1 /***************************************************************************//** 2 * \file cy_cryptolite_ecdsa.h 3 * \version 2.30 4 * 5 * \brief 6 * This file provides constant and parameters 7 * for the API of the ECDSA PDL in the Cryptolite driver. 8 * 9 ******************************************************************************** 10 * Copyright 2020-2022 Cypress Semiconductor Corporation 11 * SPDX-License-Identifier: Apache-2.0 12 * 13 * Licensed under the Apache License, Version 2.0 (the "License"); 14 * you may not use this file except in compliance with the License. 15 * You may obtain a copy of the License at 16 * 17 * http://www.apache.org/licenses/LICENSE-2.0 18 * 19 * Unless required by applicable law or agreed to in writing, software 20 * distributed under the License is distributed on an "AS IS" BASIS, 21 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 22 * See the License for the specific language governing permissions and 23 * limitations under the License. 24 *******************************************************************************/ 25 26 #if !defined (CY_CRYPTOLITE_ECDSA_H) 27 #define CY_CRYPTOLITE_ECDSA_H 28 29 #include "cy_device.h" 30 31 #if defined (CY_IP_MXCRYPTOLITE) 32 33 #if defined(__cplusplus) 34 extern "C" { 35 #endif 36 37 #include "cy_cryptolite_common.h" 38 #include "cy_cryptolite_vu.h" 39 40 #if (CRYPTOLITE_VU_PRESENT == 1) 41 #if defined(CY_CRYPTOLITE_CFG_ECP_C) && defined(CY_CRYPTOLITE_CFG_ECDSA_C) 42 43 /** 44 * \addtogroup group_cryptolite_enums 45 * \{ 46 */ 47 48 /** List of supported elliptic curve IDs */ 49 typedef enum { 50 CY_CRYPTOLITE_ECC_ECP_NONE = 0, 51 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP192R1_ENABLED 52 CY_CRYPTOLITE_ECC_ECP_SECP192R1, 53 #endif 54 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP224R1_ENABLED 55 CY_CRYPTOLITE_ECC_ECP_SECP224R1, 56 #endif 57 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP256R1_ENABLED 58 CY_CRYPTOLITE_ECC_ECP_SECP256R1, 59 #endif 60 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP384R1_ENABLED 61 CY_CRYPTOLITE_ECC_ECP_SECP384R1, 62 #endif 63 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP521R1_ENABLED 64 CY_CRYPTOLITE_ECC_ECP_SECP521R1, 65 #endif 66 /* Count of supported curves */ 67 CY_CRYPTOLITE_ECC_ECP_CURVES_CNT 68 } cy_en_cryptolite_ecc_curve_id_t; 69 70 /** \} group_cryptolite_enums */ 71 72 /** A point on a ECC curve */ 73 /** The x and y buffers must be 4 byte aligned*/ 74 typedef struct { 75 /** The x co-ordinate */ 76 void *x; 77 /** The y co-ordinate */ 78 void *y; 79 } cy_stc_cryptolite_ecc_point; 80 81 /** An ECC key type */ 82 typedef enum cy_en_cryptolite_ecc_key_type { 83 PK_PUBLIC = 0u, 84 PK_PRIVATE = 1u 85 } cy_en_cryptolite_ecc_key_type_t; 86 87 /** An ECC key */ 88 typedef struct { 89 /** Type of key, PK_PRIVATE or PK_PUBLIC */ 90 cy_en_cryptolite_ecc_key_type_t type; 91 /** See \ref cy_en_cryptolite_ecc_curve_id_t */ 92 cy_en_cryptolite_ecc_curve_id_t curveID; 93 /** The public key */ 94 cy_stc_cryptolite_ecc_point pubkey; 95 /** The private key */ 96 void *k; 97 } cy_stc_cryptolite_ecc_key; 98 99 100 /** Structure defines a NIST GF(p) curve */ 101 typedef struct { 102 /** The curve ID */ 103 cy_en_cryptolite_ecc_curve_id_t id; 104 /** The size of the curve in bits */ 105 uint32_t size; 106 /** name of curve */ 107 const char_t *name; 108 /** ECC calculation default algorithm */ 109 cy_en_cryptolite_ecc_red_mul_algs_t algo; 110 /** The prime that defines the field the curve is in (encoded in hex) */ 111 const uint8_t *prime; 112 /** Barrett coefficient for reduction modulo ECC prime (hex) */ 113 const uint8_t *barrett_p; 114 /** The order of the curve (hex) */ 115 const uint8_t *order; 116 /** Barrett coefficient for reduction modulo ECC order (hex) */ 117 const uint8_t *barrett_o; 118 /** The x co-ordinate of the base point on the curve (hex) */ 119 const uint8_t *Gx; 120 /** The y co-ordinate of the base point on the curve (hex) */ 121 const uint8_t *Gy; 122 } cy_stc_cryptolite_ecc_dp_type; 123 124 /** Structure defines a ecdsa context buffers 125 must be aligned to 4 byte boundary 126 */ 127 typedef struct cy_stc_cryptolite_ecc_buffer_t 128 { 129 /** \cond INTERNAL */ 130 // CY_ALIGN(4) uint8_t p_buffer[ 10*4*VU_BITS_TO_WORDS(BIT_SIZE)]; 131 CY_ALIGN(4) uint8_t my_BARRETT_U[4*VU_BITS_TO_WORDS(BIT_SIZE+1)]; 132 CY_ALIGN(4) uint8_t my_P[4*VU_BITS_TO_WORDS(BIT_SIZE)]; 133 CY_ALIGN(4) uint8_t dividend[4*VU_BITS_TO_WORDS(BIT_SIZE)]; 134 CY_ALIGN(4) uint8_t p_r[4*VU_BITS_TO_WORDS(BIT_SIZE)]; 135 CY_ALIGN(4) uint8_t p_s[4*VU_BITS_TO_WORDS(BIT_SIZE)]; 136 CY_ALIGN(4) uint8_t p_u1[4*VU_BITS_TO_WORDS(BIT_SIZE)]; 137 CY_ALIGN(4) uint8_t p_u2[4*VU_BITS_TO_WORDS(BIT_SIZE)]; 138 CY_ALIGN(4) uint8_t p_o[4*VU_BITS_TO_WORDS(BIT_SIZE)]; 139 CY_ALIGN(4) uint8_t p_gx[4*VU_BITS_TO_WORDS(BIT_SIZE)]; 140 CY_ALIGN(4) uint8_t p_gy[4*VU_BITS_TO_WORDS(BIT_SIZE)]; 141 CY_ALIGN(4) uint8_t p_qx[4*VU_BITS_TO_WORDS(BIT_SIZE)]; 142 CY_ALIGN(4) uint8_t p_qy[4*VU_BITS_TO_WORDS(BIT_SIZE)]; 143 CY_ALIGN(4) uint8_t p_buf[4*VU_BITS_TO_WORDS(BIT_SIZE+1)]; 144 /** \endcond */ 145 }cy_stc_cryptolite_ecc_buffer_t; 146 147 /** 148 * \addtogroup group_cryptolite_data_structures 149 * \{ 150 */ 151 /** Structure defines a ecdsa context */ 152 typedef struct cy_stc_cryptolite_context_ecdsa_t 153 { 154 /** \cond INTERNAL */ 155 uint8_t *my_BARRETT_U; 156 uint8_t *my_P; 157 uint8_t *dividend; 158 uint8_t *p_r; 159 uint8_t *p_s; 160 uint8_t *p_u1; 161 uint8_t *p_u2; 162 uint8_t *p_o; 163 uint8_t *p_gx; 164 uint8_t *p_gy; 165 uint8_t *p_qx; 166 uint8_t *p_qy; 167 uint8_t *p_buf; 168 uint32_t bitsize; 169 /** two vector unit structures, each structure is 16 bytes */ 170 cy_stc_cryptolite_descr_t vu_desptr[2]; 171 /** \endcond */ 172 }cy_stc_cryptolite_context_ecdsa_t; 173 /** \} group_cryptolite_data_structures */ 174 175 /* Sizes for NIST P-curves */ 176 #define CY_CRYPTOLITE_ECC_P192_SIZE (192u) /* 2^192 - 2^64 - 1 */ 177 #define CY_CRYPTOLITE_ECC_P192_BYTE_SIZE VU_BITS_TO_BYTES(CY_CRYPTOLITE_ECC_P192_SIZE) 178 179 #define CY_CRYPTOLITE_ECC_P224_SIZE (224u) /* 2^224 - 2^96 + 1 */ 180 #define CY_CRYPTOLITE_ECC_P224_BYTE_SIZE VU_BITS_TO_BYTES(CY_CRYPTOLITE_ECC_P224_SIZE) 181 182 #define CY_CRYPTOLITE_ECC_P256_SIZE (256u) /* 2^256 - 2^224 + 2^192 + 2^96 - 1 */ 183 #define CY_CRYPTOLITE_ECC_P256_BYTE_SIZE VU_BITS_TO_BYTES(CY_CRYPTOLITE_ECC_P256_SIZE) 184 185 #define CY_CRYPTOLITE_ECC_P384_SIZE (384u) /* 2^384 - 2^128 - 2^96 + 2^32 - 1 */ 186 #define CY_CRYPTOLITE_ECC_P384_BYTE_SIZE VU_BITS_TO_BYTES(CY_CRYPTOLITE_ECC_P384_SIZE) 187 188 #define CY_CRYPTOLITE_ECC_P521_SIZE (521u) /* 2^521 - 1 */ 189 #define CY_CRYPTOLITE_ECC_P521_BYTE_SIZE VU_BITS_TO_BYTES(CY_CRYPTOLITE_ECC_P521_SIZE) 190 191 #define CY_CRYPTOLITE_ECC_MAX_SIZE (CY_CRYPTOLITE_ECC_P521_SIZE) 192 #define CY_CRYPTOLITE_ECC_MAX_BYTE_SIZE (CY_CRYPTOLITE_ECC_P521_BYTE_SIZE) 193 194 cy_stc_cryptolite_ecc_dp_type *Cy_Cryptolite_ECC_GetCurveParams(cy_en_cryptolite_ecc_curve_id_t curveId); 195 196 #if defined(CY_CRYPTOLITE_CFG_ECDSA_C) 197 /** 198 * \addtogroup group_cryptolite_lld_asymmetric_functions 199 * \{ 200 */ 201 202 203 /******************************************************************************* 204 * Function Name: Cy_Cryptolite_ECC_Init 205 ****************************************************************************//** 206 * 207 * Init ECC Context. 208 * 209 * \param base 210 * The pointer to a Cryptolite instance. 211 * 212 * \param cfContext 213 * The pointer to the cy_stc_cryptolite_context_ecdsa_t. 214 * 215 * \param eccBuffer 216 * The pointer to the cy_stc_cryptolite_ecc_buffer_t. 217 * 218 * \return status code. See \ref cy_en_cryptolite_status_t. 219 * 220 * \funcusage 221 * \snippet cryptolite/snippet/main.c snippet_Cy_Cryptolite_Ecc_verify 222 *******************************************************************************/ 223 cy_en_cryptolite_status_t Cy_Cryptolite_ECC_Init(CRYPTOLITE_Type *base, 224 cy_stc_cryptolite_context_ecdsa_t *cfContext, 225 cy_stc_cryptolite_ecc_buffer_t *eccBuffer); 226 227 228 /******************************************************************************* 229 * Function Name: Cy_Cryptolite_ECC_Free 230 ****************************************************************************//** 231 * 232 * Clean up ECC Context. 233 * 234 * \param base 235 * The pointer to a Cryptolite instance. 236 * 237 * \param cfContext 238 * The pointer to the cy_stc_cryptolite_context_ecdsa_t. 239 * 240 * \return status code. See \ref cy_en_cryptolite_status_t. 241 * 242 * \funcusage 243 * \snippet cryptolite/snippet/main.c snippet_Cy_Cryptolite_Ecc_verify 244 *******************************************************************************/ 245 cy_en_cryptolite_status_t Cy_Cryptolite_ECC_Free(CRYPTOLITE_Type *base, 246 cy_stc_cryptolite_context_ecdsa_t *cfContext); 247 248 249 250 /******************************************************************************* 251 * Function Name: Cy_Cryptolite_ECC_SignHash 252 ****************************************************************************//** 253 * 254 * Function to generate an ECC signature. 255 * key, hash and messageKey must be in little endian. 256 * Cy_Cryptolite_InvertEndianness() function is used for converting the endianness. 257 * 258 * \param base 259 * The pointer to a Cryptolite instance. 260 * 261 * \param cfContext 262 * The pointer to the cy_stc_cryptolite_context_ecdsa_t. 263 * 264 * \param hash 265 * The hash (message digest) to be signed. 266 * 267 * \param hashlen 268 * The length of the hash (octets). 269 * 270 * \param sig 271 * The pointer to the buffer to store the generated signature 'R' followed by 'S'. 272 * 273 * \param key 274 * The private ECC key to sign the hash. See \ref cy_stc_cryptolite_ecc_key. 275 * 276 * \param messageKey 277 * The random number for generating the signature. 278 * 279 * \return status code. See \ref cy_en_cryptolite_status_t. 280 * 281 *******************************************************************************/ 282 cy_en_cryptolite_status_t Cy_Cryptolite_ECC_SignHash(CRYPTOLITE_Type *base, 283 cy_stc_cryptolite_context_ecdsa_t *cfContext, const uint8_t *hash, uint32_t hashlen, uint8_t *sig, 284 const cy_stc_cryptolite_ecc_key *key, const uint8_t *messageKey); 285 286 /******************************************************************************* 287 * Function Name: Cy_Cryptolite_Core_ECC_VerifyHash 288 ****************************************************************************//** 289 * 290 * Verify an ECC signature. 291 * sig, hash and key must be in little endian. 292 * Cy_Cryptolite_InvertEndianness() function is used for converting the endianness. 293 * 294 * \param base 295 * The pointer to a Cryptolite instance. 296 * 297 * \param cfContext 298 * The pointer to the ecdsa context. 299 * 300 * \param sig 301 * The signature to verify, 'R' followed by 'S'. 302 * 303 * \param siglen 304 * The length of signature. 305 * 306 * \param hash 307 * The hash (message digest) that was signed. 308 * 309 * \param hashlen 310 * The length of the hash (octets). 311 * 312 * \param stat 313 * Result of signature, 0xAAAAAAAA = invalid, 0x55555555 = valid. 314 * 315 * \param key 316 * The corresponding public ECC key. See \ref cy_stc_cryptolite_ecc_key. 317 * 318 * \return status code. See \ref cy_en_cryptolite_status_t. 319 * 320 * \funcusage 321 * \snippet cryptolite/snippet/main.c snippet_Cy_Cryptolite_Ecc_verify 322 *******************************************************************************/ 323 cy_en_cryptolite_status_t Cy_Cryptolite_ECC_VerifyHash(CRYPTOLITE_Type *base, 324 cy_stc_cryptolite_context_ecdsa_t *cfContext, 325 const uint8_t *sig, uint32_t siglen, const uint8_t *hash, uint32_t hashlen, 326 cy_en_cryptolite_sig_verify_result_t *stat, const cy_stc_cryptolite_ecc_key *key); 327 328 #endif 329 /** \} group_cryptolite_lld_asymmetric_functions */ 330 331 #endif /* #if (CY_CRYPTOLITE_CFG_ECDSA_C) */ 332 #endif /* #if (CPUSS_CRYPTOLITE_VU == 1) */ 333 334 #if defined(__cplusplus) 335 } 336 #endif 337 338 #endif /* CY_IP_MXCRYPTOLITE */ 339 #endif /* #if !defined (CY_CRYPTOLITE_ECDSA_H) */ 340 341 /* [] END OF FILE */ 342
