nrf_security: cracen: clean up and refactor

Various small fixes
Refactor of names to be more consistent

Signed-off-by: Dag Erik Gjørvad <[email protected]>

Author: degjorva

subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake

@@ -51,6 +51,7 @@ if(CONFIG_PSA_NEED_CRACEN_ASYMMETRIC_SIGNATURE_DRIVER)
     ${CMAKE_CURRENT_LIST_DIR}/src/ecc.c
     ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c
     ${CMAKE_CURRENT_LIST_DIR}/src/hmac.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/rndinrange.c
   )
 endif()
 
@@ -81,11 +82,10 @@ endif()
 
 if(CONFIG_PSA_NEED_CRACEN_KEY_MANAGEMENT_DRIVER OR CONFIG_PSA_NEED_CRACEN_KMU_DRIVER OR CONFIG_MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
   list(APPEND cracen_driver_sources
-    ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c
     ${CMAKE_CURRENT_LIST_DIR}/src/key_management.c
-    ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c
     ${CMAKE_CURRENT_LIST_DIR}/src/ecdsa.c
     ${CMAKE_CURRENT_LIST_DIR}/src/ecc.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/rndinrange.c
   )
 endif()
 

subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa_ecdsa.h

@@ -9,28 +9,28 @@
 
 #include <psa/crypto.h>
 
-int cracen_ecdsa_verify_message(const char *pubkey, const struct sxhashalg *hashalg,
+int cracen_ecdsa_verify_message(const uint8_t *pubkey, const struct sxhashalg *hashalg,
 				const uint8_t *message, size_t message_length,
 				const struct sx_pk_ecurve *curve, const uint8_t *signature);
 
-int cracen_ecdsa_verify_digest(const char *pubkey, const uint8_t *digest, size_t digestsz,
+int cracen_ecdsa_verify_digest(const uint8_t *pubkey, const uint8_t *digest, size_t digestsz,
 			       const struct sx_pk_ecurve *curve, const uint8_t *signature);
 
-int cracen_ecdsa_sign_message(const struct ecc_priv_key *privkey, const struct sxhashalg *hashalg,
-			      const struct sx_pk_ecurve *curve, const uint8_t *message,
-			      size_t message_length, uint8_t *signature);
+int cracen_ecdsa_sign_message(const struct cracen_ecc_priv_key *privkey,
+			      const struct sxhashalg *hashalg, const struct sx_pk_ecurve *curve,
+			      const uint8_t *message, size_t message_length, uint8_t *signature);
 
-int cracen_ecdsa_sign_digest(const struct ecc_priv_key *privkey, const struct sxhashalg *hashalg,
-			     const struct sx_pk_ecurve *curve, const uint8_t *digest,
-			     size_t digest_length, uint8_t *signature);
+int cracen_ecdsa_sign_digest(const struct cracen_ecc_priv_key *privkey,
+			     const struct sxhashalg *hashalg, const struct sx_pk_ecurve *curve,
+			     const uint8_t *digest, size_t digest_length, uint8_t *signature);
 
-int cracen_ecdsa_sign_message_deterministic(const struct ecc_priv_key *privkey,
+int cracen_ecdsa_sign_message_deterministic(const struct cracen_ecc_priv_key *privkey,
 					    const struct sxhashalg *hashalg,
 					    const struct sx_pk_ecurve *curve,
 					    const uint8_t *message, size_t message_length,
 					    uint8_t *signature);
 
-int cracen_ecdsa_sign_digest_deterministic(const struct ecc_priv_key *privkey,
+int cracen_ecdsa_sign_digest_deterministic(const struct cracen_ecc_priv_key *privkey,
 					   const struct sxhashalg *hashalg,
 					   const struct sx_pk_ecurve *curve, const uint8_t *digest,
 					   size_t digestsz, uint8_t *signature);

subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa_eddsa.h

@@ -4,18 +4,25 @@
  * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
  */
 
-#include <psa/crypto.h>
+#ifndef CRACEN_PSA_EDDSA_H
+#define CRACEN_PSA_EDDSA_H
 
-int cracen_ed25519_sign(const uint8_t *priv_key, char *signature, const uint8_t *message,
+#include <stddef.h>
+#include <stdbool.h>
+#include <stdint.h>
+
+int cracen_ed25519_sign(const uint8_t *priv_key, uint8_t *signature, const uint8_t *message,
 			size_t message_length);
 
-int cracen_ed25519_verify(const uint8_t *pub_key, const char *message, size_t message_length,
-			  const char *signature);
+int cracen_ed25519_verify(const uint8_t *pub_key, const uint8_t *message, size_t message_length,
+			  const uint8_t *signature);
 
-int cracen_ed25519ph_sign(const uint8_t *priv_key, char *signature, const uint8_t *message,
+int cracen_ed25519ph_sign(const uint8_t *priv_key, uint8_t *signature, const uint8_t *message,
 			  size_t message_length, bool is_message);
 
-int cracen_ed25519ph_verify(const uint8_t *pub_key, const char *message, size_t message_length,
-			    const char *signature, bool is_message);
+int cracen_ed25519ph_verify(const uint8_t *pub_key, const uint8_t *message, size_t message_length,
+			    const uint8_t *signature, bool is_message);
 
 int cracen_ed25519_create_pubkey(const uint8_t *priv_key, uint8_t *pub_key);
+
+#endif /* CRACEN_PSA_EDDSA_H */

subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa_primitives.h

@@ -373,25 +373,25 @@ struct cracen_pake_operation {
 };
 typedef struct cracen_pake_operation cracen_pake_operation_t;
 
-struct ecdsa_signature {
+struct cracen_ecdsa_signature {
 	size_t sz; /** Total signature size, in bytes. */
-	char *r;   /** Signature element "r". */
-	char *s;   /** Signature element "s". */
+	uint8_t *r;   /** Signature element "r". */
+	uint8_t *s;   /** Signature element "s". */
 };
 
-struct ecc_priv_key {
+struct cracen_ecc_priv_key {
 	const struct sx_pk_ecurve *curve;
-	const char *d; /** Private key value d */
+	const uint8_t *d; /** Private key value d */
 };
 
-struct ecc_pub_key {
+struct cracen_ecc_pub_key {
 	const struct sx_pk_ecurve *curve;
-	char *qx; /** x coordinate of a point on the curve */
-	char *qy; /** y coordinate of a point on the curve */
+	uint8_t *qx; /** x coordinate of a point on the curve */
+	uint8_t *qy; /** y coordinate of a point on the curve */
 };
 
-struct ecc_keypair {
-	struct ecc_priv_key priv_key;
-	struct ecc_pub_key pub_key;
+struct cracen_ecc_keypair {
+	struct cracen_ecc_priv_key priv_key;
+	struct cracen_ecc_pub_key pub_key;
 };
 #endif /* CRACEN_PSA_PRIMITIVES_H */

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/common.c

@@ -37,7 +37,7 @@ LOG_MODULE_DECLARE(cracen, CONFIG_CRACEN_LOG_LEVEL);
 
 #ifdef CONFIG_PSA_NEED_CRACEN_PLATFORM_KEYS
 /* Address from the IPS. May come from the MDK in the future. */
-#define DEVICE_SECRET_LENGTH 4
+#define DEVICE_SECRET_LENGTH  4
 #define DEVICE_SECRET_ADDRESS ((uint32_t *)0x0E001620)
 #endif
 
@@ -397,7 +397,7 @@ psa_status_t rnd_in_range(uint8_t *n, size_t sz, const uint8_t *upperlimit, size
 		}
 		n[0] &= msb_mask;
 
-		int ge = si_be_cmp(n, upperlimit, sz, 0);
+		int ge = cracen_be_cmp(n, upperlimit, sz, 0);
 
 		if (ge == -1) {
 
@@ -903,7 +903,7 @@ psa_status_t cracen_get_opaque_size(const psa_key_attributes_t *attributes, size
 	return PSA_ERROR_INVALID_ARGUMENT;
 }
 
-void be_add(unsigned char *v, size_t sz, size_t summand)
+void cracen_be_add(uint8_t *v, size_t sz, size_t summand)
 {
 	while (sz > 0) {
 		sz--;
@@ -913,7 +913,7 @@ void be_add(unsigned char *v, size_t sz, size_t summand)
 	}
 }
 
-int be_cmp(const unsigned char *a, const unsigned char *b, size_t sz, int carry)
+int cracen_be_cmp(const uint8_t *a, const uint8_t *b, size_t sz, int carry)
 {
 	unsigned int neq = 0;
 	unsigned int gt = 0;
@@ -937,9 +937,9 @@ int be_cmp(const unsigned char *a, const unsigned char *b, size_t sz, int carry)
 	return (gt ? 1 : 0) - (lt ? 1 : 0);
 }
 
-int hash_all_inputs_with_context(struct sxhash *hashopctx, const char *inputs[],
-				 const size_t inputs_lengths[], size_t input_count,
-				 const struct sxhashalg *hashalg, char *digest)
+int cracen_hash_all_inputs_with_context(struct sxhash *hashopctx, const uint8_t *inputs[],
+					const size_t input_lengths[], size_t input_count,
+					const struct sxhashalg *hashalg, uint8_t *digest)
 {
 	int status;
 
@@ -949,7 +949,7 @@ int hash_all_inputs_with_context(struct sxhash *hashopctx, const char *inputs[],
 	}
 
 	for (size_t i = 0; i < input_count; i++) {
-		status = sx_hash_feed(hashopctx, inputs[i], inputs_lengths[i]);
+		status = sx_hash_feed(hashopctx, inputs[i], input_lengths[i]);
 		if (status != SX_OK) {
 			return status;
 		}
@@ -964,23 +964,25 @@ int hash_all_inputs_with_context(struct sxhash *hashopctx, const char *inputs[],
 	return status;
 }
 
-int hash_all_inputs(const char *inputs[], const size_t inputs_lengths[], size_t input_count,
-		    const struct sxhashalg *hashalg, char *digest)
+int cracen_hash_all_inputs(const uint8_t *inputs[], const size_t input_lengths[],
+			   size_t input_count, const struct sxhashalg *hashalg, uint8_t *digest)
 {
 	struct sxhash hashopctx;
 
-	return hash_all_inputs_with_context(&hashopctx, inputs, inputs_lengths, input_count,
-					    hashalg, digest);
+	return cracen_hash_all_inputs_with_context(&hashopctx, inputs, input_lengths, input_count,
+						   hashalg, digest);
 }
 
-int hash_input(const char *input, const size_t input_length, const struct sxhashalg *hashalg,
-	       char *digest)
+int cracen_hash_input(const uint8_t *input, const size_t input_length,
+		      const struct sxhashalg *hashalg, uint8_t *digest)
 {
-	return hash_all_inputs(&input, &input_length, 1, hashalg, digest);
+	return cracen_hash_all_inputs(&input, &input_length, 1, hashalg, digest);
 }
 
-int hash_input_with_context(struct sxhash *hashopctx, const char *input, const size_t input_length,
-			    const struct sxhashalg *hashalg, char *digest)
+int cracen_hash_input_with_context(struct sxhash *hashopctx, const uint8_t *input,
+				   const size_t input_length, const struct sxhashalg *hashalg,
+				   uint8_t *digest)
 {
-	return hash_all_inputs_with_context(hashopctx, &input, &input_length, 1, hashalg, digest);
+	return cracen_hash_all_inputs_with_context(hashopctx, &input, &input_length, 1, hashalg,
+						   digest);
 }

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/common.h

@@ -55,7 +55,7 @@ enum asn1_tags {
  * \param[in]  curve_bits   Curve bits.
  * \param[out] sicurve      Pointer to curve struct for Cracen.
  *
- * \return PSA_SUCCESS on success or a valid PSA error code.
+ * \return PSA_SUCCESS on success or a valid PSA status code.
  */
 psa_status_t cracen_ecc_get_ecurve_from_psa(psa_ecc_family_t curve_family, size_t curve_bits,
 					    const struct sx_pk_ecurve **sicurve);
@@ -98,7 +98,7 @@ static inline size_t cracen_ecc_wstr_expected_pub_key_bytes(size_t priv_key_size
  * \param[in] in_pnt The public key to check.
  *
  * \return  PSA_SUCCESS if the public key passed the check, a valid
- *          PSA error code otherwise.
+ *          PSA status code otherwise.
  *
  */
 psa_status_t cracen_ecc_check_public_key(const struct sx_pk_ecurve *curve,
@@ -115,7 +115,7 @@ psa_status_t cracen_ecc_check_public_key(const struct sx_pk_ecurve *curve,
  * \param[out] modulus             Modulus (n) operand of n.
  * \param[out] exponent            Public or private exponent, depending on \ref extract_pubkey.
  *
- * \return sicrypto statuscode.
+ * \return sxsymcrypt status code.
  */
 int cracen_signature_get_rsa_key(struct si_rsa_key *rsa, bool extract_pubkey, bool is_key_pair,
 				 const unsigned char *key, size_t keylen, struct sx_buf *modulus,
@@ -146,7 +146,7 @@ int cracen_signature_asn1_get_operand(unsigned char **p, const unsigned char *en
  *
  * @note Output number and upper limit must be big endian numbers of size @ref sz.
  *
- * @return psa_status_t
+ * @return PSA status code.
  */
 psa_status_t rnd_in_range(uint8_t *n, size_t sz, const uint8_t *upperlimit, size_t retrylimit);
 
@@ -162,17 +162,26 @@ void cracen_xorbytes(char *a, const char *b, size_t sz);
 /**
  * @brief Loads key buffer and attributes.
  *
- * @return psa_status_t
+ * @return PSA status code.
  */
 psa_status_t cracen_load_keyref(const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
 				size_t key_buffer_size, struct sxkeyref *k);
 
+/**
+ * @brief Do ECB operation.
+ *
+ * @return PSA status code.
+ */
+psa_status_t cracen_cipher_crypt_ecb(const struct sxkeyref *key, const uint8_t *input,
+				     size_t input_length, uint8_t *output, size_t output_size,
+				     size_t *output_length, enum cipher_operation dir);
+
 /**
  * @brief Prepare ik key.
  *
  * @param user_data    Owner ID.
  *
- * @return sxsymcrypt error code.
+ * @return sxsymcrypt status code.
  */
 int cracen_prepare_ik_key(const uint8_t *user_data);
 
@@ -187,7 +196,7 @@ int cracen_prepare_ik_key(const uint8_t *user_data);
  * @param summand	Summand.
  *
  */
-void be_add(unsigned char *v, size_t v_size, size_t summand);
+void cracen_be_add(uint8_t *v, size_t v_size, size_t summand);
 
 /**
  * @brief Big-Endian compare with carry.
@@ -202,51 +211,51 @@ void be_add(unsigned char *v, size_t v_size, size_t summand);
  * \retval 1 if a > b.
  * \retval -1 if a < b.
  */
-int be_cmp(const unsigned char *a, const unsigned char *b, size_t sz, int carry);
+int cracen_be_cmp(const uint8_t *a, const uint8_t *b, size_t sz, int carry);
 
 /**
  * @brief Hash several elements at different locations in memory
  *
  * @param inputs[in]		Array of pointers to elements that will be hashed.
- * @param inputs_lengths[in]	Array of lengths of elements to be hashed.
+ * @param input_lengths[in]	Array of lengths of elements to be hashed.
  * @param input_count[in]	Number of elements to be hashed.
  * @param hashalg[in]		Hash algorithm to be used in sxhashalg format.
  * @param digest[out]		Buffer of at least sx_hash_get_alg_digestsz(hashalg) bytes.
  *
  * @return sxsymcrypt status code.
  */
-int hash_all_inputs(const char *inputs[], const size_t inputs_lengths[], size_t input_count,
-		    const struct sxhashalg *hashalg, char *digest);
+int cracen_hash_all_inputs(const uint8_t *inputs[], const size_t input_lengths[],
+			   size_t input_count, const struct sxhashalg *hashalg, uint8_t *digest);
 
 /**
  * @brief Hash several elements at different locations in memory with a previously created hash
  * context(sxhash)
  *
  * @param sxhashopctx[in]	Pointer to the sxhash context.
  * @param inputs[in]		Array of pointers to elements that will be hashed.
- * @param inputs_lengths[in]	Array of lengths of elements to be hashed.
+ * @param input_lengths[in]	Array of lengths of elements to be hashed.
  * @param input_count[in]	Number of elements to be hashed.
  * @param hashalg[in]		Hash algorithm to be used in sxhashalg format.
  * @param digest[out]		Buffer of at least sx_hash_get_alg_digestsz(hashalg) bytes.
  *
  * @return sxsymcrypt status code.
  */
-int hash_all_inputs_with_context(struct sxhash *sxhashopctx, const char *inputs[],
-				 const size_t inputs_lengths[], size_t input_count,
-				 const struct sxhashalg *hashalg, char *digest);
+int cracen_hash_all_inputs_with_context(struct sxhash *sxhashopctx, const uint8_t *inputs[],
+					const size_t input_lengths[], size_t input_count,
+					const struct sxhashalg *hashalg, uint8_t *digest);
 
 /**
  * @brief Hash a single element
  *
- * @param inputs[in]		Pointer to the element that will be hashed.
+ * @param input[in]		Pointer to the element that will be hashed.
  * @param input_length[in]	Length of the element to be hashed.
  * @param hashalg[in]		Hash algorithm to be used in sxhashalg format.
  * @param digest[out]		Buffer of at least sx_hash_get_alg_digestsz(hashalg) bytes.
  *
  * @return sxsymcrypt status code.
  */
-int hash_input(const char *input, const size_t input_length, const struct sxhashalg *hashalg,
-	       char *digest);
+int cracen_hash_input(const uint8_t *input, const size_t input_length,
+		      const struct sxhashalg *hashalg, uint8_t *digest);
 
 /**
  * @brief Hash a single element with a previously created hash context(sxhash)
@@ -259,8 +268,9 @@ int hash_input(const char *input, const size_t input_length, const struct sxhash
  *
  * @return sxsymcrypt status code.
  */
-int hash_input_with_context(struct sxhash *hashopctx, const char *input, const size_t input_length,
-			    const struct sxhashalg *hashalg, char *digest);
+int cracen_hash_input_with_context(struct sxhash *hashopctx, const uint8_t *input,
+				   const size_t input_length, const struct sxhashalg *hashalg,
+				   uint8_t *digest);
 
 /**
  * @brief Generate a random number within the specified range.
@@ -275,6 +285,6 @@ int hash_input_with_context(struct sxhash *hashopctx, const char *input, const s
  * @param out[out]      Buffer to store the generated random number.
  *                      The size of `out` should be at least `nsz`.
  *
- * @return sxsymcrypt status code:
+ * @return sxsymcrypt status code.
  */
-int rndinrange_create(const unsigned char *n, size_t nsz, unsigned char *out);
+int cracen_get_rnd_in_range(const uint8_t *n, size_t nsz, uint8_t *out);