diff --git a/examples/psa_crypto/example_ecdsa_p256.c b/examples/psa_crypto/example_ecdsa_p256.c index 4f60a4916d..fe5fa8a170 100644 --- a/examples/psa_crypto/example_ecdsa_p256.c +++ b/examples/psa_crypto/example_ecdsa_p256.c @@ -81,10 +81,13 @@ psa_status_t example_ecdsa_p256(void) } #ifdef SECURE_ELEMENT + /* Currently there is no support for message signature and verification on secure elements */ psa_set_key_lifetime(&pubkey_attr, lifetime); + psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_HASH); +#else + psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE); #endif psa_set_key_algorithm(&pubkey_attr, ECC_ALG); - psa_set_key_usage_flags(&pubkey_attr, PSA_KEY_USAGE_VERIFY_MESSAGE); psa_set_key_bits(&pubkey_attr, PSA_BYTES_TO_BITS(pubkey_length)); psa_set_key_type(&pubkey_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)); @@ -99,6 +102,12 @@ psa_status_t example_ecdsa_p256(void) return status; } +#ifdef SECURE_ELEMENT + /* Currently there is only support for hash signature and verification on secure elements, + so we can't verify the message, but only the hash */ + return psa_verify_hash(pubkey_id, ECC_ALG, hash, sizeof(hash), signature, sig_length); +#endif + /* verify on original message with internal hashing operation */ return psa_verify_message(pubkey_id, ECC_ALG, msg, sizeof(msg), signature, sig_length); } diff --git a/examples/psa_crypto/main.c b/examples/psa_crypto/main.c index b146d69335..a45e27220b 100644 --- a/examples/psa_crypto/main.c +++ b/examples/psa_crypto/main.c @@ -24,7 +24,10 @@ extern psa_status_t example_cipher_aes_128(void); extern psa_status_t example_hmac_sha256(void); extern psa_status_t example_ecdsa_p256(void); + +#ifndef SECURE_ELEMENT extern psa_status_t example_eddsa(void); +#endif #ifdef MULTIPLE_SE extern psa_status_t example_cipher_aes_128_sec_se(void); @@ -61,12 +64,14 @@ int main(void) printf("ECDSA failed: %s\n", psa_status_to_humanly_readable(status)); } +#ifndef SECURE_ELEMENT start = ztimer_now(ZTIMER_USEC); status = example_eddsa(); printf("EdDSA took %d us\n", (int)(ztimer_now(ZTIMER_USEC) - start)); if (status != PSA_SUCCESS) { printf("EdDSA failed: %s\n", psa_status_to_humanly_readable(status)); } +#endif #ifdef MULTIPLE_SE puts("Running Examples with secondary SE:");