Topic: Create ECDSA key from my own WC_RNG source?

Hello I'm using WolfSSL for TLS 1.3 support and looking at using its APIs to create ECDSA private keys based on my own unique random bits.

I've seen the example here: https://github.com/wolfSSL/wolfssl-exam … #L115-L132

so I think I should be able to use the wc_ecc_make_key_ex API with some sort of WC_RNG  which is based on my own array of bits, maybe?

Can you give me any help on how to do this?

Thanks!

Share

Re: Create ECDSA key from my own WC_RNG source?

Hi @torntrousers,

Please try using the below setup:

A) Define WOLFSSL_USER_SETTINGS globally or at the top of <wolfssl/wolfcrypt/settings.h> so that settings.h will look for and include the file "user_settings.h"
B) Create an empty header "user_settings.h" and use this file to tune the build
C) Include <wolfssl/wolfcrypt/settings.h> in your application
D) Update the include path for your project so "user_settings.h" can be included by settings.h.
E) Setup a custom function to seed the wolfSSL RNG with your own entropy source

// Define the type your function will be returning, for this example we'll return an unsigned int
 #define CUSTOM_RAND_TYPE      unsigned int

// Your function that provides entropy seed to "seed" the RNG declare as an extern
 extern unsigned int my_rng_seed_gen(void);

// define the wolfSSL CUSTOM_RAND_GENERATE to be your function
 #undef  CUSTOM_RAND_GENERATE
 #define CUSTOM_RAND_GENERATE  my_rng_seed_gen

Let me know if this helps.


Warm Regards,

K

Re: Create ECDSA key from my own WC_RNG source?

Thats great, I have it working, thank you so much for the quick reply.

It looks like doing wc_InitRng(&rng) calls my my_rng_seed_gen function 13 times, so with unsigned int being 32 bits I need to provide 13 x 32 which is 416 random bits. Is there any way to reduce that a bit?

Share

Re: Create ECDSA key from my own WC_RNG source?

So when we initialize the RNG structure we run a "health test" to ensure that repetitive calls to the generate seed function do not return predictable data. If you want to reduce the number of checks you could try modifying the wc_RNG_HealthTestLocal function to call wc_RNG_HealthTest() less times though this is a good test to perform and we do not recommend reducing the number of health checks.

Regards,

K