feat(tbor): implement ECC keygen, sign, and ECDH derive#585
Open
vsonims wants to merge 1 commit into
Open
Conversation
Add three stateless masked-key TBOR crypto commands mirroring the MBOR vault-key-handle equivalents: - EccGenerateKey (0x17): generate an ECC keypair (P-256/384/521) and return the private key AEAD-GCM-256 masked under the requested scope plus the wire public key. Nothing is persisted on-device. - EccSign (0x18): unmask a caller-held masked ECC private key in place, ECDSA-sign a host-supplied pre-hashed digest, return raw r||s. - EcdhDerive (0x19): unmask a masked local ECC private key in place, derive an ECDH shared secret against a host peer public key, and re-mask the secret under a target scope. Uses the zero-copy reserve+fill encoder and in-place unmask (decode_mut) patterns. Recovered plaintext keys and derived secrets are scrubbed on every return path (scope exit only resets the bump watermark). ECC import is provided by the existing UnwrapKey (Ecc class); a cross-command test covers UnwrapKey-Ecc -> EccSign. Shared curve/kind mappings added to tbor from_pal (ecc_private, ecdh_secret, ecc_private_curve); dispatch/classifier wiring in mod.rs and op.rs. Wire schemas (fw + host mirror), emu integration tests (host- verified ECDSA roundtrip for all curves), and per-command docs included. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Copilot-Session: 0b09e50a-a9be-4bae-b347-d42dc775a258
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds three stateless masked-key TBOR crypto DDI commands, mirroring the existing MBOR vault-key-handle equivalents. The private key is AEAD-GCM-256 masked and returned to the host (nothing persisted on-device); the caller passes the masked blob back on use.
0x17EccGenerateKey0x18EccSignr‖sover a host digest0x19EcdhDeriveECC import is already provided by the existing
UnwrapKey(Ecc class) from the base PR; a cross-command test coversUnwrapKey-Ecc →EccSign.Design (mirrors the sibling TBOR handlers)
decode_mutto unmask the masked key in place (no scratch copy) and reserve+fill outputs.EccSign/EcdhDeriverecover the curve via a strictfrom_pal::ecc_private_curvethat rejects non-ECC-private kinds (incl.SdSealing); usage attrs (sign/derive) enforced post-unmask.Changes
fw/core/lib/src/ddi/tbor/{ecc_generate_key,ecc_sign,ecdh_derive}.rs.fw/core/lib/src/ddi/tbor/from_pal.rs(ecc_private,ecdh_secret,ecc_private_curve).mod.rs(opcodes, dispatch, 3 classifiers),op.rs(from_tbor_opcode).lib.rsregistration.UnwrapKey-Ecc→sign cross-test + rejects; ecdh all curves/scopes + reject..md+ README rows.Testing
cargo checkfw core (host + Uno no_std) ✅Notes
tbor/unwrap-key); uses opcodes0x17–0x19to avoid collision with the sibling AES/HMAC branches.Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com