Get started
This documentation provides guidance for application programmers incorporating NanoCrypto into their devices’ C/C++ application source code. The information in this guide focuses on a high-level overview of the cryptographic algorithms supported, as well as initialization, random number generation (RNG), and other features.
Before you begin
This guide assumes that you are familiar with the following:
C programming TrustCore SDK components are provided as ANSI C source (*.c and *.h files), distributed in a ZIP file. To use a components’ API, you need to be able to unzip it, integrate it with your application’s code, and understand how to interface to C-style structures and call C functions.
Your operating system TrustCore SDK components are largely independent of the underlying operating system. However, within the context of your operating system, you should understand how to perform basic functions such as communicating with external devices.
Security concepts This guide provides background information for working with TrustCore SDK. However, neither cryptography nor basic security concepts such as handshaking, TCP/IP, and so on are covered. For information about such topics, you are encouraged to seek out reference books from authors experienced in the field, and to consult reference material that is available on the Internet.
Cryptographic algorithm usage
The cryptographic engine contains several layers:
NanoCAP
NanoTAP (Interface to SMP/HW cryptographic capability)
The Crypto Interface is the recommended user application interface layer and provides the APIs an application programmer should use to perform the core cryptographic operations. By using Crypto Interface APIs, you can write application code that is agnostic of the underlying cryptographic implementation, which could use or link to multiple implementations depending upon exportation, performance, or certification requirements. Appropriate implementation and corresponding build can be controlled using the provided build flags (Core NanoCrypto definitions, Operator-based third party definitions, or hardware interface definitions/SMP capabilities). You can easily rebuild applications written using the Crypto Interface APIs with an alternate definition, or use multiple available definitions at runtime.
The NanoCAP layer allows programmers to plug in third-party definitions or provide their own definitions via an operator(s) for the corresponding cryptographic algorithms. An operator is an alternative implementation of the cryptographic operation that adheres to a specific interface defined by the methods and types in NanoCAP.
The NanoCrypto module identifies (FIPS Certified) core cryptographic definitions corresponding to cryptographic algorithms. As discussed above, unless driven by memory or performance constraint requirements, application developers should avoid interfacing directly with the NanoCrypto Core APIs.
Include files
Most of the functions, types, and defines described in this guide are declared in the header files in these directories:
${MSS_SRC_PKG}/src/common
${MSS_SRC_PKG}/src/cap
${MSS_SRC_PKG}/src/crypto
${MSS_SRC_PKG}/src/crypto_interface