2222#include "atecc608a_se.h"
2323#include "atca_helpers.h"
2424
25+ #include "psa/crypto.h"
26+
2527#ifdef DEBUG_PRINT
2628#include <stdio.h>
2729#endif
6062
6163static ATCAIfaceCfg atca_iface_config = {
6264 .iface_type = ATCA_I2C_IFACE ,
63- .devtype = ATECC608A ,
65+ .devtype = ATECC508A ,
6466 .atcai2c .slave_address = 0xC0 ,
6567 .atcai2c .bus = 2 ,
6668 .atcai2c .baud = 400000 ,
@@ -120,6 +122,12 @@ psa_status_t atecc608a_to_psa_error(ATCA_STATUS ret)
120122 }
121123}
122124
125+ static psa_status_t is_public_key_slot (uint16_t key_slot )
126+ {
127+ /* Keys 8 to 15 can store public keys. Slots 1-7 are too small. */
128+ return ((key_slot >= 8 && key_slot <=15 ) ? PSA_SUCCESS : PSA_ERROR_INVALID_ARGUMENT );
129+ }
130+
123131psa_status_t atecc608a_init ()
124132{
125133 return atecc608a_to_psa_error (atcab_init (& atca_iface_config ));
@@ -146,7 +154,7 @@ static psa_status_t atecc608a_export_public_key(psa_key_slot_number_t key,
146154 ASSERT_SUCCESS_PSA (atecc608a_init ());
147155
148156 /* atcab_get_pubkey returns concatenated x and y values, and the desired
149- format is 0x04 + x + y. We start at &p_data[1] and add a 0x04 at p_data[0]. */
157+ * format is 0x04 + x + y. Start at &p_data[1] and add a 0x04 at p_data[0]. */
150158 ASSERT_SUCCESS (atcab_get_pubkey (slot , & p_data [1 ]));
151159
152160 p_data [0 ] = 4 ;
@@ -161,6 +169,47 @@ static psa_status_t atecc608a_export_public_key(psa_key_slot_number_t key,
161169 atecc608a_deinit ();
162170 return status ;
163171}
172+ static psa_status_t atecc608a_import_public_key (psa_key_slot_number_t key_slot ,
173+ psa_key_lifetime_t lifetime ,
174+ psa_key_type_t type ,
175+ psa_algorithm_t alg ,
176+ psa_key_usage_t usage ,
177+ const uint8_t * p_data ,
178+ size_t data_length )
179+ {
180+ const uint16_t key_id = key_slot ;
181+ psa_status_t status = PSA_ERROR_GENERIC_ERROR ;
182+
183+ ASSERT_SUCCESS_PSA (is_public_key_slot (key_id ));
184+
185+ /* Check if the key has a size of 65 {0x04, X, Y}. */
186+ if (data_length != PSA_KEY_EXPORT_MAX_SIZE (PSA_KEY_TYPE_ECC_PUBLIC_KEY (
187+ PSA_ECC_CURVE_SECP256R1 ),
188+ 256 ))
189+ {
190+ return PSA_ERROR_INVALID_ARGUMENT ;
191+ }
192+
193+ if (type != PSA_KEY_TYPE_ECC_PUBLIC_KEY (PSA_ECC_CURVE_SECP256R1 ))
194+ {
195+ return PSA_ERROR_NOT_SUPPORTED ;
196+ }
197+
198+ /* The driver can only do randomized ECDSA on SHA-256 */
199+ if (alg != PSA_ALG_ECDSA (PSA_ALG_SHA_256 ) && alg != PSA_ALG_ECDSA_ANY )
200+ {
201+ return PSA_ERROR_NOT_SUPPORTED ;
202+ }
203+
204+ ASSERT_SUCCESS_PSA (atecc608a_init ());
205+
206+ /* PSA public key format is {0x04, X, Y}, and the cryptoauthlib accepts
207+ * raw {X,Y}. */
208+ ASSERT_SUCCESS (atcab_write_pubkey (key_id , p_data + 1 ));
209+ exit :
210+ atecc608a_deinit ();
211+ return status ;
212+ }
164213
165214static psa_status_t atecc608a_asymmetric_sign (psa_key_slot_number_t key_slot ,
166215 psa_algorithm_t alg ,
@@ -173,13 +222,13 @@ static psa_status_t atecc608a_asymmetric_sign(psa_key_slot_number_t key_slot,
173222 const uint16_t key_id = key_slot ;
174223 psa_status_t status = PSA_ERROR_GENERIC_ERROR ;
175224
176- /* We can only do ECDSA on SHA-256 */
225+ /* The driver can only do randomized ECDSA on SHA-256 */
177226 if (alg != PSA_ALG_ECDSA (PSA_ALG_SHA_256 ) && alg != PSA_ALG_ECDSA_ANY )
178227 {
179228 return PSA_ERROR_NOT_SUPPORTED ;
180229 }
181230
182- if (hash_length != 32 )
231+ if (hash_length != PSA_HASH_SIZE ( PSA_ALG_SHA_256 ) )
183232 {
184233 /* The driver only supports signing things of length 32. */
185234 return PSA_ERROR_NOT_SUPPORTED ;
@@ -208,24 +257,64 @@ static psa_status_t atecc608a_asymmetric_sign(psa_key_slot_number_t key_slot,
208257 return status ;
209258}
210259
260+ psa_status_t atecc608a_asymmetric_verify (psa_key_slot_number_t key_slot ,
261+ psa_algorithm_t alg ,
262+ const uint8_t * p_hash ,
263+ size_t hash_length ,
264+ const uint8_t * p_signature ,
265+ size_t signature_length )
266+ {
267+ const uint16_t key_id = key_slot ;
268+ psa_status_t status = PSA_ERROR_GENERIC_ERROR ;
269+ bool is_verified = false;
270+
271+ ASSERT_SUCCESS_PSA (is_public_key_slot (key_id ));
272+
273+ /* The driver can only do randomized ECDSA on SHA-256 */
274+ if (alg != PSA_ALG_ECDSA (PSA_ALG_SHA_256 ) && alg != PSA_ALG_ECDSA_ANY )
275+ {
276+ return PSA_ERROR_NOT_SUPPORTED ;
277+ }
278+
279+ if (hash_length != PSA_HASH_SIZE (PSA_ALG_SHA_256 ))
280+ {
281+ /* The driver only supports hashes of length 32. */
282+ return PSA_ERROR_NOT_SUPPORTED ;
283+ }
284+
285+ if (signature_length != ATCA_SIG_SIZE )
286+ {
287+ /* The driver only supports signatures of length 64. */
288+ return PSA_ERROR_INVALID_SIGNATURE ;
289+ }
290+
291+ ASSERT_SUCCESS_PSA (atecc608a_init ());
292+
293+ ASSERT_SUCCESS (atcab_verify_stored (p_hash , p_signature , key_id , & is_verified ));
294+
295+ exit :
296+ atecc608a_deinit ();
297+ return status ;
298+ }
211299
212300#define PSA_ATECC608A_LIFETIME 0xdeadbeefU
213301
214302static psa_drv_se_asymmetric_t atecc608a_asymmetric =
215303{
216- .p_sign = & atecc608a_asymmetric_sign ,
217- .p_verify = 0 ,
304+ .p_sign = atecc608a_asymmetric_sign ,
305+ .p_verify = atecc608a_asymmetric_verify ,
218306 .p_encrypt = 0 ,
219307 .p_decrypt = 0 ,
220308};
221309
222310static psa_drv_se_key_management_t atecc608a_key_management =
223311{
224- .p_import = 0 ,
312+ /* So far there is no public key import function in the API, so use this instead */
313+ .p_import = atecc608a_import_public_key ,
225314 .p_generate = 0 ,
226315 .p_destroy = 0 ,
227316 /* So far there is no public key export function in the API, so use this instead */
228- .p_export = & atecc608a_export_public_key ,
317+ .p_export = atecc608a_export_public_key ,
229318};
230319
231320psa_drv_se_info_t atecc608a_drv_info =
0 commit comments