diff --git a/components/mbedtls/port/ecdsa/ecdsa_alt.c b/components/mbedtls/port/ecdsa/ecdsa_alt.c index 8a4b617d2d..ef5c9dc33e 100644 --- a/components/mbedtls/port/ecdsa/ecdsa_alt.c +++ b/components/mbedtls/port/ecdsa/ecdsa_alt.c @@ -6,7 +6,6 @@ #include #include "hal/ecdsa_hal.h" #include "esp_efuse.h" -#include "mbedtls/ecp.h" #include "mbedtls/ecdsa.h" #include "mbedtls/platform_util.h" #include "esp_private/periph_ctrl.h" @@ -44,6 +43,64 @@ static void ecdsa_be_to_le(const uint8_t* be_point, uint8_t *le_point, uint8_t l } } +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY +int esp_ecdsa_load_pubkey(mbedtls_ecp_keypair *keypair, int efuse_blk) +{ + int ret = -1; + + if (efuse_blk < EFUSE_BLK_KEY0 || efuse_blk >= EFUSE_BLK_KEY_MAX) { + ESP_LOGE(TAG, "Invalid efuse block selected"); + return ret; + } + + ecdsa_curve_t curve; + esp_efuse_block_t blk; + uint16_t len; + uint8_t zeroes[MAX_ECDSA_COMPONENT_LEN] = {0}; + uint8_t qx_le[MAX_ECDSA_COMPONENT_LEN]; + uint8_t qy_le[MAX_ECDSA_COMPONENT_LEN]; + + if (keypair->MBEDTLS_PRIVATE(grp).id == MBEDTLS_ECP_DP_SECP192R1) { + curve = ECDSA_CURVE_SECP192R1; + len = 24; + } else if (keypair->MBEDTLS_PRIVATE(grp).id == MBEDTLS_ECP_DP_SECP256R1) { + curve = ECDSA_CURVE_SECP256R1; + len = 32; + } else { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + if (!esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY, &blk)) { + ESP_LOGE(TAG, "No efuse block with purpose ECDSA_KEY found"); + return MBEDTLS_ERR_ECP_INVALID_KEY; + } + + ecdsa_hal_config_t conf = { + .mode = ECDSA_MODE_EXPORT_PUBKEY, + .curve = curve, + .use_km_key = 0, //TODO: IDF-7992 + .efuse_key_blk = efuse_blk, + }; + + esp_ecdsa_acquire_hardware(); + + do { + ecdsa_hal_export_pubkey(&conf, qx_le, qy_le, len); + } while (!memcmp(qx_le, zeroes, len) || !memcmp(qy_le, zeroes, len)); + + esp_ecdsa_release_hardware(); + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X)), qx_le, len)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y)), qy_le, len)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z)), 1)); + + return 0; + +cleanup: + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +} +#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ + #ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN int esp_ecdsa_privkey_load_mpi(mbedtls_mpi *key, int efuse_blk) { @@ -96,6 +153,48 @@ int esp_ecdsa_privkey_load_pk_context(mbedtls_pk_context *key_ctx, int efuse_blk return esp_ecdsa_privkey_load_mpi(&(keypair->MBEDTLS_PRIVATE(d)), efuse_blk); } +int esp_ecdsa_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_t *conf) +{ + int ret = -1; + + if (!key_ctx) { + ESP_LOGE(TAG, "mbedtls_pk_context cannot be NULL"); + return ret; + } + + if (!conf) { + ESP_LOGE(TAG, "esp_ecdsa_pk_conf_t cannot be NULL"); + return ret; + } + + if (conf->grp_id != MBEDTLS_ECP_DP_SECP192R1 && conf->grp_id != MBEDTLS_ECP_DP_SECP256R1) { + ESP_LOGE(TAG, "Invalid EC curve group id mentioned in esp_ecdsa_pk_conf_t"); + return ret; + } + + if ((ret = esp_ecdsa_privkey_load_pk_context(key_ctx, conf->efuse_block)) != 0) { + ESP_LOGE(TAG, "Loading private key context failed, esp_ecdsa_privkey_load_pk_context() returned %d", ret); + return ret; + } + + mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*key_ctx); + if ((ret = mbedtls_ecp_group_load(&(keypair->MBEDTLS_PRIVATE(grp)), conf->grp_id)) != 0) { + ESP_LOGE(TAG, "Loading ecp group failed, mbedtls_pk_ec() returned %d", ret); + return ret; + } + +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY + if (conf->load_pubkey) { + if ((ret = esp_ecdsa_load_pubkey(keypair, conf->efuse_block)) != 0) { + ESP_LOGE(TAG, "Loading public key context failed, esp_ecdsa_load_pubkey() returned %d", ret); + return ret; + } + } +#endif + return 0; +} + + static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s, const mbedtls_mpi *d, const unsigned char* msg, size_t msg_len) { @@ -141,7 +240,7 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s .k_mode = ECDSA_K_USE_TRNG, .sha_mode = ECDSA_Z_USER_PROVIDED, .efuse_key_blk = d->MBEDTLS_PRIVATE(n), - .use_efuse_key = 1, //TODO: IDF-7992 + .use_km_key = 0, //TODO: IDF-7992 }; ecdsa_hal_gen_signature(&conf, NULL, sha_le, r_le, s_le, len); diff --git a/components/mbedtls/port/include/ecdsa/ecdsa_alt.h b/components/mbedtls/port/include/ecdsa/ecdsa_alt.h index 0326795f8d..3e27b21551 100644 --- a/components/mbedtls/port/include/ecdsa/ecdsa_alt.h +++ b/components/mbedtls/port/include/ecdsa/ecdsa_alt.h @@ -6,14 +6,47 @@ #pragma once +#include #include -#include "sdkconfig.h" +#include "mbedtls/ecp.h" #include "mbedtls/pk.h" +#include "sdkconfig.h" +#include "soc/soc_caps.h" #ifdef __cplusplus extern "C" { #endif +/** + * @brief ECDSA private key context initialization config structure + * @note Contains configuration information like the efuse key block that should be used as the private key, + * EC group ID of the private key and if the export public key operation is supported + * by the peripheral, a flag load_pubkey that is used specify if the public key has to be populated + */ +typedef struct { + mbedtls_ecp_group_id grp_id; + uint8_t efuse_block; +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY + bool load_pubkey; +#endif +} esp_ecdsa_pk_conf_t; //TODO: IDF-7925 (Add a config to select the ecdsa key from the key manager peripheral) + +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY + +/** + * @brief Populate the public key buffer of the mbedtls_ecp_keypair context. + * + * @param keypair The mbedtls ECP key-pair structure + * @param efuse_blk The efuse key block that should be used as the private key. + * The key purpose of this block must be ECDSA_KEY + * @return - 0 if successful + * - MBEDTLS_ERR_ECP_BAD_INPUT_DATA if invalid ecp group id specified + * - MBEDTLS_ERR_ECP_INVALID_KEY if efuse block with purpose ECDSA_KEY is not found + * - -1 if invalid efuse block is specified + */ +int esp_ecdsa_load_pubkey(mbedtls_ecp_keypair *keypair, int efuse_blk); +#endif + #ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN /** @@ -46,6 +79,24 @@ int esp_ecdsa_privkey_load_mpi(mbedtls_mpi *key, int efuse_blk); * - -1 otherwise */ int esp_ecdsa_privkey_load_pk_context(mbedtls_pk_context *key_ctx, int efuse_blk); + +/** + * @brief Initialize PK context and completely populate mbedtls_ecp_keypair context. + * We break the MPI struct used to represent the private key `d` in ECP keypair + * in order to differentiate between hardware key and software key. + * We also populate the ECP group field present in the mbedtls_ecp_keypair context. + * If the ECDSA peripheral of the chip supports exporting the public key, + * we can also populate the public key buffer of the mbedtls_ecp_keypair context + * if the load_pubkey flag is set in the esp_ecdsa_pk_conf_t config argument. + * + * @param key_ctx The context in which this functions stores the hardware context. + * This must be uninitialized + * @param conf ESP-ECDSA private key context initialization config structure + * + * @return - 0 if successful + * - -1 otherwise + */ +int esp_ecdsa_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_t *conf); #endif #ifdef __cplusplus diff --git a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c index aeb830f0b2..22340e9482 100644 --- a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c +++ b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c @@ -1,6 +1,6 @@ /* mbedTLS Elliptic Curve Digital Signature performance tests * - * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -16,6 +16,7 @@ #include #include +#include "soc/soc_caps.h" #include "test_utils.h" #include "ccomp_timer.h" #include "unity.h" @@ -234,4 +235,53 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][efuse_ke test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y); } +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY + +void test_ecdsa_export_pubkey(mbedtls_ecp_group_id id, const uint8_t *pub_x, const uint8_t *pub_y) +{ + uint8_t export_pub_x[32] = {0}; + uint8_t export_pub_y[32] = {0}; + int len = 0; + + esp_ecdsa_pk_conf_t pk_conf = { + .grp_id = id, + .load_pubkey = true, + }; + + if (id == MBEDTLS_ECP_DP_SECP192R1) { + pk_conf.efuse_block = SECP192R1_EFUSE_BLOCK; + len = 24; + } else if (id == MBEDTLS_ECP_DP_SECP256R1) { + pk_conf.efuse_block = SECP256R1_EFUSE_BLOCK; + len = 32; + } + + mbedtls_pk_context key_ctx; + + int ret = esp_ecdsa_set_pk_context(&key_ctx, &pk_conf); + TEST_ASSERT_EQUAL(0, ret); + + mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(key_ctx); + mbedtls_mpi_write_binary(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X)), export_pub_x, len); + mbedtls_mpi_write_binary(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y)), export_pub_y, len); + + TEST_ASSERT_EQUAL_HEX8_ARRAY(pub_x, export_pub_x, len); + TEST_ASSERT_EQUAL_HEX8_ARRAY(pub_y, export_pub_y, len); + + mbedtls_ecdsa_free(keypair); +} + +TEST_CASE("mbedtls ECDSA export public key on SECP192R1", "[mbedtls][efuse_key]") +{ + test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP192R1, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y); +} + +TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][efuse_key]") +{ + test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP256R1, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y); +} + + +#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ + #endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN */