diff --git a/subsys/nrf_security/Kconfig.psa.nordic b/subsys/nrf_security/Kconfig.psa.nordic index 4aff153aee72..21074e56208d 100644 --- a/subsys/nrf_security/Kconfig.psa.nordic +++ b/subsys/nrf_security/Kconfig.psa.nordic @@ -400,10 +400,3 @@ config PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY bool "SRP public key support" if !MBEDTLS_PROMPTLESS help SRP public key support. - -comment "Nordic added alternative cracen driver" - -config PSA_WANT_NO_SI_CRYPTO - bool "Running supported crypto operations without sicrypto" if !MBEDTLS_PROMPTLESS - help - Using alternative high level driver for cracen when supported diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake b/subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake index 00ad5e186e0f..2d01215eefb6 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake @@ -44,6 +44,7 @@ endif() if(CONFIG_PSA_NEED_CRACEN_ASYMMETRIC_SIGNATURE_DRIVER) list(APPEND cracen_driver_sources ${CMAKE_CURRENT_LIST_DIR}/src/sign.c + ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c ) endif() @@ -61,6 +62,7 @@ endif() if(CONFIG_PSA_NEED_CRACEN_KEY_MANAGEMENT_DRIVER OR CONFIG_PSA_NEED_CRACEN_KMU_DRIVER OR CONFIG_MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) list(APPEND cracen_driver_sources + ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c ${CMAKE_CURRENT_LIST_DIR}/src/key_management.c ) endif() @@ -78,12 +80,6 @@ if(CONFIG_PSA_NEED_CRACEN_ECJPAKE_SECP_R1_256) ) endif() -if(CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519) - list(APPEND cracen_driver_sources - ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c - ) -endif() - if(CONFIG_PSA_NEED_CRACEN_SRP_6) list(APPEND cracen_driver_sources ${CMAKE_CURRENT_LIST_DIR}/src/srp.c diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa.h b/subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa.h index 066d1ca99b87..f33f82688cfa 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa.h +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa.h @@ -361,13 +361,20 @@ psa_status_t cracen_spake2p_get_shared_key(cracen_spake2p_operation_t *operation psa_status_t cracen_spake2p_abort(cracen_spake2p_operation_t *operation); -int ed25519_sign(const uint8_t *ed25519, char *signature, - const uint8_t *message); +int ed25519_sign(const uint8_t *privkey, char *signature, + const uint8_t *message, size_t message_length); int ed25519_verify(const uint8_t *pubkey, const char *message, - size_t message_length, const char *signature); + size_t message_length, const char *signature); -int create_ed25519_pubkey(const uint8_t *ed25519, - uint8_t *pubkey); + +int ed25519ph_sign(const uint8_t *privkey, char *signature, + const uint8_t *message, size_t message_length, int ismessage); + +int ed25519ph_verify(const uint8_t *pubkey, const char *message, + size_t message_length, const char *signature, int ismessage); + +int ed25519_create_pubkey(const uint8_t *privkey, + uint8_t *pubkey); #endif /* CRACEN_PSA_H */ diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ed25519.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ed25519.c index 9a21ab30200b..50541aaad117 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ed25519.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ed25519.c @@ -10,60 +10,145 @@ #include #include -int ed25519_sign(const uint8_t *ed25519, char *signature, const uint8_t *message) +const char dom2[34] = { + 0x53, 0x69, 0x67, 0x45, 0x64, 0x32, 0x35, + 0x35, 0x31, 0x39, 0x20, 0x6e, 0x6f, 0x20, + 0x45, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, + 0x20, 0x63, 0x6f, 0x6c, 0x6c, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x73, 0x01, 0x00 +}; + +int ed25519_hash_message(const char *message, size_t message_length, char *workmem) { - char workmem[160]; + int status; struct sxhash hashopctx; - char pointr_buffer[64]; - char *pointr = pointr_buffer; - int r; + status = sx_hash_create(&hashopctx, &sxhashalg_sha2_512, sizeof(hashopctx)); + + if (status != 0) { + return status; + } + status = sx_hash_feed(&hashopctx, message, message_length); + if (status != 0) { + return status; + } + status = sx_hash_digest(&hashopctx, workmem); + return status; + +} + +int ed25519_hash_privkey(struct sxhash hashopctx, char *workmem, const uint8_t *priv_key) +{ + + int status; /*Hash the private key, the digest is stored in the first 64 bytes of workmem*/ - r = sx_hash_create(&hashopctx, &sxhashalg_sha2_512, sizeof(hashopctx)); - if (r != 0) { - return r; + status = sx_hash_create(&hashopctx, &sxhashalg_sha2_512, sizeof(hashopctx)); + if (status != 0) { + return status; } - r = sx_hash_feed(&hashopctx, ed25519, 32); - if (r != 0) { - return r; + status = sx_hash_feed(&hashopctx, priv_key, 32); + if (status != 0) { + return status; } - r = sx_hash_digest(&hashopctx, workmem); - if (r != 0) { - return r; + status = sx_hash_digest(&hashopctx, workmem); + if (status != 0) { + return status; } /*Wait to make sure hash operation is finished before doing calculations on it*/ - r = sx_hash_wait(&hashopctx); - if (r != 0) { - return r; + status = sx_hash_wait(&hashopctx); + + return status; +} + + +int ed25519_calculate_r(struct sxhash hashopctx, char *workmem, + const uint8_t *message, size_t message_length, int prehash) +{ + int status; + + status = sx_hash_create(&hashopctx, &sxhashalg_sha2_512, sizeof(hashopctx)); + + if (status != 0) { + return status; } - /* Obtain r by hashing (prefix || message), where prefix is the second - * half of the private key digest. - */ + if (prehash) { + status = sx_hash_feed(&hashopctx, dom2, 34); + if (status != 0) { + return status; + } + } + status = sx_hash_feed(&hashopctx, workmem+32, 32); + if (status != 0) { + return status; + } + status = sx_hash_feed(&hashopctx, message, message_length); + if (status != 0) { + return status; + } + status = sx_hash_digest(&hashopctx, workmem+96); + + return status; +} - r = sx_hash_create(&hashopctx, &sxhashalg_sha2_512, sizeof(hashopctx)); - if (r != 0) { - return r; +int ed25519_calculate_k(struct sxhash hashopctx, char *workmem, char *pointr, + const char *message, size_t message_length, int prehash) +{ + /* Obtain k by hashing (R || A || message). where A is the public key */ + int status; + + status = sx_hash_create(&hashopctx, &sxhashalg_sha2_512, sizeof(hashopctx)); + + if (status != 0) { + return status; + } + if (prehash) { + status = sx_hash_feed(&hashopctx, dom2, sizeof(dom2)); + if (status != 0) { + return status; + } } - r = sx_hash_feed(&hashopctx, workmem+32, 32); - if (r != 0) { - return r; + status = sx_hash_feed(&hashopctx, pointr, 32); + if (status != 0) { + return status; } - r = sx_hash_feed(&hashopctx, message, 100); - if (r != 0) { - return r; + status = sx_hash_feed(&hashopctx, workmem+32, 32); + if (status != 0) { + return status; } - r = sx_hash_digest(&hashopctx, workmem+96); - if (r != 0) { - return r; + status = sx_hash_feed(&hashopctx, message, message_length); + if (status != 0) { + return status; + } + status = sx_hash_digest(&hashopctx, workmem+32); + return status; +} + +int ed25519_sign_internal(const uint8_t *priv_key, char *signature, + const uint8_t *message, size_t message_length, int prehash) +{ + char workmem[160]; + struct sxhash hashopctx; + char pointr_buffer[64]; + char *pointr = pointr_buffer; + int status; + + /*Hash the private key, the digest is stored in the first 64 bytes of workmem*/ + status = ed25519_hash_privkey(hashopctx, workmem, priv_key); + if (status != 0) { + return status; } + /* Obtain r by hashing (prefix || message), where prefix is the second + * half of the private key digest. + */ + status = ed25519_calculate_r(hashopctx, workmem, message, message_length, prehash); /* Perform point multiplication R = [r]B. This is the encoded point R, * which is the first part of the signature. */ - r = sx_ed25519_ptmult((const struct sx_ed25519_dgst *)(workmem + 96), - (struct sx_ed25519_pt *)pointr); - if (r != 0) { - return r; + status = sx_ed25519_ptmult((const struct sx_ed25519_dgst *)(workmem + 96), + (struct sx_ed25519_pt *)pointr); + if (status != 0) { + return status; } /* The secret scalar s is computed in place from the first half of the @@ -75,121 +160,160 @@ int ed25519_sign(const uint8_t *ed25519, char *signature, const uint8_t *message * works on an input of SX_ED25519_DGST_SZ bytes. */ safe_memset(workmem + 32, 128, 0, 32); - - /* Perform point multiplication A = [s]B, to obtain the public key A. - * Which is stored in workmem[32:63] + /* Perform point multiplication A = [s]B, + * to obtain the public key A. which is stored in workmem[32:63] */ - r = sx_ed25519_ptmult((const struct sx_ed25519_dgst *)(workmem), - (struct sx_ed25519_pt *)(struct sx_ed25519_pt *)((char *)workmem + 32)); - if (r != 0) { - return r; + status = sx_ed25519_ptmult((const struct sx_ed25519_dgst *)(workmem), + (struct sx_ed25519_pt *)(struct sx_ed25519_pt *)((char *)workmem + 32)); + if (status != 0) { + return status; } - /* Obtain k by hashing (R || A || message). */ - r = sx_hash_create(&hashopctx, &sxhashalg_sha2_512, sizeof(hashopctx)); - if (r != 0) { - return r; - } - r = sx_hash_feed(&hashopctx, pointr, 32); - if (r != 0) { - return r; - } - r = sx_hash_feed(&hashopctx, workmem+32, 32); - if (r != 0) { - return r; - } - r = sx_hash_feed(&hashopctx, message, 100); - if (r != 0) { - return r; - } - r = sx_hash_digest(&hashopctx, workmem+32); - if (r != 0) { - return r; + status = ed25519_calculate_k(hashopctx, workmem, pointr, message, message_length, prehash); + if (status != 0) { + return status; } /* Compute (r + k * s) mod L. This gives the second part of the * signature, which is the encoded S which is stored in pointr. */ - r = sx_ed25519_sign( + status = sx_ed25519_sign( (const struct sx_ed25519_dgst *)(workmem + 32), (const struct sx_ed25519_dgst *)(workmem + 3 * 32), (const struct sx_ed25519_v *)workmem, (struct sx_ed25519_v *)(pointr + SX_ED25519_PT_SZ)); - if (r != 0) { - return r; + if (status != 0) { + return status; } memcpy(signature, pointr, 64); - return r; + return status; + } -int ed25519_verify(const uint8_t *pubkey, const char *message, - size_t message_length, const char *signature) + +int ed25519_sign(const uint8_t *priv_key, char *signature, + const uint8_t *message, size_t message_length) +{ + return ed25519_sign_internal(priv_key, signature, message, message_length, 0); +} + +int ed25519ph_sign(const uint8_t *priv_key, char *signature, + const uint8_t *message, size_t message_length, int ismessage) { + char hashedmessage[64]; + int status; + if (ismessage) { + status = ed25519_hash_message(message, message_length, hashedmessage); + if (status != 0) { + return status; + } + return ed25519_sign_internal(priv_key, signature, hashedmessage, 64, 1); + } else { + return ed25519_sign_internal(priv_key, signature, message, message_length, 1); + } +} + +int ed25519_verify_internal(const uint8_t *pubkey, const char *message, + size_t message_length, const char *signature, int prehash) +{ char workmem[64]; struct sxhash hashopctx; - int r; + int status; - - r = sx_hash_create(&hashopctx, &sxhashalg_sha2_512, sizeof(hashopctx)); - if (r != 0) { - return r; + status = sx_hash_create(&hashopctx, &sxhashalg_sha2_512, sizeof(hashopctx)); + if (status != 0) { + return status; } - r = sx_hash_feed(&hashopctx, signature, 32); - if (r != 0) { - return r; + if (prehash) { + status = sx_hash_feed(&hashopctx, dom2, sizeof(dom2)); + if (status != 0) { + return status; + } } - r = sx_hash_feed(&hashopctx, pubkey, 32); - if (r != 0) { - return r; + status = sx_hash_feed(&hashopctx, signature, 32); + if (status != 0) { + return status; } - r = sx_hash_feed(&hashopctx, message, message_length); - if (r != 0) { - return r; + status = sx_hash_feed(&hashopctx, pubkey, 32); + if (status != 0) { + return status; } - r = sx_hash_digest(&hashopctx, workmem); - if (r != 0) { - return r; + status = sx_hash_feed(&hashopctx, message, message_length); + if (status != 0) { + return status; + } + status = sx_hash_digest(&hashopctx, workmem); + if (status != 0) { + return status; } - r = sx_ed25519_verify( + status = sx_ed25519_verify( (struct sx_ed25519_dgst *)workmem, (struct sx_ed25519_pt *)pubkey, (const struct sx_ed25519_v *)(signature + 32), (const struct sx_ed25519_pt *)signature); - return r; + return status; +} + +int ed25519_verify(const uint8_t *pubkey, const char *message, + size_t message_length, const char *signature) +{ + return ed25519_verify_internal(pubkey, message, + message_length, signature, 0); } -int create_ed25519_pubkey(const uint8_t *ed25519, +int ed25519ph_verify(const uint8_t *pubkey, const char *message, + size_t message_length, const char *signature, int ismessage) +{ + int status; + char hashedmessage[64]; + + if (ismessage) { + status = ed25519_hash_message(message, message_length, hashedmessage); + if (status != 0) { + return status; + } + return ed25519_verify_internal(pubkey, hashedmessage, 64, signature, 1); + } + return ed25519_verify_internal(pubkey, message, message_length, signature, 1); +} + +int ed25519_create_pubkey(const uint8_t *priv_key, uint8_t *pubkey) { char workmem[64]; struct sxhash hashopctx; - int r; + int status; - r = sx_hash_create(&hashopctx, &sxhashalg_sha2_512, sizeof(hashopctx)); - if (r != 0) { - return r; + /*Hash the privat key*/ + status = sx_hash_create(&hashopctx, &sxhashalg_sha2_512, sizeof(hashopctx)); + if (status != 0) { + return status; } - r = sx_hash_feed(&hashopctx, ed25519, 32); - if (r != 0) { - return r; + + status = sx_hash_feed(&hashopctx, priv_key, 32); + if (status != 0) { + return status; } - r = sx_hash_digest(&hashopctx, workmem); - if (r != 0) { - return r; - } - /*Wait to make sure hash operation is finished before doing calculations on it - * removing this breaks pubkey generation + + status = sx_hash_digest(&hashopctx, workmem); + if (status != 0) { + return status; + } + + /*Wait to make sure hash operation is finished before doing + * calculations on it. Removing this breaks pubkey generation */ - r = sx_hash_wait(&hashopctx); - if (r != 0) { - return r; + status = sx_hash_wait(&hashopctx); + if (status != 0) { + return status; } + /* The secret scalar s is computed in place from the first half of the * private key digest. */ @@ -199,13 +323,16 @@ int create_ed25519_pubkey(const uint8_t *ed25519, * works on an input of SX_ED25519_DGST_SZ bytes. */ safe_memset(workmem+32, 32, 0, 32); + /* Perform point multiplication A = [s]B, to obtain the public key A. */ - r = sx_ed25519_ptmult((const struct sx_ed25519_dgst *)(workmem), - (struct sx_ed25519_pt *)(struct sx_ed25519_pt *)((char *)workmem + 32)); - if (r != 0) { - return r; + status = sx_ed25519_ptmult((const struct sx_ed25519_dgst *)(workmem), + (struct sx_ed25519_pt *)(struct sx_ed25519_pt *)((char *)workmem + 32)); + if (status != 0) { + return status; } + memcpy(pubkey, workmem+32, 32); - return r; + return status; + } diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c index 1f2d2d014a8f..f635abdf93e0 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c @@ -27,12 +27,6 @@ #include #include -#if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 -#else -#include -#include -#endif - extern const uint8_t cracen_N3072[384]; extern nrf_security_mutex_t cracen_mutex_symmetric; @@ -606,12 +600,9 @@ static psa_status_t export_ecc_public_key_from_keypair(const psa_key_attributes_ psa_status_t psa_status; size_t expected_pub_key_size = 0; int si_status = 0; - psa_algorithm_t key_alg = psa_get_key_algorithm(attributes); const struct sx_pk_ecurve *sx_curve; -#if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 -#else + struct sitask t; -#endif switch (psa_curve) { case PSA_ECC_FAMILY_BRAINPOOL_P_R1: case PSA_ECC_FAMILY_SECP_R1: @@ -636,10 +627,8 @@ static psa_status_t export_ecc_public_key_from_keypair(const psa_key_attributes_ struct si_sig_privkey priv_key; struct si_sig_pubkey pub_key; -#if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 -#else char workmem[SX_ED448_DGST_SZ] = {}; -#endif + if (PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes)) == PSA_KEY_LOCATION_CRACEN) { if (key_buffer_size != sizeof(ikg_opaque_key)) { @@ -680,33 +669,25 @@ static psa_status_t export_ecc_public_key_from_keypair(const psa_key_attributes_ } break; case PSA_ECC_FAMILY_TWISTED_EDWARDS: -#if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 -#else if (key_bits_attr == 255) { - if (key_alg == PSA_ALG_ED25519PH) { - priv_key.def = si_sig_def_ed25519ph; - priv_key.key.ed25519 = (struct sx_ed25519_v *)key_buffer; - pub_key.key.ed25519 = (struct sx_ed25519_pt *)data; - } else { - priv_key.def = si_sig_def_ed25519; - priv_key.key.ed25519 = (struct sx_ed25519_v *)key_buffer; - pub_key.key.ed25519 = (struct sx_ed25519_pt *)data; - } + (void)t; + si_status = ed25519_create_pubkey(key_buffer, data); + *data_length = 32; + if (si_status != SX_OK) { + return silex_statuscodes_to_psa(si_status); + } + return PSA_SUCCESS; } else { priv_key.def = si_sig_def_ed448; priv_key.key.ed448 = (struct sx_ed448_v *)key_buffer; pub_key.key.ed448 = (struct sx_ed448_pt *)data; } -#endif break; default: return PSA_ERROR_NOT_SUPPORTED; } } -#if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 - si_status = create_ed25519_pubkey(key_buffer, data); - *data_length = 32; -#else + si_task_init(&t, workmem, sizeof(workmem)); si_sig_create_pubkey(&t, &priv_key, &pub_key); si_task_run(&t); @@ -718,7 +699,6 @@ static psa_status_t export_ecc_public_key_from_keypair(const psa_key_attributes_ } *data_length = expected_pub_key_size; -#endif return PSA_SUCCESS; } diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/sign.c b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/sign.c index 8b8d0bf90bde..32647a4cd8ef 100644 --- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/sign.c +++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/sign.c @@ -12,7 +12,6 @@ #include #include #include -#include #include #include #include @@ -38,12 +37,6 @@ #define SI_PSA_IS_KEY_FLAG(flag, attr) ((flag) == (psa_get_key_usage_flags((attr)) & (flag))) #define SI_PSA_IS_KEY_TYPE(flag, attr) ((flag) == (psa_get_key_type((attr)) & (flag))) -#if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 -#else -#include -#include -#endif - static int cracen_signature_set_hashalgo(const struct sxhashalg **hashalg, psa_algorithm_t alg) { return hash_get_algo(PSA_ALG_SIGN_GET_HASH(alg), hashalg); @@ -124,28 +117,10 @@ static int cracen_signature_prepare_ec_prvkey(struct si_sig_privkey *privkey, ch return SX_ERR_INVALID_ARG; } - if (alg == PSA_ALG_PURE_EDDSA) { -#if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 -#else - privkey->def = si_sig_def_ed25519; - privkey->key.ed25519 = (struct sx_ed25519_v *)key_buffer; -#endif + if (alg == PSA_ALG_PURE_EDDSA || alg == PSA_ALG_ED25519PH) { return SX_OK; } - if (IS_ENABLED(PSA_NEED_CRACEN_ED25519PH)) { - if (alg == PSA_ALG_ED25519PH) { - privkey->def = si_sig_def_ed25519ph; - privkey->key.ed25519 = (struct sx_ed25519_v *)key_buffer; - if (message) { - return cracen_signature_set_hashalgo(&privkey->hashalg, alg); - } else { - return cracen_signature_set_hashalgo_from_digestsz( - &privkey->hashalg, alg, digestsz); - } - } - } - if (IS_ENABLED(PSA_NEED_CRACEN_ECDSA_SECP_R1) || IS_ENABLED(PSA_NEED_CRACEN_ECDSA_SECP_K1) || IS_ENABLED(PSA_NEED_CRACEN_ECDSA_BRAINPOOL_P_R1)) { @@ -216,40 +191,13 @@ static int cracen_signature_prepare_ec_pubkey(struct sitask *t, struct si_sig_pu if (IS_ENABLED(PSA_NEED_CRACEN_PURE_EDDSA_TWISTED_EDWARDS)) { if (alg == PSA_ALG_PURE_EDDSA) { -#if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 - return SX_OK; -#else - pubkey->def = si_sig_def_ed25519; - if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(psa_get_key_type(attributes))) { - pubkey->key.ed25519 = (struct sx_ed25519_pt *)key_buffer; + memcpy(pubkey_buffer, key_buffer, key_buffer_size); return SX_OK; } - if (curvesz != key_buffer_size) { - return SX_ERR_INVALID_KEY_SZ; - } - pubkey->key.ed25519 = (struct sx_ed25519_pt *)pubkey_buffer; -#endif - } - } - - if (IS_ENABLED(PSA_NEED_CRACEN_ED25519PH) && alg == PSA_ALG_ED25519PH) { - pubkey->def = si_sig_def_ed25519ph; - if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(psa_get_key_type(attributes))) { - pubkey->key.ed25519 = (struct sx_ed25519_pt *)key_buffer; - if (message) { - cracen_signature_set_hashalgo(&pubkey->hashalg, - alg); - } else { - cracen_signature_set_hashalgo_from_digestsz(&pubkey->hashalg, - alg, digestsz); - } - return SX_OK; - } - if (curvesz != key_buffer_size) { - return SX_ERR_INVALID_KEY_SZ; + status = ed25519_create_pubkey(key_buffer, pubkey_buffer); + return status; } - pubkey->key.ed25519 = (struct sx_ed25519_pt *)pubkey_buffer; } if (IS_ENABLED(PSA_NEED_CRACEN_ECDSA_SECP_R1) || @@ -308,18 +256,6 @@ static psa_status_t cracen_signature_ecc_sign(int message, const psa_key_attribu size_t signature_size, size_t *signature_length) { int si_status; - const struct sx_pk_ecurve *curve; -#if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 -#else - struct si_sig_privkey privkey = {0}; - struct si_sig_signature sign = {0}; - struct sitask t; - /* Workmem for ecc sign task is 4 * digestsz + hmac block size + curve size */ - char workmem[4 * PSA_HASH_MAX_SIZE + PSA_HMAC_MAX_HASH_BLOCK_SIZE + - PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; - - si_task_init(&t, workmem, sizeof(workmem)); -#endif if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_get_key_type(attributes))) { return silex_statuscodes_to_psa(SX_ERR_INCOMPATIBLE_HW); } @@ -332,7 +268,26 @@ static psa_status_t cracen_signature_ecc_sign(int message, const psa_key_attribu ((!message) && (!SI_PSA_IS_KEY_FLAG(PSA_KEY_USAGE_SIGN_HASH, attributes)))) { return PSA_ERROR_INVALID_ARGUMENT; } + if (alg == PSA_ALG_ED25519PH) { + si_status = ed25519ph_sign(key_buffer, signature, input, input_length, message); + *signature_length = 64; + return silex_statuscodes_to_psa(si_status); + } else if (alg == PSA_ALG_PURE_EDDSA) { + si_status = ed25519_sign(key_buffer, signature, input, input_length); + *signature_length = 64; + return silex_statuscodes_to_psa(si_status); + } + + const struct sx_pk_ecurve *curve; + struct si_sig_privkey privkey = {0}; + struct si_sig_signature sign = {0}; + struct sitask t; + /* Workmem for ecc sign task is 4 * digestsz + hmac block size + curve size */ + char workmem[4 * PSA_HASH_MAX_SIZE + PSA_HMAC_MAX_HASH_BLOCK_SIZE + + PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; + + si_task_init(&t, workmem, sizeof(workmem)); si_status = cracen_signature_prepare_ec_prvkey(&privkey, (char *)key_buffer, key_buffer_size, &curve, alg, attributes, message, input_length); @@ -344,47 +299,23 @@ static psa_status_t cracen_signature_ecc_sign(int message, const psa_key_attribu if ((int)signature_size < 2 * curve->sz) { return silex_statuscodes_to_psa(SX_ERR_OUTPUT_BUFFER_TOO_SMALL); } -#if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 - ed25519_sign(key_buffer, signature, input); - *signature_length = 64; -#else *signature_length = 2 * curve->sz; sign.sz = *signature_length; sign.r = (char *)signature; sign.s = (char *)signature + *signature_length / 2; - /* ED25519PH requires prehashing and supports sign and verify message - * the message is therefore hashed here before si_sig_verify is called - */ - if (alg == PSA_ALG_ED25519PH && message) { - uint8_t status; - uint8_t hash[64]; - size_t output_len; - - status = psa_hash_compute(PSA_ALG_SHA_512, - input, input_length, hash, - sizeof(hash), &output_len); - if (status != PSA_SUCCESS) { - return status; - } - + if (message) { si_sig_create_sign(&t, &privkey, &sign); - si_task_consume(&t, (char *)hash, sizeof(hash)); } else { - if (message) { - si_sig_create_sign(&t, &privkey, &sign); - } else { - si_sig_create_sign_digest(&t, &privkey, &sign); - - } - si_task_consume(&t, (char *)input, - message ? input_length : sx_hash_get_alg_digestsz(privkey.hashalg)); + si_sig_create_sign_digest(&t, &privkey, &sign); } + si_task_consume(&t, (char *)input, + message ? input_length : sx_hash_get_alg_digestsz(privkey.hashalg)); + si_task_run(&t); si_status = si_task_wait(&t); safe_memzero(workmem, sizeof(workmem)); -#endif return silex_statuscodes_to_psa(si_status); } @@ -418,59 +349,48 @@ static psa_status_t cracen_signature_ecc_verify(int message, const psa_key_attri return PSA_ERROR_INVALID_ARGUMENT; } - si_task_init(&t, workmem, sizeof(workmem)); - si_status = cracen_signature_prepare_ec_pubkey(&t, &pubkey, (char *)key_buffer, key_buffer_size, &curve, alg, attributes, message, input_length, pubkey_buffer); - if (si_status) { - return silex_statuscodes_to_psa(si_status); - } if ((int)signature_length != 2 * curve->sz) { return silex_statuscodes_to_psa(SX_ERR_INVALID_SIGNATURE); } -#if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 - si_status = ed25519_verify(key_buffer, (char *)input, input_length, signature); -#else + if (alg == PSA_ALG_ED25519PH) { + si_status = ed25519ph_verify(pubkey_buffer, (char *)input, + input_length, signature, message); + + return silex_statuscodes_to_psa(si_status); + } else if (alg == PSA_ALG_PURE_EDDSA) { + si_status = ed25519_verify(pubkey_buffer, (char *)input, + input_length, signature); + + return silex_statuscodes_to_psa(si_status); + } + + si_task_init(&t, workmem, sizeof(workmem)); + + if (si_status) { + return silex_statuscodes_to_psa(si_status); + } + sign.sz = signature_length; sign.r = (char *)signature; sign.s = (char *)signature + signature_length / 2; - /* ED25519PH requires prehashing and supports sign and verify message - * the message is therefore hashed here before si_sig_verify is called - */ - if (alg == PSA_ALG_ED25519PH && message) { - psa_status_t status; - uint8_t hash[64]; - size_t output_len; - - status = psa_hash_compute(PSA_ALG_SHA_512, - input, input_length, hash, - sizeof(hash), &output_len); - if (status != PSA_SUCCESS) { - return status; - } - + if (message) { si_sig_create_verify(&t, &pubkey, &sign); - si_task_consume(&t, (char *)hash, sizeof(hash)); } else { - if (message) { - si_sig_create_verify(&t, &pubkey, &sign); - } else { - if (sx_hash_get_alg_digestsz(pubkey.hashalg) != input_length) { - return PSA_ERROR_INVALID_ARGUMENT; - } - si_sig_create_verify_digest(&t, &pubkey, &sign); + if (sx_hash_get_alg_digestsz(pubkey.hashalg) != input_length) { + return PSA_ERROR_INVALID_ARGUMENT; } - - si_task_consume(&t, (char *)input, input_length); + si_sig_create_verify_digest(&t, &pubkey, &sign); } + si_task_consume(&t, (char *)input, input_length); si_task_run(&t); si_status = si_task_wait(&t); safe_memzero(workmem, sizeof(workmem)); -#endif return silex_statuscodes_to_psa(si_status); } diff --git a/subsys/nrf_security/src/drivers/cracen/psa_driver.Kconfig b/subsys/nrf_security/src/drivers/cracen/psa_driver.Kconfig index 343995dc5bb4..f40a793a7677 100644 --- a/subsys/nrf_security/src/drivers/cracen/psa_driver.Kconfig +++ b/subsys/nrf_security/src/drivers/cracen/psa_driver.Kconfig @@ -1845,10 +1845,6 @@ config PSA_NEED_CRACEN_KMU_DRIVER default y depends on CRACEN_LIB_KMU -config PSA_NEED_NO_SI_CRYPTO - bool - default y - config PSA_NEED_CRACEN_KMU_ENCRYPTED_KEYS bool default y @@ -1863,12 +1859,4 @@ config PSA_NEED_CRACEN_PLATFORM_KEYS depends on PSA_WANT_AES_KEY_SIZE_256 depends on SOC_NRF54H20_CPUSEC -# CRACEN no sicrypto drivers - -config PSA_NEED_NO_SI_CRYPTO_ED25519 - bool - default y - depends on PSA_WANT_ALG_PURE_EDDSA - depends on PSA_WANT_NO_SI_CRYPTO - endmenu