SE05X Performance Measurements¶
The following measurements are performed on K-64 board with SE050 connected via T10I2C. TLS connections is established between mbedtls client (with lwip) on K64 with mbedtls server running on windows machine.
TLS1.2 using ECC Nist256 Keys (Using MbedTLS Alt)¶
DUT:
OEF - A200
Applet Version - 3.1.1
JCOP Platform ID = J3R351021EEE0400
Ciphersuite used for TLS - TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA
Read the numbers as MIN - AVG - MAX milliseconds.
Operation |
SE05X (Auth - None) |
K64 (with O0) |
K64 (with O2) |
---|---|---|---|
Server Certificate Verification |
49 - 49.6 - 50 |
1885 - 1885.4 - 1887 |
754 - 754.2 - 755 |
DH key generation |
54 - 54 - 54 |
911 - 913.8 - 915 |
363 - 364.4 - 366 |
Sign Operation |
50 - 51.8 - 59 |
952 - 956 - 959 |
382 - 384 - 386 |
sss_derive_key_dh is used for DH calulation. Time measured includes - set other party public key on host, Derive key, Get DH key from host.
For ECDHE, key is generated on the host. So SE05X is not used for DH in case of ECDHE ciphers.
Deep Integration
Operation (Deep Integration) |
SE05X (Auth - None) |
K64 (with O0) |
K64 (with O2) |
---|---|---|---|
Generate client random |
22 - 22 - 22 |
0 - 0.2 - 1 |
0 - 0 - 0 |
Server Certificate Verification |
49 - 49.6 - 50 |
1849 - 1849 - 1849 |
742 - 742.8 - 743 |
DH key generation |
104 - 104 - 104 |
897 - 899.8 - 902 |
359 - 361.2 - 363 |
Calculate master secret |
230 - 230 - 230 |
0 - 0.8 - 1 |
0 - 0.4 - 1 |
Sign Operation |
49 - 49 - 49 |
935 - 939 - 942 |
372 - 376.8 - 381 |
Se05x_API_TLSCalculatePreMasterSecret is used for DH calulation
Extended master secret is disabled for the calculation.
By using ECDSA ALT implementation, all verify operations can be delegated to SE05X.
TLS1.2 using RSA2048 (CRT) Keys (Using MbedTLS Alt)¶
DUT:
OEF - A200
Applet Version - 3.1.1
JCOP Platform ID = J3R351021EEE0400
Ciphersuite used for TLS - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
Read the numbers as MAX - AVG - MIN milliseconds.
Operation |
SE05X (Auth - None) |
K64 (with O0) |
K64 (with O2) |
---|---|---|---|
Server Certificate Verification |
49 - 49.8 - 50 |
172 - 172.2 - 172 |
26 - 26.8 - 27 |
DH key generation |
NA - NA - NA |
3151 - 3157.4 - 3179 |
813 - 834.6 - 847 |
Sign Operation |
102 - 102.4 - 103 |
8450 - 8521 - 8571 |
1143 - 1152 - 1164 |
Secp521r1 key is used for DH. So there is a difference in DH numbers between TLS with ECC keys and TLS with RSA keys.
SSS APIs Performance¶
The measurents are performed by running the example ex_se05x_performance on k64.
DUT:
OEF - A200
Applet Version - 3.1.1
JCOP Platform ID = J3R351021EEE0400
Operation |
SE05X (Auth - None) |
SE05X (Platf SCP03) |
---|---|---|
Session Open |
132 |
187 |
Sign - SHA256 NIST256 |
45 |
67 |
Verify - SHA256 NIST256 |
44.2 |
68 |
Sign - PKCS1_V1_5_SHA256 RSA_2048 |
93 |
133.5 |
Verify - PKCS1_V1_5_SHA256 RSA_2048 |
48 |
85 |
ECDH (Nist256 Key) |
44 |
59 |
ECDH (Nist256 Key) –> Time measured includes - Set other party public key on host, Derive key, Get dh key from host.