32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
35 #include "hw_sce_private.h"
36 #include "hw_sce_ra_private.h"
37 #include "hw_sce_rsa_private.h"
38 #include "hw_sce_ecc_private.h"
48 #if (RA8_CRYPTO_PKC_SUPPORT == ENABLED)
72 sce_oem_cmd_t command;
82 if((aLen <= 128 && eLen <= 4 && pLen == 128) ||
83 (aLen <= 256 && eLen <= 4 && pLen == 256) ||
84 (aLen <= 384 && eLen <= 4 && pLen == 384) ||
85 (aLen <= 512 && eLen <= 4 && pLen == 512))
90 command = SCE_OEM_CMD_RSA1024_PUBLIC;
94 command = SCE_OEM_CMD_RSA2048_PUBLIC;
98 command = SCE_OEM_CMD_RSA3072_PUBLIC;
102 command = SCE_OEM_CMD_RSA4096_PUBLIC;
116 status = HW_SCE_GenerateOemKeyIndexPrivate(SCE_OEM_KEY_TYPE_PLAIN,
117 command, NULL, NULL, (uint8_t *) rsaArgs.
key, rsaArgs.
wrappedKey);
120 if(status == FSP_SUCCESS)
125 status = HW_SCE_Rsa1024ModularExponentEncryptSub(rsaArgs.
wrappedKey,
126 rsaArgs.
m, rsaArgs.
c);
130 status = HW_SCE_Rsa2048ModularExponentEncryptSub(rsaArgs.
wrappedKey,
131 rsaArgs.
m, rsaArgs.
c);
135 status = HW_SCE_Rsa3072ModularExponentEncryptSub(rsaArgs.
wrappedKey,
136 rsaArgs.
m, rsaArgs.
c);
140 status = HW_SCE_Rsa4096ModularExponentEncryptSub(rsaArgs.
wrappedKey,
141 rsaArgs.
m, rsaArgs.
c);
145 status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
150 if(status == FSP_SUCCESS)
191 sce_oem_cmd_t command;
201 if((aLen <= 128 && eLen <= 128 && pLen == 128) ||
202 (aLen <= 256 && eLen <= 256 && pLen == 256) ||
203 (aLen <= 384 && eLen <= 384 && pLen == 384) ||
204 (aLen <= 512 && eLen <= 512 && pLen == 512))
209 command = SCE_OEM_CMD_RSA1024_PRIVATE;
213 command = SCE_OEM_CMD_RSA2048_PRIVATE;
217 command = SCE_OEM_CMD_RSA3072_PRIVATE;
221 command = SCE_OEM_CMD_RSA4096_PRIVATE;
235 status = HW_SCE_GenerateOemKeyIndexPrivate(SCE_OEM_KEY_TYPE_PLAIN,
236 command, NULL, NULL, (uint8_t *) rsaArgs.
key, rsaArgs.
wrappedKey);
239 if(status == FSP_SUCCESS)
244 status = HW_SCE_Rsa1024ModularExponentDecryptSub(rsaArgs.
wrappedKey,
245 rsaArgs.
c, rsaArgs.
m);
249 status = HW_SCE_Rsa2048ModularExponentDecryptSub(rsaArgs.
wrappedKey,
250 rsaArgs.
c, rsaArgs.
m);
254 status = HW_SCE_Rsa3072ModularExponentDecryptSub(rsaArgs.
wrappedKey,
255 rsaArgs.
c, rsaArgs.
m);
259 status = HW_SCE_Rsa4096ModularExponentDecryptSub(rsaArgs.
wrappedKey,
260 rsaArgs.
c, rsaArgs.
m);
264 status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
269 if(status == FSP_SUCCESS)
335 if((nLen == 128 && dLen <= 128) || (nLen == 384 && dLen <= 384))
340 else if(nLen > 0 && pLen > 0 && qLen > 0 && dpLen > 0 && dqLen > 0 &&
398 else if(nLen > 0 && dLen > 0)
431 sce_oem_cmd_t oemCommand;
432 const uint32_t *domainParams;
437 curveType = SCE_ECC_CURVE_TYPE_KOBLITZ;
438 oemCommand = SCE_OEM_CMD_ECC_SECP256K1_PRIVATE;
439 domainParams = DomainParam_Koblitz_secp256k1;
445 curveType = SCE_ECC_CURVE_TYPE_NIST;
446 oemCommand = SCE_OEM_CMD_ECC_P256_PRIVATE;
447 domainParams = DomainParam_NIST_P256;
453 curveType = SCE_ECC_CURVE_TYPE_NIST;
454 oemCommand = SCE_OEM_CMD_ECC_P384_PRIVATE;
455 domainParams = DomainParam_NIST_P384;
462 curveType = SCE_ECC_CURVE_TYPE_NIST;
463 oemCommand = SCE_OEM_CMD_ECC_P521_PRIVATE;
464 domainParams = DomainParam_NIST_P521;
470 curveType = SCE_ECC_CURVE_TYPE_BRAINPOOL;
471 oemCommand = SCE_OEM_CMD_ECC_P256R1_PRIVATE;
472 domainParams = DomainParam_Brainpool_256r1;
478 curveType = SCE_ECC_CURVE_TYPE_BRAINPOOL;
479 oemCommand = SCE_OEM_CMD_ECC_P384R1_PRIVATE;
480 domainParams = DomainParam_Brainpool_384r1;
486 curveType = SCE_ECC_CURVE_TYPE_BRAINPOOL;
487 oemCommand = SCE_OEM_CMD_ECC_P512R1_PRIVATE;
488 domainParams = DomainParam_Brainpool_512r1;
508 status = HW_SCE_GenerateOemKeyIndexPrivate(SCE_OEM_KEY_TYPE_PLAIN,
509 oemCommand, NULL, NULL, (uint8_t *) ecArgs.
d, ecArgs.
wrappedKey);
512 if(status == FSP_SUCCESS)
517 status = HW_SCE_Ecc256ScalarMultiplicationSub(&curveType,
518 &command, ecArgs.
wrappedKey, ecArgs.
g, domainParams, ecArgs.
q);
522 status = HW_SCE_Ecc384ScalarMultiplicationSub(&curveType,
527 status = HW_SCE_Ecc512ScalarMultiplicationSub(ecArgs.
wrappedKey,
528 ecArgs.
g, domainParams, ecArgs.
q);
532 status = HW_SCE_Ecc521ScalarMultiplicationSub(ecArgs.
wrappedKey,
533 ecArgs.
g, domainParams, ecArgs.
q);
537 status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
542 if(status == FSP_SUCCESS)
589 const uint8_t *digest,
size_t digestLen,
EcdsaSignature *signature)
597 sce_oem_cmd_t oemCommand;
598 const uint32_t *domainParams;
601 if(params == NULL || privateKey == NULL || digest == NULL || signature == NULL)
610 curveType = SCE_ECC_CURVE_TYPE_KOBLITZ;
611 oemCommand = SCE_OEM_CMD_ECC_SECP256K1_PRIVATE;
612 domainParams = DomainParam_Koblitz_secp256k1;
618 curveType = SCE_ECC_CURVE_TYPE_NIST;
619 oemCommand = SCE_OEM_CMD_ECC_P256_PRIVATE;
620 domainParams = DomainParam_NIST_P256;
626 curveType = SCE_ECC_CURVE_TYPE_NIST;
627 oemCommand = SCE_OEM_CMD_ECC_P384_PRIVATE;
628 domainParams = DomainParam_NIST_P384;
635 curveType = SCE_ECC_CURVE_TYPE_NIST;
636 oemCommand = SCE_OEM_CMD_ECC_P521_PRIVATE;
637 domainParams = DomainParam_NIST_P521;
643 curveType = SCE_ECC_CURVE_TYPE_BRAINPOOL;
644 oemCommand = SCE_OEM_CMD_ECC_P256R1_PRIVATE;
645 domainParams = DomainParam_Brainpool_256r1;
651 curveType = SCE_ECC_CURVE_TYPE_BRAINPOOL;
652 oemCommand = SCE_OEM_CMD_ECC_P384R1_PRIVATE;
653 domainParams = DomainParam_Brainpool_384r1;
659 curveType = SCE_ECC_CURVE_TYPE_BRAINPOOL;
660 oemCommand = SCE_OEM_CMD_ECC_P512R1_PRIVATE;
661 domainParams = DomainParam_Brainpool_512r1;
671 digestLen =
MIN(digestLen, orderLen);
678 osMemcpy((uint8_t *) ecArgs.
digest +
n - digestLen, digest, digestLen);
684 status = HW_SCE_GenerateOemKeyIndexPrivate(SCE_OEM_KEY_TYPE_PLAIN,
685 oemCommand, NULL, NULL, (uint8_t *) ecArgs.
d, ecArgs.
wrappedKey);
688 if(status == FSP_SUCCESS)
693 status = HW_SCE_EcdsaSignatureGenerateSub(&curveType, &command,
698 status = HW_SCE_EcdsaP384SignatureGenerateSub(&curveType,
703 status = HW_SCE_EcdsaP512SignatureGenerateSub(ecArgs.
wrappedKey,
708 status = HW_SCE_EcdsaP521SignatureGenerateSub(ecArgs.
wrappedKey,
713 status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
718 if(status == FSP_SUCCESS)
755 const EcPublicKey *publicKey,
const uint8_t *digest,
size_t digestLen,
763 sce_oem_cmd_t oemCommand;
764 const uint32_t *domainParams;
767 if(params == NULL || publicKey == NULL || digest == NULL || signature == NULL)
792 curveType = SCE_ECC_CURVE_TYPE_KOBLITZ;
793 oemCommand = SCE_OEM_CMD_ECC_SECP256K1_PUBLIC;
794 domainParams = DomainParam_Koblitz_secp256k1;
800 curveType = SCE_ECC_CURVE_TYPE_NIST;
801 oemCommand = SCE_OEM_CMD_ECC_P256_PUBLIC;
802 domainParams = DomainParam_NIST_P256;
808 curveType = SCE_ECC_CURVE_TYPE_NIST;
809 oemCommand = SCE_OEM_CMD_ECC_P384_PUBLIC;
810 domainParams = DomainParam_NIST_P384;
817 curveType = SCE_ECC_CURVE_TYPE_NIST;
818 oemCommand = SCE_OEM_CMD_ECC_P521_PUBLIC;
819 domainParams = DomainParam_NIST_P521;
825 curveType = SCE_ECC_CURVE_TYPE_BRAINPOOL;
826 oemCommand = SCE_OEM_CMD_ECC_P256R1_PUBLIC;
827 domainParams = DomainParam_Brainpool_256r1;
833 curveType = SCE_ECC_CURVE_TYPE_BRAINPOOL;
834 oemCommand = SCE_OEM_CMD_ECC_P384R1_PUBLIC;
835 domainParams = DomainParam_Brainpool_384r1;
841 curveType = SCE_ECC_CURVE_TYPE_BRAINPOOL;
842 oemCommand = SCE_OEM_CMD_ECC_P512R1_PUBLIC;
843 domainParams = DomainParam_Brainpool_512r1;
853 digestLen =
MIN(digestLen, orderLen);
860 osMemcpy((uint8_t *) ecArgs.
digest +
n - digestLen, digest, digestLen);
871 status = HW_SCE_GenerateOemKeyIndexPrivate(SCE_OEM_KEY_TYPE_PLAIN,
872 oemCommand, NULL, NULL, (uint8_t *) ecArgs.
q, ecArgs.
wrappedKey);
875 if(status == FSP_SUCCESS)
880 status = HW_SCE_EcdsaSignatureVerificationSub(&curveType, &command,
885 status = HW_SCE_EcdsaP384SignatureVerificationSub(&curveType,
890 status = HW_SCE_EcdsaP512SignatureVerificationSub(ecArgs.
wrappedKey,
895 status = HW_SCE_EcdsaP521SignatureVerificationSub(ecArgs.
wrappedKey,
900 status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
General definitions for cryptographic algorithms.
#define mpiReadRaw(r, data, length)
#define mpiWriteRaw(a, data, length)
ECC (Elliptic Curve Cryptography)
ECDSA (Elliptic Curve Digital Signature Algorithm)
@ ERROR_INVALID_SIGNATURE
@ ERROR_FAILURE
Generic error code.
@ ERROR_INVALID_PARAMETER
Invalid parameter.
error_t mpiMul(Mpi *r, const Mpi *a, const Mpi *b)
Multiple precision multiplication.
error_t mpiExpMod(Mpi *r, const Mpi *a, const Mpi *e, const Mpi *p)
Modular exponentiation.
error_t mpiMulMod(Mpi *r, const Mpi *a, const Mpi *b, const Mpi *p)
Modular multiplication.
error_t mpiSetValue(Mpi *r, int_t a)
Set the value of a multiple precision integer.
error_t mpiSub(Mpi *r, const Mpi *a, const Mpi *b)
Multiple precision subtraction.
int_t mpiCompInt(const Mpi *a, int_t b)
Compare a multiple precision integer with an integer.
int_t mpiComp(const Mpi *a, const Mpi *b)
Compare two multiple precision integers.
void mpiInit(Mpi *r)
Initialize a multiple precision integer.
uint_t mpiGetByteLength(const Mpi *a)
Get the actual length in bytes.
void mpiFree(Mpi *r)
Release a multiple precision integer.
error_t mpiAdd(Mpi *r, const Mpi *a, const Mpi *b)
Multiple precision addition.
error_t mpiMod(Mpi *r, const Mpi *a, const Mpi *p)
Modulo operation.
#define osMemset(p, value, length)
#define osMemcpy(dest, src, length)
void osAcquireMutex(OsMutex *mutex)
Acquire ownership of the specified mutex object.
void osReleaseMutex(OsMutex *mutex)
Release ownership of the specified mutex object.
RA8 hardware cryptographic accelerator (RSIP7)
error_t mpiExpModRegular(Mpi *r, const Mpi *a, const Mpi *e, const Mpi *p)
Modular exponentiation (regular calculation)
const uint32_t sce_oem_key_size[SCE_OEM_CMD_NUM]
error_t ecMult(const EcDomainParameters *params, EcPoint *r, const Mpi *d, const EcPoint *s)
Scalar multiplication.
error_t rsadp(const RsaPrivateKey *key, const Mpi *c, Mpi *m)
RSA decryption primitive.
error_t ecdsaGenerateSignature(const PrngAlgo *prngAlgo, void *prngContext, const EcDomainParameters *params, const EcPrivateKey *privateKey, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature generation.
error_t ecdsaVerifySignature(const EcDomainParameters *params, const EcPublicKey *publicKey, const uint8_t *digest, size_t digestLen, const EcdsaSignature *signature)
ECDSA signature verification.
error_t mpiExpModFast(Mpi *r, const Mpi *a, const Mpi *e, const Mpi *p)
Modular exponentiation (fast calculation)
RA8 public-key hardware accelerator.
RSA public-key cryptography standard.
const char_t * name
Curve name.
Mpi q
Order of the point G.
Arbitrary precision integer.
Mpi dq
Second factor's CRT exponent.
Mpi dp
First factor's CRT exponent.