SE05X Performance Measurements

The following measurements are performed on K-64 board with SE050 connected via T10I2C. TLS connections is established between mbedtls client (with lwip) on K64 with mbedtls server running on windows machine.

TLS1.2 using ECC Nist256 Keys (Using MbedTLS Alt)

DUT:

OEF - A200

Applet Version - 3.1.1

JCOP Platform ID = J3R351021EEE0400

Ciphersuite used for TLS - TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA

Read the numbers as MIN - AVG - MAX milliseconds.

Operation

SE05X (Auth - None)

K64 (with O0)

K64 (with O2)

Server Certificate Verification

49 - 49.6 - 50

1885 - 1885.4 - 1887

754 - 754.2 - 755

DH key generation

54 - 54 - 54

911 - 913.8 - 915

363 - 364.4 - 366

Sign Operation

50 - 51.8 - 59

952 - 956 - 959

382 - 384 - 386

  • sss_derive_key_dh is used for DH calulation. Time measured includes - set other party public key on host, Derive key, Get DH key from host.

  • For ECDHE, key is generated on the host. So SE05X is not used for DH in case of ECDHE ciphers.

Deep Integration

Operation (Deep Integration)

SE05X (Auth - None)

K64 (with O0)

K64 (with O2)

Generate client random

22 - 22 - 22

0 - 0.2 - 1

0 - 0 - 0

Server Certificate Verification

49 - 49.6 - 50

1849 - 1849 - 1849

742 - 742.8 - 743

DH key generation

104 - 104 - 104

897 - 899.8 - 902

359 - 361.2 - 363

Calculate master secret

230 - 230 - 230

0 - 0.8 - 1

0 - 0.4 - 1

Sign Operation

49 - 49 - 49

935 - 939 - 942

372 - 376.8 - 381

  • Se05x_API_TLSCalculatePreMasterSecret is used for DH calulation

  • Extended master secret is disabled for the calculation.

  • By using ECDSA ALT implementation, all verify operations can be delegated to SE05X.

TLS1.2 using RSA2048 (CRT) Keys (Using MbedTLS Alt)

DUT:

OEF - A200

Applet Version - 3.1.1

JCOP Platform ID = J3R351021EEE0400

Ciphersuite used for TLS - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256

Read the numbers as MAX - AVG - MIN milliseconds.

Operation

SE05X (Auth - None)

K64 (with O0)

K64 (with O2)

Server Certificate Verification

49 - 49.8 - 50

172 - 172.2 - 172

26 - 26.8 - 27

DH key generation

NA - NA - NA

3151 - 3157.4 - 3179

813 - 834.6 - 847

Sign Operation

102 - 102.4 - 103

8450 - 8521 - 8571

1143 - 1152 - 1164

  • Secp521r1 key is used for DH. So there is a difference in DH numbers between TLS with ECC keys and TLS with RSA keys.

SSS APIs Performance

The measurents are performed by running the example ex_se05x_performance on k64.

DUT:

OEF - A200

Applet Version - 3.1.1

JCOP Platform ID = J3R351021EEE0400

Operation

SE05X (Auth - None)

SE05X (Platf SCP03)

Session Open

132

187

Sign - SHA256 NIST256

45

67

Verify - SHA256 NIST256

44.2

68

Sign - PKCS1_V1_5_SHA256 RSA_2048

93

133.5

Verify - PKCS1_V1_5_SHA256 RSA_2048

48

85

ECDH (Nist256 Key)

44

59

  • ECDH (Nist256 Key) –> Time measured includes - Set other party public key on host, Derive key, Get dh key from host.