1 /* 2 * Copyright 2019 NXP 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #ifndef _FSL_CAU3_H_ 8 #define _FSL_CAU3_H_ 9 10 #include "fsl_common.h" 11 12 /******************************************************************************* 13 * Definitions 14 *******************************************************************************/ 15 16 /*! 17 * @addtogroup cau3_driver 18 * @{ 19 */ 20 /*! @name Driver version */ 21 /*@{*/ 22 /*! @brief CAU3 driver version. Version 2.0.3. 23 * 24 * Current version: 2.0.3 25 * 26 * Change log: 27 * - Version 2.0.0 28 * - Initial version 29 * - Version 2.0.1 30 * - Replace static cau3_make_mems_private() with public CAU3_MakeMemsPrivate(). 31 * - Remove the cau3_make_mems_private() from CAU3_Init to allow loading multiple images. 32 * - Version 2.0.2 33 * - Add FSL_CAU3_USE_HW_SEMA compile time macro. When enabled, all CAU3 API functions 34 * lock hw semaphore on function entry and release the hw semaphore on function return. 35 * - Version 2.0.3 36 * - Add CAU3_RPA functions for BLE specific Resolvable Private Addresses management 37 * - Add CAU3_AES_CCM functions 38 */ 39 #define FSL_CAU3_DRIVER_VERSION (MAKE_VERSION(2, 0, 3)) 40 /*@}*/ 41 42 /*! @brief Hardware semaphore usage by driver functions. 43 * This macro can be enabled for mutual exclusive calls to CAU3 APIs 44 * from multiple CPUs. Note this does not lock against calls from multiple threads on one CPU. 45 */ 46 47 /* #define FSL_CAU3_USE_HW_SEMA 1 */ 48 49 #if defined(FSL_CAU3_USE_HW_SEMA) && (FSL_CAU3_USE_HW_SEMA > 0) 50 /* Using SEMA42 hardware semaphore for multiprocessor locking. 51 * Currently supporting only SEMA42 hardware semaphore. 52 */ 53 #if defined(FSL_FEATURE_SOC_SEMA42_COUNT) && (FSL_FEATURE_SOC_SEMA42_COUNT > 0) 54 #include "fsl_sema42.h" 55 #define FSL_CAU3_SEMA42_BASE SEMA420 56 #define FSL_CAU3_SEMA42_GATE (1) 57 #define FSL_CAU3_SEMA42_CLOCK_NAME kCLOCK_Sema420 58 #else 59 #error FSL_CAU3_USE_HW_SEMA requires SEMA42 semaphore. 60 #endif 61 #endif 62 63 /*! @brief CAU3 key slot selection. Current CryptoCore firmware supports 4 key slots inside CryptoCore's Private DMEM. 64 * 65 */ 66 typedef enum _cau3_key_slot { 67 kCAU3_KeySlot0 = 0x0U, /*!< CAU3 key slot 0. */ 68 kCAU3_KeySlotNone = 0x0U, /*!< No key. */ 69 kCAU3_KeySlot1 = 0x1U, /*!< CAU3 key slot 1. */ 70 kCAU3_KeySlot2 = 0x2U, /*!< CAU3 key slot 2.*/ 71 kCAU3_KeySlot3 = 0x3U, /*!< CAU3 key slot 3. */ 72 } cau3_key_slot_t; 73 74 /*! @brief CAU3 task done selection. */ 75 typedef enum _cau3_task_done { 76 kCAU3_TaskDoneNull = 0x00000000U, /*!< */ 77 kCAU3_TaskDonePoll = 0x00000000U, /*!< Poll CAU3 status flag. */ 78 kCAU3_TaskDoneIrq = 0x00010000U, /*!< Start operation and return. CAU3 asserts interrupt request when done. */ 79 kCAU3_TaskDoneEvent = 0x00020000U, /*!< Call Wait-for-event opcode until CAU3 completes processing. */ 80 kCAU3_TaskDoneDmaRequest = 0x00040000, /*!< Start operation and return. CAU3 asserts DMA request when done. */ 81 } cau3_task_done_t; 82 83 /*! @brief Specify CAU3's key resource and signalling to be used for an operation. */ 84 typedef struct _cau3_handle 85 { 86 cau3_task_done_t taskDone; /*!< Specify CAU3 task done signalling to Host CPU. */ 87 cau3_key_slot_t keySlot; /*!< For operations with key (such as AES encryption/decryption), specify CAU3 key slot. */ 88 uint8_t micPassed; /*!< For decryption, store the status of the MIC validation. */ 89 } cau3_handle_t; 90 91 /*! @} */ 92 93 /******************************************************************************* 94 * AES Definitions 95 *******************************************************************************/ 96 97 /*! 98 * @addtogroup cau3_driver_aes 99 * @{ 100 */ 101 102 /*! AES block size in bytes */ 103 #define CAU3_AES_BLOCK_SIZE 16 104 105 /*! 106 *@} 107 */ /* end of cau3_driver_aes */ 108 109 /******************************************************************************* 110 * HASH Definitions 111 ******************************************************************************/ 112 /*! 113 * @addtogroup cau3_driver_hash 114 * @{ 115 */ 116 117 /*! @brief Supported cryptographic block cipher functions for HASH creation */ 118 typedef enum _cau3_hash_algo_t { 119 kCAU3_Sha1, /*!< SHA_1 */ 120 kCAU3_Sha256, /*!< SHA_256 */ 121 } cau3_hash_algo_t; 122 123 /*! @brief CAU3 HASH Context size. */ 124 #define CAU3_SHA_BLOCK_SIZE 128 /*!< internal buffer block size */ 125 #define CAU3_HASH_BLOCK_SIZE CAU3_SHA_BLOCK_SIZE /*!< CAU3 hash block size */ 126 127 /*! @brief CAU3 HASH Context size. */ 128 #define CAU3_HASH_CTX_SIZE 58 129 130 /*! @brief MAC size for BLE (called MIC). */ 131 #define CAU3_BLE_MIC_SIZE 4 132 133 /*! @brief Storage type used to save hash context. */ 134 typedef struct _cau3_hash_ctx_t 135 { 136 uint32_t x[CAU3_HASH_CTX_SIZE]; 137 } cau3_hash_ctx_t; 138 139 /*! 140 *@} 141 */ /* end of cau3_driver_hash */ 142 143 /******************************************************************************* 144 * PKHA Definitions 145 ******************************************************************************/ 146 /*! 147 * @addtogroup cau3_driver_pkha 148 * @{ 149 */ 150 151 /*! PKHA ECC point structure */ 152 typedef struct _cau3_pkha_ecc_point_t 153 { 154 uint8_t *X; /*!< X coordinate (affine) */ 155 uint8_t *Y; /*!< Y coordinate (affine) */ 156 } cau3_pkha_ecc_point_t; 157 158 /*! @brief Use of timing equalized version of a PKHA function. */ 159 typedef enum _cau3_pkha_timing_t { 160 kCAU3_PKHA_NoTimingEqualized = 0U, /*!< Normal version of a PKHA operation */ 161 kCAU3_PKHA_TimingEqualized = 1U /*!< Timing-equalized version of a PKHA operation */ 162 } cau3_pkha_timing_t; 163 164 /*! @brief Integer vs binary polynomial arithmetic selection. */ 165 typedef enum _cau3_pkha_f2m_t { 166 kCAU3_PKHA_IntegerArith = 0U, /*!< Use integer arithmetic */ 167 kCAU3_PKHA_F2mArith = 1U /*!< Use binary polynomial arithmetic */ 168 } cau3_pkha_f2m_t; 169 170 /*! @brief Montgomery or normal PKHA input format. */ 171 typedef enum _cau3_pkha_montgomery_form_t { 172 kCAU3_PKHA_NormalValue = 0U, /*!< PKHA number is normal integer */ 173 kCAU3_PKHA_MontgomeryFormat = 1U /*!< PKHA number is in montgomery format */ 174 } cau3_pkha_montgomery_form_t; 175 176 /*! 177 *@} 178 */ /* cau3_driver_pkha */ 179 180 /******************************************************************************* 181 * API 182 ******************************************************************************/ 183 #if defined(__cplusplus) 184 extern "C" { 185 #endif 186 187 /*! 188 * @addtogroup cau3_driver 189 * @{ 190 */ 191 192 /*! 193 * @brief Enables clock for CAU3 and loads image to memory 194 * 195 * Enable CAU3 clock and loads image to CryptoCore. 196 * 197 * @param base CAU3 base address 198 */ 199 void CAU3_Init(CAU3_Type *base); 200 201 /*! 202 * @brief Execute a CAU3 null task to signal error termination 203 * 204 * Execute a null task to signal error termination. 205 * The CryptoCore task executes one instruction - a "stop with error". 206 * 207 * @param base CAU3 base address 208 * @param taskDone indicates completion signal 209 * 210 * @return status check from task completion 211 */ 212 status_t CAU3_ForceError(CAU3_Type *base, cau3_task_done_t taskDone); 213 214 /*! 215 * @brief Load special hardware "key context" into the CAU3's data memory 216 * 217 * Load the special hardware key context into the private DMEM. This only 218 * includes the complete 256-bit key which is then specified with a size of 219 * [8,16,24,32] bytes (for DES or AES-[128,256]). It also loads the 220 * default IV value specified in NIST/RFC2294 IV=0xa6a6a6a6a6a6a6a6. This operation typically 221 * loads keySlot 0, which, by convention, is used for the system key encryption 222 * key. 223 * 224 * See the GENERAL COMMENTS for more information on the keyContext structure. 225 * 226 * NOTE: This function also performs an AES key expansion if a keySize > 8 227 * is specified. 228 * 229 * @param base CAU3 base address 230 * @param keySize is the logical key size in bytes [8,16,24,32] 231 * @param keySlot is the destination key slot number [0-3] 232 * @param taskDone indicates completion signal. 233 * 234 * @return status check from task completion 235 */ 236 status_t CAU3_LoadSpecialKeyContext(CAU3_Type *base, 237 size_t keySize, 238 cau3_key_slot_t keySlot, 239 cau3_task_done_t taskDone); 240 241 /*! 242 * @brief Invalidate a 64-byte "key context" in the CAU3's private data memory 243 * 244 * Clears the key context in the private DMEM. There is support for four "key 245 * slots" with slot 0 typically used for the system key encryption key. 246 * 247 * @param base CAU3 base address 248 * @param keySlot is the key slot number [0-3] to invalidate 249 * @param taskDone indicates completion signal * 250 * @return status check from task completion 251 */ 252 status_t CAU3_ClearKeyContext(CAU3_Type *base, cau3_key_slot_t keySlot, cau3_task_done_t taskDone); 253 254 /*! 255 * @brief Load an initialization vector into a key context 256 * 257 * Loads a 16-byte initialization vector (iv) into the specified key slot. 258 * There is support for a maximum of 4 key slots. 259 * The function is used internally for loading AEAD_CHACHA20_POY1305 nonce. 260 * It can be also used for Alternative Initial Values for A[0] in RFC 3394. 261 * 262 * @param base CAU3 base address 263 * @param iv The initialization vector, ALIGNED ON A 0-MOD-4 ADDRESS. 264 * @param keySlot is the destination key context 265 * @param taskDone indicates completion signal 266 * 267 * @return status check from task completion 268 */ 269 status_t CAU3_LoadKeyInitVector(CAU3_Type *base, const uint8_t *iv, cau3_key_slot_t keySlot, cau3_task_done_t taskDone); 270 271 /*! 272 * @brief Make the CAU3's local memories private 273 * 274 * Modify the CAU3's internal configuration so the local memories are private 275 * and only accessible to the CAU3. This operation is typically performed after 276 * the CAU_InitializeInstMemory(), 277 * CAU_InitializeDataMemory(), and 278 * CAU_InitializeReadOnlyDataMemory() functions have been performed. 279 * 280 * This configuration remains in effect until the next hardware reset. 281 * 282 * @param taskDone indicates completion signal: CAU_[POLL, IRQ, EVENT, DMAREQ] 283 * 284 * @retval status check from task completion: CAU_[OK, ERROR] 285 */ 286 status_t CAU3_MakeMemsPrivate(CAU3_Type *base, cau3_task_done_t taskDone); 287 288 /*! 289 *@} 290 */ /* end of cau3_driver */ 291 292 /******************************************************************************* 293 * AES API 294 ******************************************************************************/ 295 296 /*! 297 * @addtogroup cau3_driver_aes 298 * @{ 299 */ 300 301 /*! 302 * @brief Load AES key into CAU3 key slot. 303 * 304 * Load the key context into the private DMEM. This function also performs an AES key expansion. 305 * For CAU3 AES encryption/decryption/cmac, users only need to call one of @ref CAU3_AES_SetKey and @ref 306 * CAU3_LoadSpecialKeyContext. 307 * 308 * CAU3_AES_SetKey 309 * @param base CAU3 peripheral base address. 310 * @param handle Handle used for the request. 311 * @param key 0-mod-4 aligned pointer to AES key. 312 * @param keySize AES key size in bytes. Shall equal 16 or 32. 313 * @return status from set key operation 314 */ 315 status_t CAU3_AES_SetKey(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *key, size_t keySize); 316 317 /*! 318 * @brief Encrypts AES on one 128-bit block. 319 * 320 * Encrypts AES. 321 * The source plaintext and destination ciphertext can overlap in system memory. 322 * 323 * @param base CAU3 peripheral base address 324 * @param handle Handle used for this request. 325 * @param plaintext Input plain text to encrypt 326 * @param[out] ciphertext Output cipher text 327 * @return Status from encrypt operation 328 */ 329 status_t CAU3_AES_Encrypt(CAU3_Type *base, cau3_handle_t *handle, const uint8_t plaintext[16], uint8_t ciphertext[16]); 330 331 /*! 332 * @brief Decrypts AES on one 128-bit block. 333 * 334 * Decrypts AES. 335 * The source ciphertext and destination plaintext can overlap in system memory. 336 * 337 * @param base CAU3 peripheral base address 338 * @param handle Handle used for this request. 339 * @param ciphertext Input plain text to encrypt 340 * @param[out] plaintext Output cipher text 341 * @return Status from decrypt operation 342 */ 343 status_t CAU3_AES_Decrypt(CAU3_Type *base, cau3_handle_t *handle, const uint8_t ciphertext[16], uint8_t plaintext[16]); 344 345 /*! 346 * @brief Perform an AES-128 cipher-based authentication code (CMAC) 347 * 348 * Performs an AES-128 cipher-based authentication code (CMAC) on a 349 * message. RFC 4493. 350 * 351 * @param base CAU3 peripheral base address 352 * @param handle Handle used for this request. 353 * @param message is source uint8_t array of data bytes, any alignment 354 * @param size Number of bytes in the message. 355 * @param mac is the output 16 bytes MAC, must be a 0-mod-4 aligned address 356 * @return status check from task completion 357 */ 358 status_t CAU3_AES_Cmac(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *message, size_t size, uint8_t *mac); 359 360 /*! 361 * @brief Perform an AES key expansion for specified key slot 362 * 363 * Performs an AES key expansion (aka schedule) on the specified key slot. It 364 * uses the keySize information in the context to determine whether the key 365 * expansion applies to a 128- or 256-bit AES key. 366 * This function is primarily intended to be called after 367 * key blob has been unwrapped by @ref CAU3_KeyBlobUnwrap to destination key slot, so that the unwrapped key 368 * can be used for AES encryption. 369 * 370 * @param base CAU3 base address 371 * @param keySlot is the key context 372 * @param taskDone indicates completion signal 373 * @return status check from task completion 374 */ 375 status_t CAU3_AES_KeyExpansion(CAU3_Type *base, cau3_key_slot_t keySlot, cau3_task_done_t taskDone); 376 377 /*! 378 * @brief Perform a Counter with CBC-MAC AES encryption 379 * 380 * Performs a Counter with CBC-MAC AES encryption on a plaintext. It requires 381 * a new nonce for each call to encrypt. It also encodes the input 382 * authentication vector, aad, into the authentication tag. 383 * The ciphertext and the authentication tag are generated as outputs. 384 * 385 * @param base CAU3 base address 386 * @param handle Handle used for the request 387 * @param plainText is source uint8_t array of data bytes, any alignment 388 * @param plainTextSize is the number of bytes of the plainText 389 * @param cipherText is destination uint8_t array of data byte, any alignment 390 * @param nonce is the initialization vector 391 * @param nonceSize is the number of bytes of the nonce. 392 * It should be within 7 and 13 bytes. Otherwise, the task terminates 393 * with error. 394 * @param aad is the Additional Authentication data (Authentication only) 395 * @param aadSize is the number of bytes of the AAD 396 * @param authTag is the Authentication tag generated by AES-CCM 397 * @param authTagSize is the number of bytes of the authentication tag 398 * 399 * @return status check from task completion 400 */ 401 status_t CAU3_AES_CCM_EncryptTag(CAU3_Type *base, 402 cau3_handle_t *handle, 403 const uint8_t *plainText, 404 size_t plainTextSize, 405 uint8_t *cipherText, 406 const uint8_t *nonce, 407 size_t nonceSize, 408 const uint8_t *aad, 409 size_t aadSize, 410 uint8_t *authTag, 411 size_t authTagSize); 412 413 /*! 414 * @brief Perform a Counter with CBC-MAC AES decryption 415 * 416 * Performs a Counter with CBC-MAC AES decryption on a ciphertext. It also 417 * authenticates the payload, the received associated data, and the received nonce 418 * to verify the correctness of the MAC/Tag. If the authentication fails, it sets 419 * the output buffer to zero. 420 * 421 * @param base CAU3 base address 422 * @param handle Handle used for the request 423 * @param cipherText is source uint8_t array of data bytes, any alignment 424 * @param plainText is destination uint8_t array of data byte, any alignment 425 * @param plainTextSize is the number of bytes of the plainText 426 * @param nonce is the initialization vector 427 * @param nonceSize is the number of bytes of the nonce. 428 * It should be within 7 and 13 bytes. Otherwise, the task terminates 429 * with error. 430 * @param aad is the Additional Authentication data (Authentication only) 431 * @param aadSize is the number of bytes of the AAD 432 * @param authTag is the Authentication tag generated by AES-CCM 433 * @param authTagSize is the number of bytes of the authentication tag 434 * 435 * @return status check from task completion 436 * IF the tag authentication fails, the task terminates with error and 437 * the output is forced to zero 438 */ 439 uint32_t CAU3_AES_CCM_DecryptTag(CAU3_Type *base, 440 cau3_handle_t *handle, 441 const uint8_t *cipherText, 442 uint8_t *plainText, 443 size_t plainTextSize, 444 const uint8_t *nonce, 445 size_t nonceSize, 446 const uint8_t *aad, 447 size_t aadSize, 448 const uint8_t *authTag, 449 size_t authTagSize); 450 451 /*! 452 *@} 453 */ /* end of cau3_driver_aes */ 454 455 /******************************************************************************* 456 * DES API 457 ******************************************************************************/ 458 /*! 459 * @addtogroup cau3_driver_des 460 * @{ 461 */ 462 463 /*! 464 * @brief Perform a 3DES key parity check 465 * 466 * Performs a 3DES key parity check on three 8-byte keys. 467 * The function is blocking. 468 * 469 * @param base CAU3 peripheral base address 470 * @param keySlot defines the key context to be used in the parity check 471 * 472 * @return status check from task completion 473 */ 474 status_t CAU3_TDES_CheckParity(CAU3_Type *base, cau3_key_slot_t keySlot); 475 476 /*! 477 * @brief Load DES key into CAU3 key slot. 478 * 479 * Load the key context into the private DMEM. 480 * 481 * @param base CAU3 peripheral base address. 482 * @param handle Handle used for the request. 483 * @param key 0-mod-4 aligned pointer to 3DES key. 484 * @param keySize 3DES key size in bytes. Shall equal 24. 485 * @return status from set key operation 486 */ 487 status_t CAU3_TDES_SetKey(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *key, size_t keySize); 488 489 /*! 490 * @brief Perform a 3DES encryption 491 * 492 * Performs a 3DES "electronic code book" encryption on one 8-byte data block. 493 * The source plaintext and destination ciphertext can overlap in system memory. 494 * Supports both blocking and non-blocking task completion. 495 * 496 * @param base CAU3 peripheral base address. 497 * @param handle Handle used for this request. 498 * @param plaintext is source uint8_t array of data bytes, any alignment 499 * @param ciphertext is destination uint8_t array of data byte, any alignment 500 * 501 * @return status check from task completion 502 */ 503 status_t CAU3_TDES_Encrypt(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *plaintext, uint8_t *ciphertext); 504 505 /*! 506 * @brief Perform a 3DES decryption 507 * 508 * Performs a 3DES "electronic code book" decryption on one 8-byte data block. 509 * The source ciphertext and destination plaintext can overlap in sysMemory. 510 * Supports both blocking and non-blocking task completion. 511 * 512 * @param base CAU3 peripheral base address. 513 * @param handle Handle used for this request. 514 * @param ciphertext is destination uint8_t array of data byte, any alignment 515 * @param plaintext is source uint8_t array of data bytes, any alignment 516 * @return status check from task completion 517 */ 518 status_t CAU3_TDES_Decrypt(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *ciphertext, uint8_t *plaintext); 519 520 /*! 521 *@} 522 */ /* end of cau3_driver_des */ 523 524 /******************************************************************************* 525 * HASH API 526 ******************************************************************************/ 527 528 /*! 529 * @addtogroup cau3_driver_hash 530 * @{ 531 */ 532 /*! 533 * @brief Initialize HASH context 534 * 535 * This function initializes the HASH. 536 * 537 * For blocking CAU3 HASH API, the HASH context contains all information required for context switch, 538 * such as running hash. 539 * 540 * @param base CAU3 peripheral base address 541 * @param[out] ctx Output hash context 542 * @param algo Underlaying algorithm to use for hash computation. 543 * @return Status of initialization 544 */ 545 status_t CAU3_HASH_Init(CAU3_Type *base, cau3_hash_ctx_t *ctx, cau3_hash_algo_t algo); 546 547 /*! 548 * @brief Add data to current HASH 549 * 550 * Add data to current HASH. This can be called repeatedly with an arbitrary amount of data to be 551 * hashed. The functions blocks. If it returns kStatus_Success, the running hash or mac 552 * has been updated (CAU3 has processed the input data), so the memory at @ref input pointer 553 * can be released back to system. The context is updated with the running hash or mac 554 * and with all necessary information to support possible context switch. 555 * 556 * @param base CAU3 peripheral base address 557 * @param[in,out] ctx HASH context 558 * @param input Input data 559 * @param inputSize Size of input data in bytes 560 * @return Status of the hash update operation 561 */ 562 status_t CAU3_HASH_Update(CAU3_Type *base, cau3_hash_ctx_t *ctx, const uint8_t *input, size_t inputSize); 563 564 /*! 565 * @brief Finalize hashing 566 * 567 * Outputs the final hash (computed by CAU3_HASH_Update()) and erases the context. 568 * 569 * @param[in,out] ctx Input hash context 570 * @param[out] output Output hash data 571 * @param[out] outputSize Output parameter storing the size of the output hash in bytes 572 * @return Status of the hash finish operation 573 */ 574 status_t CAU3_HASH_Finish(CAU3_Type *base, cau3_hash_ctx_t *ctx, uint8_t *output, size_t *outputSize); 575 576 /*! 577 * @brief Create HASH on given data 578 * 579 * Perform the full SHA in one function call. The function is blocking. 580 * 581 * @param base CAU3 peripheral base address 582 * @param algo Underlaying algorithm to use for hash computation. 583 * @param input Input data 584 * @param inputSize Size of input data in bytes 585 * @param[out] output Output hash data 586 * @param[out] outputSize Output parameter storing the size of the output hash in bytes 587 * @return Status of the one call hash operation. 588 */ 589 status_t CAU3_HASH(CAU3_Type *base, 590 cau3_hash_algo_t algo, 591 const uint8_t *input, 592 size_t inputSize, 593 uint8_t *output, 594 size_t *outputSize); 595 596 /*! 597 *@} 598 */ /* end of cau3_driver_hash */ 599 600 /******************************************************************************* 601 * AEAD API 602 ******************************************************************************/ 603 604 /*! 605 * @addtogroup cau3_driver_chacha_poly 606 * @{ 607 */ 608 609 /*! 610 * @brief Load 256-bit key into CAU3 key context (in key slot). 611 * 612 * Load the key context into the private DMEM for CHACHA20_POLY1305 AEAD. 613 * 614 * @param base CAU3 peripheral base address. 615 * @param handle Handle used for the request. 616 * @param key 0-mod-4 aligned pointer to CHACHA20_POLY1305 256-bit key. 617 * @param keySize Size of the key in bytes. Shall be 32. 618 * @return status from set key operation 619 */ 620 status_t CAU3_CHACHA20_POLY1305_SetKey(CAU3_Type *base, cau3_handle_t *handle, const uint8_t *key, size_t keySize); 621 622 /*! 623 * @brief Perform ChaCha-Poly encryption/authentication 624 * 625 * Perform ChaCha encryption over a message of "n" bytes, and authentication 626 * over the encrypted data plus an additional authenticated data, 627 * returning encrypted data + a message digest. 628 * 629 * @param base CAU3 peripheral base address 630 * @param handle Handle used for this request. The keySlot member specifies key context with key and IV. 631 * @param plaintext The uint8_t source message to be encrypted, any alignment 632 * @param[out] ciphertext is a pointer to the output encrypted message, any aligment 633 * @param size The length of the plaintext and ciphertext in bytes 634 * @param aad A pointer to the additional authenticated data, any alignment 635 * @param aadLen Length of additional authenticated data in bytes 636 * @param nonce 0-mod-4 aligned pointer to CHACHA20_POLY1305 96-bit nonce. 637 * @param[out] tag A pointer to the 128-bit message digest output, any alignment 638 * 639 * @return status check from task completion 640 */ 641 status_t CAU3_CHACHA20_POLY1305_Encrypt(CAU3_Type *base, 642 cau3_handle_t *handle, 643 const uint8_t *plaintext, 644 uint8_t *ciphertext, 645 size_t size, 646 const uint8_t *aad, 647 size_t aadLen, 648 const uint8_t *nonce, 649 uint8_t *tag); 650 651 /*! 652 * @brief Perform ChaCha-Poly decryption/authentication check 653 * 654 * Perform ChaCha decryption over a message of "n" bytes, and checks 655 * authentication over the encrypted data plus an additional authenticated data, 656 * returning decrypted data. IF the tag authentication fails, the task terminates with error and 657 * the output is forced to zero. 658 * 659 * @param base CAU3 peripheral base address 660 * @param handle Handle used for this request. The keySlot member specifies key context with key and IV. 661 * @param ciphertext The uint8_t source msg to be decrypted, any alignment 662 * @param[out] plaintext A pointer to the output decrypted message, any alignment 663 * @param size Length of the plaintext and ciphertext in bytes 664 * @param aad A pointer to the additional authenticated data, any alignment 665 * @param aadLen Length of additional authenticated data in bytes 666 * @param nonce 0-mod-4 aligned pointer to CHACHA20_POLY1305 96-bit nonce. 667 * @param tag A pointer to the 128-bit msg digest input to be checked, any alignment 668 * 669 * @return status check from task completion 670 * 671 */ 672 status_t CAU3_CHACHA20_POLY1305_Decrypt(CAU3_Type *base, 673 cau3_handle_t *handle, 674 const uint8_t *ciphertext, 675 uint8_t *plaintext, 676 size_t size, 677 const uint8_t *aad, 678 size_t aadLen, 679 const uint8_t *nonce, 680 const uint8_t *tag); 681 682 /*! 683 *@} 684 */ /* end of cau3_driver_chacha_poly */ 685 686 /******************************************************************************* 687 * BLOB API 688 ******************************************************************************/ 689 690 /*! 691 * @addtogroup cau3_driver_blob 692 * @{ 693 */ 694 695 /*! 696 * @brief Perform an RFC3394 key blob unwrap 697 * 698 * Perform an RFC3394 unwrap of an AES encrypted key blob. The unwrapped 699 * key blob is loaded into the specified key slot [1-3]. The initial 700 * special hardware KEK contained in key slot 0 is typically used for the 701 * unwrapping operation. The destination context number must be different than 702 * the keySlot used for unwrapping. 703 * Implements the algorithm at RFC 3394 to AES key unwrap. The 704 * current implementation allows to unwrap up to 512 bits, 705 * with the restriction of nblocks=2 or =4 or n=8(means it 706 * unwraps only 128bits, 256bits or two 256 bits keys (512)). It 707 * is allowed input key of 128 and 256bits only (passed using 708 * the keyslot). The function also assumes the 709 * @ref CAU3_LoadSpecialKeyContext was called before. 710 * It returns error and clear the destination context in case 711 * parameters are not inside aceptable values. 712 * In case n>4 && n!=8 it clears both destination contexts (the 713 * dstContext and the adjacent/next context) 714 * In case of n=8, the first unwraped key will be stored in the 715 * dstContext slot, and the second key will be saved in the next 716 * context (E.g: if dstContext=1, then first key goes to slot 1 717 * and second key to slot 2. If dstContext=3 then first key goes 718 * to slot 3 and second key goes to slot 1). 719 * Examples of n usage. 720 * E.g.: n = 2 means a unwraped key of 128 bits (2 * 64) 721 * E.g.: n = 4 means a unwraped key of 256 bits (4 * 64) 722 * E.g.: n = 8 means two unwraped keys of 256 bits (8 * 64) 723 * 724 * The function is blocking, it uses the polling task done signaling. 725 * 726 * @param base CAU3 peripheral base address 727 * @param keySlot is the key used to unwrap the key blob [0-3] 728 * @param keyBlob 0-mod-4 aligned pointer is the RFC3394 wrapped key blob. 729 * @param numberOfBlocks is the unwrapped keyBlob length as multiple of 64-bit blocks 730 * @param dstContext is the destination key context for unwrapped blob [0-3] 731 * @retval status check from task completion 732 */ 733 status_t CAU3_KeyBlobUnwrap(CAU3_Type *base, 734 cau3_key_slot_t keySlot, 735 const uint8_t *keyBlob, 736 uint32_t numberOfBlocks, 737 cau3_key_slot_t dstContext); 738 739 /*! 740 *@} 741 */ /* end of cau3_driver_blob */ 742 743 /******************************************************************************* 744 * PKHA API 745 ******************************************************************************/ 746 747 /*! 748 * @addtogroup cau3_driver_pkha 749 * @{ 750 */ 751 752 int CAU3_PKHA_CompareBigNum(const uint8_t *a, size_t sizeA, const uint8_t *b, size_t sizeB); 753 754 /*! 755 * @brief Converts from integer to Montgomery format. 756 * 757 * This function computes R2 mod N and optionally converts A or B into Montgomery format of A or B. 758 * 759 * @param base CAU3 peripheral base address 760 * @param N modulus 761 * @param sizeN size of N in bytes 762 * @param[in,out] A The first input in non-Montgomery format. Output Montgomery format of the first input. 763 * @param[in,out] sizeA pointer to size variable. On input it holds size of input A in bytes. On output it holds size of 764 * Montgomery format of A in bytes. 765 * @param[in,out] B Second input in non-Montgomery format. Output Montgomery format of the second input. 766 * @param[in,out] sizeB pointer to size variable. On input it holds size of input B in bytes. On output it holds size of 767 * Montgomery format of B in bytes. 768 * @param[out] R2 Output Montgomery factor R2 mod N. 769 * @param[out] sizeR2 pointer to size variable. On output it holds size of Montgomery factor R2 mod N in bytes. 770 * @param equalTime Run the function time equalized or no timing equalization. 771 * @param arithType Type of arithmetic to perform (integer or F2m) 772 * @return Operation status. 773 */ 774 status_t CAU3_PKHA_NormalToMontgomery(CAU3_Type *base, 775 const uint8_t *N, 776 size_t sizeN, 777 uint8_t *A, 778 size_t *sizeA, 779 uint8_t *B, 780 size_t *sizeB, 781 uint8_t *R2, 782 size_t *sizeR2, 783 cau3_pkha_timing_t equalTime, 784 cau3_pkha_f2m_t arithType); 785 786 /*! 787 * @brief Converts from Montgomery format to int. 788 * 789 * This function converts Montgomery format of A or B into int A or B. 790 * 791 * @param base CAU3 peripheral base address 792 * @param N modulus. 793 * @param sizeN size of N modulus in bytes. 794 * @param[in,out] A Input first number in Montgomery format. Output is non-Montgomery format. 795 * @param[in,out] sizeA pointer to size variable. On input it holds size of the input A in bytes. On output it holds 796 * size of non-Montgomery A in bytes. 797 * @param[in,out] B Input first number in Montgomery format. Output is non-Montgomery format. 798 * @param[in,out] sizeB pointer to size variable. On input it holds size of the input B in bytes. On output it holds 799 * size of non-Montgomery B in bytes. 800 * @param equalTime Run the function time equalized or no timing equalization. 801 * @param arithType Type of arithmetic to perform (integer or F2m) 802 * @return Operation status. 803 */ 804 status_t CAU3_PKHA_MontgomeryToNormal(CAU3_Type *base, 805 const uint8_t *N, 806 size_t sizeN, 807 uint8_t *A, 808 size_t *sizeA, 809 uint8_t *B, 810 size_t *sizeB, 811 cau3_pkha_timing_t equalTime, 812 cau3_pkha_f2m_t arithType); 813 814 /*! 815 * @brief Performs modular addition - (A + B) mod N. 816 * 817 * This function performs modular addition of (A + B) mod N, with either 818 * integer or binary polynomial (F2m) inputs. In the F2m form, this function is 819 * equivalent to a bitwise XOR and it is functionally the same as subtraction. 820 * 821 * @param base CAU3 peripheral base address 822 * @param A first addend (integer or binary polynomial) 823 * @param sizeA Size of A in bytes 824 * @param B second addend (integer or binary polynomial) 825 * @param sizeB Size of B in bytes 826 * @param N modulus. 827 * @param sizeN Size of N in bytes. 828 * @param[out] result Output array to store result of operation 829 * @param[out] resultSize Output size of operation in bytes 830 * @param arithType Type of arithmetic to perform (integer or F2m) 831 * @return Operation status. 832 */ 833 status_t CAU3_PKHA_ModAdd(CAU3_Type *base, 834 const uint8_t *A, 835 size_t sizeA, 836 const uint8_t *B, 837 size_t sizeB, 838 const uint8_t *N, 839 size_t sizeN, 840 uint8_t *result, 841 size_t *resultSize, 842 cau3_pkha_f2m_t arithType); 843 844 /*! 845 * @brief Performs modular subtraction - (A - B) mod N. 846 * 847 * This function performs modular subtraction of (A - B) mod N with 848 * integer inputs. 849 * 850 * @param base CAU3 peripheral base address 851 * @param A first addend (integer or binary polynomial) 852 * @param sizeA Size of A in bytes 853 * @param B second addend (integer or binary polynomial) 854 * @param sizeB Size of B in bytes 855 * @param N modulus 856 * @param sizeN Size of N in bytes 857 * @param[out] result Output array to store result of operation 858 * @param[out] resultSize Output size of operation in bytes 859 * @return Operation status. 860 */ 861 status_t CAU3_PKHA_ModSub1(CAU3_Type *base, 862 const uint8_t *A, 863 size_t sizeA, 864 const uint8_t *B, 865 size_t sizeB, 866 const uint8_t *N, 867 size_t sizeN, 868 uint8_t *result, 869 size_t *resultSize); 870 871 /*! 872 * @brief Performs modular subtraction - (B - A) mod N. 873 * 874 * This function performs modular subtraction of (B - A) mod N, 875 * with integer inputs. 876 * 877 * @param base CAU3 peripheral base address 878 * @param A first addend (integer or binary polynomial) 879 * @param sizeA Size of A in bytes 880 * @param B second addend (integer or binary polynomial) 881 * @param sizeB Size of B in bytes 882 * @param N modulus 883 * @param sizeN Size of N in bytes 884 * @param[out] result Output array to store result of operation 885 * @param[out] resultSize Output size of operation in bytes 886 * @return Operation status. 887 */ 888 status_t CAU3_PKHA_ModSub2(CAU3_Type *base, 889 const uint8_t *A, 890 size_t sizeA, 891 const uint8_t *B, 892 size_t sizeB, 893 const uint8_t *N, 894 size_t sizeN, 895 uint8_t *result, 896 size_t *resultSize); 897 898 /*! 899 * @brief Performs modular multiplication - (A x B) mod N. 900 * 901 * This function performs modular multiplication with either integer or 902 * binary polynomial (F2m) inputs. It can optionally specify whether inputs 903 * and/or outputs will be in Montgomery form or not. 904 * 905 * @param base CAU3 peripheral base address 906 * @param A first addend (integer or binary polynomial) 907 * @param sizeA Size of A in bytes 908 * @param B second addend (integer or binary polynomial) 909 * @param sizeB Size of B in bytes 910 * @param N modulus. 911 * @param sizeN Size of N in bytes 912 * @param[out] result Output array to store result of operation 913 * @param[out] resultSize Output size of operation in bytes 914 * @param arithType Type of arithmetic to perform (integer or F2m) 915 * @param montIn Format of inputs 916 * @param montOut Format of output 917 * @param equalTime Run the function time equalized or no timing equalization. This argument is ignored for F2m modular 918 * multiplication. 919 * @return Operation status. 920 */ 921 status_t CAU3_PKHA_ModMul(CAU3_Type *base, 922 const uint8_t *A, 923 size_t sizeA, 924 const uint8_t *B, 925 size_t sizeB, 926 const uint8_t *N, 927 size_t sizeN, 928 uint8_t *result, 929 size_t *resultSize, 930 cau3_pkha_f2m_t arithType, 931 cau3_pkha_montgomery_form_t montIn, 932 cau3_pkha_montgomery_form_t montOut, 933 cau3_pkha_timing_t equalTime); 934 935 /*! 936 * @brief Performs modular exponentiation - (A^E) mod N. 937 * 938 * This function performs modular exponentiation with either integer or 939 * binary polynomial (F2m) inputs. 940 * 941 * @param base CAU3 peripheral base address 942 * @param A first addend (integer or binary polynomial) 943 * @param sizeA Size of A in bytes 944 * @param N modulus 945 * @param sizeN Size of N in bytes 946 * @param E exponent 947 * @param sizeE Size of E in bytes 948 * @param[out] result Output array to store result of operation 949 * @param[out] resultSize Output size of operation in bytes 950 * @param montIn Format of A input (normal or Montgomery) 951 * @param arithType Type of arithmetic to perform (integer or F2m) 952 * @param equalTime Run the function time equalized or no timing equalization. 953 * @return Operation status. 954 */ 955 status_t CAU3_PKHA_ModExp(CAU3_Type *base, 956 const uint8_t *A, 957 size_t sizeA, 958 const uint8_t *N, 959 size_t sizeN, 960 const uint8_t *E, 961 size_t sizeE, 962 uint8_t *result, 963 size_t *resultSize, 964 cau3_pkha_f2m_t arithType, 965 cau3_pkha_montgomery_form_t montIn, 966 cau3_pkha_timing_t equalTime); 967 968 /*! 969 * @brief Performs Modular Square Root. 970 * 971 * This function performs modular square root with integer inputs. 972 * The modular square root function computes output result B, such that ( B x B ) mod N = input A. 973 * If no such B result exists, the result will be set to 0 and the PKHA "prime" flag 974 * will be set. Input values A and B are limited to a maximum size of 128 bytes. Note that 975 * two such square root values may exist. This algorithm will find either one of them, if any 976 * exist. The second possible square root (B') can be found by calculating B' = N - B. 977 * 978 * @param base CAU3 peripheral base address 979 * @param A input value, for which a square root is to be calculated 980 * @param sizeA Size of A in bytes 981 * @param N modulus 982 * @param sizeN Size of N in bytes 983 * @param[out] result Output array to store result of operation 984 * @param[out] resultSize Output size of operation in bytes 985 * @return Operation status. 986 */ 987 status_t CAU3_PKHA_ModSqrt(CAU3_Type *base, 988 const uint8_t *A, 989 size_t sizeA, 990 const uint8_t *N, 991 size_t sizeN, 992 uint8_t *result, 993 size_t *resultSize); 994 995 /*! 996 * @brief Performs modular reduction - (A) mod N. 997 * 998 * This function performs modular reduction with either integer or 999 * binary polynomial (F2m) inputs. 1000 * 1001 * @param base CAU3 peripheral base address 1002 * @param A first addend (integer or binary polynomial) 1003 * @param sizeA Size of A in bytes 1004 * @param N modulus 1005 * @param sizeN Size of N in bytes 1006 * @param[out] result Output array to store result of operation 1007 * @param[out] resultSize Output size of operation in bytes 1008 * @param arithType Type of arithmetic to perform (integer or F2m) 1009 * @return Operation status. 1010 */ 1011 status_t CAU3_PKHA_ModRed(CAU3_Type *base, 1012 const uint8_t *A, 1013 size_t sizeA, 1014 const uint8_t *N, 1015 size_t sizeN, 1016 uint8_t *result, 1017 size_t *resultSize, 1018 cau3_pkha_f2m_t arithType); 1019 1020 /*! 1021 * @brief Performs modular inversion - (A^-1) mod N. 1022 * 1023 * This function performs modular inversion with either integer or 1024 * binary polynomial (F2m) inputs. 1025 * 1026 * @param base CAU3 peripheral base address 1027 * @param A first addend (integer or binary polynomial) 1028 * @param sizeA Size of A in bytes 1029 * @param N modulus 1030 * @param sizeN Size of N in bytes 1031 * @param[out] result Output array to store result of operation 1032 * @param[out] resultSize Output size of operation in bytes 1033 * @param arithType Type of arithmetic to perform (integer or F2m) 1034 * @return Operation status. 1035 */ 1036 status_t CAU3_PKHA_ModInv(CAU3_Type *base, 1037 const uint8_t *A, 1038 size_t sizeA, 1039 const uint8_t *N, 1040 size_t sizeN, 1041 uint8_t *result, 1042 size_t *resultSize, 1043 cau3_pkha_f2m_t arithType); 1044 1045 /*! 1046 * @brief Computes integer Montgomery factor R^2 mod N. 1047 * 1048 * This function computes a constant to assist in converting operands 1049 * into the Montgomery residue system representation. 1050 * 1051 * @param base CAU3 peripheral base address 1052 * @param N modulus 1053 * @param sizeN Size of N in bytes 1054 * @param[out] result Output array to store result of operation 1055 * @param[out] resultSize Output size of operation in bytes 1056 * @param arithType Type of arithmetic to perform (integer or F2m) 1057 * @return Operation status. 1058 */ 1059 status_t CAU3_PKHA_ModR2( 1060 CAU3_Type *base, const uint8_t *N, size_t sizeN, uint8_t *result, size_t *resultSize, cau3_pkha_f2m_t arithType); 1061 1062 /*! 1063 * @brief Performs Integer RERP mod P. 1064 * 1065 * This function is used to compute a constant to assist in converting operands into the 1066 * Montgomery residue system representation specifically for Chinese Remainder Theorem 1067 * while performing RSA with a CRT implementation where a modulus E=P x Q, and P and 1068 * Q are prime numbers. Although labeled RERP mod P, this routine (function) can also 1069 * compute RERQ mod Q. 1070 * 1071 * @param base CAU3 peripheral base address 1072 * @param P modulus P or Q of CRT, an odd integer 1073 * @param sizeP Size of P in bytes 1074 * @param sizeE Number of bytes of E = P x Q (this size must be given, though content of E itself is not used). 1075 * @param[out] result Output array to store result of operation 1076 * @param[out] resultSize Output size of operation in bytes 1077 * @return Operation status. 1078 */ 1079 status_t CAU3_PKHA_ModRR( 1080 CAU3_Type *base, const uint8_t *P, size_t sizeP, size_t sizeE, uint8_t *result, size_t *resultSize); 1081 1082 /*! 1083 * @brief Calculates the greatest common divisor - GCD (A, N). 1084 * 1085 * This function calculates the greatest common divisor of two inputs with 1086 * either integer or binary polynomial (F2m) inputs. 1087 * 1088 * @param base CAU3 peripheral base address 1089 * @param A first value (must be smaller than or equal to N) 1090 * @param sizeA Size of A in bytes 1091 * @param N second value (must be non-zero) 1092 * @param sizeN Size of N in bytes 1093 * @param[out] result Output array to store result of operation 1094 * @param[out] resultSize Output size of operation in bytes 1095 * @param arithType Type of arithmetic to perform (integer or F2m) 1096 * @return Operation status. 1097 */ 1098 status_t CAU3_PKHA_ModGcd(CAU3_Type *base, 1099 const uint8_t *A, 1100 size_t sizeA, 1101 const uint8_t *N, 1102 size_t sizeN, 1103 uint8_t *result, 1104 size_t *resultSize, 1105 cau3_pkha_f2m_t arithType); 1106 1107 /*! 1108 * @brief Executes Miller-Rabin primality test. 1109 * 1110 * This function calculates whether or not a candidate prime number is likely 1111 * to be a prime. 1112 * 1113 * @param base CAU3 peripheral base address 1114 * @param A initial random seed 1115 * @param sizeA Size of A in bytes 1116 * @param B number of trial runs 1117 * @param sizeB Size of B in bytes 1118 * @param N candidate prime integer 1119 * @param sizeN Size of N in bytes 1120 * @param[out] res True if the value is likely prime or false otherwise 1121 * @return Operation status. 1122 */ 1123 status_t CAU3_PKHA_PrimalityTest(CAU3_Type *base, 1124 const uint8_t *A, 1125 size_t sizeA, 1126 const uint8_t *B, 1127 size_t sizeB, 1128 const uint8_t *N, 1129 size_t sizeN, 1130 bool *res); 1131 1132 /*! 1133 * @brief Adds elliptic curve points - A + B. 1134 * 1135 * This function performs ECC point addition over a prime field (Fp) or binary field (F2m) using 1136 * affine coordinates. 1137 * 1138 * @param base CAU3 peripheral base address 1139 * @param A Left-hand point 1140 * @param B Right-hand point 1141 * @param N Prime modulus of the field 1142 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1143 * CAU3_PKHA_ModR2() function). 1144 * @param aCurveParam A parameter from curve equation 1145 * @param bCurveParam B parameter from curve equation (constant) 1146 * @param size Size in bytes of curve points and parameters 1147 * @param arithType Type of arithmetic to perform (integer or F2m) 1148 * @param[out] result Result point 1149 * @return Operation status. 1150 */ 1151 status_t CAU3_PKHA_ECC_PointAdd(CAU3_Type *base, 1152 const cau3_pkha_ecc_point_t *A, 1153 const cau3_pkha_ecc_point_t *B, 1154 const uint8_t *N, 1155 const uint8_t *R2modN, 1156 const uint8_t *aCurveParam, 1157 const uint8_t *bCurveParam, 1158 size_t size, 1159 cau3_pkha_f2m_t arithType, 1160 cau3_pkha_ecc_point_t *result); 1161 1162 /*! 1163 * @brief Doubles elliptic curve points - B + B. 1164 * 1165 * This function performs ECC point doubling over a prime field (Fp) or binary field (F2m) using 1166 * affine coordinates. 1167 * 1168 * @param base CAU3 peripheral base address 1169 * @param B Point to double 1170 * @param N Prime modulus of the field 1171 * @param aCurveParam A parameter from curve equation 1172 * @param bCurveParam B parameter from curve equation (constant) 1173 * @param size Size in bytes of curve points and parameters 1174 * @param arithType Type of arithmetic to perform (integer or F2m) 1175 * @param[out] result Result point 1176 * @return Operation status. 1177 */ 1178 status_t CAU3_PKHA_ECC_PointDouble(CAU3_Type *base, 1179 const cau3_pkha_ecc_point_t *B, 1180 const uint8_t *N, 1181 const uint8_t *aCurveParam, 1182 const uint8_t *bCurveParam, 1183 size_t size, 1184 cau3_pkha_f2m_t arithType, 1185 cau3_pkha_ecc_point_t *result); 1186 1187 /*! 1188 * @brief Multiplies an elliptic curve point by a scalar - E x (A0, A1). 1189 * 1190 * This function performs ECC point multiplication to multiply an ECC point by 1191 * a scalar integer multiplier over a prime field (Fp) or a binary field (F2m). 1192 * 1193 * @param base CAU3 peripheral base address 1194 * @param A Point as multiplicand 1195 * @param E Scalar multiple 1196 * @param sizeE The size of E, in bytes 1197 * @param N Modulus, a prime number for the Fp field or Irreducible polynomial for F2m field. 1198 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1199 * CAU3_PKHA_ModR2() function). 1200 * @param aCurveParam A parameter from curve equation 1201 * @param bCurveParam B parameter from curve equation (C parameter for operation over F2m). 1202 * @param size Size in bytes of curve points and parameters 1203 * @param equalTime Run the function time equalized or no timing equalization. 1204 * @param arithType Type of arithmetic to perform (integer or F2m) 1205 * @param[out] result Result point 1206 * @return Operation status. 1207 */ 1208 status_t CAU3_PKHA_ECC_PointMul(CAU3_Type *base, 1209 const cau3_pkha_ecc_point_t *A, 1210 const uint8_t *E, 1211 size_t sizeE, 1212 const uint8_t *N, 1213 const uint8_t *R2modN, 1214 const uint8_t *aCurveParam, 1215 const uint8_t *bCurveParam, 1216 size_t size, 1217 cau3_pkha_timing_t equalTime, 1218 cau3_pkha_f2m_t arithType, 1219 cau3_pkha_ecc_point_t *result); 1220 1221 /*! 1222 * @brief Computes scalar multiplication of a point on an elliptic curve in Montgomery form. 1223 * 1224 * This function computes the scalar multiplication of a point on an elliptic curve in 1225 * Montgomery form. The input and output are just the x coordinates of the points. 1226 * The points on a curve are defined by the equation E: B*y^2 = x^3 + A*x^2 + x mod p 1227 * This function computes a point multiplication on a Montgomery curve, using 1228 * Montgomery values, by means of a Montgomery ladder. At the end of the ladder, P2 = P3 + P1, 1229 * where P1 is the input and P3 is the result. 1230 * 1231 * @param base CAU3 peripheral base address 1232 * @param E Scalar multiplier, any integer 1233 * @param sizeE The size of E, in bytes 1234 * @param inputCoordinate Point as multiplicand, an input point's affine x coordinate 1235 * @param A24 elliptic curve a24 parameter, that is, (A+2)/4 1236 * @param N Modulus, a prime number. 1237 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1238 * @ref CAU3_PKHA_ModR2() function). 1239 * @param size Size in bytes of curve points and parameters 1240 * @param equalTime Run the function time equalized or no timing equalization. 1241 * @param[out] outputCoordinate Resulting poin's x affine coordinate. 1242 * @return Operation status. 1243 */ 1244 status_t CAU3_PKHA_ECM_PointMul(CAU3_Type *base, 1245 const uint8_t *E, 1246 size_t sizeE, 1247 const uint8_t *inputCoordinate, 1248 const uint8_t *A24, 1249 const uint8_t *N, 1250 const uint8_t *R2modN, 1251 size_t size, 1252 cau3_pkha_timing_t equalTime, 1253 uint8_t *outputCoordinate); 1254 1255 /*! 1256 * @brief Multiplies an Edwards-form elliptic curve point by a scalar - E x (A0, A1). 1257 * 1258 * This function performs scalar multiplication of an Edwards-form elliptic curve point 1259 * in affine coordinates. 1260 * The points on a curve are defined by the equation E: a*X^2 + d^2 = 1 + D^2*X^2*Y^2 mod N 1261 * 1262 * @param base CAU3 peripheral base address 1263 * @param A Point as multiplicand 1264 * @param E Scalar multiple 1265 * @param sizeE The size of E, in bytes 1266 * @param N Modulus, a prime number for the Fp field. 1267 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1268 * @ref CAU3_PKHA_ModR2() function). 1269 * @param aCurveParam A parameter from curve equation 1270 * @param dCurveParam D parameter from curve equation. 1271 * @param size Size in bytes of curve points and parameters 1272 * @param equalTime Run the function time equalized or no timing equalization. 1273 * @param[out] result Result point 1274 * @return Operation status. 1275 */ 1276 status_t CAU3_PKHA_ECT_PointMul(CAU3_Type *base, 1277 const cau3_pkha_ecc_point_t *A, 1278 const uint8_t *E, 1279 size_t sizeE, 1280 const uint8_t *N, 1281 const uint8_t *R2modN, 1282 const uint8_t *aCurveParam, 1283 const uint8_t *dCurveParam, 1284 size_t size, 1285 cau3_pkha_timing_t equalTime, 1286 cau3_pkha_ecc_point_t *result); 1287 1288 /*! 1289 * @brief Adds an Edwards-form elliptic curve points - A + B. 1290 * 1291 * This function performs Edwards-form elliptic curve point addition over a prime field (Fp) using affine coordinates. 1292 * The points on a curve are defined by the equation E: a*X^2 + Y^2 = 1 + d^2*X^2*Y^2 mod N 1293 * 1294 * @param base CAU3 peripheral base address 1295 * @param A Left-hand point 1296 * @param B Right-hand point 1297 * @param N Prime modulus of the field 1298 * @param R2modN NULL (the function computes R2modN internally) or pointer to pre-computed R2modN (obtained from 1299 * @ref CAU3_PKHA_ModR2() function). 1300 * @param aCurveParam A parameter from curve equation 1301 * @param dCurveParam D parameter from curve equation 1302 * @param size Size in bytes of curve points and parameters 1303 * @param[out] result Result point 1304 * @return Operation status. 1305 */ 1306 status_t CAU3_PKHA_ECT_PointAdd(CAU3_Type *base, 1307 const cau3_pkha_ecc_point_t *A, 1308 const cau3_pkha_ecc_point_t *B, 1309 const uint8_t *N, 1310 const uint8_t *R2modN, 1311 const uint8_t *aCurveParam, 1312 const uint8_t *dCurveParam, 1313 size_t size, 1314 cau3_pkha_ecc_point_t *result); 1315 1316 /*! 1317 *@} 1318 */ /* end of cau3_driver_pkha */ 1319 1320 /******************************************************************************* 1321 * RPA API 1322 ******************************************************************************/ 1323 1324 /*! 1325 * @addtogroup cau3_driver_rpa 1326 * @{ 1327 */ 1328 1329 /*! 1330 * @brief Makes the RPA key table empty 1331 * 1332 * CAU3_RPAtableInit 1333 * @param base CAU3 peripheral base address 1334 * @param taskDone indicates completion signal 1335 * 1336 * @return Operation status. 1337 */ 1338 status_t CAU3_RPAtableInit(CAU3_Type *base, cau3_task_done_t taskDone); 1339 1340 /*! 1341 * @brief Returns the RPA key table size 1342 * 1343 * CAU3_RPAtableSize 1344 * @param base CAU3 peripheral base address 1345 * @param result the number of entries in the RPA table 1346 * 1347 * @return RPA key table size (number of entries) 1348 */ 1349 status_t CAU3_RPAtableSize(CAU3_Type *base, uint32_t *result); 1350 1351 /*! 1352 * @brief Loads a 16-byte AES128 key into the RPA key table. It also expands the key 1353 * 1354 * CAU3_RPAtableInsertKey 1355 * @param base CAU3 peripheral base address 1356 * @param cauKey is pointer to key in sysMemory 1357 * @param taskDone indicates completion signal 1358 * 1359 * @return Operation status. 1360 */ 1361 status_t CAU3_RPAtableInsertKey(CAU3_Type *base, 1362 const uint32_t *cauKey, 1363 cau3_task_done_t taskDone); 1364 1365 /*! 1366 * @brief Removes a 16-byte AES128 IRK key from the RPA key table, 1367 * also taking the last key in the table and moving it to the 1368 * emptied location. 1369 * 1370 * CAU3_RPAtableRemoveKey 1371 * @param base CAU3 peripheral base address 1372 * @param irkIx index of the IRK to be removed from the RPA table 1373 * @param taskDone indicates completion signal 1374 * 1375 * @return Operation status 1376 */ 1377 status_t CAU3_RPAtableRemoveKey(CAU3_Type *base, uint32_t irkIx, cau3_task_done_t taskDone); 1378 1379 /*! 1380 * @brief Searches for an IRK (key) in the RPA table, given a 24-bit PRAND 1381 * and a 24-bit HASH; returns the index of the matching IRK in the 1382 * RPA table, or 0xFF if no IRK matches PRAND/HASH. 1383 * 1384 * CAU3_RPAtableSearch 1385 * @param base CAU3 peripheral base address 1386 * @param prand contains the 24-bit prand value (right-justified) 1387 * @param hash contains the 24-bit hash value (right-justified) 1388 * @param result index of the matching IRK in the RPA table, or 0xFF if no IRK in the table matches 1389 * @param taskDone indicates completion signal 1390 * 1391 * @return Operation status 1392 */ 1393 status_t CAU3_RPAtableSearch(CAU3_Type *base, 1394 const uint32_t prand, 1395 const uint32_t hash, 1396 uint32_t *result, 1397 cau3_task_done_t taskDone); 1398 1399 /*! 1400 *@} 1401 */ /* end of cau3_driver_rpa */ 1402 1403 #if defined(__cplusplus) 1404 } 1405 #endif 1406 1407 #endif /* _FSL_CAU3_H_ */ 1408
