alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

fix(ecdsa): remove unused k_mode from the ECDSA HAL/LL API

Browse Source 
For ESP32-H2 case, the hardware k mode is always enforced through
efuse settings (done in startup code).

For ESP32-P4 case, the software k mode is not supported in the peripheral
itself and code was redundant.
This commit is contained in:
Mahavir Jain 2023-11-03 15:51:05 +05:30
parent 94bf4710fa
commit f9501f6ea9
No known key found for this signature in database
GPG Key ID: 99324EF4A00734E0
7 changed files with 4 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
components/hal/ecdsa_hal.c
View File

@ -30,22 +30,17 @@ static void configure_ecdsa_periph(ecdsa_hal_config_t *conf)
ecdsa_ll_set_curve(conf->curve); ecdsa_ll_set_curve(conf->curve);
if (conf->mode != ECDSA_MODE_EXPORT_PUBKEY) { if (conf->mode != ECDSA_MODE_EXPORT_PUBKEY) {
ecdsa_ll_set_k_mode(conf->k_mode);
ecdsa_ll_set_z_mode(conf->sha_mode); ecdsa_ll_set_z_mode(conf->sha_mode);
} }
} }
void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *k, const uint8_t *hash, void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *hash,
uint8_t *r_out, uint8_t *s_out, uint16_t len) uint8_t *r_out, uint8_t *s_out, uint16_t len)
{ {
if (len != ECDSA_HAL_P192_COMPONENT_LEN && len != ECDSA_HAL_P256_COMPONENT_LEN) { if (len != ECDSA_HAL_P192_COMPONENT_LEN && len != ECDSA_HAL_P256_COMPONENT_LEN) {
HAL_ASSERT(false && "Incorrect length"); HAL_ASSERT(false && "Incorrect length");
} }
if (conf->k_mode == ECDSA_K_USER_PROVIDED && k == NULL) {
HAL_ASSERT(false && "Mismatch in K configuration");
}
if (conf->sha_mode == ECDSA_Z_USER_PROVIDED && hash == NULL) { if (conf->sha_mode == ECDSA_Z_USER_PROVIDED && hash == NULL) {
HAL_ASSERT(false && "Mismatch in SHA configuration"); HAL_ASSERT(false && "Mismatch in SHA configuration");
} }

23
components/hal/esp32h2/include/hal/ecdsa_ll.h
View File

@ -23,7 +23,6 @@ typedef enum {
ECDSA_PARAM_R, ECDSA_PARAM_R,
ECDSA_PARAM_S, ECDSA_PARAM_S,
ECDSA_PARAM_Z, ECDSA_PARAM_Z,
ECDSA_PARAM_K,
ECDSA_PARAM_QAX, ECDSA_PARAM_QAX,
ECDSA_PARAM_QAY ECDSA_PARAM_QAY
} ecdsa_ll_param_t; } ecdsa_ll_param_t;
@ -190,26 +189,6 @@ static inline void ecdsa_ll_set_curve(ecdsa_curve_t curve)
} }
} }
/**
* @brief Set the source of `K`
*
* @param mode Mode of K generation
*/
static inline void ecdsa_ll_set_k_mode(ecdsa_k_mode_t mode)
{
switch (mode) {
case ECDSA_K_USE_TRNG:
REG_CLR_BIT(ECDSA_CONF_REG, ECDSA_SOFTWARE_SET_K);
break;
case ECDSA_K_USER_PROVIDED:
REG_SET_BIT(ECDSA_CONF_REG, ECDSA_SOFTWARE_SET_K);
break;
default:
HAL_ASSERT(false && "Unsupported curve");
break;
}
}
/** /**
* @brief Set the source of `Z` (SHA message) * @brief Set the source of `Z` (SHA message)
* *
@ -335,7 +314,6 @@ static inline void ecdsa_ll_write_param(ecdsa_ll_param_t param, const uint8_t *b
case ECDSA_PARAM_Z: case ECDSA_PARAM_Z:
reg = ECDSA_Z_MEM; reg = ECDSA_Z_MEM;
break; break;
case ECDSA_PARAM_K:
case ECDSA_PARAM_QAX: case ECDSA_PARAM_QAX:
reg = ECDSA_QAX_MEM; reg = ECDSA_QAX_MEM;
break; break;
@ -373,7 +351,6 @@ static inline void ecdsa_ll_read_param(ecdsa_ll_param_t param, uint8_t *buf, uin
case ECDSA_PARAM_Z: case ECDSA_PARAM_Z:
reg = ECDSA_Z_MEM; reg = ECDSA_Z_MEM;
break; break;
case ECDSA_PARAM_K:
case ECDSA_PARAM_QAX: case ECDSA_PARAM_QAX:
reg = ECDSA_QAX_MEM; reg = ECDSA_QAX_MEM;
break; break;

23
components/hal/esp32p4/include/hal/ecdsa_ll.h
View File

@ -23,7 +23,6 @@ typedef enum {
ECDSA_PARAM_R, ECDSA_PARAM_R,
ECDSA_PARAM_S, ECDSA_PARAM_S,
ECDSA_PARAM_Z, ECDSA_PARAM_Z,
ECDSA_PARAM_K,
ECDSA_PARAM_QAX, ECDSA_PARAM_QAX,
ECDSA_PARAM_QAY ECDSA_PARAM_QAY
} ecdsa_ll_param_t; } ecdsa_ll_param_t;
@ -199,26 +198,6 @@ static inline void ecdsa_ll_set_curve(ecdsa_curve_t curve)
} }
} }
/**
* @brief Set the source of `K`
*
* @param mode Mode of K generation
*/
static inline void ecdsa_ll_set_k_mode(ecdsa_k_mode_t mode)
{
switch (mode) {
case ECDSA_K_USE_TRNG:
REG_CLR_BIT(ECDSA_CONF_REG, ECDSA_SOFTWARE_SET_K);
break;
case ECDSA_K_USER_PROVIDED:
REG_SET_BIT(ECDSA_CONF_REG, ECDSA_SOFTWARE_SET_K);
break;
default:
HAL_ASSERT(false && "Unsupported curve");
break;
}
}
/** /**
* @brief Set the source of `Z` (SHA message) * @brief Set the source of `Z` (SHA message)
* *
@ -344,7 +323,6 @@ static inline void ecdsa_ll_write_param(ecdsa_ll_param_t param, const uint8_t *b
case ECDSA_PARAM_Z: case ECDSA_PARAM_Z:
reg = ECDSA_Z_MEM; reg = ECDSA_Z_MEM;
break; break;
case ECDSA_PARAM_K:
case ECDSA_PARAM_QAX: case ECDSA_PARAM_QAX:
reg = ECDSA_QAX_MEM; reg = ECDSA_QAX_MEM;
break; break;
@ -382,7 +360,6 @@ static inline void ecdsa_ll_read_param(ecdsa_ll_param_t param, uint8_t *buf, uin
case ECDSA_PARAM_Z: case ECDSA_PARAM_Z:
reg = ECDSA_Z_MEM; reg = ECDSA_Z_MEM;
break; break;
case ECDSA_PARAM_K:
case ECDSA_PARAM_QAX: case ECDSA_PARAM_QAX:
reg = ECDSA_QAX_MEM; reg = ECDSA_QAX_MEM;
break; break;

4
components/hal/include/hal/ecdsa_hal.h
View File

@ -27,7 +27,6 @@ extern "C" {
typedef struct { typedef struct {
ecdsa_mode_t mode; /* Mode of operation */ ecdsa_mode_t mode; /* Mode of operation */
ecdsa_curve_t curve; /* Curve to use for operation */ ecdsa_curve_t curve; /* Curve to use for operation */
ecdsa_k_mode_t k_mode; /* Source of K */
ecdsa_sha_mode_t sha_mode; /* Source of SHA that needs to be signed */ ecdsa_sha_mode_t sha_mode; /* Source of SHA that needs to be signed */
int efuse_key_blk; /* Efuse block to use as ECDSA key (The purpose of the efuse block must be ECDSA_KEY) */ int efuse_key_blk; /* Efuse block to use as ECDSA key (The purpose of the efuse block must be ECDSA_KEY) */
bool use_km_key; /* Use an ECDSA key from the Key Manager peripheral */ bool use_km_key; /* Use an ECDSA key from the Key Manager peripheral */
@ -37,13 +36,12 @@ typedef struct {
* @brief Generate ECDSA signature * @brief Generate ECDSA signature
* *
* @param conf Configuration for ECDSA operation, see ``ecdsa_hal_config_t`` * @param conf Configuration for ECDSA operation, see ``ecdsa_hal_config_t``
* @param k Value of K used internally. Set this to NULL if K is generated by hardware
* @param hash Hash that is to be signed * @param hash Hash that is to be signed
* @param r_out Buffer that will contain `R` component of ECDSA signature * @param r_out Buffer that will contain `R` component of ECDSA signature
* @param s_out Buffer that will contain `S` component of ECDSA signature * @param s_out Buffer that will contain `S` component of ECDSA signature
* @param len Length of the r_out and s_out buffer (32 bytes for SECP256R1, 24 for SECP192R1) * @param len Length of the r_out and s_out buffer (32 bytes for SECP256R1, 24 for SECP192R1)
*/ */
void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *k, const uint8_t *hash, void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *hash,
uint8_t *r_out, uint8_t *s_out, uint16_t len); uint8_t *r_out, uint8_t *s_out, uint16_t len);
/** /**

8
components/hal/include/hal/ecdsa_types.h
View File

@ -26,14 +26,6 @@ typedef enum {
ECDSA_CURVE_SECP256R1, ECDSA_CURVE_SECP256R1,
} ecdsa_curve_t; } ecdsa_curve_t;
/**
* @brief Source of 'K' used internally for generating signature
*/
typedef enum {
ECDSA_K_USE_TRNG,
ECDSA_K_USER_PROVIDED,
} ecdsa_k_mode_t;
/** /**
* @brief Source of SHA message that is to be signed/verified * @brief Source of SHA message that is to be signed/verified
*/ */

4
components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c
View File

@ -50,7 +50,6 @@ static int test_ecdsa_verify(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t*
ecdsa_hal_config_t conf = { ecdsa_hal_config_t conf = {
.mode = ECDSA_MODE_SIGN_VERIFY, .mode = ECDSA_MODE_SIGN_VERIFY,
.k_mode = ECDSA_K_USE_TRNG,
.sha_mode = ECDSA_Z_USER_PROVIDED, .sha_mode = ECDSA_Z_USER_PROVIDED,
}; };
@ -119,7 +118,6 @@ static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t*
ecdsa_hal_config_t conf = { ecdsa_hal_config_t conf = {
.mode = ECDSA_MODE_SIGN_GEN, .mode = ECDSA_MODE_SIGN_GEN,
.k_mode = ECDSA_K_USE_TRNG,
.sha_mode = ECDSA_Z_USER_PROVIDED, .sha_mode = ECDSA_Z_USER_PROVIDED,
.use_km_key = use_km_key, .use_km_key = use_km_key,
}; };
@ -144,7 +142,7 @@ static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t*
ecdsa_enable_and_reset(); ecdsa_enable_and_reset();
do { do {
ecdsa_hal_gen_signature(&conf, NULL, sha_le, r_le, s_le, len); ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len);
} while(!memcmp(r_le, zeroes, len) || !memcmp(s_le, zeroes, len)); } while(!memcmp(r_le, zeroes, len) || !memcmp(s_le, zeroes, len));
ecdsa_disable(); ecdsa_disable();

4
components/mbedtls/port/ecdsa/ecdsa_alt.c
View File

@ -244,13 +244,12 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
ecdsa_hal_config_t conf = { ecdsa_hal_config_t conf = {
.mode = ECDSA_MODE_SIGN_GEN, .mode = ECDSA_MODE_SIGN_GEN,
.curve = curve, .curve = curve,
.k_mode = ECDSA_K_USE_TRNG,
.sha_mode = ECDSA_Z_USER_PROVIDED, .sha_mode = ECDSA_Z_USER_PROVIDED,
.efuse_key_blk = d->MBEDTLS_PRIVATE(n), .efuse_key_blk = d->MBEDTLS_PRIVATE(n),
.use_km_key = 0, //TODO: IDF-7992 .use_km_key = 0, //TODO: IDF-7992
}; };
ecdsa_hal_gen_signature(&conf, NULL, sha_le, r_le, s_le, len); ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len);
} while (!memcmp(r_le, zeroes, len) || !memcmp(s_le, zeroes, len)); } while (!memcmp(r_le, zeroes, len) || !memcmp(s_le, zeroes, len));
esp_ecdsa_release_hardware(); esp_ecdsa_release_hardware();
@ -470,7 +469,6 @@ static int esp_ecdsa_verify(mbedtls_ecp_group *grp,
ecdsa_hal_config_t conf = { ecdsa_hal_config_t conf = {
.mode = ECDSA_MODE_SIGN_VERIFY, .mode = ECDSA_MODE_SIGN_VERIFY,
.curve = curve, .curve = curve,
.k_mode = ECDSA_K_USE_TRNG,
.sha_mode = ECDSA_Z_USER_PROVIDED, .sha_mode = ECDSA_Z_USER_PROVIDED,
}; };