16
16
17
17
#if defined(CONFIG_OPENTHREAD_ECDSA )
18
18
#include <string.h>
19
+ #include <mbedtls/asn1.h>
19
20
#endif
20
21
21
22
static otError psaToOtError (psa_status_t aStatus )
@@ -62,7 +63,7 @@ static psa_algorithm_t toPsaAlgorithm(otCryptoKeyAlgorithm aAlgorithm)
62
63
* There is currently no constant like PSA_ALG_NONE, but 0 is used
63
64
* to indicate an unknown algorithm.
64
65
*/
65
- return (psa_algorithm_t ) 0 ;
66
+ return (psa_algorithm_t )0 ;
66
67
}
67
68
}
68
69
@@ -96,11 +97,9 @@ static psa_key_usage_t toPsaKeyUsage(int aUsage)
96
97
static bool checkKeyUsage (int aUsage )
97
98
{
98
99
/* Check if only supported flags have been passed */
99
- int supported_flags = OT_CRYPTO_KEY_USAGE_EXPORT |
100
- OT_CRYPTO_KEY_USAGE_ENCRYPT |
101
- OT_CRYPTO_KEY_USAGE_DECRYPT |
102
- OT_CRYPTO_KEY_USAGE_SIGN_HASH |
103
- OT_CRYPTO_KEY_USAGE_VERIFY_HASH ;
100
+ int supported_flags = OT_CRYPTO_KEY_USAGE_EXPORT | OT_CRYPTO_KEY_USAGE_ENCRYPT |
101
+ OT_CRYPTO_KEY_USAGE_DECRYPT | OT_CRYPTO_KEY_USAGE_SIGN_HASH |
102
+ OT_CRYPTO_KEY_USAGE_VERIFY_HASH ;
104
103
105
104
return (aUsage & ~supported_flags ) == 0 ;
106
105
}
@@ -121,26 +120,57 @@ void otPlatCryptoInit(void)
121
120
* PSA with emulated TFM, Settings have to be initialized at the end of otPlatCryptoInit(),
122
121
* to be available before storing Network Key.
123
122
*/
124
- __ASSERT_EVAL ((void ) settings_subsys_init (), int err = settings_subsys_init (),
125
- ! err , "Failed to initialize settings" );
123
+ __ASSERT_EVAL ((void )settings_subsys_init (), int err = settings_subsys_init (), ! err ,
124
+ "Failed to initialize settings" );
126
125
#endif
127
126
}
128
127
129
- otError otPlatCryptoImportKey (otCryptoKeyRef * aKeyRef ,
130
- otCryptoKeyType aKeyType ,
131
- otCryptoKeyAlgorithm aKeyAlgorithm ,
132
- int aKeyUsage ,
133
- otCryptoKeyStorage aKeyPersistence ,
134
- const uint8_t * aKey ,
128
+ otError otPlatCryptoImportKey (otCryptoKeyRef * aKeyRef , otCryptoKeyType aKeyType ,
129
+ otCryptoKeyAlgorithm aKeyAlgorithm , int aKeyUsage ,
130
+ otCryptoKeyStorage aKeyPersistence , const uint8_t * aKey ,
135
131
size_t aKeyLen )
136
132
{
133
+ #if defined(CONFIG_OPENTHREAD_ECDSA )
134
+ int version ;
135
+ size_t len ;
136
+ unsigned char * p = (unsigned char * )aKey ;
137
+ unsigned char * end ;
138
+ #endif
139
+
137
140
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT ;
138
- psa_status_t status ;
141
+ psa_status_t status = 0 ;
139
142
140
143
if (aKeyRef == NULL || aKey == NULL || !checkKeyUsage (aKeyUsage )) {
141
144
return OT_ERROR_INVALID_ARGS ;
142
145
}
143
146
147
+ #if defined(CONFIG_OPENTHREAD_ECDSA )
148
+ /* Check if key is ECDSA pair and extract private key from it since PSA expects it. */
149
+ if (aKeyType == OT_CRYPTO_KEY_TYPE_ECDSA ) {
150
+
151
+ end = p + aKeyLen ;
152
+ status = mbedtls_asn1_get_tag (& p , end , & len ,
153
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
154
+ if (status != 0 ) {
155
+ return OT_ERROR_FAILED ;
156
+ }
157
+
158
+ end = p + len ;
159
+ status = mbedtls_asn1_get_int (& p , end , & version );
160
+ if (status != 0 ) {
161
+ return OT_ERROR_FAILED ;
162
+ }
163
+
164
+ status = mbedtls_asn1_get_tag (& p , end , & len , MBEDTLS_ASN1_OCTET_STRING );
165
+ if (status != 0 || len != 32 ) {
166
+ return OT_ERROR_FAILED ;
167
+ }
168
+
169
+ aKey = p ;
170
+ aKeyLen = len ;
171
+ }
172
+ #endif
173
+
144
174
psa_set_key_type (& attributes , toPsaKeyType (aKeyType ));
145
175
psa_set_key_algorithm (& attributes , toPsaAlgorithm (aKeyAlgorithm ));
146
176
psa_set_key_usage_flags (& attributes , toPsaKeyUsage (aKeyUsage ));
@@ -161,9 +191,7 @@ otError otPlatCryptoImportKey(otCryptoKeyRef *aKeyRef,
161
191
return psaToOtError (status );
162
192
}
163
193
164
- otError otPlatCryptoExportKey (otCryptoKeyRef aKeyRef ,
165
- uint8_t * aBuffer ,
166
- size_t aBufferLen ,
194
+ otError otPlatCryptoExportKey (otCryptoKeyRef aKeyRef , uint8_t * aBuffer , size_t aBufferLen ,
167
195
size_t * aKeyLen )
168
196
{
169
197
if (aBuffer == NULL ) {
@@ -231,8 +259,7 @@ otError otPlatCryptoHmacSha256Start(otCryptoContext *aContext, const otCryptoKey
231
259
return psaToOtError (status );
232
260
}
233
261
234
- otError otPlatCryptoHmacSha256Update (otCryptoContext * aContext ,
235
- const void * aBuf ,
262
+ otError otPlatCryptoHmacSha256Update (otCryptoContext * aContext , const void * aBuf ,
236
263
uint16_t aBufLength )
237
264
{
238
265
psa_mac_operation_t * operation ;
@@ -243,7 +270,7 @@ otError otPlatCryptoHmacSha256Update(otCryptoContext *aContext,
243
270
244
271
operation = aContext -> mContext ;
245
272
246
- return psaToOtError (psa_mac_update (operation , (const uint8_t * ) aBuf , aBufLength ));
273
+ return psaToOtError (psa_mac_update (operation , (const uint8_t * )aBuf , aBufLength ));
247
274
}
248
275
249
276
otError otPlatCryptoHmacSha256Finish (otCryptoContext * aContext , uint8_t * aBuf , size_t aBufLength )
@@ -269,7 +296,7 @@ otError otPlatCryptoAesInit(otCryptoContext *aContext)
269
296
}
270
297
271
298
key_ref = aContext -> mContext ;
272
- * key_ref = (psa_key_id_t ) 0 ; /* In TF-M 1.5.0 this can be replaced with PSA_KEY_ID_NULL */
299
+ * key_ref = (psa_key_id_t )0 ; /* In TF-M 1.5.0 this can be replaced with PSA_KEY_ID_NULL */
273
300
274
301
return OT_ERROR_NONE ;
275
302
}
@@ -300,13 +327,8 @@ otError otPlatCryptoAesEncrypt(otCryptoContext *aContext, const uint8_t *aInput,
300
327
}
301
328
302
329
key_ref = aContext -> mContext ;
303
- status = psa_cipher_encrypt (* key_ref ,
304
- PSA_ALG_ECB_NO_PADDING ,
305
- aInput ,
306
- block_size ,
307
- aOutput ,
308
- block_size ,
309
- & cipher_length );
330
+ status = psa_cipher_encrypt (* key_ref , PSA_ALG_ECB_NO_PADDING , aInput , block_size , aOutput ,
331
+ block_size , & cipher_length );
310
332
311
333
return psaToOtError (status );
312
334
}
@@ -366,7 +388,7 @@ otError otPlatCryptoSha256Update(otCryptoContext *aContext, const void *aBuf, ui
366
388
367
389
operation = aContext -> mContext ;
368
390
369
- return psaToOtError (psa_hash_update (operation , (const uint8_t * ) aBuf , aBufLength ));
391
+ return psaToOtError (psa_hash_update (operation , (const uint8_t * )aBuf , aBufLength ));
370
392
}
371
393
372
394
otError otPlatCryptoSha256Finish (otCryptoContext * aContext , uint8_t * aHash , uint16_t aHashSize )
@@ -430,38 +452,6 @@ otError otPlatCryptoEcdsaGenerateKey(otPlatCryptoEcdsaKeyPair *aKeyPair)
430
452
return psaToOtError (status );
431
453
}
432
454
433
- otError otPlatCryptoEcdsaGetPublicKey (const otPlatCryptoEcdsaKeyPair * aKeyPair ,
434
- otPlatCryptoEcdsaPublicKey * aPublicKey )
435
- {
436
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT ;
437
- psa_key_id_t key_id = 0 ;
438
- psa_status_t status ;
439
- size_t exported_length ;
440
- uint8_t buffer [1 + OT_CRYPTO_ECDSA_PUBLIC_KEY_SIZE ];
441
-
442
- psa_set_key_algorithm (& attributes , PSA_ALG_DETERMINISTIC_ECDSA (PSA_ALG_SHA_256 ));
443
- psa_set_key_type (& attributes , PSA_KEY_TYPE_ECC_KEY_PAIR (PSA_ECC_FAMILY_SECP_R1 ));
444
- psa_set_key_bits (& attributes , 256 );
445
-
446
- status = psa_import_key (& attributes , aKeyPair -> mDerBytes , aKeyPair -> mDerLength , & key_id );
447
- if (status != PSA_SUCCESS ) {
448
- goto out ;
449
- }
450
-
451
- status = psa_export_public_key (key_id , buffer , sizeof (buffer ), & exported_length );
452
- if (status != PSA_SUCCESS ) {
453
- goto out ;
454
- }
455
- __ASSERT_NO_MSG (exported_length == sizeof (buffer ));
456
- memcpy (aPublicKey -> m8 , buffer + 1 , OT_CRYPTO_ECDSA_PUBLIC_KEY_SIZE );
457
-
458
- out :
459
- psa_reset_key_attributes (& attributes );
460
- psa_destroy_key (key_id );
461
-
462
- return psaToOtError (status );
463
- }
464
-
465
455
otError otPlatCryptoEcdsaSign (const otPlatCryptoEcdsaKeyPair * aKeyPair ,
466
456
const otPlatCryptoSha256Hash * aHash ,
467
457
otPlatCryptoEcdsaSignature * aSignature )
0 commit comments