wolfSSL is modular. We’ve got two key modules: wolfSSL handles all SSL needs while CTaoCrypt handles all cryptographic needs including block ciphers, stream ciphers, message digests, hashing, public key cryptography, certificates, and various helper utilities. Our topic for this post is our crypto module CTaoCrypt.
CTaoCrypt is our implementation of cryptography components including various block and stream ciphers that can be used underneath the SSL protocol. A complete description of our ciphers is available here:
Not all ciphers are created equally. Some are better than others, depending on the task at hand. CTaoCrypt includes the traditional and most popular block ciphers, which are DES, 3DES, and AES, and the popular stream cipher ARC4. In recent years, the European Union funded the eStream project to identify next generation stream ciphers. The project concluded in 2008. A description of the eStream project is found here: http://en.wikipedia.org/wiki/ESTREAM. The eStream project was looking to identify ciphers that could handle high throughput requirements and/or operate well in resource constrained environments.
High throughput and resource constrained environments (like VoIP on devices) is where wolfSSL maintains a technology lead over the pack of SSL libraries, so it was natural for us to maintain a keen interest in the results from eStream. The net result is our implementation of the HC-128 and RABBIT ciphers in wolfSSL. If you’d like to see a comparison of cipher performance, see slide 16 of our OSCON presentation http://www.yassl.com/files/ToddOuska_SecuringMemcache.pdf, showing relative performance of the cipher suites in specific implementation of Secure Memcache.
Other ciphers can be added to CTaoCrypt for additional purposes, and we’re happy to do it if we see a need from our customers. Watch this space for further announcements!