1
0

README.md 5.8 KB

ARM® TrustZone® CryptoCell 310 Port

Overview

ARM® TrustZone® CryptoCell 310 is a security subsystem which provides root of trust (RoT) and cryptographic services for a device. You can enable the wolfSSL support for ARM CryptoCell using the #define WOLFSSL_CRYPTOCELL, The CryptoCell APIs are distributed as part of the Nordic nRF5 SDKs here .

Prerequisites

  1. Follow the Nordic website here to download the Nordic nRF5-SDK and software tools.
  2. Install the SEGGER Embedded Studio IDE.
  3. Run a simple blinky application on your Nordic nRF52840 (PCA10056) development board to confirm that your board functions as expected and the communication between your computer and the board works.

Usage

You can start with a wolfcrypt SEGGER embedded studio (ses) example project to integrate the wolfSSL source code. wolfSSL supports a compile-time user configurable options in the IDE/CRYPTOCELL/user_settings.h file.

The IDE/CRYPTOCELL/main.c example application provides a function to run the selected examples at compile time through the following two #defines in user_settings.h. You can define these macro options to disable the test run.

- #undef NO_CRYPT_TEST
- #undef NO_CRYPT_BENCHMARK

Supported features

  • SHA-256
  • AES CBC
  • CryptoCell 310 RNG
  • RSA sign/verify and RSA key gen (2048 bit in PKCSv1.5 padding mode)
  • RSA encrypt/decrypt
  • ECC sign/verify/shared secret
  • ECC key import/export and key gen pairs
  • Hardware RNG
  • RTC for benchmark timing source

Note: All Cryptocell features are not supported. The wolfcrypt RSA API allows import and export of Private/Public keys in DER format. However, this is not possible with key pairs generated with Cryptocell because the importing/exporting Cryptocell keys has not been implemented yet.

Setup

Setting up Nordic SDK with wolfSSL

  1. Download the wolfSSL source code or a zip file from GitHub and place it under your SDK InstallFolder/external/ directory. You can also copy or simlink to the source.

    For example,
    
    $cd ~/nRF5_SDK_15.2.0_9412b96/external
    $git clone --depth=1 https://github.com/wolfSSL/wolfssl.git
    
    Or, assuming you have already cloned the wolfSSL source code under ~/wolfssl.
    
    $cd ~/nRF5_SDK_15.2.0_9412b96/external
    $ln -s  ~/wolfssl wolfssl
    
  2. Copy the example project from here into your nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310/ directory.

    $git clone https://github.com/tmael/nRF5_SDK.git
    $cd ~/nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310
    
    $cp -rf ~/nRF5_SDK/examples/crypto/nrf_cc310/wolfcrypt .
    OR
    $ln -s ~/nRF5_SDK/examples/crypto/nrf_cc310/wolfcrypt wolfcrypt
    
  3. Launch the SEGGER Embedded Studio IDE

  4. In the main menu, go to File >Open Solutions to open the example solution. Browse to the location containing the wolfcrypt code /examples/crypto/nrf_cc310/wolfcrypt/pca10056/blank/ses/wolfcrypt_pca10056.emProject and choose Open.

Building and Running

In the main menu, go to Build > Rebuild your project, then load and run your image on your nRF52840 target platform. Review the test results on the console output.

wolfcrypt_test()

wolfcrypt_test() prints a message on the target console similar to the following output:

wolfCrypt Test Started
error    test passed!
base64   test passed!
asn      test passed!
SHA      test passed!
SHA-256  test passed!
Hash     test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
AES      test passed!
RANDOM   test passed!
RSA      test passed!
ECC      test passed!
ECC buffer test passed!
logging  test passed!
mutex    test passed!
wolfCrypt Test Completed

benchmark_test()

benchmark_test() prints a message on the target console similar to the following output.

Benchmark Test Started
------------------------------------------------------------------------------
 wolfSSL version 3.15.7
------------------------------------------------------------------------------
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG                  5 MB took 1.000 seconds,    4.858 MB/s
AES-128-CBC-enc     17 MB took 1.001 seconds,   17.341 MB/s
AES-128-CBC-dec     17 MB took 1.000 seconds,   17.285 MB/s
SHA                425 KB took 1.040 seconds,  408.654 KB/s
SHA-256             26 MB took 1.000 seconds,   25.903 MB/s
HMAC-SHA           425 KB took 1.049 seconds,  405.148 KB/s
HMAC-SHA256         24 MB took 1.000 seconds,   23.877 MB/s
RSA     1024 key gen         2 ops took 1.579 sec, avg 789.500 ms, 1.267 ops/sec
RSA     2048 key gen         1 ops took 9.695 sec, avg 9695.000 ms, 0.103 ops/sec
RSA     2048 public        328 ops took 1.001 sec, avg 3.052 ms, 327.672 ops/sec
RSA     2048 private         4 ops took 1.713 sec, avg 428.250 ms, 2.335 ops/sec
ECC      256 key gen        55 ops took 1.017 sec, avg 18.491 ms, 54.081 ops/sec
ECDHE    256 agree          56 ops took 1.017 sec, avg 18.161 ms, 55.064 ops/sec
ECDSA    256 sign           50 ops took 1.004 sec, avg 20.080 ms, 49.801 ops/sec
ECDSA    256 verify         48 ops took 1.028 sec, avg 21.417 ms, 46.693 ops/sec
Benchmark Test Completed

References

The test results were collected from an nRF52840 reference platform target with the following software and tool chains:

  • Nordic nRF52840 development board (PCA10056 1.0.0 2018.49 683529999).
  • nRF5_SDK_15.2.0_9412b96
  • SEGGER Embedded Studio for ARM, Release 4.12 Build 2018112601.37855 Linux x64Segger J-Link software
  • gcc-arm-none-eabi-8-2018-q4-major
  • wolfssl latest version

For more information or questions, please email support@wolfssl.com