nrf_security: drivers: cracen: adding support for ed25519 without sicrypto #19812
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
changelog-entry-required
degjorva
removed
the
changelog-entry-required
CI InformationTo view the history of this post, clich the 'edited' button above Inputs:Sources:sdk-nrf: PR head: 872cb18c735280d55d48b93393200e56df0d1a19 more detailssdk-nrf:
Github labels
List of changed files detected by CI (6)Outputs:ToolchainVersion: Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped;
|
|
You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds. Note: This comment is automatically posted by the Documentation Publish GitHub Action. |
degjorva
force-pushed
the
no-sicrypto-ED25519
branch
from
0c0a5d5 to
933f5a8
Compare
github-actions
bot
added
the
changelog-entry-required
degjorva
force-pushed
the
no-sicrypto-ED25519
branch
3 times, most recently
from
21feb07 to
e54e7e5
Compare
nordicjm
reviewed
Jan 13, 2025
nordicjm
requested changes
Jan 13, 2025
Comment on lines
365
to
371
| const uint8_t *message); | ||
|
|
||
| int ed25519_verify(const uint8_t *pubkey, const char *message, | ||
| size_t message_length, const char *signature); | ||
|
|
||
| int create_ed25519_pubkey(const uint8_t *ed25519, | ||
| uint8_t *pubkey); |
There was a problem hiding this comment.
the secondary lines of these seem indented to odd lengths, plus the line length is 100 so why are these being chopped into 2 lines even when combined they don't reach 100 characters?
Comment on lines
15
to
17
| char workmem[160]; | ||
| struct sxhash hashopctx; | ||
| char pointr_buffer[64]; |
Comment on lines
47
to
63
| r = sx_hash_feed(&hashopctx, workmem+32, 32); | ||
| if (r != 0) { | ||
| return r; | ||
| } | ||
| r = sx_hash_feed(&hashopctx, message, 100); | ||
| if (r != 0) { | ||
| return r; | ||
| } | ||
| r = sx_hash_digest(&hashopctx, workmem+96); | ||
| if (r != 0) { | ||
| return r; | ||
| } | ||
|
|
||
| /* Perform point multiplication R = [r]B. This is the encoded point R, | ||
| * which is the first part of the signature. | ||
| */ | ||
| r = sx_ed25519_ptmult((const struct sx_ed25519_dgst *)(workmem + 96), |
There was a problem hiding this comment.
magic numbers everywhere, get rid of them
| if (r != 0) { | ||
| return r; | ||
| } | ||
| r = sx_hash_feed(&hashopctx, workmem+32, 32); |
There was a problem hiding this comment.
x + x with spaces like below
Comment on lines
30
to
31
| #if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 | ||
| #else |
There was a problem hiding this comment.
first this is a define, secondly, if !defined(x) ?
| @@ -605,8 +608,10 @@ static psa_status_t export_ecc_public_key_from_keypair(const psa_key_attributes_ | |||
| int si_status = 0; | |||
| psa_algorithm_t key_alg = psa_get_key_algorithm(attributes); | |||
| const struct sx_pk_ecurve *sx_curve; | |||
| #if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 | |||
|
|
||
| #if CONFIG_PSA_NEED_NO_SI_CRYPTO_ED25519 | ||
| si_status = create_ed25519_pubkey(key_buffer, data); | ||
| *data_length = 32; |
degjorva
force-pushed
the
no-sicrypto-ED25519
branch
13 times, most recently
from
718033c to
66dcd8a
Compare
tomi-font
reviewed
Jan 21, 2025
degjorva
force-pushed
the
no-sicrypto-ED25519
branch
2 times, most recently
from
758768d to
0ace2dc
Compare
degjorva
force-pushed
the
no-sicrypto-ED25519
branch
from
0ace2dc to
a434144
Compare
degjorva
force-pushed
the
no-sicrypto-ED25519
branch
4 times, most recently
from
12ff6c7 to
5b26d57
Compare
Add support for Ed25519 and Ed25519ph in cracenpsa directly using silexpk/sxsymcrypt. This bypasses sicrypto, which saves on flash usage Remove sicrypto implementation of Ed25519 from being accessible from cracenpsa. Signed-off-by: Dag Erik Gjørvad <[email protected]>
degjorva
force-pushed
the
no-sicrypto-ED25519
branch
from
5b26d57 to
872cb18
Compare
nordicjm
reviewed
Jan 23, 2025
Comment on lines
+365
to
+375
| const uint8_t *message, size_t message_length); | ||
|
|
||
| int ed25519_verify(const uint8_t *pubkey, const char *message, | ||
| size_t message_length, const char *signature); | ||
|
|
||
|
|
||
| int ed25519ph_sign(const uint8_t *privkey, char *signature, | ||
| const uint8_t *message, size_t message_length, int ismessage); | ||
|
|
||
| int ed25519ph_verify(const uint8_t *pubkey, const char *message, | ||
| size_t message_length, const char *signature, int ismessage); |
There was a problem hiding this comment.
indents are off, use spaces after tabs to align
| if (status != 0) { | ||
| return status; | ||
| } | ||
| status = sx_hash_digest(&hashopctx, workmem + 3 * SX_ED25519_SZ); |
| int ed25519_sign_internal(const uint8_t *priv_key, char *signature, const uint8_t *message, | ||
| size_t message_length, int prehash) | ||
| { | ||
| char workmem[5 * SX_ED25519_SZ]; |
| char *pointr = pointr_buffer; | ||
| int status; | ||
|
|
||
| /*Hash the private key, the digest is stored in the first 64 bytes of workmem*/ |
There was a problem hiding this comment.
Suggested change
| /*Hash the private key, the digest is stored in the first 64 bytes of workmem*/ | |
| /* Hash the private key, the digest is stored in the first 64 bytes of workmem */ |
| /* Perform point multiplication R = [r]B. This is the encoded point R, | ||
| * which is the first part of the signature. | ||
| */ | ||
| status = sx_ed25519_ptmult((const struct sx_ed25519_dgst *)(workmem + 3 * SX_ED25519_SZ), |
| } | ||
|
|
||
| int ed25519ph_sign(const uint8_t *priv_key, char *signature, | ||
| const uint8_t *message, size_t message_length, int ismessage) |
| return status; | ||
| } | ||
| return ed25519_sign_internal(priv_key, signature, | ||
| hashedmessage, SX_ED25519_DGST_SZ, 1); |
| } | ||
|
|
||
| int ed25519_verify_internal(const uint8_t *pubkey, const char *message, | ||
| size_t message_length, const char *signature, int prehash) |
There was a problem hiding this comment.
at this point might as well just throw it through clang-format
| } | ||
| (void)t; | ||
| si_status = ed25519_create_pubkey(key_buffer, data); | ||
| *data_length = 32; |
Comment on lines
+273
to
+278
| *signature_length = 64; | ||
| return silex_statuscodes_to_psa(si_status); | ||
|
|
||
| } else if (alg == PSA_ALG_PURE_EDDSA) { | ||
| si_status = ed25519_sign(key_buffer, signature, input, input_length); | ||
| *signature_length = 64; |
tomi-font
requested changes
Jan 23, 2025
| @@ -61,6 +62,7 @@ endif() | |||
|
|
|||
| if(CONFIG_PSA_NEED_CRACEN_KEY_MANAGEMENT_DRIVER OR CONFIG_PSA_NEED_CRACEN_KMU_DRIVER OR CONFIG_MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) | |||
| list(APPEND cracen_driver_sources | |||
| ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c | |||
There was a problem hiding this comment.
Why is this added here also? Is it really needed in all the OR cases?
Comment on lines
+364
to
+377
| int ed25519_sign(const uint8_t *privkey, char *signature, | ||
| const uint8_t *message, size_t message_length); | ||
|
|
||
| int ed25519_verify(const uint8_t *pubkey, const char *message, | ||
| size_t message_length, const char *signature); | ||
|
|
||
|
|
||
| int ed25519ph_sign(const uint8_t *privkey, char *signature, | ||
| const uint8_t *message, size_t message_length, int ismessage); | ||
|
|
||
| int ed25519ph_verify(const uint8_t *pubkey, const char *message, | ||
| size_t message_length, const char *signature, int ismessage); | ||
|
|
||
| int ed25519_create_pubkey(const uint8_t *privkey, uint8_t *pubkey); |
There was a problem hiding this comment.
Prefix all those functions with cracen_ for namespacing and consistency.
| @@ -0,0 +1,389 @@ | |||
| /* | |||
| * Copyright (c) 2024 Nordic Semiconductor ASA | |||
There was a problem hiding this comment.
Suggested change
| * Copyright (c) 2024 Nordic Semiconductor ASA | |
| * Copyright (c) 2025 Nordic Semiconductor ASA |
Comment on lines
+365
to
+375
| const uint8_t *message, size_t message_length); | ||
|
|
||
| int ed25519_verify(const uint8_t *pubkey, const char *message, | ||
| size_t message_length, const char *signature); | ||
|
|
||
|
|
||
| int ed25519ph_sign(const uint8_t *privkey, char *signature, | ||
| const uint8_t *message, size_t message_length, int ismessage); | ||
|
|
||
| int ed25519ph_verify(const uint8_t *pubkey, const char *message, | ||
| size_t message_length, const char *signature, int ismessage); |
There was a problem hiding this comment.
Seems like the indentation of the second lines is off for all the functions.
| status = sx_hash_wait(&hashopctx); | ||
|
|
||
| return status; | ||
|
|
Comment on lines
+239
to
+241
|
|
||
| } | ||
|
|
| int ed25519_sign(const uint8_t *priv_key, char *signature, | ||
| const uint8_t *message, size_t message_length) | ||
| { | ||
| return ed25519_sign_internal(priv_key, signature, message, message_length, 0); |
There was a problem hiding this comment.
Suggested change
| return ed25519_sign_internal(priv_key, signature, message, message_length, 0); | |
| return ed25519_sign_internal(priv_key, signature, message, message_length, false); |
Same further down, booleans to say yes/no rather than integers.
| } | ||
|
|
||
| int ed25519ph_sign(const uint8_t *priv_key, char *signature, | ||
| const uint8_t *message, size_t message_length, int ismessage) |
There was a problem hiding this comment.
Suggested change
| const uint8_t *message, size_t message_length, int ismessage) | |
| const uint8_t *message, size_t message_length, bool ismessage) |
Comment on lines
+274
to
+303
| status = sx_hash_create(&hashopctx, &sxhashalg_sha2_512, sizeof(hashopctx)); | ||
| if (status != 0) { | ||
| return status; | ||
| } | ||
| if (prehash) { | ||
| status = sx_hash_feed(&hashopctx, dom2, sizeof(dom2)); | ||
| if (status != 0) { | ||
| return status; | ||
| } | ||
| } | ||
| status = sx_hash_feed(&hashopctx, signature, SX_ED25519_SZ); | ||
| if (status != 0) { | ||
| return status; | ||
| } | ||
| status = sx_hash_feed(&hashopctx, pubkey, SX_ED25519_SZ); | ||
| if (status != 0) { | ||
| return status; | ||
| } | ||
| status = sx_hash_feed(&hashopctx, message, message_length); | ||
| if (status != 0) { | ||
| return status; | ||
| } | ||
| status = sx_hash_digest(&hashopctx, workmem); | ||
| if (status != 0) { | ||
| return status; | ||
| } | ||
| status = sx_hash_wait(&hashopctx); | ||
| if (status != 0) { | ||
| return status; | ||
| } |
There was a problem hiding this comment.
I guess this could also use some generic function to do the hashing.
| return ed25519_verify_internal(pubkey, message, message_length, signature, 1); | ||
| } | ||
|
|
||
| int ed25519_create_pubkey(const uint8_t *priv_key, uint8_t *pubkey) |
There was a problem hiding this comment.
Some earlier comments apply to this function as well.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added implementation in cracenpsa of ed25519 and ed25519ph without using sicrypto
Removed the possibility of using the sicrypto implementation of ed25519 and ed25519ph through cracenpsa
Updated cracenpsa to support new implementation and
remove references to old