Using wolfSSL on the Atmel ATECC508A

The wolfSSL embedded SSL/TLS library and wolfCrypt embedded crypto engine have been integrated into the Atmel ATECC508A crypto element, adding support for ECC hardware acceleration and protected private key storage on the ATECC508A.
Using wolfSSL, ATECC508A users can benefit from both increased ECC performance and secure key storage, thus hardening their TLS connections.  The wolfCrypt ATECC508A port adds:

+ wolfCrypt support for ECC hardware acceleration using the ATECC508A.  The new defines for this port are WOLFSSL_ATMEL and WOLFSSL_ATECC508A
+ New public key callback for Pre Master Secret

For more complete details please visit the wolfSSL Atmel webpage. The code can be downloaded directly from wolfSSL’s “More Downloads” page, with the title “Atmel_ATECC508_Demos.zip”.

wolfSSL is dual licensed under both the GPLv2 as well as a standard commercial license.  For licensing information, please see the wolfSSL License Page, or contact us facts@wolfssl.com or call us at (425) 245-8247

wolfSSL 2016 Annual Report

Each year we like to document, review, and reflect on our progress, the details of which are below.  As most of our consumers know, we’ve been diligent in the squashing of bugs, our testing, and the addition of features.

We made a world of progress in 2016, but these accomplishments stand out:

1. We’ve continued to make significant enhancements to our unrivaled cryptography test rig,
2. We’ve added support for a number of secure enclaves, and
3. We added to our already long list of hardware assisted cryptography methods, and finally,
4. We’ve added a number of new environments and algo’s to our FIPS-140 certificate.
5. We also crossed over to securing over 2 Billion connections

All in all, we’re pretty happy with what we’ve done!

Now let’s look forward into 2017!  You can expect us to release a string of TLS 1.3 based enhancements.  Our TLS 1.3 client is currently in alpha, and will make progress quickly.  Shout out and many thanks to the IETF TLS WG for making systematic progress on the new protocol.

You can also expect us to make a lot of progress on supporting additional secure enclaves.  They are now a fundamental requirement for professional IoT designs.  The same is true for the server side of the connection, where clunky HSM’s will be replaced by Intel’s SGX.

See below for all of the engaging details!

wolfSSL Technical Progress

A total of five wolfSSL releases were delivered in 2016, each with bug fixes, enhancements, and new feature additions.  Highlights of these releases included:

1. New Algorithm Support:
a. AES-CMAC (RFC 4493)
b. SHA-224 (RFC 3874)
c. Scrypt (RFC 7914)
d. AES Key Wrap (RFC 3394)
e. ANSI-X9.63 KDF (Key Derivation Function)
2. New Hardware Crypto Support:
a. ARMv8
b. Intel SGX
c. Intel RDSEED and AES-NI enhancements
d. NXP LTC
e. Updated STMicroelectronics STM32 support
3. ECC Improvements:
a. ECC performance enhancements
b. ECC Custom Curve support
c. SECP, Koblitz, and Brainpool curve support
4. Additional PKCS Support:
a. PKCS#12 certificate processing
b. Updated PKCS#7 and CMS support
5. Language Bindings:
a. Python Wrapper
b. C# Wrapper
1. Asynchronous wolfCrypt and TLS Client Support
7. Enhanced DTLS Support:
a. DTLS over SCTP
b. DTLS session export
8. wolfSSL SSL/TLS Layer Improvements
a. TLS Extended Master Secret
b. New static memory only build option
c. Dynamic session tickets
d. LeanTLS build option
e. CTX level RNG for single-threaded builds
f. OCSP improvements
g. New Cipher Suites
i. ECDHE-ECDSA-AES128-CCM
ii. ECDHE-PSK suites
iii. PSK-CHACHA20-POLY1305 suites
h. Expanded unit and algorithm testing
9. wolfCrypt Improvements
a. Support for Whitewood netRandom library
b. Expanded benchmark support
c. RSA OAEP Padding Support
d. ChaCha20-Poly1305 Update

wolfSSL Porting Progress

1. New Operating System Support
a. RIOT
b. Frosted
c. uTasker
d. embOS
2. Compiler and Framework Support:
a. Updated Visual Studio support
b. Updated MDK5 projects
c. MinGW Compatibility Updates
d. Updated NXP KSDK support
e. Updated LPCXpresso example project
3. Board Support:
a. STMicroelectronics STM32CubeMX support
b. Microchip/Atmel ATECC508A support
c. NXP K82 support
d. Nordic nRF51 support
e. Arduino support update and example client
4. Distro and Community Support:
a. Better OS distro support (–enable-distro)
b. Updated wolfSSL MySQL Support
c. Inclusion in Ubuntu!

wolfSSL Events and Tradeshows

The wolfSSL team participated in a total of 20 events in 2016, including:

1. FOSDEM (Brussels, Belgium)
2. Embedded World (Nuremberg, Germany)
3. RSA USA (San Francisco, CA)
4. ESC Boston (Boston, MA)
5. NXP FTF (Austin, TX)
6. Microchip MASTERS (Phoenix, AZ)
7. IoT Devcon (Santa Clara, CA)
8. Sensors Expo (San Jose, CA)
9. Black Hat (Las Vegas, NV)
10. Intel Developer Forum (San Francisco, CA)
11. ENOVA (Paris, France)
12. ESC Minneapolis (Minneapolis, MN)
13. Sensors Midwest (Rosemont, IL)
14. ST Developers Conference (Santa Clara, CA)
15. IoT Korea (Seoul, South Korea)
16. IoT Japan (Tokyo, Japan)
17. ARM TechCon (Santa Clara, CA)
18. Hackaday Superconference (Pasadena, CA)
19. Embedded Technology Conference (Yokohama, Japan)
20. ICMC (Ottawa, Ontario, Canada)

In summary, we had a great year!  2016 was successful for us on multiple fronts, and we look forward to serving our customers and community with ever more secure and functional software in 2017!  As always, your feedback is welcome at facts@wolfssl.com!

wolfSSL RIOT OS Examples

wolfSSL is currently collaborating with the “Revolutionary Internet of Things Operating System” (RIOT-OS) community to bring security to the embedded IoT devices supported by RIOT OS.

wolfSSL has some alpha examples that build and run on the “native” board with plans to add additional platform support on demand. If you would like to see specific device support or speed up this integration effort send us a note support@wolfssl.com!

https://github.com/RIOT-OS/RIOT/pull/6197

wolfSSL PKCS#12 Parsing

PKCS12 is commonly used when solving the problem of securely transporting a private key and certificate pair by file. wolfSSL has recently added PKCS12 parsing capabilities to the wolfSSL embedded TLS/SSL library giving the ability to securely load a certificate along with its private key from .p12 files.

PKCS12 files contain internal storage “containers”, called “SafeBags”. Each SafeBag may be individually encrypted and signed. Specific SafeBags are set aside to store certificates, private keys and CRLs however there are additional SafeBags provided to store additional data as required by the user.

For more information about parsing PKCS12 files using wolfSSL contact us at facts@wolfssl.com

wolfSSL Asynchronous Intel QuickAssist Support

#Crypto #Hardware #Performance

We now support the Intel QuickAssist adapter, which is a low-profile PCIe x8 (Gen 3) card that accelerates crypto operations. Asynchronous hardware acceleration has been added for the following crypto algorithms:

* PKI: RSA public/private (CRT/non-CRT), ECDSA/ECDH, DH
* Cipher: AES CBC/GCM, DES3
* Digest: MD5, SHA, SHA224, SHA256, SHA384, SHA512 and HMAC.

Here are our benchmarks using our asynchronous benchmark application running multiple threads with CPU affinity in user space:

* RSA 2048 public: 209,909 ops/sec
* RSA 2048 private: 41,999 ops/sec
* DH  2048 key gen: 112,491 ops/sec
* DH  2048 key agree: 95,129 ops/sec
* ECDHE 256 agree: 55,117 ops/sec
* ECDSA 256 sign: 46,798 ops/sec
* ECDSA 256 verify: 28,917 ops/sec
* AES-CBC Enc: 2,932 MB/s
* AES-CBC Dec: 2,882 MB/s
* AES-GCM: 2,903 MB/s
* 3DES: 1,511 MB/s
* MD5: 2,309 MB/s
* SHA: 5,068 MB/s
* SHA-224: 2,392 MB/s
* SHA-256: 1,275 MB/s
* SHA-384: 2,020 MB/s
* SHA-512: 1,908 MB/s

Performed on an Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz, 12GB RAM, with Intel QuickAssist is DH895xCC.

Additionally we’ve fully implemented asynchronous TLS client/server support in all wolfSSL PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.

Please contact us at facts@wolfssl.com if you are interested in evaluating these new features.

wolfSSL with Intel® SGX

Intel ® SGX (Software Guard Extensions) allows for additional security and a smaller surface area for attack. One way this is accomplished is by restricting access to portions of memory even from other applications running on the same computer. This additional security is for both code that is being executed and stagnant information with “sealing” data.

Do you have a use case where cryptography with Intel’s ® SGX is needed?

wolfSSL has a port to use SGX located in the directory wolfssl-root/IDE/WIN-SGX/ and two demo examples of creating an Enclave that links with the wolfSSL embedded TLS/SSL library.
Linux/Unix SGX example: SGX Linux
Windows example: SGX Windows

For more information about Intel SGX see the sites below.
https://en.wikipedia.org/wiki/Software_Guard_Extensions
https://software.intel.com/en-us/sgx
https://software.intel.com/sites/default/files/managed/77/98/IntelSGX-infoQ-SolutionBrief.pdf?utm_source=InfoQ&utm_campaign=InfoQSGXGTM&utm_medium=AssetPDF

If you have a need for an embedded SSL/TLS library with Intel ® SGX contact us today facts@wolfssl.com.

#MQTT #TLS #AWSIoT #IOT

Interested in using AWS IoT with MQTT?

We added an Amazon Web Services (AWS) IoT example to our wolfMQTT client in our latest wolfMQTT v0.12 released on 12/20/16.

For this example we setup an AWS IoT endpoint and made it available for testing. AWS uses TLS with a client certificate for authentication. The example is located in /examples/aws/.

You can download the latest release from our website or clone on GitHub. For more information please email us at facts@wolfssl.com.

wolfSSL on Nordic nRF52

wolfSSL has been ported and tested on a Nordic nRF52 board. The wolfSSL embedded SSL/TLS library is ideal for IoT projects and excels at fitting onto resource constrained devices. If looking to use a progressive, embedded TLS/SSL library in your IoT projects contact us here at wolfSSL. A special thanks goes out to Michal Lower for some speed ups with curve25519 key agreements/signatures along with wolfSSL macro defines for the Nordic nRF52 port.

For questions about wolfSSL contact us at facts@wolfssl.com

OpenSSL Compatibility Layer Expansion

Tired of using OpenSSL in your projects? wolfSSL has recently expanded to our compatibility layer and we have more functions coming. This compatibility expansion makes it easier for ripping and replacing the TLS library being used. Making it easier to upgrade your project by using the progressive wolfSSL SSL/TLS library. Over 100 OpenSSL compatibility functions were added to wolfSSL in the last couple months and more compatibility functions are to come.

For more information about wolfSSL contact us at facts@wolfssl.com

Posts navigation

1 2 3 136 137 138 139 140 141 142 189 190 191