CRYPTOCELL — Arm TrustZone® CryptoCell 312
Arm® TrustZone® CryptoCell 312 (CRYPTOCELL) is a security subsystem providing root of trust (RoT) and cryptographic services for a device.
The following cryptographic features are provided:
- True random number generator (TRNG) compliant with NIST 800-90B, AIS-31, and FIPS 140-2
- Pseudorandom number generator (PRNG) using underlying AES engine compliant with NIST 800-90A
- RSA public key cryptography
- Up to 3072-bit key size
- PKCS#1 v2.1/v1.5
- Optional CRT support
-
Elliptic curve cryptography (ECC)
- NIST FIPS 186-4 recommended prime field curves using pseudorandom parameters, up to 521 bits:
- P-192
- P-224
- P-256
- P-384
- P-521
- SEC 2 recommended prime field curves using pseudorandom parameters, up to 521 bits:
- secp160r1
- secp192r1
- secp224r1
- secp256r1
- secp384r1
- secp521r1
- Koblitz prime field curves using fixed parameters, up to 256 bits:
- secp160k1
- secp192k1
- secp224k1
- secp256k1
-
Edwards/Montgomery curves:
- Ed25519
- Curve25519
- ECDH/ECDSA support
- NIST FIPS 186-4 recommended prime field curves using pseudorandom parameters, up to 521 bits:
- Secure remote password protocol (SRP) with up to 3072-bit operations
-
Hashing functions
- SHA-1
- SHA-2 up to 256 bits
- Keyed-hash message authentication code (HMAC)
-
AES symmetric encryption
- General purpose AES engine (encrypt/decrypt, sign/verify)
- Supported key size - 128 and 256 bits
- Supported encryption modes: ECB, CBC, CMAC/CBC-MAC, CTR, CCM/CCM*, GCM
-
ChaCha20/Poly1305 symmetric encryption
- Supported key size - 128 and 256 bits
- Authenticated encryption with associated data (AEAD) mode
Usage
The CRYPTOCELL state is controlled via a register interface. The CRYPTOCELL cryptographic functions are accessible through a software library provided in the device SDK.
To enable CRYPTOCELL, use register ENABLE.
Direct memory access (DMA)
CRYPTOCELL features direct access memory (DMA) to allow cryptographic operations on memory mapped regions without involving the CPU.
The maximum DMA transaction size is limited to 216-1 bytes. See Memory for information about memory that is accessible through the CRYPTOCELL DMA.
The CRYPTOCELL DMA can configure the security setting used for bus transactions.
Any data stored in a memory type not accessible by the CRYPTOCELL DMA engine must be copied to a memory type accessible by the direct memory before it can be processed by the CRYPTOCELL subsystem.
Standards
Arm TrustZone® CryptoCell 312 (CRYPTOCELL) is compliant with the protocol specifications and standards shown in the following table.
| Algorithm family | Identification code | Document title |
|---|---|---|
| TRNG | NIST SP 800-90B | Recommendation for the Entropy Sources Used for Random Bit Generation |
| AIS-31 | A proposal for: Functionality classes and evaluation methodology for physical random number generators | |
| FIPS 140-2 | Security Requirements for Cryptographic Modules | |
| PRNG | NIST SP 800-90A | Recommendation for Random Number Generation Using Deterministic Random Bit Generators |
| Stream cipher | Chacha | ChaCha, a variant of Salsa20, Daniel J. Bernstein, January 28th 2008 |
| MAC | Poly1305 |
The Poly1305-AES message-authentication code, Daniel J. Bernstein Cryptography in NaCl, Daniel J. Bernstein |
| Key agreement | SRP | The Secure Remote Password Protocol, Thomas Wu, November 11th 1997 |
| Key derivation | NIST SP 800-108 | Recommendation for Key Derivation Using Pseudorandom Functions. Compliant with section 5.1 |
| AES | FIPS-197 | Advanced Encryption Standard (AES). Compliant with 128-bit and 256-bit key size only |
| NIST SP 800-38A | Recommendation for Block Cipher Modes of Operation - Methods and Techniques. Compliant with sections 6.1, 6.2, 6.4, and 6.5. | |
| NIST SP 800-38B | Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication | |
| NIST SP 800-38C | Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality | |
| ISO/IEC 9797-1 | AES CBC-MAC per ISO/IEC 9797-1 MAC algorithm 1 | |
| IEEE 802.15.4-2011 | IEEE Standard for Local and metropolitan area networks - Part 15.4: Low-Rate Wireless Personal Area Networks (LR-WPANs), Annex B.4: Specification of generic CCM* mode of operation | |
| Hash | FIPS 180-3 | Secure Hash Standard (SHA1, SHA-224, SHA-256) |
| RFC2104 | HMAC: Keyed-Hashing for Message Authentication | |
| RSA | PKCS#1 | Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications v1.5/2.1 |
| Diffie-Hellman | ANSI X9.42 | Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography |
| PKCS#3 | Diffie-Hellman Key-Agreement Standard | |
| ECC | ANSI X9.63 | Public Key Cryptography for the Financial Services Industry - Key Agreement and Key Transport Using Elliptic Curve Cryptography |
| IEEE 1363 | Standard Specifications for Public-Key Cryptography | |
| ANSI X9.62 | Public Key Cryptography For The Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA) | |
| Ed25519 | Edwards-curve, Ed25519: high-speed high-security signatures, Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang | |
| Curve25519 | Montgomery curve, Curve25519: new Diffie-Hellman speed records, Daniel J. Bernstein | |
| FIPS 186-4 | Digital Signature Standard (DSS). Compliant with sections 5.1, 6.2, 6.3, 6.4, B.1.2, B.2.2, B.3.6, B.4.2, C.3.1, C.3.3, C.3.5, C.9, and D.1.2. | |
| SEC 2 | Recommended Elliptic Curve Domain Parameters, Certicom Research | |
| NIST SP 800-56A rev. 2 | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography |
Registers
| Base address | Domain | Peripheral | Instance | Secure mapping | DMA security | Description | Configuration | |
|---|---|---|---|---|---|---|---|---|
| 0x50844000 | APPLICATION | CRYPTOCELL | CRYPTOCELL | S | NSA |
CryptoCell subsystem control interface |
||
| Register | Offset | Security | Description | |
|---|---|---|---|---|
| ENABLE | 0x500 |
Enable CRYPTOCELL subsystem. |
||
ENABLE
Address offset: 0x500
Enable CRYPTOCELL subsystem.
| Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ID | A | ||||||||||||||||||||||||||||||||||
| Reset 0x00000000 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
| ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
| A | RW |
ENABLE |
Enable or disable the CRYPTOCELL subsystem. |
||||||||||||||||||||||||||||||||
|
Disabled |
0 |
CRYPTOCELL subsystem disabled. |
|||||||||||||||||||||||||||||||||
|
Enabled |
1 |
CRYPTOCELL subsystem enabled. When enabled, the CRYPTOCELL subsystem can be initialized and controlled through the CryptoCell firmware API. |
|||||||||||||||||||||||||||||||||