Cryptographic Accelerator (CRYA) Overview
SAM L11 embeds a hardware CRYA with associated software functions stored in Boot ROM, which provides the hardware acceleration for the following:
- Advanced Encryption Standard (AES): Federal Information Processing Standard (FIPS) Publication 197, Advanced Encryption Standard.
- Encryption with a 128-bit cryptographic key.
- Decryption with a 128-bit cryptographic key.
- Secure Hash Standard (SHA): FIPS Publication 180-4, The Secure Hash Standard.
- Accelerates message schedule and inner compression loop.
- Galois/Counter Mode (GCM): National Institute of Standards and Technology (NIST) Special Publication 800-38D Recommendation.
- Accelerates the Galois Field (GF) (2128) multiplication for AES-GCM hash function.
CRYA Application Programming Interfaces (APIs)
The CRYA APIs which are located in a dedicated Boot ROM area are only accessible from the user application after the Boot ROM has completed. This area is an execute-only area, meaning the CPU cannot do any loads but can call the APIs. The Boot ROM memory space is a secure area, meaning only the secure application can directly call these APIs.
All 8-bit pointers from CRYA API functions must be 32-bit aligned.
AES API
The AES software has two function routines to do encryption and decryption on a 128-bit block of input data. The AES encryption function entry point is located at the Boot ROM address 0x02001904 and the encryption function parameters are:
- Src[in]: a pointer to a 128-bit data block to be encrypted.
- Dst[out]: a pointer to 128-bit encrypted data.
- Keys[in]: a pointer to a 128-bit key.
- Length[in]: number of 32-bit words comprising the key, four for 128-bits key.
The AES decryption function entry point is located at the Boot ROM address 0x02001908 and the decryption function parameters are:
- Src[in]: a pointer to a 128-bit data block to be decrypted.
- Dst[out]: a pointer to 128-bit decrypted data.
- Keys[in]: a pointer to a 128-bit key.
- Length[in]: number of 32-bit words comprising the key, four for 128-bits key.
The APIs are:
SHA API and Example of a Function
The SHA software function can update the hash value based on the 512-bit data. It is assumed that the message is already preprocessed properly for the SHA algorithm so that the SHA software can work directly on 512-bit portions.
The SHA function entry point is located at the Boot ROM address 0x02001900 and has three parameters:
- [In/out]: a pointer to a hash location (hash input and output).
- [In]: a pointer to a 512-bit data block.
- [In]: a pointer to a RAM buffer (256B is needed for the internal algorithm.) The updated hash value is put as the first parameter after the function exit.
The API is:
GCM API
The GCM function entry point is located at the Boot ROM address 0x0200190C and the function parameters are:
- Block1[in]: a pointer to 128-bit data blocks that are to be multiplied.
- Block2[in]: a pointer to 128-bit data blocks that are to be multiplied.
- Dst[out]: a pointer to a location for storing the result.
The API is:
To get more information on how to implement GCM, refer to the SAM L11 Security Reference Guide Application Note