wolfSSL + ARM + FIPS

#ARMTechCon – If you have a need for #FIPS on an #embedded ARM device @wolfSSL offers a quick-start solution to get you up and running. @wolfSSL has certified #FIPS 140-2 on multiple ARM devices already! If you’re in town at the ARM TechCon, stop by booth 321 to find out more about this and all the other ARM support provided by @wolfSSL.

We can get you a #CAVP certification or #CMVP #Validation to meet your demand. See our #NIST certification here: wolfCrypt FIPS Certificate for already supported #operatingenvironment’s and #algorithms!

Contact us today
facts@wolfssl.com
fips@wolfssl.com

New NXP Kinetis K8X LP Trusted Crypto (LTC) support for PKI (RSA/ECC)

#ARMTechCon – NXP has a new LP Trusted Crypto (LTC) core which accelerates RSA/ECC PKI in their Kinetis K8x line.

The LTC hardware accelerator improves:
 * RSA performance by 12-17X
 * ECC performance by 18-23X
 * Ed/Curve25519 performance by 2-3X.

This adds to the existing MMCAU support which accelerates RNG, AES (CBC, CCM, GCM, CTR), DES/3DES, MD5, SHA, SHA256, SHA384/512 and ChaCha20/Poly1305.

The combined LTC/MMCAU hardware acceleration improves performance, reduces power consumption and reduces code size by 40%.

Here are the benchmarks on a FRDM-K82F Cortex M4 @ 150MHz:

Hardware Accelerated (LTC / MMCAU):
RNG      25 kB took 0.026 seconds,    0.939 MB/s
AES enc  25 kB took 0.002 seconds,   12.207 MB/s
AES dec  25 kB took 0.002 seconds,   12.207 MB/s
AES-GCM  25 kB took 0.002 seconds,   12.207 MB/s
AES-CTR  25 kB took 0.003 seconds,    8.138 MB/s
AES-CCM  25 kB took 0.004 seconds,    6.104 MB/s
CHACHA   25 kB took 0.008 seconds,    3.052 MB/s
CHA-POLY 25 kB took 0.013 seconds,    1.878 MB/s
POLY1305 25 kB took 0.003 seconds,    8.138 MB/s
SHA      25 kB took 0.006 seconds,    4.069 MB/s
SHA-256  25 kB took 0.009 seconds,    2.713 MB/s
SHA-384  25 kB took 0.032 seconds,    0.763 MB/s
SHA-512  25 kB took 0.035 seconds,    0.698 MB/s
RSA 2048 public          12.000 milliseconds, avg over 1 iterations
RSA 2048 private         135.000 milliseconds, avg over 1 iterations
ECC  256 key generation  17.400 milliseconds, avg over 5 iterations
EC-DHE   key agreement   15.200 milliseconds, avg over 5 iterations
EC-DSA   sign   time     20.200 milliseconds, avg over 5 iterations
EC-DSA   verify time     33.000 milliseconds, avg over 5 iterations
CURVE25519 256 key generation 14.400 milliseconds, avg over 5 iterations
CURVE25519 key agreement      14.400 milliseconds, avg over 5 iterations
ED25519  key generation  14.800 milliseconds, avg over 5 iterations
ED25519  sign   time     16.800 milliseconds, avg over 5 iterations
ED25519  verify time     30.400 milliseconds, avg over 5 iterations

Software only:
RNG      25 kB took 0.179 seconds,    0.136 MB/s
AES enc  25 kB took 0.099 seconds,    0.247 MB/s
AES dec  25 kB took 0.102 seconds,    0.239 MB/s
AES-GCM  25 kB took 1.486 seconds,    0.016 MB/s
AES-CTR  25 kB took 0.099 seconds,    0.247 MB/s
AES-CCM  25 kB took 0.201 seconds,    0.121 MB/s
CHACHA   25 kB took 0.043 seconds,    0.568 MB/s
CHA-POLY 25 kB took 0.055 seconds,    0.444 MB/s
POLY1305 25 kB took 0.010 seconds,    2.441 MB/s
SHA      25 kB took 0.029 seconds,    0.842 MB/s
SHA-256  25 kB took 0.079 seconds,    0.309 MB/s
SHA-384  25 kB took 0.109 seconds,    0.224 MB/s
SHA-512  25 kB took 0.113 seconds,    0.216 MB/s
RSA 2048 public          147.000 milliseconds, avg over 1 iterations
RSA 2048 private         2363.000 milliseconds, avg over 1 iterations
ECC  256 key generation  355.400 milliseconds, avg over 5 iterations
EC-DHE   key agreement   352.400 milliseconds, avg over 5 iterations
EC-DSA   sign   time     362.400 milliseconds, avg over 5 iterations
EC-DSA   verify time     703.400 milliseconds, avg over 5 iterations
CURVE25519 256 key generation 66.200 milliseconds, avg over 5 iterations
CURVE25519 key agreement      65.400 milliseconds, avg over 5 iterations
ED25519  key generation  25.000 milliseconds, avg over 5 iterations
ED25519  sign   time     30.400 milliseconds, avg over 5 iterations
ED25519  verify time     74.400 milliseconds, avg over 5 iterations

The code to support the LTC is currently in PR #597 here, soon to be rolled into the wolfSSL embedded SSL/TLS library:
https://github.com/wolfSSL/wolfssl/pull/597

These changes are also included in the KSDK 2.0.

See us at ARM TechCon booth #321 (Wednesday 10/26 and Thursday 10/27 – 10:30 AM – 6:30 PM)

Progressive Performance in wolfSSL with Curve25519 and Ed25519

Are you a fan of speed?  How about new, progressive, and secure algorithms?  If so, you’re in luck!  The wolfSSL embedded SSL/TLS library and wolfCrypt cryptography library have support for two high-performance algorithms for key agreement (Curve25519) and digital signatures (Ed25519).

Curve25519 is an elliptic curve which offers 128 bits of security, designed for use with ECDH (Elliptic Curve Diffie-Hellman) key agreement:

https://en.wikipedia.org/wiki/Curve25519
https://cr.yp.to/ecdh.html

Ed25519 is a public key signature algorithm using the Twisted Edwards curve.  It offers very fast signature verification, signing, and key generation while maintaining a high level of security:

https://en.wikipedia.org/wiki/EdDSA
https://ed25519.cr.yp.to/

For instructions on how you can compile wolfSSL with Curve25519 and Ed25519 support, reference the following post: “Memory Optimized Curve25519 and Ed25519”.  And, to hear about how these two algorithms do performance wise, take a look at “Benchmarks of curve25519”.

If you have any question about support for these algorithms in wolfSSL, please let us know at facts@wolfssl.com.

wolfSSL ARMv8 Support

The embedded SSL/TLS library wolfSSL, has support for ARMv8. Significant gains are seen when using the crypto hardware acceleration. wolfSSL is more than 10 times faster with AES and SHA256 operations on a HiKey (LeMaker version) board when using hardware acceleration vs software!!! If building an IoT project requiring fast, secure crypto/TLS with a small memory footprint size, contact wolfSSL at the email address wolfssl@info.com. Come stop by the wolfSSL booth at ARM TechCon!

For information about the board used see http://www.lemaker.org/product-hikey-specification.html

Case Study: wolfSSL Secures EiMSIG® Smart Home Alarm System

The EiMSIG smart home allows users to monitor and control windows, doors, blinds, lighting, heating, and cameras all from the convenience of a smartphone. Control and monitoring are done through the free EiMSIG® alarms app. The EiMSIG smart home has been designed to be the logical evolution of the classic alarm, as EiMSIG explains on their website.

Because of wolfSSL’s industry reputation, product information, hardware acceleration support on the PIC32, and small footprint, EiMSIG chose the wolfSSL embedded SSL/TLS library to secure their smart home system. The full EiMSIG/wolfSSL case study is available from the wolfSSL case studies page.

For questions regarding the use of wolfSSL products in your embedded or IoT devices, contact us at facts@wolfssl.com.

Posts navigation

1 2