Asymmetric Crypto Engine
Introduction
The Asymmetric Crypto Engine is a software and hardware component that handles public key encryption operations. It is responsible for generating, storing, and managing public and private keys, as well as executing encryption and decryption tasks. By optimizing the implementation of encryption algorithms, the Asymmetric Crypto Engine can significantly enhance the efficiency and security of the encryption process, making it widely used in network security systems.
Functional Architecture
Not supported.
Basic Functions:
Key Generation:
Generate public and private keys using the mathematical properties of elliptic curves.
Digital Signature:
Supported signature algorithm: ECDSA
ECC operation curve support:
Prime field curves: 192-256 bits
Montgomery Curves: Curve25519
Key Exchange: Supports ECDH.
OTP Key Port (only for ECDSA public key generation/signing)
Physically irreversible writing
Physical architecture isolation (OTP key directly connected to ECC engine, preventing bus sniffing attacks)
Basic Functions:
Key Generation:
Generate public and private keys using the mathematical properties of elliptic curves.
Digital Signature:
Supported signature algorithm: ECDSA
ECC operation curve support:
Prime field curves: 192-256 bits
Montgomery Curves: Curve25519
Key Exchange: Supports ECDH.
OTP Key Port (only for ECDSA public key generation/signing)
Physically irreversible writing
Physical architecture isolation (OTP key directly connected to ECC engine, preventing bus sniffing attacks)
Basic Functions:
Key Generation:
Generate public and private keys using the mathematical properties of elliptic curves.
Digital Signature:
Supported signature algorithm: ECDSA
ECC operation curve support:
Prime field curves: 192-256 bits
Montgomery Curves: Curve25519
Key Exchange: Supports ECDH.
OTP Key Port (only for ECDSA public key generation/signing)
Physically irreversible writing
Physical architecture isolation (OTP key directly connected to ECC engine, preventing bus sniffing attacks)
Basic Functions:
Key Generation:
Generate public and private keys using the mathematical properties of elliptic curves.
Digital Signature:
Supported signature algorithm: ECDSA
ECC operation curve support:
Prime field curves: 192-256 bits
Montgomery Curves: Curve25519
Key Exchange: Supports ECDH.
OTP Key Port (only for ECDSA public key generation/signing)
Physically irreversible writing
Physical architecture isolation (OTP key directly connected to ECC engine, preventing bus sniffing attacks)
Basic Functions:
Key Generation:
ECC key generation: Utilizes the mathematical properties of elliptic curves to generate public and private keys.
Digital Signature:
Supported signature algorithms: ECDSA, EDDSA, and RSA
ECC operation curve support:
Prime field curves: 192~256 bits
Montgomery curves: Curve25519
Edwards curves: Ed25519
RSA 256~3072 bits encryption and decryption
Key Exchange: Supports ECDH.
OTP Key Port (only for ECDSA public key generation/signing)
Physically irreversible writing
Physical architecture isolation (OTP key directly connected to ECC engine, preventing bus sniffing attacks)
The engine supports protection against DPA, SPA, and Timing Attacks. The engine algorithm has been certified by NIST CAVP.
Basic Functions:
Key Generation:
RSA key generation: Includes prime number screening and generation of corresponding public and private key pairs.
ECC key generation: Utilizes the mathematical properties of elliptic curves to generate public and private keys, offering higher key efficiency compared to RSA.
Asymmetric Encryption:
Supports various signature algorithms, such as RSA-SSA, ECDSA, and EdDSA.
ECC operation curve support:
Prime field curves: 112~512 bits (including SM2)
Binary field curves: 113~512 bits
Montgomery curves: 128~512 bits (including X25519, X448)
Edwards curves: 128~512 bits (including Ed25519, Ed448)
RSA 256~4096 bits encryption and decryption
RSA, ECC key exchange
OTP key (only for ECDSA public key generation/signing)
Security Architecture:
The asymmetric encryption engine supports TrustZone technology and can automatically identify whether the CPU access is in Secure or Non-secure state. It incorporates a hardware mutex lock mechanism, meaning the CPU must first obtain this mutex lock before each operation; otherwise, it cannot access the hardware registers.
When the Secure CPU holds the lock, all Non-secure access is blocked. Only after the Secure CPU releases the lock can the Non-secure CPU regain access. Conversely, if a Non-secure CPU holds the lock, the Secure CPU can configure a dedicated preemption register to forcibly release the Non-secure lock and reset the engine, thereby immediately gaining control of the engine.
Additionally, each time the lock is released, the engine automatically clears sensitive information from the hardware and register states, ensuring no information leakage occurs.
The engine supports protection against DPA, SPA, and Timing Attacks. The engine algorithm has been certified by NIST CAVP.
Basic Functions:
Key Generation:
RSA key generation: Includes prime number screening and generation of corresponding public and private key pairs.
ECC key generation: Utilizes the mathematical properties of elliptic curves to generate public and private keys, offering higher key efficiency compared to RSA.
Asymmetric Encryption:
Supports various signature algorithms, such as RSA-SSA, ECDSA, and EdDSA.
ECC operation curve support:
Prime field curves: 112~512 bits (including SM2)
Binary field curves: 113~512 bits
Montgomery curves: 128~512 bits (including X25519, X448)
Edwards curves: 128~512 bits (including Ed25519, Ed448)
RSA 256~4096 bits encryption and decryption
RSA, ECC key exchange
OTP key (only for ECDSA public key generation/signing)
Security Architecture:
The asymmetric encryption engine supports TrustZone technology and can automatically identify whether the CPU access is in Secure or Non-secure state. It incorporates a hardware mutex lock mechanism, meaning the CPU must first obtain this mutex lock before each operation; otherwise, it cannot access the hardware registers.
When the Secure CPU holds the lock, all Non-secure access is blocked. Only after the Secure CPU releases the lock can the Non-secure CPU regain access. Conversely, if a Non-secure CPU holds the lock, the Secure CPU can configure a dedicated preemption register to forcibly release the Non-secure lock and reset the engine, thereby immediately gaining control of the engine.
Additionally, each time the lock is released, the engine automatically clears sensitive information from the hardware and register states, ensuring no information leakage occurs.
ECDSA OTP Keys
Not supported.
The ECDSA engine can download private keys in two ways:
Users pass the private key to the API, which then writes it into the ECDSA register.
ECDSA automatically downloads the ECDSA OTP key.
The OTP physical mapping can store two private keys for ECDSA use, which can only be accessed through ECDSA triggering and cannot be tampered with or read. The prerequisite is that the private keys need to be pre-burned into the OTP physical mapping.
OTP Key |
Address |
Size bits |
Default Value |
Description |
|---|---|---|---|---|
ECDSA_PRI_KEY1 |
Physical mapping 0x280 |
256 |
0xFF |
If OTPKEY=1, load this key to ECDSA engine as private key |
ECDSA_PRI_KEY2 |
Physical mapping 0x2A0 |
256 |
0xFF |
If OTPKEY=2, load this key to ECDSA engine as private key |
ECDSA_PRI_KEY1_Read_Protection |
Physical mapping 0x366[2] |
1 |
1 |
0: Enable ECDSA Key1 read protection, prohibit key reading 1: Disable ECDSA Key1 read protection |
ECDSA_PRI_KEY1_Write_Protection |
Physical mapping 0x366[3] |
1 |
1 |
0: Enable ECDSA Key1 write protection, prohibit hackers from writing key to all 0s 1: Disable ECDSA Key1 write protection |
ECDSA_PRI_KEY2_Read_Protection |
Physical mapping 0x366[4] |
1 |
1 |
0: Enable ECDSA Key2 read protection, prohibit key reading 1: Disable ECDSA Key2 read protection |
ECDSA_PRI_KEY2_Write_Protection |
Physical mapping 0x366[5] |
1 |
1 |
0: Enable ECDSA Key2 write protection, prohibit hackers from writing key to all 0s 1: Disable ECDSA Key2 write protection |
The ECDSA engine can download private keys in two ways:
Users pass the private key to the API, which then writes it into the ECDSA register.
ECDSA automatically downloads the ECDSA OTP key.
The OTP physical mapping can store two private keys for ECDSA use, which can only be accessed through ECDSA triggering and cannot be tampered with or read. The prerequisite is that the private keys need to be pre-burned into the OTP physical mapping.
OTP Key |
Address |
Size bits |
Default Value |
Description |
|---|---|---|---|---|
ECDSA_PRI_KEY1 |
Physical mapping 0x280 |
256 |
0xFF |
If OTPKEY=1, load this key to ECDSA engine as private key |
ECDSA_PRI_KEY2 |
Physical mapping 0x2A0 |
256 |
0xFF |
If OTPKEY=2, load this key to ECDSA engine as private key |
ECDSA_PRI_KEY1_Read_Protection |
Physical mapping 0x366[2] |
1 |
1 |
0: Enable ECDSA Key1 read protection, prohibit key reading 1: Disable ECDSA Key1 read protection |
ECDSA_PRI_KEY1_Write_Protection |
Physical mapping 0x366[3] |
1 |
1 |
0: Enable ECDSA Key1 write protection, prohibit hackers from writing key to all 0s 1: Disable ECDSA Key1 write protection |
ECDSA_PRI_KEY2_Read_Protection |
Physical mapping 0x366[4] |
1 |
1 |
0: Enable ECDSA Key2 read protection, prohibit key reading 1: Disable ECDSA Key2 read protection |
ECDSA_PRI_KEY2_Write_Protection |
Physical mapping 0x366[5] |
1 |
1 |
0: Enable ECDSA Key2 write protection, prohibit hackers from writing key to all 0s 1: Disable ECDSA Key2 write protection |
The ECDSA engine can download private keys in two ways:
Users pass the private key to the API, which then writes it into the ECDSA register.
ECDSA automatically downloads the ECDSA OTP key.
The OTP physical mapping can store two private keys for ECDSA use, which can only be accessed through ECDSA triggering and cannot be tampered with or read. The prerequisite is that the private keys need to be pre-burned into the OTP physical mapping.
OTP Key |
Address |
Size bits |
Default Value |
Description |
|---|---|---|---|---|
ECDSA_PRI_KEY1 |
Physical mapping 0x280 |
256 |
0xFF |
If OTPKEY=1, load this key to ECDSA engine as private key |
ECDSA_PRI_KEY2 |
Physical mapping 0x2A0 |
256 |
0xFF |
If OTPKEY=2, load this key to ECDSA engine as private key |
ECDSA_PRI_KEY1_Read_Protection |
Physical mapping 0x366[2] |
1 |
1 |
0: Enable ECDSA Key1 read protection, prohibit key reading 1: Disable ECDSA Key1 read protection |
ECDSA_PRI_KEY1_Write_Protection |
Physical mapping 0x366[3] |
1 |
1 |
0: Enable ECDSA Key1 write protection, prohibit hackers from writing key to all 0s 1: Disable ECDSA Key1 write protection |
ECDSA_PRI_KEY2_Read_Protection |
Physical mapping 0x366[4] |
1 |
1 |
0: Enable ECDSA Key2 read protection, prohibit key reading 1: Disable ECDSA Key2 read protection |
ECDSA_PRI_KEY2_Write_Protection |
Physical mapping 0x366[5] |
1 |
1 |
0: Enable ECDSA Key2 write protection, prohibit hackers from writing key to all 0s 1: Disable ECDSA Key2 write protection |
The ECDSA engine can download private keys in two ways:
Users pass the private key to the API, which then writes it into the ECDSA register.
ECDSA automatically downloads the ECDSA OTP key.
The OTP physical mapping can store two private keys for ECDSA use, which can only be accessed through ECDSA triggering and cannot be tampered with or read. The prerequisite is that the private keys need to be pre-burned into the OTP physical mapping.
OTP Key |
Address |
Size bits |
Default Value |
Description |
|---|---|---|---|---|
ECDSA_PRI_KEY1 |
Physical mapping 0x280 |
256 |
0xFF |
If OTPKEY=1, load this key to ECDSA engine as private key |
ECDSA_PRI_KEY2 |
Physical mapping 0x2A0 |
256 |
0xFF |
If OTPKEY=2, load this key to ECDSA engine as private key |
ECDSA_PRI_KEY1_Read_Protection |
Physical mapping 0x366[2] |
1 |
1 |
0: Enable ECDSA Key1 read protection, prohibit key reading 1: Disable ECDSA Key1 read protection |
ECDSA_PRI_KEY1_Write_Protection |
Physical mapping 0x366[3] |
1 |
1 |
0: Enable ECDSA Key1 write protection, prohibit hackers from writing key to all 0s 1: Disable ECDSA Key1 write protection |
ECDSA_PRI_KEY2_Read_Protection |
Physical mapping 0x366[4] |
1 |
1 |
0: Enable ECDSA Key2 read protection, prohibit key reading 1: Disable ECDSA Key2 read protection |
ECDSA_PRI_KEY2_Write_Protection |
Physical mapping 0x366[5] |
1 |
1 |
0: Enable ECDSA Key2 write protection, prohibit hackers from writing key to all 0s 1: Disable ECDSA Key2 write protection |
The ECDSA engine can download private keys in two ways:
Users pass the private key to the API, which then writes it into the ECDSA register.
ECDSA automatically downloads the ECDSA OTP key.
The OTP physical mapping can store two private keys for ECDSA use, which can only be accessed through ECDSA triggering and cannot be tampered with or read. The prerequisite is that the private keys need to be pre-burned into the OTP physical mapping.
OTP Key |
Address |
Size bits |
Default Value |
Description |
|---|---|---|---|---|
ECDSA_PRI_KEY1 |
Physical mapping 0x280 |
256 |
0xFF |
If OTPKEY=1, load this key to ECDSA engine as private key |
ECDSA_PRI_KEY2 |
Physical mapping 0x2A0 |
256 |
0xFF |
If OTPKEY=2, load this key to ECDSA engine as private key |
ECDSA_PRI_KEY1_Read_Protection |
Physical mapping 0x366[2] |
1 |
1 |
0: Enable ECDSA Key1 read protection, prohibit key reading 1: Disable ECDSA Key1 read protection |
ECDSA_PRI_KEY1_Write_Protection |
Physical mapping 0x366[3] |
1 |
1 |
0: Enable ECDSA Key1 write protection, prohibit hackers from writing the key to all 0s 1: Disable ECDSA Key1 write protection |
ECDSA_PRI_KEY2_Read_Protection |
Physical mapping 0x366[4] |
1 |
1 |
0: Enable ECDSA Key2 read protection, prohibit key reading 1: Disable ECDSA Key2 read protection |
ECDSA_PRI_KEY2_Write_Protection |
Physical mapping 0x366[5] |
1 |
1 |
0: Enable ECDSA Key2 write protection, prohibit hackers from writing the key to all 0s 1: Disable ECDSA Key2 write protection |
The Asymmetric Crypto Engine’s OTP key only supports ECDSA public key generation/signing. By default, the OTP Key can only be accessed in Secure mode. In Secure state, the pke_ecdsa_share_hw_key API can be called to set the OTP key to either shared or non-shared status.
Key ID |
Key Type |
Length (bits) |
OTP Address |
Key Usage Permission |
|---|---|---|---|---|
0 |
OTP |
256 |
0x280 |
Secure (default) / Non-secure |
1 |
OTP |
256 |
0x2A0 |
Secure (default) / Non-secure |
The Asymmetric Crypto Engine’s OTP key only supports ECDSA public key generation/signing. By default, the OTP Key can only be accessed in Secure mode. In Secure state, the pke_ecdsa_share_hw_key API can be called to set the OTP key to either shared or non-shared status.
Key ID |
Key Type |
Length (bits) |
OTP Address |
Key Usage Permission |
|---|---|---|---|---|
0 |
OTP |
256 |
0x340 |
Secure (default) / Non-secure |
1 |
OTP |
256 |
0x360 |
Secure (default) / Non-secure |
Usage
Hardware interface characteristics: Only supports Slave mode, connected to the CPU via APB bus.
Operation process:
CPU first acquires the mutex
Writes algorithm parameters to the engine storage unit
Sets the control register to select the operation mode
Enables the engine to start calculation
Polls the status register to monitor progress
Upon detecting the end flag
Reads the calculation result from the storage unit
Releases the mutex
Exception handling mechanism
Error identification
Status register contains error flag bits
Immediately terminates the process when an error is detected during polling
Error feedback
API returns predefined error codes (non-zero values)
Returns status code 0 for normal completion
API
Realtek provides low-level APIs, users do not need to concern themselves with specific register operation methods and processes. Additionally, for better adaptability, Realtek has integrated the hardware acceleration engine into the MbedTLS API. MbedTLS ECDSA API only supports Software keys. When using OTP keys, low-level APIs are required. Due to hardware limitations, Realtek has disabled MbedTLS support for the SECP521R1 curve. The following commonly used curve parameters are currently built into the ROM:
Not supported.
SECP256R1
SECP224R1
SECP192R1
SECP256K1
SECP224K1
SECP192K1
BP256R1
CURVE25519
SECP256R1
SECP224R1
SECP192R1
SECP256K1
SECP224K1
SECP192K1
BP256R1
CURVE25519
SECP256R1
SECP224R1
SECP192R1
SECP256K1
SECP224K1
SECP192K1
BP256R1
CURVE25519
SECP256R1
SECP224R1
SECP192R1
SECP256K1
SECP224K1
SECP192K1
BP256R1
CURVE25519
SECP256R1
SECP224R1
SECP192R1
SECP256K1
SECP224K1
SECP192K1
BP256R1
CURVE25519
ED25519
SECP192R1
SECP224R1
SECP256R1
SECP384R1
BP256R1
BP384R1
BP512R1
CURVE25519
SECP192K1
SECP224K1
SECP256K1
CURVE448
ED25519
ED448
SECP192R1
SECP224R1
SECP256R1
SECP384R1
BP256R1
BP384R1
BP512R1
CURVE25519
SECP192K1
SECP224K1
SECP256K1
CURVE448
ED25519
ED448
