Silicon Labs Cryptograpy Hardware Acceleration Drivers#

The Simplicity SDK includes device-specific drivers and plugins for selected PSA Crypto and Mbed TLS library functions to support acceleration of cryptographic algorithms and support secure key storage. The drivers use the SE or CRYPTOACC hardware peripherals depending on the capabilities of the target device.

Secure Engine (SE) Peripheral#

Devices with a Hardware Secure Engine (HSE) incorporate the SE peripheral for cryptographic hardware acceleration. The plugins using the SE peripheral support multi-threaded applications by implementing Mbed TLS threading primitives.

Note: The Secure Engine drivers are multi-thread capable, but do not support preemption. This means the application developer is responsible for not calling a driver-accelerated PSA Crypto API under conditions which would cause preemption of an already-running operation. For bare metal applications, this usually means not calling cryptographic operations from ISR. For RTOS-based applications, this boils down to not calling these SE-accelerated functions from either ISR or inside critical/atomic sections, since the underlying mutex acquisition would fail.

CRYPTOACC Peripheral#

Devices with a Virtual Secure Engine (VSE) incorporate the CRYPTOACC peripheral for cryptographic hardware acceleration. The plugins using the CRYPTOACC peripheral support multi-threaded applications by implementing Mbed TLS threading primitives.

Note: The CRYPTOACC peripheral has not been hardened against side-channel analysis (SCA) attacks. Certain APIs in Mbed TLS might give the impression of being secured against this class of attack, but this is not necessarily true if the hardware acceleration plugins are used. For example: some APIs operating over elliptic curves will require an RNG function pointer and state to be passed as arguments in order to perform coordinate randomization. Since the CRYPTOACC peripheral does not allow for this type of acceleration, these parameters will not be used. However, it should be stated that timing based SCA attacks are more challenging to perform on hardware accelerated operations of this type – since they are significantly faster than their software implementation counterparts.

Supported Features/Drivers for PSA Crypto#

In this section, all cryptographic primitives, algorithms, modes-of-operations, etc., that have dedicated drivers implemented will be listed. When including an SLC component that supports an algorithm in PSA Crypto, any corresponding driver usable for the current device will be automatically enabled.

Note: The fact that an algorithm is not explicitly listed in the below tables does not necessarily mean that it is unsupported through the PSA Crypto API: Mbed TLS provides software implementations for most algorithms supported by the PSA Crypto API specification. Also note that that 'composite algorithms' may be partially accelerated using the drivers—as an example, HKDF is not accelerated in its entirety, but the underlying HMAC operations are.

Encryption#

Algorithm

Key Sizes(Bits)

Multi-Part /Single-part

Plaintext Keys

Wrapped Keys

Built-in Keys

AES-ECB

128, 192, 256

Both

All Devices

Secure Vault High

AES-128 HSE Key

AES-CTR

128, 192, 256

Both

All Devices

Secure Vault High

AES-128 HSE Key

AES-CBC(W/O Padding)

128, 192, 256

Both

All Devices

Secure Vault High

AES-128 HSE Key

AES-CBC(PKCS#7 Padding)

128, 192, 256

Both

All Devices

Secure Vault High

AES-128 HSE Key

AES-OFB

128, 192, 256

Both

All Devices

Secure Vault High

AES-128 HSE Key

AES-CFB

128, 192, 256

Both

All Devices

Secure Vault High

AES-128 HSE Key

AES-CCM*(from IEEE 802.15.4)

128, 192, 256

Both

All Devices

Secure Vault High

AES-128 HSE Key

ChaCha20

256

Both

Secure Vault High

Secure Vault High

-

Authenticated Encryption#

Algorithm

Key Sizes(Bits)

Multi-Part/Single-Part

Plaintext Keys

Wrapped Keys

Built-in Keys

Limitations

AES-GCM

128, 192, 256

Both

All Devices

Secure Vault High

-

Only supports nonces of length equal to 12 bytes by default, support for other lengths must be explicitly enabled using SLC

AES-CCM

128, 192, 256

Both

All Devices

Secure Vault High

-

-

ChaCha20-Poly1305

256

Single-Part

Secure Vault High

Secure Vault High

-

Rejects truncated tag lengths; Only supports the nonce variant specified in RFC7539

Hash Functions#

Algorithm

Digest Sizes(Bits)

Multi-Part /Single-Part

Limitations

SHA-1

160

Both

-

SHA-2

224, 256, 384, 512

Both

Digest sizes greater than 256-bit are only available on Secure Vault High devices

Message Authentication Codes#

Algorithm

MAC Sizes(Bits)

Key Sizes(Bits)

Multi-Part/Single-Part

Plaintext Keys

Wrapped Keys

Built-In Keys

Limitations

HMAC

160, 224, 256, 384, 512 (Can be truncated)

Any multiple of 8 greater that zero

Both

All Devices

Secure Vault High

-

MAC sizes greater than 256-bit are only available on Secure Vault High devices; Wrapped keys can only be used for single-part operations

CMAC

128 (Can be truncated)

128, 192, 256

Both

All Devices

Secure Vault High

VSE PUF Key

-

CBC-MAC

128 (Can be truncated)

128, 192, 256

Both

xG21

xG21B

-

-

Signatures#

Algorithm

Curves

Plaintext Keys

Wrapped Keys

Built-In Keys

Limitations

ECDSA

Secp192r1, Secp224r1, Secp256r1, Secp384r1, Secp521r1, Secp256k1

All Devices

Secure Vault High

HSE Application Attestation Key, HSE System Attestation Key, HSE Secure Boot Key, HSE Secure Debug Key

Curves with parameter sizes greater than 256-bit are only available on Secure Vault High devices; Secp256k1 is only supported on Virtual Secure Engine devices

EdDSA

Edwards25519

Hardware Secure Engine Devices

Secure Vault High

-

Only supports pure EdDSA (no pre-hashing)

Key Exchange#

Algorithm

Curves

Plaintext Keys

Wrapped Keys

Built-In Keys

Limitations

ECDH

Secp192r1, Secp224r1, Secp256r1, Secp384r1, Secp521r1, Secp256k1

All Devices

Secure Vault High

-

Curves with parameter sizes greater than 256-bit are only available on Secure Vault High devices; Secp256k1 is only supported on Virtual Secure Engine devices

X25519

Curve25519

Hardware Secure Engine Devices

Secure Vault High

-

Only supports pure EdDSA (no pre-hashing)