HCC CryptoCoreTM Security & Encryption Suite

At HCC we believe that one of the biggest risks to security is software quality. Discussions about security tend to focus on algorithms or encryption and not on the real issue - quality. Large scale hacks of modern algorithms are almost unknown, it is poor quality that has caused the most significant security breaches to date. Software coding errors and defects in security algorithms and encryption allow security to simply be bypassed. This has resulted in high profile scandals such as Heartbleed, GnuTLS, SSL and many others which passed testing but failed disastrously. More testing is not a solution. The solution is to use a mature software process, similar to that used in the development of safety applications, to create robust software with evidence to back claims about quality.

HCC networking and security software is developed for embedded controllers and contains no open-source or third-party content.   

CryptoCoreTM

CryptoCoreTM is HCC’s main encryption and security library, managed through HCC’s Embedded Encryption Manager (EEM).  EEM provides a universal, high quality standard interface to any hardware or software cryptography implementation. This greatly simplifies the design process, makes software portable and allows use of either CryptoCore libraries or hardware accelerated algorithms on chips which provide them.

CryptoCore is available in two packages – CryptoCore Base and CryptoCore Pro.  These packages are included with higher level security packages such as SNMP, TLS/DTLS, SSH etc. They can also be purchased independently to run on any embedded target.

CryptoCore Pro meets all the requirements for Suite B compliance. This includes

  • Advanced Encryption Standard (AES) with key sizes of 128 and 256 bits.
  • Elliptic Curve Digital Signature Algorithm (ECDSA) –  digital signatures
  • Elliptic Curve Diffie–Hellman (ECDH) –  key agreement
  • Secure Hash Algorithm 2 (SHA-256 and SHA-384) 

MISRA Compliance & Portability

HCC software is all developed within our portable framework, called AEF, according to our internal coding rules. This means we can deploy our solutions on any MCU, RTOS or tool-chain. We adhere to one of the industry’s strictest coding standards using MISRA with no rules excepted. Any exceptions are done one at a time, signed off and explained in the documentation. A full MISRA compliance report generated by LDRA tools is provided. In addition, many of our components are available with detailed design documents, static and dynamic analysis and other quality life-cycle evidence.

Support for Encryption Hardware Acceleration

Thanks to HCCs modular Embedded Encryption Manager (EEM), all of HCCs software can seamlessly switch between running our CryptoCore software or using MCU hardware acceleration without any code changes. EEM provides a standard, efficient, MISRA compliant interface to manage all crypto functions.

CryptoCore Base: Base/Base64, DSS, 3DES, MD5, TIGER, RSA  

FunctionAlgorithmsWhere UsedType
Base64 Base64 SMTP, SSH Encode binary over text stream
DSS DSS TLS, IKE, SSH Digital Signature
MD5 MD4 PPP  Hash
  MD5 TLS, IPSec Hash
  MD5-HMAC SNMP Hash
RSA RSA TLS Encrypt
TDES DES   Encrypt
  TDES-CBC TLS Encrypt
  TDES-CBC-RAW SNMP Encrypt
TIGER TIGER128 IKE Hash
  TIGER-160 IKE Hash
  TIGER-192 IKE Hash
  TIGER-HMAC IKE Hash

CryptoCore Pro (Suite B): AES, SHA, EDH, ECC

FunctionAlgorithmsWhere UsedType
SHA SHA1 IPSec, TLS, IKE Hash
  SHA2 TLS, SSH Hash
  SHA1-HMAC SNMP Hash
  SHA2-HMAC   Hash
EDH EDH IKEv2,TLS Key Exchange
AES AES-CBC-RAW IPSec Encrypt
  AES-CBC TLS Encrypt
  AES-CFB SNMP Encrypt
  AES-CTR IPSec Encrypt
  AES-CCM TLS, EAP-TLS Encrypt
  AES-CCM8 TLS, EAP-TLS Encrypt
  AES-GCM TLS Encrypt
  AES-XCBC-MAC IPSec, IKE Hash
  AES-CMAC IPSec, IKE Hash
ECC ECDH TLS Key Exchange
  ECDHE TLS Key Exchange
  ECDSA TLS Digital Signature