The mbed TLS backend provides functionality to use the selected cryptographic algorithms from mbed TLS in nrf_crypto.

Note: All APIs in this backend are intended to be internal to nrf_crypto.

Configuration

See Configuring nrf_crypto frontend and backends for details on enabling this backend.

Available frontend API

See Cryptography library - nrf_crypto for information about which nrf_crypto APIs can use this backend.

Memory management in mbed TLS

The mbed TLS library assumes that memory is allocated on the heap or a structure that behaves similarly. Allocation on the stack is not possible if this backend is enabled. Therefore, NRF_CRYPTO_ALLOCATOR must be configured accordingly.

The mbed TLS library only allocates memory for AEAD and ECC:

AEAD - Authenticated Encryption with Associated Data requires one block of memory of 280 bytes for each context.
ECC - Elliptic Curve Cryptography requires considerable amount of memory, as the number of blocks and the size of the allocated blocks depends on selected curve type and on the used API.

The following tables show estimates of the minimal memory configuration, assuming that the nRF5 SDK Memory Manager is used.

Note: The values in the tables are minimal. The application sets higher values to make space for additional allocations.

Curves standardized by NIST:

	NIST and Koblitz curves up to ...
	192 bits		224 bits		256 bits		384 bits		521 bits
	Block size	Required number of blocks	Block size	Required number of blocks	Block size	Required number of blocks	Block size	Required number of blocks	Block size	Required number of blocks
Key pair generation and public key computation	4	7	4	7	4	7	4	6	4	7
	24	58	28	50	32	58	48	105	68	106
	48	19	32	30	64	19	96	35	136	35
	180	1	56	19	180	1	372	1	372	1
	576	1	180	1	576	1	1152	1	1152	1
	576	1	576	1	576	1	1152	1	1152	1
ECDH	4	6	4	7	4	7	4	7	4	7
	24	33	28	27	32	33	48	57	68	57
	48	11	32	15	64	11	96	19	136	19
	84	1	56	11	84	1	180	1	180	1
	288	1	84	1	288	1	576	1	576	1
	288	1	288	1	288	1	576	1	576	1
ECDSA	4	7	4	7	4	8	4	8	4	8
	24	65	28	53	32	65	48	113	68	113
	48	11	32	40	64	11	96	27	136	31
	52	3	56	11	68	3	100	3	144	1
	56	1	60	3	72	1	104	1	200	1
	72	1	64	1	96	1	144	1	264	4
	96	2	84	1	128	2	192	2	576	1
	100	3	112	2	132	3	196	3	1152	1
	288	1	116	3	288	1	576	1
	576	1	288	1	576	1	1152	1
	576	1	576	1	576	1	1152	1
Private key	24	1	28	1	32	1	48	1	68	1
Public key	48	3	56	3	64	3	96	3	72	1
Public key	48	3	56	3	64	3	96	3	136	1

Other curves:

	Curve25519		Brainpool curves up to ...
	Curve25519		256 bits		384 bits		512 bits
	Block size	Required number of blocks	Block size	Required number of blocks	Block size	Required number of blocks	Block size	Required number of blocks
Key pair generation and public key computation	4	9	4	6	4	7	4	7
	32	7	32	58	48	106	64	105
	36	4	64	20	96	36	128	36
	64	8	68	3	100	3	132	3
			72	1	104	1	136	1
			180	1	372	1	372	1
			576	1	1152	1	1152	1
ECDH	4	9	4	7	4	7	4	7
	32	7	32	31	48	57	64	56
	36	2	64	12	96	20	128	20
	64	8	68	3	100	3	132	3
			72	1	104	1	136	1
			84	1	180	1	180	1
			288	1	576	1	576	1
ECDSA	N/A	N/A	4	8	4	8	4	8
			32	63	48	113	64	112
			64	16	96	32	128	32
			68	3	100	3	132	3
			72	1	104	1	136	1
			96	1	144	1	192	1
			128	2	192	2	256	2
			132	3	196	3	260	3
			288	1	576	1	576	1
			576	1	1152	1	1152	1
Private key	32	1	32	1	48	1	64	1
Public key	64	2	64	3	96	3	68	1
Public key	64	2	64	3	96	3	128	2