Topic: [SOLVED] Problem with long hashing time

Hello,

I somehow managed to run ssh demo server without RTOS with LWIP raw api on STM32F429 (172MHz).
Unfortunately this CPU hasn't got CRYPT/HASH modules.
I notice that the handshake procedure takes over 3s before the login prompt and my superloop is blocked then.
Is it possible to change something in configuration to lower that time? Use smaller keys or something.

This is a log from wolfSSH. First column in the log is a sysTick value. You can see how much time SendKexDhReply() takes.

125235 Decoding MSGID_KEXDH_INIT
125238 Entering SendKexDhReply()
127438 Signing hash with ecdsa-sha2-nistp256.
128545 BP: paddingSz = 9
128547 CreateMac none
128549 Encrypt none
128551 Entering SendNewKeys()
128554 BP: paddingSz = 10
128557 CreateMac none
128559 Encrypt none
128561 SNK: using cipher aes-cbc
128564 Entering wolfSSH_SendPacket()

Unfortunately I can't attach whole log file here. (The server was unable to save the uploaded file. Please contact the forum administrator at support@wolfssl.com.)

Greetings
Piotr

Share

Re: [SOLVED] Problem with long hashing time

For SSH, you are doing a key exchange operation and generating a signature. Optionally the server is also doing a verify. Public key is expensive. I don't believe it is the hashing causing you trouble.

My recommendation would be to use ecdsa-sha2-nisp256. You are already using it. Do you have a lot of code space available? You could try using the SP math in your wolfCrypt.

Re: [SOLVED] Problem with long hashing time

I changed WOLF_CONF_MATH to 4 and it works great! Login prompt appears immediately.
Thank you!

Share

Re: [SOLVED] Problem with long hashing time

Sounds good!