feat(mbedtls): Integrate the ecdsa export public key feature in mbedtls

2025-03-10 01:29:21 -04:00 · 2023-08-08 17:19:06 +05:30 · 2023-08-08 17:19:06 +05:30 · 4c0dd8388b
commit 4c0dd8388b
parent cc32fbb302
3 changed files with 204 additions and 4 deletions
--- a/components/mbedtls/port/ecdsa/ecdsa_alt.c
+++ b/components/mbedtls/port/ecdsa/ecdsa_alt.c
@ -6,7 +6,6 @@
 #include <string.h>
 #include "hal/ecdsa_hal.h"
 #include "esp_efuse.h"
-#include "mbedtls/ecp.h"
 #include "mbedtls/ecdsa.h"
 #include "mbedtls/platform_util.h"
 #include "esp_private/periph_ctrl.h"
@ -44,6 +43,64 @@ static void ecdsa_be_to_le(const uint8_t* be_point, uint8_t *le_point, uint8_t l
    }
 }

+#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
+int esp_ecdsa_load_pubkey(mbedtls_ecp_keypair *keypair, int efuse_blk)
+{
+    int ret = -1;
+
+    if (efuse_blk < EFUSE_BLK_KEY0 || efuse_blk >= EFUSE_BLK_KEY_MAX) {
+        ESP_LOGE(TAG, "Invalid efuse block selected");
+        return ret;
+    }
+
+    ecdsa_curve_t curve;
+    esp_efuse_block_t blk;
+    uint16_t len;
+    uint8_t zeroes[MAX_ECDSA_COMPONENT_LEN] = {0};
+    uint8_t qx_le[MAX_ECDSA_COMPONENT_LEN];
+    uint8_t qy_le[MAX_ECDSA_COMPONENT_LEN];
+
+    if (keypair->MBEDTLS_PRIVATE(grp).id == MBEDTLS_ECP_DP_SECP192R1) {
+        curve = ECDSA_CURVE_SECP192R1;
+        len = 24;
+    } else if (keypair->MBEDTLS_PRIVATE(grp).id == MBEDTLS_ECP_DP_SECP256R1) {
+        curve = ECDSA_CURVE_SECP256R1;
+        len = 32;
+    } else {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
+
+    if (!esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY, &blk)) {
+        ESP_LOGE(TAG, "No efuse block with purpose ECDSA_KEY found");
+        return MBEDTLS_ERR_ECP_INVALID_KEY;
+    }
+
+    ecdsa_hal_config_t conf = {
+        .mode = ECDSA_MODE_EXPORT_PUBKEY,
+        .curve = curve,
+        .use_km_key = 0, //TODO: IDF-7992
+        .efuse_key_blk = efuse_blk,
+    };
+
+    esp_ecdsa_acquire_hardware();
+
+    do {
+        ecdsa_hal_export_pubkey(&conf, qx_le, qy_le, len);
+    } while (!memcmp(qx_le, zeroes, len) || !memcmp(qy_le, zeroes, len));
+
+    esp_ecdsa_release_hardware();
+
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X)), qx_le, len));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y)), qy_le, len));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z)), 1));
+
+    return 0;
+
+cleanup:
+    return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+}
+#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */
+
 #ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
 int esp_ecdsa_privkey_load_mpi(mbedtls_mpi *key, int efuse_blk)
 {
@ -96,6 +153,48 @@ int esp_ecdsa_privkey_load_pk_context(mbedtls_pk_context *key_ctx, int efuse_blk
    return esp_ecdsa_privkey_load_mpi(&(keypair->MBEDTLS_PRIVATE(d)), efuse_blk);
 }

+int esp_ecdsa_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_t *conf)
+{
+    int ret = -1;
+
+    if (!key_ctx) {
+        ESP_LOGE(TAG, "mbedtls_pk_context cannot be NULL");
+        return ret;
+    }
+
+    if (!conf) {
+        ESP_LOGE(TAG, "esp_ecdsa_pk_conf_t cannot be NULL");
+        return ret;
+    }
+
+    if (conf->grp_id != MBEDTLS_ECP_DP_SECP192R1 && conf->grp_id != MBEDTLS_ECP_DP_SECP256R1) {
+        ESP_LOGE(TAG, "Invalid EC curve group id mentioned in esp_ecdsa_pk_conf_t");
+        return ret;
+    }
+
+    if ((ret = esp_ecdsa_privkey_load_pk_context(key_ctx, conf->efuse_block)) != 0) {
+        ESP_LOGE(TAG, "Loading private key context failed, esp_ecdsa_privkey_load_pk_context() returned %d", ret);
+        return ret;
+    }
+
+    mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*key_ctx);
+    if ((ret = mbedtls_ecp_group_load(&(keypair->MBEDTLS_PRIVATE(grp)), conf->grp_id)) != 0) {
+        ESP_LOGE(TAG, "Loading ecp group failed, mbedtls_pk_ec() returned %d", ret);
+        return ret;
+    }
+
+#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
+    if (conf->load_pubkey) {
+        if ((ret = esp_ecdsa_load_pubkey(keypair, conf->efuse_block)) != 0) {
+            ESP_LOGE(TAG, "Loading public key context failed, esp_ecdsa_load_pubkey() returned %d", ret);
+            return ret;
+        }
+    }
+#endif
+    return 0;
+}
+
+
 static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s,
                          const mbedtls_mpi *d, const unsigned char* msg, size_t msg_len)
 {
@ -141,7 +240,7 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
            .k_mode = ECDSA_K_USE_TRNG,
            .sha_mode = ECDSA_Z_USER_PROVIDED,
            .efuse_key_blk = d->MBEDTLS_PRIVATE(n),
-            .use_efuse_key = 1, //TODO: IDF-7992
+            .use_km_key = 0, //TODO: IDF-7992
        };

        ecdsa_hal_gen_signature(&conf, NULL, sha_le, r_le, s_le, len);
--- a/components/mbedtls/port/include/ecdsa/ecdsa_alt.h
+++ b/components/mbedtls/port/include/ecdsa/ecdsa_alt.h
@ -6,14 +6,47 @@

 #pragma once

+#include <stdbool.h>
 #include <stdint.h>
-#include "sdkconfig.h"
+#include "mbedtls/ecp.h"
 #include "mbedtls/pk.h"
+#include "sdkconfig.h"
+#include "soc/soc_caps.h"

 #ifdef __cplusplus
 extern "C" {
 #endif

+/**
+ * @brief ECDSA private key context initialization config structure
+ * @note  Contains configuration information like the efuse key block that should be used as the private key,
+ *        EC group ID of the private key and if the export public key operation is supported
+ *        by the peripheral, a flag load_pubkey that is used specify if the public key has to be populated
+ */
+typedef struct {
+    mbedtls_ecp_group_id grp_id;
+    uint8_t efuse_block;
+#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
+    bool load_pubkey;
+#endif
+} esp_ecdsa_pk_conf_t;  //TODO: IDF-7925 (Add a config to select the ecdsa key from the key manager peripheral)
+
+#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
+
+/**
+ * @brief Populate the public key buffer of the mbedtls_ecp_keypair context.
+ *
+ * @param keypair The mbedtls ECP key-pair structure
+ * @param efuse_blk The efuse key block that should be used as the private key.
+ *                  The key purpose of this block must be ECDSA_KEY
+ * @return - 0 if successful
+ *         - MBEDTLS_ERR_ECP_BAD_INPUT_DATA if invalid ecp group id specified
+ *         - MBEDTLS_ERR_ECP_INVALID_KEY if efuse block with purpose ECDSA_KEY is not found
+ *         - -1 if invalid efuse block is specified
+ */
+int esp_ecdsa_load_pubkey(mbedtls_ecp_keypair *keypair, int efuse_blk);
+#endif
+
 #ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN

 /**
@ -46,6 +79,24 @@ int esp_ecdsa_privkey_load_mpi(mbedtls_mpi *key, int efuse_blk);
 *         - -1 otherwise
 */
 int esp_ecdsa_privkey_load_pk_context(mbedtls_pk_context *key_ctx, int efuse_blk);
+
+/**
+ * @brief Initialize PK context and completely populate mbedtls_ecp_keypair context.
+ *        We break the MPI struct used to represent the private key `d` in ECP keypair
+ *        in order to differentiate between hardware key and software key.
+ *        We also populate the ECP group field present in the mbedtls_ecp_keypair context.
+ *        If the ECDSA peripheral of the chip supports exporting the public key,
+ *        we can also populate the public key buffer of the mbedtls_ecp_keypair context
+ *        if the load_pubkey flag is set in the esp_ecdsa_pk_conf_t config argument.
+ *
+ * @param key_ctx The context in which this functions stores the hardware context.
+ *                This must be uninitialized
+ * @param conf ESP-ECDSA private key context initialization config structure
+ *
+ * @return - 0 if successful
+ *         - -1 otherwise
+ */
+int esp_ecdsa_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_t *conf);
 #endif

 #ifdef __cplusplus
--- a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c
+++ b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c
@ -1,6 +1,6 @@
 /* mbedTLS Elliptic Curve Digital Signature performance tests
 *
- * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -16,6 +16,7 @@
 #include <mbedtls/ecdsa.h>
 #include <mbedtls/error.h>

+#include "soc/soc_caps.h"
 #include "test_utils.h"
 #include "ccomp_timer.h"
 #include "unity.h"
@ -234,4 +235,53 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][efuse_ke
    test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y);
 }

+#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
+
+void test_ecdsa_export_pubkey(mbedtls_ecp_group_id id, const uint8_t *pub_x, const uint8_t *pub_y)
+{
+    uint8_t export_pub_x[32] = {0};
+    uint8_t export_pub_y[32] = {0};
+    int len = 0;
+
+    esp_ecdsa_pk_conf_t pk_conf = {
+        .grp_id = id,
+        .load_pubkey = true,
+    };
+
+    if (id == MBEDTLS_ECP_DP_SECP192R1) {
+        pk_conf.efuse_block = SECP192R1_EFUSE_BLOCK;
+        len = 24;
+    } else if (id == MBEDTLS_ECP_DP_SECP256R1) {
+        pk_conf.efuse_block = SECP256R1_EFUSE_BLOCK;
+        len = 32;
+    }
+
+    mbedtls_pk_context key_ctx;
+
+    int ret = esp_ecdsa_set_pk_context(&key_ctx, &pk_conf);
+    TEST_ASSERT_EQUAL(0, ret);
+
+    mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(key_ctx);
+    mbedtls_mpi_write_binary(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X)), export_pub_x, len);
+    mbedtls_mpi_write_binary(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y)), export_pub_y, len);
+
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(pub_x, export_pub_x, len);
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(pub_y, export_pub_y, len);
+
+    mbedtls_ecdsa_free(keypair);
+}
+
+TEST_CASE("mbedtls ECDSA export public key on SECP192R1", "[mbedtls][efuse_key]")
+{
+    test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP192R1, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y);
+}
+
+TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][efuse_key]")
+{
+    test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP256R1, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y);
+}
+
+
+#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */
+
 #endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN */