Month: March 2019

wolfSSL 24×7 support

wolfSSL provides support on four levels, one of which is the 24x7 support level. This support level includes many key features not available on the others, such as an unlimited number of support incidents, around-the-clock support from dedicated members of the wolfSSL support team, and remains in effect for an entire year.

wolfSSL provides three other levels of paid support, which also include some of the same features provided by 24x7 support. More details on the wolfSSL support packages and levels can be viewed here: https://www.wolfssl.com/products/support-packages-options/

wolfSSL also provides support for the latest version of the TLS protocol, TLS 1.3! Read more about wolfSSL's implementation and the protocol itself here: https://www.wolfssl.com/docs/tls13/

For more information, please contact facts@wolfssl.com.

wolfSSL ESP32 Hardware Acceleration Support

wolfSSL is excited to announce support for Espressif ESP32 hardware acceleration to the wolfSSL embedded SSL/TLS library!

The ESP32-WROOM-32 is a powerful, generic Wi-Fi+BLE MCU module with high flexibility, and is easily interactable with the wolfSSL embedded SSL/TLS library. As wolfSSL is highly portable and the ESP32-WROOM-32 is highly flexible, if your application has any special features that interfere with the existing wolfSSL port, they are easily remedied.

The new wolfSSL ESP32-WROOM-32 port functionality was added into the existing ESP-IDF port, and the ESP32-WROOM-32 functionality can be enabled by either defining the "WOLFSSL_ESPIDF" and “WOLFSSL_ESPWROOM32” or “WOLFSSL_ESPWROOM32SE” options in the settings.h file (or user_settings.h alternatively, if WOLFSSL_USER_SETTINGS is defined). For more details about this new ESP32 support, please see the REAMDE.md placed in the “<wolfssl-root>/wolfcrypt/src/port/Espressif” directory of the wolfSSL source tree. Details about the ESP-IDF port can be found in the README.md file located in "<wolfssl-root>/IDE/Espressif/".

wolfSSL's support for the onboard hardware cryptography of the ESP32 and ATECC608A gives users code size reductions and performance advantages.  A full set of benchmarks and performance comparisons can be found on our ESP32-specific webpage, located here: https://www.wolfssl.com/docs/espressif/.

Espressif ESP32-WROOM-32SE, Beta

The wolfSSL master branch can be cloned from here: https://github.com/wolfSSL/wolfssl
The README about ESP-IDF porting can be found here: https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md
The README about HW acceleration can be found here: https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/Espressif/README.md
The README about 32SE can be found here: https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README_32se.md

For more information, please contact facts@wolfssl.com.

Resources:
ESP32-WROOM-32 Overview: https://www.espressif.com/en/products/hardware/esp-wroom-32/overview

wolfSSL support for the ATECC508A/ATECC608A crypto coprocessor

wolfSSL embedded SSL/TLS support the latest Microchip ATECC508A and ATECC608A I2C cryptographic coprocessors. Not only is wolfSSL compatible with CryptoAuthLib, wolfSSL has also been tested on both the 508A and the 608A.

Prerequisites:

Examples:

  • wolfSSL uses PK (Public Key) callbacks for the TLS crypto operations
  • wolfCrypt uses the WOLFSSL_ATECC508A macro to enable native wc_ecc_* API support
  • wolfCrypt also uses the WOLFSSL_

The README.md and reference PK callbacks can be found here: https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/src/port/atmel

Additional demos for wolfSSL TLS Client/Server and wolfCrypt test/benchmarks can be found:

https://www.wolfssl.com/download/downloadMoreForm.php
https://github.com/dgarske/atmel

Preprocessor Macros:

  • WOLFSSL_ATECC508A
  • WOLFSSL_ATECC_PKCB
  • WOLFSSL_ATMEL

PK Callbacks:

wolfSSL’s TLS layer PK callbacks expose API’s to set ECC callbacks. These are enabled with: #define HAVE_PK_CALLBACKS or ./configure --enable-pkcallbacks.

Reference API’s:

  • atcatls_create_key_cb
  • atcatls_verify_signature_cb
  • atcatls_sign_certificate_cb
  • atcatls_create_pms_cb

For more questions please email us at facts@wolfssl.com.

wolfCrypt v4 FIPS

Recently, the National Institute of Standards and Technology (NIST) completed the validation of the wolfCrypt module version 4 for an updated Federal Information and Processing Standards (FIPS) 140-2 certificate. This new certificate includes updated and more secure algorithms added to the wolfCrypt module's boundary, some of which are listed below.

FIPS 140-2 is a government standard that specifies a software module is compatible and allowed to be used in government systems. This includes such areas as drone software, government databases, and other high-security/high-power uses.

The new FIPS 140-2 validation has certificate #3389. The Operating Environments (OEs) tested are Ubuntu Linux (16.04) and Windows 10 on Intel Core i5 processors. Full details about the OEs can be found on the CSRC certificate page. Additionally, the certificate also includes the following algorithms: AES (CBC, GCM, CTR, ECB), CVL, Hash DRBG, DHE, ECDSA (key generation, sign, verify), HMAC, RSA (key generation, sign, verify), SHA-3, SHA-2, SHA-1, and Triple-DES.

For more information about wolfSSL, wolfCrypt, or our FIPS 140-2 validations, please view our resources below.

Other information can be obtained, or questions can also be answered by contacting facts@wolfssl.com.

Building Secure Socket Funneling (SSF) with wolfSSL

wolfSSL can now be used to replace OpenSSL in Secure Socket Funneling (SSF)!

Secure Socket Funneling (SSF) is a network tool and toolkit. It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS tunnel to a remote computer.

Features:

  • Local and remote TCP port forwarding
  • Local and remote UDP port forwarding
  • Local and remote SOCKS server
  • Local and remote shell through sockets
  • File copy
  • Native relay protocol
  • TLS connection with the strongest cipher-suites

Since SSF is dependent on Boost.Asio for TLS purposes and Boost.Asio is now compatible with wolfSSL (see blog post), you now have the option to run SSF with wolfSSL’s high standard of internet security.

If you are interested in using wolfSSL with SSF in your project, please contact us at facts@wolfssl.com and we will happily provide you with the needed source code and instructions on how to build everything together successfully.

Posts navigation

1 2