Https requests not using HW accelerated AES encryption on SE050

cancel
Showing results for 
Search instead for 
Did you mean: 

Https requests not using HW accelerated AES encryption on SE050

Jump to solution
136 Views
morni
Contributor I

I'm using the SE050 to connect to AWS and upload data to an S3 bucket.  I've found that secure uploads (using https instead of http) is VERY slow.  Stepping through the code, it seems that the AES encryption of data in the secure pipe is done in software and not on the SE050 chip.  As far as I understand, the Edgelock chip supports hardware accelerated AES encryption/decryption, but it does not seem to be used in https requests.  Is this a configuration problem or is an alternative simply not implemented for mbedtls AES?  I've made sure that MBEDTLS_AES_ENCRYPT_ALT is #defined. 

I'm using Edgelock on an NXT i.mx rt1064 platform.

I can't find any application note or example on the subject, help would be appreciated. Thanks!

0 Kudos
1 Solution
122 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @morni ,

 

Indeed the SE05x is used for the TLS Handshake only. After TLS Handshake to Server and the IoT Device are using temporary AES session keys to encrypt/decrypt the application data. 

Due to performance reason we do not use the SE for application data encryption. To increase the performance the customer shall use the MCU AES crypto coprocessor if possible. 

BTW: The mbedTLS ALT behavior is specified in the MW doc , https://www.nxp.com/webapp/Download?colCode=AN13030 (especially in chapter 8.2). and AN12400, https://www.nxp.com/docs/en/application-note/AN12400.pdf , the chapter 3 also shows which operation is performed by the SE.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

0 Kudos
1 Reply
123 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @morni ,

 

Indeed the SE05x is used for the TLS Handshake only. After TLS Handshake to Server and the IoT Device are using temporary AES session keys to encrypt/decrypt the application data. 

Due to performance reason we do not use the SE for application data encryption. To increase the performance the customer shall use the MCU AES crypto coprocessor if possible. 

BTW: The mbedTLS ALT behavior is specified in the MW doc , https://www.nxp.com/webapp/Download?colCode=AN13030 (especially in chapter 8.2). and AN12400, https://www.nxp.com/docs/en/application-note/AN12400.pdf , the chapter 3 also shows which operation is performed by the SE.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

0 Kudos