[nrf fromtree] net: openthread: Add implementation of crypto api.

Przemyslaw Bida · rlubos · commit 64e726ae52c8 · 2023-05-12T13:20:57.000+02:00
This commit adds implementation of following new api functions from openthread: - otPlatCryptoEcdsaGenerateAndImportKey - otPlatCryptoEcdsaExportPublicKey - otPlatCryptoEcdsaVerifyUsingKeyRef - otPlatCryptoEcdsaSignUsingKeyRef Signed-off-by: Przemyslaw Bida <przemyslaw.bida@nordicsemi.no> (cherry picked form commit f93613a)
diff --git a/modules/openthread/platform/crypto_psa.c b/modules/openthread/platform/crypto_psa.c
@@ -563,4 +563,83 @@ otError otPlatCryptoEcdsaVerify(const otPlatCryptoEcdsaPublicKey *aPublicKey,
 	return psaToOtError(status);
 }
 
+otError otPlatCryptoEcdsaSignUsingKeyRef(otCryptoKeyRef aKeyRef,
+					 const otPlatCryptoSha256Hash *aHash,
+					 otPlatCryptoEcdsaSignature *aSignature)
+{
+	psa_status_t status;
+	size_t signature_length;
+
+	status = psa_sign_hash(aKeyRef, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), aHash->m8,
+			       OT_CRYPTO_SHA256_HASH_SIZE, aSignature->m8,
+			       OT_CRYPTO_ECDSA_SIGNATURE_SIZE, &signature_length);
+	if (status != PSA_SUCCESS) {
+		goto out;
+	}
+
+	__ASSERT_NO_MSG(signature_length == OT_CRYPTO_ECDSA_SIGNATURE_SIZE);
+out:
+	return psaToOtError(status);
+}
+
+otError otPlatCryptoEcdsaVerifyUsingKeyRef(otCryptoKeyRef aKeyRef,
+					   const otPlatCryptoSha256Hash *aHash,
+					   const otPlatCryptoEcdsaSignature *aSignature)
+{
+	psa_status_t status;
+
+	status = psa_verify_hash(aKeyRef, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), aHash->m8,
+				 OT_CRYPTO_SHA256_HASH_SIZE, aSignature->m8,
+				 OT_CRYPTO_ECDSA_SIGNATURE_SIZE);
+	if (status != PSA_SUCCESS) {
+		goto out;
+	}
+
+out:
+	return psaToOtError(status);
+}
+
+otError otPlatCryptoEcdsaExportPublicKey(otCryptoKeyRef aKeyRef,
+					 otPlatCryptoEcdsaPublicKey *aPublicKey)
+{
+	psa_status_t status;
+	size_t exported_length;
+	uint8_t buffer[1 + OT_CRYPTO_ECDSA_PUBLIC_KEY_SIZE];
+
+	status = psa_export_public_key(aKeyRef, buffer, sizeof(buffer), &exported_length);
+	if (status != PSA_SUCCESS) {
+		goto out;
+	}
+
+	__ASSERT_NO_MSG(exported_length == sizeof(buffer));
+	memcpy(aPublicKey->m8, buffer + 1, OT_CRYPTO_ECDSA_PUBLIC_KEY_SIZE);
+
+out:
+	return psaToOtError(status);
+}
+
+otError otPlatCryptoEcdsaGenerateAndImportKey(otCryptoKeyRef aKeyRef)
+{
+	psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+	psa_status_t status;
+	psa_key_id_t key_id = (psa_key_id_t)aKeyRef;
+
+	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_HASH);
+	psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
+	psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+	psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_PERSISTENT);
+	psa_set_key_id(&attributes, key_id);
+	psa_set_key_bits(&attributes, 256);
+
+	status = psa_generate_key(&attributes, &key_id);
+	if (status != PSA_SUCCESS) {
+		goto out;
+	}
+
+out:
+	psa_reset_key_attributes(&attributes);
+
+	return psaToOtError(status);
+}
+
 #endif /* #if CONFIG_OPENTHREAD_ECDSA */
