nrf_security: drivers: cracen: Remove sicrypto for ecdsa

Add support for ecdsa directly in cracenpsa Remove sicrypto from cracenpsa for escda operations Add support files needed for escda, randinrange, hmac, ecc. Add privat and public ecc key generation without sicrypto Signed-off-by: Dag Erik Gjørvad <[email protected]>
nrfconnect · Jan 31, 2025 · cb4d308 · cb4d308
1 parent faea0b1
commit cb4d308
Show file tree

Hide file tree

Showing 11 changed files with 1,144 additions and 123 deletions.
diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake b/subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake
@@ -44,7 +44,12 @@ endif()
 if(CONFIG_PSA_NEED_CRACEN_ASYMMETRIC_SIGNATURE_DRIVER)
   list(APPEND cracen_driver_sources
     ${CMAKE_CURRENT_LIST_DIR}/src/sign.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/ecdsa.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/ecc.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/rndinrange.c
     ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/util.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/hmac.c
   )
 endif()
 
@@ -64,6 +69,7 @@ if(CONFIG_PSA_NEED_CRACEN_KEY_MANAGEMENT_DRIVER OR CONFIG_PSA_NEED_CRACEN_KMU_DR
   list(APPEND cracen_driver_sources
     ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c
     ${CMAKE_CURRENT_LIST_DIR}/src/key_management.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/ecdsa.c
   )
 endif()
 

diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa.h b/subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa.h
@@ -361,20 +361,70 @@ psa_status_t cracen_spake2p_get_shared_key(cracen_spake2p_operation_t *operation
 
 psa_status_t cracen_spake2p_abort(cracen_spake2p_operation_t *operation);
 
-int ed25519_sign(const uint8_t *privkey, char *signature,
-					const uint8_t *message, size_t message_length);
+int ed25519_sign(const uint8_t *privkey, char *signature, const uint8_t *message,
+		 size_t message_length);
 
-int ed25519_verify(const uint8_t *pubkey, const char *message,
-			size_t message_length, const char *signature);
+int ed25519_verify(const uint8_t *pubkey, const char *message, size_t message_length,
+		   const char *signature);
 
+int ed25519ph_sign(const uint8_t *privkey, char *signature, const uint8_t *message,
+		   size_t message_length, int ismessage);
 
-int ed25519ph_sign(const uint8_t *privkey, char *signature,
-			const uint8_t *message, size_t message_length, int ismessage);
+int ed25519ph_verify(const uint8_t *pubkey, const char *message, size_t message_length,
+		     const char *signature, int ismessage);
 
-int ed25519ph_verify(const uint8_t *pubkey, const char *message,
-			size_t message_length, const char *signature, int ismessage);
+int ed25519_create_pubkey(const uint8_t *privkey, uint8_t *pubkey);
 
-int ed25519_create_pubkey(const uint8_t *privkey,
-				uint8_t *pubkey);
+int be_cmp(const unsigned char *a, const unsigned char *b, size_t sz, int carry);
+
+struct sx_pk_ecurve;
+
+struct ecdsa_signature {
+	size_t sz; /**< Total signature size, in bytes. */
+	char *r;   /**< Signature element "r". */
+	char *s;   /**< Signature element "s". */
+};
+struct eccsk {
+	const struct sx_pk_ecurve *curve;
+	char *d;
+};
+
+struct eccpk {
+	const struct sx_pk_ecurve *curve;
+	char *qx;
+	char *qy;
+};
+
+struct ecc_keypair {
+	struct eccsk sk;
+	struct eccpk pk;
+};
+
+int ecc_create_genpubkey(char *priv_key, char *pub_key, const struct sx_pk_ecurve *curve);
+
+int ecc_create_genprivkey(const struct sx_pk_ecurve *curve, char *priv_key, size_t priv_key_size);
+
+int cracen_ecdsa_verify(char *pubkey, const struct sxhashalg *hashalg, const uint8_t *message,
+			size_t message_length, const struct sx_pk_ecurve *curve,
+			const uint8_t *signature);
+
+int cracen_ecdsa_sign(const struct eccsk *privkey, size_t privkey_size,
+		      const struct sxhashalg *hashalg, const struct sx_pk_ecurve *curve,
+		      const uint8_t *message, size_t message_length, uint8_t *signature,
+		      size_t signature_size, size_t *signature_length);
+
+int cracen_ecdsa_sign_deterministic(const struct eccsk *privkey, size_t privkey_size,
+				    const struct sxhashalg *hashalg,
+				    const struct sx_pk_ecurve *curve, const uint8_t *digest,
+				    size_t digest_length, uint8_t *signature, size_t signature_size,
+				    size_t *signature_length);
+
+int rndinrange_create(const unsigned char *n, size_t nsz, unsigned char *out);
+
+int mac_create_hmac(const struct sxhashalg *hashalg, struct sxhash *hashopctx, const char *key,
+		    size_t keysz, char *workmem, size_t workmemsz);
+
+int hmac_produce(struct sxhash *hashctx, const struct sxhashalg *hashalg, char *out, size_t sz,
+		 char *workmem);
 
 #endif /* CRACEN_PSA_H */
diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ecc.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ecc.c
@@ -0,0 +1,104 @@
+/* ECC key pair generation.
+ * Based on FIPS 186-4, section B.4.2 "Key Pair Generation by Testing
+ * Candidates".
+ *
+ * Copyright (c) 2023 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <string.h>
+#include <silexpk/core.h>
+#include <silexpk/iomem.h>
+#include <silexpk/cmddefs/ecc.h>
+#include <cracen/statuscodes.h>
+#include "cracen_psa.h"
+#include <zephyr/sys/printk.h>
+#include <zephyr/logging/log.h>
+
+#define MAX_ECC_ATTEMPTS 10
+LOG_MODULE_REGISTER(ecc, LOG_LEVEL_DBG);
+
+int ecc_create_genpubkey(char *priv_key, char *pub_key, const struct sx_pk_ecurve *curve)
+{
+	const char **outputs;
+	struct sx_pk_acq_req pkreq;
+	struct sx_pk_inops_ecp_mult inputs;
+	int opsz;
+	int status;
+	int attempts = MAX_ECC_ATTEMPTS;
+
+	for (int i = 0; i <= MAX_ECC_ATTEMPTS; i++) {
+		LOG_INF("ECC test");
+		pkreq = sx_pk_acquire_req(SX_PK_CMD_ECC_PTMUL);
+		if (pkreq.status) {
+			return pkreq.status;
+		}
+		LOG_INF("list_ecc_inslots");
+		pkreq.status =
+			sx_pk_list_ecc_inslots(pkreq.req, curve, 0, (struct sx_pk_slot *)&inputs);
+		if (pkreq.status) {
+			return pkreq.status;
+		}
+
+		opsz = sx_pk_curve_opsize(curve);
+		LOG_INF("curve_opsize");
+
+		/* Write the private key (random) into ba414ep device memory */
+		sx_wrpkmem(inputs.k.addr, priv_key, opsz);
+		sx_pk_write_curve_gen(pkreq.req, curve, inputs.px, inputs.py);
+		LOG_INF("curve_write");
+
+		sx_pk_run(pkreq.req);
+		LOG_INF("pk_has_finished");
+
+		status = sx_pk_has_finished(pkreq.req);
+		LOG_INF("sx_pk_wait");
+
+		status = sx_pk_wait(pkreq.req);
+		if (status != SX_OK) {
+			return status;
+		}
+		LOG_INF("output_ops");
+		/*  static int on_generated_public(struct sitask *t, struct siwq *wq) */
+		outputs = sx_pk_get_output_ops(pkreq.req);
+		LOG_INF("outputs");
+
+		/* When countermeasures are used, the operation may fail with error code
+		 * SX_ERR_NOT_INVERTIBLE. In this case we can try again.
+		 */
+		if (status == SX_ERR_NOT_INVERTIBLE) {
+			sx_pk_release_req(pkreq.req);
+			if (i == MAX_ECC_ATTEMPTS) {
+				return SX_ERR_TOO_MANY_ATTEMPTS;
+			}
+		} else {
+			break;
+		}
+	}
+	sx_rdpkmem(pub_key, outputs[0], opsz);
+
+	sx_rdpkmem(pub_key + opsz, outputs[1], opsz);
+	sx_pk_release_req(pkreq.req);
+	LOG_INF("last wait");
+	return status;
+}
+
+int ecc_create_genprivkey(const struct sx_pk_ecurve *curve, char *priv_key, size_t priv_key_size)
+{
+	size_t keysz = (size_t)sx_pk_curve_opsize(curve);
+	int status;
+	int opsz = sx_pk_curve_opsize(curve);
+	const char *curve_n = sx_pk_curve_order(curve);
+
+	if (priv_key_size < keysz) {
+		return SX_ERR_OUTPUT_BUFFER_TOO_SMALL;
+	}
+
+	/* generate private key, a random in [1, n-1], where n is the curve
+	 * order
+	 */
+	status = rndinrange_create((const unsigned char *)curve_n, opsz, priv_key);
+
+	return status;
+}