The wolfCrypt FIPS validated cryptographic engine is a lightweight library written in ANSI C and targeted for embedded and RTOS environments while also excelling in PC and FPGA** applications due to leveraging cutting edge hardware cryptographic support and the small size, speed, and feature set offered by wolfCrypt.
wolfCrypt is commonly used in standard operating environments because of its royalty free pricing and excellent cross platform support. wolfCrypt supports the most popular algorithms and ciphers in addition to progressive ones such as HC-128, RABBIT, NTRU, ChaCha, and Poly1305. wolfCrypt is stable, productionready, and backed by an excellent support team. It is used in millions of applications and devices worldwide.
wolfCrypt is built for maximum portability and is generally very easy to port and build on new platforms. It supports the C programming language as a primary interface. If your desired platform is not listed under the supported operating environments, or if you have interest in using wolfCrypt in another programming language (that is not currently supported) please contact wolfSSL and our team will help you realize your
FIPS goals.
The wolfCrypt module is FIPS 140-2 Level 1 validated, with certificate #3389 and a FIPS 140-3 certificate is on the in-process list. wolfSSL anticipates the wolfCrypt FIPS 140-3 certificate will be available in the second half of 2021.
Features
Multiple Hashing Functions:
- MD2, MD4, MD5, SHA-1, SHA-2 (SHA-256, SHA-224, SHA-384, SHA-512), SHA-3 (Keccak), BLAKE2b/s, RIPEMD-160, Poly1305
Block, Stream, and Authenticated Ciphers:
- AES (CBC, CTR, GCM, CCM, GMAC, CMAC, XTS), Camellia, DES, 3DES, IDEA, ARC4, RABBIT, HC-128, ChaCha20
Public Key Options:
- RSA, DSS, DH, ECDH, ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA, NTRU, PSS
Password-based Key Derivation:
- HMAC, PBKDF2, PKCS#5
- Curve25519 and Ed25519
- Hash-based PRNG
- X.509 Encoding / Decoding
- RSA and ECC Key Generation
- X.509 v3 Signed Certificate Generation
- PKCS #1, #5, #8, #12 Private Key Encryption
- PKCS #7 Cryptographic Message Syntax
- PKCS #10 Certificate Signing Request
- Assembly Optimizations
- Custom Memory Hooks / Simple API’s
- Easily ties into Hardware-based RNG solutions
- Asynchronous crypto support
- Hardware Crypto Support
- Intel AES-NI, AVX1/2, RDRAND, RDSEED, SGX, Cavium NITROX, Intel QuickAssist,
- STM32F2/F4/F7, Freescale/NXP (CAU, CAM, MMCAU, SEC, LTC), Microchip PIC32MZ, ARMv8
- OpenSSL compatibility layer
- Loadable as modules in the Linux Kernel
** FPGA: Due to the nature of FPGA fabric there are limitations for FIPS in these operating environments. There are manufacturers working to address these limitations and wolfSSL has contacts in the industry. Reach out to us with any questions and our team will do everything in our power to help.