1 Topic by swapnil.mishraj

(3 replies, posted in wolfCrypt)

In the https://www.wolfssl.com/files/flyers/wo … ce_use.pdf I could see the peak usage of RAM for different settings.
Is there any such memoy reference available if I use Static Memory only for PKCS7 type RSA2048 signature verification?

My application only does signature verification and root of trust certificate (DER format) verification of the firmware.
Static Config: Static configuration defines in user_settings.h:  

#define WOLFSSL_STATIC_MEMORY
    #define WOLFSSL_STATIC_MEMORY
    #define WOLFSSL_NO_MALLOC
    #define WOLFSSL_STATIC_MEMORY_SMALL

    #define USE_FAST_MATH
    #define TFM_TIMING_RESISTANT

    #define WOLFCRYPT_ONLY
    #define WOLFSSL_GENERAL_ALIGNMENT 4
    #define SINGLE_THREADED
    #define SIZEOF_LONG_LONG 8

    #ifdef __RSA__
        #define WC_RSA_NO_PADDING
        #define WC_RSA_PSS
        /* WC_RSA_BLINDING: Enables blinding mode, to prevent timing attacks. */
        #define WC_RSA_BLINDING
        #define RSA_LOW_MEM
        #define FP_MAX_BITS     4096
        #define WOLFSSL_RSA_VERIFY_INLINE
        #define WC_NO_RSA_OAEP
    #endif

    #ifdef __ECC__
        #define HAVE_ECC
        #define ECC_SHAMIR
        #define TFM_ECC256
        /* ECC_TIMING_RESISTANT: ECC specific timing resistance. */
        #define ECC_TIMING_RESISTANT
        #define NO_ECC_CHECK_KEY
        #define NO_RSA
        #define HAVE_X963_KDF
    #endif


    #ifdef __SHA512__
        #define WOLFSSL_SHA512
    #endif

    #ifdef __SHA384__
        #define WOLFSSL_SHA384
    #endif

    /* PKCS7 specific */
    #define NO_PKCS7_STREAM
    #define HAVE_PKCS7

    #define HAVE_AES_KEYWRAP
    #define WOLFSSL_AES_DIRECT
    
    /* Signature specific */
    #define ASN_BER_TO_DER

    /* Remove Features */
    #define WOLFSSL_NO_SOCK
    #define NO_WRITEV
    #define NO_FILESYSTEM
    #define NO_MAIN_DRIVER
    #define NO_MD4

    #define NO_RABBIT
    #define NO_HC128
    #define NO_PWDBASED
    #define NO_PSK
    #define NO_OLD_TLS
    #define NO_DES3
    #define NO_MD5
    #define NO_RC4
    #define NO_DH
    #define NO_CMAC
    #define NO_CODING
    #define WOLFSSL_NO_PEM
    #define NO_ASN_TIME
    #define NO_RC4
    #define NO_DSA
    #define NO_SIG_WRAPPER
    #define NO_SESSION_CACHE
    #define NO_OLD_RNGNAME
    #define NO_WOLFSSL_DIR
    #define WOLFSSL_IGNORE_FILE_WARN
    #define NO_ERROR_STRINGS

    #define BENCH_EMBEDDED
    #define NO_CRYPT_TEST
    #define NO_CRYPT_BENCHMARK
    
    #ifdef USE_FAST_MATH
    #   define WC_NO_HARDEN
    #endif

ALL OTHER DEFINE OPTIONS default

WOLFCRYPT_ONLY, WOLFSSL_STATIC_MEMORY, WOLFSSL_NO_MALLOC, USE_FAST_MATH

With my current static onfiguration on a cortex m4 device I have to provide at least 17000 bytes of static buffer for wc_PKCS7_VerifySignedData for a RSA2048 signature verification. The final RAM usage (static + stack) is about 65Kbytes.
Does this RAM usage looks normal in Static configuration? Are there any Static reference projects?

Go to forum: wolfCrypt

2 Reply by swapnil.mishraj

(2 replies, posted in wolfCrypt)

Hi Julius,

Thanks for the quick reply.

I just had to do a single modification and it works.
I use WOLFSSL_STATIC_MEMORY and WOLFSSL_NO_MALLOC.

Since 

WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int,
                                    unsigned char*, int, int);

does not give any interface to pass the static heap, I used 

WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type,
              DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey);

instead.

Go to forum: wolfCrypt

3 Topic by swapnil.mishraj

(2 replies, posted in wolfCrypt)

I am using wolfssl for an embedded device. I have added `WOLFCRYPT_ONLY`to enable only wolfCrypt and disable the TLS/SSL layer.
Also since no file system so added corresponding NO_FILESYSTEM.

This disables a lot of certificate file parsing functions.
I have a blob of a PEM style certificate stored in the buffer, which I need to parse and extract information from.

Which includes to make in user_settings.h, or which functions to use to successfully parse the certificates? Is the certificate parsing allowed with `WOLFCRYPT_ONLY`?

I just need to extract public key and date of signing from this PEM certificate blob.

Go to forum: wolfCrypt