Enabling ECC smaller curves - SECP160R1

[fusetim]

I'm new to this project and wolfssl in general, and I would like to use the curve known as SECP160R1.
According to the documentation, it should be quite straightforward:

ECC_USER_CURVES

Allow user to choose ECC curve sizes that are enabled. Only the 256-bit curve is enabled by default. To enable others use HAVE_ECC192, HAVE_ECC224, etc...
~ https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html#ecc_user_curves

Unfortunately, I am probably missing something, as the following additional flags does not seem to enable it.
So now, I am wondering if anyone could kindly point me in the correct direction.

How to reproduce

#define HAVE_ECC
#define ECC_USER_CURVES
#define HAVE_ECC160

Those lines are added to the default user_settings.h file, and it seems to be correctly applied, as switching between Math library works perfectly.

#include "Arduino.h"
#include "user_settings.h"
#include <wolfssl.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/integer.h> 

int8_t computeECC() {
    ecc_key key;
    if (wc_ecc_init(&key) != 0) {
        return -1; // wc_ecc_init failed
    }
    if (int err = wc_ecc_set_curve(&key, 20, ECC_SECP160R1); err != 0) {
        Serial.println("Failed to set ECC curve, error code: " + String(err));
        return -2; // wc_ecc_set_curve failed
    }
    wc_ecc_free(&key);
    return 0;
}

void setup() {
  Serial.begin(115200);
    while (!Serial) {
        ; // wait for serial port to connect. Needed for native USB
    }
    Serial.println("Hello, Arduino!");

    //Setup a LED blink
    pinMode(LED_BUILTIN, OUTPUT);

    //Setup WOLFSSL
    Serial.print(F("wolfSSL library version: "));
    Serial.println(LIBWOLFSSL_VERSION_STRING);
    Serial.print(F("wolfSSL user settings version: "));
    Serial.println(WOLFSSL_USER_SETTINGS_ID);

    // Test ECC
    computeECC();
}

void loop() {
  // put your main code here, to run repeatedly:
}

The error code is the following:

Hello, Arduino!
wolfSSL library version: 5.8.2
wolfSSL user settings version: Arduino user_settings.h v5.7.6
Failed to set ECC curve, error code: -172

And ERROR Code -172 stands for ECC_CURVE_OID_E : -172 : Unsupported ECC OID curve type
When I try using SECP256R1 it works perfectly (since it is bundled by default).

Additional infos

arduino-cli  Version: 1.3.1 Commit: 08ff7e2b76b7cd6394c4d09420b10cf0592b4405 Date: 
wolfssl version: 5.8.2
FQBN target: esp32:esp32:esp32c6 (platform: esp32:esp32 (3.3.3))

[fusetim]

After a good night of sleep, I finally found what I was missing. It appears that an additional definition is needed:

#define ECC_MIN_KEY_SZ 160

This settings is not documented with its default value, so it might change between targets.

In any case, I hope this issue will help other people. That said, issue closed.

[gojimmypi]

Hi @fusetim and thank you for your interest in wolfSSL.

That's cool you were able to determine the missing default and that you also shared your solution.

I've opened wolfSSL/wolfssl#9469 as a reminder to consider making that a default.

One comment about your example code, above, regarding the includes:

#include "user_settings.h"
#include <wolfssl.h>
#include <wolfssl/wolfcrypt/settings.h>

It is advised to never explicitly include the user_settings.h file, as it is pulled in automatically from the wolfssl/wolfcrypt/settings.h file. There's also the general rule that the settings.h always be included before any other wolfSSL files. The exception being the Arduinio wolfssl.h itself. As it pulls in the settings.h file. Similarly the wolfssl.h should be included before any other wolfSSL includes.

Including the user_settings.h directly and/or not including settings.h before other wolfssl includes may cause unexpected results.

Can you share any details about the project you are working on? We always like to hear about how people are using the library. We can also help promote open source projects on our blog.

If you encounter any other difficulties, please fee free to open a new issue or contact us: support@wolfssl.com

Warm Regards,

Jim
wolfSSL Engineer

[fusetim]

Thank you for your remarks @gojimmypi, they have been helpful and I will update the original issue with a more adequate code (that way it will be a better example for others).

Regarding what I am trying to build, I am currently working on an implementation of the Google Find Hub Network specifications for an ESP32 based tag.

wolfssl, in that instance, enables me to implement the key/identity rotation of the tag (see https://developers.google.com/nearby/fast-pair/specifications/extensions/fmdn#eid-computation). To fit inside a BLE v4 advertisement frame, the size of this public key must be ~20 bytes. That is why, the spec uses this uncommon SECP160R1 curve.