WOLFSSL NXP SUPPORT

The wolfSSL embedded SSL/TLS library and wolfCrypt embedded crypto engine fully support running on NXP platforms including Coldfire, i.MX RT1064, RT1060, RT1050, RT1020, RT600 Series Crossover Processors, i.MX 8, 7, 6 Series Applications Processors, LPC5500, LPC54000, LPC51U68, or LPC1100 Series MCUs, QorIQ P1021, T1024, T2080, LS1028A, and EdgeLock SE050, Layerscape, and Kinetis V, K, W, E, L, M, or EA Series MCUs.

In addition to the portability and memory advantages to using wolfSSL on NXP platforms, wolfSSL supports the mmCAU hardware cryptography module on Kinetis devices, and CAU/SEC on Coldfire platforms.  Offloading the cryptography operations into these hardware modules provide both footprint size reduction as well as substantial performance increases.

Building wolfSSL with NXP Support

wolfSSL ships with several built-in defines for enabling support for MQX/RTCS/MFS, mmCAU/CAU/SEC, and the hardware random number generators on Kinetis platforms.  To compile wolfSSL for your Kinetis or MQX-based project, add defines from the below list to <wolfssl_root>/wolfssl/wolfcrypt/settings.h, or to your list of preprocessor defines in your IDE (CodeWarrior, KDS, etc.).

These macros are prefixed with "FREESCALE" as this functionality was added prior to NXP's ownership of Freescale.

FREESCALE_MQX - Enables support for NXP MQX/RTCS/MFS
FREESCALE_MMCAU - Enables and turns on support for mmCAU hardware cryptography
HAVE_COLDFIRE_SEC - Enables and turns on support for Coldfire SEC hardware cryptography
FREESCALE_K70_RNGA - Enable when K70 RNGA hardware random number generator is available
FREESCALE_K53_RNGB - Enable when K53 RNGB hardware random number generator is available

Please contact wolfSSL with any questions about using the wolfSSL lightweight SSL library with NXP platforms or development environments.

NXP CAU, mmCAU, and LTC Hardware Cryptography with TLS 1.3

wolfSSL includes support for offloading cryptography operations into NXP Coldfire and Kinetis devices that include the CAU, mmCAU, or LTC hardware crypto modules. Taking advantage of these modules improves performance of both the cryptography and the SSL/TLS layer running on top of it.

TLS 1.3 includes several improvements over TLS 1.2, including reducing the number of round trips required to perform a full handshake, and repurposing the ticketing system to allow for servers to be stateless. These changes mean better performance on Freescale/NXP CAU, mmCAU, and LTC-based devices, and lower memory usage on those devices acting as a TLS server.

The wolfSSL embedded SSL/TLS library and wolfCrypt embedded crypto engine fully support running on NXP platforms including Kinetis, Coldfire, and i.MX6.
In addition to the portability and memory advantages to using wolfSSL on NXP platforms, wolfSSL supports the mmCAU hardware cryptography module on Kinetis devices, and CAU/SEC on Coldfire platforms.  Offloading the cryptography operations into these hardware modules provide both footprint size reduction as well as substantial performance increases.

About NXP

NXP Semiconductors

NXP® Semiconductors N.V. (NASDAQ: NXPI) enables secure connections and infrastructure for a smarter world, advancing solutions that make lives easier, better and safer. As the world leader in secure connectivity solutions for embedded applications, NXP is driving innovation in the secure connected vehicle, end-to-end security & privacy and smart connected solutions markets. Built on more than 60 years of combined experience and expertise, the company has 45,000 employees in more than 35 countries.

NXP Kinetis mmCAU Crypto Support

Supported cryptographic algorithms accelerated in hardware through the NXP mmCAU include AES, DES, 3DES, MD5, SHA-1, and SHA-256.  For details regarding the mmCAU module, please refer to the NXP CAU and mmCAU software library web page.

The following benchmarks were gathered using the wolfCrypt benchmark application (located in <wolfssl_root>/wolfcrypt/benchmark/benchmark.c) running on an NXP Kinetis K60-TWR platform.

AlgorithmSoftware CryptoHardware CryptoPercent Increase
AES0.492.71453% (5.5x)
DES0.313.491025% (11.3x)
3DES0.121.741350% (14.5x)
MD54.074.8819.9% (1.2x)
SHA-11.742.7155.7% (1.6x)
SHA-2561.162.2291.4% (1.9x)
HMAC-SHA1.743.0575.3% (1.8x)
HMAC-SHA21.222.0366.4% (1.7x)

As the above benchmarks show, the hardware-based algorithms taking advantage of the mmCAU demonstrate significantly faster speeds than that of their software counterparts.

NXP Kinetis K8X LTC support for PKI (RSA/ECC) with #TLS13

The LTC hardware accelerator improves:

  • RSA performance by 12-17X
  • ECC performance by 18-23X
  • Ed/Curve25519 performance by 2-3X.

wolfSSL now provides support for TLS 1.3 (#TLS13), which was introduced in an internet draft in October of 2016. 

If desired, the LTC hardware accelerator can be combined with TLS 1.3, providing:

  • Reduced number of round trips while performing a full handshake 
  • A repurposed ticketing system allows for servers to be stateless
  • More attack resistance from improvements to renegotiation, compression, CBC, padding, etc.

Support for the NXP LTC adds to wolfSSL’s existing mmCAU support, now accelerating RNG, AES (CBC, CCM, GCM, CTR), DES/3DES, MD5, SHA, SHA256, SHA384/512 and ChaCha20/Poly1305.

The combined LTC/MMCAU hardware acceleration improves performance, reduces power consumption and reduces code size by 40%.

References