I am trying to test different curves on my IoT devices with RIOT OS. Now I am using wc_ecc_make_key_ex() to generate ECC keys for three different curves: ECC_SECP256R1, ECC_SECP384R1, ECC_SECP521R1.
1. ECC_SECP256R1 works well by default.
2. ECC_SECP384R1. I noticed that I need to define WOLFSSL_SP_384 in user_settings.h to enable key generation for this curve (let me know if I am wrong with this). Now it also works.
3. ECC_SECP521R1. My code always returns -234 to indicate key size error for this curve. So is there any other way to enable key generation for ECC_SECP521R1 or did I miss something here?

Here is my code below (wolfCrypt version 4.5.0):

static int _encrypt_handler_keyGen(int argc, char **argv) {
    if (argc < 2) {
        printf("usage: %s [key_size]\n", argv[0]);
        return 1;

    int ret = 0;
    ecc_key key;
    WC_RNG rng;


    // int curveId = ECC_SECP256R1;
    // int curveId = ECC_SECP384R1;
    int curveId = ECC_SECP521R1;

    int keySize = wc_ecc_get_curve_size_from_id(curveId);
    ret = wc_ecc_make_key_ex(&rng, keySize, &key, curveId);

    if (ret != MP_OKAY) {
        printf("Failed to generate ECC keys. Error code: %d. Key Size: %d.\n", ret, keySize);
        return -1;

    return 0;


(2 replies, posted in wolfCrypt)

Great, it works now. Thank you for your help, saved my life!


(2 replies, posted in wolfCrypt)

Hi everyone:

I am trying to use wolfCrypt on RIOT OS for my IoT project. The current version of wolfCrypt on RIOT is 4.5.0. I followed the instructions:
    $ ./autogen.sh
    $ ./configure --enable-aesctr
    $ make
    $ make check   # (optional, but highly recommended)
    $ sudo make install
to enable AES-CTR. In the options.h, it shows that AES-CTR is enabled.

However, when I tried to compile my code on native board, it says:
   undefined reference to `wc_AesCtrEncrypt'
   collect2: error: ld returned 1 exit status

whereas I did include the "aes.h" in my main.c file:
  #include <stdio.h>
  #include <unistd.h>
  #include <wolfssl/options.h>
  #include <wolfssl/wolfcrypt/sha256.h>
  #include <wolfssl/wolfcrypt/random.h>
  #include <wolfssl/wolfcrypt/pwdbased.h>
  #include <wolfssl/wolfcrypt/aes.h>
  #include "xtimer.h"
  #include "log.h"

Also, Here is my Makefile:

APPLICATION = test_aes
BOARD ?= native
QUIET ?= 1
USEPKG += wolfssl
USEMODULE += wolfcrypt_ecc
USEMODULE += wolfcrypt-test
USEMODULE += wolfcrypt_asn
USEMODULE += wolfcrypt_aes
USEMODULE += wolfcrypt
USEMODULE += wolfcrypt_random
USEMODULE += wolfcrypt_sha256
USEMODULE += wolfssl_dtls
USEMODULE += wolfcrypt_pwdbased
USEMODULE += gnrc_sock_check_reuse
USEMODULE += gnrc_sock_udp
USEMODULE += gnrc_ipv6
USEMODULE += xtimer

ifneq ($(BOARD),native)
include $(RIOTBASE)/Makefile.include

My code works well for AES-CBC mode (wc_AesCbcEncrypt), but keeps saying: undefined reference to `wc_AesCtrEncrypt'. I got stucked here for several days and tried everything I could. Any advice would be helpful. Thank you.