1 (edited by khalesiakram 2022-10-18 04:10:25)

Topic: error in the handshake of tls1.3 on stm32f407

Dear Wolfssl comunity,
I have tried to run tls1.3 (wolfssl.5.4.0) on two stm32f407 as client and server. I run the WolfCryptDemo() function on both sides and choose one of them as client and the other as server.
The client sends the client hello message and the process goes on but the handshake process fails with the message "Decrypt failed" from the client side. The messages from both client and server are as follows. Would you please help to find out the problem?

P.S. I am working in single thread mode (without free RTOS).


client log:
Running TLS 1.3 client...
wolfSSL Entering TLSv1_3_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_verify
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_connect()
wolfSSL Entering wolfSSL_connect_TLSv13()
wolfSSL Entering SendTls13ClientHello
Adding signature algorithms extension
Adding supported versions extension
wolfSSL Entering EccMakeKey
wolfSSL Leaving EccMakeKey, return 0
growing output buffer
Key Share extension to write
Supported Versions extension to write
Signature Algorithms extension to write
Supported Groups extension to write
Shrinking output buffer
wolfSSL Leaving SendTls13ClientHello, return 0
connect state: CLIENT_HELLO_SENT
growing input buffer
received record layer msg
got HANDSHAKE
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing server hello
wolfSSL Entering DoTls13ServerHello
Supported Versions extension received
Key Share extension received
wolfSSL Entering EccSharedSecret
wolfSSL Leaving EccSharedSecret, return 0
Skipping Supported Versions - already processed
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoTls13ServerHello, return 0
Shrinking input buffer
Derive Early Secret
Derive Handshake Secret
Derive Client Handshake Secret
Derive Server Handshake Secret
Derive Client Key
Derive Server Key
Derive Client IV
Derive Server IV
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
connect state: HELLO_AGAIN
connect state: HELLO_AGAIN_REPLY
growing input buffer
wolfSSL Entering DecryptTls13
wolfSSL Entering SendAlert
growing output buffer
wolfSSL Entering BuildMessage
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
wolfSSL Leaving SendAlert, return 0
Decrypt failed
wolfSSL error occurred, error = -305
wolfSSL error occurred, error = -312
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -312
TLS connect error -312
wolfSSL Entering SSL_shutdown()
wolfSSL Leaving SSL_shutdown(), return -1
wolfSSL Entering SSL_free
Free'ing client ssl
Shrinking input buffer
CTX ref count not 0 yet, no free
wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
TLS 1.3 Client: Return code -1




server log:
Running TLS 1.3 server...
wolfSSL Entering TLSv1_3_server_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL Entering GetAlgoId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
wolfSSL Leaving wolfSSL_CTX_use_PrivateKey_buffer, return 1
wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
Checking cert signature type
wolfSSL Entering GetExplicitVersion
wolfSSL Entering wc_GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
Got Key
ECDSA/ED25519/ED448 cert signature
wolfSSL Leaving wolfSSL_CTX_use_certificate_buffer, return 1
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
Waiting for client
wolfSSL Entering SSL_accept_TLSv13()
growing input buffer
received record layer msg
got HANDSHAKE
wolfSSL Entering DoTls13HandShakeMsg()
wolfSSL Entering DoTls13HandShakeMsgType
processing client hello
wolfSSL Entering DoTls13ClientHello
Supported Versions extension received
Adding signature algorithms extension
Key Share extension received
Skipping Supported Versions - already processed
Signature Algorithms extension received
Supported Groups extension received
wolfSSL Entering MatchSuite
wolfSSL Entering VerifyServerSuite
wolfSSL Entering EccMakeKey
wolfSSL Leaving EccMakeKey, return 0
Verified suite validity
Derive Early Secret
wolfSSL Leaving DoTls13ClientHello, return 0
Shrinking input buffer
wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
wolfSSL Leaving DoTls13HandShakeMsg(), return 0
accept state ACCEPT_CLIENT_HELLO_DONE
accept state ACCEPT_HELLO_RETRY_REQUEST_DONE
accept state ACCEPT_FIRST_REPLY_DONE
accept state ACCEPT_SECOND_REPLY_DONE
wolfSSL Entering SendTls13ServerHello
growing output buffer
Key Share extension to write
Supported Versions extension to write
Shrinking output buffer
wolfSSL Leaving SendTls13ServerHello, return 0
accept state SERVER_HELLO_SENT
accept state ACCEPT_THIRD_REPLY_DONE
wolfSSL Entering EccSharedSecret
wolfSSL Leaving EccSharedSecret, return 0
wolfSSL Entering SendTls13EncryptedExtensions
Derive Handshake Secret
Derive Client Handshake Secret
Derive Server Handshake Secret
Derive Client Key
“*è'²Šž¥JwešL8PDerive Server Key
ã(ühè]Ý$)BÉÁûDerive Client IV
Derive Server IV
growing output buffer
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
wolfSSL Leaving SendTls13EncryptedExtensions, return 0
accept state SERVER_EXTENSIONS_SENT
accept state CERT_REQ_SENT
wolfSSL Entering SendTls13Certificate
growing output buffer
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
wolfSSL Leaving SendTls13Certificate, return 0
accept state CERT_SENT
wolfSSL Entering SendTls13CertificateVerify
growing output buffer
Trying ECC private key, RSA didn't work
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Using ECC private key
wolfSSL Entering EccSign
wolfSSL Leaving EccSign, return 0
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Shrinking output buffer
wolfSSL Leaving SendTls13CertificateVerify, return 0
accept state CERT_VERIFY_SENT
wolfSSL Entering SendTls13Finished
growing output buffer
Derive Finished Secret
Derive Finished Secret
wolfSSL Entering BuildTls13Message
wolfSSL Entering EncryptTls13
wolfSSL Leaving BuildTls13Message, return 0
Derive Master Secret
Derive Client Traffic Secret
Derive Server Traffic Secret
Derive Client Key
Derive Server Key
Derive Client IV
Derive Server IV
Shrinking output buffer
wolfSSL Leaving SendTls13Finished, return 0
accept state ACCEPT_FINISHED_SENT
accept state  TICKET_SENT

Share

Re: error in the handshake of tls1.3 on stm32f407

Hi khalesiakram,

This typically suggests a math failure with the ECC shared secret due to a misconfigured stack. I would suggest a few things:
1) Increase your stack space on each board. In bare-metal this is done via the linker script.
2) Run the wolfCrypt test and verify all algorithms operate correctly. See: https://github.com/wolfSSL/wolfssl/blob … le.c#L1846

If that doesn't help please share your build settings (user_settings.h or wolfSSL.I-CUBE-wolfSSL_conf.h).

Thanks,
David Garske, wolfSSL

Share

3 (edited by khalesiakram 2022-10-19 05:47:03)

Re: error in the handshake of tls1.3 on stm32f407

dgarske wrote:

Hi khalesiakram,

This typically suggests a math failure with the ECC shared secret due to a misconfigured stack. I would suggest a few things:
1) Increase your stack space on each board. In bare-metal this is done via the linker script.
2) Run the wolfCrypt test and verify all algorithms operate correctly. See: https://github.com/wolfSSL/wolfssl/blob … le.c#L1846

If that doesn't help please share your build settings (user_settings.h or wolfSSL.I-CUBE-wolfSSL_conf.h).

Thanks,
David Garske, wolfSSL

Dear David Garske,
Thanks for your reply.
I have increased the stack and heap sizes both to 0x15000 and 0x2000 respectively, in the startup file made by CubeMX.
I tried WolfCrypt Test and as you pointed I received "ecc_test_curve_size 32 failed" and "ran out of static memory error" even after increasing the stack and heap sizes to the above values.
The content of wolfSSL.I-CUBE-wolfSSL_conf.h file is as follows. Would you please let me know if there is any wrong configuration?
Thanks in advance!



/**
  ******************************************************************************
  * File Name          : wolfSSL.I-CUBE-wolfSSL_conf.h
  * Description        : This file provides code for the configuration
  *                      of the wolfSSL.I-CUBE-wolfSSL_conf.h instances.
  ******************************************************************************
  * @attention
  *
  * <h2><center>&copy; Copyright (c) 2022 STMicroelectronics.
  * All rights reserved.</center></h2>
  *
  * This software component is licensed by ST under Ultimate Liberty license
  * SLA0044, the "License"; You may not use this file except in compliance with
  * the License. You may obtain a copy of the License at:
  *                             www.st.com/SLA0044
  *
  ******************************************************************************
  */
/* Define to prevent recursive inclusion -------------------------------------*/
#ifndef __WOLFSSL_I_CUBE_WOLFSSL_CONF_H__
#define __WOLFSSL_I_CUBE_WOLFSSL_CONF_H__

#ifdef __cplusplus
extern "C" {
#endif

/* Includes ------------------------------------------------------------------*/

/**
    MiddleWare name : wolfSSL.I-CUBE-wolfSSL.5.4.0
    MiddleWare fileName : wolfSSL.I-CUBE-wolfSSL_conf.h
    MiddleWare version :
*/
/*---------- WOLF_CONF_DEBUG -----------*/
#define WOLF_CONF_DEBUG      1

/*---------- WOLF_CONF_WOLFCRYPT_ONLY -----------*/
#define WOLF_CONF_WOLFCRYPT_ONLY      0

/*---------- WOLF_CONF_TLS13 -----------*/
#define WOLF_CONF_TLS13      1

/*---------- WOLF_CONF_TLS12 -----------*/
#define WOLF_CONF_TLS12      0

/*---------- WOLF_CONF_DTLS -----------*/
#define WOLF_CONF_DTLS      0

/*---------- WOLF_CONF_MATH -----------*/
#define WOLF_CONF_MATH      1

/*---------- WOLF_CONF_RTOS -----------*/
#define WOLF_CONF_RTOS      1

/*---------- WOLF_CONF_RNG -----------*/
#define WOLF_CONF_RNG      1

/*---------- WOLF_CONF_RSA -----------*/
#define WOLF_CONF_RSA      1

/*---------- WOLF_CONF_ECC -----------*/
#define WOLF_CONF_ECC      1

/*---------- WOLF_CONF_DH -----------*/
#define WOLF_CONF_DH      1

/*---------- WOLF_CONF_AESGCM -----------*/
#define WOLF_CONF_AESGCM      1

/*---------- WOLF_CONF_AESCBC -----------*/
#define WOLF_CONF_AESCBC      0

/*---------- WOLF_CONF_CHAPOLY -----------*/
#define WOLF_CONF_CHAPOLY      1

/*---------- WOLF_CONF_EDCURVE25519 -----------*/
#define WOLF_CONF_EDCURVE25519      0

/*---------- WOLF_CONF_MD5 -----------*/
#define WOLF_CONF_MD5      0

/*---------- WOLF_CONF_SHA1 -----------*/
#define WOLF_CONF_SHA1      0

/*---------- WOLF_CONF_SHA2_224 -----------*/
#define WOLF_CONF_SHA2_224      0

/*---------- WOLF_CONF_SHA2_256 -----------*/
#define WOLF_CONF_SHA2_256      1

/*---------- WOLF_CONF_SHA2_384 -----------*/
#define WOLF_CONF_SHA2_384      0

/*---------- WOLF_CONF_SHA2_512 -----------*/
#define WOLF_CONF_SHA2_512      0

/*---------- WOLF_CONF_SHA3 -----------*/
#define WOLF_CONF_SHA3      0

/*---------- WOLF_CONF_PSK -----------*/
#define WOLF_CONF_PSK      0

/*---------- WOLF_CONF_PWDBASED -----------*/
#define WOLF_CONF_PWDBASED      0

/*---------- WOLF_CONF_KEEP_PEER_CERT -----------*/
#define WOLF_CONF_KEEP_PEER_CERT      0

/*---------- WOLF_CONF_BASE64_ENCODE -----------*/
#define WOLF_CONF_BASE64_ENCODE      0

/*---------- WOLF_CONF_OPENSSL_EXTRA -----------*/
#define WOLF_CONF_OPENSSL_EXTRA      0

/*---------- WOLF_CONF_TEST -----------*/
#define WOLF_CONF_TEST      1

/*---------- WOLF_CONF_PQM4 -----------*/
#define WOLF_CONF_PQM4      0

/* ------------------------------------------------------------------------- */
/* Hardware platform */
/* ------------------------------------------------------------------------- */
#define NO_STM32_HASH
#define NO_STM32_CRYPTO

#if defined(STM32WB55xx)
    #define WOLFSSL_STM32WB
    #define WOLFSSL_STM32_PKA
    #undef  NO_STM32_CRYPTO
    #define HAL_CONSOLE_UART huart1
#elif defined(STM32F407xx)
    #define WOLFSSL_STM32F4
    #define HAL_CONSOLE_UART huart2
#elif defined(STM32F437xx)
    #define WOLFSSL_STM32F4
    #undef  NO_STM32_HASH
    #undef  NO_STM32_CRYPTO
    #define STM32_HAL_V2
    #define HAL_CONSOLE_UART huart4
#elif defined(STM32F777xx)
    #define WOLFSSL_STM32F7
    #undef  NO_STM32_HASH
    #undef  NO_STM32_CRYPTO
    #define STM32_HAL_V2
    #define HAL_CONSOLE_UART huart2
    #define STM32_AESGCM_PARTIAL /* allow partial blocks and add auth info (header) */
#elif defined(STM32H753xx)
    #define WOLFSSL_STM32H7
    #undef  NO_STM32_HASH
    #undef  NO_STM32_CRYPTO
    #define HAL_CONSOLE_UART huart3
#elif defined(STM32L4A6xx)
    #define WOLFSSL_STM32L4
    #undef  NO_STM32_HASH
    #undef  NO_STM32_CRYPTO
    #define HAL_CONSOLE_UART hlpuart1
#elif defined(STM32L475xx)
    #define WOLFSSL_STM32L4
    #define HAL_CONSOLE_UART huart1
#elif defined(STM32L562xx)
    #define WOLFSSL_STM32L5
    #define WOLFSSL_STM32_PKA
    #undef  NO_STM32_HASH
    #undef  NO_STM32_CRYPTO
    #define HAL_CONSOLE_UART huart1
#elif defined(STM32L552xx)
    #define WOLFSSL_STM32L5
    #undef  NO_STM32_HASH
    #define HAL_CONSOLE_UART hlpuart1
#elif defined(STM32F207xx)
    #define WOLFSSL_STM32F2
    #define HAL_CONSOLE_UART huart3
#elif defined(STM32F217xx)
    #define WOLFSSL_STM32F2
    #define HAL_CONSOLE_UART huart2
#elif defined(STM32F107xC)
    #define WOLFSSL_STM32F1
    #define HAL_CONSOLE_UART huart4
    #define NO_STM32_RNG
#elif defined(STM32F401xE)
    #define WOLFSSL_STM32F4
    #define HAL_CONSOLE_UART huart2
    #define NO_STM32_RNG
    #define WOLFSSL_GENSEED_FORTEST
#elif defined(STM32G071xx)
    #define WOLFSSL_STM32G0
    #define HAL_CONSOLE_UART huart2
    #define NO_STM32_RNG
    #define WOLFSSL_GENSEED_FORTEST
#elif defined(STM32U575xx) || defined(STM32U585xx)
    #define HAL_CONSOLE_UART huart1
    #define WOLFSSL_STM32U5
    #define STM32_HAL_V2
    #ifdef STM32U585xx
        #undef  NO_STM32_HASH
        #undef  NO_STM32_CRYPTO
        #define WOLFSSL_STM32_PKA
    #endif
#else
    #warning Please define a hardware platform!
    /* This means there is not a pre-defined platform for your board/CPU */
    /* You need to define a CPU type, HW crypto and debug UART */
    /* CPU Type: WOLFSSL_STM32F1, WOLFSSL_STM32F2, WOLFSSL_STM32F4,
        WOLFSSL_STM32F7, WOLFSSL_STM32H7, WOLFSSL_STM32L4, WOLFSSL_STM32L5,
        WOLFSSL_STM32G0, WOLFSSL_STM32WB and WOLFSSL_STM32U5 */
    #define WOLFSSL_STM32F4

    /* Debug UART used for printf */
    /* The UART interface number varies for each board/CPU */
    /* Typically this is the UART attached to the ST-Link USB CDC UART port */
    #define HAL_CONSOLE_UART huart4

    /* Hardware Crypto - uncomment as available on hardware */
    //#define WOLFSSL_STM32_PKA
    //#define NO_STM32_RNG
    //#undef  NO_STM32_HASH
    //#undef  NO_STM32_CRYPTO
    //#define WOLFSSL_GENSEED_FORTEST /* if no HW RNG is available use test seed */
    //#define STM32_HAL_V2
#endif

/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
#define SIZEOF_LONG_LONG 8
#define WOLFSSL_GENERAL_ALIGNMENT 4
#define WOLFSSL_STM32_CUBEMX
#define WOLFSSL_STATIC_MEMORY//#define WOLFSSL_SMALL_STACK
#define WOLFSSL_USER_IO
#define WOLFSSL_NO_SOCK
#define WOLFSSL_IGNORE_FILE_WARN

/* ------------------------------------------------------------------------- */
/* Operating System */
/* ------------------------------------------------------------------------- */
#if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2
    #define FREERTOS
#else
    #define SINGLE_THREADED
#endif

/* ------------------------------------------------------------------------- */
/* Math Configuration */
/* ------------------------------------------------------------------------- */
/* 1=Fast (stack)
* 2=Normal (heap)
* 3=Single Precision C (only common curves/key sizes)
* 4=Single Precision ASM Cortex-M3+
* 5=Single Precision ASM Cortex-M0 (Generic Thumb)
* 6=Single Precision C all small
* 7=Single Precision C all big
*/
#if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH != 2
    /* fast (stack) math */
    #define USE_FAST_MATH
    #define TFM_TIMING_RESISTANT

    /* Optimizations (TFM_ARM, TFM_ASM or none) */
    //#define TFM_NO_ASM
    //#define TFM_ASM
#endif
#if defined(WOLF_CONF_MATH) && (WOLF_CONF_MATH >= 3)
    /* single precision only */
    #define WOLFSSL_SP
    #if WOLF_CONF_MATH != 7
        #define WOLFSSL_SP_SMALL      /* use smaller version of code */
    #endif
    #if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
        #define WOLFSSL_HAVE_SP_RSA
    #endif
    #if defined(WOLF_CONF_DH) && WOLF_CONF_DH == 1
        #define WOLFSSL_HAVE_SP_DH
    #endif
    #if defined(WOLF_CONF_ECC) && WOLF_CONF_ECC == 1
        #define WOLFSSL_HAVE_SP_ECC
    #endif
    #if WOLF_CONF_MATH == 6 || WOLF_CONF_MATH == 7
        #define WOLFSSL_SP_MATH    /* disable non-standard curves / key sizes */
    #endif
    #define SP_WORD_SIZE 32

    /* Enable to put all math on stack (no heap) */
    //#define WOLFSSL_SP_NO_MALLOC
    /* Enable for SP cache resistance (not usually enabled for embedded micros) */
    //#define WOLFSSL_SP_CACHE_RESISTANT

    #if WOLF_CONF_MATH == 4 || WOLF_CONF_MATH == 5
        #define WOLFSSL_SP_ASM /* required if using the ASM versions */
        #if WOLF_CONF_MATH == 4
            /* ARM Cortex-M3+ */
            #define WOLFSSL_SP_ARM_CORTEX_M_ASM
        #endif
        #if WOLF_CONF_MATH == 5
            /* Generic ARM Thumb (Cortex-M0) Assembly */
            #define WOLFSSL_SP_ARM_THUMB_ASM
        #endif
    #endif
#endif

/* ------------------------------------------------------------------------- */
/* Enable Features */
/* ------------------------------------------------------------------------- */
/* Required for TLS */
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_ENCRYPT_THEN_MAC
#define HAVE_EXTENDED_MASTER

#if defined(WOLF_CONF_TLS13) && WOLF_CONF_TLS13 == 1
    #define WOLFSSL_TLS13
    #define HAVE_HKDF
#endif
#if defined(WOLF_CONF_DTLS) && WOLF_CONF_DTLS == 1
    #define WOLFSSL_DTLS
#endif
#if defined(WOLF_CONF_PSK) && WOLF_CONF_PSK == 0
    #define NO_PSK
#endif
#if defined(WOLF_CONF_PWDBASED) && WOLF_CONF_PWDBASED == 0
    #define NO_PWDBASED
#endif
#if defined(WOLF_CONF_KEEP_PEER_CERT) && WOLF_CONF_KEEP_PEER_CERT == 1
    #define KEEP_PEER_CERT
#endif
#if defined(WOLF_CONF_BASE64_ENCODE) && WOLF_CONF_BASE64_ENCODE == 1
    #define WOLFSSL_BASE64_ENCODE
#endif
#if defined(WOLF_CONF_OPENSSL_EXTRA) && WOLF_CONF_OPENSSL_EXTRA >= 1
    #define OPENSSL_EXTRA
    #if !defined(INT_MAX)
        #include <limits.h>
    #endif
#endif
#if defined(WOLF_CONF_OPENSSL_EXTRA) && WOLF_CONF_OPENSSL_EXTRA >= 2
    #define OPENSSL_ALL
#endif

/* TLS Session Cache */
#if 0
    #define SMALL_SESSION_CACHE
#else
    #define NO_SESSION_CACHE
#endif

/* Post Quantum
* Note: PQM4 is compatible with STM32. The project can be found at:
* https://github.com/mupq/pqm4
*/
#if defined(WOLF_CONF_PQM4) && WOLF_CONF_PQM4 == 1
    #define HAVE_PQM4
#endif

/* ------------------------------------------------------------------------- */
/* Crypto */
/* ------------------------------------------------------------------------- */
/* RSA */
#undef NO_RSA
#if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
    #ifdef USE_FAST_MATH
        /* Maximum math bits (Max RSA key bits * 2) */
        #undef  FP_MAX_BITS
        #define FP_MAX_BITS     4096
    #endif

    /* half as much memory but twice as slow */
    #undef  RSA_LOW_MEM
    //#define RSA_LOW_MEM

    /* Enables blinding mode, to prevent timing attacks */
    #undef  WC_RSA_BLINDING
    #define WC_RSA_BLINDING

    /* RSA PSS Support (required for TLS v1.3) */
    #ifdef WOLFSSL_TLS13
        #define WC_RSA_PSS
    #endif
#else
    #define NO_RSA
#endif

/* ECC */
#undef HAVE_ECC
#if defined(WOLF_CONF_ECC) && WOLF_CONF_ECC == 1
    #define HAVE_ECC

    /* Manually define enabled curves */
    #define ECC_USER_CURVES

    //#define HAVE_ECC192
    //#define HAVE_ECC224
    #undef NO_ECC256
    //#define HAVE_ECC384
    //#define HAVE_ECC521

    /* Fixed point cache (speeds repeated operations against same private key) */
    #undef  FP_ECC
    //#define FP_ECC
    #ifdef FP_ECC
        /* Bits / Entries */
        #undef  FP_ENTRIES
        #define FP_ENTRIES  2
        #undef  FP_LUT
        #define FP_LUT      4
    #endif

    /* Optional ECC calculation method */
    /* Note: doubles heap usage, but slightly faster */
    #undef  ECC_SHAMIR
    #define ECC_SHAMIR

    /* Reduces heap usage, but slower */
    #define ECC_TIMING_RESISTANT

    /* Compressed ECC key support */
    //#define HAVE_COMP_KEY

    #ifdef USE_FAST_MATH
        #ifdef NO_RSA
            /* Custom fastmath size if not using RSA */
            /* MAX = ROUND32(ECC BITS) * 2 */
            #define FP_MAX_BITS     (256 * 2)
        #else
            #define ALT_ECC_SIZE
        #endif

        /* Enable TFM optimizations for ECC */
        //#define TFM_ECC192
        //#define TFM_ECC224
        //#define TFM_ECC256
        //#define TFM_ECC384
        //#define TFM_ECC521
    #endif
#endif

/* DH */
#undef NO_DH
#if defined(WOLF_CONF_DH) && WOLF_CONF_DH == 1
    #define HAVE_DH /* freeRTOS settings.h requires this */
    #define HAVE_FFDHE_2048
    #define HAVE_DH_DEFAULT_PARAMS
#else
    #define NO_DH
#endif

/* AES */
#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1
    #define HAVE_AESGCM
    /* GCM Method: GCM_SMALL, GCM_WORD32, GCM_TABLE or GCM_TABLE_4BIT */
    /* GCM_TABLE is about 4K larger and 3x faster for GHASH */
    #define GCM_SMALL
    #define HAVE_AES_DECRYPT
#endif

#if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1
    #define HAVE_AES_CBC
    #define HAVE_AES_DECRYPT
#endif

/* Other possible AES modes */
//#define WOLFSSL_AES_COUNTER
//#define HAVE_AESCCM
//#define WOLFSSL_AES_XTS
//#define WOLFSSL_AES_DIRECT
//#define HAVE_AES_ECB
//#define HAVE_AES_KEYWRAP
//#define AES_MAX_KEY_SIZE 256

/* ChaCha20 / Poly1305 */
#undef HAVE_CHACHA
#undef HAVE_POLY1305
#if defined(WOLF_CONF_CHAPOLY) && WOLF_CONF_CHAPOLY == 1
    #define HAVE_CHACHA
    #define HAVE_POLY1305

    /* Needed for Poly1305 */
    #undef  HAVE_ONE_TIME_AUTH
    #define HAVE_ONE_TIME_AUTH
#endif

/* Ed25519 / Curve25519 */
#undef HAVE_CURVE25519
#undef HAVE_ED25519
#if defined(WOLF_CONF_EDCURVE25519) && WOLF_CONF_EDCURVE25519 == 1
    #define HAVE_CURVE25519
    #define HAVE_ED25519

    /* Optionally use small math (less flash usage, but much slower) */
    #define CURVED25519_SMALL
#endif

/* ------------------------------------------------------------------------- */
/* Hashing */
/* ------------------------------------------------------------------------- */
/* Sha1 */
#undef NO_SHA
#if defined(WOLF_CONF_SHA1) && WOLF_CONF_SHA1 == 1
    /* 1k smaller, but 25% slower */
    //#define USE_SLOW_SHA
#else
    #define NO_SHA
#endif

/* Sha2-256 */
#undef NO_SHA256
#if defined(WOLF_CONF_SHA2_256) && WOLF_CONF_SHA2_256 == 1
    /* not unrolled - ~2k smaller and ~25% slower */
    //#define USE_SLOW_SHA256

    //#define WOLFSSL_SHAKE256

    /* Sha2-224 */
    #if defined(WOLF_CONF_SHA2_224) && WOLF_CONF_SHA2_224 == 1
        #define WOLFSSL_SHA224
    #endif
#else
    #define NO_SHA256
#endif

/* Sha2-512 */
#undef WOLFSSL_SHA512
#if defined(WOLF_CONF_SHA2_512) && WOLF_CONF_SHA2_512 == 1
    /* over twice as small, but 50% slower */
    //#define USE_SLOW_SHA512

    #define WOLFSSL_SHA512
    #define HAVE_SHA512 /* freeRTOS settings.h requires this */
#endif

/* Sha2-384 */
#undef WOLFSSL_SHA384
#if defined(WOLF_CONF_SHA2_384) && WOLF_CONF_SHA2_384 == 1
    #define WOLFSSL_SHA384
#endif

/* Sha3 */
#undef WOLFSSL_SHA3
#if defined(WOLF_CONF_SHA3) && WOLF_CONF_SHA3 == 1
    #define WOLFSSL_SHA3
#endif

/* MD5 */
#if defined(WOLF_CONF_MD5) && WOLF_CONF_MD5 == 1
    /* enabled */
#else
    #define NO_MD5
#endif

/* ------------------------------------------------------------------------- */
/* Benchmark / Test */
/* ------------------------------------------------------------------------- */
/* Use reduced benchmark / test sizes */
#define BENCH_EMBEDDED
#define USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_256

/* ------------------------------------------------------------------------- */
/* Debugging */
/* ------------------------------------------------------------------------- */
#if defined(WOLF_CONF_DEBUG) && WOLF_CONF_DEBUG == 1
    #define DEBUG_WOLFSSL

    /* Use this to measure / print heap usage */
    #if 0
        #define USE_WOLFSSL_MEMORY
        #define WOLFSSL_TRACK_MEMORY
            #define WOLFSSL_DEBUG_MEMORY
            #define WOLFSSL_DEBUG_MEMORY_PRINT
    #endif
#else
    //#define NO_WOLFSSL_MEMORY
    //#define NO_ERROR_STRINGS
#endif

/* ------------------------------------------------------------------------- */
/* Port */
/* ------------------------------------------------------------------------- */

/* Override Current Time */
/* Allows custom "custom_time()" function to be used for benchmark */
#define WOLFSSL_USER_CURRTIME

/* ------------------------------------------------------------------------- */
/* RNG */
/* ------------------------------------------------------------------------- */
#define NO_OLD_RNGNAME /* conflicts with STM RNG macro */
#if !defined(WOLF_CONF_RNG) || WOLF_CONF_RNG == 1
    /* default is enabled */
    #define HAVE_HASHDRBG
#else /* WOLF_CONF_RNG == 0 */
    #define WC_NO_HASHDRBG
    #define WC_NO_RNG
#endif

/* ------------------------------------------------------------------------- */
/* Disable Features */
/* ------------------------------------------------------------------------- */
#if defined(WOLF_CONF_TLS12) && WOLF_CONF_TLS12 == 0
    #define WOLFSSL_NO_TLS12
#endif
#if defined(WOLF_CONF_WOLFCRYPT_ONLY) && WOLF_CONF_WOLFCRYPT_ONLY == 1
    #define WOLFCRYPT_ONLY
#endif
//#define NO_WOLFSSL_SERVER
//#define NO_WOLFSSL_CLIENT

#if defined(WOLF_CONF_TEST) && WOLF_CONF_TEST == 0
    #define NO_CRYPT_TEST
    #define NO_CRYPT_BENCHMARK
#endif

#define NO_FILESYSTEM
#define NO_WRITEV
#define NO_MAIN_DRIVER
#define NO_DEV_RANDOM
#define NO_OLD_TLS
#define WOLFSSL_NO_CLIENT_AUTH /* disable client auth for Ed25519/Ed448 */

#define NO_DSA
#define NO_RC4
#define NO_MD4
#define NO_DES3

/* In-lining of misc.c functions */
/* If defined, must include wolfcrypt/src/misc.c in build */
/* Slower, but about 1k smaller */
//#define NO_INLINE

/* Base16 / Base64 encoding */
//#define NO_CODING

/* bypass certificate date checking, due to lack of properly configured RTC source */
#ifndef HAL_RTC_MODULE_ENABLED
    #define NO_ASN_TIME
#endif

#ifdef __cplusplus
}
#endif
#endif /* WOLFSSL_I_CUBE_WOLFSSL_CONF_H_H */

/**
  * @}
  */

/*****END OF FILE****/

Share

Re: error in the handshake of tls1.3 on stm32f407

Hi khalesiakram,

Your issue is the static memory feature `WOLFSSL_STATIC_MEMORY`. This is an advanced feature that replaces the XMALLOC heap calls with a static pool. This requires additional configuration to support properly.


See documentation for this feature here:
https://docs.google.com/document/d/1nST … sp=sharing

Example for setting it up with TLS here:
https://github.com/wolfSSL/wolfssl/blob … nt.c#L2053

Code example:

byte memory[80000];
byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
WOLFSSL_HEAP_HINT *heap = NULL;

if (wc_LoadStaticMemory(&heap, memory, sizeof(memory), WOLFMEM_GENERAL, 1)
        != 0) {
    err_sys("unable to load static memory");
}

ctx = wolfSSL_CTX_new_ex(method(heap), heap);
if (ctx == NULL)
    err_sys("unable to get ctx");

    if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
        WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) != WOLFSSL_SUCCESS) {
    err_sys("unable to load static memory");
}

You can configure the memory buckets using something like this:

#define WOLFSSL_STATIC_MEMORY
#define WOLFMEM_BUCKETS 64,256,384,432,512,1632,3456,16128
#define WOLFMEM_DIST 12,6,5,3,4,2,1,1
#define LARGEST_MEM_BUCKET 16128

Thanks,
David Garske, wolfSSL

Share

Re: error in the handshake of tls1.3 on stm32f407

dgarske wrote:

Hi khalesiakram,

Your issue is the static memory feature `WOLFSSL_STATIC_MEMORY`. This is an advanced feature that replaces the XMALLOC heap calls with a static pool. This requires additional configuration to support properly.


See documentation for this feature here:
https://docs.google.com/document/d/1nST … sp=sharing

Example for setting it up with TLS here:
https://github.com/wolfSSL/wolfssl/blob … nt.c#L2053

Code example:

byte memory[80000];
byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
WOLFSSL_HEAP_HINT *heap = NULL;

if (wc_LoadStaticMemory(&heap, memory, sizeof(memory), WOLFMEM_GENERAL, 1)
        != 0) {
    err_sys("unable to load static memory");
}

ctx = wolfSSL_CTX_new_ex(method(heap), heap);
if (ctx == NULL)
    err_sys("unable to get ctx");

    if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
        WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) != WOLFSSL_SUCCESS) {
    err_sys("unable to load static memory");
}

You can configure the memory buckets using something like this:

#define WOLFSSL_STATIC_MEMORY
#define WOLFMEM_BUCKETS 64,256,384,432,512,1632,3456,16128
#define WOLFMEM_DIST 12,6,5,3,4,2,1,1
#define LARGEST_MEM_BUCKET 16128

Thanks,
David Garske, wolfSSL


Dear David Garske,
Thanks for the reply. I will check the document you pointed. However, as a shortcut, can I just add your example code in the files of my project to solve this problem? If yes, would you please tell me where should I add them?
Regards,
Akram Khalesi

Share

Re: error in the handshake of tls1.3 on stm32f407

Hi Akram,

My recommendation would be to get it working without static memory and use traditional heap first. Get that working then try using static memory. You are welcome to use my code snippets. You would inject that where you create the WOLFSSL_CTX with wolfSSL_CTX_new.

Let me know how it goes.

Thanks,
David Garske, wolfSSL

Share

Re: error in the handshake of tls1.3 on stm32f407

dgarske wrote:

Hi Akram,

My recommendation would be to get it working without static memory and use traditional heap first. Get that working then try using static memory. You are welcome to use my code snippets. You would inject that where you create the WOLFSSL_CTX with wolfSSL_CTX_new.

Let me know how it goes.

Thanks,
David Garske, wolfSSL


Hi David,
Thanks for your reply. Now I have removed "#define WOLFSSL_SMALL_STACK" from my code. Now I have Stack Size = 0x20000 and Heap Size = 0xA000. I executed the wolfcrypt Test and I think all the modules works properly (specifically ECC). However the handshanke process ends with Decrypt failed error as before.
1- Should I define WOLFSSL_SMALL_STACK in the conf file or not?
2- Is it important which Math Configuration I took or not? If yes, which one is the best choice?

Thanks in advance,
Akram Khalesi

Share

Re: error in the handshake of tls1.3 on stm32f407

dgarske wrote:

Hi Akram,

My recommendation would be to get it working without static memory and use traditional heap first. Get that working then try using static memory. You are welcome to use my code snippets. You would inject that where you create the WOLFSSL_CTX with wolfSSL_CTX_new.

Let me know how it goes.

Thanks,
David Garske, wolfSSL

After lots of efforts, I have noticed that the nonce used by client to decrypt server's certificate message differs in the last byte's lsb, with the nonce used by the server to encrypt it.
Acyually I have defined WOLFSSL_DEBUG_TLS as well as WOLF_CONF_DEBUG to see more details about the handshake process. As an example, I get the
server nonce: 0xdc 1f 5b 71 8b f1 f7 df 0d 91 d7 c1
client nonce:  0xdc 1f 5b 71 8b f1 f7 df 0d 91 d7 c0
which differs in the lsb of the last byte.
This way, the decrypted data by client differs with the plain data containing the certificate. I have modified the "BuildTls13Nonce()" function in the client side and xored the last byte with 0x01 and got equal nonce as well as equal decrypted and plain data by clien and server, respectively. The handshake process goes on a bit further and got stock again, I suppose due to my inappropriate edition.
Do you have any idea/suggestion about this observations?

Share