PRODUCTS
wolfCrypt Embedded Crypto Engine
The wolfCrypt cryptography engine is a lightweight crypto library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support. wolfCrypt supports the most popular algorithms and ciphers as well as progressive ones such as HC-128, RABBIT, and NTRU. wolfCrypt is stable, production-ready, and backed by our excellent team of security experts. It is used in millions of application and devices worldwide.
A version of the wolfCrypt cryptography library has been FIPS 140-3 validated (Certificate #4718) and FIPS 140-2 validated (Certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ or contact fips@wolfssl.com.
Highlights
- ECC, up to 521 bit
- Hash-based PRNG
- AES-NI, Cavium, STM32
- Progressive list of supported ciphers
- Key and Certificate generation
- Support Available
Lightweight
- Small footprint size
- Low runtime memory
Portable
- Simple and Clean API
- Hardware crypto support
- Modular Design
- Assembly Optimizations
Platform and Language Support
wolfCrypt is built for maximum portability and is generally very easy to compile on new platforms. It supports the C programming language as a primary interface. If your desired platform is not listed under the supported operating environments, or you have interest in using wolfCrypt in another programming language not currently supported, please contact us.
Hardware encryption and acceleration
In addition, wolfCrypt also supports hardware cryptography and acceleration on some platforms. To see a list of platforms that are supported, please see our hardware cryptography support page.
Commercial Support
Support packages for wolfCrypt are available on an annual basis directly from wolfSSL. With three different package options, you can compare them side-by-side and choose the package that best fits your specific needs. Please see our Support Packages page for more details or contact us with any questions.
For license information, please see our Licensing Page.
Benchmarks
For benchmarking information or data, please visit our Benchmark page or contact us for more information.
Special Builds
Module Isolation - Individual algorithms and ciphers are able to be easily broken out of the wolfCrypt package and used independently. If you would like to learn more, please contact us.
wolfCrypt Training Course
Interested in getting trained by the wolfSSL team on subjects related to wolfCrypt and/or wolfSSL?
Features
- Hash Functions: MD2, MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3 (Keccak), SHA3-224, SHA3-256, SHA3-384, SHA3-512, BLAKE2b, RIPEMD-160, Poly1305
- Block, Stream, and Authenticated Ciphers: AES (CBC, CTR, GCM, CCM, GMAC, CMAC), Camellia, DES, 3DES, IDEA, ARC4, RABBIT, HC-128, ChaCha20
- Public Key Algorithms: RSA, DSS, DH, EDH, ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA, NTRU
- Password-based Key Derivation: HMAC, PBKDF2
- Curve25519 and Ed25519
- Hash-based PRNG
- PEM and DER certificate support
- X.509 Encoding / Decoding
- Simple API
- RSA and ECC Key Generation
- x509 v3 Signed Certificate Generation
- PKCS#1 (RSA Cryptography Standard) support
- PKCS#5 (Password-Based Encryption Standard) support
- PKCS#7 (Cryptographic Message Syntax - CMS) support
- PKCS#8 (Private-Key Information Syntax Support) support
- PKCS#10 (Certificate Signing Request - CSR) support
- PKCS#12 (Personal Information Exchange Syntax Standard) support
- Assembly Optimizations
- Custom Memory Hooks
- Easily ties in to Hardware-based RNG solutions
- Hardware Cryptography Support: Intel AES-NI, AVX1/2, RDRAND, RDSEED, SGX, Cavium NITROX, Intel QuickAssist, STM32F2/F4, Freescale/NXP (CAU, mmCAU, SEC, LTC), Microchip PIC32MZ, ARMv8
- OpenSSL compatibility layer
- Post Quantum Cryptography:
- Kyber KEM (hybridized with NIST ECC curves, allowing FIPS-compliance!)
- Level 1 (ML-KEM-512)
- Level 3 (ML-KEM-768)
- Level 5 (ML-KEM-1024)
- Dilithium (ML-DSA) Signature Scheme
- Level 2 (ML-DSA-44)
- Level 3 (ML-DSA-65)
- Level 5 (ML-DSA-87)
- FALCON Signature Scheme
- Level 1
- Level 5
- SPHINCS+ Signature Scheme
- LMS/HSS
- XMSS/XMSS^MT
- Hybrid TLS Key Establishment Schemes
- ECDHE P-256 with Kyber Level 1
- ECDHE P-384 with Kyber Level 3
- ECDHE P-521 with Kyber Level 5
- Dual Agorithm Certificate and TLS 1.3 Dual Algorithm Authentication Support
- Kyber KEM (hybridized with NIST ECC curves, allowing FIPS-compliance!)
Supported Chipmakers
- wolfSSL has support for chipsets including ARM, Intel, Motorola, mbed, NXP/Freescale, Microchip (PIC32)/Atmel, ST (STM32F2/F4), Analog Devices, Texas Instruments, Xilinx SoCs/FPGAs, and more
- If you would like to use or test wolfCrypt on another chipset, let us know and we’ll be happy to support you.
Supported Operating Environments
- Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Linux, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium µC/OS-III, FreeRTOS, SafeRTOS, NXP/Freescale MQX, Nucleus, TinyOS, HP/UX, AIX, ARC MQX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, Keil RTX, TOPPERS, PetaLinux, Apache Mynewt
- If you would like to test wolfCrypt on another environment, let us know and we’ll be happy to support you.
Documentation:
Licensing and Ordering:
wolfCrypt is dual licensed under both the GPLv2 and commercial licensing. For more information, please see the following links.