Author: Kajal Sapkota

wolfSSL has easy options for building and running without any malloc’s! Avoiding the use of all dynamic memory can be important in many environments, including safety critical ones and the use with satellites, being one of NASA’s 10 rules to not use any dynamic memory after initialization. The easy build options for no system malloc’s helps wolfSSL be used under these stringent requirements. Along with being able to do crypto operations with the no malloc build, wolfSSL can also support full TLS handshakes with no malloc’s!
To build wolfSSL with no dynamic memory –enable-staticmemory could be used. Examples and tests with setting aside the memory pools for the staticmemory build can be seen in the wolfcrypt/test/test.c file bundled with wolfSSL. By default this falls back to malloc when no static memory is available, to avoid this fallback mechanism to system malloc’s the macro WOLFSSL_NO_MALLOC must also be defined. In addition to the staticmemory enable option there is a nomalloc version with our SP (single precision) asymmetric performance speed ups too! This could be enabled with –enable-sp=nomalloc when using autoconf.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

In general, a “glitch” is a momentary fault that may happen on a system, preventing it from working properly, for a brief amount of time. The effects of a single glitch on proper software execution may be multiple, including catastrophic consequences that may prevent the system from continuing the execution.

Glitching attacks are complex and expensive to execute, but can be a real issue for secure boot mechanisms, and often very hard to prevent or mitigate. They aim at exploiting predictable consequences of single glitches in order to take control of the execution or the data contained in the system. The glitch can be injected using different techniques, which often rely on well known weaknesses of the specific microcontroller or CPU. The most common glitch injection consists in varying the voltage supplied to the chip at a specific time, or modifying the profile of the clock signal to mangle the timing of the execution of the instructions. More advanced attacks can rely on irradiating the device with strong electromagnetic interference.

In the specific context of secure boot, the goal for an attacker is to circumvent the security checks in those critical sections of the code, e.g. the code that performs verifications on the firmware authenticity, integrity or versioning. These attacks could eventually defeat the security checks, and take control of the system by uploading an unauthorized firmware image. While they require an accurate synchronization and several attempts, these attacks will eventually succeed in injecting a fault in the hardware at the required time in order to skip the verification.

Our secure bootloader, wolfBoot, follows the indication of RFC9019 to provide a secure, public key based verification of the integrity and authenticity of the firmware and its updates. It runs on several different architectures, from small microcontrollers up to x86_64 systems. wolfBoot is OS-agnostic and provides best-in-class security thanks to the FIPS 140-2 certified algorithms implemented in the wolfCrypt security engine. 

wolfBoot already comes with plenty of unique features. Now it is also the first open source secure bootloader to implement mitigations against glitching attacks. Our development team has recently added an optional feature that can be activated at compile time, to reinforce the security of the critical variables and decision points in the code. This has required an evaluation of the code flow of wolfBoot from a point of view that includes the possibility for an attacker to skip single specific instructions. Introducing these mitigations has been tricky, because redundant code written in C is usually discarded by the compiler. For this reason the countermeasures must be programmed in assembly, which makes this code architecture specific.

The upcoming release of wolfBoot will contain a first version of these countermeasures, but glitching support mitigation already made it to our main branch on github, and it can be freely compiled and used in GPL projects for evaluation and auditing purposes.

To compile wolfBoot with glitching and side-channel attack mitigations turned on, it is sufficient to add ARMORED=1 to the configuration options (i.e. via command line when invoking make, or through the .config file). The ARMORED option is currently supported on ARM Cortex-M architecture. Support for other architectures will be added in the future.

You can download wolfBoot today from our download page or from our github repository

What is the next feature that you want to see implemented in wolfBoot? Is there any architecture or platform that we don’t yet support that could benefit from our glitch-resistant secure boot mechanism? Let us know! 

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

After much work, wolfSSL is proud to announce that wolfCrypt v5 has been submitted to the CMVP and wolfCrypt is on the Modules in Process list for FIPS 140-3 Approval.

We’ve added more algorithms to our testing. We have AES-OFB mode. We added the TLSv1.2 and TLSv1.3 KDFs, including the extended master secret, and the SSH KDF. We’ve also testing 4096-bit RSA and ECDSA with SHA-3.

If you need to use TLSv1.3 in a FIPS environment, we have you covered! wolfCrypt FIPS also works with our other products including wolfBoot, wolfEngine, and wolfSSH.

More about FIPS 140-3

FIPS 140-3 is an incremental advancement of FIPS 140-2, which now standardizes on the ISO 19790:2012 and ISO 24759:2017 specifications. Historically, ISO 19790 was based on FIPS 140-2, but has continued to advance since that time. FIPS 140-3 will now point back to ISO 19790 for security requirements. Keeping FIPS 140-3 as a separate standard will still allow NIST to mandate additional requirements on top of what the ISO standard contains when needed.

Among the changes for FIPS 140-3 are conditional algorithm self-tests, where the algorithm self-tests are only performed if used. The pre-operational self-test is now faster, as all the algorithms are not tested until needed. This helps with startup times as the public key self-testing can be time consuming. The self tests can be run at appropriate times for your application startup. Also, there is additional testing of the DRBG entropy sources.

For more information, please visit our FIPS page here.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Love it? Star wolfSSL on GitHub!

We’re happy to announce the first major release of wolfEngine, version 1.0.0. This release brings several improvements to wolfEngine. Here are some notable ones:

– Improved Visual Studio support.

– Improvements to the initialization code to support our upcoming FIPS 140-3 module.

– A rework of the AES-GCM implementation to support all OpenSSL use cases.

– New control commands for enabling wolfSSL debug logging.

– Better logging around the failure of the FIPS integrity check.

– A set of examples in the examples/ subdirectory.

– Additional HMAC functionality.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfSSL has added support for git 2.35.1. git is a version control system that handles projects of all sizes. It is capable of handling the version history of projects all the way up to the size of the Linux kernel. git uses SSL/TLS for its imap-send command. This command sends a collection of patches from stdin to an IMAP folder. git can also be configured to use the crypto library for all SHA-1 and SHA-256 hashing. wolfSSL supports all of this functionality in our port. (https://github.com/wolfSSL/osp/tree/master/git)

Compile wolfSSL with

./configure --enable-opensslextra

make

make install

Compile git with:

patch -p1 < /path/to/our/patch

make USE_WOLFSSL=1 OPENSSL_SHA1=1 OPENSSL_SHA256=1

make USE_WOLFSSL=1 OPENSSL_SHA1=1 OPENSSL_SHA256=1 install

git uses external dependencies for most of its communication protocols. The two more common protocols used within git are https and ssh. git builds and links against the system available curl for http and https support and uses the ssh utility that is available at runtime in $PATH for ssh support. To use only wolfSSL in git make sure that all dependencies are using wolfSSL. curl can be built to use wolfSSL using a configure option (https://everything.curl.dev/source/build/tls#wolfssl) while you can build OpenSSH against wolfSSL using our patches (https://github.com/wolfSSL/osp/tree/master/openssh-patches).

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

The wolfSSL / wolfCrypt libraries support asynchronous (non-blocking) crypto using external hardware acceleration with the Intel QuickAssist and Cavium Nitrox III/V adapters. These are PCIe devices that accelerate crypto operations. Use of the asynchronous hardware acceleration support significantly increases performance for server platforms requiring high connection rates and throughput.

For some performance numbers see this page: https://www.wolfssl.com/docs/intel-quickassist/

We also support asynchronous offloading to custom asymmetric hardware or a keystore using our PK callbacks (–enable-pkcallbacks). This is supported with all versions of TLS. Examples can be found in https://github.com/wolfSSL/wolfssl-examples/blob/master/tls (see server-tls-pkcallback.c and client-tls-pkcallback.c).

For the software based asymmetric math, wolfCrypt supports a non-blocking mode for RSA and ECC crypto operations. This is useful in a bare-metal environment to allow wolfSSL to split heavy math operations into smaller chunks of work allowing you to interleave servicing of real-time events. For ECC see –enable-ecc=nonblock or WC_ECC_NONBLOCK (doc). For RSA see WC_RSA_NONBLOCK (docs) 

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfSSL was at Satellite again this year to engage in a key conversation in the Satellite community: ensuring that satellite devices are as secure as possible. In a world where attackers are more motivated and more sophisticated, the core cybersecurity technologies that wolfSSL provides can give users the assurance that they’re device won’t get bricked, hacker parlance for a useless device, which just happened last month.

The story goes like this: American company providing high-speed satellite internet coverage in Europe was the target of a cyberattack on the morning of February 24. The attack caused an outage of services in Ukraine, and other European countries, including Germany. Commander General Michel Friedling confirmed that this indeed was a cyberattack that had originally targeted KA-SAT SATCOM terminals in Ukraine. It is suspected that the attack targeted the ground stations by being able to exploit a misconfiguration of a management section of the satellite network to gain access and subsequently ‘brick’ the receivers by either mangling or replacing their firmware. This is an example of an attack that could have been mitigated by wolfBoot secure boot and FIPS 140-2 cryptography.

The above referenced company is not the only satellite internet provider being targeted. Starlink activated their service in the Ukraine and has already faced multiple malicious attempts to disrupt the service which prompted this tweet from Elon Musk:

“Important warning: Starlink is the only non-Russian communications system still working in some parts of Ukraine, so probability of being targeted is high. Please use with caution.”

Cybersecurity experts warn of a spillover effect in which these repeated attacks stemming from the Ukraine and Russia conflict could impact global infrastructure. Although the details of the recent attacks are still under investigation, it is in your best interest to consider how wolfSSL fortifies cybersecurity efforts. Our TLS, secure boot and cryptography libraries are used by every branch of the US military, which means we are deployed in everything from tanks and missile systems to satellites and aircraft.

wolfBoot, our secure bootloader, secures satellites by ensuring that any firmware update is signed and verified by our wolfCrypt FIPS 140-3 cryptography library. We also support TLS 1.3 or SSH for secure delivery of the updated firmware, should you be concerned about the security of your network connection and potentially subject to man in the middle attacks. wolfSSL can run ‘over the top’ of the various satellite communications standards.

Help us to help you keep your device from becoming a “Billion Dollar Brick” and contact us to hear more about our wolfSSL library, the wolfCrypt encryption engine, wolfBoot Secure Bootloader, wolfSSL Support for DO-178C DAL A, or to simply meet the wolfSSL team.

Connect with wolfSSL on LinkedIn: https://www.linkedin.com/company/wolfssl/

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfSSL Inc. is pleased to let our customers know that the CMVP has approved 22 new operating environment (OE)  additions to the wolfSSL 3389 FIPS certificate in February and March!

2021 saw long delays and excessive wait times from the CMVP that had many near the limits of their patience. However, the CMVP has now approved 10 OE additions that were submitted by wolfSSL in July of 2021 (yes it was a LONG wait) on Valentines’ day and another 12 OE additions were approved less than 30 days later on March 15th for a total of 22 OE additions to round out Q1 of 2022!

After the frustrations of 2021 this has been a nice turnaround at the start of 2022 and wolfSSL staff will continue to work feverishly on customer OE additions as they are needed and demand arrises!

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

 

Today we have some exciting news! We here at wolfSSL would like to announce that we have achieved a TLS 1.3 connection where the group used for key establishment was KYBER_LEVEL1 and the connection was between an Ubuntu Linux x86_64 machine and an STM32 NUCLEO-F446ZE with an ARM Cortex M4 chip running on bare-metal. We used a generic UART TTL to USB cable.  On the x86_64 side we plugged the cable into the USB port while on the ARM Cortex M4 side we connected to the UART headers. Either side can be the server or the client. 

Some might be wondering how this was achieved as wolfSSL integrates with liboqs for its post-quantum algorithm implementations, but liboqs does not support being built for STM32. The answer is that wolfSSL has a new integration with the OQS team’s sister project, MUPQ team’s pqm4 project. Since the algorithm artifacts interoperate between liboqs and pqm4 and wolfSSL is on both sides, there is full interoperability.  Notably, this should also interoperate with the OQS team’s fork of OpenSSL.

So, does this really matter? In our opinion, yes! A lot of great work has been done showing the impact that post-quantum algorithms will have on The Internet. There are several academic papers and at-scale experiments with some very interesting results that, generally speaking, show that the Internet is ready for post-quantum algorithms. But what about constrained and low-resource devices?  What about IoT? With larger cryptographic artifact sizes and for some operations, more need for processor power, these algorithms have potential to heavily impact constrained and low-resource devices.

Experimentation in these domains has been less forthcoming, likely due to the lack of a TLS stack integrated with post-quantum algorithm implementations for embedded platforms. Now that changes.  Now, you can start experimenting with post-quantum algorithms using TLS 1.3 to understand the impact on your embedded projects.

In the coming weeks, you can look forward to an example STM32CubeIDE project and a recorded webinar about how you can get started with post-quantum key establishment over TLS 1.3 on STM32 devices.

Currently, only KYBER_LEVEL1 is supported. Want other algorithms and variants? Want hybrids? Want to know when the example project and webinar will be released? 

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

 Secure shell and file access for embedded systems

Unlike embedded Linux, or rich CPU-based systems, embedded systems running on a microcontroller rarely have support for file systems. Most often these devices run a firmware stored on a flash memory. However, more advanced microcontroller-based systems designed for edge computing offer the possibility to connect non-volatile storage devices, such as SD or MMC cards, non-volatile random-access memories and solid-state drives. In these cases, a bare-metal or RTOS-based system may benefit from a lightweight filesystem implementation, for standard read/write file access and directory management.

wolfSSH offers all the functionality of a SSH server and client in a compact and microcontroller friendly library. It implements SSH protocol v.2 with both password and public key based authentication. The SSH protocol is mostly famous for the secure shell feature on UNIX-like systems, used by administrators to control and automate process execution on remote systems. SSH however provides file transfer support via SCP, and more advanced file system access via SFTP.

wolfSSH implements SCP and SFTP for any embedded system, giving the possibility to customize the actions associated with remote filesystem access operations. A system with no filesystem support can still implement rudimentary operations on hardcoded file paths very easily, by defining use-case specific callbacks. Even without any actual filesystem, it is still possible to respond in a custom way to specific SFTP or SCP commands. A common usage, like the one shown in this FreeRTOS based example,  is using SSH for remote secure firmware updates, uploading a new version of the firmware binary image as a file, e.g. via SCP. The embedded target does not actually have a file system but it receives the content of the remote file and stores it in a flash memory partition. Afterwards the application can delegate the secure bootloader, e.g. wolfBoot, to consider and process the update package for installation.

Customizing file I/O operations on non-POSIX systems can be done by defining WOLFSSH_USER_FILESYSTEM at compile time, and then assigning callbacks to I/O operations. A minimal set of calls for file management may include WFOPEN, WFCLOSE, WFWRITE, WFREAD, WFSEEK; although the full set of POSIX operations for subdirectory handling, file statistics, permission management and more are supported when running wolfSSH with SFTP on POSIX machines.

FatFS support

Using a lightweight FatFS implementation to store data in embedded systems has several advantages. Removable memory supports such as SD or MMC cards can be accessed offline by any PC host if required. On those microcontrollers supporting USB-OTG, internal block devices can appear as USB drives when the device is connected to a USB host.

ChaN’s FatFS (http://elm-chan.org/fsw/ff/00index_e.html) is a popular lightweight Open Source FAT implementation suitable for microcontrollers and distributed along with many BSP provided by hardware manufacturers, often as optional middleware package. FatFS exposes two interfaces: the API to be used by the application to access the filesystem, and the MAI (media access interface) to attach the I/O to any block-based storage system. Many embedded developers use this library even if there is no specific need for FAT format, simply because it is a complete filesystem implementation with a small footprint, provides a friendly, POSIX-inspired, well documented API,  and it is easy to integrate with any physical storage medium.

Since version 1.4.7, wolfSSH offers a fully featured, pre-packaged integration with ChaN’s FatFS. By adding the compile-time option WOLFSSH_FATFS, wolfSSH will automatically map the file and directory callbacks to the corresponding function in the filesystem implementation. This means that there is no additional ‘glue code’ needed to integrate wolfSSH to provide remote secure file access and directory management.

wolfSSH is the easiest way to implement SFTP and SCP on embedded targets. Adding wolfSSH to an existing connected system simply consists in providing send and recv callback functions to communicate over a TCP socket. For SFTP and SCP support a filesystem implementation, real or emulated, is required as well to respond to remote file and directory access requests, and wolfSSH offers a flexible interface to integrate with any filesystem implementation.

On those platforms where FatFS support is already included with the board support package or the real time operating system in use (e.g. ST CubeMX, NXP MCUXpresso), the integration of wolfSSH with the existing filesystem has now been made even easier. Setting up a thread in a RTOS with a SSH daemon providing SFTP access is a matter of a few lines of code, needed to set up SSH certificate, passwords and public keys. The target system will start accepting SSH connections and exchanging files from any compatible SFTP client.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.