ARM® TrustZone® CryptoCell 310 is a security subsystem which provides root of trust (RoT) and cryptographic services for a device.
You can enable the wolfSSL support for ARM CryptoCell using the #define WOLFSSL_CRYPTOCELL
, The CryptoCell APIs are distributed as part of the Nordic nRF5 SDKs here .
You can start with a wolfcrypt SEGGER embedded studio (ses) example project to integrate the wolfSSL source code.
wolfSSL supports a compile-time user configurable options in the IDE/CRYPTOCELL/user_settings.h
file.
The IDE/CRYPTOCELL/main.c
example application provides a function to run the selected examples at compile time through the following two #defines in user_settings.h. You can define these macro options to disable the test run.
- #undef NO_CRYPT_TEST
- #undef NO_CRYPT_BENCHMARK
Note: All Cryptocell features are not supported. The wolfcrypt RSA API allows import and export of Private/Public keys in DER format. However, this is not possible with key pairs generated with Cryptocell because the importing/exporting Cryptocell keys has not been implemented yet.
Download the wolfSSL source code or a zip file from GitHub and place it under your SDK InstallFolder/external/
directory. You can also copy or simlink to the source.
For example,
$cd ~/nRF5_SDK_15.2.0_9412b96/external
$git clone --depth=1 https://github.com/wolfSSL/wolfssl.git
Or, assuming you have already cloned the wolfSSL source code under ~/wolfssl.
$cd ~/nRF5_SDK_15.2.0_9412b96/external
$ln -s ~/wolfssl wolfssl
Copy the example project from here into your nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310/
directory.
$git clone https://github.com/tmael/nRF5_SDK.git
$cd ~/nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310
$cp -rf ~/nRF5_SDK/examples/crypto/nrf_cc310/wolfcrypt .
OR
$ln -s ~/nRF5_SDK/examples/crypto/nrf_cc310/wolfcrypt wolfcrypt
Launch the SEGGER Embedded Studio IDE
In the main menu, go to File >Open Solutions to open the example solution. Browse to the location containing the wolfcrypt code /examples/crypto/nrf_cc310/wolfcrypt/pca10056/blank/ses/wolfcrypt_pca10056.emProject
and choose Open.
In the main menu, go to Build > Rebuild your project, then load and run your image on your nRF52840 target platform. Review the test results on the console output.
wolfcrypt_test() prints a message on the target console similar to the following output:
wolfCrypt Test Started
error test passed!
base64 test passed!
asn test passed!
SHA test passed!
SHA-256 test passed!
Hash test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
AES test passed!
RANDOM test passed!
RSA test passed!
ECC test passed!
ECC buffer test passed!
logging test passed!
mutex test passed!
wolfCrypt Test Completed
benchmark_test() prints a message on the target console similar to the following output.
Benchmark Test Started
------------------------------------------------------------------------------
wolfSSL version 3.15.7
------------------------------------------------------------------------------
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 5 MB took 1.000 seconds, 4.858 MB/s
AES-128-CBC-enc 17 MB took 1.001 seconds, 17.341 MB/s
AES-128-CBC-dec 17 MB took 1.000 seconds, 17.285 MB/s
SHA 425 KB took 1.040 seconds, 408.654 KB/s
SHA-256 26 MB took 1.000 seconds, 25.903 MB/s
HMAC-SHA 425 KB took 1.049 seconds, 405.148 KB/s
HMAC-SHA256 24 MB took 1.000 seconds, 23.877 MB/s
RSA 1024 key gen 2 ops took 1.579 sec, avg 789.500 ms, 1.267 ops/sec
RSA 2048 key gen 1 ops took 9.695 sec, avg 9695.000 ms, 0.103 ops/sec
RSA 2048 public 328 ops took 1.001 sec, avg 3.052 ms, 327.672 ops/sec
RSA 2048 private 4 ops took 1.713 sec, avg 428.250 ms, 2.335 ops/sec
ECC 256 key gen 55 ops took 1.017 sec, avg 18.491 ms, 54.081 ops/sec
ECDHE 256 agree 56 ops took 1.017 sec, avg 18.161 ms, 55.064 ops/sec
ECDSA 256 sign 50 ops took 1.004 sec, avg 20.080 ms, 49.801 ops/sec
ECDSA 256 verify 48 ops took 1.028 sec, avg 21.417 ms, 46.693 ops/sec
Benchmark Test Completed
The test results were collected from an nRF52840 reference platform target with the following software and tool chains:
For more information or questions, please email support@wolfssl.com