feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3786 from tmael/cc310_ecc_importkey

Browse Source 
Add Cryptocell wc_ecc_import_x963_ex
This commit is contained in:
David Garske
2021-03-04 13:59:54 -08:00
committed by GitHub
parent 53a7397418 3a3c0be43f
commit 7983734dcb
4 changed files with 61 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
IDE/CRYPTOCELL/user_settings.h
View File

@@ -41,6 +41,7 @@ extern "C" {
#endif #endif
#if defined(WOLFSSL_CRYPTOCELL) #if defined(WOLFSSL_CRYPTOCELL)
/* see SASI_AES_KEY_MAX_SIZE_IN_BYTES in the nRF5 SDK */
#define AES_MAX_KEY_SIZE 128 #define AES_MAX_KEY_SIZE 128
#endif /* WOLFSSL_CRYPTOCELL*/ #endif /* WOLFSSL_CRYPTOCELL*/
@@ -137,6 +138,9 @@ extern "C" {
#if 1 #if 1
#define HAVE_ECC #define HAVE_ECC
#include <strings.h>
/* strings.h required for strncasecmp */
/* Manually define enabled curves */ /* Manually define enabled curves */
#undef ECC_USER_CURVES #undef ECC_USER_CURVES
#define ECC_USER_CURVES #define ECC_USER_CURVES

56
wolfcrypt/src/ecc.c
View File

@@ -1178,7 +1178,8 @@ static int wc_ecc_export_x963_compressed(ecc_key*, byte* out, word32* outLen);
#if (defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH)) && \ #if (defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH)) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL)
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
mp_int* prime, mp_int* order); mp_int* prime, mp_int* order);
#endif #endif
@@ -3824,7 +3825,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
err = CRYS_ECDH_SVDP_DH(&public_key->ctx.pubKey, err = CRYS_ECDH_SVDP_DH(&public_key->ctx.pubKey,
&private_key->ctx.privKey, &private_key->ctx.privKey,
out, out,
outlen, (uint32_t*)outlen,
&tempBuff); &tempBuff);
if (err != SA_SILIB_RET_OK){ if (err != SA_SILIB_RET_OK){
@@ -4542,7 +4543,7 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
} }
#elif defined(WOLFSSL_CRYPTOCELL) #elif defined(WOLFSSL_CRYPTOCELL)
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(curve_id)); pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
raw_size = (word32)(key->dp->size)*2 + 1; raw_size = (word32)(key->dp->size)*2 + 1;
/* generate first key pair */ /* generate first key pair */
@@ -4563,7 +4564,7 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
err = CRYS_ECPKI_ExportPublKey(&key->ctx.pubKey, err = CRYS_ECPKI_ExportPublKey(&key->ctx.pubKey,
CRYS_EC_PointUncompressed, CRYS_EC_PointUncompressed,
&ucompressed_key[0], &ucompressed_key[0],
&raw_size); (uint32_t*)&raw_size);
if (err == SA_SILIB_RET_OK && key->pubkey.x && key->pubkey.y) { if (err == SA_SILIB_RET_OK && key->pubkey.x && key->pubkey.y) {
err = mp_read_unsigned_bin(key->pubkey.x, err = mp_read_unsigned_bin(key->pubkey.x,
@@ -4577,7 +4578,7 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
if (err == MP_OKAY) { if (err == MP_OKAY) {
err = CRYS_ECPKI_ExportPrivKey(&key->ctx.privKey, err = CRYS_ECPKI_ExportPrivKey(&key->ctx.privKey,
ucompressed_key, ucompressed_key,
&raw_size); (uint32_t*)&raw_size);
} }
if (err == SA_SILIB_RET_OK) { if (err == SA_SILIB_RET_OK) {
@@ -4993,7 +4994,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
(byte*)in, (byte*)in,
msgLenInBytes, msgLenInBytes,
out, out,
&raw_sig_size); (uint32_t*)&raw_sig_size);
if (err != SA_SILIB_RET_OK){ if (err != SA_SILIB_RET_OK){
WOLFSSL_MSG("CRYS_ECDSA_Sign failed"); WOLFSSL_MSG("CRYS_ECDSA_Sign failed");
@@ -7654,7 +7655,8 @@ int wc_ecc_check_key(ecc_key* key)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL)
err = 0; /* consider key check success on ATECC508/608A */ err = 0; /* consider key check success on ATECC508/608A and CryptoCell */
(void)err;
#else #else
#ifdef USE_ECC_B_PARAM #ifdef USE_ECC_B_PARAM
@@ -7749,9 +7751,8 @@ int wc_ecc_check_key(ecc_key* key)
#endif #endif
FREE_CURVE_SPECS(); FREE_CURVE_SPECS();
return err;
#endif /* WOLFSSL_ATECC508A */ #endif /* WOLFSSL_ATECC508A */
return err;
#else #else
return WC_KEY_SIZE_E; return WC_KEY_SIZE_E;
#endif /* !WOLFSSL_SP_MATH */ #endif /* !WOLFSSL_SP_MATH */
@@ -7768,7 +7769,10 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
#endif #endif
int keysize = 0; int keysize = 0;
byte pointType; byte pointType;
#ifdef WOLFSSL_CRYPTOCELL
const CRYS_ECPKI_Domain_t* pDomain;
CRYS_ECPKI_BUILD_TempData_t tempBuff;
#endif
if (in == NULL || key == NULL) if (in == NULL || key == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -7948,7 +7952,20 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
#ifdef WOLFSSL_SILABS_SE_ACCEL #ifdef WOLFSSL_SILABS_SE_ACCEL
err = silabs_ecc_import(key, keysize); err = silabs_ecc_import(key, keysize);
#endif #endif
#ifdef WOLFSSL_CRYPTOCELL
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
/* create public key from external key buffer */
err = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain,
(byte*)in-1, /* re-adjust */
inLen+1, /* original input */
&key->ctx.pubKey,
&tempBuff);
if (err != SA_SILIB_RET_OK){
WOLFSSL_MSG("CRYS_ECPKI_BuildPublKeyFullCheck failed");
}
#endif
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
if (err == MP_OKAY) if (err == MP_OKAY)
err = wc_ecc_check_key(key); err = wc_ecc_check_key(key);
@@ -8077,7 +8094,6 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
int ret; int ret;
#ifdef WOLFSSL_CRYPTOCELL #ifdef WOLFSSL_CRYPTOCELL
const CRYS_ECPKI_Domain_t* pDomain; const CRYS_ECPKI_Domain_t* pDomain;
CRYS_ECPKI_BUILD_TempData_t tempBuff;
#endif #endif
if (key == NULL || priv == NULL) if (key == NULL || priv == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -8108,21 +8124,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
return ret; return ret;
#ifdef WOLFSSL_CRYPTOCELL #ifdef WOLFSSL_CRYPTOCELL
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(curve_id)); pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
if (pub != NULL && pub[0] != '\0') {
/* create public key from external key buffer */
ret = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain,
(byte*)pub,
pubSz,
&key->ctx.pubKey,
&tempBuff);
if (ret != SA_SILIB_RET_OK){
WOLFSSL_MSG("CRYS_ECPKI_BuildPublKeyFullCheck failed");
return ret;
}
}
/* import private key */ /* import private key */
if (priv != NULL && priv[0] != '\0') { if (priv != NULL && priv[0] != '\0') {
@@ -8394,7 +8396,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
} }
if (err == MP_OKAY) { if (err == MP_OKAY) {
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(curve_id)); pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
/* create public key from external key buffer */ /* create public key from external key buffer */
err = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain, err = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain,

23
wolfcrypt/src/signature.c
View File

@@ -48,6 +48,13 @@
/* Signature wrapper disabled check */ /* Signature wrapper disabled check */
#ifndef NO_SIG_WRAPPER #ifndef NO_SIG_WRAPPER
#ifdef WOLFSSL_CRYPTOCELL
extern int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig,
RsaKey* key, CRYS_RSA_HASH_OpMode_t mode);
extern int cc310_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, CRYS_RSA_HASH_OpMode_t mode);
#endif
#if !defined(NO_RSA) && !defined(NO_ASN) #if !defined(NO_RSA) && !defined(NO_ASN)
static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte* hash_data, static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte* hash_data,
word32 hash_len, word32* hash_enc_len) word32 hash_len, word32* hash_enc_len)
@@ -178,12 +185,12 @@ int wc_SignatureVerifyHash(
#ifndef NO_RSA #ifndef NO_RSA
#ifdef WOLFSSL_CRYPTOCELL #ifdef WOLFSSL_CRYPTOCELL
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig, key, ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig,
cc310_hashModeRSA(hash_type, 0)); (RsaKey*)key, cc310_hashModeRSA(hash_type, 0));
} }
else { else {
ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig, key, ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig,
cc310_hashModeRSA(hash_type, 1)); (RsaKey*)key, cc310_hashModeRSA(hash_type, 1));
} }
#else #else
@@ -400,12 +407,12 @@ int wc_SignatureGenerateHash_ex(
/* use expected signature size (incoming sig_len could be larger buffer */ /* use expected signature size (incoming sig_len could be larger buffer */
*sig_len = wc_SignatureGetSize(sig_type, key, key_len); *sig_len = wc_SignatureGetSize(sig_type, key, key_len);
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, key, ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len,
cc310_hashModeRSA(hash_type, 0)); (RsaKey*)key, cc310_hashModeRSA(hash_type, 0));
} }
else { else {
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, key, ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len,
cc310_hashModeRSA(hash_type, 1)); (RsaKey*)key, cc310_hashModeRSA(hash_type, 1));
} }
#else #else
/* Create signature using provided RSA key */ /* Create signature using provided RSA key */

18
wolfcrypt/test/test.c
View File

@@ -7623,9 +7623,11 @@ static int aes_key_size_test(void)
#endif #endif
byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
#ifndef WOLFSSL_CRYPTOCELL
byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 };
#endif
byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
@@ -7702,7 +7704,8 @@ static int aes_key_size_test(void)
if (ret != 0 || keySize != sizeof(key16)) if (ret != 0 || keySize != sizeof(key16))
ERROR_OUT(-5310, out); ERROR_OUT(-5310, out);
#endif #endif
#ifndef WOLFSSL_CRYPTOCELL
/* Cryptocell only supports AES-128 key size */
ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION); ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION);
#ifdef WOLFSSL_AES_192 #ifdef WOLFSSL_AES_192
if (ret != 0) if (ret != 0)
@@ -7728,7 +7731,7 @@ static int aes_key_size_test(void)
if (ret != 0 || keySize != sizeof(key32)) if (ret != 0 || keySize != sizeof(key32))
ERROR_OUT(-5314, out); ERROR_OUT(-5314, out);
#endif #endif
#endif /* !WOLFSSL_CRYPTOCELL */
out: out:
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -14439,7 +14442,9 @@ static int rsa_keygen_test(WC_RNG* rng)
#endif #endif
int ret; int ret;
byte* der = NULL; byte* der = NULL;
#ifndef WOLFSSL_CRYPTOCELL
word32 idx = 0; word32 idx = 0;
#endif
int derSz = 0; int derSz = 0;
#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
int keySz = 1024; int keySz = 1024;
@@ -14499,8 +14504,9 @@ static int rsa_keygen_test(WC_RNG* rng)
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-7875, exit_rsa); ERROR_OUT(-7875, exit_rsa);
} }
#ifndef WOLFSSL_CRYPTOCELL
idx = 0; idx = 0;
#if !defined(WOLFSSL_CRYPTOCELL)
/* The private key part of the key gen pairs from cryptocell can't be exported */ /* The private key part of the key gen pairs from cryptocell can't be exported */
ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, derSz); ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, derSz);
if (ret != 0) { if (ret != 0) {
@@ -21375,7 +21381,9 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
#ifdef HAVE_ECC_SIGN #ifdef HAVE_ECC_SIGN
/* ECC w/out Shamir has issue with all 0 digest */ /* ECC w/out Shamir has issue with all 0 digest */
/* WC_BIGINT doesn't have 0 len well on hardware */ /* WC_BIGINT doesn't have 0 len well on hardware */
#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) /* Cryptocell has issues with all 0 digest */
#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
!defined(WOLFSSL_CRYPTOCELL)
/* test DSA sign hash with zeros */ /* test DSA sign hash with zeros */
for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
digest[i] = 0; digest[i] = 0;
@@ -21412,7 +21420,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
TEST_SLEEP(); TEST_SLEEP();
} }
#endif /* HAVE_ECC_VERIFY */ #endif /* HAVE_ECC_VERIFY */
#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT */ #endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
/* test DSA sign hash with sequence (0,1,2,3,4,...) */ /* test DSA sign hash with sequence (0,1,2,3,4,...) */
for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {