wolfHSM provides a client-server model for interacting with HSM’s to do cryptographic operations and currently supports multiple transport mediums: TCP, POSIX shared memory (SHM), and DMA (direct memory access). It gives the option of using wolfCrypt with it’s FIPS 140-3 certification instead of a hardware HSM to take advantage of something like a secure trustzone. This abstraction also makes it easy for developing an application that can make use of any HSM backend without needing to make changes to the application when switching the HSM used.
Recently an additional feature was added for DMA operations with the POSIX shared memory transport. Instead of copying data from the shared memory buffer, wolfHSM can now pass an offset into the SHM buffer by making use of wolfSSL’s static memory feature on the client side and translating the offset into the shared memory region into a pointer on the server side. This reduces redundant memory copies and improves throughput. New `wh_dma.c` and `wh_dma.h` files were introduced to provide offset translation, validation, and hooks for cache handling or memory safety checks. These changes give developers better performance by avoiding unnecessary `memcpy` operations while taking advantage of wolfCrypt FIPS 140-3 certified security.
Along with the feature addition, the POSIX examples were enhanced to take an argument for selecting a transport medium type and the benchmarking tool was also enhanced similarly.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call +1 425 245 8247.
Download wolfSSL Now