I started the work from AN12838, which I realize was made for imx parts, but due to similarities in the SEC/CAAM usage, most of the example actually ported just fine to my LSDK-20.12 project.
I've got ECC support added to caampkc driver, to cryptodev-1.10 module, and the modifications to openssl's eng_devcrypto.c file. (the patch provided was for openssl-1.1.1g and we're using 1.1.1k).
It works for P-256 curve! I'm able to generate a black (encrypted) P-256 key, sign a message, and only verify it on the hardware it was generated on - if I take the key anywhere else the signature does not verify. Using judicious printk's I'm also able to verify that all these operations are using the SEC/CAAM like I expect.
When I try the same procedure for the P-384 curve the signature always fails to verify. As far as I can tell the private and public keys are being generated correctly, I printed out the descriptor and it checks out (ECDSEL == 0x2 for P-256 and 0x3 for P-384). The only other difference between the two should be the buffer sizes due to the larger field for P-384, but that seems to be handled correctly by the ec_curve_data_t struct and the l_len and n_len fields.
Is there something I'm missing, or do you have any advice on how to verify that my P-384 keys are actually be generated properly or that my signatures are being generated properly? We have a requirement to use black P-384 keys for this project. Thanks!
