Currently I am using a wolfssl on a microcontroller. I got it working with RSA, but took about 15 seconds to handshake (I have no divider in my cpu). I am switching to ecc to see if it speeds things up. I generated two pem files with openssl for this and I get errors when trying to load them. My settings are:
#define FREERTOS
#define WOLFSSL_LWIP
#define NO_WOLFSSL_DIR
#define HCC_SAFEFLASH
#define NO_STDIO_FILESYSTEM
#define NO_WOLFSSL_SMALL_STACK
#define WOLFSSL_STATIC_MEMORY
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WOLFSSL_STATIC_RSA
#define WC_NO_HARDEN
#define NO_WOLFSSL_CLIENT
#define NO_RSA
#define HAVE_ECC
#define TFM_ECC256
#define NO_SHA
#define NO_OLD_TLS
#define HAVE_HKDF
#define HAVE_ECC_ENCRYPT
#define WOLFSSL_CERT_GEN
#define ECC_DECODE_EXTRA
#define HAVE_HASHDRBG
#define CUSTOM_RAND_GENERATE
My pem files look like this:
(openssl ecparam -genkey -name prime256v1 -noout -out private.pem)
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIFJ+TI+kYZ0LhNdONR0xZsnBZOmQ+tP31mAT+TAnXb8+oAoGCCqGSM49
AwEHoUQDQgAERHc9yck7wB8OCWBLBPv5V223IGhwi8uxxPKgqxKL9mOhyCGTdLw6
D3eYb9D3mzeR0Qu6YM3//lgX/pubAYNmYw==
-----END EC PRIVATE KEY-----
(openssl ec -in private.pem -pubout -out public.pem)
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERHc9yck7wB8OCWBLBPv5V223IGhw
i8uxxPKgqxKL9mOhyCGTdLw6D3eYb9D3mzeR0Qu6YM3//lgX/pubAYNmYw==
-----END PUBLIC KEY-----
The error I get is:
Couldn't find PEM header
and an error code of -162
My code to load looks like this:
iReturn = wolfSSL_Init();
if(iReturn != SSL_SUCCESS)
CONSOLE_LOG("wolfSSL_Init failed, %d\n", iReturn);
xWolfSSL_ServerContext = wolfSSL_CTX_new( wolfTLSv1_2_server_method() );
if( xWolfSSL_ServerContext != NULL )
{
iReturn = wolfSSL_CTX_use_certificate_file( xWolfSSL_ServerContext, "/www/public_256_ecc.pem", SSL_FILETYPE_ASN1 );
if(iReturn != SSL_SUCCESS)
CONSOLE_LOG("server-cert.pem, %d\n", iReturn);
iReturn = wolfSSL_CTX_use_PrivateKey_file( xWolfSSL_ServerContext, "/www/private_256_ecc.pem", SSL_FILETYPE_ASN1 );
if(iReturn != SSL_SUCCESS)
CONSOLE_LOG("server-key.pem, %d\n", iReturn);
}
else
CONSOLE_LOG("xWolfSSL_ServerContext is NULL\n");