Cryptography Hardware Acceleration Plugins

Detailed Description

Overview of plugins for hardware accelerated cryptography.

Introduction

The mbedtls/sl_crypto folder includes alternative implementations (plugins) from Silicon Labs for selected mbed TLS library functions. The plugins use the AES, RADIOAES, CRYPTO and SE hardware peripherals to accelerate low-level cryptographic primitives. Available acceleration hardware depends on the target device.

The plugins support sharing of cryptography hardware in multi-threaded applications, as well as a reduced overhead configuration for optimal performance in single-threaded applications. Multi-threaded support is provided by the Threading Primitives module.

AES Peripheral

A plugin for the AES peripheral is provided for classic EFM32 and EZR32 MCUs (Series-0).

Define MBEDTLS_AES_C and MBEDTLS_AES_ALT to enable this plugin.

For more details, see accelerated implementation file aes_aes.c.

CRYPTO Peripheral

Plugins for this peripheral support multi-threaded applications by implementing mbed TLS threading primitives using the CRYPTO peripheral available on Series-1 EFM32/EFR32.

Alternative implementations using the CRYPTO peripheral for acceleration are located in mbedtls/sl_crypto/src/crypto_*. These implementations are replacing corresponding software implementations in mbedtls/include/mbedtls/.

  • crypto_aes.c: acceleration enabled by MBEDTLS_AES_C / MBEDTLS_AES_ALT.
  • crypto_ecp.c: ECC point multiplication acceleration (secp192r1, secp224r1 and secp256r1) enabled by MBEDTLS_ECP_C / MBEDTLS_ECP_ALT.
  • crypto_sha.c: SHA-1 and SHA-256 acceleration enabled by MBEDTLS_SHA1_C / MBEDTLS_SHA1_ALT or MBEDTLS_SHA256_C / MBEDTLS_SHA256_ALT.

Secure Element Peripheral

Plugins for this peripheral support multi-threaded applications by implementing mbed TLS threading primitives using the SE peripheral available on Series-2 devices for cryptographic hardware acceleration.

Alternative implementations using the SE peripheral for acceleration are located in mbedtls/sl_crypto/src/se_*. These implementations are replacing corresponding software implementations in mbedtls/include/mbedtls/.

  • se_aes.c: acceleration enabled by MBEDTLS_AES_C / MBEDTLS_AES_ALT.
  • se_ccm.c: acceleration enabled by MBEDTLS_AES_C / MBEDTLS_CCM_ALT.
  • se_cmac.c: acceleration enabled by MBEDTLS_AES_C / MBEDTLS_CMAC_ALT.
  • se_ecp.c: acceleration enabled by MBEDTLS_ECDH_GEN_PUBLIC_ALT, MBEDTLS_ECDH_COMPUTE_SHARED_ALT, MBEDTLS_ECDSA_GENKEY_ALT, MBEDTLS_ECDSA_VERIFY_ALT or MBEDTLS_ECDSA_SIGN_ALT.
  • se_jpake.c: acceleration enabled by MBEDTLS_ECJPAKE_ALT.
  • se_sha.c: acceleration enabled by MBEDTLS_SHA1_C / MBEDTLS_SHA1_ALT, MBEDTLS_SHA256_C / MBEDTLS_SHA256_ALT or MBEDTLS_SHA512_C / MBEDTLS_SHA512_ALT.

Modules

Accelerated AES Block Cipher
Accelerated AES block cipher using the AES, CRYPTO or SE peripheral.
 
Accelerated AES-CCM AEAD Cipher
Accelerated AES-CCM AEAD cipher using the AES, CRYPTO or SE peripheral.
 
Accelerated AES-CMAC Cipher
Accelerated AES-CMAC cipher using the AES, CRYPTO or SE peripheral.
 
Accelerated Elliptic Curve J-PAKE
Accelerated Elliptic Curve J-PAKE using the CRYPTO or SE peripheral.
 
Accelerated SHA-1 Hash Function
Accelerated SHA-1 cryptographic hash function using the CRYPTO peripheral.
 
Accelerated SHA-224/SHA-256 Hash Function
Accelerated SHA-224/SHA-256 cryptographic hash function using the CRYPTO or SE peripheral.
 
Accelerated SHA-384/SHA-512 Hash Function
Accelerated SHA-384/SHA-512 cryptographic hash function using the CRYPTO or SE peripheral.
 
Cryptography Hardware Acceleration Example Configuration
Configuration example for Silicon Labs hardware acceleration for for mbed TLS plugins.
 
Peripheral Instance Management: CRYPTO
Resource management functions for the CRYPTO peripheral.
 
Peripheral Instance Management: Secure Element
Concurrency management functions for Secure Element mailbox access.
 
Threading Primitives
Threading primitive implementation for mbed TLS.