Silicon Labs Cryptograpy Hardware Acceleration Drivers#

The Simplicity SDK includes device-specific drivers and plugins for selected PSA Crypto and Mbed TLS library functions to support acceleration of cryptographic algorithms and support secure key storage. The drivers use the SE or CRYPTOACC hardware peripherals depending on the capabilities of the target device.

Secure Engine (SE) Peripheral#

Devices with a Hardware Secure Engine (HSE) incorporate the SE peripheral for cryptographic hardware acceleration. The plugins using the SE peripheral support multi-threaded applications by implementing Mbed TLS threading primitives.

Note: The Secure Engine drivers are multi-thread capable, but do not support preemption. This means the application developer is responsible for not calling a driver-accelerated PSA Crypto API under conditions which would cause preemption of an already-running operation. For bare metal applications, this usually means not calling cryptographic operations from ISR. For RTOS-based applications, this boils down to not calling these SE-accelerated functions from either ISR or inside critical/atomic sections, since the underlying mutex acquisition would fail.

CRYPTOACC Peripheral#

Devices with a Virtual Secure Engine (VSE) incorporate the CRYPTOACC peripheral for cryptographic hardware acceleration. The plugins using the CRYPTOACC peripheral support multi-threaded applications by implementing Mbed TLS threading primitives.

Note: The CRYPTOACC peripheral has not been hardened against side-channel analysis (SCA) attacks. Certain APIs in Mbed TLS might give the impression of being secured against this class of attack, but this is not necessarily true if the hardware acceleration plugins are used. For example: some APIs operating over elliptic curves will require an RNG function pointer and state to be passed as arguments in order to perform coordinate randomization. Since the CRYPTOACC peripheral does not allow for this type of acceleration, these parameters will not be used. However, it should be stated that timing based SCA attacks are more challenging to perform on hardware accelerated operations of this type – since they are significantly faster than their software implementation counterparts.

Supported Features/Drivers for PSA Crypto#

In this section, all cryptographic primitives, algorithms, modes-of-operations, etc., that have dedicated drivers implemented will be listed. When including an SLC component that supports an algorithm in PSA Crypto, any corresponding driver usable for the current device will be automatically enabled.

Note: The fact that an algorithm is not explicitly listed in the below tables does not necessarily mean that it is unsupported through the PSA Crypto API: Mbed TLS provides software implementations for most algorithms supported by the PSA Crypto API specification. Also note that that 'composite algorithms' may be partially accelerated using the drivers—as an example, HKDF is not accelerated in its entirety, but the underlying HMAC operations are.

Encryption#


Algorithm	Key Sizes(Bits)	Multi-Part /Single-part	Plaintext Keys	Wrapped Keys	Built-in Keys
AES-ECB	128, 192, 256	Both	All Devices	Secure Vault High	AES-128 HSE Key
AES-CTR	128, 192, 256	Both	All Devices	Secure Vault High	AES-128 HSE Key
AES-CBC(W/O Padding)	128, 192, 256	Both	All Devices	Secure Vault High	AES-128 HSE Key
AES-CBC(PKCS#7 Padding)	128, 192, 256	Both	All Devices	Secure Vault High	AES-128 HSE Key
AES-OFB	128, 192, 256	Both	All Devices	Secure Vault High	AES-128 HSE Key
AES-CFB	128, 192, 256	Both	All Devices	Secure Vault High	AES-128 HSE Key
AES-CCM*(from IEEE 802.15.4)	128, 192, 256	Both	All Devices	Secure Vault High	AES-128 HSE Key
ChaCha20	256	Both	Secure Vault High	Secure Vault High	-

Authenticated Encryption#


Algorithm	Key Sizes(Bits)	Multi-Part/Single-Part	Plaintext Keys	Wrapped Keys	Built-in Keys	Limitations
AES-GCM	128, 192, 256	Both	All Devices	Secure Vault High	-	Only supports nonces of length equal to 12 bytes by default, support for other lengths must be explicitly enabled using SLC
AES-CCM	128, 192, 256	Both	All Devices	Secure Vault High	-	-
ChaCha20-Poly1305	256	Single-Part	Secure Vault High	Secure Vault High	-	Rejects truncated tag lengths; Only supports the nonce variant specified in RFC7539

Hash Functions#


Algorithm	Digest Sizes(Bits)	Multi-Part /Single-Part	Limitations
SHA-1	160	Both	-
SHA-2	224, 256, 384, 512	Both	Digest sizes greater than 256-bit are only available on Secure Vault High devices

Message Authentication Codes#


Algorithm	MAC Sizes(Bits)	Key Sizes(Bits)	Multi-Part/Single-Part	Plaintext Keys	Wrapped Keys	Built-In Keys	Limitations
HMAC	160, 224, 256, 384, 512 (Can be truncated)	Any multiple of 8 greater that zero	Both	All Devices	Secure Vault High	-	MAC sizes greater than 256-bit are only available on Secure Vault High devices; Wrapped keys can only be used for single-part operations
CMAC	128 (Can be truncated)	128, 192, 256	Both	All Devices	Secure Vault High	VSE PUF Key	-
CBC-MAC	128 (Can be truncated)	128, 192, 256	Both	xG21	xG21B	-	-

Signatures#


Algorithm	Curves	Plaintext Keys	Wrapped Keys	Built-In Keys	Limitations
ECDSA	Secp192r1, Secp224r1, Secp256r1, Secp384r1, Secp521r1, Secp256k1	All Devices	Secure Vault High	HSE Application Attestation Key, HSE System Attestation Key, HSE Secure Boot Key, HSE Secure Debug Key	Curves with parameter sizes greater than 256-bit are only available on Secure Vault High devices; Secp256k1 is only supported on Virtual Secure Engine devices
EdDSA	Edwards25519	Hardware Secure Engine Devices	Secure Vault High	-	Only supports pure EdDSA (no pre-hashing)

Key Exchange#


Algorithm	Curves	Plaintext Keys	Wrapped Keys	Built-In Keys	Limitations
ECDH	Secp192r1, Secp224r1, Secp256r1, Secp384r1, Secp521r1, Secp256k1	All Devices	Secure Vault High	-	Curves with parameter sizes greater than 256-bit are only available on Secure Vault High devices; Secp256k1 is only supported on Virtual Secure Engine devices
X25519	Curve25519	Hardware Secure Engine Devices	Secure Vault High	-	Only supports pure EdDSA (no pre-hashing)