This information applies to the nRF52840 SoC only.
ARM TrustZone CryptoCell is a hardware accelerator that is available in the nRF52840 SoC. It adds hardware support for a range of security features, including advanced features that are not covered by the Cryptography library - nrf_crypto. See the nRF52840 Product Specification for detailed information about CryptoCell.
Hardware-accelerated security operations are usually faster and consume less power than the software backend that is used by the Cryptography library - nrf_crypto. However, the CryptoCell library requires hardware support and is therefore available only on the nRF52840 SoC.
The CryptoCell library supports the following cryptographic routines:
- Advanced Encryption Standard
- ChaCha stream cipher
- Diffie-Hellman key exchange, as defined in PKCS#3 with key length 1024-bit and 2048-bit
- Elliptic Curve Cryptography, supporting Edwards and Montgomery families of curves (ECC EWD and ECC MONT)
- Elliptic Curve Digital Signature Algorithm (ECDSA)
- Elliptic Curve Diffie-Hellman (ECDH)
- MD5
- SHA-1
- SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-512)
- Keyed-hash message authentication codes (HMAC)
- HMAC-based key derivation function (HKDF), as defined in PKCS#3
- Random number generation (reference standard SP800-90)
- RSA
- Secure Remote Password protocol (SRP)
Using the CryptoCell library
To use CryptoCell functionality, link in the runtime library nrf_cc310
. The library is available in the external\nrf_cc310\lib
folder. See the CryptoCell API for an overview of available functionality in the runtime library.
- Note
- In nRF5 SDK, the CC310 functionality is most commonly used through the nrf_crypto APIs. See Cryptography library - nrf_crypto.
-
The nrf_cc310 library handles enabling/disabling of CryptoCell HW and interrupts internally.
-
The ARM CryptoCell 310 HW and acompanying nrf_cc310 library has a single user requirement, i.e. it can't facilitate multiple calls that requires HW access at the same time. The Cryptography library APIs protects against mutiple simultaneous calls by using a mutex for all operations that require nrf_cc310 library access. If the mutex has been acquired due to an ongoing crypto operation, the Cryptography library APIs accessing the library will report busy until the first operation is finished.
Supported IDEs
IDE | Library file name |
GCC and IAR 8.x | <arch>/hard-float/libnrf_cc310_<version>.a |
IAR 7.80.x | <arch>/hard-float/short_vchar/libnrf_cc310_<version>.a |
Keil | <arch>/hard-float/short_wchar/nrf_cc310_<version>.lib |