Author: Kajal Sapkota

wolfSSL  supports Xilinx SoCs and FPGAs. The wolfSSL embedded SSL/TLS library can be used with FPGAs which use the MicroBlaze CPU and/or Zynq and Zynq UltraScale+ SoCs. Improved performance speeds with using the hardware crpyto can be seen. Increasing AES-GCM, RSA, and SHA3 operations performance. In addition to the performance gained a user also gets the additional security the hardware provides while executing the algorithms.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfSSL software expansion package for STM32Cube is among the first to be MadeForSTM32 certified with V2 label! Having gone through the evaluation process, we’re pleased to announce that I-CUBE-WOLFSSL V4.6.0 is granted MadeForSTM32 V2, a new quality label introduced by STMicroelectronics for the STM32 microcontrollers ecosystem. 

 

wolfSSL offers support for STM32Cube Expansion Package enhanced for STM32 toolset, adding on to previous support for the STM32 Standard Peripheral Library as well as the STM32Cube HAL (Hardware Abstraction Layer). We’re making it easy for users to pull wolfSSL directly into STM32CubeMX and STM32CubeIDE projects.

 

Check out our product page for more information on the package. If you missed the webinar, watch the recording and demo here to learn how to use wolfSSL software expansion for STM32Cube.

 

 

 

wolfSSL focuses on providing lightweight and embedded security solutions with an emphasis on speed, size, portability, features, and standards compliance. With its SSL/TLS products and crypto library, wolfSSL is supporting high security designs in automotive, avionics and other industries. In avionics, wolfSSL supports complete RTCA DO-178C level A certification. In automotive, we support MISRA-C capabilities. For government consumers, wolfSSL has a strong history in FIPS 140-2, with upcoming FIPS 140-3. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, is backed by the robust wolfCrypt cryptography library, 24×7 support and much more. Our products are open source, giving customers the freedom to look under the hood. 

 

Get the latest version of wolfSSL 4.7.0 from our download page!

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Follow wolfSSL on Twitter: @wolfSSL

Follow ST: @ST_World

Benchmark values of the wolfSSL embedded SSL/TLS library running on Xilinx boards, including the ZCU102, have been collected and are up for viewing. Our friends over at Xilinx have a white paper posted that goes into detail about the benchmark values here: https://www.xilinx.com/support/documentation/white_papers/wp512-accel-crypto.pdf. This shows how much faster applications can perform secure operations when incorporating the hardware acceleration available on Xilinx devices. It also gives a demonstration of the performance trade-offs when choosing FreeRTOS versus an embedded Linux OS.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Did you know that the wolfSSL embedded SSL/TLS library supports ARMv8 as well as the Cryptography Extensions that it provides?  wolfSSL is more than 10 times faster with AES and SHA256 operations the ARMv8 board we have been testing on (HiKey LeMaker) when using hardware acceleration versus software crypto!

ARMv8 Benchmark Data comparing Software and Hardware Cryptography

Algorithm	Software Cryptography	Hardware Cryptography
RNG	16.761 MB/s	82.599 MB/s
AES-128-CBC-enc	26.491 MB/s	649.179 MB/s
AES-128-CBC-dec	26.915 MB/s	607.407 MB/s
AES-192-CBC-enc	22.796 MB/s	566.717 MB/s
AES-192-CBC-dec	23.130 MB/s	553.092 MB/s
AES-256-CBC-enc	20.004 MB/s	504.143 MB/s
AES-256-CBC-dec	20.207 MB/s	491.374 MB/s
AES-128-GCM-enc	6.224 MB/s	393.407 MB/s
AES-128-GCM-dec	6.226 MB/s	182.279 MB/s
AES-192-GCM-enc	5.895 MB/s	361.801 MB/s
AES-192-GCM-dec	5.895 MB/s	175.676 MB/s
AES-256-GCM-enc	5.609 MB/s	333.911 MB/s
AES-256-GCM-dec	5.610 MB/s	169.085 MB/s
CHACHA	60.510 MB/s	60.017 MB/s
CHA-POLY	41.805 MB/s	41.410 MB/s
MD5	156.310 MB/s	154.421 MB/s
POLY1305	144.464 MB/s	143.058 MB/s
SHA	89.874 MB/s	89.154 MB/s
SHA-256	38.805 MB/s	533.139 MB/s
HMAC-MD5	156.301 MB/s	154.083 MB/s
HMAC-SHA	89.859 MB/s	89.045 MB/s
HMAC-SHA256	38.814 MB/s	532.316 MB/s
RSA, 2048, public	171.995 Ops/s	171.355 Ops/s
RSA, 2048, private	13.716 Ops/s	13.686 Ops/s
DH, 2048, key generation	50.831 Ops/s	50.575 Ops/s
DH, 2048, agree	41.826 Ops/s	41.596 Ops/s

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

As a proud partner with ARM, wolfSSL is available as a CMSIS pack! wolfSSL was one of the first libraries available as a MDK5 software pack, which has evolved into CMSIS.

The wolfSSL ARM MDK5 pack supports CMSIS-RTOS by default, providing both the library and example applications. The user can choose to use a different OS as well.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

A question we get asked frequently is what are the build size and memory usage of the wolfTPM portable library. Here we will compare wolfTPM with the other popular TPM2.0 stacks, “ibmtss2” created at IBM and “tpm2-tss” originally created by Intel.

This comparison is interesting, because wolfTPM was built from scratch to be optimized for embedded devices and resource-constrained environments. This gives our TPM2.0 library a small footprint while still providing the features our users want and need.

At the time of writing, the current versions of TPM2.0 libraries is as follows:
wolfTPM is at major version 2.0.0
ibmtss2 is at version 1.5.0
tss2-tpm is at version 3.0.3

The test environment is x86_64 machine, running Ubuntu 20.04.1 LTS, with gcc compiler at version 9.3.0 (from the official Ubuntu 9.3.0-17ubuntu1~20.04 package).

Here are the memory footprint results reported by the GNU Size tool:

Code (text)	Memory (data)	bss	Total (Dec)	filename
2658649	186120	186120	2879905	ibmtss keygen
2730620	176736	33888	2941244	Tpm2-tss keygen
119980	1040	24	121044	wolfTPM keygen

Observations

1. wolfTPM needs the least amount of RAM, in orders of magnitude.
2. wolfTPM also has the smallest build size
3. wolfTPM does not use heap
4. wolfTPM has no external dependencies

For completeness, below are the configurations used for each TPM2.0 stack:

– tpm2-tss stack (originally created by Intel) was built using

./configure –enable-shared=no –enable-nodl –disable-fapi -disable-tcti-mssim -disable-tcti-swtpm

In details:

• Disable shared library build (enables static library build)
• Disable dynamic library loading
• Disable support of feature api
• Disable support for Microsoft TPM Simulator
• Disable support for IBM TPM Simulator

tpm2-tss test application: https://github.com/tomoveu/tpm2-tss/tree/size-9

– Ibmtss stack was built using

./configure –disable-tpm-1.2 –disable-rmtpm –disable-shared

In details:

• Disable support for obsolete TPM 1.2
• Disable support for resource manager
• Disable shared libraries (enables static library build)

ibmtss test application: https://github.com/tomoveu/ibmtss/tree/ibm-size-3

– wolfTPM was built using

./configure –enable-devtpm –enable-wolfcrypt –disable-shared

In details:

• Enable /dev/tpmX interface for Linux
• Enable wolfCrypt support for parameter encryption
• Disable shared libraries (enables static library build)

wolfTPM test application: https://github.com/tomoveu/wolfTPM/tree/size-6

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

For a full list of wolfTPM features, please visit the wolfTPM Product Page.

Hi! As our readers know, wolfSSL produces the first embedded TLS library that has begun testing for the new FIPS 140-3 standard, as listed here: https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-process/iut-list

There are a few significant changes coming with FIPS 140-3. Over the years with many specification updates, a few things got a little inconsistent, so these inconsistencies have been brought back in line. wolfSSL is prepared to deliver the first and best implementation of FIPS 140-3, so get ready.

As FIPS 140-3 is the replacement for FIPS 140-2 it is always a good idea to switch over to it as soon as possible. You will also want wolfSSL’s FIPS 140-3 Certificate for many additional reasons that include:
– Merging the FIPS + ISO Standard (see this https://www.corsec.com/fips-140-3/)
– CAST Testing Streamlined – just testing the algos they are actually using.
– Addition of TLS KDF in FIPS Boundary
– Addition of SSH KDF in FIPS Boundary
– Addition of RSA 4096
– Addition of ECDSA + SHA-3
– Removal of insecure algorithms: example Triple DES

Additional Resources

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.

Don’t miss this exclusive opportunity, to gain access to the top thought leaders in the digital space, Ellen Boehm, VP of IoT Strategy at Keyfactor, and Chris Conlon, Engineering Manager at wolfSSL.

Register for the Q&A now to get your questions answered on how to navigate the fast paced world of IoT, and to gain insights on how to embed strong cryptography into vehicles and other connected devices with topics like:

-Unique security challenges that engineers face when securing connected devices
-The role that cryptography plays in securing vehicles
-Practical advice on how these principles can improve security for other connected IoT devices

Watch the webinar here: Everything about Automotive Security 

See you there!

Additional Resources

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.

New year new projects!

We are super excited to announce that we are expanding our post-quantum cryptography needs into SSH.

At wolfSSL we try to be progressive with our support of new cryptography technology. To prepare for a post-quantum world where quantum computing presents a threat to public key primitives due to their ability to solve hard cryptographic problems in polynomial time, the National Institute of Standards and Technology (NIST) is currently working on the new generation of quantum-resistant key encapsulation and authentication schemes, especially to address this threat to critical Internet security protocols like the Transfer Layer Security (TLS), and Secure Shell (SSH).

In preparation for the future we are planning for the transition into post quantum cryptography by planning on adding post quantum algorithms in SSH.

The future on the cryptography landscape is scary and exciting. We at wolfSSL Inc want to help you navigate these dangers with cutting edge technologies with quantum computing safe algorithms.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.