Ed25519 Support Coming to wolfCrypt

wolfSSL is adding crypto level use of Ed25519 to wolfCrypt and plans to add TLS use of Ed25519 in the future. Benchmarks of our Ed25519 implementation have shown that the sign time can be reduced by up to 90% and verify time by up to 65% compared with the common ECC-DSA!

The following are some initial benchmarks:

CPU: 2.5 GHz Intel Core i7

ECC 256 key generation 0.775 milliseconds, avg over 100 iterations
EC-DSA sign time 0.739 milliseconds, avg over 100 iterations
EC-DSA verify time 0.528 milliseconds, avg over 100 iterations

ED25519 key generation 0.055 milliseconds, avg over 100 iterations
ED25519 sign time 0.053 milliseconds, avg over 100 iterations
ED25519 verify time 0.184 milliseconds, avg over 100 iterations

Raspberry Pi (ARM 700MHz)

ECC 256 key generation 82.494 milliseconds, avg over 100 iterations
EC-DSA sign time 84.862 milliseconds, avg over 100 iterations
EC-DSA verify time 52.444 milliseconds, avg over 100 iterations

ED25519 key generation 1.543 milliseconds, avg over 100 iterations
ED25519 sign time 1.821 milliseconds, avg over 100 iterations
ED25519 verify time 3.832 milliseconds, avg over 100 iterations

For questions about wolfSSL contact us at facts@wolfssl.com

Case Study: wolfSSL Provides Encryption for TwistM2M Platform

TwistM2M has released their multitalented, Verizon Wireless certified M2M device that allows cloud connectivity through Exosite’s secure cloud-based platform. This provides developers with a wide variety of widgets that can be used with the numerous sensors on the TwistM2M board including accelerometers, GPS, temperature and light sensors. The TwistM2M device is ideal for any developer wanting an Internet of Things (IoT) solution that can significantly shorten setup time and allow for many customizable applications.

wolfSSL was chosen as the SSL/TLS library for TwistM2M due to its extensive PIC32 support and lightweight capacity. wolfSSL also provides an I/O abstraction layer that helped TwistM2M tailor the SSL I/O functionality to use both cellular and Ethernet connections, a requirement for their M2M device.

If you would like more information on the TwistM2M platform, feel free to visit their website at www.twisthink.com. The TwistM2M/wolfSSL case study can be viewed on the wolfSSL case studies page.

For questions regarding the use of wolfSSL products in your embedded or IoT devices, contact us at facts@wolfssl.com.

wolfSSL Roadmap

Curious about new features and additions to wolfSSL technologies including the lightweight wolfSSL SSL/TLS library (formerly CyaSSL)?  Some items on our current roadmap include early TLS 1.3 adoption, curve25519 / ed25519 integration at the crypto and TLS level, more resource reduction options, and OCSP stapling support.  In terms of new environments we’ll soon have more FIPS platforms, additional hardware acceleration options, easier integration with event programming, Data plane development support, SRP integration, better Intel assembly crypto speedups, and more Open Source project plugins.  New product offerings will include wolfSSH and wolfCrypt as a separate library.  We also anticipate offering our testing and security audit programs as services.  Keep an eye out for connected home white papers and case studies.  Something we missed, or something you would like to see on our roadmap?  Please let us know.

Feel free to visit our website at wolfssl.com or email us at facts@wolfssl.com .

wolfSSL (CyaSSL) Support for Marvell 88MC200 Hardware AES Module

The Marvell 88MC200 is a system-on-chip microcontroller designed to be cost-effective, flexible, and easy to use. It was developed specifically for building connected smart devices and appliances. The Marvell 88MC200 is incredibly small (thumb-size) and runs energy efficient applications that can be used in mobile or cloud-based environments.

Marvell provides the Easy-Connect Software Development Kit (SDK) in combination with the 88MC200. This is a FreeRTOS-based software stack focusing on application-specific software functionality. One of the features of the 88MC200 is the inclusion of a hardware-accelerated AES module. When using wolfSSL in the Marvell SDK, wolfSSL automatically offloads AES operations into the 88MC200 hardware module. In doing so, users gain advantages in both speed and footprint size.

For more information on using wolfSSL with the Marvell 88MC200, contact us at facts@wolfssl.com. For detailed module information and other Marvell products, visit www.marvell.com.

Marvell 88MC200

wolfSSL on Cavium OCTEON

Looking for networking encryption and decryption? The powerful combination of wolfSSL and OCTEON hardware make for an exceptionally speedy and secure network connection. Cavium`s OCTEON processors have outstanding hardware acceleration support available for algorithms used in networking. For example in benchmarks ran using wolfSSL, AES operations increased from 8.6 MB/s to 261 MB/s with the OCTEON processor`s hardware acceleration support. That`s over 252 MB/s more!!

Along with hardware acceleration support for common symmetric algorithms, there is also support for asymmetric algorithms such as RSA and DH. A whole RSA encrypt and decrypt could be done in less than 7.5 milliseconds with hardware acceleration versus an average of 168 milliseconds without.

All of these massive increases in performance were seen with the use of just one core. The CN5860-SCP processor has the possibility of using all 16 cores, each core being able to handle its own SSL session. That`s the possibility of 16 independent and extremely fast SSL connections running in parallel.

For information about wolfSSL on Cavium OCTEON processors contact us at facts@wolfssl.com

wolfSSL and CyaSSL are not vulnerable to the recent FREAK attack

The FREAK Attack exploits legacy SSL cipher suites from the 1990s that use RSA export keys.  By definition a server in export mode has to use a low bit strength RSA key (512 bits or less), which can now be cracked in around 12 hours.  Even if a client supports export cipher suites but doesn’t broadcast support for them a man in the middle attacker can force the server to use the low grade key.  Fortunately for wolfSSL and CyaSSL users we do no support export cipher suites and key derivation.  No versions of wolfSSL or CyaSSL are vulnerable to the FREAK attack.  For more information check out: https://freakattack.com and  https://www.smacktls.com/#freak .

Or feel free to visit our website at wolfssl.com or email us at facts@wolfssl.com .

wolfSSL 3.4.0 is Now Available

Release 3.4.0 wolfSSL has bug fixes and new features including:

• wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt headers which will enable the compatibility APIs for the foreseeable future
• Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c
• Example use of the wolfSSL API can be found in examples/client/client.c
• Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon
• Improvements in the build configuration under AIX
• Microchip PIC32 MZ updates
• TI-RTOS updates
• PowerPC updates
• Xcode project update
• Bidirectional shutdown examples in client/server with -w (wait for full shutdown) option
• Cycle counts on benchmarks for x86_64, more coming soon
• ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA keys
• Various compile warnings
• Scan-build warning fixes
• Changed a memcpy to memmove in the sniffer (if using sniffer please update)
• No high level security fixes that requires an update though we always recommend updating to the latest

CyaSSL name is changing to wolfSSL!

We currently in the process of changing the name of our embedded SSL/TLS library from CyaSSL to wolfSSL. This name change benefits our users and us a with a more consistent and standardized naming convention across our company and products.

A CyaSSL compatibility layer will remain available for those wanting to continue using the CyaSSL API. However, users are encouraged to update to the wolfSSL API upon release.

Aside from the new name, the structure and licensing of the CyaSSL library will remain the same. The FIPS branch of wolfCrypt, which was submitted to NIST for FIPS 140-2 cryptographic module validation, is unaffected by the name change.

Please follow our blog to for the latest information on the CyaSSL to wolfSSL name change. For any questions, please contact us at facts@wolfssl.com.

Seeking Senior C/C++ Developer

Hi! We are currently seeking an additional senior C/C++ developer for our team. Ideally, our best candidates will have 5+ years of experience coding C/C++. Experience at the systems level, working with networking protocols, working with cryptography, and an affinity for open source are useful but not necessary. This is a position where you will primarily work at home, with occasional travel to team meetings, trade events, and customers. With the right skill set, we are open to you working anywhere, but we prefer those who reside in Montana, Seattle, and Portland, because we already have clusters of people working in those locations.

If you are interested, please email your resume to larry@wolfssl.com.

Posts navigation

1 2 3 149 150 151 152 153 154 155 188 189 190