Expand description
Public Key Accelerator (PKA)
This module provides hardware-accelerated public key cryptographic operations using the PKA peripheral. The PKA can accelerate:
- ECDSA: Signature generation and verification
- ECDH: Elliptic Curve Diffie-Hellman key agreement (via scalar multiplication)
- RSA: Encryption, decryption, and signing (via modular exponentiation)
- Arithmetic: Modular operations, Montgomery multiplication
§Supported Operations
| Operation | Mode | Description |
|---|---|---|
| Modular Exponentiation | 0x00 | RSA encryption/decryption |
| Montgomery Parameter | 0x01 | Compute Montgomery parameter for RSA |
| RSA CRT Exponentiation | 0x07 | Fast RSA with Chinese Remainder Theorem |
| Modular Inversion | 0x08 | Compute modular inverse |
| ECC Scalar Multiplication | 0x20 | ECDH key agreement, point multiplication |
| ECDSA Sign | 0x24 | Generate ECDSA signatures |
| ECDSA Verify | 0x26 | Verify ECDSA signatures |
| Point Check | 0x28 | Validate point is on curve |
§Example - ECDSA Signature Verification (async)
use embassy_stm32::pka::{Pka, EcdsaCurveParams, EcdsaPublicKey, EcdsaSignature};
let mut pka = Pka::new(p.PKA, Irqs);
let params = EcdsaCurveParams::nist_p256();
let public_key = EcdsaPublicKey {
x: &pub_key_x,
y: &pub_key_y,
};
let signature = EcdsaSignature {
r: &sig_r,
s: &sig_s,
};
let valid = pka.ecdsa_verify(¶ms, &public_key, &signature, &hash).await?;For blocking use, swap Pka::new for Pka::new_blocking and call
pka.ecdsa_verify_blocking(...) etc. without .await.
§RAM scrubbing
Operations do not clear the RAM between calls. After a sensitive
operation (one that touched a private key – e.g. ecdsa_sign, ecc_mul
with a private scalar, modular_exp with a private exponent), the
intermediate values remain in PKA RAM until overwritten. To explicitly
scrub the RAM between sensitive operations, call Pka::scrub:
pka.ecdsa_sign(&curve, &priv_key, &k, &hash, &mut sig_r, &mut sig_s).await?;
pka.scrub().await?; // zero the PKA RAM before the next op§Security Notes
- Always use cryptographically secure random numbers for ECDSA
kvalues. - Validate all public keys before use (call
point_check). - Call
Pka::scrubbetween operations that touch sensitive material. - Clear sensitive data from caller-owned buffers after use.
Structs§
- EccPoint
- ECC point (for scalar multiplication results)
- EccProjective
Point - ECC point in projective coordinates (X, Y, Z)
- Ecdsa
Curve Params - ECDSA/ECC curve parameters
- Ecdsa
Public Key - ECDSA public key
- Ecdsa
Signature - ECDSA signature
- Interrupt
Handler - PKA interrupt handler.
- ModExp
Protect Params - Parameters for modular exponentiation with protection (side-channel resistant)
- Pka
- PKA driver
- RsaCrt
Params - RSA CRT parameters for fast decryption
- RsaParams
- RSA operation parameters
Enums§
- Comparison
Result - Result of a comparison operation
- Error
- PKA error
- PkaMode
- PKA operation modes
Traits§
- Instance
- PKA instance trait.