Crash_Override/OVMS3
2
0
Fork 0
Code Issues 5 Pull requests Projects Releases 4 Wiki Activity
OVMS3/OVMS.V3/components/wolfssl/IDE/CRYPTOCELL/README.md

118 lines
5.8 KiB
Markdown
Raw Blame History

# ARM® TrustZone® CryptoCell 310 Port
## Overview
ARM® TrustZone® CryptoCell 310 is a security subsystem which provides root of trust (RoT) and cryptographic services for a device.
You can enable the wolfSSL support for ARM CryptoCell using the `#define WOLFSSL_CRYPTOCELL`, The CryptoCell APIs are distributed as part of the Nordic nRF5 SDKs [here](https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v15.0.0%2Fgroup__cryptocell__api.html) .
## Prerequisites
1. Follow the Nordic website [here](https://www.nordicsemi.com/Software-and-Tools/Software/nRF5-SDK) to download the Nordic nRF5-SDK and software tools.
2. Install the SEGGER Embedded Studio IDE.
3. Run a simple blinky application on your Nordic nRF52840 (PCA10056) development board to confirm that your board functions as expected and the communication between your computer and the board works.
## Usage
You can start with a wolfcrypt SEGGER embedded studio (ses) example project to integrate the wolfSSL source code.
wolfSSL supports a compile-time user configurable options in the `IDE/CRYPTOCELL/user_settings.h` file.
The `IDE/CRYPTOCELL/main.c` example application provides a function to run the selected examples at compile time through the following two #defines in user_settings.h. You can define these macro options to disable the test run.
```
- #undef NO_CRYPT_TEST
- #undef NO_CRYPT_BENCHMARK
```
## Supported features
- SHA-256
- AES CBC
- CryptoCell 310 RNG
- RSA sign/verify and RSA key gen (2048 bit in PKCSv1.5 padding mode)
- RSA encrypt/decrypt
- ECC sign/verify/shared secret
- ECC key import/export and key gen pairs
- Hardware RNG
- RTC for benchmark timing source
Note: All Cryptocell features are not supported. The wolfcrypt RSA API allows import and export of Private/Public keys in DER format. However, this is not possible with key pairs generated with Cryptocell because the importing/exporting Cryptocell keys has not been implemented yet.
## Setup
### Setting up Nordic SDK with wolfSSL
1. Download the wolfSSL source code or a zip file from GitHub and place it under your SDK `InstallFolder/external/` directory. You can also copy or simlink to the source.
```
For example,
$cd ~/nRF5_SDK_15.2.0_9412b96/external
$git clone --depth=1 https://github.com/wolfSSL/wolfssl.git
Or, assuming you have already cloned the wolfSSL source code under ~/wolfssl.
$cd ~/nRF5_SDK_15.2.0_9412b96/external
$ln -s ~/wolfssl wolfssl
```
2. Copy the example project from [here](https://github.com/tmael/nRF5_SDK/tree/master/examples/crypto/nrf_cc310/wolfcrypt) into your `nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310/` directory.
```
$git clone https://github.com/tmael/nRF5_SDK.git
$cd ~/nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310
$cp -rf ~/nRF5_SDK/examples/crypto/nrf_cc310/wolfcrypt .
OR
$ln -s ~/nRF5_SDK/examples/crypto/nrf_cc310/wolfcrypt wolfcrypt
```
3. Launch the SEGGER Embedded Studio IDE
4. In the main menu, go to File >Open Solutions to open the example solution. Browse to the location containing the wolfcrypt code `/examples/crypto/nrf_cc310/wolfcrypt/pca10056/blank/ses/wolfcrypt_pca10056.emProject` and choose Open.
## Building and Running
In the main menu, go to Build > Rebuild your project, then load and run your image on your nRF52840 target platform. Review the test results on the console output.
### `wolfcrypt_test()`
wolfcrypt_test() prints a message on the target console similar to the following output:
```
wolfCrypt Test Started
error test passed!
base64 test passed!
asn test passed!
SHA test passed!
SHA-256 test passed!
Hash test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
AES test passed!
RANDOM test passed!
RSA test passed!
ECC test passed!
ECC buffer test passed!
logging test passed!
mutex test passed!
wolfCrypt Test Completed
```
### `benchmark_test()`
benchmark_test() prints a message on the target console similar to the following output.
```
Benchmark Test Started
------------------------------------------------------------------------------
wolfSSL version 3.15.7
------------------------------------------------------------------------------
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 5 MB took 1.000 seconds, 4.858 MB/s
AES-128-CBC-enc 17 MB took 1.001 seconds, 17.341 MB/s
AES-128-CBC-dec 17 MB took 1.000 seconds, 17.285 MB/s
SHA 425 KB took 1.040 seconds, 408.654 KB/s
SHA-256 26 MB took 1.000 seconds, 25.903 MB/s
HMAC-SHA 425 KB took 1.049 seconds, 405.148 KB/s
HMAC-SHA256 24 MB took 1.000 seconds, 23.877 MB/s
RSA 1024 key gen 2 ops took 1.579 sec, avg 789.500 ms, 1.267 ops/sec
RSA 2048 key gen 1 ops took 9.695 sec, avg 9695.000 ms, 0.103 ops/sec
RSA 2048 public 328 ops took 1.001 sec, avg 3.052 ms, 327.672 ops/sec
RSA 2048 private 4 ops took 1.713 sec, avg 428.250 ms, 2.335 ops/sec
ECC 256 key gen 55 ops took 1.017 sec, avg 18.491 ms, 54.081 ops/sec
ECDHE 256 agree 56 ops took 1.017 sec, avg 18.161 ms, 55.064 ops/sec
ECDSA 256 sign 50 ops took 1.004 sec, avg 20.080 ms, 49.801 ops/sec
ECDSA 256 verify 48 ops took 1.028 sec, avg 21.417 ms, 46.693 ops/sec
Benchmark Test Completed
```
## References
The test results were collected from an nRF52840 reference platform target with the following software and tool chains:
- Nordic nRF52840 development board (PCA10056 1.0.0 2018.49 683529999).
- nRF5_SDK_15.2.0_9412b96
- SEGGER Embedded Studio for ARM, Release 4.12 Build 2018112601.37855 Linux x64Segger J-Link software
- gcc-arm-none-eabi-8-2018-q4-major
- wolfssl [latest version](https://github.com/wolfSSL/wolfssl)
For more information or questions, please email [support@wolfssl.com](mailto:support@wolfssl.com)
Reference in a new issue View git blame Copy permalink