Backend configurations and supported features¶

This section covers the configurations available when one or more nrf_security backends are enabled. This includes linking directly to the backend library or utilizing the Mbed TLS glue layer.

Configuring multiple backends ¶

Different backends can support different cryptographic algorithms. The configuration options listed in subsequent sections are either Glue, Shared, or Choice.

Glue: The configuration options will list Glue for the cryptographic algorithms that can be enabled in multiple backends at the same time.
Shared: For some cryptographic features, the implementation is only available in the Original Mbed TLS backend. For convenience, this is made available in any backend, although the implementation will always use open-source code from the Arm Mbed TLS project.
Choice: The configuration options will list Choice for the cryptographic algorithms that are supported by multiple backends, but only one of them can be enabled at the same time. To enable the cryptographic algorithm, a base configuration must be enabled, and then the backend can be selected using a setting prefixed with CONFIG_CHOICE_.

If only a subset of the backends supports a given feature, this information is provided in the tables.

Note

The first ordered item in the list of available choices is selected by default.

AES configuration ¶

AES core support can be enabled by setting the CONFIG_MBEDTLS_AES_C Kconfig variable. Enabling AES core support enables AES ECB cipher mode and allows for the following ciphers to be configured: CTR, OFB, CFB, CBC, XTS, CMAC, CCM/CCM*, and GCM.

Single backend ¶

AES core support can be enabled by setting the CONFIG_MBEDTLS_AES_C Kconfig variable.

Cipher mode	Configurations
ECB	`CONFIG_MBEDTLS_AES_C`

Note

The Arm CryptoCell cc3xx backend is limited to key sizes of 128 bits on devices with Arm CryptoCell cc310.

Multiple backends ¶

AES core support can be enabled by setting setting the CONFIG_MBEDTLS_AES_C Kconfig variable, and one or more of the following Kconfig variables:

Cipher mode

Support

Configurations

ECB

Glue

cc3xx: CONFIG_CC3XX_MBEDTLS_AES_C

nrf_oberon: CONFIG_OBERON_MBEDTLS_AES_C

Original Mbed TLS: CONFIG_VANILLA_MBEDTLS_AES_C

Note

Enabling the nrf_oberon backend replaces select internal APIs for AES block encrypt/decrypt and set key operations for encrypt/decrypt.
If both nrf_oberon backend and Original Mbed TLS backend are enabled, the implementation from nrf_oberon backend will provide support for AES ECB.

Feature support ¶

Cipher mode	Backend	Key size
ECB	cc3xx	128-bit key
	nrf_oberon	128-bit key
		192-bit key
		256-bit key
	Original Mbed TLS	128-bit key
		192-bit key
		256-bit key

AES cipher configuration ¶

AES cipher mode configuration is dependent on AES core support according to AES configuration. Configure the AES cipher mode support according to single or multiple enabled backends.

Single or multiple backends ¶

AES cipher modes can be enabled by setting one or more of the following Kconfig variables:

Cipher mode	Support	Configurations	Note
CTR	Glue	`CONFIG_MBEDTLS_CIPHER_MODE_CTR`
CBC	Glue	`CONFIG_MBEDTLS_CIPHER_MODE_CBC`
CFB		`CONFIG_MBEDTLS_CIPHER_MODE_CFB`	Original Mbed TLS and nrf_oberon only
OFB		`CONFIG_MBEDTLS_CIPHER_MODE_OFB`	Original Mbed TLS and nrf_oberon only
XTS		`CONFIG_MBEDTLS_CIPHER_MODE_XTS`	Original Mbed TLS and nrf_oberon only

Note

AES cipher modes are dependent on enabling AES core support according to AES configuration.
XTS will not be available if multiple backends are enabled for AES.
If both nrf_oberon backend and Original Mbed TLS backend is enabled, the implementation from nrf_oberon backend will provide support for AES cipher modes.

Feature support ¶

Cipher mode	Backend	Key size	Note
CTR	cc3xx	128-bit key
	nrf_oberon	128-bit key
		192-bit key
		256-bit key
	Original Mbed TLS	128-bit key
		192-bit key
		256-bit key
CBC	cc3xx	128-bit key
	nrf_oberon	128-bit key
		192-bit key
		256-bit key
	Original Mbed TLS	128-bit key
		192-bit key
		256-bit key
CFB	cc3xx	N/A	Backend not supported
	nrf_oberon	128-bit key
		192-bit key
		256-bit key
	Original Mbed TLS	128-bit key
		192-bit key
		256-bit key
OFB	cc3xx	N/A	Backend not supported
	nrf_oberon	128-bit key
		192-bit key
		256-bit key
	Original Mbed TLS	128-bit key
		192-bit key
		256-bit key
XTS	cc3xx	N/A	Backend not supported
	nrf_oberon	128-bit key
		192-bit key
		256-bit key
	Original Mbed TLS	128-bit key
		192-bit key
		256-bit key

CMAC configuration ¶

Cipher-based Message Authentication Code (CMAC) support can be enabled by setting Kconfig variables according to single or multiple enabled backends.

Single backend ¶

CMAC can be enabled by setting the CONFIG_MBEDTLS_CMAC_C Kconfig variable.

Algorithm	Configurations
CMAC	`CONFIG_MBEDTLS_CMAC_C`

Multiple backends ¶

CMAC can be enabled by setting the CONFIG_MBEDTLS_CMAC_C Kconfig variable, and one or more of the following Kconfig variables:

Algorithm

Support

Configurations

CMAC

Choice

cc3xx: CONFIG_CHOICE_CC3XX_MBEDTLS_CMAC_C

nrf_oberon: CONFIG_CHOICE_OBERON_MBEDTLS_CMAC_C

Original Mbed TLS: CONFIG_CHOICE_VANILLA_MBEDTLS_CMAC_C

Note

For features provided with Choice support, the enabled backend that is first in order is selected by default.
The Arm CryptoCell cc3xx backend is limited to key sizes of 128 bits on devices with Arm CryptoCell cc310.

Feature support ¶

Algorithm	Backend	Key size
CMAC	cc3xx	128-bit key
	nrf_oberon	128-bit key
		192-bit key
		256-bit key
	Original Mbed TLS	128-bit key
		192-bit key
		256-bit key

AEAD configurations ¶

Authenticated Encryption with Associated Data (AEAD) can be enabled according to the cipher in question. AEAD cipher mode support support can be enabled by setting Kconfig variables according to single or multiple enabled backends.

Single backend ¶

AEAD cipher mode support can be enabled by setting one or more of the following Kconfig variables:

AEAD cipher	Configurations	Note
AES CCM/CCM*	`CONFIG_MBEDTLS_CCM_C`
AES GCM	`CONFIG_MBEDTLS_GCM_C`	Original Mbed TLS, or nrf_oberon, or cc312
ChaCha20	`CONFIG_MBEDTLS_CHACHA20_C`
Poly1305	`CONFIG_MBEDTLS_POLY1305_C`
ChaCha-Poly	`CONFIG_MBEDTLS_CHACHAPOLY_C`	Requires Poly1305 and ChaCha20

Note

AEAD AES cipher modes are dependent on enabling AES core support according to AES configuration.
The Arm CryptoCell cc3xx backend is limited to key sizes of 128 bits on devices with Arm CryptoCell cc310.
The ChaCha-Poly implemented by the Arm CryptoCell cc3xx backend does not support incremental operations.

Multiple backends ¶

Multiple backend configurations for various AEAD cyphers are presented in the following tables.

AES CCM/CCM*¶

AES CCM/CCM* can be enabled by setting the CONFIG_MBEDTLS_CCM_C Kconfig variable, and one or more of the following Kconfig variables:

AEAD cipher

Support

Configurations

AES CCM/CCM*

Glue

cc3xx: CONFIG_CC3XX_MBEDTLS_CCM_C

nrf_oberon: CONFIG_OBERON_MBEDTLS_CCM_C

Original Mbed TLS: CONFIG_VANILLA_MBEDTLS_CCM_C

Note

AEAD AES cipher modes are dependent on AES core support according to AES configuration.
The Arm CryptoCell cc3xx backend is limited to key sizes of 128 bits on devices with Arm CryptoCell cc310.
If both nrf_oberon backend and Original Mbed TLS backend is enabled, the nrf_oberon backend will provide support for AES CCM/CCM*.

AES GCM¶

AES GCM can be enabled by setting the CONFIG_MBEDTLS_GCM_C Kconfig variable.

AEAD cipher	Configurations	Note
AES GCM	`CONFIG_MBEDTLS_GCM_C`	Original Mbed TLS or nrf_oberon only

Note

AES GCM is not supported in Arm CryptoCell cc3xx hardware.

ChaCha20¶

ChaCha20 support can be enabled by setting the CONFIG_MBEDTLS_CHACHA20_C Kconfig variable, and one of the following Kconfig variables:

AEAD cipher

Support

Configurations

ChaCha20

Choice

cc3xx: CONFIG_CHOICE_CC3XX_MBEDTLS_CHACHA20_C

nrf_oberon: CONFIG_CHOICE_OBERON_MBEDTLS_CHACHA20_C

Original Mbed TLS: CONFIG_CHOICE_VANILLA_MBEDTLS_CHACHA20_C

Note

For features provided with Choice support, the enabled backend that is first in order is selected by default.
The ChaCha-Poly implemented by the Arm CryptoCell cc3xx backend does not support incremental operations.

Poly1305¶

Poly1305 can be enabled by setting the CONFIG_MBEDTLS_POLY1305_C Kconfig variable and one of the following Kconfig variables:

AEAD cipher

Support

Configurations

Poly1305

Choice

cc3xx: CONFIG_CHOICE_CC3XX_MBEDTLS_POLY1305_C

nrf_oberon: CONFIG_CHOICE_OBERON_MBEDTLS_POLY1305_C

Original Mbed TLS: CONFIG_CHOICE_VANILLA_MBEDTLS_POLY1305_C

Note

For features provided with Choice support, the enabled backend that is first in order is selected by default.
The ChaCha-Poly implemented by the Arm CryptoCell cc3xx backend does not support incremental operations.

ChaCha-Poly¶

ChaCha-Poly can be enabled by setting the CONFIG_MBEDTLS_CHACHAPOLY_C Kconfig variable, and one of the following Kconfig variables:

AEAD cipher

Support

Configurations

ChaCha-Poly

Choice

cc3xx: CONFIG_CHOICE_VANILLA_MBEDTLS_CHACHAPOLY_C

nrf_oberon: CONFIG_CHOICE_VANILLA_MBEDTLS_CHACHAPOLY_C

Original Mbed TLS: CONFIG_CHOICE_VANILLA_MBEDTLS_CHACHAPOLY_C

Note

ChaCha-Poly support requires enabling both ChaCha20 and Poly1305.
For features provided with Choice support, the enabled backend that is first in order is selected by default.

Feature support ¶

AEAD cipher	Backend	Key size	Note
AES CCM/CCM*	cc3xx	128-bit key
	nrf_oberon	128-bit key
		192-bit key
		256-bit key
	Original Mbed TLS	128-bit key
		192-bit key
		256-bit key
AES GCM	cc312	128-bit key	cc310 not supported
	nrf_oberon	128-bit key
		192-bit key
		256-bit key
	Original Mbed TLS	128-bit key
		192-bit key
		256-bit key
ChaCha20	cc3xx	256-bit key
	nrf_oberon	256-bit key
	Original Mbed TLS	256-bit key
Poly1305	cc3xx	256-bit key
	nrf_oberon	256-bit key
	Original Mbed TLS	256-bit key
ChaCha-Poly	cc3xx	256-bit key	The ChaCha-Poly implementation in Arm CryptoCell cc3xx backend does not support incremental operations.
	nrf_oberon	256-bit key
	Original Mbed TLS	256-bit key

DHM configurations ¶

Diffie-Hellman-Merkle (DHM) support can be enabled by setting Kconfig variables according to single or multiple enabled backends.

Single backend ¶

DHM can be enabled by setting the CONFIG_MBEDTLS_DHM_C Kconfig variable.

Algorithm	Configurations
DHM	`CONFIG_MBEDTLS_DHM_C`

Multiple backends ¶

DHM can be enabled by setting the CONFIG_MBEDTLS_DHM_C Kconfig variable, and one or more of the following Kconfig variables:

Algorithm

Support

Configurations

DHM

Glue

cc3xx: CONFIG_CC3XX_MBEDTLS_DHM_C

Original Mbed TLS: CONFIG_VANILLA_MBEDTLS_DHM_C

Feature support ¶

Algorithm	Backend	Key size	Note
DHM	cc3xx	Limited to 2048 bits
	nrf_oberon	N/A	Backend not supported
	Original Mbed TLS	No limitation

ECC configurations ¶

Elliptic Curve Cryptography (ECC) configuration provides support for Elliptic Curve over GF(p). ECC core support can be enabled by setting the CONFIG_MBEDTLS_ECP_C Kconfig variable. Enabling CONFIG_MBEDTLS_ECP_C will activate configuration options that depend upon ECC, such as ECDH, ECDSA, ECJPAKE, and a selection of ECC curves to support in the system. If multiple backends are available, you can select which backend to use for CONFIG_MBEDTLS_ECP_C. This backend will be used to provide support for ECDH, ECDSA, and/or ECJPAKE (if enabled).

Single backend ¶

ECC core support can be enabled by setting the CONFIG_MBEDTLS_ECP_C Kconfig variable.

Multiple backends ¶

ECC core support can be enabled by setting the CONFIG_MBEDTLS_ECP_C Kconfig variable, and one of the following Kconfig variables:

Algorithm

Support

Configurations

ECP

Choice

cc3xx: CONFIG_CHOICE_CC3XX_MBEDTLS_ECP_C

nrf_oberon: CONFIG_CHOICE_OBERON_MBEDTLS_ECP_C

Original Mbed TLS: CONFIG_CHOICE_VANILLA_MBEDTLS_ECP_C

Note

For features provided with Choice support, the enabled backend that is first in order is selected by default.

Feature support ¶

Algorithm	Backend	Curve group	Curve type
ECP	cc3xx	NIST	secp192r1
			secp224r1
			secp256r1
			secp384r1
			secp521r1
		Koblitz	secp192k1
			secp224k1
			secp256k1
		Curve25519	Curve25519
	nrf_oberon	NIST	secp256r1
		NIST	secp224r1
		Curve25519	Curve25519
	Original Mbed TLS	NIST	secp192r1
			secp224r1
			secp256r1
			secp384r1
			secp521r1
		Koblitz	secp192k1
			secp224k1
			secp256k1
		Brainpool	bp256r1
			bp384r1
			bp512r1
		Curve25519	Curve25519

ECDH configurations ¶

Elliptic Curve Diffie-Hellman (ECDH) support can be enabled by setting the CONFIG_MBEDTLS_ECDH_C Kconfig variable.

Algorithm	Configurations
ECDH	`CONFIG_MBEDTLS_ECDH_C`

Note

ECDH support depends upon ECC Configurations being enabled.
The nrf_cc3xx_mbedcrypto library does not integrate on ECP layer. Only the top-level APIs for ECDH are replaced.

Feature support ¶

Algorithm	Backend	Curve group	Curve type
ECDH	cc3xx	NIST	secp192r1
			secp224r1
			secp256r1
			secp384r1
			secp521r1
		Koblitz	secp192k1
			secp224k1
			secp256k1
		Curve25519	Curve25519
	nrf_oberon	NIST	secp256r1
		NIST	secp224r1
		Curve25519	Curve25519
	Original Mbed TLS	NIST	secp192r1
			secp224r1
			secp256r1
			secp384r1
			secp521r1
		Koblitz	secp192k1
			secp224k1
			secp256k1
		Brainpool	bp256r1
			bp384r1
			bp512r1
		Curve25519	Curve25519

ECDSA configurations ¶

Elliptic Curve Digital Signature Algorithm (ECDSA) support can be enabled be configured by setting the CONFIG_MBEDTLS_ECDSA_C Kconfig variable.

Algorithm	Configurations
ECDSA	`CONFIG_MBEDTLS_ECDSA_C`

Note

ECDSA support depends upon ECC Configurations being enabled.
The nrf_cc3xx_mbedcrypto library does not integrate on ECP layer. Only the top-level APIs for ECDSA are replaced.

Feature support ¶

Algorithm	Backend	Curve group	Curve type
ECDSA	cc3xx	NIST	secp192r1
			secp224r1
			secp256r1
			secp384r1
			secp521r1
		Koblitz	secp192k1
			secp224k1
			secp256k1
		Curve25519	Curve25519
	nrf_oberon	NIST	secp256r1
		NIST	secp224r1
		Curve25519	Curve25519
	Original Mbed TLS	NIST	secp192r1
			secp224r1
			secp256r1
			secp384r1
			secp521r1
		Koblitz	secp192k1
			secp224k1
			secp256k1
		Brainpool	bp256r1
			bp384r1
			bp512r1
		Curve25519	Curve25519

ECJPAKE configurations ¶

Elliptic Curve, Password Authenticated Key Exchange by Juggling (ECJPAKE) support can be enabled by setting the CONFIG_MBEDTLS_ECJPAKE_C Kconfig variable.

Algorithm	Configurations
ECJPAKE	`CONFIG_MBEDTLS_ECJPAKE_C`

Note

ECJPAKE support depends upon ECC Configurations being enabled.

Feature support ¶

Algorithm	Backend	Curve group	Curve type
ECJPAKE	cc3xx	NIST	secp256r1
	nrf_oberon	NIST	secp256r1
	Original Mbed TLS	NIST	secp256r1

ECC curves configurations ¶

It is possible to configure the curves that should be supported in the system depending on the backend selected.

The following table shows the curves that can be enabled.

Curve	Configurations	Note
NIST secp192r1	`CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED`
NIST secp224r1	`CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED`
NIST secp256r1	`CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED`
NIST secp384r1	`CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED`
NIST secp521r1	`CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED`
Koblitz secp192k1	`CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED`
Koblitz secp224k1	`CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED`
Koblitz secp256k1	`CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED`
Brainpool bp256r1	`CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED`	Original Mbed TLS only
Brainpool bp384r1	`CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED`	Original Mbed TLS only
Brainpool bp512r1	`CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED`	Original Mbed TLS only
Curve25519	`CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED`
Curve448	`CONFIG_MBEDTLS_ECP_DP_CURVE448_ENABLED`	Original Mbed TLS only

Note

The nrf_oberon crypto library only supports ECC curve secp256r1.
Choosing the nrf_oberon backend does not allow enabling the rest of the ECC curve types.

RSA configurations ¶

Rivest-Shamir-Adleman (RSA) support can be enabled by setting Kconfig variables according to single or multiple enabled backends.

Single backend ¶

RSA support can be enabled by setting the CONFIG_MBEDTLS_RSA_C Kconfig variable.

Algorithm	Configurations
RSA	`CONFIG_MBEDTLS_RSA_C`

Note

Arm CryptoCell cc3xx backend is limited to key sizes of <= 2048 bits.

Multiple backends ¶

RSA support can be enabled by setting the CONFIG_MBEDTLS_RSA_C Kconfig variable, and one of the following Kconfig variables:

Algorithm

Support

Configurations

RSA

Choice

cc3xx: CONFIG_CHOICE_CC3XX_MBEDTLS_RSA_C

Original Mbed TLS: CONFIG_CHOICE_VANILLA_MBEDTLS_RSA_C

Note

For configurations providing Choice support, the enabled backend that is first in order is selected by default.

Feature support ¶

Algorithm	Backend	Key size	Note
RSA	cc3xx	Limited to 2048 bits
	nrf_oberon	N/A	Backend not supported
	Original Mbed TLS	No limitation

Secure Hash configurations ¶

The Secure Hash algorithms can be configured by setting Kconfig variables according to single or multiple enabled backends.

Single backend ¶

SHA support can be enabled by setting Kconfig according to the following table:

Algorithm	Support	Backend selection
SHA-1		`CONFIG_MBEDTLS_SHA1_C`
SHA-256		`CONFIG_MBEDTLS_SHA256_C`
SHA-512	Shared	`CONFIG_MBEDTLS_SHA512_C`

Multiple backends ¶

Multiple backend configurations for Secure Hash algorithms are presented in the following tables.

SHA-1¶

SHA-1 support can be enabled by setting the CONFIG_MBEDTLS_SHA1_C Kconfig variable, and one of the following Kconfig variables:

Algorithm

Support

Backend selection

SHA-1

Choice

cc3xx: CONFIG_CHOICE_CC3XX_MBEDTLS_SHA1_C

nrf_oberon: CONFIG_CHOICE_OBERON_MBEDTLS_SHA1_C

Original Mbed TLS: CONFIG_CHOICE_VANILLA_MBEDTLS_SHA1_C

Note

For features provided with Choice support, the enabled backend that is first in order is selected by default.

SHA-256¶

SHA-256 support can be enabled by setting the CONFIG_MBEDTLS_SHA256_C Kconfig variable, and one of the following Kconfig variables:

Algorithm

Support

Backend selection

SHA-256

Choice

cc3xx: CONFIG_CHOICE_CC3XX_MBEDTLS_SHA256_C

nrf_oberon: CONFIG_CHOICE_OBERON_MBEDTLS_SHA256_C

Original Mbed TLS: CONFIG_CHOICE_VANILLA_MBEDTLS_SHA256_C

Note

For features provided with Choice support, the enabled backend that is first in order is selected by default.

SHA-512¶

SHA-256 support can be configured by setting the CONFIG_MBEDTLS_SHA512_C Kconfig variable.

Algorithm	Support	Backend selection
SHA-512	Shared	`CONFIG_MBEDTLS_SHA512_C`

Note

For features provided with Choice support, the enabled backend that is first in order is selected by default.

Feature support ¶

Algorithm	Supported backends	Note
SHA-1	cc3xx
	nrf_oberon
	Original Mbed TLS
SHA-224	cc3xx	SHA-224 is enabled by enabling SHA-256
	nrf_oberon
	Original Mbed TLS
SHA-256	cc3xx
	nrf_oberon
	Original Mbed TLS
SHA-384	cc3xx	SHA-384 is enabled by enabling SHA-512
	nrf_oberon
	Original Mbed TLS
SHA-512	cc3xx
	nrf_oberon
	Original Mbed TLS

Backend platform-specific configurations ¶

The Kconfig integration of nrf_security module coupled with CMake sets some default configurations to ensure that the backend works as expected.

This includes integration with entropy data sampled from the Arm CryptoCell cc3xx hardware, as well as a way to abstract the memory management in an RTOS context. See the nrf_cc3xx_mbedcrypto library documentation for details.