151 Reply by dgarske

(3 replies, posted in wolfCrypt)

Hi Keeperp,

At first I ran this test on my STM32WB55 and it worked, but realized you were using math = 1 (fast math) and I was using SP math.

#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/hash.h>
void custom_test(void)
{
    void* _wcHeapHint = NULL;
    int wc_ret;
    ecc_key key;
    uint32_t keysize = wc_ecc_get_curve_size_from_id(ECC_SECP256R1);
    WC_RNG rng;
    byte test[] = "sunny days!", sig[72];
    memset(sig, 0, sizeof(sig));
    uint32_t sigLen = sizeof(sig);
    uint8_t hash[WC_SHA256_DIGEST_SIZE];
    memset(hash, 0, sizeof(hash));
    uint32_t hash_len = WC_SHA256_DIGEST_SIZE;
    int32_t isVerified = 0;
    //HAL_PKA_Init(&hpka);
    wc_ret =  wc_InitRng_ex(&rng, _wcHeapHint, INVALID_DEVID);
    wc_ret |= wc_ecc_init_ex(&key, _wcHeapHint, INVALID_DEVID);
    wc_ret |= wc_ecc_make_key_ex(&rng, keysize, &key, ECC_SECP256R1);
    printf("Make Key %d\n", wc_ret);

    // Produce a hash of the input data
    wc_ret = wc_Hash(WC_HASH_TYPE_SHA256, test, sizeof(test), hash, hash_len);
    printf("HASH %d\n", wc_ret);
    wc_ret = wc_ecc_sign_hash(hash, hash_len, sig, (word32*)&sigLen, &rng, &key);
    printf("SIGN %d\n", wc_ret);
    wc_ret = wc_ecc_verify_hash(sig, sigLen, hash, hash_len, (int*)&isVerified, &key);
    printf("VERIFY %d, %d\n", wc_ret, isVerified);
}

Results:

Make Key 0
HASH 0
SIGN 0
VERIFY 0, 1

I am debugging the fast math case and should have a fix shortly.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

152 Reply by dgarske

(3 replies, posted in wolfCrypt)

Hi Keeperp,

Thanks for your question and interest in using the STM32WB55 PKA. I have the same STM32 hardware here to try this on.

At first glance this example should work. However you are using the private key to verify, so that could be why the hardware is confused.

If you exported the public key and imported it into a new ecc_key struct it might work better. Something like `wc_ecc_export_x963` and `wc_ecc_import_x963` would do the job.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

153 Reply by dgarske

(3 replies, posted in wolfSSL)

Hi Scott,

See here for a list of SP math build options:
https://github.com/wolfSSL/wolfssl/blob … _int.c#L42

For the assembly an you try using `WOLFSSL_SP_ARM32_ASM`

Try disabling DH (NO_DH) and only use RSA and ECC. For SP related build options try just these:

#define WOLFSSL_SP_MATH
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_4096
#define WOLFSSL_SP_ARM32_ASM
#define NO_DH
#define HAVE_ECC

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

154 Reply by dgarske

(3 replies, posted in wolfSSL)

Hi Scott,

Make sure you set `WOLFSSL_SP_4096` to enable 4096-bit support for SP math. Also set `WOLFSSL_HAVE_SP_RSA` and `WOLFSSL_HAVE_SP_DH` to speedup RSA/DH with SP math.

For this A8 you can also enable SP assembly speedups for RSA/DH and ECC using `WOLFSSL_SP_ARM_THUMB_ASM`. If the code size grows too large you can use `WOLFSSL_SP_SMALL`. You might also consider disabling DH and use just ECDHE for the key share using `NO_DH`.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

155 Reply by dgarske

(1 replies, posted in wolfCrypt)

Hi miennaco,

The AES GCM IV is normally 12-bytes, but it supports any length. An IV size not equal to 12-byte will first be GHASH'd then used.

See the code here:
https://github.com/wolfSSL/wolfssl/blob … es.c#L7180

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

156 Reply by dgarske

(4 replies, posted in wolfSSL)

Hi Scotty2541,

Sorry about the documentation issue on `wolfSSL_CTX_load_verify_buffer_ex`. I added that API a few releases back for supporting loading of trusted certificates with some additional options to allow date override and forceful load.

The API definition is:

int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
                                         const unsigned char* in,
                                         long sz, int format, int userChain,
                                         word32 flags)

Additional two arguments:
* userChain: If using format WOLFSSL_FILETYPE_ASN1 this set to non-zero indicates a chain of DER's is being presented.
* flags: See ssl.h around WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS.

#define WOLFSSL_LOAD_FLAG_NONE          0x00000000
#define WOLFSSL_LOAD_FLAG_IGNORE_ERR    0x00000001
#define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002
#define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY   0x00000004

#ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS
#define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE
#endif

I've made note to add this to our doxygen in doc/dox_comments/header_files/ssl.h.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

157 Reply by dgarske

(5 replies, posted in wolfTPM)

Hi Hadrien,

For primary keys you get back a handle. There is no encrypted private data returned. That handle will remain loaded until TPM2_FlushContext is called.

For normal key creation using `TPM2_Create` you get back a `TPM2B_PRIVATE outPrivate` which is the encrypted blob that you can store and load anytime using TPM2_Load.

For the key blob storage see this example:
https://github.com/wolfSSL/wolfTPM/blob … gen.c#L273

I've put up a PR with some additions and fixes in WindowsTBS.md here.
https://github.com/wolfSSL/wolfTPM/pull/163

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

158 Reply by dgarske

(2 replies, posted in wolfCrypt)

Hi cxenof03,

The encryption algorithm is initialized with the call to keys.c:SetKeysSide(). Actually the internal function SetKeys() is making the calls to wc_AesInit() and wc_AesGcmSetKey().

WritePSKBinders sets the keys for early data on the client. DoPreSharedKeys sets the keys on the server.

* The PSK establishes a master secret. See SetupPskKey() and DoPreSharedKeys().
* DeriveEarlySecret() derives the secret for creating the keys. See "Early Secret" in diagram in TLS 1.3 spec, page 93.
* DeriveTls13Keys() calls DeriveEarlySecret() and then derives the key that is placed in the 'Key data' that is used in SetKeysSide. See "client_early_secret_traffic_secret" in TLS 1.3 spec, page 93.
* SetKeysSide takes the 'Key data' and extracts out the key to use.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

159 Reply by dgarske

(5 replies, posted in wolfTPM)

Hi Hadrian,

Thank you for your interest in using wolfTPM! I am happy it has inspired you!

For Windows using their TBS interface the NV access is not permitted. I believe this is either because the TPM is started under a locality that does not allow it or the TBS blocks it. The NV storage on TPM's is very limited, which might be the reason.

The TPM is designed to return an encrypted blob on key creation that you can safely store on the disk and when needed load. The key used to encrypt the blob is only known by the TPM. When you load a key you get a transient handle to it, which can be used for signing and even encryption/decryption.

I believe this is documented in the WindowsTBS.md file here:
https://github.com/wolfSSL/wolfTPM/blob … ndowTBS.md

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

160 Reply by dgarske

(7 replies, posted in wolfTPM)

Hi Hadrien,

Have you seen our recent PR adding attestation support?
https://github.com/wolfSSL/wolfTPM/pull/161

We are also working on another example that uses TLS v1.3 between peers that should be posted in a few weeks.

If you are not familiar with it the tpm.dev website has some great discussions on this topic.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

161 Reply by dgarske

(2 replies, posted in wolfSSL)

Hi m.gadroy,

This was fixed back in Sept 2020 in this PR:
https://github.com/wolfSSL/wolfssl/pull/3280

You can find it in v4.6.0 or later.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

162 Reply by dgarske

(2 replies, posted in wolfCrypt)

Hi keeperp,

Thank you for the report. I believe the `WOLF_CONF_MATH == 4` option will work if you comment out `WOLFSSL_SP_MATH` in the generated `wolfSSL.I-CUBE-wolfSSL_conf.h`. The `WOLFSSL_SP_MATH` define reduces code size and disables some areas of the code.

For example if building this on Linux "./configure --enable-srp --enable-sp --enable-sp-math && make" it will report "configure: error: Cannot use single precision math and SRP".
If I build without `--enable-sp-math` or `WOLFSSL_SP_MATH` it works fine.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

163 Reply by dgarske

(1 replies, posted in wolfSSL)

Hi cxenof03,

As we've discussed offline you might consider using the TLS v1.3 early data feature to send the public key. Otherwise you would need to make some very specific changes inside the wolfSSL code to inject an additional extension.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

164 Reply by dgarske

(2 replies, posted in wolfSSL)

Hi cxenof03,

1) Good point. I put up a PR with API's for getting the static ephemeral here:
https://github.com/wolfSSL/wolfssl/pull/3942

2) Those are pointers to DerBuffer (ASN.1) with members `buffer` and `length`. The above PR should solve this for you.

3) Yes the KeyShare public keys will map to the static ephemeral keys.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

165 Reply by dgarske

(4 replies, posted in wolfSSL)

Hi Tammy,

Are you using the Cube MX HAL? If so what version? The Cube HAL handles enabling the clock automatically with the generated code.

If you still need to manually control the peripheral clock for power consumption reasons you can do it with the following:

The __HAL_RCC_AES_CLK_ENABLE() API comes from stm32l4xx_hal_rcc.h which gets included via stm32l4xx_hal_conf.h if the HAL has been generated with HAL_CRYP_MODULE_ENABLED set.

Which L4 part are you using and what wolfSSL build options have you defined in the user_settings.h or wolfSSL.wolfSSL_conf.h?

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

166 Reply by dgarske

(9 replies, posted in wolfSSL)

Hi Abhishek,

That is good news regarding the Cube pack.

We fully support both bare-metal and LWIP. For LWIP we support either the Posix or RAW interface. With the LWIP Posix interface requires threading (I believe). We do have an LWIP raw example in an old PR here:
https://github.com/wolfSSL/wolfssl/pull/599

Another option is to define `WOLFSSL_USER_IO` and set read / write callbacks using the following API's:

/* I/O callbacks */
typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX*, CallbackIORecv);
WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX*, CallbackIOSend);
WOLFSSL_API void wolfSSL_SSLSetIORecv(WOLFSSL*, CallbackIORecv);
WOLFSSL_API void wolfSSL_SSLSetIOSend(WOLFSSL*, CallbackIOSend);

We have some examples for this here:
https://github.com/wolfSSL/wolfssl-exam … callback.c

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

167 Reply by dgarske

(3 replies, posted in wolfSSL)

Hi mahdyseifelnasr,

We fully support the CortexM0 with some impressive assembly speedups for ECC, RSA and DH.

There is a good Makefile template for GCC ARM here:
https://github.com/wolfSSL/wolfssl/tree … DE/GCC-ARM

If you would prefer to cross-compile using ./configure here is an example:
./configure --host=arm-none-eabi CC=gcc AR=ar --disable-shared --enable-cryptonly --disable-examples --disable-crypttests --prefix=[yourpath]

If you have the option to use the STM32Cube wolfSSL pack it allows you to generate code on many STM32 targets and IDE's.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

168 Reply by dgarske

(4 replies, posted in wolfSSL)

Hi All,

I have posted an example for using our TLS v1.3 secret logging here:
https://github.com/wolfSSL/wolfssl-examples/pull/251

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

169 Reply by dgarske

(4 replies, posted in wolfSSL)

Hi cxenof03,

That is correct. For TLS v1.3 you can use HAVE_SECRET_CALLBACK and wolfSSL_set_tls13_secret_cb to setup a callback for printing the secrets for use with Wireshark.

The WOLFSSL_STATIC_EPHEMERAL feature does allow you to use a fixed ephemeral key for testing, which can be loaded into Wireshark. The WOLFSSL_STATIC_EPHEMERAL is meant to be used with the WOLFSSL sniffer (--enable-sniffer) and sslSniffer/sslSnifferTest, which allows decryption of the TLS traffic.

If you'd like some additional documentation on this please email us directly using support@wolfssl.com.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

170 Reply by dgarske

(2 replies, posted in wolfSSL)

Hi Iyaps,

For TLS v1.3 it is on by default, but you can explicitly set `--enable-tls13` to turn it on.

TLS v1.3 requires the following additional build options (if not using ./configure):

#define WOLFSSL_TLS13
#define HAVE_FFDHE_2048
#define HAVE_HKDF
#define WC_RSA_PSS

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

171 Reply by dgarske

(2 replies, posted in wolfSSL)

Hi Iyaps,

You can do either ./configure with cross compile or a Vitis IDE project.

We have a full example project here:
https://github.com/dgarske/UltraZed-EG-wolf

For cross-compiling here is an example I used for QNX on the ZCU102:


./configure --host=aarch64 \
    CC="aarch64-unknown-nto-qnx7.0.0-gcc" \
    AR="aarch64-unknown-nto-qnx7.0.0-ar" \
    RANLIB="aarch64-unknown-nto-qnx7.0.0-ranlib" \
    --prefix=$WOLFSSL_BUILD_DIR \
    --disable-shared --disable-examples --disable-crypttests \
    CFLAGS="-DWOLFSSL_HAVE_MIN -DWOLFSSL_HAVE_MAX \
    -DFP_MAX_BITS=8192" --enable-fastmath \
    --enable-armasm --enable-sp --enable-sp-asm

With some minor adjustments to the compile CC you could build with a generic GCC like "aarch64-none-elf-". You might also need to add CFLAGS= "-march=armv8-a"

Thanks,
David Garske, woilfSSL

Go to forum: wolfSSL

172 Reply by dgarske

(3 replies, posted in wolfSSL)

Hi Iyyappan,

Can you provide me your build settings? Are you using custom IO callbacks for the LWIP layer or the LWIP socket layer and wolfio.c default implementation? Its possible the callback is not returning the right values.

Since you are using multi-threading I assume you have `FREERTOS` defined for mutex protection. Even so you may not use the same WOLFSSL object from more than one thread. There is a feature you can use to duplicate the WOLFSSL object so you have one for reading and another for writing. If interested that is `HAVE_WRITE_DUP` and `wolfSSL_write_dup`.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

173 Reply by dgarske

(2 replies, posted in wolfSSL)

Hi Iyaps,

Have you called wolfSSL_Init() or wolfCrypt_Init() in your application code?
In your Xilinx BSP / Hardware Platform have you enable the xilsecure library?
Have you seen our Xilinx FreeRTOS/LWIP example here:
https://github.com/wolfSSL/wolfssl-examples/pull/155
https://github.com/JacobBarthelmeh/wolf … x/FreeRTOS

We also have some Xilinx tips here:
https://github.com/wolfSSL/wolfssl/tree … /XilinxSDK

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

174 Reply by dgarske

(3 replies, posted in wolfSSL)

Hi Iyyappan,

Can you share a snippet of your code calling wolfSSL_read()? Also can you call `err = wolfSSL_get_error(ssl, 0);` and see if any other error code is returned? Also can you enable logging using DEBUG_WOLFSSL and calling wolfSSL_Debugging_ON()?

I suspect either an issue with heap memory exhausted or the supplied argument to wolfSSL_read invalid.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

175 Reply by dgarske

(9 replies, posted in wolfSSL)

Hi Abhishek,

I can reproduce and have an updated pack posted here:
https://drive.google.com/file/d/1WWGrJb … sp=sharing

You can manually exclude the folder, but as a solution I've removed it from the pack.

It will be on the website shortly at the linked location:
https://www.wolfssl.com/files/ide/I-CUBE-wolfSSL.pack

Thanks for the report.
David Garske, wolfSSL

Go to forum: wolfSSL