Hello, I am currently working on a project using the nRF54 Series and I am evaluating the capabilities of the CRACEN versus the nrf_oberon software library. I would like to confirm if the following cryptographic operations can be fully offloaded to the CRACEN hardware via the PSA Crypto API: SHA1-ECDSA: Is ECDSA signing/verification using SHA-1 as the hash engine supported in hardware? RSA-SHA256-PKCS1-PSS: Is RSA-PSS (with SHA-256) supported by the CRACEN RSA engine? ECDH-256: Is Elliptic Curve Diffie-Hellman fully supported in hardware? Furthermore, is there a comprehensive comparison document or matrix available that details which cryptographic commands/algorithms are implemented in CRACEN versus those that fall back to Oberon ? Best regards

CRACEN vs. Oberon

Hello,

I am currently working on a project using the nRF54 Series and I am evaluating the capabilities of the CRACEN versus the nrf_oberon software library.

I would like to confirm if the following cryptographic operations can be fully offloaded to the CRACEN hardware via the PSA Crypto API:

SHA1-ECDSA: Is ECDSA signing/verification using SHA-1 as the hash engine supported in hardware?
RSA-SHA256-PKCS1-PSS: Is RSA-PSS (with SHA-256) supported by the CRACEN RSA engine?
ECDH-256: Is Elliptic Curve Diffie-Hellman fully supported in hardware?

Furthermore, is there a comprehensive comparison document or matrix available that details which cryptographic commands/algorithms are implemented in CRACEN versus those that fall back to Oberon?

Best regards

0 Amanda Hsieh 2 months ago

Hi David,

SHA1-ECDSA: Is ECDSA signing/verification using SHA-1 as the hash engine supported in hardware?

Yes, but we don't recommend using SHA-1.

RSA-SHA256-PKCS1-PSS: Is RSA-PSS (with SHA-256) supported by the CRACEN RSA engine?

Yes.

You can call the relevant PSA api: example. These calls decide which hash algorithm will be used. So, for ECDSA, you can see here: https://arm-software.github.io/psa-api/crypto/1.2/api/ops/sign.html#c.PSA_ALG_ECDSA you select ECDSA and whichever hash you want. You can see which hash we support in hardware here: https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/security/crypto/crypto_supported_features.ht… You can also take a look at the crypto samples for ECDSA, RSA and ECDH to see how to use it.

ECDH-256: Is Elliptic Curve Diffie-Hellman fully supported in hardware?

If you want secp256r1 ("P-256r1" - PSA_ECC_SECP_R1_256 ), which, yes, we support.

is there a comprehensive comparison document or matrix available that details which cryptographic commands/algorithms are implemented in CRACEN versus those that fall back to Oberon?

See https://docs.nordicsemi.com/bundle/ncs-3.2.1/page/nrf/security/crypto/crypto_supported_features.html

Regards,
Amanda H.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel