Topic: minimal wolfSSL TLS on Arduino

Hi,
I have two enquiries. I have executed the "./wolfssl-arduino.sh" script within the wolfssl/IDE/ARDUINO directory.

Now my first question is-  if I want TLS1.2 with only the following cipher suites:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Then only which files do I need to provide inside the "wolfSSL" directory?

Second question: If I want only following cipher suites:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Then only which files do I need to provide inside the "wolfSSL" directory?

Thank you.

Share

Re: minimal wolfSSL TLS on Arduino

Hi rrsuj,

Can you tell us a bit about what it is you are working on and end goals for the project?

wolfSSL can be used in the fashion described (only building subsets of the library) however for such a build would take some time to put together a finite list. We can do that via our consulting if you like!

Otherwise we would recommend to just pull in all source files and control which features are compiled via the pre-processor macros. Chapter 2 of the wolfSSL manual https://www.wolfssl.com/docs/wolfssl-manual/ch2/ discusses "Removing Features" in section 2.4.1!

Warm Regards,

K

Re: minimal wolfSSL TLS on Arduino

Hi Kaleb,
My goal is to find how low footprint can I achieve with wolfssl for-

option 1: moderate secure communication (first question)
option 2: good level of secure communication (second question)

Then I can select the low cost board (arduino or similar) for my IoT research poject based on ZigBee, BLE etc (where such level of security is not present by default in the system).


I am not a cryptographer, so I found it difficult to understand removing which feature would affect which cipher suite. So I asked the question, because I saw another question about AES where only four files were required for the secure operation.

Best regards

Share

Re: minimal wolfSSL TLS on Arduino

rrsuj,

My goal is to find how low footprint can I achieve with wolfssl for-

option 1: moderate secure communication (first question)
option 2: good level of secure communication (second question)

Understood, makes sense!

... I found it difficult to understand removing which feature would affect which cipher suite. So I asked the question, because I saw another question about AES where only four files were required for the secure operation.

The reason it's easy to build a single algorithm with a subset of files is because the algorithms are largely compartmentalized with few external dependencies. As soon as you start using the SSL/TLS layer though you quickly find that there are a large number of inter-dependent parts and it's no longer easy to just pull out files here and there, it can still be done but is a much more involved effort so we provide the pre-processor macros to alleviate this effort.
I have an idea, I will walk through the process I use for determining which settings I need for a custom configuration if only concerned about available ciphers! Let's cover one of the cipher suites you noted: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Step 1
If I want a build to target that cipher only I start by configuring wolfSSL to see what is enabled

./configure && make
./examples/client/client -e
DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD

Running the example client with the -e option lists all available cipher suites. OK we see a bunch we don't need like CHACHA, POLY, AES128-GCM and others so let's start to narrow it down. If we open wolfssl/src/internal.c we'll find the cipher suites. Let's try to eliminate all chacha poly suites to start. So run a "search" in wolfssl/internal.c for "ECDHE-ECDSA-CHACHA20-POLY1305" and you'll see it guarded by the pre-processor macro BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. That macro is set in wolfssl/wofssl/internal.h so let's see which defines control it:

 761 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)        
 762     #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)                            
 763         #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \                  
 764                                                           defined(HAVE_ED25519)) 
 765             #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256   <--- Target we want to eliminate       
 766         #endif                                                                   
 767         #ifndef NO_RSA                                                           
 768             #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256            
 769         #endif                                                                   
 770     #endif                                                                       
 771     #if !defined(NO_DH) && !defined(NO_RSA)                                      
 772         #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256                  
 773     #endif                                                                       
 774 #endif 

We don't want to disable SHA256 with NO_SHA256 because wolfSSL uses a HASH DRBG for a random bit generator that relies on SHA256 so disabling that while using RSA and ECC is not an option.
So our other options are remove chacha or  remove poly or remove both ecc and ed25519. We don't want to remove ed25519 and ecc because we need ecc. So let's remove chacha and poly.

./configure --disable-chacha --disable-poly1305 && make
./examples/client/client -e
DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384

OK so we still see gcm, then let's remove with --disable-aesgcm

./configure --disable-chacha --disable-poly1305 --disable-aesgcm && make
./examples/client/client -e
DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384

Looking a little better so now let's remove the DHE cipher suites:

./configure --disable-chacha --disable-poly1305 --disable-aesgcm --disable-dh && make
./examples/client/client -e
ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384

OK now we just have ECDSA and RSA cipher suites left! You didn't want SHA1 cipher suites in this one so let's get rid of those:

./configure --disable-chacha --disable-poly1305 --disable-aesgcm --disable-dh --disable-sha && make
./examples/client/client -e
ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384

That looks pretty close to what you were after, you have SHA384 still enabled and we can't turn off SHA256 because of the HASH DRBG dependency. Now that we have our target build achieved let's say we want to determine the required source files for our embedded system. Check the sizes of the .o object files in wolfssl/wolfcrypt/src/.libs and wolfssl/src/.libs directories.

ls wolfcrypt/src/.libs/
total 776
drwxr-xr-x   23 kalebhimes  staff   736B Dec 11 15:11 .
drwxr-xr-x  134 kalebhimes  staff   4.2K Dec 11 15:11 ..
-rw-r--r--    1 kalebhimes  staff    15K Dec 11 15:11 src_libwolfssl_la-aes.o
-rw-r--r--    1 kalebhimes  staff    66K Dec 11 15:11 src_libwolfssl_la-asn.o
-rw-r--r--    1 kalebhimes  staff   5.1K Dec 11 15:11 src_libwolfssl_la-coding.o
-rw-r--r--    1 kalebhimes  staff   1.6K Dec 11 15:11 src_libwolfssl_la-cpuid.o
-rw-r--r--    1 kalebhimes  staff    47K Dec 11 15:11 src_libwolfssl_la-ecc.o
-rw-r--r--    1 kalebhimes  staff   8.7K Dec 11 15:11 src_libwolfssl_la-error.o
-rw-r--r--    1 kalebhimes  staff   5.4K Dec 11 15:11 src_libwolfssl_la-hash.o
-rw-r--r--    1 kalebhimes  staff   7.3K Dec 11 15:11 src_libwolfssl_la-hmac.o
-rw-r--r--    1 kalebhimes  staff   668B Dec 11 15:11 src_libwolfssl_la-logging.o
-rw-r--r--    1 kalebhimes  staff   3.9K Dec 11 15:11 src_libwolfssl_la-md5.o
-rw-r--r--    1 kalebhimes  staff   1.2K Dec 11 15:11 src_libwolfssl_la-memory.o
-rw-r--r--    1 kalebhimes  staff    12K Dec 11 15:11 src_libwolfssl_la-random.o
-rw-r--r--    1 kalebhimes  staff    15K Dec 11 15:11 src_libwolfssl_la-rsa.o
-rw-r--r--    1 kalebhimes  staff   6.6K Dec 11 15:11 src_libwolfssl_la-sha256.o
-rw-r--r--    1 kalebhimes  staff    12K Dec 11 15:11 src_libwolfssl_la-sha3.o
-rw-r--r--    1 kalebhimes  staff    12K Dec 11 15:11 src_libwolfssl_la-sha512.o
-rw-r--r--    1 kalebhimes  staff   3.5K Dec 11 15:11 src_libwolfssl_la-signature.o
-rw-r--r--    1 kalebhimes  staff    58K Dec 11 15:11 src_libwolfssl_la-tfm.o
-rw-r--r--    1 kalebhimes  staff   1.5K Dec 11 15:11 src_libwolfssl_la-wc_encrypt.o
-rw-r--r--    1 kalebhimes  staff   4.1K Dec 11 15:11 src_libwolfssl_la-wc_port.o
-rw-r--r--    1 kalebhimes  staff   1.9K Dec 11 15:11 src_libwolfssl_la-wolfmath.o

That's your crypto file subset (do the same for wolfssl/src/.libs to get the ssl/tls subset). Then use all the options that were configured and set in wolfssl/options.h by running ./configure (options.h is autogenerated on desktop systems that support autoconf) and use those on your embedded build to eliminate the unwanted features (note you'll need to remove system level settings from options.h such as HAVE___UINT128_T and WOLFSSL_X86_64_BUILD and _POSIX_THREADS (unless you have pthreads on your embedded device which is uncommon).

To further optimize the build look at the largest .o object files above and see what options are available for tuning!

Cheers,

K

Re: minimal wolfSSL TLS on Arduino

Hi Kaleb,
Thank you very much for your great walk-through. Certainly it will help me to achieve my goals.

Best regards

Share