Month: May 2018

We have created a new repository for hosting the FreeRTOS classic and Amazon FreeRTOS support for wolfSSL located here:
https://github.com/wolfSSL/wolfssl-freertos

There are two pull requests with support for wolfSSL including demos:

FreeRTOS Classic v10.0.1 with wolfSSL/wolfMQTT demos:
https://github.com/wolfSSL/wolfssl-freertos/pull/1

• Added a wolfMQTT FreeRTOS TCP demo. This demo connects to the iot.eclipse.org MQTT broker with TLS on port 8883. It sends a counter publish message every second.
• Updated wolfSSL demo:
• Project built and tested against latest v3.14.4 release.
• Switched to using user_settings.h (WOLFSSL_USER_SETTINGS).
• Updated the certs (expired Jan 31, 2018).
• Stop tracking the .filter project file.
• Add submodule for wolfMQTT v1.0 plus FreeRTOS TCP support.
• Replace wolfSSL sources with submodule wolfSSL v3.14.4 plus some Win VS fixes.
• Initial FreeRTOS v10.0.1

Amazon FreeRTOS v1.2.3 port to use wolfSSL:
https://github.com/wolfSSL/wolfssl-freertos/pull/2

• Port of the Amazon FreeRTOS v1.2.3 to use wolfSSL.
• Added a new solution and project for demo at FreeRTOS-AWS/demos/pc/windows/visual_studio/aws_demo_wolf.sln.
• Added wolfssl as submodule.

Did you know that the wolfSSL embedded SSL/TLS library supports ARMv8 as well as the Cryptography Extensions that it provides?  wolfSSL is more than 10 times faster with AES and SHA256 operations the ARMv8 board we have been testing on (HiKey LeMaker) when using hardware acceleration versus software crypto!

 

ARMv8 Benchmark Data comparing Software and Hardware Cryptography

Algorithm	Software Cryptography	Hardware Cryptography
RNG	16.761 MB/s	82.599 MB/s
AES-128-CBC-enc	26.491 MB/s	649.179 MB/s
AES-128-CBC-dec	26.915 MB/s	607.407 MB/s
AES-192-CBC-enc	22.796 MB/s	566.717 MB/s
AES-192-CBC-dec	23.130 MB/s	553.092 MB/s
AES-256-CBC-enc	20.004 MB/s	504.143 MB/s
AES-256-CBC-dec	20.207 MB/s	491.374 MB/s
AES-128-GCM-enc	6.224 MB/s	393.407 MB/s
AES-128-GCM-dec	6.226 MB/s	182.279 MB/s
AES-192-GCM-enc	5.895 MB/s	361.801 MB/s
AES-192-GCM-dec	5.895 MB/s	175.676 MB/s
AES-256-GCM-enc	5.609 MB/s	333.911 MB/s
AES-256-GCM-dec	5.610 MB/s	169.085 MB/s
CHACHA	60.510 MB/s	60.017 MB/s
CHA-POLY	41.805 MB/s	41.410 MB/s
MD5	156.310 MB/s	154.421 MB/s
POLY1305	144.464 MB/s	143.058 MB/s
SHA	89.874 MB/s	89.154 MB/s
SHA-256	38.805 MB/s	533.139 MB/s
HMAC-MD5	156.301 MB/s	154.083 MB/s
HMAC-SHA	89.859 MB/s	89.045 MB/s
HMAC-SHA256	38.814 MB/s	532.316 MB/s
RSA, 2048, public	171.995 Ops/s	171.355 Ops/s
RSA, 2048, private	13.716 Ops/s	13.686 Ops/s
DH, 2048, key generation	50.831 Ops/s	50.575 Ops/s
DH, 2048, agree	41.826 Ops/s	41.596 Ops/s

If you are interested in using wolfSSL on an ARMv8 platform and want some tips on getting started for optimal performance, contact us at facts@wolfssl.com!  wolfSSL now includes support for TLS 1.3 as well!

Our wolfMQTT project includes an example for secure firmware update. This example uses the wolfSSL embedded SSL/TLS library to hash/sign the binary image and send it over MQTT. The example has two applications. One is called fwpush, which hashes, signs and publishes the firmware image over TLS to an MQTT broker. The second is called fwclient, which subscribes to the example firmware update topic, receives the firmware image and validates the signature of it. This example is located in examples/firmware.

The latest wolfMQTT releases can be downloaded at:
https://wolfssl.com/download

Documentation for wolfMQTT can be found here:
https://www.wolfssl.com/docs/wolfmqtt-manual/

The latest source code can be found on our GitHub repo at:
https://github.com/wolfSSL/wolfMQTT

For questions please contact support at support@wolfssl.com.

wolfSSL will be exhibiting and speaking at the 2018 International Cryptographic Module Conference in Ottawa, Ontario.  This event will be held at the Shaw Centre in Ottawa, Ontario, Canada May 8th – 11th, 2018.

We will be giving a session on May 9th, focusing on doing FIPS 140-2 validations inside a secure enclave, such as Intel SGX.  Complete details are below:

---

FIPS 140-2 VALIDATIONS IN A SECURE ENCLAVE (archived)
May 9th, 2018
4:15 – 4:45 EDT
Room: G13B
Speaker: Chris Conlon

Session Abstract:

Secure enclaves are becoming a popular way to separate and protect sensitive code and data from other processes running on a system. A FIPS 140-2 validated cryptographic software module is currently required to run power-on self tests when loaded, but security of the module can be taken one step further by validating the module inside a secure enclave, such as Intel SGX.

wolfSSL has been working on FIPS 140-2 validating the wolfCrypt library running inside an Intel SGX enclave. This session will discuss the advantages, challenges, and process of FIPS 140-2 validating a cryptographic software module inside Intel SGX and how the same process could be applied to other secure enclave environments.

---

If you are attending or planning on attending please stop by our table or schedule an appointment by contacting us at facts@wolfssl.com.  We will be talking about TLS 1.3, TPM 2.0, Intel SGX, wolfCrypt FIPS operating environment updates, embedded TLS, and more!

For more information about ICMC, or to purchase tickets, you may register at: https://icmconference.org/

We look forward to seeing you there!