ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
mbed-os/features/cryptocell/FEATURE_CRYPTOCELL310
History
Martin Kojtal 21ebb725c5
Merge pull request #10991 from RonEld/update_readme_for_optin_in_modules 
Explaining how to opt in modules
 		2019-09-06 11:41:41 +02:00
..
TARGET_MCU_NRF52840 Rename the platform specific crypto_platform 2019-01-22 13:56:59 +02:00
binaries Update the CC310 GCC_ARM libraries 2018-12-18 18:08:06 +02:00
include Change Cryptocell target to a feature 2018-05-21 13:40:43 +03:00
Readme.md Edit Readme.md 2019-07-16 09:46:10 -05:00
aes_alt.c Style fixes 2019-08-11 14:03:34 +03:00
aes_alt.h Port aes cc310 driver 2019-06-27 14:24:53 +03:00
cc_internal.c Merge pull request #8797 from RonEld/cryptocell_ecc_errors_alt_fixes 2018-11-30 17:51:50 -06:00
cc_internal.h Modify HW accelerator drivers to new error code 2018-11-11 09:59:18 +02:00
ccm_alt.c Add the platform generic errors 2018-11-26 15:33:17 +02:00
ccm_alt.h Style fixes 2018-11-26 15:32:46 +02:00
cmac_alt.c Add a deinit function 2019-07-24 15:23:46 +03:00
cmac_alt.h Make the cmac context a typedef 2019-07-23 16:05:33 +03:00
ecdh_alt.c Change to mbedtls_platform_zeroize() 2019-01-01 13:56:58 +02:00
ecdsa_alt.c Change to mbedtls_platform_zeroize() 2019-01-01 13:56:58 +02:00
mbedtls_device.h Merge pull request #10907 from RonEld/cc310_aes_port 2019-08-23 11:47:17 +02:00
objects_cryptocell.h Change Cryptocell target to a feature 2018-05-21 13:40:43 +03:00
sha1_alt.c Return not supported for internal process function 2018-11-28 15:31:55 +02:00
sha1_alt.h Style fixes 2018-11-28 15:31:17 +02:00
sha256_alt.c Return not supported for internal process function 2018-11-28 15:31:55 +02:00
sha256_alt.h Style fixes 2018-11-28 15:31:17 +02:00
sha512_alt.c Style fixes 2019-07-23 13:54:09 +03:00
sha512_alt.h Port CC 310 sha512 driver 2019-06-27 18:23:26 +03:00
trng.c Rename the platform context varaiable 2019-01-22 13:57:32 +02:00

Readme.md

Guidelines for porting Cryptocell to Mbed OS

Cryptocell (CC) 310 is a hardware accelerator you can port to boards that have CC 310 embedded in their hardware.

The CC 310 driver consists of three libraries:

  • A common core library (libcc_core.a).
  • A platform-specific TRNG library containing TRNG-related information for sampling sufficient entropy on the specific platform (libcc_trng.a).
  • A platform-specific library containing extra information, such as the CC register's base addresses on the specific board (libcc_ext.a).

Library version information:

  • The CC 310 libraries were built from version arm_sw-cc310-1.1.0.1285.
  • The IAR libraries were built using IAR ANSI C/C++ Compiler V7.80.1.11864/W32 for ARM with --cpu Cortex-M4f.
  • The ARM libraries were built using ARM Compiler 5.06 update 4 (build 422) with --cpu cortex-m4.
  • The GCC_ARM libraries were built using arm-none-eabi-gcc 6.3.1 20170620 (release) with -mcpu=cortex-m4.

To port your CC 310 driver to Mbed OS on your specific target:

  1. In targets.json, add the following to your target:
    • MBEDTLS_CONFIG_HW_SUPPORT to macros_add key. This instructs Mbed TLS to look for an alternative cryptographic implementation.
    • CRYPTOCELL310 to feature. Use this in your common code that you need to remove from compilation in case CC exists in your board. Use #if !defined(FEATURE_CRYPTOCELL310) and #if defined(FEATURE_CRYPTOCELL310).
  2. In objects.h, include objects_cryptocell.h. You can use the FEATURE_CRYPTOCELL310 precompilation check as defined above.
  3. In features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_<target name>, add your platform-specific libraries for all toolchains in TOOLCHAIN_ARM, TOOLCHAIN_GCC_ARM and TOOLCHAIN_IAR respectively.
  4. Add your CC setup code:
    • Implement crypto_platform_setup() and crypto_platform_terminate() to enable CC on your platform, in case you have board-specific setup functionality, required for CC setup. You MUST call SaSi_LibInit() and SaSi_LibFini() in these functions.
    • Define crypto_platform_ctx in crypto_device_platform.h in a way that suits your implementation.

Enabling optional alternative drivers

Three additional modules that are not enabled by default have alternative implementation support. This allows backward compatability because these modules don't have full functionality and returns MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED for some features. The modules are:

  • AES, which only supports 128 bit key size, as opposed to previous support for all key sizes.
  • CMAC, which only supports AES 128 bit key size, as opposed to previous support for DES and all key sizes.
  • SHA512, which only supports SHA512, as opposed to previous support for SHA384, as well.

To enable these modules, define MBEDTLS_AES_ALT, MBEDTLS_CMAC_ALT and MBEDTLS_SHA512_ALT, either in mbed_app.json or in your MBEDTLS_USER_CONFIG_FILE, to have hardware accelerated module with reduced RAM size, on the expense of full functionality.