Topic: PIC32MZ with HW Crypto, RSA question


I have:
PIC32MZ EF Starter Kit w/Crypto Engine (P/N: DM320007-C)
XC32 v1.42

wolfSSL 3.11.0 - couldn't compile it after many tries...
wolfSSL 3.12.0 - lots of warnings about optimization levels not supported and such but it does compile and the test runs halfway through, the result is this:

WolfCrypt Test:
error    test passed!
base64   test passed!
MD5      test passed!
SHA      test passed!
SHA-256  test passed!
SHA-384  test passed!
SHA-512  test passed!
Hash     test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
HMAC-SHA384 test passed!
HMAC-SHA512 test passed!
GMAC     test passed!
DES      test passed!
DES3     test passed!
AES      test passed!
AES192   test passed!
AES256   test passed!
AES-GCM  test passed!
AES-CCM  test passed!
RANDOM   test passed!
GetLength value exceeds buffer length
GetLength value exceeds buffer length
GetLength value exceeds buffer length
wc_SignatureGetSize: Invalid RsaKey key size
RSA Signature Verify difference!
wolfSSL Using RSA OAEP padding
wolfSSL Using RSA OAEP un-padding

then some error number and it exits. Any suggestions where should i start looking? I only need SHA1 and RSA, my luck that of course it dies out at RSA....

The HW Crypto can only do the SHA, not the RSA right?


Re: PIC32MZ with HW Crypto, RSA question

Hi Csaba,

The wolfCrypt test results up to the point of failure look normal. Typically when we see a failure in RSA its because of a memory or configuration issue.

Please check the following:
1. Make sure your stack enough reserved space. For my wolfCrypt test on a PIC32MZ here I set it to 20480 bytes.
2. If you are setting the FP_MAX_BITS make sure and use the max key size times 2 (so 2048-bit RSA will require `#define FP_MAX_BITS 4096`).
3. For the wolfCrypt self test it requires certificates. Typically these come from the file system in ./certs. If NO_FILESYSTEM is defined then you'll need to set either USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024 depending on your FP_MAX_BITS.

For setting up the library to just enable SHA1 and RSA you can define `WOLFSSL_USER_SETTINGS` and the `user_settings.h`file somewhere in your include path. You can find examples for this here: … settings.h

If this doesn't help please let me know the error code from the failed wc_Rsa function and the test which is failing.

David Garske, wolfSSL