401 Reply by dgarske

(6 replies, posted in wolfCrypt)

Hi Carlos,

Try using wc_InitRsaKey(&key) and not the _ex version. If you use _ex make sure your HEAP_HINT is NULL and devId is INVALID_DEVID.

What key size are you trying to use with your RSA server certificate? Our library enables RSA 2048-bit by default and you would need to define a higher FP_MAX_BITS (key size * 2). Can send me the public self-signed server certificate that you are using?

Also make sure you have HAVE_TLS_EXTENSIONS and HAVE_SUPPORTED_CURVES defined if using ECDHE and TLS.

If you are able to make the server external that would help us be able to test against it. Feel free to reach out to us at support@wolfssl.com if you don't want any of your server information public on the forum.

You have a great holiday as well!

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

402 Reply by dgarske

(6 replies, posted in wolfCrypt)

Hi crmoratelli,

Which version of wolfSSL are you using? You can find it noted in wolfssl/version.h.

Can you try connecting to your https server using the following and send back the results?
openssl s_client -host [your host] -port [your port] -showcerts

For the wolfCrypt test I was not able to reproduce with the latest in master. But curious if changing your test so out and plain are sized as 128 and let me know your results:
byte   out[128];
byte   plain[128];

Also in the test try changing "ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId);" to use "ret = wc_InitRsaKey(&key);".

If you want to send an email to support@wolfssl.com with your https server host/port so we can test against it that would be wonderful.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

403 Reply by dgarske

(2 replies, posted in wolfCrypt)

Hi Thomas,

Please try using the "WC_SIGNATURE_TYPE_RSA_W_ENC" sig_type. This adds a DER encoded header to the hash prior to the verify. This type typically required when using RSA signatures generated from openssl.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

404 Reply by dgarske

(2 replies, posted in wolfSSL)

Hi Zine314,

It looks like the AES CCM* (star) spec adds variable length auth tags plus some encoding info. We do support the normal AES CCM block cipher, which AES CCM* is backwards compatibility with, but we do not support CCM*.

I put this on our feature request list. We do offer consulting services to help expedite features. If you would like more info on this option please email us at info@wolfssl.com.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

405 Reply by dgarske

(7 replies, posted in wolfSSL)

Hi Andrey,

Assuming you can get a server certificate with SHA384 digest and signed by a CA with a SHA384 digest and have a real HW RNG source (which you do) then you can disable SHA256. The commit that has this support is here:
https://github.com/wolfSSL/wolfssl/comm … df9e89bab0

With the way the random.c code is structured the wc_GenerateSeed function for STM32F2_RNG will not be available with CUSTOM_RAND_GENERATE_BLOCK defined. So best solution is to copy/paste the wc_GenerateSeed function at line 1414 into your own .c file and then you can do something like what you suggested. The code would look like:

/* Put this in your own .c file */
#undef RNG
#include "stm32f2xx_rng.h"
#include "stm32f2xx_rcc.h"
/*
 * wc_Generate a RNG seed using the hardware random number generator
 * on the STM32F2. Documentation located in STM32F2xx Standard Peripheral
 * Library document (See note in README).
 */
int custom_rand_generate_block(byte* output, word32 sz)
{
    int i;

    /* enable RNG clock source */
    RCC_AHB2PeriphClockCmd(RCC_AHB2Periph_RNG, ENABLE);

    /* enable RNG peripheral */
    RNG_Cmd(ENABLE);

    for (i = 0; i < sz; i++) {
        /* wait until RNG number is ready */
        while(RNG_GetFlagStatus(RNG_FLAG_DRDY)== RESET) { }

        /* get value */
        output[i] = RNG_GetRandomNumber();
    }

    return 0;
}

/* Put this into user_settings.h */
/* Bypass P-RNG and use only HW RNG */
extern int custom_rand_generate_block(unsigned char* output, unsigned int sz);
#undef  CUSTOM_RAND_GENERATE_BLOCK
#define CUSTOM_RAND_GENERATE_BLOCK  custom_rand_generate_block

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

406 Reply by dgarske

(5 replies, posted in wolfSSL)

1. It depends on your architecture and where it puts the stack region, but technically if a stack value is used and isn't cleared then it has the potential to be available later. That is why we use ForceZero on any private data after we are done with it.

2. Only the private (sensitive) information is cleared with ForceZero and that is always enabled. We don not have an option to clear all stack variables, but you could change the mp_clear to do a ForceZero and it would clear the dp section of the big integers. Also there is a GCC compiler option in the works for clearing stack. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69976

3. It depends on the math implementation used. We have a "normal" math and "fast" math (USE_FAST_MATH). The fast math uses stack and the normal math uses heap. So only the normal math uses dynamic mem (heap) for the big integer data.

Let me know if you have any other questions,
David Garske, wolfSSL

Go to forum: wolfSSL

407 Reply by dgarske

(5 replies, posted in wolfSSL)

You are welcome. Internally we are careful to free any private information using the ForceZero() function. If you find places that you think memory should be cleared please let me know. The ForceZero() function ensures that the compiler doesn't optimize out a memset on a stack variable at the end of a function.

Go to forum: wolfSSL

408 Reply by dgarske

(5 replies, posted in wolfSSL)

Hi, it sounds like you are looking for a way to clear allocated buffer with zero's on the free? If you are overriding the allocators for wolfSSL then you could do something like this:

void* my_Malloc(size_t size)
{
    void* ptr;
    ptr = malloc(size + sizeof(size_t));
    if (ptr) {
        *(size_t*)ptr = size;
        ptr += sizeof(size_t);

        memset(ptr, 0, size);
    }
    return ptr;

}
void my_Free(void *ptr)
{
    if (ptr) {
        size_t size = 0;
        ptr -= sizeof(size_t);
        size = *(size_t*)ptr;
        memset(ptr, 0, size);
        free(ptr);
    }
}

wolfSSL_SetAllocators(my_Malloc, my_Free, NULL);

This allocates some extra space at the front and stores the length in it. Let me know if that makes sense or not.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

409 Reply by dgarske

(2 replies, posted in wolfCrypt)

Hi Majkel,

You are correct that you only need the public key x and y plus the signature r and s to verify an ECC signature. Are these all in hex string format like "0102030405060708090A" or unsigned bin? How were these values generated? Typically the R and S values are encoded with a DSA DER header. The public key is typically encoded into a x963 format, which is a small header and raw x then y values.

The functions you'll want to use are wc_ecc_rs_to_sig() and wc_ecc_import_x963().

If you don't have encoded X,Y and R,S values then you can use mp_read_unsigned_bin to import the raw binary into public key such as:

ecc_key key;
wc_ecc_init(&key);
mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, &key->k, NULL, NULL);
mp_read_unsigned_bin(key->pubkey.x, x_buf, x_len);
mp_read_unsigned_bin(key->pubkey.y, y_buf, y_len);
mp_set(key->pubkey.z, 1);

// Then you'll have an ecc_key with public key

int status;
wc_ecc_verify_hash(sig, sigSz, hash, hashSz, &status, &key);


You can also use the "wc_SignatureVerify()" wrapper function. Examples for this are here:
https://github.com/dgarske/wolfssl-exam … /signature

Thanks and looking forward to your reply.
David Garske, wolfSSL

Go to forum: wolfCrypt

410 Reply by dgarske

(4 replies, posted in wolfSSL)

Hi Cxdinter,

Correct, those are the porting options. Its difficult for me to guess, which is better for you and the Poco library without a more detailed review.

For the first option you may have to implement some additional openssl compatibility API's. They have over 4000 API's and we only cover the most common ones. If you do add some and would like to contribute changes back to us that would be wonderful. We only require a signed contributor agreement, which I can send you.

We have more examples in this repo:
https://github.com/wolfSSL/wolfssl-examples

Some clean TLS examples are in this folder:
https://github.com/wolfSSL/wolfssl-exam … master/tls

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

411 Reply by dgarske

(7 replies, posted in wolfSSL)

Hi Andrey,

To clarify you would only need to do CUSTOM_RAND_GENERATE_BLOCK if you wanted to disable SHA256. Our P-RNG (pseudo random number generator) uses SHA256.

I recommend leaving SHA256 enabled and leaving your RNG settings as they are with STM32F2_RNG and wc_GenerateSeed seeding the P-RNG. You will find that most certificates use SHA256 for the digest and so you'll likely need it anyways even with a SHA384 TLS cipher suite.

Let me know if you need further clarification.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

412 Reply by dgarske

(4 replies, posted in wolfSSL)

Hi Cxdinter,

We are continually working to add new openssl compatibility API's. You'll find the ones you are missing in the pull request #618, which should make it into master shortly.

https://github.com/wolfSSL/wolfssl/pull/618

SSL_CTX_ctrl:
https://github.com/wolfSSL/wolfssl/pull … 2c5b9R5625

SSL_ctrl:
https://github.com/wolfSSL/wolfssl/pull … 2c5b9R5614

We also just added a bunch on Nov 10th in PR #617 into master:
https://github.com/wolfSSL/wolfssl/pull/617
Commit: https://github.com/wolfSSL/wolfssl/comm … 4537f5279f

Hopefully that will help with the Poco port you are working on. Let us know if there is anything else.
Your feedback has been very excellent, so thank you!

David Garske, wolfSSL

Go to forum: wolfSSL

413 Reply by dgarske

(1 replies, posted in wolfSSL)

Hi Will,

The EmbedReceiveFrom and EmbedGenerateCookie functions are for DTLS (with WOLFSSL_DTLS defined). The "struct sockaddr_storage" is a POSIX compliant data type for UDP.

If you are using DTLS and called wolfSSL_CTX_new with a wolfDTLSv1_2_client_method or wolfDTLSv1_client_method then you'll want to implement your own IO callbacks for the read/writes.

To do this define WOLFSSL_USER_IO and set the callbacks using wolfSSL_SetIORecv, wolfSSL_SetIOSend and wolfSSL_set_fd. A good example for this is here:
https://github.com/wolfSSL/wolfssl-exam … ack.c#L182

Let me know if you have any other questions or issues.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

414 Reply by dgarske

(6 replies, posted in wolfCrypt)

Hi Cxdinter,

The underlying math used for our Ed/Curve implementation is not the same and is highly optimized for that curve. That is the reason Ed/Curve 25519 is not in the ecc_sets table. However I think it would be good to have it in there optionally for those who want to keep the code size down. I'm adding it to our feature list. Thanks for the idea and your reports. Let me know if there is anything else.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

415 Reply by dgarske

(6 replies, posted in wolfCrypt)

Hi Cxdinter,

Good find. It looks like the wc_EccPrivateKeyDecode doesn't support importing a custom key and passing the OID to the "wc_ecc_import_private_key" function. I did the implementation for the custom curve ECC support, but missed this import path. I've pushed changes to support this to pull-request 631.
https://github.com/wolfSSL/wolfssl/pull/631

I tested it using the following:

ecc_key key;
byte der[4096];
byte buf[4096];
word32 idx = 0;
FILE* derFile;
size_t sz;

RNG rng;

wc_InitRng(&rng);
wc_ecc_init(&key);

if (wc_ecc_make_key_ex(&rng, 32, &key, ECC_BRAINPOOLP256R1) != 0) {
    printf("error making ecc key\n");
    return -1;
}

/* write private key */
if (wc_EccKeyToDer(&key, der, sizeof(der)) < 0) {
    printf("error in ecc to der\n");
    return -1;
}
printf("writing private key to ecc-key.der\n");
derFile = fopen("ecc-key.der", "w");
if (!derFile) {
    printf("error loading file\n");
    return -1;
}

sz = fwrite(der, 1, 4096, derFile);
fclose(derFile);
wc_ecc_free(&key);


/* open and read from der file */
printf("reading in private key\n");
derFile = fopen("ecc-key.der", "rb");
if (!derFile) {
    printf("error reading from file\n");
    return -1;
}

sz = fread(buf, 1, 4096, derFile);
fclose(derFile);

/* load private ecc key */
printf("storing private key in ecc struct\n");
wc_ecc_init(&key);
if (wc_EccPrivateKeyDecode(buf, &idx, &key, (word32)sz) != 0) {
    printf("error decoding private key\n");
    return -1;
}
wc_ecc_free(&key);

wc_FreeRng(&rng);

Please give it a try and let me know how it goes.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

416 Reply by dgarske

(4 replies, posted in wolfCrypt)

Hi Cxdinter,

I performed tests for both wc_SignatureGenerate and wc_SignatureVerify against openssl and all passed using WC_SIGNATURE_TYPE_RSA_W_ENC with WC_HASH_TYPE_SHA256.

When using the WC_SIGNATURE_TYPE_RSA_W_ENC  with wc_SignatureVerify it takes in original data being validated, hashes it, adds the DER encoding (which includes the hash OID) and compares the provided signature. This behavior is correct.


These tests were done using the code here:
https://github.com/wolfSSL/wolfssl-examples/pull/27

This was run from inside the wolfssl-examples/signature directory.

Generate a signature and compare hex output (wolfSSL vs. openssl):
./signature README.md 3 5
openssl dgst -sha256 -sign ../certs/client-key.der -keyform der -hex README.md
Result of both RSA Sign with SHA256 hex output = Matches

Sign and verify using openssl. Save sign as sign.txt.
openssl dgst -sha256 -sign ../certs/client-key.der -keyform der -out sign.txt README.md
openssl dgst -sha256 -verify ../certs/client-keyPub.der -keyform der -signature sign.txt README.md
Verified OK

Use sign.txt to verify signature using wolfSSL.
./signature README.md 3 5 sign.txt
RSA Signature Verification: Pass (0)

If you are still having the issue can you provide some examples for your openssl commands and your specific wc_SignatureVerify arguments?

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

417 Reply by dgarske

(6 replies, posted in wolfCrypt)

Hi Cxdinter,

If you define HAVE_ECC_BRAINPOOL then it will enable the Brainpool curves, however you must create the ECC key using wc_ecc_make_key_ex to tell the ECC layer you want to use that curve type:

ecc_key key;
ret = wc_ecc_init(&key);
ret = wc_ecc_make_key_ex(rng, 32, &key, ECC_BRAINPOOLP256R1);

Then you can call wc_SignatureGenerate.

The best way to add defines if not using ./configure is to globally define WOLFSSL_USER_SETTINGS (like in your CFLAGS) and add a new user_settings.h file somewhere in your include path.

There is a good user_settings.h example here:
https://github.com/wolfSSL/wolfssl/blob … settings.h

Also, if you haven't seen it there is a great signature/verify example here:
https://github.com/wolfSSL/wolfssl-exam … /signature
Although its missing the custom ECC curve example above, so I'm going to add that soon.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

418 Reply by dgarske

(4 replies, posted in wolfCrypt)

Hi Cxdinter,

Openssl adds a DER encoding on their RSA signature by default. Try using sig_type= "WC_SIGNATURE_TYPE_RSA_W_ENC".

Let me know if that helps.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

419 Reply by dgarske

(2 replies, posted in wolfCrypt)

Hi cxdinter,

Thank you so much for the report.

It looks like that scenario could happen if your call to wc_RNG_GenerateBlock did not return 0 (in wc_ecc_make_key_ex at line 2507). In that case variable "a" would be un-initialized from the stack and the call to "mp_clear" could cause a seg fault due to invalid pointer.

Will you confirm your wc_RNG_GenerateBlock return code? It should be zero indicating success.

I've pushed a fix for that here:
https://github.com/wolfSSL/wolfssl/pull/626

Let me know if that helps.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

420 Reply by dgarske

(7 replies, posted in wolfSSL)

Hi Andrey,

To enable SHA384 you must also defined "WOLFSSL_SHA512". The code for SHA384 is dependent on SHA512.

To disable SHA256 you will also have to disable the P-RNG is wolfSSL, since it requires SHA256. You are welcome to do this if you have a good hardware RNG source.

Here is an example for disabling the P-RNG:
https://github.com/wolfSSL/wolfssl/blob … ngs.h#L265
https://github.com/wolfSSL/wolfssl/blob … rget.c#L40

Additionally you will need to of course define NO_SHA256:
#define NO_SHA256

In my testing for this I located an issue in our code which assumes SHA256 is present in SendCertificateVerify. A fix for that is located here:
https://github.com/wolfSSL/wolfssl/pull/625

Thanks and please let me know if you have anymore questions.
David Garske, wolfSSL

Go to forum: wolfSSL

421 Reply by dgarske

(5 replies, posted in wolfCrypt)

Hi Jesussotofan,

All calls to wc_GenerateSeed are in wolfcrypt/src/random.c. There are multiple places where this function exists depending on the hardware platform. Those start at line 1133.

If you are defining CUSTOM_RAND_GENERATE_SEED then it will use the function used in that define. I'd also make sure you don't have NO_DEV_RANDOM defined.

The function wc_InitRng calls wc_GenerateSeed. Make sure the wolfcrypt/src/random.c is being included with the build. Make sure you have a wc_GenerateSeed function in your random.c or use the CUSTOM_RAND_GENERATE_SEED define to remap it to your own function.

Have you seen our Arduino example for wolfSSL?
https://github.com/wolfSSL/wolfssl/tree … DE/ARDUINO

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

422 Reply by dgarske

(5 replies, posted in wolfCrypt)

Hi Jesussotofan,

I did a search for Arduino RNG and came up with this good result:
https://www.arduino.cc/en/Reference/Random

To implement option #2 you need to add the following to your settings.h or user_settins.h (if WOLFSSL_USER_SETTINGS is defined).

int rand_gen_seed(byte* output, word32 sz);
#define CUSTOM_RAND_GENERATE_SEED  rand_gen_seed

Then the function can be put into any .c file in your project (wherever it makes sense to you).

The function would look like:

int rand_gen_seed(byte* output, word32 sz)
{
    int i;
    for (i = 0; i < sz; i++ ) {
        output[i] = analogRead(0);
    }

    return 0;
}

Its important to have a good random seed, so if your micro controller has an RNG peripheral you should find example code for it and use it. The above example uses analog source 0 noise to seed the P-RNG, which is from the reference to website provided above.

Our random.c file has many references to RNG hardware implementations, so check and see if your micro-controller is already listed in there. If so you can define the value needed to enable it.

Let me know if you have any other questions.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

423 Reply by dgarske

(5 replies, posted in wolfCrypt)

Hi Jesussotofan,

Your platform must not have a random number seed function defined in random.c (starting at line 1133).

Either you can:
1. Locate a reference implementation in random.c and make sure you have the right define set for your hardware platform / OS.

2. Define CUSTOM_RAND_GENERATE_SEED and use your own implementation:

int rand_gen_seed(byte* output, word32 sz);
#define CUSTOM_RAND_GENERATE_SEED  rand_gen_seed

In your example above, I also recommend:
including:
#include <wolfssl/wolfcrypt/random.h>

Using WC_RNG for the rng global:
WC_RNG rng;

Let me know if you have anymore questions,

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

424 Reply by dgarske

(2 replies, posted in wolfSSL)

Hi Eshober,

We do have a Microchip MLA example with SMTP support. Please send an email to support@wolfssl.com and we can send you a link for it.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

425 Reply by dgarske

(1 replies, posted in wolfCrypt)

Hi Hagai,

That's great you are using wolfMQTT and wolfSSL with Amazon AWS! It would be excellent to get more info on your project by emailing us at info@wolfssl.com when you get a chance.

I've seen an issue like this before and it was due to timezone differences between local time and the time in the cert. The ValidateDate function tries to offset the local time by looking for +/- at the end of the cert begin/end dates.

If you are using the FREESCALE_MQX or FREESCALE_KSDK_MQX defines the asn.c XTIME gets mapped to mqx_time which ends up calling "_time_get". The mqx_time function should be getting the number of seconds since UTC.

You might consider implementing your own XTIME function and by defining "USER_TIME" and adding a new function in your code called XTIME: time_t XTIME(time_t * timer);. Then you can offset the XTIME your timezone diff.

Thanks, David Garske, wolfSSL

Go to forum: wolfCrypt