The Infineon Tricore TC2xx and the new TC3xx series chips are popular chips among safety and security critical applications. As the name implies, these chips come with multiple CPU cores to meet the demands of real time computing, however some variants come with a built in HSM core that is an ARM Cortex M3 operating at a frequency of 100MHz, 96KB RAM, MPU and offers a few useful secure applications.
- Secure boot
- Shared memory bridge module with “Firewall” functionality
- Debug support with authentication
- Secure data storage and logging
- 1KB shared cryptography memory
- Configurable OTP and HSM exclusive flash sections
- Hardware cryptography (AES, Hash, PKC, TRNG)
- Immobilizer (theft protection)
- Secure flash loading
We are excited to announce that we have ported wolfCrypt to the TriCore HSM. This will extend the HSM functionality beyond the hardware cryptography support to include the full wolfCrypt suite in the HSM environment. This adds useful features such as:
- AES256-ECB/CBC/GCM
- ECDSA-384
- ECC
- RSA (2048/3072/4096)
- SHA-384/512
- NIST Compliant DRBG (with HW TRNG seed)
- CMAC/GMAC/HMAC
Technicals
- Built and tested using arm-none-eabi-gcc 12.2 toolchain
- Executed on a TC3XX HSM module with -O2 optimizations at clock of 100Mhz
- Verified heap-only as well as stack-only usage
- Benchmarks executed with a 10ms timer
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each) RNG 775 KB took 1.010 seconds, 767.327 KB/s AES-128-CBC-enc 325 KB took 1.010 seconds, 321.782 KB/s AES-128-CBC-dec 325 KB took 1.000 seconds, 325.000 KB/s AES-192-CBC-enc 250 KB took 1.040 seconds, 240.385 KB/s AES-192-CBC-dec 250 KB took 1.020 seconds, 245.098 KB/s AES-256-CBC-enc 200 KB took 1.010 seconds, 198.020 KB/s AES-256-CBC-dec 200 KB took 1.000 seconds, 200.000 KB/s AES-128-GCM-enc 275 KB took 1.050 seconds, 261.905 KB/s AES-128-GCM-dec 275 KB took 1.050 seconds, 261.905 KB/s AES-192-GCM-enc 225 KB took 1.100 seconds, 204.545 KB/s AES-192-GCM-dec 225 KB took 1.110 seconds, 202.703 KB/s AES-256-GCM-enc 175 KB took 1.030 seconds, 169.903 KB/s AES-256-GCM-dec 175 KB took 1.020 seconds, 171.569 KB/s GMAC Table 4-bit 1 MB took 1.000 seconds, 1.288 MB/s AES-128-ECB-enc 314 KB took 1.000 seconds, 313.672 KB/s AES-128-ECB-dec 343 KB took 1.000 seconds, 342.578 KB/s AES-192-ECB-enc 225 KB took 1.000 seconds, 225.000 KB/s AES-192-ECB-dec 236 KB took 1.000 seconds, 235.938 KB/s AES-256-ECB-enc 200 KB took 1.000 seconds, 199.609 KB/s AES-256-ECB-dec 189 KB took 1.000 seconds, 189.453 KB/s SHA 2 MB took 1.000 seconds, 1.953 MB/s SHA-256 2 MB took 1.000 seconds, 2.051 MB/s SHA-384 275 KB took 1.030 seconds, 266.990 KB/s AES-128-CMAC 300 KB took 1.030 seconds, 291.262 KB/s AES-256-CMAC 200 KB took 1.070 seconds, 186.916 KB/s HMAC-SHA 2 MB took 1.000 seconds, 2.222 MB/s HMAC-SHA256 2 MB took 1.000 seconds, 2.051 MB/s HMAC-SHA384 275 KB took 1.040 seconds, 264.423 KB/s RSA 2048 public 38 ops took 1.010 sec, avg 26.579 ms, 37.624 ops/sec RSA 2048 private 2 ops took 1.950 sec, avg 975.000 ms, 1.026 ops/sec ECC [ SECP384R1] 384 key gen 6 ops took 1.080 sec, avg 180.000 ms, 5.556 ops/sec ECDHE [ SECP384R1] 384 agree 4 ops took 1.560 sec, avg 390.000 ms, 2.564 ops/sec ECDSA [ SECP384R1] 384 sign 6 ops took 1.340 sec, avg 223.333 ms, 4.478 ops/sec ECDSA [ SECP384R1] 384 verify 2 ops took 1.020 sec, avg 510.000 ms, 1.961 ops/sec Benchmark complete Benchmark Test: Return code 0