Connectivity AND security with limited RAM

From my understanding the mbedtls is the largest crypto library, maybe you can look into using the oberon or tinycrypt instead?
https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/crypto/tinycrypt.html 
https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrfxlib/crypto/doc/nrf_oberon.html 

I now managed to implement the required cryptographical operations using the oberon library and it seems to work with a high enough stack size.

However, I was not able to use relative paths to the library files, since they were not found within the project / environment. Instead I had to use absolute include paths e.g.:

#include "C:\work\tools\ncs\v1.7.0\nrfxlib\crypto\nrf_oberon\include\ocrypto_ecdsa_p256.h"

Am I missing something?
How must I configure the toolchain, the project or its CMakeLists.txt to have these include paths available?
Any other ideas, what the reason for this could be?

Thank you

I now managed to implement the required cryptographical operations using the oberon library and it seems to work with a high enough stack size.

However, I was not able to use relative paths to the library files, since they were not found within the project / environment. Instead I had to use absolute include paths e.g.:

#include "C:\work\tools\ncs\v1.7.0\nrfxlib\crypto\nrf_oberon\include\ocrypto_ecdsa_p256.h"

Am I missing something?
How must I configure the toolchain, the project or its CMakeLists.txt to have these include paths available?
Any other ideas, what the reason for this could be?

Thank you

Hi Manuel,

I will continue handle your case.

My first guess is that you are missing some Kconfig configurations.
Have you configured CONFIG_OBERON_BACKEND?
Could you post the contents of your prj.conf file?

Regards,
Sigurd Hellesvik

Hello Sigurd

Thank you for your reply.
I made the following configurations in prj.conf which are related to oberon:

CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_OBERON_BACKEND=y
CONFIG_NRF_OBERON=y

The include as stated below does still not work:

#include <ocrypto_sha256.h>

Hi

Try to add the following to CMakeLists.txt:

zephyr_link_libraries(nrfxlib_crypto)

Although, I think this should be done by the configuration somewhere.
I will ask our developers about this and return if I find a better solution. (EDIT: They agree that this is a sufficient way to include the ocrypto files at the moment)

After some reading into this I suggest that you do not CONFIG_NORDIC_SECURITY_BACKEND or CONFIG_OBERON_BACKEND(Which just chooses the backend for Nordic Security backend) , as these will select mbedtls, which makes your application take more space:

CONFIG_NRF_OBERON should be enough I think.

Regards,
Sigurd Hellesvik

Thank you very much, the manually added entry in CMakeLists.txt did the trick!

Now it's working with the following added terms:

prj.conf

CONFIG_NRF_OBERON=y

CMakeLists.txt

zephyr_link_libraries(nrfxlib_crypto)

C-code:

#include <ocrypto_sha256.h>

Best regards
Manuel