From 83dca07421b05f5be454ffb9eac913f64994cc31 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 24 May 2023 10:58:18 -0700 Subject: [PATCH] Updated support for Silicon Labs Simplicity Studio and the ERF32 Gecko SDK. Fix ECC unused functions with HW crypto like SE. ZD 15874. --- IDE/SimplicityStudio/README.md | 92 ++++ IDE/SimplicityStudio/include.am | 7 + IDE/SimplicityStudio/test_wolf.c | 85 ++++ IDE/SimplicityStudio/user_settings.h | 522 ++++++++++++++++++++++ examples/configs/user_settings_template.h | 27 +- wolfcrypt/src/ecc.c | 52 ++- wolfcrypt/src/port/silabs/README.md | 7 +- wolfcrypt/src/port/silabs/silabs_ecc.c | 85 ++-- wolfcrypt/src/port/silabs/silabs_hash.c | 27 +- 9 files changed, 822 insertions(+), 82 deletions(-) create mode 100644 IDE/SimplicityStudio/README.md create mode 100644 IDE/SimplicityStudio/include.am create mode 100644 IDE/SimplicityStudio/test_wolf.c create mode 100644 IDE/SimplicityStudio/user_settings.h diff --git a/IDE/SimplicityStudio/README.md b/IDE/SimplicityStudio/README.md new file mode 100644 index 000000000..89d7b5049 --- /dev/null +++ b/IDE/SimplicityStudio/README.md @@ -0,0 +1,92 @@ +# Silicon Labs Simplicity Studio + +Tested with ERF32xG21 Starter Kit and Gecko SDK v3.2.2 and v4.2.3. + +## Simplicity Studio Example + +Based on `cli_kernel_freertos`. +* Create a new example project for your board based on the CLI FreeRTOS example. +* Create a new `wolfssl` and put wolfSSL into it. Tip: Use `./scripts/makedistsmall.sh` to produce a reduced bundle. +* Exclude (or delete) all .S and asm.c files. +* Exclude (or delete) directory not used (only the `src`, `wolfcrypt` and `wolfssl` directory are used). +* Add the `IDE/SimplicityStudio/user_settings.h` into `wolfssl/user_settings.h`. +* Add the `IDE/SimplicityStudio/test_wolf.c` to the project root. +* Add C preprocessor `WOLFSSL_USER_SETTINGS`. +* Add C include path `wolfssl`. +* Disable UART flow control: `config/sl_iostream_usart_vcom_config.h` -> `#define SL_IOSTREAM_USART_VCOM_FLOW_CONTROL_TYPE usartHwFlowControlNone` +* Adjust stack and heap to larger size 12KB: + - Adjust the CLI stack. Edit `config/sl_cli_config_inst.h` to `#define SL_CLI_INST_TASK_STACK_SIZE (12*1024)` + - Adjust the FreeRTOS heap. Edit `config/FreeRTOSConfig.h` to `#define configTOTAL_HEAP_SIZE (12*1024)` +* Add the following code to `cli.c`: + +```c +extern void wolf_test(sl_cli_command_arg_t *arguments); +extern void wolf_bench(sl_cli_command_arg_t *arguments); + +static const sl_cli_command_info_t cmd_wolf_test = + SL_CLI_COMMAND(wolf_test, "Run wolfCrypt tests", "", + { SL_CLI_ARG_WILDCARD, SL_CLI_ARG_END, }); + +static const sl_cli_command_info_t cmd_wolf_bench = + SL_CLI_COMMAND(wolf_bench, "Run wolfCrypt benchmarks", "", + { SL_CLI_ARG_WILDCARD, SL_CLI_ARG_END, }); + +static sl_cli_command_entry_t a_table[] = { + { "wolf_test", &cmd_wolf_test, false }, + { "wolf_bench", &cmd_wolf_bench, false }, + { NULL, NULL, false }, +}; +``` + +* If running wolfCrypt benchmark enable printf float + - `C/C++ Build Settings` -> `Settings` -> `Tool Settings` -> `GNU ARM C Linker` -> `General` -> `C Library "Printf float"`. + +## SE Manager + +For SE Manager cryptography hardware acceleration see [/wolfcrypt/src/port/silabs/README.md](/wolfcrypt/src/port/silabs/README.md). + +Enabled with `WOLFSSL_SILABS_SE_ACCEL`. Requires the "SE Manager" component to be installed. + +## Benchmarks with SE Accel + +Tested on ERF32xG21 Starter Kit (Cortex M33 at 80 MHz) and Gecko SDK v3.2.2 (-Os). + +``` +Benchmark Test +wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each) +RNG 200 KiB took 1.057 seconds, 189.215 KiB/s +AES-128-CBC-enc 6 MiB took 1.000 seconds, 5.542 MiB/s +AES-128-CBC-dec 6 MiB took 1.000 seconds, 5.518 MiB/s +AES-192-CBC-enc 5 MiB took 1.001 seconds, 5.415 MiB/s +AES-192-CBC-dec 5 MiB took 1.001 seconds, 5.390 MiB/s +AES-256-CBC-enc 5 MiB took 1.004 seconds, 5.301 MiB/s +AES-256-CBC-dec 5 MiB took 1.001 seconds, 5.268 MiB/s +AES-128-GCM-enc 5 MiB took 1.003 seconds, 4.844 MiB/s +AES-128-GCM-dec 5 MiB took 1.003 seconds, 4.625 MiB/s +AES-192-GCM-enc 5 MiB took 1.002 seconds, 4.751 MiB/s +AES-192-GCM-dec 5 MiB took 1.002 seconds, 4.532 MiB/s +AES-256-GCM-enc 5 MiB took 1.002 seconds, 4.654 MiB/s +AES-256-GCM-dec 4 MiB took 1.000 seconds, 4.443 MiB/s +AES-128-GCM-enc-no_AAD 5 MiB took 1.004 seconds, 4.888 MiB/s +AES-128-GCM-dec-no_AAD 5 MiB took 1.001 seconds, 4.658 MiB/s +AES-192-GCM-enc-no_AAD 5 MiB took 1.000 seconds, 4.785 MiB/s +AES-192-GCM-dec-no_AAD 5 MiB took 1.000 seconds, 4.565 MiB/s +AES-256-GCM-enc-no_AAD 5 MiB took 1.004 seconds, 4.693 MiB/s +AES-256-GCM-dec-no_AAD 4 MiB took 1.003 seconds, 4.479 MiB/s +GMAC Small 5 MiB took 1.000 seconds, 4.653 MiB/s +CHACHA 2 MiB took 1.012 seconds, 1.809 MiB/s +CHA-POLY 1 MiB took 1.006 seconds, 1.189 MiB/s +POLY1305 5 MiB took 1.004 seconds, 5.082 MiB/s +SHA 8 MiB took 1.000 seconds, 7.812 MiB/s +SHA-256 8 MiB took 1.000 seconds, 8.032 MiB/s +HMAC-SHA 7 MiB took 1.000 seconds, 7.056 MiB/s +HMAC-SHA256 7 MiB took 1.002 seconds, 7.237 MiB/s +RSA 2048 public 30 ops took 1.022 sec, avg 34.067 ms, 29.354 ops/sec +RSA 2048 private 2 ops took 2.398 sec, avg 1199.000 ms, 0.834 ops/sec +ECC [ SECP256R1] 256 key gen 172 ops took 1.004 sec, avg 5.837 ms, 171.315 ops/sec +ECDHE [ SECP256R1] 256 agree 186 ops took 1.005 sec, avg 5.403 ms, 185.075 ops/sec +ECDSA [ SECP256R1] 256 sign 174 ops took 1.007 sec, avg 5.787 ms, 172.790 ops/sec +ECDSA [ SECP256R1] 256 verify 160 ops took 1.003 sec, avg 6.269 ms, 159.521 ops/sec +Benchmark complete +Benchmark Test: Return code 0 +``` diff --git a/IDE/SimplicityStudio/include.am b/IDE/SimplicityStudio/include.am new file mode 100644 index 000000000..0b010c36a --- /dev/null +++ b/IDE/SimplicityStudio/include.am @@ -0,0 +1,7 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= IDE/SimplicityStudio/README.md +EXTRA_DIST+= IDE/SimplicityStudio/test_wolf.c +EXTRA_DIST+= IDE/SimplicityStudio/user_settings.h diff --git a/IDE/SimplicityStudio/test_wolf.c b/IDE/SimplicityStudio/test_wolf.c new file mode 100644 index 000000000..d06e9eadd --- /dev/null +++ b/IDE/SimplicityStudio/test_wolf.c @@ -0,0 +1,85 @@ +/* test_wolf.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Example for running wolfCrypt test and benchmark from + * SiLabs Simplicity Studio's CLI example */ + +#include +#include +#include +#include +#include +#include + +#include "sl_cli.h" +#include "sl_cli_instances.h" +#include "sl_cli_arguments.h" +#include "sl_cli_handles.h" + +#ifndef NO_CRYPT_TEST +typedef struct func_args { + int argc; + char** argv; + int return_code; +} func_args; + +static func_args args = { 0 }; +#endif + +void wolf_test(sl_cli_command_arg_t *arguments) +{ + int ret; +#ifndef NO_CRYPT_TEST + wolfCrypt_Init(); + + printf("\nCrypt Test\n"); + wolfcrypt_test(&args); + ret = args.return_code; + printf("Crypt Test: Return code %d\n", ret); + + wolfCrypt_Cleanup(); +#else + ret = NOT_COMPILED_IN; +#endif + (void)arguments; + (void)ret; +} + +void wolf_bench(sl_cli_command_arg_t *arguments) +{ + int ret; +#ifndef NO_CRYPT_BENCHMARK + wolfCrypt_Init(); + + printf("\nBenchmark Test\n"); + benchmark_test(&args); + ret = args.return_code; + printf("Benchmark Test: Return code %d\n", ret); + + wolfCrypt_Cleanup(); +#else + ret = NOT_COMPILED_IN; +#endif + (void)arguments; + (void)ret; +} + + diff --git a/IDE/SimplicityStudio/user_settings.h b/IDE/SimplicityStudio/user_settings.h new file mode 100644 index 000000000..4ea241f31 --- /dev/null +++ b/IDE/SimplicityStudio/user_settings.h @@ -0,0 +1,522 @@ +/* user_settings.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Template based on examples/config/user_settings_template.h, but modified to + * include `WOLFSSL_SILABS_SE_ACCEL` and tune for ARM Cortex M. */ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* Silicon Labs ERF32 Hardware Acceleration */ +#define WOLFSSL_SILABS_SE_ACCEL + +/* ------------------------------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------------------------------- */ +#define WOLFSSL_GENERAL_ALIGNMENT 4 +#define SIZEOF_LONG_LONG 8 +#define HAVE_STRINGS_H + +/* Use FreeRTOS */ +#if 1 + #define FREERTOS +#else + /* disable mutex locking */ + #define SINGLE_THREADED +#endif + +/* reduce stack use. For variables over 100 bytes allocate from heap */ +#define WOLFSSL_SMALL_STACK + +/* Disable the built-in socket support and use the IO callbacks. + * Set IO callbacks with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend + */ +#define WOLFSSL_USER_IO + +/* ------------------------------------------------------------------------- */ +/* Math Configuration */ +/* ------------------------------------------------------------------------- */ +/* Math Choices: SP (preferred), TFM or Normal (heap) */ +#if 1 + /* Wolf Single Precision Math */ + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_HAVE_SP_DH + #define WOLFSSL_HAVE_SP_ECC + //#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */ + //#define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */ + + //#define WOLFSSL_SP_CACHE_RESISTANT + //#define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */ + #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */ + + //#define WOLFSSL_SP_NO_MALLOC + //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */ + + /* use smaller version of code */ + #define WOLFSSL_SP_SMALL + + /* SP Assembly Speedups - specific to chip type */ + #define WOLFSSL_SP_ASM + #define WOLFSSL_SP_ARM_CORTEX_M_ASM +#elif 1 + /* Fast Math (tfm.c) (stack based and timing resistant) */ + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT +#else + /* Normal (integer.c) (heap based, not timing resistant) - not recommended*/ + #define USE_INTEGER_HEAP_MATH +#endif + + +/* ------------------------------------------------------------------------- */ +/* Crypto */ +/* ------------------------------------------------------------------------- */ +/* RSA */ +#undef NO_RSA +#if 1 + #ifdef USE_FAST_MATH + /* Maximum math bits (Max RSA key bits * 2) */ + #define FP_MAX_BITS 4096 + #endif + + /* half as much memory but twice as slow */ + //#define RSA_LOW_MEM + + /* Enables blinding mode, to prevent timing attacks */ + #define WC_RSA_BLINDING + + /* RSA PSS Support */ + #define WC_RSA_PSS +#else + #define NO_RSA +#endif + +/* DH */ +#undef NO_DH +#if 1 + /* Use table for DH instead of -lm (math) lib dependency */ + #if 1 + #define WOLFSSL_DH_CONST + #define HAVE_FFDHE_2048 + //#define HAVE_FFDHE_4096 + //#define HAVE_FFDHE_6144 + //#define HAVE_FFDHE_8192 + #endif +#else + #define NO_DH +#endif + +/* ECC */ +#undef HAVE_ECC +#if 1 + #define HAVE_ECC + + /* Manually define enabled curves */ + #define ECC_USER_CURVES + + #ifdef ECC_USER_CURVES + /* Manual Curve Selection */ + //#define HAVE_ECC192 + //#define HAVE_ECC224 + #undef NO_ECC256 + //#define HAVE_ECC384 + //#define HAVE_ECC521 + #endif + + /* Fixed point cache (speeds repeated operations against same private key) */ + //#define FP_ECC + #ifdef FP_ECC + /* Bits / Entries */ + #define FP_ENTRIES 2 + #define FP_LUT 4 + #endif + + /* Optional ECC calculation method */ + /* Note: doubles heap usage, but slightly faster */ + #define ECC_SHAMIR + + /* Reduces heap usage, but slower */ + #define ECC_TIMING_RESISTANT + + /* Compressed ECC Key Support */ + //#define HAVE_COMP_KEY + + /* Use alternate ECC size for ECC math */ + #ifdef USE_FAST_MATH + /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ + #if defined(NO_RSA) && defined(NO_DH) + /* Custom fastmath size if not using RSA/DH */ + #define FP_MAX_BITS (256 * 2) + #else + /* use heap allocation for ECC points */ + #define ALT_ECC_SIZE + + /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */ + //#define FP_MAX_BITS_ECC (256 * 2) + #endif + + /* Speedups specific to curve */ + #ifndef NO_ECC256 + #define TFM_ECC256 + #endif + #endif +#endif + + +/* AES */ +#undef NO_AES +#if 1 + #define HAVE_AES_CBC + + /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */ + #define HAVE_AESGCM + #define GCM_SMALL + + //#define WOLFSSL_AES_DIRECT + //#define HAVE_AES_ECB + //#define WOLFSSL_AES_COUNTER + //#define HAVE_AESCCM +#else + #define NO_AES +#endif + + +/* DES3 */ +#undef NO_DES3 +#if 0 +#else + #define NO_DES3 +#endif + +/* ChaCha20 / Poly1305 */ +#undef HAVE_CHACHA +#undef HAVE_POLY1305 +#if 1 + #define HAVE_CHACHA + #define HAVE_POLY1305 + + /* Needed for Poly1305 */ + #define HAVE_ONE_TIME_AUTH +#endif + +/* Ed25519 / Curve25519 */ +#undef HAVE_CURVE25519 +#undef HAVE_ED25519 +#if 0 + #define HAVE_CURVE25519 + #define HAVE_ED25519 /* ED25519 Requires SHA512 */ + + /* Optionally use small math (less flash usage, but much slower) */ + #if 1 + #define CURVED25519_SMALL + #endif +#endif + + +/* ------------------------------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------------------------------- */ +/* Sha */ +#undef NO_SHA +#if 1 + /* 1k smaller, but 25% slower */ + //#define USE_SLOW_SHA +#else + #define NO_SHA +#endif + +/* Sha256 */ +#undef NO_SHA256 +#if 1 + /* not unrolled - ~2k smaller and ~25% slower */ + //#define USE_SLOW_SHA256 + + /* Sha224 */ + #if 0 + #define WOLFSSL_SHA224 + #endif +#else + #define NO_SHA256 +#endif + +/* Sha512 */ +#undef WOLFSSL_SHA512 +#if 0 + #define WOLFSSL_SHA512 + + /* Sha384 */ + #undef WOLFSSL_SHA384 + #if 0 + #define WOLFSSL_SHA384 + #endif + + /* over twice as small, but 50% slower */ + //#define USE_SLOW_SHA512 +#endif + +/* Sha3 */ +#undef WOLFSSL_SHA3 +#if 0 + #define WOLFSSL_SHA3 +#endif + +/* MD5 */ +#undef NO_MD5 +#if 0 + +#else + #define NO_MD5 +#endif + +/* HKDF */ +#undef HAVE_HKDF +#if 1 + #define HAVE_HKDF +#endif + +/* CMAC */ +#undef WOLFSSL_CMAC +#if 0 + #define WOLFSSL_CMAC +#endif + + +/* ------------------------------------------------------------------------- */ +/* Benchmark / Test */ +/* ------------------------------------------------------------------------- */ +/* Use reduced benchmark / test sizes */ +#define BENCH_EMBEDDED + +/* Use test buffers from array (not filesystem) */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* ------------------------------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------------------------------- */ + +#undef DEBUG_WOLFSSL +#undef NO_ERROR_STRINGS +#if 0 + #define DEBUG_WOLFSSL +#else + #if 0 + #define NO_ERROR_STRINGS + #endif +#endif + + +/* ------------------------------------------------------------------------- */ +/* Memory */ +/* ------------------------------------------------------------------------- */ + +/* Override Memory API's */ +#if 0 + #define XMALLOC_OVERRIDE + + /* prototypes for user heap override functions */ + /* Note: Realloc only required for normal math */ + #include /* for size_t */ + extern void *myMalloc(size_t n, void* heap, int type); + extern void myFree(void *p, void* heap, int type); + extern void *myRealloc(void *p, size_t n, void* heap, int type); + + #define XMALLOC(n, h, t) myMalloc(n, h, t) + #define XFREE(p, h, t) myFree(p, h, t) + #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t) +#endif + +#if 0 + /* Static memory requires fast math */ + #define WOLFSSL_STATIC_MEMORY + + /* Disable fallback malloc/free */ + #define WOLFSSL_NO_MALLOC + #if 1 + #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */ + #endif +#endif + +/* Memory callbacks */ +#if 0 + #undef USE_WOLFSSL_MEMORY + #define USE_WOLFSSL_MEMORY + + /* Use this to measure / print heap usage */ + #if 0 + #define WOLFSSL_TRACK_MEMORY + #define WOLFSSL_DEBUG_MEMORY + #endif +#else + #ifndef WOLFSSL_STATIC_MEMORY + #define NO_WOLFSSL_MEMORY + /* Otherwise we will use stdlib malloc, free and realloc */ + #endif +#endif + + +/* ------------------------------------------------------------------------- */ +/* Port */ +/* ------------------------------------------------------------------------- */ + +/* Override Current Time */ +#if 0 + /* Allows custom "custom_time()" function to be used for benchmark */ + #define WOLFSSL_USER_CURRTIME + #define WOLFSSL_GMTIME + #define USER_TICKS + extern unsigned long my_time(unsigned long* timer); + #define XTIME my_time +#endif + + +/* ------------------------------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------------------------------- */ + +/* Choose RNG method */ +#if 1 + /* Custom Seed Source */ + #if 0 + /* Size of returned HW RNG value */ + #define CUSTOM_RAND_TYPE unsigned int + extern unsigned int my_rng_seed_gen(void); + #undef CUSTOM_RAND_GENERATE + #define CUSTOM_RAND_GENERATE my_rng_seed_gen + #endif + + /* Use built-in P-RNG (SHA256 based) with HW RNG */ + /* P-RNG + HW RNG (P-RNG is ~8K) */ + #undef HAVE_HASHDRBG + #define HAVE_HASHDRBG +#else + #undef WC_NO_HASHDRBG + #define WC_NO_HASHDRBG + + /* Bypass P-RNG and use only HW RNG */ + extern int my_rng_gen_block(unsigned char* output, unsigned int sz); + #undef CUSTOM_RAND_GENERATE_BLOCK + #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block +#endif + + +/* ------------------------------------------------------------------------- */ +/* Custom Standard Lib */ +/* ------------------------------------------------------------------------- */ +/* Allows override of all standard library functions */ +#undef STRING_USER +#if 0 + #define STRING_USER + + #include + + #define USE_WOLF_STRSEP + #define XSTRSEP(s1,d) wc_strsep((s1),(d)) + + #define USE_WOLF_STRTOK + #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) + + #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) + + #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) + #define XMEMSET(b,c,l) memset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) + #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) + + #define XSTRLEN(s1) strlen((s1)) + #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) + #define XSTRSTR(s1,s2) strstr((s1),(s2)) + + #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) + #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) + #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) + + #define XSNPRINTF snprintf +#endif + + + +/* ------------------------------------------------------------------------- */ +/* Enable Features */ +/* ------------------------------------------------------------------------- */ + +#define WOLFSSL_TLS13 +#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */ +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define WOLFSSL_BASE64_ENCODE +#define WOLFSSL_PUB_PEM_TO_DER + +//#define WOLFSSL_KEY_GEN /* For RSA Key gen only */ +//#define KEEP_PEER_CERT +//#define HAVE_COMP_KEY + +/* TLS Session Cache */ +#if 0 + #define SMALL_SESSION_CACHE +#else + #define NO_SESSION_CACHE +#endif + + +/* ------------------------------------------------------------------------- */ +/* Disable Features */ +/* ------------------------------------------------------------------------- */ +//#define NO_WOLFSSL_SERVER +//#define NO_WOLFSSL_CLIENT +//#define NO_CRYPT_TEST +//#define NO_CRYPT_BENCHMARK +//#define WOLFCRYPT_ONLY + +/* do not warm when file is included to be built and not required to be */ +#define WOLFSSL_IGNORE_FILE_WARN + +/* In-lining of misc.c functions */ +/* If defined, must include wolfcrypt/src/misc.c in build */ +/* Slower, but about 1k smaller */ +//#define NO_INLINE + +#define NO_FILESYSTEM +#define NO_WRITEV +#define NO_MAIN_DRIVER +#define NO_DEV_RANDOM + +#define NO_OLD_TLS +#define NO_PSK + +#define NO_DSA +#define NO_RC4 +#define NO_MD4 +#define NO_PWDBASED +//#define NO_CODING +//#define NO_ASN_TIME +//#define NO_CERTS +//#define NO_SIG_WRAPPER + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff --git a/examples/configs/user_settings_template.h b/examples/configs/user_settings_template.h index 4bc6da715..b96f5bd52 100644 --- a/examples/configs/user_settings_template.h +++ b/examples/configs/user_settings_template.h @@ -52,8 +52,8 @@ extern "C" { /* reduce stack use. For variables over 100 bytes allocate from heap */ #define WOLFSSL_SMALL_STACK - /* disable the built-in socket support and use the IO callbacks. - * Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend + /* Disable the built-in socket support and use the IO callbacks. + * Set IO callbacks with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend */ #define WOLFSSL_USER_IO #endif @@ -61,17 +61,7 @@ extern "C" { /* ------------------------------------------------------------------------- */ /* Math Configuration */ /* ------------------------------------------------------------------------- */ -#undef USE_FAST_MATH -#if 1 - /* fast math (tfmc.) (stack based and timing resistant) */ - #define USE_FAST_MATH - #define TFM_TIMING_RESISTANT -#else - /* normal heap based integer.c (not timing resistant) */ -#endif - /* Wolf Single Precision Math */ -#undef WOLFSSL_SP #if 1 #define WOLFSSL_HAVE_SP_RSA #define WOLFSSL_HAVE_SP_DH @@ -80,7 +70,7 @@ extern "C" { //#define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */ //#define WOLFSSL_SP_CACHE_RESISTANT - #define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */ + //#define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */ #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */ //#define WOLFSSL_SP_NO_MALLOC @@ -99,8 +89,16 @@ extern "C" { //#define WOLFSSL_SP_ARM64_ASM //#define WOLFSSL_SP_ARM_THUMB_ASM //#define WOLFSSL_SP_ARM_CORTEX_M_ASM +#elif 1 + /* Fast Math (tfm.c) (stack based and timing resistant) */ + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT +#else + /* Normal (integer.c) (heap based, not timing resistant) - not recommended*/ + #define USE_INTEGER_HEAP_MATH #endif + /* ------------------------------------------------------------------------- */ /* Crypto */ /* ------------------------------------------------------------------------- */ @@ -508,6 +506,9 @@ extern "C" { //#define NO_CRYPT_BENCHMARK //#define WOLFCRYPT_ONLY +/* do not warm when file is included to be built and not required to be */ +#define WOLFSSL_IGNORE_FILE_WARN + /* In-lining of misc.c functions */ /* If defined, must include wolfcrypt/src/misc.c in build */ /* Slower, but about 1k smaller */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index a837986ad..8522c95e7 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -215,13 +215,30 @@ ECC Curve Sizes: #endif #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(WOLFSSL_KCAPI_ECC) && \ - !defined(WOLFSSL_CRYPTOCELL) && !defined(NO_ECC_MAKE_PUB) && \ + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ + !defined(WOLFSSL_KCAPI_ECC) && !defined(WOLFSSL_SE050) && \ + !defined(WOLFSSL_XILINX_CRYPT_VERSAL) + #undef HAVE_ECC_VERIFY_HELPER + #define HAVE_ECC_VERIFY_HELPER +#endif + +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ + !defined(WOLFSSL_KCAPI_ECC) && !defined(NO_ECC_MAKE_PUB) && \ !defined(WOLF_CRYPTO_CB_ONLY_ECC) #undef HAVE_ECC_MAKE_PUB #define HAVE_ECC_MAKE_PUB #endif +#if !defined(WOLFSSL_SP_MATH) && \ + !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ + !defined(WOLFSSL_SE050) && !defined(WOLFSSL_STM32_PKA) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) + #undef HAVE_ECC_CHECK_PUBKEY_ORDER + #define HAVE_ECC_CHECK_PUBKEY_ORDER +#endif + #if defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS < MAX_ECC_BITS_NEEDED #define MAX_ECC_BITS_USE SP_INT_BITS #else @@ -1274,18 +1291,11 @@ const size_t ecc_sets_count = ECC_SET_COUNT - 1; static oid_cache_t ecc_oid_cache[ECC_SET_COUNT]; #endif - +/* Forward declarations */ #if defined(HAVE_COMP_KEY) && defined(HAVE_ECC_KEY_EXPORT) static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen); #endif - - - -#if !defined(WOLFSSL_SP_MATH) && \ - !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ - !defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ - !defined(WOLFSSL_STM32_PKA) +#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, mp_int* prime, mp_int* order); #endif @@ -8245,6 +8255,7 @@ static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s) } #endif /* !WOLFSSL_STM32_PKA && !WOLFSSL_PSOC6_CRYPTO */ +#ifdef HAVE_ECC_VERIFY_HELPER static int ecc_verify_hash_sp(mp_int *r, mp_int *s, const byte* hash, word32 hashlen, int* res, ecc_key* key) { @@ -8617,6 +8628,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, return err; } #endif /* !WOLFSSL_SP_MATH || FREESCALE_LTC_ECC */ +#endif /* HAVE_ECC_VERIFY_HELPER */ /** Verify an ECC signature @@ -8693,10 +8705,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, } #endif -#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ - defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \ - defined(WOLFSSL_KCAPI_ECC) || defined(WOLFSSL_SE050) || \ - defined(WOLFSSL_XILINX_CRYPT_VERSAL) +#ifndef HAVE_ECC_VERIFY_HELPER #ifndef WOLFSSL_SE050 /* Extract R and S with front zero padding (if required), @@ -8843,7 +8852,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, (void)curveLoaded; wc_ecc_curve_free(curve); FREE_CURVE_SPECS(); -#endif /* WOLFSSL_ATECC508A */ +#endif /* HAVE_ECC_VERIFY_HELPER */ (void)keySz; (void)hashlen; @@ -9784,7 +9793,7 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng) } #endif /* (FIPS v5 or later || WOLFSSL_VALIDATE_ECC_KEYGEN) &&!WOLFSSL_KCAPI_ECC */ -#ifndef WOLFSSL_SP_MATH +#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER /* validate order * pubkey = point at infinity, 0 on success */ static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, mp_int* prime, mp_int* order) @@ -9942,11 +9951,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) #endif #ifndef WOLFSSL_SP_MATH -#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ - defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \ - defined(WOLFSSL_SE050) || defined(WOLF_CRYPTO_CB_ONLY_ECC) || \ - defined(WOLFSSL_XILINX_CRYPT_VERSAL) || defined(WOLFSSL_STM32_PKA) - +#ifndef HAVE_ECC_CHECK_PUBKEY_ORDER /* consider key check success on HW crypto * ex: ATECC508/608A, CryptoCell and Silabs * @@ -10078,7 +10083,8 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) #endif FREE_CURVE_SPECS(); -#endif /* HW Based Crypto */ +#endif /* HAVE_ECC_CHECK_PUBKEY_ORDER */ + #else err = WC_KEY_SIZE_E; #endif /* !WOLFSSL_SP_MATH */ diff --git a/wolfcrypt/src/port/silabs/README.md b/wolfcrypt/src/port/silabs/README.md index d6d0f782b..4bc7bd80f 100644 --- a/wolfcrypt/src/port/silabs/README.md +++ b/wolfcrypt/src/port/silabs/README.md @@ -15,6 +15,10 @@ To enable support define the following: #define WOLFSSL_SILABS_SE_ACCEL ``` +## Simplicity Studio Example + +For the Silicon Labs Simplicity Studio exmaple see [/IDE/SimplicityStudio/README.md](/IDE/SimplicityStudio/README.md). + ## Caveats :warning: **Be sure to update the SE firmware** Testing and results were done using SE firmware `1.2.6` @@ -33,8 +37,7 @@ Update was preformed under Simplicity Studio directory: The SE manager supports multi-threading for FreeRTOS and Micrium ([ref](https://docs.silabs.com/gecko-platform/latest/service/api/group-sl-se-manager#autotoc-md152)). -If a different OS is used with multi-threading, additional mutex -protection may be necessary. +If a different OS is used with multi-threading, additional mutex protection may be necessary. ## Benchmarks diff --git a/wolfcrypt/src/port/silabs/silabs_ecc.c b/wolfcrypt/src/port/silabs/silabs_ecc.c index dcd6b2568..5858313c8 100644 --- a/wolfcrypt/src/port/silabs/silabs_ecc.c +++ b/wolfcrypt/src/port/silabs/silabs_ecc.c @@ -31,6 +31,12 @@ #include #include #include +#include "sl_se_manager_internal_keys.h" + +#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) +static sl_se_key_descriptor_t private_device_key = + SL_SE_APPLICATION_ATTESTATION_KEY; +#endif #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV /* FIPS build has replaced ecc.h. */ @@ -40,6 +46,12 @@ #define SILABS_UNSUPPORTED_KEY_TYPE 0xFFFFFFFF +/* For older Gecko SDK's with spelling error */ +#ifndef SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY +#define SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY \ + SL_SE_KEY_FLAG_ASYMMMETRIC_SIGNING_ONLY +#endif + static sl_se_key_type_t silabs_map_key_type (ecc_curve_id curve_id) { sl_se_key_type_t res = SILABS_UNSUPPORTED_KEY_TYPE; @@ -84,7 +96,8 @@ static sl_se_key_type_t silabs_map_key_type (ecc_curve_id curve_id) return res; } -int silabs_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, ecc_key* key) +int silabs_ecc_sign_hash(const byte* in, word32 inlen, byte* out, + word32 *outlen, ecc_key* key) { sl_status_t sl_stat = sl_se_init_command_context(&(key->cmd_ctx)); word32 siglen = *outlen; @@ -97,15 +110,18 @@ int silabs_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen sl_stat = sl_se_ecc_sign( &(key->cmd_ctx), + #if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) + &private_device_key, + #else &(key->key), + #endif 0, 1, in, inlen, out, siglen - ); - + ); return (sl_stat == SL_STATUS_OK) ? 0 : WC_HW_E; } @@ -149,11 +165,12 @@ int silabs_ecc_make_key(ecc_key* key, int keysize) key->key.size = keysize; key->key.storage.method = SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT; - key->key.flags = SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY - | SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY - | SL_SE_KEY_FLAG_ASYMMMETRIC_SIGNING_ONLY; + key->key.flags = (SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY | + SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY | + SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY); - sl_stat = sl_se_get_storage_size(&key->key, &key->key.storage.location.buffer.size); + sl_stat = sl_se_get_storage_size(&key->key, + &key->key.storage.location.buffer.size); key->key.storage.location.buffer.pointer = key->key_raw; sl_stat = sl_se_generate_key(&(key->cmd_ctx), @@ -169,7 +186,8 @@ int silabs_ecc_make_key(ecc_key* key, int keysize) key->key.storage.location.buffer.pointer + keysize, keysize); mp_read_unsigned_bin (wc_ecc_key_get_priv(key), - key->key.storage.location.buffer.pointer + 2 * keysize, + key->key.storage.location.buffer.pointer + + (2 * keysize), keysize); return (sl_stat == SL_STATUS_OK) ? 0 : WC_HW_E; @@ -187,11 +205,12 @@ int silabs_ecc_import(ecc_key* key, word32 keysize) key->key.size = keysize; key->key.storage.method = SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT; - key->key.flags = SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY - | SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY - | SL_SE_KEY_FLAG_ASYMMMETRIC_SIGNING_ONLY; + key->key.flags = (SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY | + SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY | + SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY); - sl_stat = sl_se_get_storage_size(&key->key, &key->key.storage.location.buffer.size); + sl_stat = sl_se_get_storage_size(&key->key, + &key->key.storage.location.buffer.size); key->key.storage.location.buffer.pointer = key->key_raw; if (sl_stat != SL_STATUS_OK) return WC_HW_E; @@ -200,17 +219,20 @@ int silabs_ecc_import(ecc_key* key, word32 keysize) /* copy key from mp components */ if (err == MP_OKAY) - err = wc_export_int(key->pubkey.x, key->key.storage.location.buffer.pointer, + err = wc_export_int(key->pubkey.x, + key->key.storage.location.buffer.pointer, &used, keysize, WC_TYPE_UNSIGNED_BIN); if (err == MP_OKAY) - err = wc_export_int(key->pubkey.y, key->key.storage.location.buffer.pointer + keysize, + err = wc_export_int(key->pubkey.y, + key->key.storage.location.buffer.pointer + keysize, &used, keysize, WC_TYPE_UNSIGNED_BIN); if (err == MP_OKAY) err = wc_export_int(wc_ecc_key_get_priv(key), - key->key.storage.location.buffer.pointer + 2 * keysize, &used, - keysize, WC_TYPE_UNSIGNED_BIN); + key->key.storage.location.buffer.pointer + + (2 * keysize), + &used, keysize, WC_TYPE_UNSIGNED_BIN); return err; } @@ -226,10 +248,11 @@ int silabs_ecc_import_private(ecc_key* key, word32 keysize) key->key.size = key->dp->size; key->key.storage.method = SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT; - key->key.flags = SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY - | SL_SE_KEY_FLAG_ASYMMMETRIC_SIGNING_ONLY; + key->key.flags = (SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY | + SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY); - sl_stat = sl_se_get_storage_size(&key->key, &key->key.storage.location.buffer.size); + sl_stat = sl_se_get_storage_size(&key->key, + &key->key.storage.location.buffer.size); key->key.storage.location.buffer.pointer = key->key_raw; if (sl_stat != SL_STATUS_OK) return WC_HW_E; @@ -255,36 +278,40 @@ int silabs_ecc_sig_to_rs(ecc_key* key, word32 keySz) key->key.size = keySz; key->key.storage.method = SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT; - key->key.flags = SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY - | SL_SE_KEY_FLAG_ASYMMMETRIC_SIGNING_ONLY; + key->key.flags = (SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY | + SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY); - sl_stat = sl_se_get_storage_size(&key->key, &key->key.storage.location.buffer.size); + sl_stat = sl_se_get_storage_size(&key->key, + &key->key.storage.location.buffer.size); key->key.storage.location.buffer.pointer = key->key_raw; if (sl_stat != SL_STATUS_OK) return WC_HW_E; + keySz = key->dp->size; if (err == MP_OKAY) { - keySz = key->dp->size; err = wc_export_int(key->pubkey.x, key->key.storage.location.buffer.pointer, &keySz, keySz, WC_TYPE_UNSIGNED_BIN); - if (err == MP_OKAY) - err = wc_export_int(key->pubkey.y, - key->key.storage.location.buffer.pointer + keySz, - &keySz, keySz, WC_TYPE_UNSIGNED_BIN); + } + if (err == MP_OKAY) { + err = wc_export_int(key->pubkey.y, + key->key.storage.location.buffer.pointer + keySz, + &keySz, keySz, WC_TYPE_UNSIGNED_BIN); } return err; } -int silabs_ecc_import_private_raw(ecc_key* key, word32 keySz, const char* d, int encType) +int silabs_ecc_import_private_raw(ecc_key* key, word32 keySz, const char* d, + int encType) { sl_status_t sl_stat; int err = MP_OKAY; key->type = ECC_PRIVATEKEY; key->key.flags |= SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY; - sl_stat = sl_se_get_storage_size(&key->key, &key->key.storage.location.buffer.size); + sl_stat = sl_se_get_storage_size(&key->key, + &key->key.storage.location.buffer.size); if (sl_stat != SL_STATUS_OK) return WC_HW_E; diff --git a/wolfcrypt/src/port/silabs/silabs_hash.c b/wolfcrypt/src/port/silabs/silabs_hash.c index 5e29f55c0..46ff84a37 100644 --- a/wolfcrypt/src/port/silabs/silabs_hash.c +++ b/wolfcrypt/src/port/silabs/silabs_hash.c @@ -1,4 +1,4 @@ -/* silabs_se_hash.c +/* silabs_hash.c * * Copyright (C) 2006-2023 wolfSSL Inc. * @@ -94,32 +94,30 @@ int wc_silabs_se_hash_init (wc_silabs_sha_t* sha, enum wc_HashType type) return ret; } -int wc_silabs_se_hash_update (wc_silabs_sha_t* sha, const byte* data, word32 len) +int wc_silabs_se_hash_update(wc_silabs_sha_t* sha, const byte* data, + word32 len) { int ret = 0; - sl_status_t status = sl_se_hash_update(&sha->hash_ctx, data, len); if (status != SL_STATUS_OK) { - ret = BUFFER_E; + ret = WC_HW_E; } - return ret; } -int wc_silabs_se_hash_final (wc_silabs_sha_t* sha, byte* hash) +int wc_silabs_se_hash_final(wc_silabs_sha_t* sha, byte* hash) { int ret = 0; - - sl_status_t status = sl_se_hash_finish(&sha->hash_ctx, hash, sha->hash_ctx.size); + sl_status_t status = sl_se_hash_finish(&sha->hash_ctx, hash, + sha->hash_ctx.size); if (status != SL_STATUS_OK) { - ret = BUFFER_E; + ret = WC_HW_E; } - return ret; } -int wc_HashUpdate_ex (wc_silabs_sha_t* sha, const byte* data, word32 len) +int wc_HashUpdate_ex(wc_silabs_sha_t* sha, const byte* data, word32 len) { int ret = 0; @@ -130,7 +128,6 @@ int wc_HashUpdate_ex (wc_silabs_sha_t* sha, const byte* data, word32 len) ret = wolfSSL_CryptHwMutexLock(); if (ret == 0) { ret = wc_silabs_se_hash_update(sha, data, len); - wolfSSL_CryptHwMutexUnLock(); } return ret; @@ -212,7 +209,7 @@ int wc_Sha256Final(wc_Sha256* sha, byte* hash) } #endif /* ! NO_SHA256 */ -#ifndef NO_SHA224 +#ifdef WOLFSSL_SHA224 int wc_InitSha224_ex(wc_Sha224* sha, void* heap, int devId) { if (sha == NULL) { @@ -239,7 +236,7 @@ int wc_Sha224Final(wc_Sha224* sha, byte* hash) return ret; } -#endif /* ! NO_SHA224 */ +#endif /* WOLFSSL_SHA224 */ #ifdef WOLFSSL_SILABS_SHA384 int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devId) @@ -299,4 +296,4 @@ int wc_Sha512Final(wc_Sha512* sha, byte* hash) } #endif /* WOLFSSL_SILABS_SHA512 */ -#endif /* defined(WOLFSSL_SILABS_SE_ACCEL) */ +#endif /* WOLFSSL_SILABS_SE_ACCEL */