Product of the Week: wolfSSL Support for DO-178C DAL A
March 09, 2021
What’s the most secure, reliable type of software you can think of? The software running on aircraft is certainly at the top of the list.
To assist aerospace engineers secure their avionics software and systems, wolfSSL has added complete support for RTCA DO-178C design assurance level (DAL) A to its commercial off-the-shelf wolfCrypt engine, a lightweight, ANSI C-based crypto library that is compliant with FIPS 140-2 certificates 2425 and 3389.
DO-178C is a certification document used by aviation authorities to approve the use of commercial off-the-shelf (COTS) software in aerospace environments, and the wolfCrypt DO-178C certification kit helps developers demonstrate “compliance with the applicable airworthiness regulations for the software aspects of airborne systems and equipment certification” set forth by the standard.
The certification kit includes traceable artifacts for the following cryptographic algorithms:
- SHA-256 (message digest)
- AES (en/decryption)
- RSA (signing and verification)
- Chacha20_poly1305 (authenticated en/decryption)
The wolfCrypt DO-178C Certification Kit in Action
wolfCrypt support for DO-178C is designed to ensure that commercial and military avionics applications that require secure boot and secure firmware updates leverage a proper cryptographic foundation.
Aviation systems developed under DO-178C are required to undergo stages of involvement (SOI) audits that ensure software projects comply with the standard’s cryptography objectives. These are designed to normalize the certification process across different development organizations, and have become the de facto methodology for assessing compliance.
The four stages of an SOI audit include:
- Planning Review
- Design Review
- Validation & Verification Review
- Final Review
The wolfCrypt certification kit has completed SOI audit stages 1-4, and gives avionics engineers a compact, flexible, and performant COTS solution for securing system communications. The certification kit adds a compliance element to a crypto library that is already compatible with any of the FIPS 140-2-validated crypto algorithms, in addition to those mentioned above, enabling the creation of combined FIPS 140-2 and DO 178-compliant systems.
The wolfCrypt crypto library, and subsequently its DO-178C certification kit, works with Intel, Arm, Analog Devices, Microchip/Atmel, Motorola, NXP/Freescale, STMicroelectronics, Texas Instruments, and other chipsets. Supported operating environments include 32- and 64-bit Windows, Linux, Android, Mac OS X, Deos, FreeRTOS, Green Hills INTEGRITY, Micrium µC/OS, Nucleus, PikeOS, SafeRTOS, ThreadX, VxWorks, QNX, Nucleus, CMSIS-RTOS, Keil RTX, and others.
Getting Started with the wolfSSL wolfCrypt DO-178C Certification Kit
wolfSSL’s support for RTCA DO-178C level A begins with the basic crypto for secure boot and secure firmware updates delivered via the wolfCrypt DO-178C Certification Kit, which is available now. However, other elements of the company’s security portfolio will be retrofitted with DO-178 support over the next 18-24 months to deliver comprehensive, traceable security to avionics engineers.
- wolfBoot Secure Boot (2021, Q4)
- wolfDTLS (2021, Q4)
- wolfMQTT (2022, Q4)
Given the rigorous performance requirements associated with rebooting avionics systems, wolfSSL’s service organization is on hand to assist aerospace designers looking to get up to speed with the company’s technology.
Additional resources can be found on the wolfssl.com website, or in the resources section below:
- wolfSSL Support for DO-178C DAL A Product Page: www.wolfssl.com/wolfssl-support-178-dal
- NIST Approved Security Functions for FIPS PUB 140-2: https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf
- Federal Aviation Administration Software Approval Guidelines: www.faa.gov/documentLibrary/media/Order/FAA_Order_8110_49_w-chg_2.pdf