|
|
ECDH driver implementation for the CC26X2 family.
============================================================================
This file should only be included in the board file to fill the ECDH_config struct.
The CC26X2 family has a dedicated public key accelerator. It is capable of multiple mathematical operations including dedicated ECC point addition, doubling, and scalar multiplication. Only one operation can be carried out on the accelerator at a time. Mutual exclusion is implemented at the driver level and coordinated between all drivers relying on the accelerator. It is transparent to the application and only noted ensure sensible access timeouts are set.
The large number maths engine (LNME) uses a dedicated 2kB block of RAM (PKA RAM) for its operations. The operands of the maths operations must be copied into and results out of the PKA ram. This necessitates a significant number of reads and writes for each operation. The bus interface to the RAM only allows for word-aligned reads and writes. The CPU splits the reads and writes from and to general SRAM from unaligned addresses into multiple bus operations while accumulating the data in a register until it is full. The result of this hardware process is that providing buffers such as plaintext CryptoKey keying material to ECC APIs that are word-aligned will significantly speed up the operation and reduce power consumption.
The driver implementation does not perform runtime checks for most input parameters. Only values that are likely to have a stochastic element to them are checked (such as whether a driver is already open). Higher input parameter validation coverage is achieved by turning on assertions when compiling the driver.
The driver implementation supports the following curve types for ECDH:
| Curve Type | Supported |
|---|---|
| Short Weierstrass | Yes |
| Montgomery | Yes |
| Edwards | No |
When using Montgomery Curve25519, the private key must be formatted according to cr.yp.to/ecdh.html by the application before passing it to the driver. The driver cannot do so itself as the memory location of the keying material may be in flash.
For keying material uint8_t myPrivateKey[32], you must do the following:
Alternatively, you can call ECCParams_FormatCurve25519PrivateKey() in ti/drivers/cryptoutils/ecc/ECCParams.h
When performing shared secret generation, the foreign public key will always be validated when using short Weierstrass curves. The only explicitly supported Montgomery curve is Curve25519 which does not require public key validation. The implementation assumes that the cofactor, h, of the curve is 1. This lets us skip the computationally expensive step of multiplying the foreign key by the order and checking if it yields the point at infinity. When the cofactor is 1, this property is implied by validating that the point is not already the point at infinity and that it validates against the curve equation. All curves supplied by default, the NIST and Brainpool curves, have cofactor = 1. While the implementation can use arbitrary curves, you should verify that any other curve used has a cofactor of 1.
#include <stdint.h>#include <stdbool.h>#include <ti/drivers/Power.h>#include <ti/drivers/ECDH.h>#include <ti/drivers/cryptoutils/ecc/ECCParams.h>#include <ti/drivers/cryptoutils/cryptokey/CryptoKey.h>#include <ti/devices/DeviceFamily.h>#include <DeviceFamily_constructPath(driverlib/pka.h)>#include <ti/drivers/dpl/HwiP.h>#include <ti/drivers/dpl/SwiP.h>#include <ti/drivers/dpl/SemaphoreP.h>
Go to the source code of this file.
Data Structures | |
| struct | ECDHCC26X2_HWAttrs |
| ECDHCC26X2 Hardware Attributes. More... | |
| struct | ECDHCC26X2_Object |
| ECDHCC26X2 Object. More... | |
Macros | |
| #define | ECDHCC26X2_STATUS_FSM_RUN_PKA_OP ECDH_STATUS_RESERVED - 0 |
| #define | ECDHCC26X2_STATUS_FSM_RUN_FSM ECDH_STATUS_RESERVED - 1 |
| #define ECDHCC26X2_STATUS_FSM_RUN_PKA_OP ECDH_STATUS_RESERVED - 0 |
| #define ECDHCC26X2_STATUS_FSM_RUN_FSM ECDH_STATUS_RESERVED - 1 |
| enum ECDHCC26X2_FsmState |
ECDHCC26X2 states.
The ECDH operations are implemented using multiple invidividual PKA operations. Since state transitions for these operations are almost always predictable, the state transitions are encoded linearly in this enum. The FSM controller will increment the state counter and iterate through states until it is told to stop or restart.