RECENT BLOG NEWS

The most requested feature for the wolfMQTT client library is now available! Multithreading support allows an application to create multiple threads that use the wolfMQTT client library. There is a new example that demonstrates this functionality, located in `examples/multithread/`. This example creates a thread that subscribes to a topic and then waits for incoming messages; it also creates many threads that publish a unique message to the topic. 

As a side note, wolfMQTT uses the wolfSSL embedded SSL/TLS library for SSL/TLS support.  Since wolfSSL supports TLS 1.3, your wolfMQTT-based projects can now use MQTT with TLS 1.3 on supported broker!

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

We wanted to cover building for TLS 1.3 today for our Windows users! For those interested in testing with TLS 1.3 on Windows system please use the wolfssl64.sln located in the root directory of our download (wolfssl-x.x.x/wolfssl64.sln).

The wolfssl64.sln solution provides builds configurations for:

To customize the configuration for wolfSSL we use the file wolfssl-x.x.x/IDE/WIN/user_settings.h with the wolfssl64.sln. Simply add these settings to that header:

Then rebuild and run the example client/server with the -v 4 option to test TLS 1.3! (See screenshot below)

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Ever wondered how to use PSK with the embedded wolfSSL library?  PSK is useful in resource constrained devices where public key operations may not be viable.  It`s also helpful in closed networks where a Certificate Authority structure isn`t in place.  To enable PSK with wolfSSL you can simply do:

$ ./configure --enable-psk

Using PSK on the client side requires one additional function call:

wolfSSL_CTX_set_psk_client_callback()

There`s an example client callback in cyassl/test.h called my_psk_client_cb().  The example sets the client identity which is helpful for the server if there are multiple clients with unique keys and is limited to 128 bytes.  It could also examine the server identity hint in case the client is talking to multiple servers with unique keys.  Then the pre-shared key is returned to the caller, here that is simply 0x1a2b3c4d, but it could be any key up to 64 bytes in length (512 bits).

On the server side two additional calls are required:

wolfSSL_CTX_set_psk_server_callback()
wolfSSL_CTX_use_psk_identity_hint()

The server stores it`s identity hint to help the client with the 2nd call, in our server example that`s “cyassl server”.  An example server psk callback can also be found in my_psk_server_cb() in cyassl/test.h.  It verifies the client identity and then returns the key to the caller, which is again 0x1a2b3c4d, but could be any key up to 64 bytes in length.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfCrypt adds support for cryptographic callbacks that can be registered for replacing stock software calls with your own custom implementations. The goal is to make adding hardware cryptographic support easier.

Currently supported crypto callbacks:

• RNG and RNG Seed
• ECC (key gen, sign/verify and shared secret)
• RSA (key gen, sign/verify, encrypt/decrypt)
• AES CBC and GCM
• SHA1 and SHA256
• HMAC

This feature is enabled using “–enable-cryptocb” or “#define WOLF_CRYPTO_CB”.

To register a cryptographic callback function use the “wc_CryptoCb_RegisterDevice” API. This takes a unique device ID (devId), callback function and optional user context.

typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx);
WOLFSSL_API int wc_CryptoCb_RegisterDevice(
    int devId,
    CryptoDevCallbackFunc cb,
    void* ctx);

To enable use of the crypto callbacks you must supply the “devId” arguments on initialization.

For TLS use:  

• wolfSSL_CTX_SetDevId(ctx, devId);
• wolfSSL_SetDevId(ssl, devId);

For wolfCrypt API’s use the init functions that accept “devId” such as:

• wc_InitRsaKey_ex
• wc_ecc_init_ex
• wc_AesInit
• wc_InitSha256_ex
• wc_InitSha_ex
• wc_HmacInit

Examples:

• STSAFE-A100 ECC Crypto Callbacks: https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/st/stsafe.c#L330
• TPM 2.0 wolfTPM Crypto Callbacks: https://github.com/wolfSSL/wolfTPM/blob/master/src/tpm2_wrap.c#L2937
• Generic wolfCrypt tests: https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/test/test.c#L24304

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

We have added support for RISC-V hardware in our wolfBoot library. The reference example uses the SiFive HiFive1 FE310 board to demonstrate a secure bootloader and firmware upgrade.

The HiFive1 is a 32-bit E31 RISC-V core capable of running at 320MHz. It includes 4MB of external flash and 16KB of internal RAM.

The wolfBoot library provides:

• Boot validation of the firmware image using hash and signature
• Reliable firmware update (power fail safe).
• Rollback support if application does not report “success”
• Version checking to prevent downgrade attack
• Support for external flash on updates

This adds support for:

• RV32 Hardware Access Layer (HAL) support for:
  • PLL Clock configuration
  • Flash eSPI
  • UART
  • RTC
• Firmware update example using the serial interface

Full setup and installation instructions can be found in “docs/Targets.md”.

These new features can be found on GitHub here:
https://github.com/wolfSSL/wolfBoot/pull/14

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Are you a user of MCU with CryptoCell hardware?  If so, you will be happy to know that wolfSSL recently added support for CryptoCell with wolfCrypt and benchmark examples to the wolfSSL embedded SSL/TLS library!

The wolfSSL port supports the following features:

• SHA-256
• AES CBC
• Elliptic Curve Digital Signature Algorithm (ECDSA) – sign and verify
• Elliptic Curve Diffie Hellman (ECDH) – shared secret
• ECC key generation support
• RSA sign and verify
• RSA key generation support
• RSA encrypt and decrypt

These features are tested on nRF52840 hardware platform with Nordic nRF5_SDK_15.2.0.

You can use the WOLFSSL_CRYPTOCELL macro to activate the CryptoCell support in wolfSSL. For instructions on how to build and run the examples on your projects, please see the “<wolfssl-root>/IDE/CRYPTOCELL/README” file.  This support is currently located in our GitHub master branch, and will roll into the next stable release of wolfSSL.

wolfSSL provides support for the latest and greatest version of the TLS protocol, TLS 1.3! Using the wolfSSL port will allow your device to connect to the internet in one of the most secure ways possible.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Resources

The most recent version of wolfSSL can be downloaded from our download page, here: https://www.wolfssl.com/download/
wolfSSL GitHub repository: https://github.com/wolfssl/wolfssl.git
wolfSSL support for TLS 1.3: https://www.wolfssl.com/docs/tls13/