ECDSA driver implementation for the CC26X2 family.
============================================================================
This file should only be included in the board file to fill the ECDSA_config struct.
The CC26X2 family has a dedicated public key accelerator. It is capable of multiple mathematical operations including dedicated ECC point addition, doubling, and scalar multiplication. Only one operation can be carried out on the accelerator at a time. Mutual exclusion is implemented at the driver level and coordinated between all drivers relying on the accelerator. It is transparent to the application and only noted ensure sensible access timeouts are set.
The large number maths engine (LNME) uses a dedicated 2kB block of RAM (PKA RAM) for its operations. The operands of the maths operations must be copied into and results out of the PKA ram. This necessitates a significant number of reads and writes for each operation. The bus interface to the RAM only allows for word-aligned reads and writes. The CPU splits the reads and writes from and to general SRAM from unaligned addresses into multiple bus operations while accumulating the data in a register until it is full. The result of this hardware process is that providing buffers such as plaintext CryptoKey keying material to ECC APIs that are word-aligned will significantly speed up the operation and reduce power consumption.
The driver implementation does not perform runtime checks for most input parameters. Only values that are likely to have a stochastic element to them are checked (such as whether a driver is already open). Higher input paramter validation coverage is achieved by turning on assertions when compiling the driver.
The driver implementation supports the following curve types for ECDSA:
Curve Type | Supported |
---|---|
Short Weierstrass | Yes |
Montgomery | No |
Edwards | No |
When performing signature verification, the foreign public key will always be validated. However, the implementation assumes that the cofactor, h, of the curve is 1. This lets us skip the computationally expensive step of multiplying the foreign key by the order and checking if it yields the point at infinity. When the cofactor is 1, this property is implied by validating that the point is not already the point at infinity and that it validates against the curve equation. All curves supplied by default, the NIST and Brainpool curves, have cofactor = 1. While the implementation can use arbitrary curves, you should verify that any other curve used has a cofactor of 1.
#include <stdint.h>
#include <stdbool.h>
#include <ti/drivers/Power.h>
#include <ti/drivers/ECDSA.h>
#include <ti/drivers/TRNG.h>
#include <ti/drivers/trng/TRNGCC26XX.h>
#include <ti/drivers/cryptoutils/ecc/ECCParams.h>
#include <ti/drivers/cryptoutils/cryptokey/CryptoKey.h>
#include <ti/drivers/dpl/HwiP.h>
#include <ti/drivers/dpl/SwiP.h>
#include <ti/drivers/dpl/SemaphoreP.h>
Go to the source code of this file.
Data Structures | |
struct | ECDSACC26X2_HWAttrs |
ECDSACC26X2 Hardware Attributes. More... | |
struct | ECDSACC26X2_Object |
ECDSACC26X2 Object. More... | |
Macros | |
#define | ECDSACC26X2_STATUS_FSM_RUN_PKA_OP ECDSA_STATUS_RESERVED - 0 |
#define | ECDSACC26X2_STATUS_FSM_RUN_FSM ECDSA_STATUS_RESERVED - 1 |
Typedefs | |
typedef int_fast16_t(* | ECDSACC26X2_stateMachineFxn) (ECDSA_Handle handle) |
ECDSACC26X2 state machine function prototype. More... | |
#define ECDSACC26X2_STATUS_FSM_RUN_PKA_OP ECDSA_STATUS_RESERVED - 0 |
#define ECDSACC26X2_STATUS_FSM_RUN_FSM ECDSA_STATUS_RESERVED - 1 |
typedef int_fast16_t(* ECDSACC26X2_stateMachineFxn) (ECDSA_Handle handle) |
ECDSACC26X2 state machine function prototype.
The FSM controller in the ECDSACC26X2 SWI executes a state machine function containing a switch statement that governs state execution. This function pointer is stored in the object at the beginning of the transaction. This way, unused state machines are removed at link time.
enum ECDSACC26X2_FsmState |
ECDSACC26X2 Sign and Verify states.
The sign and verify operations are implemented using multiple invidividual PKA operations. Since state transitions for these operations are almost always predictable, the state transitions are encoded linearly in this enum. The FSM controller will increment the state counter and iterate through states until it is told to stop or restart.