp/%s/%4d...", SERVER_NAME,
                                                 SERVER_PORT );
    fflush( stdout );

    if( ( ret = net_connect( &server_fd, SERVER_NAME,
                                         SERVER_PORT ) ) != 0 )
        printf( " failed\n  ! net_connect returned %d\n\n", ret );
        goto exit;

    printf( " ok\n" );

we will also need to change these lines:
ssl_set_rng( &ssl, havege_rand, &hs );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,net_send, &server_fd );
We will replace net_recv with my_recv and net_send with my_send and havege_rand with notRandom.  the second parameter will be null.  This is what it looks like
ssl_set_rng( &ssl, notRandom, 0 );
    ssl_set_bio( &ssl, my_recv, 0,
                       my_send, 0 );
Finaly, you need to remove this line near the end
net_close( server_fd );

The rest can stay.  with these settings I could connect to all the site I need to you might need to un-comment different ciphersuites depending on the site.

 Making the code Fit

The havege used for random is quite large.  Later we will have to make a hardware random but for now we used our little function called notRandom using the right signature. 
Now we need to head over to config.h.  we will start commenting out everything we don't need
//#define POLARSSL_AES_C  // You might need this one depending on the site you are accessing
//#define POLARSSL_CAMELLIA_C // You might need this one depending on the site you are accessing
//#define POLARSSL_DES_C // You might need this one depending on the site you are accessing
//#define POLARSSL_DHM_C
//#define POLARSSL_NET_C
//#define POLARSSL_SHA2_C
//#define POLARSSL_SHA4_C
//#define POLARSSL_X509_WRITE_C
So I will show you how to add some compiler optimization on your code  with keil that will remove allot of the unused code.  Unfortunately, it would require allot of #ifdef code to do this manually.  First off, open you project settings. on the target Tab check use microLIB and Use Link-Time Code Generation.  The last one will make it a little longer to compile but will save you around 4k in program space.

Next click on the C/C++ tab and set optimization to 3.  Also check the on ELF Section per Function.  this will remove all unused functions from your code.  Setting optimization to level 3 will make it harder to debug but will get your code under 32k

Now with MicroLib, you will not be able to compile.  The reason for that is the time function is not coded so we need to code one our self.  Simply create and a file and add a empty function like this
#include <time.h>
time_t time ( time_t * timer )
    return 0;
Pollar SSL uses the Time function to determine if the session has expired and if we can  reuse past session keys.  Making the time function all ways return 0, will force to renegotiate the keys and cause it to take more time.  we will have to deal with that for now.  I will later change it to return the right time but for now it's not a priority.

That is it. using the application created in the previous blog you can send https request or posts.
There are other ways to connecting to the internet thought.  you can use different modules like the network shield they have for the arduino http://www.sparkfun.com/products/9026 or one like this http://www.sparkfun.com/products/9473 that supports sockets or a wifi one like this http://www.sparkfun.com/products/10050.

I want to get this code working with the last one.  I will post my changes once I get the part.


  1. Thanks for share this guides, they are really usefull.

    Nice work, and i'm hoping to see more

  2. Glad to see you liked it i'll be posting every chance I get. I found it hard to jump into arm so I am writing what I did so others can follow what I done in hopes it might help them :)

  3. Hi

    Could you share some sample project for PolarSSL on stm32f407

    1. I could look see if i can dig it up, but it's been a while I might not have it anymore.

      If only there was a place online that i could use to save and share my code and progress ;) lol