1 /***************************************************************************//**
2 * \file cy_cryptolite_ecdsa.c
3 * \version 2.50
4 *
5 * \brief
6 * This file provides constant and parameters
7 * for the API of the ECDSA in the Cryptolite driver.
8 *
9 ********************************************************************************
10 * Copyright 2020-2021 Cypress Semiconductor Corporation
11 * SPDX-License-Identifier: Apache-2.0
12 *
13 * Licensed under the Apache License, Version 2.0 (the "License");
14 * you may not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS,
21 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
24 *******************************************************************************/
25 #include "cy_device.h"
26
27 #if defined (CY_IP_MXCRYPTOLITE)
28
29 #if defined(__cplusplus)
30 extern "C" {
31 #endif
32
33 #include "cy_sysint.h"
34 #include "cy_cryptolite_ecdsa.h"
35 #include "cy_cryptolite_nist_p.h"
36
37 #if (CRYPTOLITE_VU_PRESENT == 1)
38 #if defined(CY_CRYPTOLITE_CFG_ECDSA_C)
39
40 #include "cy_cryptolite_utils.h"
41 #include "cy_cryptolite_ecc_key_gen.h"
42
43 /*******************************************************************************
44 * Function Name: Cy_Cryptolite_ECC_GetCurveParams
45 ****************************************************************************//**
46 *
47 * Get curve domain parameters if this curve is supported.
48 *
49 * \param curveId
50 * See \ref cy_en_cryptolite_ecc_curve_id_t.
51 *
52 * \return
53 * Pointer to curve domain parameters. See \ref cy_stc_cryptolite_ecc_dp_type.
54 *
55 *******************************************************************************/
Cy_Cryptolite_ECC_GetCurveParams(cy_en_cryptolite_ecc_curve_id_t curveId)56 cy_stc_cryptolite_ecc_dp_type *Cy_Cryptolite_ECC_GetCurveParams(cy_en_cryptolite_ecc_curve_id_t curveId)
57 {
58 /* P192 CURVE PARAMETERS */
59 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP192R1_ENABLED
60 CY_ALIGN(4) static const uint8_t eccP192Polynomial[CY_CRYPTOLITE_ECC_P192_BYTE_SIZE] =
61 {
62 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
63 0xfeu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
64 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
65 };
66
67 CY_ALIGN(4) static const uint8_t eccP192PolyBarrett[CY_CRYPTOLITE_ECC_P192_BYTE_SIZE + 1u] =
68 { /* pre-calculated */
69 0x01u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
70 0x01u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
71 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
72 0x01u
73 };
74 CY_ALIGN(4) static const uint8_t eccP192Order[CY_CRYPTOLITE_ECC_P192_BYTE_SIZE] =
75 {
76 0x31u, 0x28u, 0xD2u, 0xB4u, 0xB1u, 0xC9u, 0x6Bu, 0x14u,
77 0x36u, 0xF8u, 0xDEu, 0x99u, 0xffu, 0xffu, 0xffu, 0xffu,
78 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu
79 };
80
81 /* barrett_o: "1000000000000000000000000662107c9eb94364e4b2dd7cf" */
82 CY_ALIGN(4) static const uint8_t eccP192OrderBarrett[CY_CRYPTOLITE_ECC_P192_BYTE_SIZE + 1u] =
83 { /* pre-calculated */
84 0xcfu, 0xd7u, 0x2du, 0x4bu, 0x4eu, 0x36u, 0x94u, 0xebu,
85 0xc9u, 0x07u, 0x21u, 0x66u, 0x00u, 0x00u, 0x00u, 0x00u,
86 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
87 0x01u
88 };
89
90 /* base point x: "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012" */
91 CY_ALIGN(4) static const uint8_t eccP192BasePointX[CY_CRYPTOLITE_ECC_P192_BYTE_SIZE] =
92 {
93 0x12u, 0x10u, 0xffu, 0x82u, 0xfdu, 0x0au, 0xffu, 0xf4u,
94 0x00u, 0x88u, 0xa1u, 0x43u, 0xebu, 0x20u, 0xbfu, 0x7cu,
95 0xf6u, 0x90u, 0x30u, 0xb0u, 0x0eu, 0xa8u, 0x8du, 0x18u
96 };
97
98 /* base point y: "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811" */
99 CY_ALIGN(4) static const uint8_t eccP192BasePointY[CY_CRYPTOLITE_ECC_P192_BYTE_SIZE] =
100 {
101 0x11u, 0x48u, 0x79u, 0x1eu, 0xa1u, 0x77u, 0xf9u, 0x73u,
102 0xd5u, 0xcdu, 0x24u, 0x6bu, 0xedu, 0x11u, 0x10u, 0x63u,
103 0x78u, 0xdau, 0xc8u, 0xffu, 0x95u, 0x2bu, 0x19u, 0x07u
104 };
105 #endif
106 /* P224 CURVE PARAMETERS */
107 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP224R1_ENABLED
108 CY_ALIGN(4) static const uint8_t eccP224Polynomial[CY_CRYPTOLITE_ECC_P224_BYTE_SIZE] =
109 {
110 0x01u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
111 0x00u, 0x00u, 0x00u, 0x00u, 0xffu, 0xffu, 0xffu, 0xffu,
112 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
113 0xffu, 0xffu, 0xffu, 0xffu
114 };
115
116 CY_ALIGN(4) static const uint8_t eccP224PolyBarrett[CY_CRYPTOLITE_ECC_P224_BYTE_SIZE + 1u] =
117 { /* pre-calculated */
118 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
119 0xffu, 0xffu, 0xffu, 0xffu, 0x00u, 0x00u, 0x00u, 0x00u,
120 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
121 0x00u, 0x00u, 0x00u, 0x00u, 0x01u
122 };
123
124 CY_ALIGN(4) static const uint8_t eccP224Order[CY_CRYPTOLITE_ECC_P224_BYTE_SIZE] =
125 {
126 0x3Du, 0x2Au, 0x5Cu, 0x5Cu, 0x45u, 0x29u, 0xDDu, 0x13u,
127 0x3Eu, 0xF0u, 0xB8u, 0xE0u, 0xA2u, 0x16u, 0xffu, 0xffu,
128 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
129 0xffu, 0xffu, 0xffu, 0xffu
130 };
131 /* barrett_o: "10000000000000000000000000000e95d1f470fc1ec22d6baa3a3d5c3" */
132 CY_ALIGN(4) static const uint8_t eccP224OrderBarrett[CY_CRYPTOLITE_ECC_P224_BYTE_SIZE + 1u] =
133 { /* pre-calculated */
134 0xc3u, 0xd5u, 0xa3u, 0xa3u, 0xbau, 0xd6u, 0x22u, 0xecu,
135 0xc1u, 0x0fu, 0x47u, 0x1fu, 0x5du, 0xe9u, 0x00u, 0x00u,
136 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
137 0x00u, 0x00u, 0x00u, 0x00u, 0x01u
138 };
139
140 /* Gx - base point x: "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21" */
141 CY_ALIGN(4) static const uint8_t eccP224BasePointX[CY_CRYPTOLITE_ECC_P224_BYTE_SIZE] =
142 {
143 0x21u, 0x1du, 0x5cu, 0x11u, 0xd6u, 0x80u, 0x32u, 0x34u,
144 0x22u, 0x11u, 0xc2u, 0x56u, 0xd3u, 0xc1u, 0x03u, 0x4au,
145 0xb9u, 0x90u, 0x13u, 0x32u, 0x7fu, 0xbfu, 0xb4u, 0x6bu,
146 0xbdu, 0x0cu, 0x0eu, 0xb7u
147 };
148
149 /* Gy - base point y: "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34" */
150 CY_ALIGN(4) static const uint8_t eccP224BasePointY[CY_CRYPTOLITE_ECC_P224_BYTE_SIZE] =
151 {
152 0x34u, 0x7eu, 0x00u, 0x85u, 0x99u, 0x81u, 0xd5u, 0x44u,
153 0x64u, 0x47u, 0x07u, 0x5au, 0xa0u, 0x75u, 0x43u, 0xcdu,
154 0xe6u, 0xdfu, 0x22u, 0x4cu, 0xfbu, 0x23u, 0xf7u, 0xb5u,
155 0x88u, 0x63u, 0x37u, 0xbdu
156 };
157 #endif
158 /* P256 CURVE PARAMETERS */
159 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP256R1_ENABLED
160 /* prime: "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF" */
161 CY_ALIGN(4) static const uint8_t eccP256Polynomial[CY_CRYPTOLITE_ECC_P256_BYTE_SIZE] =
162 {
163 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
164 0xffu, 0xffu, 0xffu, 0xffu, 0x00u, 0x00u, 0x00u, 0x00u,
165 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
166 0x01u, 0x00u, 0x00u, 0x00u, 0xffu, 0xffu, 0xffu, 0xffu
167 };
168
169 /* barrett_p: "100000000fffffffffffffffefffffffefffffffeffffffff0000000000000003" */
170 CY_ALIGN(4) static const uint8_t eccP256PolyBarrett[CY_CRYPTOLITE_ECC_P256_BYTE_SIZE + 1u] =
171 { /* pre-calculated! */
172 0x03u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
173 0xffu, 0xffu, 0xffu, 0xffu, 0xfeu, 0xffu, 0xffu, 0xffu,
174 0xfeu, 0xffu, 0xffu, 0xffu, 0xfeu, 0xffu, 0xffu, 0xffu,
175 0xffu, 0xffu, 0xffu, 0xffu, 0x00u, 0x00u, 0x00u, 0x00u,
176 0x01u
177 };
178
179 /* order: "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551" */
180 CY_ALIGN(4) static const uint8_t eccP256Order[CY_CRYPTOLITE_ECC_P256_BYTE_SIZE] =
181 {
182 0x51u, 0x25u, 0x63u, 0xfcu, 0xc2u, 0xcau, 0xb9u, 0xf3u,
183 0x84u, 0x9eu, 0x17u, 0xa7u, 0xadu, 0xfau, 0xe6u, 0xbcu,
184 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
185 0x00u, 0x00u, 0x00u, 0x00u, 0xffu, 0xffu, 0xffu, 0xffu
186 };
187
188 /* barrett_o: 100000000fffffffffffffffeffffffff43190552df1a6c21012ffd85eedf9bfe" */
189 CY_ALIGN(4) static const uint8_t eccP256OrderBarrett[CY_CRYPTOLITE_ECC_P256_BYTE_SIZE + 1u] =
190 { /* pre-calculated */
191 0xfeu, 0x9bu, 0xdfu, 0xeeu, 0x85u, 0xfdu, 0x2fu, 0x01u,
192 0x21u, 0x6cu, 0x1au, 0xdfu, 0x52u, 0x05u, 0x19u, 0x43u,
193 0xffu, 0xffu, 0xffu, 0xffu, 0xfeu, 0xffu, 0xffu, 0xffu,
194 0xffu, 0xffu, 0xffu, 0xffu, 0x00u, 0x00u, 0x00u, 0x00u,
195 0x01u
196 };
197
198 /* base point x: "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296" */
199 CY_ALIGN(4) static const uint8_t eccP256BasePointX[CY_CRYPTOLITE_ECC_P256_BYTE_SIZE] =
200 {
201 0x96u, 0xc2u, 0x98u, 0xd8u, 0x45u, 0x39u, 0xa1u, 0xf4u,
202 0xa0u, 0x33u, 0xebu, 0x2du, 0x81u, 0x7du, 0x03u, 0x77u,
203 0xf2u, 0x40u, 0xa4u, 0x63u, 0xe5u, 0xe6u, 0xbcu, 0xf8u,
204 0x47u, 0x42u, 0x2cu, 0xe1u, 0xf2u, 0xd1u, 0x17u, 0x6bu
205 };
206
207 /* base point y: "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5" */
208 CY_ALIGN(4) static const uint8_t eccP256BasePointY[CY_CRYPTOLITE_ECC_P256_BYTE_SIZE] =
209 {
210 0xf5u, 0x51u, 0xbfu, 0x37u, 0x68u, 0x40u, 0xb6u, 0xcbu,
211 0xceu, 0x5eu, 0x31u, 0x6bu, 0x57u, 0x33u, 0xceu, 0x2bu,
212 0x16u, 0x9eu, 0x0fu, 0x7cu, 0x4au, 0xebu, 0xe7u, 0x8eu,
213 0x9bu, 0x7fu, 0x1au, 0xfeu, 0xe2u, 0x42u, 0xe3u, 0x4fu,
214 };
215 #endif
216 /* P384 CURVE PARAMETERS */
217 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP384R1_ENABLED
218 /* prime: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF" */
219 CY_ALIGN(4) static const uint8_t eccP384Polynomial[CY_CRYPTOLITE_ECC_P384_BYTE_SIZE] =
220 {
221 0xffu, 0xffu, 0xffu, 0xffu, 0x00u, 0x00u, 0x00u, 0x00u,
222 0x00u, 0x00u, 0x00u, 0x00u, 0xffu, 0xffu, 0xffu, 0xffu,
223 0xfeu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
224 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
225 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
226 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu
227 };
228
229 /* barrett_p: "1000000000000000000000000000000000000000000000000000000000000000100000000ffffffffffffffff00000001" */
230 CY_ALIGN(4) static const uint8_t eccP384PolyBarrett[CY_CRYPTOLITE_ECC_P384_BYTE_SIZE + 1u] =
231 { /* pre-calculated */
232 0x01u, 0x00u, 0x00u, 0x00u, 0xffu, 0xffu, 0xffu, 0xffu,
233 0xffu, 0xffu, 0xffu, 0xffu, 0x00u, 0x00u, 0x00u, 0x00u,
234 0x01u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
235 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
236 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
237 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
238 0x01u
239 };
240
241 /* order: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973" */
242 CY_ALIGN(4) static const uint8_t eccP384Order[CY_CRYPTOLITE_ECC_P384_BYTE_SIZE] =
243 {
244 0x73u, 0x29u, 0xC5u, 0xCCu, 0x6Au, 0x19u, 0xECu, 0xECu,
245 0x7Au, 0xA7u, 0xB0u, 0x48u, 0xB2u, 0x0Du, 0x1Au, 0x58u,
246 0xDFu, 0x2Du, 0x37u, 0xF4u, 0x81u, 0x4Du, 0x63u, 0xC7u,
247 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
248 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
249 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu
250 };
251
252 /* barrett_o: "1000000000000000000000000000000000000000000000000389cb27e0bc8d220a7e5f24db74f58851313e695333ad68d" */
253 CY_ALIGN(4) static const uint8_t eccP384OrderBarrett[CY_CRYPTOLITE_ECC_P384_BYTE_SIZE + 1u] =
254 { /* pre-calculated */
255 0x8du, 0xd6u, 0x3au, 0x33u, 0x95u, 0xe6u, 0x13u, 0x13u,
256 0x85u, 0x58u, 0x4fu, 0xb7u, 0x4du, 0xf2u, 0xe5u, 0xa7u,
257 0x20u, 0xd2u, 0xc8u, 0x0bu, 0x7eu, 0xb2u, 0x9cu, 0x38u,
258 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
259 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
260 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
261 0x01u
262 };
263
264 /* base point x: "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7" */
265 CY_ALIGN(4) static const uint8_t eccP384BasePointX[CY_CRYPTOLITE_ECC_P384_BYTE_SIZE] =
266 {
267 0xb7u, 0x0au, 0x76u, 0x72u, 0x38u, 0x5eu, 0x54u, 0x3au,
268 0x6cu, 0x29u, 0x55u, 0xbfu, 0x5du, 0xf2u, 0x02u, 0x55u,
269 0x38u, 0x2au, 0x54u, 0x82u, 0xe0u, 0x41u, 0xf7u, 0x59u,
270 0x98u, 0x9bu, 0xa7u, 0x8bu, 0x62u, 0x3bu, 0x1du, 0x6eu,
271 0x74u, 0xadu, 0x20u, 0xf3u, 0x1eu, 0xc7u, 0xb1u, 0x8eu,
272 0x37u, 0x05u, 0x8bu, 0xbeu, 0x22u, 0xcau, 0x87u, 0xaau
273 };
274
275 /* base point y: "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F" */
276 CY_ALIGN(4) static const uint8_t eccP384BasePointY[CY_CRYPTOLITE_ECC_P384_BYTE_SIZE] =
277 {
278 0x5fu, 0x0eu, 0xeau, 0x90u, 0x7cu, 0x1du, 0x43u, 0x7au,
279 0x9du, 0x81u, 0x7eu, 0x1du, 0xceu, 0xb1u, 0x60u, 0x0au,
280 0xc0u, 0xb8u, 0xf0u, 0xb5u, 0x13u, 0x31u, 0xdau, 0xe9u,
281 0x7cu, 0x14u, 0x9au, 0x28u, 0xbdu, 0x1du, 0xf4u, 0xf8u,
282 0x29u, 0xdcu, 0x92u, 0x92u, 0xbfu, 0x98u, 0x9eu, 0x5du,
283 0x6fu, 0x2cu, 0x26u, 0x96u, 0x4au, 0xdeu, 0x17u, 0x36u
284 };
285 #endif
286 /* P521 CURVE PARAMETERS */
287 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP521R1_ENABLED
288 CY_ALIGN(4) static const uint8_t eccP521Polynomial[CY_CRYPTOLITE_ECC_P521_BYTE_SIZE] =
289 {
290 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
291 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
292 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
293 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
294 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
295 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
296 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
297 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
298 0xffu, 0x01u, 0x00u, 0x00u
299 };
300
301 CY_ALIGN(4) static const uint8_t eccP521PolyBarrett[CY_CRYPTOLITE_ECC_P521_BYTE_SIZE] =
302 { /* pre-calculated */
303 0x01u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
304 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
305 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
306 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
307 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
308 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
309 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
310 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
311 0x00u, 0x02u, 0x00u, 0x00u
312 };
313
314 CY_ALIGN(4) static const uint8_t eccP521Order[CY_CRYPTOLITE_ECC_P521_BYTE_SIZE] =
315 {
316 0x09u, 0x64u, 0x38u, 0x91u, 0x1Eu, 0xB7u, 0x6Fu, 0xBBu,
317 0xAEu, 0x47u, 0x9Cu, 0x89u, 0xB8u, 0xC9u, 0xB5u, 0x3Bu,
318 0xD0u, 0xA5u, 0x09u, 0xF7u, 0x48u, 0x01u, 0xCCu, 0x7Fu,
319 0x6Bu, 0x96u, 0x2Fu, 0xBFu, 0x83u, 0x87u, 0x86u, 0x51u,
320 0xFAu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
321 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
322 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
323 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu, 0xffu,
324 0xffu, 0x01u, 0x00u, 0x00u
325 };
326
327 /* barrett_o: "2000000000000000000000000000000000000000000000000000000000000000005ae79787c40d069948033feb708f65a2fc44a36477663b851449048e16ec79bf7" */
328 CY_ALIGN(4) static const uint8_t eccP521OrderBarrett[CY_CRYPTOLITE_ECC_P521_BYTE_SIZE] =
329 { /* pre-calculated */
330 0xf7u, 0x9bu, 0xc7u, 0x6eu, 0xe1u, 0x48u, 0x90u, 0x44u,
331 0x51u, 0xb8u, 0x63u, 0x76u, 0x47u, 0x36u, 0x4au, 0xc4u,
332 0x2fu, 0x5au, 0xf6u, 0x08u, 0xb7u, 0xfeu, 0x33u, 0x80u,
333 0x94u, 0x69u, 0xd0u, 0x40u, 0x7cu, 0x78u, 0x79u, 0xaeu,
334 0x05u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
335 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
336 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
337 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u, 0x00u,
338 0x00u, 0x02u, 0x00u, 0x00u
339 };
340
341 /* base point x: "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66" */
342 CY_ALIGN(4) static const uint8_t eccP521BasePointX[CY_CRYPTOLITE_ECC_P521_BYTE_SIZE] =
343 {
344 0x66u, 0xbdu, 0xe5u, 0xc2u, 0x31u, 0x7eu, 0x7eu, 0xf9u,
345 0x9bu, 0x42u, 0x6au, 0x85u, 0xc1u, 0xb3u, 0x48u, 0x33u,
346 0xdeu, 0xa8u, 0xffu, 0xa2u, 0x27u, 0xc1u, 0x1du, 0xfeu,
347 0x28u, 0x59u, 0xe7u, 0xefu, 0x77u, 0x5eu, 0x4bu, 0xa1u,
348 0xbau, 0x3du, 0x4du, 0x6bu, 0x60u, 0xafu, 0x28u, 0xf8u,
349 0x21u, 0xb5u, 0x3fu, 0x05u, 0x39u, 0x81u, 0x64u, 0x9cu,
350 0x42u, 0xb4u, 0x95u, 0x23u, 0x66u, 0xcbu, 0x3eu, 0x9eu,
351 0xcdu, 0xe9u, 0x04u, 0x04u, 0xb7u, 0x06u, 0x8eu, 0x85u,
352 0xc6u, 0x00u, 0x00u, 0x00u
353 };
354
355 /* base point y: "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650" */
356 CY_ALIGN(4) static const uint8_t eccP521BasePointY[CY_CRYPTOLITE_ECC_P521_BYTE_SIZE] =
357 {
358 0x50u, 0x66u, 0xd1u, 0x9fu, 0x76u, 0x94u, 0xbeu, 0x88u,
359 0x40u, 0xc2u, 0x72u, 0xa2u, 0x86u, 0x70u, 0x3cu, 0x35u,
360 0x61u, 0x07u, 0xadu, 0x3fu, 0x01u, 0xb9u, 0x50u, 0xc5u,
361 0x40u, 0x26u, 0xf4u, 0x5eu, 0x99u, 0x72u, 0xeeu, 0x97u,
362 0x2cu, 0x66u, 0x3eu, 0x27u, 0x17u, 0xbdu, 0xafu, 0x17u,
363 0x68u, 0x44u, 0x9bu, 0x57u, 0x49u, 0x44u, 0xf5u, 0x98u,
364 0xd9u, 0x1bu, 0x7du, 0x2cu, 0xb4u, 0x5fu, 0x8au, 0x5cu,
365 0x04u, 0xc0u, 0x3bu, 0x9au, 0x78u, 0x6au, 0x29u, 0x39u,
366 0x18u, 0x01u, 0x00u, 0x00u
367 };
368 #endif
369
370 static const cy_stc_cryptolite_ecc_dp_type eccDomainParams[] =
371 {
372 {
373 CY_CRYPTOLITE_ECC_ECP_NONE,
374 0u,
375 NULL,
376 CY_CRYPTOLITE_NIST_P_CURVE_SPECIFIC_RED_ALG,
377 NULL,
378 NULL,
379 NULL,
380 NULL,
381 NULL,
382 NULL
383 },
384 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP192R1_ENABLED
385 {
386 CY_CRYPTOLITE_ECC_ECP_SECP192R1,
387 CY_CRYPTOLITE_ECC_P192_SIZE,
388 "NIST P-192",
389 CY_CRYPTOLITE_NIST_P_CURVE_SPECIFIC_RED_ALG,
390 /* prime: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF" */
391 eccP192Polynomial,
392 /* barrett_p: "1000000000000000000000000000000010000000000000001" */
393 eccP192PolyBarrett,
394 /* order: "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831" */
395 eccP192Order,
396 /* barrett_o: "1000000000000000000000000662107c9eb94364e4b2dd7cf" */
397 eccP192OrderBarrett,
398 /* base point x: "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012" */
399 eccP192BasePointX,
400 /* base point y: "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811" */
401 eccP192BasePointY
402 },
403 #endif
404 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP224R1_ENABLED
405 {
406 CY_CRYPTOLITE_ECC_ECP_SECP224R1,
407 CY_CRYPTOLITE_ECC_P224_SIZE,
408 "NIST P-224",
409 CY_CRYPTOLITE_NIST_P_CURVE_SPECIFIC_RED_ALG,
410 /* prime: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001" */
411 eccP224Polynomial,
412 /* barrett_p: "100000000000000000000000000000000ffffffffffffffffffffffff" */
413 eccP224PolyBarrett,
414 /* order: "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D" */
415 eccP224Order,
416 /* barrett_o: "10000000000000000000000000000e95d1f470fc1ec22d6baa3a3d5c3" */
417 eccP224OrderBarrett,
418 /* Gx - base point x: "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21" */
419 eccP224BasePointX,
420 /* Gy - base point y: "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34" */
421 eccP224BasePointY
422 },
423 #endif
424 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP256R1_ENABLED
425 {
426 CY_CRYPTOLITE_ECC_ECP_SECP256R1,
427 CY_CRYPTOLITE_ECC_P256_SIZE,
428 "NIST P-256",
429 CY_CRYPTOLITE_NIST_P_BARRETT_RED_ALG,
430 /* prime: "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF" */
431 eccP256Polynomial,
432 /* barrett_p: "100000000fffffffffffffffefffffffefffffffeffffffff0000000000000003" */
433 eccP256PolyBarrett,
434 /* order: "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551" */
435 eccP256Order,
436 /* barrett_o: "100000000fffffffffffffffeffffffff43190552df1a6c21012ffd85eedf9bfe" */
437 eccP256OrderBarrett,
438 /* Gx - base point x: "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296" */
439 eccP256BasePointX,
440 /* Gy - base point y: "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5" */
441 eccP256BasePointY
442 },
443 #endif
444 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP384R1_ENABLED
445 {
446 CY_CRYPTOLITE_ECC_ECP_SECP384R1,
447 CY_CRYPTOLITE_ECC_P384_SIZE,
448 "NIST P-384",
449 CY_CRYPTOLITE_NIST_P_BARRETT_RED_ALG,
450 /* prime: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF" */
451 eccP384Polynomial,
452 /* barrett_p: "1000000000000000000000000000000000000000000000000000000000000000100000000ffffffffffffffff00000001" */
453 eccP384PolyBarrett,
454 /* order: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973" */
455 eccP384Order,
456 /* barrett_o: "1000000000000000000000000000000000000000000000000389cb27e0bc8d220a7e5f24db74f58851313e695333ad68d" */
457 eccP384OrderBarrett,
458 /* base point x: "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7" */
459 eccP384BasePointX,
460 /* base point y: "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F" */
461 eccP384BasePointY
462 },
463 #endif
464 #ifdef CY_CRYPTOLITE_CFG_ECP_DP_SECP521R1_ENABLED
465 {
466 CY_CRYPTOLITE_ECC_ECP_SECP521R1,
467 CY_CRYPTOLITE_ECC_P521_SIZE,
468 "NIST P-521",
469 CY_CRYPTOLITE_NIST_P_CURVE_SPECIFIC_RED_ALG,
470 /* prime: "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" */
471 eccP521Polynomial,
472 /* barrett_p: "20000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001" */
473 eccP521PolyBarrett,
474 /* order: "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409" */
475 eccP521Order,
476 /* barrett_o: "2000000000000000000000000000000000000000000000000000000000000000005ae79787c40d069948033feb708f65a2fc44a36477663b851449048e16ec79bf7" */
477 eccP521OrderBarrett,
478 /* base point x: "0C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66" */
479 eccP521BasePointX,
480 /* base point y: "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650" */
481 eccP521BasePointY
482 }
483 #endif
484 };
485
486 cy_stc_cryptolite_ecc_dp_type *tmpResult = NULL;
487
488 if ((curveId > CY_CRYPTOLITE_ECC_ECP_NONE) && (curveId < CY_CRYPTOLITE_ECC_ECP_CURVES_CNT))
489 {
490 tmpResult = (cy_stc_cryptolite_ecc_dp_type *)&eccDomainParams[curveId];
491 }
492
493 return tmpResult;
494 }
495
496
497 /*******************************************************************************
498 * Function Name: Cy_Cryptolite_ECC_Init
499 ****************************************************************************//*
500 *
501 * Init ECC Context.
502 *
503 * \param base
504 * The pointer to a Cryptolite instance.
505 *
506 * \param cfContext
507 * The pointer to the cy_stc_cryptolite_context_ecdsa_t.
508 *
509 * \param eccBuffer
510 * The pointer to the cy_stc_cryptolite_ecc_buffer_t.
511 *
512 * \return status code. See \ref cy_en_cryptolite_status_t.
513 *
514 *******************************************************************************/
Cy_Cryptolite_ECC_Init(CRYPTOLITE_Type * base,cy_stc_cryptolite_context_ecdsa_t * cfContext,cy_stc_cryptolite_ecc_buffer_t * eccBuffer)515 cy_en_cryptolite_status_t Cy_Cryptolite_ECC_Init(CRYPTOLITE_Type *base,
516 cy_stc_cryptolite_context_ecdsa_t *cfContext,
517 cy_stc_cryptolite_ecc_buffer_t *eccBuffer)
518 {
519 if(base == NULL || cfContext == NULL || eccBuffer == NULL)
520 {
521 return CY_CRYPTOLITE_BAD_PARAMS;
522 }
523
524 cfContext->my_BARRETT_U = eccBuffer->my_BARRETT_U;
525 cfContext->my_P = eccBuffer->my_P;
526 cfContext->dividend = eccBuffer->dividend;
527 cfContext->p_r = eccBuffer->p_r;
528 cfContext->p_s = eccBuffer->p_s;
529 cfContext->p_u1 = eccBuffer->p_u1;
530 cfContext->p_u2 = eccBuffer->p_u2;
531 cfContext->p_o = eccBuffer->p_o;
532 cfContext->p_gx = eccBuffer->p_gx;
533 cfContext->p_gy = eccBuffer->p_gy;
534 cfContext->p_qx = eccBuffer->p_qx;
535 cfContext->p_qy = eccBuffer->p_qy;
536 cfContext->p_buf = eccBuffer->p_buf;
537
538 return CY_CRYPTOLITE_SUCCESS;
539 }
540
541 /*******************************************************************************
542 * Function Name: Cy_Cryptolite_ECC_Free
543 ****************************************************************************//*
544 *
545 * Clean up ECC Context.
546 *
547 * \param base
548 * The pointer to a Cryptolite instance.
549 *
550 * \param cfContext
551 * The pointer to the cy_stc_cryptolite_context_ecdsa_t.
552 *
553 * \return status code. See \ref cy_en_cryptolite_status_t.
554 *
555 *******************************************************************************/
Cy_Cryptolite_ECC_Free(CRYPTOLITE_Type * base,cy_stc_cryptolite_context_ecdsa_t * cfContext)556 cy_en_cryptolite_status_t Cy_Cryptolite_ECC_Free(CRYPTOLITE_Type *base,
557 cy_stc_cryptolite_context_ecdsa_t *cfContext)
558 {
559 if(base == NULL || cfContext == NULL)
560 {
561 return CY_CRYPTOLITE_BAD_PARAMS;
562 }
563
564 if(cfContext->my_BARRETT_U != NULL)
565 {
566 Cy_Cryptolite_Vu_clr(cfContext->my_BARRETT_U, VU_BITS_TO_WORDS(BIT_SIZE+1U));
567 cfContext->my_BARRETT_U = NULL;
568 }
569 if(cfContext->my_P != NULL)
570 {
571 Cy_Cryptolite_Vu_clr(cfContext->my_P, VU_BITS_TO_WORDS(BIT_SIZE));
572 cfContext->my_P = NULL;
573 }
574 if(cfContext->dividend != NULL)
575 {
576 Cy_Cryptolite_Vu_clr(cfContext->dividend, VU_BITS_TO_WORDS(BIT_SIZE));
577 cfContext->dividend = NULL;
578 }
579 if(cfContext->p_r != NULL)
580 {
581 Cy_Cryptolite_Vu_clr(cfContext->p_r, VU_BITS_TO_WORDS(BIT_SIZE));
582 cfContext->p_r = NULL;
583 }
584 if(cfContext->p_s != NULL)
585 {
586 Cy_Cryptolite_Vu_clr(cfContext->p_s, VU_BITS_TO_WORDS(BIT_SIZE));
587 cfContext->p_s = NULL;
588 }
589 if(cfContext->p_u1 != NULL)
590 {
591 Cy_Cryptolite_Vu_clr(cfContext->p_u1, VU_BITS_TO_WORDS(BIT_SIZE));
592 cfContext->p_u1 = NULL;
593 }
594 if(cfContext->p_u2 != NULL)
595 {
596 Cy_Cryptolite_Vu_clr(cfContext->p_u2, VU_BITS_TO_WORDS(BIT_SIZE));
597 cfContext->p_u2 = NULL;
598 }
599 if(cfContext->p_o != NULL)
600 {
601 Cy_Cryptolite_Vu_clr(cfContext->p_o, VU_BITS_TO_WORDS(BIT_SIZE));
602 cfContext->p_o = NULL;
603 }
604 if(cfContext->p_gx != NULL)
605 {
606 Cy_Cryptolite_Vu_clr(cfContext->p_gx, VU_BITS_TO_WORDS(BIT_SIZE));
607 cfContext->p_gx = NULL;
608 }
609 if(cfContext->p_gy != NULL)
610 {
611 Cy_Cryptolite_Vu_clr(cfContext->p_gy, VU_BITS_TO_WORDS(BIT_SIZE));
612 cfContext->p_gy = NULL;
613 }
614 if(cfContext->p_qx != NULL)
615 {
616 Cy_Cryptolite_Vu_clr(cfContext->p_qx, VU_BITS_TO_WORDS(BIT_SIZE));
617 cfContext->p_qx = NULL;
618 }
619 if(cfContext->p_qy != NULL)
620 {
621 Cy_Cryptolite_Vu_clr(cfContext->p_qy, VU_BITS_TO_WORDS(BIT_SIZE));
622 cfContext->p_qy = NULL;
623 }
624 if(cfContext->p_buf != NULL)
625 {
626 Cy_Cryptolite_Vu_clr(cfContext->p_buf, VU_BITS_TO_WORDS(BIT_SIZE+1U));
627 cfContext->p_buf = NULL;
628 }
629 return CY_CRYPTOLITE_SUCCESS;
630 }
631
632 #if defined(CY_CRYPTOLITE_CFG_ECDSA_SIGN_C)
633 /*******************************************************************************
634 * Function Name: Cy_Cryptolite_ECC_SignHash
635 ****************************************************************************//*
636 *
637 * Function to generate an ECC signature.
638 * key, hash and messageKey must be in little endian.
639 * Cy_Cryptolite_InvertEndianness() function is used for converting the endianness.
640 *
641 * \param base
642 * The pointer to a Cryptolite instance.
643 *
644 * \param cfContext
645 * The pointer to the cy_stc_cryptolite_context_ecdsa_t.
646 *
647 * \param hash
648 * The hash (message digest) to be signed.
649 *
650 * \param hashlen
651 * The length of the hash (octets).
652 *
653 * \param sig
654 * The pointer to the buffer to store the generated signature 'R' followed by 'S'.
655 *
656 * \param key
657 * The private ECC key to sign the hash. See \ref cy_stc_cryptolite_ecc_key.
658 *
659 * \param messageKey
660 * The random number for generating the signature.
661 *
662 * \return status code. See \ref cy_en_cryptolite_status_t.
663 *
664 *******************************************************************************/
Cy_Cryptolite_ECC_SignHash(CRYPTOLITE_Type * base,cy_stc_cryptolite_context_ecdsa_t * cfContext,const uint8_t * hash,uint32_t hashlen,uint8_t * sig,const cy_stc_cryptolite_ecc_key * key,const uint8_t * messageKey)665 cy_en_cryptolite_status_t Cy_Cryptolite_ECC_SignHash(CRYPTOLITE_Type *base,
666 cy_stc_cryptolite_context_ecdsa_t *cfContext, const uint8_t *hash, uint32_t hashlen, uint8_t *sig,
667 const cy_stc_cryptolite_ecc_key *key, const uint8_t *messageKey)
668 {
669 cy_en_cryptolite_status_t result = CY_CRYPTOLITE_BAD_PARAMS;
670 const cy_stc_cryptolite_ecc_dp_type *eccDp;
671
672 /* NULL parameters checking */
673 if ((base != NULL) && (sig != NULL) && (hash != NULL) && (0u != hashlen) && (key != NULL) && (messageKey != NULL))
674 {
675 cy_stc_cryptolite_descr_t *vu_struct0 = &cfContext->vu_desptr[0];
676 cy_stc_cryptolite_descr_t *vu_struct1 = &cfContext->vu_desptr[1];
677
678 result = CY_CRYPTOLITE_NOT_SUPPORTED;
679 eccDp = Cy_Cryptolite_ECC_GetCurveParams(key->curveID);
680
681 if (eccDp != NULL)
682 {
683 uint8_t *p_r = cfContext->p_r;
684 uint8_t *p_s = cfContext->p_s;
685 uint8_t *p_u1 = cfContext->p_u1;
686 uint8_t *p_u2 = cfContext->p_u2;
687 uint8_t *my_P = cfContext->my_P;
688 uint8_t *my_BARRETT_U = cfContext->my_BARRETT_U;
689 uint32_t bytesize = VU_BITS_TO_BYTES(eccDp->size);
690 uint32_t bitsize = eccDp->size;
691 CY_ALIGN(4) uint8_t temp[VU_BITS_TO_BYTES(VU_TEST_EQUAL_LESS_SIZE+1U)]={0};
692 cy_stc_cryptolite_ecc_key publicKey;
693 uint8_t pubkey[128];
694
695 publicKey.pubkey.x = pubkey;
696 publicKey.pubkey.y = &pubkey[bytesize];
697
698 //Generate the public key
699 result = Cy_Cryptolite_ECC_MakePublicKey(base, cfContext, key->curveID, //(x1, y1) = k * G.
700 messageKey, &publicKey);
701
702 if(CY_CRYPTOLITE_SUCCESS != result)
703 {
704 return result;
705 }
706
707 // load prime, order and barrett coefficient
708 Cy_Cryptolite_Setnumber(my_P, (uint8_t *) eccDp->order, bytesize);
709 Cy_Cryptolite_Setnumber(my_BARRETT_U, (uint8_t *) eccDp->barrett_o, VU_BITS_TO_BYTES(bitsize+1U));
710
711 Cy_Cryptolite_Setnumber(p_r, (uint8_t *)publicKey.pubkey.x, bytesize);
712
713 if (Cy_Cryptolite_Vu_test_zero(base, vu_struct0, p_r, (uint16_t)bitsize) == true)
714 {
715 return CY_CRYPTOLITE_BAD_PARAMS;
716 }
717
718 // Setting the R component of the signature // r = x1
719 if (Cy_Cryptolite_Vu_test_less_than(base, vu_struct1, p_r, my_P, (uint16_t)bitsize) == false)
720 {
721 (void)Cy_Cryptolite_Vu_mov_hw (base, vu_struct0, temp, VU_BITS_TO_WORDS(bitsize+1U), p_r, VU_BITS_TO_WORDS(bitsize));
722 Cy_Cryptolite_EC_Bar_MulRed( base, cfContext, p_r, temp, bitsize);
723 if (Cy_Cryptolite_Vu_test_zero(base, vu_struct0, p_r, (uint16_t)bitsize) == true)
724 {
725 return CY_CRYPTOLITE_BAD_PARAMS;
726 }
727 Cy_Cryptolite_Setnumber(sig, (uint8_t *)p_r, bytesize);
728 }
729 else
730 {
731 Cy_Cryptolite_Setnumber(sig, (uint8_t *)publicKey.pubkey.x, bytesize);
732 }
733
734 // d*r mod n
735 Cy_Cryptolite_Setnumber(p_u2, (uint8_t *)key->k, bytesize);
736 Cy_Cryptolite_EC_MulMod(base, cfContext, p_s, p_u2, p_r, (int)bitsize);
737
738 // load message hash, truncate it if needed
739 Cy_Cryptolite_Vu_wait_hw(base);
740 Cy_Cryptolite_Vu_clr(p_u1, VU_BITS_TO_WORDS(bitsize));
741 if (hashlen * 8U > bitsize)
742 {
743 Cy_Cryptolite_Setnumber(p_u1, (uint8_t *)(&hash[hashlen - CY_CRYPTOLITE_BYTE_SIZE_OF_BITS(bitsize)]), CY_CRYPTOLITE_BYTE_SIZE_OF_BITS(bitsize));
744 }
745 else
746 {
747 Cy_Cryptolite_Setnumber(p_u1, (uint8_t *)hash, hashlen);
748 }
749
750 // e + d*r mod n
751 Cy_Cryptolite_EC_AddMod (base, cfContext, p_s, p_u1, p_s);
752
753 // z = a / b % mod
754 Cy_Cryptolite_Vu_wait_hw(base);
755 (void)Cy_Cryptolite_Vu_mov_hw (base, vu_struct0, temp, VU_BITS_TO_WORDS(bitsize+1U), p_s, VU_BITS_TO_WORDS(bitsize));
756
757 Cy_Cryptolite_Setnumber(p_u1, (uint8_t *)messageKey, bytesize);
758
759 // (e + d*r)/k mod n
760 Cy_Cryptolite_EC_DivMod(base, cfContext, p_s, temp, p_u1, (int)bitsize);
761
762 if (Cy_Cryptolite_Vu_test_zero(base, vu_struct0, p_s, (uint16_t)bitsize) == true)
763 {
764 return CY_CRYPTOLITE_BAD_PARAMS;
765 }
766
767 Cy_Cryptolite_Setnumber(&sig[bytesize], (uint8_t *)p_s, bytesize);
768 result = CY_CRYPTOLITE_SUCCESS;
769 }
770 }
771
772 return result;
773 }
774 #endif
775
776 #if defined(CY_CRYPTOLITE_CFG_ECDSA_VERIFY_C)
777 /*******************************************************************************
778 * Function Name: Cy_Cryptolite_Core_ECC_VerifyHash
779 ****************************************************************************//*
780 *
781 * Verify an ECC signature.
782 * sig, hash and key must be in little endian.
783 * Cy_Cryptolite_InvertEndianness() function is used for converting the endianness.
784 *
785 * \param base
786 * The pointer to a Cryptolite instance.
787 *
788 * \param cfContext
789 * The pointer to the cy_stc_cryptolite_context_ecdsa_t.
790 *
791 * \param sig
792 * The signature to verify, 'R' followed by 'S'.
793 *
794 * \param siglen
795 * The length of signature.
796 *
797 * \param hash
798 * The hash (message digest) that was signed.
799 *
800 * \param hashlen
801 * The length of the hash (octets).
802 *
803 * \param stat
804 * Result of signature, 0xAAAAAAAA = invalid, 0x55555555 = valid.
805 *
806 * \param key
807 * The corresponding public ECC key. See \ref cy_stc_cryptolite_ecc_key.
808 *
809 * \return status code. See \ref cy_en_cryptolite_status_t.
810 *
811 *******************************************************************************/
Cy_Cryptolite_ECC_VerifyHash(CRYPTOLITE_Type * base,cy_stc_cryptolite_context_ecdsa_t * cfContext,const uint8_t * sig,uint32_t siglen,const uint8_t * hash,uint32_t hashlen,cy_en_cryptolite_sig_verify_result_t * stat,const cy_stc_cryptolite_ecc_key * key)812 cy_en_cryptolite_status_t Cy_Cryptolite_ECC_VerifyHash(CRYPTOLITE_Type *base,
813 cy_stc_cryptolite_context_ecdsa_t *cfContext,
814 const uint8_t *sig, uint32_t siglen, const uint8_t *hash, uint32_t hashlen,
815 cy_en_cryptolite_sig_verify_result_t *stat, const cy_stc_cryptolite_ecc_key *key)
816 {
817
818 cy_en_cryptolite_status_t result = CY_CRYPTOLITE_BAD_PARAMS;
819 const cy_stc_cryptolite_ecc_dp_type *eccDp;
820 (void)siglen;
821
822
823 /* NULL parameters checking */
824 if ((sig != NULL) && (hash != NULL) && (0u != hashlen) && (stat != NULL) && (key != NULL) && (cfContext != NULL))
825 {
826 cy_stc_cryptolite_descr_t *vu_struct0 = &cfContext->vu_desptr[0];
827 cy_stc_cryptolite_descr_t *vu_struct1 = &cfContext->vu_desptr[1];
828
829 result = CY_CRYPTOLITE_NOT_SUPPORTED;
830 eccDp = Cy_Cryptolite_ECC_GetCurveParams(key->curveID);
831
832 if (eccDp != NULL)
833 {
834 uint8_t *dividend = cfContext->dividend;
835 uint8_t *p_r = cfContext->p_r;
836 uint8_t *p_s = cfContext->p_s;
837 uint8_t *p_u1 = cfContext->p_u1;
838 uint8_t *p_u2 = cfContext->p_u2;
839 uint8_t *p_o = cfContext->p_o;
840 uint8_t *p_gx = cfContext->p_gx;
841 uint8_t *p_gy = cfContext->p_gy;
842 uint8_t *p_qx = cfContext->p_qx;
843 uint8_t *p_qy = cfContext->p_qy;
844 uint8_t *my_P = cfContext->my_P;
845 uint8_t *my_BARRETT_U = cfContext->my_BARRETT_U;
846
847 uint32_t bitsize = eccDp->size;
848 uint32_t bytesize = VU_BITS_TO_BYTES(eccDp->size);
849 bool isHashZero = false;
850
851 *stat = CY_CRYPTOLITE_SIG_INVALID;
852 cfContext->bitsize = bitsize;
853 /* load values needed for reduction modulo order of the base point */
854 Cy_Cryptolite_Setnumber (my_P, (uint8_t *)eccDp->order, VU_BITS_TO_BYTES(bitsize));
855 Cy_Cryptolite_Setnumber (my_BARRETT_U, (uint8_t *)eccDp->barrett_o, VU_BITS_TO_BYTES(bitsize+1U));
856
857 /* check that R and S are within the valid range, i.e. 0 < R < n and 0 < S < n */
858 Cy_Cryptolite_Setnumber(p_r, (uint8_t *)sig, bytesize);
859 Cy_Cryptolite_Setnumber(p_s, (uint8_t *)&sig[VU_BITS_TO_BYTES(bitsize)], bytesize);
860
861 if (Cy_Cryptolite_Vu_test_zero(base, vu_struct0, p_r, (uint16_t)bitsize) == true) {
862 return CY_CRYPTOLITE_BAD_PARAMS;
863 }
864 if (Cy_Cryptolite_Vu_test_less_than(base, vu_struct1, p_r, my_P, (uint16_t)bitsize) == false) {
865 return CY_CRYPTOLITE_BAD_PARAMS;
866 }
867 if (Cy_Cryptolite_Vu_test_zero(base, vu_struct0, p_s, (uint16_t)bitsize) == true) {
868 return CY_CRYPTOLITE_BAD_PARAMS;
869 }
870 if (Cy_Cryptolite_Vu_test_less_than(base, vu_struct1, p_s, my_P, (uint16_t)bitsize) == false) {
871 return CY_CRYPTOLITE_BAD_PARAMS;
872 }
873 // load message hash, truncate it if needed
874 Cy_Cryptolite_Vu_wait_hw(base);
875 Cy_Cryptolite_Vu_clr(p_u1, VU_BITS_TO_WORDS(bitsize));
876 if (hashlen * 8U > bitsize)
877 {
878 Cy_Cryptolite_Setnumber(p_u1, (uint8_t *)(&hash[hashlen - CY_CRYPTOLITE_BYTE_SIZE_OF_BITS(bitsize)]), CY_CRYPTOLITE_BYTE_SIZE_OF_BITS(bitsize));
879 }
880 else
881 {
882 Cy_Cryptolite_Setnumber(p_u1, (uint8_t *)hash, hashlen);
883 }
884 /* Check if message hash is zero */
885 if(Cy_Cryptolite_Vu_test_zero(base, vu_struct1, p_u1, (uint16_t)bitsize))
886 {
887 isHashZero = true;
888 }
889 // w = s^-1 mod n
890 Cy_Cryptolite_Vu_wait_hw(base);
891 Cy_Cryptolite_Vu_clr(dividend, VU_BITS_TO_WORDS(bitsize));
892 Cy_Cryptolite_Vu_set_bit(dividend, 0);
893
894 Cy_Cryptolite_EC_DivMod(base, cfContext, p_s, dividend, p_s, (int)bitsize);
895
896 // u1 = e*w mod n
897 Cy_Cryptolite_EC_MulMod(base, cfContext, p_u1, p_u1, p_s, (int)bitsize);
898 // u2 = r*w mod n
899 Cy_Cryptolite_EC_MulMod(base, cfContext, p_u2, p_r, p_s, (int)bitsize);
900
901 //-----------------------------------------------------------------------------
902 // Initialize point multiplication
903 //
904 // load prime, order and barrett coefficient
905 Cy_Cryptolite_Setnumber(my_P, (uint8_t *) eccDp->prime, bytesize);
906 Cy_Cryptolite_Setnumber(p_o, (uint8_t *) eccDp->order, bytesize);
907 Cy_Cryptolite_Setnumber(my_BARRETT_U, (uint8_t *) eccDp->barrett_p, VU_BITS_TO_BYTES(bitsize+1U));
908 // load base Point G
909 Cy_Cryptolite_Setnumber(p_gx, (uint8_t *) eccDp->Gx, bytesize);
910 Cy_Cryptolite_Setnumber(p_gy, (uint8_t *) eccDp->Gy, bytesize);
911 // load public key Qa
912 Cy_Cryptolite_Setnumber(p_qx, (uint8_t *)key->pubkey.x, bytesize);
913 Cy_Cryptolite_Setnumber(p_qy, (uint8_t *)key->pubkey.y, bytesize);
914 // u1 * G
915 if(!isHashZero)
916 {
917 Cy_Cryptolite_EC_NistP_PointMul(base, cfContext, p_gx, p_gy, p_u1, p_o, (int)bitsize);
918 }
919
920 // reload order since p_o is modified by Crypto_EC_JacobianEcScalarMul_coZ (!!!!)
921 Cy_Cryptolite_Setnumber(p_o, (uint8_t *) eccDp->order, bytesize);
922
923 // u2 * Qa
924 Cy_Cryptolite_EC_NistP_PointMul(base, cfContext, p_qx, p_qy, p_u2, p_o, (int)bitsize);
925
926 //-----------------------------------------------------------------------------
927 // P = u1 * G + u2 * Qa. Only Px is needed
928
929 if(isHashZero)
930 {
931 /* GECC 3.22 */
932 Cy_Cryptolite_Setnumber(p_s, p_qx, bytesize);
933 }
934 else
935 {
936 Cy_Cryptolite_EC_SubMod(base, cfContext, dividend, p_qy, p_gy); // (y2-y1)
937 Cy_Cryptolite_EC_SubMod(base, cfContext, p_s, p_qx, p_gx); // (x2-x1)
938 Cy_Cryptolite_EC_DivMod(base, cfContext, p_s, dividend, p_s, (int)bitsize); // s = (y2-y1)/(x2-x1)
939
940 Cy_Cryptolite_EC_SquareMod(base, cfContext, p_s, p_s, (int)bitsize); // s^2
941 Cy_Cryptolite_EC_SubMod(base, cfContext, p_s, p_s, p_gx); // s^2 - x1
942 Cy_Cryptolite_EC_SubMod(base, cfContext, p_s, p_s, p_qx); // s^2 - x1 - x2 which is Px mod n
943 }
944
945 if (Cy_Cryptolite_Vu_test_equal(base, vu_struct0, p_s, p_r, (uint16_t)bitsize))
946 {
947 *stat = CY_CRYPTOLITE_SIG_VALID;
948 }
949 else
950 {
951 *stat = CY_CRYPTOLITE_SIG_INVALID;
952 }
953
954 result = CY_CRYPTOLITE_SUCCESS;
955 }
956 }
957 return result;
958 }
959 #endif
960
961 #endif /*#if (CY_CRYPTOLITE_CFG_ECDSA_C)*/
962 #endif /* #if (CPUSS_CRYPTOLITE_VU == 1) */
963
964 #if defined(__cplusplus)
965 }
966 #endif
967
968 #endif /* CY_IP_MXCRYPTOLITE */
969
