1 Reply by chrisc

(4 replies, posted in wolfSSL)

Hi,

Like Kareem mentioned above, if you can share the build errors you are seeing when trying to build with WOLFSSL_SP_ARM_CORTEX_M_ASM defined, we can make some suggestions around that.  The forums should now also allow for uploading/attaching of files.

If you are only using the ECC P-256 (SECP256R1) curve, you can only enable P-256 at compile time by defining ECC_USER_CURVES. This will have all other curves compiled out by default.

#define HAVE_ECC
#define ECC_USER_CURVES

You can also find an example configuration.h file we put together on a SAMD21 for reference. This will give you a better idea for some of the math library defines we have available:

https://github.com/wolfSSL/microchip-at … guration.h

Best Regards,
Chris

Go to forum: wolfSSL

2 Topic by chrisc

(0 replies, posted in Announcements)

Original blog announcement: https://www.wolfssl.com/fips-140-3-anno … the-world/

wolfSSL Inc. is very pleased to announce our wolf pack has successfully hunted down and captured the ever elusive FIPS 140-3 certificate! The world’s first automated submission (SP800-140Br1) FIPS 140-3 validated certificate #4718 [1] posted to the NIST website on July 11th 2024, valid through July 10th, 2029!

“wolfSSL remains focused on enhancing our technologies and expanding capabilities. We are dedicated to continuous innovation in security. The advancements in our FIPS 140-3 module highlight our commitment to delivering state-of-the-art cryptographic solutions that meet the rigorous demands of today’s cybersecurity landscape.” Stated wolfSSL CTO, Todd Ouska.

We are thrilled to work with ÆGISOLVE, INC. on this journey. The wolfSSL team is grateful for the ÆGISOLVE staff’s hard-work and dedication in realizing the very first SP800-140Br1 140-3 certificate in the world! A note from the ÆGISOLVE team:

“AEGISOLVE is pleased to announce the world’s first SP800-140Br1 compliant FIPS 140-3 Validation Certificate for wolfSSL’s wolfCrypt module" reported Travis Spann, Founder and President of AEGISOLVE (NVLAP Lab Code: 200802-0).

"As a first of its kind, this is a tremendous achievement and a huge step forward for the next generation of FIPS 140-3 Validated Cryptographic Modules. Congratulations, wolfSSL!"

Highlights

  • Boot Times
      - wolfCrypt FIPS 140-2, power-on times could be slower due to mandatory self-tests
      - wolfCrypt FIPS 140-3 requires self-tests only at the first algorithm use or during a slower event cycle
        + faster boot times
        + optimal power and resource consumption with careful planning!

  • Design
      - The wolfCrypt FIPS 140-3 validated module is the only commercial FIPS solution tailored for embedded
      - Emphasis on a minimal footprint, low resource use, reduced power consumption, and high performance for standard and real time systems
      - Design leads to superior scalability across devices, from mobile to server
      - 2-3 times more connections per device at 15-20% better performance than competing solutions.

  • OpenSSL Replacement
      - Compatibility [2]
      - Engine [3]
      - Provider [4]

  • Embeddability
      - Embedded Systems (Medical, networking, sensors, security systems, etc.)
      - Extended Battery life and high performance
      - Hardware Encryption Support
      - Assembly Acceleration

Changes from the historic wolfCrypt FIPS 140-2 cert #3389 to the active wolfCrypt FIPS 140-3 cert #4718:

  • CAST (conditional algo self tests)

  • KDF-TLS, TLS v1.2 KDF and TLSv1.3 KDF

  • SSH KDF

  • AES-OFB mode

  • RSA 3072, 4096 and PSS

  • New Degraded mode of operation in the event of a CAST failure other algorithm services will remain available.

For more about what FIPS is please checkout these blogs:

What is FIPS (long version): https://www.wolfssl.com/fips-long-version/
What is FIPS (short version): https://www.wolfssl.com/fips-short-version/
Webinar: Everything You Need To Know About FIPS 140-3: https://www.wolfssl.com/live-webinar-ev … ips-140-3/

For information on transitioning from 140-2 to 140-3 please checkout our blog: What is the difference between FIPS 140-2 and FIPS 140-3? (https://www.wolfssl.com/difference-fips … ips-140-3/)

Algo cert Link: https://csrc.nist.gov/projects/cryptogr … tion=36918
Security Policy Link: https://csrc.nist.gov/CSRC/media/projec … sp4718.pdf
Ref: Section 2.5 Algorithms
Ref: Section 2.2 Table 6 “Tested Operational Environments – Software, Firmware, Hybrid”
Cert #4718 Link: https://csrc.nist.gov/projects/cryptogr … icate/4718

For questions, comments or feedback please contact the wolfSSL team anytime at fips@wolfssl.com.

[1] https://csrc.nist.gov/projects/cryptogr … icate/4718
[2] https://www.wolfssl.com/documentation/m … ter13.html
[3] https://www.wolfssl.com/documentation/m … olfengine/
[4] https://www.wolfssl.com/openssl-3-0-pro … on-fips-2/

Go to forum: Announcements

3 Reply by chrisc

(3 replies, posted in wolfCrypt)

Hi m_u_h,

Yes, that is correct.  If you are using wolfCrypt FIPS, wolfEngine will by default use all three checks listed above.  You would only need to override "enable_fips_checks" if you wanted to use a subset of the default options.

Keep in mind that these FIPS checks only apply to the scenarios listed above.  Applications consuming OpenSSL with wolfEngine and wolfCrypt FIPS still need to be cautious not to call/use non-FIPS validated cryptography if trying to remain FIPS compliant.  If an application calls an algorithm that is unsupported by wolfCrypt FIPS (thus unsupported in FIPS mode), OpenSSL may re-route that algorithm to the underlying non-FIPS validated OpenSSL cryptography.

Best Regards,
Chris

Go to forum: wolfCrypt

4 Reply by chrisc

(3 replies, posted in wolfCrypt)

Hi m_u_h,

wolfEngine FIPS checks only have an effect when using a FIPS validated (or FIPS Ready) version of wolfSSL/wolfCrypt under wolfEngine.

These "FIPS checks" are checks inside wolfEngine to help make sure the caller doesn't use non-FIPS modes or key lengths of some algorithms, including:

- Check that RSA key sizes are valid. For wolfCrypt FIPS, 1024-bit RSA keys can only be used for verification, not generation or signing.
- Check that RSA signatures with SHA-1 digests are valid. For wolfCrypt FIPS, SHA-1 isn't allowed for signing, only for verifying.
- Check that ECC P-192 usage is valid. For wolfCrypt FIPS, ECC P-192 isn't allowed for ECDH, key generation, or signing. Only allowed for signature verification.

By default, if using a FIPS validated version of wolfCrypt these checks are on by default.  The "enable_fips_checks" control command lets users override the default of all being enabled, and can pass a bitmask of available options from "include/wolfengine/we_fips.h".

Are you using a FIPS validated version of wolfCrypt with wolfEngine?

Thanks,
Chris

Go to forum: wolfCrypt

5 Reply by chrisc

(5 replies, posted in wolfSSL)

Hi Anika,

wolfCrypt's CMS/PKCS#7 API's do not currently have the ability to extract signer certificates without calling wc_PKCS7_VerifySignedData() first.  This API parses the CMS/PKCS#7 bundle ASN.1 and extracts details into our own wolfCrypt structure, in addition to then trying to verify the signature.  If you did not care about the verification result, you could call this API, check/ignore the return value of SIG_VERIFY_E, then proceed to get the signer certificates from the pkcs7->certs[] array, using the pkcs7->certSz[] size array for array sizes.

Pseudocode would look something similar to:

ret = wc_PKCS7_VerifySignedData(pkcs7, in, inSz);
if (ret < 0 && ret != SIG_VERIFY_E) {
    /* other error, parsing, etc */
}

/* loop over pkcs7->cert[], where pkcs7->certSz[] holds sizes for each cert */
for (i = 0; i < MAX_PKCS7_CERTS; i++) {
    if (pkcs7->certSz[i] > 0) {
        /* pkcs7->cert[i] holds ith cert from SignedData bundle */
    }
}

Best Regards,
Chris

Go to forum: wolfSSL

6 Reply by chrisc

(5 replies, posted in wolfSSL)

Hi Anika,

Let me look into this and I'll get back to you shortly.

Thanks,
Chris

Go to forum: wolfSSL

7 Reply by chrisc

(4 replies, posted in wolfSSL)

Hi Renjith,

Were you able to try the SP math build options to see if that helped improve performance?

Thanks,
Chris

Go to forum: wolfSSL

8 Reply by chrisc

(4 replies, posted in wolfSSL)

Hi Renjith,

For ECDSA, public certificate loading had issues with wolfcrypt JCE

Are you able to share more details on the error that you saw for this?  Or, would it be easy to send over a simple sample app that reproduces the issue?  If so, I can help look into this further.  This may be due to a native build option that needs to change, or a higher-level JCE feature depending on the error.

Are there any flags to improve the signing performance(perhaps for making use of the native code)?

We have several different math libraries available in native wolfSSL now that provide varying performance and features.  We have our normal big integer library, our fastmath library, and our newest SP Math library.  On most platforms, fastmath will be the default.  Switching over to our newer SP Math should give you performance increases for public key operations (RSA, ECDSA).

If you are uisng configure with wolfSSL, you can try the following options:

./configure --enable-sp --enable-sp-math-all <other options>

Our SP Math library does also have assembly optimizations for several platforms.  Depending on your target hardware, you may be able to add --enable-sp-asm to the above options.

Let me know if that builds OK, and what you see as far as performance goes.

Thanks!
Chris

Go to forum: wolfSSL

9 Reply by chrisc

(4 replies, posted in wolfSSL)

Hi realexan,

Thanks for reaching out.  We have not tested wolfJSSE or wolfJCE with Nimbus JOSE + JWT before in-house.  Can you confirm, are you are using wolfJSSE or our cryptography provider wolfJCE?  I am not familiar enough at the moment with how Nimbus JOSE + JWT calls down into the Java Security Architecture to know if it is calling into a JCE or JSSE provider.  If you are using wolfJSSE (wolfSSL JNI/JSSE Provider), it may be worth trying to download, build, and register our JCE provider (wolfCrypt JNI/JCE) to see if that gives Nimbus access to the algorithm primitives that it is expecting.

Native wolfSSL supports RSA 2048 and SHA-256, as does wolfJSSE (in TLS cipher suites) and wolfJCE (via Signature and MessageDigest classes).

Are you able to provide more details about the project you are working on, and why you are looking to use wolfJSSE/wolfJCE in place of the default cryptography providers?

Thanks,
Chris

Go to forum: wolfSSL

10 Reply by chrisc

(9 replies, posted in wolfCrypt)

Hi Beat,

I'm not sure that I am following the reasoning behind needing to reset "ret = 0" at that location in pkcs7.c.  It is expected behavior that "ret" would be set to ASN_PARSE_E in the following section of code for your use case, since tag != ASN_OCTET_STRING:

            /* get length of content in case of single part */
            if (ret == 0 && !multiPart) {
                if (tag != ASN_OCTET_STRING)
                    ret = ASN_PARSE_E;

                if (ret == 0 && GetLength_ex(pkiMsg, &localIdx,
                            &length, pkiMsgSz, NO_USER_CHECK) < 0)
                    ret = ASN_PARSE_E;
            }

Later on, we enter the "else" block like you mentioned above, where "detached" gets set to 1, "length" to 0, and "contentLen" to 0.  The next time "ret" is checked is inside the "#ifndef NO_PKCS7_STREAM" section right below that, where:

            /* content expected? */
            if ((ret == 0 && length > 0) &&
                !(pkiMsg2 && pkiMsg2Sz > 0 && hashBuf && hashSz > 0)) {
                pkcs7->stream->expected = length + ASN_TAG_SZ + MAX_LENGTH_SZ;
            }

Here, the value of "ret" won't matter since "length" has already been set to 0.  Then, just a little below that, we reset the value of "ret" with the following call:

            if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &stateIdx, &idx)) != 0) {
                break;
            }

I re-ran your reproducer application against wolfSSL (current master), after making the following changes and verification passed successfully without the additional reset of "ret".  Changes to main.c:

1.  Removed setting "pkcs7.content" and "pkcs7.contentSz" explicitly. No longer needed for this use case after our previous modifications.
2.  Switched wc_PKCS7_VerifySignedData() to "wc_PKCS7_VerifySignedData_ex(), passing in "shaSumOfBinary".

I have re-attached the reproducer bundle I am using here.  Steps I am using to compile/test are:

$ git clone https://github.com/wolfSSL/wolfssl.git
$ cd wolfssl
$ ./autogen.sh
$ ./configure --enable-pkcs7
$ make
$ sudo make install

$ unzip signature_and_binary_v2.zip
$ cd signature_and_binary_v2
$ gcc main.c -lwolfssl
$ ./a.out -s 4dda5fe7-55d8-481a-b6eb-cf74b1b58d4d-d319ae60-1645-42b9-a9c0-eca4395587be.bin -b test.bin

calculated SHA256 of test.bin
56 d3 bb f1 e0 a9 27 b6 57 ba 90 ea 7d c0 ec e6 
ba 60 22 39 f0 ac 00 ad 8b 87 96 af ad 20 d1 40 
Sucessfully verified

Let me know if you think I'm still overlooking something, but this looks to be working as expected for this code path to me.

Thanks,
Chris

Go to forum: wolfCrypt

11 Reply by chrisc

(3 replies, posted in wolfSSL)

Hi Kevin,

Can you try defining SIZEOF_LONG and SIZEOF_LONG_LONG in your CFLAGS when compiling wolfSSL in AOSP?  This would typically be located in your Android.mk file for wolfSSL (external/wolfssl/Android.mk).  The values of these should match sizeof(long) and sizeof(long long) on your system.  These are typically 4 and 8 respectively.

For example:

LOCAL_CFLAGS:=-DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8 <other options>

Thanks,
Chris

Go to forum: wolfSSL

12 Reply by chrisc

(9 replies, posted in wolfCrypt)

Hi Beat,

I have put up a small fix in the following Pull Request to wolfSSL that should fix your use case:

https://github.com/wolfSSL/wolfssl/pull/3996

Testing here with your sample app, with this change, your signature correctly verifies with wc_PKCS7_VerifySignedData_ex().

Best Regards,
Chris

Go to forum: wolfCrypt

13 Reply by chrisc

(9 replies, posted in wolfCrypt)

Hi Beat,

Thanks for the clarification.  I now see your desire/need to pass in only the pre-computed digest of the content rather than the content itself.

Let me revisit our wc_PKCS7_VerifySignedData_ex() code and I'll get back to you shortly.

Thanks,
Chris

Go to forum: wolfCrypt

14 Reply by chrisc

(9 replies, posted in wolfCrypt)

Hi Beat,

I had a chance to look over your examples and believe you may have just been mis-using the wc_PKCS7_VerifySignedData API for use with detached signatures.

wc_PKCS7_VerifySignedData() can verify detached signatures, but your application needs to explicitly set the content and content size using the "pkcs7.content" and "pkcs7.contentSz" structure members before doing the verification.

Internally in pkcs7.c we do some detection of empty content in the PKCS#7/CMS bundle and purposefully set our internal error state to ASN_PARSE_E.  But, we recover from that error state later on once we realize the user has set the pkcs7.content and pkcs7.contentSz correctly.

I have attached a modified version of your main.c (here as main_verifySignedData.c) where I explicitly set these two struct members before doing the verification.  Compiling this against the current version of wolfSSL, I am seeing a verification success.

I did also change wc_PKCS7_VerifySignedData_ex() to the normal wc_PKCS7_VerifySignedData() in your sample application.  wc_PKCS7_VerifySignedData_ex() requires as inputs the PKCS#7/CMS "head" and "foot" as inputs that would have been received as outputs from the corresponding call to wc_PKCS7_EncodeSignedData_ex().  My guess was that you did not have these available and meant to use wc_PKCS7_VerifySignedData() instead.  But, please correct me if I am wrong.  wc_PKCS7_VerifySignedData() also handles calculation of the message digest internally, so I removed that logic from your sample code.

Best Regards,
Chris

Go to forum: wolfCrypt

15 Reply by chrisc

(9 replies, posted in wolfCrypt)

Hi bstraehl,

Thanks for attaching your test application.  We'll look into this and get back to you shortly.

Best Regards,
Chris

Go to forum: wolfCrypt

16 Reply by chrisc

(1 replies, posted in wolfSSL)

Hi,

Yes, wolfCrypt PKCS#7 API can be used to decode a p7b certificate and extract out an X.509 certificate.

You will want to use wc_PKCS7_Init() to initialize a PKCS7 structure, then use wc_PKCS7_VerifySignedData() to decode the p7b certificate.  wc_PKCS7_VerifySignedData() will place decoded X.509 DER-encoded certificates into the pkcs7->cert array, with the size of each stored in the pkcs7->certSz array.

The following GitHub Issue has more details on API usage:

https://github.com/wolfSSL/wolfssl/issues/3638

Can you share more details about the project you are looking to use wolfCrypt in?

Thanks,
Chris

Go to forum: wolfSSL

17 Reply by chrisc

(1 replies, posted in wolfSSL)

Hi!

This looks like a duplicate posting from the following GitHub Issue.  Please see response on the GitHub issue for a resolution:

https://github.com/wolfSSL/wolfssl/issues/3638

Thanks,
Chris

Go to forum: wolfSSL

18 Reply by chrisc

(2 replies, posted in wolfCrypt)

Hi thomas.zeng,

wolfCrypt's PKCS#7/CMS implementation doesn't have support for CAdES-BES currently.  This is something our team could look into adding for you if needed, under our consulting services.  We would need to add re-implement CMS CAdES-BES support ourselves in wolfCrypt instead of porting the pull request you mentioned, for licensing reasons.

wolfSSL does have an OpenSSL compatibility layer which includes a large number of the most commonly-used OpenSSL API.  Our compatibility layer does have some OpenSSL PKCS7 API support, which can be seen in the <wolfssl/openssl/pkcs7.h> header file:

https://github.com/wolfSSL/wolfssl/blob … sl/pkcs7.h

We don't yet have the CMS_sign() API wrapped yet, or the CMS_ContentInfo structure.  It looks like there may be some work required to fill out missing OpenSSL CMS API support if you would require that.  Another route would be to switch to the wolfCrypt PKCS7/CMS API instead of using the OpenSSL compatibility layer.

Is this something you would be interested in exploring further?

Best Regards,
Chris

Go to forum: wolfCrypt

19 Topic by chrisc

(0 replies, posted in Announcements)

The spring release of wolfSSL, v4.4.0, is now available! This release has many new features, optimizations, and bug fixes. Some of the new features we added to the wolfSSL embedded SSL/TLS library include:

  • Qualcomm Hexagon SDK support.

  • DSP builds to offload ECC verify operations.

  • Certificate Manager callback support.

  • New APIs for running updates to ChaCha20/Poly1305 AEAD.

  • Support for use with the Apache web server.

  • Add support for IBM s390x.

  • PKCS8 support for ED25519.

  • OpenVPN support.

  • Add P384 curve support to SP.

  • Add BIO and EVP API.

  • Add AES-OFB mode.

  • Add AES-CFB mode.

  • Add Curve448, X448, and Ed448.

  • Add Renesas Synergy S7G2 build and hardware acceleration.

Check out the README from the download for a full list of features and fixes, or contact us at facts@wolfssl.com with any questions:
https://github.com/wolfSSL/wolfssl/blob … /README.md

Download wolfSSL 4.4.0:
https://www.wolfssl.com/download/

Go to forum: Announcements

20 Reply by chrisc

(1 replies, posted in wolfSSL)

Hi vaslion18,

Yes, wolfSSL can be used on Android for secure SSL/TLS communication.  We typically see Android users use wolfSSL through our JNI layer, since most applications are written in Java.  But, if you are only looking to use wolfSSL at the native C level on Android, you will be able to directly call native wolfSSL API.

wolfSSL itself is only an SSL/TLS layer, and does not include any HTTP functionality.  You would need to have other logic, or libraries for HTTP, but could route those through wolfSSL for SSL/TLS.

For getting wolfSSL compiling and running on Android, you may be able to reference some of our example projects here:
https://github.com/wolfSSL/wolfssl-exam … er/android

These example projects use our JNI wrappers, but you may be able to use the examples as reference for compiling the native wolfSSL library.  I believe you will need to re-compile wolfSSL for each unique Android architecture you are using.

If you have any additional questions, feel free to ask, or email our support team directly at support@wolfssl.com.

Best Regards,
Chris

Go to forum: wolfSSL

21 Topic by chrisc

(0 replies, posted in cURL)

wolfSSL has been working with Daniel Stenberg to create tiny-curl, a lightweight version of the cURL library which has a much smaller footprint than the full featured library.  This will be ideal for embedded or resource constrained users who want to use cURL in their projects!

Full details can be found on Daniel's blog [1].  As Daniel mentions in this blog post:

Instead of being happy with getting told that curl is “too big” for certain use cases, I set a goal for myself: make it possible to build a version of curl that can do HTTPS and fit in 100K (including the wolfSSL TLS library) on a typical 32 bit architecture.

As a comparison, the tiny-curl shared library when built on an x86-64 Linux, is smaller than 25% of the size as the default Debian shipped library is.

tiny-curl can be downloaded from the wolfSSL download page [2] today!  Please email us at support@wolfssl.com with any questions or commercial support inquiries.

[1] https://daniel.haxx.se/blog/2019/05/11/tiny-curl/
[2] https://www.wolfssl.com/download/

Go to forum: cURL

22 Topic by chrisc

(0 replies, posted in cURL)

wolfSSL offers commercial support for cURL!

The wolfSSL embedded SSL/TLS library comes with support for many tools and libraries, one of which is cURL (https://curl.haxx.se/). cURL is a software project that produces two products (libcurl and curl), used for transferring data using various protocols. wolfSSL is happy to announce that we are now offering commercial support and maintenance for cURL!  In addition, Daniel Stenberg (an original author of cURL and one of the founders) is now part of the wolfSSL team.

If you are interested in learning more about commercial cURL support from wolfSSL, please contact us at facts@wolfssl.com.

Best Regards,
Chris

https://www.wolfssl.com/wolfssl-integra … ltinycurl/

Go to forum: cURL

23 Topic by chrisc

(0 replies, posted in cURL)

Welcome to wolfSSL's cURL / libcurl / tinycurl forum.  Please submit any questions, comments, feature requests, or anything else related to cURL here.

Did you know that wolfSSL provides commercial support for cURL?  Learn more here:

https://www.wolfssl.com/products/curl/

Best Regards,
Chris

Go to forum: cURL

24 Reply by chrisc

(2 replies, posted in General Inquiries)

Hi jlagerquist,

Thanks for the suggestion!  We now have a wolfBoot forum:

https://www.wolfssl.com/forums/forum11-wolfboot.html

Best Regards,
Chris

Go to forum: General Inquiries

25 Reply by chrisc

(2 replies, posted in wolfSSL)

Hi srikbn,

The output you mentioned is expected when you have compiled wolfSSL with "--enable-debug" or -DDEBUG_WOLFSSL.  This is being output by the wolfCrypt test app when a failure test case is being tested and is expected.

Best Regards,
Chris

Go to forum: wolfSSL