Crypto Library in SEGGER Security Products
The foundation of all SEGGER security products - emSSL, emSSH, emSecure-RSA, and emSecure-ECDSA - is a cryptographic algoritm library toolkit.
The library is designed for embedded systems, to be small, efficient, secure, and broad enough to function as the basis of security protocols such as SSL, SSH, and IPSec. It targets what is needed for industry-standard protocols, and does this with robust, cleanly-engineered code.
The cryptographic algorithms are software implementations, written in ANSI C to run on virtually any CPU. Additionally, the toolkit has the capability to use hardware accelerators, if they are available, to accelerate ciphering and hashing. Support for popular embedded cryptography accelerators is included, to be used immediately in embedded systems.
The following sections describe which algorithms are available.
Symmetric Encryption (Ciphers)
The cryptographic library includes the following symmetric encryption algorithms and cipher modes.
All algorithms can use hardware acceleration. If a hardware accelerator does not support a cipher mode (e.g. AES-GCM), the cryptographic library may use hardware-assisted ciphering of individual blocks with software taking care of the cipher mode.
Asymmetric Encryption (Public Key Algorithms)
The cryptographic library includes RSA public key algorithms, including key generation functions, encryption, and decryption.
Elliptic Curve Arithmetic
The cryptographic library includes elliptic curve arithmetic functions, which are used by elliptic curve digital signatures (ECDSA) and elliptic curve key agreement protocols (ECDH).
The elliptic curve arithmetic includes scalar multiplication and addition in affine and projective coordinates, and field arithmetic, as well as transformation between affine and projective coordinates.
The cryptographic library includes digital signature signing and verification functions for following standards:
- RSASSA-PKCS1 v1.5
- DSA, including key generation
- ECDSA, including key generation
- EdDSA25519, including computation of public key from private key
The cryptographic library includes the following has algorithms:
The cryptographic library includes keyed-hash message authentication codes and cipher-based message authentication codes.
Random Bit Generation
The cryptographic library includes deterministic random bit generators (DRBGs) based on different Hashes and HMACs.
The cryptographic library includes hash-based key derivation functions (KDF1, KDF2), HMAC-based key derivation functions (HKDF), and password-based key derivation functions (PBKDF2).
The cryptographic library includes a set of big number (also multi precision integer, arbitrary-precision integer) arithmetic functions which are used by the cryptographic algorithms.