• State Resolved
  • Locked Locked
  • Replies 2 replies
  • Subscribers 97 subscribers
  • Views 282 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

66AK2G12: NDK HTTPS Security Accelerator

Bernhard Seiz
Intellectual 470 points
Part Number: 66AK2G12

Dear All,

we have a HTTP webserver with own websocket implementaiton running.

Now we want to enable Transport Encryption. So have HTTPS using the on-chip Security Accelerator (SA)

The latest NDK documentaton has some information about NDK/NS usage for HTTPS and states that the SimpleLink SDK includes examples of Secure HTTP servers.

Can you confirm that this (SimpleLink) is applicable to the 66AK2G12 NDK/NS libraries/drivers as well?

Can you give some informaton about how to integrate the SA here?

There are no SA examples for K2G "only" the test sources. Is this the piece of code to work with?

It would be nice if someone can give me some general entry point to this area.

Kind Regards,

Bernhard

  • 0
    TI__Guru* 95265 points

    Hi,

    For K2G device, there is a hardware security accelerator (SA):

    Security Accelerator (SA)
    – Support IPSec and SRTP protocol stack
    – Support various encryption modes and algorithms such as:
    • ECB, CBC, CFB, OFB, F8, CTR, CBC-MAC, CCM, GCM, GMAC and AES-CMAC
    • AES, DES, 3DES, SHA-1, SHA-2 (224, 256-bit operation) and MD5
    – Support for True random number generator (TRNG) and Public Key Accelerator (PKA)
    – Support for SER protection (SECDED)

    So, this is IP layer security or RTP layer security, they can be supported by the SA to offload the CPU. You looked for HTTPS, this is application layer secure HTTP, it is not supported by the SA hardware.

    What you need to do is pure software implementation of https. Below two packages are what you needed:

    • TI NDK
    • TI Processor SDK RTOS for K2G

    For TI NDK, it already supports mbedtls. This is well developed for MSP430 device. There are several examples here:

       http://dev.ti.com/tirex/explore/node?node=AN.dnAilBAFI7x.dHhLARA__J4.hfJy__LATEST&r=J4.hfJy__3.20.00.10

     Check out the tcpechotls example.  To see what it takes to _add_ TLS to an existing example, you might compare "tcpecho" against "tcpechotls".

    If you want to use wolfSSL, we have an application note for AM335x device, http://www.ti.com/lit/an/spracm5/spracm5.pdf This is built on top of NDK and Processor SDK RTOS for AM335x.

    For K2G, we don't have any examples with TLS. You need refer to either the MSP430 for mbedtls or AM335x for wolfSSL.

    Inside the K2G Processor SDK RTOS package, the NIMU examples are those you can start with: http://software-dl.ti.com/processor-sdk-rtos/esd/docs/latest/rtos/index_Foundational_Components.html#ndk

    Regards, Eric

  • 0 in reply to lding
    Intellectual 470 points

    Dear Eric

    thank you for this starting point!

    Kind Regards,

    Bernhard