• State Not Answered
  • Replies 3 replies
  • Subscribers 87 subscribers
  • Views 269 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 351917
Options

CryptoCell-312 Hardware Acceleration for Curve25519 on nRF5340

Klurav

I am evaluating Curve25519 performance on the nRF5340 and have observed that the following operations each require approximately 2.5 seconds to execute:

- `wc_curve25519_make_key`
- `wc_curve25519_shared_secret_ex`

According to the CRYPTOCELL — Arm TrustZone CryptoCell 312 documentation, Ed25519 and Curve25519 are listed as algorithms that “can be supported.”

However, I have been unable to identify a method for enabling hardware acceleration for Curve25519 using CryptoCell on this platform.

Has anyone successfully enabled CryptoCell hardware acceleration for Curve25519 operations on the nRF5340? If so, could you please share the necessary steps or configurations? Any insights or documentation references would be greatly appreciated.

Thank you.

 

  • 0

    Hi, 

    - `wc_curve25519_make_key`
    - `wc_curve25519_shared_secret_ex`

    These functions come from the WolfSSL library, which is a feature available in upstream Zephyr, but we don't claim any support for (e.g for HW acceleration)

    Please use PSA crypto APIs. Unfortunately, we don't have a sample for Curve25519, but it should be fairly straight-forward to change the ECDH sample to work for the Curve25519 type. See this sample https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/samples/crypto/ecdh/README.html

    Regards,
    Amanda H.

  • 0

    Hi Amanda, thanks for the answer, I did update the samples/crypto/ecdh eample to use curve25519 by 

    psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY));

    for better results and here are the I also used nrfx_clock_divider_set(NRF_CLOCK_DOMAIN_HFCLK, NRF_CLOCK_HFCLK_DIV_1);

    [00:00:00.330,108] <inf> ecdh: Creating ECDH key pair for Alice
[00:00:00.448,394] <inf> ecdh: ECDH keypair created successfully!
[00:00:00.448,425] <inf> ecdh: Creating ECDH key pair for Bob
[00:00:00.454,467] <inf> ecdh: ECDH keypair created successfully!
[00:00:00.454,467] <inf> ecdh: Export Alice's public key
[00:00:00.460,418] <inf> ecdh: ECDH public key exported successfully!
[00:00:00.460,418] <inf> ecdh: Export Bob's public key
[00:00:00.466,369] <inf> ecdh: ECDH public key exported successfully!
[00:00:00.466,369] <inf> ecdh: Calculating the secret value for Alice
[00:00:00.472,290] <inf> ecdh: ECDH secret calculated successfully!
[00:00:00.472,320] <inf> ecdh: Calculating the secret value for Bob
[00:00:00.478,240] <inf> ecdh: ECDH secret calculated successfully!
[00:00:00.478,240] <inf> ecdh: Comparing the secret values of Alice and Bob
[00:00:00.478,240] <inf> ecdh: The secret values of Alice and Bob match!
[00:00:00.478,271] <inf> ecdh: Example finished successfully!


    I believe it is still taking considerable time than what I expect.

    Can you elaborate more on the backed used by PSA? and is there any way to make these operations quicker?

  • 0 in reply to Klurav

    Because it uses the nRF5340 hardware crypto accelerator by enabling CONFIG_PSA_CRYPTO_DRIVER_CC3XX

Related
Terms of service