wolfCrypt FIPS Module

The CMVP has issued FIPS 140-2 Certificate #2425 for the wolfCrypt Module developed by wolfSSL Inc.

The wolfSSL embedded SSL/TLS library (formerly CyaSSL) has support for the hardware-based cryptography and random number generator offered by the STM32F2/F4 through the STM32 Standard Peripheral Library.


STM32 Hardware Crypto Support


Supported cryptographic algorithms accelerated in hardware include AES (CBC, CTR), DES (ECB, CBC), 3DES, MD5, and SHA1.  For details regarding the STM32 cryptography and hash processors, please see the STM32Fxx Standard Peripheral Library document:


http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf


Using wolfSSL with the STM32, applications can see substantial speed improvements when using the hardware crypto versus using wolfSSL’s standard software cryptography implementation.  The following benchmarks were gathered from the wolfCrypt benchmark application (located in <wolfssl_root>/wolfcrypt/benchmark/benchmark.c) running on the STM3221G-EVAL board (STM32F2) using the STM32F2 Standard Peripheral Library and FreeRTOS.



Software Crypto: wolfCrypt Benchmark, Normal Big Integer Math Library


AES        1024 kB took 0.822 seconds,   1.22 MB/s

ARC4     1024 KB took 0.219 seconds,   4.57 MB/s

DES        1024 KB took 1.513 seconds,   0.66 MB/s

3DES      1024 KB took 3.986 seconds,   0.25 MB/s


MD5          1024 KB took 0.119 seconds,   8.40 MB/s

SHA          1024 KB took 0.279 seconds,   3.58 MB/s

SHA-256   1024 KB took 0.690 seconds,   1.45 MB/s


RSA 2048 encryption took 111.17 milliseconds, avg over 100 iterations

RSA 2048 decryption took 1204.77 milliseconds, avg over 100 iterations

DH  2048 key generation   467.90 milliseconds, avg over 100 iterations

DH  2048 key agreement   538.94 milliseconds, avg over 100 iterations



STM32F2 Hardware Crypto: wolfCrypt Benchmark, Normal Big Integer Math Library


AES        1024 kB took 0.105 seconds,   9.52 MB/s

ARC4     1024 KB took 0.219 seconds,   4.57 MB/s

DES        1024 KB took 0.125 seconds,   8.00 MB/s

3DES      1024 KB took 0.141 seconds,   7.09 MB/s


MD5           1024 KB took 0.045 seconds,  22.22 MB/s

SHA           1024 KB took 0.047 seconds,  21.28 MB/s

SHA-256   1024 KB took 0.690 seconds,   1.45 MB/s


RSA 2048 encryption took 111.09 milliseconds, avg over 100 iterations

RSA 2048 decryption took 1204.88 milliseconds, avg over 100 iterations

DH  2048 key generation  467.56 milliseconds, avg over 100 iterations

DH  2048 key agreement   542.11 milliseconds, avg over 100 iterations



As the above benchmarks show, the hardware-based algorithms on the STM32 demonstrate significantly faster speeds than that of their software counterparts.


Building wolfSSL with STM32F2 Support


To enable STM32 hardware-crypto and RNG support, define STM32F2_CRYPTO and STM32F2_RNG when building wolfSSL.  To see a list of defines used to build wolfSSL on the STM3221G-EVAL board with Keil MDK-ARM, see the WOLFSSL_STM32F2 define in <wolfssl_root>/wolfssl/wolfcrypt/settings.h.


Please contact wolfSSL ([email protected]) with any questions about using the CyaSSL lightweight SSL library with the STM32.


About ST




ST is a global leader in the semiconductor market serving customers across the spectrum of sense and power and automotive products and embedded processing solutions. From energy management and savings to trust and data security, from healthcare and wellness to smart consumer devices, in the home, car and office, at work and at play, ST is found everywhere microelectronics make a positive and innovative contribution to people's life. By getting more from technology to get more from life, ST stands for life.augmented.


References


wolfSSL Product Page

STM32 Product Page

STM32F2 Standard Peripheral Library Documentation

 

wolfSSL STM32 Support

Copyright 2016 wolfSSL Inc.  All rights reserved.

Questions?

Please feel free to contact us with any questions you might have.

wolfSSL 3.9.8

Release 3.9.8 of wolfSSL has bug fixes and new features including support for custom ECC curves, addition of RSA blinding, support for Brainpool curves and more.

embedded ssl

Questions? +1 (425) 245-8247