Topic: Do signing functions already hash the message?

Hello! I'm using wolfSSL for embedded development with the ESP32, and I'm trying to benchmark different algorithms, specifically:

- ECC with both secp and brainpool curves (wc_ecc_sign_hash);
- Ed25519 (wc_ed25519_sign_msg);
- Ed448 (wc_ed448_sign_msg);
- RSA (wc_RsaSSL_Sign).

I've noticed that some of these functions are called "sign_msg" while others are "sign_hash." For example, in the case of Ed448, there is even a function called wc_ed448ph_sign_msg, where the documentation states that the message is pre-hashed before signature calculation. This is a bit confusing to me because there is also a wc_ed448ph_sign_hash.

Previously, I assumed that functions ending with "sign_hash" would require me to manually hash the message before passing it to the function, while functions ending with "sign_msg" would hash the message for me. However, with Ed448, I'm not sure if this assumption still holds.

Could someone clarify which functions for the algorithms I'm using require me to manually hash the message? I would prefer to do the hashing manually, as this allows me to benchmark only the signing process and not both the hashing and signing processes.

Thank you for your attention.

Share

Re: Do signing functions already hash the message?

Hi gabriel,

Welcome to the wolfSSL Forums. Could you tell us a bit about your project using wolfSSL and where you are from for our support records?

We have a benchmarking tool that will be of interest to you:
https://github.com/wolfSSL/wolfssl/tree … /benchmark

The ED448 sign operation does perform a hash also:
https://github.com/wolfSSL/wolfssl/blob … 448.c#L355

The "ph" is for pre-hashed, signifying that the message is pre-hashed before the signature calculation.

Thanks,
Eric - wolfSSL Support

Re: Do signing functions already hash the message?

Thank you very much for your quick response!


I'm from Brazil, and this project is the final project of my major, where I'm trying to run operations with digital certificates inside a embedded device like ESP32. I'm using mainly the mbedtls library and wolfssl.

While I'm at this, I'd also like to try and experiment with post-quantum cryptography, but I see that it needs the liboqs library, which isn't available on Arduino IDE. Is there a way that I can use wolfssl's post-quantum api on my esp32? If not, I think this would be possible only by trying to port the liboqs library, right?

Thank you again smile

Share

Re: Do signing functions already hash the message?

Hi gabriel,

I've done PQ on the ESP32, but only the key share part, and prior to the recent NIST approvals. See X/Tweet thread:

https://x.com/gojimmypi/status/1772675517482705379

I also wrote this blog:  https://www.wolfssl.com/post-quantum-ke … sif-esp32/ that might help.

In the tweet thread there's this example code:

            ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
            if (ret == SSL_SUCCESS) {
                ESP_LOGI(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 success");
            }
            else {
                ESP_LOGE(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 failed");
            }

and this optional config for user_settings.h

#if 1
    #define WOLFSSL_EXPERIMENTAL_SETTINGS
    #define WOLFSSL_HAVE_KYBER
    #define WOLFSSL_WC_KYBER
#endif

Here's a copy of the client code from the tweet thread:

$ ./examples/client/client  -h 192.168.1.38 -v 4 -l  TLS_AES_128_GCM_SHA256 --pqc KYBER_LEVEL5
Using Post-Quantum KEM: KYBER_LEVEL5
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_128_GCM_SHA256
I hear you fa shizzle!
gojimmypi:/mnt/c/workspace/wolfssl-master

I've been meaning to reach out to Anthony to see what might be different now that NIST has PQ out of "experimental mode". That will depend on the specific version of wolfSSL you are using.

I, too went down the road of liboqs. I don't recall where I saw that, but it is not needed for wolfSSL PQ.

p.s. there's a failly significant upgrade in a recent PR that adds wolfSSL support to the esp-tls layer:

https://github.com/wolfSSL/wolfssl/pull/7936

Good luck with your project! Let us know how it goes & if you encounter any problems.

Cheers

Share

Re: Do signing functions already hash the message?

Hello gojimmypi, thank you for your reply!

I'm using wolfssl 5.7.2, picked from the Arduino IDE library manager (IDE that I'm using).

And thank you so much for those snippets! Even though I'm not focusing on key-share, it really helped me see that I'm on the right track.

To better contextualize what I'm doing: I'm mainly trying to use dilithium and falcon algorithms to generate keys, sign and verify a message. I'm trying to do all of those steps sequentially. It doesn't make much sense to do that, but it's more like a proof-of-concept to show that I can perform all of those expensive operations on a esp32. After showing that it is possible, I'd sign messages in the esp32, and then send this message to be verified in another device, possibly another esp32 or a mobile application, for example.

Having said that, I'm quite surprised to see that liboqs isn't needed for this, as I have tried and failed to make pq work without liboqs, and as the wolfSSL manual states:

Note: These experimental algorithms are not enabled and completely inaccessible if wolfSSL is not configured with the --with-liboqs flag.

(Found here: https://www.wolfssl.com/documentation/m … dix07.html)

So I've added these configs in my user_settings.h:

#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define HAVE_LIBOQS
#define HAVE_DILITHIUM
#define WOLFSSL_WC_DILITHIUM
#define HAVE_FALCON

But if I define HAVE_LIBOQS, then I get a build error saying that it couldn't find "oqs.h", which I imagine would be the header files of liboqs. However, after reading your reply here, I tried commenting out that definition, and it seems it wasn't really needed? At least for dilithium, that is. For falcon, if HAVE_LIBOQS isn't defined, then a lot of specific falcon macros aren't found (as per falcon.h file) and the project doesn't compile, so I had to comment out the HAVE_FALCON definition too.

Dilithium didn't gave me any compilation problems however, and I was able to run a small test program that was using it. I couldn't get past the wc_dilithium_init() function, though. The function does work, but after that, when the program tries to execute the wc_dilithium_make_key() function (with valid arguments of course), I get a -192 error, whose description says "Bad ecc enc state operation". What exactly does that mean? Could you help me clarify some of those things?

This is my code; it's very simple, and the only one that is being run, so I don't see why would some state be invalid here:

WC_RNG* rng = (WC_RNG*)malloc(sizeof(WC_RNG));
int ret = wc_InitRng(rng);
check_return(ret, 0, "wc_InitRng"); // just a logging function

dilithium_key* key = (dilithium_key*)malloc(sizeof(dilithium_key));  
ret = wc_dilithium_init(key);
check_return(ret, 0, "wc_dilithium_init");

ret = wc_dilithium_make_key(key, rng);
check_return(ret, 0, "wc_dilithium_make_key");

I know this is a lot, but I'd really appreciate some help with this, as I can't find anything similar to my problem on the internet, and AI isn't being of much help, either. So thank you very much for your patience and your time!

Share