Linux Journal – Elliptic Curve Cryptography

    • If you are a reader of Linux Journal (http://www.linuxjournal.com/), you may have seen the interesting article in this month’s issue about Elliptic Curve Cryptography written by Joe Hendrix:

    http://www.linuxjournal.com/content/january-2013-issue-linux-journal-security

    In the article, Joe explains how ECC works (with several descriptive charts), talks about how NIST makes recommendations on the actual security provided by different algorithms with varying bit strengths, and shows readers how to use ECC in the popular OpenSSH application. We enjoyed reading through it.

    Beginning with the 2.4.6 release of the wolfSSL embedded SSL library, wolfSSL now has support for ECC cipher suites as well. We have had ECC support internally for quite some time, but have now made it available to our open source user base.

    wolfSSL’s open source ECC implementation can be found in the /cyassl/ctaocrypt/ecc.h header file and the /ctaocrypt/src/ecc.c source file. Supported ECC cipher suites include:

    /* ECDHE suites */
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_RSA_WITH_RC4_128_SHA
    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA

    /* ECDH suites */
    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
    TLS_ECDH_RSA_WITH_RC4_128_SHA
    TLS_ECDH_ECDSA_WITH_RC4_128_SHA
    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA

    /* AES-GCM suites */
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384

    You can download a GPLv2-licensed copy of wolfSSL from our download page (https://www.wolfssl.com/download/). If you have any questions or would like more information about our ECC implementation or the wolfSSL lightweight SSL library, feel free to let us know at info@yassl.com. We always enjoy hearing from our users!