NXP S32K1 CSE Hardware Acceleration supported by wolfSSL

    • wolfSSL now supports using the Cryptographic Services Engine (CSE) on NXP S32K1 microcontrollers for hardware-accelerated cryptography.

    The CSE is a secure coprocessor integrated into automotive-grade microcontrollers like the S32K148, providing AES acceleration, hardware TRNG, and secure key storage.

    The port uses wolfSSL’s Crypto Callback mechanism, so when operations aren’t supported by CSE hardware (like AES-192/256), the implementation automatically falls back to wolfSSL’s software solution.

    Currently, wolfSSL supports offloading the following algorithms to the CSE hardware:
    TRNG:

    • Hardware RNG

    AES (128-bit only):

    • AES ECB
    • AES CBC

    Message Authentication:

    • AES CMAC 128-bit

    Benchmarks:
    These benchmarks were collected using a Cortex-M4F clocked at 48 MHz on the S32K148-Q176 development board compared to a pure C software implementation.

    Detailed Results:
    (Block bytes: 1024, Test duration: 10.0 seconds per algorithm)

    Algorithm Software Hardware Hardware Speedup
    AES-128 ECB Encrypt 0.420 MiB/s 0.784 MiB/s 1.87x
    AES-128 ECB Decrypt 0.438 MiB/s 0.784 MiB/s 1.79x
    AES-128 CBC Encrypt 0.347 MiB/s 0.793 MiB/s 2.29x
    AES-128 CBC Decrypt 0.383 MiB/s 0.798 MiB/s 2.08x
    AES-128 CMAC 0.308MiBs 0.281 MiBs 0.91x

    In some cases, such as with CMAC, the hardware implementation may perform slower than the software version. This is typically due to smaller input sizes,since the time required to initialize the CSE and transfer data can exceed the time it takes for the CPU to process the operation in software. Hardware acceleration becomes significantly more beneficial as the input data size increases.

    wolfBoot Support for S32K1

    We have also added S32K1 support to wolfBoot. With this port, it is possible to leverage hardware acceleration for supported algorithms. This allows wolfBoot to offload crypto operations and decrease code size by utilizing the hardware implementation available on the chip.

    You can find the implementation details in wolfBoot PR #661.

    Download

    Please reach out to facts@wolfssl.com for information regarding using the CSE support in your project.

    If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

    Download wolfSSL Now