RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

CyaSSL and RakNet

Hi everyone, we’re curious if anyone is interested in using CyaSSL-based RakNet. RakNet is a high-performance network API designed for games or other high-performance network applications. It is intended to provide most all features modern games need, such as a master server, autopatcher, voice chat, and cross-platform capabilities. You can learn more at the following URL:

http://www.jenkinssoftware.com/

If you have any questions, or will like to see CyaSSL working with RakNet, please email us at facts@wolfssl.com.

wolfSSL FIPS 140-2 Certification Status Update

wolfSSL will soon have FIPS 140-2 level one validation for the wolfCrypt crypto engine! We have entered the lab process and will be out of the lab as soon as August 15, 2014. Our application will then be submitted to NIST for final review.

The FIPS certification will support a broad range of wolfSSL customers, specifically those who sell to the US government.

FIPS, Federal Information Processing Standards, consists of public security and communication standardizations developed by the US government. These standardizations are for use by nonmilitary government agencies and contractors.

wolfSSL is on the NIST FIPS 140 in process list, which is here:  https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Modules-In-Process/Modules-In-Process-List (wolfCrypt has since received certificates #2425 and #3389)

We will keep our blog updated on our FIPS certificate progress, but if you would like more information regarding wolfSSL’s FIPS certification, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247.  

wolfSSL Born in the USA!

We receive a lot of questions about the origins of the wolfSSL lightweight SSL library and wolfCrypt software packages.  We get asked where they were developed, and by who?  These questions usually come from US government agencies and their contractors.  Simply stated, mes amis, wolfSSL and wolfCrypt were Born in the USA and written by US citizens

If you have any additional questions about the origins of wolfSSL or wolfCrypt, please contact us at facts@wolfssl.com

Happy 4th of July!

wolfSSL Android SSL Client App

The wolfSSL Android Client is our first Android application that incorporates the CyaSSL lightweight SSL library together with the wolfSSL JNI library in order to test secure connections to servers across the Internet. With our Android SSL Client you can quickly test SSL, TLS, and DTLS connections whether they be located on a local network or across web. The wolfSSL Android Client has multiple options and settings that you can personalize such as setting your own certificates and keys, changing the active security layer, and choosing which from a wide variety cipher suite to use.

The client outputs color formatted information about the connection to a central console window within the wolfSSL Client application. The wolfSSL Android Client was built to be very simple, fast, and user friendly rather than slow, complicated and confusing.

If you have any feedback, comments, or suggestions that you would like to see incorporated into later versions, please contact us at: facts@wolfssl.com

We invite you to download our SSL Client for free on the Play Store, or by following this link:  https://play.google.com/store/apps/details?id=com.wolfssl.client (as of 26 March 2018 at 9:33am MDT, the app is no longer on the Google Play Store. Please check out our download page instead).

wolfSSL Summer of Security

“Fear urged him to go back, but growth drove him on.” ? Jack London, White Fang

The Internet of Things is a fast growing technology sector with new embedded devices introduced daily. With this increase in products which frequently require SSL/TLS and cryptography, wolfSSL has been experiencing continual growth and decided to bring in a team of interns for the 2014 Summer season. wolfSSL executives chose to recruit students from Montana State University which is known for its ability to produce exceptional Computer Science graduates. Six students were selected for the Summer and will be completing their internships in Bozeman, MT under the direction of Chris Conlon, senior engineer at wolfSSL, also a Montana State graduate.

The Summer of Security program is allowing the wolfSSL interns to gain knowledge in the embedded SSL industry as well as valuable programming experience in Linux and embedded distributions. Throughout the Summer, the interns will play a role in improving documentation, current examples, and community support within wolfSSL. Interns will be learning the CyaSSL SSL and TLS library and writing documents to provide users with a better understanding of the CyaSSL library.

The Summer of Security is a great opportunity for students to increase work experience in the field of computer science and work towards a potential career as part of the wolfSSL team. The team at wolfSSL looks for knowledgeable students who have experience in C systems development. Prior embedded systems experience is a plus. If you are interested in learning more about the wolfSSL Summer of Security internship program, feel free to contact us at facts@wolfssl.com.

TLS 1.3 on Github

Hi! We wanted to point out to our users that the TLS 1.3 working group has put their specification work up on Github at: https://github.com/tlswg/tls13-spec

We are eager to implement TLS 1.3 as it gets closer to its final specification! We think this new protocol iteration will add a lot of improvement! As such, we`re excited to get going and need user feedback. Please contact us to let us know what parts of the spec are most important to you. We will consider adding pieces of TLS 1.3 to our current TLS 1.2 implementation, should users of wolfSSL need them. Let us know your thoughts at facts@wolfssl.com.

Intro to PKCS #5: Password-Based Cryptography Specification

Our third post in our PKCS series, we will be looking at PKCS  #5. PKCS #5 is the Password-Based Cryptography Specification and is currently defined by version 2.0 of the specification. It is defined in RFC 2898 http://tools.ietf.org/html/rfc2898. It applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching.

A. Key Derivation Functions

A key derivation function produces a derived key from a based key and other parameters. In a password-based key derivation function, the base key is a password and the other parameters are a salt value and an iteration count.

Two functions are specified below: PBKDF1 and PBKDF2. PBKDF2 is recommended for new applications; PBKDF1 is included only for compatibility with existing applications, and is not recommended for new applications.

B. PBKDF1

PBKDF1 applies a hash function, which shall be MD2, MD5 or SHA-1, to derive keys. The lengths of the derived keying bounded by the length of the hash function output, which is 16 octets from MD2 and MD5 and 20 octets from SHA-1.

Steps:

1. If dkLen > 16 for MD2 and MD5, or dkLen > 20 for SHA-1, output “derived key too long” and stop.

2. Apply the underlying hash function Hash for c iterations to the concatenation of the password P and

    the salt S, then extract the first dkLen octets to produce a derived key DK:

T_1 = Hash (P || S) ,

T_2 = Hash (T_1) ,

T_c = Hash (T_{c-1}) ,

DK = Tc<0..dkLen-1>

3. Output the derived key DK.

C. PBKDF2

PBKDF2 applies a pseudorandom function to derive keys. The length of the derived key is essentially unbounded. However, the maximum effective search space for the derived key may be limited by the structure of the underlying pseudorandom function.

Steps:

1. If dkLen > (2^32 – 1) * hLen, output “derived key too long” and stop.

2. Let l be the number of hLen-octet blocks in the derived key, rounding up, and let r be the number of octets

    in the last block:

l = CEIL (dkLen / hLen) ,

r = dkLen – (l – 1) * hLen .

Here, CEIL (x) is the “ceiling” function, i.e. the smallest integer greater than, or equal to, x.

3. For each block of the derived key apply the function F defined below to the password P, the salt S, the

    iteration count c, and the block index to compute the block:

T_1 = F (P, S, c, 1) ,

T_2 = F (P, S, c, 2) ,

T_l = F (P, S, c, l) ,

where the function F is defined as the exclusive-or sum of the first c iterates of the underlying pseudorandom  function PRF applied to the password P and the concatenation of the salt S and the block index i:

F (P, S, c, i) = U_1 \xor U_2 \xor … \xor U_c

where

U_1 = PRF (P, S || INT (i)) ,

U_2 = PRF (P, U_1) ,

U_c = PRF (P, U_{c-1}) .

Here, INT (i) is a four-octet encoding of the integer i, most significant octet first.

4. Concatenate the blocks and extract the first dkLen octets to produce a derived key DK:

DK = T_1 || T_2 ||  …  || T_l<0..r-1>

5. Output the derived key DK.

To learn more about PKCS #5, you can look through the specification, here:

http://tools.ietf.org/html/rfc2898

D. CyaSSL Support

CyaSSL supports both PBKDF1 and PBKDF2. The header file can be found in <cyassl_root>/cyassl/ctaocrypt/pwdbased.h and the source file can be found in <cyassl_root>/ctaocrypt/src/pwdbased.c of the CyaSSL library. When using these functions, they must be enabled when CyaSSL is configured. This is done by:

./configure –enable-pwdbased

The functions:

int PBKDF1(byte* output, const byte* passwd, int pLen,

                      const byte* salt, int sLen, int iterations, int kLen,

                      int hashType);

int PBKDF2(byte* output, const byte* passwd, int pLen,

                      const byte* salt, int sLen, int iterations, int kLen,

                      int hashType);

CyaSSL also supports PKCS12

int PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,

                            const byte* salt, int sLen, int iterations,

                            int kLen, int hashType, int purpose);

To learn more about the CyaSSL embedded SSL library, you can download a free GPLv2-licensed copy from the wolfSSL download page, http://wolfssl.com/yaSSL/download/downloadForm.php, or look through the CyaSSL Manual, https://www.wolfssl.com/docs/wolfssl-manual/.  If you have any additional questions, please contact us at facts@wolfssl.com.

Video Tutorial: Basic Compilation and Installation of CyaSSL

If you are looking for a quick and easy guide on compiling, installing and using CyaSSL, then we have some good news: In order to make it even easier to understand and install CyaSSL, we recently created a video tutorial to help get you started.

The video will walk you through the downloading and installing process, as well as provided a basic demonstration of a few of CyaSSL’s example client and server programs. The video is on our YouTube channel, which can be found here: https://www.youtube.com/channel/UCxcGPWzOnhdocvKmxqhfvPg

With a direct link to the video here:

https://www.youtube.com/watch?v=zXRLwW0DIPA

CyaSSL is a C-based embedded SSL/TLS library which is lightweight, portable, and works with a wide range of systems.  It offers a simple, easy to use, API with several abstraction layers for ease of access in a wide range of product types.

If you have any questions feel free to contact us at facts@wolfssl.com or support@wolfssl.com. For more information, you may visit us at http://www.wolfssl.com/.

Integrating ChaCha20 and Poly1305 Into wolfSSL

We`ve implemented ChaCha20 allowing for the use of both 128 bit and 256 bit keys and are in the process of implementing Poly1305 into wolfSSL. Both crypt tools and a suite using the two are on schedule to be released by the end of the summer.

The ChaCha20 and Poly1305 algorithms, originally developed by Bernstein, have been shown to be very secure. Further reading about these algorithms can be found in the link below.

http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04

We`re excited about this addition to our code.  If you have comments, questions, or need it in our code sooner than the end of this summer, let us know!  We can be reached at facts@wolfssl.com or by phone at +1 425 245 8247.

Posts navigation

1 2 3 154 155 156 157 158 159 160 189 190 191

Weekly updates

Archives