wolfSSL DTLS1.3 ESP32 Examples Now Available

Have you heard about secure UDP packets? Yes, you can enjoy the security of TLS1.3 level encryption but use UDP instead of TCP on the ESP32. It’s called DTLS. The UDP packets are typically used in lossy, unreliable networks such as LoRa (low-power, long-range radio networks). Most people interested in secure UDP are using the older DTLS 1.2.

Last year, wolfSSL announced support for the new RFC 9147 DTLS1.3 Standard. We now have DTLS13 client and server examples available for the Espressif ESP32 series. These projects can optionally be used in conjunction with the command-line client and server examples.

There are a variety of DTLS (both 1.2 and 1.3) examples in the wolfssl-examples/dtls.

If you intend to use Wireshark to inspect packets and verify that your application is using the newest DTLS 1.3, as of September 2023 this feature has not yet been added. See WireShark issue #18071. In the meantime you can check the cipher suite attribute in the Wireshark packet inspection and confirm it is one of the valid TLS 1.3 cipher suites. See RFC 8446 Page 133:

+------------------------------+-------------+
| Description                  | Value       |
+------------------------------+-------------+
| TLS_AES_128_GCM_SHA256       | {0x13,0x01} |
|                              |             |
| TLS_AES_256_GCM_SHA384       | {0x13,0x02} |
|                              |             |
| TLS_CHACHA20_POLY1305_SHA256 | {0x13,0x03} |
|                              |             |
| TLS_AES_128_CCM_SHA256       | {0x13,0x04} |
|                              |             |
| TLS_AES_128_CCM_8_SHA256     | {0x13,0x05} |
+------------------------------+-------------+

Just getting started with wolfSSL on the ESP32? Check out the recorded webinar on youtube

See also some of the recent ESP32 blogs such as the RISC-V ESP32-C3, running Linux on the ESP32-S3 and others.

There’s also support for wolfSSL on Espressif and more Espressif resources.

Do you have any questions related to using wolfSSL in your next project? Contact us at facts@wolfSSL.com or call us at +1 425 245 8247 to learn more.

Download wolfSSL

wolfCLU supports new x509 options

We are constantly enhancing wolfCLU, a command line utility for manipulating certificates. Recently we added some new x509 options. These additions, -req, -extfile, -extensions, -signkey and -* enhance the x509 functionality. Having these options added to wolfCLU helps with generatingself-signed x509 certificates when using the x509 command.

  • [-req] Users can generate a certificate signing request (CSR) directly from the command line.
  • [-extfile] Users can specify a file containing certificate extension configuration.
  • [-extensions] Users can define certificate extensions directly in the command line.[-signkey] Users can provide an existing private key to sign the certificate being generated.
  • [-*] Users can select any supported digest for signing. Currently sha1, sha256, sha384 and sha512 are available.

The following example demonstrates how to use these new options to update a self signed x509 certificate.

wolfssl x509 -req -in client-cert.csr -extfile wolfssl.cnf -extensions
        uri -signkey client-key.pem -out client-uri-cert.pem

These new options are part of our ongoing commitment to provide a feature-rich and user-friendly experience with wolfCLU’s x509 command.

If you have any feedback, questions, or require support, please don’t hesitate to reach out to us at facts@wolfSSL.com. or call us at +1 425 245 8247.

Download wolfSSL

Post-Quantum: 3 New Draft Standards

After a long and arduous journey, NIST has finally released the draft standards for 3 post-quantum algorithms:

Let’s talk a little bit about each of the documents one by one.

FIPS-203 specifies ML-KEM which was based on the NIST Post-Quantum Competition’s only KEM winner Kyber. ML-KEM stands for Module Lattice-based Key Encapsulation Mechanism. It defines 3 parameter sets; each at a different level of security:

  • ML-KEM-512 (security equivalence to AES-128)
  • ML-KEM-768 (security equivalence to AES-192)
  • ML-KEM-1024 (security equivalence to AES-256)

ML-KEM is appropriate as a general replacement for quantum-vulnerable key exchange algorithms such as ECDH or FFDH. Note that ECDH and FFDH happen to be Non-Interactive Key Exchange (NIKE) algorithms, but ML-KEM is not so for applications where the non-interactivity is a requirement, ML-KEM is NOT an appropriate drop-in replacement. While the performance of ML-KEM is very good, the cryptographic artifact sizes are larger than those of ECDH and FFDH.

FIPS 204 specifies ML-DSA which was based on the NIST Post-Quantum Competition’s Signature Scheme winner Dilithium. ML-DSA stands for Module Lattice Digital Signature Algorithm. It defines 3 parameter sets; each at a different level of security:

  • ML-DSA-44 (security equivalence to SHA3-256)
  • ML-DSA-65 (security equivalence to AES-192)
  • ML-DSA-87 (security equivalence to AES-256)

Interestingly, the numbers in the parameter set names refers to the dimensions of a matrix that is used during key generation. For example, for ML-DSA-65, that matrix is 6 by 5 thus the 65. ML-DSA is appropriate as a general replacement for quantum-vulnerable signature algorithms such as ECDSA and RSA. While the performance of ML-DSA is very good, the cryptographic artifact sizes are larger than those of ECDSA and RSA.

FIPS 205 specifies SLH-DSA which was based on the NIST Post-Quantum Competition’s Signature Scheme winner SPHINCS+. SLH-DSA stands for StateLess Hash-based Digital Signature Algorithm. It defines 12 parameter sets:

  • SLH-DSA-SHA2-128s
  • SLH-DSA-SHAKE-128s
  • SLH-DSA-SHA2-128f
  • SLH-DSA-SHAKE-128f
  • SLH-DSA-SHA2-192s
  • SLH-DSA-SHAKE-192s
  • SLH-DSA-SHA2-192f
  • SLH-DSA-SHAKE-192f
  • SLH-DSA-SHA2-256s
  • SLH-DSA-SHAKE-256s
  • SLH-DSA-SHA2-256f
  • SLH-DSA-SHAKE-256f

The names can be seen as having the following format:
SLH-DSA-<hash>-<AES equivalence><optimization>

<hash> : Either SHA2 or or SHAKE. This is the hashing algorithm that is used for that parameter set.
<AES equivalence> : 128, 192, or 256. The security equivalence to AES.
<optimization> : s or f. ‘s’ is for small and ‘f’ is for fast.

SLH-DSA is appropriate as a general replacement for already standardized Stateful Hash-based Signature Schemes such as LMS and XMSS which are currently already standardized by NIST and are suggested for use for firmware signing and verification by the CNSA 2.0 guidance put out by the NSA. The performance and artifact sizes of SLH-DSA are comparable to LMS and XMSS.

This begs the question, since LMS and XMSS are already quantum-safe, why would they need to be replaced? The answer is that the management of the state in the Stateful Hash-based Signature Schemes is a potential pitfall and makes it vastly more difficult to use.

Finally, those of you that have been following this process are probably wondering what happened to Falcon. It is also getting a draft standard but is more difficult to implement so NIST is taking extra care and more time to write the draft standard for it.

If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Post-Quantum Script Magician: Igor Barshteyn

Today we’d like to give a quick shout out to Igor Barshteyn! He is a long time and active member of the cryptography and information security communities. His interests are very apparent in his posts on LinkedIn.

Besides sleuthing out the the NIST post-quantum draft standards the day before their release and a multitude of other interesting posts, he has come up with a script to allow for easy experimentation in wolfSSL with post-quantum algorithms hybridized with NIST ECC curves in our fips-ready releases. But why would he do that?

Well, if you’re interested in cryptographic compliance, then you will know that the NSA’s CNSA 2.0 guidance requires the use of Kyber. You’ll also know that FIPS 140-2/3 requires the use of FIPS approved ECC curves for key exchange. Moreover, NIST has stated that an ECC key exchange done in a FIPS 140 approved mode of operation can be hybridized a with a post-quantum algorithm and still be considered in a FIPS 140 approved mode of operation. See FQAs for more detail.

Are you curious to see how hybrid FIPS 140 approved mode of key exchange hybridized with the CNSA 2.0 approved Kyber will perform in your environment or on your system? You can find out today!! Check out Igor’s post which has great instructions and a link to his script!Are you curious to see how hybrid FIPS 140 approved mode of key exchange hybridized with the CNSA 2.0 approved Kyber will perform in your environment or on your system? You can find out today!! Check out Igor’s post which has great instructions and a link to his script!

If you have questions on any of above, please contact us at facts@wolfSSL.com, or call us as +1 425 245 8247.

Download wolfSSL

Live Webinar: Reasons to Migrate from OpenSSL to wolfSSL

Are you seeking a superior alternative to OpenSSL with better support and smoother workflow?
wolfSSL can fulfill your needs, addressing the gaps you might be experiencing while using OpenSSL. Join our upcoming webinar hosted by wolfSSL engineer Anthony, where he will focus on advantages of switching to wolfSSL. Discover why choosing wolfSSL over OpenSSL can reshape your projects.

Watch the webinar here: Migrate from OpenSSL to wolfSSL

Sneak peek of the webinar:

  • Certified FIPS provider
  • Support for the QUIC protocol (–enable-quic)
  • Support for Post-quantum integration
  • Top-notch support services
  • And much more!

Anthony will provide in-depth insights into what sets wolfSSL apart from OpenSSL. Watch it now to explore the potential benefits of using wolfSSL. Let us introduce you to solutions that work best for your projects!

As always, our webinars will include Q&A sessions throughout the webinar. If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Benchmarking wolfCrypt on Cortex M0+

We added a benchmark running on Raspberry Pi PIco-W. It runs with Cortex M0+, 125MHz. If you are interested in how wolfSSL/wolfCrypt works on low end MCU, this should be a good example benchmark to look into.

Here are some highlights:

  • Hash operations such as SHA256 run faster than 1 M bytes per second.
  • Symmetric algorithms like AES-GCM enc/dec faster than 300 k bytes per second.
  • ECDH keygen/agreement, ECDSA sign/verify around 100mSec to 50mSec per operation.

Visit our ‘Raspberry Pi Pico-W’ benchmark page for further details.

If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.
Download wolfSSL

DTLS Support Added to wolfMQTT-SN

wolfSSL is delighted to announce that we have added a secure way for sensors to communicate to the gateway using DTLS and MQTT-SN! We used the Paho MQTT-SN Gateway project’s recent addition of DTLS support for testing.

Testing details are in the pull request.

Let us know what you think by sending a note to facts@wolfSSL.com.

You can download the latest release, or clone directly from our GitHub repository.
While you’re there, show us some love and give the wolfMQTT project a Star!

If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Live Webinar: SM ciphers are implemented in wolfSSL

Join the webinar to discover how the latest SM cipher implementations from wolfSSL comply with Chinese regulations and can secure your critical systems! wolfSSL engineer Sean will reveal all the details to help you find the best solutions for your critical systems on September 7th at 2pm PT.

Watch the webinar here: SM ciphers are implemented in wolfSSL

The Chinese government mandates the use of SM2, SM3, and SM4 in critical systems such as automobiles, avionics and more. wolfSSL is proud to announce our supported versions of these ciphers tailored to our customers in the Chinese market. We also have a plan to release the ZUC stream cipher later this year to completely satisfy SM9. Additionally, we’re actively communicating with labs regarding support of OSCCA certification in the future.

This exciting development is fantastic news for our customers in the Chinese market, ensuring they remain compliant with the latest regulations.

Benefits of using wolfSSL products:

  1. The SM Ciphers are fully supported in wolfSSL’s TLS 1.3 and DTLS 1.3 implementations.
  2. wolfSSH, wolfBoot and our other products will support ShangMi ciphers.
  3. ARM, Intel, and RiscV assembly is in the works for our SM implementations for maximum performance
  4. We support bare metal for SM2, SM3, and SM4
  5. We have maximized performance and minimized size, so the ShangMi algorithms will work well for embedded systems use cases on a wide variety of microcontrollers (MCU’s). They will be available for all of the MCU silicon that we currently support, including STM32, NXP i.MX, RISC-V, Renesas RA, RX, and Synergy, Nordic NRF32, Microchip PIC32, Infineon Aurix, TI MSP, and many others
  6. Our GPLv2 versions of the SM ciphers are available on GitHub

Commercially licensed versions are available.

Don’t miss this opportunity to discover solutions for your system security and compliance. Join our webinar to explore the full potential of SM cipher implementations from wolfSSL.

Watch it now!

As always, our webinars will include Q&A sessions throughout the webinar. If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Every hardware cryptography scheme wolfSSL has ever enabled

At wolfSSL we support hardware cryptography for a wide range of platforms. The benefits of hardware cryptography include reduced code footprint size, improved security, acceleration of cryptographic operations, and utilization of true random number generators. For example, this allows everything from wolfBoot to TLS cipher suites to enjoy acceleration of cryptographic operations.

Furthermore, we have deep partnerships with industry leaders such as Intel, NXP, and Renesas. We support standard Intel instruction extensions such as AES-NI, AVX, and ADX and BMI2, and have recently published a joint whitepaper on using wolfBoot with 11th Gen Intel Core processors. We also support NXP’s Cryptographic Accelerator and Assurance Module (CAAM), and have leveraged this for hardware acceleration on a number of NXP i.MX series processors. Other examples include Espressif and Analog Devices, to name but a few.

If you’re curious for a list of every hardware cryptography scheme and platform we have enabled, then read on:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Do you have a platform requiring hardware cryptographic support that isn’t on our list, or are you curious about benchmarking? Please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247 with the details of your platform and we will be glad to help you! Also, check out our wolfSSL and wolfCrypt benchmark page.

 

Download wolfSSL

wolfSSL on the Espressif ESP32-C3 RISC-V

More and more customers are asking about the Espressif ESP32 RISC-V SoC products. The answer is an enthusiastic YES. We support all of the Espressif ESP-32 chipsets, including the ESP32-C6 and the ESP32-C3 RISC-V devices.

Check out our recent video: Getting Started with wolfSSL on the ESP32. Our Espressif examples make it easier than ever to take wolfSSL for a test drive. See also the recent blog on the ESP Component Registry and other blogs on the ESP32 topic.

Shown below is an out-of-the-box, default-settings version of wolfSSL running the Benchmark app on the ESP32-C3 in a typical ESP-IDF v5.1 environment. Keep in mind there are numerous wolfSSL settings to fine-tune our libraries to your product.

We currently have RISC-V hardware acceleration in development. This means that some of the performance metrics should improve by upwards of 10x faster.

Interested in other boards as well? Check out our partial and growing list of supported boards.

I (31) boot: chip revision: v0.4
I (35) boot.esp32c3: SPI Speed      : 80MHz
I (40) boot.esp32c3: SPI Mode       : DIO
I (44) boot.esp32c3: SPI Flash Size : 2MB
------------------------------------------------------------------------------
 wolfSSL version 5.6.3
------------------------------------------------------------------------------
Math:   Multi-Precision: Wolf(SP) word-size=32 bits=3072 sp_int.c
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG                        725 KiB took 1.027 seconds,  705.940 KiB/s Cycles per byte =  55.33
AES-128-CBC-enc             50 KiB took 1.082 seconds,   46.211 KiB/s Cycles per byte = 845.33
AES-128-CBC-dec             50 KiB took 1.088 seconds,   45.956 KiB/s Cycles per byte = 850.03
AES-192-CBC-enc             50 KiB took 1.297 seconds,   38.551 KiB/s Cycles per byte = 1013.13
AES-192-CBC-dec             50 KiB took 1.303 seconds,   38.373 KiB/s Cycles per byte = 1017.77
AES-256-CBC-enc             50 KiB took 1.511 seconds,   33.091 KiB/s Cycles per byte = 1180.73
AES-256-CBC-dec             50 KiB took 1.517 seconds,   32.960 KiB/s Cycles per byte = 1185.42
AES-128-GCM-enc             50 KiB took 1.187 seconds,   42.123 KiB/s Cycles per byte = 927.09
AES-128-GCM-dec             50 KiB took 1.186 seconds,   42.159 KiB/s Cycles per byte = 927.11
AES-192-GCM-enc             50 KiB took 1.405 seconds,   35.587 KiB/s Cycles per byte = 1097.49
AES-192-GCM-dec             50 KiB took 1.405 seconds,   35.587 KiB/s Cycles per byte = 1097.53
AES-256-GCM-enc             50 KiB took 1.623 seconds,   30.807 KiB/s Cycles per byte = 1267.69
AES-256-GCM-dec             50 KiB took 1.623 seconds,   30.807 KiB/s Cycles per byte = 1267.73
GMAC Default               478 KiB took 1.000 seconds,  478.000 KiB/s Cycles per byte =  81.71
3DES                       375 KiB took 1.003 seconds,  373.878 KiB/s Cycles per byte = 104.48
MD5                      10625 KiB took 1.000 seconds, 10625.000 KiB/s Cycles per byte =   3.67
SHA                       5400 KiB took 1.000 seconds, 5400.000 KiB/s Cycles per byte =   7.23
SHA-224                   1700 KiB took 1.014 seconds, 1676.529 KiB/s Cycles per byte =  23.30
SHA-256                   1700 KiB took 1.014 seconds, 1676.529 KiB/s Cycles per byte =  23.30
SHA-384                   1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte =  30.91
SHA-512                   1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte =  30.91
SHA-512/224               1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte =  30.91
SHA-512/256               1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte =  30.91
SHA3-224                   925 KiB took 1.006 seconds,  919.483 KiB/s Cycles per byte =  42.47
SHA3-256                   875 KiB took 1.008 seconds,  868.056 KiB/s Cycles per byte =  45.02
SHA3-384                   675 KiB took 1.010 seconds,  668.317 KiB/s Cycles per byte =  58.47
SHA3-512                   475 KiB took 1.019 seconds,  466.143 KiB/s Cycles per byte =  83.77
SHAKE128                  1075 KiB took 1.009 seconds, 1065.411 KiB/s Cycles per byte =  36.68
SHAKE256                   875 KiB took 1.008 seconds,  868.056 KiB/s Cycles per byte =  45.02
RIPEMD                    4325 KiB took 1.005 seconds, 4303.483 KiB/s Cycles per byte =   9.07
HMAC-MD5                 10525 KiB took 1.000 seconds, 10525.000 KiB/s Cycles per byte =   3.71
HMAC-SHA                  5375 KiB took 1.004 seconds, 5353.586 KiB/s Cycles per byte =   7.30
HMAC-SHA224               1675 KiB took 1.007 seconds, 1663.357 KiB/s Cycles per byte =  23.48
HMAC-SHA256               1675 KiB took 1.006 seconds, 1665.010 KiB/s Cycles per byte =  23.48
HMAC-SHA384               1250 KiB took 1.004 seconds, 1245.020 KiB/s Cycles per byte =  31.38
HMAC-SHA512               1250 KiB took 1.004 seconds, 1245.020 KiB/s Cycles per byte =  31.38
PBKDF2                       0 KiB took 1.092 seconds,    0.200 KiB/s Cycles per byte = 194936.64
RSA     2048   public        48 ops took 1.001 sec, avg 20.854 ms, 47.952 ops/sec
RSA     2048  private         2 ops took 9.438 sec, avg 4719.000 ms, 0.212 ops/sec
ECC   [      SECP256R1]   256  key gen         8 ops took 1.159 sec, avg 144.875 ms, 6.903 ops/sec
ECDHE [      SECP256R1]   256    agree         8 ops took 1.154 sec, avg 144.250 ms, 6.932 ops/sec
ECDSA [      SECP256R1]   256     sign         8 ops took 1.176 sec, avg 147.000 ms, 6.803 ops/sec
ECDSA [      SECP256R1]   256   verify         4 ops took 1.119 sec, avg 279.750 ms, 3.575 ops/sec
CURVE  25519  key gen         3 ops took 1.136 sec, avg 378.667 ms, 2.641 ops/sec
CURVE  25519    agree         4 ops took 1.512 sec, avg 378.000 ms, 2.646 ops/sec
ED     25519  key gen        73 ops took 1.004 sec, avg 13.753 ms, 72.709 ops/sec
ED     25519     sign        62 ops took 1.007 sec, avg 16.242 ms, 61.569 ops/sec
ED     25519   verify        40 ops took 1.033 sec, avg 25.825 ms, 38.722 ops/sec
Benchmark complete

If you have any feedback, questions, or require support, please don’t hesitate to reach out to us via facts@wolfSSL.com, call us at +1 425 245 8247, or open an issue on GitHub.

Download wolfSSL

Posts navigation

1 2 3 41 42 43 44 45 46 47 198 199 200