Topic: Trouble loading EC .pem files

Currently I am using a wolfssl on a microcontroller. I got it working with RSA, but took about 15 seconds to handshake (I have no divider in my cpu). I am switching to ecc to see if it speeds things up. I generated two pem files with openssl for this and I get errors when trying to load them. My settings are:

#define FREERTOS
#define WOLFSSL_LWIP
#define NO_WOLFSSL_DIR
#define HCC_SAFEFLASH
#define NO_STDIO_FILESYSTEM
#define NO_WOLFSSL_SMALL_STACK
#define WOLFSSL_STATIC_MEMORY
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WOLFSSL_STATIC_RSA
#define WC_NO_HARDEN
#define NO_WOLFSSL_CLIENT
#define NO_RSA
#define HAVE_ECC
#define TFM_ECC256
#define NO_SHA
#define NO_OLD_TLS
#define HAVE_HKDF
#define HAVE_ECC_ENCRYPT
#define WOLFSSL_CERT_GEN
#define ECC_DECODE_EXTRA
#define HAVE_HASHDRBG
#define CUSTOM_RAND_GENERATE

My pem files look like this:
(openssl ecparam -genkey -name prime256v1 -noout -out private.pem)
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIFJ+TI+kYZ0LhNdONR0xZsnBZOmQ+tP31mAT+TAnXb8+oAoGCCqGSM49
AwEHoUQDQgAERHc9yck7wB8OCWBLBPv5V223IGhwi8uxxPKgqxKL9mOhyCGTdLw6
D3eYb9D3mzeR0Qu6YM3//lgX/pubAYNmYw==
-----END EC PRIVATE KEY-----
(openssl ec -in private.pem -pubout -out public.pem)
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERHc9yck7wB8OCWBLBPv5V223IGhw
i8uxxPKgqxKL9mOhyCGTdLw6D3eYb9D3mzeR0Qu6YM3//lgX/pubAYNmYw==
-----END PUBLIC KEY-----

The error I get is:
Couldn't find PEM header
and an error code of -162
My code to load looks like this:

   iReturn = wolfSSL_Init();
   if(iReturn != SSL_SUCCESS)
      CONSOLE_LOG("wolfSSL_Init failed, %d\n", iReturn);

   xWolfSSL_ServerContext = wolfSSL_CTX_new( wolfTLSv1_2_server_method() );
   if( xWolfSSL_ServerContext != NULL )
   {
      iReturn = wolfSSL_CTX_use_certificate_file( xWolfSSL_ServerContext, "/www/public_256_ecc.pem", SSL_FILETYPE_ASN1 );
      if(iReturn != SSL_SUCCESS)
         CONSOLE_LOG("server-cert.pem, %d\n", iReturn);

      iReturn = wolfSSL_CTX_use_PrivateKey_file( xWolfSSL_ServerContext, "/www/private_256_ecc.pem", SSL_FILETYPE_ASN1 );
      if(iReturn != SSL_SUCCESS)
         CONSOLE_LOG("server-key.pem, %d\n", iReturn);
   }
   else
      CONSOLE_LOG("xWolfSSL_ServerContext is NULL\n");

Share

Re: Trouble loading EC .pem files

Oops, I appeared to have slipped some stuff in that I was debugging. The code is actually
iReturn = wolfSSL_CTX_use_certificate_file( xWolfSSL_ServerContext, "/www/public_256_ecc.pem", SSL_FILETYPE_PEM );
      if(iReturn != SSL_SUCCESS)
         CONSOLE_LOG("server-cert.pem, %d\n", iReturn);

      iReturn = wolfSSL_CTX_use_PrivateKey_file( xWolfSSL_ServerContext, "/www/private_256_ecc.pem", SSL_FILETYPE_PEM );
      if(iReturn != SSL_SUCCESS)
         CONSOLE_LOG("server-key.pem, %d\n", iReturn);

(PEM not ASN1), which is the code producing this error.

Share

Re: Trouble loading EC .pem files

Hi @I_AM_MAD,

A typical private ECC key PEM formatted file would look like this:

ASN1 OID: prime256v1
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIPjPkmu9HijxqKuhI08ydBiIUK1+x+yS+I+XTa9WiWXHoAoGCCqGSM49
AwEHoUQDQgAEVb/0D0RQmj3Om7fwxU31cHvU7CSOGYDsWkyiJANiLJva76I1EkOE
dhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/tA==
-----END EC PRIVATE KEY-----

It looks like the ec params are missing from your PEM.

Here is an example of how we generate our test keys:

EDIT: (Apologies, I sent the wrong script snippet the other day, script updated below)

#!/bin/sh                                                  
openssl ecparam -out ecc-key.pem -name prime256v1 -genkey

Warm Regards,

K