1 Topic by ravi.kumar

(1 replies, posted in wolfCrypt)

Hi,

I'm using wolfSSL-3.12.0 with the settings like,
./configure --enable-ecc -enable-tls13 && make.

I'm using linux-4.2.3-300.fc23.i686 machine

And I'm giving the below commands to run server and client,
Server_1: ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256
Client_1: ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256


In this case, wolfssl server closing the client connection. Find the following debug messages,

Could not verify suite validity, continue
Unsupported cipher suite, ClientHello
wolfSSL Leaving DoTls13HandShakeMsgType(), return -501
wolfSSL Leaving DoTls13HandShakeMsg(), return -501
wolfSSL error occurred, error = -501
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -501
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -501
wolfSSL Entering ERR_error_string
SSL_accept error -501, can't match cipher suite
wolfSSL error: SSL_accept failed

Request you to please check  the attached log for your complete reference of error.

Regards,
Ravi.

Go to forum: wolfCrypt

2 Reply by ravi.kumar

(8 replies, posted in wolfCrypt)

Any update?

Go to forum: wolfCrypt

3 Reply by ravi.kumar

(8 replies, posted in wolfCrypt)

Hi,
Thank you for your response.

I'm using wolfSSL-3.12.0 with the settings like,
./configure --enable-ecc -enable-tls13 && make.

And I'm giving the below commands to run server and client,
Server_1: ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256
Client_1: ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256

Server_2: ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384
Client_2: ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384


In both the cases, wolfssl server closing the client connection. Find the following debug messages,

Could not verify suite validity, continue
Unsupported cipher suite, ClientHello
wolfSSL Leaving DoTls13HandShakeMsgType(), return -501
wolfSSL Leaving DoTls13HandShakeMsg(), return -501
wolfSSL error occurred, error = -501
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -501
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -501
wolfSSL Entering ERR_error_string
SSL_accept error -501, can't match cipher suite
wolfSSL error: SSL_accept failed

Request you to please check  the attached log for your complete reference of error.

Regards,
Ravi.

Go to forum: wolfCrypt

4 Reply by ravi.kumar

(8 replies, posted in wolfCrypt)

Hi Kaleb,

I configured wolfSSL with the settings like, ./configure --enable-ecc -enable-tls13 && make.

And I'm using the below commands,
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384

./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256

In both the cases, I'm getting SSL_accept error -501, can't match cipher suite
wolfSSL error: SSL_accept failed. Request you to please check  the attached log for your reference of error.

Regards,
Ravi.

Go to forum: wolfCrypt

5 Reply by ravi.kumar

(8 replies, posted in wolfCrypt)

Hi Kaleb,
Thank you for your quick response.
I configured wolfSSL with the settings like, ./configure --enable-ecc -enable-tls13 && make.

And I'm using the below commands,
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384

./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256

In both the cases, I'm getting SSL_accept error -501, can't match cipher suite
wolfSSL error: SSL_accept failed. Request you to please check  the attached log for your reference of error.

Regards,
Ravi.

Go to forum: wolfCrypt

6 Topic by ravi.kumar

(8 replies, posted in wolfCrypt)

Hi,
I am trying the below sequence of commands,
$ ./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 or TLS13-AES256-GCM-SHA384
$ ./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 or TLS13-AES256-GCM-SHA384

I am getting "Unsupported cipher suite, ClientHello" at server side and connection is getting terminated at the client side. Please help me to resolve this issue.

Thanks,
Ravi

Go to forum: wolfCrypt

7 Reply by ravi.kumar

(6 replies, posted in wolfCrypt)

David Garske,

Thank you for your quick response. Now it is compiling with your suggestion.

Regards,
Ravi.

Go to forum: wolfCrypt

8 Topic by ravi.kumar

(6 replies, posted in wolfCrypt)

Observed below compilation errors with the following commands,
./configure --enable-tls13
make

src/.libs/libwolfssl.so: undefined reference to `wc_ecc_free'
collect2: error: ld returned 1 exit status
make[1]: *** [examples/client/client] Error 1
make[1]: *** Waiting for unfinished jobs....
src/.libs/libwolfssl.so: undefined reference to `wc_ecc_free'
collect2: error: ld returned 1 exit status
make[1]: *** [wolfcrypt/benchmark/benchmark] Error 1
src/.libs/libwolfssl.so: undefined reference to `wc_ecc_free'
collect2: error: ld returned 1 exit status
make[1]: *** [examples/echoserver/echoserver] Error 1
src/.libs/libwolfssl.so: undefined reference to `wc_ecc_free'
collect2: error: ld returned 1 exit status
make[1]: *** [examples/echoclient/echoclient] Error 1
src/.libs/libwolfssl.so: undefined reference to `wc_ecc_free'
collect2: error: ld returned 1 exit status
make[1]: *** [wolfcrypt/test/testwolfcrypt] Error 1
make: *** [all] Error 2

Go to forum: wolfCrypt

9 Reply by ravi.kumar

(5 replies, posted in wolfCrypt)

Hi Chris,

I will let you know the option. Can you please suggest tools to use for conversion from .p7b to .pem or .cert? Can openssl do the conversion?

Thanks,
Ravi.

Go to forum: wolfCrypt

10 Reply by ravi.kumar

(5 replies, posted in wolfCrypt)

Hi Crisc,

Thank you for your response. It is mandatory to use .p7b as it is also a standard enterprise security format. Can you please suggest us how to integrate support for the same in wolf-3.9.10?

Thanks,
Ravi.

Go to forum: wolfCrypt

11 Topic by ravi.kumar

(5 replies, posted in wolfCrypt)

Hi all,

Has wolfssl latest version support PB7 certificate format?

Go to forum: wolfCrypt

12 Reply by ravi.kumar

(4 replies, posted in wolfCrypt)

Hi Kaleb J. Himes,

Thank you for your support. I understand, I tried with correct certificate and it works.

Regards,
Ravi.

Go to forum: wolfCrypt

13 Reply by ravi.kumar

(5 replies, posted in wolfSSL)

Hi Kaleb,

Thank you for your  support. Now its working. It was our mistake.

Thanks,
Ravi.

Go to forum: wolfSSL

14 Topic by ravi.kumar

(4 replies, posted in wolfCrypt)

Hi,

I am trying SSL connectivity with wolfssl-3.9.10 code for the following cipher:
ECDHE-RSA-AES256-SHA.

But connection is failing with following error on server side:
error = -501, can't match cipher suite
wolfSSL error: SSL_accept failed

We have tried following set of commands.

./configure --enable-ecc
make

./examples/server/server -d -l ECDHE-RSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
./examples/client/client -A ./certs/server-ecc.pem

Also tried with following set of  commands:
./examples/server/server -d -l ECDHE-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem
./examples/client/client -A ./certs/server-ecc-rsa.pem

Both are failing with error(-501).

Please correct the command usage/ certificate usage if I am doing anything wrong here.

FYI:
SSL connectivity is happening for cipher ECDHE-ECDSA-AES256-SHA with following commands:

./configure --enable-ecc
make

./examples/server/server -d -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
./examples/client/client -A ./certs/server-ecc.pem

Go to forum: wolfCrypt

15 Reply by ravi.kumar

(5 replies, posted in wolfSSL)

Hi Kaleb,

Thanks for the reply.

Now I have moved to new cyassl code(3.9.10).
But still issue is coming.
I have debugged the issue and concluded that multiplication operation is failing because of improper creation of ecc point from array values.

Please check the below code which I am using to create ecc_point from array values.

unsigned char gx[32] = {0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96};
unsigned char gy[32] = {0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5};
unsigned char gz[32] = { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

    ecc_point *G1 = NULL;
    G1 = wc_ecc_new_point();

    if(G1 == NULL)
    {
      printf("Allocation failed\n");
      return;
    }

    memset(G1, 0, sizeof(ecc_point));

    mp_read_unsigned_bin(G1->x, gx, sizeof(gx));
    mp_read_unsigned_bin(G1->y, gy, sizeof(gy));
    mp_read_unsigned_bin(G1->z, gz, sizeof(gz));

I am sure issue is in this code only. Please correct the above code.

Thanks and regards,
Ravi Kumar

Go to forum: wolfSSL

16 Topic by ravi.kumar

(5 replies, posted in wolfSSL)

Hi,

I am verifying ECC functionality with wolfssl library v3.3.0.
I am Facing issue while testing point multiplication operation.

I am taking input vectors from Bluetooth SIG certification standard to verify curve P-256 point multiplication .
I have attached screenshot for the input vectors.
I have taken vectors from P-256 Data set 1(Please check the attachment).
P-256 ECC multiplication :
DH Key = Private A * (Public B(x), Public B(y), Bz)
Where Bz = 00000000000000000000000000000001
Please note that values from left to right is LSB to MSB.

Modulus values used as below:
const uint8 p256_modulus[32] = {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};

I am using following wolfssl function for computing point multiplication.
static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, int map)

Wolfssl library is expecting inputs in mp_int format. So I have converted standard inputs into mp_int format and then given to ecc_mulmod() function.
But result is not coming as expected.(Results should match as per the standard)
input conversion:
Private A value is converted to mp_int format and provided as 'k' to ecc_mulmod()
Public Bx, Public By, Bz values are converted into mp_int formats and converted as ecc_point then provided as 'G' to ecc_mulmod()
p256_modulus is converted as mp_int format and given as 'modulus' to ecc_mulmod()
'map' value is given as '0'

Function is not returning any error but final result is not matching with the expected result
(Please check DH key value in the attachment for the expected result)

Could you please check why result is not matching with these vectors ?
Thanks in advance.

Go to forum: wolfSSL

17 Reply by ravi.kumar

(3 replies, posted in wolfSSL)

Hi Kaleb,

Thank you for your response. Finally I resolved the issue. Actually issue was with certificate. Whatever certificate we got from our customer is having private key in PKCS#8 format which has different ASN parsing code. If you see the input dump to RsaPrivateKeyDecode() function it is matching with the PKCS#8 ASN.1 parsing and it requires header and footer as "----BEGIN PRIVATE KEY---" and "---END PRIVATE KEY---" respectively. But customer is loading the private key as PKCS#1 format which has header and footer "---BEGIN RSA PRIVATE KEY---" and "---END RSA PRIVATE KEY----" respectively because of that Cyassl was throwing ASN parse error. If we  just change the header and footer of private key to the PKCS#8 format. it started working.

FYI:
1. PKCS#8 has following ASN.1 parsing (see the RFC 5208).
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm AlgorithmIdentifier PrivateKeyAlgorithms,
privateKey PrivateKey,
attributes [0] Attributes OPTIONAL }

Version ::= INTEGER
{v1(0)}

(v1,...)
PrivateKey ::= OCTET STRING

2. PKCS#1 has following ASN.1 parsing
RSAPrivateKey ::= SEQUENCE
{
  version Version,
  modulus INTEGER, -- n
  publicExponent INTEGER, -- e
  privateExponent INTEGER, -- d
  prime1 INTEGER, -- p
  prime2 INTEGER, -- q
  exponent1 INTEGER, -- d mod (p-1)
  exponent2 INTEGER, -- d mod (q-1)
  coefficient INTEGER, -- (inverse of q) mod p
  otherPrimeInfos OtherPrimeInfos OPTIONAL
}

Private key input was going as PKCS#8 format.
e.g.
0x30, 0x82, 0x4, 0xbe
0x2, 0x1, 0x0
0x30, 0xd, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x1, 0x5, 0x0 (failed at this point as PKCS#8 is expecting 0x2 INTEGER)
0x4, 0x82, 0x4, 0xa8, 0x30 ...

Thanks and Regards,
Ravi.

Go to forum: wolfSSL

18 Topic by ravi.kumar

(3 replies, posted in wolfSSL)

Hi all,

I am using cyassl-3.3.0 cypto library for our product. I had one certificate consisted of RSA private key, client certificate, one intermediate CA and root CA. Please check the attachment. When I am using example project given with cyassl-3.3.0 or our product, I am getting following error "yassl error: can't load server private key file, check file and run from CyaSSL home dir". I debugged further and found that private key loading is failing from the function GetInt() which is called by RsaPrivateKeyDecode() due to ASN_PARSE_E  (-140). I checked the private key through openssl utility of Linux 
"openssl rsa -in private_key.pem -text -noout" and found correct parsing with openssl version 1.0.1e-fips 11 Feb 2013.  I need help to resolve this issue. I downloaded the latest release wolfssl-3.9.8  from wolfssl site and got the same issue of loading private key failure.

See the out of "openssl rsa -in private_key.pem -text -noout" for the private_key.pem.

Private-Key: (2048 bit)
modulus:
    00:d0:17:98:a5:7d:41:9f:45:72:45:c0:d0:e6:9b:
    82:9e:02:74:c1:2f:d3:93:ea:83:6e:47:05:7d:88:
    23:4c:99:ba:75:88:3f:2b:71:0a:98:76:ad:d2:0f:
    82:b7:6a:07:01:72:03:12:f0:c5:be:29:78:f5:cf:
    d1:f7:ae:19:d8:03:12:4c:b4:02:31:f6:22:34:11:
    0e:10:37:39:4a:55:86:89:63:15:f4:5e:b2:3c:27:
    d2:0e:05:16:36:5e:e3:90:dc:4e:da:60:2a:5e:f3:
    aa:fe:76:d4:f7:f6:ab:ed:a3:13:6b:23:d3:b8:9d:
    cc:68:94:c3:60:cd:4f:73:9f:6b:4d:e3:71:08:8d:
    31:05:1e:c0:94:ac:18:f8:86:d1:29:df:55:91:ca:
    f3:4e:1d:9a:db:1b:79:15:76:1e:5f:af:98:d9:db:
    15:e5:d1:08:cc:9d:76:33:47:bb:f6:49:34:cc:3c:
    2f:30:79:84:4c:9f:fa:af:90:bc:30:c6:e4:e1:94:
    9d:e2:c6:8f:7e:57:54:1e:8a:86:c7:c1:0a:4e:de:
    34:98:13:97:f6:b6:de:a1:a1:1f:c8:71:6b:12:51:
    25:b4:fd:66:ca:9d:0e:0d:8a:13:6f:6b:a7:ee:f7:
    aa:b7:50:c7:a5:69:57:e4:ab:6b:94:ea:a7:05:59:
    13:d1
publicExponent: 65537 (0x10001)
privateExponent:
    64:52:bb:f9:2d:06:32:2f:5d:04:5c:0d:5a:e0:a6:
    7c:5f:5a:c2:b8:b8:1c:9b:f7:79:77:2c:22:75:3b:
    ef:76:3d:fa:e4:10:f0:74:b3:53:06:04:8f:3d:83:
    1b:c2:36:56:70:0d:23:58:89:3d:40:e9:5c:39:31:
    55:63:ce:79:e2:21:34:71:a4:8d:49:c8:fb:a9:2d:
    4a:8c:15:46:cd:2c:eb:97:a5:c2:06:d5:8f:42:f3:
    76:66:e5:6a:99:1c:c5:7e:31:55:fe:fe:ee:80:33:
    74:32:fe:41:fd:de:ad:d6:ed:49:be:20:18:e5:9a:
    e2:e0:b5:c1:39:ba:90:56:ef:da:bf:a7:cc:29:44:
    0e:8b:0b:e6:00:d8:81:73:8f:5f:ad:c8:0b:f4:10:
    6a:ec:aa:58:a5:9e:20:8d:9c:37:dd:de:9b:80:89:
    11:6c:63:d9:13:60:f8:4d:0d:40:ac:57:8f:7d:95:
    af:b7:ae:bd:01:61:82:27:34:7a:a9:27:e4:ae:42:
    0f:fc:ae:1f:39:d8:0b:a7:2f:64:f3:a8:3e:ea:b9:
    15:b1:b3:cf:18:a7:dd:78:cf:c8:1c:8f:07:4d:03:
    6e:3d:51:b7:72:56:48:1d:4e:df:b4:a9:5a:57:4b:
    8a:fb:11:eb:ea:e4:25:08:9c:98:6e:68:4f:7d:db:
    41
prime1:
    00:fe:87:76:33:44:5a:37:e1:ce:a3:d4:19:6e:60:
    cb:93:95:30:64:0d:83:f4:4a:b0:25:2b:bc:7c:fd:
    ee:97:dd:e7:81:a3:90:e1:df:87:b2:fc:4a:5b:d8:
    29:e8:fc:02:13:43:57:11:65:6d:85:f0:ec:1a:fa:
    67:0d:cc:c9:77:5a:a9:a7:67:5e:b1:0c:6c:fd:fb:
    e4:12:49:ac:56:be:eb:b3:d7:b9:c3:a9:a4:b6:b5:
    88:ca:23:59:6e:7b:a4:65:25:09:b0:03:b2:d9:9e:
    d8:c2:29:b0:1b:eb:e2:86:fb:4e:cb:fd:bc:4e:0c:
    8c:bb:51:76:eb:7f:83:9a:85
prime2:
    00:d1:4b:70:1a:e5:47:be:e6:74:ae:b6:f0:fd:37:
    ab:8c:3e:77:33:ae:a2:9d:25:59:e8:1c:75:e8:6f:
    32:c4:ea:40:78:7e:47:0e:0e:bb:c2:fd:05:eb:8f:
    47:64:7b:17:63:f1:46:8f:ab:1c:db:de:89:97:89:
    46:68:25:12:0d:41:c5:8a:58:cd:8d:42:c2:a4:21:
    d0:55:dd:5f:1a:68:7b:34:6c:a5:d9:59:b4:ec:56:
    43:12:74:06:01:ad:8e:2b:10:9c:3d:f3:0e:43:20:
    54:a2:ad:0e:89:c8:ad:0e:f9:5e:99:e2:7d:f2:8a:
    ea:45:0b:a6:cd:a8:12:a3:dd
exponent1:
    00:f2:e5:b7:09:29:bb:a7:04:98:bc:83:56:59:9d:
    89:e9:27:40:6c:da:f1:08:1a:96:8a:82:78:78:17:
    a4:af:cd:16:77:02:ee:ea:7e:f4:f2:fc:0c:c2:25:
    41:a9:93:85:2f:78:de:08:3d:f1:0d:17:63:5a:43:
    88:41:05:23:66:01:61:51:de:35:e1:63:e8:47:61:
    30:bf:bb:0a:fa:25:6c:ad:cd:ba:fb:5c:53:52:01:
    5f:ae:f7:99:0a:f4:77:68:06:b6:7e:00:a9:97:40:
    1d:be:fd:25:91:1f:c4:a7:e7:ff:c4:70:3a:59:89:
    64:6c:06:4c:24:65:25:e4:39
exponent2:
    78:b8:03:74:6f:f5:1f:06:3c:1d:1e:46:08:38:19:
    09:ae:6a:00:f4:64:b5:31:7b:17:27:7b:56:d2:f4:
    bc:a1:c5:07:fb:06:2e:f4:8e:96:5c:6d:12:be:b4:
    d6:1f:2d:91:a6:f4:25:1f:f4:68:59:86:91:52:4b:
    ba:fc:4e:da:38:aa:a1:2e:b1:79:1e:1d:b8:a0:0c:
    53:ca:78:f5:79:78:3e:f7:bf:fd:8b:01:91:23:fc:
    51:e3:7c:27:71:9c:c3:f8:33:b6:83:c0:21:35:bf:
    bb:89:08:0e:af:22:2a:b5:e9:3b:e7:68:f0:01:f2:
    38:5b:0d:1e:28:28:80:3d
coefficient:
    00:c4:95:c3:5e:63:fd:17:98:68:56:53:fd:f8:e3:
    99:28:40:f9:54:2d:03:52:e4:c9:2d:2c:93:65:bc:
    ec:94:5d:fd:bf:1b:b4:4a:4f:18:3b:56:e1:4d:6f:
    5c:20:81:64:df:74:7a:d6:e8:cb:cc:23:44:4d:00:
    76:3f:6c:29:ee:0c:5a:03:50:0c:34:13:4f:d8:03:
    a0:61:22:c4:dd:9f:6f:9f:b2:9b:38:e3:1c:9d:a2:
    f1:39:ea:33:bb:8c:52:fa:5e:6b:35:b4:83:a9:3f:
    4d:8e:e1:42:31:f7:10:52:43:45:b5:5a:22:b6:b7:
    07:fd:48:63:b2:61:84:d8:18

Go to forum: wolfSSL