This example project demonstrates the usage of the User Crypto hardware block for the signature generation and verification using DSA service functions. It uses
- CALDSASignHash() is used to generate digital signature.
- CALDSAVerifyHash() is used to verify the digital signature.
On connecting PolarFire SoC Video kit J12 to the host PC, you should see 4 COM port interfaces connected. To use this project configure the COM port interface1 as below:
- 115200 baud
- 8 data bits
- 1 stop bit
- no parity
- no flow control
Run the example project using a debugger. A greeting message will appear over the UART terminal followed by a menu system and instructions. This program displays the return data from User Crypto processor for digital signature generation and verification services. This program also displays the return data from User Crypto processor i.e.digital signature generation and verification.
Select option '1' to generate a digital signature for DSA public-key cryptographic service. The signature generation function take following parameters as an input.
- msg -: message string
- G -: A generator point
- K -: A random per message parameter.
- modulus P -: A prime number P
- modulus Q -: A prime number Q
- private_key X -: private key to encrypt the message.
The CALDSASignHash() function performs signature generation and after the successful generation program displays a success message along with generated signature set {R,S} on the UART terminal.
Select option '2' to verify the digital signature set {R,S} generated by DSA public key cryptographic services. The program takes a public key to verify the message signature along with other domain parameters. The CALDSAVerifyHash() function performs DSA signature verification and after successful completion it returns the result of verification process,an appropriate message will be displayed on the UART terminal based on the returned result.
NOTE: The DSA signature Generation operation should be executed before executing DSA signature verification operation.
This example project is targeted at PolarFire SoC Video kit (MPFS250TS-1FCG1152I). The reference design for the PolarFire SoC video kit is available in the following GitHub repository: PolarFire® SoC Video Kit Reference Design.
The steps mentioned here can be used to generate a FlashPro Express job file from above mentioned tcl script.
This project provides build configurations and debug launchers as explained here
- PolarFire User Crypto Driver Configuration
-
config_user.h is a custom configuration file for PolarFire SoC CAL library. Following are the recommended configuration for config_user.h file.
- Define g_user_crypto_base_address global variable as shown below. This will used to configure the PKX0_BASE (defined in config_user.h) and to connect to the User Crypto Co-processor in the Libero design.
uint32_t g_user_crypto_base_addr 0x22000000UL;- SAT_LITTLE_ENDIAN - Endianness of the processor executing CAL Library customization definitions. These definitions enable the respective cryptographic services in the CAL which are supported by the User Crypto Processor. It is recommended that these definitions are not removed or changed unless required.
-
A symbol INC_STDINT_H is defined in project preprocessor setting. For more detail, please refer to caltypes.h file present in CAL folder.
-
NOTE:
- If you try to enter data values other than 0 - 9, a - f, A - F, an error message will be displayed on the serial terminal.
- You must enter all input data as whole bytes. If you enter the 128-bit key {1230...0} as 0x12 0x3 and press return, this will be treated as byte0 = 0x12, byte1 = 0x30, byte2-127 = 0x00.
A macro script is provided with this example which automatically enters the NIST vectors and associated data to verify the functionality. You can use DSA_Service.ttl Tera Term Macro script present in project directory for testing DSA Signature Services example project.
NOTE:
- Tera Term Macros don’t work with Windows 10 build 14393.0. You should update to Windows 10 build 14393.0.105 or later.
- Before running Tera Term Macro script, set language as English (Setup->General->Language). Also setup transmit delay in (Setup->Serial port) to 5msec/char and 5msec/line.
- By default, Tera Term log will be stored in Tera Term installation Directory.
This example is tested on PolarFire SoC Video kit (MPFS250TS-1FCG1152I).
The CAL source code is bound by license agreement. If you need access to the CAL source code, please contact FPGA_marketing@microchip.com for further details on NDA requirements.