Cryptography Hardware Acceleration Plugins for PSA Crypto

Overview of plugins for hardware accelerated cryptography through the PSA Crypto APIs.

end group sl_crypto

Introduction

The Silicon Labs distribution of mbed TLS includes alternative implementations (plugins) from Silicon Labs for selected and PSA Crypto library functions. The plugins use the CRYPTO, CRYPTOACC and SE hardware peripherals to accelerate cryptographic primitives according to the PSA Crypto driver model. Available acceleration hardware depends on the target device.

The plugins support sharing of cryptography hardware in multi-threaded applications, as well as a reduced overhead configuration for optimal performance in single-threaded applications. Multi-threaded support is provided by the Threading Primitives module.

Note
The PSA Crypto driver interface is prone to change across releases. These interfaces are therefore prefixed with sli_* to denote their potential instability. Users are strongly discouraged from depending directly on the driver interface, and should rather use the top-level PSA Crypto APIs.

For more information on the PSA Crypto accelerator driver interface, and its specification, see docs/proposed/psa-driver-interface.md.

CRYPTO peripheral drivers for PSA Crypto

The Series-1 devices incorporate the CRYPTO peripheral for cryptographic hardware acceleration. The plugins using the CRYPTO peripheral support multi-threaded applications by implementing mbed TLS threading primitives and are located in sl_psa_driver/src/sli_crypto_*. These implementations are plugged in through the PSA Crypto driver interface, and rely on crypto_management.c to provide multi-threaded access.

Driver files for supporting acceleration through PSA Crypto APIs using the CRYPTO peripheral:

  • sli_crypto_transparent_driver_aead.c: AES-CCM and AES-GCM acceleration support for use through the PSA Crypto API.
  • sli_crypto_transparent_driver_cipher.c: AES (ECB, CTR, CFB, OFB, CBC) acceleration support for use through the PSA Crypto API.
  • sli_crypto_transparent_driver_hash.c: SHA-1 and SHA-256 acceleration for use through the PSA Crypto API.
  • sli_crypto_transparent_driver_mac.c: AES-CMAC acceleration support for use through the PSA Crypto API.

Secure Element peripheral drivers for PSA Crypto

The EFR32xG21 devices incorporate the SE peripheral for cryptographic hardware acceleration. The plugins using the SE peripheral support multi-threaded applications by implementing mbed TLS threading primitives and are located in sl_psa_driver/src/sli_se_*. These plugins also depend on Silicon Labs' SE Manager.

On devices with support for Vault, the plugins for the SE peripheral in opaque mode provide support for using wrapped keys through the PSA API.

Base driver files supporting acceleration through PSA Crypto APIs:

  • sli_se_driver_aead.c: Supporting symmetric-key AEAD algorithms for both transparent and opaque SE drivers.
  • sli_se_driver_cipher.c: Supporting symmetric-key cipher algorithms for both transparent and opaque SE drivers.
  • sli_se_driver_key_derivation.c: Supporting key derivation for both transparent and opaque SE drivers.
  • sli_se_driver_key_management.c: Supporting key management for both transparent and opaque SE drivers.
  • sli_se_driver_mac.c: Supporting symmetric-key MAC functions for both transparent and opaque SE drivers.
  • sli_se_driver_signature.c: Supporting elliptic-curve signature functions for both transparent and opaque SE drivers.
  • sli_se_transparent_driver_hash.c: Accelerated hashing functions (SHA-1 and SHA-2) for use with PSA Crypto according to the PSA Crypto accelerator driver model.

Driver files supporting acceleration with plaintext keys through PSA Crypto APIs (all depend on sli_se_driver_key_management.c):

  • sli_se_transparent_driver_aead.c: Symmetric-key AEAD algorithm acceleration using plaintext keys (depends on sli_se_driver_aead.c).
  • sli_se_transparent_driver_cipher.c: Symmetric-key block cipher algorithm acceleration using plaintext keys (depends on sli_se_driver_cipher.c).
  • sli_se_transparent_driver_hash.c: Accelerated hashing functions (SHA-1 and SHA-2) for use with PSA Crypto according to the PSA Crypto accelerator driver model.
  • sli_se_transparent_driver_mac.c: Symmetric-key MAC algorithm acceleration using plaintext keys (depends on sli_se_driver_mac.c).
  • sli_se_transparent_key_derivation.c: Key derivation acceleration using plaintext keys (depends on sli_se_driver_key_derivation.c).

Driver files supporting acceleration with wrapped keys through PSA Crypto APIs (all depend on sli_se_driver_key_management.c):

  • sli_se_opaque_driver_aead.c: Symmetric-key AEAD algorithm acceleration using wrapped keys (depends on sli_se_driver_aead.c).
  • sli_se_opaque_driver_cipher.c: Symmetric-key block cipher algorithm acceleration using wrapped keys (depends on sli_se_driver_cipher.c).
  • sli_se_opaque_driver_mac.c: Symmetric-key MAC algorithm acceleration using wrapped keys (depends on sli_se_driver_mac.c).
  • sli_se_opaque_key_derivation.c: Key derivation acceleration using wrapped keys (depends on sli_se_driver_key_derivation.c).

CRYPTOACC peripheral drivers for PSA Crypto

The EFR32xG22 devices incorporate the CRYPTOACC peripheral for cryptographic hardware acceleration. The plugins using the CRYPTOACC peripheral support multi-threaded applications by implementing mbed TLS threading primitives and are located insl_psa_driver/src/sli_cryptoacc_*.

Driver files supporting acceleration with plaintext keys through PSA Crypto APIs (all depend on sli_cryptoacc_transparent_driver_key_management.c):

  • sli_cryptoacc_transparent_driver_aead.c: Symmetric-key AEAD algorithm acceleration using CRYPTOACC.
  • sli_cryptoacc_transparent_driver_cipher.c: Symmetric-key block cipher algorithm acceleration using CRYPTOACC.
  • sli_cryptoacc_transparent_driver_hash.c: Accelerated hashing functions (SHA-1 and SHA-2) using CRYPTOACC.
  • sli_cryptoacc_transparent_driver_mac.c: Symmetric-key MAC algorithm acceleration using CRYPTOACC.
  • sli_cryptoacc_transparent_driver_key_derivation.c: Key derivation acceleration using CRYPTOACC.
  • sli_cryptoacc_transparent_driver_signature.c: Elliptic-curve signature functions acceleration using CRYPTOACC.