AES_256_GCM CIPHER

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
LeWi_2227251
Level 3
Level 3
First like received Welcome!

Are there plans to add the AES_256_GCM cipher? 

When I add  #define USE_AES_256_GCM_CIPHER to tls_cipher_suites.h compiler indicates the driver is not available.

Using SDK 5.0 for ISM43362_M3G_L44 WiFi module.

0 Likes
1 Solution
GauravS_31
Moderator
Moderator
Moderator
10 questions asked 250 solutions authored 250 sign-ins

tge

Cypress will use mbedTLS in the upcoming WICED 5.2 release. This will support the ciphers that you requested.

Supported SSL / TLS ciphersuites - mbed TLS (Previously PolarSSL)

chrd

View solution in original post

0 Likes
13 Replies
GauravS_31
Moderator
Moderator
Moderator
10 questions asked 250 solutions authored 250 sign-ins

I could not reproduce the compile error in WICED 5.0.1. In addition to #define USE_AES_256_GCM_CIPHER, you also need to #define USE_SHA384_MAC so that the cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled.

To reproduce the compile error in WICED 5.0.1:

Must also add the cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 to my_ciphers[] in file wiced_tls.c.

static const cipher_suite_t* my_ciphers[] =

#if defined( USE_RSA_KEYSCHEME ) && defined( USE_AES_256_GCM_CIPHER ) && defined( USE_SHA384_MAC )

        &TLS_RSA_WITH_AES_256_GCM_SHA384,

#endif /* if defined( USE_RSA_KEYSCHEME ) && defined( USE_AES_256_GCM_CIPHER ) && defined( USE_SHA384_MAC ) */

Will see the linker error:

Making snip.https_server-BCM943362WCD4.elf

build/snip.https_server-BCM943362WCD4/libraries/Supplicant_BESL.a(tls_cipher_suites.o):(.rodata.TLS_RSA_WITH_AES_256_GCM_SHA384+0x8): undefined reference to `aes_256_gcm_cipher_driver'

tools/makefiles/wiced_elf.mk:265: recipe for target 'build/snip.https_server-BCM943362WCD4/binary/snip.https_server-BCM943362WCD4.elf' failed

make.exe[1]: *** [build/snip.https_server-BCM943362WCD4/binary/snip.https_server-BCM943362WCD4.elf] Error 1

Makefile:348: recipe for target 'main_app' failed

make: *** [main_app] Error 2

We need a quick solution to this issue as we are required to support these two ciphers with AES-256-GCM

TLS_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

I have a solution for swapping between the RSA and ECC key/certificate pairs but need the AES-256-GCM cipher.

0 Likes

Thank you for the information. I have reproduced the build error and raised a ticket internally. I will discuss this issue tomorrow with the engineer and get back to you.

0 Likes

grsr

Is there an update on this issue?

0 Likes

leif.widmayer_2227251

I discussed this issue with the engineer on Monday and requested him to look into it. I will update this thread as soon as I receive feedback.

0 Likes
tge
Employee
Employee
25 sign-ins 5 questions asked First question asked

grsr

Is there an update on this issue?

0 Likes
GauravS_31
Moderator
Moderator
Moderator
10 questions asked 250 solutions authored 250 sign-ins

tge

Cypress will use mbedTLS in the upcoming WICED 5.2 release. This will support the ciphers that you requested.

Supported SSL / TLS ciphersuites - mbed TLS (Previously PolarSSL)

chrd

0 Likes

Thanks for the update, do you have a WICED 5.2 release date?

0 Likes

We are targeting the first week of September, after the holiday.

0 Likes

grsr wrote:

tge

Cypress will use mbedTLS in the upcoming WICED 5.2 release. This will support the ciphers that you requested.

Supported SSL / TLS ciphersuites - mbed TLS (Previously PolarSSL)

chrd

Hi grsr​,

Will mbedTLS source code included in WICED SDK release?

Honestly, the most headache issue about the TLS library is when there is an issue found, we only get a TLS error code and no way to debug and trace the issue. Any issue related TLS needs to *wait* cypress to provide the fix (and it usually takes Months).

It will be helpful if WICED SDK include mbedTLS source code rather than binary library.

axel.lin_1746341grsr

I just saw some internal correspondance which confirms that mbedTLS source will be included as part of the 5.2 release.

leif.widmayer_2227251

Could you test the ciphers using mbedTLS in WICED Studio 5.2?

0 Likes

Yes, AES_256_GCM ciphers are all working with RSA and ECC signed certificates