HWCrypto VS MbedTLS

User avatar
urbanze
Posts: 301
Joined: Sat Jun 10, 2017 9:55 pm
Location: Brazil

HWCrypto VS MbedTLS

Postby urbanze » Wed Sep 20, 2017 3:15 pm

Hi guys! I see there are 2 main folders with encryption options in ESP32. By the name, the "HWCRYPTO" seems to be accelerated by hardware, but what about mbedtls? Is it hardware accelerated? What is the best? Which one should I use and why?

f.h-f.s.
Posts: 215
Joined: Thu Dec 08, 2016 2:53 pm

Re: HWCrypto VS MbedTLS

Postby f.h-f.s. » Wed Sep 20, 2017 3:26 pm

mbedtls is probably the easiest way, it also uses hardware acceleration(see "make menuconfig" componentconfig -> mbedtls)
I think that folder is esp32 specific, and those sources allow libraries like mbedtls to use hardware acceleration. (but thats just a guess)

User avatar
urbanze
Posts: 301
Joined: Sat Jun 10, 2017 9:55 pm
Location: Brazil

Re: HWCrypto VS MbedTLS

Postby urbanze » Wed Sep 20, 2017 3:52 pm

f.h-f.s. wrote:mbedtls is probably the easiest way, it also uses hardware acceleration(see "make menuconfig" componentconfig -> mbedtls)
I think that folder is esp32 specific, and those sources allow libraries like mbedtls to use hardware acceleration. (but thats just a guess)
Yes, I've seen and enabled all mbed acceleration options. If your guess is true, it makes sense. But if not, there must be some difference and I need to know!

f.h-f.s.
Posts: 215
Joined: Thu Dec 08, 2016 2:53 pm

Re: HWCrypto VS MbedTLS

Postby f.h-f.s. » Wed Sep 20, 2017 3:57 pm

Probably true since there are no other TLS libs in esp-idf (except for the fake openssl which uses mbedtls).
I'd bet on it =P

User avatar
urbanze
Posts: 301
Joined: Sat Jun 10, 2017 9:55 pm
Location: Brazil

Re: HWCrypto VS MbedTLS

Postby urbanze » Wed Sep 20, 2017 4:15 pm

Hardware acceleration options are inside the menuconfig mbedtls, if you disable it, and use the hwcrypto libraries, will the acceleration continue, and the mbedtls libraries are just software? Because in theory I deactivated the acceleration of mbedtls ....

User avatar
urbanze
Posts: 301
Joined: Sat Jun 10, 2017 9:55 pm
Location: Brazil

Re: HWCrypto VS MbedTLS

Postby urbanze » Wed Sep 20, 2017 5:20 pm

Here my test's.

I try with MBEDTLS Acell. Hard. Options ON and OFF in both libraries (HWCrypto and MBedTLS).

//80MHz
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) ON = 129uS / 4 Enc.
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) OFF = 129uS / 4 Enc.

//MBEDTLS Hardware Acell. (menuconfig->mbedtls) ON = FAIL????????? (fail to compile).
//MBEDTLS Hardware Acell. (menuconfig->mbedtls) OFF = 427uS / 4 Enc.

When I try to compile mbedtls AES encrypt with hardware acelleration ON, Visual studio tell me: "undefined reference to X function".

However, I need to know differences of both libraries and wich one is best. :lol: :x :P

Piece of code and comments:

PS: Number after "AES" is MicroSeconds to do 4 encryptations.
Image

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: HWCrypto VS MbedTLS

Postby ESP_Angus » Wed Sep 20, 2017 11:13 pm

The implementation in esp32/hwcrypto is a "lower level" implementation of AES & SHA primitives. If you use mbedTLS and enable hardware acceleration, it will call these functions as the AES & SHA implementations.

For RSA/ECDSA big number hardware acceleration, it was too complex to create a "lower level" layer so it's implemented directly as a platform-specific addition to mbedTLS.

In general, I would recommend using the mbedTLS libraries. There should be no noticeable performance impact, and they're much more flexible and a stable API. Plus you can experiment with disabling/enabling different hardware acceleration options (performance characteristics can vary depending on workload and your CPU speed, so in some cases you may want to stick with software. The defaults are set to try and give "best overall" performance.)
urbanze wrote: When I try to compile mbedtls AES encrypt with hardware acelleration ON, Visual studio tell me: "undefined reference to X function".
It's hard to guess without seeing the error, but there is currently a bug in the IDF master branch where you need to do a "make clean" after some configuration changes, before rebuilding. Bug should be fixed in the next couple of days.

User avatar
urbanze
Posts: 301
Joined: Sat Jun 10, 2017 9:55 pm
Location: Brazil

Re: HWCrypto VS MbedTLS

Postby urbanze » Thu Sep 21, 2017 12:24 pm

ESP_Angus wrote:The implementation in esp32/hwcrypto is a "lower level" implementation of AES & SHA primitives. If you use mbedTLS and enable hardware acceleration, it will call these functions as the AES & SHA implementations.

For RSA/ECDSA big number hardware acceleration, it was too complex to create a "lower level" layer so it's implemented directly as a platform-specific addition to mbedTLS.

In general, I would recommend using the mbedTLS libraries. There should be no noticeable performance impact, and they're much more flexible and a stable API. Plus you can experiment with disabling/enabling different hardware acceleration options (performance characteristics can vary depending on workload and your CPU speed, so in some cases you may want to stick with software. The defaults are set to try and give "best overall" performance.)
urbanze wrote: When I try to compile mbedtls AES encrypt with hardware acelleration ON, Visual studio tell me: "undefined reference to X function".
It's hard to guess without seeing the error, but there is currently a bug in the IDF master branch where you need to do a "make clean" after some configuration changes, before rebuilding. Bug should be fixed in the next couple of days.
Oh, thanks for reply! I will try again with mbed+acellON+clean paste. :D

User avatar
urbanze
Posts: 301
Joined: Sat Jun 10, 2017 9:55 pm
Location: Brazil

Re: HWCrypto VS MbedTLS

Postby urbanze » Thu Sep 21, 2017 12:45 pm

I deleted "build" folder from Arduico core__IDF Component and rebuild again with MbedTLS Acell ON. Still with error, see:

Build folder and files inside:

https://i.imgur.com/K56Euvp.png
https://i.imgur.com/mrPn8d2.png


Here, error in compile. What can I try now?

Image

User avatar
urbanze
Posts: 301
Joined: Sat Jun 10, 2017 9:55 pm
Location: Brazil

Re: HWCrypto VS MbedTLS

Postby urbanze » Thu Sep 21, 2017 1:07 pm

Well... Sucess!! Before, I put only "mbedtls\include\mbedtls\aes.h". Now, I tried put more one "mbedtls\library\aes.c" and WORKED!

See both libraries: https://i.imgur.com/d3liT0L.png

However, with HWCrypto only, takes ~129uS. MbedTLS with Acell ON takes ~150uS.... List bellow show my tests.


//ESP32 Dual-Core (RTOS in both cores) - 80MHz
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) ON = 129uS / 4 Enc.
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) OFF = 129uS / 4 Enc.

//MBEDTLS Hardware Acell. (menuconfig->mbedtls) ON = 144uS / 4 Enc.
//MBEDTLS Hardware Acell. (menuconfig->mbedtls) OFF = 427uS / 4 Enc.


//Software AES128 ESP8266 80MHz = 530uS / 4 Enc
//Software AES128 ESP8266 160MHz = 300uS / 4 Enc

Thanks for all! :D
Last edited by urbanze on Fri Oct 06, 2017 3:39 pm, edited 1 time in total.

Who is online

Users browsing this forum: kaxx1975 and 94 guests