STM32F439 + LWIP + SNMPv3 + mbedTLS – Hardware AES/SHA1 slower than software?

Forum|Forum|6 months ago
October 30, 2025
1 reply
248 views

Hello,

I'm using STM32F439 with LWIP, SNMPv3, and mbedTLS, without FreeRTOS. I've encountered a performance issue when using the hardware acceleration for AES and SHA1 provided by ST (aes_alt.c, sha1_alt.c).

Specifically, when decoding SNMPv3 messages, the software implementation of AES128 + SHA1 from mbedTLS is significantly faster than the hardware-accelerated version. I measured the execution time of snmp_receive() using a timer:

- mbedTLS software AES128 + SHA1: ~800 µs

- mbedTLS + ST-provided hardware AES (aes_alt.c) + SHA1: ~2.4 ms

This is a 3x slowdown when using the hardware path.

Can anyone explain why the hardware implementation is slower? Is this expected behavior due to HAL overhead, lack of DMA, or something else?

Thanks in advance for any insights!

Best regards, Piotr

STM32F4 Series

Jocelyn RICARD

ST Employee

Hello @pmachura ,

It all depends on the ratio between setup time and actual HW crypto execution time.

The HAL used for AES is very generic as it addresses all the modes and configurations.

For small buffer size it may not be worth it.

Best regards

Jocelyn

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded