-
Notifications
You must be signed in to change notification settings - Fork 7.1k
/
ecdsa_alt.h
111 lines (96 loc) · 4.47 KB
/
ecdsa_alt.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include <stdbool.h>
#include <stdint.h>
#include "mbedtls/ecp.h"
#include "mbedtls/pk.h"
#include "sdkconfig.h"
#include "soc/soc_caps.h"
#ifdef __cplusplus
extern "C" {
#endif
#define USE_ECDSA_KEY_FROM_KEY_MANAGER INT_MAX
/**
* @brief ECDSA private key context initialization config structure
* @note Contains configuration information like the efuse key block that should be used as the private key,
* EC group ID of the private key and if the export public key operation is supported
* by the peripheral, a flag load_pubkey that is used specify if the public key has to be populated
*/
typedef struct {
mbedtls_ecp_group_id grp_id; /*!< MbedTLS ECP group identifier */
uint8_t efuse_block; /*!< EFuse block id for ECDSA private key */
#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
bool load_pubkey; /*!< Export ECDSA public key from the hardware */
#endif
bool use_km_key; /*!< Use key deployed in the key manager for ECDSA operation.
Note: The key must be already deployed by the application and it must be activated for the lifetime of this context */
} esp_ecdsa_pk_conf_t; //TODO: IDF-9008 (Add a config to select the ecdsa key from the key manager peripheral)
#if SOC_ECDSA_SUPPORT_EXPORT_PUBKEY || __DOXYGEN__
/**
* @brief Populate the public key buffer of the mbedtls_ecp_keypair context.
*
* @param keypair The mbedtls ECP key-pair structure
* @param efuse_blk The efuse key block that should be used as the private key.
* The key purpose of this block must be ECDSA_KEY
* @return - 0 if successful
* - MBEDTLS_ERR_ECP_BAD_INPUT_DATA if invalid ecp group id specified
* - MBEDTLS_ERR_ECP_INVALID_KEY if efuse block with purpose ECDSA_KEY is not found
* - -1 if invalid efuse block is specified
*/
int esp_ecdsa_load_pubkey(mbedtls_ecp_keypair *keypair, int efuse_blk);
#endif // SOC_ECDSA_SUPPORT_EXPORT_PUBKEY || __DOXYGEN__
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || __DOXYGEN__
/**
* @brief Initialize MPI to notify mbedtls_ecdsa_sign to use the private key in efuse
* We break the MPI struct of the private key in order to
* differentiate between hardware key and software key
*
* @param key The MPI in which this functions stores the hardware context.
* This must be uninitialized
* @param efuse_blk The efuse key block that should be used as the private key.
* The key purpose of this block must be ECDSA_KEY
*
* @return - 0 if successful
* - -1 otherwise
*
*/
int esp_ecdsa_privkey_load_mpi(mbedtls_mpi *key, int efuse_blk);
/**
* @brief Initialize PK context to notify mbedtls_ecdsa_sign to use the private key in efuse
* We break the MPI struct used to represent the private key `d` in ECP keypair
* in order to differentiate between hardware key and software key
*
* @param key_ctx The context in which this functions stores the hardware context.
* This must be uninitialized
* @param efuse_blk The efuse key block that should be used as the private key.
* The key purpose of this block must be ECDSA_KEY
*
* @return - 0 if successful
* - -1 otherwise
*/
int esp_ecdsa_privkey_load_pk_context(mbedtls_pk_context *key_ctx, int efuse_blk);
/**
* @brief Initialize PK context and completely populate mbedtls_ecp_keypair context.
* We break the MPI struct used to represent the private key `d` in ECP keypair
* in order to differentiate between hardware key and software key.
* We also populate the ECP group field present in the mbedtls_ecp_keypair context.
* If the ECDSA peripheral of the chip supports exporting the public key,
* we can also populate the public key buffer of the mbedtls_ecp_keypair context
* if the load_pubkey flag is set in the esp_ecdsa_pk_conf_t config argument.
*
* @param key_ctx The context in which this functions stores the hardware context.
* This must be uninitialized
* @param conf ESP-ECDSA private key context initialization config structure
*
* @return - 0 if successful
* - -1 otherwise
*/
int esp_ecdsa_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_t *conf);
#endif // CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN || __DOXYGEN__
#ifdef __cplusplus
}
#endif