diff --git a/IDE/QNX/CAAM-DRIVER/.cproject b/IDE/QNX/CAAM-DRIVER/.cproject
new file mode 100644
index 000000000..b38dcc000
--- /dev/null
+++ b/IDE/QNX/CAAM-DRIVER/.cproject
@@ -0,0 +1,529 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/IDE/QNX/CAAM-DRIVER/.project b/IDE/QNX/CAAM-DRIVER/.project
new file mode 100644
index 000000000..190891d60
--- /dev/null
+++ b/IDE/QNX/CAAM-DRIVER/.project
@@ -0,0 +1,43 @@
+
+
+ CAAM-DRIVER
+
+
+
+
+
+ org.eclipse.cdt.managedbuilder.core.genmakebuilder
+ clean,full,incremental,
+
+
+
+
+ org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder
+ full,incremental,
+
+
+
+
+
+ org.eclipse.cdt.core.cnature
+ org.eclipse.cdt.managedbuilder.core.managedBuildNature
+ org.eclipse.cdt.managedbuilder.core.ScannerConfigNature
+
+
+
+ src/caam_driver.c
+ 1
+ $%7BPARENT-3-PROJECT_LOC%7D/wolfcrypt/src/port/caam/caam_driver.c
+
+
+ src/caam_error.c
+ 1
+ $%7BPARENT-3-PROJECT_LOC%7D/wolfcrypt/src/port/caam/caam_error.c
+
+
+ src/caam_qnx.c
+ 1
+ $%7BPARENT-3-PROJECT_LOC%7D/wolfcrypt/src/port/caam/caam_qnx.c
+
+
+
diff --git a/IDE/QNX/CAAM-DRIVER/Makefile b/IDE/QNX/CAAM-DRIVER/Makefile
index e483355f0..935a91c76 100644
--- a/IDE/QNX/CAAM-DRIVER/Makefile
+++ b/IDE/QNX/CAAM-DRIVER/Makefile
@@ -1,37 +1,73 @@
ARTIFACT = wolfCrypt
#Build architecture/variant string, possible values: x86, armv7le, etc...
-PLATFORM = armv7le
-OUTPUT_DIR = build
-TARGET = $(ARTIFACT)
+PLATFORM ?= armv7le
+
+#Build profile, possible values: release, debug, profile, coverage
+BUILD_PROFILE ?= debug
+
+CONFIG_NAME ?= $(PLATFORM)-$(BUILD_PROFILE)
+OUTPUT_DIR = build/$(CONFIG_NAME)
+TARGET = $(OUTPUT_DIR)/$(ARTIFACT)
+
+#Compiler definitions
CC ?= qcc -Vgcc_nto$(PLATFORM)
-CXX = qcc -lang-c++ -Vgcc_nto$(PLATFORM)
+CXX ?= q++ -Vgcc_nto$(PLATFORM)_cxx
LD = $(CC)
INCLUDES += -I../../../ -I../../../wolfssl/wolfcrypt/port/caam/
CCFLAGS += -O2 -Wall
# For debugging print outs build with WOLFSSL_CAAM_PRINT defined
-#CCFLAGS += -DWOLFSSL_CAAM_PRINT -O2 -Wall
+# CCFLAGS += -DWOLFSSL_CAAM_PRINT -O2 -Wall
-SRCS = \
- ../../../wolfcrypt/src/port/caam/caam_driver.c \
- ../../../wolfcrypt/src/port/caam/caam_error.c \
- ../../../wolfcrypt/src/port/caam/caam_qnx.c \
+# Setting base address for hardware
+# For IMX6UL devices
+# CCFLAGS += -DWOLFSSL_CAAM_IMX6UL
+
+# For IMX6Q devices
+CCFLAGS += -DWOLFSSL_CAAM_IMX6Q
+
+#Compiler flags for build profiles
+CCFLAGS_release += -O2
+CCFLAGS_debug += -g -O0 -fno-builtin
+CCFLAGS_coverage += -g -O0 -ftest-coverage -fprofile-arcs -nopipe -Wc,-auxbase-strip,$@
+LDFLAGS_coverage += -ftest-coverage -fprofile-arcs
+CCFLAGS_profile += -g -O0 -finstrument-functions
+LIBS_profile += -lprofilingS
+
+#Generic compiler flags (which include build type flags)
+CCFLAGS_all += -Wall -fmessage-length=0
+CCFLAGS_all += $(CCFLAGS_$(BUILD_PROFILE))
+LDFLAGS_all += $(LDFLAGS_$(BUILD_PROFILE))
+LIBS_all += $(LIBS_$(BUILD_PROFILE))
+DEPS = -Wp,-MMD,$(OUTPUT_DIR)/$(notdir $(@:%.o=%.d)),-MT,$(OUTPUT_DIR)/$(notdir $@)
+
+SRCS = ../../../wolfcrypt/src/port/caam/caam_error.c \
+ ../../../wolfcrypt/src/port/caam/caam_driver.c \
+ ../../../wolfcrypt/src/port/caam/caam_qnx.c
+
+#Object files list
OBJS = $(addprefix $(OUTPUT_DIR)/,$(addsuffix .o, $(basename $(SRCS))))
+#Compiling rule
$(OUTPUT_DIR)/%.o: %.c
- @mkdir -p $(dir $@)
- $(CC) -c -o $@ $(INCLUDES) $(CCFLAGS) $<
+ @mkdir -p $(dir $(OUTPUT_DIR)/$(notdir $@))
+ $(CC) -c $(DEPS) -o $(OUTPUT_DIR)/$(notdir $@) $(INCLUDES) $(CCFLAGS_all) $(CCFLAGS) $<
+#Linking rule
$(TARGET):$(OBJS)
- $(LD) -o $(TARGET) $(LDFLAGS) $(OBJS) $(LIBS)
+ $(LD) -o $(TARGET) $(LDFLAGS_all) $(LDFLAGS) $(foreach f, $(OBJS), $(OUTPUT_DIR)/$(notdir $(f))) $(LIBS_all) $(LIBS)
+#Rules section for default compilation and linking
all: $(TARGET)
clean:
- rm -rf $(OUTPUT_DIR) $(ARTIFACT)
+ rm -fr $(OUTPUT_DIR)
rebuild: clean all
+
+#Inclusion of dependencies (object files to source and includes)
+-include $(OBJS:%.o=%.d)
diff --git a/IDE/QNX/README.md b/IDE/QNX/README.md
index 800f54cdc..2d6694c83 100644
--- a/IDE/QNX/README.md
+++ b/IDE/QNX/README.md
@@ -2,6 +2,8 @@
This directory contains;
- A Makefile for creating the QNX CAAM driver located at IDE/QNX/CAAM-DRIVER/Makefile
+- A Makefile for creating wolfSSL library located at IDE/QNX/wolfssl/Makefile
+- A Makefile for creating wolfCrypt unit tests located at IDE/QNX/testwolfcrypt/Makefile
- An example TLS server located at IDE/QNX/example-server/
- An example client located at IDE/QNX/example-client
- An example CMAC use located at IDE/QNX/example-cmac
@@ -15,14 +17,21 @@ source ~/qnx700/qnxsdp-env.sh
make
```
-Once the wolfSSL library has been built cd to IDE/QNX/CAAM-DRIVER and run "make". This will produce the wolfCrypt resource manager. It should be started on the device with root permisions. Once wolfCrypt is running on the device with root permisions then any user with access to open a connection to wolfCrypt can make use of the driver.
+Once the wolfSSL library has been built cd to IDE/QNX/CAAM-DRIVER and run "make". This will produce the wolfCrypt resource manager. It should be started on the device with root permisions. Once wolfCrypt is running on the device with root permisions then any user with access to open a connection to /dev/wolfCrypt can make use of the driver.
+### Momentics
+To build in momentics IDE:
+
+- Switch the workspace to be wolfssl/IDE/QNX/
+- Import the three projects (File->Import->General->Existing Projects into Workspace, in "Select root directory" browse to the directory wolfssl/IDE/QNX/ and select the projects then click "Finish").
+- Build
### Supported Operations By CAAM Driver
- ECC black key creation
- ECC black key sign / verify / ecdh
- Black blob creation and open
-- Red blob creation and open
+- Red/Black blob creation and open
- Cover keys (turn to black key)
- CMAC with and without black keys
- TRNG used by default to seed Hash DRBG
+- AES operations (CTR)
diff --git a/IDE/QNX/include.am b/IDE/QNX/include.am
index 3236ecd5e..16dd7e160 100644
--- a/IDE/QNX/include.am
+++ b/IDE/QNX/include.am
@@ -3,7 +3,18 @@
# All paths should be given relative to the root
EXTRA_DIST+= IDE/QNX/README.md
+EXTRA_DIST+= IDE/QNX/CAAM-DRIVER/.cproject
+EXTRA_DIST+= IDE/QNX/CAAM-DRIVER/.project
EXTRA_DIST+= IDE/QNX/CAAM-DRIVER/Makefile
+EXTRA_DIST+= IDE/QNX/wolfssl/.cproject
+EXTRA_DIST+= IDE/QNX/wolfssl/.project
+EXTRA_DIST+= IDE/QNX/wolfssl/Makefile
+EXTRA_DIST+= IDE/QNX/wolfssl/user_settings.h
+EXTRA_DIST+= IDE/QNX/testwolfcrypt/.cproject
+EXTRA_DIST+= IDE/QNX/testwolfcrypt/.project
+EXTRA_DIST+= IDE/QNX/testwolfcrypt/Makefile
+
+
EXTRA_DIST+= IDE/QNX/example-server/Makefile
EXTRA_DIST+= IDE/QNX/example-server/server-tls.c
EXTRA_DIST+= IDE/QNX/example-client/Makefile
diff --git a/IDE/QNX/testwolfcrypt/.cproject b/IDE/QNX/testwolfcrypt/.cproject
new file mode 100644
index 000000000..e8db38405
--- /dev/null
+++ b/IDE/QNX/testwolfcrypt/.cproject
@@ -0,0 +1,650 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/IDE/QNX/testwolfcrypt/.project b/IDE/QNX/testwolfcrypt/.project
new file mode 100644
index 000000000..544c652ee
--- /dev/null
+++ b/IDE/QNX/testwolfcrypt/.project
@@ -0,0 +1,33 @@
+
+
+ testwolfcrypt
+
+
+
+
+
+ org.eclipse.cdt.managedbuilder.core.genmakebuilder
+ clean,full,incremental,
+
+
+
+
+ org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder
+ full,incremental,
+
+
+
+
+
+ org.eclipse.cdt.core.cnature
+ org.eclipse.cdt.managedbuilder.core.managedBuildNature
+ org.eclipse.cdt.managedbuilder.core.ScannerConfigNature
+
+
+
+ src/test.c
+ 1
+ $%7BPARENT-3-PROJECT_LOC%7D/wolfcrypt/test/test.c
+
+
+
diff --git a/IDE/QNX/testwolfcrypt/Makefile b/IDE/QNX/testwolfcrypt/Makefile
new file mode 100644
index 000000000..0afc45f50
--- /dev/null
+++ b/IDE/QNX/testwolfcrypt/Makefile
@@ -0,0 +1,74 @@
+ARTIFACT = testwolfcrypt
+
+#Build architecture/variant string, possible values: x86, armv7le, etc...
+PLATFORM ?= armv7le
+
+#Build profile, possible values: release, debug, profile, coverage
+BUILD_PROFILE ?= debug
+
+CONFIG_NAME ?= $(PLATFORM)-$(BUILD_PROFILE)
+OUTPUT_DIR = build/$(CONFIG_NAME)
+TARGET = $(OUTPUT_DIR)/$(ARTIFACT)
+
+#Compiler definitions
+
+CC = qcc -Vgcc_nto$(PLATFORM)
+CXX = q++ -Vgcc_nto$(PLATFORM)_cxx
+LD = $(CC)
+
+#User defined include/preprocessor flags and libraries
+
+INCLUDES += -I../wolfssl
+INCLUDES += -I../../..
+
+#LIBS += -L/path/to/my/lib/$(PLATFORM)/usr/lib -lmylib
+LIBS += -L../wolfssl/$(OUTPUT_DIR) -lwolfssl -lm -lsocket
+
+#Compiler flags for build profiles
+CCFLAGS_release += -O2
+CCFLAGS_debug += -g -O0 -fno-builtin
+CCFLAGS_coverage += -g -O0 -ftest-coverage -fprofile-arcs -nopipe -Wc,-auxbase-strip,$@
+LDFLAGS_coverage += -ftest-coverage -fprofile-arcs
+CCFLAGS_profile += -g -O0 -finstrument-functions
+LIBS_profile += -lprofilingS
+
+#Generic compiler flags (which include build type flags)
+CCFLAGS_all += -DWOLFSSL_USER_SETTINGS -Wall -fmessage-length=0
+CCFLAGS_all += $(CCFLAGS_$(BUILD_PROFILE))
+#Shared library has to be compiled with -fPIC
+#CCFLAGS_all += -fPIC
+LDFLAGS_all += $(LDFLAGS_$(BUILD_PROFILE))
+LIBS_all += $(LIBS_$(BUILD_PROFILE))
+DEPS = -Wp,-MMD,$(OUTPUT_DIR)/$(notdir $(@:%.o=%.d)),-MT,$(OUTPUT_DIR)/$(notdir $@)
+
+#Macro to expand files recursively: parameters $1 - directory, $2 - extension, i.e. cpp
+rwildcard = $(wildcard $(addprefix $1/*.,$2)) $(foreach d,$(wildcard $1/*),$(call rwildcard,$d,$2))
+
+#Source list
+SRCS = $(call rwildcard, src, c)
+SRCS += ../../../wolfcrypt/test/test.c
+
+#Object files list
+OBJS = $(addprefix $(OUTPUT_DIR)/,$(addsuffix .o, $(basename $(SRCS))))
+
+#Compiling rule
+$(OUTPUT_DIR)/%.o: %.c
+ @mkdir -p $(dir $(OUTPUT_DIR)/$(notdir $@))
+ $(CC) -c $(DEPS) -o $(OUTPUT_DIR)/$(notdir $@) $(INCLUDES) $(CCFLAGS_all) $(CCFLAGS) $<
+
+
+#Linking rule
+$(TARGET):$(OBJS)
+ $(LD) -o $(TARGET) $(LDFLAGS_all) $(LDFLAGS) $(foreach f, $(OBJS), $(OUTPUT_DIR)/$(notdir $(f))) $(LIBS_all) $(LIBS)
+
+
+#Rules section for default compilation and linking
+all: $(TARGET)
+
+clean:
+ rm -fr $(OUTPUT_DIR)
+
+rebuild: clean all
+
+#Inclusion of dependencies (object files to source and includes)
+-include $(OBJS:%.o=%.d)
diff --git a/IDE/QNX/wolfssl/.cproject b/IDE/QNX/wolfssl/.cproject
new file mode 100644
index 000000000..9d624640e
--- /dev/null
+++ b/IDE/QNX/wolfssl/.cproject
@@ -0,0 +1,687 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/IDE/QNX/wolfssl/.project b/IDE/QNX/wolfssl/.project
new file mode 100644
index 000000000..04225c075
--- /dev/null
+++ b/IDE/QNX/wolfssl/.project
@@ -0,0 +1,38 @@
+
+
+ wolfssl
+
+
+
+
+
+ org.eclipse.cdt.managedbuilder.core.genmakebuilder
+ clean,full,incremental,
+
+
+
+
+ org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder
+ full,incremental,
+
+
+
+
+
+ org.eclipse.cdt.core.cnature
+ org.eclipse.cdt.managedbuilder.core.managedBuildNature
+ org.eclipse.cdt.managedbuilder.core.ScannerConfigNature
+
+
+
+ src/src
+ 2
+ $%7BPARENT-3-PROJECT_LOC%7D/src
+
+
+ src/wolfcrypt
+ 2
+ $%7BPARENT-3-PROJECT_LOC%7D/wolfcrypt/src
+
+
+
diff --git a/IDE/QNX/wolfssl/Makefile b/IDE/QNX/wolfssl/Makefile
new file mode 100644
index 000000000..b104d6917
--- /dev/null
+++ b/IDE/QNX/wolfssl/Makefile
@@ -0,0 +1,74 @@
+ARTIFACT = libwolfssl.so
+
+#Build architecture/variant string, possible values: x86, armv7le, etc...
+PLATFORM ?= armv7le
+
+#Build profile, possible values: release, debug, profile, coverage
+BUILD_PROFILE ?= debug
+
+CONFIG_NAME ?= $(PLATFORM)-$(BUILD_PROFILE)
+OUTPUT_DIR = build/$(CONFIG_NAME)
+TARGET = $(OUTPUT_DIR)/$(ARTIFACT)
+
+#Compiler definitions
+
+CC = qcc -Vgcc_nto$(PLATFORM)
+CXX = q++ -Vgcc_nto$(PLATFORM)_cxx
+LD = $(CC)
+
+#User defined include/preprocessor flags and libraries
+
+INCLUDES += -I../../..
+INCLUDES += -I./
+
+#Compiler flags for build profiles
+CCFLAGS_release += -O2
+CCFLAGS_debug += -g -O0 -fno-builtin
+CCFLAGS_coverage += -g -O0 -ftest-coverage -fprofile-arcs -nopipe -Wc,-auxbase-strip,$@
+LDFLAGS_coverage += -ftest-coverage -fprofile-arcs
+CCFLAGS_profile += -g -O0 -finstrument-functions
+LIBS_profile += -lprofilingS
+
+#Generic compiler flags (which include build type flags)
+CCFLAGS_all += -DWOLFSSL_USER_SETTINGS -Wall -fmessage-length=0
+CCFLAGS_all += $(CCFLAGS_$(BUILD_PROFILE))
+#Shared library has to be compiled with -fPIC
+CCFLAGS_all += -fPIC
+LDFLAGS_all += $(LDFLAGS_$(BUILD_PROFILE))
+LIBS_all += $(LIBS_$(BUILD_PROFILE))
+DEPS = -Wp,-MMD,$(OUTPUT_DIR)/$(notdir $(@:%.o=%.d)),-MT,$(OUTPUT_DIR)/$(notdir $@)
+
+#Macro to expand files recursively: parameters $1 - directory, $2 - extension, i.e. cpp
+rwildcard = $(wildcard $(addprefix $1/*.,$2)) $(foreach d,$(wildcard $1/*),$(call rwildcard,$d,$2))
+
+#Source list
+SRCS = $(call rwildcard, src, c)
+SRCS += $(call rwildcard, ../../../src, c)
+SRCS += $(wildcard $(addprefix ../../../wolfcrypt/src/*.,c))
+SRCS += $(wildcard $(addprefix ../../../wolfcrypt/src/port/caam/wolfcaam_*.,c))
+
+
+#Object files list
+OBJS = $(addprefix $(OUTPUT_DIR)/,$(addsuffix .o, $(basename $(SRCS))))
+
+#Compiling rule
+$(OUTPUT_DIR)/%.o: %.c
+ @mkdir -p $(dir $(OUTPUT_DIR)/$(notdir $@))
+ $(CC) -c $(DEPS) -o $(OUTPUT_DIR)/$(notdir $@) $(INCLUDES) $(CCFLAGS_all) $(CCFLAGS) $<
+
+
+#Linking rule
+$(TARGET):$(OBJS)
+ $(LD) -shared -o $(TARGET) $(LDFLAGS_all) $(LDFLAGS) $(foreach f, $(OBJS), $(OUTPUT_DIR)/$(notdir $(f))) $(LIBS_all) $(LIBS)
+
+
+#Rules section for default compilation and linking
+all: $(TARGET)
+
+clean:
+ rm -fr $(OUTPUT_DIR)
+
+rebuild: clean all
+
+#Inclusion of dependencies (object files to source and includes)
+-include $(OBJS:%.o=%.d)
diff --git a/IDE/QNX/wolfssl/user_settings.h b/IDE/QNX/wolfssl/user_settings.h
new file mode 100644
index 000000000..3814ecb87
--- /dev/null
+++ b/IDE/QNX/wolfssl/user_settings.h
@@ -0,0 +1,137 @@
+#ifndef USER_SETTINGS_H
+#define USER_SETTINGS_H
+
+#undef WOLFSSL_SP
+#define WOLFSSL_SP
+
+#undef WOLFSSL_SP_MATH_ALL
+#define WOLFSSL_SP_MATH_ALL
+
+#undef WOLFSSL_SP_ARM32
+#define WOLFSSL_SP_ARM32
+
+#undef ECC_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+
+#undef WC_RSA_BLINDING
+#define WC_RSA_BLINDING
+
+#define SIZE_OF_LONG_LONG 8
+
+#define NO_MAIN_DRIVER
+#define NO_FILESYSTEM
+
+/* Build CAAM support */
+#undef WOLFSSL_CAAM
+#define WOLFSSL_CAAM
+
+#undef WOLFSSL_QNX_CAAM
+#define WOLFSSL_QNX_CAAM
+
+#undef WOLFSSL_IMX6Q_CAAM
+#define WOLFSSL_IMX6Q_CAAM
+
+#undef WOLFSSL_USE_ALIGN
+#define WOLFSSL_USE_ALIGN
+
+/* Algorithms Enabled */
+#undef HAVE_AESCCM
+#define HAVE_AESCCM
+
+#undef WOLFSSL_SHA512
+#define WOLFSSL_SHA512
+
+#undef WOLFSSL_SHA384
+#define WOLFSSL_SHA384
+
+#undef HAVE_HKDF
+#define HAVE_HKDF
+
+#undef NO_DSA
+#define NO_DSA
+
+#undef HAVE_ECC
+#define HAVE_ECC
+
+#undef NO_RC4
+#define NO_RC4
+
+#undef NO_PSK
+#define NO_PSK
+
+#undef NO_MD4
+#define NO_MD4
+
+#undef TFM_ECC256
+#define TFM_ECC256
+
+#undef ECC_SHAMIR
+#define ECC_SHAMIR
+
+#undef WC_RSA_PSS
+#define WC_RSA_PSS
+
+#undef WOLFSSL_PSS_LONG_SALT
+#define WOLFSSL_PSS_LONG_SALT
+
+#undef WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_ASN_TEMPLATE
+
+#undef WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE128
+
+#undef WOLFSSL_NO_SHAKE256
+#define WOLFSSL_NO_SHAKE256
+
+#undef HAVE_POLY1305
+#define HAVE_POLY1305
+
+#undef HAVE_CHACHA
+#define HAVE_CHACHA
+
+#undef HAVE_HASHDRBG
+#define HAVE_HASHDRBG
+
+#undef NO_FILESYSTEM
+#define NO_FILESYSTEM
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef HAVE_FFDHE_2048
+#define HAVE_FFDHE_2048
+
+#undef HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef WC_NO_ASYNC_THREADING
+#define WC_NO_ASYNC_THREADING
+
+#undef WOLF_CRYPTO_CB
+#define WOLF_CRYPTO_CB
+
+#undef HAVE_DH_DEFAULT_PARAMS
+#define HAVE_DH_DEFAULT_PARAMS
+
+#undef WOLFSSL_AES_COUNTER
+#define WOLFSSL_AES_COUNTER
+
+#undef WOLFSSL_AES_DIRECT
+#define WOLFSSL_AES_DIRECT
+
+#undef NO_DES3
+#define NO_DES3
+
+#undef GCM_TABLE_4BIT
+#define GCM_TABLE_4BIT
+
+#undef HAVE_AESGCM
+#define HAVE_AESGCM
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#endif
diff --git a/configure.ac b/configure.ac
index 07fd99368..10f3bcd78 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2344,35 +2344,40 @@ AC_ARG_ENABLE([caam],
[ ENABLED_CAAM=$enableval ],
[ ENABLED_CAAM=no ]
)
-if test "$ENABLED_CAAM" = "yes"
-then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM -DWOLFSSL_IMX6_CAAM"
-fi
-if test "$ENABLED_CAAM" = "qnx"
+if test "$ENABLED_CAAM" != "no"
then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM -DWOLFSSL_IMX6_CAAM -DWOLFSSL_QNX_CAAM"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_ECC"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_CMAC"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_CIPHER"
-fi
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM"
-if test "$ENABLED_CAAM" = "seco"
-then
- SECO_DIR=$trylibsecodir
- AM_CPPFLAGS="$AM_CPPFLAGS -I$SECO_DIR/include"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM -DWOLFSSL_SECO_CAAM -DWOLFSSL_HASH_KEEP"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_ECC"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_CMAC"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_CIPHER"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_HMAC"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_HASH"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_CURVE25519"
+ for v in `echo $ENABLED_CAAM | tr "," " "`
+ do
+ case $v in
+ qnx)
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_QNX_CAAM"
+ ENABLED_CAAM_QNX="yes"
+ ;;
- AC_CHECK_LIB([hsm_lib],[hsm_open_session])
- AC_CHECK_LIB([seco_nvm_manager],[seco_nvm_manager])
- LIB_STATIC_ADD="$LIB_STATIC_ADD $SECO_DIR/lib/hsm_lib.a $SECO_DIR/lib/seco_nvm_manager.a"
- LIB_ADD="$LIB_ADD -lz"
+ imx6q)
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IMX6Q_CAAM"
+ ;;
+
+ imx6ul)
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IMX6UL_CAAM"
+ ;;
+
+ seco)
+ SECO_DIR=$trylibsecodir
+ AM_CPPFLAGS="$AM_CPPFLAGS -I$SECO_DIR/include"
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM -DWOLFSSL_SECO_CAAM"
+
+ AC_CHECK_LIB([hsm_lib],[hsm_open_session])
+ AC_CHECK_LIB([seco_nvm_manager],[seco_nvm_manager])
+ LIB_STATIC_ADD="$LIB_STATIC_ADD $SECO_DIR/lib/hsm_lib.a $SECO_DIR/lib/seco_nvm_manager.a"
+ LIB_ADD="$LIB_ADD -lz"
+ ;;
+
+ esac
+ done
fi
# INTEL AES-NI
@@ -7369,7 +7374,7 @@ AC_ARG_ENABLE([cryptocb],
[ ENABLED_CRYPTOCB=no ]
)
-if test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_WOLFTPM" = "xyes" || test "$ENABLED_CAAM" = "qnx" || test "$ENABLED_CAAM" = "seco"
+if test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_WOLFTPM" = "xyes" || test "$ENABLED_CAAM" != "no"
then
ENABLED_CRYPTOCB=yes
fi
@@ -8512,12 +8517,12 @@ AM_CONDITIONAL([BUILD_DES3],[test "x$ENABLED_DES3" = "xyes" || test "x$ENABLED_U
AM_CONDITIONAL([BUILD_PKCS7],[test "x$ENABLED_PKCS7" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SMIME],[test "x$ENABLED_SMIME" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_HASHFLAGS],[test "x$ENABLED_HASHFLAGS" = "xyes"])
-AM_CONDITIONAL([BUILD_CAAM],[test "x$ENABLED_CAAM" = "xyes" || test "x$ENABLED_CAAM" = "xqnx" || test "x$ENABLED_CAAM" = "xseco"])
AM_CONDITIONAL([BUILD_LINUXKM],[test "$ENABLED_LINUXKM" = "yes"])
AM_CONDITIONAL([BUILD_NO_LIBRARY],[test "$ENABLED_NO_LIBRARY" = "yes"])
AM_CONDITIONAL([BUILD_BENCHMARK],[test "$ENABLED_BENCHMARK" = "yes"])
AM_CONDITIONAL([BUILD_RC2],[test "x$ENABLED_RC2" = "xyes"])
-AM_CONDITIONAL([BUILD_QNXCAAM],[test "x$ENABLED_CAAM" = "xqnx"])
+AM_CONDITIONAL([BUILD_CAAM],[test "x$ENABLED_CAAM" != "xno"])
+AM_CONDITIONAL([BUILD_QNXCAAM],[test "x$ENABLED_CAAM_QNX" = "xyes"])
AM_CONDITIONAL([BUILD_IOTSAFE],[test "x$ENABLED_IOTSAFE" = "xyes"])
AM_CONDITIONAL([BUILD_IOTSAFE_HWRNG],[test "x$ENABLED_IOTSAFE_HWRNG" = "xyes"])
AM_CONDITIONAL([BUILD_SE050],[test "x$ENABLED_SE050" = "xyes"])
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 0b31777b2..c1a602f77 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -1799,10 +1799,16 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
#ifdef HAVE_GET_CYCLES
printf("\n\nSymmetric Ciphers:\n\n");
printf("Algorithm,"
+ #ifdef BENCH_DEVID
+ "HW/SW,"
+ #endif
WOLFSSL_FIXED_UNITS_PER_SEC ",Cycles per byte,\n");
#else
printf("\n\nSymmetric Ciphers:\n\n");
printf("Algorithm,"
+ #ifdef BENCH_DEVID
+ "HW/SW,"
+ #endif
WOLFSSL_FIXED_UNITS_PER_SEC ", \n");
#endif
#endif
@@ -1857,10 +1863,13 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
bytes_processed, total, persec, total_cycles);
#else
(void)XSNPRINTF(msg, sizeof(msg), "sym,%s,%s,%lu,%f,%f,", desc,
- BENCH_ASYNC_GET_NAME(useDeviceID),
+ BENCH_DEVID_GET_NAME(useDeviceID),
bytes_processed, total, persec);
#endif
#endif
+#elif defined(BENCH_DEVID)
+ (void)XSNPRINTF(msg, sizeof(msg), "%s,%s,%f,", desc,
+ BENCH_DEVID_GET_NAME(useDeviceID), persec);
#else
(void)XSNPRINTF(msg, sizeof(msg), "%s,%f,", desc, persec);
#endif
@@ -1887,7 +1896,7 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
(void)XSNPRINTF(msg, sizeof(msg),
"%-24s%s %5.0f %s %s %5.3f %s, %8.3f %s/s"
",",
- desc, BENCH_ASYNC_GET_NAME(useDeviceID), blocks, blockType,
+ desc, BENCH_DEVID_GET_NAME(useDeviceID), blocks, blockType,
word[0], total, word[1], persec, blockType);
#endif /* HAVE_GET_CYCLES */
#else
@@ -2027,7 +2036,7 @@ static void bench_stats_asym_finish_ex(const char* algo, int strength,
(void)XSNPRINTF(msg, sizeof(msg),
"%-6s %5d %8s%-2s %s %6d %s %5.3f %s, %s %5.3f ms,"
" %.3f %s\n", algo, strength, desc,
- desc_extra, BENCH_ASYNC_GET_NAME(useDeviceID),
+ desc_extra, BENCH_DEVID_GET_NAME(useDeviceID),
count, word[0], total, word[1], word[2], milliEach,
opsSec, word[3]);
#endif /* HAVE_GET_CYCLES */
@@ -2252,8 +2261,12 @@ static void* benchmarks_do(void* args)
bench_aesofb();
#endif
#ifdef WOLFSSL_AES_COUNTER
- if (bench_all || (bench_cipher_algs & BENCH_AES_CTR))
- bench_aesctr();
+ if (bench_all || (bench_cipher_algs & BENCH_AES_CTR)) {
+ bench_aesctr(0);
+ #ifdef BENCH_DEVID
+ bench_aesctr(1);
+ #endif
+ }
#endif
#ifdef HAVE_AESCCM
if (bench_all || (bench_cipher_algs & BENCH_AES_CCM)) {
@@ -3903,12 +3916,18 @@ void bench_aesxts(void)
#ifdef WOLFSSL_AES_COUNTER
static void bench_aesctr_internal(const byte* key, word32 keySz,
- const byte* iv, const char* label)
+ const byte* iv, const char* label,
+ int useDeviceID)
{
Aes enc;
double start;
int i, count, ret = 0;
+ if ((ret = wc_AesInit(&enc, HEAP_HINT,
+ useDeviceID ? devId : INVALID_DEVID)) != 0) {
+ printf("wc_AesInit failed, ret = %d\n", ret);
+ }
+
wc_AesSetKeyDirect(&enc, key, keySz, iv, AES_ENCRYPTION);
bench_stats_start(&count, &start);
@@ -3922,19 +3941,21 @@ static void bench_aesctr_internal(const byte* key, word32 keySz,
}
count += i;
} while (bench_stats_check(start));
- bench_stats_sym_finish(label, 0, count, bench_size, start, ret);
+ bench_stats_sym_finish(label, useDeviceID, count, bench_size, start, ret);
+
+ wc_AesFree(&enc);
}
-void bench_aesctr(void)
+void bench_aesctr(int useDeviceID)
{
#ifdef WOLFSSL_AES_128
- bench_aesctr_internal(bench_key, 16, bench_iv, "AES-128-CTR");
+ bench_aesctr_internal(bench_key, 16, bench_iv, "AES-128-CTR", useDeviceID);
#endif
#ifdef WOLFSSL_AES_192
- bench_aesctr_internal(bench_key, 24, bench_iv, "AES-192-CTR");
+ bench_aesctr_internal(bench_key, 24, bench_iv, "AES-192-CTR", useDeviceID);
#endif
#ifdef WOLFSSL_AES_256
- bench_aesctr_internal(bench_key, 32, bench_iv, "AES-256-CTR");
+ bench_aesctr_internal(bench_key, 32, bench_iv, "AES-256-CTR", useDeviceID);
#endif
}
#endif /* WOLFSSL_AES_COUNTER */
@@ -5873,7 +5894,7 @@ static void bench_cmac_helper(int keySz, const char* outMsg, int useDeviceID)
}
count += i;
} while (bench_stats_check(start));
- bench_stats_sym_finish(outMsg, 0, count, bench_size, start, ret);
+ bench_stats_sym_finish(outMsg, useDeviceID, count, bench_size, start, ret);
}
void bench_cmac(int useDeviceID)
diff --git a/wolfcrypt/benchmark/benchmark.h b/wolfcrypt/benchmark/benchmark.h
index 1e859e1be..3cc6aa8d5 100644
--- a/wolfcrypt/benchmark/benchmark.h
+++ b/wolfcrypt/benchmark/benchmark.h
@@ -55,7 +55,7 @@ void bench_gmac(void);
void bench_aesccm(int useDeviceID);
void bench_aesecb(int useDeviceID);
void bench_aesxts(void);
-void bench_aesctr(void);
+void bench_aesctr(int useDeviceID);
void bench_aescfb(void);
void bench_aesofb(void);
void bench_aessiv(void);
diff --git a/wolfcrypt/src/port/caam/caam_driver.c b/wolfcrypt/src/port/caam/caam_driver.c
index b78cbdf81..dfdc3e993 100644
--- a/wolfcrypt/src/port/caam/caam_driver.c
+++ b/wolfcrypt/src/port/caam/caam_driver.c
@@ -571,6 +571,8 @@ Error caamAddJob(DESCSTRUCT* desc)
pt = (unsigned int*)caam.ring.VirtualDesc;
#if defined(WOLFSSL_CAAM_PRINT)
+ printf("Number of input ring slots available is %d\n",
+ CAAM_READ(baseAddr + CAAM_IRSAR_JR));
printf("Doing Job :\n");
#endif
for (i = 0; i < desc->idx; i = i + 1) {
@@ -606,11 +608,6 @@ Error caamAddJob(DESCSTRUCT* desc)
#endif
}
else {
- #if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
- printf("SLOT = 0x%08X, IRJAR0 = 0x%08X\n", CAAM_READ(baseAddr + 0x0014),
- CAAM_READ(baseAddr + CAAM_IRJAR0));
- printf("Number of job in done queue = 0x%08X\n", CAAM_READ(baseAddr+ 0x103C));
- #endif
CAAM_UNLOCK_MUTEX(&caam.ring.jr_lock);
return CAAM_WAITING;
}
@@ -1758,8 +1755,10 @@ static int SetupJobRing(struct JobRing* r)
memset(r->VirtualDesc, 0, CAAM_DESC_MAX * CAAM_JOBRING_SIZE);
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
- printf("Setting JOB IN 0x%08X\n", (unsigned int)caam.ring.JobIn);
- printf("Setting JOB OUT 0x%08X\n", (unsigned int)caam.ring.JobOut);
+ printf("Setting JOB IN address 0x%08X, size %d\n",
+ (unsigned int)caam.ring.JobIn, CAAM_JOBRING_SIZE);
+ printf("Setting JOB OUT address 0x%08X, size %d\n",
+ (unsigned int)caam.ring.JobOut, CAAM_JOBRING_SIZE);
printf("Setting DESC 0x%08X\n", (unsigned int)caam.ring.Desc);
#endif
@@ -1776,6 +1775,10 @@ static int SetupJobRing(struct JobRing* r)
(CAAM_READ(r->BaseAddr + JRINTR_JR) != 0)) {
unsigned int reg;
+ #if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
+ printf("Job ring is busy, trying to flush it\n");
+ #endif
+
/* JRCR job ring command register */
CAAM_WRITE(r->BaseAddr + JRCR_JR, 0x2); /* park it */
CAAM_WRITE(r->BaseAddr + JRCR_JR, 0x1); /* flush it */
@@ -1796,28 +1799,52 @@ int InitCAAM(void)
Error ret;
/* map to memory addresses needed for accessing CAAM */
+#if defined(WOLFSSL_CAAM_PRINT)
+ printf("Using CAAM_BASE 0x%04X\n", CAAM_BASE);
+#endif
ret = CAAM_SET_BASEADDR(&caam.baseAddr);
if (ret != 0) {
return ret;
}
+#if defined(WOLFSSL_CAAM_PRINT)
+ printf("Using base address : 0x%04X\n", caam.baseAddr);
+#endif
ret = SetupJobRing(&caam.ring);
if (ret != 0) {
WOLFSSL_MSG("Error initializing job ring");
INTERRUPT_Panic();
return ret;
}
+#if defined(WOLFSSL_CAAM_PRINT)
+ printf("Using base ring address : 0x%04X\n", caam.ring.BaseAddr);
+#endif
/* get CHA era */
caam.vrs = CAAM_READ(caam.ring.BaseAddr + CAAM_CHA_CCBVID) >> 24;
- #if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
- printf("CAAM version = %04X\n",
- CAAM_READ(caam.ring.BaseAddr + CAAM_VERSION_MS) & 0xFFFF);
- printf("CAAM era = %d\n", caam.vrs);
- printf("RNG revision number = %08X\n",
- CAAM_READ(caam.ring.BaseAddr + CAAM_CRNR_LS));
- printSecureMemoryInfo();
- #endif
+#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
+ printf("CAAM version = %04X\n",
+ CAAM_READ(caam.ring.BaseAddr + CAAM_VERSION_MS) & 0xFFFF);
+ printf("CAAM era = %d\n", caam.vrs);
+ printf("RNG revision number = %08X\n",
+ CAAM_READ(caam.ring.BaseAddr + CAAM_CRNR_LS));
+ printSecureMemoryInfo();
+
+ /* Check if CAAM supports AES-GCM */
+ {
+ unsigned int chaVerLS =
+ CAAM_READ(caam.ring.BaseAddr + CAAM_CHA_VERSION_LS);
+ printf("\nCHA support\n");
+ printf("CHA Version LS = %04X\n", chaVerLS);
+ if (!(chaVerLS & CAAM_AES_HIGH_PERFORMANCE)) {
+ printf("High Performance AES module not supported, NO AES-GCM/XTS\n");
+ }
+ if (chaVerLS & CAAM_AES_LOW_POWER) {
+ printf("Low Power AES module found\n");
+ }
+ printf("\n");
+ }
+#endif
/* when on i.MX8 with SECO the SECO has control of this */
if (caam.vrs < 9) {
diff --git a/wolfcrypt/src/port/caam/caam_qnx.c b/wolfcrypt/src/port/caam/caam_qnx.c
index 3ce8e74bc..f2c73fa43 100644
--- a/wolfcrypt/src/port/caam/caam_qnx.c
+++ b/wolfcrypt/src/port/caam/caam_qnx.c
@@ -93,8 +93,8 @@ int CAAM_SET_BASEADDR(CAAM_ADDRESS* baseAddr)
void* vaddr;
/* address range for CAAM is CAAM_BASE plus 0x10000 */
- vaddr = mmap_device_io(0x0000FFFF, CAAM_BASE);
- if (vaddr == (uintptr_t)MAP_FAILED) {
+ vaddr = (void*)mmap_device_io(0x0000FFFF, CAAM_BASE);
+ if (vaddr == MAP_FAILED) {
WOLFSSL_MSG("Unable to map virtual memory");
return -1;
}
@@ -575,13 +575,15 @@ static int doAEAD(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
{
int ret = EOK, i = 0;
DESCSTRUCT desc;
- CAAM_BUFFER tmp[6] = {0};
+ CAAM_BUFFER tmp[6];
iov_t in_iovs[6], out_iovs[2];
int inIdx = 0, outIdx = 0, algo;
unsigned char *key = NULL, *iv = NULL, *in = NULL, *out = NULL, *aad = NULL,
*tag = NULL;
int keySz, ivSz = 0, inSz, outSz, aadSz = 0, tagSz = 0;
+ memset(tmp, 0, sizeof(tmp));
+
/* get key info */
keySz = args[1] & 0xFFFF; /* key size */
key = (unsigned char*)CAAM_ADR_MAP(0, keySz, 0);
@@ -737,13 +739,15 @@ static int doAES(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
{
int ret = EOK, i = 0;
DESCSTRUCT desc;
- CAAM_BUFFER tmp[6] = {0};
+ CAAM_BUFFER tmp[6];
iov_t in_iovs[6], out_iovs[2];
int inIdx = 0, outIdx = 0;
int algo;
unsigned char *key = NULL, *iv = NULL, *in = NULL, *out = NULL;
int keySz, ivSz = 0, inSz, outSz;
+ memset(tmp, 0, sizeof(tmp));
+
/* get key info */
keySz = args[1] & 0xFFFF; /* key size */
key = (unsigned char*)CAAM_ADR_MAP(0, keySz, 0);
diff --git a/wolfcrypt/src/port/caam/wolfcaam_aes.c b/wolfcrypt/src/port/caam/wolfcaam_aes.c
index 9f58a54bc..73b82426d 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_aes.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_aes.c
@@ -39,6 +39,8 @@
#include
#endif
+#if (defined(HAVE_AESGCM) && defined(WOLFSSL_CAAM_AESGCM)) || \
+ defined(HAVE_AESCCM)
/* return 0 on success */
static int wc_CAAM_AesAeadCommon(Aes* aes, const byte* in, byte* out, word32 sz,
const byte* nonce, word32 nonceSz, byte* authTag, word32 authTagSz,
@@ -89,8 +91,9 @@ static int wc_CAAM_AesAeadCommon(Aes* aes, const byte* in, byte* out, word32 sz,
/* authInSz must fit into a short (note that only 16 bits are ava in CAAM
* for AAD size anyway) */
- arg[0] = ((authInSz & 0xFFFF) << 16) | dir;
- arg[1] = ((nonceSz & 0xFF) << 24) | ((authTagSz & 0xFF) << 16) | keySz;
+ arg[0] = ((authInSz & 0xFFFF) << 16) | (dir & 0xFFFF);
+ arg[1] = ((nonceSz & 0xFF) << 24) | ((authTagSz & 0xFF) << 16) |
+ (keySz & 0xFFFF);
arg[2] = sz;
arg[3] = aes->blackKey;
@@ -101,6 +104,7 @@ static int wc_CAAM_AesAeadCommon(Aes* aes, const byte* in, byte* out, word32 sz,
return 0;
}
+#endif /* HAVE_AESGCM || HAVE_AESCCM */
#if defined(HAVE_AESCCM)
@@ -227,6 +231,7 @@ int wc_CAAM_AesCcmDecrypt(Aes* aes, const byte* in, byte* out, word32 sz,
#endif /* HAVE_AESCCM */
+#if defined(HAVE_AESGCM) && defined(WOLFSSL_CAAM_AESGCM)
int wc_CAAM_AesGcmEncrypt(Aes* aes, const byte* in, byte* out, word32 sz,
const byte* nonce, word32 nonceSz, byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
@@ -243,6 +248,7 @@ int wc_CAAM_AesGcmDecrypt(Aes* aes, const byte* in, byte* out, word32 sz,
return wc_CAAM_AesAeadCommon(aes, in, out, sz, nonce, nonceSz,
(byte*)authTag, authTagSz, authIn, authInSz, CAAM_DEC, CAAM_AESGCM);
}
+#endif
static int wc_CAAM_AesCbcCtrCommon(Aes* aes, byte* out, const byte* in,
diff --git a/wolfcrypt/src/port/caam/wolfcaam_cmac.c b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
index a06cad297..4ce439941 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_cmac.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
@@ -25,7 +25,7 @@
#include
-#if defined(WOLFSSL_CAAM) && defined(WOLFSSL_CMAC)
+#if defined(WOLFSSL_CAAM) && defined(WOLFSSL_CMAC) && defined(WOLFSSL_CAAM_CMAC)
#include
#include
@@ -93,7 +93,13 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
/* first take care of any left overs */
if (cmac->bufferSz > 0) {
- word32 add = min(sz, AES_BLOCK_SIZE - cmac->bufferSz);
+ word32 add;
+
+ if (cmac->bufferSz > AES_BLOCK_SIZE) {
+ WOLFSSL_MSG("Error with CMAC buffer size");
+ return -1;
+ }
+ add = min(sz, (int)(AES_BLOCK_SIZE - cmac->bufferSz));
XMEMCPY(&cmac->buffer[cmac->bufferSz], pt, add);
cmac->bufferSz += add;
diff --git a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
index d6548176e..bf063e780 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
@@ -25,7 +25,7 @@
#include
-#if defined(WOLFSSL_CAAM) && defined(HAVE_ECC)
+#if defined(WOLFSSL_CAAM) && defined(HAVE_ECC) && defined(WOLFSSL_CAAM_ECC)
#include
#include
@@ -286,7 +286,7 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
{
const ecc_set_type* dp;
word32 args[4] = {0};
- CAAM_BUFFER buf[9] = {0};
+ CAAM_BUFFER buf[9];
int ret, keySz;
word32 ecdsel = 0;
byte r[MAX_ECC_BYTES] = {0};
@@ -402,7 +402,7 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash,
{
const ecc_set_type* dp;
word32 args[4] = {0};
- CAAM_BUFFER buf[9] = {0};
+ CAAM_BUFFER buf[9];
int ret;
int keySz;
word32 idx = 0;
@@ -528,7 +528,7 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
{
const ecc_set_type* dp;
word32 args[4] = {0};
- CAAM_BUFFER buf[9] = {0};
+ CAAM_BUFFER buf[9];
int ret, keySz;
word32 ecdsel = 0; /* ecc parameters in hardware */
word32 idx = 0;
diff --git a/wolfcrypt/src/port/caam/wolfcaam_hash.c b/wolfcrypt/src/port/caam/wolfcaam_hash.c
index 8b3c99ba1..d3155468f 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_hash.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_hash.c
@@ -66,60 +66,29 @@
****************************************************************************/
#ifndef WOLFSSL_HASH_KEEP
-static int _InitSha(byte* ctx, word32 ctxSz, void* heap, int devId,
- word32 type)
-{
- CAAM_BUFFER buf[1];
- word32 arg[4];
- int ret, idx = 0;
-
- /* Set buffer for context */
- buf[idx].BufferType = DataBuffer | LastBuffer;
- buf[idx].TheAddress = (CAAM_ADDRESS)ctx;
- buf[idx].Length = ctxSz + WC_CAAM_CTXLEN;
-#if defined(__INTEGRITY) || defined(INTEGRITY)
- buf[idx].Transferred = 0;
-#endif
- idx++;
-
- arg[0] = CAAM_ALG_INIT;
- arg[1] = ctxSz + WC_CAAM_CTXLEN;
- arg[2] = (word32)devId;
-
- if ((ret = wc_caamAddAndWait(buf, idx, arg, type)) != 0) {
- WOLFSSL_MSG("Error with CAAM SHA init");
- return ret;
- }
-
- return 0;
-}
-
-
-static int _ShaUpdate(wc_Sha* sha, const byte* data, word32 len, word32 digestSz,
- word32 type)
+static int _ShaUpdate(byte* buffer, word32* buffLen, const byte* ctx,
+ const byte* data, word32 len, word32 digestSz, word32 type)
{
CAAM_BUFFER buf[2];
word32 arg[4];
- int ret, idx = 0;
- byte* local;
+ int ret;
- if (sha == NULL ||(data == NULL && len > 0)) {
+ if (buffer == NULL || ctx == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
if (len == 0) return 0; /* nothing to do */
- local = (byte*)sha->buffer;
/* check for filling out existing buffer */
- if (sha->buffLen > 0) {
- word32 add = min(len, WC_CAAM_HASH_BLOCK - sha->buffLen);
- XMEMCPY(&local[sha->buffLen], data, add);
+ if (*buffLen > 0) {
+ word32 add = min(len, WC_CAAM_HASH_BLOCK - *buffLen);
+ XMEMCPY(&buffer[*buffLen], data, add);
- sha->buffLen += add;
+ *buffLen += add;
data += add;
len -= add;
- if (sha->buffLen == WC_CAAM_HASH_BLOCK) {
+ if (*buffLen == WC_CAAM_HASH_BLOCK) {
/* Set buffer for context */
buf[idx].BufferType = DataBuffer;
buf[idx].TheAddress = (CAAM_ADDRESS)sha->ctx;
@@ -132,7 +101,7 @@ static int _ShaUpdate(wc_Sha* sha, const byte* data, word32 len, word32 digestSz
/* data to update with */
buf[idx].BufferType = DataBuffer | LastBuffer;
buf[idx].TheAddress = (CAAM_ADDRESS)sha->buffer;
- buf[idx].Length = sha->buffLen;
+ buf[idx].Length = *buffLen;
#if defined(__INTEGRITY) || defined(INTEGRITY)
buf[idx].Transferred = 0;
#endif
@@ -145,7 +114,7 @@ static int _ShaUpdate(wc_Sha* sha, const byte* data, word32 len, word32 digestSz
WOLFSSL_MSG("Error with CAAM SHA update");
return ret;
}
- sha->buffLen = 0; /* cleared out buffer */
+ *buffLen = 0; /* cleared out buffer */
}
}
@@ -187,9 +156,9 @@ static int _ShaUpdate(wc_Sha* sha, const byte* data, word32 len, word32 digestSz
/* check for left overs */
if (len > 0) {
- word32 add = min(len, WC_CAAM_HASH_BLOCK - sha->buffLen);
- XMEMCPY(&local[sha->buffLen], data, add);
- sha->buffLen += add;
+ word32 add = min(len, WC_CAAM_HASH_BLOCK - *buffLen);
+ XMEMCPY(&buffer[*buffLen], data, add);
+ *buffLen += add;
}
return 0;
@@ -253,7 +222,8 @@ int wc_CAAM_ShaHash(wc_Sha* sha, const byte* in, word32 inSz, byte* digest)
ret = _wc_Hash_Grow(&(sha->msg), &(sha->used), &(sha->len), in,
inSz, sha->heap);
#else
- ret = _ShaUpdate(sha, in, inSz, SHA_DIGEST_SIZE, CAAM_SHA);
+ ret = _ShaUpdate((byte*)sha->buffer, &sha->buffLen, (byte*)sha->digest,
+ in, inSz, SHA_DIGEST_SIZE, CAAM_SHA);
#endif
}
@@ -269,7 +239,7 @@ int wc_CAAM_ShaHash(wc_Sha* sha, const byte* in, word32 inSz, byte* digest)
wc_InitSha_ex(sha, heap, devId);
#else
ret = _ShaFinal((byte*)sha->digest, SHA_DIGEST_SIZE,
- sha->buffer, sha->bufferLen, digest, CAAM_SHA);
+ (byte*)sha->buffer, sha->buffLen, digest, CAAM_SHA);
#endif
}
return ret;
@@ -291,7 +261,8 @@ int wc_CAAM_Sha224Hash(wc_Sha224* sha224, const byte* in, word32 inSz,
#ifdef WOLFSSL_HASH_KEEP
ret = wc_Sha224_Grow(sha224, in, inSz);
#else
- ret = _ShaUpdate(sha224, data, len, SHA224_DIGEST_SIZE, CAAM_SHA224);
+ ret = _ShaUpdate(sha224->buffer, &sha224->bufferLen,
+ (byte*)sha224->digest, data, len, SHA224_DIGEST_SIZE, CAAM_SHA224);
#endif
}
@@ -306,7 +277,7 @@ int wc_CAAM_Sha224Hash(wc_Sha224* sha224, const byte* in, word32 inSz,
wc_InitSha224_ex(sha224, heap, devId);
#else
ret = _ShaFinal((byte*)sha224->digest, SHA224_DIGEST_SIZE,
- sha224->buffer, sha224->bufferLen, digest, CAAM_SHA224);
+ (byte*)sha224->buffer, sha224->bufferLen, digest, CAAM_SHA224);
#endif
}
return ret;
@@ -328,7 +299,8 @@ int wc_CAAM_Sha256Hash(wc_Sha256* sha256, const byte* in, word32 inSz,
#ifdef WOLFSSL_HASH_KEEP
ret = wc_Sha256_Grow(sha256, in, inSz);
#else
- ret = _ShaUpdate(sha256, in, inSz, SHA256_DIGEST_SIZE, CAAM_SHA256);
+ ret = _ShaUpdate((byte*)sha256->buffer, &sha256->buffLen,
+ (byte*)sha256->digest, in, inSz, SHA256_DIGEST_SIZE, CAAM_SHA256);
#endif
}
@@ -344,7 +316,7 @@ int wc_CAAM_Sha256Hash(wc_Sha256* sha256, const byte* in, word32 inSz,
wc_InitSha256_ex(sha256, heap, devId);
#else
ret = _ShaFinal((byte*)sha256->digest, SHA256_DIGEST_SIZE,
- sha256->buffer, sha256->bufferLen, digest, CAAM_SHA256);
+ (byte*)sha256->buffer, sha256->buffLen, digest, CAAM_SHA256);
#endif
}
return ret;
@@ -366,7 +338,8 @@ int wc_CAAM_Sha384Hash(wc_Sha384* sha384, const byte* in, word32 inSz,
#ifdef WOLFSSL_HASH_KEEP
ret = wc_Sha384_Grow(sha384, in, inSz);
#else
- ret = _ShaUpdate(sha384, data, len, SHA384_DIGEST_SIZE, CAAM_SHA384);
+ ret = _ShaUpdate((byte*)sha384->buffer, &sha384->buffLen,
+ (byte*)sha384->digest, in, inSz, SHA384_DIGEST_SIZE, CAAM_SHA384);
#endif
}
@@ -381,7 +354,7 @@ int wc_CAAM_Sha384Hash(wc_Sha384* sha384, const byte* in, word32 inSz,
wc_InitSha384_ex(sha384, heap, devId);
#else
ret = _ShaFinal((byte*)sha384->digest, SHA384_DIGEST_SIZE,
- sha384->buffer, sha384->bufferLen, digest, CAAM_SHA384);
+ (byte*)sha384->buffer, sha384->buffLen, digest, CAAM_SHA384);
#endif
}
return ret;
@@ -404,7 +377,8 @@ int wc_CAAM_Sha512Hash(wc_Sha512* sha512, const byte* in, word32 inSz,
#ifdef WOLFSSL_HASH_KEEP
ret = wc_Sha512_Grow(sha512, in, inSz);
#else
- ret = _ShaUpdate(sha512, data, len, SHA512_DIGEST_SIZE, CAAM_SHA512);
+ ret = _ShaUpdate((byte*)sha512->buffer, &sha512->buffLen,
+ (byte*)sha512->digest, in, inSz, SHA512_DIGEST_SIZE, CAAM_SHA512);
#endif
}
@@ -419,7 +393,7 @@ int wc_CAAM_Sha512Hash(wc_Sha512* sha512, const byte* in, word32 inSz,
wc_InitSha512_ex(sha512, heap, devId);
#else
ret = _ShaFinal((byte*)sha512->digest, SHA512_DIGEST_SIZE,
- sha512->buffer, sha512->bufferLen, digest, CAAM_SHA512);
+ (byte*)sha512->buffer, sha512->buffLen, digest, CAAM_SHA512);
#endif
}
return ret;
diff --git a/wolfcrypt/src/port/caam/wolfcaam_init.c b/wolfcrypt/src/port/caam/wolfcaam_init.c
index a0b868dec..d6e93cf5a 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_init.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_init.c
@@ -34,14 +34,16 @@
*/
#include
-#if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \
- defined(WOLFSSL_IMX6UL_CAAM) || defined(WOLFSSL_IMX6_CAAM_BLOB) || \
- defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM)
+#if defined(WOLFSSL_CAAM)
#include
#include
#include
+#ifdef DEBUG_WOLFSSL
+ #include
+#endif
+
/* determine which porting header to include */
#if defined(__INTEGRITY) || defined(INTEGRITY)
#ifndef WC_CAAM_PASSWORD
@@ -80,6 +82,7 @@ static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx)
int ret = CRYPTOCB_UNAVAILABLE;
(void)ctx;
+ (void)devId;
switch (info->algo_type) {
case WC_ALGO_TYPE_PK:
switch (info->pk.type) {
@@ -160,7 +163,7 @@ static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx)
break;
case WC_ALGO_TYPE_CMAC:
- #ifdef WOLFSSL_CAAM_CMAC
+ #if defined(WOLFSSL_CMAC) && defined(WOLFSSL_CAAM_CMAC)
#ifdef WOLFSSL_SECO_CAAM
if (devId != WOLFSSL_SECO_DEVID)
break;
@@ -180,7 +183,7 @@ static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx)
WOLFSSL_MSG("CMAC not compiled in");
ret = NOT_COMPILED_IN;
#endif
- #endif /* WOLFSSL_CAAM_CMAC */
+ #endif /* WOLFSSL_CMAC && WOLFSSL_CAAM_CMAC */
break;
case WC_ALGO_TYPE_HASH:
@@ -235,13 +238,13 @@ static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx)
break;
case WC_ALGO_TYPE_CIPHER:
- #ifdef WOLFSSL_CAAM_CIPHER
+ #if defined(WOLFSSL_CAAM_CIPHER)
#ifdef WOLFSSL_SECO_CAAM
if (devId != WOLFSSL_SECO_DEVID)
break; /* only call to SECO if using WOLFSSL_SECO_DEVID */
#endif
switch (info->cipher.type) {
- #if defined(HAVE_AESCCM)
+ #if defined(HAVE_AESCCM) && defined(WOLFSSL_CAAM_AESCCM)
case WC_CIPHER_AES_CCM:
if (info->cipher.enc == 1) {
ret = wc_CAAM_AesCcmEncrypt(
@@ -271,7 +274,7 @@ static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx)
}
break;
#endif /* HAVE_AESCCM */
- #if defined(HAVE_AESGCM)
+ #if defined(HAVE_AESGCM) && defined(WOLFSSL_CAAM_AESGCM)
case WC_CIPHER_AES_GCM:
if (info->cipher.enc == 1) {
ret = wc_CAAM_AesGcmEncrypt(
@@ -300,7 +303,7 @@ static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx)
info->cipher.aesgcm_dec.authInSz);
}
break;
- #endif /* HAVE_AESGCM */
+ #endif /* HAVE_AESGCM && WOLFSSL_CAAM_AESGCM */
case WC_CIPHER_AES_CBC:
if (info->cipher.enc == 1) {
@@ -517,6 +520,7 @@ int wc_caamAddAndWait(CAAM_BUFFER* buf, int sz, word32 arg[4], word32 type)
}
+#ifdef WOLFSSL_CAAM_BLOB
/* Create a red or black blob
*
* mod : key modifier, expected 8 bytes for RED key types and 16 for BLACK
@@ -688,7 +692,7 @@ int wc_caamOpenBlob(byte* data, word32 dataSz, byte* out, word32* outSz)
return wc_caamOpenBlob_ex(data, dataSz, out, outSz, WC_CAAM_BLOB_RED,
NULL, 0);
}
-
+#endif /* WOLFSSL_CAAM_BLOB */
/* outSz gets set to key size plus 16 for mac and padding
* return 0 on success
@@ -831,5 +835,4 @@ int caamReadPartition(CAAM_ADDRESS addr, unsigned char* out, int outSz)
return 0;
}
-#endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_IMX6_CAAM_RNG ||
- WOLFSSL_IMX6UL_CAAM || WOLFSSL_IMX6_CAAM_BLOB */
+#endif /* WOLFSSL_CAAM */
diff --git a/wolfcrypt/src/port/caam/wolfcaam_qnx.c b/wolfcrypt/src/port/caam/wolfcaam_qnx.c
index e9aa82faf..23db33c96 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_qnx.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_qnx.c
@@ -34,6 +34,8 @@
#include
#include
+#include
+
/* for devctl use */
int caamFd = -1;
static wolfSSL_Mutex caamMutex;
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 1e5c939d2..d415e9ca4 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -3315,9 +3315,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
-#elif (defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \
- defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_QNX_CAAM) || \
- defined(WOLFSSL_IMXRT1170_CAAM))
+#elif defined(WOLFSSL_CAAM)
#include
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index 31eeda136..612c21332 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -81,9 +81,7 @@
#include
#endif
-#if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \
- defined(WOLFSSL_IMX6UL_CAAM) || defined(WOLFSSL_IMX6_CAAM_BLOB) || \
- defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM)
+#if defined(WOLFSSL_CAAM)
#include
#endif
#if defined(WOLFSSL_DEVCRYPTO)
@@ -358,9 +356,7 @@ int wolfCrypt_Init(void)
}
#endif
-#if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \
- defined(WOLFSSL_IMX6UL_CAAM) || defined(WOLFSSL_IMX6_CAAM_BLOB) || \
- defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM)
+#if defined(WOLFSSL_CAAM)
if ((ret = wc_caamInit()) != 0) {
return ret;
}
@@ -448,9 +444,7 @@ int wolfCrypt_Cleanup(void)
WOLFSSL_SCE_GSCE_HANDLE.p_api->close(WOLFSSL_SCE_GSCE_HANDLE.p_ctrl);
#endif
- #if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \
- defined(WOLFSSL_IMX6_CAAM_BLOB) || \
- defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM)
+ #if defined(WOLFSSL_CAAM)
wc_caamFree();
#endif
#if defined(WOLFSSL_CRYPTOCELL)
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 28d9f4967..1e7d17912 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -44028,7 +44028,7 @@ WOLFSSL_TEST_SUBROUTINE int blob_test(void)
return ret;
}
-#endif /* WOLFSSL_IMX6_CAAM_BLOB */
+#endif /* WOLFSSL_CAAM_BLOB */
#ifdef WOLF_CRYPTO_CB
diff --git a/wolfssl/wolfcrypt/port/caam/caam_driver.h b/wolfssl/wolfcrypt/port/caam/caam_driver.h
index 7a99fe791..e3e277d56 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_driver.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_driver.h
@@ -26,10 +26,28 @@
int InitCAAM(void);
#include "caam_qnx.h"
#endif
+
+
+#ifndef CAAM_BASE
#if (defined(__INTEGRITY) || defined(INTEGRITY))
#define CAAM_BASE 0xf2100000
#define CAAM_PAGE 0xf0100000
+#elif defined(__aarch64__)
+ /* if on an AArch64 system make assumption that it is an i.MX8 QXP */
+ /* use block of memory set aside for job ring 2 */
+ #define CAAM_BASE 0x31400000
+ #define CAAM_PAGE 0x31800000
+#elif defined(WOLFSSL_CAAM_IMX6Q)
+ /* IMX6Q */
+ #define CAAM_BASE 0x02100000
+ #define CAAM_PAGE 0x00100000
+#else
+ /* IMX6UL */
+ #define CAAM_BASE 0x02140000
+ #define CAAM_PAGE 0x00100000
#endif
+#endif /* !CAAM_BASE */
+
#ifdef WOLFSSL_CAAM_PRINT
#include
@@ -263,6 +281,13 @@
#define CAAM_VERSION_LS 0x0FFC
#define CAAM_CHA_CCBVID 0x0FE4
+
+/* high performance AES module includes XTS, GCM */
+#define CAAM_AES_HIGH_PERFORMANCE 0x4
+
+/* low power AES module includes ECB, CBC, CTR, CCM, CMAC, CBC */
+#define CAAM_AES_LOW_POWER 0x3
+
#define CAAM_SM_CMD 0x0BE4
#define CAAM_SM_SMPO 0x0FBC
#define CAAM_SMAPR 0x0A04
diff --git a/wolfssl/wolfcrypt/port/caam/caam_qnx.h b/wolfssl/wolfcrypt/port/caam/caam_qnx.h
index c48e688d0..d3016f4a6 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_qnx.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_qnx.h
@@ -65,16 +65,4 @@
/* check kernel and yield to same priority threads waiting */
#define CAAM_CPU_CHILL() sched_yield()
-
-#ifdef __aarch64__
- /* if on an AArch64 system make assumption that it is an i.MX8 QXP */
- /* use block of memory set aside for job ring 2 */
- #define CAAM_BASE 0x31400000
- #define CAAM_PAGE 0x31800000
-#else
- /* IMX6UL */
- #define CAAM_BASE 0x02140000
- #define CAAM_PAGE 0x00100000
-#endif
-
#endif /* CAAM_QNX_H */
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h
index 5fca631f3..07f176eb5 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h
@@ -58,5 +58,8 @@ WOLFSSL_LOCAL int wc_CAAM_Hmac(Hmac* hmac, int macType, const byte* msg,
int msgSz, byte* digest);
#endif
+#ifndef WC_CAAM_HASH_BLOCK
+ #define WC_CAAM_HASH_BLOCK 64
+#endif
#endif
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h
index d85be684f..1e329c663 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h
@@ -51,11 +51,6 @@
} CAAM_BUFFER;
#endif
-
-/* IMX6UL */
-#define CAAM_BASE 0x02140000
-#define CAAM_PAGE 0x00100000
-
#define DataBuffer 0
#define LastBuffer 0
#define Success 1
@@ -66,6 +61,7 @@
#include
#include
#include
+#include
#include
#define ResourceNotAvailable -3
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 82a03fa4a..607591863 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -1776,29 +1776,86 @@ extern void uITRON4_free(void *p) ;
#endif
#endif
-/* if defined turn on all CAAM support */
-#ifdef WOLFSSL_IMX6_CAAM
- #undef WOLFSSL_IMX6_CAAM_RNG
- #define WOLFSSL_IMX6_CAAM_RNG
+/* Setting supported CAAM algorithms */
+#ifdef WOLFSSL_IMX6Q_CAAM
+ #undef WOLFSSL_CAAM
+ #define WOLFSSL_CAAM
- #undef WOLFSSL_IMX6_CAAM_BLOB
- #define WOLFSSL_IMX6_CAAM_BLOB
-
-#if defined(HAVE_AESGCM) || defined(WOLFSSL_AES_XTS)
- /* large performance gain with HAVE_AES_ECB defined */
- #undef HAVE_AES_ECB
- #define HAVE_AES_ECB
-
- /* @TODO used for now until plugging in caam aes use with qnx */
- #undef WOLFSSL_AES_DIRECT
- #define WOLFSSL_AES_DIRECT
+ /* hardware does not support AES-GCM and ECC
+ * has the low power AES module only (no high power with GCM) */
+ #define WOLFSSL_LP_ONLY_CAAM_AES
+ #define WOLFSSL_NO_CAAM_ECC
#endif
+
+#ifdef WOLFSSL_SECO_CAAM
+ #define WOLFSSL_CAAM
+
+ #define WOLFSSL_HASH_KEEP
+ #define WOLFSSL_NO_CAAM_BLOB
#endif
#ifdef WOLFSSL_IMXRT1170_CAAM
#define WOLFSSL_CAAM
- #define WOLFSSL_CAAM_HASH
+
+ #define WOLFSSL_NO_CAAM_BLOB
+#endif
+
+/* OS specific support so far */
+#ifdef WOLFSSL_QNX_CAAM
+ /* shim layer for QNX hashing not yet implemented */
+ #define WOLFSSL_NO_CAAM_HASH
+#endif
+
+#ifdef WOLFSSL_CAAM
+ /* switch for all AES type algos */
+ #undef WOLFSSL_CAAM_CIPHER
#define WOLFSSL_CAAM_CIPHER
+ #ifdef WOLFSSL_CAAM_CIPHER
+ #ifndef WOLFSSL_LP_ONLY_CAAM_AES
+ /* GCM and XTS mode are only available in the high power module */
+ #define WOLFSSL_CAAM_AESGCM
+ #define WOLFSSL_CAAM_AESXTS
+ #endif
+ #define WOLFSSL_CAAM_AESCCM
+ #define WOLFSSL_CAAM_AESCTR
+ #define WOLFSSL_CAAM_AESCBC
+ #define WOLFSSL_CAAM_CMAC
+ #endif /* WOLFSSL_CAAM_CIPHER */
+ #if defined(HAVE_AESGCM) || defined(WOLFSSL_AES_XTS) || \
+ defined(WOLFSSL_CMAC)
+ /* large performance gain with HAVE_AES_ECB defined */
+ #undef HAVE_AES_ECB
+ #define HAVE_AES_ECB
+
+ /* @TODO used for now until plugging in caam aes use with qnx */
+ #undef WOLFSSL_AES_DIRECT
+ #define WOLFSSL_AES_DIRECT
+ #endif
+
+ /* switch for all hashing algos */
+ #ifndef WOLFSSL_NO_CAAM_HASH
+ #define WOLFSSL_CAAM_HASH
+ #endif
+ #if defined(WOLFSSL_DEVCRYPTO_HMAC)
+ /* HMAC is throught the devcrypto calls */
+ #define WOLFSSL_CAAM_HMAC
+ #endif
+
+ /* public key operations */
+ #ifndef WOLFSSL_NO_CAAM_ECC
+ #undef WOLFSSL_CAAM_ECC
+ #define WOLFSSL_CAAM_ECC
+ #endif
+
+ /* so far curve25519 support was only done with the SECO */
+ #ifdef WOLFSSL_SECO_CAAM
+ #define WOLFSSL_CAAM_CURVE25519
+ #endif
+
+ /* Blob support */
+ #ifndef WOLFSSL_NO_CAAM_BLOB
+ #define WOLFSSL_CAAM_BLOB
+ #endif
#endif
/* If DCP is used without SINGLE_THREADED, enforce WOLFSSL_CRYPT_HW_MUTEX */