- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are there plans to add the AES_256_GCM cipher?
When I add #define USE_AES_256_GCM_CIPHER to tls_cipher_suites.h compiler indicates the driver is not available.
Using SDK 5.0 for ISM43362_M3G_L44 WiFi module.
Solved! Go to Solution.
- Labels:
-
Security
-
TCPIP
-
Wireless MCU
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tge
Cypress will use mbedTLS in the upcoming WICED 5.2 release. This will support the ciphers that you requested.
Supported SSL / TLS ciphersuites - mbed TLS (Previously PolarSSL)
chrd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I could not reproduce the compile error in WICED 5.0.1. In addition to #define USE_AES_256_GCM_CIPHER, you also need to #define USE_SHA384_MAC so that the cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To reproduce the compile error in WICED 5.0.1:
Must also add the cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 to my_ciphers[] in file wiced_tls.c.
static const cipher_suite_t* my_ciphers[] =
#if defined( USE_RSA_KEYSCHEME ) && defined( USE_AES_256_GCM_CIPHER ) && defined( USE_SHA384_MAC )
&TLS_RSA_WITH_AES_256_GCM_SHA384,
#endif /* if defined( USE_RSA_KEYSCHEME ) && defined( USE_AES_256_GCM_CIPHER ) && defined( USE_SHA384_MAC ) */
Will see the linker error:
Making snip.https_server-BCM943362WCD4.elf
build/snip.https_server-BCM943362WCD4/libraries/Supplicant_BESL.a(tls_cipher_suites.o):(.rodata.TLS_RSA_WITH_AES_256_GCM_SHA384+0x8): undefined reference to `aes_256_gcm_cipher_driver'
tools/makefiles/wiced_elf.mk:265: recipe for target 'build/snip.https_server-BCM943362WCD4/binary/snip.https_server-BCM943362WCD4.elf' failed
make.exe[1]: *** [build/snip.https_server-BCM943362WCD4/binary/snip.https_server-BCM943362WCD4.elf] Error 1
Makefile:348: recipe for target 'main_app' failed
make: *** [main_app] Error 2
We need a quick solution to this issue as we are required to support these two ciphers with AES-256-GCM
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
I have a solution for swapping between the RSA and ECC key/certificate pairs but need the AES-256-GCM cipher.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the information. I have reproduced the build error and raised a ticket internally. I will discuss this issue tomorrow with the engineer and get back to you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I discussed this issue with the engineer on Monday and requested him to look into it. I will update this thread as soon as I receive feedback.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tge
Cypress will use mbedTLS in the upcoming WICED 5.2 release. This will support the ciphers that you requested.
Supported SSL / TLS ciphersuites - mbed TLS (Previously PolarSSL)
chrd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the update, do you have a WICED 5.2 release date?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are targeting the first week of September, after the holiday.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
grsr wrote:
Cypress will use mbedTLS in the upcoming WICED 5.2 release. This will support the ciphers that you requested.
Supported SSL / TLS ciphersuites - mbed TLS (Previously PolarSSL)
Hi grsr,
Will mbedTLS source code included in WICED SDK release?
Honestly, the most headache issue about the TLS library is when there is an issue found, we only get a TLS error code and no way to debug and trace the issue. Any issue related TLS needs to *wait* cypress to provide the fix (and it usually takes Months).
It will be helpful if WICED SDK include mbedTLS source code rather than binary library.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just saw some internal correspondance which confirms that mbedTLS source will be included as part of the 5.2 release.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, AES_256_GCM ciphers are all working with RSA and ECC signed certificates