Advertisement
Public key accelerator (PKA) applied to STM32L4P5xx and STM32L4Q5xx only
ECDSA signature verification
ECDSA (elliptic curve digital signature algorithm) signature verification function principle is
the following: Bob, to authenticate Alice's signature, must have a copy of her public key
curve point Q
Bob can verify that Q
1.
check that Q
2.
check that Q
3.
check that n x Q
Then Bob follows the procedure detailed below:
1.
verify that r and s are integer in [1, n-1]
2.
calculate e = HASH(m), where HASH is the agreed cryptographic hash function
3.
let z be the L
4.
calculate w = s
5.
calculate u
6.
calculate the curve point (x
7.
the signature is valid if r = x
Steps 4 to 7 are accelerated by PKA using
36.3.6
PKA procedure to perform an operation
Enabling/disabling PKA
Setting the EN bit to 1 in PKA_CR register enables the PKA peripheral. When EN = 0, the
PKA peripheral is kept under reset, with PKA memory still accessible by the application
through the AHB interface.
Clearing EN bit to 0 while a calculation is in progress causes the operation to be aborted. In
this case, the content of the PKA memory is not guaranteed.
Data formats
The format of the input data and the results in the PKA RAM are specified, for each
operation, in
Executing a PKA operation
Each of the supported PKA operation is executed using the following procedure:
1.
Load initial data into the PKA internal RAM, which is located at address offset 0x400.
2.
Write in the MODE field of PKA_CR register, specifying the operation which is to be
executed and then assert the START bit, also in PKA_CR register.
3.
Wait until the PROCENDF bit in the PKA_SR register is set to "1", indicating that the
computation is complete.
4.
Read the result data from the PKA internal RAM, then clear PROCENDF bit by setting
PROCENDFC bit in PKA_CLRFR.
Note:
When PKA is busy (BUSY = 1) any access by the application to PKA RAM is ignored, and
the flag RAMERRF is set in PKA_SR.
1172/2301
.
A
is a valid curve point going through the following steps:
A
is not equal to the identity element O
A
is on the agreed curve
A
= O.
A
leftmost bits of e
n
-1
mod n
= zw mod n and u
1
, y
1
(mod n), it is invalid otherwise.
1
Section
36.4.
RM0432 Rev 6
= rw mod n
2
) = u
x G + u
x Q
1
1
2
A
ECDSA
verification.
RM0432
Advertisement
Need help?
Do you have a question about the STM32L4+ Series and is the answer not in the manual?