wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ

gojimmypi
Posts: 13
Joined: Mon Apr 18, 2022 3:58 pm

wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ

Postby gojimmypi » Tue Apr 23, 2024 7:26 pm

The wolfSSL examples for the ESP8266 have been recently updated!

See GitHub repo for code that works with both ESP32[-N] and ESP8266 devices:

https://github.com/wolfSSL/wolfssl/tree ... F/examples

Get started with open source, commercial grade cryptography and TLS 1.3 on devices with as little as 32KB.

There's also support for experimental Post Quantum Kyber, pending in https://github.com/wolfSSL/wolfssl/pull/7392 or can be enabled like this in the wolfSSL user_settings.h file:

  1. /* Experimental Kyber */
  2. #if 1
  3.     /* Kyber typically needs a minimum 10K stack */
  4.     #define WOLFSSL_EXPERIMENTAL_SETTINGS
  5.     #define WOLFSSL_HAVE_KYBER
  6.     #define WOLFSSL_WC_KYBER
  7.     #define WOLFSSL_SHA3
  8. #endif

I have some screen snips of settings in a microblog over on that former bird site:

https://x.com/gojimmypi/status/1773857431745081346

Need some help getting started? Reach out: support@wolfssl.com

cruvus
Posts: 59
Joined: Fri Jul 08, 2022 5:08 pm
Location: Planet Earth

Re: wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ

Postby cruvus » Sat Apr 27, 2024 10:50 am

So is it possible to replace mbedtls in the ESP8266_NONOS_SDK with this one? The existing mbedtls is quite outdated and does not support TLS 1.3 at all.
ESP32 / ESP-IDF 5.1.4

gojimmypi
Posts: 13
Joined: Mon Apr 18, 2022 3:58 pm

Re: wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ

Postby gojimmypi » Tue May 07, 2024 6:32 pm

Yes, wolfSSL TLS1.3 works on the ESP8266 with both the make and cmake builds. It should work with ESP8266_NONOS_SDK, but I've only used ESP8266_RTOS_SDK myself.

See the examples, such as the TLS client:

https://github.com/wolfSSL/wolfssl/tree ... ssl_client

The ESP8266_NONOS_SDK is obsolete and recommend to use ESP8266_RTOS_SDK instead. Is that an option for you?

https://github.com/espressif/ESP8266_NONOS_SDK

If you have any problems, please open a GitHub issue or contact support. I'd like to help.

cruvus
Posts: 59
Joined: Fri Jul 08, 2022 5:08 pm
Location: Planet Earth

Re: wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ

Postby cruvus » Wed May 08, 2024 10:52 am

RTOS is no option since it demands way too much flash memory. We have hundreds of devices with 1 MByte of flash. RTOS does not fit there. So we are stuck with the NONOS.
Also, RTOS has a newer mbedtls. I think, anyone using RTOS has no need in changing this component.
ESP32 / ESP-IDF 5.1.4

cruvus
Posts: 59
Joined: Fri Jul 08, 2022 5:08 pm
Location: Planet Earth

Re: wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ

Postby cruvus » Wed May 08, 2024 1:07 pm

Maybe a tip: If you want to achieve more reach with your WolfSSL, why not put a NONOS fork online where MbedTLS has already been completely replaced, ready to use so to speak.
ESP32 / ESP-IDF 5.1.4

gojimmypi
Posts: 13
Joined: Mon Apr 18, 2022 3:58 pm

Re: wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ

Postby gojimmypi » Wed May 08, 2024 1:44 pm

We have hundreds of devices with 1 MByte of flash. RTOS does not fit there

Ah yes, I see. Is this an open source project where I can take a look?

I've updated the examples earlier this year. How recently have you tried wolfSSL on NONOS and what, exactly is the error you see?

If this is a commercial project, we can sign a non-disclosure and I can begin working on this immediately. I'm certain that wolfSSL will run on ESP8266 NONOS, as I've gotten TLS 1.3 working on the Arduino Nano 33 with only 32KB of RAM and 256KB flash.

gojimmypi
Posts: 13
Joined: Mon Apr 18, 2022 3:58 pm

Re: wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ

Postby gojimmypi » Wed May 08, 2024 1:51 pm

cruvus wrote:
Wed May 08, 2024 1:07 pm
why not put a NONOS fork online where MbedTLS has already been completely replaced, ready to use so to speak.
Well, the usual reason: time and money. If there's a commercial product for a paying customer, this is absolutely something we can help with right away. If not, we'll keep this on the wish list and work on it as time permits.

I agree it would be good to have wolfSSL properly supported and working on the NONOS, even though it is marked as obsolete by Espressif. As soon as I can see the errors encountered, I'll be able to better asses the amount of work.

Who is online

Users browsing this forum: No registered users and 2 guests