As our readers have seen us post about in the past, NXP has a new LP Trusted Crypto (LTC) core which accelerates RSA/ECC PKI in their Kinetis K8x line.
The LTC hardware accelerator improves:
* RSA performance by 12-17X
* ECC performance by 18-23X
* Ed/Curve25519 performance by 2-3X.
wolfSSL now provides support for TLS 1.3 (#TLS13), which was introduced in an internet draft in October of 2016.
If desired, the LTC hardware accelerator can be combined with TLS 1.3, providing:
* Reduced number of round trips while performing a full handshake
* A repurposed ticketing system allows for servers to be stateless
* More attack resistance from improvements to renegotiation, compression, CBC, padding, etc.
Support for the NXP LTC adds to wolfSSL’s existing mmCAU support, now accelerating RNG, AES (CBC, CCM, GCM, CTR), DES/3DES, MD5, SHA, SHA256, SHA384/512 and ChaCha20/Poly1305.
The combined LTC/MMCAU hardware acceleration improves performance, reduces power consumption and reduces code size by 40%.
Here are the benchmarks on a FRDM-K82F Cortex M4 @ 150MHz:
Hardware Accelerated (LTC / MMCAU):
RNG 25 kB took 0.026 seconds, 0.939 MB/s
AES enc 25 kB took 0.002 seconds, 12.207 MB/s
AES dec 25 kB took 0.002 seconds, 12.207 MB/s
AES-GCM 25 kB took 0.002 seconds, 12.207 MB/s
AES-CTR 25 kB took 0.003 seconds, 8.138 MB/s
AES-CCM 25 kB took 0.004 seconds, 6.104 MB/s
CHACHA 25 kB took 0.008 seconds, 3.052 MB/s
CHA-POLY 25 kB took 0.013 seconds, 1.878 MB/s
POLY1305 25 kB took 0.003 seconds, 8.138 MB/s
SHA 25 kB took 0.006 seconds, 4.069 MB/s
SHA-256 25 kB took 0.009 seconds, 2.713 MB/s
SHA-384 25 kB took 0.032 seconds, 0.763 MB/s
SHA-512 25 kB took 0.035 seconds, 0.698 MB/s
RSA 2048 public 12.000 milliseconds, avg over 1 iterations
RSA 2048 private 135.000 milliseconds, avg over 1 iterations
ECC 256 key generation 17.400 milliseconds, avg over 5 iterations
EC-DHE key agreement 15.200 milliseconds, avg over 5 iterations
EC-DSA sign time 20.200 milliseconds, avg over 5 iterations
EC-DSA verify time 33.000 milliseconds, avg over 5 iterations
CURVE25519 256 key generation 14.400 milliseconds, avg over 5 iterations
CURVE25519 key agreement 14.400 milliseconds, avg over 5 iterations
ED25519 key generation 14.800 milliseconds, avg over 5 iterations
ED25519 sign time 16.800 milliseconds, avg over 5 iterations
ED25519 verify time 30.400 milliseconds, avg over 5 iterations
Software only:
RNG 25 kB took 0.179 seconds, 0.136 MB/s
AES enc 25 kB took 0.099 seconds, 0.247 MB/s
AES dec 25 kB took 0.102 seconds, 0.239 MB/s
AES-GCM 25 kB took 1.486 seconds, 0.016 MB/s
AES-CTR 25 kB took 0.099 seconds, 0.247 MB/s
AES-CCM 25 kB took 0.201 seconds, 0.121 MB/s
CHACHA 25 kB took 0.043 seconds, 0.568 MB/s
CHA-POLY 25 kB took 0.055 seconds, 0.444 MB/s
POLY1305 25 kB took 0.010 seconds, 2.441 MB/s
SHA 25 kB took 0.029 seconds, 0.842 MB/s
SHA-256 25 kB took 0.079 seconds, 0.309 MB/s
SHA-384 25 kB took 0.109 seconds, 0.224 MB/s
SHA-512 25 kB took 0.113 seconds, 0.216 MB/s
RSA 2048 public 147.000 milliseconds, avg over 1 iterations
RSA 2048 private 2363.000 milliseconds, avg over 1 iterations
ECC 256 key generation 355.400 milliseconds, avg over 5 iterations
EC-DHE key agreement 352.400 milliseconds, avg over 5 iterations
EC-DSA sign time 362.400 milliseconds, avg over 5 iterations
EC-DSA verify time 703.400 milliseconds, avg over 5 iterations
CURVE25519 256 key generation 66.200 milliseconds, avg over 5 iterations
CURVE25519 key agreement 65.400 milliseconds, avg over 5 iterations
ED25519 key generation 25.000 milliseconds, avg over 5 iterations
ED25519 sign time 30.400 milliseconds, avg over 5 iterations
ED25519 verify time 74.400 milliseconds, avg over 5 iterations
For more information on how wolfSSL supports TLS 1.3, check out this page.
Download wolfSSL from our download page today! These changes are also included in the KSDK 2.0.
TLS 1.3 is now available