Integrate p256-m as an example driver alongside Mbed TLS and write documentation for the example.
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
diff --git a/scripts/config.py b/scripts/config.py
index ac5f77c..92a4aad 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -216,6 +216,7 @@
'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
'MBEDTLS_X509_REMOVE_INFO', # removes a feature
'MBEDTLS_SSL_RECORD_SIZE_LIMIT', # in development, currently breaks other tests
+ 'MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED' # influences SECP256R1 KeyGen/ECDH/ECDSA
])
def is_seamless_alt(name):
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
index 32e6bfe..f0979f3 100644
--- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
@@ -316,6 +316,26 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ PSA_ALG_IS_ECDSA(alg) &&
+ !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
+ PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
+ attributes->core.bits == 256 )
+ {
+ status = p256m_transparent_sign_hash( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_size,
+ signature_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ }
+#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( psa_sign_hash_builtin( attributes,
@@ -400,6 +420,25 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ PSA_ALG_IS_ECDSA(alg) &&
+ !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
+ PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
+ attributes->core.bits == 256 )
+ {
+ status = p256m_transparent_verify_hash( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ }
+#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
return( psa_verify_hash_builtin( attributes,
@@ -814,6 +853,20 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ attributes->core.type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
+ attributes->core.bits == 256 )
+ {
+ status = p256m_transparent_generate_key( attributes,
+ key_buffer,
+ key_buffer_size,
+ key_buffer_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ break;
+ }
+
+#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -2752,6 +2805,25 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ PSA_ALG_IS_ECDH(alg) &&
+ PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
+ attributes->core.bits == 256 )
+ {
+ status = p256m_transparent_key_agreement( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ peer_key,
+ peer_key_length,
+ shared_secret,
+ shared_secret_size,
+ shared_secret_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED)
+ return( status );
+ }
+#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Software Fallback */