Add support for P256 ECDSA signing to ecdsa_sw capsule
#4451
Conversation
5444be2 to
15f722f
Compare
|
Oh, I didn't realize that #4395 hasn't been merged. Hopefully that will be merged and then it probably makes sense to implement the |
|
Ooh, perfect! Adding that this afternoon, thanks for heads up! |
|
Rebasing now to implement |
…igning, ensure passes on hardware
… update latter to better parallel EcdsaP256SignatureVerifier
|
(Tests are passing, so marked open for full review!) |
| @@ -57,3 +57,54 @@ pub trait SignatureVerify<'a, const HL: usize, const SL: usize> { | |||
| signature: &'static mut [u8; SL], | |||
| ) -> Result<(), (ErrorCode, &'static mut [u8; HL], &'static mut [u8; SL])>; | |||
| } | |||
|
|
|||
| /// This trait provides callbacks for when the signing has completed. | |||
| pub trait ClientSign<const HL: usize, const SL: usize> { | |||
There was a problem hiding this comment.
Should probably be SignClient to align with naming in other HILs
There was a problem hiding this comment.
Good catch, thank you! Okay if I also change ClientVerify -> VerifyClient as well above?
There was a problem hiding this comment.
A lot of the cryto HILs (digest, entropy, verify) use ClientX naming. Might make sense to not change now and make a decision to do them all at once.
|
Status: Just needs the mechanical rename |
|
This PR just uses the existing naming scheme, why change it just in this PR? |
|
Nevermind, mis-understood the conversation above; thought we had an asymmetry where it made sense to just change one here for the moment. 🚢 ing it |
Pull Request Overview
This pull request adds signing support to
ecdsa_swfor P256.Testing Strategy
This pull request was tested by creating a capsule test
TestEcdsaP256Signand adding it to thenrf52840dk-test-kernelboard definition as an additional test to run.The signatures generated by
EcdsaP256SignatureSignerin this PR use the RFC 6979 approach of deterministic nonce generation, so I was able to generate a known answer test (KAT) using PyCryptodome that signed the hash of "hello world" with the the private key from theEcdsaP256SignatureVerifiertest.The KAT values used for testing are in
boards/configurations/nrf52840dk/nrf52840dk-test-kernel/src/test/ecdsa_p256_test.rsin this PR.TODO or Help Wanted
It may be desirable as well to add a capsule test for
EcdsaP256SignatureVerifierat some point; this is something I'd be happy to tackle as well post-MobiSys.Documentation Updated
/docs, or no updates are required.Formatting
make prepush.