ESP32 Forum

Hi guys! I see there are 2 main folders with encryption options in ESP32. By the name, the "HWCRYPTO" seems to be accelerated by hardware, but what about mbedtls? Is it hardware accelerated? What is the best? Which one should I use and why?

mbedtls is probably the easiest way, it also uses hardware acceleration(see "make menuconfig" componentconfig -> mbedtls)
I think that folder is esp32 specific, and those sources allow libraries like mbedtls to use hardware acceleration. (but thats just a guess)

f.h-f.s. wrote:mbedtls is probably the easiest way, it also uses hardware acceleration(see "make menuconfig" componentconfig -> mbedtls)
I think that folder is esp32 specific, and those sources allow libraries like mbedtls to use hardware acceleration. (but thats just a guess)

Yes, I've seen and enabled all mbed acceleration options. If your guess is true, it makes sense. But if not, there must be some difference and I need to know!

Probably true since there are no other TLS libs in esp-idf (except for the fake openssl which uses mbedtls).
I'd bet on it =P

Hardware acceleration options are inside the menuconfig mbedtls, if you disable it, and use the hwcrypto libraries, will the acceleration continue, and the mbedtls libraries are just software? Because in theory I deactivated the acceleration of mbedtls ....

Here my test's.

I try with MBEDTLS Acell. Hard. Options ON and OFF in both libraries (HWCrypto and MBedTLS).

//80MHz
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) ON = 129uS / 4 Enc.
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) OFF = 129uS / 4 Enc.

//MBEDTLS Hardware Acell. (menuconfig->mbedtls) ON = FAIL????????? (fail to compile).
//MBEDTLS Hardware Acell. (menuconfig->mbedtls) OFF = 427uS / 4 Enc.

When I try to compile mbedtls AES encrypt with hardware acelleration ON, Visual studio tell me: "undefined reference to X function".

However, I need to know differences of both libraries and wich one is best.

Piece of code and comments:

PS: Number after "AES" is MicroSeconds to do 4 encryptations.

The implementation in esp32/hwcrypto is a "lower level" implementation of AES & SHA primitives. If you use mbedTLS and enable hardware acceleration, it will call these functions as the AES & SHA implementations.

For RSA/ECDSA big number hardware acceleration, it was too complex to create a "lower level" layer so it's implemented directly as a platform-specific addition to mbedTLS.

In general, I would recommend using the mbedTLS libraries. There should be no noticeable performance impact, and they're much more flexible and a stable API. Plus you can experiment with disabling/enabling different hardware acceleration options (performance characteristics can vary depending on workload and your CPU speed, so in some cases you may want to stick with software. The defaults are set to try and give "best overall" performance.)

urbanze wrote: When I try to compile mbedtls AES encrypt with hardware acelleration ON, Visual studio tell me: "undefined reference to X function".

It's hard to guess without seeing the error, but there is currently a bug in the IDF master branch where you need to do a "make clean" after some configuration changes, before rebuilding. Bug should be fixed in the next couple of days.

ESP_Angus wrote:The implementation in esp32/hwcrypto is a "lower level" implementation of AES & SHA primitives. If you use mbedTLS and enable hardware acceleration, it will call these functions as the AES & SHA implementations.

For RSA/ECDSA big number hardware acceleration, it was too complex to create a "lower level" layer so it's implemented directly as a platform-specific addition to mbedTLS.

In general, I would recommend using the mbedTLS libraries. There should be no noticeable performance impact, and they're much more flexible and a stable API. Plus you can experiment with disabling/enabling different hardware acceleration options (performance characteristics can vary depending on workload and your CPU speed, so in some cases you may want to stick with software. The defaults are set to try and give "best overall" performance.)

urbanze wrote: When I try to compile mbedtls AES encrypt with hardware acelleration ON, Visual studio tell me: "undefined reference to X function".

It's hard to guess without seeing the error, but there is currently a bug in the IDF master branch where you need to do a "make clean" after some configuration changes, before rebuilding. Bug should be fixed in the next couple of days.

Oh, thanks for reply! I will try again with mbed+acellON+clean paste.

I deleted "build" folder from Arduico core__IDF Component and rebuild again with MbedTLS Acell ON. Still with error, see:

Build folder and files inside:

https://i.imgur.com/K56Euvp.png
https://i.imgur.com/mrPn8d2.png


Here, error in compile. What can I try now?

Well... Sucess!! Before, I put only "mbedtls\include\mbedtls\aes.h". Now, I tried put more one "mbedtls\library\aes.c" and WORKED!

See both libraries: https://i.imgur.com/d3liT0L.png

However, with HWCrypto only, takes ~129uS. MbedTLS with Acell ON takes ~150uS.... List bellow show my tests.


//ESP32 Dual-Core (RTOS in both cores) - 80MHz
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) ON = 129uS / 4 Enc.
//HWCRYPTO Hardware Acell. (menuconfig->mbedtls) OFF = 129uS / 4 Enc.

//MBEDTLS Hardware Acell. (menuconfig->mbedtls) ON = 144uS / 4 Enc.
//MBEDTLS Hardware Acell. (menuconfig->mbedtls) OFF = 427uS / 4 Enc.


//Software AES128 ESP8266 80MHz = 530uS / 4 Enc
//Software AES128 ESP8266 160MHz = 300uS / 4 Enc

Thanks for all!