alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

fix(ecdsa): remove unused k_mode from the ECDSA HAL/LL API

Browse Source 
For ESP32-H2 case, the hardware k mode is always enforced through
efuse settings (done in startup code).

For ESP32-P4 case, the software k mode is not supported in the peripheral
itself and code was redundant.
This commit is contained in:
Mahavir Jain 2023-11-03 15:51:05 +05:30
parent 94bf4710fa
commit f9501f6ea9
No known key found for this signature in database
GPG Key ID: 99324EF4A00734E0
7 changed files with 4 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
components/hal/ecdsa_hal.c
View File

@ -30,22 +30,17 @@ static void configure_ecdsa_periph(ecdsa_hal_config_t *conf)
ecdsa_ll_set_curve(conf->curve);
if (conf->mode != ECDSA_MODE_EXPORT_PUBKEY) {
ecdsa_ll_set_k_mode(conf->k_mode);
ecdsa_ll_set_z_mode(conf->sha_mode);
}
}
void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *k, const uint8_t *hash,
void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *hash,
uint8_t *r_out, uint8_t *s_out, uint16_t len)
{
if (len != ECDSA_HAL_P192_COMPONENT_LEN && len != ECDSA_HAL_P256_COMPONENT_LEN) {
HAL_ASSERT(false && "Incorrect length");
}
if (conf->k_mode == ECDSA_K_USER_PROVIDED && k == NULL) {
HAL_ASSERT(false && "Mismatch in K configuration");
}
if (conf->sha_mode == ECDSA_Z_USER_PROVIDED && hash == NULL) {
HAL_ASSERT(false && "Mismatch in SHA configuration");
}

23
components/hal/esp32h2/include/hal/ecdsa_ll.h
View File

@ -23,7 +23,6 @@ typedef enum {
ECDSA_PARAM_R,
ECDSA_PARAM_S,
ECDSA_PARAM_Z,
ECDSA_PARAM_K,
ECDSA_PARAM_QAX,
ECDSA_PARAM_QAY
} ecdsa_ll_param_t;
@ -190,26 +189,6 @@ static inline void ecdsa_ll_set_curve(ecdsa_curve_t curve)
}
}
/**
* @brief Set the source of `K`
*
* @param mode Mode of K generation
*/
static inline void ecdsa_ll_set_k_mode(ecdsa_k_mode_t mode)
{
switch (mode) {
case ECDSA_K_USE_TRNG:
REG_CLR_BIT(ECDSA_CONF_REG, ECDSA_SOFTWARE_SET_K);
break;
case ECDSA_K_USER_PROVIDED:
REG_SET_BIT(ECDSA_CONF_REG, ECDSA_SOFTWARE_SET_K);
break;
default:
HAL_ASSERT(false && "Unsupported curve");
break;
}
}
/**
* @brief Set the source of `Z` (SHA message)
*
@ -335,7 +314,6 @@ static inline void ecdsa_ll_write_param(ecdsa_ll_param_t param, const uint8_t *b
case ECDSA_PARAM_Z:
reg = ECDSA_Z_MEM;
break;
case ECDSA_PARAM_K:
case ECDSA_PARAM_QAX:
reg = ECDSA_QAX_MEM;
break;
@ -373,7 +351,6 @@ static inline void ecdsa_ll_read_param(ecdsa_ll_param_t param, uint8_t *buf, uin
case ECDSA_PARAM_Z:
reg = ECDSA_Z_MEM;
break;
case ECDSA_PARAM_K:
case ECDSA_PARAM_QAX:
reg = ECDSA_QAX_MEM;
break;

23
components/hal/esp32p4/include/hal/ecdsa_ll.h
View File

@ -23,7 +23,6 @@ typedef enum {
ECDSA_PARAM_R,
ECDSA_PARAM_S,
ECDSA_PARAM_Z,
ECDSA_PARAM_K,
ECDSA_PARAM_QAX,
ECDSA_PARAM_QAY
} ecdsa_ll_param_t;
@ -199,26 +198,6 @@ static inline void ecdsa_ll_set_curve(ecdsa_curve_t curve)
}
}
/**
* @brief Set the source of `K`
*
* @param mode Mode of K generation
*/
static inline void ecdsa_ll_set_k_mode(ecdsa_k_mode_t mode)
{
switch (mode) {
case ECDSA_K_USE_TRNG:
REG_CLR_BIT(ECDSA_CONF_REG, ECDSA_SOFTWARE_SET_K);
break;
case ECDSA_K_USER_PROVIDED:
REG_SET_BIT(ECDSA_CONF_REG, ECDSA_SOFTWARE_SET_K);
break;
default:
HAL_ASSERT(false && "Unsupported curve");
break;
}
}
/**
* @brief Set the source of `Z` (SHA message)
*
@ -344,7 +323,6 @@ static inline void ecdsa_ll_write_param(ecdsa_ll_param_t param, const uint8_t *b
case ECDSA_PARAM_Z:
reg = ECDSA_Z_MEM;
break;
case ECDSA_PARAM_K:
case ECDSA_PARAM_QAX:
reg = ECDSA_QAX_MEM;
break;
@ -382,7 +360,6 @@ static inline void ecdsa_ll_read_param(ecdsa_ll_param_t param, uint8_t *buf, uin
case ECDSA_PARAM_Z:
reg = ECDSA_Z_MEM;
break;
case ECDSA_PARAM_K:
case ECDSA_PARAM_QAX:
reg = ECDSA_QAX_MEM;
break;

4
components/hal/include/hal/ecdsa_hal.h
View File

@ -27,7 +27,6 @@ extern "C" {
typedef struct {
ecdsa_mode_t mode; /* Mode of operation */
ecdsa_curve_t curve; /* Curve to use for operation */
ecdsa_k_mode_t k_mode; /* Source of K */
ecdsa_sha_mode_t sha_mode; /* Source of SHA that needs to be signed */
int efuse_key_blk; /* Efuse block to use as ECDSA key (The purpose of the efuse block must be ECDSA_KEY) */
bool use_km_key; /* Use an ECDSA key from the Key Manager peripheral */
@ -37,13 +36,12 @@ typedef struct {
* @brief Generate ECDSA signature
*
* @param conf Configuration for ECDSA operation, see ``ecdsa_hal_config_t``
* @param k Value of K used internally. Set this to NULL if K is generated by hardware
* @param hash Hash that is to be signed
* @param r_out Buffer that will contain `R` component of ECDSA signature
* @param s_out Buffer that will contain `S` component of ECDSA signature
* @param len Length of the r_out and s_out buffer (32 bytes for SECP256R1, 24 for SECP192R1)
*/
void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *k, const uint8_t *hash,
void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *hash,
uint8_t *r_out, uint8_t *s_out, uint16_t len);
/**

8
components/hal/include/hal/ecdsa_types.h
View File

@ -26,14 +26,6 @@ typedef enum {
ECDSA_CURVE_SECP256R1,
} ecdsa_curve_t;
/**
* @brief Source of 'K' used internally for generating signature
*/
typedef enum {
ECDSA_K_USE_TRNG,
ECDSA_K_USER_PROVIDED,
} ecdsa_k_mode_t;
/**
* @brief Source of SHA message that is to be signed/verified
*/

4
components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c
View File

@ -50,7 +50,6 @@ static int test_ecdsa_verify(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t*
ecdsa_hal_config_t conf = {
.mode = ECDSA_MODE_SIGN_VERIFY,
.k_mode = ECDSA_K_USE_TRNG,
.sha_mode = ECDSA_Z_USER_PROVIDED,
};
@ -119,7 +118,6 @@ static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t*
ecdsa_hal_config_t conf = {
.mode = ECDSA_MODE_SIGN_GEN,
.k_mode = ECDSA_K_USE_TRNG,
.sha_mode = ECDSA_Z_USER_PROVIDED,
.use_km_key = use_km_key,
};
@ -144,7 +142,7 @@ static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t*
ecdsa_enable_and_reset();
do {
ecdsa_hal_gen_signature(&conf, NULL, sha_le, r_le, s_le, len);
ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len);
} while(!memcmp(r_le, zeroes, len) || !memcmp(s_le, zeroes, len));
ecdsa_disable();

4
components/mbedtls/port/ecdsa/ecdsa_alt.c
View File

@ -244,13 +244,12 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
ecdsa_hal_config_t conf = {
.mode = ECDSA_MODE_SIGN_GEN,
.curve = curve,
.k_mode = ECDSA_K_USE_TRNG,
.sha_mode = ECDSA_Z_USER_PROVIDED,
.efuse_key_blk = d->MBEDTLS_PRIVATE(n),
.use_km_key = 0, //TODO: IDF-7992
};
ecdsa_hal_gen_signature(&conf, NULL, sha_le, r_le, s_le, len);
ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len);
} while (!memcmp(r_le, zeroes, len) || !memcmp(s_le, zeroes, len));
esp_ecdsa_release_hardware();
@ -470,7 +469,6 @@ static int esp_ecdsa_verify(mbedtls_ecp_group *grp,
ecdsa_hal_config_t conf = {
.mode = ECDSA_MODE_SIGN_VERIFY,
.curve = curve,
.k_mode = ECDSA_K_USE_TRNG,
.sha_mode = ECDSA_Z_USER_PROVIDED,
};