Cryptography Hardware Acceleration ConfigurationCryptography Hardware Acceleration Plugins

Detailed Description

Configuration macros for Silicon Labs CRYPTO hardware acceleration mbed TLS plugins.

The config-sl-crypto-all-acceleration.h file lists configuration macros for setup of the crypto hardware accelerator plugins for mbed TLS from Silicon Labs. You can use macros in config-sl-crypto-all-acceleration.h and mbedtls/include/mbedtls/config.h in order to configure your mbed TLS application running on Silicon Labs devices.

This configuration file should be used as a starting point only for hardware acceleration evaluation on Silicon Labs devices.


#define MBEDTLS_SHA256_ALT
#define MBEDTLS_ECP_MAX_BITS   256

SECTION: mbed TLS feature support

This section sets support for features that are or are not needed within the modules that are enabled.


Macro Definition Documentation


Definition at line 73 of file config-sl-crypto-all-acceleration.h.


MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your alternate core implementation of a symmetric crypto, an arithmetic or hash module (e.g. platform specific assembly optimized implementations). Keep in mind that the function prototypes should remain the same.

This replaces the whole module. If you only want to replace one of the functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.

Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer provide the "struct mbedtls_aes_context" definition and omit the base function declarations and implementations. "aes_alt.h" will be included from "aes.h" to include the new function definitions.

Uncomment a macro to enable alternate implementation of the corresponding module.

MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their use constitutes a security risk. If possible, we recommend avoiding dependencies on them, and considering stronger message digests and ciphers instead.

Enable hardware acceleration for the AES block cipher

Module: sl_crypto/src/crypto_aes.c for devices with CRYPTO sl_crypto/src/aes_aes.c for devices with AES

See MBEDTLS_AES_C for more information.

Definition at line 53 of file config-sl-crypto-all-acceleration.h.


Definition at line 74 of file config-sl-crypto-all-acceleration.h.


Definition at line 75 of file config-sl-crypto-all-acceleration.h.


Definition at line 259 of file config-sl-crypto-all-acceleration.h.


Definition at line 260 of file config-sl-crypto-all-acceleration.h.


Definition at line 261 of file config-sl-crypto-all-acceleration.h.


Definition at line 277 of file config-sl-crypto-all-acceleration.h.


Expose a part of the internal interface of the Elliptic Curve Point module.

MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your alternative core implementation of elliptic curve arithmetic. Keep in mind that function prototypes should remain the same.

This partially replaces one function. The header file from mbed TLS is still used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation is still present and it is used for group structures not supported by the alternative. As an option to save code size, the MBEDTLS_ECP_NO_FALLBACK flag can be used, in which case the groups not supported by the alternative will return a MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE error code.

Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT and implementing the following functions: unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp ) int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp ) The mbedtls_internal_ecp_grp_capable function should return 1 if the replacement functions implement arithmetic for the given group and 0 otherwise. The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are called before and after each point operation and provide an opportunity to implement optimized set up and tear down instructions.

Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac function, but will use your mbedtls_internal_ecp_double_jac if the group is supported (your mbedtls_internal_ecp_grp_capable function returns 1 when receives it as an argument). If the group is not supported then the original implementation is used. The other functions and the definition of mbedtls_ecp_group and mbedtls_ecp_point will not change, so your implementation of mbedtls_internal_ecp_double_jac and mbedtls_internal_ecp_grp_capable must be compatible with this definition.

Uncomment a macro to enable alternate implementation of the corresponding function.

Definition at line 72 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_MAX_BITS   256

Definition at line 264 of file config-sl-crypto-all-acceleration.h.


Definition at line 280 of file config-sl-crypto-all-acceleration.h.


Enable hardware acceleration for the elliptic curve over GF(p) library.

Module: sl_crypto/src/crypto_ecp.c Caller: library/ecp.c


Definition at line 77 of file config-sl-crypto-all-acceleration.h.


Definition at line 76 of file config-sl-crypto-all-acceleration.h.


Definition at line 78 of file config-sl-crypto-all-acceleration.h.


Definition at line 276 of file config-sl-crypto-all-acceleration.h.


Specify which ADC instance shall be used as entropy source.


Definition at line 215 of file config-sl-crypto-all-acceleration.h.


Uncomment this macro to let mbed TLS use your own implementation of a hardware entropy collector.

Your function must be called mbedtls_hardware_poll(), have the same prototype as declared in entropy_poll.h, and accept NULL as first argument.

Uncomment to use your own hardware entropy collector.

Integrate the provided default entropy source into the mbed TLS entropy infrastructure.


Definition at line 253 of file config-sl-crypto-all-acceleration.h.


Definition at line 266 of file config-sl-crypto-all-acceleration.h.


Do not use built-in platform entropy functions. This is useful if your platform does not support standards like the /dev/urandom or Windows CryptoAPI.

Uncomment this macro to disable the built-in platform entropy functions.

Definition at line 287 of file config-sl-crypto-all-acceleration.h.


Enable hardware acceleration for the SHA1 cryptographic hash algorithm.

Module: sl_crypto/src/crypto_sha.c Caller: library/mbedtls_md.c library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c library/x509write_crt.c

Requires: MBEDTLS_SHA1_C and (CRYPTO_COUNT > 0) See MBEDTLS_SHA1_C for more information.

Definition at line 97 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_SHA256_ALT

Enable hardware acceleration for the SHA-224 and SHA-256 cryptographic hash algorithms.

Module: sl_crypto/src/crypto_sha.c Caller: library/entropy.c library/mbedtls_md.c library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c

Requires: MBEDTLS_SHA256_C and (CRYPTO_COUNT > 0) See MBEDTLS_SHA256_C for more information.

Definition at line 117 of file config-sl-crypto-all-acceleration.h.


Enable software support for the True Random Number Generator (TRNG) incorporated from Series 1 Configuration 2 devices (EFR32MG12, etc.) from Silicon Labs.

TRNG is not supported by software for EFR32XG13 (SDID_89) and EFR32XG14 (SDID_95).


Definition at line 189 of file config-sl-crypto-all-acceleration.h.