Topic: Crash in fp_copy running the ECC benchmark

Hi,

I'm trying to evaluate the performance of the WolfSSL library on our MCF5484 Coldfire based platform with MQX 2.5. I was able to port the echo client and echo server into our application and successfully create a connection, although it did take 26 seconds for the connection to complete. When I saw how long it was taking to establish a connection, I decide to run the benchmark program on our platform. When the benchmark program goes into the bench_eccMakeKey() routine, it hangs. I debugged it all the way to a call to fp_copy() that eventually calls memcpy(). The source and destination pointers seem to be ok, and the number of bytes to copy also seems ok.

I suspected that perhaps I had exceeded my stack so I increased it to 132 kbytes, but that didn't make a difference. I've attached the settings.h and included user_settings.h file in the post.

Thanks,
Brad Thomson

#ifndef __USER_SETTINGS_H__
#define __USER_SETTINGS_H__
//****************************************************************************
// Copyright © GatesAir Corporation 2017 - All Rights Reserved
//****************************************************************************
// FILE:             user_settings.h
//
// DESCRIPTION:
// Customizing settings for the WolfSSL library..
//
// SOFTWARE HISTORY:
//  PTR#     Date   Initials  Description
// -----   --------  -----   -------------------------------------------------
//  N/A     28AUG17   BT     Initial design
//****************************************************************************

#define NO_FILESYSTEM
#define BIG_ENDIAN_ORDER
#define USER_TIME
#define SIZEOF_LONG_LONG 8
#define MQX_USE_IO_OLD
#define WC_NO_HARDEN /*? don't know about this one*/

#define NO_ASN_TIME
#define DEBUG_WOLFSSL
//#define USE_FAST_MATH
//#define TFM_TIMING_RESISTANT
#define NO_MAIN_DRIVER
#define WOLFSSL_SMALL_STACK
#endif

Share

Re: Crash in fp_copy running the ECC benchmark

Hi Brad,

I would agree with it being a stack size issue, but if you've increased it to 132KB that would be more than required. Depending on the configuration a typical stack use for a TLS session is about 15 KB.

Its possible there is a BIG ENDIAN issue, but we continuously test with little and big endian, so I don't think that's the problem.

There are a couple of defines you can try using that might help:

#define ECC_TIMING_RESISTANT
#define NO_64BIT

The NO_64BIT could help if your compiler is having issue with the long long type. The ECC timing resistance uses a different math computation that is slower, but uses less stack.

Also you can limit the ECC curve size for by using `#define ECC_USER_CURVES`. This will enable only 256-bit curves by default and you can use defines like `HAVE_ECC384` to enable other curve sizes.

Here is an ECC section of a `user_settings.h`, which might be helpful:
https://github.com/wolfSSL/wolfssl/blob … ings.h#L48

Let me know if this helps or if you have any other questions.

Thanks,
David Garske, wolfSSL

Share

Re: Crash in fp_copy running the ECC benchmark

David,

Thanks for your response. I tried adding the ECC_TIMING_RESISTANT and NO_64BIT parameters, but that didn't seem to make a difference. I then took sections out of the user_settings.h file that you posted. My resulting user_settings.h file is included. After enabling the RSA benchmark and letting it run, I saw that it was still crashing in fp_copy(), but not right away. In fact, it would make it into the wc_RsaPrivateDecrypt() routine before crashing in fp_copy() although fp_copy() had already run 4 or 5 times. The other strange thing is that if I run the echo server, it successfully calls wc_RsaPrivateDecrypt() without crashing.

One thing I don't understand is that even though I don't have NO_64BIT defined, I can see in the debugger that size of an "unsigned long long" is only 32 bits.

========================================================

#ifndef __USER_SETTINGS_H__
#define __USER_SETTINGS_H__
//****************************************************************************
// Copyright © GatesAir Corporation 2017 - All Rights Reserved
//****************************************************************************
// FILE:             user_settings.h
//
// DESCRIPTION:
// Customizing settings for the WolfSSL library..
//
// SOFTWARE HISTORY:
//  PTR#     Date   Initials  Description
// -----   --------  -----   -------------------------------------------------
//  N/A     28AUG17   BT     Initial design
//****************************************************************************

#define NO_FILESYSTEM
#define BIG_ENDIAN_ORDER
#define USER_TIME
#define SIZEOF_LONG_LONG    8
#define MQX_USE_IO_OLD
#define WC_NO_HARDEN /*? don't know about this one*/

#define NO_ASN_TIME
#define DEBUG_WOLFSSL
//#define USE_FAST_MATH
//#define TFM_TIMING_RESISTANT
#define NO_MAIN_DRIVER
//#define WOLFSSL_SMALL_STACK
//#define ECC_TIMING_RESISTANT
//#define NO_64BIT
//#define NO_RSA
//#define NO_DH
/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
#undef  WOLFSSL_GENERAL_ALIGNMENT
#define WOLFSSL_GENERAL_ALIGNMENT   4

#undef  SINGLE_THREADED
#define SINGLE_THREADED

#undef  WOLFSSL_SMALL_STACK
#define WOLFSSL_SMALL_STACK


/* ------------------------------------------------------------------------- */
/* Math Configuration */
/* ------------------------------------------------------------------------- */
#undef  USE_FAST_MATH
#define USE_FAST_MATH

#ifdef USE_FAST_MATH
    #undef  TFM_TIMING_RESISTANT
    #define TFM_TIMING_RESISTANT

    /* Optimizations (TFM_ARM, TFM_ASM or none) */
    //#define TFM_ARM
    //#define TFM_ASM
#endif

/* Math debugging (adds support for mp_dump) */
#undef  WOLFSSL_DEBUG_MATH

#if 1
    #undef  HAVE_ECC
    #define HAVE_ECC

    /* Manually define enabled curves */
    #undef  ECC_USER_CURVES
    #define ECC_USER_CURVES

    #define HAVE_ECC192
    #define HAVE_ECC224
    #undef NO_ECC256
    #define HAVE_ECC384
    #ifndef USE_NXP_LTC /* NXP LTC HW supports up to 512 */
        #define HAVE_ECC521
    #endif

    /* Fixed point cache (speeds repeated operations against same private key) */
    #undef  FP_ECC
    //#define FP_ECC
    #ifdef FP_ECC
        /* Bits / Entries */
        #undef  FP_ENTRIES
        #define FP_ENTRIES  2
        #undef  FP_LUT
        #define FP_LUT      4
    #endif

    /* Optional ECC calculation method */
    /* Note: doubles heap usage, but slightly faster */
    #undef  ECC_SHAMIR
    #ifndef USE_NXP_LTC /* Don't enable Shamir code for HW ECC */
        #define ECC_SHAMIR
    #endif

    /* Reduces heap usage, but slower */
    #undef  ECC_TIMING_RESISTANT
    #define ECC_TIMING_RESISTANT

    #ifdef USE_FAST_MATH
        /* use reduced size math buffers for ecc points */
        #undef  ALT_ECC_SIZE
        #define ALT_ECC_SIZE

        /* Enable TFM optimizations for ECC */
        #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
            #define TFM_ECC192
        #endif
        #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
            #define TFM_ECC224
        #endif
        #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
            #define TFM_ECC256
        #endif
        #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
            #define TFM_ECC384
        #endif
        #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
            #define TFM_ECC521
        #endif
    #endif
#endif

#endif

/* RSA */
#undef NO_RSA
#if 1
    #ifdef USE_FAST_MATH
        /* Maximum math bits (Max RSA key bits * 2) */
        #undef  FP_MAX_BITS
        #define FP_MAX_BITS     4096
    #endif

    /* half as much memory but twice as slow */
    #undef  RSA_LOW_MEM
    //#define RSA_LOW_MEM

    /* Enables blinding mode, to prevent timing attacks */
    #undef  WC_RSA_BLINDING
    #define WC_RSA_BLINDING

#else
    #define NO_RSA
#endif


/* AES */
#undef NO_AES
#if 1
    #undef  HAVE_AESGCM
    #define HAVE_AESGCM

    /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
    #undef  GCM_SMALL
    #define GCM_SMALL
#else
    #define NO_AES
#endif

/* ------------------------------------------------------------------------- */
/* Hashing */
/* ------------------------------------------------------------------------- */
/* Sha */
#undef NO_SHA
#if 1
    /* 1k smaller, but 25% slower */
    //#define USE_SLOW_SHA
#else
    #define NO_SHA
#endif

/* Sha256 */
#undef NO_SHA256
#if 1
#else
    #define NO_SHA256
#endif

/* Sha512 */
#undef WOLFSSL_SHA512
#if 1
    #define WOLFSSL_SHA512

    /* Sha384 */
    #undef  WOLFSSL_SHA384
    #if 1
        #define WOLFSSL_SHA384
    #endif

    /* over twice as small, but 50% slower */
    //#define USE_SLOW_SHA2
#endif

/* MD5 */
#undef  NO_MD5
#if 0
    #define NO_MD5
#endif

Share