Skip to content

Commit 4f36d87

Browse files
EinhornhoolMrKevinWeiss
Einhornhool
authored and
MrKevinWeiss
committed
examples/psa_crypto: Update example to work with SEs
(cherry picked from commit b2e1c69)
1 parent b13254c commit 4f36d87

File tree

2 files changed

+15
-1
lines changed

2 files changed

+15
-1
lines changed

examples/psa_crypto/example_ecdsa_p256.c

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,10 +81,13 @@ psa_status_t example_ecdsa_p256(void)
8181
}
8282

8383
#ifdef SECURE_ELEMENT
84+
/* Currently there is no support for message signature and verification on secure elements */
8485
psa_set_key_lifetime(&pubkey_attr, lifetime);
86+
psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_HASH);
87+
#else
88+
psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
8589
#endif
8690
psa_set_key_algorithm(&pubkey_attr, ECC_ALG);
87-
psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
8891
psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length));
8992
psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
9093

@@ -99,6 +102,12 @@ psa_status_t example_ecdsa_p256(void)
99102
return status;
100103
}
101104

105+
#ifdef SECURE_ELEMENT
106+
/* Currently there is only support for hash signature and verification on secure elements,
107+
so we can't verify the message, but only the hash */
108+
return psa_verify_hash(pubkey_id, ECC_ALG, hash, sizeof(hash), signature, sig_length);
109+
#endif
110+
102111
/* verify on original message with internal hashing operation */
103112
return psa_verify_message(pubkey_id, ECC_ALG, msg, sizeof(msg), signature, sig_length);
104113
}

examples/psa_crypto/main.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,10 @@
2424
extern psa_status_t example_cipher_aes_128(void);
2525
extern psa_status_t example_hmac_sha256(void);
2626
extern psa_status_t example_ecdsa_p256(void);
27+
28+
#ifndef SECURE_ELEMENT
2729
extern psa_status_t example_eddsa(void);
30+
#endif
2831

2932
#ifdef MULTIPLE_SE
3033
extern psa_status_t example_cipher_aes_128_sec_se(void);
@@ -61,12 +64,14 @@ int main(void)
6164
printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status));
6265
}
6366

67+
#ifndef SECURE_ELEMENT
6468
start = ztimer_now(ZTIMER_USEC);
6569
status = example_eddsa();
6670
printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start));
6771
if (status != PSA_SUCCESS) {
6872
printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status));
6973
}
74+
#endif
7075

7176
#ifdef MULTIPLE_SE
7277
puts("Running Examples with secondary SE:");

0 commit comments

Comments
 (0)