Hardware Acceleration Configuration

Detailed Description

Configuration for enabling hardware acceleration for mbedtls features.

mbed TLS configuration for Silicon Labs device specific hardware acceleration

License

Copyright 2020 Silicon Laboratories Inc. www.silabs.com

SPDX-License-Identifier: APACHE-2.0

This software is subject to an open source license and is distributed by Silicon Laboratories Inc. pursuant to the terms of the Apache License, Version 2.0 available at https://www.apache.org/licenses/LICENSE-2.0. Such terms and conditions may be further supplemented by the Silicon Labs Master Software License Agreement (MSLA) available at www.silabs.com and its sections applicable to open source software.

mbed TLS configuration is composed of settings in this Silicon Labs device specific hardware acceleration file located in mbedtls/configs that will enable hardware acceleration of all features where this is supported. This file should be included from an application specific configuration file that configures what mbedtls features should be included.

SECTION: Silicon Labs Acceleration settings

This section sets Silicon Labs Acceleration settings.

#define MBEDTLS_AES_ALT
 
#define MBEDTLS_AES_ALT
 
#define MBEDTLS_ECP_INTERNAL_ALT
 
#define ECP_SHORTWEIERSTRASS
 
#define MBEDTLS_ECP_ADD_MIXED_ALT
 
#define MBEDTLS_ECP_DOUBLE_JAC_ALT
 
#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
 
#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
 
#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
 
#define MBEDTLS_SHA1_ALT
 
#define MBEDTLS_SHA1_ALT
 
#define MBEDTLS_SHA256_ALT
 
#define MBEDTLS_SHA256_ALT
 
#define AES_192_SUPPORTED
 
#define MBEDTLS_CCM_ALT
 
#define MBEDTLS_CMAC_ALT
 
#define MBEDTLS_GCM_ALT
 
#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
 
#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
 
#define MBEDTLS_ECDSA_GENKEY_ALT
 
#define MBEDTLS_ECDSA_SIGN_ALT
 
#define MBEDTLS_ECDSA_VERIFY_ALT
 
#define MBEDTLS_ECJPAKE_ALT
 
#define MBEDTLS_TRNG_PRESENT
 
#define MBEDTLS_ECP_MAX_BITS   256
 
#define MBEDTLS_MPI_MAX_SIZE   32
 
#define MBEDTLS_ECP_WINDOW_SIZE   2
 
#define MBEDTLS_ECP_FIXED_POINT_OPTIM   0
 
#define MBEDTLS_ECP_NIST_OPTIM
 

Macro Definition Documentation

#define AES_192_SUPPORTED

Definition at line 140 of file config-device-acceleration.h.

#define ECP_SHORTWEIERSTRASS

Definition at line 81 of file config-device-acceleration.h.

#define MBEDTLS_AES_ALT

Enable hardware acceleration for the AES block cipher

Module: sl_crypto/src/crypto_aes.c for devices with CRYPTO, sl_crypto/src/se_aes.c for devices with SE, sl_crypto/src/cryptoacc_aes.c for devices with CRYPTOACC, sl_crypto/src/aes_aes.c for devices with AES

See MBEDTLS_AES_C for more information.

Definition at line 139 of file config-device-acceleration.h.

#define MBEDTLS_AES_ALT

Enable hardware acceleration for the AES block cipher

Module: sl_crypto/src/crypto_aes.c for devices with CRYPTO, sl_crypto/src/se_aes.c for devices with SE, sl_crypto/src/cryptoacc_aes.c for devices with CRYPTOACC, sl_crypto/src/aes_aes.c for devices with AES

See MBEDTLS_AES_C for more information.

Definition at line 139 of file config-device-acceleration.h.

#define MBEDTLS_CCM_ALT

Enable hardware acceleration CCM.

Module: sl_crypto/src/se_ccm.c for devices with SE, sl_crypto/src/cryptoacc_ccm.c for devices with CRYPTOACC

Requires: MBEDTLS_AES_C and MBEDTLS_CCM_C (CRYPTOACC_PRESENT or SEMAILBOX_PRESENT)

See MBEDTLS_CCM_C for more information.

Definition at line 153 of file config-device-acceleration.h.

#define MBEDTLS_CMAC_ALT

Enable hardware acceleration CMAC.

Module: sl_crypto/src/se_cmac.c for devices with SE, sl_crypto/src/cryptoacc_cmac.c for devices with CRYPTOACC

Requires: MBEDTLS_AES_C and MBEDTLS_CMAC_C (CRYPTOACC_PRESENT or SEMAILBOX_PRESENT)

See MBEDTLS_CMAC_C for more information.

Definition at line 166 of file config-device-acceleration.h.

#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT

Definition at line 209 of file config-device-acceleration.h.

#define MBEDTLS_ECDH_GEN_PUBLIC_ALT

Definition at line 210 of file config-device-acceleration.h.

#define MBEDTLS_ECDSA_GENKEY_ALT

Definition at line 211 of file config-device-acceleration.h.

#define MBEDTLS_ECDSA_SIGN_ALT

Definition at line 212 of file config-device-acceleration.h.

#define MBEDTLS_ECDSA_VERIFY_ALT

Enable hardware acceleration ECP.

Module: sl_crypto/src/se_ecp.c for devices with SE, sl_crypto/src/cryptoacc_ecp.c for devices with CRYPTOACC

Requires: MBEDTLS_ECP_C (CRYPTOACC_PRESENT or SEMAILBOX_PRESENT)

See MBEDTLS_ECP_C for more information.

Definition at line 213 of file config-device-acceleration.h.

#define MBEDTLS_ECJPAKE_ALT

Enable hardware acceleration JPAKE.

Module: sl_crypto/src/se_jpake.c

Requires: MBEDTLS_ECJPAKE_C (SEMAILBOX_PRESENT)

See MBEDTLS_ECJPAKE_C for more information.

Definition at line 285 of file config-device-acceleration.h.

#define MBEDTLS_ECP_ADD_MIXED_ALT

Definition at line 82 of file config-device-acceleration.h.

#define MBEDTLS_ECP_DOUBLE_JAC_ALT

Definition at line 83 of file config-device-acceleration.h.

#define MBEDTLS_ECP_FIXED_POINT_OPTIM   0

Definition at line 361 of file config-device-acceleration.h.

#define MBEDTLS_ECP_INTERNAL_ALT

Expose a part of the internal interface of the Elliptic Curve Point module.

MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your alternative core implementation of elliptic curve arithmetic. Keep in mind that function prototypes should remain the same.

This partially replaces one function. The header file from mbed TLS is still used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation is still present and it is used for group structures not supported by the alternative. As an option to save code size, the MBEDTLS_ECP_NO_FALLBACK flag can be used, in which case the groups not supported by the alternative will return a MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE error code.

Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT and implementing the following functions: unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp ) int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) The mbedtls_internal_ecp_grp_capable function should return 1 if the replacement functions implement arithmetic for the given group and 0 otherwise. The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are called before and after each point operation and provide an opportunity to implement optimized set up and tear down instructions.

Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac function, but will use your mbedtls_internal_ecp_double_jac if the group is supported (your mbedtls_internal_ecp_grp_capable function returns 1 when receives it as an argument). If the group is not supported then the original implementation is used. The other functions and the definition of mbedtls_ecp_group and mbedtls_ecp_point will not change, so your implementation of mbedtls_internal_ecp_double_jac and mbedtls_internal_ecp_grp_capable must be compatible with this definition.

Uncomment a macro to enable alternate implementation of the corresponding function.

Definition at line 80 of file config-device-acceleration.h.

#define MBEDTLS_ECP_MAX_BITS   256

Definition at line 347 of file config-device-acceleration.h.

#define MBEDTLS_ECP_NIST_OPTIM

Definition at line 364 of file config-device-acceleration.h.

#define MBEDTLS_ECP_NORMALIZE_JAC_ALT

Enable hardware acceleration for the elliptic curve over GF(p) library.

Module: sl_crypto/src/crypto_ecp.c

Caller: library/ecp.c

Requires: MBEDTLS_BIGNUM_C, MBEDTLS_ECP_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED and (CRYPTO_COUNT > 0)

Definition at line 85 of file config-device-acceleration.h.

#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT

Definition at line 84 of file config-device-acceleration.h.

#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT

Definition at line 86 of file config-device-acceleration.h.

#define MBEDTLS_ECP_WINDOW_SIZE   2

Definition at line 360 of file config-device-acceleration.h.

#define MBEDTLS_GCM_ALT

Enable hardware acceleration GCM.

Module: sl_crypto/src/se_gcm.c for devices with SE, sl_crypto/src/cryptoacc_gcm.c for devices with CRYPTOACC

Requires: MBEDTLS_GCM_C (CRYPTOACC_PRESENT or SEMAILBOX_PRESENT)

See MBEDTLS_GCM_C for more information.

Definition at line 179 of file config-device-acceleration.h.

#define MBEDTLS_MPI_MAX_SIZE   32

Definition at line 350 of file config-device-acceleration.h.

#define MBEDTLS_SHA1_ALT

Enable hardware acceleration for the SHA1 cryptographic hash algorithm.

Module: sl_crypto/src/crypto_sha.c for devices with CRYPTO, sl_crypto/src/se_sha.c for devices with SE, sl_crypto/src/cryptoacc_sha.c for devices with CRYPTOACC

Caller: library/mbedtls_md.c library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c library/x509write_crt.c

Requires: MBEDTLS_SHA1_C and (CRYPTO_COUNT > 0 or CRYPTOACC_PRESENT or SEMAILBOX_PRESENT)

See MBEDTLS_SHA1_C for more information.

Definition at line 180 of file config-device-acceleration.h.

#define MBEDTLS_SHA1_ALT

Enable hardware acceleration for the SHA1 cryptographic hash algorithm.

Module: sl_crypto/src/crypto_sha.c for devices with CRYPTO, sl_crypto/src/se_sha.c for devices with SE, sl_crypto/src/cryptoacc_sha.c for devices with CRYPTOACC

Caller: library/mbedtls_md.c library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c library/x509write_crt.c

Requires: MBEDTLS_SHA1_C and (CRYPTO_COUNT > 0 or CRYPTOACC_PRESENT or SEMAILBOX_PRESENT)

See MBEDTLS_SHA1_C for more information.

Definition at line 180 of file config-device-acceleration.h.

#define MBEDTLS_SHA256_ALT

Enable hardware acceleration for the SHA-224 and SHA-256 cryptographic hash algorithms.

Module: sl_crypto/src/crypto_sha.c for devices with CRYPTO, sl_crypto/src/se_sha.c for devices with SE, sl_crypto/src/cryptoacc_sha.c for devices with CRYPTOACC

Caller: library/entropy.c library/mbedtls_md.c library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c

Requires: MBEDTLS_SHA256_C and (CRYPTO_COUNT > 0 or CRYPTOACC_PRESENT or SEMAILBOX_PRESENT)

See MBEDTLS_SHA256_C for more information.

Definition at line 181 of file config-device-acceleration.h.

#define MBEDTLS_SHA256_ALT

Enable hardware acceleration for the SHA-224 and SHA-256 cryptographic hash algorithms.

Module: sl_crypto/src/crypto_sha.c for devices with CRYPTO, sl_crypto/src/se_sha.c for devices with SE, sl_crypto/src/cryptoacc_sha.c for devices with CRYPTOACC

Caller: library/entropy.c library/mbedtls_md.c library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c

Requires: MBEDTLS_SHA256_C and (CRYPTO_COUNT > 0 or CRYPTOACC_PRESENT or SEMAILBOX_PRESENT)

See MBEDTLS_SHA256_C for more information.

Definition at line 181 of file config-device-acceleration.h.

#define MBEDTLS_TRNG_PRESENT

Decode if device supports the True Random Number Generator (TRNG) incorporated from Series 1 Configuration 2 devices (EFR32MG12, etc.) from Silicon Labs.

TRNG is not supported by software for EFR32XG13 (SDID_89) and EFR32XG14 (SDID_95).

Requires TRNG_PRESENT && !(_SILICON_LABS_GECKO_INTERNAL_SDID_95) && !(_SILICON_LABS_GECKO_INTERNAL_SDID_89)

Definition at line 314 of file config-device-acceleration.h.