Takes a user-supplied SHA-384 hash and signs it with the device's 384-bit private “factory” EC key, KFP, which is the private half of the key pair whose public key (DCPK) is certified by Microchip in the device's X.509-compliant supply chain assurance certificate. The resulting P-384 ECDSA signature can either be formatted using ASN.1 DER or simply returned in a raw format compatible with the user cryptoprocessor. As ECDSA requires the use of a nonce, the service returns a different result each time, even if the hash input is the same.
The System Controller cryptoprocessor does not directly support generating a nonce with the required numerical range required for ECDSA. It is therefore possible that the generated nonce is rejected, in which case a new nonce is automatically generated until a good value is found. This makes the execution time of this service non-deterministic, however, the probability of an out-of-range nonce being initially generated is extremely low and the probability of a second bad nonce is infinitesimal.
SIGNATURE = ECDSA (KFP, HASH).
If the Raw format is selected, the SIGNATURE field contains two unsigned little-endian 12-word (48 byte) values compatible with the user cryptoprocessor.
If the DER format is selected, the SIGNATURE field is returned in a minimal length DER encoding using a maximum of 104 bytes. If the encoded signature is less than 104 bytes, the output is padded with zeroes. The extra bytes, if any, must be deleted by the user.
| System Service Descriptor Bit Field | Value | Description |
|---|---|---|
| 15:7 | MBOXADDR[10:2] | Mailbox address. See Table 2. |
| 6:0 | 19H | Digital signature Raw format service command |
| 1AH | Digital Signature DER format service command |
The following table lists the Digital Signature Service mailbox format.
| Offset | Length (bytes) | Parameter | Direction | Description |
|---|---|---|---|---|
| 0 | 48 | HASH | Input | SHA384 hash to be signed |
| 48 | 96 (Raw) | SIGNATURE | Output | ECDSA signature (r, s) |
| 104 (DER) |