Python Wrapper for wolfCrypt

We are pleased to inform that wolfCrypt has a new wrapper!

The wolfCrypt Python Wrapper allows use of the wolfCrypt embedded crypto library in a Python project. This will let users take advantage of the low footprint size of wolfCrypt in IoT projects that use the Python language.

Check out the wolfCrypt Documentation (https://wolfssl.github.io/wolfcrypt-py) and try it out.

For more info about using wolfCrypt with Python, or the wolfSSL embedded SSL/TLS library, contact us at facts@wolfssl.com.

wolfSSL + embOS

wolfSSL has added support for embOS in the wolfCrypt embedded cryptography library. We have example projects in the “/IDE/IAR-EWARM/embOS/” directory which include a library to link against, a benchmark, and wolfcrypt_test that are preconfigured for Atmel’s SAMV71 Xplained Ultra when using IAR Embedded Workbench for ARM (EWARM). These examples are set up to build and run with no user modifications by default (After you download the documented software and have on hand the necessary hardware).

The examples will be available in the next stable release of the wolfSSL embedded SSL/TLS library and are currently available in the wolfSSL development branch at: https://github.com/wolfssl/wolfssl

There is a README_custom_port that will assist in creating a project that targets a different MPU as well. As always we are more than willing to help anyone get setup and going so please feel free to contact us support@wolfssl.com if you ever have any questions!

wolfSSL Patch for MYSQL 5.6.30

When using wolfSSL with MYSQL the portability and robustness refined in the IoT realm meets databases. The patch has been updated to MYSQL version 5.6.30 and allows for easy replacement of the bundled TLS/SSL library to a recent version of wolfSSL. Using the patch leverages the progressive, lightweight wolfSSL embedded SSL/TLS library when securing database connections. The patch, along with instructions on how to apply it, can be found on github at this repository https://github.com/wolfSSL/mysql-patch.

For more information contact wolfSSL at facts@wolfssl.com

Whitewood Quantum RNG Support in wolfSSL

Are you interested in seeding wolfSSL with quantum entropy?  wolfSSL has recently partnered with Whitewood Encryption Systems to bring support for the Whitewood netRandom client library to wolfSSL.

Whitewood netRandom is a client/server solution for delivery true random numbers.  The netRandom server includes the Whitewood Entropy Engine – a hardware-based high-performance, quantum random number generator.  A netRandom client securely connects to this server to retrieve quantum entropy.  This is beneficial in environments where it is tough or impossible to locally generate good random numbers.  Since the security of a cryptosystem is dependent on true random numbers, this is very important for users of wolfSSL and wolfCrypt.

When wolfSSL is compiled with support for the netRandom client library API, wolfSSL’s PRNG will be seeded with quantum random numbers from the netRandom server.  Users can compile wolfSSL with netRandom support by using the following ./configure option or by defining HAVE_WNR when compiling wolfSSL:

–with-wnr=PATH      Path to Whitewood netRandom install (default /usr/local)

netRandom support adds the following two functions to the wolfSSL API, through the header:

int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout);
int wc_FreeNetRandom(void);

An application should call wc_InitNetRandom() once during startup, passing it the netRandom configuration file, optional HMAC callback, and entropy timeout.  wc_FreeNetRandom() should be called upon application shutdown to free the netRandom context.

Usage examples can be found in the wolfSSL example applications, located in under the “./examples” directory of the wolfSSL download.  netRandom support is currently available in the development branch of wolfSSL and will be incorporated into the next stable release as well.

For more information about using the wolfSSL embedded SSL/TLS library with the Whitewood netRandom client library, contact us at facts@wolfssl.com.

References:
Whitewood Encryption Systems
Whitewood netRandom

wolfSSL unaffected by May 3rd, 2016 OpenSSL high severity security fixes

OpenSSL released a security advisory on May 3rd 2016: https://www.openssl.org/news/secadv/20160503.txt. Some wolfSSL embedded TLS users are probably wondering if similar security fixes are needed in wolfSSL.  The answer to that is no.  Specifically, CVE-2016-2107 and CVE-2016-2108 are OpenSSL implementation bugs.  Since wolfSSL and CyaSSL embedded SSL libraries have a completely different code base from OpenSSL we do not share these defects.

Please contact wolfSSL by email at facts@wolfssl.com, or call us at 425 245 8247 if you have any security related questions.

Securing uTasker with wolfSSL

wolfSSL is happy to announce that the wolfSSL embedded SSL/TLS and wolfCrypt cryptography libraries have been ported to the uTasker operating system!

uTasker is an operating system, stack, and collection of services designed for embedded devices.  It includes an OS, filesystem, device drivers, and TCP/IP stack among other features.  The uTasker package includes a device simulator, allowing developers to test and debug code faster than would be possible on physical hardware itself.  Complete details on the uTasker stack can be found on the project website: http://www.utasker.com/.

wolfSSL has added a new preprocessor define to enable the uTasker port layer called WOLFSSL_UTASKER.  The port currently includes example client and server uTasker tasks which make use of the wolfSSL I/O abstraction layer to send and receive data over a secure SSL/TLS connection using uTasker RAW sockets.  The example tasks have been tested using the uTasker device simulator contained in the “uTasker_M522XX_V1.4-6” distribution.

What this means for projects using uTasker is that network connections can now communicate securely over SSL/TLS, using the progressive and lightweight wolfSSL SSL/TLS library.  Applications can also take advantage of the underlying wolfCrypt cryptography library to access crypto operations directly (block ciphers, stream ciphers, AEAD ciphers, hash functions, public key algorithms, and certificate verification routines).

The wolfSSL uTasker example client and server task are located in the ‘wolfssl-examples’ GitHub repository, linked below.  Documentation for these examples and on using wolfSSL with uTasker can be found on the wolfSSL website:

Using wolfSSL with uTasker
wolfSSL uTasker Examples

If you are interested in using wolfSSL on a uTasker-based project, feel free to reach out to us at facts@wolfssl.com with any questions.

C# Wrapper for wolfSSL

wolfSSL has a new C# wrapper, allowing use of the wolfSSL embedded SSL/TLS library in a C# project. This will let users take advantage of the low footprint size of wolfSSL in IoT spaces that use the .NET framework. A Visual Studio project, along with server examples can be found in the directory “/wrapper/CSharp/”.

The wolfSSL C# wrapper is included in versions of wolfSSL beginning with 3.8.0. To download wolfSSL, visit the download page. More information about the wrapper and documentation can be found at the following links:

wolfSSL C# Wrapper
wolfSSL C# Manual
wolfSSL C# API Reference

For more info about using C# with wolfSSL, contact us at facts@wolfssl.com.

wolfSSL with ECDHE-PSK Cipher Suites

The wolfSSL embedded SSL/TLS library has added the option for using ECDHE-PSK cipher suites. This opens up using the small memory size ECC keys with PSK on embedded devices.

PSK (pre shared keys) is a viable option when controlling both ends of the connection. It allows for saving memory and computation time when performing a TLS handshake. Adding ECDHE gives the cipher suite perfect forward secrecy with using an ephemeral ECC key during the TLS handshake. Previously wolfSSL had DHE-PSK cipher suites but using ECDHE-PSK cipher suites will save even more memory, beneficial in resource-constrained, IoT devices.

The ECDHE-PSK cipher suites available to users include:

ECDHE-PSK-NULL-SHA256
ECDHE-PSK-AES128-CBC-SHA256
ECDHE-PSK-CHACHA20-POLY1305

wolfSSL announces wolfCLU (a command line utility)

wolfSSL has laid the groundwork for a portable command line utility. We wanted our community to be aware so you have the opportunity to begin using it with the wolfSSL embedded SSL/TLS library!

wolfCLU currently has the following features:

– Autoconf for portability
– Encrypt a file and store it locally on your computer
– Decrypt that file after it has been encrypted, or send it via email to your friend, if he/she knows the password and algorithm used for encryption, they can then decrypt it on their computer
– Hash a single file (IE a zip archive) for verification
– Benchmark the currently configured Algorithms

On the wolfCLU to-do-list:

– X509 Certificate generation
– X509 Certificate pem-to-der/der-to-pem
– FIPS certified build option
– Integration into wolfSSL distribution

Location:
https://github.com/wolfSSL/wolfssl-examples/tree/master/wolfCLU

Please head on over and check out the README!
https://github.com/wolfSSL/wolfssl-examples/blob/master/wolfCLU/README.md

wolfSSL with the Atmel Hardware-TLS Platform

wolfSSL has partnered with Atmel to provide users of the wolfSSL embedded SSL/TLS library the ability to take advantage of the Atmel ATECC508A crypto element. From the Atmel page:

“Due to lack of better alternatives, TLS implementations have historically stored private keys and authentication credentials in software where they are more vulnerable to attack. In addition, the mathematics used for authentication and asymmetric key agreement were also done in software which is less feasible in small IoT devices that have limited code space and processing power.

The Atmel Hardware-TLS platform provides an interface between software TLS packages and the ATECC508A cryptographic co-processor. wolfSSL and OpenSSL implementations can now utilize hardware-based secure storage for private keys and authentication data and also allow resource-constrained IoT nodes to implement full elliptic curve authentication and Diffie-Hellman key agreement and session key derivation. With Atmel HW-TLS, TLS communications links can have hardened security even out to the smallest IoT edge node.”

Full details can be found on the Atmel website:
http://www.atmel.com/tools/Atmel-HW-TLS.aspx

Contact us at facts@wolfssl.com with any questions or to inquire about using wolfSSL on the Atmel ATECC508A.

Posts navigation

1 2 3 141 142 143 144 145 146 147 188 189 190