Hello,
We've sadly discovered huge performance issues with wolfSSL trying to get it running on a nRF52840 chip which runs an ARM CORTEX M4.
We are using ECC (ECDH and ECDSA) and compared wolfSSL basic functions for this with the uECC library made for embedded and the results are quite shocking:
-- wolfcrypt ---
wc_sha256: 0 ms
wc_ecc_sign_hash: 606 ms, 71 bytes
wc_sha256: 0 ms
wc_ecc_init: 0 ms
wc_EccPublicKeyDecode: 1 ms
wc_ecc_verify_hash: 1163 ms - valid_signature: 1
-- uECC --
uECC_make_key: 129 ms, private_key_size 32
uECC_sign: 158 ms
uECC_verify: 135 ms - valid signature: 1
Note that both are using the same setup (curve SECP256R1)
These are the user_settings we are using for wolfcrypt/wolfssl:
//
// Wolf stuff
//
#define WOLFCRYPT_ONLY
// Set 32-Bit mode by default
// This must be set to either 32 or 64 bit depending on target here, may NOT be removed
// Same applies for the ULONG definition
#define SP_WORD_SIZE 32
#undef ULLONG_MAX
#define ULLONG_MAX 18446744073709551615ULL
// add some options that are disabled by default
#define SINGLE_THREADED
#define WOLFSSL_STATIC_MEMORY
#define HAVE_ENCRYPT_THEN_MAC
#define HAVE_ECC
#define HAVE_ECC_ENCRYPT
#define ECC_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
#define HAVE_HKDF
#define DEFAULT_ECC_KEY_CURVE ECC_SECP256R1
#define WOLFSSL_ECIES_ISO18033
// TODO : Check if useful for ARM
// #define WOLFSSL_ARMASM
// /TODO
// TODO : Enable once understood and make sure to build correctly for each arch
// #define USE_FAST_MATH
// /TODO
// remove some options that are enabled by default
#define NO_FILESYSTEM
#define NO_ERROR_STRINGS
#define NO_WOLFSSL_CLIENT
#define NO_WOLFSSL_SERVER
#define NO_DES3
#define NO_DSA
#define NO_MD4
#define NO_MD5
#define NO_SHA
#define NO_PSK
#define NO_PWDBASED
#define NO_RC4
#define NO_SESSION_CACHE
#define NO_TLS
#define NO_RSA
#define WC_NO_RSA_OAEP
#define NO_DEV_URANDOM
#define WOLFSSL_NO_SIGALG
#define NO_RESUME_SUITE_CHECK
#define NO_OLD_TLS
#define WOLFSSL_AEAD_ONLY
#define WOLFSSL_SP_NO_2048
#define WOLFSSL_SP_NO_3072
#define WOLFSSL_SP_NO_256
#define WOLFSSL_NO_TLS12
#define WOLFSSL_CMSIS_RTOSv2
#define WOLFSSL_USER_IO
#define WOLFSSL_SMALL_STACK_CACHE
#define NO_DEV_RANDOM
// #define WOLFSSL_SP_MATH
// #define USE_FAST_MATH
// #define TFM_NO_ASM
#define NO_WOLFSSL_DIR
#define NO_DH
#define NO_SESSION_CACHE
#undef NO_INLINE
#define FP_MAX_BITS (1024 * 2)
/* Random Seed Source */
#define CUSTOM_RAND_GENERATE_SEED blue_arduino_rand_generate_seed
We are now in a bit of trouble because we actually wanted to pick the commercial license for wolf_ssl but we can't explain this issue at all. Can you help by any means? Did we do something fundamentally wrong on the setup?
Please note we couldn't use FAST_MATH because veryfing signatures fails then saying the key length is invalid.
Alex