mirror of
https://github.com/espressif/esp-idf.git
synced 2026-04-27 19:13:21 +00:00
feat(mbedtls/esp_ecdsa): Support Key Manager key using the ESP-ECDSA PSA interface
This commit is contained in:
harshal.patil
@@ -60,11 +60,12 @@ foreach(target ${mbedtls_targets})
|
||||
target_compile_options(${target} PRIVATE "-O2")
|
||||
endif()
|
||||
target_link_libraries(${target} PUBLIC idf::esp_hal_security)
|
||||
target_link_libraries(${target} PRIVATE idf::esp_security)
|
||||
endforeach()
|
||||
|
||||
target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets})
|
||||
|
||||
target_link_libraries(tfpsacrypto PRIVATE idf::esp_security)
|
||||
target_link_libraries(tfpsacrypto PUBLIC idf::esp_security)
|
||||
|
||||
target_include_directories(tfpsacrypto PRIVATE ${crypto_port_inc_dirs})
|
||||
|
||||
|
||||
@@ -20,6 +20,10 @@
|
||||
#include "esp_efuse.h"
|
||||
#include "esp_efuse_chip.h"
|
||||
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
#include "esp_key_mgr.h"
|
||||
#endif /* SOC_KEY_MANAGER_SUPPORTED */
|
||||
|
||||
#if SOC_ECDSA_SUPPORTED
|
||||
#include "hal/ecdsa_types.h"
|
||||
#include "hal/ecdsa_hal.h"
|
||||
@@ -358,8 +362,8 @@ psa_status_t esp_ecdsa_transparent_verify_hash(
|
||||
*/
|
||||
static bool is_efuse_blk_valid(int high_blk, int low_blk)
|
||||
{
|
||||
return (high_blk >= EFUSE_BLK0 && high_blk < EFUSE_BLK_MAX &&
|
||||
low_blk >= EFUSE_BLK0 && low_blk < EFUSE_BLK_MAX);
|
||||
return ((high_blk == 0 || (high_blk >= EFUSE_BLK_KEY0 && high_blk < EFUSE_BLK_KEY_MAX)) &&
|
||||
(low_blk >= EFUSE_BLK_KEY0 && low_blk < EFUSE_BLK_KEY_MAX));
|
||||
}
|
||||
#endif /* SOC_ECDSA_SUPPORT_CURVE_P384 */
|
||||
|
||||
@@ -442,15 +446,18 @@ static psa_status_t validate_ecdsa_opaque_key_attributes(const psa_key_attribute
|
||||
{
|
||||
esp_ecdsa_curve_t expected_curve = psa_bits_to_ecdsa_curve(PSA_BITS_TO_BYTES(psa_get_key_bits(attributes)));
|
||||
|
||||
if (expected_curve != opaque_key->curve) {
|
||||
if (expected_curve == ESP_ECDSA_CURVE_MAX || expected_curve != opaque_key->curve) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
|
||||
if (!(opaque_key->use_km_key
|
||||
if (!(0
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
|| opaque_key->key_recovery_info
|
||||
#endif /* SOC_KEY_MANAGER_SUPPORTED */
|
||||
#if CONFIG_MBEDTLS_TEE_SEC_STG_ECDSA_SIGN
|
||||
|| opaque_key->tee_key_id
|
||||
#endif
|
||||
#endif /* CONFIG_MBEDTLS_TEE_SEC_STG_ECDSA_SIGN */
|
||||
)) {
|
||||
psa_status_t status = esp_ecdsa_validate_efuse_block(opaque_key->curve, opaque_key->efuse_block);
|
||||
if (status != PSA_SUCCESS) {
|
||||
@@ -625,6 +632,17 @@ psa_status_t esp_ecdsa_opaque_sign_hash_complete(
|
||||
|
||||
uint8_t zeroes[MAX_ECDSA_COMPONENT_LEN] = {0};
|
||||
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
esp_key_mgr_key_recovery_info_t *key_recovery_info = operation->opaque_key->key_recovery_info;
|
||||
if (key_recovery_info) {
|
||||
esp_err_t err = esp_key_mgr_activate_key(key_recovery_info);
|
||||
if (err != ESP_OK) {
|
||||
ESP_LOGE(TAG, "Failed to activate key: 0x%x", err);
|
||||
return PSA_ERROR_INVALID_HANDLE;
|
||||
}
|
||||
}
|
||||
#endif /* SOC_KEY_MANAGER_SUPPORTED */
|
||||
|
||||
// Acquire hardware
|
||||
esp_ecdsa_acquire_hardware();
|
||||
|
||||
@@ -648,10 +666,13 @@ psa_status_t esp_ecdsa_opaque_sign_hash_complete(
|
||||
}
|
||||
#endif /* CONFIG_MBEDTLS_ECDSA_DETERMINISTIC && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */
|
||||
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
// Set key source (consistent with esp_ecdsa_pk_conf_t)
|
||||
if (operation->opaque_key->use_km_key) {
|
||||
if (key_recovery_info) {
|
||||
conf.use_km_key = 1;
|
||||
} else {
|
||||
} else
|
||||
#endif /* SOC_KEY_MANAGER_SUPPORTED */
|
||||
{
|
||||
conf.efuse_key_blk = operation->opaque_key->efuse_block;
|
||||
}
|
||||
|
||||
@@ -683,6 +704,12 @@ psa_status_t esp_ecdsa_opaque_sign_hash_complete(
|
||||
|
||||
esp_ecdsa_release_hardware();
|
||||
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
if (key_recovery_info) {
|
||||
esp_key_mgr_deactivate_key(key_recovery_info->key_type);
|
||||
}
|
||||
#endif /* SOC_KEY_MANAGER_SUPPORTED */
|
||||
|
||||
// Convert r from little-endian to big-endian and copy to output
|
||||
change_endianess(operation->r, signature, component_len);
|
||||
// Convert s from little-endian to big-endian and copy to output
|
||||
@@ -814,9 +841,18 @@ psa_status_t esp_ecdsa_opaque_export_public_key(
|
||||
.curve = opaque_key->curve,
|
||||
};
|
||||
|
||||
if (opaque_key->use_km_key) {
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
esp_key_mgr_key_recovery_info_t *key_recovery_info = opaque_key->key_recovery_info;
|
||||
if (key_recovery_info) {
|
||||
esp_err_t err = esp_key_mgr_activate_key(key_recovery_info);
|
||||
if (err != ESP_OK) {
|
||||
ESP_LOGE(TAG, "Failed to activate key: 0x%x", err);
|
||||
return PSA_ERROR_INVALID_HANDLE;
|
||||
}
|
||||
conf.use_km_key = 1;
|
||||
} else {
|
||||
} else
|
||||
#endif /* SOC_KEY_MANAGER_SUPPORTED */
|
||||
{
|
||||
conf.efuse_key_blk = opaque_key->efuse_block;
|
||||
}
|
||||
|
||||
@@ -834,6 +870,12 @@ psa_status_t esp_ecdsa_opaque_export_public_key(
|
||||
|
||||
esp_ecdsa_release_hardware();
|
||||
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
if (key_recovery_info) {
|
||||
esp_key_mgr_deactivate_key(key_recovery_info->key_type);
|
||||
}
|
||||
#endif /* SOC_KEY_MANAGER_SUPPORTED */
|
||||
|
||||
// Format: uncompressed point (ECDSA_UNCOMPRESSED_POINT_FORMAT byte followed by x and y coordinates)
|
||||
data[0] = ECDSA_UNCOMPRESSED_POINT_FORMAT;
|
||||
|
||||
|
||||
@@ -11,6 +11,10 @@
|
||||
#include "psa/crypto_driver_common.h"
|
||||
#include "sdkconfig.h"
|
||||
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
#include "esp_key_mgr.h"
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
@@ -46,8 +50,10 @@ typedef struct {
|
||||
#if CONFIG_MBEDTLS_TEE_SEC_STG_ECDSA_SIGN
|
||||
const char *tee_key_id; /**< TEE secure storage key id */
|
||||
#endif
|
||||
bool use_km_key; /**< Use key deployed in the key manager */
|
||||
uint8_t efuse_block; /**< eFuse block id for ECDSA private key */
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
esp_key_mgr_key_recovery_info_t *key_recovery_info; /**< Pointer to the key recovery info for ECDSA key */
|
||||
#endif
|
||||
uint8_t efuse_block; /**< eFuse block id for ECDSA private key e.g. EFUSE_BLK_KEY0, EFUSE_BLK_KEY1 */
|
||||
} esp_ecdsa_opaque_key_t;
|
||||
|
||||
#if !(__DOXYGEN__) // No need to document these structures, these are internal to the driver
|
||||
|
||||
@@ -301,7 +301,7 @@ const uint8_t k1_ecdsa192_encrypt[] = {
|
||||
0xde, 0xe9, 0x9c, 0x89, 0xf2, 0x3b, 0x29, 0xb7, 0x9e, 0x33, 0xec, 0x76, 0x75, 0x2f, 0x3e, 0xab, 0x61, 0x06, 0x4d, 0xea, 0x05, 0x2c, 0xc3, 0x29, 0x1c, 0x7f, 0xb7, 0x3d, 0xb8, 0x1c, 0xb2, 0x17,
|
||||
};
|
||||
|
||||
void test_ecdsa_sign(esp_ecdsa_curve_t curve, const uint8_t *hash, const uint8_t *pub_x, const uint8_t *pub_y, bool is_deterministic, int efuse_key_block)
|
||||
void test_ecdsa_sign(esp_ecdsa_curve_t curve, const uint8_t *hash, const uint8_t *pub_x, const uint8_t *pub_y, bool is_deterministic, int efuse_key_block, void *key_recovery_info)
|
||||
{
|
||||
size_t hash_len = HASH_LEN;
|
||||
uint8_t signature[2 * MAX_ECDSA_COMPONENT_LEN];
|
||||
@@ -331,13 +331,15 @@ void test_ecdsa_sign(esp_ecdsa_curve_t curve, const uint8_t *hash, const uint8_t
|
||||
psa_key_id_t priv_key_id = 0;
|
||||
psa_key_attributes_t priv_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
esp_ecdsa_opaque_key_t opaque_key = {
|
||||
.curve = curve,
|
||||
};
|
||||
esp_ecdsa_opaque_key_t opaque_key = { 0 };
|
||||
opaque_key.curve = curve;
|
||||
|
||||
if (efuse_key_block == USE_ECDSA_KEY_FROM_KEY_MANAGER) {
|
||||
opaque_key.use_km_key = true;
|
||||
} else {
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
if (key_recovery_info) {
|
||||
opaque_key.key_recovery_info = (esp_key_mgr_key_recovery_info_t *) key_recovery_info;
|
||||
} else
|
||||
#endif /* SOC_KEY_MANAGER_SUPPORTED */
|
||||
{
|
||||
opaque_key.efuse_block = efuse_key_block;
|
||||
}
|
||||
|
||||
@@ -373,7 +375,7 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][efuse_ke
|
||||
if (!ecdsa_ll_is_supported()) {
|
||||
TEST_IGNORE_MESSAGE("ECDSA is not supported");
|
||||
}
|
||||
test_ecdsa_sign(ESP_ECDSA_CURVE_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, SECP256R1_EFUSE_BLOCK);
|
||||
test_ecdsa_sign(ESP_ECDSA_CURVE_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, SECP256R1_EFUSE_BLOCK, NULL);
|
||||
}
|
||||
|
||||
#ifdef SOC_ECDSA_SUPPORT_CURVE_P384
|
||||
@@ -383,14 +385,14 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP384R1", "[mbedtls][efuse_ke
|
||||
TEST_IGNORE_MESSAGE("ECDSA is not supported");
|
||||
}
|
||||
uint8_t efuse_key_block = HAL_ECDSA_COMBINE_KEY_BLOCKS(SECP384R1_EFUSE_BLOCK_HIGH, SECP384R1_EFUSE_BLOCK_LOW);
|
||||
test_ecdsa_sign(ESP_ECDSA_CURVE_SECP384R1, sha, ecdsa384_pub_x, ecdsa384_pub_y, false, efuse_key_block);
|
||||
test_ecdsa_sign(ESP_ECDSA_CURVE_SECP384R1, sha, ecdsa384_pub_x, ecdsa384_pub_y, false, efuse_key_block, NULL);
|
||||
}
|
||||
#endif /* SOC_ECDSA_SUPPORT_CURVE_P384 */
|
||||
|
||||
|
||||
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
static void deploy_key_in_key_manager(const uint8_t *k1_encrypted, esp_key_mgr_key_type_t key_type, esp_key_mgr_key_len_t key_len) {
|
||||
static void deploy_key_in_key_manager(const uint8_t *k1_encrypted, esp_key_mgr_key_type_t key_type, esp_key_mgr_key_len_t key_len, esp_key_mgr_key_recovery_info_t *key_recovery_info) {
|
||||
esp_key_mgr_aes_key_config_t *key_config = NULL;
|
||||
key_config = heap_caps_calloc(1, sizeof(esp_key_mgr_aes_key_config_t), MALLOC_CAP_INTERNAL);
|
||||
TEST_ASSERT_NOT_NULL(key_config);
|
||||
@@ -402,16 +404,10 @@ static void deploy_key_in_key_manager(const uint8_t *k1_encrypted, esp_key_mgr_k
|
||||
memcpy(key_config->k1_encrypted[0], (uint8_t*) k1_encrypted, KEY_MGR_K1_ENCRYPTED_SIZE);
|
||||
memcpy(key_config->sw_init_key, (uint8_t*) init_key, KEY_MGR_SW_INIT_KEY_SIZE);
|
||||
|
||||
esp_key_mgr_key_recovery_info_t *key_info = NULL;
|
||||
key_info = heap_caps_calloc(1, sizeof(esp_key_mgr_key_recovery_info_t), MALLOC_CAP_INTERNAL);
|
||||
TEST_ASSERT_NOT_NULL(key_info);
|
||||
|
||||
esp_key_mgr_deploy_key_in_aes_mode(key_config, key_info);
|
||||
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_aes_mode(key_config, key_recovery_info));
|
||||
|
||||
ESP_LOGI(TAG, "Key deployed successfully");
|
||||
esp_key_mgr_activate_key(key_info);
|
||||
|
||||
free(key_info);
|
||||
free(key_config);
|
||||
}
|
||||
|
||||
@@ -424,9 +420,13 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][key_mana
|
||||
TEST_IGNORE_MESSAGE("Key manager is not supported");
|
||||
}
|
||||
|
||||
deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_256);
|
||||
test_ecdsa_sign(ESP_ECDSA_CURVE_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, USE_ECDSA_KEY_FROM_KEY_MANAGER);
|
||||
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY);
|
||||
esp_key_mgr_key_recovery_info_t *key_recovery_info;
|
||||
key_recovery_info = heap_caps_calloc(1, sizeof(esp_key_mgr_key_recovery_info_t), MALLOC_CAP_INTERNAL);
|
||||
TEST_ASSERT_NOT_NULL(key_recovery_info);
|
||||
|
||||
deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_256, key_recovery_info);
|
||||
test_ecdsa_sign(ESP_ECDSA_CURVE_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, USE_ECDSA_KEY_FROM_KEY_MANAGER, (void *) key_recovery_info);
|
||||
free(key_recovery_info);
|
||||
}
|
||||
#endif /* SOC_KEY_MANAGER_SUPPORTED */
|
||||
|
||||
@@ -440,7 +440,7 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbe
|
||||
if (!ecdsa_ll_is_deterministic_mode_supported()) {
|
||||
ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported.");
|
||||
} else {
|
||||
test_ecdsa_sign(ESP_ECDSA_CURVE_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, true, SECP256R1_EFUSE_BLOCK);
|
||||
test_ecdsa_sign(ESP_ECDSA_CURVE_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, true, SECP256R1_EFUSE_BLOCK, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -451,7 +451,7 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP384R1", "[mbe
|
||||
TEST_IGNORE_MESSAGE("ECDSA is not supported");
|
||||
}
|
||||
uint8_t efuse_key_block = HAL_ECDSA_COMBINE_KEY_BLOCKS(SECP384R1_EFUSE_BLOCK_HIGH, SECP384R1_EFUSE_BLOCK_LOW);
|
||||
test_ecdsa_sign(ESP_ECDSA_CURVE_SECP384R1, sha, ecdsa384_pub_x, ecdsa384_pub_y, true, efuse_key_block);
|
||||
test_ecdsa_sign(ESP_ECDSA_CURVE_SECP384R1, sha, ecdsa384_pub_x, ecdsa384_pub_y, true, efuse_key_block, NULL);
|
||||
}
|
||||
#endif /* SOC_ECDSA_SUPPORT_CURVE_P384 */
|
||||
|
||||
@@ -469,16 +469,20 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbe
|
||||
if (!ecdsa_ll_is_deterministic_mode_supported()) {
|
||||
ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported.");
|
||||
} else {
|
||||
deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_256);
|
||||
test_ecdsa_sign(ESP_ECDSA_CURVE_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, true, USE_ECDSA_KEY_FROM_KEY_MANAGER);
|
||||
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY);
|
||||
esp_key_mgr_key_recovery_info_t *key_recovery_info;
|
||||
key_recovery_info = heap_caps_calloc(1, sizeof(esp_key_mgr_key_recovery_info_t), MALLOC_CAP_INTERNAL);
|
||||
TEST_ASSERT_NOT_NULL(key_recovery_info);
|
||||
|
||||
deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_256, key_recovery_info);
|
||||
test_ecdsa_sign(ESP_ECDSA_CURVE_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, true, USE_ECDSA_KEY_FROM_KEY_MANAGER, (void *) key_recovery_info);
|
||||
free(key_recovery_info);
|
||||
}
|
||||
}
|
||||
#endif /* SOC_KEY_MANAGER_SUPPORTED */
|
||||
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
|
||||
|
||||
#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
|
||||
void test_ecdsa_export_pubkey(esp_ecdsa_curve_t curve, const uint8_t *pub_x, const uint8_t *pub_y, int efuse_key_block)
|
||||
void test_ecdsa_export_pubkey(esp_ecdsa_curve_t curve, const uint8_t *pub_x, const uint8_t *pub_y, int efuse_key_block, void *key_recovery_info)
|
||||
{
|
||||
uint8_t export_pub_key[1 + 2 * MAX_ECDSA_COMPONENT_LEN] = {0};
|
||||
size_t len = 0;
|
||||
@@ -486,9 +490,8 @@ void test_ecdsa_export_pubkey(esp_ecdsa_curve_t curve, const uint8_t *pub_x, con
|
||||
psa_key_id_t priv_key_id = 0;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
esp_ecdsa_opaque_key_t opaque_key = {
|
||||
.curve = curve,
|
||||
};
|
||||
esp_ecdsa_opaque_key_t opaque_key = { 0 };
|
||||
opaque_key.curve = curve;
|
||||
|
||||
size_t plen = 0;
|
||||
psa_algorithm_t sha_alg = 0;
|
||||
@@ -510,9 +513,12 @@ void test_ecdsa_export_pubkey(esp_ecdsa_curve_t curve, const uint8_t *pub_x, con
|
||||
}
|
||||
size_t plen_bytes = plen / 8;
|
||||
|
||||
if (efuse_key_block == USE_ECDSA_KEY_FROM_KEY_MANAGER) {
|
||||
opaque_key.use_km_key = true;
|
||||
} else {
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
if (key_recovery_info) {
|
||||
opaque_key.key_recovery_info = (esp_key_mgr_key_recovery_info_t *) key_recovery_info;
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
opaque_key.efuse_block = efuse_key_block;
|
||||
}
|
||||
// Set attributes for opaque private key
|
||||
@@ -545,7 +551,7 @@ TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][efuse_key]"
|
||||
if (!ecdsa_ll_is_supported()) {
|
||||
TEST_IGNORE_MESSAGE("ECDSA is not supported");
|
||||
}
|
||||
test_ecdsa_export_pubkey(ESP_ECDSA_CURVE_SECP256R1, ecdsa256_pub_x, ecdsa256_pub_y, SECP256R1_EFUSE_BLOCK);
|
||||
test_ecdsa_export_pubkey(ESP_ECDSA_CURVE_SECP256R1, ecdsa256_pub_x, ecdsa256_pub_y, SECP256R1_EFUSE_BLOCK, NULL);
|
||||
}
|
||||
|
||||
#ifdef SOC_ECDSA_SUPPORT_CURVE_P384
|
||||
@@ -555,7 +561,7 @@ TEST_CASE("mbedtls ECDSA export public key on SECP384R1", "[mbedtls][efuse_key]"
|
||||
TEST_IGNORE_MESSAGE("ECDSA is not supported");
|
||||
}
|
||||
uint8_t efuse_key_block = HAL_ECDSA_COMBINE_KEY_BLOCKS(SECP384R1_EFUSE_BLOCK_HIGH, SECP384R1_EFUSE_BLOCK_LOW);
|
||||
test_ecdsa_export_pubkey(ESP_ECDSA_CURVE_SECP384R1, ecdsa384_pub_x, ecdsa384_pub_y, efuse_key_block);
|
||||
test_ecdsa_export_pubkey(ESP_ECDSA_CURVE_SECP384R1, ecdsa384_pub_x, ecdsa384_pub_y, efuse_key_block, NULL);
|
||||
}
|
||||
#endif /* SOC_ECDSA_SUPPORT_CURVE_P384 */
|
||||
|
||||
@@ -570,9 +576,13 @@ TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][key_manager
|
||||
TEST_IGNORE_MESSAGE("Key manager is not supported");
|
||||
}
|
||||
|
||||
deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_256);
|
||||
test_ecdsa_export_pubkey(ESP_ECDSA_CURVE_SECP256R1, ecdsa256_pub_x, ecdsa256_pub_y, USE_ECDSA_KEY_FROM_KEY_MANAGER);
|
||||
esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY);
|
||||
esp_key_mgr_key_recovery_info_t *key_recovery_info;
|
||||
key_recovery_info = heap_caps_calloc(1, sizeof(esp_key_mgr_key_recovery_info_t), MALLOC_CAP_INTERNAL);
|
||||
TEST_ASSERT_NOT_NULL(key_recovery_info);
|
||||
|
||||
deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_256, key_recovery_info);
|
||||
test_ecdsa_export_pubkey(ESP_ECDSA_CURVE_SECP256R1, ecdsa256_pub_x, ecdsa256_pub_y, USE_ECDSA_KEY_FROM_KEY_MANAGER, (void *) key_recovery_info);
|
||||
free(key_recovery_info);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
Reference in New Issue
Block a user