Feature configurations and driver support
This section covers the configurations available when using PSA drivers.
Configuring multiple drivers
Multiple PSA drivers can be enabled at the same time, with added support for fine-grained control of which drivers implement support for cryptographic features.
To enable a PSA driver, set the configurations in the following table:
PSA driver |
Configuration option |
Notes |
---|---|---|
nrf_cc3xx |
Only on nRF52840, nRF91 Series, and nRF5340 devices |
|
nrf_oberon |
||
nrf_cracen |
Only on nRF54L Series devices |
If multiple drivers are enabled, the first ordered item in this table takes precedence for an enabled cryptographic feature, unless the driver does not enable or support it.
The Arm CryptoCell cc3xx driver allows enabling or disabling of specific PSA APIs (such as psa_cipher_encrypt, psa_sign_hash), but not individual algorithms.
The nrf_oberon driver allows finer configuration granularity, allowing you to enable or disable individual algorithms as well.
When multiple enabled drivers support the same cryptographic feature, the configuration system attempts to include only one implementation to minimize code size.
Key type configurations
To enable key types for cryptographic algorithms, set one or more of the Kconfig options in the following table:
Key type |
Configuration option |
---|---|
AES |
|
ARIA |
|
DES (weak) |
|
CAMELLIA |
|
SM4 |
|
ARC4 (weak) |
|
Chacha20 |
|
ECC Key Pair |
|
ECC Public Key |
|
RSA Key Pair |
|
RSA Public Key |
|
DH Key Pair |
|
DH Public key |
Key type support
The following table shows key type support for each driver:
Key type |
nrf_cc3xx driver support |
nrf_oberon driver support |
nrf_cracen driver support |
---|---|---|---|
AES |
Supported |
Supported |
Supported |
ARIA |
Not supported |
Not supported |
Not supported |
DES (weak) |
Not supported |
Not supported |
Not supported |
CAMELLIA |
Not supported |
Not supported |
Not supported |
SM4 |
Not supported |
Not supported |
Not supported |
ARC4 (weak) |
Not supported |
Not supported |
Not supported |
Chacha20 |
Supported |
Supported |
Supported |
ECC Key Pair |
Supported |
Supported |
Supported |
ECC Public Key |
Supported |
Supported |
Supported |
RSA Key Pair |
Supported |
Supported |
Supported |
RSA Public Key |
Supported |
Supported |
Supported |
DH Key Pair |
Not supported |
Not supported |
Not supported |
DH Public Key |
Not supported |
Not supported |
Not supported |
The option CONFIG_PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
enables the Arm CryptoCell cc3xx driver for all supported key types.
Cipher configurations
To enable cipher modes, set one or more of the Kconfig options in the following table:
Cipher mode |
Configuration option |
---|---|
ECB no padding |
|
CBC no padding |
|
CBC PKCS#7 padding |
|
CFB |
|
CTR |
|
OFB |
|
CCM* no tag |
|
XTS |
|
Stream cipher |
Cipher support
The following table shows cipher algorithm support for each driver:
Cipher mode |
nrf_cc3xx driver support |
nrf_oberon driver support |
nrf_cracen driver support |
---|---|---|---|
ECB no padding |
Supported |
Supported |
Supported |
CBC no padding |
Supported |
Supported |
Supported |
CBC PKCS#7 padding |
Supported |
Supported |
Supported |
CFB |
Not supported |
Not supported |
Not supported |
CTR |
Supported |
Supported |
Supported |
OFB |
Supported |
Not supported |
Supported |
CCM* no tag |
Not supported |
Supported |
Not supported |
XTS |
Not supported |
Not supported |
Not supported |
Stream cipher |
Supported |
Supported |
Supported |
The option CONFIG_PSA_USE_CC3XX_CIPHER_DRIVER
enables the Arm CryptoCell cc3xx driver for all supported algorithms.
The configuration of the nrf_oberon driver is automatically generated based on the user-enabled algorithms in Cipher configurations.
Key size configuration is supported as described in AES key size configuration, for all algorithms except the stream cipher.
Note
The Arm CryptoCell cc3xx driver is limited to AES key sizes of 128 bits on devices with Arm CryptoCell cc310.
Key agreement configurations
To enable key agreement support, set one or more of the Kconfig options in the following table:
Key agreement algorithm |
Configuration option |
---|---|
ECDH |
|
FFDH |
Key agreement support
The following table shows Key agreement support for each driver:
Key agreement algorithm |
nrf_cc3xx driver support |
nrf_oberon driver support |
nrf_cracen driver support |
---|---|---|---|
ECDH |
Supported |
Supported |
Supported |
FFDH |
Not supported |
Not supported |
Not supported |
The option CONFIG_PSA_USE_CC3XX_KEY_AGREEMENT_DRIVER
enables the Arm CryptoCell cc3xx driver for all supported algorithms.
The algorithm support when using ECC key types is dependent on one or more Kconfig options enabling curve support according to ECC curve configurations.
Note
The nrf_oberon driver is currently limited to curve types secp224r1, secp256r1, secp384r1, and Curve25519 for ECDH.
Key derivation function configurations
To enable key derivation function (KDF) support, set one or more of the Kconfig options in the following table:
KDF algorithm |
Configuration option |
---|---|
HKDF |
|
HKDF-Extract |
|
HKDF-Expand |
|
PBKDF2-HMAC |
|
PBKDF2-AES-CMAC-PRF-128 |
|
TLS 1.2 PRF |
|
TLS 1.2 PSK to MS |
|
TLS 1.2 EC J-PAKE to PMS |
Note
PBKDF2 algorithms are not supported with TF-M.
Key derivation function support
The following table shows key derivation function (KDF) support for each driver:
KDF algorithm |
nrf_cc3xx driver support |
nrf_oberon driver support |
nrf_cracen driver support |
---|---|---|---|
HKDF |
Not supported |
Supported |
Supported |
HKDF-Extract |
Not supported |
Supported |
Not Supported |
HKDF-Expand |
Not supported |
Supported |
Not Supported |
PBKDF2-HMAC |
Not supported |
Supported |
Supported |
PBKDF2-AES-CMAC-PRF-128 |
Not supported |
Supported |
Supported |
TLS 1.2 PRF |
Not supported |
Supported |
Not Supported |
TLS 1.2 PSK to MS |
Not supported |
Supported |
Not Supported |
TLS 1.2 EC J-PAKE to PMS |
Not supported |
Supported |
Supported |
The configuration of the nrf_oberon driver is automatically generated based on the user-enabled algorithms in Key derivation function configurations.
MAC configurations
To enable MAC support, set one or more of the Kconfig options in the following table:
MAC cipher |
Configuration option |
---|---|
CMAC |
|
HMAC |
|
CBC-MAC |
MAC support
The following table shows MAC algorithm support for each driver:
MAC cipher |
nrf_cc3xx driver support |
nrf_oberon driver support |
nrf_cracen driver support |
---|---|---|---|
CMAC |
Supported |
Supported |
Supported |
HMAC |
Supported |
Supported |
Supported |
CBC-MAC |
Not supported |
Not supported |
Not Supported |
The option CONFIG_PSA_USE_CC3XX_MAC_DRIVER
enables the Arm CryptoCell cc3xx driver for all supported algorithms.
The configuration of the nrf_oberon driver is automatically generated based on the user-enabled algorithms in MAC configurations.
Key size configuration for CMAC is supported as described in AES key size configuration.
Note
The Arm CryptoCell cc3xx driver is limited to CMAC using AES key sizes of 128 bits on devices with Arm CryptoCell cc310.
The Arm CryptoCell cc3xx driver is limited to HMAC using SHA-1, SHA-224, and SHA-256.
AEAD configurations
To enable Authenticated Encryption with Associated Data (AEAD), set one or more of the Kconfig options in the following table:
AEAD cipher |
Configuration option |
---|---|
CCM |
|
GCM |
|
ChaCha20-Poly1305 |
AEAD support
The following table shows AEAD algorithm support for each driver:
AEAD cipher |
nrf_cc3xx driver support |
nrf_oberon driver support |
nrf_cracen driver support |
---|---|---|---|
CCM |
Supported |
Supported |
Supported |
GCM |
Supported |
Supported |
Supported |
ChaCha20-Poly1305 |
Supported |
Supported |
Supported |
The option CONFIG_PSA_USE_CC3XX_AEAD_DRIVER
enables the Arm CryptoCell cc3xx driver for all supported algorithms.
Configuration of the nrf_oberon driver is automatically generated based on the user-enabled algorithms in AEAD configurations.
Key size configuration for CCM and GCM is supported as described in AES key size configuration.
Note
The Arm CryptoCell cc3xx driver is limited to AES key sizes of 128 bits on devices with Arm CryptoCell cc310.
The Arm CryptoCell cc3xx driver does not provide hardware support for GCM on devices with Arm CryptoCell cc310.
Asymmetric signature configurations
To enable asymmetric signature support, set one or more of the Kconfig options in the following table:
Asymmetric signature algorithms |
Configuration option |
---|---|
ECDSA |
|
ECDSA without hashing |
|
ECDSA (deterministic) |
|
PureEdDSA |
|
HashEdDSA Edwards25519 |
|
HashEdDSA Edwards448 |
|
RSA PKCS#1 v1.5 sign |
|
RSA raw PKCS#1 v1.5 sign |
|
RSA PSS |
|
RSA PSS any salt |
Asymmetric signature support
The following table shows asymmetric signature algorithm support for each driver:
Asymmetric signature algorithms |
nrf_cc3xx driver support |
nrf_oberon driver support |
nrf_cracen driver support |
---|---|---|---|
ECDSA |
Supported |
Supported |
Supported |
ECDSA without hashing |
Supported |
Supported |
Supported |
ECDSA (deterministic) |
Supported |
Supported |
Supported |
PureEdDSA |
Supported |
Supported |
Supported |
HashEdDSA Edwards25519 |
Not supported |
Not supported |
Not supported |
HashEdDSA Edwards448 |
Not supported |
Not supported |
Not supported |
RSA PKCS#1 v1.5 sign |
Supported |
Supported |
Supported |
RSA raw PKCS#1 v1.5 sign |
Supported |
Supported |
Not Supported |
RSA PSS |
Not supported |
Supported |
Supported |
RSA PSS any salt |
Not supported |
Supported |
Not Supported |
The option CONFIG_PSA_USE_CC3XX_ASYMMETRIC_SIGNATURE_DRIVER
enables the driver Arm CryptoCell cc3xx driver for all supported algorithms.
Configuration of the nrf_oberon driver driver is automatically generated based on the user-enabled algorithms in Asymmetric signature configurations.
The algorithm support when using ECC key types is dependent on one or more Kconfig options enabling curve support according to ECC curve configurations.
RSA key size configuration is supported as described in RSA key size configuration.
Note
Arm CryptoCell cc3xx driver is limited to RSA key sizes less than or equal to 2048 bits.
nrf_oberon driver does not support RSA key pair generation.
nrf_oberon driver is currently limited to ECC curve types secp224r1, secp256r1, and secp384r1 for ECDSA.
nrf_oberon driver is currently limited to ECC curve type Ed25519 for EdDSA.
Asymmetric encryption configurations
To enable asymmetric encryption, set one or more of the Kconfig options in the following table:
Asymmetric encryption algorithm |
Configuration option |
---|---|
RSA OAEP |
|
RSA PKCS#1 v1.5 crypt |
Asymmetric encryption support
The following table shows asymmetric encryption algorithm support for each driver:
Asymmetric encryption algorithm |
nrf_cc3xx driver support |
nrf_oberon driver support |
nrf_cracen driver support |
---|---|---|---|
RSA OAEP |
Supported |
Supported |
Supported |
RSA PKCS#1 v1.5 crypt |
Supported |
Supported |
Supported |
The option CONFIG_PSA_USE_CC3XX_ASYMMETRIC_ENCRYPTION_DRIVER
enables the Arm CryptoCell cc3xx driver for all supported algorithms.
Configuration of the nrf_oberon driver is automatically generated based on the user-enabled algorithms in Asymmetric encryption configurations.
RSA key size configuration is supported as described in RSA key size configuration.
Note
Arm CryptoCell cc3xx driver is limited to key sizes less than or equal to 2048 bits.
nrf_oberon driver does not support RSA key pair generation.
ECC curve configurations
To configure elliptic curve support, set one or more of the Kconfig options in the following table:
ECC curve type |
Configuration option |
---|---|
BrainpoolP160r1 (weak) |
|
BrainpoolP192r1 |
|
BrainpoolP224r1 |
|
BrainpoolP256r1 |
|
BrainpoolP320r1 |
|
BrainpoolP384r1 |
|
BrainpoolP512r1 |
|
Curve25519 (X25519) |
|
Curve448 (X448) |
|
Edwards25519 (Ed25519) |
|
Edwards448 (Ed448) |
|
secp192k1 |
|
secp224k1 |
|
secp256k1 |
|
secp192r1 |
|
secp224r1 |
|
secp256r1 |
|
secp384r1 |
|
secp521r1 |
|
secp160r2 (weak) |
|
sect163k1 (weak) |
|
sect233k1 |
|
sect239k1 |
|
sect283k1 |
|
sect409k1 |
|
sect571k1 |
|
sect163r1 (weak) |
|
sect233r1 |
|
sect283r1 |
|
sect409r1 |
|
sect571r1 |
|
sect163r2 (weak) |
|
FRP256v1 |
ECC curve support
The following table shows ECC curve support for each driver:
ECC curve type |
nrf_cc3xx driver support |
nrf_oberon driver support |
nrf_cracen driver support |
---|---|---|---|
BrainpoolP160r1 (weak) |
Not supported |
Not supported |
Not supported |
BrainpoolP192r1 |
Not supported |
Not supported |
Supported |
BrainpoolP224r1 |
Not supported |
Not supported |
Supported |
BrainpoolP256r1 |
Supported |
Not supported |
Supported |
BrainpoolP320r1 |
Not supported |
Not supported |
Supported |
BrainpoolP384r1 |
Not supported |
Not supported |
Supported |
BrainpoolP512r1 |
Not supported |
Not supported |
Supported |
Curve25519 (X25519) |
Supported |
Supported |
Supported |
Curve448 (X448) |
Not supported |
Not supported |
Supported |
Edwards25519 (Ed25519) |
Supported |
Supported |
Supported |
Edwards448 (Ed448) |
Not supported |
Not supported |
Supported |
secp192k1 |
Supported |
Not supported |
Supported |
secp224k1 |
Not supported |
Not supported |
Not supported |
secp256k1 |
Supported |
Not supported |
Supported |
secp192r1 |
Supported |
Not supported |
Supported |
secp224r1 |
Supported |
Supported |
Supported |
secp256r1 |
Supported |
Supported |
Supported |
secp384r1 |
Supported |
Supported |
Supported |
secp521r1 |
Not supported |
Not supported |
Supported |
secp160r2 (weak) |
Not supported |
Not supported |
Not supported |
sect163k1 (weak) |
Not supported |
Not supported |
Not supported |
sect233k1 |
Not supported |
Not supported |
Not supported |
sect239k1 |
Not supported |
Not supported |
Not supported |
sect283k1 |
Not supported |
Not supported |
Not supported |
sect409k1 |
Not supported |
Not supported |
Not supported |
sect571k1 |
Not supported |
Not supported |
Not supported |
sect163r1 (weak) |
Not supported |
Not supported |
Not supported |
sect233r1 |
Not supported |
Not supported |
Not supported |
sect283r1 |
Not supported |
Not supported |
Not supported |
sect409r1 |
Not supported |
Not supported |
Not supported |
sect571r1 |
Not supported |
Not supported |
Not supported |
sect163r2 (weak) |
Not supported |
Not supported |
Not supported |
FRP256v1 |
Not supported |
Not supported |
Not supported |
The option CONFIG_PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER
enables the Arm CryptoCell cc3xx driver for key management using ECC curves.
RNG configurations
Enable RNG using the CONFIG_PSA_WANT_GENERATE_RANDOM
Kconfig option.
RNG uses PRNG seeded by entropy (also known as TRNG). When RNG is enabled, set at least one of the configurations in the following table:
PRNG algorithms |
Configuration option |
---|---|
CTR-DRBG |
|
HMAC-DRBG |
Note
Both PRNG algorithms are NIST qualified Cryptographically Secure Pseudo Random Number Generators (CSPRNG).
CONFIG_PSA_WANT_ALG_CTR_DRBG
andCONFIG_PSA_WANT_ALG_HMAC_DRBG
are custom configurations not described by the PSA Crypto specification.If multiple PRNG algorithms are enabled at the same time, CTR-DRBG will be prioritized for random number generation through the front-end APIs for PSA Crypto.
RNG support
There are no public configurations for entropy and PRNG algorithm support and the choice of drivers that provide support is automatic.
The PSA drivers using the Arm CryptoCell peripheral is enabled by default for nRF52840, nRF91 Series, and nRF5340 devices.
For devices without a hardware-accelerated cryptographic engine, entropy is provided by the nRF RNG peripheral. PRNG support is provided by the Oberon PSA driver, which is implemented using software.
Note
When using CryptoCell only 1024 bytes can be requested at a time.
Hash configurations
To configure the Hash algorithms, set one or more of the Kconfig options in the following table:
Hash algorithm |
Configuration option |
---|---|
SHA-1 (weak) |
|
SHA-224 |
|
SHA-256 |
|
SHA-384 |
|
SHA-512 |
|
SHA-512/224 |
|
SHA-512/256 |
|
SHA3-224 |
|
SHA3-256 |
|
SHA3-384 |
|
SHA3-512 |
|
SM3 |
|
SHAKE256 512 bits |
|
MD2 (weak) |
|
MD4 (weak) |
|
MD5 (weak) |
|
RIPEMD-160 |
Note
The SHA-1 hash is weak and deprecated and is only recommended for use in legacy protocols.
The MD5 hash is weak and deprecated and is only recommended for use in legacy protocols.
Hash support
The following table shows hash algorithm support for each driver:
Hash algorithm |
nrf_cc3xx driver support |
nrf_oberon driver support |
nrf_cracen driver support |
---|---|---|---|
SHA-1 (weak) |
Supported |
Supported |
Supported |
SHA-224 |
Supported |
Supported |
Supported |
SHA-256 |
Supported |
Supported |
Supported |
SHA-384 |
Not supported |
Supported |
Supported |
SHA-512 |
Not supported |
Supported |
Supported |
SHA-512/224 |
Not supported |
Not supported |
Not supported |
SHA-512/256 |
Not supported |
Not supported |
Not supported |
SHA3-224 |
Not supported |
Not supported |
Supported |
SHA3-256 |
Not supported |
Not supported |
Supported |
SHA3-384 |
Not supported |
Not supported |
Supported |
SHA3-512 |
Not supported |
Not supported |
Supported |
SM3 |
Not supported |
Not supported |
Not supported |
SHAKE256 512 bits |
Not supported |
Not supported |
Not supported |
MD2 (weak) |
Not supported |
Not supported |
Not supported |
MD4 (weak) |
Not supported |
Not supported |
Not supported |
MD5 (weak) |
Not supported |
Not supported |
Not supported |
RIPEMD160 |
Not supported |
Not supported |
Not supported |
The option CONFIG_PSA_USE_CC3XX_HASH_DRIVER
enables the Arm CryptoCell cc3xx driver for all supported algorithms.
The configuration of the nrf_oberon driver is automatically generated based on the user-enabled algorithms in Hash configurations.
Password-authenticated key exchange configurations
To enable password-authenticated key exchange (PAKE) support, set one or more of the Kconfig options in the following table:
PAKE algorithm |
Configuration option |
---|---|
EC J-PAKE |
|
SPAKE2+ with HMAC |
|
SPAKE2+ with CMAC |
|
SPAKE2+ for Matter |
|
SRP-6 |
|
SRP-6 password hashing |
Note
The provided support is experimental.
Not supported with TF-M.
Password-authenticated key exchange support
The following table shows PAKE algorithm support for each driver:
PAKE algorithm |
nrf_cc3xx driver support |
nrf_oberon driver support |
nrf_cracen driver support |
---|---|---|---|
EC J-PAKE |
Not supported |
Supported |
Supported |
SPAKE2+ |
Not supported |
Supported |
Supported |
SRP-6 |
Not supported |
Supported |
Supported |
Configuration of the nrf_oberon driver is automatically generated based on the user-enabled algorithms in Password-authenticated key exchange configurations.
Key size configurations
nRF Security supports key size configuration options for AES and RSA keys.
AES key size configuration
To enable AES key size support, set one or more of the Kconfig options in the following table:
AES key size |
Configuration option |
---|---|
128 bits |
|
192 bits |
|
256 bits |
Note
All AES key size configurations are introduced by nRF Security and are not described by the PSA Crypto specification.
RSA key size configuration
To enable RSA key size support, set one or more of the Kconfig options in the following table:
RSA key size |
Configuration option |
nrf_cc3xx driver support |
nrf_oberon driver support |
nrf_cracen driver support |
---|---|---|---|---|
1024 bits |
Supported |
Supported |
Not supported |
|
1536 bits |
Supported |
Supported |
Not supported |
|
2048 bits |
Supported |
Supported |
Supported |
|
3072 bits |
Supported (CC312 only) |
Supported |
Supported |
|
4096 bits |
Not supported |
Supported |
Supported |
|
6144 bits |
Not supported |
Supported |
Not supported |
|
8192 bits |
Not supported |
Supported |
Not supported |
Note
All RSA key size configurations are introduced by nRF Security and are not described by the PSA Crypto specification.