wolfSSL 2013 Technical and Community Update
Formal Metadata
Title |
wolfSSL 2013 Technical and Community Update
|
Title of Series | |
Author |
|
License |
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. |
Identifiers |
|
Publisher |
|
Release Date |
2014
|
Language |
English
|
Content Metadata
Subject Area | |
Abstract |
wolfSSL, author of the open source CyaSSL embedded SSL library has made significant progress in 2013 towards bringing the community a more usable, feature-rich, and better supported library for use in an ever-growing range of embedded platforms and environments. This talk will provide an overview of technical progress in the last year and news on the current state of wolfSSL. Details on what's new include the addition of new crypto ciphers and algorithms, better hardware cryptography support, more flexible abstraction layers, a JNI wrapper, new platform support, and better development tool integration
|

00:00
Computer animation
00:53
Computer animation
04:39
Computer animation
06:41
Computer animation
Computer file
Multitier architecture
Likelihood-ratio test
07:44
Suite (music)
Group action
Java applet
Multiplication sign
Range (statistics)
1 (number)
Insertion loss
Client (computing)
Open set
Public key certificate
Subset
Web 2.0
Semiconductor memory
Computer configuration
Different (Kate Ryan album)
Single-precision floating-point format
Modul <Datentyp>
Endliche Modelltheorie
Information security
Enterprise architecture
Computer-generated imagery
Software developer
Electronic mailing list
Cloud computing
Public-key cryptography
Connected space
Process (computing)
Screensaver
Quantum
Website
Right angle
Escape character
Cycle (graph theory)
Quicksort
Procedural programming
Point (geometry)
Implementation
Server (computing)
Open source
Transport Layer Security
Product (business)
Number
Computing platform
Proxy server
Standard deviation
Cellular automaton
Projective plane
Physical law
Planning
Line (geometry)
Cryptography
System call
Compiler
Computer animation
Communications protocol
Library (computing)
14:23
Point (geometry)
Server (computing)
Implementation
Service (economics)
Length
Multiplication sign
Patch (Unix)
Inclined plane
Client (computing)
Inverse element
Mereology
Revision control
Different (Kate Ryan album)
Semiconductor memory
Computer configuration
Encryption
Information security
Exception handling
Vulnerability (computing)
Physical system
Oracle
Default (computer science)
Cellular automaton
Bit
Maxima and minima
Price index
Frame problem
Message passing
Arithmetic mean
Computer animation
Hash function
Buffer solution
Row (database)
18:07
Scripting language
Overlay-Netz
Implementation
Functional (mathematics)
Group action
Link (knot theory)
Key (cryptography)
Cellular automaton
Execution unit
Benchmark
Computer animation
Pressure
Mathematical optimization
Computing platform
Asynchronous Transfer Mode
Spacetime
19:12
Context awareness
Multiplication sign
Combinational logic
Set (mathematics)
Water vapor
Client (computing)
Stack (abstract data type)
Public key certificate
Sign (mathematics)
Mathematics
Formal verification
Endliche Modelltheorie
Social class
Area
Scripting language
Mapping
Staff (military)
Bit
Lattice (order)
Decipherment
Message passing
Internet service provider
Buffer solution
Arithmetic progression
Slide rule
Functional (mathematics)
Random number generation
Service (economics)
Computer file
Open source
Rule of inference
Product (business)
Element (mathematics)
Inclusion map
Latent heat
Operator (mathematics)
Computer hardware
Percolation theory
Computing platform
Energy level
Analytic continuation
Mathematical optimization
Module (mathematics)
Addition
Default (computer science)
Pairwise comparison
Standard deviation
Information
Projective plane
Memory management
Mathematical analysis
Line (geometry)
Cryptography
Radius
Computer animation
Software
Integrated development environment
Personal digital assistant
Fiber bundle
Library (computing)
25:33
Enterprise architecture
Default (computer science)
Pairwise comparison
Thread (computing)
Random number generation
Computer animation
Source code
Operating system
Cuboid
Cryptography
Number
Library (computing)
26:41
Arm
Computer animation
Integrated development environment
Computer cluster
Feedback
Website
27:14
Scripting language
Email
Group action
Standard deviation
Service (economics)
Matching (graph theory)
Open source
Validity (statistics)
Code
Software developer
Cellular automaton
Direction (geometry)
Multiplication sign
Bit
Information technology consulting
Particle system
Process (computing)
Computer animation
Angle
Computer programming
Computing platform
Endliche Modelltheorie
29:19
Computer animation
Computer programming
Software developer
Multiplication sign
Office suite
Mereology
30:20
Turing test
Computer animation
Open source
Personal digital assistant
output
Function (mathematics)
Public key certificate
00:01
cheer
05:38
of RL here ll this will end here till n end ol here ll end of ol ol n theL yes this shall shall end of end of thap here here
06:35
ll soy is this yeah of futile
06:49
file end end this N tier N this this this theL here ll theL of LLR end-cell year yesil this end to end here here n and n few this end of N uRv the yeah this of this n n here this this this this I'll end say here here here till saa-lee ears yeah home the tho
07:47
so a conventional this and over brief overview of products that we offer going with that tag well what's new in and loss in time for you guessed asking questions you may have as the product lineup will as all our main product is called the as it's a lightweight embeddable as a cell until less library and it back where will groups could engine which ships with and then it also includes a a passive SSL inspection features all I will throw to the cryptography library slightly engine and we have an embedded web server and embeddable web server called down Gazzaley WS and we can often you practice your call soldier and i which is simply a JNI rapid around Seattle and then we have a couple of X issue we don't currently have our website yet but we haven't allowed and available to those interested so we have a salt proxy and built on top of squared we have secure memcached implementation and also the escape implementation so again our main products C
09:02
all I'm like a mention it's a lightweight embeddable SSL library and the whole library for different ranges from 20 to 100 kilobytes depending on how you build it and the title option is a 0 mean PSK so that a subset using linking like appreciate piece I proceed and until also point to only a hundred kilobytes will give you a pretty much a full SSL stack using embedded optimized compiler um RAM usages is low as well 1 36 kilobytes per session and so this is not only important so the Embedded World cares about memory usage the sort the enterprise and cloud services and because you're going have millions of connections coming and I limited by year-end your RAM memory and then it's also very probable so 1 of our main open-source competitors open as self and oftentimes it's it's quite a burden to take the whole package and pour it over to your bed and operates a summer device and oftentimes companies sold devote a single engineer to working of a cell and mercy of what we re much important everything we've encountered so far and if you have a number of libraries and we support and and they're always working and for every new ones every day old group desire is our cryptography library it produces policy and was bundled in together with the so the 1 and this year we've been working on separating amounted to separate products and so there's a lot of people who only 1 could go and not a silly SSL so very single distiller download straight Kiefer library and if that's your desire battery modular so the only 1 use a your project you can spot the source from the file and stick around your project without having to put everything else and it's pretty much supports all your standard Cyprus suites is also progressive ones and we add the HC 128 rabbits screen savers and a while ago we support and true public key algorithm which is the quantum resistant public-key from security innovation and then we got the the Blake 2 shot 3 finalists To address that today and that since this is what we do every day all they have a job I would like to give our users the most cutting-edge technology possible uh we have about web server here is built on top of Monday's which is also an open source web server and so did my use and put Seattle into and I can get the whole at our model and the other on the web server uh in very small so a hundred kilobytes with SSL support at 20 kilobytes without it is 1 of the plane http connection and then it's not truly up the list of features law for being embedded web server see get CGI in society and idea the restrictions etc. and also very parable that is 1 of the 2 new products of introduced this year so 1st soldier and I is simply a GNI wraparound see as all a silver in C and we had a customer who really work back Chinese details from point to which the Java implementation currently doesn't have detail a support and so up until this point we will have to take that as a library like cell or Ciel's 1 right there wraparound so hopefully this oldest right you going off-the-shelf solution and then they decide I should mention our licensing model a little our our company if here the uh the dual licensed under the GPL and a commercial license so all the products are open source and mirrors were born out of my skill they want cleaner muscle cell implementation that they knew the license to and they could safely shipped with their commercial licenses and so we're actually C + + as a cell library call the other and and then eventually rose C of all the embedded market really a C library and so we follow that lysing model now if almost her subsequent products the the 2nd approach we've introduced this year is the 1st of client so simple certificate enrollment protocol and so this lets us client to go out and in of this gets server and retrieve back a certificates which they can then use to authenticate to and never and we start with the same principle that we've learned through all our procedure being portable and so it abstracted out all the most of the layers that you encounter as problems when you're moving over to a new platform and then it begin users will script underneath as the crypt library the that's currently under development recognize wrapping it up and problem this way so it should make it onto a website rubbernecks the police cycle but now about what's new and I
14:28
will not last year and the by the more interesting part for people have argued that are steel about what we do the the so we
14:40
fix fixed the lucky 13 attack and not mn candy came to us beforehand and polls about them and they're very helpful and in helping us 1 pushing the patch inverse CEOs look at this and so the look lucky 13 was a timing attack so you can monitor how much time it takes a year as a sole records back and using that eventually be the point X which is pretty amazing actually so that and yeah getting of fossils goes for variant and so we should be productive means that um we've had detail support for a couple years now so details datagram tail so it's meant to be used over unreliable oracles that is uniquely and because they can use the reliability in were packets and stuff that TCP has its own complex and so we have reduced a couple of reliability enhancements since now we have a couple more users using it and it's really popular with streaming media and avoid etc. and we spot for details 1 . 2 so there's there's 2 versions of the cells 1 . on . 2 um 1 going to just pretty updating it to water level until at some point to and adding the ADA diesel authenticated encryption um with associated data and so not only in but also authenticates messages we have some support for some new Telus exceptions and so server name indication or as an as an eye our decline specify which service connecting to as can be and useful when you have multiple servers hosted on the same location and with the virtual for example now in this next frame length which allows the client to negotiate a different Maximus size so by the default the cell uses a 16 killed by record and so that they're not all that they they can grow up to that date and so on and that incline have reserve 16 kilobytes for the buffer and so I'll attends if you don't have much memory which we will encounter people every day you it's a struggle for them to fit an extra 16 kilobytes into there is a sole alignment and the kind in use with negotiate down a smaller maximum fragment size and then the 3rd 1 introduces truncated age Mac so traditionally have several like shall 1 is used to form the and which is easily 160 bits and so with this decline can again reserved bandwidth and shrink down to 80 % and curly there's any security weaknesses known by using a hidden in matters of the full hash implementation for a any financial 1 and when you configuring Seattle we use not account system by default in Linux so you can is that enable less next option we have that as I mentioned the shot 3 finalists Blake you and ranges from 256 to
18:08
512 died links and actually produce the unit amount of the company philosophy pretty well the not only of the light weight because as fast you can see here is there's seats out the door will script implementation benchmark that's that's another shot implementation
18:26
and an action some of those platforms of the faster than any 5 and if you think about optimise it correctly Ch we the a mode to ATS CCM so counter with CBC Mac and it's enabled using overlay a CCM now available uses the of you each and using those functions and when used with the other 1 of the cell you gain a more for it's you have Hopkins between our space we use in the streets and pressure pre-shared keys the but we have some discussions with NTT who developed familiar and I work of them dead familiar to
19:14
our seals library has both correct and similarly the box over like a so again exposed through that the indicted files and we give the user some new functions were growth and again you have a new services we added staff 384 service its the are a generic now supports shot 512 and we enhancer radius and I support up to supporting the optimizing for CCM GCM so ADS knives Intel accelerated prepared and the I think they a 5 to 10 times speed improvement over standard areas and so have 1 instruction with specific for a means a deciphers and now we have support for that what kind of a by product of our Wolska project was the addition of some these PKC of some of the is the ACS standards and the get the assignment which is cryptographic methods in fact is used assigning could messages allow users and a Sn-1 1 bundle it wraps up Callahan onion and use landscape and also had put your question last of the years for both of these and that was the case tender certificate signing your class and the client Makeasy Asada Center CA which then turns out into the sign of public key contained sending back actual as a source him as a couple things operability was we support for persistent session cash so you can now persist session cash and you the file or a buffer and so the you can in relevant functions files buffers and and enable it would save session the and along the same lines we have ability to persist Perseus to get cash as the other 2 again files about 1st and we had a couple of things that you can call that anatomic critical back for a mapping that operations and a trip to verify so if you are a module or H assume that can do this in 1 fell and you can actually write back until this colliery December however model directly uh which some some some user really really want and sometimes can for provider performance increases as well and then in along the same lines we added some public-key callbacks the adversary sign verify include and CCs and refine you can unload certificates 21 them into SSL context so if you need to refresh the that cash for some reason and you are going down the existing 1 without destroying all entire context I would see a car that's a perk crypto additions and me and examples and documentation the elementary level made it easier for users to get a little bit more information on the the main questions again is about resource usage and so our method the ability to track stagnated in memory allocation to our after examples and then and also increase the IP piece 6 apart and since all lot people seem to be the inner experimenting whether you are using and production we did not pass the API documentation which is a pretty good improvement over what we had before and we actually have API docs for rules from now and the molecule as documentation is continuous work in progress and so it will continue slavery and probably 80 per cent of our customers referring to their operates summer platform a combination of TCP IP stack and the set and so we get tiny questions about hoarding so we've created and really supporting which covers everything from endianness applied to assembly optimization the library settings and math libraries that is and although it onto you'll recall that we swapping and I O if you are around a seller something besides TCP IP and i'm logging Kullback stirring and call-backs excetera should all be mentioned in here no 1 did you resource the there are always going to new chips to so we have 4 for microchips up at 3 2 m x and in the uh also burglary reflects for the TPC TCP IP stack and and now we work with negative harmony had to the development environment the just was released this year wolf largely with harmony by default so it as soon as you download harmony you'll water to be in there and if you want see you you can download it and it should work seamlessly and maybe in the in the future we have support for some Freescale stuff so there's some other hardware-based random-number generators are Indian indeed the Our now easily enabled by a simple defined and we just as for for the elements here you which of their their hardware optimized script operations and and I think the next slide all yeah so here's the a comparison between our software seek out mentation and the Freescale analysis in see you in the meeting of the 20 per cent to 13 hundred percent increase in speed is the same
25:25
thing on the ground so on an embedded chips like in the news also for users we us for the unite which is
25:38
another and Mormon enterprise a rock and a hard place proposed solution and right now we do blocking trip which most solid of libraries do hopefully sometime in the next year or so will Bill that non-blocking encryptor which sold really really increase the performance numbers are chronometric Oxford uh we had for the HP-UX operating system and better thread x afford as well as default and I'll come back from that phonetics so out of the box if you using the other so that's another thing we should work we present the STM 32
26:18
chips and as well as integrated into the harbor crypto and a random number generator and you see here the performance comparison again between oranges our software implementation in green is is that there seem to need to prepare the of of substantial improvement for users we've been working pretty
26:45
closely with Kyle this last year I would bring to the NTK arm and has a low is integrated into indicate 5 development environment and were actually softer back now you get to cows website you can download the wolf SSL writing tolerating
27:02
through the the Council's so they have to come to our website and download anymore and which we think it's pretty cool when you are pretty they're doing it so far against get feedback so those come all the technical
27:18
news user the highlights released from a couple
27:21
items of business news you may remember us of the animal which we were last year and Los Andes ask that we have to change their name to Walther cell and we just think of the alliance with our company values and culture and also the communicate effectively they they were called in groups and they share 1 here and like open source developers and we have a couple more developers to attain so you get things angle faster as we increase our on-site consulting activity and we'il once shared will we got start consulting program so somebody can send us are the entire platform will for a softer evidence and the back I am a big ball hallways in United States a big item is 51 1 predestine validation for all script and so this is a crypto-module validation that light government and in some businesses look for in encryptor model that fall into the code and so it's a pretty long process to go through this you anywhere from 6 to 12 months and was waiting in time for allowed to verify things and so will get this wrapped up in in the next you half and to look for the next word for lucky the and with that will bring a whole bunch in the documentation the seals North Korea liberal but she tests and and other things we've tried to streamline our support process a little bit better and of the growth using the standard direct e-mail Gödel overwhelming social service and baby match right so now you'll you'll be issues of particle when enormous and hopefully oracle better and we try to try keep customers has very has risen users the something that's
29:21
that's pretty much of my update of what we've done this year and buy the book to entry questions yourself about office seller and related technologies the during part of the US was the you know so on and so on and his on house and the program he had read that of so soliciting a question and I we can probably say we're not compromise by the NSA and we actually we keep an eye on
29:56
contributions are a closely interpret this so think governance all have some some questionable things they were slipped and so on but we don't we have for developers that we know that they're doing all the time and encountering tell you that we have been compromised so the have and
30:21
and it's a lot I you might have have and under you should build into anything regarding like using up source as well they should be pretty much lockable uh minus all this is always there is a natural thing to do the example of this in 1 of the he there was read the heavily based if you 2 years ago the so and that's the way and again this year yeah so they didn't do will a different they have all of the I O and method of input output and and so we 1st a civic imagine we offer users the ability to create certificates and also signed and now the exercise of CSI and pull the the the role as you you might want to vote against the it the it could be now now we have the cases 7 so far related there's a chance that in mind yeah look at answers a question ture way back to the and therefore this about 1 will have so so there's there's a very understated how other as and thanks for attending do you think you
