You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfSSL → Create ECDSA key from my own WC_RNG source?
Hello I'm using WolfSSL for TLS 1.3 support and looking at using its APIs to create ECDSA private keys based on my own unique random bits.
I've seen the example here: https://github.com/wolfSSL/wolfssl-exam … #L115-L132
so I think I should be able to use the wc_ecc_make_key_ex API with some sort of WC_RNG which is based on my own array of bits, maybe?
Can you give me any help on how to do this?
Thanks!
Hi @torntrousers,
Please try using the below setup:
A) Define WOLFSSL_USER_SETTINGS globally or at the top of <wolfssl/wolfcrypt/settings.h> so that settings.h will look for and include the file "user_settings.h"
B) Create an empty header "user_settings.h" and use this file to tune the build
C) Include <wolfssl/wolfcrypt/settings.h> in your application
D) Update the include path for your project so "user_settings.h" can be included by settings.h.
E) Setup a custom function to seed the wolfSSL RNG with your own entropy source
// Define the type your function will be returning, for this example we'll return an unsigned int
#define CUSTOM_RAND_TYPE unsigned int
// Your function that provides entropy seed to "seed" the RNG declare as an extern
extern unsigned int my_rng_seed_gen(void);
// define the wolfSSL CUSTOM_RAND_GENERATE to be your function
#undef CUSTOM_RAND_GENERATE
#define CUSTOM_RAND_GENERATE my_rng_seed_genLet me know if this helps.
Warm Regards,
K
Thats great, I have it working, thank you so much for the quick reply.
It looks like doing wc_InitRng(&rng) calls my my_rng_seed_gen function 13 times, so with unsigned int being 32 bits I need to provide 13 x 32 which is 416 random bits. Is there any way to reduce that a bit?
So when we initialize the RNG structure we run a "health test" to ensure that repetitive calls to the generate seed function do not return predictable data. If you want to reduce the number of checks you could try modifying the wc_RNG_HealthTestLocal function to call wc_RNG_HealthTest() less times though this is a good test to perform and we do not recommend reducing the number of health checks.
Regards,
K
wolfSSL - Embedded SSL Library → wolfSSL → Create ECDSA key from my own WC_RNG source?
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.029 seconds (91% PHP - 9% DB) with 9 queries