This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Soft Crypto mbed TLS timing issues.

Hi Team,

We are using the nrf52840 soc for our application along with crypto engine (mbed TLS ) along with RNG, ECC, SHA256.

While validating the digital signature with SHA-256 for 1k data message, it is taking almost 6 sec time, same functionality with CC310 engine it is taking less than 1 sec.

Is there any way to optimize this execution time for mbed TLS engine.

We enabled the below macros in sdk_config.h file mbed TLS library, is that any macro is missing for this mbed TLS crypto engine or else we are enabled unwanted macros.

sdk_config.h file settings for mbedtls:

#define NRF_CRYPTO_BACKEND_MBEDTLS_ENABLED 1
#define NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG_ENABLED 1
#define NRF_CRYPTO_BACKEND_NRF_HW_RNG_ENABLED 1
#define RNG_ENABLED 1
#define NRF_CRYPTO_RNG_AUTO_INIT_ENABLED 1
#define NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED 1
#define NRFX_RNG_ENABLED 1

#define NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA256_ENABLED 1

#define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256R1_ENABLED 1

#define NRF_CRYPTO_BACKEND_CC310_RNG_ENABLED 0
#define NRF_CRYPTO_BACKEND_CC310_ENABLED 0

Regards,

Srinivas.V

Parents

0 Einar Thorsrud over 5 years ago

Hi Srinivas,

Assuming you have configured the toolchain with a sensible set of optimizations (typical release configuration), then there is not much more you can do to improve the speed of the mbed TLS operations. However, I suggest you re-do the tests using the nrf_oberon backend instead, as that generally has significantly better performance.

Einar
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Srinivas V over 4 years ago in reply to Einar Thorsrud

Hi Einar,

Thanks for your reply.

We need the crypto functionalities like AES-ECB, CFB, CBC-MAC , therese are supported in OBERON library , that is the reason we have used the mbed TLS.

For ECC functionalities we are using the Micro-ECC library. You have any better thoughts on this.

Regards,

Srinivas.V
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Srinivas V over 4 years ago in reply to Einar Thorsrud

Hi Einar,

Thanks for your reply.

We need the crypto functionalities like AES-ECB, CFB, CBC-MAC , therese are supported in OBERON library , that is the reason we have used the mbed TLS.

For ECC functionalities we are using the Micro-ECC library. You have any better thoughts on this.

Regards,

Srinivas.V
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Einar Thorsrud over 4 years ago in reply to Srinivas V

Hi Srinivas,

I am sorry for the late reply.

As you need some algorithms that are not supported by nrf_oberon, but also want to get higher performance on some operations than what you would get using mbed TLS, I suggest you use both. the nRF Crypto library lets you combine backends in any way you want, as long as you make sure to not enable the same algorithm in multiple backends. So you can use Oberon for any algorithms where it performed best, and use mbed TLS or micro-ecc where that is more appropriate (or the only alternative).
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel