1 /* 2 * Copyright 2017-2020 NXP 3 * All rights reserved. 4 * 5 * 6 * SPDX-License-Identifier: BSD-3-Clause 7 */ 8 9 #ifndef FSL_CAU3_H_ 10 #define FSL_CAU3_H_ 11 12 #include "fsl_common.h" 13 14 /******************************************************************************* 15 * Definitions 16 *******************************************************************************/ 17 18 /*! 19 * @addtogroup cau3_driver 20 * @{ 21 */ 22 /*! @name Driver version */ 23 /*! @{ */ 24 /*! @brief CAU3 driver version. Version 2.0.5. 25 * 26 * Current version: 2.0.5 27 * 28 * Change log: 29 * - Version 2.0.0 30 * - Initial version 31 * - Version 2.0.1 32 * - Replace static cau3_make_mems_private() with public CAU3_MakeMemsPrivate(). 33 * - Remove the cau3_make_mems_private() from CAU3_Init to allow loading multiple images. 34 * - Version 2.0.2 35 * - Add FSL_CAU3_USE_HW_SEMA compile time macro. When enabled, all CAU3 API functions 36 * lock hw semaphore on function entry and release the hw semaphore on function return. 37 * - Version 2.0.3 38 * - Fix MISRA C-2012 issue. 39 * - Version 2.0.4 40 * - Fix MISRA C-2012 issue. 41 * - Version 2.0.5 42 * - Fix MISRA-C 2012 issue. 43 */ 44 #define FSL_CAU3_DRIVER_VERSION (MAKE_VERSION(2, 0, 5)) 45 /*! @} */ 46 47 /*! @brief Hardware semaphore usage by driver functions. 48 * This macro can be enabled for mutual exclusive calls to CAU3 APIs 49 * from multiple CPUs. Note this does not lock against calls from multiple threads on one CPU. 50 */ 51 52 /* #define FSL_CAU3_USE_HW_SEMA 1 */ 53 54 #if defined(FSL_CAU3_USE_HW_SEMA) && (FSL_CAU3_USE_HW_SEMA > 0) 55 /* Using SEMA42 hardware semaphore for multiprocessor locking. 56 * Currently supporting only SEMA42 hardware semaphore. 57 */ 58 #if defined(FSL_FEATURE_SOC_SEMA42_COUNT) && (FSL_FEATURE_SOC_SEMA42_COUNT > 0) 59 #include "fsl_sema42.h" 60 #define FSL_CAU3_SEMA42_BASE SEMA420 61 #define FSL_CAU3_SEMA42_GATE (1) 62 #define FSL_CAU3_SEMA42_CLOCK_NAME kCLOCK_Sema420 63 #else 64 #error FSL_CAU3_USE_HW_SEMA requires SEMA42 semaphore. 65 #endif 66 #endif 67 68 /*! @brief CAU3 key slot selection. Current CryptoCore firmware supports 4 key slots inside CryptoCore's Private DMEM. 69 * 70 */ 71 typedef enum _cau3_key_slot 72 { 73 kCAU3_KeySlot0 = 0x0U, /*!< CAU3 key slot 0. */ 74 kCAU3_KeySlotNone = 0x0U, /*!< No key. */ 75 kCAU3_KeySlot1 = 0x1U, /*!< CAU3 key slot 1. */ 76 kCAU3_KeySlot2 = 0x2U, /*!< CAU3 key slot 2.*/ 77 kCAU3_KeySlot3 = 0x3U, /*!< CAU3 key slot 3. */ 78 } cau3_key_slot_t; 79 80 /*! @brief CAU3 task done selection. */ 81 typedef enum _cau3_task_done 82 { 83 kCAU3_TaskDoneNull = 0x00000000U, /*!< */ 84 kCAU3_TaskDonePoll = 0x00000000U, /*!< Poll CAU3 status flag. */ 85 kCAU3_TaskDoneIrq = 0x00010000U, /*!< Start operation and return. CAU3 asserts interrupt request when done. */ 86 kCAU3_TaskDoneEvent = 0x00020000U, /*!< Call Wait-for-event opcode until CAU3 completes processing. */ 87 kCAU3_TaskDoneDmaRequest = 0x00040000, /*!< Start operation and return. CAU3 asserts DMA request when done. */ 88 } cau3_task_done_t; 89 90 /*! @brief Specify CAU3's key resource and signalling to be used for an operation. */ 91 typedef struct _cau3_handle 92 { 93 cau3_task_done_t taskDone; /*!< Specify CAU3 task done signalling to Host CPU. */ 94 cau3_key_slot_t keySlot; /*!< For operations with key (such as AES encryption/decryption), specify CAU3 key slot. */ 95 } cau3_handle_t; 96 97 /*! @} */ 98 99 /******************************************************************************* 100 * AES Definitions 101 *******************************************************************************/ 102 103 /*! 104 * @addtogroup cau3_driver_aes 105 * @{ 106 */ 107 108 /*! AES block size in bytes */ 109 #define CAU3_AES_BLOCK_SIZE 16 110 111 /*! 112 *@} 113 */ /* end of cau3_driver_aes */ 114 115 /******************************************************************************* 116 * HASH Definitions 117 ******************************************************************************/ 118 /*! 119 * @addtogroup cau3_driver_hash 120 * @{ 121 */ 122 123 /*! @brief Supported cryptographic block cipher functions for HASH creation */ 124 typedef enum _cau3_hash_algo_t 125 { 126 kCAU3_Sha1, /*!< SHA_1 */ 127 kCAU3_Sha256, /*!< SHA_256 */ 128 } cau3_hash_algo_t; 129 130 /*! @brief CAU3 HASH Context size. */ 131 #define CAU3_SHA_BLOCK_SIZE 128U /*!< internal buffer block size */ 132 #define CAU3_HASH_BLOCK_SIZE CAU3_SHA_BLOCK_SIZE /*!< CAU3 hash block size */ 133 134 /*! @brief CAU3 HASH Context size. */ 135 #define CAU3_HASH_CTX_SIZE 58 136 137 /*! @brief Storage type used to save hash context. */ 138 typedef struct _cau3_hash_ctx_t 139 { 140 uint32_t x[CAU3_HASH_CTX_SIZE]; 141 } cau3_hash_ctx_t; 142 143 /*! 144 *@} 145 */ /* end of cau3_driver_hash */ 146 147 /******************************************************************************* 148 * PKHA Definitions 149 ******************************************************************************/ 150 /*! 151 * @addtogroup cau3_driver_pkha 152 * @{ 153 */ 154 155 /*! PKHA ECC point structure */ 156 typedef struct _cau3_pkha_ecc_point_t 157 { 158 uint8_t *X; /*!< X coordinate (affine) */ 159 uint8_t *Y; /*!< Y coordinate (affine) */ 160 } cau3_pkha_ecc_point_t; 161 162 /*! @brief Use of timing equalized version of a PKHA function. */ 163 typedef enum _cau3_pkha_timing_t 164 { 165 kCAU3_PKHA_NoTimingEqualized = 0U, /*!< Normal version of a PKHA operation */ 166 kCAU3_PKHA_TimingEqualized = 1U /*!< Timing-equalized version of a PKHA operation */ 167 } cau3_pkha_timing_t; 168 169 /*! @brief Integer vs binary polynomial arithmetic selection. */ 170 typedef enum _cau3_pkha_f2m_t 171 { 172 kCAU3_PKHA_IntegerArith = 0U, /*!< Use integer arithmetic */ 173 kCAU3_PKHA_F2mArith = 1U /*!< Use binary polynomial arithmetic */ 174 } cau3_pkha_f2m_t; 175 176 /*! @brief Montgomery or normal PKHA input format. */ 177 typedef enum _cau3_pkha_montgomery_form_t 178 { 179 kCAU3_PKHA_NormalValue = 0U, /*!< PKHA number is normal integer */ 180 kCAU3_PKHA_MontgomeryFormat = 1U /*!< PKHA number is in montgomery format */ 181 } cau3_pkha_montgomery_form_t; 182 183 /*! 184 *@} 185 */ /* cau3_driver_pkha */ 186 187 /******************************************************************************* 188 * API 189 ******************************************************************************/ 190 #if defined(__cplusplus) 191 extern "C" { 192 #endif 193 194 /*! 195 * @addtogroup cau3_driver 196 * @{ 197 */ 198 199 /*! 200 * @brief Enables clock for CAU3 and loads image to memory 201 * 202 * Enable CAU3 clock and loads image to CryptoCore. 203 * 204 * @param base CAU3 base address 205 */ 206 void CAU3_Init(CAU3_Type *base); 207 208 /*! 209 * @brief Execute a CAU3 null task to signal error termination 210 * 211 * Execute a null task to signal error termination. 212 * The CryptoCore task executes one instruction - a "stop with error". 213 * 214 * @param base CAU3 base address 215 * @param taskDone indicates completion signal 216 * 217 * @return status check from task completion 218 */ 219 status_t CAU3_ForceError(CAU3_Type *base, cau3_task_done_t taskDone); 220 221 /*! 222 * @brief Load special hardware "key context" into the CAU3's data memory 223 * 224 * Load the special hardware key context into the private DMEM. This only 225 * includes the complete 256-bit key which is then specified with a size of 226 * [8,16,24,32] bytes (for DES or AES-[128,256]). It also loads the 227 * default IV value specified in NIST/RFC2294 IV=0xa6a6a6a6a6a6a6a6. This operation typically 228 * loads keySlot 0, which, by convention, is used for the system key encryption 229 * key. 230 * 231 * See the GENERAL COMMENTS for more information on the keyContext structure. 232 * 233 * NOTE: This function also performs an AES key expansion if a keySize > 8 234 * is specified. 235 * 236 * @param base CAU3 base address 237 * @param keySize is the logical key size in bytes [8,16,24,32] 238 * @param keySlot is the destination key slot number [0-3] 239 * @param taskDone indicates completion signal. 240 * 241 * @return status check from task completion 242 */ 243 status_t CAU3_LoadSpecialKeyContext(CAU3_Type *base, 244 size_t keySize, 245 cau3_key_slot_t keySlot, 246 cau3_task_done_t taskDone); 247 248 /*! 249 * @brief Invalidate a 64-byte "key context" in the CAU3's private data memory 250 * 251 * Clears the key context in the private DMEM. There is support for four "key 252 * slots" with slot 0 typically used for the system key encryption key. 253 * 254 * @param base CAU3 base address 255 * @param keySlot is the key slot number [0-3] to invalidate 256 * @param taskDone indicates completion signal * 257 * @return status check from task completion 258 */ 259 status_t CAU3_ClearKeyContext(CAU3_Type *base, cau3_key_slot_t keySlot, cau3_task_done_t taskDone); 260 261 /*! 262 * @brief Load an initialization vector into a key context 263 * 264 * Loads a 16-byte initialization vector (iv) into the specified key slot. 265 * There is support for a maximum of 4 key slots. 266 * The function is used internally for loading AEAD_CHACHA20_POY1305 nonce. 267 * It can be also used for Alternative Initial Values for A[0] in RFC 3394. 268 * 269 * @param base CAU3 base address 270 * @param iv The initialization vector, ALIGNED ON A 0-MOD-4 ADDRESS. 271 * @param keySlot is the destination key context 272 * @param taskDone indicates completion signal 273 * 274 * @return status check from task completion 275 */ 276 status_t CAU3_LoadKeyInitVector(CAU3_Type *base, const uint8_t *iv, cau3_key_slot_t keySlot, cau3_task_done_t taskDone); 277 278 /*! 279 * @brief Make the CAU3's local memories private 280 * 281 * Modify the CAU3's internal configuration so the local memories are private 282 * and only accessible to the CAU3. This operation is typically performed after 283 * the CAU_InitializeInstMemory(), 284 * CAU_InitializeDataMemory(), and 285 * CAU_InitializeReadOnlyDataMemory() functions have been performed. 286 * 287 * This configuration remains in effect until the next hardware reset. 288 * 289 * @param base CAU3 base address 290 * @param taskDone indicates completion signal: CAU_[POLL, IRQ, EVENT, DMAREQ] 291 * 292 * @retval status check from task completion: CAU_[OK, ERROR] 293 */ 294 status_t CAU3_MakeMemsPrivate(CAU3_Type *base, cau3_task_done_t taskDone); 295 296 /*! 297 *@} 298 */ /* end of cau3_driver */ 299 300 /******************************************************************************* 301 * AES API 302 ******************************************************************************/ 303 304 /*! 305 * @addtogroup cau3_driver_aes 306 * @{ 307 */ 308 309 /*! 310 * @brief Load AES key into CAU3 key slot. 311 * 312 * Load the key context into the private DMEM. This function also performs an AES key expansion. 313 * For CAU3 AES encryption/decryption/cmac, users only need to call one of @ref CAU3_AES_SetKey and @ref 314 * CAU3_LoadSpecialKeyContext. 315 * 316 * CAU3_AES_SetKey 317 * @param base CAU3 peripheral base address. 318 * @param handle Handle used for the request. 319 * @param key 0-mod-4 aligned pointer to AES key. 320 * @param keySize AES key size in bytes. Shall equal 16 or 32. 321 * @return status from set key operation 322 */ 323 status_t CAU3_AES_SetKey(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *key, size_t keySize); 324 325 /*! 326 * @brief Encrypts AES on one 128-bit block. 327 * 328 * Encrypts AES. 329 * The source plaintext and destination ciphertext can overlap in system memory. 330 * 331 * @param base CAU3 peripheral base address 332 * @param handle Handle used for this request. 333 * @param plaintext Input plain text to encrypt 334 * @param[out] ciphertext Output cipher text 335 * @return Status from encrypt operation 336 */ 337 status_t CAU3_AES_Encrypt(CAU3_Type *base, cau3_handle_t *handle, const uint8_t plaintext[16], uint8_t ciphertext[16]); 338 339 /*! 340 * @brief Decrypts AES on one 128-bit block. 341 * 342 * Decrypts AES. 343 * The source ciphertext and destination plaintext can overlap in system memory. 344 * 345 * @param base CAU3 peripheral base address 346 * @param handle Handle used for this request. 347 * @param ciphertext Input plain text to encrypt 348 * @param[out] plaintext Output cipher text 349 * @return Status from decrypt operation 350 */ 351 status_t CAU3_AES_Decrypt(CAU3_Type *base, cau3_handle_t *handle, const uint8_t ciphertext[16], uint8_t plaintext[16]); 352 353 /*! 354 * @brief Perform an AES-128 cipher-based authentication code (CMAC) 355 * 356 * Performs an AES-128 cipher-based authentication code (CMAC) on a 357 * message. RFC 4493. 358 * 359 * @param base CAU3 peripheral base address 360 * @param handle Handle used for this request. 361 * @param message is source uint8_t array of data bytes, any alignment 362 * @param size Number of bytes in the message. 363 * @param mac is the output 16 bytes MAC, must be a 0-mod-4 aligned address 364 * @return status check from task completion 365 */ 366 status_t CAU3_AES_Cmac(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *message, size_t size, uint8_t *mac); 367 368 /*! 369 * @brief Perform an AES key expansion for specified key slot 370 * 371 * Performs an AES key expansion (aka schedule) on the specified key slot. It 372 * uses the keySize information in the context to determine whether the key 373 * expansion applies to a 128- or 256-bit AES key. 374 * This function is primarily intended to be called after 375 * key blob has been unwrapped by @ref CAU3_KeyBlobUnwrap to destination key slot, so that the unwrapped key 376 * can be used for AES encryption. 377 * 378 * @param base CAU3 base address 379 * @param keySlot is the key context 380 * @param taskDone indicates completion signal 381 * @return status check from task completion 382 */ 383 status_t CAU3_AES_KeyExpansion(CAU3_Type *base, cau3_key_slot_t keySlot, cau3_task_done_t taskDone); 384 385 /*! 386 *@} 387 */ /* end of cau3_driver_aes */ 388 389 /******************************************************************************* 390 * DES API 391 ******************************************************************************/ 392 /*! 393 * @addtogroup cau3_driver_des 394 * @{ 395 */ 396 397 /*! 398 * @brief Perform a 3DES key parity check 399 * 400 * Performs a 3DES key parity check on three 8-byte keys. 401 * The function is blocking. 402 * 403 * @param base CAU3 peripheral base address 404 * @param keySlot defines the key context to be used in the parity check 405 * 406 * @return status check from task completion 407 */ 408 status_t CAU3_TDES_CheckParity(CAU3_Type *base, cau3_key_slot_t keySlot); 409 410 /*! 411 * @brief Load DES key into CAU3 key slot. 412 * 413 * Load the key context into the private DMEM. 414 * 415 * @param base CAU3 peripheral base address. 416 * @param handle Handle used for the request. 417 * @param key 0-mod-4 aligned pointer to 3DES key. 418 * @param keySize 3DES key size in bytes. Shall equal 24. 419 * @return status from set key operation 420 */ 421 status_t CAU3_TDES_SetKey(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *key, size_t keySize); 422 423 /*! 424 * @brief Perform a 3DES encryption 425 * 426 * Performs a 3DES "electronic code book" encryption on one 8-byte data block. 427 * The source plaintext and destination ciphertext can overlap in system memory. 428 * Supports both blocking and non-blocking task completion. 429 * 430 * @param base CAU3 peripheral base address. 431 * @param handle Handle used for this request. 432 * @param plaintext is source uint8_t array of data bytes, any alignment 433 * @param ciphertext is destination uint8_t array of data byte, any alignment 434 * 435 * @return status check from task completion 436 */ 437 status_t CAU3_TDES_Encrypt(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *plaintext, uint8_t *ciphertext); 438 439 /*! 440 * @brief Perform a 3DES decryption 441 * 442 * Performs a 3DES "electronic code book" decryption on one 8-byte data block. 443 * The source ciphertext and destination plaintext can overlap in sysMemory. 444 * Supports both blocking and non-blocking task completion. 445 * 446 * @param base CAU3 peripheral base address. 447 * @param handle Handle used for this request. 448 * @param ciphertext is destination uint8_t array of data byte, any alignment 449 * @param plaintext is source uint8_t array of data bytes, any alignment 450 * @return status check from task completion 451 */ 452 status_t CAU3_TDES_Decrypt(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *ciphertext, uint8_t *plaintext); 453 454 /*! 455 *@} 456 */ /* end of cau3_driver_des */ 457 458 /******************************************************************************* 459 * HASH API 460 ******************************************************************************/ 461 462 /*! 463 * @addtogroup cau3_driver_hash 464 * @{ 465 */ 466 /*! 467 * @brief Initialize HASH context 468 * 469 * This function initializes the HASH. 470 * 471 * For blocking CAU3 HASH API, the HASH context contains all information required for context switch, 472 * such as running hash. 473 * 474 * @param base CAU3 peripheral base address 475 * @param[out] ctx Output hash context 476 * @param algo Underlaying algorithm to use for hash computation. 477 * @return Status of initialization 478 */ 479 status_t CAU3_HASH_Init(CAU3_Type *base, cau3_hash_ctx_t *ctx, cau3_hash_algo_t algo); 480 481 /*! 482 * @brief Add data to current HASH 483 * 484 * Add data to current HASH. This can be called repeatedly with an arbitrary amount of data to be 485 * hashed. The functions blocks. If it returns kStatus_Success, the running hash or mac 486 * has been updated (CAU3 has processed the input data), so the memory at input pointer 487 * can be released back to system. The context is updated with the running hash or mac 488 * and with all necessary information to support possible context switch. 489 * 490 * @param base CAU3 peripheral base address 491 * @param[in,out] ctx HASH context 492 * @param input Input data 493 * @param inputSize Size of input data in bytes 494 * @return Status of the hash update operation 495 */ 496 status_t CAU3_HASH_Update(CAU3_Type *base, cau3_hash_ctx_t *ctx, const uint8_t *input, size_t inputSize); 497 498 /*! 499 * @brief Finalize hashing 500 * 501 * Outputs the final hash (computed by CAU3_HASH_Update()) and erases the context. 502 * 503 * @param base CAU3 peripheral base address 504 * @param[in,out] ctx Input hash context 505 * @param[out] output Output hash data 506 * @param[out] outputSize Output parameter storing the size of the output hash in bytes 507 * @return Status of the hash finish operation 508 */ 509 status_t CAU3_HASH_Finish(CAU3_Type *base, cau3_hash_ctx_t *ctx, uint8_t *output, size_t *outputSize); 510 511 /*! 512 * @brief Create HASH on given data 513 * 514 * Perform the full SHA in one function call. The function is blocking. 515 * 516 * @param base CAU3 peripheral base address 517 * @param algo Underlaying algorithm to use for hash computation. 518 * @param input Input data 519 * @param inputSize Size of input data in bytes 520 * @param[out] output Output hash data 521 * @param[out] outputSize Output parameter storing the size of the output hash in bytes 522 * @return Status of the one call hash operation. 523 */ 524 status_t CAU3_HASH(CAU3_Type *base, 525 cau3_hash_algo_t algo, 526 const uint8_t *input, 527 size_t inputSize, 528 uint8_t *output, 529 size_t *outputSize); 530 531 /*! 532 *@} 533 */ /* end of cau3_driver_hash */ 534 535 /******************************************************************************* 536 * AEAD API 537 ******************************************************************************/ 538 539 /*! 540 * @addtogroup cau3_driver_chacha_poly 541 * @{ 542 */ 543 544 /*! 545 * @brief Load 256-bit key into CAU3 key context (in key slot). 546 * 547 * Load the key context into the private DMEM for CHACHA20_POLY1305 AEAD. 548 * 549 * @param base CAU3 peripheral base address. 550 * @param handle Handle used for the request. 551 * @param key 0-mod-4 aligned pointer to CHACHA20_POLY1305 256-bit key. 552 * @param keySize Size of the key in bytes. Shall be 32. 553 * @return status from set key operation 554 */ 555 status_t CAU3_CHACHA20_POLY1305_SetKey(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *key, size_t keySize); 556 557 /*! 558 * @brief Perform ChaCha-Poly encryption/authentication 559 * 560 * Perform ChaCha encryption over a message of "n" bytes, and authentication 561 * over the encrypted data plus an additional authenticated data, 562 * returning encrypted data + a message digest. 563 * 564 * @param base CAU3 peripheral base address 565 * @param handle Handle used for this request. The keySlot member specifies key context with key and IV. 566 * @param plaintext The uint8_t source message to be encrypted, any alignment 567 * @param[out] ciphertext is a pointer to the output encrypted message, any aligment 568 * @param size The length of the plaintext and ciphertext in bytes 569 * @param aad A pointer to the additional authenticated data, any alignment 570 * @param aadLen Length of additional authenticated data in bytes 571 * @param nonce 0-mod-4 aligned pointer to CHACHA20_POLY1305 96-bit nonce. 572 * @param[out] tag A pointer to the 128-bit message digest output, any alignment 573 * 574 * @return status check from task completion 575 */ 576 status_t CAU3_CHACHA20_POLY1305_Encrypt(CAU3_Type *base, 577 cau3_handle_t *handle, 578 const uint8_t *plaintext, 579 uint8_t *ciphertext, 580 size_t size, 581 const uint8_t *aad, 582 size_t aadLen, 583 const uint8_t *nonce, 584 uint8_t *tag); 585 586 /*! 587 * @brief Perform ChaCha-Poly decryption/authentication check 588 * 589 * Perform ChaCha decryption over a message of "n" bytes, and checks 590 * authentication over the encrypted data plus an additional authenticated data, 591 * returning decrypted data. IF the tag authentication fails, the task terminates with error and 592 * the output is forced to zero. 593 * 594 * @param base CAU3 peripheral base address 595 * @param handle Handle used for this request. The keySlot member specifies key context with key and IV. 596 * @param ciphertext The uint8_t source msg to be decrypted, any alignment 597 * @param[out] plaintext A pointer to the output decrypted message, any alignment 598 * @param size Length of the plaintext and ciphertext in bytes 599 * @param aad A pointer to the additional authenticated data, any alignment 600 * @param aadLen Length of additional authenticated data in bytes 601 * @param nonce 0-mod-4 aligned pointer to CHACHA20_POLY1305 96-bit nonce. 602 * @param tag A pointer to the 128-bit msg digest input to be checked, any alignment 603 * 604 * @return status check from task completion 605 * 606 */ 607 status_t CAU3_CHACHA20_POLY1305_Decrypt(CAU3_Type *base, 608 cau3_handle_t *handle, 609 const uint8_t *ciphertext, 610 uint8_t *plaintext, 611 size_t size, 612 const uint8_t *aad, 613 size_t aadLen, 614 const uint8_t *nonce, 615 const uint8_t *tag); 616 617 /*! 618 *@} 619 */ /* end of cau3_driver_chacha_poly */ 620 621 /******************************************************************************* 622 * BLOB API 623 ******************************************************************************/ 624 625 /*! 626 * @addtogroup cau3_driver_blob 627 * @{ 628 */ 629 630 /*! 631 * @brief Perform an RFC3394 key blob unwrap 632 * 633 * Perform an RFC3394 unwrap of an AES encrypted key blob. The unwrapped 634 * key blob is loaded into the specified key slot [1-3]. The initial 635 * special hardware KEK contained in key slot 0 is typically used for the 636 * unwrapping operation. The destination context number must be different than 637 * the keySlot used for unwrapping. 638 * Implements the algorithm at RFC 3394 to AES key unwrap. The 639 * current implementation allows to unwrap up to 512 bits, 640 * with the restriction of nblocks=2 or =4 or n=8(means it 641 * unwraps only 128bits, 256bits or two 256 bits keys (512)). It 642 * is allowed input key of 128 and 256bits only (passed using 643 * the keyslot). The function also assumes the 644 * @ref CAU3_LoadSpecialKeyContext was called before. 645 * It returns error and clear the destination context in case 646 * parameters are not inside aceptable values. 647 * In case n>4 && n!=8 it clears both destination contexts (the 648 * dstContext and the adjacent/next context) 649 * In case of n=8, the first unwraped key will be stored in the 650 * dstContext slot, and the second key will be saved in the next 651 * context (E.g: if dstContext=1, then first key goes to slot 1 652 * and second key to slot 2. If dstContext=3 then first key goes 653 * to slot 3 and second key goes to slot 1). 654 * Examples of n usage. 655 * E.g.: n = 2 means a unwraped key of 128 bits (2 * 64) 656 * E.g.: n = 4 means a unwraped key of 256 bits (4 * 64) 657 * E.g.: n = 8 means two unwraped keys of 256 bits (8 * 64) 658 * 659 * The function is blocking, it uses the polling task done signaling. 660 * 661 * @param base CAU3 peripheral base address 662 * @param keySlot is the key used to unwrap the key blob [0-3] 663 * @param keyBlob 0-mod-4 aligned pointer is the RFC3394 wrapped key blob. 664 * @param numberOfBlocks is the unwrapped keyBlob length as multiple of 64-bit blocks 665 * @param dstContext is the destination key context for unwrapped blob [0-3] 666 * @retval status check from task completion 667 */ 668 status_t CAU3_KeyBlobUnwrap(CAU3_Type *base, 669 cau3_key_slot_t keySlot, 670 const uint8_t *keyBlob, 671 uint32_t numberOfBlocks, 672 cau3_key_slot_t dstContext); 673 674 /*! 675 *@} 676 */ /* end of cau3_driver_blob */ 677 678 /******************************************************************************* 679 * PKHA API 680 ******************************************************************************/ 681 682 /*! 683 * @addtogroup cau3_driver_pkha 684 * @{ 685 */ 686 687 int CAU3_PKHA_CompareBigNum(const uint8_t *a, size_t sizeA, const uint8_t *b, size_t sizeB); 688 689 /*! 690 * @brief Converts from integer to Montgomery format. 691 * 692 * This function computes R2 mod N and optionally converts A or B into Montgomery format of A or B. 693 * 694 * @param base CAU3 peripheral base address 695 * @param N modulus 696 * @param sizeN size of N in bytes 697 * @param[in,out] A The first input in non-Montgomery format. Output Montgomery format of the first input. 698 * @param[in,out] sizeA pointer to size variable. On input it holds size of input A in bytes. On output it holds size of 699 * Montgomery format of A in bytes. 700 * @param[in,out] B Second input in non-Montgomery format. Output Montgomery format of the second input. 701 * @param[in,out] sizeB pointer to size variable. On input it holds size of input B in bytes. On output it holds size of 702 * Montgomery format of B in bytes. 703 * @param[out] R2 Output Montgomery factor R2 mod N. 704 * @param[out] sizeR2 pointer to size variable. On output it holds size of Montgomery factor R2 mod N in bytes. 705 * @param equalTime Run the function time equalized or no timing equalization. 706 * @param arithType Type of arithmetic to perform (integer or F2m) 707 * @return Operation status. 708 */ 709 status_t CAU3_PKHA_NormalToMontgomery(CAU3_Type *base, 710 const uint8_t *N, 711 size_t sizeN, 712 uint8_t *A, 713 size_t *sizeA, 714 uint8_t *B, 715 size_t *sizeB, 716 uint8_t *R2, 717 size_t *sizeR2, 718 cau3_pkha_timing_t equalTime, 719 cau3_pkha_f2m_t arithType); 720 721 /*! 722 * @brief Converts from Montgomery format to int. 723 * 724 * This function converts Montgomery format of A or B into int A or B. 725 * 726 * @param base CAU3 peripheral base address 727 * @param N modulus. 728 * @param sizeN size of N modulus in bytes. 729 * @param[in,out] A Input first number in Montgomery format. Output is non-Montgomery format. 730 * @param[in,out] sizeA pointer to size variable. On input it holds size of the input A in bytes. On output it holds 731 * size of non-Montgomery A in bytes. 732 * @param[in,out] B Input first number in Montgomery format. Output is non-Montgomery format. 733 * @param[in,out] sizeB pointer to size variable. On input it holds size of the input B in bytes. On output it holds 734 * size of non-Montgomery B in bytes. 735 * @param equalTime Run the function time equalized or no timing equalization. 736 * @param arithType Type of arithmetic to perform (integer or F2m) 737 * @return Operation status. 738 */ 739 status_t CAU3_PKHA_MontgomeryToNormal(CAU3_Type *base, 740 const uint8_t *N, 741 size_t sizeN, 742 uint8_t *A, 743 size_t *sizeA, 744 uint8_t *B, 745 size_t *sizeB, 746 cau3_pkha_timing_t equalTime, 747 cau3_pkha_f2m_t arithType); 748 749 /*! 750 * @brief Performs modular addition - (A + B) mod N. 751 * 752 * This function performs modular addition of (A + B) mod N, with either 753 * integer or binary polynomial (F2m) inputs. In the F2m form, this function is 754 * equivalent to a bitwise XOR and it is functionally the same as subtraction. 755 * 756 * @param base CAU3 peripheral base address 757 * @param A first addend (integer or binary polynomial) 758 * @param sizeA Size of A in bytes 759 * @param B second addend (integer or binary polynomial) 760 * @param sizeB Size of B in bytes 761 * @param N modulus. 762 * @param sizeN Size of N in bytes. 763 * @param[out] result Output array to store result of operation 764 * @param[out] resultSize Output size of operation in bytes 765 * @param arithType Type of arithmetic to perform (integer or F2m) 766 * @return Operation status. 767 */ 768 status_t CAU3_PKHA_ModAdd(CAU3_Type *base, 769 const uint8_t *A, 770 size_t sizeA, 771 const uint8_t *B, 772 size_t sizeB, 773 const uint8_t *N, 774 size_t sizeN, 775 uint8_t *result, 776 size_t *resultSize, 777 cau3_pkha_f2m_t arithType); 778 779 /*! 780 * @brief Performs modular subtraction - (A - B) mod N. 781 * 782 * This function performs modular subtraction of (A - B) mod N with 783 * integer inputs. 784 * 785 * @param base CAU3 peripheral base address 786 * @param A first addend (integer or binary polynomial) 787 * @param sizeA Size of A in bytes 788 * @param B second addend (integer or binary polynomial) 789 * @param sizeB Size of B in bytes 790 * @param N modulus 791 * @param sizeN Size of N in bytes 792 * @param[out] result Output array to store result of operation 793 * @param[out] resultSize Output size of operation in bytes 794 * @return Operation status. 795 */ 796 status_t CAU3_PKHA_ModSub1(CAU3_Type *base, 797 const uint8_t *A, 798 size_t sizeA, 799 const uint8_t *B, 800 size_t sizeB, 801 const uint8_t *N, 802 size_t sizeN, 803 uint8_t *result, 804 size_t *resultSize); 805 806 /*! 807 * @brief Performs modular subtraction - (B - A) mod N. 808 * 809 * This function performs modular subtraction of (B - A) mod N, 810 * with integer inputs. 811 * 812 * @param base CAU3 peripheral base address 813 * @param A first addend (integer or binary polynomial) 814 * @param sizeA Size of A in bytes 815 * @param B second addend (integer or binary polynomial) 816 * @param sizeB Size of B in bytes 817 * @param N modulus 818 * @param sizeN Size of N in bytes 819 * @param[out] result Output array to store result of operation 820 * @param[out] resultSize Output size of operation in bytes 821 * @return Operation status. 822 */ 823 status_t CAU3_PKHA_ModSub2(CAU3_Type *base, 824 const uint8_t *A, 825 size_t sizeA, 826 const uint8_t *B, 827 size_t sizeB, 828 const uint8_t *N, 829 size_t sizeN, 830 uint8_t *result, 831 size_t *resultSize); 832 833 /*! 834 * @brief Performs modular multiplication - (A x B) mod N. 835 * 836 * This function performs modular multiplication with either integer or 837 * binary polynomial (F2m) inputs. It can optionally specify whether inputs 838 * and/or outputs will be in Montgomery form or not. 839 * 840 * @param base CAU3 peripheral base address 841 * @param A first addend (integer or binary polynomial) 842 * @param sizeA Size of A in bytes 843 * @param B second addend (integer or binary polynomial) 844 * @param sizeB Size of B in bytes 845 * @param N modulus. 846 * @param sizeN Size of N in bytes 847 * @param[out] result Output array to store result of operation 848 * @param[out] resultSize Output size of operation in bytes 849 * @param arithType Type of arithmetic to perform (integer or F2m) 850 * @param montIn Format of inputs 851 * @param montOut Format of output 852 * @param equalTime Run the function time equalized or no timing equalization. This argument is ignored for F2m modular 853 * multiplication. 854 * @return Operation status. 855 */ 856 status_t CAU3_PKHA_ModMul(CAU3_Type *base, 857 const uint8_t *A, 858 size_t sizeA, 859 const uint8_t *B, 860 size_t sizeB, 861 const uint8_t *N, 862 size_t sizeN, 863 uint8_t *result, 864 size_t *resultSize, 865 cau3_pkha_f2m_t arithType, 866 cau3_pkha_montgomery_form_t montIn, 867 cau3_pkha_montgomery_form_t montOut, 868 cau3_pkha_timing_t equalTime); 869 870 /*! 871 * @brief Performs modular exponentiation - (A^E) mod N. 872 * 873 * This function performs modular exponentiation with either integer or 874 * binary polynomial (F2m) inputs. 875 * 876 * @param base CAU3 peripheral base address 877 * @param A first addend (integer or binary polynomial) 878 * @param sizeA Size of A in bytes 879 * @param N modulus 880 * @param sizeN Size of N in bytes 881 * @param E exponent 882 * @param sizeE Size of E in bytes 883 * @param[out] result Output array to store result of operation 884 * @param[out] resultSize Output size of operation in bytes 885 * @param montIn Format of A input (normal or Montgomery) 886 * @param arithType Type of arithmetic to perform (integer or F2m) 887 * @param equalTime Run the function time equalized or no timing equalization. 888 * @return Operation status. 889 */ 890 status_t CAU3_PKHA_ModExp(CAU3_Type *base, 891 const uint8_t *A, 892 size_t sizeA, 893 const uint8_t *N, 894 size_t sizeN, 895 const uint8_t *E, 896 size_t sizeE, 897 uint8_t *result, 898 size_t *resultSize, 899 cau3_pkha_f2m_t arithType, 900 cau3_pkha_montgomery_form_t montIn, 901 cau3_pkha_timing_t equalTime); 902 903 /*! 904 * @brief Performs Modular Square Root. 905 * 906 * This function performs modular square root with integer inputs. 907 * The modular square root function computes output result B, such that ( B x B ) mod N = input A. 908 * If no such B result exists, the result will be set to 0 and the PKHA "prime" flag 909 * will be set. Input values A and B are limited to a maximum size of 128 bytes. Note that 910 * two such square root values may exist. This algorithm will find either one of them, if any 911 * exist. The second possible square root (B') can be found by calculating B' = N - B. 912 * 913 * @param base CAU3 peripheral base address 914 * @param A input value, for which a square root is to be calculated 915 * @param sizeA Size of A in bytes 916 * @param N modulus 917 * @param sizeN Size of N in bytes 918 * @param[out] result Output array to store result of operation 919 * @param[out] resultSize Output size of operation in bytes 920 * @return Operation status. 921 */ 922 status_t CAU3_PKHA_ModSqrt(CAU3_Type *base, 923 const uint8_t *A, 924 size_t sizeA, 925 const uint8_t *N, 926 size_t sizeN, 927 uint8_t *result, 928 size_t *resultSize); 929 930 /*! 931 * @brief Performs modular reduction - (A) mod N. 932 * 933 * This function performs modular reduction with either integer or 934 * binary polynomial (F2m) inputs. 935 * 936 * @param base CAU3 peripheral base address 937 * @param A first addend (integer or binary polynomial) 938 * @param sizeA Size of A in bytes 939 * @param N modulus 940 * @param sizeN Size of N in bytes 941 * @param[out] result Output array to store result of operation 942 * @param[out] resultSize Output size of operation in bytes 943 * @param arithType Type of arithmetic to perform (integer or F2m) 944 * @return Operation status. 945 */ 946 status_t CAU3_PKHA_ModRed(CAU3_Type *base, 947 const uint8_t *A, 948 size_t sizeA, 949 const uint8_t *N, 950 size_t sizeN, 951 uint8_t *result, 952 size_t *resultSize, 953 cau3_pkha_f2m_t arithType); 954 955 /*! 956 * @brief Performs modular inversion - (A^-1) mod N. 957 * 958 * This function performs modular inversion with either integer or 959 * binary polynomial (F2m) inputs. 960 * 961 * @param base CAU3 peripheral base address 962 * @param A first addend (integer or binary polynomial) 963 * @param sizeA Size of A in bytes 964 * @param N modulus 965 * @param sizeN Size of N in bytes 966 * @param[out] result Output array to store result of operation 967 * @param[out] resultSize Output size of operation in bytes 968 * @param arithType Type of arithmetic to perform (integer or F2m) 969 * @return Operation status. 970 */ 971 status_t CAU3_PKHA_ModInv(CAU3_Type *base, 972 const uint8_t *A, 973 size_t sizeA, 974 const uint8_t *N, 975 size_t sizeN, 976 uint8_t *result, 977 size_t *resultSize, 978 cau3_pkha_f2m_t arithType); 979 980 /*! 981 * @brief Computes integer Montgomery factor R^2 mod N. 982 * 983 * This function computes a constant to assist in converting operands 984 * into the Montgomery residue system representation. 985 * 986 * @param base CAU3 peripheral base address 987 * @param N modulus 988 * @param sizeN Size of N in bytes 989 * @param[out] result Output array to store result of operation 990 * @param[out] resultSize Output size of operation in bytes 991 * @param arithType Type of arithmetic to perform (integer or F2m) 992 * @return Operation status. 993 */ 994 status_t CAU3_PKHA_ModR2( 995 CAU3_Type *base, const uint8_t *N, size_t sizeN, uint8_t *result, size_t *resultSize, cau3_pkha_f2m_t arithType); 996 997 /*! 998 * @brief Performs Integer RERP mod P. 999 * 1000 * This function is used to compute a constant to assist in converting operands into the 1001 * Montgomery residue system representation specifically for Chinese Remainder Theorem 1002 * while performing RSA with a CRT implementation where a modulus E=P x Q, and P and 1003 * Q are prime numbers. Although labeled RERP mod P, this routine (function) can also 1004 * compute RERQ mod Q. 1005 * 1006 * @param base CAU3 peripheral base address 1007 * @param P modulus P or Q of CRT, an odd integer 1008 * @param sizeP Size of P in bytes 1009 * @param sizeE Number of bytes of E = P x Q (this size must be given, though content of E itself is not used). 1010 * @param[out] result Output array to store result of operation 1011 * @param[out] resultSize Output size of operation in bytes 1012 * @return Operation status. 1013 */ 1014 status_t CAU3_PKHA_ModRR( 1015 CAU3_Type *base, const uint8_t *P, size_t sizeP, size_t sizeE, uint8_t *result, size_t *resultSize); 1016 1017 /*! 1018 * @brief Calculates the greatest common divisor - GCD (A, N). 1019 * 1020 * This function calculates the greatest common divisor of two inputs with 1021 * either integer or binary polynomial (F2m) inputs. 1022 * 1023 * @param base CAU3 peripheral base address 1024 * @param A first value (must be smaller than or equal to N) 1025 * @param sizeA Size of A in bytes 1026 * @param N second value (must be non-zero) 1027 * @param sizeN Size of N in bytes 1028 * @param[out] result Output array to store result of operation 1029 * @param[out] resultSize Output size of operation in bytes 1030 * @param arithType Type of arithmetic to perform (integer or F2m) 1031 * @return Operation status. 1032 */ 1033 status_t CAU3_PKHA_ModGcd(CAU3_Type *base, 1034 const uint8_t *A, 1035 size_t sizeA, 1036 const uint8_t *N, 1037 size_t sizeN, 1038 uint8_t *result, 1039 size_t *resultSize, 1040 cau3_pkha_f2m_t arithType); 1041 1042 /*! 1043 * @brief Executes Miller-Rabin primality test. 1044 * 1045 * This function calculates whether or not a candidate prime number is likely 1046 * to be a prime. 1047 * 1048 * @param base CAU3 peripheral base address 1049 * @param A initial random seed 1050 * @param sizeA Size of A in bytes 1051 * @param B number of trial runs 1052 * @param sizeB Size of B in bytes 1053 * @param N candidate prime integer 1054 * @param sizeN Size of N in bytes 1055 * @param[out] res True if the value is likely prime or false otherwise 1056 * @return Operation status. 1057 */ 1058 status_t CAU3_PKHA_PrimalityTest(CAU3_Type *base, 1059 const uint8_t *A, 1060 size_t sizeA, 1061 const uint8_t *B, 1062 size_t sizeB, 1063 const uint8_t *N, 1064 size_t sizeN, 1065 bool *res); 1066 1067 /*! 1068 * @brief Adds elliptic curve points - A + B. 1069 * 1070 * This function performs ECC point addition over a prime field (Fp) or binary field (F2m) using 1071 * affine coordinates. 1072 * 1073 * @param base CAU3 peripheral base address 1074 * @param A Left-hand point 1075 * @param B Right-hand point 1076 * @param N Prime modulus of the field 1077 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1078 * CAU3_PKHA_ModR2() function). 1079 * @param aCurveParam A parameter from curve equation 1080 * @param bCurveParam B parameter from curve equation (constant) 1081 * @param size Size in bytes of curve points and parameters 1082 * @param arithType Type of arithmetic to perform (integer or F2m) 1083 * @param[out] result Result point 1084 * @return Operation status. 1085 */ 1086 status_t CAU3_PKHA_ECC_PointAdd(CAU3_Type *base, 1087 const cau3_pkha_ecc_point_t *A, 1088 const cau3_pkha_ecc_point_t *B, 1089 const uint8_t *N, 1090 const uint8_t *R2modN, 1091 const uint8_t *aCurveParam, 1092 const uint8_t *bCurveParam, 1093 size_t size, 1094 cau3_pkha_f2m_t arithType, 1095 cau3_pkha_ecc_point_t *result); 1096 1097 /*! 1098 * @brief Doubles elliptic curve points - B + B. 1099 * 1100 * This function performs ECC point doubling over a prime field (Fp) or binary field (F2m) using 1101 * affine coordinates. 1102 * 1103 * @param base CAU3 peripheral base address 1104 * @param B Point to double 1105 * @param N Prime modulus of the field 1106 * @param aCurveParam A parameter from curve equation 1107 * @param bCurveParam B parameter from curve equation (constant) 1108 * @param size Size in bytes of curve points and parameters 1109 * @param arithType Type of arithmetic to perform (integer or F2m) 1110 * @param[out] result Result point 1111 * @return Operation status. 1112 */ 1113 status_t CAU3_PKHA_ECC_PointDouble(CAU3_Type *base, 1114 const cau3_pkha_ecc_point_t *B, 1115 const uint8_t *N, 1116 const uint8_t *aCurveParam, 1117 const uint8_t *bCurveParam, 1118 size_t size, 1119 cau3_pkha_f2m_t arithType, 1120 cau3_pkha_ecc_point_t *result); 1121 1122 /*! 1123 * @brief Multiplies an elliptic curve point by a scalar - E x (A0, A1). 1124 * 1125 * This function performs ECC point multiplication to multiply an ECC point by 1126 * a scalar integer multiplier over a prime field (Fp) or a binary field (F2m). 1127 * 1128 * @param base CAU3 peripheral base address 1129 * @param A Point as multiplicand 1130 * @param E Scalar multiple 1131 * @param sizeE The size of E, in bytes 1132 * @param N Modulus, a prime number for the Fp field or Irreducible polynomial for F2m field. 1133 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1134 * CAU3_PKHA_ModR2() function). 1135 * @param aCurveParam A parameter from curve equation 1136 * @param bCurveParam B parameter from curve equation (C parameter for operation over F2m). 1137 * @param size Size in bytes of curve points and parameters 1138 * @param equalTime Run the function time equalized or no timing equalization. 1139 * @param arithType Type of arithmetic to perform (integer or F2m) 1140 * @param[out] result Result point 1141 * @return Operation status. 1142 */ 1143 status_t CAU3_PKHA_ECC_PointMul(CAU3_Type *base, 1144 const cau3_pkha_ecc_point_t *A, 1145 const uint8_t *E, 1146 size_t sizeE, 1147 const uint8_t *N, 1148 const uint8_t *R2modN, 1149 const uint8_t *aCurveParam, 1150 const uint8_t *bCurveParam, 1151 size_t size, 1152 cau3_pkha_timing_t equalTime, 1153 cau3_pkha_f2m_t arithType, 1154 cau3_pkha_ecc_point_t *result); 1155 1156 /*! 1157 * @brief Computes scalar multiplication of a point on an elliptic curve in Montgomery form. 1158 * 1159 * This function computes the scalar multiplication of a point on an elliptic curve in 1160 * Montgomery form. The input and output are just the x coordinates of the points. 1161 * The points on a curve are defined by the equation E: B*y^2 = x^3 + A*x^2 + x mod p 1162 * This function computes a point multiplication on a Montgomery curve, using 1163 * Montgomery values, by means of a Montgomery ladder. At the end of the ladder, P2 = P3 + P1, 1164 * where P1 is the input and P3 is the result. 1165 * 1166 * @param base CAU3 peripheral base address 1167 * @param E Scalar multiplier, any integer 1168 * @param sizeE The size of E, in bytes 1169 * @param inputCoordinate Point as multiplicand, an input point's affine x coordinate 1170 * @param A24 elliptic curve a24 parameter, that is, (A+2)/4 1171 * @param N Modulus, a prime number. 1172 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1173 * @ref CAU3_PKHA_ModR2() function). 1174 * @param size Size in bytes of curve points and parameters 1175 * @param equalTime Run the function time equalized or no timing equalization. 1176 * @param[out] outputCoordinate Resulting poin's x affine coordinate. 1177 * @return Operation status. 1178 */ 1179 status_t CAU3_PKHA_ECM_PointMul(CAU3_Type *base, 1180 const uint8_t *E, 1181 size_t sizeE, 1182 const uint8_t *inputCoordinate, 1183 const uint8_t *A24, 1184 const uint8_t *N, 1185 const uint8_t *R2modN, 1186 size_t size, 1187 cau3_pkha_timing_t equalTime, 1188 uint8_t *outputCoordinate); 1189 1190 /*! 1191 * @brief Multiplies an Edwards-form elliptic curve point by a scalar - E x (A0, A1). 1192 * 1193 * This function performs scalar multiplication of an Edwards-form elliptic curve point 1194 * in affine coordinates. 1195 * The points on a curve are defined by the equation E: a*X^2 + d^2 = 1 + D^2*X^2*Y^2 mod N 1196 * 1197 * @param base CAU3 peripheral base address 1198 * @param A Point as multiplicand 1199 * @param E Scalar multiple 1200 * @param sizeE The size of E, in bytes 1201 * @param N Modulus, a prime number for the Fp field. 1202 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1203 * @ref CAU3_PKHA_ModR2() function). 1204 * @param aCurveParam A parameter from curve equation 1205 * @param dCurveParam D parameter from curve equation. 1206 * @param size Size in bytes of curve points and parameters 1207 * @param equalTime Run the function time equalized or no timing equalization. 1208 * @param[out] result Result point 1209 * @return Operation status. 1210 */ 1211 status_t CAU3_PKHA_ECT_PointMul(CAU3_Type *base, 1212 const cau3_pkha_ecc_point_t *A, 1213 const uint8_t *E, 1214 size_t sizeE, 1215 const uint8_t *N, 1216 const uint8_t *R2modN, 1217 const uint8_t *aCurveParam, 1218 const uint8_t *dCurveParam, 1219 size_t size, 1220 cau3_pkha_timing_t equalTime, 1221 cau3_pkha_ecc_point_t *result); 1222 1223 /*! 1224 * @brief Adds an Edwards-form elliptic curve points - A + B. 1225 * 1226 * This function performs Edwards-form elliptic curve point addition over a prime field (Fp) using affine coordinates. 1227 * The points on a curve are defined by the equation E: a*X^2 + Y^2 = 1 + d^2*X^2*Y^2 mod N 1228 * 1229 * @param base CAU3 peripheral base address 1230 * @param A Left-hand point 1231 * @param B Right-hand point 1232 * @param N Prime modulus of the field 1233 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1234 * @ref CAU3_PKHA_ModR2() function). 1235 * @param aCurveParam A parameter from curve equation 1236 * @param dCurveParam D parameter from curve equation 1237 * @param size Size in bytes of curve points and parameters 1238 * @param[out] result Result point 1239 * @return Operation status. 1240 */ 1241 status_t CAU3_PKHA_ECT_PointAdd(CAU3_Type *base, 1242 const cau3_pkha_ecc_point_t *A, 1243 const cau3_pkha_ecc_point_t *B, 1244 const uint8_t *N, 1245 const uint8_t *R2modN, 1246 const uint8_t *aCurveParam, 1247 const uint8_t *dCurveParam, 1248 size_t size, 1249 cau3_pkha_ecc_point_t *result); 1250 1251 /*! 1252 *@} 1253 */ /* end of cau3_driver_pkha */ 1254 1255 #if defined(__cplusplus) 1256 } 1257 #endif 1258 1259 #endif /* FSL_CAU3_H_ */ 1260
