Category: wolfSSL/ wolfCrypt

LMS in PKCS11

Most people know that wolfSSL supports being a PKCS11 consumer. It is easy to enable this with the --enable-pkcs11 configure time flag and then trying out the examples. Now, what most people don’t realize is that we also have the ability to be a PKCS11 provider!! This is via our library called wolfPKCS11. Check out the source repo on github.

The most interesting thing about PKCS11 is that the post-quantum stateful hash-based signature scheme LMS/HSS has already been added to the PKCS11 standard. If you look at the latest specification, you can already find an example template definition for a private key:

CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
CK_KEY_TYPE keyType = CKK_HSS;
CK_UTF8CHAR label[] = “An HSS private key object”;
CK_ULONG hssLevels = 123;
CK_ULONG lmsTypes[] = {123,...};
CK_ULONG lmotsTypes[] = {123,...};
CK_BYTE value[] = {...};
CK_BBOOL true = CK_TRUE;
CK_BBOOL false = CK_FALSE;
CK_ATTRIBUTE template[] = {
    {CKA_CLASS, &keyClass, sizeof(keyClass)},
    {CKA_KEY_TYPE, &keyType, sizeof(keyType)},
    {CKA_TOKEN, &true, sizeof(true)},
    {CKA_LABEL, label, sizeof(label)-1},
    {CKA_SENSITIVE, &true, sizeof(true)},
    {CKA_EXTRACTABLE, &false, sizeof(true)},
    {CKA_HSS_LEVELS, &hssLevels, sizeof(hssLevels)},
    {CKA_HSS_LMS_TYPES, lmsTypes, sizeof(lmsTypes)},
    {CKA_HSS_LMOTS_TYPES, lmotsTypes, sizeof(lmotsTypes)},
    {CKA_VALUE, value, sizeof(value)},
    {CKA_SIGN, &true, sizeof(true)}
};

Are you looking to use wolfSSL to consume LMS/HSS? Our wolfCrypt library already has support for LMS/HSS; want to consume it via a PKCS11 interface? Want to get ahead of the curve and start prototyping ML-KEM (FIPS 203) or ML-DSA (FIPS 204) in PKCS11? Send a message to facts@wolfSSL.com to let us know which of these you want accelerated.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfSSL 5.7.4 Release

wolfSSL release 5.7.4 is now available, with exciting optimizations for ARM devices and enhancements to post-quantum cryptography algorithms. If you’re using wolfSSL on RISC-V, we’ve also included new performance enhancements specifically for RISC-V devices. Alongside these optimizations and new features, several important fixes were made. One notable fix involves the behavior of X509_STORE_add_cert() and X509_STORE_load_locations() functions to better align with OpenSSL when the compatibility layer is enabled.

Below are some of the key changes in this release. For a more comprehensive list, refer to the ChangeLog.

New Features and Additions

  • RISC-V 64: Added new assembly optimizations for SHA-256, SHA-512, ChaCha20, Poly1305, and SHA-3 (PRs 7758, 7833, 7818, 7873, 7916).
  • DTLS 1.2 Connection ID: Implemented support for Connection ID (CID) (PR 7995).
  • DevkitPro Support: Added support for (DevkitPro)libnds (PR 7990).
  • Mosquitto: Added a port for Mosquitto OSP (Open Source Project) (PR 6460).
  • sssd: Added a port for init sssd (PR 7781).
  • eXosip2: Added support for eXosip2 (PR 7648).
  • STM32G4: Added support for STM32G4 (PR 7997).
  • MAX32665 and MAX32666: Added support for TPU hardware and ARM ASM crypto callback (PR 7777).
  • libspdm: Added support for building wolfSSL to be used in libspdm (PR 7869).
  • Nucleus Plus: Added support for use with Nucleus Plus 2.3 (PR 7732).
  • RFC5755 Attribute Certificates: Initial support for x509 attribute certificates (acerts) with --enable-acert (PR 7926).
  • PKCS#11 RSA Padding Offload: Allows tokens to perform CKM_RSA_PKCS (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt) (PR 7750).
  • Heap/Pool Allocation: Added “new” and “delete” style functions for heap/pool allocation and freeing of low-level crypto structures (PRs 3166, 8089).

Espressif / Arduino Updates

  • Updated wolfcrypt settings.h
  • Updated Espressif SHA, utility, memory, and time helpers (PR 7955).
  • Fixed _thread_local_start and _thread_local_end for Espressif (PR 8030).
  • Enhanced benchmarking for Espressif devices (PR 8037).
  • Introduced Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME in Kconfig (PR 7866).
  • Added wolfSSL esp-tls
  • Updated wolfSSL release for Arduino (PR 7775).

Post-Quantum Crypto Updates

  • Dilithium: Support for fixed-size arrays in dilithium_key (PR 7727).
  • Dilithium Precalc: Added option to use precalc with small sign (PR 7744).
  • Kyber FIPS: Allowed Kyber to be built with FIPS (PR 7788).
  • Kyber in Linux Kernel: Enabled Kyber ASM usage in Linux kernel module (PR 7872).
  • Dilithium, Kyber: Updated to final specifications (PR 7877).
  • Dilithium FIPS: Supported FIPS 204 Draft and Final Draft (PRs 7909, 8016).

ARM Assembly Optimizations

  • ARM32: Added assembly optimizations for ChaCha20 and Poly1305 (PR 8020).
  • Poly1305 Aarch64: Improved Poly1305 assembly optimizations for Aarch64 (PR 7859).
  • Poly1305 Thumb-2: Added Poly1305 optimizations for Thumb-2 (PR 7939).
  • STM32CubePack: Added ARM ASM build option to STM32CubePack (PR 7747).
  • Visual Studio: Added ARM64 support to the Visual Studio project (PR 8010).
  • Kyber ARM Optimizations: Added assembly optimizations for ARM32, Aarch64, ARMv7E-M, and ARMv7-M (PRs 8040, 7998, 7706).

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfSSL wolfCrypt CSharp wrapper

wolfSSL is excited to announce additional support for wolfCrypt API’s in our CSharp (C#) wrapper. Our CSharp wrapper now includes wolfCrypt support for ECC (ECDSA/ECDHE), ECIES, RSA, ED25519/Curve25519, AES-GCM, and HASH cryptographic algorithms. The supported HASH algorithms are MD2, MD4, MD5, SHA, SHA-224, SHA-256, SHA-384, SHA-512, SHA-MD5, SHA3-224, SHA3-256, SHA3-384, SHA3-512, BLAKE2B, and BLAKE2S.

In addition to the CSharp wrapper, we supply a comprehensive test suite, `wolfCrypt-Test.cs` to test all of the supported cryptographic algorithms. The PR for these changes can be found here: PR# 3166.

To start using the wolfCrypt CSharp wrapper, please refer to the README.md, which contains useful information on how to get started. Another useful resource is the `wolfCrypt-Test.cs` suite, which shows common use cases and can help in validating your application setup.

If you have any questions about our wolfCrypt CSharp wrapper or need assistance, feel free to email us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

Enhance Embedded System Security with ADI MAXQ1065 and wolfSSL

wolfSSL’s trusted partner, Analog Devices, Inc. (ADI), recently announced that integrating the MAXQ1065 with wolfSSL can significantly enhance security for IoT and embedded systems. Explore the ADI Engineer Zone blog post, Securing IoT and Embedded Systems: Integrate MAXQ1065 with wolfSSL, to discover wolfSSL’s competitive advantages and how this integration improves IoT security solutions and embedded system security applications.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Deprecation and Removal of TLS 1.0 / 1.1 Support from wolfSSL

As part of our quality control and review process, wolfSSL is planning removal of obsolete and deprecated TLS protocol support from our mainline TLS library. TLS 1.0 and 1.1 were introduced in 1999 and 2006 respectively, and both versions were formally deprecated by RFC 8996 in 2021. As noted in the deprecation RFC, TLS 1.0 requires support for an obsolete and insecure cipher suite based on 3DES, an algorithm that dates to 1981. Moreover, the security guarantees of both version 1.0 and version 1.1 depend on the SHA-1 algorithm introduced in 1995, already considered vulnerable in 2005, and formally retired by NIST in 2022. TLS 1.0 and 1.1 have been disabled by default in wolfSSL since release 3.13.0 (2017) and 5.6.6 (2023) respectively.

Modern TLS implementations use either TLS 1.2 or 1.3, both of which avoid dependence on obsolete and deprecated algorithms and mechanisms. Version 1.2 was introduced in 2008, is currently considered secure when configured properly, and is supported by all modern TLS implementations. Version 1.3 is the latest version, finalized in 2018, with the highest inherent security, supported by wolfSSL since release 3.11.1 (2017).

While support for obsolete and insecure protocols is useful in some specialized analytic and forensic applications, we believe that continuation of this support in our mainline products does more harm than good, due to the associated complexity, and the inherent risk of misconfiguration, with potentially critical implications for system security.

While we have not yet determined a timeline for removal of code in wolfSSL specific to TLS 1.0 and 1.1, all API support for them should be considered deprecated, consistent with RFC 8996.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Introducing rustls-wolfcrypt-provider: wolfCrypt for Rustls

rustls-wolfcrypt-provider integrates the wolfCrypt cryptographic library as a backend for Rustls, allowing developers to use wolfCrypt’s secure cryptographic functions with Rustls’ modern TLS stack. Currently in alpha, this library offers flexibility for those needing an alternative crypto provider, especially for projects requiring FIPS 140-3 readiness.

Other reasons to consider wolfCrypt as your Rustls provider include the following:

  1. Hardware encryption support, wolfCrypt supports hardware encryption and assembly optimizations for systems big and small. See our list of supported hardware encryption schemes.
  2. Support: we will support Rustls when used in conjunction with wolfCrypt.
  3. Consulting: If you need help making all of this work in your environment, we’ll help!

Supported Cipher Suites

TLS 1.3:

  • TLS13_CHACHA20_POLY1305_SHA256
  • TLS13_AES_128_GCM_SHA256
  • TLS13_AES_256_GCM_SHA384

TLS 1.2:

  • TLS12_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS12_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS12_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS12_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

With rustls-wolfcrypt-provider, developers can combine the cryptographic strengths of wolfCrypt with the modern TLS capabilities of Rustls, supporting Rustls version 0.23.9. This integration is ideal for projects that require both strong security and the flexibility of wolfCrypt’s cryptography.

Are you interested in Rust solutions with wolfSSL integration?

If you have questions about any of the above or need assistance, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Strengthening RSA default minimum to 2048 bits

wolfSSL helps make the internet secure. Part of this task is continually updating our default settings to keep up with adversarial advancements. A recent article detailed the use of default RSA key sizes by an IoT manufacturer, which resulted in a 512 bit key being used for authentication. “The factoring required $70 in cloud computing costs and less than 24 hours.”

Since wolfSSL also had the default minimum set to 512 bits, we decided to update the default minimum to 2048 bits. The decision to use 2048 bit for the minimum was based on NIST recommendations and security industry best practices. This affects key generation using wc_MakeRsaKey. Testing infrastructure was also updated to be sure the smaller key sizes are still being covered by CI tests. The default RSA key size minimum can be overridden in the configuration using the RSA_MIN_SIZE macro.

For more information about using RSA in wolfSSL or have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Azure Removing TLS 1.0 & TLS 1.1

Are you prepared for the upcoming security enhancements in Azure, which will remove support for TLS 1.0 and TLS 1.1? By the end of October, Azure will no longer accept connections using TLS 1.0 and TLS 1.1 (Azure announcement). This is great news! The older TLS protocols are less secure compared to the newer TLS 1.2 and TLS 1.3 standards. wolfSSL supports both TLS 1.2 and TLS 1.3, and can assist in upgrading your product’s security to prepare for the deprecation of TLS 1.0 and TLS 1.1 in Azure.

For more information and upgrade assistance contact facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

FIPS 140-3 and CNSA 2.0 with a Single TLS Connection

Can you believe it? With wolfSSL you can now have a TLS 1.3 connection that is compliant with both FIPS 140-3 and the CNSA 2.0! Want to know how?

For key establishment, we can use the new ML-KEM-1024 (also known as Kyber-1024 which is at security level 5 as defined by NIST) hybridized with ECDH on curve P-521.

In terms of authentication, we can use our dual algorithm certificates where the conventional algorithm is ECDSA on curve P-521 and the alternative algorithm is ML-DSA-87 (also known as Dilithium 5 which is at security level 5 as defined by NIST). The server would then also have conventional and alternative private keys so they would both be used to sign the transcript.

For the cipher suite, We can use AES-256-GCM-SHA384; this is approved by both FIPS 140-3 and CNSA 2.0.

And just like that, we have dual compliance! Want more details and a demo with steps to do it yourself? Not to worry, we’ll have a webinar soon to explain how you can achieve this yourself as well! Please stay tuned.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2 3 4 5 6