Your SlideShare is downloading. ×
0

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

wolfSSL Year In Review, 2013

1,412

Published on

wolfSSL, author of the open source CyaSSL embedded SSL library has made significant progress in 2013 towards bringing the community a more usable, feature-rich, and better supported library for use in …

wolfSSL, author of the open source CyaSSL embedded SSL library has made significant progress in 2013 towards bringing the community a more usable, feature-rich, and better supported library for use in an ever-growing range of embedded platforms and environments. This talk will provide an overview of technical progress in the last year and news on the current state of wolfSSL. Details on what's new include the addition of new crypto ciphers and algorithms, better hardware cryptography support, more flexible abstraction layers, a JNI wrapper, new platform support, and better development tool integration. www.wolfssl.com

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,412
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. YEAR IN REVIEW FOSDEM 2014 FEBRUARY 1, 2014 BRUSSELS, BELGIUM © Copyright 2014 wolfSSL Inc.
  • 2. CHRIS CONLON Software Developer Bozeman, MT, USA © Copyright 2012 FishEyeGuyPhotography © Copyright 2014 wolfSSL Inc.
  • 3. Seattle, WA Portland, OR Bozeman, MT San Jose, CA João Pessoa Tokyo, JP BRAZIL A GROWING COMPANY! 10 employees in 3 countries. 500 million endpoints secured. © Copyright 2014 wolfSSL Inc.
  • 4. Automotive Factory Automation Routers Cloud Services Smart Grid Databases Battlefield Communication VoIP Connected Home Sensors M2M Smart Energy Games Internet of Things Applications 500 MILLION Over lots of different markets. © Copyright 2014 wolfSSL Inc. Appliances
  • 5. PRESENTATION OUTLINE 1. Our Products 2. What’s New 3. Questions & Wrap-Up © Copyright 2014 wolfSSL Inc.
  • 6. OUR PRODUCTS CyaSSL wolfCrypt yaSSLEWS wolfSSL JNI Lightweight SSL/TLS Crypto Engine Embedded Web Server CyaSSL Java Wrapper Secure memcached wolfSCEP wolfCrypt SSL Inspection SSL Proxy On top of Squid Proxy © Copyright 2014 wolfSSL Inc.
  • 7. CyaSSL Lightweight SSL / TLS Library LIGHTWEIGHT. PORTABLE. C-BASED. CyaSSL ü  Up to TLS 1.2 and DTLS 1.2 Lightweight SSL/TLS ü  20-100 kB footprint ü  1-36 kB RAM per session wolfCrypt ü  Long list of supported operating systems: Windows, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop © Copyright 2014 wolfSSL Inc. SSL Inspection TRON/ITRON/uITRON, Micrium uC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX, ARC MQX …
  • 8. wolfCrypt Cryptography Engine PORTABLE MODULAR CRYPTOGRAPHY wolfCrypt ü  Previously called “CTaoCrypt” Crypto Engine ü  Working on splitting into separate product ü  Progressive list of supported ciphers ü  Modular design, assembly optimizations AES (CBC, CTR, CCM, GCM), DES, 3DES, Camellia, ARC4, RABBIT, HC-128 MD2, MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512, BLAKE2b, RIPEMD-160 © Copyright 2014 wolfSSL Inc. RSA, ECC, DSS, DH, EDH, NTRU HMAC, PBKDF2, PKCS#5 ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA …
  • 9. yaSSLEWS Embedded Web Server LOW RESOURCE, EMBEDDABLE, WEB SERVER ü  Fast, easy-to-use webserver ü  Small footprint (100kB with HTTPS) ü  CGI, SSI, IP restrictions, logging, aliases ü  Multiple operating environments supported © Copyright 2014 wolfSSL Inc. yaSSLEWS Embedded Web Server
  • 10. W! NE wolfSSL JNI CyaSSL Java Wrapper BRINGING CYASSL TO JAVA USERS ü  JNI wrapper around CyaSSL ü  Current Java doesn’t support DTLS 1.2 ü  Users no longer need to write their own! ü  Same licensing model – GPLv2 or commercial © Copyright 2014 wolfSSL Inc. wolfSSL JNI CyaSSL Java Wrapper
  • 11. W! NE wolfSCEP Simple Certificate Enrollment Protocol PORTABLE SCEP IMPLEMENTATION ü  Issuing and revocation of certificates ü  Protocol originally developed by CISCO ü  Lightweight, portable SCEP implementation ü  Uses wolfCrypt for crypto operations ü  Currently under development © Copyright 2014 wolfSSL Inc. wolfSCEP
  • 12. WHAT’S NEW? IN THE PAST YEAR. I.  II.  III.  IV.  V.  VI.  Protocol Enhancements Crypto Additions / Changes Library Control / Portability Examples and Documentation Porting Progress Business News © Copyright 2014 wolfSSL Inc.
  • 13. PROTOCOL ENHANCEMENTS •  Fix for Lucky13 Attack Nadhem AlFardan, Kenneth Paterson •  DTLS 1.2 Support Updated to match TLS 1.2 Addition of AEAD ciphers •  DTLS reliability enhancements © Copyright 2014 wolfSSL Inc.
  • 14. PROTOCOL ENHANCEMENTS •  New TLS Extension Support: Server Name Indication Client can send name of server it is connecting to. Max Fragment Length Client can negotiate smaller maximum fragment size (default of 2^14). Truncated HMAC Use 80-bit truncated HMAC instead of using entire hash output as MAC ./configure --enable-tlsx! © Copyright 2014 wolfSSL Inc.
  • 15. CRYPTO ADDITIONS / CHANGES •  SHA-3 Finalist BLAKE2b (256 – 512bit digests) 400 int InitBlake2b(…);! int Blake2bUpdate(…);! int Blake2bFinal(…);! 350 300 MB/s 250 200 150 100 50 0 SHA-256 © Copyright 2014 wolfSSL Inc. SHA-512 SHA BLAKE2b MD5
  • 16. CRYPTO ADDITIONS / CHANGES •  AES-CCM-8 crypto and cipher suites ./configure --enable-aesccm! 
 ! aes.c / aes.h! ! void AesCcmSetKey(…);! void AesCcmEncrypt(…);! int AesCcmDecrypt(…);! TLS_RSA_WITH_AES_128_CCM_8! TLS_RSA_WITH_AES_256_CCM_8! TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8! TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8! TLS_PSK_WITH_AES_128_CCM! TLS_PSK_WITH_AES_256_CCM! TLS_PSK_WITH_AES_128_CCM_8! TLS_PSK_WITH_AES_256_CCM_8! © Copyright 2014 wolfSSL Inc.
  • 17. CRYPTO ADDITIONS / CHANGES •  Camellia crypto and cipher suites ./configure --enable-camellia! ! ! camellia.c / camellia.h! ! int CamelliaSetKey(…);! int CamelliaSetIV(…);! void CamelliaEncryptDirect(…);! void CamelliaDecryptDirect(…);! void CamelliaCbcEncrypt(…);! void CamelliaCbcDecrypt(…);! TLS_RSA_WITH_CAMELLIA_128_CBC_SHA! TLS_RSA_WITH_CAMELLIA_256_CBC_SHA! TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256! TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256! TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA! TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA! TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256! TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256! © Copyright 2014 wolfSSL Inc.
  • 18. CRYPTO ADDITIONS / CHANGES •  SHA-384 cipher suites •  HMAC now supports SHA-512 •  AES-NI support for AES-CCM and AES-GCM © Copyright 2014 wolfSSL Inc.
  • 19. CRYPTO ADDITIONS / CHANGES •  PKCS #7 (Cryptographic Message Syntax) ü  Used to sign / encrypt messages •  PKCS #10 (Certificate Signing Request) ü  Request certificate of public key from CA © Copyright 2014 wolfSSL Inc.
  • 20. LIBRARY CONTROL / PORTABILITY •  Persistent session cache ./configure --enable-savesession! ! ! /* using files */! int CyaSSL_save_session_cache(const char*);! int CyaSSL_restore_session_cache(const char*);! ! ! /* using buffers */! int CyaSSL_memsave_session_cache(void*, int);! int CyaSSL_memrestore_session_cache(const void*, int);! int CyaSSL_get_session_cache_memsize(void);! © Copyright 2014 wolfSSL Inc.
  • 21. LIBRARY CONTROL / PORTABILITY •  Persistent CA certificate cache ./configure --enable-savecert! ! ! /* using files */! int CyaSSL_CTX_save_cert_cache(CYASSL_CTX*, const char*);! int CyaSSL_CTX_restore_cert_cache(CYASSL_CTX*, const char*);! ! ! /* using buffers */! int CyaSSL_CTX_memsave_cert_cache(CYASSL_CTX*, void*, int, int*);! int CyaSSL_CTX_memrestore_cert_cache(CYASSL_CTX*, const void*, int);! int CyaSSL_CTX_get_cert_cache_memsize(CYASSL_CTX*);! © Copyright 2014 wolfSSL Inc.
  • 22. LIBRARY CONTROL / PORTABILITY •  Atomic record callbacks ü  MAC / Encrypt ü  Decrypt / Verify **Can be useful when offloading to hardware module •  Public key callbacks ü  ECC sign & verify ü  RSA sign & verify ü  RSA encrypt & decrypt © Copyright 2014 wolfSSL Inc.
  • 23. LIBRARY CONTROL / PORTABILITY •  Ability to unload keys and certificates int CyaSSL_CTX_UnloadCAs(CYASSL_CTX*);! int CyaSSL_UnloadCertsKeys(CYASSL*);! ! int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm);! © Copyright 2014 wolfSSL Inc.
  • 24. EXAMPLES AND DOCUMENTATION •  Enhanced example applications ü  Track stack usage ./configure --enable-stacksize! ü  Track memory allocation ü  Better IPv6 support ./examples/client/client –t! ./examples/server/server -t! ./configure --enable-ipv6! © Copyright 2014 wolfSSL Inc.
  • 25. EXAMPLES AND DOCUMENTATION •  Updated API documentation © Copyright 2014 wolfSSL Inc.
  • 26. EXAMPLES AND DOCUMENTATION •  New CyaSSL Porting Guide © Copyright 2014 wolfSSL Inc.
  • 27. PORTING PROGRESS •  Microchip PIC32MX and PIC32MZ •  Microchip TCP/IP V6 support •  Microchip Harmony support © Copyright 2014 wolfSSL Inc.
  • 28. PORTING PROGRESS •  Freescale RNGA and RNGB support #define FREESCALE_K70_RNGA! #define FREESCALE_K53_RNGB! •  Freescale mmCAU support #define FREESCALE_MMCAU! © Copyright 2014 wolfSSL Inc.
  • 29. PORTING PROGRESS Freescale K60 TWR (100 MHz) Software Crypto AES DES DES3 MD5 SHA SHA-256 25 kB took 0.050 seconds, 25 kB took 0.080 seconds, 25 kB took 0.204 seconds, 25 kB took 0.006 seconds, 25 kB took 0.014 seconds, 25 kB took 0.021 seconds, Software 0.49 MB/s 0.31 MB/s 0.12 MB/s 4.07 MB/s 1.74 MB/s 1.16 MB/s © Copyright 2014 wolfSSL Inc. Hardware 2.71 MB/s 3.49 MB/s 1.74 MB/s 4.88 MB/s 2.71 MB/s 2.22 MB/s Percent Increase 453% (5.5x) 1025% (11.3x) 1350% (14.5x) 19.9% (1.2x) 55.7% (1.6x) 91.4% (1.9x)
  • 30. PORTING PROGRESS Kinetis K60 mmCAU vs. CTaoCrypt Software 6 5 MB / sec. 4 Software 3 Hardware 2 1 0 AES DES DES3 MD5 © Copyright 2014 wolfSSL Inc. SHA SHA-256
  • 31. PORTING PROGRESS •  Cavium NITROX •  HP/UX •  Better ThreadX support + NetX I/O callbacks #define THREADX! #define HAVE_NETX! © Copyright 2014 wolfSSL Inc.
  • 32. PORTING PROGRESS •  STM32F2 support, hardware crypto and RNG integration STM32F217 (ARM Cortex-M3, 120 MHz ) 25 20 MB/sec 15 Software Crypto Hardware Crypto 10 5 0 AES DES 3DES MD5 © Copyright 2014 wolfSSL Inc. SHA
  • 33. PORTING PROGRESS •  KEIL MDK-ARM support •  KEIL MDK5 software pack © Copyright 2014 wolfSSL Inc.
  • 34. BUSINESS NEWS A STORY OF GROWTH AND SUCCESS © Copyright 2014 wolfSSL Inc.
  • 35. BUSINESS NEWS •  Name Change! © Copyright 2014 wolfSSL Inc.
  • 36. BUSINESS NEWS •  More developers! •  Increased onsite consulting activity •  Launched our Kickstart consulting service © Copyright 2014 wolfSSL Inc.
  • 37. BUSINESS NEWS •  Began FIPS 140-2 validation with wolfCrypt ü  Federal Information Processing Standard ü  NIST Publication 140-2 ü  Requires additional documentation, power-on self tests, etc. © Copyright 2014 wolfSSL Inc.
  • 38. BUSINESS NEWS •  Moved to Zendesk to better handle customer support © Copyright 2014 wolfSSL Inc.
  • 39. THANKS! WOLFSSL CHRIS CONLON in fo @wo lfssl .com chris@wolfssl.com +1 (425) 245 - 8247 © Copyright 2014 wolfSSL Inc.

×