Topic: Fastmath on CortexM3

I'm running wolfssl 2.5.0 on cortex m3 (lpc1788) mcu. If I swith to fastmath, wolfssl fails to verify RSA certificates  (keys & certificates were generated on x86 wolfssl instance using default big integer lib). Is this behaviour normal (wolfssl_fastmath  is incompatible with wolfssl_big_integer) and I need to make new keys using fast math?

Share

Re: Fastmath on CortexM3

Hi X-log,

Certs and Keys generated with either the Big Integer or fastmath libraries should be interchangeable.  Have you verified that the CTaoCrypt test app (./ctaocrypt/test/test.c) passes on your device with both the Big Integer and fastmath libraries being used?

Thanks,
Chris

Re: Fastmath on CortexM3

All tests pass.

Test using bigendian wrote:

MD5      test passed!
MD4      test passed!
SHA      test passed!
SHA-256  test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
ARC4     test passed!
Rabbit   test passed!
DES      test passed!
DES3     test passed!
AES      test passed!
RANDOM   test passed!
RSA      test passed!
PWDBASED test passed!

Test using fastmath wrote:

MD5      test passed!
MD4      test passed!
SHA      test passed!
SHA-256  test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
ARC4     test passed!
Rabbit   test passed!
DES      test passed!
DES3     test passed!
AES      test passed!
RANDOM   test passed!
RSA      test passed!
PWDBASED test passed!

debug then using fastmath wrote:

CyaSSL Entering CYASSL_CTX_new
CyaSSL Entering CyaSSL_Init
CyaSSL Entering CyaSSL_CertManagerNew
CyaSSL Leaving CYASSL_CTX_new, return 0
CyaSSL Entering CyaSSL_CTX_use_certificate_buffer
Checking cert signature type
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
CyaSSL Entering GetAlgoId
Getting Cert Name
Getting Cert Name
CyaSSL Entering GetAlgoId
Not ECDSA cert signature
CyaSSL Entering CyaSSL_CTX_use_PrivateKey_buffer
CyaSSL Entering GetMyVersion
CyaSSL Entering CyaSSL_CTX_load_verify_buffer
Processing CA PEM file
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
CyaSSL Entering GetAlgoId
Getting Cert Name
Getting Cert Name
CyaSSL Entering GetAlgoId
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering GetAlgoId
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
CyaSSL Entering CyaSSL_CTX_set_verify
CyaSSL Entering SSL_new
CyaSSL Leaving SSL_new, return 0

CyaSSL Entering SSL_set_fd
CyaSSL Leaving SSL_set_fd, return 1
CyaSSL Entering SSL_accept()
growing input buffer

growing input buffer

received record layer msg
CyaSSL Entering DoHandShakeMsg()
CyaSSL Entering DoHandShakeMsgType
processing client hello
CyaSSL Entering MatchSuite
CyaSSL Entering VerifySuite
Requires RSA
Verified suite validity
CyaSSL Leaving DoHandShakeMsgType(), return 0
CyaSSL Leaving DoHandShakeMsg(), return 0
accept state ACCEPT_CLIENT_HELLO_DONE
accept state HELLO_VERIFY_SENT
accept state ACCEPT_FIRST_REPLY_DONE
growing output buffer

Shrinking output buffer

accept state SERVER_HELLO_SENT
growing output buffer

Shrinking output buffer

accept state CERT_SENT
accept state KEY_EXCHANGE_SENT
growing output buffer

Shrinking output buffer

accept state CERT_REQ_SENT
growing output buffer

Shrinking output buffer

accept state SERVER_HELLO_DONE
growing input buffer

received record layer msg
CyaSSL Entering DoHandShakeMsg()
CyaSSL Entering DoHandShakeMsgType
processing certificate
Loading peer's cert chain
    Put another cert into chain
Veriying Peer's cert
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
CyaSSL Entering GetAlgoId
Getting Cert Name
Getting Cert Name
CyaSSL Entering GetAlgoId
CyaSSL Entering GetAlgoId
About to verify certificate signature
Rsa SSL verify error
Confirm signature failed
Failed to verify Peer's cert
No callback override available, fatal
CyaSSL Leaving DoHandShakeMsgType(), return -155
CyaSSL Leaving DoHandShakeMsg(), return -155
CyaSSL error occured, error = -155
CyaSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking input buffer

CyaSSL Leaving SSL_free, return 0
CyaSSL Entering SSL_new
CyaSSL Leaving SSL_new, return 0

Share

Re: Fastmath on CortexM3

Thanks for verifying that the underlying crypto is working correctly.  Are you using the certs/keys that the CTaoCrypt test application generates?  Using these may be a good starting place.  When keygen and certgen are enabled, the CTaoCrypt test app generates

<cyassl_root>/cert.pem
<cyassl_root>/cert.der
<cyassl_root>/key.pem
<cyassl_root>/key.der

The cert generated by certgen is a CA cert, which uses the <cyassl_root>/certs/client-key.pem as the key for cert.pem.  To test interoperability between fastmath and the big integer library I compiled CyaSSL with the big integer library and generated the above cert and key.  I then re-compiled CyaSSL with fastmath enabled, and started the example server like so:

./examples/server/server -k ./certs/client-key.pem -c ./cert.pem -d

The "-d" turns off client certs to simplify our testing.  I then started the example client like so:

./examples/client/client -A ./cert.pem

The client was able to verify the server certificate, also verifying that the big integer library is compatible with fastmath (on our end).  Can you try testing with the cert/key generated by our CTaoCrypt test app?

Thanks,
Chris

Re: Fastmath on CortexM3

No, I am generating my own keys&certs in x86 eviroment.

My cm3 enviroment does not have filesystem, so I cant run keygen & certgen tests (and curently I don't have enough free time to try to port them to it).

Current status:
server-CM3-bigint, certs(4096b)-x86-bigint, client-x86-bigint - everything ok
server-CM3-fastmath, certs(4096b)-x86-bigint, client-x86-bigint - fails
server-CM3-bigint, certs(4096b)-x86-bigint, client-x86-fastmath - everything ok
server-CM3-fastmath, certs(4096b)-x86-bigint, client-x86-fastmath - fails

wolfSSL embedded SSL fails to verify clients cert signature then running on cortex M3 with fastmath.

I could also try to generate keys & certs using fastmath, but I'm guessing it will also fail.

Share

Re: Fastmath on CortexM3

Hi X-log,

I see that you are using 4096-bit keys/certs, which I think may be the root cause.

One of the less portable aspects of fastmath is the need for fixed buffers to reduce dynamic memory use.  By default, these buffers allow a 2048 bit X 2048 bit multiply into a 4096 bit buffer.  Since most sites are using 2048 bit RSA keys this is fine.  But for those sites/users that have a 4096 bit RSA key the fastmath buffer size needs to be increased to 8192.  Since your certs use 4096 bit RSA keys, you'll need to increase the size by modifying the define

FP_MAX_BITS

in <cyassl_root>/cyassl/ctaocrypt/tfm.h, and setting it to 8192.

Keep in mind that this will also increase the runtime stack use since the buffers used in the public key operations are bigger.

Let me know if that helps.

Best Regards,
Chris

Re: Fastmath on CortexM3

It seems increasing FP_MAX_BITS fixed the problem.

Thanks for the help.

Share

Re: Fastmath on CortexM3

X-log,

Just for reference, FP_MAX_BITS can also be set at compile time as a define.  This will let you avoid manually changing the wolfSSL sources, and make upgrading to newer versions of wolfSSL easier.

Regards,
Chris