Category: Uncategorized

#Crypto #Hardware #Performance

We now support the Intel QuickAssist adapter, which is a low-profile PCIe x8 (Gen 3) card that accelerates crypto operations. Asynchronous hardware acceleration has been added for the following crypto algorithms:

* PKI: RSA public/private (CRT/non-CRT), ECDSA/ECDH, DH
* Cipher: AES CBC/GCM, DES3
* Digest: MD5, SHA, SHA224, SHA256, SHA384, SHA512 and HMAC.

Here are our benchmarks using our asynchronous benchmark application running multiple threads with CPU affinity in user space:

* RSA 2048 public: 209,909 ops/sec
* RSA 2048 private: 41,999 ops/sec
* DH  2048 key gen: 112,491 ops/sec
* DH  2048 key agree: 95,129 ops/sec
* ECDHE 256 agree: 55,117 ops/sec
* ECDSA 256 sign: 46,798 ops/sec
* ECDSA 256 verify: 28,917 ops/sec
* AES-CBC Enc: 2,932 MB/s
* AES-CBC Dec: 2,882 MB/s
* AES-GCM: 2,903 MB/s
* 3DES: 1,511 MB/s
* MD5: 2,309 MB/s
* SHA: 5,068 MB/s
* SHA-224: 2,392 MB/s
* SHA-256: 1,275 MB/s
* SHA-384: 2,020 MB/s
* SHA-512: 1,908 MB/s

Performed on an Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz, 12GB RAM, with Intel QuickAssist is DH895xCC.

Additionally we’ve fully implemented asynchronous TLS client/server support in all wolfSSL PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.

Please contact us at facts@wolfssl.com if you are interested in evaluating these new features.

Intel ® SGX (Software Guard Extensions) allows for additional security and a smaller surface area for attack. One way this is accomplished is by restricting access to portions of memory even from other applications running on the same computer. This additional security is for both code that is being executed and stagnant information with “sealing” data.

Do you have a use case where cryptography with Intel’s ® SGX is needed?

wolfSSL has a port to use SGX located in the directory wolfssl-root/IDE/WIN-SGX/ and two demo examples of creating an Enclave that links with the wolfSSL embedded TLS/SSL library.
Linux/Unix SGX example: SGX Linux
Windows example: SGX Windows

For more information about Intel SGX see the sites below.
https://en.wikipedia.org/wiki/Software_Guard_Extensions
https://software.intel.com/en-us/sgx
https://software.intel.com/sites/default/files/managed/77/98/IntelSGX-infoQ-SolutionBrief.pdf?utm_source=InfoQ&utm_campaign=InfoQSGXGTM&utm_medium=AssetPDF

If you have a need for an embedded SSL/TLS library with Intel ® SGX contact us today facts@wolfssl.com.

Interested in using AWS IoT with MQTT?

We added an Amazon Web Services (AWS) IoT example to our wolfMQTT client in our latest wolfMQTT v0.12 released on 12/20/16.

For this example we setup an AWS IoT endpoint and made it available for testing. AWS uses TLS with a client certificate for authentication. The example is located in /examples/aws/.

You can download the latest release from our website or clone on GitHub. For more information please email us at facts@wolfssl.com.

wolfSSL has been ported and tested on a Nordic nRF52 board. The wolfSSL embedded SSL/TLS library is ideal for IoT projects and excels at fitting onto resource constrained devices. If looking to use a progressive, embedded TLS/SSL library in your IoT projects contact us here at wolfSSL. A special thanks goes out to Michal Lower for some speed ups with curve25519 key agreements/signatures along with wolfSSL macro defines for the Nordic nRF52 port.

For questions about wolfSSL contact us at facts@wolfssl.com

wolfSSL recently added support Intel SGX to the wolfSSL lightweight SSL/TLS library. SGX allows developers to protect code and data from disclosure or modification. For users interested in learning more about SGX, the following Intel Security Brief provides an overview of how wolfSSL, Numecent, and Bromium have leveraged SGX:

Hardware-Assisted Security for High-Value Information

Tired of using OpenSSL in your projects? wolfSSL has recently expanded to our compatibility layer and we have more functions coming. This compatibility expansion makes it easier for ripping and replacing the TLS library being used. Making it easier to upgrade your project by using the progressive wolfSSL SSL/TLS library. Over 100 OpenSSL compatibility functions were added to wolfSSL in the last couple months and more compatibility functions are to come.

For more information about wolfSSL contact us at facts@wolfssl.com

Are you attending CES?

wolfSSL will be attending CES 2017 from Thursday the 5th until Saturday the 7th of January, to visit with customers, prospects and/or those who need a lightweight, portable SSL/TLS solution.

Our Business Directors, Rod Weaver and Rich Kelm will be making the rounds at the show and would welcome the opportunity to discuss your interest in wolfSSL as well as touch on some of the following topics:
 
2016 wolfSSL Roadmap:
wolfMQTT – Secure Firmware Update System
Quantum-Safe wolfSSL
wolfSSL Max Strength Build
wolfCrypt API Reference Now Available
wolfCrypt with FIPS certification
wolfSSL with Memory Optimized Curve22519 and ED22519
Kerberos to Android with wolfCrypt
wolfSSL on Intel Galileo
wolfSSL in MySQL    
wolfSSL with ChaCha20 / Poly1305 AEAD cipher suites

If you would like to set up a specific meeting time, please contact Rod Weaver at rod@wolfssl.com or (206) 310-3098, or contact Rich Kelm at rich@wolfssl.com or (360) 556-9718.

As a Christmas present to our users, customers, and community, wolfSSL is releasing version 3.10.0 of the wolfSSL embedded SSL/TLS library. Version 3.10.0 includes lots of great new features and is now available from our download page.

Features included in version 3.10.0 include:

– Support for SHA-224
– Support for scrypt
– Build for Intel SGX, located in the IDE/WIN-SGX directory
– Fix for ChaCha20-Poly1305 ECDSA certificate type request
– Enhancements for PKCS#7 with support for ECC EnvelopedData
– AES key wrap support
– Support for RIOT OS
– Support for parsing PKCS#12 files
– ECC performance enhancements with custom curves
– ARMv8 expansion to AArch32 and performance increases
– ANSI-X9.63-KDF support
– Port to STM32 F2/F4 CubeMX
– Port to Atmel ATECC508A board
– Removal of fPIE by default when wolfSSL library is compiled
– Updated Python wrapper, dropping DES and adding wc_RSASetRNG
– Support for NXP K82 hardware acceleration
– SCR client and server verify check
– New disable RNG option with autoconf
– Addition of more tests vectors to test.c for AES-CTR
– Updated DTLS session export version number
– Updated DTLS support for 64-bit sequence numbers
– Fix for memory management with TI and WOLFSSL_SMALL_STACK
– Hardening of RSA CRT to be constant time
– Fix for an uninitialized warning with IAR compiler
– Fix for C# wrapper example IO hang on unexpected connection termination

This release of wolfSSL also fixes one low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server which other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report.

As always, please contact us at facts@wolfssl.com with any questions, comments, or feedback on the wolfSSL embedded SSL/TLS library. We wish you a Happy Holidays, and look forward to 2017!

wolfSSL now supports ARMv8! Significant gains are seen when using the crypto hardware acceleration. wolfSSL is more than 10 times faster with AES and SHA256 operations on a HiKey (LeMaker version) board when using hardware acceleration vs software!!! If building an IoT project requiring fast, secure crypto/TLS with a small memory footprint size, contact wolfSSL at facts@wolfssl.com.

For information about the board used see http://www.lemaker.org/product-hikey-specification.html

While recently exhibiting at ITpro EXPO 2016, wolfSSL and our neighboring booth (SensorCorpus) put together a demo using the wolfSSL embedded SSL/TLS library to secure communication between two robots. The robots were measuring distance using ultrasonic sensors and sending that data back up to the SensorCorpus cloud.

Full details of the demo can be found in the article by Nikkei Networks:
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900024/

For information on securing your application or device with wolfSSL or wolfCrypt, contact us at facts@wolfssl.com.