SWRA667 January   2020 CC1312PSIP , CC1312R , CC1314R10 , CC1352P , CC1352P7 , CC1352R , CC2642R , CC2642R-Q1 , CC2652P , CC2652R , CC2652R7 , CC2652RB , CC2652RSIP

 

  1.   Cryptographic Performance and Energy Efficiency on SimpleLink™ CC13x2/CC26x2 Wireless MCUs
    1.     Trademarks
    2. 1 Abbreviations and Acronyms
    3. 2 Introduction
    4. 3 Benefits of Cryptographic Acceleration in Embedded Security Solutions
    5. 4 TI Drivers for SimpleLink MCUs
      1. 4.1 Power Management Overview
      2. 4.2 Return Behavior
        1. 4.2.1 Runtime Overhead
      3. 4.3 Efficient Power Management
    6. 5 CC13x2/CC26x2 Crypto Peripherals
      1. 5.1 AES and Hash Crypto Accelerator
      2. 5.2 Public Key Accelerator
        1. 5.2.1 ECDH Power Management Driver Example
      3. 5.3 TRNG
    7. 6 Benchmarks
      1. 6.1 AES and Hash Crypto Accelerator Based Drivers
        1. 6.1.1 AES CBC
        2. 6.1.2 AES CCM
        3. 6.1.3 AES GCM
        4. 6.1.4 AES CTR DRBG
        5. 6.1.5 SHA-224
        6. 6.1.6 SHA-256
        7. 6.1.7 SHA-384
        8. 6.1.8 SHA-512
      2. 6.2 PKA Engine Based Drivers
        1. 6.2.1 ECDH
        2. 6.2.2 ECDSA
        3. 6.2.3 ECJPAKE
      3. 6.3 TRNG Based Drivers
        1. 6.3.1 TRNG
    8. 7 Conclusion
    9. 8 References
    10.     Appendix: Plots of Blocking vs Polling Performance

5.1 AES and Hash Crypto Accelerator

The AES and hash crypto accelerator is responsible for AES (see Reference [3]) and SHA-2 (see Reference [4]) functionality. It supports numerous AES block cipher modes of operation and all SHA-2 output digest sizes. It also has its own integrated DMA that can concurrently stream in input and out output. As a result, the drivers generally set up the crypto accelerator, start it, and then wait for the accelerator to complete the entire operation without further intervention.

The time required to process an additional block of input data is relatively small compared to the overhead of setting up the accelerator. It is therefore beneficial from an energy consumption perspective to perform fewer longer operations rather than multiple shorter ones when using drivers based on the AES and hash crypto accelerator.

Because of the trade-off between marginal energy cost per input block and setup overhead, there is a message length where an AES or SHA2 operation consumes less total energy using blocking return behavior than polling return behavior despite having a longer duration.

Table 3. Recommended Return Behavior Based on Payload Length

Driver Polling Recommended Interval
(bytes)		 Blocking or Callback Recommended Interval
(bytes)
AES ECB < 1350 ≥ 1350
AES CBC < 1350 ≥ 1350
AES CTR < 1350 ≥ 1350
AES CCM < 675 ≥ 675
AES GCM < 1475 ≥ 1475
AES CTR DRBG < 1350 ≥ 1350
SHA-224 < 4650 ≥ 4650
SHA-256 < 4650 ≥ 4650
SHA-384 < 7100 ≥ 7100
SHA-512 < 7100 ≥ 7100

See for further benchmarking data of the cryptographic accelerators in Table 3 when using drivers with polling vs. blocking return behavior.