Hi Cxdinter,

The underlying math used for our Ed/Curve implementation is not the same and is highly optimized for that curve. That is the reason Ed/Curve 25519 is not in the ecc_sets table. However I think it would be good to have it in there optionally for those who want to keep the code size down. I'm adding it to our feature list. Thanks for the idea and your reports. Let me know if there is anything else.

Thanks,
David Garske, wolfSSL

Hi Cxdinter,

Good find. It looks like the wc_EccPrivateKeyDecode doesn't support importing a custom key and passing the OID to the "wc_ecc_import_private_key" function. I did the implementation for the custom curve ECC support, but missed this import path. I've pushed changes to support this to pull-request 631.
https://github.com/wolfSSL/wolfssl/pull/631

I tested it using the following:

ecc_key key;
byte der[4096];
byte buf[4096];
word32 idx = 0;
FILE* derFile;
size_t sz;

RNG rng;

wc_InitRng(&rng);
wc_ecc_init(&key);

if (wc_ecc_make_key_ex(&rng, 32, &key, ECC_BRAINPOOLP256R1) != 0) {
    printf("error making ecc key\n");
    return -1;
}

/* write private key */
if (wc_EccKeyToDer(&key, der, sizeof(der)) < 0) {
    printf("error in ecc to der\n");
    return -1;
}
printf("writing private key to ecc-key.der\n");
derFile = fopen("ecc-key.der", "w");
if (!derFile) {
    printf("error loading file\n");
    return -1;
}

sz = fwrite(der, 1, 4096, derFile);
fclose(derFile);
wc_ecc_free(&key);


/* open and read from der file */
printf("reading in private key\n");
derFile = fopen("ecc-key.der", "rb");
if (!derFile) {
    printf("error reading from file\n");
    return -1;
}

sz = fread(buf, 1, 4096, derFile);
fclose(derFile);

/* load private ecc key */
printf("storing private key in ecc struct\n");
wc_ecc_init(&key);
if (wc_EccPrivateKeyDecode(buf, &idx, &key, (word32)sz) != 0) {
    printf("error decoding private key\n");
    return -1;
}
wc_ecc_free(&key);

wc_FreeRng(&rng);

Please give it a try and let me know how it goes.

Thanks,
David Garske, wolfSSL

Hi Cxdinter,

I performed tests for both wc_SignatureGenerate and wc_SignatureVerify against openssl and all passed using WC_SIGNATURE_TYPE_RSA_W_ENC with WC_HASH_TYPE_SHA256.

When using the WC_SIGNATURE_TYPE_RSA_W_ENC  with wc_SignatureVerify it takes in original data being validated, hashes it, adds the DER encoding (which includes the hash OID) and compares the provided signature. This behavior is correct.


These tests were done using the code here:
https://github.com/wolfSSL/wolfssl-examples/pull/27

This was run from inside the wolfssl-examples/signature directory.

Generate a signature and compare hex output (wolfSSL vs. openssl):
./signature README.md 3 5
openssl dgst -sha256 -sign ../certs/client-key.der -keyform der -hex README.md
Result of both RSA Sign with SHA256 hex output = Matches

Sign and verify using openssl. Save sign as sign.txt.
openssl dgst -sha256 -sign ../certs/client-key.der -keyform der -out sign.txt README.md
openssl dgst -sha256 -verify ../certs/client-keyPub.der -keyform der -signature sign.txt README.md
Verified OK

Use sign.txt to verify signature using wolfSSL.
./signature README.md 3 5 sign.txt
RSA Signature Verification: Pass (0)

If you are still having the issue can you provide some examples for your openssl commands and your specific wc_SignatureVerify arguments?

Thanks,
David Garske, wolfSSL

Hi Cxdinter,

If you define HAVE_ECC_BRAINPOOL then it will enable the Brainpool curves, however you must create the ECC key using wc_ecc_make_key_ex to tell the ECC layer you want to use that curve type:

ecc_key key;
ret = wc_ecc_init(&key);
ret = wc_ecc_make_key_ex(rng, 32, &key, ECC_BRAINPOOLP256R1);

Then you can call wc_SignatureGenerate.

The best way to add defines if not using ./configure is to globally define WOLFSSL_USER_SETTINGS (like in your CFLAGS) and add a new user_settings.h file somewhere in your include path.

There is a good user_settings.h example here:
https://github.com/wolfSSL/wolfssl/blob … settings.h

Also, if you haven't seen it there is a great signature/verify example here:
https://github.com/wolfSSL/wolfssl-exam … /signature
Although its missing the custom ECC curve example above, so I'm going to add that soon.

Thanks,
David Garske, wolfSSL

Hi Cxdinter,

Openssl adds a DER encoding on their RSA signature by default. Try using sig_type= "WC_SIGNATURE_TYPE_RSA_W_ENC".

Let me know if that helps.

Thanks,
David Garske, wolfSSL

Hi cxdinter,

Thank you so much for the report.

It looks like that scenario could happen if your call to wc_RNG_GenerateBlock did not return 0 (in wc_ecc_make_key_ex at line 2507). In that case variable "a" would be un-initialized from the stack and the call to "mp_clear" could cause a seg fault due to invalid pointer.

Will you confirm your wc_RNG_GenerateBlock return code? It should be zero indicating success.

I've pushed a fix for that here:
https://github.com/wolfSSL/wolfssl/pull/626

Let me know if that helps.

Thanks,
David Garske, wolfSSL

407

(7 replies, posted in wolfSSL)

Hi Andrey,

To enable SHA384 you must also defined "WOLFSSL_SHA512". The code for SHA384 is dependent on SHA512.

To disable SHA256 you will also have to disable the P-RNG is wolfSSL, since it requires SHA256. You are welcome to do this if you have a good hardware RNG source.

Here is an example for disabling the P-RNG:
https://github.com/wolfSSL/wolfssl/blob … ngs.h#L265
https://github.com/wolfSSL/wolfssl/blob … rget.c#L40

Additionally you will need to of course define NO_SHA256:
#define NO_SHA256

In my testing for this I located an issue in our code which assumes SHA256 is present in SendCertificateVerify. A fix for that is located here:
https://github.com/wolfSSL/wolfssl/pull/625

Thanks and please let me know if you have anymore questions.
David Garske, wolfSSL

Hi Jesussotofan,

All calls to wc_GenerateSeed are in wolfcrypt/src/random.c. There are multiple places where this function exists depending on the hardware platform. Those start at line 1133.

If you are defining CUSTOM_RAND_GENERATE_SEED then it will use the function used in that define. I'd also make sure you don't have NO_DEV_RANDOM defined.

The function wc_InitRng calls wc_GenerateSeed. Make sure the wolfcrypt/src/random.c is being included with the build. Make sure you have a wc_GenerateSeed function in your random.c or use the CUSTOM_RAND_GENERATE_SEED define to remap it to your own function.

Have you seen our Arduino example for wolfSSL?
https://github.com/wolfSSL/wolfssl/tree … DE/ARDUINO

Thanks,
David Garske, wolfSSL

Hi Jesussotofan,

I did a search for Arduino RNG and came up with this good result:
https://www.arduino.cc/en/Reference/Random

To implement option #2 you need to add the following to your settings.h or user_settins.h (if WOLFSSL_USER_SETTINGS is defined).

int rand_gen_seed(byte* output, word32 sz);
#define CUSTOM_RAND_GENERATE_SEED  rand_gen_seed

Then the function can be put into any .c file in your project (wherever it makes sense to you).

The function would look like:

int rand_gen_seed(byte* output, word32 sz)
{
    int i;
    for (i = 0; i < sz; i++ ) {
        output[i] = analogRead(0);
    }

    return 0;
}

Its important to have a good random seed, so if your micro controller has an RNG peripheral you should find example code for it and use it. The above example uses analog source 0 noise to seed the P-RNG, which is from the reference to website provided above.

Our random.c file has many references to RNG hardware implementations, so check and see if your micro-controller is already listed in there. If so you can define the value needed to enable it.

Let me know if you have any other questions.

Thanks,
David Garske, wolfSSL

Hi Jesussotofan,

Your platform must not have a random number seed function defined in random.c (starting at line 1133).

Either you can:
1. Locate a reference implementation in random.c and make sure you have the right define set for your hardware platform / OS.

2. Define CUSTOM_RAND_GENERATE_SEED and use your own implementation:

int rand_gen_seed(byte* output, word32 sz);
#define CUSTOM_RAND_GENERATE_SEED  rand_gen_seed

In your example above, I also recommend:
including:
#include <wolfssl/wolfcrypt/random.h>

Using WC_RNG for the rng global:
WC_RNG rng;

Let me know if you have anymore questions,

Thanks,
David Garske, wolfSSL

411

(2 replies, posted in wolfSSL)

Hi Eshober,

We do have a Microchip MLA example with SMTP support. Please send an email to support@wolfssl.com and we can send you a link for it.

Thanks,
David Garske, wolfSSL

412

(1 replies, posted in wolfCrypt)

Hi Hagai,

That's great you are using wolfMQTT and wolfSSL with Amazon AWS! It would be excellent to get more info on your project by emailing us at info@wolfssl.com when you get a chance.

I've seen an issue like this before and it was due to timezone differences between local time and the time in the cert. The ValidateDate function tries to offset the local time by looking for +/- at the end of the cert begin/end dates.

If you are using the FREESCALE_MQX or FREESCALE_KSDK_MQX defines the asn.c XTIME gets mapped to mqx_time which ends up calling "_time_get". The mqx_time function should be getting the number of seconds since UTC.

You might consider implementing your own XTIME function and by defining "USER_TIME" and adding a new function in your code called XTIME: time_t XTIME(time_t * timer);. Then you can offset the XTIME your timezone diff.

Thanks, David Garske, wolfSSL

Hey Avenuti,

A fix for this issue has been pushed to GitHub PR#535:
https://github.com/wolfSSL/wolfssl/pull/535

Thanks, David Garske, wolfSSL

Hey Avenuti,

I am able to reproduce the error with normal math and ECC-521 on that board. I was then also able to reproduce on my Mac with 32-bit mode (-m32) and NO_64BIT defined. Happens with or without ECC_TIMING_RESISTANT.

This failure only happens on 32-bit systems with normal math. Until then please use fast math with ECC-521.

For reference the error is:
"ecc_test_curve_size 66 failed!: -1023
ECC      test failed!
error = -1023"

The error is happening inside the "ecc_check_pubkey_order" function, which returns -215 (ECC_INF_E).

We are investigating the cause and will let you know when we have a resolution. Thanks again for the report!

Thanks, David Garske, wolfSSL

Hey Avenuti,

Sorry about the confusion. I thought you meant it wasn't working with USE_FAST_MATH.

The most common reason for a failure with normal math is that it uses heap allocations for the big integers. If you want to get normal math working I'd recommend increasing your heap size and trying again.

With USE_FAST_MATH disabled none of the options listed above are used except "ECC_TIMING_RESISTANT". That's because TFM_ and FP_MAX_BITS_ECC are only used with fast math.

The fast math uses stack for its allocations while normal math uses heap. The fast math tends to be faster because there is no heap allocation/free overhead.

The "ALT_ECC_SIZE" will save memory if using RSA and ECC because it will use heap allocations of a reduced size for ECC points, but only works when used with USE_FAST_MATH.

I'll run some tests this week and see if I can locate any issues using normal math and ECC-521. I have an LPC1837 board here to test with and see if I can reproduce.

Thanks, David Garske, wolfSSL

Hey Avenuti,

I'll take a look at the TFM_ECC521 define. I personally testing that combination on a Cortex M4 without any issue, but its possible there is an problem with the FP_MAX_BITS_ECC calc on a 32-bit micro with TFM_ECC521. I'll let you know the results of my testing early tomorrow.

In the mean-time did you try it without "FP_MAX_BITS_ECC" defined? You could also try setting "FP_MAX_BITS_ECC" to a larger value like 1200 and see if that helps.

Thanks, David Garske, wolfSSL

Hi Will,

You can see an example of how I added DER's for ECC certs/keys here:
https://github.com/dgarske/wolfssl/comm … ec3da4f289

If you are looking for a good tool to view/convert binary I like "Hex Fiend", but its for the Mac only.
Here is a good list of hex tools: https://en.wikipedia.org/wiki/Comparison_of_hex_editors

David

Hi Will,

Please check out this webpage for a basic tutorial:
http://learn.perl.org/first_steps/

The script can be run directly and it will update certs_test.h.
./gencertbuf.pl

Thanks,
David Garske, wolfSSL

Hi will,

I recently had a forum topic on this exact issue.
https://www.wolfssl.com/forums/topic836 … ha256.html

If you still have questions let me know and I'll provide additional details.

Thanks, David Garske, wolfSSL

Hey Hstr,

That's great you figured it out. Thanks for the report and providing the details back for other users as well.

I'm going to make some corrections to the example, since the server and client should not both be using the server-ecc.pem. It works, but its not good practice for both to be using the same private key. I will also include DER versions of these. The server-ecc.pem is a CA and should be used on the client. The server needs to get a new cert signed by that CA. I'll let you know when this has been updated.

For reference the pem to der conversion using openssl is:
openssl x509  -inform pem -in ./certs/server-ecc.pem -outform der -out ./certs/server-ecc.der

In the wolfssl directory we have a script called ./gencertbuf.pl which does the byte array conversion and builds the wolfssl/certs_test.h file.

Thanks, David Garske, wolfSSL

Hi Hyunbum83,

It looks like we support encrypting an ECC private key using the API "wolfSSL_PEM_write_mem_ECPrivateKey". However this is an openssl compatibility API layer, so you'll have to setup a "WOLFSSL_EC_KEY" object using "wolfSSL_EC_KEY_new()" and load it using "wolfSSL_EC_KEY_LoadDer".

I'm going to add a feature request to expose this without opensslextra. Curious what you are working on that requires this? It will help us prioritize this feature if we have some background on what you are working on.

Note: Using "wolfSSL_PEM_write_mem_ECPrivateKey" requires having --enable-keygen --enable-opensslextra (or WOLFSSL_KEY_GEN and OPENSSL_EXTRA defined).

Thanks,
David Garske, wolfSSL

Hi Hstr,

I've added the ECC keys/certs to the certs_test.h on a branch. Still some work to do so the test code uses them in a NO_FILESYSTEM scenario. However if you want to use those as static const byte arrays they are there for you.

https://github.com/dgarske/wolfssl/comm … ec3da4f289

David

Hi Hyunbum83,

Have a look at this article we posted a while back:
https://www.wolfssl.com/wolfSSL/Blog/En … ation.html

We support this using "wc_PKCS12_PBKDF". Enabled using ./configure --enable-pwdbased or making sure NO_PWDBASED is not defined.

Let me know if this doesn't answer your question.

Thanks, David Garske, wolfSSL

Hi Hstr,

You'll also need to define HAVE_TLS_EXTENSIONS and HAVE_SUPPORTED_CURVES. Also you won't need to define "BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" as that is done automatically in internal.h when ECC, AES-GCM and SHA256 are enabled.

I see what you mean about the ecc-key and ecc-cert not being in the certs_test.h file. I'll see about getting that updated. Thanks for bringing that to our attention.

Thanks,
David Garske

Hey Avenuti,

Updating to lastest wolfSSL will resolve this. There were numerous fixes with ECC math back on May 4th that resolve the ecc_is_point check for ECC 521. If you have ALT_ECC_SIZE defined you'll want to make sure FP_MAX_BITS_ECC is set high enough (like 1088). If you update to the latest you can not define FP_MAX_BITS_ECC and let the tfm.h header handle it.

David