xilsecure
Introduction
This LibXilSecure library provides APIs to access secure hardware to encrypt/decrypt the data using AES-GCM algorithm and generating hash on the input data, where SHA-3 hash will be generated using SHA hardware and SHA-2 hash is generated using software algorithm and this library also supports unsymmetric decryption and encryption using RSA hardware accelerator.How to enable
xilsecure library can be found at
https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_services/xilsecure
xilsecure
|
- data - Provides the API and data structure details
|
- src - Driver source files which are further organised into
|
- examples - Contains example applications demonstrating the use of xilsecure library
Features Supported
- SHA
- SHA3
- Hash of 384 bit output using SHA-3 hardware engine.
- By default uses NIST SHA3 padding
- User can choose for Keccak SHA3 padding by calling XSecure_Sha3PadSelection() API after XSecure_Sha3Initialize().
- SHA2
- Hash of 256 bit output using SHA-2 software algorithm.
- SHA3
- AES-GCM
- Encryption or decryption of the data is done using AES engine
- Operation using KUP or device key (256 bit) and IV(96bit)
- Encryption and decryption of word aligned data. ()
- While encryption GCM tag is appended to encrypted data.
- GCM tag matching is checked while decryption of the data.(GCM tag should be provided explicitly)
- Decryption of boot image partition(Created by bootgen provided by Xilinx)
- Supports operational key.
- Support for key rolling enabled partition.
- Checks for GCM tag matching.
- RSA- hardware accelerator
- Supports for RSA-4096 and RSA-2048 key sizes
- RSA encryption with public key, where padding should be taken care by application
- RSA decryption with private key, where padding should be taken care by application
- Inputs are key parameters modulus, exponent and exponentiation values.
Features not supported
AES-GCM- AES encryption with keyrolling and chunking
- Supports only word aligned data and each update should not be more than 512MB
- Supports only word aligned data and each update should not be more than 512MB
RSA
- RSA 3072
Test Cases:
There are examples which will illustrate the xilsecure usage. They can be found athttps://github.com/Xilinx/embeddedsw/tree/master/lib/sw_services/xilsecure/examples
Documentation:
For more details please refer to library documentationhttps://github.com/Xilinx/embeddedsw/blob/master/lib/sw_services/xilsecure/doc/xilsecure.pdf
Changelog
2016.3
- Provided SHA2 hash support, and also an example to illustrate the SHA2 hash generation
2017.1
- Xilsecure is made support for PMU
- Added comments with .nky fields for aes encryption example.
- Provided genric APIs for encryption and decryption of data.
- Support for calculation of exponential value can also be done internally while doing RSA decryption, for this user needs to pass NULL pointer.
- Modified AES APIs such that, data passed to APIs should be in little endian format
2017.2
- Added new version and modified pre-compiled binary file to support hard floating point.
2017.3
- Added RSA APIs for private key decryption.
- Added support for RSA- 2048 key size.
2017.4
- None
2018.1
- Added support for NIST SHA3 padding.
- Added API to select NIST/KECCAK SHA3 padding of choice
- Modified XSecure_AesDecrypt() API to fix Secure key and IV vulnerabilities.