376 Reply by Kaleb J. Himes

(5 replies, posted in wolfCrypt)

Hi jpa,

Could you move the include of <wolfssl/options.h> above all the other wolfSSL headers please. Could you also include the header <wolfssl/wolfcrypt/random.h>, I think that will resolve your issue.

If the library doesn't have all the same settings as the app there will be undefined behavior. Please include the settings from options.h before all other wolfSSL header files in all applications.

#include <android/log.h>
#include <stdio.h>
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/error-crypt.h>

Warm Regards,

Kaleb

Go to forum: wolfCrypt

377 Reply by Kaleb J. Himes

(10 replies, posted in wolfSSL)

Thanks Elyance for letting us know the issue is resolved!

Warm Regards,

Kaleb

Go to forum: wolfSSL

378 Reply by Kaleb J. Himes

(10 replies, posted in wolfSSL)

Elyhance,

Just before the return of 5359 you can print out the value of ret to see what the return code from the library was. Could you make this modification to that code:

     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,     
                              inLen, out, (word32)modLen, key, keyLen);     

/* new code */ printf("ret = %d\n", ret);
     
     if (ret != 0)                                                                
         return -5358;

Also you noted that you ported the RSA test, did you also port the SHA256 test to ensure SHA256 is working properly? Also the random_test should be ported as well to ensure that good entropy is being used on that device.

Let me know the results of printing the ret before the failure point and the results of running the sha256 and random tests too.


Warm Regards,

Kaleb

Go to forum: wolfSSL

379 Reply by Kaleb J. Himes

(3 replies, posted in wolfSSL)

Hi Nikhil.Dosi,

We have some benchmark numbers on our website:

https://www.wolfssl.com/docs/benchmarks/
https://www.wolfssl.com/docs/benchmarks/#nxp_i.mx6

If you're looking for benchmark, performance and footprint numbers on a specific device with a specific compiler that is something we can gather for you but will need to be coordinated through one of our business managers as it involves acquiring specific hardware and toolchains. If you'd like more device specifics shoot an email to rod@wolfssl.com explaining you've engaged us on the forums and/or via our zendesk domain and were directed to get ahold of the business side for coordinating this effort to start the process.

Regards,

Kaleb

Go to forum: wolfSSL

380 Reply by Kaleb J. Himes

(10 replies, posted in wolfSSL)

Hi Elyhance,

If that is indeed the size of the RSA key it would be an issue as our library will by default only allow a minimum of 1024-bit RSA key for security reasons. To work with an RSA key of 799 bits please set this define:

WOLFSSL_MIN_RSA_BITS 792

I indicated 792 because the MIN length must be evenly divisible by 8 and less than 799.

Out of curiosity could you tell us what it is you are working on that uses such a small RSA key? Even 1024-bit keys are suspect anymore as powerful as computers have become. Can you tell us the source of the 800-bit RSA key and why such a small key is being tested with?

Warm Regards,

Kaleb

Go to forum: wolfSSL

381 Reply by Kaleb J. Himes

(3 replies, posted in wolfSSL)

Hi Nikhil.Dosi,

The only source files you should need for stand-alone ed25519 are:

wolfcrypt/src/curve25519.c
wolfcrypt/src/ed25519.c
wolfcrypt/src/hash.c
wolfcrypt/src/logging.c
wolfcrypt/src/misc.c
wolfcrypt/src/random.c
wolfcrypt/src/sha512.c
wolfcrypt/src/wc_port.c

--------

wolfcrypt/test/test.c // Use this test app to ensure ed25519 is running as expected.

Please also find attached a user_settings_ed25519.h (rename it to user_settings.h) that you can use to disable everything except ED25519, make sure to define WOLFSSL_USER_SETTINGS at the application level (IE in wolfcrypt/test/test.c and in your eventual application) and make sure that define is set BEFORE inclusion of <wolfssl/wolfcrypt/settings.h> header.

Warm Regards,

Kaleb

Go to forum: wolfSSL

382 Reply by Kaleb J. Himes

(10 replies, posted in wolfSSL)

Hi Elyhance,

How large is the RSA key from the peer? If the key is 4096-bit could you try adding the setting

#define FP_MAX_BITS 8192 /* Needs to be set to 2x the largest RSA key size */

Regards,

Kaleb

Go to forum: wolfSSL

383 Reply by Kaleb J. Himes

(8 replies, posted in wolfSSL)

Karl,

I am honestly not sure why wireshark is not recognizing the TLS 1.3 traffic correctly. Have you contacted wireshark about this discrepancy?

Warm Regards,

Kaleb

Go to forum: wolfSSL

384 Reply by Kaleb J. Himes

(5 replies, posted in wolfCrypt)

Hi jpa,

The -236 error code indicates a Random Number Generator is missing.

It looks like you freed the RNG before calling wc_RsaPrivateDecrypt_ex.


Warm Regards,

Kaleb

Go to forum: wolfCrypt

385 Reply by Kaleb J. Himes

(8 replies, posted in wolfSSL)

Hi khenderson,

I've opened a PR to address the note you sent:

As this is example code, (with little modification noted above AND it didn't work in it's unmodified version either), I'm assuming that either the code examples are wrong OR wolfssl-3.14.0 is.

Changes can be found here: https://github.com/wolfSSL/wolfssl-exam … l/93/files

You can test out these changes by doing the following:

git clone https://github.com/wolfssl/wolfssl-examples.git
cd wolfssl-examples
git checkout -b kaleb-himes-PSK-UPDATES master
git pull https://github.com/kaleb-himes/wolfssl-examples.git PSK-UPDATES

You can now switch the clients to use wolfTLSv1_3_client_method and they will be able to talk to the servers. Thank you so much for bringing this to our attention and for your interest in the PSK examples.

Could you tell us a little about what it is you're working on, end goals and use of PSK? We always love to hear feedback from users and it helps us to better prioritize our efforts when we understand the use-case and motivation behind a report of this nature!

Thanks and Best,

Kaleb

Go to forum: wolfSSL

386 Reply by Kaleb J. Himes

(13 replies, posted in wolfSSL)

Frank42,

Glad to hear I helped clear it up, let me know if you have any further questions or encounter any other issues.

Cheers,

Kaleb

Go to forum: wolfSSL

387 Reply by Kaleb J. Himes

(8 replies, posted in wolfSSL)

Hi khenderson,

I'll be going over the PSK examples today and checking things, a lot has changed with the addition of TLS 1.3 and PFS cipher suites, those example could use a re-visiting and potential update anyway. Thanks for your report, I'll send a link to the PR once my changes are in. Cheers.

Kaleb

Go to forum: wolfSSL

388 Reply by Kaleb J. Himes

(13 replies, posted in wolfSSL)

Hi Frank,

Resolved.

If you connect to that IP in a browser it essentially tells you what's wrong with connecting that way (though it might not be obvious)

Error 1003 Ray ID: 4124d098b0e95029 • 2018-04-27 22:44:37 UTC
Direct IP access not allowed

What happened?
You've requested an IP address that is part of the Cloudflare network. A valid Host header must be supplied to reach the desired website.

This means it wants to see the server name indication extension to connect you with the correct host.

Please try configuring wolfSSL like so:

kalebhimes$ ./configure --enable-tls13-draft23 --enable-sni && make

Then use the -S flag to send the server name indication extension when connecting to 104.28.30.12

kalebhimes$ ./examples/client/client -h 104.28.30.12 -p 443 -d -v 4 -l TLS13-AES128-GCM-SHA256 -S cloudflare.com
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_128_GCM_SHA256
SSL curve name is SECP256R1
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Fri, 27 Apr 2018 22:46:33 G

Warm Regards,

- K

Go to forum: wolfSSL

389 Reply by Kaleb J. Himes

(4 replies, posted in wolfSSL)

rmartin92 and Frank42,

A -313, Alert Fatal Error means the peer you are connecting to did not like something about the Client Hello message it received.

This is most commonly cause by an inability to match a common cipher suite or due to a missing extension that the peer wanted to see in the Client Hello message.

Can you tell me which cipher suites were configured and which peer you were trying to connect to? Is the peer publicly accessible so I can test it from my side?

You can dump the configured cipher suites in wolfSSL with:

     char ciphers[4096]; //or some value you think is large enough.                                                         
                                                                                  
     int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));                
                                                                                  
     if (ret == WOLFSSL_SUCCESS)                                                  
         printf("%s\n", ciphers);

Warm Regards,

- K

Go to forum: wolfSSL

390 Reply by Kaleb J. Himes

(13 replies, posted in wolfSSL)

Hi Frank42,

I can confirm that our site no longer supports TLS 1.3.

A few months back we were using cloud flare to host our site as they were supposed to speed up our page load times. Could flare had support for TLSv1.3. We have since stopped using cloud flare and our site is now back to being hosted by go daddy. Godaddy does not support TLS v1.3 so we can no longer test against it.

Since TLS v1.3 is not yet finalized there are a few different configure options in wolfSSL at the moment:

  --enable-tls13-draft18  TLS v1.3 Draft 18
  --enable-tls13-draft22  TLS v1.3 Draft 22
  --enable-tls13-draft23  TLS v1.3 Draft 23
  --enable-tls13              TLS v1.3 Draft 28

If doing inter-op testing you'll need to check which draft is supported by the site you're testing against and configure wolfSSL accordingly!

Warm Regards,

- K

Go to forum: wolfSSL

391 Reply by Kaleb J. Himes

(2 replies, posted in wolfCrypt)

Hi ztion,

Update on this item. The following is supported in wolfSSL:

     result = wc_AesGcmEncrypt(&enc, resultC, resultC, sizeof(resultC), iv1, sizeof(iv1),
                                         resultT, sizeof(resultT), a, sizeof(a)); 
                                                                        
                                                       
     result = wc_AesGcmDecrypt(&enc, resultC, resultC, sizeof(resultC),           
                       iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));

Please let us know if you have any issues performing encrypt/decryption in place with AesGcm.

Warm Regards,

Kaleb

Go to forum: wolfCrypt

392 Reply by Kaleb J. Himes

(3 replies, posted in wolfSSL)

Update:

Being handled via Zendesk at:

"support <at> wolfssl <dot> zendesk <dot> com"

Go to forum: wolfSSL

393 Reply by Kaleb J. Himes

(13 replies, posted in wolfSSL)

Hi Frank42,

Great question! At the moment if you configure with --enable-tls13 using the autoconf system the following flags are set by the configure.ac (input to auto reconf):

#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_FFDHE_2048
#define HAVE_HKDF
#define WC_RSA_PSS

We are working on the documentation but it won't be finalized/released until tls 1.3 is finalized. Currently we are supporting the latest draft (draft 28) and we are optimistic this is the final draft but until it's confirmed we will have to wait to finalize our documentation and default settings.

Warm Regards,

Kaleb

Go to forum: wolfSSL

394 Reply by Kaleb J. Himes

(6 replies, posted in wolfSSL)

Hi bendanon,

I sincerely apologize for the delay in getting back to you on this as I had some other tasks come up.

Could you try adding this setting to the C Pre-processor flags in the sgx_t_static.mk 

Wolfssl_C_Extra_Flags += -DFP_MAX_BITS=8192

The cert is using a 3072-bit RSA key which is too large for the default FP_MAX_BITS=4096 in SGX. The FP_MAX_BITS buffer must be at least twice the length of the largest RSA key so for 3072 you could get away with setting it to 6144 but just in case you end up with a 4096-bit RSA key in the future it's best to just set to 8192.

Cheers,

Kaleb

Go to forum: wolfSSL

395 Reply by Kaleb J. Himes

(1 replies, posted in wolfCrypt)

Hi telina,

Thanks for sharing with the community. We have those checks in there for development and Continuous Integration purposes, if that is not something you need you can remove the .git checks in autogen.sh script and re run it or simply run the below command to re-create the ./configure script without those .git checks.

autoreconf --install --force --verbose

Warm Regards,

Kaleb

Go to forum: wolfCrypt

396 Reply by Kaleb J. Himes

(13 replies, posted in wolfSSL)

Hi Frank,

The biggest thing that sticks out is the time. Over the course of the connection it looks like from packet 1 to packet 25 of the wireshark you sent a total of 19.85 seconds has expired. Nothing in the wireshark sticks out as an obvious issue in fact everything is progressing normally and then at 20.08 seconds we see 4 reset messages come from the server destined for the client, I honestly think you are just hitting a timeout for the server.

I tested this theory by placing a "sleep(4);" in the default IO Send callback and using our example client to test:

./examples/client/client -M smtp -h 64.233.168.108 -p 587 -d

Sure enough I was able to produce a wireshark very similar to yours just without the spurious re-transmissions. The peer hung up on me after only 12 seconds.

I tried again with sleep(3); and got similar results but the peer kept talking up to 15 seconds. It seems like there may be a threshold between messages that if exceeded too many times the peer aborts the connection.

Options to alleviate this would be to use a faster cipher suite. Have you run the <wolfssl-root>/wolfcrypt/benchmark/benchmark.c application on your device to see which algorithms perform the best on your device? Typically an ECDHE_ECDSA cipher suite will outperform any RSA cipher suites if that is an option for you.

Could you try running the benchmark app and running one of the faster cipher suites to see if you can up your success rate above 2%?

Warm Regards,

Kaleb

Go to forum: wolfSSL

397 Reply by Kaleb J. Himes

(1 replies, posted in wolfSSL)

muralid2,

To activate this cipher suite configure with:

./configure CFLAGS=-DWOLFSSL_STATIC_DH

wolfSSL disabled static cipher suites a long time ago. Our README now states:

# Notes - Please read

## Note 1
```
wolfSSL as of 3.6.6 no longer enables SSLv3 by default.  wolfSSL also no
longer supports static key cipher suites with PSK, RSA, or ECDH.  This means
if you plan to use TLS cipher suites you must enable DH (DH is on by default),
or enable ECC (ECC is on by default on 64bit systems), or you must enable static
key cipher suites with
    WOLFSSL_STATIC_DH
    WOLFSSL_STATIC_RSA
    or
    WOLFSSL_STATIC_PSK

Let us know if you have any further questions!


Warm Regards,

Kaleb

Go to forum: wolfSSL

398 Reply by Kaleb J. Himes

(2 replies, posted in wolfSSL)

Hi eharman,

So sorry you encountered some issues with Arduino, we tried to provide a script for re-arranging our library to make this easier for users and a README to alert them to the need to uncomment the ARDUINO define in <wolfssl-root>/IDE/ARDUINO.
Helpful links for other users that experience your same issues are:

https://github.com/wolfSSL/wolfssl/tree … DE/ARDUINO
https://github.com/wolfSSL/wolfssl/blob … arduino.sh
https://github.com/wolfSSL/wolfssl/blob … /README.md

Regards,

Kaleb

Go to forum: wolfSSL

399 Reply by Kaleb J. Himes

(6 replies, posted in wolfSSL)

Thanks Ben for confirming,

I apologize I didn't get time to test this last week, I'll try to get some time set aside for it this week!

Cheers,

Kaleb

Go to forum: wolfSSL

400 Reply by Kaleb J. Himes

(6 replies, posted in wolfSSL)

Hi bendanon,

How are you invoking these once inside the enclave?

1. Did you add a trusted call to invoke verifyCertChain and compile the above into the enclave?
2. Does the above reside outside the enclave and is making trusted calls to  wolfSSL_CertManagerNew, wolfSSL_CertManagerLoadCABuffer, wolfSSL_CertManagerVerifyBuffer inside the enclave?

I'd be happy to try and reproduce the issue on my end but I need to make sure I correctly understand what is running in the untrusted section and what is running in the trusted section before doing so.


Warm Regards,

- Kaleb

Go to forum: wolfSSL