Software APIs
ecdsa_p256.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_ECC_ECDSA_P256_H_
6 #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_ECC_ECDSA_P256_H_
7 
8 #include <stddef.h>
9 #include <stdint.h>
10 
11 #include "sw/device/lib/base/hardened.h"
12 #include "sw/device/lib/crypto/drivers/otbn.h"
13 #include "sw/device/lib/crypto/impl/ecc/p256_common.h"
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif // __cplusplus
18 
19 /**
20  * A type that holds an ECDSA/P-256 signature.
21  *
22  * The signature consists of two integers r and s, computed modulo n.
23  */
24 typedef struct ecdsa_p256_signature_t {
25  uint32_t r[kP256ScalarWords];
26  uint32_t s[kP256ScalarWords];
27 } ecdsa_p256_signature_t;
28 
29 /**
30  * Start an async ECDSA/P-256 keypair generation operation on OTBN.
31  *
32  * Returns an `OTCRYPTO_ASYNC_INCOMPLETE` error if OTBN is busy.
33  *
34  * @return Result of the operation (OK or error).
35  */
36 OT_WARN_UNUSED_RESULT
37 status_t ecdsa_p256_keygen_start(void);
38 
39 /**
40  * Start an async ECDSA/P-256 sideloaded keypair generation operation on OTBN.
41  *
42  * Expects a sideloaded key from keymgr to be already loaded on OTBN. Returns
43  * an `OTCRYPTO_ASYNC_INCOMPLETE` error if OTBN is busy.
44  *
45  * @return Result of the operation (OK or error).
46  */
47 OT_WARN_UNUSED_RESULT
48 status_t ecdsa_p256_sideload_keygen_start(void);
49 
50 /**
51  * Finish an async ECDSA/P-256 keypair generation operation on OTBN.
52  *
53  * Blocks until OTBN is idle.
54  *
55  * @param[out] private_key Generated private key.
56  * @param[out] public_key Generated public key.
57  * @return Result of the operation (OK or error).
58  */
59 OT_WARN_UNUSED_RESULT
60 status_t ecdsa_p256_keygen_finalize(p256_masked_scalar_t *private_key,
61  p256_point_t *public_key);
62 
63 /**
64  * Start an async ECDSA/P-256 sideloaded keypair generation operation on OTBN.
65  *
66  * This routine will only read back the public key, instead of both public and
67  * private as with `ecdsa_p256_keygen_finalize`. Blocks until OTBN is idle.
68  *
69  * @param[out] public_key Public key.
70  * @return Result of the operation (OK or error).
71  */
72 OT_WARN_UNUSED_RESULT
73 status_t ecdsa_p256_sideload_keygen_finalize(p256_point_t *public_key);
74 
75 /**
76  * Start an async ECDSA/P-256 signature generation operation on OTBN.
77  *
78  * Returns an `OTCRYPTO_ASYNC_INCOMPLETE` error if OTBN is busy.
79  *
80  * @param digest Digest of the message to sign.
81  * @param private_key Secret key to sign the message with.
82  * @return Result of the operation (OK or error).
83  */
84 OT_WARN_UNUSED_RESULT
85 status_t ecdsa_p256_sign_start(const uint32_t digest[kP256ScalarWords],
86  const p256_masked_scalar_t *private_key);
87 
88 /**
89  * Start an async ECDSA/P-256 signature generation operation on OTBN.
90  *
91  * Expects a sideloaded key from keymgr to be already loaded on OTBN. Returns
92  * an `OTCRYPTO_ASYNC_INCOMPLETE` error if OTBN is busy.
93  *
94  * @param digest Digest of the message to sign.
95  * @return Result of the operation (OK or error).
96  */
97 OT_WARN_UNUSED_RESULT
98 status_t ecdsa_p256_sideload_sign_start(
99  const uint32_t digest[kP256ScalarWords]);
100 
101 /**
102  * Finish an async ECDSA/P-256 signature generation operation on OTBN.
103  *
104  * See the documentation of `ecdsa_p256_sign` for details.
105  *
106  * Blocks until OTBN is idle.
107  *
108  * @param[out] result Buffer in which to store the generated signature.
109  * @return Result of the operation (OK or error).
110  */
111 OT_WARN_UNUSED_RESULT
112 status_t ecdsa_p256_sign_finalize(ecdsa_p256_signature_t *result);
113 
114 /**
115  * Start an async ECDSA/P-256 signature verification operation on OTBN.
116  *
117  * See the documentation of `ecdsa_p256_verify` for details.
118  *
119  * Returns an `OTCRYPTO_ASYNC_INCOMPLETE` error if OTBN is busy.
120  *
121  * @param signature Signature to be verified.
122  * @param digest Digest of the message to check the signature against.
123  * @param public_key Key to check the signature against.
124  * @return Result of the operation (OK or error).
125  */
126 OT_WARN_UNUSED_RESULT
127 status_t ecdsa_p256_verify_start(const ecdsa_p256_signature_t *signature,
128  const uint32_t digest[kP256ScalarWords],
129  const p256_point_t *public_key);
130 
131 /**
132  * Finish an async ECDSA/P-256 signature verification operation on OTBN.
133  *
134  * See the documentation of `ecdsa_p256_verify` for details.
135  *
136  * Blocks until OTBN is idle.
137  *
138  * If the signature is valid, writes `kHardenedBoolTrue` to `result`;
139  * otherwise, writes `kHardenedBoolFalse`.
140  *
141  * Note: the caller must check the `result` buffer in order to determine if a
142  * signature passed verification. If a signature is invalid, but nothing goes
143  * wrong during computation (e.g. hardware errors, failed preconditions), the
144  * status will be OK but `result` will be `kHardenedBoolFalse`.
145  *
146  * @param signature Signature to be verified.
147  * @param[out] result Output buffer (true if signature is valid, false
148  * otherwise)
149  * @return Result of the operation (OK or error).
150  */
151 OT_WARN_UNUSED_RESULT
152 status_t ecdsa_p256_verify_finalize(const ecdsa_p256_signature_t *signature,
153  hardened_bool_t *result);
154 
155 #ifdef __cplusplus
156 } // extern "C"
157 #endif // __cplusplus
158 
159 #endif // OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_ECC_ECDSA_P256_H_
Return to OpenTitan Documentation