diff --git a/tests/crypto/secp256r1/CMakeLists.txt b/tests/crypto/secp256r1/CMakeLists.txt new file mode 100644 index 00000000000..7a521ccddca --- /dev/null +++ b/tests/crypto/secp256r1/CMakeLists.txt @@ -0,0 +1,10 @@ +# Copyright (c) 2024 Nordic Semiconductor ASA +# SPDX-License-Identifier: Apache-2.0 + + +cmake_minimum_required(VERSION 3.20.0) +find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) +project(mbedtls) + +FILE(GLOB app_sources src/*.c) +target_sources(app PRIVATE ${app_sources}) diff --git a/tests/crypto/secp256r1/mbedtls.conf b/tests/crypto/secp256r1/mbedtls.conf new file mode 100644 index 00000000000..79af8d17368 --- /dev/null +++ b/tests/crypto/secp256r1/mbedtls.conf @@ -0,0 +1,15 @@ +CONFIG_MBEDTLS=y +CONFIG_MBEDTLS_PSA_CRYPTO_C=y +CONFIG_MBEDTLS_PSA_P256M_DRIVER_ENABLED=y + +CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC=y +CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT=y +CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT=y +CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE=y +CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE=y +CONFIG_PSA_WANT_ECC_SECP_R1_256=y +CONFIG_PSA_WANT_ALG_ECDH=y +CONFIG_PSA_WANT_ALG_ECDSA=y + +CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG=y +CONFIG_ENTROPY_GENERATOR=y diff --git a/tests/crypto/secp256r1/prj.conf b/tests/crypto/secp256r1/prj.conf new file mode 100644 index 00000000000..2c29f4bb895 --- /dev/null +++ b/tests/crypto/secp256r1/prj.conf @@ -0,0 +1,2 @@ +CONFIG_ZTEST_STACK_SIZE=8192 +CONFIG_ZTEST=y diff --git a/tests/crypto/secp256r1/src/main.c b/tests/crypto/secp256r1/src/main.c new file mode 100644 index 00000000000..0126e040c4c --- /dev/null +++ b/tests/crypto/secp256r1/src/main.c @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2024 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/* + * Simple test to show support for secp256r1 curve with either MbedTLS and + * TinyCrypt. Operations are pretty simple: + * - generate 2 keys + * - perform key agreement. + * The idea is to provide a way to compare memory footprint for the very + * same kind of implemented feature between the 2 crypto libraries. + */ + +#include + +#if defined(CONFIG_MBEDTLS) +#include "psa/crypto.h" +#else +#include "zephyr/random/random.h" +#include "tinycrypt/constants.h" +#include "tinycrypt/ecc.h" +#include "tinycrypt/ecc_dh.h" +#endif + +#if defined(CONFIG_MBEDTLS) +ZTEST_USER(test_fn, test_mbedtls) +{ + psa_status_t status; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t key_id_1 = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t key_id_2 = MBEDTLS_SVC_KEY_ID_INIT; + uint8_t public_key_2[65]; + size_t public_key_2_len; + uint8_t secret[32]; + size_t secret_len; + + psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); + psa_set_key_bits(&key_attr, 256); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&key_attr, PSA_ALG_ECDH); + + status = psa_generate_key(&key_attr, &key_id_1); + zassert_equal(status, PSA_SUCCESS, "Unable to generate 1st EC key (%d)", status); + + status = psa_generate_key(&key_attr, &key_id_2); + zassert_equal(status, PSA_SUCCESS, "Unable to generate 1st EC key (%d)", status); + + status = psa_export_public_key(key_id_2, public_key_2, sizeof(public_key_2), + &public_key_2_len); + zassert_equal(status, PSA_SUCCESS, "Unable to export public key (%d)", status); + + status = psa_raw_key_agreement(PSA_ALG_ECDH, key_id_1, public_key_2, public_key_2_len, + secret, sizeof(secret), &secret_len); + zassert_equal(status, PSA_SUCCESS, "Unable to compute shared secret (%d)", status); +} +#else /* CONFIG_TINYCRYPT */ +ZTEST_USER(test_fn, test_tinycrypt) +{ + uint8_t public_key_1[64], public_key_2[64]; + uint8_t private_key_1[32], private_key_2[32]; + uint8_t secret[32]; + int ret; + + ret = uECC_make_key(public_key_1, private_key_1, &curve_secp256r1); + zassert_equal(ret, TC_CRYPTO_SUCCESS, "Unable to generate 1st EC key (%d)", ret); + + ret = uECC_make_key(public_key_2, private_key_2, &curve_secp256r1); + zassert_equal(ret, TC_CRYPTO_SUCCESS, "Unable to generate 2nd EC key (%d)", ret); + + ret = uECC_valid_public_key(public_key_2, &curve_secp256r1); + zassert_equal(ret, 0, "Invalid public key (%d)", ret); + + ret = uECC_shared_secret(public_key_2, private_key_1, secret, &curve_secp256r1); + zassert_equal(ret, TC_CRYPTO_SUCCESS, "Unable to compute the shared secret (%d)", ret); +} + +int default_CSPRNG(uint8_t *dst, unsigned int len) +{ + return (sys_csrand_get(dst, len) == 0); +} +#endif /* CONFIG_TINYCRYPT */ + +ZTEST_SUITE(test_fn, NULL, NULL, NULL, NULL, NULL); diff --git a/tests/crypto/secp256r1/testcase.yaml b/tests/crypto/secp256r1/testcase.yaml new file mode 100644 index 00000000000..9ee4cbaf561 --- /dev/null +++ b/tests/crypto/secp256r1/testcase.yaml @@ -0,0 +1,15 @@ +common: + filter: dt_chosen_enabled("zephyr,entropy") and + CONFIG_CSPRNG_ENABLED and + CONFIG_HARDWARE_DEVICE_CS_GENERATOR and + not CONFIG_BUILD_WITH_TFM and + not (CONFIG_MBEDTLS and CONFIG_TINYCRYPT) + tags: + - mbedtls + - tinycrypt + - p256-m +tests: + crypto.secp256r1.mbedtls: + extra_args: OVERLAY_CONFIG=mbedtls.conf + crypto.secp256r1.tinycrypt: + extra_args: OVERLAY_CONFIG=tinycrypt.conf diff --git a/tests/crypto/secp256r1/tinycrypt.conf b/tests/crypto/secp256r1/tinycrypt.conf new file mode 100644 index 00000000000..1992ea96414 --- /dev/null +++ b/tests/crypto/secp256r1/tinycrypt.conf @@ -0,0 +1,5 @@ +CONFIG_TINYCRYPT=y +CONFIG_TINYCRYPT_ECC_DH=y +CONFIG_TINYCRYPT_ECC_DSA=y + +CONFIG_ENTROPY_GENERATOR=y