STM32 SMTP testing, and SSL TSL support

Tagged: SMTP, SSL, STM32

This topic has 26 replies, 1 voice, and was last updated 2 years, 10 months ago by Renzo Mischianti.

Viewing 11 reply threads

Author

Posts
- 30 December 2020 at 20:05 #9164
  ps2chiper
  Hi, I saw three lines of code mentioning stm32 in EMailSender.h mentioning support for the stm32 built-in ethernet. I have a stm32f103 blue pill with the option of using an ethernet w5100 or enc28j60. I already know it will work plain authentication on sendgrid, but could it work with TLS or SSL authentication on other email servers?
- 30 December 2020 at 20:59 #9165
  Renzo Mischianti
  Keymaster
  Hi ps2chiper,
  
  I think, secure client, is not supported by the device, so It isn’t possibile to manage ssl/tsl encryption.
  
  But I’m not sure, if I have some time I try to go in deep about that.
  
  Bye Renzo
  - 30 December 2020 at 21:31 #9172
    ps2chiper
    Thank you for the quick reply. How is secure client managed on the ESP8266? If I imagine correctly, it would be at the hardware level. But I believe stm32 can support encryption at the software level since I have seen ssl web clients written for smt32duino.
    
    I’m just wondering if it would be possible to use something like OPEnSLab-OSU/SSLClient for encryption?
- 30 December 2020 at 22:14 #9174
  Renzo Mischianti
  Keymaster
  It’s true, my response wasn’t exaustive, sorry, but I have only mobile device with me .
  
  STM32 have sufficient resources, but w5100 or lower device like enc28j60 (with small buffer) can’t use an SSL encription.
  
  You can get that result with some specialized or more powerful ethernet device (but check price and do some evaluations).
  
  But also with this device you must do some additional work. For Adafruit ethernet device (second link) you probably do some change on library to preserve resources. Or for support PHPoC Shield you must change library like EmailSender to support device.
  
  For example I recovered an Arduino MRK WiFi 1010 to add support in EMailSender library, because It use different WiFi library and I must do any change.
  
  But if you find more/different/light implementation of ssl or information write here, we are going to check better together.
  
  Bye Renzo
- 30 December 2020 at 22:45 #9176
  ps2chiper
  Thank you again, you are far more familiar than I am with the requirements on the hardware. What made me think it was possible was this project https://github.com/khoih-prog/EthernetWebServer_SSL_STM32 and several others I seen pop up supporting SSL and TLS for more powerful microcontrollers.
- 2 January 2021 at 22:50 #9181
  Renzo Mischianti
  Keymaster
  Hi ps2chiper,
  
  probably It’s possible, I have an SMT32 and various ethernet shield, I start to try in next week.
  
  Bye Renzo
  - 4 January 2021 at 03:45 #9216
    ps2chiper
    Thanks Renzo, I have two goals for your email sender library. To be able to send secure emails using either a esp8266 or esp32 over ethernet using the EthernetLarge or EthernetENC libraries that were developed with larger buffers. The second and less important issue is secure email over stm32, I was just wondering if it was possible because of the increased performance over avr. I was reading that it is mandatory to run esp8266 at 160mhz because the TLS is handled at a software level. Probably a cheap blue pill at 72mhz is too weak to handle software TLS effectively.
    
    Perhaps higher end stm32 devices can handle it at a software level, but they cost more. I did read that the next round of esp32-wroom-32se devices will have an IC to handle hardware TLS 1.2. They are using an ATECC608A IC to accomplish this on the I2c bus. The BearSSL library supports ATECC608A and made me wonder if a cheap stm32 blue pill could use an ATECC608A as well?
    
    What it comes down to are the trade offs. The lack of gpio pins on the esp* devices forcing me to take advantage of i2c and spi bus to drive devices. Or using a more pin friendly stm32 device, but it may not be able to handle secure connections at all.
    
    Since I am a novice at programming, I have to rely on developed libraries that have interoperability between MCUs.
    
    That is why I am so grateful for people like you!
  - 2 January 2022 at 04:56 #17630
    ps2chiper
    I was able to send an email using an STM32F401CC and W5500 ethernet. I used SSLClient to make it work. For now I wrote out my own simple email client to serve as a proof of concept. You are correct about the Bluepill not having enough ram. SSLClient needs 32KB of ram to run in Bidirectional mode to support a SMTP connection. I am happy I was able to make it work, only took me another two computer science classes.
  - 2 January 2022 at 12:46 #17633
    Renzo Mischianti
    Keymaster
    Hi ps2,
    fantastic, can you share your coffee to integrate on the library..
    Bye Renzo
  - 2 January 2022 at 20:40 #17634
    ps2chiper
    I am working on my own library in cpp. However, here is a proof of concept I posted using a couple of simple arduino sketches I mashed together.
    
    https://github.com/OPEnSLab-OSU/SSLClient/issues/19
    
    I still want to experiment using lwip on STM32 ethernet, but very few STM32 devices support native ethernet. Luckily, I do have one STM32F407VG and lan8720a adapter to test with.
    
    As the world is turning right now, it seems the Pi Pico is the new Arduino and this solution would work perfectly for that microcontroller. I would also like to say that this solution would also work for an ESP32, if they did not want to use a lan8720a. The ESP32 devices with native ethernet have a limited number of pins. Another thing to consider is it is hard to find ESP32’s with native ethernet. It may just be easier to use the ESP32 without the WiFi and use SSLClient for ethernet.
    
    Attachments:
    You must be logged in to view attached files.
  - 2 January 2022 at 23:19 #17650
    Renzo Mischianti
    Keymaster
    Very interesting,
    probably I’m going to test SSLClient to implement TLS for WiFi also.
    Keep in touch Renzo
  - 3 January 2022 at 03:22 #17652
    ps2chiper
    I was able to get it to work on my Bluepill with 128KB flash.
    
    I modified these two lines in the bearssl_ssl.h header.
    
    /** \brief Optimal input buffer size. */
    //#define BR_SSL_BUFSIZE_INPUT (16384 + 325)
    #define BR_SSL_BUFSIZE_INPUT (1024 + 325)
    
    /** \brief Optimal output buffer size. */
    //#define BR_SSL_BUFSIZE_OUTPUT (16384 + 85)
    #define BR_SSL_BUFSIZE_OUTPUT (1024 + 85)
    
    It did fail once out of several email attempts from my Bluepill. I do not know the stability for using the connection on things other then simple text messages. I am just happy that after a year I was finally able to prove that it is possible to send an email from a Bluepill over SSL!
    
    Sketch uses 103172 bytes (78%) of program storage space. Maximum is 131072 bytes.
    Global variables use 13108 bytes (64%) of dynamic memory, leaving 7372 bytes for local variables. Maximum is 20480 bytes.
  - 4 January 2022 at 23:05 #17678
    Renzo Mischianti
    Keymaster
    Hi ps2chiper,
    I’m going to create a branch of my library with a basic implementation.
    When finished, I’m thrilled to help me complete the work.
    I will write here when the version is created.
    Bye Renzo
  - 8 January 2022 at 09:00 #17749
    Renzo Mischianti
    Keymaster
    Hi ps2chiper,
    Have you had time to try if the solution works for you?
    Bye Renzo
- 5 January 2022 at 11:34 #17683
  Renzo Mischianti
  Keymaster
  Hi ps2chiper,
  I push the branch, you can find It here.
  
  I create a define for EthernetLarge
```
	#define DEFAULT_EMAIL_NETWORK_TYPE_SAMD 	NETWORK_ETHERNET_LARGE
```
  And you also must uncomment
```
#define SSLCLIENT_WRAPPER
```
  but in the branch is already uncommented.
  
  You must add thrust anchors with this command
```
    emailSend.setTrustAnchors(TAs, (size_t)TAs_NUM, A3);
```
  I don’t test It, but with your change on bearssl_ssl.h header.
```
/** \brief Optimal input buffer size. */
//#define BR_SSL_BUFSIZE_INPUT (16384 + 325)
#define BR_SSL_BUFSIZE_INPUT (1024 + 325)

/** \brief Optimal output buffer size. */
//#define BR_SSL_BUFSIZE_OUTPUT (16384 + 85)
#define BR_SSL_BUFSIZE_OUTPUT (1024 + 85)
```
  I also change SSLclient.h from this
  unsigned char m_iobuf[2048];
  To this
  unsigned char m_iobuf[BR_SSL_BUFSIZE_BIDI];
  as advised on your example.
  
  But I don’t understand how to manage TLS encryption.
  
  Bye Renzo
  - 11 January 2022 at 07:06 #17842
    ps2chiper
    I will try testing it tomorrow.
- 13 January 2022 at 22:08 #17871
  ps2chiper
  I am playing around with it, but so far I am getting this error. I am using Zoho mail.
  
  Sending status:
  0
  250
  )ending message error (553 Relaying disallowed as ps2chiper@zoho.com
  done!
- 13 January 2022 at 22:34 #17872
  Renzo Mischianti
  Keymaster
  Hi,
  I found these informations
  
  The error message “Relaying disallowed” will occur in the following cases.
  From address that you are trying to add in SMTP client might not be listed in your Send Mail as section (in Zoho Mail). Please ensure that the email address that you are trying to use is one of the From addresses present in your Send Mail as section. Refer help to locate Send Mail as page.
  If “Outgoing Server Requires Authentication” option is not enabled in the SMTP client. Ensure that the settings entered are correct by referring this link help page.
  
  what is the port you use for SMTP server?
  
  Can you try with gmail (with application password or insecure app)?
  
  Bye Renzo
- 13 January 2022 at 23:28 #17873
  ps2chiper
  I use port 465. Zoho is the only one I want to test with since I confirmed it worked with my own client. I am trying to figure out why the debug stubs you have are not printing.
  - 13 January 2022 at 23:40 #17874
    ps2chiper
    Derp. I am an idiot. I was using the wrong domain. The from address domain is zohomail.com and the mail server is mail.zoho.com. It worked now.
- 14 January 2022 at 07:39 #17875
  Renzo Mischianti
  Keymaster
  Hehehehehhe… fantastic!
  Would you like to write the article where explain how you find this solution? and how to use the library with bluepill?
  
  I think It’s more correct that you write that and take the paternity
  
  Bye Renzo
  - 15 January 2022 at 02:19 #17926
    ps2chiper
    Have you tested it yourself? I was thinking of maybe contributing an example to your repository.
- 15 January 2022 at 17:02 #17930
  Renzo Mischianti
  Keymaster
  Hi ps2chiper,
  I think It’s a good idea.
  
  If you want, I’d be pleased if you wrote an article with all the steps, and I can help you with the schemas, cover, and others. Your knowledge about the problem can be helpful for other people.
  
  Bye Renzo
  - 21 January 2022 at 23:48 #17973
    ps2chiper
    I will start on it on Monday. I have been procrastinating too long.
  - 22 January 2022 at 11:34 #17998
    Renzo Mischianti
    Keymaster
    Don’t worry, take your time.
    Bye Renzo
  - 15 February 2022 at 15:37 #18689
    Renzo Mischianti
    Keymaster
    Hi ps2chiper,
    I try with a blue pill with 64k ROM without result.
    Now I get a black pill, but can you write a mini-guide that I can follow to put in work (better with Gmail).
    Thanks, Renzo
- 26 May 2022 at 07:48 #21017
  Renzo Mischianti
  Keymaster
  I finally release an EMailSender version that supports SSL also for Ethernet, I tested It with STM32 and works well, but needs>64Kb.
  Bye Renzo
Author

Posts