Cryptovia ARM library supports the following security features for products based on the ARM architecture:
Two different AES implementations in ARM assembly language are available:
The table below shows the memory occupation and the timings of the two implementations for each AES key length on a ARM Cortex-M3 core.
| Algorithm | Version | ROM | RAM | Cycles per 16-byte encryption/decryption |
Throughput Mbit/s @50 MHz encryption/decryption |
|---|---|---|---|---|---|
| AES-128 | Speed | 4 298 | 72 | 1 463 / 2 773 | 4,17 / 2,20 |
| Code | 1 424 | 72 | 4 708 / 6 258 | 1,30 / 0,98 | |
| AES-192 | Speed | 4 656 | 104 | 1 712 / 3 257 | 3,56 / 1,87 |
| Code | 1 628 | 104 | 5 566 / 7 230 | 1,10 / 0,84 | |
| AES-256 | Speed | 4 464 | 88 | 2 245 / 4 494 | 2,72 / 1,36 |
| Code | 1 644 | 88 | 6 550 / 8 624 | 0,93 / 0,71 |
Contact us for an evaluation version of the AES library.
One DES/TDES implementation in ARM assembly language is available.
The table below shows the memory occupation and the timings of the implementation on a ARM Cortex-M3 core.
| Algorithm | ROM | RAM | Cycles per 8-byte block encryption / decryption |
Throughput Kbit/s @50 MHz encryption / decryption |
|---|---|---|---|---|
| DES | 1 452 | 80 | 26 854 / 26 857 | 116 / 116 |
| TDES-2K | 1 452 | 112 | 80 588 / 80 596 | 38,7 / 38,7 |
| TDES-3K | 1 452 | 112 | 80 592 / 80 600 | 38,7 / 38,7 |
Contact us for an evaluation version of the DES library.
One implementation in ARM assembly language of the hash functions MD5, SHA-1, SHA-256/224 and SHA-512/384 is available.
HMAC constructions based on those hash functions are also available.
The table below shows the memory occupation and the timings of the implementations on a ARM Cortex-M3 core.
| Algorithm | ROM | RAM | Cycles to process 50 bytes |
Throughput Mbit/s @50 MHz |
|---|---|---|---|---|
| MD5 | 844 | 144 | 2 813 | 6,78 |
| HMAC-MD5 | 1 062 | 248 | 12 845 | 1,48 |
| SHA-1 | 728 | 148 | 5 785 | 3,98 |
| HMAC-SHA-1 | 946 | 248 | 20 699 | 0,92 |
| SHA-256 / SHA-224 | 1 040 | 188 | 5 835 | 3,27 |
| HMAC-SHA-256/224 | 1 476 | 272 | 24 879 | 0,76 |
| SHA-512 / SHA-384 | 2 012 | 304 | 18 226 | 1,04 |
| HMAC-SHA-512/384 | 2 448 | 496 | 76 439 | 0,25 |
Contact us for an evaluation version of the hash library.
Implementations for pseudo random numbers generation are available. The generations are based on AES encryptions, or hash functions or HMAC computations as described in the NIST SP 800-90A standard.
The table below shows the memory occupation and the timings of the implementations on a ARM Cortex-M3 core.
| Algorithm | ROM | RAM | Cycles to generate 128 bytes |
Throughput Kbit/s @50 MHz |
|---|---|---|---|---|
| DRBG AES-128 | 2 152 | 184 | 61 365 | 811 |
| DRBG AES-192 | 2 412 | 240 | 83 483 | 599 |
| DRBG AES-256 | 2 442 | 232 | 97 705 | 512 |
| DRBG SHA-1 | 1 920 | 260 | 91 513 | 546 |
| DRBG SHA-256 | 2 148 | 328 | 75 990 | 658 |
| DRBG SHA-512 | 3 120 | 504 | 192 766 | 259 |
| DRBG HMAC SHA-1 | 1 608 | 488 | 273 427 | 182 |
| DRBG HMAC SHA-256 | 2 140 | 528 | 266 859 | 187 |
| DRBG HMAC SHA-512 | 3 112 | 944 | 659 619 | 76 |
Contact us for an evaluation version of the DRBG library.
One RSA implementation, with the core routines written in ARM assembly language, is available. The RSA computation using the CRT method is also supported.
In addition to plain RSA computations, the PSS signature scheme and the OAEP encryption padding method described in the PKCS #1 standard are also available.
The table below shows the memory occupation and the timings of the implementations on a ARM Cortex-M3 core.
The figures for RSA-OAEP and RSA-PSS are obtained with SHA-1 as the hash function for the mask generation function.
| Algorithm | Key Length | ROM | RAM | Cycles | Timing @50 MHz |
|---|---|---|---|---|---|
| RSA (e=2^16+1) | 1 024 | 2 404 | 900 | 1 070 000 | 21 ms |
| 2 048 | 2 404 | 1 384 | 4 300 000 | 86 ms | |
| CRT RSA | 1 024 | 3 216 | 1 348 | 16 150 000 | 323 ms |
| 2 048 | 3 216 | 1 412 | 118 000 000 | 2,36 s | |
| RSA-OAEP (e=2^16+1) | 1 024 | 5 274 | 1 492 | 1 125 000 | 22 ms |
| 2 048 | 5 274 | 2 260 | 4 400 000 | 88 ms | |
| RSA-OAEP CRT | 1 024 | 6 046 | 1 996 | 16 400 000 | 328 ms |
| 2 048 | 6 046 | 2 944 | 118 000 000 | 2,36 s | |
| RSA-PSS (e=2^16+1) | 1 024 | 5 942 | 1 628 | 1 100 000 | 22 ms |
| 2 048 | 5 942 | 2 524 | 4 400 000 | 88 ms | |
| RSA-PSS CRT | 1 024 | 6 754 | 1 940 | 16 500 000 | 329 ms |
| 2 048 | 6 754 | 2 964 | 119 000 000 | 2,37 s |
Contact us for an evaluation version of the RSA library.
Two different implementations of ECDSA over prime fields in ARM assembly language are available:
For each version, both ECDSA signature generation and ECDSA signature verification are supported.
The table below shows the memory occupation and the timings of the generic ECDSA implementation on a ARM Cortex-M3 core.
| Algorithm | ROM | RAM | Cycles for signature generation / verification |
Timing @50 MHz generation / verification |
|---|---|---|---|---|
| ECDSA-192 | 6 990 | 1 164 | 8 200 000 / 17 200 000 | 163 ms / 343 ms |
| ECDSA-224 | 6 990 | 1 244 | 11 800 000 / 24 900 000 | 236 ms / 498 ms |
| ECDSA-256 | 6 990 | 1 332 | 16 500 000 / 34 700 000 | 329 ms / 693 ms |
| ECDSA-384 | 6 990 | 1 668 | 49 100 000 / 101 100 000 | 0,98 s / 2,02 s |
| ECDSA-521 | 6 990 | 2 084 | 124 000 000 / 255 000 000 | 2,49 s / 5,11 s |
The table below shows the memory occupation and the timings of the specific ECDSA implementations for the FIPS 186 elliptic curves on a ARM Cortex-M3 core.
| Algorithm | ROM | RAM | Cycles for signature generation / verification |
Timing @50 MHz generation / verification |
|---|---|---|---|---|
| ECDSA P-192 | 7 094 | 1 108 | 5 700 000 / 12 200 000 | 114 ms / 245 ms |
| ECDSA P-224 | 7 202 | 1 188 | 10 700 000 / 22 600 000 | 214 ms / 452 ms |
| ECDSA P-256 | 7 338 | 1 268 | 22 600 000 / 47 000 000 | 453 ms / 940 ms |
| ECDSA P-384 | 7 570 | 1 588 | 47 700 000 / 98 300 000 | 0,95 s / 1,96 s |
| ECDSA P-521 | 7 628 | 1 988 | 73 700 000 / 153 000 000 | 1,47 s / 3,05 s |
Contact us for an evaluation version of the ECDSA library.