AM64x MCU+ SDK  08.02.00
PKA

Table of Contents

The PKA module provides a high-performance public key engine to accelerate the large vector math processing that is required for Public Key computations. It also includes hw acceleration for Elliptic Curve Cryptography such as binary field ECC point addition, inversion, multiplication and ECC prime field point addition, inversion and multiplication.The ECC prime field engine GF(p) supports all NIST (FIPS 186-3) recommended prime curves up to 521 bit key length.

Features Supported In Hardware

  • Basic Public key crypto operations that use the 32-bit PKCP engine
    • Large vector addition, subtraction and combined addition/subtraction
    • Large vector bit shift right or left
    • Large vector multiplication, modulo and division
    • Large vector compare and copy
  • Dual LNME engine for Montgomery multiplication and exponentiation
    • Y = X * Y * R-1 mod N
    • Y[1] = X * Y[0] * R-1 mod N
    • B = X * Y * R-1 mod N
    • Y = XB * R-1 mod N
  • Binary field GF2m engine to accelerate ECC binary field GF(2m) operations such as add, multiply and modular inversion
  • ECC prime field GF(p) operations such as point addition, multiplication, doubling over all NIST recommended prime curves

Features Supported In Driver

  • RSA Module
    • Supports up to 4096 bit key.
    • Supports Raw operations.
    • Supports RSA encryption and decryption operations.
    • Supports RSA signing and verification operations.
  • ECDSA Module
    • ECDSA signing and verification operations
      • P-256 and P-384 curves

Key Types

  • RSA Keys
    • RSA private key
    • RSA public key
  • ECDSA Keys
    • ECDSA private key
    • ECDSA public key

RSA Private Key

  • RSA private key consists of below components:
    • n : RSA modulus (n)
    • d : Private exponent (d)
    • p : Prime 1 (p)
    • q : Prime 2 (q)
    • dp : d mod (p-1)
    • dq : d mod (q-1)
    • coefficient : crt coefficient q^(-1) mod p
  • To generate private key use this openssl command openssl genrsa -out rsa_priv.pem, it default create 2048 bit key.
  • To generate specific size of private key use this openssl command openssl genrsa -out rsa_priv.pem 4096, it creates 4096 bit key.

RSA public key

  • RSA public key consists of two components:
    • n : The RSA modulus (a positive integer)
    • e : The RSA public exponent (a positive integer)
  • To Extract public key from private key use this openssl command openssl rsa -pubout -in rsa_pub.pem -out public.pem

ECDSA public key

  • ECDSA public key consists of below components:
    • Ux : X-coordinate
    • Uy : Y-coordinate
  • To Extract public key from private key use this openssl command openssl ec -in private.pem -pubout -out public.pem

ECDSA private key

  • ECDSA private key consists of below components:
    • x : private component
  • To generate private key use this reference openssl command openssl ecparam -name prime256v1 -genkey -noout -out private.pem

RSA Encryption and Decryption

RSA Encryption

  • PKA follows Bigint format, before passing data to driver please convert to Bigint format
  • Rsa encryption operation produce a cipher text from a message using a public key.
  • c = m^e mod n
    • Input:
      • k :RSA public key with Big int format, K has the following form:
        • (n, e)
      • m :Message with Big int format, message length and key length should be same
    • Output:
      • c :Cipher text

RSA Encryption operation

RSA Decryption

  • PKA follows Bigint format, before passing data to driver please convert to Bigint format
  • Rsa decryption operation recovers the message from the cipher text using private key.
  • m = c^d mod n
    • Input:
      • k :RSA private key with Big int format, K has the following form:
        • (n, d, p, q, dP, dQ, qInv)
      • c :cipher text
    • Output:
      • m :Message
        RSA Decryption operation

RSA Signing and Verification

RSA Signing

  • PKA follows Bigint format, before passing data to driver please convert to Bigint format
  • RSA signing operation produces a signature from a message using private key
  • s = m^d mod n
    • Input:
      • k :RSA private key with Big int format, K has the following form:
        • (n, d, p, q, dP, dQ, qInv)
      • m :Padded Message hash, message length and key length should be same
    • Output:
      • s :Signature
        RSA Signing operation

RSA Verification

  • PKA follows Bigint format, before passing data to driver please convert to Bigint format
  • RSA verification operation recovers the message from the signature using public key.
  • m = s^e mod n
    • Input:
      • k :RSA public key with Big int format, K has the following form:
        • (n, e)
      • s :Signature
    • Output:
      • m :Padded Message hash

RSA Verification operation

ECDSA Signing and Verification

ECDSA Signing

  • PKA follows Bigint format, before passing data to driver please convert to Bigint format
  • signing operation produces a signature from a message using private key
  • Input :
    • cp : EC prime curve parameters
    • priv : Private key
    • k : Random key
    • h : Message Hash
  • Output :
    • sig : Signature
      ECDSA Signing operation

ECDSA Verification

  • PKA follows Bigint format, before passing data to driver please convert to Bigint format
  • ECDSA verification operation check using public key
  • Input :
    • cp : EC prime curve parameters
    • pub : Public key
    • sig : Signature
    • h : Message Hash
  • Output :
    • Return TRUE if Verified or FALSE if verify Failed
      ECDSA Verification operation

SysConfig Features

  • SysConfig contains PkA Instances, base address of Crypto accelerator and PKA module base address for pka handle to manage PKA api's.

Features NOT Supported

  • ECDH not supported
Note
Please use Linux terminal or git bash in windows to execute below openssl commands

Openssl Commands For RSA

  • Used openssl version is OpenSSL 1.1.1k 25 Mar 2021

To Create Public and private keys

  • openssl genrsa -out rsa_priv.pem , default it creates 2048 bit Private key.
  • openssl genrsa -out rsa_priv.pem 4096 , it creates 4096 bit Private key.
  • openssl rsa -pubout -in rsa_priv.pem -out rsa_pub.pem , it extract public key from private key.

Create message

  • Write a message in message.txt file : vi message.txt,
  • Convert txt file to bin file for better result : xxd -r -p message.txt >message.bin

RSA Encryption operations

Note
Input message/sign and key length should be same. Non equivalent lengths not Supported, required padding in this case.
  • PKA follows Bigint format, before passing data to driver please convert to Bigint format
  • To perform encryption operation : openssl rsautl -encrypt -raw -pubin -inkey rsa_pub.pem -in message.bin -out cipher.bin
  • To see the result : xxd cipher.bin

RSA Decryption operations

  • PKA follows Bigint format, before passing data to driver please convert to Bigint format
  • To perform decryption operation : openssl rsautl -decrypt -raw -inkey rsa_priv.pem -in cipher.bin -out decipher.bin
  • To see the result : xxd decipher.bin

To Create Sha Hash

  • openssl dgst -sha512 -binary -out msg_sha512.dgt message.bin

RSA Signing operations

  • PKA follows Bigint format, before passing data to driver please convert to Bigint format
  • To perform signing operation : openssl rsautl -sign -inkey rsa_priv.key -in msg_sha512.dgt -out msg_sha512_signed.dgt

RSA Verification operations

  • PKA follows Bigint format, before passing data to driver please convert to Bigint format
  • To perform verification operation : openssl rsautl -verify -pubin -inkey rsa_pub.key -in msg_sha512_signed.dgt -out msg_sha512_verify.dgt
  • To see the result : xxd msg_sha512_verify.dgt
  • To see the raw result use below command
    • openssl rsautl -verify -pubin -inkey rsa_pub.key -in msg_sha512_signed.dgt -raw >msg_sha512_verify.dgt
    • xxd msg_sha512_verify.dgt

Openssl Commands For ECDSA

To Create Public and private keys

  • To create prime256v1 Private key : openssl ecparam -name prime256v1 -genkey -noout -out private.pem
  • To extract public key from private key : openssl ec -in private.pem -pubout -out public.pem
  • To see the key in text format : Openssl pkey -in private.pem -text -noout

Create message

  • Write a message in message.txt file : vi message.txt,
  • Convert txt file to bin file for better result : xxd -r -p message.txt >message.bin

Create Random key

  • Write a random number in rand_key.txt file : vi rand_key.txt,
  • Convert txt file to bin file for better result : xxd -r -p rand_key.txt >rand_key.bin

ECDSA Signing operations

Note
Openssl ECDSA Signature and our PKA ECDSA Signature will not match due to randomness of openssl
  • PKA follows Bigint format, before passing data to driver please convert to Bigint format
  • To perform signing operation : openssl dgst -sha256 -sign private.pem -rand rand_key.bin -out ecdsa_sign.bin message.bin
  • To see the signature in text format : openssl asn1parse -in ecdsa_sign.bin -inform der

ECDSA Verification operations

  • PKA follows Bigint format, before passing data to driver please convert to Bigint format
  • To perform verification operation : openssl dgst -sha256 -verify public.pem -signature ecdsa_sign.bin message.bin
Note
PKA RSA driver follows Big int Format for inputs, please refer below section for Big int format

Bigint format

bigIntArr[] =
{
0x000000xx -->Number of words in array
0xXXXXXXXX |
0xXXXXXXXX |
0xXXXXXXXX |
0xXXXXXXXX |
0xXXXXXXXX |----------- Key values in word format with least significant word first
0xXXXXXXXX |
0xXXXXXXXX |
0xXXXXXXXX |
0xXXXXXXXX |
}

Bigint Format Conversion for PKA RSA Driver

Steps for Bigint conversion

  • For converting input to bigint please follow below steps
  • Sample input key in below, to see content of key use this command Openssl rsa -text -in rsa_priv.pem
    RSA Private-Key: (2048 bit, 2 primes)
    modulus:
    00:c5:69:69:c2:95:80:33:af:75:24:50:98:9e:52:
    9c:69:ff:21:af:ad:04:29:a8:f5:f6:e7:ae:2f:0c:
    ea:14:13:df:ba:2f:3e:cf:cc:4a:8a:6e:9f:6d:b7:
    b3:dc:15:98:be:7d:5d:82:0b:f4:7e:6f:9d:31:1d:
    b6:d1:90:6a:36:79:81:67:48:33:0f:4e:75:3b:e6:
    1c:d6:43:36:eb:94:21:0f:03:65:93:27:55:27:3c:
    a6:8a:5d:a5:5e:f9:d6:ed:66:4d:03:19:58:6a:35:
    97:93:e7:f4:09:30:d8:f4:ee:42:0c:45:1a:23:f0:
    b0:58:9e:d8:4b:72:d6:68:74:5c:4d:c7:59:b2:7c:
    8e:0c:c7:8d:2e:6f:3e:de:8c:2d:2e:a2:66:cd:7f:
    b0:cc:0d:c9:79:a0:e1:47:dc:23:1d:8b:00:b9:e8:
    48:34:f9:c3:e7:67:b5:32:37:1c:84:56:10:c8:53:
    c2:9a:95:89:7d:d3:5a:62:16:3f:a1:8b:8d:ee:11:
    2e:a4:ac:16:9f:63:6b:12:fe:2f:6c:cb:34:36:d9:
    43:06:37:cb:5a:09:ce:7d:2a:30:3d:51:75:df:58:
    6b:60:6c:c6:bf:d4:7e:b2:3d:dc:cc:06:3e:28:b3:
    c7:91:d7:76:38:9f:24:b6:e7:05:69:53:ac:8c:6c:
    85:b9
    publicExponent: 65537 (0x10001)
    privateExponent:
    17:12:11:ad:0e:e1:b3:a8:9e:ad:06:ca:3f:3e:72:
    4f:24:e4:df:ed:fd:5d:8d:04:69:bd:7b:aa:bd:fc:
    a1:2a:0d:6c:69:d7:12:5b:d2:9e:48:fd:52:ca:34:
    37:d5:42:4b:88:c5:23:cc:97:df:2a:d6:19:06:5a:
    f6:34:c5:64:e6:60:4c:1c:b0:f2:e9:fd:63:69:aa:
    17:14:35:d7:e4:30:d4:db:55:c4:93:c5:2c:d7:b6:
    b2:d6:ec:db:a3:a1:0d:8f:76:12:95:a4:b2:8c:de:
    d1:07:3b:8a:d3:6d:97:7a:3c:b7:c8:5f:9c:b1:a5:
    3a:46:1e:0a:fb:39:b9:6d:22:fe:e7:9e:0b:ee:ca:
    18:bf:cb:82:70:86:e8:3e:d8:aa:0e:22:6e:e9:c2:
    90:55:d4:42:0d:3a:cb:2d:4e:92:58:81:46:d2:b2:
    f9:33:de:91:c5:18:a6:1d:e5:12:6c:9e:d2:de:1a:
    86:c8:d4:b8:3c:c3:40:a0:ae:b5:ab:6c:9f:2c:81:
    88:e6:eb:00:c1:57:17:6e:0a:d1:94:76:c9:26:03:
    46:7d:39:41:55:24:bf:70:08:35:70:9f:97:78:20:
    5a:db:d6:cc:8c:2f:9c:77:a1:76:24:d3:0c:d9:e2:
    f2:b4:c7:76:70:90:f0:b9:ab:ae:27:08:76:b2:49:
    71
    prime1:
    00:fa:5d:68:75:50:8f:a4:ea:c2:62:4c:cf:53:b3:
    57:c3:5b:e4:ed:e3:53:c2:9c:4c:f5:13:d0:5d:1a:
    e0:06:0c:6d:96:e0:50:93:64:48:df:50:ab:e8:24:
    05:5b:bb:e7:77:32:91:b0:b0:ea:72:c7:a3:ed:1f:
    55:0d:95:fe:d7:8a:ee:33:c9:de:aa:84:ef:03:ef:
    b7:a2:d9:a2:a8:a2:db:ae:e5:08:fd:e1:68:2f:5a:
    2c:16:d7:9c:03:11:4e:e4:b1:70:1b:e1:9e:37:80:
    be:0b:50:7f:43:1a:cc:84:be:5c:ae:1f:3f:a6:00:
    b5:89:6f:86:ad:16:15:91:0d
    prime2:
    00:c9:da:e4:39:98:e1:94:26:33:af:a2:f3:bc:7b:
    66:1e:74:27:a5:77:e2:d0:89:1e:2a:45:13:4d:d8:
    d1:67:b7:44:44:00:91:0f:c4:65:5c:54:07:6d:5a:
    73:8f:5e:da:85:25:6b:85:2a:3b:a2:41:f3:8b:f7:
    0c:c1:ed:43:2b:16:1f:2d:e1:70:56:6b:ee:c6:a3:
    d2:97:26:51:69:54:a8:4c:48:79:3f:7f:6f:c8:5d:
    06:77:9b:17:fb:c6:ba:03:b9:d7:f1:f3:11:ce:70:
    ff:89:5c:08:18:0b:5d:7d:b3:5e:18:fa:c9:d6:fa:
    06:6b:6f:bb:98:b0:b5:24:5d
    exponent1:
    34:5d:12:fa:ee:65:8c:bd:98:f8:4c:4e:54:98:3e:
    f3:da:25:70:67:ca:5d:fa:a8:d1:dd:5a:08:0f:15:
    e9:cd:f1:a1:cb:ba:ae:89:1c:00:b0:f3:b3:72:cd:
    38:19:7d:d8:dd:57:c1:57:cf:41:40:66:15:b3:26:
    eb:d7:82:5c:7c:6f:43:9f:a6:15:8e:06:1b:91:a8:
    9b:c3:df:14:5c:33:8c:49:d4:ee:9c:95:58:ca:08:
    4c:a2:bd:bb:9a:84:20:aa:c7:e2:dc:f6:65:6f:64:
    d0:22:fe:ea:ff:10:e5:76:97:15:c7:ed:5c:ff:ea:
    f8:1a:be:55:37:38:3d:85
    exponent2:
    00:c7:ff:6f:7d:79:f2:97:bd:3a:1c:dd:d1:ad:80:
    7e:6f:d2:1a:ae:22:18:c3:11:f8:a7:5d:05:81:6e:
    40:1d:09:42:44:36:63:84:41:cd:44:2b:a5:a8:3d:
    a4:9d:fb:17:7c:30:d5:55:7d:c0:d4:45:90:2f:af:
    ba:1e:33:1d:08:05:c5:22:ca:69:69:d7:4b:1f:d9:
    95:80:59:60:f4:82:02:b6:82:60:4f:ff:ce:1b:b1:
    c0:04:a5:d0:9f:90:09:22:43:f2:a8:31:74:05:1d:
    84:b2:ee:52:be:b0:14:13:c5:b2:88:01:84:16:d2:
    67:a5:ef:70:ea:1a:bb:7f:a9
    coefficient:
    56:90:21:af:68:6a:63:68:9b:24:82:f4:3d:3f:86:
    f5:40:64:a0:1a:5b:ad:b7:f0:b4:a0:6e:e4:65:6a:
    31:6e:1f:32:a4:73:b5:03:b5:48:b4:c0:9f:8e:0d:
    7f:92:a1:30:58:46:88:07:fb:11:8e:44:0e:a8:4c:
    53:f3:42:68:db:31:93:9e:bb:22:5a:e5:e5:2f:73:
    a1:02:0c:db:4e:5a:4c:e6:ba:4a:99:14:95:2f:12:
    76:99:44:6c:93:e0:d5:5d:38:42:95:b5:52:48:8a:
    c2:2e:8a:dd:8e:2e:b2:e7:fa:df:6d:77:f5:e1:27:
    bc:d2:7d:4c:05:f2:32:8e

Step 1: As part of first step we need to convert uint8_t to uint32_t format, for this conversion we are using Crypto_Uint8ToUint32(). Here we are using modulus value for converting to bigint format.

Input of Crypto_Uint8ToUint32()

0xC5,0x69,0x69,0xC2,0x95,0x80,0x33,0xAF,0x75,0x24,
0x50,0x98,0x9E,0x52,0x9C,0x69,0xFF,0x21,0xAF,0xAD,
0x04,0x29,0xA8,0xF5,0xF6,0xE7,0xAE,0x2F,0x0C,0xEA,
0x14,0x13,0xDF,0xBA,0x2F,0x3E,0xCF,0xCC,0x4A,0x8A,
0x6E,0x9F,0x6D,0xB7,0xB3,0xDC,0x15,0x98,0xBE,0x7D,
0x5D,0x82,0x0B,0xF4,0x7E,0x6F,0x9D,0x31,0x1D,0xB6,
0xD1,0x90,0x6A,0x36,0x79,0x81,0x67,0x48,0x33,0x0F,
0x4E,0x75,0x3B,0xE6,0x1C,0xD6,0x43,0x36,0xEB,0x94,
0x21,0x0F,0x03,0x65,0x93,0x27,0x55,0x27,0x3C,0xA6,
0x8A,0x5D,0xA5,0x5E,0xF9,0xD6,0xED,0x66,0x4D,0x03,
0x19,0x58,0x6A,0x35,0x97,0x93,0xE7,0xF4,0x09,0x30,
0xD8,0xF4,0xEE,0x42,0x0C,0x45,0x1A,0x23,0xF0,0xB0,
0x58,0x9E,0xD8,0x4B,0x72,0xD6,0x68,0x74,0x5C,0x4D,
0xC7,0x59,0xB2,0x7C,0x8E,0x0C,0xC7,0x8D,0x2E,0x6F,
0x3E,0xDE,0x8C,0x2D,0x2E,0xA2,0x66,0xCD,0x7F,0xB0,
0xCC,0x0D,0xC9,0x79,0xA0,0xE1,0x47,0xDC,0x23,0x1D,
0x8B,0x00,0xB9,0xE8,0x48,0x34,0xF9,0xC3,0xE7,0x67,
0xB5,0x32,0x37,0x1C,0x84,0x56,0x10,0xC8,0x53,0xC2,
0x9A,0x95,0x89,0x7D,0xD3,0x5A,0x62,0x16,0x3F,0xA1,
0x8B,0x8D,0xEE,0x11,0x2E,0xA4,0xAC,0x16,0x9F,0x63,
0x6B,0x12,0xFE,0x2F,0x6C,0xCB,0x34,0x36,0xD9,0x43,
0x06,0x37,0xCB,0x5A,0x09,0xCE,0x7D,0x2A,0x30,0x3D,
0x51,0x75,0xDF,0x58,0x6B,0x60,0x6C,0xC6,0xBF,0xD4,
0x7E,0xB2,0x3D,0xDC,0xCC,0x06,0x3E,0x28,0xB3,0xC7,
0x91,0xD7,0x76,0x38,0x9F,0x24,0xB6,0xE7,0x05,0x69,
0x53,0xAC,0x8C,0x6C,0x85,0xB9

output of Crypto_Uint8ToUint32()

0xC56969C2UL,0x958033AFUL,0x75245098UL,0x9E529C69UL,
0xFF21AFADUL,0x0429A8F5UL,0xF6E7AE2FUL,0x0CEA1413UL,
0xDFBA2F3EUL,0xCFCC4A8AUL,0x6E9F6DB7UL,0xB3DC1598UL,
0xBE7D5D82UL,0x0BF47E6FUL,0x9D311DB6UL,0xD1906A36UL,
0x79816748UL,0x330F4E75UL,0x3BE61CD6UL,0x4336EB94UL,
0x210F0365UL,0x93275527UL,0x3CA68A5DUL,0xA55EF9D6UL,
0xED664D03UL,0x19586A35UL,0x9793E7F4UL,0x0930D8F4UL,
0xEE420C45UL,0x1A23F0B0UL,0x589ED84BUL,0x72D66874UL,
0x5C4DC759UL,0xB27C8E0CUL,0xC78D2E6FUL,0x3EDE8C2DUL,
0x2EA266CDUL,0x7FB0CC0DUL,0xC979A0E1UL,0x47DC231DUL,
0x8B00B9E8UL,0x4834F9C3UL,0xE767B532UL,0x371C8456UL,
0x10C853C2UL,0x9A95897DUL,0xD35A6216UL,0x3FA18B8DUL,
0xEE112EA4UL,0xAC169F63UL,0x6B12FE2FUL,0x6CCB3436UL,
0xD9430637UL,0xCB5A09CEUL,0x7D2A303DUL,0x5175DF58UL,
0x6B606CC6UL,0xBFD47EB2UL,0x3DDCCC06UL,0x3E28B3C7UL,
0x91D77638UL,0x9F24B6E7UL,0x056953ACUL,0x8C6C85B9UL,

Step 2:

As part of second step we need to convert uint32_t to bigint format, for this conversion we are using Crypto_bigIntToUint32().

Input of Crypto_bigIntToUint32()

0xC56969C2UL,0x958033AFUL,0x75245098UL,0x9E529C69UL,
0xFF21AFADUL,0x0429A8F5UL,0xF6E7AE2FUL,0x0CEA1413UL,
0xDFBA2F3EUL,0xCFCC4A8AUL,0x6E9F6DB7UL,0xB3DC1598UL,
0xBE7D5D82UL,0x0BF47E6FUL,0x9D311DB6UL,0xD1906A36UL,
0x79816748UL,0x330F4E75UL,0x3BE61CD6UL,0x4336EB94UL,
0x210F0365UL,0x93275527UL,0x3CA68A5DUL,0xA55EF9D6UL,
0xED664D03UL,0x19586A35UL,0x9793E7F4UL,0x0930D8F4UL,
0xEE420C45UL,0x1A23F0B0UL,0x589ED84BUL,0x72D66874UL,
0x5C4DC759UL,0xB27C8E0CUL,0xC78D2E6FUL,0x3EDE8C2DUL,
0x2EA266CDUL,0x7FB0CC0DUL,0xC979A0E1UL,0x47DC231DUL,
0x8B00B9E8UL,0x4834F9C3UL,0xE767B532UL,0x371C8456UL,
0x10C853C2UL,0x9A95897DUL,0xD35A6216UL,0x3FA18B8DUL,
0xEE112EA4UL,0xAC169F63UL,0x6B12FE2FUL,0x6CCB3436UL,
0xD9430637UL,0xCB5A09CEUL,0x7D2A303DUL,0x5175DF58UL,
0x6B606CC6UL,0xBFD47EB2UL,0x3DDCCC06UL,0x3E28B3C7UL,
0x91D77638UL,0x9F24B6E7UL,0x056953ACUL,0x8C6C85B9UL,

Output of Crypto_bigIntToUint32()

0x00000040UL, --> Number of words in array
0x8C6C85B9UL,0x056953ACUL,0x9F24B6E7UL,0x91D77638UL, --> Modulus value in word format, with least significant word
0x3E28B3C7UL,0x3DDCCC06UL,0xBFD47EB2UL,0x6B606CC6UL, first
0x5175DF58UL,0x7D2A303DUL,0xCB5A09CEUL,0xD9430637UL,
0x6CCB3436UL,0x6B12FE2FUL,0xAC169F63UL,0xEE112EA4UL,
0x3FA18B8DUL,0xD35A6216UL,0x9A95897DUL,0x10C853C2UL,
0x371C8456UL,0xE767B532UL,0x4834F9C3UL,0x8B00B9E8UL,
0x47DC231DUL,0xC979A0E1UL,0x7FB0CC0DUL,0x2EA266CDUL,
0x3EDE8C2DUL,0xC78D2E6FUL,0xB27C8E0CUL,0x5C4DC759UL,
0x72D66874UL,0x589ED84BUL,0x1A23F0B0UL,0xEE420C45UL,
0x0930D8F4UL,0x9793E7F4UL,0x19586A35UL,0xED664D03UL,
0xA55EF9D6UL,0x3CA68A5DUL,0x93275527UL,0x210F0365UL,
0x4336EB94UL,0x3BE61CD6UL,0x330F4E75UL,0x79816748UL,
0xD1906A36UL,0x9D311DB6UL,0x0BF47E6FUL,0xBE7D5D82UL,
0xB3DC1598UL,0x6E9F6DB7UL,0xCFCC4A8AUL,0xDFBA2F3EUL,
0x0CEA1413UL,0xF6E7AE2FUL,0x0429A8F5UL,0xFF21AFADUL,
0x9E529C69UL,0x75245098UL,0x958033AFUL,0xC56969C2UL,

PKA API's Supported

  • PKA_open() : Open PKA instance, enable PKA engine, initialize clocks and load PKA fw.
  • PKA_RSAPrivate() : This function performs decryption or signing operations
  • PKA_RSAPublic() : This function performs encryption or verification operations
  • PKA_ECDSASign() : This function performs ECDSA signing operations.
  • PKA_ECDSAVerify() : This function performs ECDSA verification operations.
  • PKA_close() : Close PKA instance, disable PKA engine, un-initialize clocks and unload PKA fw.

API Sequence for PKA (Public-key accelerator)

RSA

This sequence performs PKA RSA operations.

  • PKA_open() : Open PKA instance, enable PKA engine, initialize clocks and load PKA fw.
  • PKA_RSAPrivate() : This function performs decryption or signing operations.
  • PKA_RSAPublic() : This function performs encryption or verification operations.
  • PKA_close() : Close PKA instance, disable PKA engine, un-initialize clocks and unload PKA fw.
  • Open the pka module with instance by using PKA_open(), this call used for loading pka fw, clock enable and pka engine enable, for encryption or verification use PKA_RSAPublic(), for decryption or signing use PKA_RSAPrivate(), to close pka instance, disable engine, disable clock and fw unload use PKA_close().

ECDSA

This sequence performs PKA ECDSA operations.

  • PKA_open() : Open PKA instance, enable PKA engine, initialize clocks and load PKA fw.
  • PKA_ECDSASign() : This function performs ECDSA signing operations.
  • PKA_ECDSAVerify() : This function performs ECDSA verification operations.
  • PKA_close() : Close PKA instance, disable PKA engine, un-initialize clocks and unload PKA fw.
  • Open the pka module with instance by using PKA_open(), this call used for loading pka fw, clock enable and pka engine enable, for signing use PKA_ECDSASign(), for verification use PKA_ECDSAVerify(), to close pka instance, disable engine, disable clock and fw unload use PKA_close().

Example Usage

Include the below file to access the SA2UL PKA APIs

#include <stdio.h>
#include <string.h>
#include <security/crypto.h>
#include <kernel/dpl/DebugP.h>
#include <security/crypto/pka/pka.h>
/* Openssl command To generate public key : Openssl rsa -pubout -in private.pem -out public.pem*/
static const struct PKA_RSAPubkey gPkaRsa2kPublicKey =
{
{
64UL,
0x8C6C85B9UL,0x056953ACUL,0x9F24B6E7UL,0x91D77638UL,
0x3E28B3C7UL,0x3DDCCC06UL,0xBFD47EB2UL,0x6B606CC6UL,
0x5175DF58UL,0x7D2A303DUL,0xCB5A09CEUL,0xD9430637UL,
0x6CCB3436UL,0x6B12FE2FUL,0xAC169F63UL,0xEE112EA4UL,
0x3FA18B8DUL,0xD35A6216UL,0x9A95897DUL,0x10C853C2UL,
0x371C8456UL,0xE767B532UL,0x4834F9C3UL,0x8B00B9E8UL,
0x47DC231DUL,0xC979A0E1UL,0x7FB0CC0DUL,0x2EA266CDUL,
0x3EDE8C2DUL,0xC78D2E6FUL,0xB27C8E0CUL,0x5C4DC759UL,
0x72D66874UL,0x589ED84BUL,0x1A23F0B0UL,0xEE420C45UL,
0x0930D8F4UL,0x9793E7F4UL,0x19586A35UL,0xED664D03UL,
0xA55EF9D6UL,0x3CA68A5DUL,0x93275527UL,0x210F0365UL,
0x4336EB94UL,0x3BE61CD6UL,0x330F4E75UL,0x79816748UL,
0xD1906A36UL,0x9D311DB6UL,0x0BF47E6FUL,0xBE7D5D82UL,
0xB3DC1598UL,0x6E9F6DB7UL,0xCFCC4A8AUL,0xDFBA2F3EUL,
0x0CEA1413UL,0xF6E7AE2FUL,0x0429A8F5UL,0xFF21AFADUL,
0x9E529C69UL,0x75245098UL,0x958033AFUL,0xC56969C2UL,
},
{ 1UL,
0x00010001UL,
}
};
/* Openssl command To generate private key : Openssl genrsa -out private.pem*/
static const struct PKA_RSAPrivkey gPkaRsa2kPrivateKey =
{
{
64UL,
0x8C6C85B9UL,0x056953ACUL,0x9F24B6E7UL,0x91D77638UL,
0x3E28B3C7UL,0x3DDCCC06UL,0xBFD47EB2UL,0x6B606CC6UL,
0x5175DF58UL,0x7D2A303DUL,0xCB5A09CEUL,0xD9430637UL,
0x6CCB3436UL,0x6B12FE2FUL,0xAC169F63UL,0xEE112EA4UL,
0x3FA18B8DUL,0xD35A6216UL,0x9A95897DUL,0x10C853C2UL,
0x371C8456UL,0xE767B532UL,0x4834F9C3UL,0x8B00B9E8UL,
0x47DC231DUL,0xC979A0E1UL,0x7FB0CC0DUL,0x2EA266CDUL,
0x3EDE8C2DUL,0xC78D2E6FUL,0xB27C8E0CUL,0x5C4DC759UL,
0x72D66874UL,0x589ED84BUL,0x1A23F0B0UL,0xEE420C45UL,
0x0930D8F4UL,0x9793E7F4UL,0x19586A35UL,0xED664D03UL,
0xA55EF9D6UL,0x3CA68A5DUL,0x93275527UL,0x210F0365UL,
0x4336EB94UL,0x3BE61CD6UL,0x330F4E75UL,0x79816748UL,
0xD1906A36UL,0x9D311DB6UL,0x0BF47E6FUL,0xBE7D5D82UL,
0xB3DC1598UL,0x6E9F6DB7UL,0xCFCC4A8AUL,0xDFBA2F3EUL,
0x0CEA1413UL,0xF6E7AE2FUL,0x0429A8F5UL,0xFF21AFADUL,
0x9E529C69UL,0x75245098UL,0x958033AFUL,0xC56969C2UL,
},
{
1UL,
0x00010001UL,
},
{
64UL,
0x76B24971UL,0xABAE2708UL,0x7090F0B9UL,0xF2B4C776UL,
0xD30CD9E2UL,0x77A17624UL,0xCC8C2F9CUL,0x205ADBD6UL,
0x709F9778UL,0xBF700835UL,0x39415524UL,0x2603467DUL,
0xD19476C9UL,0x57176E0AUL,0xE6EB00C1UL,0x9F2C8188UL,
0xAEB5AB6CUL,0x3CC340A0UL,0x86C8D4B8UL,0x9ED2DE1AUL,
0x1DE5126CUL,0x91C518A6UL,0xB2F933DEUL,0x588146D2UL,
0xCB2D4E92UL,0xD4420D3AUL,0xE9C29055UL,0xAA0E226EUL,
0x86E83ED8UL,0xBFCB8270UL,0x0BEECA18UL,0x22FEE79EUL,
0xFB39B96DUL,0x3A461E0AUL,0x5F9CB1A5UL,0x7A3CB7C8UL,
0x8AD36D97UL,0xDED1073BUL,0x95A4B28CUL,0x0D8F7612UL,
0xECDBA3A1UL,0xD7B6B2D6UL,0xC493C52CUL,0x30D4DB55UL,
0x1435D7E4UL,0x6369AA17UL,0xB0F2E9FDUL,0xE6604C1CUL,
0xF634C564UL,0xD619065AUL,0xCC97DF2AUL,0x4B88C523UL,
0x3437D542UL,0x48FD52CAUL,0x125BD29EUL,0x0D6C69D7UL,
0xBDFCA12AUL,0x69BD7BAAUL,0xFD5D8D04UL,0x24E4DFEDUL,
0x3F3E724FUL,0x9EAD06CAUL,0x0EE1B3A8UL,0x171211ADUL,
},
{
32UL,
0x1615910DUL,0x896F86ADUL,0x3FA600B5UL,0xBE5CAE1FUL,
0x431ACC84UL,0xBE0B507FUL,0xE19E3780UL,0xE4B1701BUL,
0x9C03114EUL,0x5A2C16D7UL,0xFDE1682FUL,0xDBAEE508UL,
0xD9A2A8A2UL,0x03EFB7A2UL,0xDEAA84EFUL,0x8AEE33C9UL,
0x0D95FED7UL,0xA3ED1F55UL,0xB0EA72C7UL,0x773291B0UL,
0x055BBBE7UL,0x50ABE824UL,0x936448DFUL,0x6D96E050UL,
0x1AE0060CUL,0xF513D05DUL,0x53C29C4CUL,0x5BE4EDE3UL,
0x53B357C3UL,0xC2624CCFUL,0x508FA4EAUL,0xFA5D6875UL,
},
{
32UL,
0xB0B5245DUL,0x6B6FBB98UL,0xC9D6FA06UL,0xB35E18FAUL,
0x180B5D7DUL,0xFF895C08UL,0xF311CE70UL,0x03B9D7F1UL,
0x17FBC6BAUL,0x5D06779BUL,0x3F7F6FC8UL,0xA84C4879UL,
0x26516954UL,0xC6A3D297UL,0x70566BEEUL,0x161F2DE1UL,
0xC1ED432BUL,0xF38BF70CUL,0x2A3BA241UL,0x85256B85UL,
0x738F5EDAUL,0x54076D5AUL,0x0FC4655CUL,0x44440091UL,
0xD8D167B7UL,0x2A45134DUL,0xE2D0891EUL,0x7427A577UL,
0xBC7B661EUL,0x33AFA2F3UL,0x98E19426UL,0xC9DAE439UL,
},
{
32UL,
0x37383D85UL,0xF81ABE55UL,0xED5CFFEAUL,0x769715C7UL,
0xEAFF10E5UL,0x64D022FEUL,0xDCF6656FUL,0x20AAC7E2UL,
0xBDBB9A84UL,0xCA084CA2UL,0xEE9C9558UL,0x338C49D4UL,
0xC3DF145CUL,0x1B91A89BUL,0xA6158E06UL,0x7C6F439FUL,
0xEBD7825CUL,0x6615B326UL,0x57CF4140UL,0xD8DD57C1UL,
0xCD38197DUL,0xB0F3B372UL,0xAE891C00UL,0xF1A1CBBAUL,
0x0F15E9CDUL,0xD1DD5A08UL,0xCA5DFAA8UL,0xDA257067UL,
0x54983EF3UL,0x98F84C4EUL,0xEE658CBDUL,0x345D12FAUL,
},
{
32UL,
0x1ABB7FA9UL,0xA5EF70EAUL,0x8416D267UL,0xC5B28801UL,
0xBEB01413UL,0x84B2EE52UL,0x3174051DUL,0x2243F2A8UL,
0xD09F9009UL,0xB1C004A5UL,0x4FFFCE1BUL,0x02B68260UL,
0x5960F482UL,0x1FD99580UL,0x6969D74BUL,0x05C522CAUL,
0x1E331D08UL,0x902FAFBAUL,0x7DC0D445UL,0x7C30D555UL,
0xA49DFB17UL,0x2BA5A83DUL,0x8441CD44UL,0x42443663UL,
0x6E401D09UL,0xA75D0581UL,0x18C311F8UL,0xD21AAE22UL,
0xAD807E6FUL,0x3A1CDDD1UL,0x79F297BDUL,0xC7FF6F7DUL,
},
{
32UL,
0x05F2328EUL,0xBCD27D4CUL,0x77F5E127UL,0xE7FADF6DUL,
0xDD8E2EB2UL,0x8AC22E8AUL,0x95B55248UL,0xD55D3842UL,
0x446C93E0UL,0x2F127699UL,0x4A991495UL,0x5A4CE6BAUL,
0x020CDB4EUL,0xE52F73A1UL,0xBB225AE5UL,0xDB31939EUL,
0x53F34268UL,0x440EA84CUL,0x07FB118EUL,0x30584688UL,
0x0D7F92A1UL,0xB4C09F8EUL,0xB503B548UL,0x1F32A473UL,
0x656A316EUL,0xB4A06EE4UL,0x5BADB7F0UL,0x4064A01AUL,
0x3D3F86F5UL,0x9B2482F4UL,0x686A6368UL,0x569021AFUL
}
};
static const uint32_t gPkaRsa2kMessage[] =
{
64UL,
0x12345678UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
0x11111111UL, 0x11111111UL, 0x11111111UL, 0x11111111UL,
};
/* PKA handle for processing every api */
PKA_Handle gPkaHandle = NULL;
static uint32_t gPkaRsaOutputResult[PKA_BIGINT_MAX ];

sa2ul pka rsa Encryption and Decryption Example

/* Open PKA instance, enable PKA engine, Initialize clocks and Load PKA Fw */
gPkaHandle = PKA_open(0U);
DebugP_assert(gPkaHandle != NULL);
PKA_RSAPublic(gPkaHandle, gPkaRsa2kMessage, &gPkaRsa2kPublicKey, gPkaRsaOutputResult);
PKA_RSAPrivate(gPkaHandle, gPkaRsaOutputResult, &gPkaRsa2kPrivateKey, gPkaRsaOutputResult);
/* Close PKA instance, disable PKA engine, deinitialize clocks*/
PKA_close(gPkaHandle);
if (0 != memcmp(gPkaRsaOutputResult, gPkaRsa2kMessage, sizeof(gPkaRsa2kMessage)))
{
DebugP_log("[PKA] PKA_RSAPrivate output did not match expected output\n");
}

API

APIs for PKA

PKA_Handle
void * PKA_Handle
Handle to the PKA driver.
Definition: pka.h:70
PKA_BIGINT_MAX
#define PKA_BIGINT_MAX
Definition: pka.h:73
pka.h
This file contains the prototype of PKA driver APIs.
PKA_RSAPubkey
RSA public key. All values are in biginteger format (size followed by word value array,...
Definition: pka.h:102
DebugP_log
#define DebugP_log(format,...)
Function to log a string to the enabled console.
Definition: DebugP.h:211
crypto.h
This file contains the prototype of crypto driver APIs.
DebugP.h
PKA_RSAPublic
int32_t PKA_RSAPublic(PKA_Handle handle, const uint32_t m[PKA_BIGINT_MAX], const struct PKA_RSAPubkey *k, uint32_t result[PKA_BIGINT_MAX])
This Function performs Encryption or Verification operations.
PKA_RSAPrivkey
RSA private key. All values are in biginteger format (size followed by word value array,...
Definition: pka.h:122
PKA_RSAPrivate
int32_t PKA_RSAPrivate(PKA_Handle handle, const uint32_t m[PKA_BIGINT_MAX], const struct PKA_RSAPrivkey *k, uint32_t result[PKA_BIGINT_MAX])
This Function performs Decryption or Signing operations.
DebugP_assert
#define DebugP_assert(expression)
Function to call for assert check.
Definition: DebugP.h:159
PKA_close
int32_t PKA_close(PKA_Handle handle)
Function to close a PKA module specified by the PKA handle.
PKA_open
PKA_Handle PKA_open(uint32_t index)
Function to Open PKA instance, enable PKA engine, Initialize clocks and Load PKA Fw.