Silicon Labs Cryptograpy Hardware Acceleration Drivers#
The Simplicity SDK includes device-specific drivers and plugins for selected PSA Crypto and Mbed TLS library functions to support acceleration of cryptographic algorithms and support secure key storage. The drivers use the SE or CRYPTOACC hardware peripherals depending on the capabilities of the target device.
Secure Engine (SE) Peripheral#
Devices with a Hardware Secure Engine (HSE) incorporate the SE peripheral for cryptographic hardware acceleration. The plugins using the SE peripheral support multi-threaded applications by implementing Mbed TLS threading primitives.
Note: The Secure Engine drivers are multi-thread capable, but do not support preemption. This means the application developer is responsible for not calling a driver-accelerated PSA Crypto API under conditions which would cause preemption of an already-running operation. For bare metal applications, this usually means not calling cryptographic operations from ISR. For RTOS-based applications, this boils down to not calling these SE-accelerated functions from either ISR or inside critical/atomic sections, since the underlying mutex acquisition would fail.
CRYPTOACC Peripheral#
Devices with a Virtual Secure Engine (VSE) incorporate the CRYPTOACC peripheral for cryptographic hardware acceleration. The plugins using the CRYPTOACC peripheral support multi-threaded applications by implementing Mbed TLS threading primitives.
Note: The CRYPTOACC peripheral has not been hardened against side-channel analysis (SCA) attacks. Certain APIs in Mbed TLS might give the impression of being secured against this class of attack, but this is not necessarily true if the hardware acceleration plugins are used. For example: some APIs operating over elliptic curves will require an RNG function pointer and state to be passed as arguments in order to perform coordinate randomization. Since the CRYPTOACC peripheral does not allow for this type of acceleration, these parameters will not be used. However, it should be stated that timing based SCA attacks are more challenging to perform on hardware accelerated operations of this type – since they are significantly faster than their software implementation counterparts.
Supported Features/Drivers for PSA Crypto#
In this section, all cryptographic primitives, algorithms, modes-of-operations, etc., that have dedicated drivers implemented will be listed. When including an SLC component that supports an algorithm in PSA Crypto, any corresponding driver usable for the current device will be automatically enabled.
Note: The fact that an algorithm is not explicitly listed in the below tables does not necessarily mean that it is unsupported through the PSA Crypto API: Mbed TLS provides software implementations for most algorithms supported by the PSA Crypto API specification. Also note that that 'composite algorithms' may be partially accelerated using the drivers—as an example, HKDF is not accelerated in its entirety, but the underlying HMAC operations are.
Encryption#
Algorithm | Key Sizes(Bits) | Multi-Part /Single-part | Plaintext Keys | Wrapped Keys | Built-in Keys |
---|---|---|---|---|---|
AES-ECB | 128, 192, 256 | Both | All Devices | Secure Vault High | |
AES-CTR | 128, 192, 256 | Both | All Devices | Secure Vault High | |
AES-CBC(W/O Padding) | 128, 192, 256 | Both | All Devices | Secure Vault High | |
AES-CBC(PKCS#7 Padding) | 128, 192, 256 | Both | All Devices | Secure Vault High | |
AES-OFB | 128, 192, 256 | Both | All Devices | Secure Vault High | |
AES-CFB | 128, 192, 256 | Both | All Devices | Secure Vault High | |
AES-CCM*(from IEEE 802.15.4) | 128, 192, 256 | Both | All Devices | Secure Vault High | |
ChaCha20 | 256 | Both | Secure Vault High | Secure Vault High | - |
Authenticated Encryption#
Algorithm | Key Sizes(Bits) | Multi-Part/Single-Part | Plaintext Keys | Wrapped Keys | Built-in Keys | Limitations |
---|---|---|---|---|---|---|
AES-GCM | 128, 192, 256 | Both | All Devices | Secure Vault High | - | Only supports nonces of length equal to 12 bytes by default, support for other lengths must be explicitly enabled using SLC |
AES-CCM | 128, 192, 256 | Both | All Devices | Secure Vault High | - | - |
ChaCha20-Poly1305 | 256 | Single-Part | Secure Vault High | Secure Vault High | - | Rejects truncated tag lengths; Only supports the nonce variant specified in RFC7539 |
Hash Functions#
Algorithm | Digest Sizes(Bits) | Multi-Part /Single-Part | Limitations |
---|---|---|---|
SHA-1 | 160 | Both | - |
SHA-2 | 224, 256, 384, 512 | Both | Digest sizes greater than 256-bit are only available on Secure Vault High devices |
Message Authentication Codes#
Algorithm | MAC Sizes(Bits) | Key Sizes(Bits) | Multi-Part/Single-Part | Plaintext Keys | Wrapped Keys | Built-In Keys | Limitations |
---|---|---|---|---|---|---|---|
HMAC | 160, 224, 256, 384, 512 (Can be truncated) | Any multiple of 8 greater that zero | Both | All Devices | Secure Vault High | - | MAC sizes greater than 256-bit are only available on Secure Vault High devices; Wrapped keys can only be used for single-part operations |
CMAC | 128 (Can be truncated) | 128, 192, 256 | Both | All Devices | Secure Vault High | - | |
CBC-MAC | 128 (Can be truncated) | 128, 192, 256 | Both | xG21 | xG21B | - | - |
Signatures#
Algorithm | Curves | Plaintext Keys | Wrapped Keys | Built-In Keys | Limitations |
---|---|---|---|---|---|
ECDSA | Secp192r1, Secp224r1, Secp256r1, Secp384r1, Secp521r1, Secp256k1 | All Devices | Secure Vault High | HSE Application Attestation Key, HSE System Attestation Key, HSE Secure Boot Key, HSE Secure Debug Key | Curves with parameter sizes greater than 256-bit are only available on Secure Vault High devices; Secp256k1 is only supported on Virtual Secure Engine devices |
EdDSA | Edwards25519 | Hardware Secure Engine Devices | Secure Vault High | - | Only supports pure EdDSA (no pre-hashing) |
Key Exchange#
Algorithm | Curves | Plaintext Keys | Wrapped Keys | Built-In Keys | Limitations |
---|---|---|---|---|---|
ECDH | Secp192r1, Secp224r1, Secp256r1, Secp384r1, Secp521r1, Secp256k1 | All Devices | Secure Vault High | - | Curves with parameter sizes greater than 256-bit are only available on Secure Vault High devices; Secp256k1 is only supported on Virtual Secure Engine devices |
X25519 | Curve25519 | Hardware Secure Engine Devices | Secure Vault High | - | Only supports pure EdDSA (no pre-hashing) |