Page 1 of 1
wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ
Posted: Tue Apr 23, 2024 7:26 pm
by gojimmypi
The wolfSSL examples for the ESP8266 have been recently updated!
See GitHub repo for code that works with both ESP32[-N] and ESP8266 devices:
https://github.com/wolfSSL/wolfssl/tree ... F/examples
Get started with open source, commercial grade cryptography and TLS 1.3 on devices with as little as 32KB.
There's also support for experimental Post Quantum Kyber, pending in
https://github.com/wolfSSL/wolfssl/pull/7392 or can be enabled like this in the wolfSSL user_settings.h file:
/* Experimental Kyber */
#if 1
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_SHA3
#endif
I have some screen snips of settings in a microblog over on that former bird site:
https://x.com/gojimmypi/status/1773857431745081346
Need some help getting started? Reach out:
support@wolfssl.com
Re: wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ
Posted: Sat Apr 27, 2024 10:50 am
by cruvus
So is it possible to replace mbedtls in the ESP8266_NONOS_SDK with this one? The existing mbedtls is quite outdated and does not support TLS 1.3 at all.
Re: wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ
Posted: Tue May 07, 2024 6:32 pm
by gojimmypi
Yes, wolfSSL TLS1.3 works on the ESP8266 with both the make and cmake builds. It
should work with ESP8266_NONOS_SDK, but I've only used ESP8266_RTOS_SDK myself.
See the examples, such as the TLS client:
https://github.com/wolfSSL/wolfssl/tree ... ssl_client
The ESP8266_NONOS_SDK is obsolete and recommend to use ESP8266_RTOS_SDK instead. Is that an option for you?
https://github.com/espressif/ESP8266_NONOS_SDK
If you have any problems, please open a GitHub issue or contact support. I'd like to help.
Re: wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ
Posted: Wed May 08, 2024 10:52 am
by cruvus
RTOS is no option since it demands way too much flash memory. We have hundreds of devices with 1 MByte of flash. RTOS does not fit there. So we are stuck with the NONOS.
Also, RTOS has a newer mbedtls. I think, anyone using RTOS has no need in changing this component.
Re: wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ
Posted: Wed May 08, 2024 1:07 pm
by cruvus
Maybe a tip: If you want to achieve more reach with your WolfSSL, why not put a NONOS fork online where MbedTLS has already been completely replaced, ready to use so to speak.
Re: wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ
Posted: Wed May 08, 2024 1:44 pm
by gojimmypi
We have hundreds of devices with 1 MByte of flash. RTOS does not fit there
Ah yes, I see. Is this an open source project where I can take a look?
I've updated the examples earlier this year. How recently have you tried wolfSSL on NONOS and what, exactly is the error you see?
If this is a commercial project, we can sign a non-disclosure and I can begin working on this immediately. I'm certain that wolfSSL will run on ESP8266 NONOS, as I've gotten TLS 1.3 working on the Arduino Nano 33 with only 32KB of RAM and 256KB flash.
Re: wolfSSL TLS Example Updates for the ESP8266, including Kyber PQ
Posted: Wed May 08, 2024 1:51 pm
by gojimmypi
cruvus wrote: ↑Wed May 08, 2024 1:07 pm
why not put a NONOS fork online where MbedTLS has already been completely replaced, ready to use so to speak.
Well, the usual reason: time and money. If there's a commercial product for a paying customer, this is absolutely something we can help with right away. If not, we'll keep this on the wish list and work on it as time permits.
I agree it would be good to have wolfSSL properly supported and working on the NONOS, even though it is marked as obsolete by Espressif. As soon as I can see the errors encountered, I'll be able to better asses the amount of work.