Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nrf_security: drivers: cracen: integrate new version #19139

Merged
merged 5 commits into from
Jan 15, 2025
Merged

nrf_security: drivers: cracen: integrate new version #19139

merged 5 commits into from
Jan 15, 2025

Conversation

tomi-font
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Nov 28, 2024
@tomi-font tomi-font removed the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Nov 28, 2024
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Nov 28, 2024
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 24

Inputs:

Sources:

sdk-nrf: PR head: ff1c225ad7db26094b33fdd1d602e46b3316d955

more details

sdk-nrf:

PR head: ff1c225ad7db26094b33fdd1d602e46b3316d955
merge base: c361c8ac4ab828a90edb02a59cd982de05f4d818
target head (main): aa718f878b6c76419241980f39924c8a97ab488d
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (57) 
subsys
│  ├── nrf_security
│  │  ├── src
│  │  │  ├── drivers
│  │  │  │  ├── cracen
│  │  │  │  │  ├── common
│  │  │  │  │  │  ├── include
│  │  │  │  │  │  │  ├── cracen
│  │  │  │  │  │  │  │  │ statuscodes.h
│  │  │  │  │  ├── cracenpsa
│  │  │  │  │  │  ├── src
│  │  │  │  │  │  │  │ sign.c
│  │  │  │  │  ├── sicrypto
│  │  │  │  │  │  ├── include
│  │  │  │  │  │  │  ├── sicrypto
│  │  │  │  │  │  │  │  │ ed25519ph.h
│  │  │  │  │  │  ├── src
│  │  │  │  │  │  │  │ ed25519ph.c
│  │  │  │  │  ├── silexpk
│  │  │  │  │  │  ├── include
│  │  │  │  │  │  │  ├── silexpk
│  │  │  │  │  │  │  │  ├── cmddefs
│  │  │  │  │  │  │  │  │  ├── ecc.h
│  │  │  │  │  │  │  │  │  ├── ecjpake.h
│  │  │  │  │  │  │  │  │  ├── edwards.h
│  │  │  │  │  │  │  │  │  │ modexp.h
│  │  │  │  │  │  │  │  ├── core.h
│  │  │  │  │  │  │  │  ├── ec_curves.h
│  │  │  │  │  │  │  │  ├── ed25519.h
│  │  │  │  │  │  │  │  ├── ed448.h
│  │  │  │  │  │  │  │  ├── montgomery.h
│  │  │  │  │  │  │  │  ├── sxops
│  │  │  │  │  │  │  │  │  ├── eccweierstrass.h
│  │  │  │  │  │  │  │  │  ├── ecjpake.h
│  │  │  │  │  │  │  │  │  │ version.h
│  │  │  │  │  │  │  │  │ version.h
│  │  │  │  │  │  ├── src
│  │  │  │  │  │  │  ├── ed25519.c
│  │  │  │  │  │  │  ├── ed448.c
│  │  │  │  │  │  │  ├── montgomery.c
│  │  │  │  │  │  │  │ statuscodes.c
│  │  │  │  │  │  ├── target
│  │  │  │  │  │  │  ├── hw
│  │  │  │  │  │  │  │  ├── ba414
│  │  │  │  │  │  │  │  │  ├── ba414_status.c
│  │  │  │  │  │  │  │  │  ├── cmddefs_ecc.c
│  │  │  │  │  │  │  │  │  ├── ec_curves.c
│  │  │  │  │  │  │  │  │  ├── op_slots.h
│  │  │  │  │  │  │  │  │  ├── pkhardware_ba414e.c
│  │  │  │  │  │  │  │  │  │ regs_commands.h
│  │  │  │  │  │  │  │  ├── ik
│  │  │  │  │  │  │  │  │  │ ikhardware.c
│  │  │  │  │  ├── sxsymcrypt
│  │  │  │  │  │  ├── include
│  │  │  │  │  │  │  ├── sxsymcrypt
│  │  │  │  │  │  │  │  ├── aead.h
│  │  │  │  │  │  │  │  ├── chachapoly.h
│  │  │  │  │  │  │  │  ├── hmac.h
│  │  │  │  │  │  │  │  ├── internal.h
│  │  │  │  │  │  │  │  ├── sha1.h
│  │  │  │  │  │  │  │  ├── sha2.h
│  │  │  │  │  │  │  │  ├── sha3.h
│  │  │  │  │  │  │  │  ├── sm3.h
│  │  │  │  │  │  │  │  ├── trng.h
│  │  │  │  │  │  │  │  │ version.h
│  │  │  │  │  │  ├── src
│  │  │  │  │  │  │  ├── aead.c
│  │  │  │  │  │  │  ├── aeaddefs.h
│  │  │  │  │  │  │  ├── ba431regs.h
│  │  │  │  │  │  │  ├── blkcipher.c
│  │  │  │  │  │  │  ├── blkcipherdefs.h
│  │  │  │  │  │  │  ├── chachapoly.c
│  │  │  │  │  │  │  ├── cmac.c
│  │  │  │  │  │  │  ├── cmdma.c
│  │  │  │  │  │  │  ├── cmdma.h
│  │  │  │  │  │  │  ├── cmmask.c
│  │  │  │  │  │  │  ├── crypmasterregs.h
│  │  │  │  │  │  │  ├── hash.c
│  │  │  │  │  │  │  ├── hashdefs.h
│  │  │  │  │  │  │  ├── hmac.c
│  │  │  │  │  │  │  ├── keyrefdefs.h
│  │  │  │  │  │  │  ├── mac.c
│  │  │  │  │  │  │  ├── macdefs.h
│  │  │  │  │  │  │  ├── sha3.c
│  │  │  │  │  │  │  │ trng.c

Outputs:

Toolchain

Version: 11349092be
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:11349092be_912848a074

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain - Skipped: existing toolchain is used
  • ✅ Build twister
    • sdk-nrf test count: 1642
  • ✅ Integration tests
    • ✅ test-fw-nrfconnect-chip
    • ✅ test-fw-nrfconnect-nrf_crypto
    • ✅ test-fw-nrfconnect-tfm
    • ✅ test-sdk-find-my
    • ✅ test-sdk-sidewalk
    • ✅ test-sdk-dfu
    • ⚠️ test-fw-nrfconnect-nrf-iot_cloud
Disabled integration tests
    • desktop52_verification
    • doc-internal
    • test_ble_nrf_config
    • test-fw-nrfconnect-apps
    • test-fw-nrfconnect-ble_mesh
    • test-fw-nrfconnect-ble_samples
    • test-fw-nrfconnect-boot
    • test-fw-nrfconnect-fem
    • test-fw-nrfconnect-nfc
    • test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • test-fw-nrfconnect-nrf-iot_mosh
    • test-fw-nrfconnect-nrf-iot_nrf_provisioning
    • test-fw-nrfconnect-nrf-iot_positioning
    • test-fw-nrfconnect-nrf-iot_samples
    • test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • test-fw-nrfconnect-nrf-iot_thingy91
    • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • test-fw-nrfconnect-ps
    • test-fw-nrfconnect-rpc
    • test-fw-nrfconnect-rs
    • test-fw-nrfconnect-thread
    • test-fw-nrfconnect-zigbee
    • test-low-level
    • test-sdk-audio
    • test-sdk-mcuboot
    • test-sdk-pmic-samples
    • test-sdk-wifi
    • test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

@tomi-font tomi-font force-pushed the security_cracen_new_drivers_integration branch from faa0433 to b2afca8 Compare November 29, 2024 11:09
@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Nov 29, 2024
@tomi-font tomi-font marked this pull request as ready for review November 29, 2024 11:16
@tomi-font tomi-font requested a review from a team as a code owner November 29, 2024 11:16
@tomi-font tomi-font force-pushed the security_cracen_new_drivers_integration branch from b2afca8 to 2208d1c Compare November 29, 2024 12:08
@tomi-font tomi-font added the CI-disable Disable CI for this PR label Dec 2, 2024
@tomi-font tomi-font force-pushed the security_cracen_new_drivers_integration branch 2 times, most recently from 2954ef1 to e435b87 Compare December 2, 2024 11:01
@tomi-font tomi-font removed the CI-disable Disable CI for this PR label Dec 2, 2024
@tomi-font tomi-font force-pushed the security_cracen_new_drivers_integration branch from e435b87 to 5732f5e Compare December 2, 2024 11:11
@tomi-font tomi-font removed the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Dec 2, 2024
endre-nordic
endre-nordic reviewed Dec 2, 2024
View reviewed changes
subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/ba431regs.h Outdated
@@ -1,7 +1,7 @@
/** BA431 TRNG registers defines.
*
* @file
* @copyright Copyright (c) 2023 Nordic Semiconductor ASA
* @copyright Copyright (cu) 2023 Nordic Semiconductor ASA
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/cu/c

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😮 who did that

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed (+ rebased)

@tomi-font tomi-font force-pushed the security_cracen_new_drivers_integration branch from 5732f5e to 23ef039 Compare December 3, 2024 09:47
@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Dec 3, 2024
@tomi-font tomi-font removed the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Dec 3, 2024
@tomi-font tomi-font force-pushed the security_cracen_new_drivers_integration branch from 23ef039 to 7b40b17 Compare December 10, 2024 08:10
@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Dec 10, 2024
@tomi-font tomi-font removed the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Dec 16, 2024
@frkv frkv requested a review from a team December 18, 2024 08:10
Vge0rge
Vge0rge reviewed Dec 27, 2024
View reviewed changes
Copy link
Contributor

@Vge0rge Vge0rge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did a first pass on this, I think tht it is a good idea to remove unused code/references sicne it is not clear yet if these are needed.

subsys/nrf_security/src/drivers/cracen/silexpk/include/silexpk/sxops/eccweierstrass.h Outdated
* @return ::SX_ERR_EXPIRED
* @return ::SX_ERR_PK_RETRY
*/
static inline int sx_ecp_check_order(const struct sx_pk_ecurve *curve,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see it referenenced anywhere, is this unused?

@tomi-font tomi-font force-pushed the security_cracen_new_drivers_integration branch from 7b40b17 to f26e34d Compare December 30, 2024 12:44
@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Dec 30, 2024
@tomi-font
Copy link
Contributor Author

I did a first pass on this, I think tht it is a good idea to remove unused code/references sicne it is not clear yet if these are needed.

Yeah. Some you pointed out were just used directly by some samples. One was used by sicrypto, which I did not update in this PR. It's very likely we already have occurrences of unused symbols in the main tree.

@tomi-font tomi-font removed the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Dec 30, 2024
@Vge0rge
Copy link
Contributor

Vge0rge commented Dec 30, 2024
edited
Loading

I did a first pass on this, I think tht it is a good idea to remove unused code/references sicne it is not clear yet if these are needed.

Yeah. Some you pointed out were just used directly by some samples. One was used by sicrypto, which I did not update in this PR. It's very likely we already have occurrences of unused symbols in the main tree.

My guess is that you are referring to internal Silex samples. Please correct me if I am wrong. If these are the samples that you refer to I would propose to ignore them since these are not intergated in the CI, it's better to avoid including code solely used by these samples.

I agree that more cleanup is needed for this code for sure. But this is not a valid reason to add more unused code. Lets have less cleanup to do later :)

@tomi-font tomi-font force-pushed the security_cracen_new_drivers_integration branch from f26e34d to ade6f8c Compare January 13, 2025 13:23
@tomi-font
Copy link
Contributor Author

just rebased

@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Jan 13, 2025
@tomi-font tomi-font removed the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Jan 13, 2025
degjorva
degjorva approved these changes Jan 14, 2025
View reviewed changes
Copy link
Contributor

@degjorva degjorva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved since a cleanup commit is planned

subsys/nrf_security/src/drivers/cracen/sxsymcrypt/include/sxsymcrypt/internal.h
Comment on lines +24 to 25
#define SX_BLKCIPHER_PRIV_SZ (16)
#define SX_AEAD_PRIV_SZ (70)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason parentheses were added here instead of removed like everywhere else?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really, no.

@tomi-font
nrf_security: drivers: cracen: integrate updated silexpk headers
5f06320 
source: /silexpk-r20220524/include/silexpk/

The following new header files are left out and could
subsequently be added if there is a use for them:
- 3gpp.h
- aria.h
- channel.h
- transfer.h

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font
nrf_security: drivers: integrate updated sxsymcrypt headers
3edfa4f 
source: /sxsymcrypt-r20220504/include/sxsymcrypt/

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font
nrf_security: drivers: cracen: integrated updated silexpk sources
b7e07c5 
source: /silexpk-r20220524/
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font
nrf_security: drivers: cracen: integrate updated sxsymcrypt sources
ed531a3 
source: /sxsymcrypt-r20220504/

The following new source files are left out and could
subsequently be added if there is a use for them:
- 3gpp.c
- aria.c
- channel.c
- transfer.c

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font tomi-font force-pushed the security_cracen_new_drivers_integration branch from ade6f8c to ed531a3 Compare January 14, 2025 12:17
@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Jan 14, 2025
frkv
frkv reviewed Jan 14, 2025
View reviewed changes
subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/blkcipher.c
c->inminsz = 16;
c->granularity = 16;
return sx_blkcipher_create_aes_ba411(c, key, NULL, BLKCIPHER_MODEID_ECB, ba411cfg.decr);
return sx_blkcipher_create_aes_ba411(c, key, NULL, &ba411ecbcfg, ba411ecbcfg.decr);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any particular reason why this global symbol (ba411ecbcfg.decr) is referenced here. Wouldn't CM_CFG_DECRYPT be simpler?

The change has already happened in sx_blkcipher_create_aesecb_enc...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I also noticed that, and I don't quite know. For some reason CM_CFG_ENCRYPT is used directly but for CM_CFG_DECRYPT it's obtained from the sx_blkcipher_cmdma_cfg struct's decr member.
My line of conduct with this PR was to only integrate the differences and not make changes of mine, otherwise I might've ended up rewriting the whole thing. 😃
Regarding the decr member in particular, I see it's set to a different value in chachapoly.c.
And aead.c uses it, so we might not be able to remove it from the struct (at least in the most straightforward way).
So yeah, we could still replace those ba411*cfg.decr by the literal macros here, but I'll leave that for follow-up cleanup/optimization work. (And will take note of that.)

frkv
frkv approved these changes Jan 14, 2025
View reviewed changes
Copy link
Contributor

@frkv frkv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

(Minor NITS about naming convention for Ed25519 and Ed448)

@tomi-font
nrf_security: drivers: cracen: fix Ed25519 and Ed448 spelling
ff1c225 
Capitalize them properly.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
@tomi-font tomi-font removed the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Jan 15, 2025
frkv
frkv approved these changes Jan 15, 2025
View reviewed changes
Copy link
Contributor

@frkv frkv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nordicjm nordicjm merged commit 8144355 into nrfconnect:main Jan 15, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@endre-nordic endre-nordic endre-nordic left review comments

@Vge0rge Vge0rge Vge0rge approved these changes

@degjorva degjorva degjorva approved these changes

@frkv frkv frkv approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@tomi-font @NordicBuilder @Vge0rge @degjorva @frkv @endre-nordic @nordicjm