• State Verified Answer
  • Replies 11 replies
  • Subscribers 74 subscribers
  • Views 1950 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 310160
Options

Does mbedtls APIs (sha256.h) use the hardware acceleration?

Kaushik Parsana

Hello Nordic team,

I'm currently looking into mbedtls on nRF5340, I'm using nRF NCS SDK 2.1.0

I wanted to calculate the HASH of the firmware image, I already developed one API that calculate and provide me a HASH of firmware image,
But I am unsure that API internally used the nRF5340 hardware acceleration feature or not? If not, then please provide me a sample code that used the hardware-acceleration internally?
Below is my API that provide me a HASH of firmware image.

void calculate_file_hash(unsigned char *hash_value, size_t hash_size)
{
    uint8_t buffer[READ_FLASH_BYTES];
    size_t bytes_read, address = QSPI_OTA_HEADER_START_ADDRESS;
    int rc = 0u;

    LOG_INF("calculate_file_hash");

    mbedtls_sha256_context sha256_ctx;
    mbedtls_sha256_init(&sha256_ctx);
    mbedtls_sha256_starts(&sha256_ctx, /*is224=*/0);

    for(bytes_read = 210539; bytes_read > 0; )       // For Net core
    {
        if(bytes_read >= READ_FLASH_BYTES)
        {
            rc = external_flash_sector_read(address, buffer, READ_FLASH_BYTES);
            if(rc != 0U)
            {
                LOG_INF("Error in flash reading(%x)", rc);
            }
            mbedtls_sha256_update(&sha256_ctx, buffer, READ_FLASH_BYTES);
        }
        else
        {
            memset(buffer, 0xFF, READ_FLASH_BYTES);
            rc = external_flash_sector_read(address, buffer, bytes_read);
            if(rc != 0U)
            {
                LOG_INF("Error in flash reading(%x)", rc);
            }
            mbedtls_sha256_update(&sha256_ctx, buffer, bytes_read);
        }
        if(bytes_read >= READ_FLASH_BYTES)
        {
            bytes_read = bytes_read - READ_FLASH_BYTES;
        }
        else
        {
            bytes_read = 0;
        }
        address = address + READ_FLASH_BYTES;
        // LOG_INF("address = %x, bytes_read = %d", address, bytes_read);
    }

    mbedtls_sha256_finish(&sha256_ctx, hash_value);
    mbedtls_sha256_free(&sha256_ctx);
}
Thanks in advance,
Kaushik
  • 0 in reply to Kaushik Parsana

    Hi Dejans,

    As per describe in above two answers (For matter->lock sample code),
    Can you please confirm that, is it the same behavior at your side as well or not?

    Thanks,

    Kaushik Parsana

  • +1 in reply to Kaushik Parsana

    Hi,

    I have reproduced your issue.

    There are some changes which you could make to enable successful building of your project. Here are required configuration changes in prj.conf:

    CONFIG_NORDIC_SECURITY_BACKEND=y
#CONFIG_CC3XX_BACKEND=y    
CONFIG_MBEDTLS_SHA256_C=y  
#CONFIG_PSA_CRYPTO_DRIVER_CC3XX


    I have added an overlay file in Kconfig fragments, but this is not mandatory for having successful builds:
    -DCONF_OVERLAY:STRING="board/nrf5340dk_nrf5340_cpuapp.overlay"


    I have also built lock sample with the shield by adding these Kconfig fragments:
    -DCONF_OVERLAY:STRING="board/nrf5340dk_nrf5340_cpuapp.overlay"
-Dhci_rpmsg_SHIELD:STRING="nrf7002_ek_coex"

    In both cases builds were successful. 

    As a confirmation of activated hardware acceleration, CONFIG_MBEDTLS_SHA256_ALT=y was present in build\zephyr\.conf file.

    Best regards,
    Dejan

  • 0 in reply to dejans

    Hi Dejans,

    What I understand from your answer is, if "CONFIG_MBEDTLS_SHA256_ALT=y" present in my build\zephyr\.config file then mbedtls SHA256 API(Like below) internally used the hardware acceleration?

    List of SHA256 API used in HASH calculation:
        mbedtls_sha256_context sha256_ctx;
        mbedtls_sha256_init(&sha256_ctx);
        mbedtls_sha256_starts(&sha256_ctx, /*is224=*/0);

        mbedtls_sha256_update(&sha256_ctx, buffer, strlen((const char*)buffer));

        mbedtls_sha256_finish(&sha256_ctx, hash_value);
        mbedtls_sha256_free(&sha256_ctx);

    Thanks,

    Kaushik

  • 0 in reply to Kaushik Parsana

    Hi,

    Kaushik Parsana said:
    What I understand from your answer is, if "CONFIG_MBEDTLS_SHA256_ALT=y" present in my build\zephyr\.config file then mbedtls SHA256 API(Like below) internally used the hardware acceleration?

    As far as I know, this should be the case. However, I have had a discussion with our developers. Suggestion for you would be to put #error inside mbedtls_sha256_init() in the file modules/crypto/mbedtls/library/sha256.c. If it builds without error, then it must be coming from ALT configuration.

    Best regards,
    Dejan

  • 0 in reply to dejans

    Thanks, dejans,

    I had confirmed the things and it is working.

    Regards,

    Kaushik Parsana

Related
Terms of service