CRYPTOCELL — ARM® TrustZone® CryptoCell 312

ARM® TrustZone® CryptoCell 312 (CRYPTOCELL) is a security subsystem which provides root of trust (RoT) and cryptographic services for a device.

Figure 1. Block diagram for CRYPTOCELL
Block diagram for CRYPTOCELL

The following cryptographic features are provided:

  • True random number generator (TRNG) compliant with NIST 800-90B, AIS-31, and FIPS 140-2
  • Pseudorandom number generator (PRNG) using underlying AES engine compliant with NIST 800-90A
  • RSA public key cryptography
    • Up to 3072-bit key size
    • PKCS#1 v2.1/v1.5
    • Optional CRT support
  • Elliptic curve cryptography (ECC)
    • NIST FIPS 186-4 recommended curves using pseudorandom parameters, up to 521 bits:
      • Prime field: P-192, P-224, P-256, P-384, P-521
    • SEC 2 recommended curves using pseudorandom parameters, up to 521 bits:
      • Prime field: secp160r1, secp192r1, secp224r1, secp256r1, secp384r1, secp521r1
    • Koblitz curves using fixed parameters, up to 256 bits:
      • Prime field: secp160k1, secp192k1, secp224k1, secp256k1
    • Edwards/Montgomery curves:
      • Ed25519, Curve25519
    • ECDH/ECDSA support
  • Secure remote password protocol (SRP)
    • Up to 3072-bit operations
  • Hashing functions
    • SHA-1, SHA-2 up to 256 bits
    • Keyed-hash message authentication code (HMAC)
  • AES symmetric encryption
    • General purpose AES engine (encrypt/decrypt, sign/verify)
    • Supported key size: 128 and 256 bits
    • Supported encryption modes: ECB, CBC, CMAC/CBC-MAC, CTR, CCM/CCM*, GCM
  • ChaCha20/Poly1305 symmetric encryption
    • Supported key size: 128 and 256 bits
    • Authenticated encryption with associated data (AEAD) mode

Usage

The CRYPTOCELL state is controlled via a register interface. The cryptographic functions of CRYPTOCELL are accessible by using a software library provided in the device SDK, not directly via a register interface.

To enable CRYPTOCELL, use register ENABLE.

Warning: Keeping the CRYPTOCELL subsystem enabled will prevent the device from reaching the System ON, All Idle state.

Direct memory access (DMA)

The CRYPTOCELL features a direct access memory (DMA) to allow cryptographic operations on memory mapped regions without involving the CPU.

The maximum DMA transaction size is limited to 216-1 bytes. See Memory for information about what memories are accessible through the CRYPTOCELL DMA.

The CRYPTOCELL DMA can configure the security setting used for bus transactions.

Any data stored in memory type(s) not accessible by the CRYPTOCELL DMA engine must be copied to a memory type accessible by the direct memory before it can be processed by the CRYPTOCELL subsystem.

Standards

ARM® TrustZone® CryptoCell 312 (CRYPTOCELL) is compliant with the following protocol specifications and standards.

Table 1. CRYPTOCELL cryptography standards
Algorithm family Identification code Document title
TRNG NIST SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation
AIS-31 A proposal for: Functionality classes and evaluation methodology for physical random number generators
FIPS 140-2 Security Requirements for Cryptographic Modules
PRNG NIST SP 800-90A Recommendation for Random Number Generation Using Deterministic Random Bit Generators
Stream cipher Chacha ChaCha, a variant of Salsa20, Daniel J. Bernstein, January 28th 2008
MAC Poly1305

The Poly1305-AES message-authentication code, Daniel J. Bernstein

Cryptography in NaCl, Daniel J. Bernstein

Key agreement SRP The Secure Remote Password Protocol, Thomas Wu, November 11th 1997
Key derivation NIST SP 800-108 Recommendation for Key Derivation Using Pseudorandom Functions. Compliant with section 5.1
AES FIPS-197 Advanced Encryption Standard (AES). Compliant with 128-bit and 256-bit key size only
NIST SP 800-38A Recommendation for Block Cipher Modes of Operation - Methods and Techniques. Compliant with sections 6.1, 6.2, 6.4, and 6.5.
NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
NIST SP 800-38C Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality
ISO/IEC 9797-1 AES CBC-MAC per ISO/IEC 9797-1 MAC algorithm 1
IEEE 802.15.4-2011 IEEE Standard for Local and metropolitan area networks - Part 15.4: Low-Rate Wireless Personal Area Networks (LR-WPANs), Annex B.4: Specification of generic CCM* mode of operation
Hash FIPS 180-3 Secure Hash Standard (SHA1, SHA-224, SHA-256)
RFC2104 HMAC: Keyed-Hashing for Message Authentication
RSA PKCS#1 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications v1.5/2.1
Diffie-Hellman ANSI X9.42 Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography
PKCS#3 Diffie-Hellman Key-Agreement Standard
ECC ANSI X9.63 Public Key Cryptography for the Financial Services Industry - Key Agreement and Key Transport Using Elliptic Curve Cryptography
IEEE 1363 Standard Specifications for Public-Key Cryptography
ANSI X9.62 Public Key Cryptography For The Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)
Ed25519 Edwards-curve, Ed25519: high-speed high-security signatures, Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang
Curve25519 Montgomery curve, Curve25519: new Diffie-Hellman speed records, Daniel J. Bernstein
FIPS 186-4 Digital Signature Standard (DSS). Compliant with sections 5.1, 6.2, 6.3, 6.4, B.1.2, B.2.2, B.3.6, B.4.2, C.3.1, C.3.3, C.3.5, C.9, and D.1.2.
SEC 2 Recommended Elliptic Curve Domain Parameters, Certicom Research
NIST SP 800-56A rev. 2 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography

Registers

Table 2. Instances
Base address Domain Peripheral Instance Secure mapping DMA security Description Configuration
0x50844000 APPLICATION CRYPTOCELL CRYPTOCELL S NSA

CryptoCell subsystem control interface

   
Table 3. Register overview
Register Offset Security Description
ENABLE 0x500  

Enable CRYPTOCELL subsystem.

 

ENABLE

Address offset: 0x500

Enable CRYPTOCELL subsystem.

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW

ENABLE

   

Enable or disable the CRYPTOCELL subsystem.

     

Disabled

0

CRYPTOCELL subsystem disabled.

     

Enabled

1

CRYPTOCELL subsystem enabled.

When enabled, the CRYPTOCELL subsystem can be initialized and controlled through the CryptoCell firmware API.


This document was last updated on
2019-12-09.
Please send us your feedback about the documentation! For technical questions, visit the Nordic Developer Zone.