Kinetis SDK v.2.0 API Reference Manual
Rev. 0
Freescale Semiconductor, Inc.
|
The Kinetis SDK provides the Peripheral driver for the LP Trusted Cryptography (LTC) module of Kinetis devices. LP Trusted Cryptography is a set of cryptograhpic hardware accelerator engines that share common registers. LTC architecture can support AES, DES, 3DES, MDHA (SHA), RSA and ECC. Actual list of implemented cryptograhpic hardware accelerator engines depends on specific Kinetis microcontroller.
The driver comprises two sets of API functions.
In the first set, blocking synchronous APIs are provided, for all operations supported by LTC hardware. The LTC operations are complete (and results are made availabe for further usage) when a function returns. When called, these functions don't return until an LTC operation is complete. These functions use main CPU for simple polling loops to determine operation complete or error status and also for plaintext or ciphertext data movements. The driver functions are not re-entrant. These functions provide typical interface to upper layer or application software.
In the second set, DMA support for symmetric LTC processing is provided, for AES and DES engines. APIs in the second set use DMA for data movement to and from the LTC input and output FIFOs. By using these functions, main CPU is not used for plaintext or ciphertext data movements (DMA is used instead). Thus, CPU processing power can be used for other application tasks, at cost of decreased maximum data throughput (because of DMA module and transactions management overhead). These functions provide less typical interface, for applications that must offload main CPU while ciphertext or plaintext is being processed, at cost of longer cryptograhpic processing time.
LTC Driver is initialized by calling the LTC_Init() function, it enables the LTC module clock in the Kinetis SIM module. If AES or DES engine is used and the LTC module implementation features the LTC DPA Mask Seed register, seed the DPA mask generator by using the seed from a random number generator. The LTC_SetDpaMaskSeed() function is provided to set the DPA mask seed.
LTC operations provided by this driver are not re-entrant. Thus, application software shall ensure the LTC module operation is not requested from different tasks or interrupt service routines while an operation is in progress.
All APIs can be used from interrupt handler although execution time shall be considered (interrupt latency of equal and lower priority interrupts increases).
Initialize LTC after Power On Reset or reset cycle
Encrypt plaintext by DES engine
Encrypt ciphertext by AES engine
Compute keyed hash by AES engine (CMAC)
Compute hash by MDHA engine (SHA-256)
Compute modular integer exponentiation
Compute elliptic curve point multiplication
Modules | |
LTC Blocking APIs | |
LTC Non-blocking eDMA APIs | |
Files | |
file | fsl_ltc.h |
Functions | |
void | LTC_Init (LTC_Type *base) |
Initializes the LTC driver. More... | |
void | LTC_Deinit (LTC_Type *base) |
Deinitializes the LTC driver. More... | |
void | LTC_SetDpaMaskSeed (LTC_Type *base, uint32_t mask) |
Sets the DPA Mask Seed register. More... | |
Driver version | |
#define | FSL_LTC_DRIVER_VERSION (MAKE_VERSION(2, 0, 0)) |
LTC driver version. More... | |
#define FSL_LTC_DRIVER_VERSION (MAKE_VERSION(2, 0, 0)) |
Version 2.0.0.
void LTC_Init | ( | LTC_Type * | base | ) |
This function initializes the LTC driver.
base | LTC peripheral base address |
void LTC_Deinit | ( | LTC_Type * | base | ) |
This function deinitializes the LTC driver.
base | LTC peripheral base address |
void LTC_SetDpaMaskSeed | ( | LTC_Type * | base, |
uint32_t | mask | ||
) |
The DPA Mask Seed register reseeds the mask that provides resistance against DPA (differential power analysis) attacks on AES or DES keys.
Differential Power Analysis Mask (DPA) resistance uses a randomly changing mask that introduces "noise" into the power consumed by the AES or DES. This reduces the signal-to-noise ratio that differential power analysis attacks use to "guess" bits of the key. This randomly changing mask should be seeded at POR, and continues to provide DPA resistance from that point on. However, to provide even more DPA protection it is recommended that the DPA mask be reseeded after every 50,000 blocks have been processed. At that time, software can opt to write a new seed (preferably obtained from an RNG) into the DPA Mask Seed register (DPAMS), or software can opt to provide the new seed earlier or later, or not at all. DPA resistance continues even if the DPA mask is never reseeded.
base | LTC peripheral base address |
mask | The DPA mask seed. |