NXP CAU, mmCAU, and LTC Hardware Cryptography with TLS 1.3

As you may know, wolfSSL includes support for offloading cryptography operations into NXP Coldfire and Kinetis devices that include the CAU, mmCAU, or LTC hardware crypto modules. Taking advantage of these modules improves performance of both the cryptography and the SSL/TLS layer running on top of it.

Here is a quick comparison of performance between software cryptography and the hardware-based cryptography offered by the Kinetis mmCAU on a K60 TWR running at 100MHz:

               Software Crypto     Hardware Crypto
AES            0.49 MB/s           2.71 MB/s
DES            0.31 MB/s           3.49 MB/s
3DES           0.12 MB/s           1.74 MB/s
MD5            4.07 MB/s           4.88 MB/s
SHA-1          1.74 MB/s           2.71 MB/s
SHA-256        1.16 MB/s           2.22 MB/s
HMAC-SHA       1.74 MB/s           3.05 MB/s
HMAC-SHA256    1.22 MB/s           2.03 MB/s

And, here are some benchmark comparisons between software and hardware cryptography offered by the LTC module on a NXP FRDM-K82F, Cortex M4 running at 150 MHz:

                                 Software Crypto     Hardware Crypto
RNG                              0.136 MB/s          0.939 MB/s
AES enc                          0.247 MB/s          12.207 MB/s
AES dec                          0.239 MB/s          12.207 MB/s
AES-GCM                          0.016 MB/s          12.207 MB/s
AES-CTR                          0.247 MB/s          8.138 MB/s
AES-CCM                          0.121 MB/s          6.104 MB/s
CHACHA                           0.568 MB/s          3.052 MB/s
CHA-POLY                         0.444 MB/s          1.878 MB/s
POLY1305                         2.441 MB/s          8.138 MB/s
SHA                              0.842 MB/s          4.069 MB/s
SHA-256                          0.309 MB/s          2.713 MB/s
SHA-384                          0.224 MB/s          0.763 MB/s
SHA-512                          0.216 MB/s          0.698 MB/s
RSA 2048 public                  147.000 ms         12.000 ms    (over 1 iteration)
RSA 2048 private                 2363.000 ms        135.000 ms   (over 1 iteration
ECC 256 key generation           355.400 ms         17.400 ms    (over 5 iterations)
EC-DHE key agreement             352.400 ms         15.200 ms    (over 5 iterations)
EC-DSA sign time                 362.400 ms         20.200 ms    (over 5 iterations)
EC-DSA verify time               703.400 ms         33.000 ms    (over 5 iterations)
CURVE25519 256 key generation    66.200 ms          14.400 ms    (over 5 iterations)
CURVE25519 key agreement         65.400 ms          14.400 ms    (over 5 iterations)
ED25519 key generation           25.000 ms          14.800 ms    (over 5 iterations)
ED25519 sign time                30.400 ms          16.800 ms    (over 5 iterations)
ED25519 verify time              74.400 ms          30.400 ms    (over 5 iterations)

Did you know that wolfSSL also provides support for TLS 1.3? With TLS 1.3, users also have the ability to use this new protocol version for TLS connections with even better performance!

TLS 1.3 includes many improvements over TLS 1.2, including reducing the number of round trips required to perform a full handshake, repurposing the ticketing system to allow for servers to be stateless, and the removal of insecure algorithms. These changes mean better performance on Freescale/NXP CAU, mmCAU, and LTC-based devices, and lower memory usage on those devices acting as a TLS server.

To learn more about using TLS 1.3 in wolfSSL, visit our TLS 1.3 webpage today! Additionally, please feel free to contact support@wolfssl.com or visit our FAQ page for more information.