1 /* 2 * Copyright (c) 2017-2018, NXP Semiconductors, Inc. 3 * All rights reserved. 4 * 5 * 6 * SPDX-License-Identifier: BSD-3-Clause 7 */ 8 9 #ifndef _FSL_CAU3_H_ 10 #define _FSL_CAU3_H_ 11 12 #include "fsl_common.h" 13 14 /******************************************************************************* 15 * Definitions 16 *******************************************************************************/ 17 18 /*! 19 * @addtogroup cau3_driver 20 * @{ 21 */ 22 /*! @name Driver version */ 23 /*@{*/ 24 /*! @brief CAU3 driver version. Version 2.0.2. 25 * 26 * Current version: 2.0.2 27 * 28 * Change log: 29 * - Version 2.0.0 30 * - Initial version 31 * - Version 2.0.1 32 * - Replace static cau3_make_mems_private() with public CAU3_MakeMemsPrivate(). 33 * - Remove the cau3_make_mems_private() from CAU3_Init to allow loading multiple images. 34 * - Version 2.0.2 35 * - Add FSL_CAU3_USE_HW_SEMA compile time macro. When enabled, all CAU3 API functions 36 * lock hw semaphore on function entry and release the hw semaphore on function return. 37 */ 38 #define FSL_CAU3_DRIVER_VERSION (MAKE_VERSION(2, 0, 2)) 39 /*@}*/ 40 41 /*! @brief Hardware semaphore usage by driver functions. 42 * This macro can be enabled for mutual exclusive calls to CAU3 APIs 43 * from multiple CPUs. Note this does not lock against calls from multiple threads on one CPU. 44 */ 45 46 /* #define FSL_CAU3_USE_HW_SEMA 1 */ 47 48 #if defined(FSL_CAU3_USE_HW_SEMA) && (FSL_CAU3_USE_HW_SEMA > 0) 49 /* Using SEMA42 hardware semaphore for multiprocessor locking. 50 * Currently supporting only SEMA42 hardware semaphore. 51 */ 52 #if defined(FSL_FEATURE_SOC_SEMA42_COUNT) && (FSL_FEATURE_SOC_SEMA42_COUNT > 0) 53 #include "fsl_sema42.h" 54 #define FSL_CAU3_SEMA42_BASE SEMA420 55 #define FSL_CAU3_SEMA42_GATE (1) 56 #define FSL_CAU3_SEMA42_CLOCK_NAME kCLOCK_Sema420 57 #else 58 #error FSL_CAU3_USE_HW_SEMA requires SEMA42 semaphore. 59 #endif 60 #endif 61 62 /*! @brief CAU3 key slot selection. Current CryptoCore firmware supports 4 key slots inside CryptoCore's Private DMEM. 63 * 64 */ 65 typedef enum _cau3_key_slot { 66 kCAU3_KeySlot0 = 0x0U, /*!< CAU3 key slot 0. */ 67 kCAU3_KeySlotNone = 0x0U, /*!< No key. */ 68 kCAU3_KeySlot1 = 0x1U, /*!< CAU3 key slot 1. */ 69 kCAU3_KeySlot2 = 0x2U, /*!< CAU3 key slot 2.*/ 70 kCAU3_KeySlot3 = 0x3U, /*!< CAU3 key slot 3. */ 71 } cau3_key_slot_t; 72 73 /*! @brief CAU3 task done selection. */ 74 typedef enum _cau3_task_done { 75 kCAU3_TaskDoneNull = 0x00000000U, /*!< */ 76 kCAU3_TaskDonePoll = 0x00000000U, /*!< Poll CAU3 status flag. */ 77 kCAU3_TaskDoneIrq = 0x00010000U, /*!< Start operation and return. CAU3 asserts interrupt request when done. */ 78 kCAU3_TaskDoneEvent = 0x00020000U, /*!< Call Wait-for-event opcode until CAU3 completes processing. */ 79 kCAU3_TaskDoneDmaRequest = 0x00040000, /*!< Start operation and return. CAU3 asserts DMA request when done. */ 80 } cau3_task_done_t; 81 82 /*! @brief Specify CAU3's key resource and signalling to be used for an operation. */ 83 typedef struct _cau3_handle 84 { 85 cau3_task_done_t taskDone; /*!< Specify CAU3 task done signalling to Host CPU. */ 86 cau3_key_slot_t keySlot; /*!< For operations with key (such as AES encryption/decryption), specify CAU3 key slot. */ 87 } cau3_handle_t; 88 89 /*! @} */ 90 91 /******************************************************************************* 92 * AES Definitions 93 *******************************************************************************/ 94 95 /*! 96 * @addtogroup cau3_driver_aes 97 * @{ 98 */ 99 100 /*! AES block size in bytes */ 101 #define CAU3_AES_BLOCK_SIZE 16 102 103 /*! 104 *@} 105 */ /* end of cau3_driver_aes */ 106 107 /******************************************************************************* 108 * HASH Definitions 109 ******************************************************************************/ 110 /*! 111 * @addtogroup cau3_driver_hash 112 * @{ 113 */ 114 115 /*! @brief Supported cryptographic block cipher functions for HASH creation */ 116 typedef enum _cau3_hash_algo_t { 117 kCAU3_Sha1, /*!< SHA_1 */ 118 kCAU3_Sha256, /*!< SHA_256 */ 119 } cau3_hash_algo_t; 120 121 /*! @brief CAU3 HASH Context size. */ 122 #define CAU3_SHA_BLOCK_SIZE 128 /*!< internal buffer block size */ 123 #define CAU3_HASH_BLOCK_SIZE CAU3_SHA_BLOCK_SIZE /*!< CAU3 hash block size */ 124 125 /*! @brief CAU3 HASH Context size. */ 126 #define CAU3_HASH_CTX_SIZE 58 127 128 /*! @brief Storage type used to save hash context. */ 129 typedef struct _cau3_hash_ctx_t 130 { 131 uint32_t x[CAU3_HASH_CTX_SIZE]; 132 } cau3_hash_ctx_t; 133 134 /*! 135 *@} 136 */ /* end of cau3_driver_hash */ 137 138 /******************************************************************************* 139 * PKHA Definitions 140 ******************************************************************************/ 141 /*! 142 * @addtogroup cau3_driver_pkha 143 * @{ 144 */ 145 146 /*! PKHA ECC point structure */ 147 typedef struct _cau3_pkha_ecc_point_t 148 { 149 uint8_t *X; /*!< X coordinate (affine) */ 150 uint8_t *Y; /*!< Y coordinate (affine) */ 151 } cau3_pkha_ecc_point_t; 152 153 /*! @brief Use of timing equalized version of a PKHA function. */ 154 typedef enum _cau3_pkha_timing_t { 155 kCAU3_PKHA_NoTimingEqualized = 0U, /*!< Normal version of a PKHA operation */ 156 kCAU3_PKHA_TimingEqualized = 1U /*!< Timing-equalized version of a PKHA operation */ 157 } cau3_pkha_timing_t; 158 159 /*! @brief Integer vs binary polynomial arithmetic selection. */ 160 typedef enum _cau3_pkha_f2m_t { 161 kCAU3_PKHA_IntegerArith = 0U, /*!< Use integer arithmetic */ 162 kCAU3_PKHA_F2mArith = 1U /*!< Use binary polynomial arithmetic */ 163 } cau3_pkha_f2m_t; 164 165 /*! @brief Montgomery or normal PKHA input format. */ 166 typedef enum _cau3_pkha_montgomery_form_t { 167 kCAU3_PKHA_NormalValue = 0U, /*!< PKHA number is normal integer */ 168 kCAU3_PKHA_MontgomeryFormat = 1U /*!< PKHA number is in montgomery format */ 169 } cau3_pkha_montgomery_form_t; 170 171 /*! 172 *@} 173 */ /* cau3_driver_pkha */ 174 175 /******************************************************************************* 176 * API 177 ******************************************************************************/ 178 #if defined(__cplusplus) 179 extern "C" { 180 #endif 181 182 /*! 183 * @addtogroup cau3_driver 184 * @{ 185 */ 186 187 /*! 188 * @brief Enables clock for CAU3 and loads image to memory 189 * 190 * Enable CAU3 clock and loads image to CryptoCore. 191 * 192 * @param base CAU3 base address 193 */ 194 void CAU3_Init(CAU3_Type *base); 195 196 /*! 197 * @brief Execute a CAU3 null task to signal error termination 198 * 199 * Execute a null task to signal error termination. 200 * The CryptoCore task executes one instruction - a "stop with error". 201 * 202 * @param base CAU3 base address 203 * @param taskDone indicates completion signal 204 * 205 * @return status check from task completion 206 */ 207 status_t CAU3_ForceError(CAU3_Type *base, cau3_task_done_t taskDone); 208 209 /*! 210 * @brief Load special hardware "key context" into the CAU3's data memory 211 * 212 * Load the special hardware key context into the private DMEM. This only 213 * includes the complete 256-bit key which is then specified with a size of 214 * [8,16,24,32] bytes (for DES or AES-[128,256]). It also loads the 215 * default IV value specified in NIST/RFC2294 IV=0xa6a6a6a6a6a6a6a6. This operation typically 216 * loads keySlot 0, which, by convention, is used for the system key encryption 217 * key. 218 * 219 * See the GENERAL COMMENTS for more information on the keyContext structure. 220 * 221 * NOTE: This function also performs an AES key expansion if a keySize > 8 222 * is specified. 223 * 224 * @param base CAU3 base address 225 * @param keySize is the logical key size in bytes [8,16,24,32] 226 * @param keySlot is the destination key slot number [0-3] 227 * @param taskDone indicates completion signal. 228 * 229 * @return status check from task completion 230 */ 231 status_t CAU3_LoadSpecialKeyContext(CAU3_Type *base, 232 size_t keySize, 233 cau3_key_slot_t keySlot, 234 cau3_task_done_t taskDone); 235 236 /*! 237 * @brief Invalidate a 64-byte "key context" in the CAU3's private data memory 238 * 239 * Clears the key context in the private DMEM. There is support for four "key 240 * slots" with slot 0 typically used for the system key encryption key. 241 * 242 * @param base CAU3 base address 243 * @param keySlot is the key slot number [0-3] to invalidate 244 * @param taskDone indicates completion signal * 245 * @return status check from task completion 246 */ 247 status_t CAU3_ClearKeyContext(CAU3_Type *base, cau3_key_slot_t keySlot, cau3_task_done_t taskDone); 248 249 /*! 250 * @brief Load an initialization vector into a key context 251 * 252 * Loads a 16-byte initialization vector (iv) into the specified key slot. 253 * There is support for a maximum of 4 key slots. 254 * The function is used internally for loading AEAD_CHACHA20_POY1305 nonce. 255 * It can be also used for Alternative Initial Values for A[0] in RFC 3394. 256 * 257 * @param base CAU3 base address 258 * @param iv The initialization vector, ALIGNED ON A 0-MOD-4 ADDRESS. 259 * @param keySlot is the destination key context 260 * @param taskDone indicates completion signal 261 * 262 * @return status check from task completion 263 */ 264 status_t CAU3_LoadKeyInitVector(CAU3_Type *base, const uint8_t *iv, cau3_key_slot_t keySlot, cau3_task_done_t taskDone); 265 266 /*! 267 * @brief Make the CAU3's local memories private 268 * 269 * Modify the CAU3's internal configuration so the local memories are private 270 * and only accessible to the CAU3. This operation is typically performed after 271 * the CAU_InitializeInstMemory(), 272 * CAU_InitializeDataMemory(), and 273 * CAU_InitializeReadOnlyDataMemory() functions have been performed. 274 * 275 * This configuration remains in effect until the next hardware reset. 276 * 277 * @param taskDone indicates completion signal: CAU_[POLL, IRQ, EVENT, DMAREQ] 278 * 279 * @retval status check from task completion: CAU_[OK, ERROR] 280 */ 281 status_t CAU3_MakeMemsPrivate(CAU3_Type *base, cau3_task_done_t taskDone); 282 283 /*! 284 *@} 285 */ /* end of cau3_driver */ 286 287 /******************************************************************************* 288 * AES API 289 ******************************************************************************/ 290 291 /*! 292 * @addtogroup cau3_driver_aes 293 * @{ 294 */ 295 296 /*! 297 * @brief Load AES key into CAU3 key slot. 298 * 299 * Load the key context into the private DMEM. This function also performs an AES key expansion. 300 * For CAU3 AES encryption/decryption/cmac, users only need to call one of @ref CAU3_AES_SetKey and @ref 301 * CAU3_LoadSpecialKeyContext. 302 * 303 * CAU3_AES_SetKey 304 * @param base CAU3 peripheral base address. 305 * @param handle Handle used for the request. 306 * @param key 0-mod-4 aligned pointer to AES key. 307 * @param keySize AES key size in bytes. Shall equal 16 or 32. 308 * @return status from set key operation 309 */ 310 status_t CAU3_AES_SetKey(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *key, size_t keySize); 311 312 /*! 313 * @brief Encrypts AES on one 128-bit block. 314 * 315 * Encrypts AES. 316 * The source plaintext and destination ciphertext can overlap in system memory. 317 * 318 * @param base CAU3 peripheral base address 319 * @param handle Handle used for this request. 320 * @param plaintext Input plain text to encrypt 321 * @param[out] ciphertext Output cipher text 322 * @return Status from encrypt operation 323 */ 324 status_t CAU3_AES_Encrypt(CAU3_Type *base, cau3_handle_t *handle, const uint8_t plaintext[16], uint8_t ciphertext[16]); 325 326 /*! 327 * @brief Decrypts AES on one 128-bit block. 328 * 329 * Decrypts AES. 330 * The source ciphertext and destination plaintext can overlap in system memory. 331 * 332 * @param base CAU3 peripheral base address 333 * @param handle Handle used for this request. 334 * @param ciphertext Input plain text to encrypt 335 * @param[out] plaintext Output cipher text 336 * @return Status from decrypt operation 337 */ 338 status_t CAU3_AES_Decrypt(CAU3_Type *base, cau3_handle_t *handle, const uint8_t ciphertext[16], uint8_t plaintext[16]); 339 340 /*! 341 * @brief Perform an AES-128 cipher-based authentication code (CMAC) 342 * 343 * Performs an AES-128 cipher-based authentication code (CMAC) on a 344 * message. RFC 4493. 345 * 346 * @param base CAU3 peripheral base address 347 * @param handle Handle used for this request. 348 * @param message is source uint8_t array of data bytes, any alignment 349 * @param size Number of bytes in the message. 350 * @param mac is the output 16 bytes MAC, must be a 0-mod-4 aligned address 351 * @return status check from task completion 352 */ 353 status_t CAU3_AES_Cmac(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *message, size_t size, uint8_t *mac); 354 355 /*! 356 * @brief Perform an AES key expansion for specified key slot 357 * 358 * Performs an AES key expansion (aka schedule) on the specified key slot. It 359 * uses the keySize information in the context to determine whether the key 360 * expansion applies to a 128- or 256-bit AES key. 361 * This function is primarily intended to be called after 362 * key blob has been unwrapped by @ref CAU3_KeyBlobUnwrap to destination key slot, so that the unwrapped key 363 * can be used for AES encryption. 364 * 365 * @param base CAU3 base address 366 * @param keySlot is the key context 367 * @param taskDone indicates completion signal 368 * @return status check from task completion 369 */ 370 status_t CAU3_AES_KeyExpansion(CAU3_Type *base, cau3_key_slot_t keySlot, cau3_task_done_t taskDone); 371 372 /*! 373 *@} 374 */ /* end of cau3_driver_aes */ 375 376 /******************************************************************************* 377 * DES API 378 ******************************************************************************/ 379 /*! 380 * @addtogroup cau3_driver_des 381 * @{ 382 */ 383 384 /*! 385 * @brief Perform a 3DES key parity check 386 * 387 * Performs a 3DES key parity check on three 8-byte keys. 388 * The function is blocking. 389 * 390 * @param base CAU3 peripheral base address 391 * @param keySlot defines the key context to be used in the parity check 392 * 393 * @return status check from task completion 394 */ 395 status_t CAU3_TDES_CheckParity(CAU3_Type *base, cau3_key_slot_t keySlot); 396 397 /*! 398 * @brief Load DES key into CAU3 key slot. 399 * 400 * Load the key context into the private DMEM. 401 * 402 * @param base CAU3 peripheral base address. 403 * @param handle Handle used for the request. 404 * @param key 0-mod-4 aligned pointer to 3DES key. 405 * @param keySize 3DES key size in bytes. Shall equal 24. 406 * @return status from set key operation 407 */ 408 status_t CAU3_TDES_SetKey(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *key, size_t keySize); 409 410 /*! 411 * @brief Perform a 3DES encryption 412 * 413 * Performs a 3DES "electronic code book" encryption on one 8-byte data block. 414 * The source plaintext and destination ciphertext can overlap in system memory. 415 * Supports both blocking and non-blocking task completion. 416 * 417 * @param base CAU3 peripheral base address. 418 * @param handle Handle used for this request. 419 * @param plaintext is source uint8_t array of data bytes, any alignment 420 * @param ciphertext is destination uint8_t array of data byte, any alignment 421 * 422 * @return status check from task completion 423 */ 424 status_t CAU3_TDES_Encrypt(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *plaintext, uint8_t *ciphertext); 425 426 /*! 427 * @brief Perform a 3DES decryption 428 * 429 * Performs a 3DES "electronic code book" decryption on one 8-byte data block. 430 * The source ciphertext and destination plaintext can overlap in sysMemory. 431 * Supports both blocking and non-blocking task completion. 432 * 433 * @param base CAU3 peripheral base address. 434 * @param handle Handle used for this request. 435 * @param ciphertext is destination uint8_t array of data byte, any alignment 436 * @param plaintext is source uint8_t array of data bytes, any alignment 437 * @return status check from task completion 438 */ 439 status_t CAU3_TDES_Decrypt(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *ciphertext, uint8_t *plaintext); 440 441 /*! 442 *@} 443 */ /* end of cau3_driver_des */ 444 445 /******************************************************************************* 446 * HASH API 447 ******************************************************************************/ 448 449 /*! 450 * @addtogroup cau3_driver_hash 451 * @{ 452 */ 453 /*! 454 * @brief Initialize HASH context 455 * 456 * This function initializes the HASH. 457 * 458 * For blocking CAU3 HASH API, the HASH context contains all information required for context switch, 459 * such as running hash. 460 * 461 * @param base CAU3 peripheral base address 462 * @param[out] ctx Output hash context 463 * @param algo Underlaying algorithm to use for hash computation. 464 * @return Status of initialization 465 */ 466 status_t CAU3_HASH_Init(CAU3_Type *base, cau3_hash_ctx_t *ctx, cau3_hash_algo_t algo); 467 468 /*! 469 * @brief Add data to current HASH 470 * 471 * Add data to current HASH. This can be called repeatedly with an arbitrary amount of data to be 472 * hashed. The functions blocks. If it returns kStatus_Success, the running hash or mac 473 * has been updated (CAU3 has processed the input data), so the memory at @ref input pointer 474 * can be released back to system. The context is updated with the running hash or mac 475 * and with all necessary information to support possible context switch. 476 * 477 * @param base CAU3 peripheral base address 478 * @param[in,out] ctx HASH context 479 * @param input Input data 480 * @param inputSize Size of input data in bytes 481 * @return Status of the hash update operation 482 */ 483 status_t CAU3_HASH_Update(CAU3_Type *base, cau3_hash_ctx_t *ctx, const uint8_t *input, size_t inputSize); 484 485 /*! 486 * @brief Finalize hashing 487 * 488 * Outputs the final hash (computed by CAU3_HASH_Update()) and erases the context. 489 * 490 * @param[in,out] ctx Input hash context 491 * @param[out] output Output hash data 492 * @param[out] outputSize Output parameter storing the size of the output hash in bytes 493 * @return Status of the hash finish operation 494 */ 495 status_t CAU3_HASH_Finish(CAU3_Type *base, cau3_hash_ctx_t *ctx, uint8_t *output, size_t *outputSize); 496 497 /*! 498 * @brief Create HASH on given data 499 * 500 * Perform the full SHA in one function call. The function is blocking. 501 * 502 * @param base CAU3 peripheral base address 503 * @param algo Underlaying algorithm to use for hash computation. 504 * @param input Input data 505 * @param inputSize Size of input data in bytes 506 * @param[out] output Output hash data 507 * @param[out] outputSize Output parameter storing the size of the output hash in bytes 508 * @return Status of the one call hash operation. 509 */ 510 status_t CAU3_HASH(CAU3_Type *base, 511 cau3_hash_algo_t algo, 512 const uint8_t *input, 513 size_t inputSize, 514 uint8_t *output, 515 size_t *outputSize); 516 517 /*! 518 *@} 519 */ /* end of cau3_driver_hash */ 520 521 /******************************************************************************* 522 * AEAD API 523 ******************************************************************************/ 524 525 /*! 526 * @addtogroup cau3_driver_chacha_poly 527 * @{ 528 */ 529 530 /*! 531 * @brief Load 256-bit key into CAU3 key context (in key slot). 532 * 533 * Load the key context into the private DMEM for CHACHA20_POLY1305 AEAD. 534 * 535 * @param base CAU3 peripheral base address. 536 * @param handle Handle used for the request. 537 * @param key 0-mod-4 aligned pointer to CHACHA20_POLY1305 256-bit key. 538 * @param keySize Size of the key in bytes. Shall be 32. 539 * @return status from set key operation 540 */ 541 status_t CAU3_CHACHA20_POLY1305_SetKey(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *key, size_t keySize); 542 543 /*! 544 * @brief Perform ChaCha-Poly encryption/authentication 545 * 546 * Perform ChaCha encryption over a message of "n" bytes, and authentication 547 * over the encrypted data plus an additional authenticated data, 548 * returning encrypted data + a message digest. 549 * 550 * @param base CAU3 peripheral base address 551 * @param handle Handle used for this request. The keySlot member specifies key context with key and IV. 552 * @param plaintext The uint8_t source message to be encrypted, any alignment 553 * @param[out] ciphertext is a pointer to the output encrypted message, any aligment 554 * @param size The length of the plaintext and ciphertext in bytes 555 * @param aad A pointer to the additional authenticated data, any alignment 556 * @param aadLen Length of additional authenticated data in bytes 557 * @param nonce 0-mod-4 aligned pointer to CHACHA20_POLY1305 96-bit nonce. 558 * @param[out] tag A pointer to the 128-bit message digest output, any alignment 559 * 560 * @return status check from task completion 561 */ 562 status_t CAU3_CHACHA20_POLY1305_Encrypt(CAU3_Type *base, 563 cau3_handle_t *handle, 564 const uint8_t *plaintext, 565 uint8_t *ciphertext, 566 size_t size, 567 const uint8_t *aad, 568 size_t aadLen, 569 const uint8_t *nonce, 570 uint8_t *tag); 571 572 /*! 573 * @brief Perform ChaCha-Poly decryption/authentication check 574 * 575 * Perform ChaCha decryption over a message of "n" bytes, and checks 576 * authentication over the encrypted data plus an additional authenticated data, 577 * returning decrypted data. IF the tag authentication fails, the task terminates with error and 578 * the output is forced to zero. 579 * 580 * @param base CAU3 peripheral base address 581 * @param handle Handle used for this request. The keySlot member specifies key context with key and IV. 582 * @param ciphertext The uint8_t source msg to be decrypted, any alignment 583 * @param[out] plaintext A pointer to the output decrypted message, any alignment 584 * @param size Length of the plaintext and ciphertext in bytes 585 * @param aad A pointer to the additional authenticated data, any alignment 586 * @param aadLen Length of additional authenticated data in bytes 587 * @param nonce 0-mod-4 aligned pointer to CHACHA20_POLY1305 96-bit nonce. 588 * @param tag A pointer to the 128-bit msg digest input to be checked, any alignment 589 * 590 * @return status check from task completion 591 * 592 */ 593 status_t CAU3_CHACHA20_POLY1305_Decrypt(CAU3_Type *base, 594 cau3_handle_t *handle, 595 const uint8_t *ciphertext, 596 uint8_t *plaintext, 597 size_t size, 598 const uint8_t *aad, 599 size_t aadLen, 600 const uint8_t *nonce, 601 const uint8_t *tag); 602 603 /*! 604 *@} 605 */ /* end of cau3_driver_chacha_poly */ 606 607 /******************************************************************************* 608 * BLOB API 609 ******************************************************************************/ 610 611 /*! 612 * @addtogroup cau3_driver_blob 613 * @{ 614 */ 615 616 /*! 617 * @brief Perform an RFC3394 key blob unwrap 618 * 619 * Perform an RFC3394 unwrap of an AES encrypted key blob. The unwrapped 620 * key blob is loaded into the specified key slot [1-3]. The initial 621 * special hardware KEK contained in key slot 0 is typically used for the 622 * unwrapping operation. The destination context number must be different than 623 * the keySlot used for unwrapping. 624 * Implements the algorithm at RFC 3394 to AES key unwrap. The 625 * current implementation allows to unwrap up to 512 bits, 626 * with the restriction of nblocks=2 or =4 or n=8(means it 627 * unwraps only 128bits, 256bits or two 256 bits keys (512)). It 628 * is allowed input key of 128 and 256bits only (passed using 629 * the keyslot). The function also assumes the 630 * @ref CAU3_LoadSpecialKeyContext was called before. 631 * It returns error and clear the destination context in case 632 * parameters are not inside aceptable values. 633 * In case n>4 && n!=8 it clears both destination contexts (the 634 * dstContext and the adjacent/next context) 635 * In case of n=8, the first unwraped key will be stored in the 636 * dstContext slot, and the second key will be saved in the next 637 * context (E.g: if dstContext=1, then first key goes to slot 1 638 * and second key to slot 2. If dstContext=3 then first key goes 639 * to slot 3 and second key goes to slot 1). 640 * Examples of n usage. 641 * E.g.: n = 2 means a unwraped key of 128 bits (2 * 64) 642 * E.g.: n = 4 means a unwraped key of 256 bits (4 * 64) 643 * E.g.: n = 8 means two unwraped keys of 256 bits (8 * 64) 644 * 645 * The function is blocking, it uses the polling task done signaling. 646 * 647 * @param base CAU3 peripheral base address 648 * @param keySlot is the key used to unwrap the key blob [0-3] 649 * @param keyBlob 0-mod-4 aligned pointer is the RFC3394 wrapped key blob. 650 * @param numberOfBlocks is the unwrapped keyBlob length as multiple of 64-bit blocks 651 * @param dstContext is the destination key context for unwrapped blob [0-3] 652 * @retval status check from task completion 653 */ 654 status_t CAU3_KeyBlobUnwrap(CAU3_Type *base, 655 cau3_key_slot_t keySlot, 656 const uint8_t *keyBlob, 657 uint32_t numberOfBlocks, 658 cau3_key_slot_t dstContext); 659 660 /*! 661 *@} 662 */ /* end of cau3_driver_blob */ 663 664 /******************************************************************************* 665 * PKHA API 666 ******************************************************************************/ 667 668 /*! 669 * @addtogroup cau3_driver_pkha 670 * @{ 671 */ 672 673 int CAU3_PKHA_CompareBigNum(const uint8_t *a, size_t sizeA, const uint8_t *b, size_t sizeB); 674 675 /*! 676 * @brief Converts from integer to Montgomery format. 677 * 678 * This function computes R2 mod N and optionally converts A or B into Montgomery format of A or B. 679 * 680 * @param base CAU3 peripheral base address 681 * @param N modulus 682 * @param sizeN size of N in bytes 683 * @param[in,out] A The first input in non-Montgomery format. Output Montgomery format of the first input. 684 * @param[in,out] sizeA pointer to size variable. On input it holds size of input A in bytes. On output it holds size of 685 * Montgomery format of A in bytes. 686 * @param[in,out] B Second input in non-Montgomery format. Output Montgomery format of the second input. 687 * @param[in,out] sizeB pointer to size variable. On input it holds size of input B in bytes. On output it holds size of 688 * Montgomery format of B in bytes. 689 * @param[out] R2 Output Montgomery factor R2 mod N. 690 * @param[out] sizeR2 pointer to size variable. On output it holds size of Montgomery factor R2 mod N in bytes. 691 * @param equalTime Run the function time equalized or no timing equalization. 692 * @param arithType Type of arithmetic to perform (integer or F2m) 693 * @return Operation status. 694 */ 695 status_t CAU3_PKHA_NormalToMontgomery(CAU3_Type *base, 696 const uint8_t *N, 697 size_t sizeN, 698 uint8_t *A, 699 size_t *sizeA, 700 uint8_t *B, 701 size_t *sizeB, 702 uint8_t *R2, 703 size_t *sizeR2, 704 cau3_pkha_timing_t equalTime, 705 cau3_pkha_f2m_t arithType); 706 707 /*! 708 * @brief Converts from Montgomery format to int. 709 * 710 * This function converts Montgomery format of A or B into int A or B. 711 * 712 * @param base CAU3 peripheral base address 713 * @param N modulus. 714 * @param sizeN size of N modulus in bytes. 715 * @param[in,out] A Input first number in Montgomery format. Output is non-Montgomery format. 716 * @param[in,out] sizeA pointer to size variable. On input it holds size of the input A in bytes. On output it holds 717 * size of non-Montgomery A in bytes. 718 * @param[in,out] B Input first number in Montgomery format. Output is non-Montgomery format. 719 * @param[in,out] sizeB pointer to size variable. On input it holds size of the input B in bytes. On output it holds 720 * size of non-Montgomery B in bytes. 721 * @param equalTime Run the function time equalized or no timing equalization. 722 * @param arithType Type of arithmetic to perform (integer or F2m) 723 * @return Operation status. 724 */ 725 status_t CAU3_PKHA_MontgomeryToNormal(CAU3_Type *base, 726 const uint8_t *N, 727 size_t sizeN, 728 uint8_t *A, 729 size_t *sizeA, 730 uint8_t *B, 731 size_t *sizeB, 732 cau3_pkha_timing_t equalTime, 733 cau3_pkha_f2m_t arithType); 734 735 /*! 736 * @brief Performs modular addition - (A + B) mod N. 737 * 738 * This function performs modular addition of (A + B) mod N, with either 739 * integer or binary polynomial (F2m) inputs. In the F2m form, this function is 740 * equivalent to a bitwise XOR and it is functionally the same as subtraction. 741 * 742 * @param base CAU3 peripheral base address 743 * @param A first addend (integer or binary polynomial) 744 * @param sizeA Size of A in bytes 745 * @param B second addend (integer or binary polynomial) 746 * @param sizeB Size of B in bytes 747 * @param N modulus. 748 * @param sizeN Size of N in bytes. 749 * @param[out] result Output array to store result of operation 750 * @param[out] resultSize Output size of operation in bytes 751 * @param arithType Type of arithmetic to perform (integer or F2m) 752 * @return Operation status. 753 */ 754 status_t CAU3_PKHA_ModAdd(CAU3_Type *base, 755 const uint8_t *A, 756 size_t sizeA, 757 const uint8_t *B, 758 size_t sizeB, 759 const uint8_t *N, 760 size_t sizeN, 761 uint8_t *result, 762 size_t *resultSize, 763 cau3_pkha_f2m_t arithType); 764 765 /*! 766 * @brief Performs modular subtraction - (A - B) mod N. 767 * 768 * This function performs modular subtraction of (A - B) mod N with 769 * integer inputs. 770 * 771 * @param base CAU3 peripheral base address 772 * @param A first addend (integer or binary polynomial) 773 * @param sizeA Size of A in bytes 774 * @param B second addend (integer or binary polynomial) 775 * @param sizeB Size of B in bytes 776 * @param N modulus 777 * @param sizeN Size of N in bytes 778 * @param[out] result Output array to store result of operation 779 * @param[out] resultSize Output size of operation in bytes 780 * @return Operation status. 781 */ 782 status_t CAU3_PKHA_ModSub1(CAU3_Type *base, 783 const uint8_t *A, 784 size_t sizeA, 785 const uint8_t *B, 786 size_t sizeB, 787 const uint8_t *N, 788 size_t sizeN, 789 uint8_t *result, 790 size_t *resultSize); 791 792 /*! 793 * @brief Performs modular subtraction - (B - A) mod N. 794 * 795 * This function performs modular subtraction of (B - A) mod N, 796 * with integer inputs. 797 * 798 * @param base CAU3 peripheral base address 799 * @param A first addend (integer or binary polynomial) 800 * @param sizeA Size of A in bytes 801 * @param B second addend (integer or binary polynomial) 802 * @param sizeB Size of B in bytes 803 * @param N modulus 804 * @param sizeN Size of N in bytes 805 * @param[out] result Output array to store result of operation 806 * @param[out] resultSize Output size of operation in bytes 807 * @return Operation status. 808 */ 809 status_t CAU3_PKHA_ModSub2(CAU3_Type *base, 810 const uint8_t *A, 811 size_t sizeA, 812 const uint8_t *B, 813 size_t sizeB, 814 const uint8_t *N, 815 size_t sizeN, 816 uint8_t *result, 817 size_t *resultSize); 818 819 /*! 820 * @brief Performs modular multiplication - (A x B) mod N. 821 * 822 * This function performs modular multiplication with either integer or 823 * binary polynomial (F2m) inputs. It can optionally specify whether inputs 824 * and/or outputs will be in Montgomery form or not. 825 * 826 * @param base CAU3 peripheral base address 827 * @param A first addend (integer or binary polynomial) 828 * @param sizeA Size of A in bytes 829 * @param B second addend (integer or binary polynomial) 830 * @param sizeB Size of B in bytes 831 * @param N modulus. 832 * @param sizeN Size of N in bytes 833 * @param[out] result Output array to store result of operation 834 * @param[out] resultSize Output size of operation in bytes 835 * @param arithType Type of arithmetic to perform (integer or F2m) 836 * @param montIn Format of inputs 837 * @param montOut Format of output 838 * @param equalTime Run the function time equalized or no timing equalization. This argument is ignored for F2m modular 839 * multiplication. 840 * @return Operation status. 841 */ 842 status_t CAU3_PKHA_ModMul(CAU3_Type *base, 843 const uint8_t *A, 844 size_t sizeA, 845 const uint8_t *B, 846 size_t sizeB, 847 const uint8_t *N, 848 size_t sizeN, 849 uint8_t *result, 850 size_t *resultSize, 851 cau3_pkha_f2m_t arithType, 852 cau3_pkha_montgomery_form_t montIn, 853 cau3_pkha_montgomery_form_t montOut, 854 cau3_pkha_timing_t equalTime); 855 856 /*! 857 * @brief Performs modular exponentiation - (A^E) mod N. 858 * 859 * This function performs modular exponentiation with either integer or 860 * binary polynomial (F2m) inputs. 861 * 862 * @param base CAU3 peripheral base address 863 * @param A first addend (integer or binary polynomial) 864 * @param sizeA Size of A in bytes 865 * @param N modulus 866 * @param sizeN Size of N in bytes 867 * @param E exponent 868 * @param sizeE Size of E in bytes 869 * @param[out] result Output array to store result of operation 870 * @param[out] resultSize Output size of operation in bytes 871 * @param montIn Format of A input (normal or Montgomery) 872 * @param arithType Type of arithmetic to perform (integer or F2m) 873 * @param equalTime Run the function time equalized or no timing equalization. 874 * @return Operation status. 875 */ 876 status_t CAU3_PKHA_ModExp(CAU3_Type *base, 877 const uint8_t *A, 878 size_t sizeA, 879 const uint8_t *N, 880 size_t sizeN, 881 const uint8_t *E, 882 size_t sizeE, 883 uint8_t *result, 884 size_t *resultSize, 885 cau3_pkha_f2m_t arithType, 886 cau3_pkha_montgomery_form_t montIn, 887 cau3_pkha_timing_t equalTime); 888 889 /*! 890 * @brief Performs Modular Square Root. 891 * 892 * This function performs modular square root with integer inputs. 893 * The modular square root function computes output result B, such that ( B x B ) mod N = input A. 894 * If no such B result exists, the result will be set to 0 and the PKHA "prime" flag 895 * will be set. Input values A and B are limited to a maximum size of 128 bytes. Note that 896 * two such square root values may exist. This algorithm will find either one of them, if any 897 * exist. The second possible square root (B') can be found by calculating B' = N - B. 898 * 899 * @param base CAU3 peripheral base address 900 * @param A input value, for which a square root is to be calculated 901 * @param sizeA Size of A in bytes 902 * @param N modulus 903 * @param sizeN Size of N in bytes 904 * @param[out] result Output array to store result of operation 905 * @param[out] resultSize Output size of operation in bytes 906 * @return Operation status. 907 */ 908 status_t CAU3_PKHA_ModSqrt(CAU3_Type *base, 909 const uint8_t *A, 910 size_t sizeA, 911 const uint8_t *N, 912 size_t sizeN, 913 uint8_t *result, 914 size_t *resultSize); 915 916 /*! 917 * @brief Performs modular reduction - (A) mod N. 918 * 919 * This function performs modular reduction with either integer or 920 * binary polynomial (F2m) inputs. 921 * 922 * @param base CAU3 peripheral base address 923 * @param A first addend (integer or binary polynomial) 924 * @param sizeA Size of A in bytes 925 * @param N modulus 926 * @param sizeN Size of N in bytes 927 * @param[out] result Output array to store result of operation 928 * @param[out] resultSize Output size of operation in bytes 929 * @param arithType Type of arithmetic to perform (integer or F2m) 930 * @return Operation status. 931 */ 932 status_t CAU3_PKHA_ModRed(CAU3_Type *base, 933 const uint8_t *A, 934 size_t sizeA, 935 const uint8_t *N, 936 size_t sizeN, 937 uint8_t *result, 938 size_t *resultSize, 939 cau3_pkha_f2m_t arithType); 940 941 /*! 942 * @brief Performs modular inversion - (A^-1) mod N. 943 * 944 * This function performs modular inversion with either integer or 945 * binary polynomial (F2m) inputs. 946 * 947 * @param base CAU3 peripheral base address 948 * @param A first addend (integer or binary polynomial) 949 * @param sizeA Size of A in bytes 950 * @param N modulus 951 * @param sizeN Size of N in bytes 952 * @param[out] result Output array to store result of operation 953 * @param[out] resultSize Output size of operation in bytes 954 * @param arithType Type of arithmetic to perform (integer or F2m) 955 * @return Operation status. 956 */ 957 status_t CAU3_PKHA_ModInv(CAU3_Type *base, 958 const uint8_t *A, 959 size_t sizeA, 960 const uint8_t *N, 961 size_t sizeN, 962 uint8_t *result, 963 size_t *resultSize, 964 cau3_pkha_f2m_t arithType); 965 966 /*! 967 * @brief Computes integer Montgomery factor R^2 mod N. 968 * 969 * This function computes a constant to assist in converting operands 970 * into the Montgomery residue system representation. 971 * 972 * @param base CAU3 peripheral base address 973 * @param N modulus 974 * @param sizeN Size of N in bytes 975 * @param[out] result Output array to store result of operation 976 * @param[out] resultSize Output size of operation in bytes 977 * @param arithType Type of arithmetic to perform (integer or F2m) 978 * @return Operation status. 979 */ 980 status_t CAU3_PKHA_ModR2( 981 CAU3_Type *base, const uint8_t *N, size_t sizeN, uint8_t *result, size_t *resultSize, cau3_pkha_f2m_t arithType); 982 983 /*! 984 * @brief Performs Integer RERP mod P. 985 * 986 * This function is used to compute a constant to assist in converting operands into the 987 * Montgomery residue system representation specifically for Chinese Remainder Theorem 988 * while performing RSA with a CRT implementation where a modulus E=P x Q, and P and 989 * Q are prime numbers. Although labeled RERP mod P, this routine (function) can also 990 * compute RERQ mod Q. 991 * 992 * @param base CAU3 peripheral base address 993 * @param P modulus P or Q of CRT, an odd integer 994 * @param sizeP Size of P in bytes 995 * @param sizeE Number of bytes of E = P x Q (this size must be given, though content of E itself is not used). 996 * @param[out] result Output array to store result of operation 997 * @param[out] resultSize Output size of operation in bytes 998 * @return Operation status. 999 */ 1000 status_t CAU3_PKHA_ModRR( 1001 CAU3_Type *base, const uint8_t *P, size_t sizeP, size_t sizeE, uint8_t *result, size_t *resultSize); 1002 1003 /*! 1004 * @brief Calculates the greatest common divisor - GCD (A, N). 1005 * 1006 * This function calculates the greatest common divisor of two inputs with 1007 * either integer or binary polynomial (F2m) inputs. 1008 * 1009 * @param base CAU3 peripheral base address 1010 * @param A first value (must be smaller than or equal to N) 1011 * @param sizeA Size of A in bytes 1012 * @param N second value (must be non-zero) 1013 * @param sizeN Size of N in bytes 1014 * @param[out] result Output array to store result of operation 1015 * @param[out] resultSize Output size of operation in bytes 1016 * @param arithType Type of arithmetic to perform (integer or F2m) 1017 * @return Operation status. 1018 */ 1019 status_t CAU3_PKHA_ModGcd(CAU3_Type *base, 1020 const uint8_t *A, 1021 size_t sizeA, 1022 const uint8_t *N, 1023 size_t sizeN, 1024 uint8_t *result, 1025 size_t *resultSize, 1026 cau3_pkha_f2m_t arithType); 1027 1028 /*! 1029 * @brief Executes Miller-Rabin primality test. 1030 * 1031 * This function calculates whether or not a candidate prime number is likely 1032 * to be a prime. 1033 * 1034 * @param base CAU3 peripheral base address 1035 * @param A initial random seed 1036 * @param sizeA Size of A in bytes 1037 * @param B number of trial runs 1038 * @param sizeB Size of B in bytes 1039 * @param N candidate prime integer 1040 * @param sizeN Size of N in bytes 1041 * @param[out] res True if the value is likely prime or false otherwise 1042 * @return Operation status. 1043 */ 1044 status_t CAU3_PKHA_PrimalityTest(CAU3_Type *base, 1045 const uint8_t *A, 1046 size_t sizeA, 1047 const uint8_t *B, 1048 size_t sizeB, 1049 const uint8_t *N, 1050 size_t sizeN, 1051 bool *res); 1052 1053 /*! 1054 * @brief Adds elliptic curve points - A + B. 1055 * 1056 * This function performs ECC point addition over a prime field (Fp) or binary field (F2m) using 1057 * affine coordinates. 1058 * 1059 * @param base CAU3 peripheral base address 1060 * @param A Left-hand point 1061 * @param B Right-hand point 1062 * @param N Prime modulus of the field 1063 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1064 * CAU3_PKHA_ModR2() function). 1065 * @param aCurveParam A parameter from curve equation 1066 * @param bCurveParam B parameter from curve equation (constant) 1067 * @param size Size in bytes of curve points and parameters 1068 * @param arithType Type of arithmetic to perform (integer or F2m) 1069 * @param[out] result Result point 1070 * @return Operation status. 1071 */ 1072 status_t CAU3_PKHA_ECC_PointAdd(CAU3_Type *base, 1073 const cau3_pkha_ecc_point_t *A, 1074 const cau3_pkha_ecc_point_t *B, 1075 const uint8_t *N, 1076 const uint8_t *R2modN, 1077 const uint8_t *aCurveParam, 1078 const uint8_t *bCurveParam, 1079 size_t size, 1080 cau3_pkha_f2m_t arithType, 1081 cau3_pkha_ecc_point_t *result); 1082 1083 /*! 1084 * @brief Doubles elliptic curve points - B + B. 1085 * 1086 * This function performs ECC point doubling over a prime field (Fp) or binary field (F2m) using 1087 * affine coordinates. 1088 * 1089 * @param base CAU3 peripheral base address 1090 * @param B Point to double 1091 * @param N Prime modulus of the field 1092 * @param aCurveParam A parameter from curve equation 1093 * @param bCurveParam B parameter from curve equation (constant) 1094 * @param size Size in bytes of curve points and parameters 1095 * @param arithType Type of arithmetic to perform (integer or F2m) 1096 * @param[out] result Result point 1097 * @return Operation status. 1098 */ 1099 status_t CAU3_PKHA_ECC_PointDouble(CAU3_Type *base, 1100 const cau3_pkha_ecc_point_t *B, 1101 const uint8_t *N, 1102 const uint8_t *aCurveParam, 1103 const uint8_t *bCurveParam, 1104 size_t size, 1105 cau3_pkha_f2m_t arithType, 1106 cau3_pkha_ecc_point_t *result); 1107 1108 /*! 1109 * @brief Multiplies an elliptic curve point by a scalar - E x (A0, A1). 1110 * 1111 * This function performs ECC point multiplication to multiply an ECC point by 1112 * a scalar integer multiplier over a prime field (Fp) or a binary field (F2m). 1113 * 1114 * @param base CAU3 peripheral base address 1115 * @param A Point as multiplicand 1116 * @param E Scalar multiple 1117 * @param sizeE The size of E, in bytes 1118 * @param N Modulus, a prime number for the Fp field or Irreducible polynomial for F2m field. 1119 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1120 * CAU3_PKHA_ModR2() function). 1121 * @param aCurveParam A parameter from curve equation 1122 * @param bCurveParam B parameter from curve equation (C parameter for operation over F2m). 1123 * @param size Size in bytes of curve points and parameters 1124 * @param equalTime Run the function time equalized or no timing equalization. 1125 * @param arithType Type of arithmetic to perform (integer or F2m) 1126 * @param[out] result Result point 1127 * @return Operation status. 1128 */ 1129 status_t CAU3_PKHA_ECC_PointMul(CAU3_Type *base, 1130 const cau3_pkha_ecc_point_t *A, 1131 const uint8_t *E, 1132 size_t sizeE, 1133 const uint8_t *N, 1134 const uint8_t *R2modN, 1135 const uint8_t *aCurveParam, 1136 const uint8_t *bCurveParam, 1137 size_t size, 1138 cau3_pkha_timing_t equalTime, 1139 cau3_pkha_f2m_t arithType, 1140 cau3_pkha_ecc_point_t *result); 1141 1142 /*! 1143 * @brief Computes scalar multiplication of a point on an elliptic curve in Montgomery form. 1144 * 1145 * This function computes the scalar multiplication of a point on an elliptic curve in 1146 * Montgomery form. The input and output are just the x coordinates of the points. 1147 * The points on a curve are defined by the equation E: B*y^2 = x^3 + A*x^2 + x mod p 1148 * This function computes a point multiplication on a Montgomery curve, using 1149 * Montgomery values, by means of a Montgomery ladder. At the end of the ladder, P2 = P3 + P1, 1150 * where P1 is the input and P3 is the result. 1151 * 1152 * @param base CAU3 peripheral base address 1153 * @param E Scalar multiplier, any integer 1154 * @param sizeE The size of E, in bytes 1155 * @param inputCoordinate Point as multiplicand, an input point's affine x coordinate 1156 * @param A24 elliptic curve a24 parameter, that is, (A+2)/4 1157 * @param N Modulus, a prime number. 1158 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1159 * @ref CAU3_PKHA_ModR2() function). 1160 * @param size Size in bytes of curve points and parameters 1161 * @param equalTime Run the function time equalized or no timing equalization. 1162 * @param[out] outputCoordinate Resulting poin's x affine coordinate. 1163 * @return Operation status. 1164 */ 1165 status_t CAU3_PKHA_ECM_PointMul(CAU3_Type *base, 1166 const uint8_t *E, 1167 size_t sizeE, 1168 const uint8_t *inputCoordinate, 1169 const uint8_t *A24, 1170 const uint8_t *N, 1171 const uint8_t *R2modN, 1172 size_t size, 1173 cau3_pkha_timing_t equalTime, 1174 uint8_t *outputCoordinate); 1175 1176 /*! 1177 * @brief Multiplies an Edwards-form elliptic curve point by a scalar - E x (A0, A1). 1178 * 1179 * This function performs scalar multiplication of an Edwards-form elliptic curve point 1180 * in affine coordinates. 1181 * The points on a curve are defined by the equation E: a*X^2 + d^2 = 1 + D^2*X^2*Y^2 mod N 1182 * 1183 * @param base CAU3 peripheral base address 1184 * @param A Point as multiplicand 1185 * @param E Scalar multiple 1186 * @param sizeE The size of E, in bytes 1187 * @param N Modulus, a prime number for the Fp field. 1188 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1189 * @ref CAU3_PKHA_ModR2() function). 1190 * @param aCurveParam A parameter from curve equation 1191 * @param dCurveParam D parameter from curve equation. 1192 * @param size Size in bytes of curve points and parameters 1193 * @param equalTime Run the function time equalized or no timing equalization. 1194 * @param[out] result Result point 1195 * @return Operation status. 1196 */ 1197 status_t CAU3_PKHA_ECT_PointMul(CAU3_Type *base, 1198 const cau3_pkha_ecc_point_t *A, 1199 const uint8_t *E, 1200 size_t sizeE, 1201 const uint8_t *N, 1202 const uint8_t *R2modN, 1203 const uint8_t *aCurveParam, 1204 const uint8_t *dCurveParam, 1205 size_t size, 1206 cau3_pkha_timing_t equalTime, 1207 cau3_pkha_ecc_point_t *result); 1208 1209 /*! 1210 * @brief Adds an Edwards-form elliptic curve points - A + B. 1211 * 1212 * This function performs Edwards-form elliptic curve point addition over a prime field (Fp) using affine coordinates. 1213 * The points on a curve are defined by the equation E: a*X^2 + Y^2 = 1 + d^2*X^2*Y^2 mod N 1214 * 1215 * @param base CAU3 peripheral base address 1216 * @param A Left-hand point 1217 * @param B Right-hand point 1218 * @param N Prime modulus of the field 1219 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1220 * @ref CAU3_PKHA_ModR2() function). 1221 * @param aCurveParam A parameter from curve equation 1222 * @param dCurveParam D parameter from curve equation 1223 * @param size Size in bytes of curve points and parameters 1224 * @param[out] result Result point 1225 * @return Operation status. 1226 */ 1227 status_t CAU3_PKHA_ECT_PointAdd(CAU3_Type *base, 1228 const cau3_pkha_ecc_point_t *A, 1229 const cau3_pkha_ecc_point_t *B, 1230 const uint8_t *N, 1231 const uint8_t *R2modN, 1232 const uint8_t *aCurveParam, 1233 const uint8_t *dCurveParam, 1234 size_t size, 1235 cau3_pkha_ecc_point_t *result); 1236 1237 /*! 1238 *@} 1239 */ /* end of cau3_driver_pkha */ 1240 1241 #if defined(__cplusplus) 1242 } 1243 #endif 1244 1245 #endif /* _FSL_CAU3_H_ */ 1246
