426

(2 replies, posted in wolfCrypt)

Hey Jrandombob,

Its possible the compiler/libc you are using requires an aligned pointer, but that is not typical. A memcpy function is super simple and can sometimes be optimized for 32-bit CPU's to copy int by int, vs. byte by byte.

Which compiler and libc are you using? What are your hard fault registers values telling you? https://community.arm.com/thread/5414

If this memory you are writing to comes from an alloc have you verified its a valid, usable address? Is it just memcpy or is it affecting other libc functions?

David

427

(1 replies, posted in wolfCrypt)

Hey Comomind,

The smallest wolfCrypt only ECC and SHA256/SHA512 can get is about 15K flash and 1K ram. That's because of the math required for ECC.

Typically the library is configured two ways:
1. Using automake and ./configure
2. Defining WOLFSSL_USER_SETTINGS and adding your own user_settings.h file.

A good example for a reference user_settings.h is here:
https://github.com/wolfSSL/wolfssl/blob … settings.h

Things you'll need to change from that example are:
1. Add "WOLFCRYPT_ONLY" to disable the TLS/SSL code. (or use ./configure --enable-cryptonly).
2. Remove HAVE_ECC192, HAVE_ECC224, HAVE_ECC384 and HAVE_ECC521 (so you are left with only the 256-bit curves).
3. Remove TFM_ECC192, TFM_ECC224, TFM_ECC384 and TFM_ECC521
4. Turn off RSA change line 101 to #if 0 (./configure --disable-rsa)
5. Turn off AES change line 117 to #if 0 (./configure --disable-aes)
6. Turn off ChaCha/Poly (./configure --disable-chacha --disable-poly1305)
7. Turn off hashing for Sah1. (./configure --disable-sha)
8. Turn off MD5 (./configure --disable-md5)
9. To adjust size vs. performance play with ECC_SHAMIR, ECC_TIMING_RESISTANT and TFM_TIMING_RESISTANT.
10. If you are only doing an ECC verify you can define the following to disable portions of the ECC code: "NO_ECC_SIGN", "NO_ECC_DHE" and "NO_ECC_KEY_EXPORT".

David

Hello Avenuti,

Thanks for the detailed question.

It looks like you are not using the latest v3.9.8 wolfSSL release. There have been a few fixes/changes in that area of ECC vector testing. I've seen this error and believe you can workaround it without an update by defining ECC_SHAMIR. I do recommend you update if you can.

For your NXP LPC1837 micro I would recommend the following settings:
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define TFM_ARM (or TFM_ASM if that one fails)

#define HAVE_ECC
#define ECC_USER_CURVES
#define HAVE_ECC521
#define ECC_SHAMIR
#define ECC_TIMING_RESISTANT

#define ALT_ECC_SIZE
#define TFM_ECC521

For additional details on these and a good example of a user_settings.h configuration file see here:
https://github.com/wolfSSL/wolfssl/blob … settings.h

Thanks and let me know if that resolves your failure.

David Garske