STMicroelectronics recently released a new range of ARM based MPUs. These are industrial grade ARM microprocessors that provide excellent performance as well as many useful features. ST have released OpenSTLinux to run on these chips, but they have also made a version of their bare-metal HAL API which works with these chips.
The wolfSSL team has recently ported wolfSSL to bare metal for the STM32MP135F in this range. This chip has a single-core 1GHz ARM Cortex-A7 which has hardware crypto acceleration features. There have been multiple parts to this work, which I will walk through in this post.
HAL porting
The previous AES, HASH and PKA HAL acceleration for STM32 MCUs has been ported to work with the STM32MP13 HAL. Every hardware acceleration feature we have previously supported for STM32 MCUs works with this MPU.
During testing, we clocked the MPU at 650MHz, which is the default high clock speed for bare-metal. At this speed we can get 12MB/sec AES-CBC, 9MB/sec AES-GCM and 90MB/sec SHA256. This is with the core clocked at only 65% of its maximum speed.
Extra hash support
We didn’t just stop there: we also added HAL acceleration for additional SHA types. With this MPU, we can now accelerate SHA-384, SHA-512 and SHA3 types. All also achieving around 85-90MB/sec. This is a 10-30x improvement over what you would typically see when running software-based algorithms for these types on the same hardware.
All the work we did to add these hash types should be easily portable to ST MCUs that support those types in the HAL. You can email us at support@wolfSSL.com if you wish for us to assist you with this porting work.
wolfSSL Example
Setting up and running the MPU in bare-metal mode can be a little bit tricky, so on top of all of this, we created a documented example so that you can create an echo client. This example is designed to be used with the STM32MP135F-DK development board. It uses FreeRTOS and LwIP, so it can be extended to do other things.
The example is available on our wolfssl-examples-stm32 GitHub repository.
There is also a README available in the main wolfSSL source tree, which can guide you through using wolfCrypt with the STM32MP135F.
What about Linux?
For those who want to use OpenSTLinux, wolfSSL “just works”. Using ST’s cross-compile toolchain, you can compile wolfSSL just like you would for any other Linux installation. On Linux, this is the wolfCrypt benchmark results:
------------------------------------------------------------------------------
wolfSSL version 5.7.4
------------------------------------------------------------------------------
Math: Multi-Precision: Wolf(SP) word-size=32 bits=4096 sp_int.c
Single Precision: ecc 256 384 rsa/dh 2048 3072 4096 asm sp_cortexm.c
wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each)
RNG 10 MiB took 1.049 seconds, 9.537 MiB/s
AES-128-CBC-enc 20 MiB took 1.003 seconds, 19.931 MiB/s
AES-128-CBC-dec 20 MiB took 1.075 seconds, 18.597 MiB/s
AES-192-CBC-enc 20 MiB took 1.198 seconds, 16.697 MiB/s
AES-192-CBC-dec 20 MiB took 1.254 seconds, 15.947 MiB/s
AES-256-CBC-enc 15 MiB took 1.063 seconds, 14.105 MiB/s
AES-256-CBC-dec 15 MiB took 1.076 seconds, 13.943 MiB/s
AES-128-GCM-enc 10 MiB took 1.044 seconds, 9.577 MiB/s
AES-128-GCM-dec 10 MiB took 1.018 seconds, 9.822 MiB/s
AES-192-GCM-enc 10 MiB took 1.130 seconds, 8.846 MiB/s
AES-192-GCM-dec 10 MiB took 1.128 seconds, 8.867 MiB/s
AES-256-GCM-enc 10 MiB took 1.191 seconds, 8.393 MiB/s
AES-256-GCM-dec 10 MiB took 1.204 seconds, 8.307 MiB/s
GMAC Table 4-bit 20 MiB took 1.014 seconds, 19.716 MiB/s
CHACHA 35 MiB took 1.102 seconds, 31.750 MiB/s
CHA-POLY 30 MiB took 1.173 seconds, 25.586 MiB/s
POLY1305 120 MiB took 1.027 seconds, 116.896 MiB/s
SHA 45 MiB took 1.029 seconds, 43.727 MiB/s
SHA-256 25 MiB took 1.042 seconds, 23.988 MiB/s
HMAC-SHA 45 MiB took 1.075 seconds, 41.845 MiB/s
HMAC-SHA256 25 MiB took 1.029 seconds, 24.291 MiB/s
RSA 2048 public 1400 ops took 1.043 sec, avg 0.745 ms, 1342.619 ops/sec
RSA 2048 private 100 ops took 2.532 sec, avg 25.324 ms, 39.488 ops/sec
DH 2048 key gen 86 ops took 1.007 sec, avg 11.707 ms, 85.419 ops/sec
DH 2048 agree 100 ops took 1.194 sec, avg 11.939 ms, 83.763 ops/sec
ECC [ SECP256R1] 256 key gen 1500 ops took 1.023 sec, avg 0.682 ms, 1466.898 ops/sec
ECDHE [ SECP256R1] 256 agree 700 ops took 1.037 sec, avg 1.482 ms, 674.714 ops/sec
ECDSA [ SECP256R1] 256 sign 1200 ops took 1.109 sec, avg 0.924 ms, 1081.961 ops/sec
ECDSA [ SECP256R1] 256 verify 700 ops took 1.146 sec, avg 1.638 ms, 610.589 ops/sec
Details on this can also be found in the wolfSSL STM32MP13 README.
If you have questions about any of the above, please contact us at facts@wolfssl.com or +1 425 245 8247.
Download wolfSSL Now