• Registered: 2016-11-10
  • Posts: 18

Topic: [SOLVED] SHA384 question

Hello,
I compile wolfSSL directly to my project, my defines in user_settings.h give me three ciphers to work with:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

So far it works good, without any issues.

Now I want to use SHA384, thus I added two more defines to my user_settings.h:
#define NO_SHA256 //I don't need any more this option in my ciphers
#define WOLFSSL_SHA384 //I want only SHA384 in my ciphers
And, of cause, I removed sha256.o and added sha512.o to the build.

But it seems I cannot do it this way, the errors I receive:

Compiling file: ../wolfssl-3.9.10/src/ssl.c ..................
In file included from ../wolfssl-3.9.10/wolfssl/internal.h:33:0,
from ../wolfssl-3.9.10/src/ssl.c:35:
../wolfssl-3.9.10/wolfssl/wolfcrypt/random.h:63:10: error: #error "Hash DRBG requires SHA-256."
#error "Hash DRBG requires SHA-256."
^
In file included from ../wolfssl-3.9.10/wolfssl/internal.h:47:0,
from ../wolfssl-3.9.10/src/ssl.c:35:
../wolfssl-3.9.10/wolfssl/wolfcrypt/asn.h:143:27: error: 'SHA256_DIGEST_SIZE' undeclared here (not in a function)
KEYID_SIZE = SHA256_DIGEST_SIZE,
^
In file included from ../wolfssl-3.9.10/wolfssl/internal.h:66:0,
from ../wolfssl-3.9.10/src/ssl.c:35:
../wolfssl-3.9.10/wolfssl/wolfcrypt/hmac.h:100:23: error: 'SHA384_DIGEST_SIZE' undeclared here (not in a function)
MAX_DIGEST_SIZE = SHA384_DIGEST_SIZE,
^
../wolfssl-3.9.10/wolfssl/wolfcrypt/hmac.h:101:23: error: 'SHA384_BLOCK_SIZE' undeclared here (not in a function)
HMAC_BLOCK_SIZE = SHA384_BLOCK_SIZE
^
../wolfssl-3.9.10/wolfssl/wolfcrypt/hmac.h:129:9: error: unknown type name 'Sha384'
Sha384 sha384;
^
In file included from ../wolfssl-3.9.10/src/ssl.c:35:0:
../wolfssl-3.9.10/wolfssl/internal.h:2654:5: error: unknown type name 'Sha384'
Sha384 hashSha384; /* sha384 hash of handshake msgs */
^
Makefile:72: recipe for target '_output/ssl.o' failed
make: *** [_output/ssl.o] Error 1

In order to make it work I have to remove NO_SHA256 define, add WOLFSSL_SHA512 define and add sha256.o to the build.

Is there a possibility to have SHA384 without SHA256 and SHA512 as it adds unwanted ciphers and more code.

Thanks for the help.

Share

  • Registered: 2015-10-07
  • Posts: 430

Re: [SOLVED] SHA384 question

Hi Andrey,

To enable SHA384 you must also defined "WOLFSSL_SHA512". The code for SHA384 is dependent on SHA512.

To disable SHA256 you will also have to disable the P-RNG is wolfSSL, since it requires SHA256. You are welcome to do this if you have a good hardware RNG source.

Here is an example for disabling the P-RNG:
https://github.com/wolfSSL/wolfssl/blob … ngs.h#L265
https://github.com/wolfSSL/wolfssl/blob … rget.c#L40

Additionally you will need to of course define NO_SHA256:
#define NO_SHA256

In my testing for this I located an issue in our code which assumes SHA256 is present in SendCertificateVerify. A fix for that is located here:
https://github.com/wolfSSL/wolfssl/pull/625

Thanks and please let me know if you have anymore questions.
David Garske, wolfSSL

Share

  • Registered: 2016-11-10
  • Posts: 18

Re: [SOLVED] SHA384 question

Thank a lot for the fast reply,
My project runs on STM32F2, so I have the WOLFSSL_STM32F2 define, that on its own defines STM32F2_RNG.
Thus I have int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz); func adjusted to my processor hardware.
Do I still need to define CUSTOM_RAND_GENERATE_BLOCK?
Best regards.

Share

  • Registered: 2016-11-10
  • Posts: 18

Re: [SOLVED] SHA384 question

Hello,
Some insight on the matter?
Why do I need it (I mean CUSTOM_RAND_GENERATE_BLOCK) as I already have random block generator function?
Best regards.

Share

  • Registered: 2015-10-07
  • Posts: 430

Re: [SOLVED] SHA384 question

Hi Andrey,

To clarify you would only need to do CUSTOM_RAND_GENERATE_BLOCK if you wanted to disable SHA256. Our P-RNG (pseudo random number generator) uses SHA256.

I recommend leaving SHA256 enabled and leaving your RNG settings as they are with STM32F2_RNG and wc_GenerateSeed seeding the P-RNG. You will find that most certificates use SHA256 for the digest and so you'll likely need it anyways even with a SHA384 TLS cipher suite.

Let me know if you need further clarification.

Thanks,
David Garske, wolfSSL

Share

  • Registered: 2016-11-10
  • Posts: 18

Re: [SOLVED] SHA384 question

Thank, dgarske, for the response,

My application communicates only with my server.
On some stage of the development we decided to use SHA384.
That means we won't use SHA256 for sure.
My task for now is to make minimum footprint possible.

As I understand CUSTOM_RAND_GENERATE_BLOCK and STM32F2_RNG can't be combined.
So, my option is: #define CUSTOM_RAND_GENERATE_BLOCK(in, out) wc_GenerateSeed(NULL, in, out)

Am I right? Will it work?

Best regards.

Share

  • Registered: 2015-10-07
  • Posts: 430

Re: [SOLVED] SHA384 question

Hi Andrey,

Assuming you can get a server certificate with SHA384 digest and signed by a CA with a SHA384 digest and have a real HW RNG source (which you do) then you can disable SHA256. The commit that has this support is here:
https://github.com/wolfSSL/wolfssl/comm … df9e89bab0

With the way the random.c code is structured the wc_GenerateSeed function for STM32F2_RNG will not be available with CUSTOM_RAND_GENERATE_BLOCK defined. So best solution is to copy/paste the wc_GenerateSeed function at line 1414 into your own .c file and then you can do something like what you suggested. The code would look like:

/* Put this in your own .c file */
#undef RNG
#include "stm32f2xx_rng.h"
#include "stm32f2xx_rcc.h"
/*
 * wc_Generate a RNG seed using the hardware random number generator
 * on the STM32F2. Documentation located in STM32F2xx Standard Peripheral
 * Library document (See note in README).
 */
int custom_rand_generate_block(byte* output, word32 sz)
{
    int i;

    /* enable RNG clock source */
    RCC_AHB2PeriphClockCmd(RCC_AHB2Periph_RNG, ENABLE);

    /* enable RNG peripheral */
    RNG_Cmd(ENABLE);

    for (i = 0; i < sz; i++) {
        /* wait until RNG number is ready */
        while(RNG_GetFlagStatus(RNG_FLAG_DRDY)== RESET) { }

        /* get value */
        output[i] = RNG_GetRandomNumber();
    }

    return 0;
}

/* Put this into user_settings.h */
/* Bypass P-RNG and use only HW RNG */
extern int custom_rand_generate_block(unsigned char* output, unsigned int sz);
#undef  CUSTOM_RAND_GENERATE_BLOCK
#define CUSTOM_RAND_GENERATE_BLOCK  custom_rand_generate_block

Thanks,
David Garske, wolfSSL

Share

  • Registered: 2016-11-10
  • Posts: 18

Re: [SOLVED] SHA384 question

Hello dgarske,
I'm very grateful for your help.
Thanks a lot.
Best regards.

Share