Table of Contents
Advertisement
RSA Routines
7.4 RSA Routines
For the RSA-related descriptions which follow, it is generally recommended that all
memory block pointers (regAsel, regBsel, etc.) are set to zero. For the modular
exponentiation routine, the pointers are actually ignored. For the multiplies, add, subtract,
2
and R
functions, it is possible to set these pointers and have the PKEU adhere to these
settings.
While potentially dangerous due to the commonly large sizes of RSA operands, this
flexibility is allowed to support Chinese Remainder Theorem (CRT). CRT often generates
intermediate values which must be stored for later use. By using pointers, these values may
be stored in the PKEU and efficiently used again without the host having to store/retrieve
these values to/from general memory. It is left to the application developer to use these tools
to support CRT.
-1
EXP
7.4.1 (A × R
)
mod N
The PKEU carries out exponentiations by repeated multiply operations. The multiplies are
controlled internally by the PKEU, however, it is the responsibility of the host processor to
provide exponent data (32-bit words at a time) to the accelerator during the operation. Note
that the host must supply the exponent data starting with the most significant 32-bit word
and working down to the least significant word. Each individual word, however, is
formatted msb to lsb (i.e. "exp_word[msb:lsb]").
PKEU asserts the IRDY_B and IRQ signals when it is ready to accept more exponent data
(IRQ only if E_RDY is not masked). This tells the host processor to read the SR to see what
was set. If the E_RDY bit is set, the host processor knows it must provide the next word of
the exponent - this data is written into the EXP(k) register one 32-bit word at a time. If this
interrupt bit is masked, then it must poll the status register to determine when to provide the
next word of the exponent. The host should not look for the assertion of E_RDY until after
the routine (i.e. CR[GO] bit). Data previously written to EXP(K) is ignored.
The data to be exponentiated must be provided in the Montgomery format. Consider the
vector A', the data to be exponentiated where A' = AR mod N. By providing A', the results
-1
EXP
-1
EXP
EXP
of (A' × R
)
mod N yields (A × R × R
)
mod N, or equivalently, (A)
mod N.
The result of the calculation is returned to the B storage register. Note that this value has no
remaining R terms and therefore is no longer in Montgomery format. The value of the
exponent vector must be greater than one for this function to work properly. This function
operates with a minimum of 5 digits (Modsize = 4). The exponent may be as small as one
byte (EXP(k)_SIZE = 0).The complete set of I/O conditions is shown below:
Chapter 7. Public Key Execution Unit
7-25
PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE
Advertisement
Table of Contents
