#ARMTechCon – Do you have an ARM-based Raspberry Pi project and are looking for a lightweight SSL library with a low overhead to save memory for your project? Are you looking for something open source? Look no further than wolfSSL, formerly CyaSSL. You can obtain the source from our wolfSSL GitHub repository. It builds easily using standard tools included on the Pi. You can even obtain Python wrappers via pip. Thank you and happy hacking!
Category: Uncategorized
wolfSSH on ARM
#ARMTechCon – Do you have a need for an SSH server for your ARM based IoT environment? wolfSSH can satisfy that need in any environment that can run wolfSSL. With a light footprint, wolfSSH can give any lightweight platform an SSH server. It can be used to provide a network interface to devices that used to have serial ports. Or could be used to transfer files into and out of an embedded device. Please send us an email if you are interested in wolfSSH for ARM devices!
The wolfSSH library is dual-license open-source GPLv3 and commercial.
GreenHills Integrity Support for wolfSSL
#ARMTechCon – @wolfSSL has partnered with @GreenHillsPR who has ported the wolfSSL #embedded TLS library into Integrity RTOS! @GreenHillsPR and @wolfSSL will be exhibiting at #ARMTechCon in Santa Clara, CA. Stop by booth #321 to visit with the wolfSSL Team and discuss any questions!
Reference: https://twitter.com/greenhillspr
wolfSSL CMSIS Pack
On the topic of #ARMTechCon, wolfSSL is available as a CMSIS pack! wolfSSL was one of the first libraries available as a MDK5 software pack, which has evolved into CMSIS.
The wolfSSL ARM MDK5 pack supports CMSIS-RTOS by default, providing both the library and example applications. The user can choose to use a different OS as well. Contact us at support@wolfssl.com for more information about using the wolfSSL CMSIS pack today.
wolfSSL with CubeMX and HAL Support
Just in time for the #ARMTechCon 2016, wolfSSL is making hardware accelerated crypto easier than ever on STM32 devices. This is being done by integrating wolfCrypt into STM`s Hardware Abstraction Layer (HAL) through CubeMX. wolfSSL support for CubeMX with HAL will remove the need to tediously configure hardware acceleration by hand and instead let STM32CubeMX, a graphical software from STM, handle the setup of these features.
wolfSSL is currently testing compatibility on STM32F439ZIx and a STM32F437IIHx boards, but with more support coming soon. If you are interested in getting early access to these features and seeing how easily you can benefit from hardware acceleration, contact support@wolfssl.com.
wolfSSL and Xilinx
#ARMTechCon – wolfSSL now supports Xilinx SoCs and FPGAs. The wolfSSL embedded SSL/TLS library can be used with FPGAs which use the MicroBlaze CPU and/or Zynq and Zynq UltraScale+ SoCs.
For more information contact facts@wolfssl.com
New NXP Kinetis K8X LP Trusted Crypto (LTC) support for PKI (RSA/ECC)
#ARMTechCon – NXP has a new LP Trusted Crypto (LTC) core which accelerates RSA/ECC PKI in their Kinetis K8x line.
The LTC hardware accelerator improves:
* RSA performance by 12-17X
* ECC performance by 18-23X
* Ed/Curve25519 performance by 2-3X.
This adds to the existing MMCAU support which accelerates RNG, AES (CBC, CCM, GCM, CTR), DES/3DES, MD5, SHA, SHA256, SHA384/512 and ChaCha20/Poly1305.
The combined LTC/MMCAU hardware acceleration improves performance, reduces power consumption and reduces code size by 40%.
Here are the benchmarks on a FRDM-K82F Cortex M4 @ 150MHz:
Hardware Accelerated (LTC / MMCAU):
RNG 25 kB took 0.026 seconds, 0.939 MB/s
AES enc 25 kB took 0.002 seconds, 12.207 MB/s
AES dec 25 kB took 0.002 seconds, 12.207 MB/s
AES-GCM 25 kB took 0.002 seconds, 12.207 MB/s
AES-CTR 25 kB took 0.003 seconds, 8.138 MB/s
AES-CCM 25 kB took 0.004 seconds, 6.104 MB/s
CHACHA 25 kB took 0.008 seconds, 3.052 MB/s
CHA-POLY 25 kB took 0.013 seconds, 1.878 MB/s
POLY1305 25 kB took 0.003 seconds, 8.138 MB/s
SHA 25 kB took 0.006 seconds, 4.069 MB/s
SHA-256 25 kB took 0.009 seconds, 2.713 MB/s
SHA-384 25 kB took 0.032 seconds, 0.763 MB/s
SHA-512 25 kB took 0.035 seconds, 0.698 MB/s
RSA 2048 public 12.000 milliseconds, avg over 1 iterations
RSA 2048 private 135.000 milliseconds, avg over 1 iterations
ECC 256 key generation 17.400 milliseconds, avg over 5 iterations
EC-DHE key agreement 15.200 milliseconds, avg over 5 iterations
EC-DSA sign time 20.200 milliseconds, avg over 5 iterations
EC-DSA verify time 33.000 milliseconds, avg over 5 iterations
CURVE25519 256 key generation 14.400 milliseconds, avg over 5 iterations
CURVE25519 key agreement 14.400 milliseconds, avg over 5 iterations
ED25519 key generation 14.800 milliseconds, avg over 5 iterations
ED25519 sign time 16.800 milliseconds, avg over 5 iterations
ED25519 verify time 30.400 milliseconds, avg over 5 iterations
Software only:
RNG 25 kB took 0.179 seconds, 0.136 MB/s
AES enc 25 kB took 0.099 seconds, 0.247 MB/s
AES dec 25 kB took 0.102 seconds, 0.239 MB/s
AES-GCM 25 kB took 1.486 seconds, 0.016 MB/s
AES-CTR 25 kB took 0.099 seconds, 0.247 MB/s
AES-CCM 25 kB took 0.201 seconds, 0.121 MB/s
CHACHA 25 kB took 0.043 seconds, 0.568 MB/s
CHA-POLY 25 kB took 0.055 seconds, 0.444 MB/s
POLY1305 25 kB took 0.010 seconds, 2.441 MB/s
SHA 25 kB took 0.029 seconds, 0.842 MB/s
SHA-256 25 kB took 0.079 seconds, 0.309 MB/s
SHA-384 25 kB took 0.109 seconds, 0.224 MB/s
SHA-512 25 kB took 0.113 seconds, 0.216 MB/s
RSA 2048 public 147.000 milliseconds, avg over 1 iterations
RSA 2048 private 2363.000 milliseconds, avg over 1 iterations
ECC 256 key generation 355.400 milliseconds, avg over 5 iterations
EC-DHE key agreement 352.400 milliseconds, avg over 5 iterations
EC-DSA sign time 362.400 milliseconds, avg over 5 iterations
EC-DSA verify time 703.400 milliseconds, avg over 5 iterations
CURVE25519 256 key generation 66.200 milliseconds, avg over 5 iterations
CURVE25519 key agreement 65.400 milliseconds, avg over 5 iterations
ED25519 key generation 25.000 milliseconds, avg over 5 iterations
ED25519 sign time 30.400 milliseconds, avg over 5 iterations
ED25519 verify time 74.400 milliseconds, avg over 5 iterations
The code to support the LTC is currently in PR #597 here, soon to be rolled into the wolfSSL embedded SSL/TLS library:
https://github.com/wolfSSL/wolfssl/pull/597
These changes are also included in the KSDK 2.0.
See us at ARM TechCon booth #321 (Wednesday 10/26 and Thursday 10/27 – 10:30 AM – 6:30 PM)
wolfSSL + ARM + FIPS
#ARMTechCon – If you have a need for #FIPS on an #embedded ARM device @wolfSSL offers a quick-start solution to get you up and running. @wolfSSL has certified #FIPS 140-2 on multiple ARM devices already! If you’re in town at the ARM TechCon, stop by booth 321 to find out more about this and all the other ARM support provided by @wolfSSL.
We can get you a #CAVP certification or #CMVP #Validation to meet your demand. See our #NIST certification here: wolfCrypt FIPS Certificate for already supported #operatingenvironment’s and #algorithms!
Contact us today
facts@wolfssl.com
fips@wolfssl.com
Progressive Performance in wolfSSL with Curve25519 and Ed25519
Are you a fan of speed? How about new, progressive, and secure algorithms? If so, you’re in luck! The wolfSSL embedded SSL/TLS library and wolfCrypt cryptography library have support for two high-performance algorithms for key agreement (Curve25519) and digital signatures (Ed25519).
Curve25519 is an elliptic curve which offers 128 bits of security, designed for use with ECDH (Elliptic Curve Diffie-Hellman) key agreement:
https://en.wikipedia.org/wiki/Curve25519
https://cr.yp.to/ecdh.html
Ed25519 is a public key signature algorithm using the Twisted Edwards curve. It offers very fast signature verification, signing, and key generation while maintaining a high level of security:
https://en.wikipedia.org/wiki/EdDSA
https://ed25519.cr.yp.to/
For instructions on how you can compile wolfSSL with Curve25519 and Ed25519 support, reference the following post: “Memory Optimized Curve25519 and Ed25519”. And, to hear about how these two algorithms do performance wise, take a look at “Benchmarks of curve25519”.
If you have any question about support for these algorithms in wolfSSL, please let us know at facts@wolfssl.com.
wolfSSL ARMv8 Support
The embedded SSL/TLS library wolfSSL, has support for ARMv8. Significant gains are seen when using the crypto hardware acceleration. wolfSSL is more than 10 times faster with AES and SHA256 operations on a HiKey (LeMaker version) board when using hardware acceleration vs software!!! If building an IoT project requiring fast, secure crypto/TLS with a small memory footprint size, contact wolfSSL at the email address wolfssl@info.com. Come stop by the wolfSSL booth at ARM TechCon!
For information about the board used see http://www.lemaker.org/product-hikey-specification.html