Cryptography Hardware Acceleration Example ConfigurationCryptography Hardware Acceleration Plugins

Detailed Description

Configuration example for Silicon Labs hardware acceleration for for mbed TLS plugins.

mbed TLS configuration is composed of settings in this Silicon Labs specific hardware peripheral acceleration file located in mbedtls/configs and the mbed TLS configuration file in mbedtls/include/mbedtls/config.h.

Warning
This configuration file should be used as a starting point only for hardware acceleration evaluation on Silicon Labs devices.

Macros

#define ECP_SHORTWEIERSTRASS
 
#define MBEDTLS_ECP_ADD_MIXED_ALT
 
#define MBEDTLS_ECP_DOUBLE_JAC_ALT
 
#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
 
#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
 
#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
 
#define MBEDTLS_SHA1_ALT
 
#define MBEDTLS_SHA256_ALT
 
#define MBEDTLS_TRNG_C
 
#define MBEDTLS_ENTROPY_ADC_INSTANCE   (0)
 
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
 
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
 
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
 
#define MBEDTLS_ECP_MAX_BITS   256
 
#define MBEDTLS_MPI_MAX_SIZE   32
 
#define MBEDTLS_ECP_WINDOW_SIZE   3
 
#define MBEDTLS_ECP_FIXED_POINT_OPTIM   0
 
#define MBEDTLS_ECP_NIST_OPTIM
 

SECTION: mbed TLS feature support

This section sets support for features that are or are not needed within the modules that are enabled.

#define MBEDTLS_AES_ALT
 
#define MBEDTLS_ECP_INTERNAL_ALT
 
#define MBEDTLS_ENTROPY_HARDWARE_ALT
 
#define MBEDTLS_NO_PLATFORM_ENTROPY
 

Macro Definition Documentation

#define ECP_SHORTWEIERSTRASS

Definition at line 73 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_AES_ALT

MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your alternate core implementation of a symmetric crypto, an arithmetic or hash module (e.g. platform specific assembly optimized implementations). Keep in mind that the function prototypes should remain the same.

This replaces the whole module. If you only want to replace one of the functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.

Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer provide the "struct mbedtls_aes_context" definition and omit the base function declarations and implementations. "aes_alt.h" will be included from "aes.h" to include the new function definitions.

Uncomment a macro to enable alternate implementation of the corresponding module.

Warning
MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their use constitutes a security risk. If possible, we recommend avoiding dependencies on them, and considering stronger message digests and ciphers instead.

Enable hardware acceleration for the AES block cipher

Module: sl_crypto/src/crypto_aes.c for devices with CRYPTO sl_crypto/src/aes_aes.c for devices with AES

See MBEDTLS_AES_C for more information.

Definition at line 53 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_ADD_MIXED_ALT

Definition at line 74 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_DOUBLE_JAC_ALT

Definition at line 75 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_DP_SECP192R1_ENABLED

Definition at line 249 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_DP_SECP224R1_ENABLED

Definition at line 250 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_DP_SECP256R1_ENABLED

Definition at line 251 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_FIXED_POINT_OPTIM   0

Definition at line 267 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_INTERNAL_ALT

Expose a part of the internal interface of the Elliptic Curve Point module.

MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your alternative core implementation of elliptic curve arithmetic. Keep in mind that function prototypes should remain the same.

This partially replaces one function. The header file from mbed TLS is still used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation is still present and it is used for group structures not supported by the alternative. As an option to save code size, the MBEDTLS_ECP_NO_FALLBACK flag can be used, in which case the groups not supported by the alternative will return a MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE error code.

Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT and implementing the following functions: unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp ) int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp ) The mbedtls_internal_ecp_grp_capable function should return 1 if the replacement functions implement arithmetic for the given group and 0 otherwise. The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are called before and after each point operation and provide an opportunity to implement optimized set up and tear down instructions.

Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac function, but will use your mbedtls_internal_ecp_double_jac if the group is supported (your mbedtls_internal_ecp_grp_capable function returns 1 when receives it as an argument). If the group is not supported then the original implementation is used. The other functions and the definition of mbedtls_ecp_group and mbedtls_ecp_point will not change, so your implementation of mbedtls_internal_ecp_double_jac and mbedtls_internal_ecp_grp_capable must be compatible with this definition.

Uncomment a macro to enable alternate implementation of the corresponding function.

Definition at line 72 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_MAX_BITS   256

Definition at line 254 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_NIST_OPTIM

Definition at line 270 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_NORMALIZE_JAC_ALT

Enable hardware acceleration for the elliptic curve over GF(p) library.

Module: sl_crypto/src/crypto_ecp.c Caller: library/ecp.c

Requires: MBEDTLS_BIGNUM_C, MBEDTLS_ECP_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED and (CRYPTO_COUNT > 0)

Definition at line 77 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT

Definition at line 76 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT

Definition at line 78 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ECP_WINDOW_SIZE   3

Definition at line 266 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ENTROPY_ADC_INSTANCE   (0)

Specify which ADC instance shall be used as entropy source.

Requires MBEDTLS_ENTROPY_ADC_C

Definition at line 206 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_ENTROPY_HARDWARE_ALT

Uncomment this macro to let mbed TLS use your own implementation of a hardware entropy collector.

Your function must be called mbedtls_hardware_poll(), have the same prototype as declared in entropy_poll.h, and accept NULL as first argument.

Uncomment to use your own hardware entropy collector.

Integrate the provided default entropy source into the mbed TLS entropy infrastructure.

Requires MBEDTLS_TRNG_C || MBEDTLS_ENTROPY_HARDWARE_ALT_RAIL || SEMAILBOX

Definition at line 243 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_MPI_MAX_SIZE   32

Definition at line 256 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_NO_PLATFORM_ENTROPY

Do not use built-in platform entropy functions. This is useful if your platform does not support standards like the /dev/urandom or Windows CryptoAPI.

Uncomment this macro to disable the built-in platform entropy functions.

Definition at line 277 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_SHA1_ALT

Enable hardware acceleration for the SHA1 cryptographic hash algorithm.

Module: sl_crypto/src/crypto_sha.c Caller: library/mbedtls_md.c library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c library/x509write_crt.c

Requires: MBEDTLS_SHA1_C and (CRYPTO_COUNT > 0) See MBEDTLS_SHA1_C for more information.

Definition at line 97 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_SHA256_ALT

Enable hardware acceleration for the SHA-224 and SHA-256 cryptographic hash algorithms.

Module: sl_crypto/src/crypto_sha.c Caller: library/entropy.c library/mbedtls_md.c library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c

Requires: MBEDTLS_SHA256_C and (CRYPTO_COUNT > 0) See MBEDTLS_SHA256_C for more information.

Definition at line 117 of file config-sl-crypto-all-acceleration.h.

#define MBEDTLS_TRNG_C

Enable software support for the True Random Number Generator (TRNG) incorporated from Series 1 Configuration 2 devices (EFR32MG12, etc.) from Silicon Labs.

TRNG is not supported by software for EFR32XG13 (SDID_89) and EFR32XG14 (SDID_95).

Requires TRNG_PRESENT && !(_SILICON_LABS_GECKO_INTERNAL_SDID_89 || _SILICON_LABS_GECKO_INTERNAL_SDID_95)

Definition at line 180 of file config-sl-crypto-all-acceleration.h.