wolfCrypt Embedded Crypto Engine

The wolfCrypt cryptography engine is a lightweight crypto library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support. wolfCrypt supports the most popular algorithms and ciphers as well as progressive ones such as ChaCha20, Curve25519, Poly1305, Post-Quantum Cryptography, and SHA-3. wolfCrypt is stable, production-ready, and backed by our excellent team of security experts. It is used in millions of application and devices worldwide.

A version of the wolfCrypt cryptography library has been FIPS 140-3 validated (Certificate #4718) and continues to support the historical FIPS 140-2 validation (Certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ or contact fips@wolfssl.com.

Platform and Language Support

wolfCrypt is built for maximum portability and is generally very easy to compile on new platforms. It supports the C programming language as a primary interface. If your desired platform is not listed under the supported operating environments, or you have interest in using wolfCrypt in another programming language not currently supported, please contact us.

Hardware encryption and acceleration

wolfCrypt supports hardware cryptography and acceleration on several platforms. To see a list of platforms that are supported, please see our hardware cryptography support page.

Commercial Support

Support packages for wolfCrypt are available on an annual basis directly from wolfSSL. With four different package options, you can compare them side-by-side and choose the package that best fits your specific needs. Please see our Support Packages page for more details or contact us with any questions.

For license information, please see our Licensing Page.

Benchmarks

For benchmarking information or data, please visit our Benchmark page or contact us for more information.

Special Builds

Module Isolation - Individual algorithms and ciphers are able to be easily broken out of the wolfCrypt package and used independently. If you would like to learn more, please contact us.

wolfCrypt Training Course

Interested in getting trained by security experts on subjects related to wolfCrypt and/or wolfSSL? For more information, please read our blog, or check out the wolfSSL Comprehensive Training Videos.

Features

Hash Functions:
- MD5, SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA-3, RIPEMD-160, Poly1305, SM3
Block, Stream, and Authenticated Ciphers:
- AES (CBC, CTR, OFB, CFB, XTS, GCM, CCM, GMAC, CMAC), Camellia, DES, 3DES, ARC4, ChaCha20, SM4
Public Key Algorithms:
- RSA, DSA, DH, DHE, EDH, ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA, SM2
Password-based Key Derivation: HMAC, PBKDF2
Curve25519 and Ed25519
Curve448 and Ed448
ECC and RSA Key Generation
ECC curve types:
- SECP, SECPR2, SECPR3, BRAINPOOL, KOBLITZ
ECC key lengths:
- 112, 128, 160, 192, 224, 239, 256, 320, 384, 512, 521
X.509v3 RSA and ECC Signed Certificate Generation
PEM and DER certificate support
Hash-based PRNG
Asynchronous crypto support: Intel QuickAssist, Cavium Nitrox
Hardware Cryptography Support:
- Intel AES-NI, AVX1/2, RDRAND, RDSEED, SGX, Cavium NITROX, Intel QuickAssist, STM32F2/F4, NXP/Freescale (CAU, mmCAU, SEC, LTC, CAAM), Microchip PIC32MZ, ARMv8, Renesas TSIP, and more!
Abstraction Layers / User Callbacks:
- C Standard Library, Memory hooks, Logging callbacks
Assembly Optimizations
Easily ties in to Hardware-based RNG solutions
OpenSSL compatibility layer
PKCS#1 (RSA Cryptography Standard) support
PKCS#3 (Diffie-Hellman Key Agreement Standard) support
PKCS#5 (Password-Based Encryption Standard) support
PKCS#7 (Cryptographic Message Syntax - CMS) support
PKCS#8 (Private-Key Information Syntax Standard) support
PKCS#9 (Selected Attribute Types) support
PKCS#10 (Certificate Signing Request - CSR) support
PKCS#11 (Cryptographic Token Interface) support
PKCS#12 (Certificate/Personal Information Exchange Syntax Standard) support
Post Quantum Cryptography:
- Kyber KEM (hybridized with NIST ECC curves, allowing FIPS-compliance!)
  - Level 1 (ML-KEM-512)
  - Level 3 (ML-KEM-768)
  - Level 5 (ML-KEM-1024)
- Dilithium (ML-DSA) Signature Scheme
  - Level 2 (ML-DSA-44)
  - Level 3 (ML-DSA-65)
  - Level 5 (ML-DSA-87)
- FALCON Signature Scheme
  - Level 1
  - Level 5
- SPHINCS+ Signature Scheme
- LMS/HSS
- XMSS/XMSS^MT
- Hybrid TLS Key Establishment Schemes
  - ECDHE P-256 with Kyber Level 1
  - ECDHE P-384 with Kyber Level 3
  - ECDHE P-521 with Kyber Level 5
- Dual Agorithm Certificate and TLS 1.3 Dual Algorithm Authentication Support

Supported Operating Environments

Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Linux, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium µC/OS-III, FreeRTOS, SafeRTOS, NXP/Freescale MQX, Nucleus, TinyOS, HP/UX, AIX, ARC MQX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, Keil RTX, TOPPERS, PetaLinux, Apache Mynewt, PikeOS, Deos, Azure Sphere OS
If you would like to test wolfCrypt on another environment, let us know and we’ll be happy to support you.

PRODUCTS

Highlights

Lightweight

Portable