AES Lib configuration - Githubissues

PelionIoT / pelion-ready-example

Pelion Device Ready example - deprecated

https://github.com/ARMmbed/pelion-ready-example

Apache License 2.0

2 stars 18 forks source link

AES Lib configuration #18

Closed Alonof closed 5 years ago

Alonof commented 6 years ago

MBEDTLS_AES_FEWER_TABLES, to dynamically compute smaller AES tables during runtime, thereby reducing the RAM/ROM footprint by ~6KiB. this causes speed reduction here is the following benchmark tests:

Before
SMBEDTLS_AES_ENCRYPT      499 Kb/s      436 Kb/s      387 Kb/s
MBEDTLS_CIPHER_ID_AES      203 Kb/s      191 Kb/s      181 Kb/s
SMBEDTLS_CIPHER_ID_AES      229 Kb/s      202 Kb/s      181 Kb/s

After
SMBEDTLS_AES_ENCRYPT      484 Kb/s      421 Kb/s      373 Kb/s
MBEDTLS_CIPHER_ID_AES      200 Kb/s      189 Kb/s      178 Kb/s
SMBEDTLS_CIPHER_ID_AES      223 Kb/s      195 Kb/s      175 Kb/s

there is a small redcution in speed by 2-5% *tested on K64F

For additional information please read (pros & cons): https://github.com/ARMmbed/mbedtls/blob/aa9f3fd6b143d86294e2626e8a91fd9ebbd87348/include/mbedtls/config.h#L473

https://github.com/ARMmbed/mbedtls/blob/aa9f3fd6b143d86294e2626e8a91fd9ebbd87348/include/mbedtls/config.h#L490

janjongboom commented 6 years ago

@alonof wouldn't this be better integrated in Mbed Cloud Client upstream? Happy to land it here, but the rest of Cloud Client would benefit from this too.

Alonof commented 6 years ago

@janjongboom Hi, I see no reason why everybody cant enjoy this, Maybe we should ask mbedtls team why they didnt enable this flag

JanneKiiskila commented 6 years ago

@Alonof - you remember where these configs are? The root of these are coming via the mbed-client-pal repo, so we should put these there...

Though, looking at this line.. https://github.com/ARMmbed/mbed-client-pal/blob/master/Configs/mbedTLS/mbedTLSConfig_mbedOS_SW_TRNG.h#L213

It's a trade-off of some sorts, how does this flag interact with that other one? RAM is typically MORE precious than ROM.

Alonof commented 6 years ago

@JanneKiiskila - MBEDTLS_AES_FEWER_TABLES does not replace MBEDTLS_AES_ROMTABLES it is an addon to reduce the code size, instead of declaring 8 ROM tables the addon flag reduces them to 2 ROM tables. *(you can use MBEDTLS_AES_FEWER_TABLES without declaring MBEDTLS_AES_ROMTABLES)

MBEDTLS_AES_ROM_TABLES flag generates ALL of the tables on the ROM

For additional information please read (pros & cons): https://github.com/ARMmbed/mbedtls/blob/aa9f3fd6b143d86294e2626e8a91fd9ebbd87348/include/mbedtls/config.h#L473

https://github.com/ARMmbed/mbedtls/blob/aa9f3fd6b143d86294e2626e8a91fd9ebbd87348/include/mbedtls/config.h#L490

janjongboom commented 5 years ago

This is now in Mbed Cloud Client (https://github.com/ARMmbed/mbed-client-pal/blob/master/Configs/mbedTLS/mbedTLSConfig_mbedOS_SW_TRNG.h#L87).