From 6097a0e6d3d48f3493ee883f68490c8cdd26a644 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 9 Feb 2026 22:35:41 +0530 Subject: [PATCH] feat(mbedtls): Add ATECC ECDSA PSA driver --- .../core/psa_crypto_driver_wrappers.h | 44 +++++++++++++++++++ .../psa_crypto_driver_wrappers_no_static.c | 26 +++++++++++ 2 files changed, 70 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto_driver_wrappers.h b/tf-psa-crypto/core/psa_crypto_driver_wrappers.h index d6dba487c..dc6038b5e 100644 --- a/tf-psa-crypto/core/psa_crypto_driver_wrappers.h +++ b/tf-psa-crypto/core/psa_crypto_driver_wrappers.h @@ -83,6 +83,11 @@ #if defined(ESP_CMAC_DRIVER_ENABLED) #include "../../../port/psa_driver/include/psa_crypto_driver_esp_cmac.h" +#endif + +/* Headers for atca_ecdsa opaque driver */ +#if defined(ATCA_ECDSA_DRIVER_ENABLED) +#include "../../../port/psa_driver/include/psa_crypto_driver_atca_ecdsa.h" #endif /* END-driver headers */ @@ -103,6 +108,7 @@ #define ESP_CMAC_TRANSPARENT_DRIVER_ID (11) #define ESP_HMAC_TRANSPARENT_DRIVER_ID (12) #define ESP_HMAC_OPAQUE_DRIVER_ID (13) +#define ATCA_ECDSA_OPAQUE_DRIVER_ID (14) /* END-driver id */ @@ -393,6 +399,15 @@ static inline psa_status_t psa_driver_wrapper_sign_hash( } return PSA_ERROR_INVALID_ARGUMENT; #endif /* ESP_RSA_DS_DRIVER_ENABLED */ +#if defined(ATCA_ECDSA_DRIVER_ENABLED) && defined(ATCA_ECDSA_SIGN_DRIVER_ENABLED) + case PSA_KEY_LOCATION_ATCA_ECDSA: + return( atca_ecdsa_opaque_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, + signature_length ) ); +#endif /* ATCA_ECDSA_DRIVER_ENABLED && ATCA_ECDSA_SIGN_DRIVER_ENABLED */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ @@ -467,6 +482,19 @@ static inline psa_status_t psa_driver_wrapper_verify_hash( return( status ); } #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ +#if defined(ATCA_ECDSA_DRIVER_ENABLED) && defined(ATCA_ECDSA_VERIFY_DRIVER_ENABLED) + status = atca_ecdsa_transparent_verify_hash( + attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* ATCA_ECDSA_DRIVER_ENABLED && ATCA_ECDSA_VERIFY_DRIVER_ENABLED */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return( psa_verify_hash_builtin( attributes, @@ -902,6 +930,14 @@ static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data( PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); #endif /* defined(ESP_HMAC_OPAQUE_DRIVER_ENABLED) */ +#if defined(ATCA_ECDSA_DRIVER_ENABLED) && defined(ATCA_ECDSA_SIGN_DRIVER_ENABLED) + case PSA_KEY_LOCATION_ATCA_ECDSA: + *key_buffer_size = atca_ecdsa_opaque_size_function( key_type, + PSA_BYTES_TO_BITS( data_length ) ); + return( ( *key_buffer_size != 0 ) ? + PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); +#endif /* ATCA_ECDSA_DRIVER_ENABLED && ATCA_ECDSA_SIGN_DRIVER_ENABLED */ + default: (void)key_type; (void)data; @@ -1102,6 +1138,14 @@ static inline psa_status_t psa_driver_wrapper_import_key( )); #endif /* ESP_RSA_DS_DRIVER_ENABLED */ +#if defined(ATCA_ECDSA_DRIVER_ENABLED) && defined(ATCA_ECDSA_SIGN_DRIVER_ENABLED) + case PSA_KEY_LOCATION_ATCA_ECDSA: + return( atca_ecdsa_opaque_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits ) ); +#endif /* ATCA_ECDSA_DRIVER_ENABLED && ATCA_ECDSA_SIGN_DRIVER_ENABLED */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void)status; diff --git a/tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.c b/tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.c index 702a446bb..6c33a7caf 100644 --- a/tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.c +++ b/tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.c @@ -46,6 +46,11 @@ #endif +/* Headers for atca_ecdsa opaque driver */ +#if defined(ATCA_ECDSA_DRIVER_ENABLED) +#include "../../../port/psa_driver/include/psa_crypto_driver_atca_ecdsa.h" +#endif + /* END-driver headers */ /* Auto-generated values depending on which drivers are registered. @@ -107,6 +112,14 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size( PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(ATCA_ECDSA_DRIVER_ENABLED) && defined(ATCA_ECDSA_SIGN_DRIVER_ENABLED) + case PSA_KEY_LOCATION_ATCA_ECDSA: + *key_buffer_size = atca_ecdsa_opaque_size_function( key_type, + key_bits ); + return( ( *key_buffer_size != 0 ) ? + PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); +#endif /* ATCA_ECDSA_DRIVER_ENABLED && ATCA_ECDSA_SIGN_DRIVER_ENABLED */ + default: (void)key_type; (void)key_bits; @@ -202,6 +215,19 @@ psa_status_t psa_driver_wrapper_export_public_key( } return PSA_ERROR_INVALID_ARGUMENT; #endif /* defined(ESP_ECDSA_DRIVER_ENABLED) && defined(ESP_ECDSA_SIGN_DRIVER_ENABLED) */ +#if defined(ATCA_ECDSA_DRIVER_ENABLED) && defined(ATCA_ECDSA_SIGN_DRIVER_ENABLED) + case PSA_KEY_LOCATION_ATCA_ECDSA: + if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && + PSA_ALG_IS_ECDSA( psa_get_key_algorithm(attributes) ) && + PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1) + { + return( atca_ecdsa_opaque_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length ) ); + } + return PSA_ERROR_INVALID_ARGUMENT; +#endif /* ATCA_ECDSA_DRIVER_ENABLED && ATCA_ECDSA_SIGN_DRIVER_ENABLED */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */