1 Topic by Scotty2541

(1 replies, posted in wolfSSL)

How come there is hardly any documented #defines??

For example, this page  https://www.wolfssl.com/using-pre-share … wolfssl-2/
just says

$ ./configure --enable-psk

Well, there is NOT configuration script for our environment.  And no one is willing to explain what the script does for environments near what we use.

If the 

#define  {whatever}

was also included for the "settings.h" or the "user_settings.h" file, it would make sure save a lot of time trying to get a PhD in these scripts and settings.

Go to forum: wolfSSL

2 Topic by Scotty2541

(1 replies, posted in wolfSSL)

This is not working, even though it used to work.  Now with 7-5-2  is seems to have stopped working.

   ListCiphers();            //  WHAT ARE THEY TO BEGIN WITH
    ctx = wolfSSL_CTX_new(method); 
    wolfSSL_CTX_set_cipher_list(ctx, cipherList);      //  CHANGE THEM
    ListCiphers();                //  WHAT ARE THEY NOW

Where "ListCiphers()" is simply:

void ListCiphers() {
    int len;
    char *list, *ptr;
    list = (char *) malloc(4096);
    len = wolfSSL_get_ciphers(list, 4096);

    ptr = strtok(list, ": \n\r");
    puts("CIPHERS");
    while (ptr) {
        printf("%s\n", ptr);
        ptr = strtok(NULL, ": \n\r");
    }
    free(list);
}

THEY DO NOT CHANGE.  Even though "cipherList" is a list of 17 of them.

What the list gives me BOTH TIMES are these 23 ciphers:

CIPHERS
TLS13-AES128-GCM-SHA256
TLS13-AES256-GCM-SHA384
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-DES-CBC3-SHA
ECDHE-ECDSA-DES-CBC3-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES256-SHA256
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
EDH-RSA-DES-CBC3-SHA

What I am setting it to is this:

static const char cipherList[768] =
    "TLS13-AES128-GCM-SHA256:"
    "TLS13-AES256-GCM-SHA384:"
    "DHE-PSK-AES256-GCM-SHA384:"
    "DHE-PSK-AES128-GCM-SHA256:"
    "DHE-PSK-AES256-CBC-SHA384:"
    "DHE-PSK-AES128-CBC-SHA256:"
    "DHE-RSA-AES128-GCM-SHA256:"
    "DHE-RSA-AES256-GCM-SHA384:"
    "ECDHE-RSA-AES128-GCM-SHA256:"
    "ECDHE-RSA-AES256-GCM-SHA384:"
    "ECDHE-ECDSA-AES128-GCM-SHA256:"
    "ECDHE-ECDSA-AES256-GCM-SHA384:"
    "ECDHE-RSA-AES128-SHA256:"
    "ECDHE-ECDSA-AES128-SHA256:"
    "ECDHE-RSA-AES256-SHA384:"
    "ECDHE-ECDSA-AES256-SHA384:"
    "ECDHE-PSK-AES128-CBC-SHA256";

Furthermore...

The TLS13 ciphers are in the list (both of them: the one that is enabled. and the one I am trying to set but is ignored anyway.)

And yet, when I tried to connect to the device using those ciphers, it fails.

By the way...
The example has a major defect in it.

https://www.wolfssl.com/documentation/m … et_ciphers

static void ShowCiphers(void) {
char* ciphers;
int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));

if(ret == SSL_SUCCES){
        printf(“%s\n”, ciphers);
    }
}

Size of ciphers is the size of the POINTER.  not the size of the buffer that the pointer refers to.

Go to forum: wolfSSL

3 Reply by Scotty2541

(4 replies, posted in wolfSSL)

Where are you located? (Country and nearest urban centre)

US  Home office in Chicago, engineering division in Detroit

Is your project out of commercial, academic or professional interest?

Commercial, and we are a customer with paid support

You'll have to remove some files that shouldn't be there.

Duh...   Which ones?
I do that EVERY TIME I have to update to the next version.  Except new files continue to show up, and it's a guessing game if they are tied to developer platforms, or required functions, or redundant source modules.

Like the compiler diagnostic:  "ssl_bn.c does not need to be compiled separately from ssl.c".

I do not use any script, as their success rates are poor.  We do not use Cortex M processors, and the NDK never works with your headers  (there is a difference between "hostent"  and "_hostent" as just one example)

I managed to get past this issue by adding #ifdef WOLFSSL_AUTOSAR directives where they were clearly missing.

Now sp_arm32.c is failing... it appears due to syntax that is not compatible with the GNUC compiler.

Go to forum: wolfSSL

4 Topic by Scotty2541

(4 replies, posted in wolfSSL)

I am attempting to build WolfSSL 5.7.2 as a library, where we already have done so for 4.5.0, 4.7.0, 5.5.0, and 5.5.1.

Each time, it's a nightmare trying to fixed the compiler issues in the TI RTOS environment for Sitara, building in CCS with GNUC 7.1.3.  It seems more and more that are conflicts, redundant functions, modules that are not understood by the environment being used...   Despite setting the

This came with no instructions, no information about what all new files are dependent on which of the dozens of environments are supposed to be supported, which should be excluded...  Nothing that remotely says "Here are the hundreds of new things that could break moving to this version, unless you do xxxx".

And the standard "read the manual" doesn't answer these, because it's years old...

This latest iteration of importing the next version, 5 new folders have appeared.  One of them: "AutoSar" has files that are breaking the build all over the place. 

I haven't gotten any further that that... but already spent the day correcting ASM issues all over the place because there are dozens that cannot be built in this environment and with this compiler. There should be a better way that tripping over all these files and trying to figure out if they below, or are part of a different build environment. At this progress, unravelling all the complier diagnostics, I expect hundreds more issues after this is hacked around...

I removed "autosar/test.c".  It had dozens of errors.

But /wolfcrypt/src/port/autosar/cryif.c is still crashing the build.  Because it has no idea what "Std_VersionInfoType", Crypto_JobType", or even ""uint32""  is.

uint32 is not standard.  uint32_t is.

Some of these are dragged in by wolfssl/wolfcrypt/port/autosar/StandardTypes.h

But that is excluded because of a #ifdef WOLFSSL_AUTOSAR which is in SOME of the files, but not others.  So SOME files are using data types, that are PREVENTED from being defined because they are removed by #defines...

Does anyone test these builds??

Go to forum: wolfSSL

5 Reply by Scotty2541

(2 replies, posted in wolfSSL)

So, I have this solved for my silicon, and I'm posting it here for anyone else who runs into this.

Going down the list:

  • NTP isn't an option.

  • Using WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY allows the CA to load, but the verify still gives an error -150 because the time is still outside the Certificate window.

  • Overriding the verify until the server tells the device what time it is opens up to allowing anything to validate, because the CA won't load, unless the above step is also done.

  • Setting NO_ASN_TIME_CHECK opens it up for all time, since it's a build setting

The time functions used by this build of WolfSSL are mapped from "time()", which is the "Unix" function.  To set that, the C function clock_settime() is supposed to be used.

In the environment I am using, it is TI SYSBIOS on Sitara chip (which TI has completely walked away from any support including baremetal...  "Sucks to be you" is their attitude), the clock_settime() library is not present. The header is there, but no lib to link to.

Also the Unix C function "time()" doesn't get or set by the RTC functions that their SYSBIOS/RTOS/XDC API environment has. Nor does setting the Unix time do anything to the RTC registers.  So the RTC registers in the CPU are never in line with the Unix time.  The RTC registers power up as 01 Jan 2000, while the Unix time() is still 01 Jan 1970.

I don't know what is incrementing the Unix time, since it's not coupled to the RTC registers or to any timer interrupt I am aware of.

Regardless,  I discovered that I can set the Unix time with Seconds_set(now) which is a SYSBIOS/XDC function, where "now" is a time_t value.  Although it still remains different from the RTC registers that the CPU uses. 

Then when the Wolf library calls time(), it gets the value I injected into it.  So I can forcibly set it to a value which is within the CA validity window and it loads.  And it can also make the first connection to the server and not have any issue with the certificate time either. 

Then the server tells the device what time it really is, so I can set both the RTC registers as well as the Unix time, and everyone is happy.

-Scotty

Go to forum: wolfSSL

6 Topic by Scotty2541

(2 replies, posted in wolfSSL)

I am getting an error -150 when attempting to call "wolfSSL_CTX_load_verify_buffer()"

But only in my embedded project.  Not on my PC.

The issue:   The SERVER tells the unit what the time is. There is no battery backed RTC.   
We can't get to the server to tell us the time because the CAs cannot be loaded.

The CAs I am testing are from DigiCert
       Validity
            Not Before: Mar 30 00:00:00 2021 GMT
            Not After : Mar 29 23:59:59 2031 GMT
        Validity
            Not Before: Aug  1 12:00:00 2013 GMT
            Not After : Jan 15 12:00:00 2038 GMT

I tried setting our internal clock to 2022 01 01 00 00 00 001  (Jan1 2022) BEFORE even calling 

m_sslCtx = wolfSSL_CTX_new(meth);

But it is still failing to load the CAs.

And to verify it is set, I display the time immediately AFTER calling 

wolfSSL_CTX_load_verify_buffer()

and getting a failure.

So, how/where is the Wolf lib getting the time that it decides to reject the CA's?

How can I force it to load the CA file before the time is set?

Go to forum: wolfSSL

7 Reply by Scotty2541

(4 replies, posted in wolfSSL)

noblekeon:

Don't expect any assistance from WolfSSL on this.  I didn't get any (as you can see by the thread dying).

And the RFC's are written in a very obfuscated and confusing manner (IMO).

There is a statement that it "now supports SNMPv3" but I find nothing that explains that.  Because all that it needed is to compute some hashes and do DES en/decryption.  So I just implemented the packet authentication and ciphers using regular functions that have been around for years.

I implemented SNMPv3 in our device (although the project was abandoned), so I figured out a lot of it.

I started with this, as it's the best description I found.  And it explains version 1
https://www.ranecommercial.com/legacy/note161.html

I then reverse engineered a lot of code from a project net-snmp-5.9.1. The first thing I did was create a project that responds to SNMPv1 messages (low level Ethernet protocol).

I also picked up the book "SNMP, SNMPv2, SNMPv3 and RMON1 and 2" - William Stallings Pearson books.
Specifically, part 5, chapter 14-16 let me take my development code testing from V1 to V3 with the authentication requirements.

I spun up a Linux box, and used the SNMP package to send SNMP OID requests to my test app, in order to verify correct operation.  Using the command line tools in Linux as the requester, I could send in requests for specific OIDs, blocks of them, or even lists.

A fun little web page that lets you examine OIDs is http://oid-info.com/

Hope this helps.

-Scott

Go to forum: wolfSSL

8 Reply by Scotty2541

(4 replies, posted in wolfSSL)

Kareem,
Is there any support under our contract for how to implement SNMPv3?

It's bad enough that I can't find any useful documentation for the PDU packet in earlier versions.

My wireshark trace of an SNMPv3 message has a bunch of additional fields in it which I cannot find anything documenting that either.  They all appear to be cipher related.

Go to forum: wolfSSL

9 Topic by Scotty2541

(4 replies, posted in wolfSSL)

Hello,
The following page
https://www.wolfssl.com/wolfssl-support-added-net-snmp/
announces that SNMP support is now avaialble.

Except the "follow the instructions " link  is to a repository page with a couple of diff files.  No instructions at all.

And we don't use patch/diff tools.

I am looking into adding a SNMPv3 agent to our embedded product.  While I have deciphered enough to the protocol to "be dangerous", I am looking for support writing and integrating an agent into the device running an RTOS, which already uses WolfSSL extensively.

(Off topic...  I've never seen such a kludge and poorly documented protocol in my 30+ years of network coding... requires 15+ RFCs and a PhD in some custom MIB files and how to BER them... and still no details about the protocol on the wire)

Go to forum: wolfSSL

10 Reply by Scotty2541

(2 replies, posted in wolfSSL)

Update...
The questions still stand, but I realize the CA is loaded in the 

X509_Store_new();

And it not necessary to load into 

SSL_user_certificate_ASN1();

That was already occurring in another part of my code.

So that portion of my post changes. However the behavior of the certVertify callback remains not understood.

Go to forum: wolfSSL

11 Topic by Scotty2541

(2 replies, posted in wolfSSL)

Hello,
I am writing a 802.1X handshake client and need to verify the cert chain.  If I leave the ssl_set_verify() as NULL, it fails due to a date issue, since the embedded device has no RTC.

So I need to verify that the signer for the server certificate matches the CA which I have on the client device.  And ignore if the cert date is not valid, because we can't get the time until after the 802.1X authentication occurs.

Here's my test process

  • A CA where we are acting as our own Certification Authority (call it "CA1")

  • A fabricated cert on the server which is signed by CA1  (call it "certificate")

  • A fabricated different CA which doesn't apply to anything (call it "CA2")

(CA2 is to mimic someone attaching the device to a different 802.1X network where the server sends a cert that we don't have the correct CA for)

My goal is to ignore the errors related to the time validity, but reject if the server certificate was issued by CA "company1", while the client is using a CA from "company2"

Loading the PEM/DER data is not a problem. 
But am I loading it for the correct usage, and using the correct API calls?

I registered the callback using 

SSL_set_verify(ssl, SSL_VERIFY_NONE, certVertify);

I load the CA using 

SSL_user_certificate_ASN1(ssl, cabuffer, calength);

I also load the clients cert and key since the server needs peer authentication

SSL_user_certificate_ASN1(ssl, clientbuffer, clientlength);
SSL_user_certificate_ASN1(ssl, keybuffer, keylength);

If I completely ignore any errors on the client side, the 802.1X validation occurs fine, and it lets the device into the network.

But I need to be able to verify in the client that the server certificate is signed by the CA that is on the client.

The callback code is:

static int certVertify(int preverify_ok, X509_STORE_CTX *x509_ctx) {
        X509 *err_cert;
        int err, depth;
        char buf[256];
        const char *err_str;

        printf("------------------\nVerify Called\n");
        err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);

        err = X509_STORE_CTX_get_error(x509_ctx);
        depth = X509_STORE_CTX_get_error_depth(x509_ctx);

        err_str = X509_verify_cert_error_string(err);
        printf("The error is: %ds  Depth: %d \n",err_str , depth);
        X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
        printf("Cert is %s\n", buf);
        ...

Here's what happens and in some of these case, I don't understand what it's doing or why:
When I load the CA1 (the real one) and the time is correct, the callback gets called twice.  I am logging each time the verification callback occurs, and getting the error code, the depth, and certificate that the callback is referring to.

Error: 0  Depth: 1  Cert is CA1
Error: 0  Depth: 0  Cert is the certificate

That's fine. Makes sense.  Except we won't have the correct time in real life.

When I load the CA1 (the real one) and the time is INCORRECT, the callback gets called four times:

Error: certificate is not yet valid   Depth: 1   Cert is CA1
Error: certificate is not yet valid   Depth: 1   Cert is CA1
Error: certificate is not yet valid   Depth: 0   Cert is the certificate
Error: certificate is not yet valid   Depth: 0   Cert is the certificate

The "not yet valid makes sense", but why is it called 4 times?  Twice for each depth?

Next, when I load the CA2, which is the incorrect certification authority. This would a use where the device is attached to a network who has the incorrect CA.  And with the correct time, I get the following:

Error: Self Signed cert in chain  Depth: 1   Cert is CA1
Error: Self Signed cert in chain  Depth: 1   Cert is CA1
Error: Self Signed cert in chain  Depth: 0   Cert is the certificate

Okay, why is the callback handing me the CA from the server, and yet saying nothing about the certificate not being signed by the CA2 that I loaded?

Why is it telling me that CA1 (the actual signer of the certificate) is self signed?

Why is it calling the depth 1 twice?

Next, when I load the CA2, which is the incorrect certification authority, and the time is INCORRECT, I get the following:

Error: Self Signed cert in chain  Depth: 1   Cert is CA1
Error: certificate not yet valid    Depth: 1   Cert is CA1
Error: certificate not yet valid    Depth: 1   Cert is CA1
Error: certificate not yet valid    Depth: 0   Cert is the certificate
Error: certificate not yet valid    Depth: 0   Cert is the certificate

Now why are there 5 calls to the callback?

Any explanation about this would be greatly appreciated.

-Scott

Go to forum: wolfSSL

12 Reply by Scotty2541

(15 replies, posted in wolfSSL)

Jacob,
I got emails asking to create an account... is this new?

I've gotten support last year and the year before with our Digital Check account.  Dealing with you, Sean, Eric directly.

I'll try those other settings in a the next day or two.

Thanks.

Go to forum: wolfSSL

13 Reply by Scotty2541

(15 replies, posted in wolfSSL)

We have a support contract already in place.

Go to forum: wolfSSL

14 Reply by Scotty2541

(15 replies, posted in wolfSSL)

Also, how is it that OpenSSL on a Windows i7 PC takes upwards of 15 seconds to create a new 2048 Public Private key pair  (and substantially longer for a 4096 pair), but you said this can do it in under a second on an Pi?

Go to forum: wolfSSL

15 Reply by Scotty2541

(15 replies, posted in wolfSSL)

In fact, here is the full list:

#ifndef WOLF_USER_SETTINGS_H_
#define WOLF_USER_SETTINGS_H_

#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define WC_RSA_BLINDING
#define ECC_TIMING_RESISTANT

#define ALT_ECC_SIZE

#define OPENSSL_EXTRA        /*   */

#define WOLFSSL_KEY_GEN        //  Needed to generate KEYS, CERTS, and alternate names
#define WOLFSSL_CERT_GEN
#define WOLFSSL_ALT_NAMES        //  Needed for altername subject names in cert generation

//  From the "settings.h"

    #define SIZEOF_LONG_LONG 8
    #define NO_ERROR_STRINGS
    #define FP_MAX_BITS 8192        /*  Increase for 4096 bit key */
    #define HAVE_ECC
    #define HAVE_ALPN
    #define USE_WOLF_STRTOK /* use with HAVE_ALPN */
    #define HAVE_TLS_EXTENSIONS
    #define HAVE_AESGCM

//  Speed up tests
#define WOLFSSL_SP_DH
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_4096


//  New settings, trying to get client to connect
#define    WOLFSSL_AES_256

#define WOLFSSL_SHA384
#define WOLFSSL_SHA512

#define NO_PSK
#define HAVE_AESGCM
#define ECC_USER_CURVES
#define ECC_SHAMIR
#define WOLFSSL_RIPEMD
#define HAVE_EXTENDED_MASTER
#define WOLFSSL_CERT_EXT

Go to forum: wolfSSL

16 Reply by Scotty2541

(15 replies, posted in wolfSSL)

USE_FAST_MATH was already defined.  And tfm.c is already being compiled in.

The others were not.  However it made no difference.
This is trying to create a new keypair.   
And it taking anywhere between 20 seconds and 75 seconds at a time, during the 15+ tests I've run.

Specifically this:  

result = wc_InitRng(&rng);

result = wc_InitRsaKey(&genKey,0);
result = wc_MakeRsaKey(&genKey, 2048, 65537, &rng);

Running in a task in TI RTOS.

Go to forum: wolfSSL

17 Reply by Scotty2541

(15 replies, posted in wolfSSL)

And how do I enable "--enable-fastmath" using a #define in the user_settings.h ?

Because we don't use the build scripts, as they are notoriously broken in CCS trying to build for platforms which are untested.

Go to forum: wolfSSL

18 Reply by Scotty2541

(15 replies, posted in wolfSSL)

Got it. Thanks.

Any experience running wc_MakeRsaKey() on a AM3352 chip?  It runs at about 1Gig.

It seems to be taking a long time to create a 2048 key pair.  What would be an expected time?  10 Seconds? 30 seconds? 60 seconds?

I know it's generating random numbers and trying some things.  So it will vary.

Go to forum: wolfSSL

19 Reply by Scotty2541

(15 replies, posted in wolfSSL)

Jacob,
Simply added these lines to set the before and after date.  And now it makes a cert that fails...

    /*  Create a CERT */
    Cert testcert;
    wc_InitCert(&testcert);

    memcpy(testcert.beforeDate,"20220215060001Z",15);
    testcert.beforeDateSz = 15;
    memcpy(testcert.afterDate, "20240215060001Z",15);
    testcert.afterDateSz = 15;
    testcert.daysValid = 365*2;

    strcpy(testcert.subject.country, "US");
    strcpy(testcert.subject.state, "IL");

I stored of the PEM, and I get this:

openssl x509 -in Dated.pem -noout -text
WARNING: can't open config file: c:\source\lib\openssl-1.0.1g/ssl/openssl.cnf
unable to load certificate
18176:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:.\crypto\asn1\asn1_lib.c:142:
18176:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:.\crypto\asn1\tasn_dec.c:1306:
18176:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:210:Type=ASN1_TIME
18176:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:751:Field=notBefore, Type=X509_VAL
18176:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:751:Field=validity, Type=X509_CINF
18176:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:751:Field=cert_info, Type=X509
18176:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:.\crypto\pem\pem_oth.c:83:

So, what's the secret?

Go to forum: wolfSSL

20 Reply by Scotty2541

(15 replies, posted in wolfSSL)

Jacob,
Thanks.
BUT I also see fields for the size.  And my digging indicates that the OID for the fields are type 18 and defined as YYYYMMDDHHMMSSZ   (15 chars long)
Isn't this an implied and fixed size?

Also, what is the point of "daysValid" if we have a start and stop field already?   
What takes priority?  beforeDate + daysvalid?  Or afterDate to beforeDate  ?

typedef struct Cert {
    int      version;                   /* x509 version  */
    byte     serial[CTC_SERIAL_SIZE];   /* serial number */
    int      serialSz;                  /* serial size */
    int      sigType;                   /* signature algo type */
    CertName issuer;                    /* issuer info */
    int      daysValid;                 /* validity days */
    int      selfSigned;                /* self signed flag */
    CertName subject;                   /* subject info */
    int      isCA;                      /* is this going to be a CA */
    /* internal use only */
    int      bodySz;                    /* pre sign total size */
    int      keyType;                   /* public key type of subject */
#ifdef WOLFSSL_ALT_NAMES
    byte     altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
    int      altNamesSz;                 /* altNames size in bytes */
    byte     beforeDate[CTC_DATE_SIZE];  /* before date copy */
    int      beforeDateSz;               /* size of copy */
    byte     afterDate[CTC_DATE_SIZE];   /* after date copy */
    int      afterDateSz;                /* size of copy */
#endif

-------------------------------------------
As an aside, where do I find this documented?
1. This site: https://luca.ntop.org/Teaching/Appunti/asn1.html   shows a Generalize date as tag 17, but the cert uses 18

2. A DER Cert decoder I found shows everything,  http://lapo.it/asn1js/

But how does a cert KNOW which fields are what?  SOME of the entries have OID, and some don't.
There are OIDs that define the signature algorithm, but the DER sequence which contains two generalized time entries has no OID associated with it...  Does that just imply that two generalized time values are ALWAYS "NotValidBefore" and "NotValidAfter".

Is any of this actually defined somewhere?  Because every resource I've found just gives vague descriptions of ASN.1, BER, DER, etc...  Nothing that says "Here's a expected structure of a real cert needs to be".

Go to forum: wolfSSL

21 Topic by Scotty2541

(15 replies, posted in wolfSSL)

Hello,
Here is some background:
We are using our own internal CA.  And we need a device to generate and sign a certificate using the CA.

I have all this working fine. Modeling off of OpenSSL is how I started.
However OpenSSL uses a CNF file for those settings. No such option appears to exist.

I did find this:

https://wolfssl.com/doxygen/group__ASN. … 130e2c6563

WOLFSSL_API int wc_SetDatesBuffer    (Cert *, const byte * , int )
Which is one of the more useless explainations of how to function is used I've come across.

The example code is:

 Cert myCert;
 // initialize myCert
 byte* der;
 der = (byte*)malloc(FOURK_BUF);
 // initialize der
 if(wc_SetDatesBuffer(&myCert, der, FOURK_BUF) != 0) {
     // error setting subject
 }

Which only tells me I need a DER to use as a source for the dates...  Kind of a "circular" goal... 

Functionally, this all works, except the date is bad (dec 1969 as expected)
I need to be able to control the issue date and duration.

The (simplified) steps are:

    wc_MakeRsaKey()
    ...
    wc_InitCert(&testcert);
    strcpy(testcert.subject.country, "US");
    strcpy(testcert.subject.state, "IL");
    ... //  Yeah, a request is created, all fields good, and ready to be signed...

    caCertLength = LoadCACert();    //  Load the CA from storage
    wc_SetIssuerBuffer(testcert,m_caCert, caCertLength);
     ???  
    certsize = wc_MakeCert(&testcert, dercert, 4096, &genKey, NULL, &rng);
    caKeyLength = LoadCAKey();      //  Load the private key from storage
    result = wc_RsaPrivateKeyDecode((const byte *)m_caKey, &idx, &cakey, caKeyLength);
    ????
    certsize = wc_SignCert(testcert.bodySz, testcert.sigType, dercert, 4096, &cakey, NULL, &rng);

I am suspecting somewhere after "wc_SetIssueBuffer" or just before "wc_SignCert" is where the issue date and expiration date are set.
But there are no examples or explanations.

Can someone advise?

Thanks.

Go to forum: wolfSSL

22 Reply by Scotty2541

(2 replies, posted in wolfSSL)

dgarske wrote:

Hi Scott,

Did you see this example?
https://github.com/wolfSSL/wolfssl-exam … mes.c#L145

No, none of my searching came up with that.

This one worked:  

                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name:
                DNS:localhost, DNS:example.com, DNS:127.0.0.1, IP Address:127.0.0.1
    Signature Algorithm: sha1WithRSAEncryption
         a3:2f:fb:a5:0c:55:68:51:e5:da:a6:6f:4d:3d:f0:1d:9c:77:
        ....

dgarske wrote:

I will have another engineer provide some additional examples. For reference the test case I was using for Scott is posted here:
https://drive.google.com/file/d/15QOGFB … sp=sharing

Thanks,
David Garske, wolfSSL

Yeah, that's my test program I am working with.  All I needed at this stage was to be able to add a Subject Alternative Name

What's different between "myAltNames" in those two posts??
https://www.wolfssl.com/forums/topic140 … l-api.html
and
https://github.com/wolfSSL/wolfssl-exam … mes.c#L145

From what I can determine now, the opening sequence which includes the OID is NOT required in the second one.  But that opening sequence has a length requirement...  I guess internally it just adds 7 extra byte to it??  (The 5 byte OID identifier, and 2 byte STRING identifier plus the length)?

The DER/BER doc is spaghetti, and I can't tell when something is nested and when something isn't.  Nor can I find any definitions for those DNS (x2), IP (x7) IDs that are nested under other stuff... that I still can't figure out...
Since when is x08 an identifier for a string?  It's supposed to be x04...
The 0x08 data type isn't defined anywhere I can find in the DER/BER/ASN.1.

And when did a data type designators move to the upper nibble?

Somewhere, which I have yet to locate, there must be a definition of the sub sequences and their layouts for OID 2.5.29.17  (the Subject Alternative Name).

RFC 5280 specifies that an IP address in a Alternative name is designated as numeric, but the comment in the last entry of the "myAltNames" says it's a string, then uses 0x08 which is an undefined datatype (but uses it for both string and numbers...? )

        /* This is a string 0x08, it denotes an IP Address 0x07 -> 0x87 */
        /* This strings length is 4 (0x04) */
        0x87, 0x04,
        /* The IP address is 127 (0x7F), 0 (0x00), 0, (0x00), 1 (0x01) ->
        *  127.0.0.1
        */
        0x7F, 0x00, 0x00, 0x01

Well, this gives me something to work with, even if there isn't aren't definitions beyond the inline comments.

Thanks.

-Scott

Go to forum: wolfSSL

23 Topic by Scotty2541

(2 replies, posted in wolfSSL)

Hello,
See subject line...

I am creating a certificate, and signing it with an internal CA.  All is fine.  Except I need to also include alternate subject names.

I am using 4.7

This post:
https://www.wolfssl.com/forums/topic140 … l-api.html
Does not work.
The code block 

char myAltNames[] = {
                                 // SEQUENCE (2 elements)
                                 0x30, 0x14,
                                 // OBJECT IDENTIFIEER: 2.5.29.17 subjectAltName
                                 // (X.509 extension)
                                 0x06, 0x03, 0x55, 0x1D, 0x11,
                                 // OCTET STRING (1 element) 
.....

Is building the DER sequence structure for a single name.
And when this is copied in the CERT structure:

    memcpy(testcert.altNames, myAltNames, sizeof(myAltNames) );
    testcert.altNamesSz = (int) sizeof(myAltNames) ;

The cert has garbage (actually the DER OID information) in the Alternate Subject Name

                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name:
0...localhost   0...U...
    Signature Algorithm: sha1WithRSAEncryption
         c0:2b:4b:4d:b9:fd:1e:47:7b:0b:39:d9:17:72:6c:65:24:4e:

So the REAL solution appears to be something like 

    memcpy(testcert.altNames,"DNS:LocalHost", sizeof("DNS:LocalHost") - 1);
    testcert.altNamesSz = (int) sizeof("DNS:LocalHost") - 1;

(the -1 is to remove the trailing null terminator)
Because now the certificate dump is 

               Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name:
                DNS:LocalHost.
    Signature Algorithm: sha1WithRSAEncryption
         83:bd:77:cd:3a:6a:f6:dc:ec:ab:63:cb:1c:3b:d4:39:02:4b:

Which pretty much "looks" correct, but I haven't tried it yet.

On the other hand, this doesn't work at all

    strcpy(testcert.subject.commonName, "www.whatever.com");
    strcpy(testcert.subject.email, "Info@whatever.com");
    wc_SetAltNames(&testcert, "localhost");

When I dump the generated and signed certificate, there is no X509 Extension Subject Alternative Name.

My question:
What is the correct way to set alternate names?
What is the correct way to set MULTIPLE alternate names?
What is the correct way to also set an IP address in the Subject Alternative Name field?

Short of studying the DER OID structures and mastering them (which I have done yet but I'm getting close to having to do), how can this field be set with multiple values and field types?

Scott

Go to forum: wolfSSL

24 Reply by Scotty2541

(3 replies, posted in wolfSSL)

dgarske wrote:

Hi Scott,

Thanks for your feedback on Doxygen quality and will bring up with the team. We strive to keep things well documented, provide timely support and quality examples.

David Garske, wolfSSL

David,
I am trying to figure out how to set an alternate name in a certificate...

The doc for "wc_SetAltNames"...
https://www.wolfssl.com/doxygen/group__ … e4fe7e3626
gives this example...

// initialize myCert
if(wc_SetSubject(&myCert, ”./path/to/ca-cert.pem”) != 0) {
    // error setting alt names
}

Subject is NOT Alternate name

Go to forum: wolfSSL

25 Reply by Scotty2541

(3 replies, posted in wolfSSL)

Thanks.
As I look for answers, troubleshooting issues, examples, etc...  I can show lots of issues.

I could constantly post things, but I don't want to just come across as antagonistic.

I've also though the best example was the MSDN (from about 15 years ago).  No one seems willing to put effort into following that model anymore.

Not just in WolfSSL...  literally everywhere I see these shortcut tools used, the content is horrid.

Go to forum: wolfSSL