• State Not Answered
  • Replies 3 replies
  • Subscribers 74 subscribers
  • Views 694 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 251721
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Soft Crypto mbed TLS timing issues.

Srinivas V

Hi Team,

We are using the nrf52840 soc for our application along with crypto engine (mbed TLS ) along with RNG, ECC, SHA256.

While validating the digital signature with SHA-256 for 1k data message, it is taking almost 6 sec time, same functionality with CC310 engine it is taking less than 1 sec.

Is there any way to optimize this execution time for mbed TLS engine.

We enabled the below macros in sdk_config.h file mbed TLS library, is that any macro is missing for this mbed TLS crypto engine or else we are enabled unwanted macros.

sdk_config.h file settings for mbedtls:

       #define  NRF_CRYPTO_BACKEND_MBEDTLS_ENABLED                                                         1
      #define  NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG_ENABLED         1
      #define   NRF_CRYPTO_BACKEND_NRF_HW_RNG_ENABLED                                                 1
      #define  RNG_ENABLED                                                                                                                 1
      #define NRF_CRYPTO_RNG_AUTO_INIT_ENABLED                                                                   1
      #define NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED                                    1
     #define NRFX_RNG_ENABLED                                                                                                       1

     #define NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA256_ENABLED                                1                              

    #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256R1_ENABLED                             1


     #define NRF_CRYPTO_BACKEND_CC310_RNG_ENABLED                                                        0
     #define NRF_CRYPTO_BACKEND_CC310_ENABLED                                                                  0

Regards,

Srinivas.V

Parents
  • 0

    Hi Srinivas,

    Assuming you have configured the toolchain with a sensible set of optimizations (typical release configuration), then there is not much more you can do to improve the speed of the mbed TLS operations. However, I suggest you re-do the tests using the nrf_oberon backend instead, as that generally has significantly better performance.

    Einar

  • 0 in reply to Einar Thorsrud

    Hi Einar,

    Thanks for your reply.

    We need the crypto functionalities like AES-ECB, CFB, CBC-MAC , therese are supported in OBERON library , that is the reason we have used the mbed TLS.

    For ECC functionalities we are using the Micro-ECC library. You have any better thoughts on this.

    Regards,

    Srinivas.V

  • 0 in reply to Srinivas V

    Hi Srinivas,

    I am sorry for the late reply.

    As you need some algorithms that are not supported by nrf_oberon, but also want to get higher performance on some operations than what you would get using mbed TLS, I suggest you use both. the nRF Crypto library lets you combine backends in any way you want, as long as you make sure to not enable the same algorithm in multiple backends. So you can use Oberon for any algorithms where it performed best, and use mbed TLS or micro-ecc where that is more appropriate (or the only alternative).

Reply
  • 0 in reply to Srinivas V

    Hi Srinivas,

    I am sorry for the late reply.

    As you need some algorithms that are not supported by nrf_oberon, but also want to get higher performance on some operations than what you would get using mbed TLS, I suggest you use both. the nRF Crypto library lets you combine backends in any way you want, as long as you make sure to not enable the same algorithm in multiple backends. So you can use Oberon for any algorithms where it performed best, and use mbed TLS or micro-ecc where that is more appropriate (or the only alternative).

Children
No Data
Related
Terms of service