HWCrypto VS MbedTLS
HWCrypto VS MbedTLS
Hi guys! I see there are 2 main folders with encryption options in ESP32. By the name, the "HWCRYPTO" seems to be accelerated by hardware, but what about mbedtls? Is it hardware accelerated? What is the best? Which one should I use and why?
Re: HWCrypto VS MbedTLS
mbedtls is probably the easiest way, it also uses hardware acceleration(see "make menuconfig" componentconfig -> mbedtls)
I think that folder is esp32 specific, and those sources allow libraries like mbedtls to use hardware acceleration. (but thats just a guess)
I think that folder is esp32 specific, and those sources allow libraries like mbedtls to use hardware acceleration. (but thats just a guess)
Re: HWCrypto VS MbedTLS
Yes, I've seen and enabled all mbed acceleration options. If your guess is true, it makes sense. But if not, there must be some difference and I need to know!f.h-f.s. wrote:mbedtls is probably the easiest way, it also uses hardware acceleration(see "make menuconfig" componentconfig -> mbedtls)
I think that folder is esp32 specific, and those sources allow libraries like mbedtls to use hardware acceleration. (but thats just a guess)
Re: HWCrypto VS MbedTLS
Probably true since there are no other TLS libs in esp-idf (except for the fake openssl which uses mbedtls).
I'd bet on it =P
I'd bet on it =P
Re: HWCrypto VS MbedTLS
Hardware acceleration options are inside the menuconfig mbedtls, if you disable it, and use the hwcrypto libraries, will the acceleration continue, and the mbedtls libraries are just software? Because in theory I deactivated the acceleration of mbedtls ....
Re: HWCrypto VS MbedTLS
Here my test's.
I try with MBEDTLS Acell. Hard. Options ON and OFF in both libraries (HWCrypto and MBedTLS).
//80MHz
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) ON = 129uS / 4 Enc.
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) OFF = 129uS / 4 Enc.
//MBEDTLS Hardware Acell. (menuconfig->mbedtls) ON = FAIL????????? (fail to compile).
//MBEDTLS Hardware Acell. (menuconfig->mbedtls) OFF = 427uS / 4 Enc.
When I try to compile mbedtls AES encrypt with hardware acelleration ON, Visual studio tell me: "undefined reference to X function".
However, I need to know differences of both libraries and wich one is best.
Piece of code and comments:
PS: Number after "AES" is MicroSeconds to do 4 encryptations.
I try with MBEDTLS Acell. Hard. Options ON and OFF in both libraries (HWCrypto and MBedTLS).
//80MHz
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) ON = 129uS / 4 Enc.
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) OFF = 129uS / 4 Enc.
//MBEDTLS Hardware Acell. (menuconfig->mbedtls) ON = FAIL????????? (fail to compile).
//MBEDTLS Hardware Acell. (menuconfig->mbedtls) OFF = 427uS / 4 Enc.
When I try to compile mbedtls AES encrypt with hardware acelleration ON, Visual studio tell me: "undefined reference to X function".
However, I need to know differences of both libraries and wich one is best.
Piece of code and comments:
PS: Number after "AES" is MicroSeconds to do 4 encryptations.
Re: HWCrypto VS MbedTLS
The implementation in esp32/hwcrypto is a "lower level" implementation of AES & SHA primitives. If you use mbedTLS and enable hardware acceleration, it will call these functions as the AES & SHA implementations.
For RSA/ECDSA big number hardware acceleration, it was too complex to create a "lower level" layer so it's implemented directly as a platform-specific addition to mbedTLS.
In general, I would recommend using the mbedTLS libraries. There should be no noticeable performance impact, and they're much more flexible and a stable API. Plus you can experiment with disabling/enabling different hardware acceleration options (performance characteristics can vary depending on workload and your CPU speed, so in some cases you may want to stick with software. The defaults are set to try and give "best overall" performance.)
For RSA/ECDSA big number hardware acceleration, it was too complex to create a "lower level" layer so it's implemented directly as a platform-specific addition to mbedTLS.
In general, I would recommend using the mbedTLS libraries. There should be no noticeable performance impact, and they're much more flexible and a stable API. Plus you can experiment with disabling/enabling different hardware acceleration options (performance characteristics can vary depending on workload and your CPU speed, so in some cases you may want to stick with software. The defaults are set to try and give "best overall" performance.)
It's hard to guess without seeing the error, but there is currently a bug in the IDF master branch where you need to do a "make clean" after some configuration changes, before rebuilding. Bug should be fixed in the next couple of days.urbanze wrote: When I try to compile mbedtls AES encrypt with hardware acelleration ON, Visual studio tell me: "undefined reference to X function".
Re: HWCrypto VS MbedTLS
Oh, thanks for reply! I will try again with mbed+acellON+clean paste.ESP_Angus wrote:The implementation in esp32/hwcrypto is a "lower level" implementation of AES & SHA primitives. If you use mbedTLS and enable hardware acceleration, it will call these functions as the AES & SHA implementations.
For RSA/ECDSA big number hardware acceleration, it was too complex to create a "lower level" layer so it's implemented directly as a platform-specific addition to mbedTLS.
In general, I would recommend using the mbedTLS libraries. There should be no noticeable performance impact, and they're much more flexible and a stable API. Plus you can experiment with disabling/enabling different hardware acceleration options (performance characteristics can vary depending on workload and your CPU speed, so in some cases you may want to stick with software. The defaults are set to try and give "best overall" performance.)
It's hard to guess without seeing the error, but there is currently a bug in the IDF master branch where you need to do a "make clean" after some configuration changes, before rebuilding. Bug should be fixed in the next couple of days.urbanze wrote: When I try to compile mbedtls AES encrypt with hardware acelleration ON, Visual studio tell me: "undefined reference to X function".
Re: HWCrypto VS MbedTLS
I deleted "build" folder from Arduico core__IDF Component and rebuild again with MbedTLS Acell ON. Still with error, see:
Build folder and files inside:
https://i.imgur.com/K56Euvp.png
https://i.imgur.com/mrPn8d2.png
Here, error in compile. What can I try now?
Build folder and files inside:
https://i.imgur.com/K56Euvp.png
https://i.imgur.com/mrPn8d2.png
Here, error in compile. What can I try now?
Re: HWCrypto VS MbedTLS
Well... Sucess!! Before, I put only "mbedtls\include\mbedtls\aes.h". Now, I tried put more one "mbedtls\library\aes.c" and WORKED!
See both libraries: https://i.imgur.com/d3liT0L.png
However, with HWCrypto only, takes ~129uS. MbedTLS with Acell ON takes ~150uS.... List bellow show my tests.
//ESP32 Dual-Core (RTOS in both cores) - 80MHz
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) ON = 129uS / 4 Enc.
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) OFF = 129uS / 4 Enc.
//MBEDTLS Hardware Acell. (menuconfig->mbedtls) ON = 144uS / 4 Enc.
//MBEDTLS Hardware Acell. (menuconfig->mbedtls) OFF = 427uS / 4 Enc.
//Software AES128 ESP8266 80MHz = 530uS / 4 Enc
//Software AES128 ESP8266 160MHz = 300uS / 4 Enc
Thanks for all!
See both libraries: https://i.imgur.com/d3liT0L.png
However, with HWCrypto only, takes ~129uS. MbedTLS with Acell ON takes ~150uS.... List bellow show my tests.
//ESP32 Dual-Core (RTOS in both cores) - 80MHz
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) ON = 129uS / 4 Enc.
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) OFF = 129uS / 4 Enc.
//MBEDTLS Hardware Acell. (menuconfig->mbedtls) ON = 144uS / 4 Enc.
//MBEDTLS Hardware Acell. (menuconfig->mbedtls) OFF = 427uS / 4 Enc.
//Software AES128 ESP8266 80MHz = 530uS / 4 Enc
//Software AES128 ESP8266 160MHz = 300uS / 4 Enc
Thanks for all!
Last edited by urbanze on Fri Oct 06, 2017 3:39 pm, edited 1 time in total.
Who is online
Users browsing this forum: No registered users and 86 guests