nrf_security: drivers: cracen: Remove sicrypto for ecdsa

Add support for ecdsa directly in cracenpsa
Remove sicrypto from cracenpsa for escda operations
Add support files  needed for escda,
randinrange, hmac, ecc.
Add privat and public ecc key generation
without sicrypto

Signed-off-by: Dag Erik Gjørvad <dag.erik.gjorvad@nordicsemi.no>

Author: degjorva

subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake

@@ -45,6 +45,8 @@ if(CONFIG_PSA_NEED_CRACEN_ASYMMETRIC_SIGNATURE_DRIVER)
   list(APPEND cracen_driver_sources
     ${CMAKE_CURRENT_LIST_DIR}/src/sign.c
     ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/ecdsa.c
+
   )
 endif()
 
@@ -63,6 +65,8 @@ endif()
 if(CONFIG_PSA_NEED_CRACEN_KEY_MANAGEMENT_DRIVER OR CONFIG_PSA_NEED_CRACEN_KMU_DRIVER OR CONFIG_MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
   list(APPEND cracen_driver_sources
     ${CMAKE_CURRENT_LIST_DIR}/src/ed25519.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/ecdsa.c
+    ${CMAKE_CURRENT_LIST_DIR}/src/ecc.c
     ${CMAKE_CURRENT_LIST_DIR}/src/key_management.c
   )
 endif()

subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa.h

@@ -377,4 +377,35 @@ int ed25519ph_verify(const uint8_t *pubkey, const char *message,
 int ed25519_create_pubkey(const uint8_t *privkey,
 				uint8_t *pubkey);
 
+struct sx_pk_ecurve;
+
+struct ecdsa_signature {
+	size_t sz; /**< Total signature size, in bytes. */
+	char *r;   /**< Signature element "r". */
+	char *s;   /**< Signature element "s". */
+};
+struct eccsk {
+	const struct sx_pk_ecurve *curve;
+	char *d;
+};
+
+struct eccpk {
+	const struct sx_pk_ecurve *curve;
+	char *qx;
+	char *qy;
+};
+
+struct ecc_keypair {
+	struct eccsk sk;
+	struct eccpk pk;
+};
+
+int ecc_create_genpubkey(const struct si_eccsk *sk, struct si_eccpk *pk, struct sx_pk_ecurve *curve);
+
+void ecc_create_genprivkey(const struct sx_pk_ecurve *curve,
+			      char *priv_key, size_t priv_key_size);
+
+
+
+
 #endif /* CRACEN_PSA_H */

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ecc.c

@@ -0,0 +1,96 @@
+/* ECC key pair generation.
+ * Based on FIPS 186-4, section B.4.2 "Key Pair Generation by Testing
+ * Candidates".
+ *
+ * Copyright (c) 2023 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <string.h>
+#include <silexpk/core.h>
+#include <silexpk/iomem.h>
+#include <silexpk/cmddefs/ecc.h>
+#include <cracen/statuscodes.h>
+#include "cracen_psa.h"
+#include "final.h"
+#include "util.h"
+
+#define MAX_ECC_ATTEMPTS 10
+
+int ecc_create_genpubkey(const struct si_eccsk *sk, struct si_eccpk *pk, struct sx_pk_ecurve *curve)
+{
+	int status;
+	int opsz;
+	int attempts = MAX_ECC_ATTEMPTS;
+	struct sx_pk_acq_req pkreq;
+	struct sx_pk_inops_ecp_mult inputs;
+
+	for (int i = 0; i <= MAX_ECC_ATTEMPTS; i++) {
+		pkreq = sx_pk_acquire_req(SX_PK_CMD_ECC_PTMUL);
+		if (pkreq.status) {
+			return pkreq.status;
+		}
+
+		pkreq.status = sx_pk_list_ecc_inslots(pkreq.req, curve, 0,
+						(struct sx_pk_slot *)&inputs);
+		if (pkreq.status) {
+			return pkreq.status;
+		}
+		opsz = sx_pk_curve_opsize(curve);
+
+		/* Write the private key (random) into ba414ep device memory */
+		sx_wrpkmem(inputs.k.addr, &pk.d, opsz);
+		sx_pk_write_curve_gen(pkreq.req, curve, inputs.px, inputs.py);
+		sx_pk_run(pkreq.req);
+
+		status = sx_pk_has_finished(pkreq.req);
+
+		if (status == SX_ERR_BUSY) {
+			return SX_ERR_HW_PROCESSING;
+		}
+
+		status = sx_pk_wait(pkreq.req);
+
+	/* 	static int on_generated_public(struct sitask *t, struct siwq *wq) */
+		const char **outputs = sx_pk_get_output_ops(pkreq.req);
+
+		/* When countermeasures are used, the operation may fail with error code
+		* SX_ERR_NOT_INVERTIBLE. In this case we can try again.
+		*/
+		if (status == SX_ERR_NOT_INVERTIBLE) {
+			sx_pk_release_req(pkreq.req);
+			if (i == MAX_ECC_ATTEMPTS) {
+				return SX_ERR_TOO_MANY_ATTEMPTS;
+			}
+		} else {
+			break;
+		}
+
+	}
+	sx_rdpkmem(pk->qx, outputs[0], opsz);
+	sx_rdpkmem(pk->qy, outputs[1], opsz);
+	sx_pk_release_req(pkreq.req);
+
+	return status;
+}
+
+int ecc_create_genprivkey(const struct sx_pk_ecurve *curve,
+			      char *priv_key, size_t priv_key_size)
+{
+	int status;
+	int opsz = sx_pk_curve_opsize(curve);
+	size_t keysz = (size_t)sx_pk_curve_opsize(curve);
+	const char *curve_n = sx_pk_curve_order(curve);
+
+	if (priv_key_size < keysz) {
+		return SX_ERR_OUTPUT_BUFFER_TOO_SMALL;
+	}
+
+	/* generate private key, a random in [1, n-1], where n is the curve
+	 * order
+	 */
+	status = rndinrange_create((const unsigned char *)curve_n, opsz, priv_key);
+
+	return status;
+}