wolfSSL Android SSL Client App

The wolfSSL Android Client is our first Android application that incorporates the CyaSSL lightweight SSL library together with the wolfSSL JNI library in order to test secure connections to servers across the Internet. With our Android SSL Client you can quickly test SSL, TLS, and DTLS connections whether they be located on a local network or across web. The wolfSSL Android Client has multiple options and settings that you can personalize such as setting your own certificates and keys, changing the active security layer, and choosing which from a wide variety cipher suite to use.

The client outputs color formatted information about the connection to a central console window within the wolfSSL Client application. The wolfSSL Android Client was built to be very simple, fast, and user friendly rather than slow, complicated and confusing.

If you have any feedback, comments, or suggestions that you would like to see incorporated into later versions, please contact us at: facts@wolfssl.com

We invite you to download our SSL Client for free on the Play Store, or by following this link:  https://play.google.com/store/apps/details?id=com.wolfssl.client (as of 26 March 2018 at 9:33am MDT, the app is no longer on the Google Play Store. Please check out our download page instead).

wolfSSL Summer of Security

“Fear urged him to go back, but growth drove him on.” ? Jack London, White Fang

The Internet of Things is a fast growing technology sector with new embedded devices introduced daily. With this increase in products which frequently require SSL/TLS and cryptography, wolfSSL has been experiencing continual growth and decided to bring in a team of interns for the 2014 Summer season. wolfSSL executives chose to recruit students from Montana State University which is known for its ability to produce exceptional Computer Science graduates. Six students were selected for the Summer and will be completing their internships in Bozeman, MT under the direction of Chris Conlon, senior engineer at wolfSSL, also a Montana State graduate.

The Summer of Security program is allowing the wolfSSL interns to gain knowledge in the embedded SSL industry as well as valuable programming experience in Linux and embedded distributions. Throughout the Summer, the interns will play a role in improving documentation, current examples, and community support within wolfSSL. Interns will be learning the CyaSSL SSL and TLS library and writing documents to provide users with a better understanding of the CyaSSL library.

The Summer of Security is a great opportunity for students to increase work experience in the field of computer science and work towards a potential career as part of the wolfSSL team. The team at wolfSSL looks for knowledgeable students who have experience in C systems development. Prior embedded systems experience is a plus. If you are interested in learning more about the wolfSSL Summer of Security internship program, feel free to contact us at facts@wolfssl.com.

TLS 1.3 on Github

Hi! We wanted to point out to our users that the TLS 1.3 working group has put their specification work up on Github at: https://github.com/tlswg/tls13-spec

We are eager to implement TLS 1.3 as it gets closer to its final specification! We think this new protocol iteration will add a lot of improvement! As such, we`re excited to get going and need user feedback. Please contact us to let us know what parts of the spec are most important to you. We will consider adding pieces of TLS 1.3 to our current TLS 1.2 implementation, should users of wolfSSL need them. Let us know your thoughts at facts@wolfssl.com.

Intro to PKCS #5: Password-Based Cryptography Specification

Our third post in our PKCS series, we will be looking at PKCS  #5. PKCS #5 is the Password-Based Cryptography Specification and is currently defined by version 2.0 of the specification. It is defined in RFC 2898 http://tools.ietf.org/html/rfc2898. It applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching.

A. Key Derivation Functions

A key derivation function produces a derived key from a based key and other parameters. In a password-based key derivation function, the base key is a password and the other parameters are a salt value and an iteration count.

Two functions are specified below: PBKDF1 and PBKDF2. PBKDF2 is recommended for new applications; PBKDF1 is included only for compatibility with existing applications, and is not recommended for new applications.

B. PBKDF1

PBKDF1 applies a hash function, which shall be MD2, MD5 or SHA-1, to derive keys. The lengths of the derived keying bounded by the length of the hash function output, which is 16 octets from MD2 and MD5 and 20 octets from SHA-1.

Steps:

1. If dkLen > 16 for MD2 and MD5, or dkLen > 20 for SHA-1, output “derived key too long” and stop.

2. Apply the underlying hash function Hash for c iterations to the concatenation of the password P and

    the salt S, then extract the first dkLen octets to produce a derived key DK:

T_1 = Hash (P || S) ,

T_2 = Hash (T_1) ,

T_c = Hash (T_{c-1}) ,

DK = Tc<0..dkLen-1>

3. Output the derived key DK.

C. PBKDF2

PBKDF2 applies a pseudorandom function to derive keys. The length of the derived key is essentially unbounded. However, the maximum effective search space for the derived key may be limited by the structure of the underlying pseudorandom function.

Steps:

1. If dkLen > (2^32 – 1) * hLen, output “derived key too long” and stop.

2. Let l be the number of hLen-octet blocks in the derived key, rounding up, and let r be the number of octets

    in the last block:

l = CEIL (dkLen / hLen) ,

r = dkLen – (l – 1) * hLen .

Here, CEIL (x) is the “ceiling” function, i.e. the smallest integer greater than, or equal to, x.

3. For each block of the derived key apply the function F defined below to the password P, the salt S, the

    iteration count c, and the block index to compute the block:

T_1 = F (P, S, c, 1) ,

T_2 = F (P, S, c, 2) ,

T_l = F (P, S, c, l) ,

where the function F is defined as the exclusive-or sum of the first c iterates of the underlying pseudorandom  function PRF applied to the password P and the concatenation of the salt S and the block index i:

F (P, S, c, i) = U_1 \xor U_2 \xor … \xor U_c

where

U_1 = PRF (P, S || INT (i)) ,

U_2 = PRF (P, U_1) ,

U_c = PRF (P, U_{c-1}) .

Here, INT (i) is a four-octet encoding of the integer i, most significant octet first.

4. Concatenate the blocks and extract the first dkLen octets to produce a derived key DK:

DK = T_1 || T_2 ||  …  || T_l<0..r-1>

5. Output the derived key DK.

To learn more about PKCS #5, you can look through the specification, here:

http://tools.ietf.org/html/rfc2898

D. CyaSSL Support

CyaSSL supports both PBKDF1 and PBKDF2. The header file can be found in <cyassl_root>/cyassl/ctaocrypt/pwdbased.h and the source file can be found in <cyassl_root>/ctaocrypt/src/pwdbased.c of the CyaSSL library. When using these functions, they must be enabled when CyaSSL is configured. This is done by:

./configure –enable-pwdbased

The functions:

int PBKDF1(byte* output, const byte* passwd, int pLen,

                      const byte* salt, int sLen, int iterations, int kLen,

                      int hashType);

int PBKDF2(byte* output, const byte* passwd, int pLen,

                      const byte* salt, int sLen, int iterations, int kLen,

                      int hashType);

CyaSSL also supports PKCS12

int PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,

                            const byte* salt, int sLen, int iterations,

                            int kLen, int hashType, int purpose);

To learn more about the CyaSSL embedded SSL library, you can download a free GPLv2-licensed copy from the wolfSSL download page, http://wolfssl.com/yaSSL/download/downloadForm.php, or look through the CyaSSL Manual, https://www.wolfssl.com/docs/wolfssl-manual/.  If you have any additional questions, please contact us at facts@wolfssl.com.

Video Tutorial: Basic Compilation and Installation of CyaSSL

If you are looking for a quick and easy guide on compiling, installing and using CyaSSL, then we have some good news: In order to make it even easier to understand and install CyaSSL, we recently created a video tutorial to help get you started.

The video will walk you through the downloading and installing process, as well as provided a basic demonstration of a few of CyaSSL’s example client and server programs. The video is on our YouTube channel, which can be found here: https://www.youtube.com/channel/UCxcGPWzOnhdocvKmxqhfvPg

With a direct link to the video here:

https://www.youtube.com/watch?v=zXRLwW0DIPA

CyaSSL is a C-based embedded SSL/TLS library which is lightweight, portable, and works with a wide range of systems.  It offers a simple, easy to use, API with several abstraction layers for ease of access in a wide range of product types.

If you have any questions feel free to contact us at facts@wolfssl.com or support@wolfssl.com. For more information, you may visit us at http://www.wolfssl.com/.

Using wolfSSL on Raspberry Pi

Did you know that the wolfSSL lightweight SSL library builds and runs out of the box on the Raspberry Pi? We recently ran tests on a Raspberry Pi model B with wolfSSL 3.0.0. You can check out the results below:

1. Downloading

For the test, we downloaded cyassl-3.0.0.zip file from our download page.

2. Building

Instead of cross compiling wolfSSL to armv6, we compiled wolfSSL directly on our Raspberry Pi to get an average time of the building process. Following the process described in the README file to configure and build wolfSSL, the results were as follows:

$ time ./configure

real 1m33.504s
user 0m50.270s
sys 0m16.550s

$ time make

real 3m20.676s
user 2m50.290s
sys 0m6.940s

3. Benchmarking

To decide which math library to use we compared the results of the default build (./configure) with a modified one (./configure –enable-fastmath):

wolfSSL Benchmark, Normal Big Integer Math Library

pi@raspberrypi ~/cyassl-3.0.0 $ ./ctaocrypt/benchmark/benchmark
AES 5 megs took 0.880 seconds, 5.681 MB/s
ARC4 5 megs took 0.230 seconds, 21.734 MB/s
3DES 5 megs took 3.064 seconds, 1.632 MB/s

MD5 5 megs took 0.104 seconds, 48.112 MB/s
SHA 5 megs took 0.217 seconds, 23.072 MB/s
SHA-256 5 megs took 0.498 seconds, 10.032 MB/s

RSA 2048 encryption took 17.453 milliseconds, avg over 100 iterations
RSA 2048 decryption took 147.625 milliseconds, avg over 100 iterations
DH 2048 key generation 48.942 milliseconds, avg over 100 iterations
DH 2048 key agreement 61.991 milliseconds, avg over 100 iterations

wolfSSL Benchmark, Fast Big Integer Math Library

pi@raspberrypi ~/cyassl-3.0.0 $ ./ctaocrypt/benchmark/benchmark
AES 5 megs took 0.889 seconds, 5.624 MB/s
ARC4 5 megs took 0.200 seconds, 24.943 MB/s
3DES 5 megs took 2.479 seconds, 2.017 MB/s

MD5 5 megs took 0.101 seconds, 49.303 MB/s
SHA 5 megs took 0.217 seconds, 23.004 MB/s
SHA-256 5 megs took 0.561 seconds, 8.914 MB/s

RSA 2048 encryption took 4.622 milliseconds, avg over 100 iterations
RSA 2048 decryption took 131.030 milliseconds, avg over 100 iterations
DH 2048 key generation 57.496 milliseconds, avg over 100 iterations
DH 2048 key agreement 57.325 milliseconds, avg over 100 iterations

As expected, the fastmath provided more performant RSA operations – thus we used this build for the example test.

4. Running

After testing the crypto layer, it was time to test the protocol layer running our client example against our server example running or a remote Ubuntu server:

$ time ./examples/client/client -h external_server
SSL version is TLSv1.2
SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256
Server response: I hear you fa shizzle!

real 0m0.885s
user 0m0.520s
sys 0m0.080s

5. Conclusion

wolfSSL 3.0.0 works out of the box on Raspberry Pi. While building wolfSSL on Raspberry Pi is OK, it does take some time to do so. Users should consider using cross compilation during the development cycle if building wolfSSL for the Pi on a regular basis needed.

6. Extra

If you like to stay synchronized with the latest commits of our github repository, don`t like to wait for stable releases, love git repositories, or just want to checkout a specific version, you can do so by following these steps before compiling wolfSSL:

* Check if you have libtool, autoconf and automake installed on your Pi:
$ sudo apt-get install libtool autoconf automake
* Clone wolfSSL repository from GitHub:
$ git clone https://github.com/cyassl/cyassl.git
* Run the autogen script:
$ cd cyassl
$ ./autogen.sh

Integrating ChaCha20 and Poly1305 Into wolfSSL

We`ve implemented ChaCha20 allowing for the use of both 128 bit and 256 bit keys and are in the process of implementing Poly1305 into wolfSSL. Both crypt tools and a suite using the two are on schedule to be released by the end of the summer.

The ChaCha20 and Poly1305 algorithms, originally developed by Bernstein, have been shown to be very secure. Further reading about these algorithms can be found in the link below.

http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04

We`re excited about this addition to our code.  If you have comments, questions, or need it in our code sooner than the end of this summer, let us know!  We can be reached at facts@wolfssl.com or by phone at +1 425 245 8247.

wolfSSL and Oculus Rift

Hi everyone, we’re curious if anyone is interested in using wolfSSL with the Oculus Rift? If you don’t know what an Oculus Rift is, it is a Next Generation Virtual Reality Technology for video games or any Virtual Reality Applications. You can learn more at the following URL:

http://www.oculusvr.com/

If you have any questions, or would like to see wolfSSL working with the Oculus Rift, please email us at facts@wolfssl.com

wolfSSL and CyaSSL Users SAFE from Recent OpenSSL Security Advisories

OpenSSL released several security advisories yesterday: http://www.openssl.org/news/secadv_20140605.txt. None of these are attacks on the SSL/TLS protocols themselves.  They are all implementation bugs.  Most are critical bug fixes to DTLS (TLS over UDP).  As a clean room implementation of SSL, wolfSSL does not use any OpenSSL code and is free from these defects.  The most critical report seems to be the Man in the Middle vulnerability where an attacker can inject a Change Cipher Spec message to force a weak key stream (CVE-2014-0224).  wolfSSL does not create the keying material upon receipt of the Change Cipher Spec message as OpenSSL did/does and is free from this problem.

The purpose of this note is not to critique OpenSSL, but rather to inform our user base about how they may be affected.  For additional information or questions about CyaSSL please contact us at facts@wolfssl.com