Table 19. Cryptographic Algorithms Present But Not Activated - ST STM32CubeU5 TFM User Manual

Functionality
Asymmetric
algorithms
Key generation
and derivation
The TFM runtime cryptographic algorithms can be disabled through compile switches in Projects\B-U585I-IO
T02A\Applications\TFM\TFM_Appli\Secure\Inc\tfm_mbedcrypto_config.h (such as
MBEDTLS_SHA1_C, MBEDTLS_GCM_C, MBEDTLS_ECDSA_C and others). The cryptographic algorithms can be
configured to fully use mbed-crypto software implementation instead of the hardware-accelerated version (refer to
Hardware-accelerated cryptography
For the hardware-accelerated versions of cryptographic algorithms, the ciphering operations are performed using
the SAES peripheral, which is protected against side-channel and timing attacks. It is possible to use the AES
peripheral instead of the SAES peripheral to achieve better performance, by disabling HW_CRYPTO_DPA_AES and
HW_CRYPTO_DPA_GCM compile switches in Projects\B-U585-IOT02A\Applications\TFM\TFM_Appli\S
ecure\Inc\tfm_mbedcrypto_config.h.
Note: Some cryptographic algorithms may not be secure enough for some type of operations (for instance SHA1 may
only be accepted for checksum and data integrity). The integrator must use the right cryptographic algorithms
according to the product security requirements.
Table 19 lists the cryptographic algorithms embedded in the source code that are not activated.
Hash algorithms
Symmetric algorithms
Cipher block modes and aead
UM2851 - Rev 4
Algorithm Key size
RSA (PKCS#1 v1.5) 1024
2048
RSA (PKCS#1 v2.1)
3072
192
224
256
ECDH or ECDSA
384
512
521
1024
RSA key gen 2048
3072
192
224
256
EC key gen
384
512
521
in Section 12.1
Table 19. Cryptographic algorithms present but not activated
Functionality
Mode
-
-
Curves: secp192r1, secp224r1, secp256r1,
secp384r1, secp521r1, secp192k1,
secp224k1, secp256k1, bp256r1, bp384r1,
bp512r1
Curves: 25519, 448
-
Curves: secp192r1, secp224r1, secp256r1,
secp384r1, secp521r1, secp192k1,
secp224k1, secp256k1, bp256r1, bp384r1,
bp512r1
Curves: 25519, 448
Configuration).
Algorithm
ripemd160
md5
md4
md2
des
t-des
blowfish
camellia
arc4
chacha20
aria
arc4 stream
chacha20-poly1305 (aead)
UM2851
TFM cryptographic performance
Implementation
Hardware accelerated
Hardware accelerated
Hardware accelerated
mbed-crypto software
Hardware accelerated
Hardware accelerated
mbed-crypto software
Status
Not activated
Not activated
Not activated
Not activated
Not activated
Not activated
Not activated
Not activated
Not activated
Not activated
Not activated
Not activated
Not activated
page 105/117