Skip to content

Commit 9e69cec

Browse files
degjorvacarlescufi
degjorva
authored and
carlescufi
committed
nrf_security: cracen: fix ikg verify bug
Add fix for ikg verify failing This was due to not correctly generating a public key Signed-off-by: Dag Erik Gjørvad <[email protected]> (cherry picked from commit 3a28acc)
1 parent 4a9cce2 commit 9e69cec

File tree

1 file changed

+26
-2
lines changed
  • subsys/nrf_security/src/drivers/cracen/cracenpsa/src

1 file changed

+26
-2
lines changed

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/sign.c

Lines changed: 26 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,27 @@ static int cracen_signature_prepare_ec_prvkey(struct si_sig_privkey *privkey, ch
136136
return SX_ERR_INCOMPATIBLE_HW;
137137
}
138138

139+
static psa_status_t generate_ikg_pub_key(const uint8_t *key_buffer, size_t key_buffer_size,
140+
const struct sx_pk_ecurve *sx_curve, char *pubkey_buffer)
141+
{
142+
if (key_buffer_size != sizeof(ikg_opaque_key)) {
143+
return PSA_ERROR_INVALID_ARGUMENT;
144+
}
145+
struct si_sig_privkey priv_key;
146+
struct si_sig_pubkey pub_key;
147+
148+
priv_key = si_sig_fetch_ikprivkey(sx_curve, *key_buffer);
149+
pub_key.key.eckey.qx = pubkey_buffer;
150+
pub_key.key.eckey.qy = pubkey_buffer + sx_pk_curve_opsize(sx_curve);
151+
struct sitask t;
152+
153+
si_task_init(&t, NULL, 0);
154+
si_sig_create_pubkey(&t, &priv_key, &pub_key);
155+
si_task_run(&t);
156+
157+
return silex_statuscodes_to_psa(si_task_wait(&t));
158+
}
159+
139160
static int cracen_signature_prepare_ec_pubkey(const char *key_buffer, size_t key_buffer_size,
140161
const struct sx_pk_ecurve **sicurve,
141162
psa_algorithm_t alg,
@@ -153,7 +174,11 @@ static int cracen_signature_prepare_ec_pubkey(const char *key_buffer, size_t key
153174
}
154175

155176
status = SX_ERR_INCOMPATIBLE_HW;
156-
177+
if (PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes)) ==
178+
PSA_KEY_LOCATION_CRACEN) {
179+
status = generate_ikg_pub_key(key_buffer, key_buffer_size, *sicurve, pubkey_buffer);
180+
return status;
181+
}
157182
if (IS_ENABLED(PSA_NEED_CRACEN_PURE_EDDSA_TWISTED_EDWARDS)) {
158183
if (alg == PSA_ALG_PURE_EDDSA || alg == PSA_ALG_ED25519PH) {
159184
if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(psa_get_key_type(attributes))) {
@@ -169,7 +194,6 @@ static int cracen_signature_prepare_ec_pubkey(const char *key_buffer, size_t key
169194
IS_ENABLED(PSA_NEED_CRACEN_ECDSA_SECP_K1) ||
170195
IS_ENABLED(PSA_NEED_CRACEN_ECDSA_BRAINPOOL_P_R1)) {
171196
if (PSA_ALG_IS_ECDSA(alg)) {
172-
173197
if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(psa_get_key_type(attributes))) {
174198
/* public keys must start with 0x04(uncompressed header)
175199
* and must have double the size of the EC curve plus 1

0 commit comments

Comments
 (0)