From 889f111454a57f0cd5bbb98c3928a33c2a3c1a8e Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Mon, 2 Dec 2019 14:55:21 -0800 Subject: [PATCH 1/3] Update CC readme --- IDE/CRYPTOCELL/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/IDE/CRYPTOCELL/README.md b/IDE/CRYPTOCELL/README.md index 5786f1ccf..534c56bf5 100644 --- a/IDE/CRYPTOCELL/README.md +++ b/IDE/CRYPTOCELL/README.md @@ -22,13 +22,15 @@ The `IDE/CRYPTOCELL/main.c` example application provides a function to run the s - SHA-256 - AES CBC - CryptoCell 310 RNG -- RSA sign/verify and RSA key gen +- RSA sign/verify and RSA key gen (2048 bit in PKCSv1.5 padding mode) - RSA encrypt/decrypt - ECC sign/verify/shared secret - ECC key import/export and key gen pairs - Hardware RNG - RTC for benchmark timing source +Note: All Cryptocell features are not supported. The wolfcrypt RSA API allows import and export of Private/Public keys in DER format. However, this is not possible keys generated with Cryptocell because the reconstruction of the imported keys has not been implemented. + ## Setup ### Setting up Nordic SDK with wolfSSL 1. Download the wolfSSL source code or a zip file from GitHub and place it under your SDK `InstallFolder/external/` directory. You can also copy or simlink to the source. From 4f8a37ef7bb897d8687861eb111726a000eb60fb Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Thu, 5 Dec 2019 10:40:21 -0800 Subject: [PATCH 2/3] Remove wc_RsaSSL_VerifyInline from Cryptocell --- wolfcrypt/src/rsa.c | 3 ++- wolfcrypt/test/test.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 8205d480b..6b651eee5 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3106,7 +3106,7 @@ int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out, #endif /* WC_NO_RSA_OAEP || WC_RSA_NO_PADDING */ #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - +#if !defined(WOLFSSL_CRYPTOCELL) int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) { WC_RNG* rng = NULL; @@ -3117,6 +3117,7 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, 0, rng); } +#endif #ifndef WOLFSSL_RSA_VERIFY_ONLY int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 0ebce4278..a7946fdf0 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -11844,6 +11844,7 @@ int rsa_test(void) #ifndef WOLFSSL_RSA_VERIFY_INLINE #if defined(WOLFSSL_CRYPTOCELL) +/* Cryptocell requires the input data and signature to verify */ ret = wc_RsaSSL_Verify(in, inLen, out, outSz, &key); #else ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key); From 69a0c1155f8f1c9756aeab7a21d99a1b7f3ef71b Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Tue, 17 Dec 2019 17:36:38 -0800 Subject: [PATCH 3/3] Review comment --- IDE/CRYPTOCELL/README.md | 2 +- wolfcrypt/test/test.c | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/IDE/CRYPTOCELL/README.md b/IDE/CRYPTOCELL/README.md index 534c56bf5..480079631 100644 --- a/IDE/CRYPTOCELL/README.md +++ b/IDE/CRYPTOCELL/README.md @@ -29,7 +29,7 @@ The `IDE/CRYPTOCELL/main.c` example application provides a function to run the s - Hardware RNG - RTC for benchmark timing source -Note: All Cryptocell features are not supported. The wolfcrypt RSA API allows import and export of Private/Public keys in DER format. However, this is not possible keys generated with Cryptocell because the reconstruction of the imported keys has not been implemented. +Note: All Cryptocell features are not supported. The wolfcrypt RSA API allows import and export of Private/Public keys in DER format. However, this is not possible with key pairs generated with Cryptocell because the importing/exporting Cryptocell keys has not been implemented yet. ## Setup ### Setting up Nordic SDK with wolfSSL diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a7946fdf0..376d31a88 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -11844,7 +11844,16 @@ int rsa_test(void) #ifndef WOLFSSL_RSA_VERIFY_INLINE #if defined(WOLFSSL_CRYPTOCELL) -/* Cryptocell requires the input data and signature to verify */ + /* + Cryptocell requires the input data and signature byte array to verify. + + first argument must be the input data + second argument must be the length of input data + third argument must be the signature byte array or the output from + wc_RsaSSL_Sign() + fourth argument must be the length of the signature byte array + */ + ret = wc_RsaSSL_Verify(in, inLen, out, outSz, &key); #else ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key);