Month: July 2023

Are you a thought leader in the world of embedded devices? If so, you will need to make yourself aware of the coming impacts of post-quantum cryptography and how it will affect the various industries and verticals that you participate in. Have a listen to Entrust’s Cybersecurity Institute’s second episode of the their post-quantum podcast series titled: “The Impact of Post-Quantum Cryptography on Constrained Devices” where our very own Senior Software Developer, Anthony Hu, will be a guest panelist talking about the changes to the landscape of constrained device development with the coming of these new algorithms and standards. The podcast episode can be found at: https://www.entrust.com/cybersecurity-institute/cybersecurity-institute-podcasts/2023/post-quantum-series-episode-2-smart-devices.

If the podcast sparks some further questions that you have, you can reach out to facts@wolfssl.com or call us at +1 425 245 8247 to continue the conversation with us here at wolfSSL!

We are excited to tell you about our partner collaboration with ST Micro! This collaboration is a video series about wolfBoot, a secure bootloader and the STM32, a family of 32-bit microcontrollers.

This is a 4 part video series showing how to use wolfBoot on various STM32 microcontrollers.

Video 1: wolfBoot for STM32, Part 1: Overview
“Overview of the wolfSSL products and the wolfBoot support for STM32 devices. The wolfBoot product features such as secure boot, measured boot, encrypted partitions and root of trust (in the bootloader, TPM or secure element). Comparison of the SBSFU, TFM and wolfBoot options for STM32 micro-controllers. Implementation details for design of wolfBoot and how the partitions are defined.”

Video 2: wolfBoot for STM32, Part 2: Getting Started
“How to download wolfBoot, where to find files and documentation. The wolfBoot product features such as secure boot, measured boot, encrypted partitions and root of trust (in the bootloader, TPM or secure element).”

Video 3: wolfBoot for STM32, Part 3: Out of the Box Experience
“How to configure, build, run, and debug wolfBoot on NUCLEO-G071RB board.”

Video 4: wolfBoot for STM32, Part 4: STM32U5
“How to configure, build, run and debug wolfBoot on STM32U5 (B-U585I-IOT02A) development board”

Please contact us at facts@wolfssl.com if you would like to receive a copy of the slides.

Additional Resources
https://www.st.com/en/embedded-software/wolfboot.html
https://www.wolfssl.com/products/wolfboot/

Please contact us at facts@wolfssl.com, or call us at +1 425 245 8247with any questions about the webinar.
For technical support, please contact support@wolfssl.com or view our FAQ page.
In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.

As mentioned in a previous post, OpenSSL 1.1.1 branch of releases will hit End of Life (EoL) by September 11th, 2023.  That’s right, it’s not a typo!  It’s about 3 months away! It’s already listed as an old release branch here:  https://www.openssl.org/source/old/ . Are you sure you are ready to tackle the migration to their new LTS branch of releases?

In that post (https://www.wolfssl.com/openssl-1-1-1-eol/) we listed 3 ways that wolfSSL could help. One of them was wolfEngine. You can continue using OpenSSL, but under the hood the wolfCrypt implementations of the cryptographic algorithms will be used. This might be especially useful if you are looking for an accelerated path to FIPS certification.

We have put in extra testing against 1.1.1s (which is likely to be the final release on that branch of releases) and can confirm that wolfEngine backed by wolfCrypt will work smoothly with it. Its as easy as setting the OPENSSL_CONF environment variable and adding the following to openssl.conf: 

engine_id = libwolfengine

dynamic_path = /path/to/libwolfengine.so

init = 1

The other option is to set the OPENSSL_ENGINES environment variable to the directory containing libwolfengine.so and then calling the ENGINE_by_id() function. 

And just like that, you will have meticulously optimized, well-supported, regularly updated and best-tested cryptographic implementations working for you; no changes to your code required!

Have questions? Want to learn more about your options in the face of the 1.1.1 release branch EoL?  Reach out to facts@wolfssl.com, or call us at +1 425 245 8247

We have updated our Zephyr support to 3.4 for wolfSSL release 5.6.2! Zephyr is an open-source real-time operating system (RTOS). It is portable (supporting over 450 boards!) and secure with a comprehensive and lightweight kernel. All of these features make wolfSSL a great choice for security in Zephyr.

The port update comes with a set of sample applications to showcase how to use wolfSSL inside Zephyr. The available samples are:

• wolfssl_benchmark – a benchmarking framework to test the performance of cryptographic algorithms
• wolfssl_test – a testing framework with unit tests for wolfSSL
• wolfssl_tls_thread – client and server example using threading and custom I/O callbacks
• wolfssl_tls_sock – client and server example using threading and unix sockets

Instructions and documentation on how to use wolfSSL inside Zephyr are available here https://github.com/wolfSSL/wolfssl/tree/master/zephyr.

For more information on our 5.6.2 release see https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.2-stable.

If you have questions on any of the above, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247

With our ongoing development of world-class commercial-grade cryptography solutions for the Espressif products, wolfSSL is proud to announce support for the ESP32-S3 Embedded Linux Kernel!

Our very own [gojimmypi] was able to get the wolfSSL wolfcrypt tests running successfully as an app on the embedded Linux environment thanks to the work of [jcmvbkbc] on linux-xtensa. For additional details on building the ESP32-S3 Linux kernel toolchain, see: https://gojimmypi.github.io/ESP32-S3-Linux/

Linux on the tiny and inexpensive ESP32-S3 is an exciting development that opens many more ideas of what is possible for embedded solutions.

If you’d like to build your own wolfSSL app for the ESP32-S3 Linux Kernel, here’s one possible configuration:

./configure \

  --host=xtensa-esp32s3-linux-uclibcfdpic \

  CC=xtensa-esp32s3-linux-uclibcfdpic-gcc \

  AR=xtensa-esp32s3-linux-uclibcfdpic-ar \

  STRIP=xtensa-esp32s3-linux-uclibcfdpic-strip \

  RANLIB=xtensa-esp32s3-linux-uclibcfdpic-ranlib \

  --prefix=/mnt/s3linux/build-xtensa-2023.02-fdpic-esp32s3/target/opt \

  CFLAGS="-mfdpic -mforce-l32 -DNO_WRITEV -DWOLFSSL_USER_SETTINGS" \

         "-DDEBUG_WOLFSSL -DTFM_NO_ASM -DALT_ECC_SIZE" \

  --disable-filesystem --disable-shared --enable-psk

This new environment for wolfSSL also prompted addition of yet another test for the best tested cryptography: a read-only filesystem const pointer test in case you forget to compile with the proper read-only flash file system directives:

CFLAGS="-mfdpic -mforce-l32 …”

The first question many people ask: How fast is wolfSSL on an embedded Linux for the ESP32-S3? Initial findings show that the wolfSSL cipher computational benchmark performance is similar between the Linux app on the ESP32-S3 kernel and the ESP32-WROOM programmed with the ESP-IDF. 

See some of our other recent prior blogs on Espressif news:

• wolfSSL Espressif ESP32-C3 RISC-V Support
• wolfSSH examples for Espressif on ESP32 or ESP8266

There’s also support for wolfSSL on Espressif and more Espressif resources. 

Do you have any questions related to using wolfSSL in your next project? Contact us at facts@wolfSSL.com, or call us at +1 425 245 8247 to learn more.

A while back, we posted the following entry on our blog:

https://www.wolfssl.com/wolfssh-post-quantum-interoperability-confirmed/

In it, we talked about post-quantum interoperability with both the OpenQuantumSafe’s OpenSSH fork and AWS’s implementation of SSH. More recently, our friends at AWS have posted a great set of detailed instructions on how to reproduce their interoperability test results:

https://aws.amazon.com/blogs/security/post-quantum-hybrid-sftp-file-transfers-using-aws-transfer-family/

There, you can find instructions on how to configure AWS Transfer Family to enable hybrid post-quantum key exchange with ECDHE and Kyber.  There is then a link to further instructions on how to build liboqs, wolfSSL and finally wolfSSH with the liboqs integration.  Finally, there is an example command line invocation of wolfsftp that connects to AWS Transfer Family.

Our friends at AWS also go into great detail about expected output and what you can expect from wireshark if you monitor the connection.

We here at wolfSSL would like to give a big round of applause and thank our friends at AWS for posting such a great piece on their blog! If you have any further questions about how post-quantum algorithms and protocols fit into our roadmap, please don’t hesitate to reach out to us by sending a message to facts@wolfssl.com or or call us at +1 425 245 8247.

 

We are excited to tell you about our partner collaboration with ST Micro! This collaboration is a video series about wolfBoot, a secure bootloader and the STM32, a family of 32-bit microcontrollers.

This is a 4 part video series showing how to use wolfBoot on various STM32 microcontrollers.

Video 1: wolfBoot for STM32, Part 1: Overview https://www.youtube.com/watch?v=9R4Gl0qrzZ0

• “Overview of the wolfSSL products and the wolfBoot support for STM32 devices. The wolfBoot product features such as secure boot, measured boot, encrypted partitions and root of trust (in the bootloader, TPM or secure element). Comparison of the SBSFU, TFM and wolfBoot options for STM32 micro-controllers. Implementation details for design of wolfBoot and how the partitions are defined.”

Video 2: wolfBoot for STM32, Part 2: Getting Started https://www.youtube.com/watch?v=e5VwYA5kknA

• “How to download wolfBoot, where to find files and documentation. The wolfBoot product features such as secure boot, measured boot, encrypted partitions and root of trust (in the bootloader, TPM or secure element).”

Video 3: wolfBoot for STM32, Part 3: Out of the Box Experience https://youtu.be/VrgooHCoUNk

• “How to configure, build, run, and debug wolfBoot on NUCLEO-G071RB board.”

Video 4: wolfBoot for STM32, Part 4: STM32U5 https://youtu.be/dzcmscEyrKM

• “How to configure, build, run and debug wolfBoot on STM32U5 (B-U585I-IOT02A) development board”

Please contact us at facts@wolfssl.com if you would like to receive a copy of the slides.

Additional Resources

• https://www.st.com/en/embedded-software/wolfboot.html

• https://www.wolfssl.com/products/wolfboot/

Please contact us at facts@wolfssl.com or call us at +1 425 245 8247 with any questions about the webinar.

For technical support, please contact support@wolfssl.com or view our FAQ page.

In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.

One of the features that makes wolfSSL stand out from other SSL/TLS libraries is its wide range of support for many hardware cryptographic accelerators. In particular, wolfSSL leverages the cryptographic accelerators built into the NXP i.MX6 and i.MX8 processors. How it uses the CAAM with i.MX6 and i.MX8 is dependent on the OS being used, varying from our own drivers to making use of existing drivers. With MCUEXPRESSO the use of NXP’s CAAM driver is leveraged and expanded on.

Recently, wolfSSL added support for the NXP i.MX RT1170 processor. The i.MX RT1170 is a powerful microcontroller that is designed for use in a wide range of applications, including industrial automation and medical devices. This new port of wolfSSL to the i.MX RT1170 takes advantage of the processor’s built-in cryptographic acceleration features, using the CAAM to perform fast and secure cryptographic operations.

Overall, the addition represents a significant improvement to the wolfSSL library for users of the i.MX RT1170 processor. By taking advantage of the CAAM hardware accelerator on the i.MX RT1170, wolfSSL is able to offload cryptographic operations and make ECC operations more secure with the use of black encrypted keys, making it an ideal choice for applications that require high performance and strong security. With the continued development of these features, wolfSSL is poised to remain a leading SSL/TLS library for resource-constrained environments.

If you have questions on any of the above, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247

Did you know that wolfSSL has been ported to and tested on Xilinx Versal hardware? There is support also in wolfSSL to make use of the Xilinx hardened crypto, enhancing both security and performance. Xilinx hardened crypto has accelerated crypto operations (SHA3-384 / AES-GCM / RSA / ECDSA) available on Ultrascale+ devices and is available for use with the latest and greatest Versal boards. wolfSSL makes these calls using the API from Xilinx’s XilSecure library (https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_services/xilsecure) and with the addition of Versal there was minor changes to the existing calls to make use of the new features available (ECC / RNG / AES-GCM with AAD). When benchmarking we saw well over a Gigabyte per second with AES-GCM operations in our demo and improvements in performance of RSA, ECDSA, and SHA3-384 over software only implementations.

A previous white paper going into the setup and use of wolfSSL on older Ultrascale+ devices with Xilinx hardened crypto can be found here (https://docs.xilinx.com/v/u/en-US/wp512-accel-crypto). The support for Versal along with a README can be found in the wolfSSL bundle located in IDE/XilinxSDK/. 

If you have questions on any of the above, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247

Would you like to learn more about how SSL/TLS work, or more about the wolfSSL lightweight SSL library? If so, wolfSSL is offering a training course on SSL/TLS and wolfSSL. The FREE 2 day (4 hours each day) wolfSSL training course covers details of SSL/TLS as well as the wolfSSL embedded SSL library. Participants will have the opportunity to learn the inner workings of the SSL/TLS protocols as well as further their knowledge of the wolfSSL embedded SSL library. Topics covered will include library design, building and getting started with wolfSSL, features, portability/customizability, certificates and keys, debugging and troubleshooting SSL, wolfSSL best practices, and details about the wolfCrypt cryptography library

Course Objectives:
Upon completion of the wolfSSL training course, attendees will:

– Achieve a basic understanding of how SSL/TLS work
– Learn the package and design of wolfSSL
– Effectively build wolfSSL for target platforms
– Learn effective wolfSSL debugging strategies
– Add wolfSSL to different client and server applications
– Learn best practices for adding wolfSSL to embedded, desktop/enterprise, or cloud applications or devices
– Develop using wolfSSL’s underlying cryptography library

As always, our webinars will include Q&A sessions throughout the webinar. Please make sure to register for both days to get full access to the course.

Register today and secure your spot! Day 1 Day 2

If you have questions on any of the above, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247