1 /***************************************************************************//**
2 * \file cy_crypto_core_ecc_key_gen.c
3 * \version 2.120
4 *
5 * \brief
6 * This file provides constant and parameters for the API for the ECC key
7 * generations in the Crypto driver.
8 *
9 ********************************************************************************
10 * \copyright
11 * Copyright (c) (2020-2022), Cypress Semiconductor Corporation (an Infineon company) or
12 * an affiliate of Cypress Semiconductor Corporation.
13 * SPDX-License-Identifier: Apache-2.0
14 *
15 * Licensed under the Apache License, Version 2.0 (the "License");
16 * you may not use this file except in compliance with the License.
17 * You may obtain a copy of the License at
18 *
19 * http://www.apache.org/licenses/LICENSE-2.0
20 *
21 * Unless required by applicable law or agreed to in writing, software
22 * distributed under the License is distributed on an "AS IS" BASIS,
23 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24 * See the License for the specific language governing permissions and
25 * limitations under the License.
26 *******************************************************************************/
27
28 #include "cy_device.h"
29
30 #if defined (CY_IP_MXCRYPTO)
31
32 #include "cy_crypto_core_ecc.h"
33
34 #if defined(__cplusplus)
35 extern "C" {
36 #endif
37
38 #if defined(CY_CRYPTO_CFG_ECDSA_C)
39
40 #include "cy_crypto_core_ecc_nist_p.h"
41 #include "cy_crypto_core_vu.h"
42
43 #if defined(CY_CRYPTO_CFG_ECDSA_GENKEY_C)
44 #include "cy_crypto_core_trng.h"
45
46 #define CY_ECC_CONFIG_TR_GARO_CTL 0x6C740B8DuL
47 #define CY_ECC_CONFIG_TR_FIRO_CTL 0x52D246E1uL
48
49 /*******************************************************************************
50 * Function Name: Cy_Crypto_Core_ECC_MakeKeyPair
51 ****************************************************************************//**
52 *
53 * Make a new ECC key pair.
54 *
55 * \param base
56 * The pointer to a Crypto instance.
57 *
58 * \param curveID
59 * See \ref cy_en_crypto_ecc_curve_id_t.
60 *
61 * \param key
62 * [out] Destination of the newly created key. See \ref cy_stc_crypto_ecc_key.
63 *
64 * \param GetRandomDataFunc
65 * See \ref cy_func_get_random_data_t.
66 *
67 * \param randomDataInfo
68 *
69 * \return status code. See \ref cy_en_crypto_status_t.
70 *
71 *******************************************************************************/
Cy_Crypto_Core_ECC_MakeKeyPair(CRYPTO_Type * base,cy_en_crypto_ecc_curve_id_t curveID,cy_stc_crypto_ecc_key * key,cy_func_get_random_data_t GetRandomDataFunc,void * randomDataInfo)72 cy_en_crypto_status_t Cy_Crypto_Core_ECC_MakeKeyPair(CRYPTO_Type *base,
73 cy_en_crypto_ecc_curve_id_t curveID,
74 cy_stc_crypto_ecc_key *key,
75 cy_func_get_random_data_t GetRandomDataFunc,
76 void *randomDataInfo)
77 {
78 cy_en_crypto_status_t tmpResult = CY_CRYPTO_BAD_PARAMS;
79
80 if ((key != NULL) && (key->k != NULL) && (key->pubkey.x != NULL) && (key->pubkey.y != NULL))
81 {
82 tmpResult = Cy_Crypto_Core_ECC_MakePrivateKey(base, curveID, key->k, GetRandomDataFunc, randomDataInfo);
83 }
84
85 if (CY_CRYPTO_SUCCESS == tmpResult)
86 {
87 tmpResult = Cy_Crypto_Core_ECC_MakePublicKey(base, curveID, key->k, key);
88 key->type = PK_PRIVATE;
89 }
90
91 return (tmpResult);
92 }
93
94
95 /*******************************************************************************
96 * Function Name: Cy_Crypto_Core_ECC_MakePrivateKey
97 ****************************************************************************//**
98 *
99 * Make a new ECC private key
100 *
101 * For CAT1C & CAT1D devices when D-Cache is enabled parameter key must align and end in 32 byte boundary.
102 *
103 * \param base
104 * The pointer to a Crypto instance.
105 *
106 * \param curveID
107 * See \ref cy_en_crypto_ecc_curve_id_t.
108 *
109 * \param key
110 * [out] Destination of the newly created key.
111 *
112 * \param GetRandomDataFunc
113 * See \ref cy_func_get_random_data_t.
114 *
115 * \param randomDataInfo
116 *
117 * \return status code. See \ref cy_en_crypto_status_t.
118 *
119 *******************************************************************************/
Cy_Crypto_Core_ECC_MakePrivateKey(CRYPTO_Type * base,cy_en_crypto_ecc_curve_id_t curveID,uint8_t * key,cy_func_get_random_data_t GetRandomDataFunc,void * randomDataInfo)120 cy_en_crypto_status_t Cy_Crypto_Core_ECC_MakePrivateKey(CRYPTO_Type *base,
121 cy_en_crypto_ecc_curve_id_t curveID,
122 uint8_t *key,
123 cy_func_get_random_data_t GetRandomDataFunc, void *randomDataInfo)
124 {
125 cy_en_crypto_status_t tmpResult = CY_CRYPTO_BAD_PARAMS;
126 uint8_t *keyRemap;
127
128 const cy_stc_crypto_ecc_dp_type *eccDp = Cy_Crypto_Core_ECC_GetCurveParams(curveID);
129
130 if ((eccDp != NULL) && (key != NULL))
131 {
132 keyRemap = (uint8_t *)CY_REMAP_ADDRESS_FOR_CRYPTO(key);
133
134 uint32_t bitsize = eccDp->size;
135 uint32_t bytesize = CY_CRYPTO_BYTE_SIZE_OF_BITS(bitsize);
136
137 uint32_t p_temp = 8u; /* temporal values */
138 uint32_t p_key = 9u; /* private key */
139
140 /* Load random data into VU */
141 tmpResult = CY_CRYPTO_VU_ALLOC_MEM(base, VR_D, bitsize);
142 if(CY_CRYPTO_SUCCESS != tmpResult)
143 {
144 return tmpResult;
145 }
146 tmpResult = CY_CRYPTO_VU_ALLOC_MEM(base, p_key, bytesize * 8u);
147 if(CY_CRYPTO_SUCCESS != tmpResult)
148 {
149 return tmpResult;
150 }
151 /* generate random string */
152 uint32_t *keyRegPtr = Cy_Crypto_Core_Vu_RegMemPointer(base, p_key);
153
154 if (GetRandomDataFunc != NULL)
155 {
156 if (GetRandomDataFunc( randomDataInfo, (uint8_t *)keyRegPtr, bytesize ) != 0)
157 {
158 tmpResult = CY_CRYPTO_HW_ERROR;
159 }
160 #if (((CY_CPU_CORTEX_M7) && defined (ENABLE_CM7_DATA_CACHE)) || CY_CPU_CORTEX_M55)
161 /* Flush the cache */
162 SCB_CleanDCache_by_Addr((volatile void *)key,(int32_t)bytesize);
163 #endif
164 }
165 else
166 {
167 #if defined(CY_CRYPTO_CFG_TRNG_C)
168 uint32_t i = 0U;
169 int32_t randomsize = (int32_t)bitsize;
170 cy_en_crypto_status_t status = CY_CRYPTO_SUCCESS;
171
172 while ((randomsize > 0) && (CY_CRYPTO_SUCCESS == status))
173 {
174 uint32_t randombits = (uint32_t)CY_CRYPTO_MIN(randomsize, (int32_t)CY_CRYPTO_HW_REGS_WIDTH);
175
176 status = Cy_Crypto_Core_Trng(base, CY_ECC_CONFIG_TR_GARO_CTL, CY_ECC_CONFIG_TR_FIRO_CTL,
177 randombits, &(keyRegPtr)[i]);
178 randomsize -= (int32_t)CY_CRYPTO_HW_REGS_WIDTH;
179 i++;
180
181 if (CY_CRYPTO_SUCCESS != status)
182 {
183 tmpResult = CY_CRYPTO_HW_ERROR;
184 }
185 }
186 #else
187 tmpResult = CY_CRYPTO_NOT_SUPPORTED;
188 #endif
189 }
190
191 if (CY_CRYPTO_SUCCESS == tmpResult)
192 {
193 Cy_Crypto_Core_VU_RegInvertEndianness(base, p_key);
194
195 if ((bytesize * 8u) > bitsize)
196 {
197 /* Shift random data right */
198 CY_CRYPTO_VU_SET_REG(base, p_temp, (bytesize * 8u) - bitsize, 1u);
199 CY_CRYPTO_VU_LSR(base, p_key, p_key, p_temp);
200 }
201
202 CY_CRYPTO_VU_MOV(base, VR_D, p_key);
203 Cy_Crypto_Core_Vu_WaitForComplete(base);
204
205 /* load prime and order defining the curve as well as the barrett coefficient. */
206 /* P and BARRETT_U are "globally" defined in cy_crypto_core_ecc.h */
207 tmpResult = CY_CRYPTO_VU_ALLOC_MEM(base, VR_P, bitsize);
208 if(CY_CRYPTO_SUCCESS != tmpResult)
209 {
210 return tmpResult;
211 }
212 Cy_Crypto_Core_Vu_SetMemValue (base, VR_P, (uint8_t const *)CY_REMAP_ADDRESS_FOR_CRYPTO(eccDp->order), bitsize);
213
214 /* check that key is smaller than the order of the base point */
215 if (!Cy_Crypto_Core_Vu_IsRegLess(base, VR_D, VR_P))
216 {
217 /* private key (random data) >= order, needs reduction */
218 tmpResult = CY_CRYPTO_VU_ALLOC_MEM(base, VR_BARRETT, bitsize + 1u);
219 if(CY_CRYPTO_SUCCESS != tmpResult)
220 {
221 return tmpResult;
222 }
223 Cy_Crypto_Core_Vu_SetMemValue (base, VR_BARRETT, (uint8_t const *)CY_REMAP_ADDRESS_FOR_CRYPTO(eccDp->barrett_o), bitsize + 1u);
224
225 tmpResult = CY_CRYPTO_VU_ALLOC_MEM(base, p_temp, bitsize);
226 if(CY_CRYPTO_SUCCESS != tmpResult)
227 {
228 return tmpResult;
229 }
230 CY_CRYPTO_VU_MOV(base, p_temp, VR_D);
231
232 /* use Barrett reduction algorithm for operations modulo n (order of the base point) */
233 Cy_Crypto_Core_EC_NistP_SetRedAlg(eccDp->algo);
234 Cy_Crypto_Core_EC_NistP_SetMode(bitsize);
235
236 /* z = x % mod */
237 tmpResult = Cy_Crypto_Core_EC_Bar_MulRed(base, VR_D, p_temp, bitsize);
238 if(CY_CRYPTO_SUCCESS != tmpResult)
239 {
240 return tmpResult;
241 }
242 CY_CRYPTO_VU_FREE_MEM(base, CY_CRYPTO_VU_REG_BIT(VR_BARRETT) |
243 CY_CRYPTO_VU_REG_BIT(p_temp));
244 }
245
246 CY_CRYPTO_VU_FREE_MEM(base, CY_CRYPTO_VU_REG_BIT(VR_P));
247
248 Cy_Crypto_Core_Vu_GetMemValue(base, (uint8_t *)keyRemap, VR_D, bitsize);
249 #if (((CY_CPU_CORTEX_M7) && defined (ENABLE_CM7_DATA_CACHE)) || CY_CPU_CORTEX_M55)
250 SCB_InvalidateDCache_by_Addr(key, (int32_t)bytesize);
251 #endif
252 tmpResult = CY_CRYPTO_SUCCESS;
253 }
254
255 CY_CRYPTO_VU_FREE_MEM(base, CY_CRYPTO_VU_REG_BIT(VR_D) | CY_CRYPTO_VU_REG_BIT(p_key));
256 }
257
258 return (tmpResult);
259 }
260 #endif /* defined(CY_CRYPTO_CFG_ECDSA_GENKEY_C) */
261
262 #if defined(CY_CRYPTO_CFG_ECDSA_GENKEY_C) || defined(CY_CRYPTO_CFG_ECDSA_SIGN_C)
263 /*******************************************************************************
264 * Function Name: Cy_Crypto_Core_ECC_MakePublicKey
265 ****************************************************************************//**
266 *
267 * Make a new ECC public key
268 *
269 * For CAT1C & CAT1D devices when D-Cache is enabled parameters privateKey and x & y of publicKey must align and end in 32 byte boundary.
270 *
271 * \param base
272 * The pointer to a Crypto instance.
273 *
274 * \param curveID
275 * See \ref cy_en_crypto_ecc_curve_id_t.
276 *
277 * \param privateKey
278 * [out] Destination of the newly created key.
279 *
280 * \param publicKey
281 * See \ref cy_stc_crypto_ecc_key.
282 *
283 * \return status code. See \ref cy_en_crypto_status_t.
284 *
285 *******************************************************************************/
Cy_Crypto_Core_ECC_MakePublicKey(CRYPTO_Type * base,cy_en_crypto_ecc_curve_id_t curveID,const uint8_t * privateKey,cy_stc_crypto_ecc_key * publicKey)286 cy_en_crypto_status_t Cy_Crypto_Core_ECC_MakePublicKey(CRYPTO_Type *base,
287 cy_en_crypto_ecc_curve_id_t curveID,
288 const uint8_t *privateKey,
289 cy_stc_crypto_ecc_key *publicKey)
290 {
291 cy_en_crypto_status_t tmpResult = CY_CRYPTO_BAD_PARAMS;
292 uint8_t * privateKeyRemap;
293 uint8_t * publicKeyXRemap;
294 uint8_t * publicKeyYRemap;
295
296 cy_stc_crypto_ecc_dp_type *eccDp = Cy_Crypto_Core_ECC_GetCurveParams(curveID);
297
298 if ((eccDp != NULL) && (privateKey != NULL) && (publicKey != NULL) &&
299 (publicKey->pubkey.x != NULL) && (publicKey->pubkey.y != NULL))
300 {
301
302 privateKeyRemap = (uint8_t *)CY_REMAP_ADDRESS_FOR_CRYPTO(privateKey);
303 publicKeyXRemap = (uint8_t *)CY_REMAP_ADDRESS_FOR_CRYPTO(publicKey->pubkey.x);
304 publicKeyYRemap = (uint8_t *)CY_REMAP_ADDRESS_FOR_CRYPTO(publicKey->pubkey.y);
305
306 uint32_t bitsize = eccDp->size;
307
308 uint32_t p_order = 9u; /* order of the curve */
309 uint32_t p_d = 10u; /* private key */
310 uint32_t p_x = 11u; /* x coordinate */
311 uint32_t p_y = 12u; /* y coordinate */
312 #if (((CY_CPU_CORTEX_M7) && defined (ENABLE_CM7_DATA_CACHE)) || CY_CPU_CORTEX_M55)
313 /* Flush the cache */
314 SCB_CleanDCache_by_Addr((volatile void *)privateKey,(int32_t)CY_CRYPTO_BYTE_SIZE_OF_BITS(bitsize));
315 #endif
316 /* make the public key
317 * EC scalar multiplication - X,Y-only co-Z arithmetic
318 */
319 tmpResult = CY_CRYPTO_VU_ALLOC_MEM(base, VR_P, bitsize);
320 if(CY_CRYPTO_SUCCESS != tmpResult)
321 {
322 return tmpResult;
323 }
324
325 tmpResult = CY_CRYPTO_VU_ALLOC_MEM(base, p_order, bitsize);
326 if(CY_CRYPTO_SUCCESS != tmpResult)
327 {
328 return tmpResult;
329 }
330
331 tmpResult = CY_CRYPTO_VU_ALLOC_MEM(base, VR_BARRETT, bitsize + 1u);
332 if(CY_CRYPTO_SUCCESS != tmpResult)
333 {
334 return tmpResult;
335 }
336
337 tmpResult = CY_CRYPTO_VU_ALLOC_MEM(base, p_x, bitsize);
338 if(CY_CRYPTO_SUCCESS != tmpResult)
339 {
340 return tmpResult;
341 }
342
343 tmpResult = CY_CRYPTO_VU_ALLOC_MEM(base, p_y, bitsize);
344 if(CY_CRYPTO_SUCCESS != tmpResult)
345 {
346 return tmpResult;
347 }
348
349 /* Apply domain parameters */
350 /* load prime and order defining the curve as well as the barrett coefficient. */
351 /* P and BARRETT_U are "globally" defined in cy_crypto_core_ecc.h */
352 Cy_Crypto_Core_Vu_SetMemValue (base, VR_P, (uint8_t const *)CY_REMAP_ADDRESS_FOR_CRYPTO(eccDp->prime), bitsize);
353 Cy_Crypto_Core_Vu_SetMemValue (base, p_order, (uint8_t const *)CY_REMAP_ADDRESS_FOR_CRYPTO(eccDp->order), bitsize);
354 Cy_Crypto_Core_Vu_SetMemValue (base, VR_BARRETT, (uint8_t const *)CY_REMAP_ADDRESS_FOR_CRYPTO(eccDp->barrett_p), bitsize + 1u);
355
356 /*Base Point, G = (p_x, p_y) */
357 Cy_Crypto_Core_Vu_SetMemValue (base, p_x, (uint8_t const *)CY_REMAP_ADDRESS_FOR_CRYPTO(eccDp->Gx), bitsize);
358 Cy_Crypto_Core_Vu_SetMemValue (base, p_y, (uint8_t const *)CY_REMAP_ADDRESS_FOR_CRYPTO(eccDp->Gy), bitsize);
359
360 Cy_Crypto_Core_EC_NistP_SetMode(bitsize);
361 Cy_Crypto_Core_EC_NistP_SetRedAlg(eccDp->algo);
362
363 /* Load private key */
364 tmpResult = CY_CRYPTO_VU_ALLOC_MEM(base, p_d, bitsize);
365 if(CY_CRYPTO_SUCCESS != tmpResult)
366 {
367 return tmpResult;
368 }
369
370 Cy_Crypto_Core_Vu_SetMemValue(base, p_d, (uint8_t *)privateKeyRemap, bitsize);
371
372 tmpResult = Cy_Crypto_Core_EC_NistP_PointMul(base, p_x, p_y, p_d, p_order, bitsize);
373 if(CY_CRYPTO_SUCCESS != tmpResult)
374 {
375 return tmpResult;
376 }
377
378 Cy_Crypto_Core_Vu_GetMemValue(base, (uint8_t *)publicKeyXRemap, p_x, bitsize);
379 Cy_Crypto_Core_Vu_GetMemValue(base, (uint8_t *)publicKeyYRemap, p_y, bitsize);
380 #if (((CY_CPU_CORTEX_M7) && defined (ENABLE_CM7_DATA_CACHE)) || CY_CPU_CORTEX_M55)
381 SCB_InvalidateDCache_by_Addr(publicKey->pubkey.x, (int32_t)CY_CRYPTO_BYTE_SIZE_OF_BITS(bitsize));
382 SCB_InvalidateDCache_by_Addr(publicKey->pubkey.y, (int32_t)CY_CRYPTO_BYTE_SIZE_OF_BITS(bitsize));
383 #endif
384 publicKey->type = PK_PUBLIC;
385 publicKey->curveID = curveID;
386
387 CY_CRYPTO_VU_FREE_MEM(base, CY_CRYPTO_VU_REG_BIT(VR_P) |
388 CY_CRYPTO_VU_REG_BIT(p_order) | CY_CRYPTO_VU_REG_BIT(VR_BARRETT) |
389 CY_CRYPTO_VU_REG_BIT(p_x) | CY_CRYPTO_VU_REG_BIT(p_y) |
390 CY_CRYPTO_VU_REG_BIT(p_d));
391
392 tmpResult = CY_CRYPTO_SUCCESS;
393 }
394
395 return (tmpResult);
396 }
397 #endif /* defined(CY_CRYPTO_CFG_ECDSA_GENKEY_C) || defined(CY_CRYPTO_CFG_ECDSA_SIGN_C) */
398
399 #endif /* defined(CY_CRYPTO_CFG_ECDSA_C) */
400
401 #if defined(__cplusplus)
402 }
403 #endif
404
405 #endif /* CY_IP_MXCRYPTO */
406
407
408 /* [] END OF FILE */
409
