 |
CAT2 Peripheral Driver Library
|
|
CAT2 Peripheral Driver Library
|
The Cryptolite driver provides a public API to configure the Cryptolite IP block and perform cryptographic and hash operations, as well as generate true random numbers and perform arithmetic/logical operations. More...
Modules | |
| Common | |
| Cryptolite Common. | |
| SHA | |
| Secure Hash Algorithm (SHA) | |
| AES | |
| Advanced Encryption Standard (AES) | |
| VU | |
| Vector Unit (VU) | |
| TRNG | |
| True Random Number Generator (TRNG) | |
| RSA | |
| RSA algorithm which decrypts user data using public key provided. | |
The Cryptolite driver provides a public API to configure the Cryptolite IP block and perform cryptographic and hash operations, as well as generate true random numbers and perform arithmetic/logical operations.
The driver uses a hardware (Cryptolite IP) block to accelerate operations.
The functions and other declarations used in this driver are in cy_cryptolite.h.
The Cryptolite driver supports these standards: AES-128 bit, SHA-256 bits hash, TRNG (True Number Generator) and VU (Vector Unit)
Firmware sets up a cryptographic operation by passing the required data as parameters in the function calls.
All Crypto functions require a context and base address. A context is a data structure that the driver uses for its operations. Firmware declares a context (allocates memory), but does not write or read the values in that context. In effect, the context is a scratch-pad you provide to the driver. The driver uses the context to store and manipulate the data during cryptographic operations. Base is a address of the Cryptolite IP registers.
Crypto functions are not thread-safe. Applications must use its own locking mechanism to ensure that functions in this driver are called by only one thread at a time.
Cryptolite TRNG functions can execute in parallel with AES, SHA, and VU. functions.
| Term | Definition |
|---|---|
| Plaintext | An unencrypted message |
| Ciphertext | An encrypted message |
| Block cipher | An encryption function for fixed-size blocks of data. This function takes a fixed-size key and a block of plain text data from the message and encrypts it to generate the cipher text. Block ciphers are reversible. The function performed on a block of encrypted data will decrypt that data. |
| Block Cipher mode | A mode of encrypting a message using block ciphers for messages of an arbitrary length. The message is padded so that its length is an integer multiple of the block size. Electronic code book (ECB), cipher block chaining (CBC), and cipher feedback (CFB) are modes of using block ciphers to create an encrypted message of an arbitrary length. |
| Advanced Encryption Standard (AES) | The AES standard specifies the Rijndael algorithm, a symmetric block cipher that can process 128-bit data blocks using cipher keys with 128-, 192-, and 256-bit lengths. Rijndael was designed to handle additional block sizes and key lengths. However, they are not adopted in this standard. AES is also used for message authentication. |
| Secure Hash Algorithm (SHA) | A cryptographic hash function. This function takes a message of an arbitrary length and reduces it to a fixed-length residue or message digest after performing a series of mathematically defined operations that practically guarantee that any change in the message will change the hash value. It is used for message authentication by transmitting a message with a hash value appended to it and recalculating the message hash value using the same algorithm at the recipient's end. If the hashes differ, it indicates that the message is corrupted. For more information see Secure Hash standard description. |
| True Random Number Generator (TRNG) | A block that generates a number that is statistically random and based on some physical random variation. The number cannot be duplicated by running the process again. |
| Vector Unit (VU) | Vector Unit accelerates the larger integer arithmetic operations. It can be used to accelerate the asymmetric key cryptography (e.g. RSA and ECC). The driver supports addition, subtraction, multiplication, shift etc. |
| RSA Algorithm | A cryptographic RSA decryption function. This function takes encrypted RSA signature of given RSA-bit size and decrypts the SHA digest. The output SHA digest extracted from RSA signature is compared with input SHA digest and returns status TRUE if both digests are same. This function uses Montgomery modular multiplication. Montgomery multiplication requires two Montgomery coefficients. In addition, Montgomery transformation is accelerated using Barrett reduction which requires one Barrett coefficient. With the help of above calculated coefficients, the function decrypts the RSA signature and extracts the SHA digest. The coefficients can be pre-calculated and kept in non-volatile memory to improve the timing. |
| Version | Changes | Reason for Change |
|---|---|---|
| 1.30 | Added support for SHA-384 and SHA-512. | New feature support. |
| Added RSA driver for signature verification using the provided public key. | New feature support. | |
| 1.20 | Corrected variable type name. | Defect fix. |
| 1.10 | Fixed optimization issue in Cryptolite VU driver and updated VU_BITS_TO_WORDS macro logic. | Defect fix. |
| 1.0 | Initial version |