1 Reply by gabriel

(5 replies, posted in wolfSSL)

gojimmypi wrote:

Please let me know how that goes.
Jim

Hello Jim,

It worked!!! I've addressed those errors and now my project builds fine.

Thank you very very much for your help!

Gabriel

Go to forum: wolfSSL

2 Reply by gabriel

(5 replies, posted in wolfSSL)

gojimmypi wrote:

Please let me know how it goes. Thank you.

Hello Jim, and thank you very much for your quick answer!

This is the source code of my project: https://github.com/siegjor/esp32-crypto-api/tree/main

Something that I forgot to say earlier, but that it might be relevant, is that I'm trying to develop a component, called CryptoAPI, and it's in this component that I'll use wolfssl (and as you notice from the source code, other libraries too). My main.cpp file will only contain a include for my CryptoAPI.h file, which includes the WolfsslModule.h file, which includes all of the wolfssl headers I need to use.

Now for the fixes you suggested me:

gojimmypi wrote:

`WOLFSSL_USER_SETTINGS` needs to be defined. See the first line in the `template/main/CMakeLists.txt

I've noticed that it WOLFSSL_USER_SETTINGS was already being defined in "esp32-crypto-api/components
/wolfssl/CMakeLists.txt", so I imagined it was ok. I've done as you said and defined it in esp32-crypto-api/main/CMakeLists.txt, but it still didn't work.

gojimmypi wrote:

2) It is important to include the wolfssl/wolfcrypt/settings.h files before any other wolfSSL includes.

As you can see in "esp32-crypto-api/components/CryptoAPI/include/WolfsslModule.h", I'm already doing that.

gojimmypi wrote:

If you try these steps and the file still cannot be found, please reply with the CMake output

I've found some of the lines you mentioned:

-- ************************************************************************************************
-- wolfssl component config:
-- ************************************************************************************************
-- Starting FIND_WOLFSSL_DIRECTORY: C:/wolfssl
-- Parameter found for FIND_WOLFSSL_DIRECTORY
-- Setting wolfSSL search directory to: C:/wolfssl
-- Found wolfSSL source code via setting: C:/wolfssl
-- Found WOLFSSL_ROOT via CMake specification.
-- Confirmed wolfssl directory at: C:/wolfssl
-- WOLFSSL_EXTRA_PROJECT_DIR = C:/wolfssl/src/
-- This COMPONENT_SRCDIRS = "C:/wolfssl/src/";"C:/wolfssl/wolfcrypt/src";"C:/wolfssl/wolfcrypt/src/port/Espressif";"C:/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle";"C:/wolfssl/wolfcrypt/src/port/atmel";"C:/wolfssl/src/"
-- Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR="C://Users//myuser//Documents//CryptoAPI//components//wolfssl//include//user_settings.h"
-- IDF_PATH = C:\Espressif\frameworks\esp-idf-v5.3.1
-- PROJECT_SOURCE_DIR = C:/Espressif/frameworks/esp-idf-v5.3.1
-- EXCLUDE_ASM = C:/Users/myuser/Documents/CryptoAPI;C:/wolfssl/wolfcrypt/src/aes_asm.S;C:/wolfssl/wolfcrypt/src/aes_gcm_asm.S;C:/wolfssl/wolfcrypt/src/aes_gcm_x86_asm.S;C:/wolfssl/wolfcrypt/src/aes_xts_asm.S;C:/wolfssl/wolfcrypt/src/chacha_asm.S;C:/wolfssl/wolfcrypt/src/fe_x25519_asm.S;C:/wolfssl/wolfcrypt/src/poly1305_asm.S;C:/wolfssl/wolfcrypt/src/sha256_asm.S;C:/wolfssl/wolfcrypt/src/sha3_asm.S;C:/wolfssl/wolfcrypt/src/sha512_asm.S;C:/wolfssl/wolfcrypt/src/sm3_asm.S;C:/wolfssl/wolfcrypt/src/sp_sm2_x86_64_asm.S;C:/wolfssl/wolfcrypt/src/sp_x86_64_asm.S;C:/wolfssl/wolfcrypt/src/wc_kyber_asm.S
--
-- Using developer repo ./components/wolfssl in CMAKE_HOME_DIRECTORY = C:/Users/Brist/Documents/TCC/codigo/esp-idf-code/CryptoAPI
--
-- ************************************************************************************************
-- Using existing wolfSSL user_settings.h in C:/Users/myuser/Documents/CryptoAPI/components/wolfssl/include/user_settings.h
-- Using existing wolfSSL config.h           C:/Users/myuser/Documents/CryptoAPI/components/wolfssl/include/config.h

There's however a line before these ones that maybe can have something to do with this problem?

-- Begin wolfssl
-- C:/Users/myuser/Documents/CryptoAPI/components/wolfssl is not within IDF_PATH. (<-- this line)

I've also already set a WOLFSSL_ROOT env variable pointing to "C:/wolfssl". And while I have yet to try your approach of putting my project within the wolfssl directory structure, I did try adding wolfssl as a managed component and also installing it via the setup_win.bat, but none of it worked, as both of these options resulted in the same problem I'm facing now.

Some other information that might be relevant:
- I'm using vscode, and I setup this project through the espressif extension UI ("create new project", etc.);
- Before running idf.py set-target esp32 (or after deleting the build folder), the wolfssl header files in WolfsslModule.h aren't found ("cannot open source file wolfssl/wolfcrypt/settings.h");
- After running the command above and generating the build folder, the IDE apparently finds those headers, but the problem of undefined identifiers arises.

If there's any other useful info that I could provide, please let me know.

Thank you very much for your help, I'll keep trying to make it work somehow while I wait for your reply.

Gabriel

Go to forum: wolfSSL

3 Topic by gabriel

(5 replies, posted in wolfSSL)

Hello. I've been using wolfssl in Arduino IDE with my ESP32, but then I found out that I couldn't enable hardware acceleration using Arduino IDE (I tried, but there was a mising freertos.h error when compiling). Then I decided to switch to ESP-IDF, and so I ported my code to this environment.

I've added wolfssl as a component to my project, in the following folder structure:

my_project
|_components
   |_wolfssl
      |_include
      |  |_user_settings.h
      |_CMakeLists.txt

The wolfssl source code is located in C:/, and I added it as an enviroment variable so I could reference in the CMakeLists file, as https://github.com/wolfSSL/wolfssl/tree … -component tells us to. I've also defined the macros I need in user_settings.h, which are:

#define WOLFSSL_SHAKE256
#define WOLFSSL_CUSTOM_CURVES
#define WOLFSSL_KEY_GEN
#define ECC256
#define HAVE_ECC_BRAINPOOL
#define HAVE_ED448

However, when I build my project, I get many errors of undefined identifiers, such as "identifier 'wc_ed25519_init' is undefined", even though I've included all necessary headers, and even though CTRL + Clicking in those functions/variables successfully navigates to the respective file. Also, some functions are found, such as "wc_InitRsaKey".

Is there something I'm missing here? I've been stuck on this for the last 3 days and any help would be hugely appreciated.

Go to forum: wolfSSL

4 Topic by gabriel

(1 replies, posted in wolfCrypt)

Reading the WolfSSL docs for both the functions wc_ed448ph_sign_hash and wc_ed25519ph_sign_hash, it says that

The hash algorithm used to create message digest must be SHAKE-256

Why is that? I tried signing messages hashed with SHA-512 and SHA3-256 and it seems to work with no errors.

Besides, looking at the ed25519.c file, the implementation for wc_ed25519_sign_msg_ex, which already hashes the message internally, the hash algorithm used is SHA-512, contradicting what the documentation says.

Go to forum: wolfCrypt

5 Reply by gabriel

(4 replies, posted in wolfCrypt)

Hello gojimmypi, thank you for your reply!

I'm using wolfssl 5.7.2, picked from the Arduino IDE library manager (IDE that I'm using).

And thank you so much for those snippets! Even though I'm not focusing on key-share, it really helped me see that I'm on the right track.

To better contextualize what I'm doing: I'm mainly trying to use dilithium and falcon algorithms to generate keys, sign and verify a message. I'm trying to do all of those steps sequentially. It doesn't make much sense to do that, but it's more like a proof-of-concept to show that I can perform all of those expensive operations on a esp32. After showing that it is possible, I'd sign messages in the esp32, and then send this message to be verified in another device, possibly another esp32 or a mobile application, for example.

Having said that, I'm quite surprised to see that liboqs isn't needed for this, as I have tried and failed to make pq work without liboqs, and as the wolfSSL manual states:

Note: These experimental algorithms are not enabled and completely inaccessible if wolfSSL is not configured with the --with-liboqs flag.

(Found here: https://www.wolfssl.com/documentation/m … dix07.html)

So I've added these configs in my user_settings.h:

#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define HAVE_LIBOQS
#define HAVE_DILITHIUM
#define WOLFSSL_WC_DILITHIUM
#define HAVE_FALCON

But if I define HAVE_LIBOQS, then I get a build error saying that it couldn't find "oqs.h", which I imagine would be the header files of liboqs. However, after reading your reply here, I tried commenting out that definition, and it seems it wasn't really needed? At least for dilithium, that is. For falcon, if HAVE_LIBOQS isn't defined, then a lot of specific falcon macros aren't found (as per falcon.h file) and the project doesn't compile, so I had to comment out the HAVE_FALCON definition too.

Dilithium didn't gave me any compilation problems however, and I was able to run a small test program that was using it. I couldn't get past the wc_dilithium_init() function, though. The function does work, but after that, when the program tries to execute the wc_dilithium_make_key() function (with valid arguments of course), I get a -192 error, whose description says "Bad ecc enc state operation". What exactly does that mean? Could you help me clarify some of those things?

This is my code; it's very simple, and the only one that is being run, so I don't see why would some state be invalid here:

WC_RNG* rng = (WC_RNG*)malloc(sizeof(WC_RNG));
int ret = wc_InitRng(rng);
check_return(ret, 0, "wc_InitRng"); // just a logging function

dilithium_key* key = (dilithium_key*)malloc(sizeof(dilithium_key));  
ret = wc_dilithium_init(key);
check_return(ret, 0, "wc_dilithium_init");

ret = wc_dilithium_make_key(key, rng);
check_return(ret, 0, "wc_dilithium_make_key");

I know this is a lot, but I'd really appreciate some help with this, as I can't find anything similar to my problem on the internet, and AI isn't being of much help, either. So thank you very much for your patience and your time!

Go to forum: wolfCrypt

6 Reply by gabriel

(4 replies, posted in wolfCrypt)

Thank you very much for your quick response!


I'm from Brazil, and this project is the final project of my major, where I'm trying to run operations with digital certificates inside a embedded device like ESP32. I'm using mainly the mbedtls library and wolfssl.

While I'm at this, I'd also like to try and experiment with post-quantum cryptography, but I see that it needs the liboqs library, which isn't available on Arduino IDE. Is there a way that I can use wolfssl's post-quantum api on my esp32? If not, I think this would be possible only by trying to port the liboqs library, right?

Thank you again smile

Go to forum: wolfCrypt

7 Topic by gabriel

(4 replies, posted in wolfCrypt)

Hello! I'm using wolfSSL for embedded development with the ESP32, and I'm trying to benchmark different algorithms, specifically:

- ECC with both secp and brainpool curves (wc_ecc_sign_hash);
- Ed25519 (wc_ed25519_sign_msg);
- Ed448 (wc_ed448_sign_msg);
- RSA (wc_RsaSSL_Sign).

I've noticed that some of these functions are called "sign_msg" while others are "sign_hash." For example, in the case of Ed448, there is even a function called wc_ed448ph_sign_msg, where the documentation states that the message is pre-hashed before signature calculation. This is a bit confusing to me because there is also a wc_ed448ph_sign_hash.

Previously, I assumed that functions ending with "sign_hash" would require me to manually hash the message before passing it to the function, while functions ending with "sign_msg" would hash the message for me. However, with Ed448, I'm not sure if this assumption still holds.

Could someone clarify which functions for the algorithms I'm using require me to manually hash the message? I would prefer to do the hashing manually, as this allows me to benchmark only the signing process and not both the hashing and signing processes.

Thank you for your attention.

Go to forum: wolfCrypt