76 Reply by dgarske

(6 replies, posted in wolfCrypt)

Hi Shammon,

Each asymmetric algorithm has different total memory requirements. We have several build options for altering where this memory comes from. For example you can put on heap, stack or static memory.

By default the memory comes mostly from the stack. If you'd prefer to use the heap then I would should consider updating to the latest wolfSSL in GitHub and using the `WOLFSSL_SP_SMALL_STACK` option, which is new. Or you could just try `WOLFSSL_SMALL_STACK` with your current release.

The RSA/DH algorithms have a much lager key size and generally use more memory. The ECC (ECDHE/ECDSA) and ED25519 algorithms use much less memory and can also be used with TLS v1.2 and v1.3.

Perhaps you can tell me more about your configuration such as RTOS/bare-metal, available heap/stack and TLS requirements?

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

77 Reply by dgarske

(6 replies, posted in wolfCrypt)

Hi Shammon,

I still suspect you are running out of memory because DH uses a large amount from the stack. Have you considered using ECDHE?

You might also consider trying a different math library option. We have several (see https://github.com/wolfSSL/wolfssl/blob … .ftl#L202)

I recommend you try with a small math implementation like `3=Single Precision C (only common curves/key sizes)`.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

78 Reply by dgarske

(6 replies, posted in wolfCrypt)

Hi Shammon,

This sounds like a stack issue. Please try increasing your stack memory for the thread or adjust in the linker script if using bare-metal. What size DH key are you trying to generate? Have you tried running the wolfCrypt tests first? Make sure you have the right DH parameters enabled via `HAVE_FFDHE_2048`, `HAVE_FFDHE_3072`, `HAVE_FFDHE_4096`, etc.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

79 Reply by dgarske

(2 replies, posted in wolfTPM)

Hi Geoff,

It is great to hear from you. This is a very interesting use-case.

For the TLS use case we have lots of examples for this in wolfTPM:
https://github.com/wolfSSL/wolfTPM/tree … s-examples
https://github.com/wolfSSL/wolfTPM/tree … amples/tls

In wolfSSL we support consuming a PKCS11 interface. We also have a wolfPKCS11 provider that uses wolfCrypt on the backend. It would be possible to take our wolfPKCS11 and use a TPM under it. We've discussed doing this, but is a decent effort. https://github.com/wolfSSL/wolfpkcs11

Let's have a call with Rich and I to discuss.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

80 Reply by dgarske

(4 replies, posted in wolfTPM)

Hi Luizg473,

I think your issue is not using `wolfTPM2_Init` and `wolfTPM2_Cleanup`. Have you tried that?

wolfTPM should have the WinAPI option enabled by default for windows: https://github.com/wolfSSL/wolfTPM/blob … ts.txt#L86

You can use `WOLFTPM_INTERFACE=WINAPI` to force it.

The build settings for wolfTPM come from here: https://github.com/microsoft/vcpkg/blob … file.cmake

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

81 Reply by dgarske

(4 replies, posted in wolfTPM)

Hi luizg473,

Are you building with `--enable-winapi` or setting `#define WOLFTPM_WINAPI`? This will enable using the Window TBS layer for communicating with the TPM. If you are building with winapi then the TPM2_Init IO callback can be NULL. Also you should use wolfTPM2_Init if you are using wrapper API's.

Let me know if that doesn't work.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

82 Reply by dgarske

(3 replies, posted in wolfSSL)

Hi Yusheng,

Here is an example for how I've built wolfSSL for QNX in the past:

./configure --host=aarch64 CC="aarch64-unknown-nto-qnx7.0.0-gcc" AR="aarch64-unknown-nto-qnx7.0.0-ar" RANLIB="aarch64-unknown-nto-qnx7.0.0-ranlib" --disable-examples CFLAGS="-DWOLFSSL_HAVE_MIN -DWOLFSSL_HAVE_MAX -DFP_MAX_BITS=8192"

You might consider adding `--disable-shared` so it is built statically. Then you can copy wolfcrypt/benchmark/benchmark to the target and run it.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

83 Reply by dgarske

(1 replies, posted in wolfSSL)

Hi Anika,

You can create a pull request in GitHub here: https://github.com/wolfSSL/wolfssl .
Then send an email to support@wolfssl.com requesting a contributor agreement to sign and return.
The pull request will be peer reviewed for coding standards and should also contain unit tests for any new code added.

Looking forward to seeing your changes, they sound useful.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

84 Reply by dgarske

(9 replies, posted in wolfSSL)

Hi MO380,

This means you have WOLFSSL_USER_IO defined, which requires setting your own TLS send/recv callbacks. If you remove WOLFSSL_USER_IO then it will attempt to use our default socket implementations in src/wolfio.c. These support POSIX and LWIP for example.

You can find examples for using the IO callbacks here:
https://github.com/wolfSSL/wolfssl-exam … aster/lwip

You can see our user manual section here:
https://www.wolfssl.com/documentation/m … sl_user_io

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

85 Reply by dgarske

(1 replies, posted in wolfCrypt)

Hi Alex,

What ECC curve(s) are you trying to use? I assume NIST Prime 256-bit (SECP256R1)?

Please try with our single precision math and assembly options. This should make a greater than 10x improvement.

#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#define WOLFSSL_SP_SMALL      /* use smaller version of code */

These are documented here:
https://www.wolfssl.com/documentation/m … th-support

We have a good section that covers our math options here:
https://www.wolfssl.com/documentation/m … th-options

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

86 Reply by dgarske

(1 replies, posted in wolfSSL)

Hi Sushanth,

Thanks for your interest in using wolfSSL and TLS v1.3 on the STM32 targets.

* STM32F407VGT6 Cortex-M4, 1-Mbyte Flash and 192 KB RAM
* STM32G431xB Cortex-M4, 170 MHz, 128-KB Flash and 22 KB RAM

Roughly a TLS v1.3 only client session takes about 70KB flash and 20 KB RAM. These are rough estimations and I recommend you try for yourself.

Our STM32Cube pack makes it easy to evaluate in the STM32CubeIDE. See https://github.com/wolfSSL/wolfssl/tree … /STM32Cube

We have some TLS v1.3 only examples here:
https://github.com/wolfSSL/wolfssl-exam … nt-tls13.c

For building with reduced code size and memory usage see this section of the user manual:
https://www.wolfssl.com/documentation/m … code-usage
https://github.com/wolfSSL/wolfssl/blob … e.ac#L1735

I recommend using an ECC only build (disable RSA/DH), since it uses much less memory.

Looking forward to hearing your progress. If you can send a note to support@wolfssl.com and tell us more about your project that would be wonderful.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

87 Reply by dgarske

(4 replies, posted in wolfCrypt)

Hi Alex,

Have you reviewed the BTLS example that uses ECIES here?
https://github.com/wolfSSL/wolfssl-exam … btle/ecies

The public key provided there is X.963 format, which is a small ASN.1 header and public X/Y (same format TLS uses). The public key is used to derive the shared secret used for encryption. It should be the public key provided by the peer.

Note: We have several ECIES modes. Perhaps you might consider one of these?
* yes = SEC1 standard (default)
* geniv = Generate IV (WOLFSSL_ECIES_GEN_IV)
* iso18033 = ISO 18033 standard (WOLFSSL_ECIES_ISO18033)
* old = original wolfSSL algorithm (WOLFSSL_ECIES_OLD)

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

88 Reply by dgarske

(7 replies, posted in wolfSSL)

Hi Akram,

My recommendation would be to get it working without static memory and use traditional heap first. Get that working then try using static memory. You are welcome to use my code snippets. You would inject that where you create the WOLFSSL_CTX with wolfSSL_CTX_new.

Let me know how it goes.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

89 Reply by dgarske

(7 replies, posted in wolfSSL)

Hi khalesiakram,

Your issue is the static memory feature `WOLFSSL_STATIC_MEMORY`. This is an advanced feature that replaces the XMALLOC heap calls with a static pool. This requires additional configuration to support properly.


See documentation for this feature here:
https://docs.google.com/document/d/1nST … sp=sharing

Example for setting it up with TLS here:
https://github.com/wolfSSL/wolfssl/blob … nt.c#L2053

Code example:

byte memory[80000];
byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
WOLFSSL_HEAP_HINT *heap = NULL;

if (wc_LoadStaticMemory(&heap, memory, sizeof(memory), WOLFMEM_GENERAL, 1)
        != 0) {
    err_sys("unable to load static memory");
}

ctx = wolfSSL_CTX_new_ex(method(heap), heap);
if (ctx == NULL)
    err_sys("unable to get ctx");

    if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
        WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) != WOLFSSL_SUCCESS) {
    err_sys("unable to load static memory");
}

You can configure the memory buckets using something like this:

#define WOLFSSL_STATIC_MEMORY
#define WOLFMEM_BUCKETS 64,256,384,432,512,1632,3456,16128
#define WOLFMEM_DIST 12,6,5,3,4,2,1,1
#define LARGEST_MEM_BUCKET 16128

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

90 Reply by dgarske

(7 replies, posted in wolfSSL)

Hi khalesiakram,

This typically suggests a math failure with the ECC shared secret due to a misconfigured stack. I would suggest a few things:
1) Increase your stack space on each board. In bare-metal this is done via the linker script.
2) Run the wolfCrypt test and verify all algorithms operate correctly. See: https://github.com/wolfSSL/wolfssl/blob … le.c#L1846

If that doesn't help please share your build settings (user_settings.h or wolfSSL.I-CUBE-wolfSSL_conf.h).

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

91 Reply by dgarske

(11 replies, posted in wolfSSL)

Hi Alex,

That comment is not very clear and I am sorry. It is referring to authentication specifically which is not handled in ECIES. The idea to hash the peers public key, sign it and send back is just an example for how to implement authentication. The important thing is to sign with a long term key, not the ephemeral key.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

92 Reply by dgarske

(11 replies, posted in wolfSSL)

Hi Alex,

This does not sound right. When you create an ECC key it generates a public and private key pair. The public portion is sent across (in the clear is fine).

The ECIES scheme itself establishes a secure channel by generating ECC keys (ephemeral / one time use), exchanging public keys and deriving a shared secret. The shared secret is then used to derive a symmetric key used for the cipher (like AES-GCM or ChaCha20/Poly1305).

If you want to authenticate in your application then on first connection you create an ECC key used for long term and provide that public key and some nonce for the peer to sign. The nonce can be random data or even a hash of the messages exchanged so far. For this to work on-going each peer should store the public key used to identify the peer as trusted. And for every connection the peer must sign something new to prove it has the private key associated with the public key.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

93 Reply by dgarske

(11 replies, posted in wolfSSL)

Hi Alex,

If the peer generates something "random" and asks the peer to "sign" it then you know the peer has the private key. TLS does something similar by signing the digest of the handshake messages received.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

94 Reply by dgarske

(11 replies, posted in wolfSSL)

Hi Alex,

Yes that would work fine and is known as public key authentication. Just make sure you use a different key for authentication. Typically that key is generated one time and use for all future authentications. Each side would present something to sign to prove having the private key. ECC is a very good algorithm for this.

The X.509 just adds the ability to have a chain of trust, however the overhead for certificates is quite large.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

95 Reply by dgarske

(11 replies, posted in wolfSSL)

Hi Alex,

Thanks for your interest in our BTLE security.

ECIES typically does authentication after establishing a secure connection. For example in your application code you could require the peers to each present their signed certificates before allowing anything else.

If you want to use certificates you might consider just using TLS v1.3. See: https://github.com/wolfSSL/wolfssl-exam … r/btle/tls

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

96 Reply by dgarske

(5 replies, posted in wolfSSL)

FYI: As a followup we did add DTLS SRTP support via https://github.com/wolfSSL/wolfssl/pull/4755 in wolfSSL v5.2.0 on Jan 20, 2022

Go to forum: wolfSSL

97 Reply by dgarske

(4 replies, posted in wolfSSL)

Hi Lili,

I believe you are trying to printf the IO buffers, which are binary (not ASCII), so printf will not work. Where did you place the printf? Perhaps you can share the code you are using?

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

98 Reply by dgarske

(4 replies, posted in wolfSSL)

Hi lili,

See out wolfssl/test.h example for the PSK values:

/* identity is OpenSSL testing default for openssl s_client, keep same */
static const char* kIdentityStr = "Client_identity";

static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
        char* identity, unsigned int id_max_len, unsigned char* key,
        unsigned int key_max_len)
{
    (void)ssl;
    (void)hint;
    (void)key_max_len;

    /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
    XSTRNCPY(identity, kIdentityStr, id_max_len);

    if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
        /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
           unsigned binary */
        key[0] = 0x1a;
        key[1] = 0x2b;
        key[2] = 0x3c;
        key[3] = 0x4d;

        return 4;   /* length of key in octets or 0 for error */
    }
    else {
        int i;
        int b = 0x01;

        for (i = 0; i < 32; i++, b += 0x22) {
            if (b >= 0x100)
                b = 0x01;
            key[i] = b;
        }

        return 32;   /* length of key in octets or 0 for error */
    }
}

These values need to be agree'd upon by both the server and client. You should use your own key.

I would also recommend setting your cipher suite list to just the PSK ones so the peer is forced to use PSK.

wolfSSL_CTX_set_cipher_list(ctx, "DHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA256");

The send size of 121 is a client_hello. As the client it starts the connection and sends the "client_hello" then it will try and read 5 bytes (the TLS header) then the remainder.

We have some good PSK and IO callback examples here:
https://github.com/wolfSSL/wolfssl-exam … callback.c
https://github.com/wolfSSL/wolfssl-exam … master/psk

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

99 Reply by dgarske

(2 replies, posted in wolfTPM)

Hi Sam,

I've put up the changes into PR: https://github.com/wolfSSL/wolfTPM/pull/231

The issue you reported is specific to the way you are building for 32-bit and not properly having word64 setup properly. The solution I provided simply makes use of the GCC builtin swap functions and avoids the 32 bit shifting.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

100 Reply by dgarske

(10 replies, posted in wolfCrypt)

Hi stroebeljc,

Thank you for sharing the example. The best examples are here:
https://github.com/wolfSSL/wolfssl-exam … er/certgen

I don't see an example for setting DirName, so I am having another engineer research this.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt