ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

M467: Support Crypto RSA H/W 

1.  Crypto RSA H/W supports 1024/2048/3072/4096 key bits. Fall back to software implementation for other key bits.
2.  For decrypt, if MBEDTLS_RSA_NO_CRT isn't defined, go CRT, or normal.
3.  For decrypt, when blinding (f_rng != NULL), enable SCAP mode.
4.  Recover from Crypto RSA H/W failure:
    (1) Enable timed-out wait to escape from RSA H/W trap
    (2) On RSA H/W timeout, stop this RSA H/W operation
    (3) Fall back to S/W implementation on failure

NOTE: RSA 4096 key bits can fail with default mbedtls configuration MBEDTLS_MPI_MAX_SIZE.
      Enlarge MBEDTLS_MPI_MAX_SIZE to 1024 or larger if this feature is required.
NOTE: Fixed in BSP RSA driver, for non-CRT+SCAP mode, temporary buffer for MADDR6 requires to be key length plus 128 bits.
NOTE: Fixed in BSP RSA driver, DMA buffer must be 4-word aligned, or RSA H/W will trap.
pull/15337/head
Chun-Chieh Li 2022-04-15 17:52:45 +08:00
parent 21970e30f1
commit 88a529180f
7 changed files with 3345 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
connectivity/drivers/mbedtls/TARGET_NUVOTON/TARGET_M460/CMakeLists.txt
View File

@ -15,6 +15,7 @@ target_sources(mbed-mbedtls
INTERFACE
aes/aes_alt.c
ecp/ecp_internal_alt.c
rsa/crypto_rsa_hw.c
rsa/rsa_alt.c
sha/sha1_alt.c
sha/sha256_alt.c

2
connectivity/drivers/mbedtls/TARGET_NUVOTON/TARGET_M460/mbedtls_device.h
View File

@ -38,6 +38,6 @@
#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
//#define MBEDTLS_RSA_ALT
#define MBEDTLS_RSA_ALT
#endif /* MBEDTLS_DEVICE_H */

423
connectivity/drivers/mbedtls/TARGET_NUVOTON/TARGET_M460/rsa/crypto_rsa_hw.c Normal file
View File

@ -0,0 +1,423 @@
/*
* Copyright (c) 2022, Nuvoton Technology Corporation
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
#include "mbedtls/error.h"
#if defined(MBEDTLS_RSA_ALT)
#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#include "mbed_toolchain.h"
#include "mbed_assert.h"
#include "mbed_error.h"
#include "mbed_toolchain.h"
#include "nu_bitutil.h"
#include "nu_timer.h"
#include "crypto-misc.h"
#include "crypto_rsa_hw.h"
/* Enable RSA debug */
//#define NU_CRYPTO_RSA_ENABLE_DEBUG
//#define NU_CRYPTO_RSA_ENABLE_DEBUG_V
/* Notes for RSA H/W port
*
* 1. For non-CRT+SCAP (excluding CRT+SCAP) mode, DMA buffer for MADDR6 must be key length plus 128 bits.
* 2. DMA buffer must be 4-word aligned, or RSA H/W will trap.
* 3. CRT is not well-tested yet, esp with 4096 key bits.
*/
/* RSA context for DMA */
static struct {
struct {
uint32_t mode; // RSA_MODE_NORMAL/CRT/SCAP/CRT_SCAP
uint32_t keybits_code; // RSA_KEY_SIZE_1024/2048/3072/4096
void * dmabuf; // Pointer to active DMA buffer
uint32_t dmabuf_size; // Active DMA buffer in bytes
} config;
union {
RSA_BUF_NORMAL_T norm;
RSA_BUF_CRT_T crt;
RSA_BUF_SCAP_T scap;
RSA_BUF_CRT_SCAP_T crt_scap;
} dmabuf_u;
struct {
MBED_ALIGN(4) char R[RSA_KBUF_HLEN]; // Output result
MBED_ALIGN(4) char M[RSA_KBUF_HLEN]; // Input message
MBED_ALIGN(4) char N[RSA_KBUF_HLEN]; // Modulus
MBED_ALIGN(4) char E[RSA_KBUF_HLEN]; // Exponent (public or private)
MBED_ALIGN(4) char P[RSA_KBUF_HLEN]; // First prime factor
MBED_ALIGN(4) char Q[RSA_KBUF_HLEN]; // Second prime factor
} keyctx_hs;
} rsa_hw_ctx_inst;
int crypto_rsa_init(mbedtls_rsa_context *ctx)
{
/* Acquire ownership of RSA H/W */
crypto_rsa_acquire();
/* Initialize crypto module */
crypto_init();
/* RSA H/W DMA buffer has the following requirements:
* (1) Word-aligned buffer base address
* (2) Word-aligned buffer size
* (3) Located in 0x20000000-0x2FFFFFFF region */
if ((! crypto_dma_buff_compat(&(rsa_hw_ctx_inst.dmabuf_u), sizeof(rsa_hw_ctx_inst.dmabuf_u), 4))) {
error("Buffer for RSA H/W DMA requires to be word-aligned and located in 0x20000000-0x2FFFFFFF region.");
}
/* Release ownership of RSA accelerator */
crypto_rsa_release();
return 0;
}
void crypto_rsa_free(mbedtls_rsa_context *ctx)
{
/* Acquire ownership of RSA H/W */
crypto_rsa_acquire();
/* Uninit crypto module */
crypto_uninit();
/* Release ownership of RSA accelerator */
crypto_rsa_release();
}
int crypto_rsa_encrypt_norm_capable(const mbedtls_rsa_context *ctx)
{
return crypto_rsa_crypt_capable(ctx,
false, // Encrypt operation
false, // Normal algorithm
false); // No blinding
}
int crypto_rsa_decrypt_norm_capable(const mbedtls_rsa_context *ctx, bool blinding)
{
return crypto_rsa_crypt_capable(ctx,
true, // Decrypt operation
false, // Normal algorithm
blinding);
}
int crypto_rsa_decrypt_crt_capable(const mbedtls_rsa_context *ctx, bool blinding)
{
return crypto_rsa_crypt_capable(ctx,
true, // Decrypt operation
true, // CRT algorithm
blinding);
}
int crypto_rsa_crypt_capable(const mbedtls_rsa_context *ctx,
bool decrypt,
bool crt,
bool blinding)
{
/* CRT is applicable only for decrypt operation */
if (!decrypt && crt) {
return 0;
}
/* NOTE: Check above RSA H/W comment for disabling crt */
if (crt) {
return 0;
}
/* Blinding (SCAP) is applicable only for decrypt operation */
if (!decrypt && blinding) {
return 0;
}
/* Support key bits
*
* Normal algorithm: 1024/2048/3072/4096
* CRT algorithm: 2048/3072/4096
*/
uint32_t keybits = ctx->len * 8;
if (keybits == 1024) {
return crt ? 0 : 1;
} else if (keybits == 2048 || keybits == 3072 || keybits == 4096) {
return 1;
} else {
return 0;
}
}
int crypto_rsa_encrypt_norm(mbedtls_rsa_context *ctx,
const unsigned char *input,
unsigned char *output)
{
return crypto_rsa_crypt(ctx,
false, // Encrypt operation
false, // Normal algorithm
false,
input,
output);
}
int crypto_rsa_decrypt_norm(mbedtls_rsa_context *ctx,
bool blinding,
const unsigned char *input,
unsigned char *output)
{
return crypto_rsa_crypt(ctx,
true, // Decrypt operation
false, // Normal algorithm
blinding,
input,
output);
}
int crypto_rsa_decrypt_crt(mbedtls_rsa_context *ctx,
bool blinding,
const unsigned char *input,
unsigned char *output)
{
return crypto_rsa_crypt(ctx,
true, // Decrypt operation
true, // CRT algorithm
blinding,
input,
output);
}
int crypto_rsa_crypt(mbedtls_rsa_context *ctx,
bool decrypt,
bool crt,
bool blinding,
const unsigned char *input,
unsigned char *output)
{
/* Acquire ownership of RSA H/W */
crypto_rsa_acquire();
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
bool rsa_done;
size_t olen;
uint32_t keybits;
#if defined(NU_CRYPTO_RSA_ENABLE_DEBUG)
mbedtls_printf("[CRPT][RSA] decrypt=%d, crt=%d, blinding=%d\n", decrypt, crt, blinding);
#endif
mbedtls_mpi M, R;
mbedtls_mpi_init(&M);
mbedtls_mpi_init(&R);
/* Read input message */
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&M, input, ctx->len));
/* Driver key context requests hex string form. */
/* Populate M (input) into driver key context */
MBEDTLS_MPI_CHK(mbedtls_mpi_write_string(&M, 16, rsa_hw_ctx_inst.keyctx_hs.M, RSA_KBUF_HLEN, &olen));
/* Populate N (modulus) into driver key context */
MBEDTLS_MPI_CHK(mbedtls_mpi_write_string(&ctx->N, 16, rsa_hw_ctx_inst.keyctx_hs.N, RSA_KBUF_HLEN, &olen));
if (decrypt) {
/* Populate D (private key) into driver key context (exponent) */
MBEDTLS_MPI_CHK(mbedtls_mpi_write_string(&ctx->D, 16, rsa_hw_ctx_inst.keyctx_hs.E, RSA_KBUF_HLEN, &olen));
/* Populate P/Q (first/second prime factor) into driver key context */
MBEDTLS_MPI_CHK(mbedtls_mpi_write_string(&ctx->P, 16, rsa_hw_ctx_inst.keyctx_hs.P, RSA_KBUF_HLEN, &olen));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_string(&ctx->Q, 16, rsa_hw_ctx_inst.keyctx_hs.Q, RSA_KBUF_HLEN, &olen));
} else {
/* Populate E (public key) into driver key context (exponent) */
MBEDTLS_MPI_CHK(mbedtls_mpi_write_string(&ctx->E, 16, rsa_hw_ctx_inst.keyctx_hs.E, RSA_KBUF_HLEN, &olen));
}
#if defined(NU_CRYPTO_RSA_ENABLE_DEBUG_V)
mbedtls_printf("[CRPT][RSA] M:\n%s\n", rsa_hw_ctx_inst.keyctx_hs.M);
mbedtls_printf("[CRPT][RSA] N:\n%s\n", rsa_hw_ctx_inst.keyctx_hs.N);
mbedtls_printf("[CRPT][RSA] E:\n%s\n", rsa_hw_ctx_inst.keyctx_hs.E);
if (decrypt) {
mbedtls_printf("[CRPT][RSA] P:\n%s\n", rsa_hw_ctx_inst.keyctx_hs.P);
mbedtls_printf("[CRPT][RSA] Q:\n%s\n", rsa_hw_ctx_inst.keyctx_hs.Q);
}
#endif
/* Resolve CRT/SCAP mode and corresponding DMA buffer */
if (crt) {
if (blinding) {
rsa_hw_ctx_inst.config.mode = RSA_MODE_CRT_SCAP;
rsa_hw_ctx_inst.config.dmabuf = &rsa_hw_ctx_inst.dmabuf_u.crt_scap;
rsa_hw_ctx_inst.config.dmabuf_size = sizeof(rsa_hw_ctx_inst.dmabuf_u.crt_scap);
} else {
rsa_hw_ctx_inst.config.mode = RSA_MODE_CRT;
rsa_hw_ctx_inst.config.dmabuf = &rsa_hw_ctx_inst.dmabuf_u.crt;
rsa_hw_ctx_inst.config.dmabuf_size = sizeof(rsa_hw_ctx_inst.dmabuf_u.crt);
}
} else {
if (blinding) {
rsa_hw_ctx_inst.config.mode = RSA_MODE_SCAP;
rsa_hw_ctx_inst.config.dmabuf = &rsa_hw_ctx_inst.dmabuf_u.scap;
rsa_hw_ctx_inst.config.dmabuf_size = sizeof(rsa_hw_ctx_inst.dmabuf_u.scap);
} else {
rsa_hw_ctx_inst.config.mode = RSA_MODE_NORMAL;
rsa_hw_ctx_inst.config.dmabuf = &rsa_hw_ctx_inst.dmabuf_u.norm;
rsa_hw_ctx_inst.config.dmabuf_size = sizeof(rsa_hw_ctx_inst.dmabuf_u.norm);
}
}
/* Resolve key bits code */
keybits = ctx->len * 8;
switch (keybits) {
case 1024:
rsa_hw_ctx_inst.config.keybits_code = RSA_KEY_SIZE_1024;
break;
case 2048:
rsa_hw_ctx_inst.config.keybits_code = RSA_KEY_SIZE_2048;
break;
case 3072:
rsa_hw_ctx_inst.config.keybits_code = RSA_KEY_SIZE_3072;
break;
case 4096:
rsa_hw_ctx_inst.config.keybits_code = RSA_KEY_SIZE_4096;
break;
default:
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
goto cleanup;
}
/* Enable RSA interrupt */
RSA_ENABLE_INT(CRPT);
/* For safe, recover from previous failure if ever */
MBEDTLS_MPI_CHK(crypto_rsa_abort(ctx, 5*1000*1000));
/* NOTE: Driver (RSA_SetKey()/RSA_SetDMATransfer()) requests zero-padded
* hex string to configure DMA buffer (via Hex2Reg), but
* mbedtls_mpi_write_string() doesn't support this. Pre-clean
* DMA buffer as workaround. */
mbedtls_platform_zeroize(rsa_hw_ctx_inst.config.dmabuf, rsa_hw_ctx_inst.config.dmabuf_size);
MBED_ASSERT(rsa_hw_ctx_inst.config.dmabuf != NULL);
MBED_ASSERT(rsa_hw_ctx_inst.config.dmabuf_size != 0);
MBEDTLS_MPI_CHK((RSA_Open(CRPT, rsa_hw_ctx_inst.config.mode,
rsa_hw_ctx_inst.config.keybits_code,
rsa_hw_ctx_inst.config.dmabuf,
rsa_hw_ctx_inst.config.dmabuf_size,
0) == 0) ? 0 : MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
/* Set exponent (public/private key) into DMA buffer */
RSA_SetKey(CRPT, rsa_hw_ctx_inst.keyctx_hs.E);
/* Set most other parameters into DMA buffer */
RSA_SetDMATransfer(CRPT,
rsa_hw_ctx_inst.keyctx_hs.M,
rsa_hw_ctx_inst.keyctx_hs.N,
rsa_hw_ctx_inst.keyctx_hs.P,
rsa_hw_ctx_inst.keyctx_hs.Q);
/* Trigger and wait */
crypto_rsa_prestart();
#if defined(NU_CRYPTO_RSA_ENABLE_DEBUG)
mbedtls_printf("[CRPT][RSA] Crypto RSA ...\n");
#endif
RSA_Start(CRPT);
rsa_done = crypto_rsa_wait2(1000*1000); // 1s timeout
#if defined(NU_CRYPTO_RSA_ENABLE_DEBUG)
mbedtls_printf("[CRPT][RSA] Crypto RSA ... %s\n", rsa_done ? "Done" : "Error");
#endif
/* For safe, recover from current failure */
if (!rsa_done) {
crypto_rsa_abort(ctx, 5*1000*1000);
}
/* Disable RSA interrupt */
RSA_DISABLE_INT(CRPT);
MBEDTLS_MPI_CHK(rsa_done ? 0 : MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED);
/* Write output result */
RSA_Read(CRPT, rsa_hw_ctx_inst.keyctx_hs.R);
MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&R, 16, rsa_hw_ctx_inst.keyctx_hs.R));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&R, output, ctx->len));
#if defined(NU_CRYPTO_RSA_ENABLE_DEBUG_V)
mbedtls_printf("[CRPT][RSA] R:\n%s\n", rsa_hw_ctx_inst.keyctx_hs.R);
#endif
cleanup:
mbedtls_mpi_free(&M);
mbedtls_mpi_free(&R);
/* Release ownership of RSA accelerator */
crypto_rsa_release();
return ret;
}
int crypto_rsa_abort(MBED_UNUSED mbedtls_rsa_context *ctx,
uint32_t timeout_us)
{
/* Acquire ownership of RSA H/W */
crypto_rsa_acquire();
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
CRPT->RSA_CTL = CRPT_RSA_CTL_STOP_Msk;
struct nu_countdown_ctx_s cd_ctx;
nu_countdown_init(&cd_ctx, timeout_us);
while (CRPT->RSA_STS & CRPT_RSA_STS_BUSY_Msk) {
if (nu_countdown_expired(&cd_ctx)) {
break;
}
}
nu_countdown_free(&cd_ctx);
if (CRPT->RSA_STS & CRPT_RSA_STS_BUSY_Msk) {
#if defined(NU_CRYPTO_RSA_ENABLE_DEBUG)
mbedtls_printf("[CRPT][RSA] Crypto RSA ... Busy\n");
#endif
ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
goto cleanup;
}
ret = 0;
cleanup:
/* Release ownership of RSA accelerator */
crypto_rsa_release();
return ret;
}
#endif /* MBEDTLS_RSA_ALT */
#endif /* MBEDTLS_RSA_C */

122
connectivity/drivers/mbedtls/TARGET_NUVOTON/TARGET_M460/rsa/crypto_rsa_hw.h Normal file
View File

@ -0,0 +1,122 @@
/*
* Copyright (c) 2022, Nuvoton Technology Corporation
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CRYPTO_RSA_HW_H
#define CRYPTO_RSA_HW_H
#include "mbedtls/rsa.h"
#if defined(MBEDTLS_RSA_ALT)
#include <stdbool.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Initialize/Free Crypto RSA H/W
*
* \return \c 0 on success.
* \return A non-zero error code on failure.
*
* \note crypto_rsa_init()/crypto_rsa_free() are like pre-op/post-op calls
* and they guarantee:
*
* 1. Paired
* 2. No overlapping
* 3. Upper public function cannot return when RSA alter. is still activated.
*/
int crypto_rsa_init(mbedtls_rsa_context *ctx);
void crypto_rsa_free(mbedtls_rsa_context *ctx);
/**
* \brief Query whether or not RSA H/W supports encrypt/decrypt operation in this context
* in normal/CRT algorithm
*
* \param ctx The initialized RSA context to use.
* \param decrypt true for decrypt, or encrypt.
* \param crt true for CRT algorithm, or normal.
* \param blinding Blinding (SCAP) or not.
*
* \return \c 1 on capable, or 0 on incapable.
*
* \note Blinding is applicable only for decrypt operation.
* \note CRT is applicable only for decrypt operation.
*/
int crypto_rsa_encrypt_norm_capable(const mbedtls_rsa_context *ctx);
int crypto_rsa_decrypt_norm_capable(const mbedtls_rsa_context *ctx, bool blinding);
int crypto_rsa_decrypt_crt_capable(const mbedtls_rsa_context *ctx, bool blinding);
int crypto_rsa_crypt_capable(const mbedtls_rsa_context *ctx,
bool decrypt,
bool crt,
bool blinding);
/**
* \brief Run RSA encrypt/decrypt operation in normal/CRT algorithm
*
* \param ctx The initialized RSA context to use.
* \param decrypt true for decrypt, or encrypt.
* \param crt true for CRT algorithm, or normal.
* \param blinding Blinding (SCAP) or not.
* \param input The input buffer. This must be a readable buffer
* of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
* \param output The output buffer. This must be a writable buffer
* of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int crypto_rsa_encrypt_norm(mbedtls_rsa_context *ctx,
const unsigned char *input,
unsigned char *output);
int crypto_rsa_decrypt_norm(mbedtls_rsa_context *ctx,
bool blinding,
const unsigned char *input,
unsigned char *output);
int crypto_rsa_decrypt_crt(mbedtls_rsa_context *ctx,
bool blinding,
const unsigned char *input,
unsigned char *output);
int crypto_rsa_crypt(mbedtls_rsa_context *ctx,
bool decrypt,
bool crt,
bool blinding,
const unsigned char *input,
unsigned char *output);
/**
* \brief Abort Crypto RSA H/W
*
* \param ctx The initialized RSA context to use.
* \param timeout_us Timeout in microseconds.
*
* \return \c 0 on success.
* \return A non-zero error code on failure.
*/
int crypto_rsa_abort(mbedtls_rsa_context *ctx,
uint32_t timeout_us);
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_RSA_ALT */
#endif /* CRYPTO_RSA_HW_H */

2654
connectivity/drivers/mbedtls/TARGET_NUVOTON/TARGET_M460/rsa/rsa_alt.c
View File

File diff suppressed because it is too large Load Diff

110
connectivity/drivers/mbedtls/TARGET_NUVOTON/TARGET_M460/rsa/rsa_alt.h
View File

@ -1 +1,109 @@
/* TODO */
/**
* \file rsa_alt.h
*
* \brief This file provides an API for the RSA public-key cryptosystem.
*
* The RSA public-key cryptosystem is defined in <em>Public-Key
* Cryptography Standards (PKCS) #1 v1.5: RSA Encryption</em>
* and <em>Public-Key Cryptography Standards (PKCS) #1 v2.1:
* RSA Cryptography Specifications</em>.
*
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef MBEDTLS_RSA_ALT_H
#define MBEDTLS_RSA_ALT_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/bignum.h"
#include "mbedtls/md.h"
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
#if defined(MBEDTLS_RSA_ALT)
// Regular implementation
//
/* Enable Nuvoton's Crypto RSA H/W */
#define NU_CRYPTO_RSA_ENABLE
/**
* \brief The RSA context structure.
*
* \note Direct manipulation of the members of this structure
* is deprecated. All manipulation should instead be done through
* the public interface functions.
*/
typedef struct mbedtls_rsa_context
{
int ver; /*!< Always 0.*/
size_t len; /*!< The size of \p N in Bytes. */
mbedtls_mpi N; /*!< The public modulus. */
mbedtls_mpi E; /*!< The public exponent. */
mbedtls_mpi D; /*!< The private exponent. */
mbedtls_mpi P; /*!< The first prime factor. */
mbedtls_mpi Q; /*!< The second prime factor. */
mbedtls_mpi DP; /*!< <code>D % (P - 1)</code>. */
mbedtls_mpi DQ; /*!< <code>D % (Q - 1)</code>. */
mbedtls_mpi QP; /*!< <code>1 / (Q % P)</code>. */
mbedtls_mpi RN; /*!< cached <code>R^2 mod N</code>. */
mbedtls_mpi RP; /*!< cached <code>R^2 mod P</code>. */
mbedtls_mpi RQ; /*!< cached <code>R^2 mod Q</code>. */
mbedtls_mpi Vi; /*!< The cached blinding value. */
mbedtls_mpi Vf; /*!< The cached un-blinding value. */
int padding; /*!< Selects padding mode:
#MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
#MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
int hash_id; /*!< Hash identifier of mbedtls_md_type_t type,
as specified in md.h for use in the MGF
mask generating function used in the
EME-OAEP and EMSA-PSS encodings. */
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */
#endif
#if defined(NU_CRYPTO_RSA_ENABLE)
int hw_init; /*!< Initialized Crypto RSA H/W or not. */
#endif
}
mbedtls_rsa_context;
#endif /* MBEDTLS_RSA_ALT */
#ifdef __cplusplus
}
#endif
#endif /* rsa_alt.h */

72
targets/TARGET_NUVOTON/TARGET_M460/device/StdDriver/inc/m460_crypto.h
View File

@ -199,57 +199,57 @@ typedef struct e_curve_t
/* RSA working buffer for normal mode */
typedef struct
{
uint32_t au32RsaOutput[128]; /* The RSA answer. */
uint32_t au32RsaN[128]; /* The base of modulus operation word. */
uint32_t au32RsaM[128]; /* The base of exponentiation words. */
uint32_t au32RsaE[128]; /* The exponent of exponentiation words. */
__attribute__((aligned(16))) uint32_t au32RsaOutput[128]; /* The RSA answer. */
__attribute__((aligned(16))) uint32_t au32RsaN[128]; /* The base of modulus operation word. */
__attribute__((aligned(16))) uint32_t au32RsaM[128]; /* The base of exponentiation words. */
__attribute__((aligned(16))) uint32_t au32RsaE[128]; /* The exponent of exponentiation words. */
} RSA_BUF_NORMAL_T;
/* RSA working buffer for CRT ( + CRT bypass) mode */
typedef struct
{
uint32_t au32RsaOutput[128]; /* The RSA answer. */
uint32_t au32RsaN[128]; /* The base of modulus operation word. */
uint32_t au32RsaM[128]; /* The base of exponentiation words. */
uint32_t au32RsaE[128]; /* The exponent of exponentiation words. */
uint32_t au32RsaP[128]; /* The Factor of Modulus Operation. */
uint32_t au32RsaQ[128]; /* The Factor of Modulus Operation. */
uint32_t au32RsaTmpCp[128]; /* The Temporary Value(Cp) of RSA CRT. */
uint32_t au32RsaTmpCq[128]; /* The Temporary Value(Cq) of RSA CRT. */
uint32_t au32RsaTmpDp[128]; /* The Temporary Value(Dp) of RSA CRT. */
uint32_t au32RsaTmpDq[128]; /* The Temporary Value(Dq) of RSA CRT. */
uint32_t au32RsaTmpRp[128]; /* The Temporary Value(Rp) of RSA CRT. */
uint32_t au32RsaTmpRq[128]; /* The Temporary Value(Rq) of RSA CRT. */
__attribute__((aligned(16))) uint32_t au32RsaOutput[128]; /* The RSA answer. */
__attribute__((aligned(16))) uint32_t au32RsaN[128]; /* The base of modulus operation word. */
__attribute__((aligned(16))) uint32_t au32RsaM[128]; /* The base of exponentiation words. */
__attribute__((aligned(16))) uint32_t au32RsaE[128]; /* The exponent of exponentiation words. */
__attribute__((aligned(16))) uint32_t au32RsaP[128]; /* The Factor of Modulus Operation. */
__attribute__((aligned(16))) uint32_t au32RsaQ[128]; /* The Factor of Modulus Operation. */
__attribute__((aligned(16))) uint32_t au32RsaTmpCp[128]; /* The Temporary Value(Cp) of RSA CRT. */
__attribute__((aligned(16))) uint32_t au32RsaTmpCq[128]; /* The Temporary Value(Cq) of RSA CRT. */
__attribute__((aligned(16))) uint32_t au32RsaTmpDp[128]; /* The Temporary Value(Dp) of RSA CRT. */
__attribute__((aligned(16))) uint32_t au32RsaTmpDq[128]; /* The Temporary Value(Dq) of RSA CRT. */
__attribute__((aligned(16))) uint32_t au32RsaTmpRp[128]; /* The Temporary Value(Rp) of RSA CRT. */
__attribute__((aligned(16))) uint32_t au32RsaTmpRq[128]; /* The Temporary Value(Rq) of RSA CRT. */
} RSA_BUF_CRT_T;
/* RSA working buffer for SCAP mode */
typedef struct
{
uint32_t au32RsaOutput[128]; /* The RSA answer. */
uint32_t au32RsaN[128]; /* The base of modulus operation word. */
uint32_t au32RsaM[128]; /* The base of exponentiation words. */
uint32_t au32RsaE[128]; /* The exponent of exponentiation words. */
uint32_t au32RsaP[128]; /* The Factor of Modulus Operation. */
uint32_t au32RsaQ[128]; /* The Factor of Modulus Operation. */
uint32_t au32RsaTmpBlindKey[128]; /* The Temporary Value(blind key) of RSA SCAP. */
__attribute__((aligned(16))) uint32_t au32RsaOutput[128]; /* The RSA answer. */
__attribute__((aligned(16))) uint32_t au32RsaN[128]; /* The base of modulus operation word. */
__attribute__((aligned(16))) uint32_t au32RsaM[128]; /* The base of exponentiation words. */
__attribute__((aligned(16))) uint32_t au32RsaE[128]; /* The exponent of exponentiation words. */
__attribute__((aligned(16))) uint32_t au32RsaP[128]; /* The Factor of Modulus Operation. */
__attribute__((aligned(16))) uint32_t au32RsaQ[128]; /* The Factor of Modulus Operation. */
__attribute__((aligned(16))) uint32_t au32RsaTmpBlindKey[128+4]; /* The Temporary Value(blind key) of RSA SCAP. */
} RSA_BUF_SCAP_T;
/* RSA working buffer for CRT ( + CRT bypass ) + SCAP mode */
typedef struct
{
uint32_t au32RsaOutput[128]; /* The RSA answer. */
uint32_t au32RsaN[128]; /* The base of modulus operation word. */
uint32_t au32RsaM[128]; /* The base of exponentiation words. */
uint32_t au32RsaE[128]; /* The exponent of exponentiation words. */
uint32_t au32RsaP[128]; /* The Factor of Modulus Operation. */
uint32_t au32RsaQ[128]; /* The Factor of Modulus Operation. */
uint32_t au32RsaTmpCp[128]; /* The Temporary Value(Cp) of RSA CRT. */
uint32_t au32RsaTmpCq[128]; /* The Temporary Value(Cq) of RSA CRT. */
uint32_t au32RsaTmpDp[128]; /* The Temporary Value(Dp) of RSA CRT. */
uint32_t au32RsaTmpDq[128]; /* The Temporary Value(Dq) of RSA CRT. */
uint32_t au32RsaTmpRp[128]; /* The Temporary Value(Rp) of RSA CRT. */
uint32_t au32RsaTmpRq[128]; /* The Temporary Value(Rq) of RSA CRT. */
uint32_t au32RsaTmpBlindKey[128]; /* The Temporary Value(blind key) of RSA SCAP. */
__attribute__((aligned(16))) uint32_t au32RsaOutput[128]; /* The RSA answer. */
__attribute__((aligned(16))) uint32_t au32RsaN[128]; /* The base of modulus operation word. */
__attribute__((aligned(16))) uint32_t au32RsaM[128]; /* The base of exponentiation words. */
__attribute__((aligned(16))) uint32_t au32RsaE[128]; /* The exponent of exponentiation words. */
__attribute__((aligned(16))) uint32_t au32RsaP[128]; /* The Factor of Modulus Operation. */
__attribute__((aligned(16))) uint32_t au32RsaQ[128]; /* The Factor of Modulus Operation. */
__attribute__((aligned(16))) uint32_t au32RsaTmpCp[128]; /* The Temporary Value(Cp) of RSA CRT. */
__attribute__((aligned(16))) uint32_t au32RsaTmpCq[128]; /* The Temporary Value(Cq) of RSA CRT. */
__attribute__((aligned(16))) uint32_t au32RsaTmpDp[128]; /* The Temporary Value(Dp) of RSA CRT. */
__attribute__((aligned(16))) uint32_t au32RsaTmpDq[128]; /* The Temporary Value(Dq) of RSA CRT. */
__attribute__((aligned(16))) uint32_t au32RsaTmpRp[128]; /* The Temporary Value(Rp) of RSA CRT. */
__attribute__((aligned(16))) uint32_t au32RsaTmpRq[128]; /* The Temporary Value(Rq) of RSA CRT. */
__attribute__((aligned(16))) uint32_t au32RsaTmpBlindKey[128]; /* The Temporary Value(blind key) of RSA SCAP. */
} RSA_BUF_CRT_SCAP_T;
/* RSA working buffer for using key store */