cryptocell: add cryptocell 712 RSA 3K support
Add the support needed to enable using CryptoCell integration with with RSA 3K support. Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com> Change-Id: I95527cb0c41ae012109e8968dd20a4ae9fe67f17
This commit is contained in:
parent
87b582ef5b
commit
b8622922c8
|
@ -350,6 +350,21 @@ Common build options
|
||||||
compliant and is retained only for compatibility. The default value of this
|
compliant and is retained only for compatibility. The default value of this
|
||||||
flag is ``rsa`` which is the TBBR compliant PKCS#1 RSA 2.1 scheme.
|
flag is ``rsa`` which is the TBBR compliant PKCS#1 RSA 2.1 scheme.
|
||||||
|
|
||||||
|
- ``KEY_SIZE``: This build flag enables the user to select the key size for
|
||||||
|
the algorithm specified by ``KEY_ALG``. The valid values for ``KEY_SIZE``
|
||||||
|
depend on the chosen algorithm and the cryptographic module.
|
||||||
|
|
||||||
|
+-----------+------------------------------------+
|
||||||
|
| KEY_ALG | Possible key sizes |
|
||||||
|
+===========+====================================+
|
||||||
|
| rsa | 1024 , 2048 (default), 3072, 4096* |
|
||||||
|
+-----------+------------------------------------+
|
||||||
|
| ecdsa | unavailable |
|
||||||
|
+-----------+------------------------------------+
|
||||||
|
|
||||||
|
* Only 2048 bits size is available with CryptoCell 712 SBROM release 1.
|
||||||
|
Only 3072 bits size is available with CryptoCell 712 SBROM release 2.
|
||||||
|
|
||||||
- ``HASH_ALG``: This build flag enables the user to select the secure hash
|
- ``HASH_ALG``: This build flag enables the user to select the secure hash
|
||||||
algorithm. It accepts 3 values: ``sha256``, ``sha384`` and ``sha512``.
|
algorithm. It accepts 3 values: ``sha256``, ``sha384`` and ``sha512``.
|
||||||
The default value of this flag is ``sha256``.
|
The default value of this flag is ``sha256``.
|
||||||
|
|
|
@ -225,7 +225,7 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
|
||||||
/* Verify the signature */
|
/* Verify the signature */
|
||||||
error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
|
error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
|
||||||
(uint32_t *)data_ptr, &pk, &signature,
|
(uint32_t *)data_ptr, &pk, &signature,
|
||||||
data_len, RSA_PSS_2048);
|
data_len, RSA_PSS);
|
||||||
if (error != CC_OK)
|
if (error != CC_OK)
|
||||||
return CRYPTO_ERR_SIGNATURE;
|
return CRYPTO_ERR_SIGNATURE;
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
#
|
#
|
||||||
# Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
|
# Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: BSD-3-Clause
|
# SPDX-License-Identifier: BSD-3-Clause
|
||||||
#
|
#
|
||||||
|
@ -12,6 +12,8 @@ TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA
|
||||||
# Needs to be set to drive mbed TLS configuration correctly
|
# Needs to be set to drive mbed TLS configuration correctly
|
||||||
$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
|
$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
|
||||||
|
|
||||||
|
$(eval $(call add_define,KEY_SIZE))
|
||||||
|
|
||||||
# CCSBROM_LIB_PATH must be set to the Cryptocell SBROM library path
|
# CCSBROM_LIB_PATH must be set to the Cryptocell SBROM library path
|
||||||
ifeq (${CCSBROM_LIB_PATH},)
|
ifeq (${CCSBROM_LIB_PATH},)
|
||||||
$(error Error: CCSBROM_LIB_PATH not set)
|
$(error Error: CCSBROM_LIB_PATH not set)
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
|
* Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
* SPDX-License-Identifier: BSD-3-Clause
|
||||||
*/
|
*/
|
||||||
|
@ -21,19 +21,21 @@ extern "C"
|
||||||
|
|
||||||
/************************ Defines ******************************/
|
/************************ Defines ******************************/
|
||||||
|
|
||||||
/* the modulus size ion bits */
|
/* the modulus size in bits */
|
||||||
|
#if (KEY_SIZE == 2048)
|
||||||
#define RSA_MOD_SIZE_IN_BITS 2048UL
|
#define RSA_MOD_SIZE_IN_BITS 2048UL
|
||||||
|
#elif (KEY_SIZE == 3072)
|
||||||
|
#define RSA_MOD_SIZE_IN_BITS 3072UL
|
||||||
|
#else
|
||||||
|
#error Unsupported CryptoCell key size requested
|
||||||
|
#endif
|
||||||
|
|
||||||
#define RSA_MOD_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_MOD_SIZE_IN_BITS))
|
#define RSA_MOD_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_MOD_SIZE_IN_BITS))
|
||||||
#define RSA_MOD_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_MOD_SIZE_IN_BITS))
|
#define RSA_MOD_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_MOD_SIZE_IN_BITS))
|
||||||
#define RSA_MOD_SIZE_IN_256BITS (RSA_MOD_SIZE_IN_WORDS/8)
|
#define RSA_MOD_SIZE_IN_256BITS (RSA_MOD_SIZE_IN_WORDS/8)
|
||||||
#define RSA_EXP_SIZE_IN_BITS 17UL
|
#define RSA_EXP_SIZE_IN_BITS 17UL
|
||||||
#define RSA_EXP_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_EXP_SIZE_IN_BITS))
|
#define RSA_EXP_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_EXP_SIZE_IN_BITS))
|
||||||
|
|
||||||
/* size of buffer for Barrett modulus tag NP, used in PKA algorithms */
|
|
||||||
#define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS 132
|
|
||||||
#define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS))
|
|
||||||
#define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS))
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* @brief The RSA_CalcNp calculates Np value and saves it into Np_ptr:
|
* @brief The RSA_CalcNp calculates Np value and saves it into Np_ptr:
|
||||||
*
|
*
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
|
* Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
* SPDX-License-Identifier: BSD-3-Clause
|
||||||
*/
|
*/
|
||||||
|
@ -24,7 +24,14 @@ extern "C"
|
||||||
/***********************/
|
/***********************/
|
||||||
|
|
||||||
/*RSA definitions*/
|
/*RSA definitions*/
|
||||||
|
#if (KEY_SIZE == 2048)
|
||||||
#define SB_RSA_MOD_SIZE_IN_WORDS 64
|
#define SB_RSA_MOD_SIZE_IN_WORDS 64
|
||||||
|
#elif (KEY_SIZE == 3072)
|
||||||
|
#define SB_RSA_MOD_SIZE_IN_WORDS 96
|
||||||
|
#else
|
||||||
|
#error Unsupported CryptoCell key size requested
|
||||||
|
#endif
|
||||||
|
|
||||||
#define SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS 5
|
#define SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS 5
|
||||||
|
|
||||||
|
|
||||||
|
@ -43,9 +50,12 @@ typedef struct {
|
||||||
/********* Supported algorithms definitions ***********/
|
/********* Supported algorithms definitions ***********/
|
||||||
|
|
||||||
/*! RSA supported algorithms */
|
/*! RSA supported algorithms */
|
||||||
|
/* Note: this applies to either 2k or 3k based on CryptoCell SBROM library
|
||||||
|
* version - it means 2k in version 1 and 3k in version 2 (yes, really).
|
||||||
|
*/
|
||||||
typedef enum {
|
typedef enum {
|
||||||
RSA_PSS_2048 = 0x01, /*!< RSA PSS 2048 after hash SHA 256 */
|
RSA_PSS = 0x01, /*!< RSA PSS after hash SHA 256 */
|
||||||
RSA_PKCS15_2048 = 0x02, /*!< RSA PKX15 */
|
RSA_PKCS15 = 0x02, /*!< RSA PKX15 */
|
||||||
RSA_Last = 0x7FFFFFFF
|
RSA_Last = 0x7FFFFFFF
|
||||||
} CCSbRsaAlg_t;
|
} CCSbRsaAlg_t;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue