FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Https requests not using HW accelerated AES encryption on SE050

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Https requests not using HW accelerated AES encryption on SE050

Jump to solution
‎09-02-2021 08:14 PM
1,520 Views
morni
Contributor I

I'm using the SE050 to connect to AWS and upload data to an S3 bucket.  I've found that secure uploads (using https instead of http) is VERY slow.  Stepping through the code, it seems that the AES encryption of data in the secure pipe is done in software and not on the SE050 chip.  As far as I understand, the Edgelock chip supports hardware accelerated AES encryption/decryption, but it does not seem to be used in https requests.  Is this a configuration problem or is an alternative simply not implemented for mbedtls AES?  I've made sure that MBEDTLS_AES_ENCRYPT_ALT is #defined. 

I'm using Edgelock on an NXT i.mx rt1064 platform.

I can't find any application note or example on the subject, help would be appreciated. Thanks!

0 Kudos
Reply
1 Solution

Jump to solution
‎09-05-2021 10:54 PM
1,506 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @morni ,

 

Indeed the SE05x is used for the TLS Handshake only. After TLS Handshake to Server and the IoT Device are using temporary AES session keys to encrypt/decrypt the application data. 

Due to performance reason we do not use the SE for application data encryption. To increase the performance the customer shall use the MCU AES crypto coprocessor if possible. 

BTW: The mbedTLS ALT behavior is specified in the MW doc , https://www.nxp.com/webapp/Download?colCode=AN13030 (especially in chapter 8.2). and AN12400, https://www.nxp.com/docs/en/application-note/AN12400.pdf , the chapter 3 also shows which operation is performed by the SE.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

0 Kudos
Reply
1 Reply

Jump to solution
‎09-05-2021 10:54 PM
1,507 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @morni ,

 

Indeed the SE05x is used for the TLS Handshake only. After TLS Handshake to Server and the IoT Device are using temporary AES session keys to encrypt/decrypt the application data. 

Due to performance reason we do not use the SE for application data encryption. To increase the performance the customer shall use the MCU AES crypto coprocessor if possible. 

BTW: The mbedTLS ALT behavior is specified in the MW doc , https://www.nxp.com/webapp/Download?colCode=AN13030 (especially in chapter 8.2). and AN12400, https://www.nxp.com/docs/en/application-note/AN12400.pdf , the chapter 3 also shows which operation is performed by the SE.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply