Skip to content

nrf_security: CRACEN: Let ecdsa sign/verify digest without hash #24017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 22, 2025
Merged

nrf_security: CRACEN: Let ecdsa sign/verify digest without hash #24017

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ecdsa.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,28 +215,32 @@ int cracen_ecdsa_sign_digest(const struct cracen_ecc_priv_key *privkey,
const uint8_t *digest, size_t digest_length, uint8_t *signature)
{
int status;
const size_t digestsz = sx_hash_get_alg_digestsz(hashalg);
size_t opsz = sx_pk_curve_opsize(curve);
struct sx_pk_acq_req pkreq;
struct sx_pk_inops_ecdsa_generate inputs;
const uint8_t *curve_n;
const size_t workmem_requirement = digestsz + opsz;
const size_t workmem_requirement = digest_length + opsz;
struct cracen_signature internal_signature = {0};
uint8_t workmem[workmem_requirement];

/* Checking against the hash algorithm with the largest digest we support */
if (digest_length > SX_HASH_DIGESTSZ_SHA2_512) {
return SX_ERR_TOO_BIG;
}

memcpy(workmem, digest, digest_length);
curve_n = sx_pk_curve_order(curve);

internal_signature.r = signature;
internal_signature.s = signature + opsz;

for (int i = 0; i <= MAX_ECDSA_ATTEMPTS; i++) {
status = cracen_get_rnd_in_range(curve_n, opsz, workmem + digestsz);
status = cracen_get_rnd_in_range(curve_n, opsz, workmem + digest_length);
if (status != SX_OK) {
return status;
}
status = ecdsa_run_generate_sign(&pkreq, privkey, curve, workmem, digestsz, opsz,
&inputs);
status = ecdsa_run_generate_sign(&pkreq, privkey, curve, workmem, digest_length,
opsz, &inputs);

if (status != SX_OK) {
return status;
Expand Down
33 changes: 20 additions & 13 deletions subsys/nrf_security/src/drivers/cracen/cracenpsa/src/sign.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -246,16 +246,16 @@ static psa_status_t handle_ecdsa_sign(bool is_message, const uint8_t *key_buffer
const struct sxhashalg *hashalgpointer = &hashalg;

privkey.d = key_buffer;
status = hash_get_algo(alg, &hashalgpointer);
if (status != PSA_SUCCESS) {
return status;
}

*signature_length = 2 * ecurve->sz;
status = SX_ERR_INCOMPATIBLE_HW;

if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) &&
IS_ENABLED(PSA_NEED_CRACEN_DETERMINISTIC_ECDSA)) {
status = hash_get_algo(alg, &hashalgpointer);
if (status != PSA_SUCCESS) {
return status;
}
if (is_message) {
status = cracen_ecdsa_sign_message_deterministic(
&privkey, hashalgpointer, ecurve, input, input_length, signature);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cracen_ecdsa_sign_digest_deterministic() below still takes hashalgpointer, which I guess means requires hash support even though is_message is false?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

deterministic_ecdsa needs a hash function to work, so you can't run without it even if it is a sign_hash

Expand All @@ -266,6 +266,10 @@ static psa_status_t handle_ecdsa_sign(bool is_message, const uint8_t *key_buffer
} else if ((PSA_ALG_IS_ECDSA(alg) && IS_ENABLED(PSA_NEED_CRACEN_ECDSA)) &&
!PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) {
if (is_message) {
status = hash_get_algo(alg, &hashalgpointer);
if (status != PSA_SUCCESS) {
return status;
}
status = cracen_ecdsa_sign_message(&privkey, hashalgpointer, ecurve, input,
input_length, signature);
} else {
Expand Down Expand Up @@ -402,19 +406,22 @@ static psa_status_t cracen_signature_ecc_verify(bool is_message,
const struct sxhashalg *hash_algorithm_ptr = &hashalg;

psa_status = cracen_ecc_get_ecurve_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(key_type),
psa_get_key_bits(attributes), &curve);
psa_get_key_bits(attributes), &curve);
if (psa_status != PSA_SUCCESS) {
return psa_status;
}
psa_status = hash_get_algo(alg, &hash_algorithm_ptr);
if (psa_status != PSA_SUCCESS) {
return psa_status;
if (is_message) {
psa_status = hash_get_algo(alg, &hash_algorithm_ptr);
if (psa_status != PSA_SUCCESS) {
return psa_status;
}
sx_status = cracen_ecdsa_verify_message(pubkey_buffer, hash_algorithm_ptr,
input, input_length, curve,
signature);
} else {
sx_status = cracen_ecdsa_verify_digest(pubkey_buffer, input, input_length,
curve, signature);
}
sx_status = is_message ? cracen_ecdsa_verify_message(pubkey_buffer,
hash_algorithm_ptr, input,
input_length, curve, signature)
: cracen_ecdsa_verify_digest(pubkey_buffer, input,
input_length, curve, signature);
} else {
return PSA_ERROR_NOT_SUPPORTED;
}
Expand Down