Slide 1

Slide 1 text

YEAR IN REVIEW FOSDEM 2014 FEBRUARY 1, 2014 BRUSSELS, BELGIUM © Copyright 2014 wolfSSL Inc.

Slide 2

Slide 2 text

Software Developer Bozeman, MT, USA CHRIS CONLON © Copyright 2012 FishEyeGuyPhotography © Copyright 2014 wolfSSL Inc.

Slide 3

Slide 3 text

10 employees in 3 countries. 500 million endpoints secured. A GROWING COMPANY! © Copyright 2014 wolfSSL Inc. Tokyo, JP João Pessoa BRAZIL Bozeman, MT Seattle, WA Portland, OR San Jose, CA

Slide 4

Slide 4 text

Over lots of different markets. 500 MILLION © Copyright 2014 wolfSSL Inc. Databases Sensors VoIP Smart Grid Smart Energy Factory Automation Battlefield Communication Automotive Routers Connected Home M2M Games Appliances Cloud Services Internet of Things Applications

Slide 5

Slide 5 text

PRESENTATION OUTLINE 1. Our Products 2. What’s New 3. Questions & Wrap-Up © Copyright 2014 wolfSSL Inc.

Slide 6

Slide 6 text

OUR PRODUCTS © Copyright 2014 wolfSSL Inc. CyaSSL Lightweight SSL/TLS wolfCrypt Crypto Engine yaSSLEWS Embedded Web Server wolfCrypt wolfSSL JNI CyaSSL Java Wrapper SSL Proxy On top of Squid Proxy SSL Inspection Secure memcached wolfSCEP

Slide 7

Slide 7 text

CyaSSL LIGHTWEIGHT. PORTABLE. C-BASED. ü  Up to TLS 1.2 and DTLS 1.2 ü  20-100 kB footprint ü  1-36 kB RAM per session ü  Long list of supported operating systems: Lightweight SSL / TLS Library CyaSSL Lightweight SSL/TLS wolfCrypt SSL Inspection © Copyright 2014 wolfSSL Inc. Windows, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop TRON/ITRON/uITRON, Micrium uC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX, ARC MQX …

Slide 8

Slide 8 text

wolfCrypt PORTABLE MODULAR CRYPTOGRAPHY ü  Previously called “CTaoCrypt” ü  Working on splitting into separate product ü  Progressive list of supported ciphers ü  Modular design, assembly optimizations Cryptography Engine wolfCrypt Crypto Engine © Copyright 2014 wolfSSL Inc. AES (CBC, CTR, CCM, GCM), DES, 3DES, Camellia, ARC4, RABBIT, HC-128 MD2, MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512, BLAKE2b, RIPEMD-160 RSA, ECC, DSS, DH, EDH, NTRU HMAC, PBKDF2, PKCS#5 ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA …

Slide 9

Slide 9 text

yaSSLEWS Embedded Web Server yaSSLEWS LOW RESOURCE, EMBEDDABLE, WEB SERVER ü  Fast, easy-to-use webserver ü  Small footprint (100kB with HTTPS) ü  CGI, SSI, IP restrictions, logging, aliases ü  Multiple operating environments supported Embedded Web Server © Copyright 2014 wolfSSL Inc.

Slide 10

Slide 10 text

wolfSSL JNI CyaSSL Java Wrapper wolfSSL JNI BRINGING CYASSL TO JAVA USERS ü  JNI wrapper around CyaSSL ü  Current Java doesn’t support DTLS 1.2 ü  Users no longer need to write their own! ü  Same licensing model – GPLv2 or commercial CyaSSL Java Wrapper © Copyright 2014 wolfSSL Inc. NEW!

Slide 11

Slide 11 text

wolfSCEP wolfSCEP PORTABLE SCEP IMPLEMENTATION ü  Issuing and revocation of certificates ü  Protocol originally developed by CISCO ü  Lightweight, portable SCEP implementation ü  Uses wolfCrypt for crypto operations ü  Currently under development Simple Certificate Enrollment Protocol © Copyright 2014 wolfSSL Inc. NEW!

Slide 12

Slide 12 text

WHAT’S NEW? IN THE PAST YEAR. © Copyright 2014 wolfSSL Inc. I.  Protocol Enhancements II.  Crypto Additions / Changes III.  Library Control / Portability IV.  Examples and Documentation V.  Porting Progress VI.  Business News

Slide 13

Slide 13 text

•  Fix for Lucky13 Attack •  DTLS 1.2 Support •  DTLS reliability enhancements PROTOCOL ENHANCEMENTS © Copyright 2014 wolfSSL Inc. Updated to match TLS 1.2 Addition of AEAD ciphers Nadhem AlFardan, Kenneth Paterson

Slide 14

Slide 14 text

•  New TLS Extension Support: PROTOCOL ENHANCEMENTS © Copyright 2014 wolfSSL Inc. Server Name Indication Max Fragment Length Truncated HMAC Client can send name of server it is connecting to. Client can negotiate smaller maximum fragment size (default of 2^14). Use 80-bit truncated HMAC instead of using entire hash output as MAC ./configure --enable-tlsx!

Slide 15

Slide 15 text

•  SHA-3 Finalist BLAKE2b (256 – 512bit digests) CRYPTO ADDITIONS / CHANGES © Copyright 2014 wolfSSL Inc. int InitBlake2b(…);! int Blake2bUpdate(…);! int Blake2bFinal(…);! 0 50 100 150 200 250 300 350 400 SHA-256 SHA-512 SHA BLAKE2b MD5 MB/s

Slide 16

Slide 16 text

•  AES-CCM-8 crypto and cipher suites CRYPTO ADDITIONS / CHANGES © Copyright 2014 wolfSSL Inc. ./configure --enable-aesccm! 
 ! aes.c / aes.h! ! void AesCcmSetKey(…);! void AesCcmEncrypt(…);! int AesCcmDecrypt(…);! TLS_RSA_WITH_AES_128_CCM_8! TLS_RSA_WITH_AES_256_CCM_8! TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8! TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8! TLS_PSK_WITH_AES_128_CCM! TLS_PSK_WITH_AES_256_CCM! TLS_PSK_WITH_AES_128_CCM_8! TLS_PSK_WITH_AES_256_CCM_8!

Slide 17

Slide 17 text

•  Camellia crypto and cipher suites CRYPTO ADDITIONS / CHANGES © Copyright 2014 wolfSSL Inc. ./configure --enable-camellia! ! ! camellia.c / camellia.h! ! int CamelliaSetKey(…);! int CamelliaSetIV(…);! void CamelliaEncryptDirect(…);! void CamelliaDecryptDirect(…);! void CamelliaCbcEncrypt(…);! void CamelliaCbcDecrypt(…);! TLS_RSA_WITH_CAMELLIA_128_CBC_SHA! TLS_RSA_WITH_CAMELLIA_256_CBC_SHA! TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256! TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256! TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA! TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA! TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256! TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256!

Slide 18

Slide 18 text

•  SHA-384 cipher suites •  HMAC now supports SHA-512 •  AES-NI support for AES-CCM and AES-GCM CRYPTO ADDITIONS / CHANGES © Copyright 2014 wolfSSL Inc.

Slide 19

Slide 19 text

•  PKCS #7 (Cryptographic Message Syntax) •  PKCS #10 (Certificate Signing Request) CRYPTO ADDITIONS / CHANGES © Copyright 2014 wolfSSL Inc. ü  Used to sign / encrypt messages ü  Request certificate of public key from CA

Slide 20

Slide 20 text

•  Persistent session cache LIBRARY CONTROL / PORTABILITY © Copyright 2014 wolfSSL Inc. ./configure --enable-savesession! ! ! /* using files */! int CyaSSL_save_session_cache(const char*);! int CyaSSL_restore_session_cache(const char*);! ! ! /* using buffers */! int CyaSSL_memsave_session_cache(void*, int);! int CyaSSL_memrestore_session_cache(const void*, int);! int CyaSSL_get_session_cache_memsize(void);!

Slide 21

Slide 21 text

•  Persistent CA certificate cache LIBRARY CONTROL / PORTABILITY © Copyright 2014 wolfSSL Inc. ./configure --enable-savecert! ! ! /* using files */! int CyaSSL_CTX_save_cert_cache(CYASSL_CTX*, const char*);! int CyaSSL_CTX_restore_cert_cache(CYASSL_CTX*, const char*);! ! ! /* using buffers */! int CyaSSL_CTX_memsave_cert_cache(CYASSL_CTX*, void*, int, int*);! int CyaSSL_CTX_memrestore_cert_cache(CYASSL_CTX*, const void*, int);! int CyaSSL_CTX_get_cert_cache_memsize(CYASSL_CTX*);!

Slide 22

Slide 22 text

•  Atomic record callbacks •  Public key callbacks LIBRARY CONTROL / PORTABILITY © Copyright 2014 wolfSSL Inc. ü  MAC / Encrypt ü  Decrypt / Verify ü  ECC sign & verify ü  RSA sign & verify ü  RSA encrypt & decrypt **Can be useful when offloading to hardware module

Slide 23

Slide 23 text

•  Ability to unload keys and certificates LIBRARY CONTROL / PORTABILITY © Copyright 2014 wolfSSL Inc. int CyaSSL_CTX_UnloadCAs(CYASSL_CTX*);! int CyaSSL_UnloadCertsKeys(CYASSL*);! ! int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm);!

Slide 24

Slide 24 text

•  Enhanced example applications ü  Track stack usage ü  Track memory allocation ü  Better IPv6 support EXAMPLES AND DOCUMENTATION © Copyright 2014 wolfSSL Inc. ./examples/client/client –t! ./examples/server/server -t! ./configure --enable-stacksize! ./configure --enable-ipv6!

Slide 25

Slide 25 text

•  Updated API documentation EXAMPLES AND DOCUMENTATION © Copyright 2014 wolfSSL Inc.

Slide 26

Slide 26 text

•  New CyaSSL Porting Guide EXAMPLES AND DOCUMENTATION © Copyright 2014 wolfSSL Inc.

Slide 27

Slide 27 text

•  Microchip PIC32MX and PIC32MZ •  Microchip TCP/IP V6 support •  Microchip Harmony support PORTING PROGRESS © Copyright 2014 wolfSSL Inc.

Slide 28

Slide 28 text

•  Freescale RNGA and RNGB support •  Freescale mmCAU support PORTING PROGRESS © Copyright 2014 wolfSSL Inc. #define FREESCALE_K70_RNGA! #define FREESCALE_K53_RNGB! #define FREESCALE_MMCAU!

Slide 29

Slide 29 text

PORTING PROGRESS © Copyright 2014 wolfSSL Inc. Freescale K60 TWR (100 MHz) Software Crypto Software Hardware Percent Increase AES 25 kB took 0.050 seconds, 0.49 MB/s 2.71 MB/s 453% (5.5x) DES 25 kB took 0.080 seconds, 0.31 MB/s 3.49 MB/s 1025% (11.3x) DES3 25 kB took 0.204 seconds, 0.12 MB/s 1.74 MB/s 1350% (14.5x) MD5 25 kB took 0.006 seconds, 4.07 MB/s 4.88 MB/s 19.9% (1.2x) SHA 25 kB took 0.014 seconds, 1.74 MB/s 2.71 MB/s 55.7% (1.6x) SHA-256 25 kB took 0.021 seconds, 1.16 MB/s 2.22 MB/s 91.4% (1.9x)

Slide 30

Slide 30 text

PORTING PROGRESS © Copyright 2014 wolfSSL Inc. 0 1 2 3 4 5 6 AES DES DES3 MD5 SHA SHA-256 MB / sec. Kinetis K60 mmCAU vs. CTaoCrypt Software Software Hardware

Slide 31

Slide 31 text

•  Cavium NITROX •  HP/UX •  Better ThreadX support + NetX I/O callbacks PORTING PROGRESS © Copyright 2014 wolfSSL Inc. #define THREADX! #define HAVE_NETX!

Slide 32

Slide 32 text

•  STM32F2 support, hardware crypto and RNG integration PORTING PROGRESS © Copyright 2014 wolfSSL Inc. 0 5 10 15 20 25 AES DES 3DES MD5 SHA MB/sec STM32F217 (ARM Cortex-M3, 120 MHz ) Software Crypto Hardware Crypto

Slide 33

Slide 33 text

•  KEIL MDK-ARM support •  KEIL MDK5 software pack PORTING PROGRESS © Copyright 2014 wolfSSL Inc.

Slide 34

Slide 34 text

BUSINESS NEWS A STORY OF GROWTH AND SUCCESS © Copyright 2014 wolfSSL Inc.

Slide 35

Slide 35 text

•  Name Change! BUSINESS NEWS © Copyright 2014 wolfSSL Inc.

Slide 36

Slide 36 text

•  More developers! •  Increased onsite consulting activity •  Launched our Kickstart consulting service BUSINESS NEWS © Copyright 2014 wolfSSL Inc.

Slide 37

Slide 37 text

•  Began FIPS 140-2 validation with wolfCrypt BUSINESS NEWS © Copyright 2014 wolfSSL Inc. ü  Federal Information Processing Standard ü  NIST Publication 140-2 ü  Requires additional documentation, power-on self tests, etc.

Slide 38

Slide 38 text

•  Moved to Zendesk to better handle customer support BUSINESS NEWS © Copyright 2014 wolfSSL Inc.

Slide 39

Slide 39 text

THANKS! WOLFSSL [email protected] +1 (425) 245 - 8247 © Copyright 2014 wolfSSL Inc. CHRIS CONLON [email protected]