mbed-os/crypto__ecc__hw_8h_source.html

/*

 * Copyright (c) 2022, Nuvoton Technology Corporation

 *

 * SPDX-License-Identifier: Apache-2.0

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */


#ifndef CRYPTO_ECC_HW_H

#define CRYPTO_ECC_HW_H


#if !defined(MBEDTLS_CONFIG_FILE)

#include "mbedtls/config.h"

#else

#include MBEDTLS_CONFIG_FILE

#endif


#if defined(MBEDTLS_ECP_ALT) || defined(MBEDTLS_ECP_INTERNAL_ALT)


#include "mbedtls/ecp.h"

#include <stdbool.h>


/* Crypto ECC H/W point operations */

#define ECCOP_POINT_MUL     (0x0UL << CRPT_ECC_CTL_ECCOP_Pos)

#define ECCOP_MODULE        (0x1UL << CRPT_ECC_CTL_ECCOP_Pos)

#define ECCOP_POINT_ADD     (0x2UL << CRPT_ECC_CTL_ECCOP_Pos)

#define ECCOP_POINT_DOUBLE  (0x3UL << CRPT_ECC_CTL_ECCOP_Pos)


/* Crypto ECC H/W modulus operations */

#define MODOP_DIV           (0x0UL << CRPT_ECC_CTL_MODOP_Pos)

#define MODOP_MUL           (0x1UL << CRPT_ECC_CTL_MODOP_Pos)

#define MODOP_ADD           (0x2UL << CRPT_ECC_CTL_MODOP_Pos)

#define MODOP_SUB           (0x3UL << CRPT_ECC_CTL_MODOP_Pos)


#ifdef __cplusplus

extern "C" {

#endif


/**

 * \brief           This function checks whether a given group can be used

 *                  for Crypto ECC H/W.

 *

 * \param grp       ECP group

 *

 * \return          \c 1 if the group can be used, \c 0 otherwise

 */

int crypto_ecc_capable(const mbedtls_ecp_group *grp);


/**

 * \brief           Initialize/Free Crypto ECC H/W

 *

 * \return          \c 0 on success.

 * \return          A non-zero error code on failure.

 *

 * \note            crypto_ecp_init()/crypto_ecp_free() are like pre-op/post-op calls

 *                  and they guarantee:

 *

 *                  1. Paired

 *                  2. No overlapping

 *                  3. Upper public function cannot return when ECP alter. is still activated.

 */

int crypto_ecc_init(const mbedtls_ecp_group *grp);

void crypto_ecc_free(const mbedtls_ecp_group *grp);

/**

 * \brief           Configure ECCOP operation, start it, and wait for its completion

 *

 * \param grp       ECP group

 * \param R         Destination point

 * \param m         Integer by which to multiply P

 * \param P         Point to multiply by m

 * \param n         Integer by which to multiply Q

 * \param Q         Point to be multiplied by n

 * \param eccop     ECCOP code. Could be ECCOP_POINT_MUL/ADD/DOUBLE

 * \param blinding  Blinding (SCAP) or not.

 *                  Dependent on passed-in eccop, only partial parameters among m/P/n/Q are needed and checked.

 *                  ECCOP_POINT_MUL     R = m*P

 *                  ECCOP_POINT_ADD     R = P + Q

 *                  ECCOP_POINT_DOUBLE  R = 2*P

 *

 * \return          0 if successful

 *

 * \note            P/Q must be normalized (= affine). R would be normalized.

 *

 * \note            m/n could be negative.

 *

 * \note            ECC accelerator doesn't support R = 0, and we need to detect it additionally.

 *                  For R = P + Q or R = 2*P, we can detect all R = 0 cases.

 *                  For R = m*P, we can detect all R = 0 cases only if grp->N (order) is a prime.

 *

 * \note            According to ECCOP operation, n is unnecessary. But to be consistent with R = m*P + n*Q,

 *                  n is kept with unused modifier.

 *

 * \note            Blinding (SCAP) is applicable only for point multiplication. But for future extension,

 *                  blinding is kept with all point operations.

 *

 */

int crypto_ecc_run_eccop_add(const mbedtls_ecp_group *grp,

                             mbedtls_ecp_point *R,

                             const mbedtls_ecp_point *P,

                             const mbedtls_ecp_point *Q,

                             bool blinding);

int crypto_ecc_run_eccop_double(const mbedtls_ecp_group *grp,

                                mbedtls_ecp_point *R,

                                const mbedtls_ecp_point *P,

                                bool blinding);

int crypto_ecc_run_eccop_mul(const mbedtls_ecp_group *grp,

                             mbedtls_ecp_point *R,

                             const mbedtls_mpi *m,

                             const mbedtls_ecp_point *P,

                             bool blinding);

int crypto_ecc_run_eccop(const mbedtls_ecp_group *grp,

                         mbedtls_ecp_point *R,

                         const mbedtls_mpi *m,

                         const mbedtls_ecp_point *P,

                         const mbedtls_mpi *n,

                         const mbedtls_ecp_point *Q,

                         uint32_t eccop,

                         bool blinding);


/**

 * \brief           Configure MODOP operation and wait for its completion

 *

 * \param r         Destination MPI

 * \param o1        Input MPI for first operand of MODOP

 * \param o2        Input MPI for second operand of MODOP

 * \param p         Prime modulus

 * \param pbits     Bit number of p

 * \param modop     ECCOP code. Could be MODOP_ADD/SUB/MUL/DIV

 *                  MODOP_ADD       r = o1 + o2 mod p

 *                  MODOP_SUB       r = o1 - o2 mod p

 *                  MODOP_MUL       r = o1 * o2 mod p

 *                  MODOP_DIV       r = o1 / o2 mod p

 *

 * \return          0 if successful

 *

 * \note            o1/o2 must be normalized (within [0, p - 1]). r would be normalized.

 */

int crypto_ecc_run_modop(mbedtls_mpi *r,

                         const mbedtls_mpi *o1,

                         const mbedtls_mpi *o2,

                         const mbedtls_mpi *p,

                         uint32_t pbits,

                         uint32_t modop);


/**

 * \brief               Import X from ECC registers, little endian

 *

 * \param X             Destination MPI

 * \param eccreg        Start of input ECC register

 * \param eccreg_num    Number of input ECC register

 *

 * \return              0 if successful

 *

 * \note                Destination MPI is always non-negative.

 */

int crypto_ecc_mpi_read_eccreg( mbedtls_mpi *X, const volatile uint32_t *eccreg, size_t eccreg_num );


/**

 * \brief               Export X into ECC registers, little endian

 *

 * \param X             Source MPI

 * \param eccreg        Start of ECC output registers

 * \param eccreg_num    Number of ECC output registers

 *

 * \return              0 if successful

 *

 * \note                Source MPI cannot be negative.

 * \note                Fills the remaining MSB ECC registers with zeros if X doesn't cover all.

 */

int crypto_ecc_mpi_write_eccreg( const mbedtls_mpi *X, volatile uint32_t *eccreg, size_t eccreg_num );


/**

 * \brief           Abort Crypto ECC H/W

 *

 * \param timeout_us    Timeout in microseconds.

 *

 * \return          \c 0 on success.

 * \return          A non-zero error code on failure.

 */

int crypto_ecc_abort(uint32_t timeout_us);


#ifdef __cplusplus

}

#endif


#endif /* MBEDTLS_ECP_ALT || MBEDTLS_ECP_INTERNAL_ALT */

#endif /* CRYPTO_ECC_HW_H */

config.h
Configuration options (set of defines)

ecp.h
This file provides an API for Elliptic Curves over GF(P) (ECP).

mbedtls_ecp_group
The ECP group structure.
Definition: mbedtls/include/mbedtls/ecp.h:223

mbedtls_ecp_point
The ECP point structure, in Jacobian coordinates.
Definition: mbedtls/include/mbedtls/ecp.h:174

mbedtls_mpi
MPI structure.
Definition: bignum.h:185