RECENT BLOG NEWS

Just in time for the #ARMTechCon 2016, wolfSSL is making hardware accelerated crypto easier than ever on STM32 devices. This is being done by integrating wolfCrypt into STM`s Hardware Abstraction Layer (HAL) through CubeMX. wolfSSL support for CubeMX with HAL will remove the need to tediously configure hardware acceleration by hand and instead let STM32CubeMX, a graphical software from STM, handle the setup of these features.

wolfSSL is currently testing compatibility on STM32F439ZIx and a STM32F437IIHx boards, but with more support coming soon. If you are interested in getting early access to these features and seeing how easily you can benefit from hardware acceleration, contact support@wolfssl.com.

#ARMTechCon – @wolfSSL has partnered with @GreenHillsPR who has ported the wolfSSL #embedded TLS library into Integrity RTOS! @GreenHillsPR and @wolfSSL will be exhibiting at #ARMTechCon in Santa Clara, CA. Stop by booth #321 to visit with the wolfSSL Team and discuss any questions!

Reference: https://twitter.com/greenhillspr

On the topic of #ARMTechCon, wolfSSL is available as a CMSIS pack! wolfSSL was one of the first libraries available as a MDK5 software pack, which has evolved into CMSIS.

The wolfSSL ARM MDK5 pack supports CMSIS-RTOS by default, providing both the library and example applications. The user can choose to use a different OS as well. Contact us at support@wolfssl.com for more information about using the wolfSSL CMSIS pack today.

#ARMTechCon – wolfSSL now supports Xilinx SoCs and FPGAs. The wolfSSL embedded SSL/TLS library can be used with FPGAs which use the MicroBlaze CPU and/or Zynq and Zynq UltraScale+ SoCs.
 
For more information contact facts@wolfssl.com

#ARMTechCon – NXP has a new LP Trusted Crypto (LTC) core which accelerates RSA/ECC PKI in their Kinetis K8x line.

The LTC hardware accelerator improves:
 * RSA performance by 12-17X
 * ECC performance by 18-23X
 * Ed/Curve25519 performance by 2-3X.

This adds to the existing MMCAU support which accelerates RNG, AES (CBC, CCM, GCM, CTR), DES/3DES, MD5, SHA, SHA256, SHA384/512 and ChaCha20/Poly1305.

The combined LTC/MMCAU hardware acceleration improves performance, reduces power consumption and reduces code size by 40%.

Here are the benchmarks on a FRDM-K82F Cortex M4 @ 150MHz:

Hardware Accelerated (LTC / MMCAU):
RNG      25 kB took 0.026 seconds,    0.939 MB/s
AES enc  25 kB took 0.002 seconds,   12.207 MB/s
AES dec  25 kB took 0.002 seconds,   12.207 MB/s
AES-GCM  25 kB took 0.002 seconds,   12.207 MB/s
AES-CTR  25 kB took 0.003 seconds,    8.138 MB/s
AES-CCM  25 kB took 0.004 seconds,    6.104 MB/s
CHACHA   25 kB took 0.008 seconds,    3.052 MB/s
CHA-POLY 25 kB took 0.013 seconds,    1.878 MB/s
POLY1305 25 kB took 0.003 seconds,    8.138 MB/s
SHA      25 kB took 0.006 seconds,    4.069 MB/s
SHA-256  25 kB took 0.009 seconds,    2.713 MB/s
SHA-384  25 kB took 0.032 seconds,    0.763 MB/s
SHA-512  25 kB took 0.035 seconds,    0.698 MB/s
RSA 2048 public          12.000 milliseconds, avg over 1 iterations
RSA 2048 private         135.000 milliseconds, avg over 1 iterations
ECC  256 key generation  17.400 milliseconds, avg over 5 iterations
EC-DHE   key agreement   15.200 milliseconds, avg over 5 iterations
EC-DSA   sign   time     20.200 milliseconds, avg over 5 iterations
EC-DSA   verify time     33.000 milliseconds, avg over 5 iterations
CURVE25519 256 key generation 14.400 milliseconds, avg over 5 iterations
CURVE25519 key agreement      14.400 milliseconds, avg over 5 iterations
ED25519  key generation  14.800 milliseconds, avg over 5 iterations
ED25519  sign   time     16.800 milliseconds, avg over 5 iterations
ED25519  verify time     30.400 milliseconds, avg over 5 iterations

Software only:
RNG      25 kB took 0.179 seconds,    0.136 MB/s
AES enc  25 kB took 0.099 seconds,    0.247 MB/s
AES dec  25 kB took 0.102 seconds,    0.239 MB/s
AES-GCM  25 kB took 1.486 seconds,    0.016 MB/s
AES-CTR  25 kB took 0.099 seconds,    0.247 MB/s
AES-CCM  25 kB took 0.201 seconds,    0.121 MB/s
CHACHA   25 kB took 0.043 seconds,    0.568 MB/s
CHA-POLY 25 kB took 0.055 seconds,    0.444 MB/s
POLY1305 25 kB took 0.010 seconds,    2.441 MB/s
SHA      25 kB took 0.029 seconds,    0.842 MB/s
SHA-256  25 kB took 0.079 seconds,    0.309 MB/s
SHA-384  25 kB took 0.109 seconds,    0.224 MB/s
SHA-512  25 kB took 0.113 seconds,    0.216 MB/s
RSA 2048 public          147.000 milliseconds, avg over 1 iterations
RSA 2048 private         2363.000 milliseconds, avg over 1 iterations
ECC  256 key generation  355.400 milliseconds, avg over 5 iterations
EC-DHE   key agreement   352.400 milliseconds, avg over 5 iterations
EC-DSA   sign   time     362.400 milliseconds, avg over 5 iterations
EC-DSA   verify time     703.400 milliseconds, avg over 5 iterations
CURVE25519 256 key generation 66.200 milliseconds, avg over 5 iterations
CURVE25519 key agreement      65.400 milliseconds, avg over 5 iterations
ED25519  key generation  25.000 milliseconds, avg over 5 iterations
ED25519  sign   time     30.400 milliseconds, avg over 5 iterations
ED25519  verify time     74.400 milliseconds, avg over 5 iterations

The code to support the LTC is currently in PR #597 here, soon to be rolled into the wolfSSL embedded SSL/TLS library:
https://github.com/wolfSSL/wolfssl/pull/597

These changes are also included in the KSDK 2.0.

See us at ARM TechCon booth #321 (Wednesday 10/26 and Thursday 10/27 – 10:30 AM – 6:30 PM)

#ARMTechCon – If you have a need for #FIPS on an #embedded ARM device @wolfSSL offers a quick-start solution to get you up and running. @wolfSSL has certified #FIPS 140-2 on multiple ARM devices already! If you’re in town at the ARM TechCon, stop by booth 321 to find out more about this and all the other ARM support provided by @wolfSSL.

We can get you a #CAVP certification or #CMVP #Validation to meet your demand. See our #NIST certification here: wolfCrypt FIPS Certificate for already supported #operatingenvironment’s and #algorithms!

Contact us today
facts@wolfssl.com
fips@wolfssl.com

Are you a fan of speed?  How about new, progressive, and secure algorithms?  If so, you’re in luck!  The wolfSSL embedded SSL/TLS library and wolfCrypt cryptography library have support for two high-performance algorithms for key agreement (Curve25519) and digital signatures (Ed25519).

Curve25519 is an elliptic curve which offers 128 bits of security, designed for use with ECDH (Elliptic Curve Diffie-Hellman) key agreement:

https://en.wikipedia.org/wiki/Curve25519
https://cr.yp.to/ecdh.html

Ed25519 is a public key signature algorithm using the Twisted Edwards curve.  It offers very fast signature verification, signing, and key generation while maintaining a high level of security:

https://en.wikipedia.org/wiki/EdDSA
https://ed25519.cr.yp.to/

For instructions on how you can compile wolfSSL with Curve25519 and Ed25519 support, reference the following post: “Memory Optimized Curve25519 and Ed25519”.  And, to hear about how these two algorithms do performance wise, take a look at “Benchmarks of curve25519”.

If you have any question about support for these algorithms in wolfSSL, please let us know at facts@wolfssl.com.

The embedded SSL/TLS library wolfSSL, has support for ARMv8. Significant gains are seen when using the crypto hardware acceleration. wolfSSL is more than 10 times faster with AES and SHA256 operations on a HiKey (LeMaker version) board when using hardware acceleration vs software!!! If building an IoT project requiring fast, secure crypto/TLS with a small memory footprint size, contact wolfSSL at the email address wolfssl@info.com. Come stop by the wolfSSL booth at ARM TechCon!

For information about the board used see http://www.lemaker.org/product-hikey-specification.html

The EiMSIG smart home allows users to monitor and control windows, doors, blinds, lighting, heating, and cameras all from the convenience of a smartphone. Control and monitoring are done through the free EiMSIG® alarms app. The EiMSIG smart home has been designed to be the logical evolution of the classic alarm, as EiMSIG explains on their website.

Because of wolfSSL’s industry reputation, product information, hardware acceleration support on the PIC32, and small footprint, EiMSIG chose the wolfSSL embedded SSL/TLS library to secure their smart home system. The full EiMSIG/wolfSSL case study is available from the wolfSSL case studies page.

For questions regarding the use of wolfSSL products in your embedded or IoT devices, contact us at facts@wolfssl.com.

One of the changes in the recent wolfSSL 3.9.10 release, to mitigate against the SWEET32 attack, is that the 3DES algorithm is now disabled by default when using the Autoconf (./configure) build system. Non Autoconf users can disable 3DES by defining NO_DES3 when compiling wolfSSL.

For those not familiar with SWEET32, more information can be found on the attack’s website, listed below. In summary, SWEET32 is an attack on block cipher algorithms that use a block size of 64 bits:

https://sweet32.info/

For more information about the wolfSSL embedded SSL/TLS library, please contact facts@wolfssl.com.