feat(hal): Add crypto tests for key manager

Added test to verify exporting of ECDSA public key Added test to verify XTS_AES in random mode Added pytest test case for testing ECDH0 mode for XTS_128 and XTS_256 key Add test for ECDSA key in ECDH0 mode Update the key manager hal based tests Update key manager tests to add ECDH0 workflow
2026-05-19 23:45:28 +02:00 · 2024-03-13 13:10:47 +05:30
parent e5fcc2d315
commit 79b21fb624
7 changed files with 890 additions and 25 deletions
@@ -72,7 +72,7 @@ static void ecc_be_to_le(const uint8_t* be_point, uint8_t *le_point, uint8_t len
    }
 }

-static int test_ecdsa_verify(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, uint8_t *pub_x, uint8_t *pub_y)
+int test_ecdsa_verify(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, uint8_t *pub_x, uint8_t *pub_y)
 {
    uint16_t len;
    uint8_t sha_le[32];
@@ -139,7 +139,7 @@ static void test_ecdsa_corrupt_data(bool is_p256, uint8_t* sha, uint8_t* r_le, u

 }

-static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, bool use_km_key, ecdsa_sign_type_t k_type)
+void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, bool use_km_key, ecdsa_sign_type_t k_type)
 {
    uint8_t sha_le[32] = {0};
    uint8_t zeroes[32] = {0};
@@ -201,7 +201,7 @@ static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t*
    ecdsa_disable();
 }

-static void test_ecdsa_sign_and_verify(bool is_p256, uint8_t* sha, uint8_t* pub_x, uint8_t* pub_y, bool use_km_key, ecdsa_sign_type_t k_type)
+void test_ecdsa_sign_and_verify(bool is_p256, uint8_t* sha, uint8_t* pub_x, uint8_t* pub_y, bool use_km_key, ecdsa_sign_type_t k_type)
 {
    uint8_t r_le[32] = {0};
    uint8_t s_le[32] = {0};
@@ -211,13 +211,10 @@ static void test_ecdsa_sign_and_verify(bool is_p256, uint8_t* sha, uint8_t* pub_
 }

 #ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
-static void test_ecdsa_export_pubkey(bool is_p256, bool use_km_key)
+void test_ecdsa_export_pubkey_inner(bool is_p256, uint8_t *exported_pub_x, uint8_t *exported_pub_y, bool use_km_key, uint16_t *len)
 {
-    uint8_t pub_x[32] = {0};
-    uint8_t pub_y[32] = {0};
-    uint8_t zeroes[32] = {0};
-    uint16_t len;

+    uint8_t zeroes[32] = {0};
    ecdsa_hal_config_t conf = {
        .mode = ECDSA_MODE_EXPORT_PUBKEY,
        .use_km_key = use_km_key,
@@ -228,13 +225,13 @@ static void test_ecdsa_export_pubkey(bool is_p256, bool use_km_key)
        if (use_km_key == 0) {
            conf.efuse_key_blk = EFUSE_BLK_KEY0 + ECDSA_KEY_BLOCK_2;
        }
-        len = 32;
+        *len = 32;
    } else {
        conf.curve = ECDSA_CURVE_SECP192R1;
        if (use_km_key == 0) {
            conf.efuse_key_blk = EFUSE_BLK_KEY0 + ECDSA_KEY_BLOCK_1;
        }
-        len = 24;
+        *len = 24;
    }

    ecdsa_enable_and_reset();
@@ -242,24 +239,28 @@ static void test_ecdsa_export_pubkey(bool is_p256, bool use_km_key)
    bool process_again = false;

    do {
-        ecdsa_hal_export_pubkey(&conf, pub_x, pub_y, len);
+        ecdsa_hal_export_pubkey(&conf, exported_pub_x, exported_pub_y, *len);

        process_again = !ecdsa_hal_get_operation_result()
-                        || !memcmp(pub_x, zeroes, len)
-                        || !memcmp(pub_y, zeroes, len);
+                        || !memcmp(exported_pub_x, zeroes, *len)
+                        || !memcmp(exported_pub_y, zeroes, *len);

    } while (process_again);

-    if (is_p256) {
-        TEST_ASSERT_EQUAL_HEX8_ARRAY(ecdsa256_pub_x, pub_x, len);
-        TEST_ASSERT_EQUAL_HEX8_ARRAY(ecdsa256_pub_y, pub_y, len);
-    } else {
-        TEST_ASSERT_EQUAL_HEX8_ARRAY(ecdsa192_pub_x, pub_x, len);
-        TEST_ASSERT_EQUAL_HEX8_ARRAY(ecdsa192_pub_y, pub_y, len);
-    }
-
    ecdsa_disable();
 }
+
+void test_ecdsa_export_pubkey(bool is_p256, uint8_t *ecdsa_pub_x, uint8_t *ecdsa_pub_y, bool use_km_key)
+{
+    uint8_t pub_x[32] = {0};
+    uint8_t pub_y[32] = {0};
+    uint16_t len;
+    test_ecdsa_export_pubkey_inner(is_p256, pub_x, pub_y, use_km_key, &len);
+
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(ecdsa_pub_x, pub_x, len);
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(ecdsa_pub_y, pub_y, len);
+
+}
 #endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */


@@ -322,12 +323,12 @@ TEST(ecdsa, ecdsa_SECP256R1_det_sign_and_verify)
 #ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
 TEST(ecdsa, ecdsa_SECP192R1_export_pubkey)
 {
-    test_ecdsa_export_pubkey(0, 0);
+    test_ecdsa_export_pubkey(0, ecdsa192_pub_x, ecdsa192_pub_y, 0);
 }

 TEST(ecdsa, ecdsa_SECP256R1_export_pubkey)
 {
-    test_ecdsa_export_pubkey(1, 0);
+    test_ecdsa_export_pubkey(1, ecdsa256_pub_x, ecdsa256_pub_y, 0);
 }
 #endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */