tls 1.2 vs 1.3

Discussion to talk about software related topics only.
SeeCwriter
Posts: 606
Joined: Mon May 12, 2008 10:55 am

Re: tls 1.2 vs 1.3

Post by SeeCwriter »

I installed v3.4.0 and built my app, and retested loading a webpage using tls 1.2, and the time to load is about the same as in v3.3.9, 35-40 seconds on a MOD54415. I will look at moving to web sockets. That made a big improvement with v2.9.5 of the tools, under 10 seconds.
User avatar
Forrest
Posts: 283
Joined: Wed Apr 23, 2008 10:05 am

Re: tls 1.2 vs 1.3

Post by Forrest »

3.4 included big speed improvements for the ARM modules. The coldfire got marginally faster. For 3.4.1, we hope to include a speed boost for the coldfire as well.

You can improve speed on the coldfire a little more by modifying some wolfSSL configuration options. To try this change, open user_settings.h in libraries\include\crypto\platform\MOD5441X\user_settings.h. Comment out #define WOLFSSL_SMALL_STACK. Then, in constants.h, increase the stack size of User main stack to 8000.

#define MAIN_TASK_STK_SIZE (3072) -> #define MAIN_TASK_STK_SIZE (8000)

Rebuild the world.

Note... this is not the method we are hoping to speed up 3.4.1, but you can get some further improvement.

You can get a benchmark like below by running the application found at libraries\crypto\wolfcrypt\benchmark\

One note about the RSA key gen stats below, take them with a grain of salt. We have found that due to RNG, the RSA key gen time can vary significantly. Run multiple times to get an average for RSA keygen if you choose.

Code: Select all

MOD5441X

Big Stack WOLFSSL_SP 

RSA     1024 key gen         1 ops took 10.136 sec, avg 10136.137 ms, 0.099 ops/sec
RSA     2048 key gen         1 ops took 55.883 sec, avg 55883.240 ms, 0.018 ops/sec
RSA     2048 public         18 ops took 1.082 sec, avg 60.099 ms, 16.639 ops/sec
RSA     2048 private         2 ops took 7.430 sec, avg 3715.215 ms, 0.269 ops/sec
DH      2048 key gen         1 ops took 1.477 sec, avg 1476.566 ms, 0.677 ops/sec
DH      2048 agree           2 ops took 2.955 sec, avg 1477.552 ms, 0.677 ops/sec
ECC   [      SECP256R1]   256 key gen        18 ops took 1.099 sec, avg 61.049 ms, 16.380 ops/sec
ECDHE [      SECP256R1]   256 agree           2 ops took 1.873 sec, avg 936.726 ms, 1.068 ops/sec
ECDSA [      SECP256R1]   256 sign           12 ops took 1.063 sec, avg 88.562 ms, 11.292 ops/sec
ECDSA [      SECP256R1]   256 verify          2 ops took 1.897 sec, avg 948.404 ms, 1.054 ops/sec
CURVE  25519 key gen        11 ops took 1.021 sec, avg 92.862 ms, 10.769 ops/sec
CURVE  25519 agree          12 ops took 1.113 sec, avg 92.709 ms, 10.786 ops/sec
ED     25519 key gen        33 ops took 1.007 sec, avg 30.500 ms, 32.787 ops/sec
ED     25519 sign           30 ops took 1.035 sec, avg 34.488 ms, 28.996 ops/sec
ED     25519 verify         10 ops took 1.107 sec, avg 110.670 ms, 9.036 ops/sec


Small stack WOLFSSL_SP (3.4.0 RELEASE DEFAULT)
RSA     1024 key gen         1 ops took 21.378 sec, avg 21377.882 ms, 0.047 ops/sec
RSA     2048 key gen         1 ops took 327.980 sec, avg 327980.097 ms, 0.003 ops/sec
RSA     2048 public         12 ops took 1.054 sec, avg 87.820 ms, 11.387 ops/sec
RSA     2048 private         2 ops took 10.357 sec, avg 5178.424 ms, 0.193 ops/sec
DH      2048 key gen         1 ops took 2.096 sec, avg 2096.135 ms, 0.477 ops/sec
DH      2048 agree           2 ops took 4.185 sec, avg 2092.746 ms, 0.478 ops/sec
ECC   [      SECP256R1]   256 key gen        14 ops took 1.037 sec, avg 74.049 ms, 13.505 ops/sec
ECDHE [      SECP256R1]   256 agree           2 ops took 1.966 sec, avg 983.223 ms, 1.017 ops/sec
ECDSA [      SECP256R1]   256 sign           10 ops took 1.078 sec, avg 107.797 ms, 9.277 ops/sec
ECDSA [      SECP256R1]   256 verify          2 ops took 2.004 sec, avg 1001.912 ms, 0.998 ops/sec
CURVE  25519 key gen        11 ops took 1.019 sec, avg 92.623 ms, 10.796 ops/sec
CURVE  25519 agree          12 ops took 1.105 sec, avg 92.065 ms, 10.862 ops/sec
ED     25519 key gen        33 ops took 1.015 sec, avg 30.756 ms, 32.514 ops/sec
ED     25519 sign           28 ops took 1.020 sec, avg 36.421 ms, 27.456 ops/sec
ED     25519 verify         10 ops took 1.182 sec, avg 118.176 ms, 8.462 ops/sec

Small Stack FAST_MATH (3.3.9 RELEASE DEFAULT)
RSA     1024 key gen         1 ops took 45.474 sec, avg 45473.536 ms, 0.022 ops/sec
RSA     2048 key gen         1 ops took 233.676 sec, avg 233675.594 ms, 0.004 ops/sec
RSA     2048 public         12 ops took 1.064 sec, avg 88.642 ms, 11.281 ops/sec
RSA     2048 private         2 ops took 10.673 sec, avg 5336.477 ms, 0.187 ops/sec
DH      2048 key gen         1 ops took 1.012 sec, avg 1011.542 ms, 0.989 ops/sec
DH      2048 agree           2 ops took 4.497 sec, avg 2248.643 ms, 0.445 ops/sec
ECC   [      SECP256R1]   256 key gen         2 ops took 1.294 sec, avg 647.197 ms, 1.545 ops/sec
ECDHE [      SECP256R1]   256 agree           2 ops took 1.300 sec, avg 650.146 ms, 1.538 ops/sec
ECDSA [      SECP256R1]   256 sign            6 ops took 1.485 sec, avg 247.547 ms, 4.040 ops/sec
ECDSA [      SECP256R1]   256 verify          2 ops took 1.678 sec, avg 838.774 ms, 1.192 ops/sec
CURVE  25519 key gen        11 ops took 1.021 sec, avg 92.788 ms, 10.777 ops/sec
CURVE  25519 agree          12 ops took 1.111 sec, avg 92.544 ms, 10.806 ops/sec
ED     25519 key gen        33 ops took 1.015 sec, avg 30.770 ms, 32.499 ops/sec
ED     25519 sign           28 ops took 1.021 sec, avg 36.457 ms, 27.430 ops/sec
ED     25519 verify         10 ops took 1.177 sec, avg 117.735 ms, 8.494 ops/sec
Forrest Stanley
Project Engineer
NetBurner, Inc

NetBurner Learn Articles: http://www.netburner.com/learn
SeeCwriter
Posts: 606
Joined: Mon May 12, 2008 10:55 am

Re: tls 1.2 vs 1.3

Post by SeeCwriter »

That didn't work so well.

Code: Select all

-------------------Trap information-----------------------------
Stack is corrupt A7=
SwapOutA7=00000000
SwapOutTCB=00000000
SwapInA7=00000000
SwapInTCB=00000000
...
I think the only way to recover is to convert the module back to v2.x compatible, reload the 3p0-Update_APP.s19 file, then load v3.x app. Correct?
SeeCwriter
Posts: 606
Joined: Mon May 12, 2008 10:55 am

Re: tls 1.2 vs 1.3

Post by SeeCwriter »

I am unable to recover this MOD5441X module. I short TP1 pads, power-up. Module goes to the Alternate Boot monitor. Using FLA, I upload Mod5441x_FactoryApp.s19 successfully, but when it boots I get message INVALID Csum. I've done this multiple times with the same results.

Code: Select all

******Erase FlñBoot record INVALID Csum:FFB6

Config record erased
After read backup mac
backup mac not read
Default config failed
nb>Welcome to the Netburner Alternate Boot Monitor  Command Program


Netburner MCF5441x Alternate Image Monitor V1.05 Sep  8 2014 11:05:41
HELP for help
nb>
Is the module hosed?
Post Reply