• Registered: 2017-01-26
  • Posts: 5

Topic: TLS improvements with Crypto chip

I'm evaluating WolfSSL on STM32F427 and I've been able to set up TLS 1.2 with software implementation only. I'm wondering how much would it speed up the process if I combine the MCU with a crypto chip like ATECC508A or ATSHA204. I'm talking specifically about improvements in the connection setup time and the resources freed up on the main MCU. I was also interested in WolfSSH and was also wondering if adding the chip will also speed up that as well.
For reference, it takes around 7-10 seconds to setup a connection to Google in my implementation.

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: TLS improvements with Crypto chip

Hi uzairo89,

Whenever you use hardware over software you can expect significant performance increases. Have you had a chance to review our benchmarking page here:https://www.wolfssl.com/docs/benchmarks/

You can see for example on the STM32F2 (which has onboard acceleration like the STM32F437 but unlike the STM32F427):

Software Crypto: wolfCrypt Benchmark, Normal Big Integer Math Library
AES        1024 kB took 0.822 seconds,   1.22 MB/s

STM32F2 Hardware Crypto: wolfCrypt Benchmark, Normal Big Integer Math Library
AES        1024 kB took 0.105 seconds,   9.52 MB/s

Have you also considered using the STM32F437 that has on-board acceleration?

The STM32F437 also integrates a crypto/hash processor providing hardware acceleration for AES-128, -192 and -256, with support for GCM, CCM, Triple DES, and hash (MD5, SHA-1 and SHA-2)
REFERENCE: http://www.st.com/en/microcontrollers/s … tId=LN1789

You asked specifically about setup time and resources freed up on the main MCU, If you were to use the ATECC508A AND you were using ECC based cipher suites then absolutely you could expect speed up in connection time and also reduced run-time memory as the ECC keys could be offloaded to the key store in the ATECC508A module.

wolfSSL has not yet added support for the ATSHA204 module but that is something we could do. If that is something you would like to see added I would encourage you to shoot an email to rod@wolfssl.com or rich@wolfssl.com to discuss how that might be achieved!

Warmest Regards,

Kaleb

Kaleb J. Himes's Website

Share

  • Registered: 2017-01-26
  • Posts: 5

Re: TLS improvements with Crypto chip

Getting STM32F437 in large quantities seems to be a problem for suppliers because of export regulations so we're trying to avoid it. Plus we want to avoid being locked into a particular MCU because of the HW acceleration so we would rather have that provided externally. Plus the crypto chip would help in protecting IP and preventing clones so we prefer this approach. And its readily available.

Share