Topic: RSA signing and verificaiton

Hello all.. I am trying to get the RSA cryptography part of the wolfSSL library 3.3.0 work with a Cortex M3 based microcontroller(No operating system involved) with the Keil IDE. All I am trying to do is sign a byte array and verify it back using the private and public key available as  part of the MakeRsaKey() function call respectively.

However I am stuck with this MakeRsaKey function call. For a 512 bit key, the system is crashing with a hard fault whereas for a 1024 bit key, I am getting an out of memory error.

Any thoughts??

Share

Re: RSA signing and verificaiton

Hi,

Can you double check to make sure your application is getting compiled with the same preprocessor defines that wolfSSL was compiled with?  Sometimes a mismatch in settings can cause seg fault issues with the math libraries.

Also, for reference, we have a sign/verify example available in the following location.  This includes an example of doing a sign/verify with both ECC and RSA:

https://github.com/wolfSSL/wolfssl-exam … /signature

Thanks,
Chris

3 (edited by hariharan_510 2016-06-13 07:59:56)

Re: RSA signing and verificaiton

thanks Chris for the reply...

Below are the defines with which the application is compiled in addition to whatever is enabled default in the .c and .h files
HAVE_CONFIG_H, SINGLE_THREADED, CYASSL_KEY_GEN

I will go through the link you have posted...

Few more details...

I am trying to get the RSA based signature verification done via the below API calls, available as part of rsa.c:

SSL_Sign
SSL_Verify

I suppose hashing the message is done as part of this call and doesn't need to be separately done.

Heap size allocation is 3KB. I hope this should be sufficient enough for all the dynamic memory allocation involved.

Anything specific needs to be taken care as I am trying to get this done on a bare metal system.(No OS involved)

Hard fault happens in random prime number generation part of RSA key generation.

Update:
---------

I was able to get the key generated by increasing the heap size. 8 KB for a 512 bit key and 12 KB for a 1024 bit key. Is this as expected or am I doing something wrong?

Another thing that requires clarification is if I sign a byte array does it encrypt it as well or just creates a signature of the byte array and returns me back. The reason why I am asking this is when I verify the output byte array of Sign call I get back my input byte array(the one I was interested in signing).

Please suggest.

Share

Re: RSA signing and verificaiton

Hi,

RsaSSL_Sign() does not do a hash operation on the input data before signing.  Your application will need to hash the input data before passing it in for signing.

wolfCrypt's hash functions are prototyped by the respective header file, ie:

<wolfssl/wolfcrypt/sha.h>
<wolfssl/wolfcrypt/sha256.h>
<wolfssl/wolfcrypt/sha512.h>

The heap usage doesn't look out of the expected range.  By default, wolfSSL and wolfCrypt use the normal big integer library for public key calculations and operations.  Alternatively, you can use the "fastmath" library instead.  The fastmath library puts more on the stack and less on the heap, whereas the big integer library uses more heap and less stack.  If you wanted to use less heap, you could enable the fastmath library by defining:

USE_FAST_MATH
TFM_TIMING_RESISTANT

Best Regards,
Chris