MCUX CLNS
MCUX Crypto Library Normal Secure
 
Loading...
Searching...
No Matches
mcuxClEls_Ecc_Keygen_Sign_Verify_example.c

Example of ECC for key generation, signing and verification using the ELS (CLNS component mcuxClEls)

Example of ECC for key generation, signing and verification using the ELS (CLNS component mcuxClEls)

/*--------------------------------------------------------------------------*/
/* Copyright 2020-2023 NXP */
/* */
/* NXP Confidential. This software is owned or controlled by NXP and may */
/* only be used strictly in accordance with the applicable license terms. */
/* By expressly accepting such terms or by downloading, installing, */
/* activating and/or otherwise using the software, you are agreeing that */
/* you have read, and that you agree to comply with and are bound by, such */
/* license terms. If you do not agree to be bound by the applicable license */
/* terms, then you may not retain, install, activate or otherwise use the */
/* software. */
/*--------------------------------------------------------------------------*/
#include <mcuxClToolchain.h>
#include <mcuxClEls.h> // Interface to the entire mcuxClEls component
#include <mcuxClCore_FunctionIdentifiers.h> // Code flow protection
#include <mcuxClCore_Examples.h>
#include <mcuxClExample_ELS_Helper.h>
#include <mcuxClExample_ELS_Key_Helper.h>
static uint32_t const ecc_digest[MCUXCLELS_HASH_OUTPUT_SIZE_SHA_256 / sizeof(uint32_t)] = {0x11111111u,
0x22222222u,
0x33333333u,
0x44444444u,
0x55555555u,
0x66666666u,
0x77777777u,
0x88888888u};
static uint32_t ecc_public_key[MCUXCLELS_ECC_PUBLICKEY_SIZE / sizeof(uint32_t)];
static uint32_t ecc_signature[MCUXCLELS_ECC_SIGNATURE_SIZE / sizeof(uint32_t)];
static uint32_t ecc_signature_r[MCUXCLELS_ECC_SIGNATURE_R_SIZE / sizeof(uint32_t)];
MCUXCLEXAMPLE_FUNCTION(mcuxClEls_Ecc_Keygen_Sign_Verify_example)
{
if(!mcuxClExample_Els_Init(MCUXCLELS_RESET_DO_NOT_CANCEL))
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
/* Generate signing key */
mcuxClEls_EccKeyGenOption_t KeyGenOptions = {0}; // Initialize a new configuration for the planned mcuxClEls_EccKeyGen_Async operation.
KeyGenOptions.bits.kgsrc = MCUXCLELS_ECC_OUTPUTKEY_RANDOM; // Configure that a non-deterministic key is generated.
KeyGenOptions.bits.kgsign = MCUXCLELS_ECC_PUBLICKEY_SIGN_DISABLE; // Configure that the generated public key is not signed
KeyGenOptions.bits.kgsign_rnd = MCUXCLELS_ECC_NO_RANDOM_DATA; // Configure that no external random data is provided
mcuxClEls_KeyProp_t GenKeyProp = {0}; // Initialize a new configuration for the mcuxClEls_EccKeyGen_Async generated key properties.
GenKeyProp.bits.upprot_priv = MCUXCLELS_KEYPROPERTY_PRIVILEGED_FALSE; // Configure that user access rights: non-privileged access
GenKeyProp.bits.upprot_sec = MCUXCLELS_KEYPROPERTY_SECURE_TRUE; // Configure that user access rights: non-secure access
mcuxClEls_KeyIndex_t keyIdx = 10u; // Set keystore index at which mcuxClEls_EccKeyGen_Async is storing the private key.
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(result, token, mcuxClEls_EccKeyGen_Async( // Perform key generation.
KeyGenOptions, // Set the prepared configuration.
(mcuxClEls_KeyIndex_t) 0U, // This parameter (signingKeyIdx) is ignored, since no signature is requested in the configuration.
keyIdx, // Keystore index at which the generated private key is stored.
GenKeyProp, // Set the generated key properties.
NULL, // No random data is provided
(uint8_t *) ecc_public_key // Output buffer, which the operation will write the public key to.
));
// mcuxClEls_EccKeyGen_Async is a flow-protected function: Check the protection token and the return value
{
return MCUXCLEXAMPLE_STATUS_ERROR; // Expect that no error occurred, meaning that the mcuxClEls_EccKeyGen_Async operation was started.
}
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(result, token, mcuxClEls_LimitedWaitForOperation(0x00100000U, MCUXCLELS_ERROR_FLAGS_CLEAR)); // Wait for the mcuxClEls_EccKeyGen_Async operation to complete.
// mcuxClEls_LimitedWaitForOperation is a flow-protected function: Check the protection token and the return value
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
/* Sign message digest */
mcuxClEls_EccSignOption_t SignOptions = {0}; // Initialize a new configuration for the planned mcuxClEls_EccSign_Async operation.
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(result, token, mcuxClEls_EccSign_Async(// Perform signature generation.
SignOptions, // Set the prepared configuration.
keyIdx, // Set index of private key in keystore.
(const uint8_t *) ecc_digest, NULL, (size_t) 0U, // Pre-hashed data to sign. Note that inputLength parameter is ignored since pre-hashed data has a fixed length.
(uint8_t *)ecc_signature // Output buffer, which the operation will write the signature to.
));
// mcuxClEls_EccSign_Async is a flow-protected function: Check the protection token and the return value
{
return MCUXCLEXAMPLE_STATUS_ERROR; // Expect that no error occurred, meaning that the mcuxClEls_EccSign_Async operation was started.
}
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(result, token, mcuxClEls_LimitedWaitForOperation(0x00100000U, MCUXCLELS_ERROR_FLAGS_CLEAR)); // Wait for the mcuxClEls_EccSign_Async operation to complete.
// mcuxClEls_LimitedWaitForOperation is a flow-protected function: Check the protection token and the return value
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
/* Verify signature */
/* Concatenate signature and public key to prepare input for EccVerify_Async */
for(size_t i = 0u; i < MCUXCLELS_ECC_SIGNATURE_SIZE; i++) {
((uint8_t *)ecc_signature_and_public_key)[i] = ((uint8_t *)ecc_signature)[i];
}
for(size_t i = 0u; i < MCUXCLELS_ECC_PUBLICKEY_SIZE; i++) {
}
mcuxClEls_EccVerifyOption_t VerifyOptions = {0}; // Initialize a new configuration for the planned mcuxClEls_EccVerify_Async operation.
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(result, token, mcuxClEls_EccVerify_Async(// Perform signature verification.
VerifyOptions, // Set the prepared configuration.
(const uint8_t *) ecc_digest, NULL, (size_t) 0U, // Pre-hashed data to verify. Note that inputLength parameter is ignored since pre-hashed data has a fixed length.
(const uint8_t *)ecc_signature_and_public_key, // Concatenation of signature of the pre-hashed data and public key used
(uint8_t *)ecc_signature_r // Output buffer, which the operation will write the signature part r to, to allow external comparison of between given and recalculated r.
));
// mcuxClEls_EccVerify_Async is a flow-protected function: Check the protection token and the return value
{
return MCUXCLEXAMPLE_STATUS_ERROR; // Expect that no error occurred, meaning that the mcuxClEls_EccVerify_Async operation was started.
}
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(result, token, mcuxClEls_LimitedWaitForOperation(0x00100000U, MCUXCLELS_ERROR_FLAGS_CLEAR)); // Wait for the mcuxClEls_EccVerify_Async operation to complete.
// mcuxClEls_LimitedWaitForOperation is a flow-protected function: Check the protection token and the return value
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
// mcuxClEls_GetHwState is a flow-protected function: Check the protection token and the return value
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
{
return MCUXCLEXAMPLE_STATUS_ERROR; // Expect that mcuxClEls_EccVerify_Async operation successfully performed the signature verification.
}
if(!mcuxClExample_Els_KeyDelete(keyIdx))
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
if(!mcuxClExample_Els_Disable())
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
return MCUXCLEXAMPLE_STATUS_OK;
}
static uint32_t ecc_signature[MCUXCLELS_ECC_SIGNATURE_SIZE/sizeof(uint32_t)]
Destination buffer to receive the signature of the mcuxClEls_EccSign_Async operation.
Definition mcuxClEls_Ecc_Keygen_Sign_Verify_example.c:45
static uint32_t ecc_signature_and_public_key[(MCUXCLELS_ECC_SIGNATURE_SIZE+MCUXCLELS_ECC_PUBLICKEY_SIZE)/sizeof(uint32_t)]
Concatenation of the ECC signature and public key, needed for the mcuxClEls_EccVerify_Async operation...
Definition mcuxClEls_Ecc_Keygen_Sign_Verify_example.c:53
static uint32_t ecc_public_key[MCUXCLELS_ECC_PUBLICKEY_SIZE/sizeof(uint32_t)]
Destination buffer to receive the public key of the mcuxClEls_EccKeyGen_Async operation.
Definition mcuxClEls_Ecc_Keygen_Sign_Verify_example.c:42
static uint32_t const ecc_digest[MCUXCLELS_HASH_OUTPUT_SIZE_SHA_256/sizeof(uint32_t)]
Pre-hashed data to be signed.
Definition mcuxClEls_Ecc_Keygen_Sign_Verify_example.c:32
static uint32_t ecc_signature_r[MCUXCLELS_ECC_SIGNATURE_R_SIZE/sizeof(uint32_t)]
Destination buffer to receive the signature part r of the VerifyOptions operation.
Definition mcuxClEls_Ecc_Keygen_Sign_Verify_example.c:49
Definition of function identifiers for the flow protection mechanism.
Top-level include file for the ELS driver.
Provides the API for the CSSL flow protection mechanism.
#define MCUXCLELS_ERROR_FLAGS_CLEAR
Set this option at mcuxClEls_ErrorHandling_t to clear all ELS error flags.
Definition mcuxClEls_Common.h:110
#define MCUXCLELS_RESET_DO_NOT_CANCEL
Set this option at mcuxClEls_ResetOption_t to abort the requested command if another ELS operation is...
Definition mcuxClEls_Common.h:119
#define MCUXCLELS_STATUS_ECDSAVFY_OK
This value of mcuxClEls_HwState_t.ecdsavfy means that the most recently finished ECDSA signature veri...
Definition mcuxClEls_Common.h:148
MCUXCLELS_API mcuxClEls_Status_t mcuxClEls_LimitedWaitForOperation(uint32_t counterLimit, mcuxClEls_ErrorHandling_t errorHandling)
Await the completion of an ELS operation for a limited amount of time and optionally clear the error ...
MCUXCLELS_API mcuxClEls_Status_t mcuxClEls_GetHwState(mcuxClEls_HwState_t *result)
Determines the current state of the ELS.
#define MCUXCLELS_ECC_NO_RANDOM_DATA
Set this option at mcuxClEls_EccKeyGenOption_t.kgsign_rnd to not include user provided random data fo...
Definition mcuxClEls_Ecc.h:121
#define MCUXCLELS_ECC_OUTPUTKEY_RANDOM
Set this option at mcuxClEls_EccKeyGenOption_t.kgsrc to specify output key is random.
Definition mcuxClEls_Ecc.h:115
#define MCUXCLELS_ECC_PUBLICKEY_SIGN_DISABLE
Set this option at mcuxClEls_EccKeyGenOption_t.kgsign to not sign the public key.
Definition mcuxClEls_Ecc.h:109
#define MCUXCLELS_ECC_SIGNATURE_R_SIZE
Size of the signature part r.
Definition mcuxClEls_Ecc.h:153
#define MCUXCLELS_ECC_PUBLICKEY_SIZE
Size of the public key.
Definition mcuxClEls_Ecc.h:151
#define MCUXCLELS_ECC_SIGNATURE_SIZE
Size of the signature.
Definition mcuxClEls_Ecc.h:152
MCUXCLELS_API mcuxClEls_Status_t mcuxClEls_EccVerify_Async(mcuxClEls_EccVerifyOption_t options, uint8_t const *pInputHash, uint8_t const *pInputMessage, size_t inputMessageLength, uint8_t const *pSignatureAndPubKey, uint8_t *pOutput)
Verifies an ECDSA signature of a given message.
MCUXCLELS_API mcuxClEls_Status_t mcuxClEls_EccKeyGen_Async(mcuxClEls_EccKeyGenOption_t options, mcuxClEls_KeyIndex_t signingKeyIdx, mcuxClEls_KeyIndex_t privateKeyIdx, mcuxClEls_KeyProp_t generatedKeyProperties, uint8_t const *pRandomData, uint8_t *pPublicKey)
Generates an ECC key pair on the NIST P-256 curve.
MCUXCLELS_API mcuxClEls_Status_t mcuxClEls_EccSign_Async(mcuxClEls_EccSignOption_t options, mcuxClEls_KeyIndex_t keyIdx, uint8_t const *pInputHash, uint8_t const *pInputMessage, size_t inputMessageLength, uint8_t *pOutput)
Generates an ECDSA signature of a given message.
#define MCUXCLELS_HASH_OUTPUT_SIZE_SHA_256
SHA-256 output size: 256 bit (32 bytes)
Definition mcuxClEls_Hash.h:126
#define MCUXCLELS_KEYPROPERTY_SECURE_TRUE
This value of mcuxClEls_KeyProp_t.upprot_sec indicates that the caller must be in secure mode to use ...
Definition mcuxClEls_Types.h:158
#define MCUXCLELS_KEYPROPERTY_PRIVILEGED_FALSE
This value of mcuxClEls_KeyProp_t.upprot_priv indicates that the caller does not need to be in privil...
Definition mcuxClEls_Types.h:157
#define MCUXCLELS_STATUS_OK
No error occurred.
Definition mcuxClEls_Types.h:171
#define MCUXCLELS_STATUS_OK_WAIT
An _Async function successfully started an ELS command. Call mcuxClEls_WaitForOperation to complete i...
Definition mcuxClEls_Types.h:172
uint32_t mcuxClEls_KeyIndex_t
Type for ELS keystore indices.
Definition mcuxClEls_Types.h:222
#define MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(...)
Call a flow protected function and check the protection token.
Definition mcuxCsslFlowProtection.h:581
#define MCUX_CSSL_FP_FUNCTION_CALLED(...)
Expectation of a called function.
Definition mcuxCsslFlowProtection.h:735
#define MCUX_CSSL_FP_FUNCTION_CALL_END(...)
End a function call section started by MCUX_CSSL_FP_FUNCTION_CALL_BEGIN.
Definition mcuxCsslFlowProtection.h:616
Result type of mcuxClEls_GetHwState.
Definition mcuxClEls_Common.h:222
uint32_t ecdsavfy
ECDSA verify operation state (For possible values of this field, see MCUXCLELS_STATUS_ECDSAVFY_)
Definition mcuxClEls_Common.h:233
struct mcuxClEls_HwState_t::@9 bits
Access mcuxClEls_HwState_t bit-wise.
Command option bit field for mcuxClEls_EccSign_Async Bit field to configure mcuxClEls_EccSign_Async.
Definition mcuxClEls_Ecc.h:184
Command option bit field for mcuxClEls_EccVerify_Async Bit field to configure mcuxClEls_EccVerifyOpti...
Definition mcuxClEls_Ecc.h:204
Command option bit field for mcuxClEls_EccKeyGen_Async Bit field to configure mcuxClEls_EccKeyGenOpti...
Definition mcuxClEls_Ecc.h:229
uint32_t kgsign
Define if signing the output public key.
Definition mcuxClEls_Ecc.h:236
uint32_t kgsrc
Define if the output key is deterministic or random.
Definition mcuxClEls_Ecc.h:238
uint32_t kgsign_rnd
Define if using user provided random data for the signature.
Definition mcuxClEls_Ecc.h:241
struct mcuxClEls_EccKeyGenOption_t::@25 bits
Access mcuxClEls_EccKeyGenOption_t bit-wise.
Type for ELS key store key properties.
Definition mcuxClEls_Types.h:226
uint32_t upprot_sec
Access restriction to TrustZone secure mode.
Definition mcuxClEls_Types.h:270
uint32_t upprot_priv
Access restriction to privileged mode.
Definition mcuxClEls_Types.h:269
struct mcuxClEls_KeyProp_t::@41 bits
Access mcuxClEls_KeyProp_t bit-wise.