diff --git a/CMakeLists.txt b/CMakeLists.txt index 67af97c23..e366e256a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1803,6 +1803,14 @@ if (WOLFSSL_TLSX) endif() +add_option("WOLFSSL_CAAM" + "Enable use of CAAM with NXP (default: disabled)" + "no" "yes;no") +if (WOLFSSL_CAAM) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CAAM") +endif() + + # Generates the BUILD_* flags. These control what source files are included in # the library. A series of AM_CONDITIONALs handle this in configure.ac. generate_build_flags() @@ -2208,7 +2216,7 @@ if(NOT BUILD_FIPS OR BUILD_FIPS_V1) "wolfssl/wolfcrypt/fips.h") endif() -if(NOT BUILD_QNXCAAM) +if(NOT BUILD_QNXCAAM OR BUILD_CAAM) list(APPEND HEADER_EXCLUDE "wolfssl/wolfcrypt/port/caam" ) diff --git a/IDE/MCUEXPRESSO/README.md b/IDE/MCUEXPRESSO/README.md index 8f9bbecdf..3ff8f69fe 100644 --- a/IDE/MCUEXPRESSO/README.md +++ b/IDE/MCUEXPRESSO/README.md @@ -1,10 +1,33 @@ -- Open MCUEXPRESSO and set the workspace to wolfssl/IDE/MCUEXPRESSO -- File -> Open Projects From File System... -> Directory : and set the browse to wolfssl/IDE/MCUEXPROSSO directory then click "select directory" +- Open MCUEXPRESSO and set the workspace to wolfssl/IDE/MCUEXPRESSO or to wolfssl/IDE/MCUEXPRESSO/RT1170 (for RT1170) +- File -> Open Projects From File System... -> Directory : and set the browse to wolfssl/IDE/MCUEXPRESSO directory then click "select directory" + - For RT1170 use the directory wolfssl/IDE/MCUEXPRESSO/RT1170 - Select MCUEXPRESSO\wolfssl, MCUEXPRESSO\benchmark and MCUEXPRESSO\wolfcrypt_test then click "Finish" + - For RT1170 select wolfssl_cm7, wolfcrypt_test_cm7 - Right click the projects -> SDK Management -> Refresh SDK Components and click "yes" -- MCUEXPRESSO fails to generate the fils for wolfssl/MIMXRT685S, just copy the files from either benchmark or wolfcrypt_test into the directory +- MCUEXPRESSO fails to generate the files for wolfssl/MIMXRT685S with RT685 build, just copy the files from either benchmark or wolfcrypt_test into the directory - increase the size of configTOTAL_HEAP_SIZE in FreeRTOSConfig.h to be 200000 for wolfcrypt_test and benchmark projects - (note board files need to be recreated .... this can be done by creating a new project that has the same settings and copying over the generated board/* files) - Build the projects + +### Expanding RT1170 CAAM Driver +The files RT1170/fsl_caam_h.patch and RT1170/fsl_caam_c.patch include changes to +the existing NXP CAAM driver for use with creating/opening Blobs and generating +and using ECC black keys. + +To apply the patches first create a project that has the caam driver. This will +generate the base fsl_caam.c and fsl_caam.h in the drivers directory. (i.e wolfcrypt_test_cm7/drivers/fls_caam.{c,h}) +. Once the base files are generated then 'cd' to the drivers directory and apply +the patch. The following is an example of applying the patch to the PKCS7 example +using Cygwin (cd wolfcrypt_test_cm7/drivers/ && /bin/patch < ../../fsl_caam_c.patch && /bin/patch < ../../fsl_caam_h.patch). + +In the patch for fsl_caam.h there are macros defined for both the ECC and Blob +expansion (CAAM_ECC_EXPANSION and CAAM_BLOB_EXPANSION). When wolfSSL code finds +that these macros are defined (the patch has been applied) then it tries to +compile in use of the expanded driver. + +### CMake example + +See the cmake directory in https://github.com/wolfssl/wolfssl-examples for an example of +building with CMake and CSR/PKCS7 examples. diff --git a/IDE/MCUEXPRESSO/RT1170/fsl_caam_c.patch b/IDE/MCUEXPRESSO/RT1170/fsl_caam_c.patch new file mode 100644 index 000000000..50590a0da --- /dev/null +++ b/IDE/MCUEXPRESSO/RT1170/fsl_caam_c.patch @@ -0,0 +1,465 @@ +--- fsl_caam-orig.c 2022-10-21 15:50:35.709951000 -0700 ++++ fsl_caam.c 2022-12-28 06:30:34.788316189 -0800 +@@ -7872,3 +7872,462 @@ + } + return status; + } ++ ++ ++#define CAAM_ECDSA_PD 0x00400000 ++#define CAAM_ECDSA_KEYGEN_PD 0x02000000 ++ ++static const uint32_t templateKeyPairECC[] = { ++ /* 00 */ 0xB0840000u, /* HEADER */ ++ /* 01 */ 0x00000000u, /* ECDSEL */ ++ /* 02 */ 0x00000000u, /* Private Key Address */ ++ /* 03 */ 0x00000000u, /* Public Key Address */ ++ /* 04 */ 0x80140002u, /* Operation */ ++}; ++ ++ ++static const uint32_t templateSignECC[] = { ++ /* 00 */ 0xB0870000u, /* HEADER */ ++ /* 01 */ 0x00000000u, /* ECDSEL */ ++ /* 02 */ 0x00000000u, /* Private Key Address */ ++ /* 03 */ 0x00000000u, /* Message Address */ ++ /* 04 */ 0x00000000u, /* R of signature */ ++ /* 05 */ 0x00000000u, /* S of signature */ ++ /* 06 */ 0x00000000u, /* Message Size */ ++ /* 07 */ 0x80150802u, /* Operation */ ++}; ++ ++ ++static const uint32_t templateVerifyECC[] = { ++ /* 00 */ 0xB0880000u, /* HEADER */ ++ /* 01 */ 0x00000000u, /* ECDSEL */ ++ /* 02 */ 0x00000000u, /* Public Key Address (X,Y) */ ++ /* 03 */ 0x00000000u, /* Message Address */ ++ /* 04 */ 0x00000000u, /* R of signature */ ++ /* 05 */ 0x00000000u, /* S of signature */ ++ /* 06 */ 0x00000000u, /* tmp buffer */ ++ /* 07 */ 0x00000000u, /* Message Size */ ++ /* 08 */ 0x80160802u, /* Operation */ ++}; ++ ++ ++static const uint32_t templateAgreeECC[] = { ++ /* 00 */ 0xB0850000u, /* HEADER */ ++ /* 01 */ 0x00000000u, /* ECDSEL */ ++ /* 02 */ 0x00000000u, /* Public Key Address */ ++ /* 03 */ 0x00000000u, /* Private Key Address */ ++ /* 04 */ 0x00000000u, /* Shared Output */ ++ /* 07 */ 0x80170002u, /* Operation */ ++}; ++ ++ ++static int CheckSupportedKeyType(int keyType) ++{ ++ int ret = 0; ++ ++ switch (keyType) { ++ case CAAM_ECDSA_P256: ++ ret = 32; ++ break; ++ ++ case CAAM_ECDSA_P384: ++ ret = 48; ++ break; ++ ++ case CAAM_ECDSA_P521: ++ ret = 66; ++ break; ++ } ++ return ret; ++} ++ ++ ++/*! ++ * brief generate ECC Keypair. ++ * ++ * This function generates ECC private/public key pair. ++ * ++ * param base CAAM peripheral base address ++ * param[out] k private key ++ * param[in,out] sizeK pointer to size variable. On input it holds size of input k in bytes. On output it holds size of ++ * of generated private key k in bytes. ++ * param[out] p public key ++ * param[in,out] sizeP pointer to size variable. On input it holds size of input p in bytes. On output it holds size of ++ * of generated public key p in bytes. ++ * param keyType type of ECC key, i.e P256 / P384 ++ * param enc option to create black key ++ * return Operation status. ++ */ ++status_t CAAM_ECC_Keygen(CAAM_Type *base, ++ caam_handle_t *handle, ++ uint8_t *k, ++ size_t *sizeK, ++ uint8_t *p, ++ size_t *sizeP, ++ int keyType, ++ uint32_t enc) ++{ ++ caam_desc_pkha_ecc_t descriptor; ++ status_t status = kStatus_InvalidArgument; ++ uint32_t descriptorSize = ARRAY_SIZE(templateKeyPairECC); ++ BUILD_ASSURE(sizeof(caam_desc_pkha_ecc_t) >= sizeof(templateKeyPairECC), caam_desc_pkha_ecc_t_size_too_low); ++ ++ /* check if known type of key encryption */ ++ if (enc != 0 && enc != CAAM_PKHA_ENC_PRI_AESECB) { ++ return status; ++ } ++ ++ /* check is supported key type */ ++ if (CheckSupportedKeyType(keyType) == 0) { ++ return status; ++ } ++ ++ /* initialize descriptor from template */ ++ (void)caam_memcpy(descriptor, templateKeyPairECC, sizeof(templateKeyPairECC)); ++ ++ /* add descriptor lenght in bytes to HEADER descriptor command */ ++ DESC_HEADER_ADD_DESCLEN(descriptor[0], descriptorSize); ++ ++ DESC_SET_ADDR(descriptor[1], (CAAM_ECDSA_KEYGEN_PD | keyType)); ++ DESC_SET_ADDR(descriptor[2], k); ++ DESC_SET_ADDR(descriptor[3], p); ++ ++ /* add in if is encrypted */ ++ descriptor[4] |= enc; ++ ++ /* schedule the job */ ++ status = caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); ++ if (status == kStatus_Success) { ++ status = CAAM_Wait(base, handle, descriptor, kCAAM_Blocking); ++ } ++ ++#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) ++ /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ ++ /* Invalidate unaligned data can cause memory corruption in write-back mode */ ++ DCACHE_InvalidateByRange((uint32_t)k, *sizeK); ++ DCACHE_InvalidateByRange((uint32_t)p, *sizeP); ++#endif /* CAAM_OUT_INVALIDATE */ ++ return status; ++} ++ ++ ++/*! ++ * brief generate ECC signature. ++ * ++ * This function creates an ECC signature. ++ * ++ * param base CAAM peripheral base address ++ * param[in] k private key ++ * param[in] sizeK holds size of input k in bytes. ++ * param[in] hash contains the hash to sign ++ * param[in] sizeHash is the size of 'hash' in bytes. ++ * param[out] sig signature output ++ * param[in,out] sizeSig pointer to size variable. On input it holds size of input sig in bytes. On output it holds size of ++ * of generated signature in bytes. ++ * param keyType type of ECC key i.e P256 / P384 ++ * param enc option to use black key ++ * return Operation status. ++ */ ++status_t CAAM_ECC_Sign(CAAM_Type *base, ++ caam_handle_t *handle, ++ const uint8_t *k, ++ size_t sizeK, ++ const uint8_t *hash, ++ size_t sizeHash, ++ uint8_t *r, ++ size_t sizeR, ++ uint8_t *s, ++ size_t sizeS, ++ int keyType, ++ uint32_t enc) ++{ ++ size_t keySz = 0; ++ caam_desc_pkha_ecc_t descriptor; ++ status_t status = kStatus_InvalidArgument; ++ uint32_t descriptorSize = ARRAY_SIZE(templateSignECC); ++ BUILD_ASSURE(sizeof(caam_desc_pkha_ecc_t) >= sizeof(templateSignECC), caam_desc_pkha_ecc_t_size_too_low); ++ ++ /* check if known type of key encryption */ ++ if (enc != 0 && enc != CAAM_PKHA_ENC_PRI_AESECB) { ++ return status; ++ } ++ ++ /* check is supported key type */ ++ keySz = CheckSupportedKeyType(keyType); ++ if (keySz == 0) { ++ return status; ++ } ++ ++ /* sanity check on size of buffers passed in */ ++ if (sizeR < keySz || sizeS < keySz) { ++ return status; ++ } ++ ++ /* initialize descriptor from template */ ++ (void)caam_memcpy(descriptor, templateSignECC, sizeof(templateSignECC)); ++ ++ /* add descriptor lenght in bytes to HEADER descriptor command */ ++ DESC_HEADER_ADD_DESCLEN(descriptor[0], descriptorSize); ++ ++ DESC_SET_ADDR(descriptor[1], (CAAM_ECDSA_PD | keyType)); ++ DESC_SET_ADDR(descriptor[2], k); ++ DESC_SET_ADDR(descriptor[3], hash); ++ DESC_SET_ADDR(descriptor[4], r); ++ DESC_SET_ADDR(descriptor[5], s); ++ DESC_ADD_LEN(descriptor[6], sizeHash); ++ ++ /* add in if is encrypted */ ++ descriptor[7] |= enc; ++ ++ /* schedule the job */ ++ status = caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); ++ if (status == kStatus_Success) { ++ status = CAAM_Wait(base, handle, descriptor, kCAAM_Blocking); ++ } ++#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) ++ /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ ++ /* Invalidate unaligned data can cause memory corruption in write-back mode */ ++ DCACHE_InvalidateByRange((uint32_t)r, sizeR); ++ DCACHE_InvalidateByRange((uint32_t)s, sizeS); ++#endif /* CAAM_OUT_INVALIDATE */ ++ return status; ++} ++ ++ ++/*! ++ * brief do an ECC verify. ++ * ++ * This function verifies an ECC signature. ++ * ++ * param base CAAM peripheral base address ++ * param[in] p public key ++ * param[in] sizeP pointer to size variable. On input it holds size of input k in bytes. On output it holds size of ++ * of generated private key k in bytes. ++ * param[in] sig signature to verify ++ * param[in] sizeSig size of signature in bytes ++ * param[in] hash contains the hash to sign ++ * param[in] sizeHash is the size of 'hash' in bytes. ++ * param keyType type of ECC key i.e P256 / P384 ++ * param enc option to use black key ++ * return Operation status. ++ */ ++status_t CAAM_ECC_Verify(CAAM_Type *base, ++ caam_handle_t *handle, ++ const uint8_t *p, ++ size_t sizeP, ++ const uint8_t *r, ++ size_t sizeR, ++ const uint8_t *s, ++ size_t sizeS, ++ const uint8_t *hash, ++ size_t sizeHash, ++ int keyType) ++{ ++ size_t keySz = 0; ++ caam_desc_pkha_ecc_t descriptor; ++ status_t status = kStatus_InvalidArgument; ++ uint8_t tmp[256]; ++ uint32_t descriptorSize = ARRAY_SIZE(templateVerifyECC); ++ BUILD_ASSURE(sizeof(caam_desc_pkha_ecc_t) >= sizeof(templateVerifyECC), caam_desc_pkha_ecc_t_size_too_low); ++ ++ /* check is supported key type */ ++ keySz = CheckSupportedKeyType(keyType); ++ if (keySz == 0 || sizeR < keySz || sizeS < keySz) { ++ return status; ++ } ++ ++ /* initialize descriptor from template */ ++ (void)caam_memcpy(descriptor, templateVerifyECC, sizeof(templateVerifyECC)); ++ ++ /* add descriptor lenght in bytes to HEADER descriptor command */ ++ DESC_HEADER_ADD_DESCLEN(descriptor[0], descriptorSize); ++ ++ DESC_SET_ADDR(descriptor[1], (CAAM_ECDSA_PD | keyType)); ++ DESC_SET_ADDR(descriptor[2], p); ++ DESC_SET_ADDR(descriptor[3], hash); ++ DESC_SET_ADDR(descriptor[4], r); ++ DESC_SET_ADDR(descriptor[5], s); ++ DESC_SET_ADDR(descriptor[6], tmp); ++ DESC_ADD_LEN(descriptor[7], sizeHash); ++ ++ /* schedule the job */ ++ status = caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); ++ if (status == kStatus_Success) { ++ status = CAAM_Wait(base, handle, descriptor, kCAAM_Blocking); ++ } ++ return status; ++} ++ ++ ++/*! ++ * brief generate ECC shared secret. ++ * ++ * This function creates an ECC shared secret. ++ * ++ * param base CAAM peripheral base address ++ * param[in] k private key ++ * param[in] sizeK holds size of input k in bytes. ++ * param[in] pub contains the public key (x,y) ++ * param[in] sizePub is the size of 'pub' in bytes. ++ * param[out] out output buffer to hold shared secret ++ * param[in] sizeOut size of out buffer ++ * param keyType type of ECC key i.e P256 / P384 ++ * param enc option to use black key ++ * return Operation status. ++ */ ++status_t CAAM_ECC_ECDH(CAAM_Type *base, ++ caam_handle_t *handle, ++ const uint8_t *k, ++ size_t sizeK, ++ const uint8_t *pub, ++ size_t sizePub, ++ uint8_t *out, ++ size_t sizeOut, ++ int keyType, ++ uint32_t enc) ++{ ++ size_t keySz = 0; ++ caam_desc_pkha_ecc_t descriptor; ++ status_t status = kStatus_InvalidArgument; ++ uint32_t descriptorSize = ARRAY_SIZE(templateAgreeECC); ++ BUILD_ASSURE(sizeof(caam_desc_pkha_ecc_t) >= sizeof(templateAgreeECC), caam_desc_pkha_ecc_t_size_too_low); ++ ++ /* check if known type of key encryption */ ++ if (enc != 0 && enc != CAAM_PKHA_ENC_PRI_AESECB) { ++ return status; ++ } ++ ++ /* check is supported key type */ ++ keySz = CheckSupportedKeyType(keyType); ++ if (keySz == 0 || sizeK > keySz || sizeOut != keySz) { ++ return status; ++ } ++ ++ /* initialize descriptor from template */ ++ (void)caam_memcpy(descriptor, templateAgreeECC, sizeof(templateAgreeECC)); ++ ++ /* add descriptor lenght in bytes to HEADER descriptor command */ ++ DESC_HEADER_ADD_DESCLEN(descriptor[0], descriptorSize); ++ ++ DESC_SET_ADDR(descriptor[1], (CAAM_ECDSA_KEYGEN_PD | keyType)); ++ DESC_SET_ADDR(descriptor[2], pub); ++ DESC_SET_ADDR(descriptor[3], k); ++ DESC_SET_ADDR(descriptor[4], out); ++ ++ /* add in if is encrypted */ ++ descriptor[5] |= enc; ++ ++ /* schedule the job */ ++ status = caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); ++ if (status == kStatus_Success) { ++ status = CAAM_Wait(base, handle, descriptor, kCAAM_Blocking); ++ } ++ ++#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) ++ /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ ++ /* Invalidate unaligned data can cause memory corruption in write-back mode */ ++ DCACHE_InvalidateByRange((uint32_t)out, sizeOut); ++#endif /* CAAM_OUT_INVALIDATE */ ++ return status; ++} ++ ++ ++/* Handle BLOB create and open */ ++static const uint32_t templateBlob[] = { ++ /* 00 */ 0xB0800000u, /* HEADER */ ++ /* 01 */ 0x14400000u, /* class */ ++ /* 02 */ 0x00000000u, /* key mod */ ++ /* 03 */ 0xF0000000u, /* SEQ input size */ ++ /* 04 */ 0x00000000u, /* input */ ++ /* 05 */ 0xF8000000u, /* SEQ output size */ ++ /* 06 */ 0x00000000u, /* output */ ++ /* 07 */ 0x800D0000u, /* Operation */ ++}; ++ ++ ++/*! ++ * brief generate ECC Keypair. ++ * ++ * This function generates ECC private/public key pair. ++ * ++ * param base CAAM peripheral base address ++ * param[out] k private key ++ * param[in,out] sizeK pointer to size variable. On input it holds size of input k in bytes. On output it holds size of ++ * of generated private key k in bytes. ++ * param[out] p public key ++ * param[in,out] sizeP pointer to size variable. On input it holds size of input p in bytes. On output it holds size of ++ * of generated public key p in bytes. ++ * param keyType type of ECC key, i.e P256 / P384 ++ * param enc option to create black key ++ * return Operation status. ++ */ ++status_t CAAM_Blob(CAAM_Type *base, ++ caam_handle_t *handle, ++ uint8_t *in, ++ size_t sizeIn, ++ uint8_t *out, ++ size_t sizeOut, ++ uint8_t *keyMod, ++ size_t keyModSz, ++ uint32_t dir, ++ uint32_t color) ++{ ++ caam_desc_pkha_ecc_t descriptor; ++ status_t status = kStatus_InvalidArgument; ++ uint32_t descriptorSize = ARRAY_SIZE(templateBlob); ++ BUILD_ASSURE(sizeof(caam_desc_pkha_ecc_t) >= sizeof(templateBlob), caam_desc_pkha_ecc_t_size_too_low); ++ ++ /* check if known type of key encryption */ ++ if (color != CAAM_RED_BLOB && color != CAAM_BLACK_BLOB) { ++ return status; ++ } ++ ++ if (dir != CAAM_ENCAP_BLOB && dir != CAAM_DECAP_BLOB) { ++ return status; ++ } ++ ++ /* simple sanity check on output size to avoid invalidating more ++ * than wanted */ ++ if (dir == CAAM_ENCAP_BLOB && ++ (sizeOut > sizeIn + CAAM_PADDING_SIZE_BLOB)) { ++ return status; ++ } ++ ++ if (dir == CAAM_DECAP_BLOB && ++ (sizeOut > sizeIn - CAAM_PADDING_SIZE_BLOB)) { ++ return status; ++ } ++ ++ /* initialize descriptor from template */ ++ (void)caam_memcpy(descriptor, templateBlob, sizeof(templateBlob)); ++ ++ /* add descriptor lenght in bytes to HEADER descriptor command */ ++ DESC_HEADER_ADD_DESCLEN(descriptor[0], descriptorSize); ++ descriptor[1] |= color; /* add color of blob */ ++ DESC_SET_ADDR(descriptor[2], keyMod); ++ DESC_ADD_LEN(descriptor[3], sizeIn); ++ DESC_SET_ADDR(descriptor[4], in); ++ DESC_ADD_LEN(descriptor[5], sizeOut); ++ DESC_SET_ADDR(descriptor[6], out); ++ descriptor[7] |= dir; /* add in direction of blob (encap / decap) */ ++ ++ /* set black key flag */ ++ if (color == CAAM_BLACK_BLOB) { ++ descriptor[7] |= 0x4; /* ECB black key */ ++ /* additionally AES-CCM would have EXT (bit 8) hot */ ++ } ++ ++ /* schedule the job */ ++ status = caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); ++ if (status == kStatus_Success) { ++ status = CAAM_Wait(base, handle, descriptor, kCAAM_Blocking); ++ } ++ ++#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) ++ /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ ++ /* Invalidate unaligned data can cause memory corruption in write-back mode */ ++ DCACHE_InvalidateByRange((uint32_t)out, sizeOut); ++#endif /* CAAM_OUT_INVALIDATE */ ++ return status; ++} ++ diff --git a/IDE/MCUEXPRESSO/RT1170/fsl_caam_h.patch b/IDE/MCUEXPRESSO/RT1170/fsl_caam_h.patch new file mode 100644 index 000000000..965b930cf --- /dev/null +++ b/IDE/MCUEXPRESSO/RT1170/fsl_caam_h.patch @@ -0,0 +1,165 @@ +--- fsl_caam-orig.h 2022-10-21 15:50:35.745560000 -0700 ++++ fsl_caam.h 2022-12-28 08:10:29.413415216 -0800 +@@ -3038,6 +3038,162 @@ + *@} + */ /* end of caam_driver_pkha */ + ++ ++/* define for application to check for ECC CAAM additions */ ++#define CAAM_ECC_EXPANSION ++#define CAAM_PKHA_ENC_PRI_AESECB 0x00000004 ++#define CAAM_ECDSEL_SHIFT 7 ++#define CAAM_ECDSA_P256 (0x02 << CAAM_ECDSEL_SHIFT) ++#define CAAM_ECDSA_P384 (0x03 << CAAM_ECDSEL_SHIFT) ++#define CAAM_ECDSA_P521 (0x04 << CAAM_ECDSEL_SHIFT) ++ ++/*! ++ * brief generate ECC Keypair. ++ * ++ * This function generates ECC private/public key pair. ++ * ++ * param base CAAM peripheral base address ++ * param[out] k private key ++ * param[in,out] sizeK pointer to size variable. On input it holds size of input k in bytes. On output it holds size of ++ * of generated private key k in bytes. ++ * param[out] p public key ++ * param[in,out] sizeP pointer to size variable. On input it holds size of input p in bytes. On output it holds size of ++ * of generated public key p in bytes. ++ * param keyType type of ECC key, i.e P256 / P384 ++ * param enc option to create black key ++ * return Operation status. ++ */ ++status_t CAAM_ECC_Keygen(CAAM_Type *base, ++ caam_handle_t *handle, ++ uint8_t *k, ++ size_t *sizeK, ++ uint8_t *p, ++ size_t *sizeP, ++ int keyType, ++ uint32_t enc); ++ ++/*! ++ * brief generate ECC signature. ++ * ++ * This function creates an ECC signature. ++ * ++ * param base CAAM peripheral base address ++ * param[in] k private key ++ * param[in] sizeK holds size of input k in bytes. ++ * param[in] hash contains the hash to sign ++ * param[in] sizeHash is the size of 'hash' in bytes. ++ * param[out] sig signature output ++ * param[in,out] sizeSig pointer to size variable. On input it holds size of input sig in bytes. On output it holds size of ++ * of generated signature in bytes. ++ * param keyType type of ECC key i.e P256 / P384 ++ * param enc option to use black key ++ * return Operation status. ++ */ ++status_t CAAM_ECC_Sign(CAAM_Type *base, ++ caam_handle_t *handle, ++ const uint8_t *k, ++ size_t sizeK, ++ const uint8_t *hash, ++ size_t sizeHash, ++ uint8_t *r, ++ size_t sizeR, ++ uint8_t *s, ++ size_t sizeS, ++ int keyType, ++ uint32_t enc); ++ ++/*! ++ * brief do an ECC verify. ++ * ++ * This function verifies an ECC signature. ++ * ++ * param base CAAM peripheral base address ++ * param[in] p public key ++ * param[in] sizeP pointer to size variable. On input it holds size of input k in bytes. On output it holds size of ++ * of generated private key k in bytes. ++ * param[in] sig signature to verify ++ * param[in] sizeSig size of signature in bytes ++ * param[in] hash contains the hash to sign ++ * param[in] sizeHash is the size of 'hash' in bytes. ++ * param keyType type of ECC key i.e P256 / P384 ++ * param enc option to use black key ++ * return Operation status. ++ */ ++status_t CAAM_ECC_Verify(CAAM_Type *base, ++ caam_handle_t *handle, ++ const uint8_t *p, ++ size_t sizeP, ++ const uint8_t *r, ++ size_t sizeR, ++ const uint8_t *s, ++ size_t sizeS, ++ const uint8_t *hash, ++ size_t sizeHash, ++ int keyType); ++ ++/*! ++ * brief generate ECC shared secret. ++ * ++ * This function creates an ECC shared secret. ++ * ++ * param base CAAM peripheral base address ++ * param[in] k private key ++ * param[in] sizeK holds size of input k in bytes. ++ * param[in] pub contains the public key (x,y) ++ * param[in] sizePub is the size of 'pub' in bytes. ++ * param[out] out output buffer to hold shared secret ++ * param[in] sizeOut size of out buffer ++ * param keyType type of ECC key i.e P256 / P384 ++ * param enc option to use black key ++ * return Operation status. ++ */ ++status_t CAAM_ECC_ECDH(CAAM_Type *base, ++ caam_handle_t *handle, ++ const uint8_t *k, ++ size_t sizeK, ++ const uint8_t *pub, ++ size_t sizePub, ++ uint8_t *out, ++ size_t sizeOut, ++ int keyType, ++ uint32_t enc); ++ ++ ++/* define for application to check for ECC CAAM additions */ ++#define CAAM_BLOB_EXPANSION ++#define CAAM_RED_BLOB 0x00000C08 ++#define CAAM_BLACK_BLOB 0x00000010 ++#define CAAM_ENCAP_BLOB 0x07000000 ++#define CAAM_DECAP_BLOB 0x06000000 ++#define CAAM_PADDING_SIZE_BLOB 48 ++ ++/*! ++ * brief create or open a NXP blob. ++ * ++ * This function creates or opens a blob. ++ * ++ * param base CAAM peripheral base address ++ * param[in] in buffer to do operation on ++ * param[in] sizeIn holds size of input in in bytes. ++ * param[out] out buffer to hold the result of the operation ++ * param[in] sizeOut size in bytes of out buffer ++ * param[in] keyMod key that is used when creating or opening blob ++ * param[in] keyModSz size in bytes of keyMod ++ * param dir encap or decap of blob ++ * param color black or red blob type ++ * return Operation status. ++ */ ++status_t CAAM_Blob(CAAM_Type *base, ++ caam_handle_t *handle, ++ uint8_t *in, ++ size_t sizeIn, ++ uint8_t *out, ++ size_t sizeOut, ++ uint8_t *keyMod, ++ size_t keyModSz, ++ uint32_t dir, ++ uint32_t color); ++ + #if defined(__cplusplus) + } + #endif diff --git a/IDE/MCUEXPRESSO/RT1170/user_settings.h b/IDE/MCUEXPRESSO/RT1170/user_settings.h new file mode 100644 index 000000000..f620b1cc9 --- /dev/null +++ b/IDE/MCUEXPRESSO/RT1170/user_settings.h @@ -0,0 +1,90 @@ +#ifndef USER_SETTINGS_H +#define USER_SETTINGS_H + +#define FREERTOS + +#define WOLFSSL_NO_REALLOC +#define SINGLE_THREADED +#define NO_FILESYSTEM +#define WOLFSSL_LWIP +#define HAVE_ECC + +#define WOLFSSL_SHA224 +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 + +#define WOLFSSL_AES_COUNTER +#define OPENSSL_EXTRA +#define WOLFSSL_NO_SOCK + +#define WOLFSSL_KEY_GEN +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_EXT + +#define HAVE_PKCS7 +#ifdef HAVE_PKCS7 + #define WOLFSSL_AES_DIRECT + #define HAVE_AES_KEYWRAP + #define HAVE_X963_KDF + #define HAVE_SMIME +#endif + +#define WOLFCRYPT_ONLY +#define USE_FAST_MATH + +/* harden options */ +#ifdef USE_FAST_MATH + #define TFM_TIMING_RESISTANT +#endif +#ifndef NO_RSA + #define WC_RSA_BLINDING +#endif +#ifdef HAVE_ECC + #define ECC_TIMING_RESISTANT +#endif + +#define WOLFSSL_USE_ALIGN +#define WOLFSSL_IMXRT1170_CAAM +#define SIZEOF_LONG_LONG 8 +#define SIZEOF_LONG 4 +#define WOLF_CRYPTO_CB + +/* using the RTC */ +//#define NO_ASN_TIME +#ifndef NO_ASN_TIME + #define FREESCALE_SNVS_RTC +#endif + +#define NO_CRYPT_TEST +#ifndef NO_CRYPT_TEST + #define NO_MAIN_DRIVER + + #include + #include + static void myPrintf(const char* fmt, ...) + { + int ret; + char line[150]; + va_list ap; + + va_start(ap, fmt); + ret = vsnprintf(line, sizeof(line), fmt, ap); + line[sizeof(line)-1] = '\0'; + + DbgConsole_Printf("%s", line); + + /* add CR on newlines */ + if (ret > 0 && line[ret-1] == '\n') { + DbgConsole_Printf("\r"); + } + } + #define XPRINTF myPrintf + #define USE_CERT_BUFFERS_2048 + #define USE_CERT_BUFFERS_1024 + #define USE_CERT_BUFFERS_256 + #define NO_WRITE_TEMP_FILES + #define BENCH_EMBEDDED +#endif + +#endif /* USER_SETTINGS_H */ diff --git a/IDE/MCUEXPRESSO/RT1170/wolfcrypt_test_cm7/.cproject b/IDE/MCUEXPRESSO/RT1170/wolfcrypt_test_cm7/.cproject new file mode 100644 index 000000000..0207f8091 --- /dev/null +++ b/IDE/MCUEXPRESSO/RT1170/wolfcrypt_test_cm7/.cproject @@ -0,0 +1,784 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + SDK_2.x_MIMXRT1170-EVK + 2.12.1 + middleware.freertos-kernel.MIMXRT1176;platform.drivers.clock.MIMXRT1176;platform.drivers.pmu_1.MIMXRT1176;platform.drivers.common.MIMXRT1176;platform.drivers.anatop_ai.MIMXRT1176;platform.drivers.xip_device.MIMXRT1176;platform.drivers.igpio.MIMXRT1176;platform.drivers.lpuart.MIMXRT1176;platform.drivers.nic301.MIMXRT1176;platform.drivers.dcdc_soc.MIMXRT1176;platform.drivers.iomuxc.MIMXRT1176;platform.drivers.caam.MIMXRT1176;platform.drivers.memory.MIMXRT1176;platform.drivers.cache_armv7_m7.MIMXRT1176;platform.devices.MIMXRT1176_system.MIMXRT1176;platform.devices.MIMXRT1176_CMSIS.MIMXRT1176;CMSIS_Include_core_cm.MIMXRT1176;component.serial_manager_uart.MIMXRT1176;component.lpuart_adapter.MIMXRT1176;component.serial_manager.MIMXRT1176;utility.debug_console.MIMXRT1176;platform.utilities.assert.MIMXRT1176;platform.drivers.xmcd.evkmimxrt1170.MIMXRT1176;platform.drivers.xip_board.evkmimxrt1170.MIMXRT1176;component.lists.MIMXRT1176;project_template.evkmimxrt1170.MIMXRT1176;middleware.freertos-kernel.template.MIMXRT1176;platform.devices.MIMXRT1176_startup.MIMXRT1176;middleware.freertos-kernel.extension.MIMXRT1176;platform.drivers.snvs_hp.MIMXRT1176; + evkmimxrt1170 + MIMXRT1176DVMAA + cm7 + cm7_MIMXRT1176xxxxx + + + <?xml version="1.0" encoding="UTF-8"?> +<TargetConfig> +<Properties property_3="NXP" property_4="MIMXRT1176xxxxx" property_count="5" version="100300"/> +<infoList vendor="NXP"> +<info chip="MIMXRT1176xxxxx" name="MIMXRT1176xxxxx"> +<chip> +<name>MIMXRT1176xxxxx</name> +<family>MIMXRT1170</family> +<vendor>NXP</vendor> +<memory can_program="true" id="Flash" is_ro="true" size="0" type="Flash"/> +<memory id="RAM" size="2048" type="RAM"/> +<memoryInstance derived_from="Flash" driver="MIMXRT1170_SFDP_QSPI.cfx" edited="true" id="BOARD_FLASH" location="0x30000000" size="0x4000000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_DTC_cm7" location="0x20000000" size="0x40000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_ITC_cm7" location="0x0" size="0x40000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_OC1" location="0x20240000" size="0x80000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_OC2" location="0x202c0000" size="0x80000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_OC_ECC1" location="0x20340000" size="0x10000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_OC_ECC2" location="0x20350000" size="0x10000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_OC_cm7" location="0x20360000" size="0x20000"/> +<memoryInstance derived_from="RAM" edited="true" id="BOARD_SDRAM" location="0x80000000" size="0x3000000"/> +<memoryInstance derived_from="RAM" edited="true" id="NCACHE_REGION" location="0x83000000" size="0x1000000"/> +</chip> +<processor> +<name gcc_name="cortex-m4">Cortex-M4</name> +<family>Cortex-M</family> +</processor> +<processor> +<name gcc_name="cortex-m7">Cortex-M7</name> +<family>Cortex-M</family> +</processor> +</info> +</infoList> +</TargetConfig> + + + \ No newline at end of file diff --git a/IDE/MCUEXPRESSO/RT1170/wolfcrypt_test_cm7/.project b/IDE/MCUEXPRESSO/RT1170/wolfcrypt_test_cm7/.project new file mode 100644 index 000000000..1c889aaa6 --- /dev/null +++ b/IDE/MCUEXPRESSO/RT1170/wolfcrypt_test_cm7/.project @@ -0,0 +1,39 @@ + + + wolfcrypt_test_cm7 + + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + + org.eclipse.cdt.core.cnature + com.nxp.mcuxpresso.core.datamodels.sdkNature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + + + + source/test.c + 1 + $%7BPARENT-4-PROJECT_LOC%7D/wolfcrypt/test/test.c + + + source/wolfcrypt_test.c + 1 + $%7BPARENT-2-PROJECT_LOC%7D/wolfcrypt_test.c + + + diff --git a/IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.cproject b/IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.cproject new file mode 100644 index 000000000..0a346c114 --- /dev/null +++ b/IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.cproject @@ -0,0 +1,568 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + SDK_2.x_MIMXRT1170-EVK + 2.12.1 + middleware.freertos-kernel.MIMXRT1176;platform.drivers.clock.MIMXRT1176;platform.drivers.pmu_1.MIMXRT1176;platform.drivers.common.MIMXRT1176;platform.drivers.anatop_ai.MIMXRT1176;platform.drivers.xip_device.MIMXRT1176;platform.drivers.igpio.MIMXRT1176;platform.drivers.lpuart.MIMXRT1176;platform.drivers.nic301.MIMXRT1176;platform.drivers.dcdc_soc.MIMXRT1176;platform.drivers.iomuxc.MIMXRT1176;platform.drivers.caam.MIMXRT1176;platform.drivers.memory.MIMXRT1176;platform.drivers.cache_armv7_m7.MIMXRT1176;platform.devices.MIMXRT1176_system.MIMXRT1176;platform.devices.MIMXRT1176_CMSIS.MIMXRT1176;CMSIS_Include_core_cm.MIMXRT1176;component.serial_manager_uart.MIMXRT1176;component.lpuart_adapter.MIMXRT1176;component.serial_manager.MIMXRT1176;utility.debug_console.MIMXRT1176;platform.utilities.assert.MIMXRT1176;platform.drivers.xmcd.evkmimxrt1170.MIMXRT1176;platform.drivers.xip_board.evkmimxrt1170.MIMXRT1176;component.lists.MIMXRT1176;project_template.evkmimxrt1170.MIMXRT1176;middleware.freertos-kernel.template.MIMXRT1176;platform.devices.MIMXRT1176_startup.MIMXRT1176;middleware.freertos-kernel.extension.MIMXRT1176;middleware.lwip.MIMXRT1176;middleware.lwip.empty_ethernetif.MIMXRT1176;middleware.lwip.template.MIMXRT1176;platform.drivers.snvs_hp.MIMXRT1176; + evkmimxrt1170 + MIMXRT1176DVMAA + cm7 + cm7_MIMXRT1176xxxxx + + + <?xml version="1.0" encoding="UTF-8"?> +<TargetConfig> +<Properties property_3="NXP" property_4="MIMXRT1176xxxxx" property_count="5" version="100300"/> +<infoList vendor="NXP"> +<info chip="MIMXRT1176xxxxx" name="MIMXRT1176xxxxx"> +<chip> +<name>MIMXRT1176xxxxx</name> +<family>MIMXRT1170</family> +<vendor>NXP</vendor> +<memory can_program="true" id="Flash" is_ro="true" size="0" type="Flash"/> +<memory id="RAM" size="2048" type="RAM"/> +<memoryInstance derived_from="Flash" driver="MIMXRT1170_SFDP_QSPI.cfx" edited="true" id="BOARD_FLASH" location="0x30000000" size="0x4000000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_DTC_cm7" location="0x20000000" size="0x40000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_ITC_cm7" location="0x0" size="0x40000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_OC1" location="0x20240000" size="0x80000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_OC2" location="0x202c0000" size="0x80000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_OC_ECC1" location="0x20340000" size="0x10000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_OC_ECC2" location="0x20350000" size="0x10000"/> +<memoryInstance derived_from="RAM" edited="true" id="SRAM_OC_cm7" location="0x20360000" size="0x20000"/> +<memoryInstance derived_from="RAM" edited="true" id="BOARD_SDRAM" location="0x80000000" size="0x3000000"/> +<memoryInstance derived_from="RAM" edited="true" id="NCACHE_REGION" location="0x83000000" size="0x1000000"/> +</chip> +<processor> +<name gcc_name="cortex-m4">Cortex-M4</name> +<family>Cortex-M</family> +</processor> +<processor> +<name gcc_name="cortex-m7">Cortex-M7</name> +<family>Cortex-M</family> +</processor> +</info> +</infoList> +</TargetConfig> + + + + \ No newline at end of file diff --git a/IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.project b/IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.project new file mode 100644 index 000000000..18bf90f37 --- /dev/null +++ b/IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.project @@ -0,0 +1,44 @@ + + + wolfssl_cm7 + + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + + org.eclipse.cdt.core.cnature + com.nxp.mcuxpresso.core.datamodels.sdkNature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + + + + source/src + 2 + $%7BPARENT-4-PROJECT_LOC%7D/src + + + source/user_settings.h + 1 + $%7BPARENT-1-PROJECT_LOC%7D/user_settings.h + + + source/wolfcrypt + 2 + $%7BPARENT-4-PROJECT_LOC%7D/wolfcrypt + + + diff --git a/IDE/MCUEXPRESSO/include.am b/IDE/MCUEXPRESSO/include.am index 6c93e9064..bc2cc15ae 100644 --- a/IDE/MCUEXPRESSO/include.am +++ b/IDE/MCUEXPRESSO/include.am @@ -9,10 +9,20 @@ EXTRA_DIST += IDE/MCUEXPRESSO/wolfssl/liblinks.xml EXTRA_DIST += IDE/MCUEXPRESSO/wolfcrypt_test/.cproject EXTRA_DIST += IDE/MCUEXPRESSO/wolfcrypt_test/.project -EXTRA_DIST += IDE/MCUEXPRESSO/wolfcrypt_test/source/wolfcrypt_test.c +EXTRA_DIST += IDE/MCUEXPRESSO/wolfcrypt_test.c EXTRA_DIST += IDE/MCUEXPRESSO/benchmark/.cproject EXTRA_DIST += IDE/MCUEXPRESSO/benchmark/.project EXTRA_DIST += IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c +EXTRA_DIST += IDE/MCUEXPRESSO/README.md EXTRA_DIST += IDE/MCUEXPRESSO/user_settings.h + +EXTRA_DIST += IDE/MCUEXPRESSO/RT1170/user_settings.h +EXTRA_DIST += IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.cproject +EXTRA_DIST += IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.project +EXTRA_DIST += IDE/MCUEXPRESSO/RT1170/wolfcrypt_test_cm7/.cproject +EXTRA_DIST += IDE/MCUEXPRESSO/RT1170/wolfcrypt_test_cm7/.project +EXTRA_DIST += IDE/MCUEXPRESSO/RT1170/fsl_caam_h.patch +EXTRA_DIST += IDE/MCUEXPRESSO/RT1170/fsl_caam_c.patch + diff --git a/IDE/MCUEXPRESSO/wolfcrypt_test/source/wolfcrypt_test.c b/IDE/MCUEXPRESSO/wolfcrypt_test.c similarity index 69% rename from IDE/MCUEXPRESSO/wolfcrypt_test/source/wolfcrypt_test.c rename to IDE/MCUEXPRESSO/wolfcrypt_test.c index 9d8bdf169..83f3dd244 100644 --- a/IDE/MCUEXPRESSO/wolfcrypt_test/source/wolfcrypt_test.c +++ b/IDE/MCUEXPRESSO/wolfcrypt_test.c @@ -21,18 +21,27 @@ #include #include "board.h" -#include "fsl_rtc.h" -#include "fsl_trng.h" #include "peripherals.h" #include "pin_mux.h" #include "clock_config.h" -#include "MIMXRT685S_cm33.h" + +#ifdef CPU_MIMXRT1176DVMAA_cm7 + #include "MIMXRT1176_cm7.h" +#else + #include "MIMXRT685S_cm33.h" +#endif + + #include "fsl_debug_console.h" #include #include -#include "test.h" +#include "wolfcrypt/test/test.h" + +#if defined(FREESCALE_KSDK_2_0_TRNG) && defined(FREESCALE_RTC) +#include "fsl_rtc.h" +#include "fsl_trng.h" /* start the RTC and TRNG */ static void setup() { @@ -65,10 +74,49 @@ static void setup() PRINTF("Issues starting TRNG\n"); } } +#elif defined(FREESCALE_SNVS_RTC) +#include "fsl_snvs_hp.h" +static void setup() +{ + uint32_t sec; + uint8_t index; + snvs_hp_rtc_datetime_t rtcDate; + snvs_hp_rtc_config_t snvsRtcConfig; + +/* Init SNVS */ +/* + * snvsConfig->rtccalenable = false; + * snvsConfig->rtccalvalue = 0U; + * snvsConfig->srtccalenable = false; + * snvsConfig->srtccalvalue = 0U; + * snvsConfig->PIFreq = 0U; + */ +SNVS_HP_RTC_GetDefaultConfig(&snvsRtcConfig); +SNVS_HP_RTC_Init(SNVS, &snvsRtcConfig); + +PRINTF("SNVS HP example:\r\n"); + +/* Set a start date time and start RT */ +rtcDate.year = 2014U; +rtcDate.month = 12U; +rtcDate.day = 25U; +rtcDate.hour = 19U; +rtcDate.minute = 0; +rtcDate.second = 0; + +/* Set RTC time to default time and date and start the RTC */ +SNVS_HP_RTC_SetDatetime(SNVS, &rtcDate); +} +#else +static void setup() +{ + /* no clock or trng to setup */ +} +#endif int main(void) { - volatile static int i = 0; + volatile int i = 0; int ret; /* Init board hardware. */ @@ -93,7 +141,10 @@ int main(void) PRINTF("Failied to initialize wolfCrypt\r\n"); } +#if defined(FREESCALE_KSDK_2_0_TRNG) && defined(FREESCALE_RTC) TRNG_Deinit(TRNG0); +#endif + while(1) { i++; __asm volatile ("nop"); diff --git a/cmake/functions.cmake b/cmake/functions.cmake index c2155bed0..7b245b57f 100644 --- a/cmake/functions.cmake +++ b/cmake/functions.cmake @@ -301,6 +301,9 @@ function(generate_build_flags) set(BUILD_DEBUG "yes" PARENT_SCOPE) endif() set(BUILD_RC2 ${WOLFSSL_RC2} PARENT_SCOPE) + if(WOLFSSL_CAAM) + set(BUILD_CAAM "yes" PARENT_SCOPE) + endif() set(BUILD_FLAGS_GENERATED "yes" PARENT_SCOPE) endfunction() @@ -891,6 +894,21 @@ function(generate_lib_src_list LIB_SOURCES) list(APPEND LIB_SOURCES wolfcrypt/src/port/atmel/atmel.c) endif() + if(BUILD_CAAM) + list(APPEND LIB_SOURCES + wolfcrypt/src/port/caam/wolfcaam_init.c + wolfcrypt/src/port/caam/wolfcaam_qnx.c + wolfcrypt/src/port/caam/wolfcaam_seco.c + wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c + wolfcrypt/src/port/caam/wolfcaam_x25519.c + wolfcrypt/src/port/caam/wolfcaam_ecdsa.c + wolfcrypt/src/port/caam/wolfcaam_cmac.c + wolfcrypt/src/port/caam/wolfcaam_aes.c + wolfcrypt/src/port/caam/wolfcaam_hash.c + wolfcrypt/src/port/caam/wolfcaam_rsa.c + wolfcrypt/src/port/caam/wolfcaam_hmac.c) + endif() + set(LIB_SOURCES ${LIB_SOURCES} PARENT_SCOPE) endfunction() diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index a200c89d7..26fcf5ef3 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -5632,7 +5632,8 @@ ecc_key* wc_ecc_key_new(void* heap) int devId = INVALID_DEVID; ecc_key* key; -#ifdef WOLFSSL_QNX_CAAM +#if defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) + /* assume all keys are using CAAM for ECC unless explicitly set otherwise */ devId = WOLFSSL_CAAM_DEVID; #endif key = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, DYNAMIC_TYPE_ECC); @@ -5772,7 +5773,7 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) WOLFSSL_ABI int wc_ecc_init(ecc_key* key) { -#ifdef WOLFSSL_QNX_CAAM +#if defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) return wc_ecc_init_ex(key, NULL, WOLFSSL_CAAM_DEVID); #else return wc_ecc_init_ex(key, NULL, INVALID_DEVID); @@ -7328,7 +7329,7 @@ int wc_ecc_free(ecc_key* key) wc_ecc_free_async(key); #endif -#ifdef WOLFSSL_QNX_CAAM +#if defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) /* free secure memory */ if ((key->blackKey != CAAM_BLACK_KEY_CCM && key->blackKey != CAAM_BLACK_KEY_ECB) && key->blackKey > 0) { @@ -9069,7 +9070,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) if (key->type == ECC_PRIVATEKEY_ONLY) return ECC_PRIVATEONLY_E; -#ifdef WOLFSSL_QNX_CAAM +#if defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) /* check if public key in secure memory */ if (key->securePubKey > 0) { int keySz = wc_ecc_size(key); @@ -9300,7 +9301,7 @@ int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime) #if (FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || \ (defined(WOLFSSL_VALIDATE_ECC_IMPORT) && !defined(WOLFSSL_SP_MATH))) && \ - !defined(WOLFSSL_KCAPI_ECC) + !defined(WOLFSSL_KCAPI_ECC) || defined(WOLFSSL_CAAM) /* validate privkey * generator == pubkey, 0 on success */ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) { @@ -9807,7 +9808,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) err = ECC_PRIV_KEY_E; } - #ifdef WOLFSSL_VALIDATE_ECC_IMPORT + #if defined(WOLFSSL_VALIDATE_ECC_IMPORT) || defined(WOLFSSL_CAAM) /* SP 800-56Ar3, section 5.6.2.1.4, method (b) for ECC */ /* private * base generator must equal pubkey */ if (err == MP_OKAY && key->type == ECC_PRIVATEKEY) @@ -10180,7 +10181,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, return NOT_COMPILED_IN; } #endif - #ifdef WOLFSSL_QNX_CAAM + #if defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) if (key->blackKey == CAAM_BLACK_KEY_CCM) { if (*dLen < keySz + WC_CAAM_MAC_SZ) { *dLen = keySz + WC_CAAM_MAC_SZ; @@ -10249,7 +10250,7 @@ int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen) return BAD_FUNC_ARG; } -#ifdef WOLFSSL_QNX_CAAM +#if defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) /* check if black key in secure memory */ if ((key->blackKey != CAAM_BLACK_KEY_CCM && key->blackKey != CAAM_BLACK_KEY_ECB) && key->blackKey > 0) { @@ -10355,7 +10356,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, ret = silabs_ecc_import_private(key, key->dp->size); } } -#elif defined(WOLFSSL_QNX_CAAM) +#elif defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) if ((wc_ecc_size(key) + WC_CAAM_MAC_SZ) == (int)privSz) { #ifdef WOLFSSL_CAAM_BLACK_KEY_SM int part = caamFindUnusedPartition(); @@ -10818,7 +10819,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, if (encType == WC_TYPE_HEX_STR) err = mp_read_radix(&key->k, d, MP_RADIX_HEX); else { - #ifdef WOLFSSL_QNX_CAAM + #if defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) if (key->blackKey == CAAM_BLACK_KEY_CCM) { err = mp_read_unsigned_bin(&key->k, (const byte*)d, key->dp->size + WC_CAAM_MAC_SZ); diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index a892035be..c29887a4c 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -88,6 +88,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/caam/wolfcaam_rsa.c \ wolfcrypt/src/port/caam/wolfcaam_hmac.c \ wolfcrypt/src/port/caam/wolfcaam_aes.c \ + wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c \ wolfcrypt/src/port/silabs/silabs_aes.c \ wolfcrypt/src/port/silabs/silabs_ecc.c \ wolfcrypt/src/port/silabs/silabs_hash.c \ diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index e61a9e3f4..4809c8283 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -6843,7 +6843,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, byte* in, - int inSz, byte* out) + int inSz, byte* out, int devId, void* heap) { int ret; #ifndef NO_AES @@ -6891,7 +6891,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, DYNAMIC_TYPE_AES)) == NULL) return MEMORY_E; #endif - ret = wc_AesInit(aes, NULL, INVALID_DEVID); + ret = wc_AesInit(aes, heap, devId); if (ret == 0) { ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION); if (ret == 0) @@ -6923,7 +6923,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, DYNAMIC_TYPE_AES)) == NULL) return MEMORY_E; #endif - ret = wc_AesInit(aes, NULL, INVALID_DEVID); + ret = wc_AesInit(aes, heap, devId); if (ret == 0) { ret = wc_AesGcmSetKey(aes, key, keySz); if (ret == 0) @@ -6957,7 +6957,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, DYNAMIC_TYPE_AES)) == NULL) return MEMORY_E; #endif - ret = wc_AesInit(aes, NULL, INVALID_DEVID); + ret = wc_AesInit(aes, heap, devId); if (ret == 0) { ret = wc_AesCcmSetKey(aes, key, keySz); if (ret == 0) @@ -6987,7 +6987,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE) return BAD_FUNC_ARG; - ret = wc_Des3Init(&des3, NULL, INVALID_DEVID); + ret = wc_Des3Init(&des3, heap, devId); if (ret == 0) { ret = wc_Des3_SetKey(&des3, key, iv, DES_ENCRYPTION); if (ret == 0) @@ -7015,7 +7015,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, * returns 0 on success */ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, int keySz, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, - word32 authTagSz, byte* in, int inSz, byte* out) + word32 authTagSz, byte* in, int inSz, byte* out, int devId, void* heap) { int ret; #ifndef NO_AES @@ -7071,7 +7071,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, DYNAMIC_TYPE_AES)) == NULL) return MEMORY_E; #endif - ret = wc_AesInit(aes, NULL, INVALID_DEVID); + ret = wc_AesInit(aes, heap, devId); if (ret == 0) { ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION); if (ret == 0) @@ -7103,7 +7103,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, DYNAMIC_TYPE_AES)) == NULL) return MEMORY_E; #endif - ret = wc_AesInit(aes, NULL, INVALID_DEVID); + ret = wc_AesInit(aes, heap, devId); if (ret == 0) { ret = wc_AesGcmSetKey(aes, key, keySz); if (ret == 0) @@ -7137,7 +7137,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, DYNAMIC_TYPE_AES)) == NULL) return MEMORY_E; #endif - ret = wc_AesInit(aes, NULL, INVALID_DEVID); + ret = wc_AesInit(aes, heap, devId); if (ret == 0) { ret = wc_AesCcmSetKey(aes, key, keySz); if (ret == 0) @@ -7166,7 +7166,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE) return BAD_FUNC_ARG; - ret = wc_Des3Init(&des3, NULL, INVALID_DEVID); + ret = wc_Des3Init(&des3, heap, devId); if (ret == 0) { ret = wc_Des3_SetKey(&des3, key, iv, DES_DECRYPTION); if (ret == 0) @@ -7511,7 +7511,8 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz, if (ret == 0) { /* encrypt, normal */ ret = wc_PKCS7_EncryptContent(algID, (byte*)kek, kekSz, (byte*)iv, - ivSz, NULL, 0, NULL, 0, out, outLen, out); + ivSz, NULL, 0, NULL, 0, out, outLen, out, + pkcs7->devId, pkcs7->heap); } if (ret == 0) { @@ -7519,7 +7520,7 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz, lastBlock = out + (((outLen / blockSz) - 1) * blockSz); ret = wc_PKCS7_EncryptContent(algID, (byte*)kek, kekSz, lastBlock, blockSz, NULL, 0, NULL, 0, out, - outLen, out); + outLen, out, pkcs7->devId, pkcs7->heap); } if (ret == 0) { @@ -7581,20 +7582,21 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek, /* decrypt last block */ ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, tmpIv, blockSz, NULL, 0, NULL, 0, lastBlock, blockSz, - outTmp + inSz - blockSz); + outTmp + inSz - blockSz, pkcs7->devId, pkcs7->heap); if (ret == 0) { /* using last decrypted block as IV, decrypt [0 ... n-1] blocks */ lastBlock = outTmp + inSz - blockSz; ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in, inSz - blockSz, - outTmp); + outTmp, pkcs7->devId, pkcs7->heap); } if (ret == 0) { /* decrypt using original kek and iv */ ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, - (byte*)iv, ivSz, NULL, 0, NULL, 0, outTmp, inSz, outTmp); + (byte*)iv, ivSz, NULL, 0, NULL, 0, outTmp, inSz, outTmp, + pkcs7->devId, pkcs7->heap); } if (ret != 0) { @@ -8375,7 +8377,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) /* encrypt content */ ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, pkcs7->cek, pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain, - encryptedOutSz, encryptedContent); + encryptedOutSz, encryptedContent, + pkcs7->devId, pkcs7->heap); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -10894,7 +10897,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, /* decrypt encryptedContent */ ret = wc_PKCS7_DecryptContent(pkcs7, encOID, decryptedKey, blockKeySz, tmpIv, expBlockSz, NULL, 0, NULL, 0, - encryptedContent, encryptedContentSz, encryptedContent); + encryptedContent, encryptedContentSz, encryptedContent, + pkcs7->devId, pkcs7->heap); if (ret != 0) { break; } @@ -11308,7 +11312,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, /* encrypt content */ ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, pkcs7->cek, pkcs7->cekSz, nonce, nonceSz, aadBuffer, aadBufferSz, authTag, - sizeof(authTag), pkcs7->content, encryptedOutSz, encryptedContent); + sizeof(authTag), pkcs7->content, encryptedOutSz, encryptedContent, + pkcs7->devId, pkcs7->heap); if (aadBuffer) { XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -12020,7 +12025,7 @@ authenv_atrbend: ret = wc_PKCS7_DecryptContent(pkcs7, encOID, decryptedKey, blockKeySz, nonce, nonceSz, encodedAttribs, encodedAttribSz, authTag, authTagSz, encryptedContent, encryptedContentSz, - encryptedContent); + encryptedContent, pkcs7->devId, pkcs7->heap); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; @@ -12213,7 +12218,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv, blockSz, NULL, 0, NULL, 0, - plain, encryptedOutSz, encryptedContent); + plain, encryptedOutSz, encryptedContent, + pkcs7->devId, pkcs7->heap); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -12661,7 +12667,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, ret = wc_PKCS7_DecryptContent(pkcs7, encOID, pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv, expBlockSz, NULL, 0, NULL, 0, encryptedContent, - encryptedContentSz, encryptedContent); + encryptedContentSz, encryptedContent, + pkcs7->devId, pkcs7->heap); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); } diff --git a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c index 87e1a2d9e..d6548176e 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c +++ b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c @@ -240,6 +240,7 @@ static int wc_CAAM_DevMakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, #endif /* WOLFSSL_DEVCRYPTO_ECDSA */ +#ifndef WOLFSSL_IMXRT1170_CAAM /* helper function get the ECDSEL value, this is a value that signals the * hardware to use preloaded curve parameters */ @@ -743,7 +744,7 @@ int wc_CAAM_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId, return -1; } #endif /* WOLFSSL_KEY_GEN */ - +#endif /* WOLFSSL_IMXRT1170_CAAM */ /* if dealing with a black encrypted key then it can not be checked */ int wc_CAAM_EccCheckPrivKey(ecc_key* key, const byte* pubKey, word32 pubKeySz) { diff --git a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c new file mode 100644 index 000000000..8e1aedd4c --- /dev/null +++ b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c @@ -0,0 +1,860 @@ +/* wolfcaam_fsl_nxp.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#if defined(WOLFSSL_IMXRT1170_CAAM) + +#include +#include +#include + +#if defined(FSL_FEATURE_HAS_L1CACHE) || defined(__DCACHE_PRESENT) +/* Setup for if memory is cached */ +AT_NONCACHEABLE_SECTION(static caam_job_ring_interface_t jr0); +AT_NONCACHEABLE_SECTION(static caam_job_ring_interface_t jr1); +AT_NONCACHEABLE_SECTION(static caam_job_ring_interface_t jr2); +AT_NONCACHEABLE_SECTION(static caam_job_ring_interface_t jr3); +#else +/* If not cached */ +static caam_job_ring_interface_t jr0; +static caam_job_ring_interface_t jr1; +static caam_job_ring_interface_t jr2; +static caam_job_ring_interface_t jr3; +#endif + +wolfSSL_Mutex caamMutex; + +/* Initialize CAAM resources. + * return 0 on success */ +int wc_CAAMInitInterface() +{ + CAAM_Type *base = CAAM; + caam_config_t caamConfig; + + if (wc_InitMutex(&caamMutex) != 0) { + WOLFSSL_MSG("Could not init mutex"); + return -1; + } + + /* Get default configuration. */ + CAAM_GetDefaultConfig(&caamConfig); + + /* set the job rings */ + caamConfig.jobRingInterface[0] = &jr0; + caamConfig.jobRingInterface[1] = &jr1; + caamConfig.jobRingInterface[2] = &jr2; + caamConfig.jobRingInterface[3] = &jr3; + + /* Init CAAM driver, including CAAM's internal RNG */ + if (CAAM_Init(base, &caamConfig) != kStatus_Success) { + return -1; + } + + return 0; +} + + +/* free up CAAM resources */ +void wc_CAAMFreeInterface() +{ + wc_FreeMutex(&caamMutex); + if (CAAM_Deinit(CAAM) != kStatus_Success) { + WOLFSSL_MSG("Failed to deinit CAAM!"); + } +} + + +#if !defined(NO_SHA) || defined(WOLFSSL_SHA224) || !defined(NO_SHA256) \ + || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) +/* convert the wolfCrypt hash type to NXP enum */ +static caam_hash_algo_t WC2NXP(int type) +{ + switch (type) { + case WC_HASH_TYPE_SHA: + return kCAAM_Sha1; + case WC_HASH_TYPE_SHA224: + return kCAAM_Sha224; + case WC_HASH_TYPE_SHA256: + return kCAAM_Sha256; + case WC_HASH_TYPE_SHA384: + return kCAAM_Sha384; + case WC_HASH_TYPE_SHA512: + return kCAAM_Sha512; + default: + return -1; + } +} + +/* Common init code for hash algorithms. + * returns 0 on success + */ +int wc_CAAM_HashInit(caam_handle_t* hndl, caam_hash_ctx_t* ctx, int type) +{ + if (hndl == NULL || ctx == NULL) { + return BAD_FUNC_ARG; + } + + /* only using job ring0 for now */ + hndl->jobRing = kCAAM_JobRing0; + if (CAAM_HASH_Init(CAAM, hndl, ctx, WC2NXP(type), NULL, 0u) + != kStatus_Success) { + return WC_HW_E; + } + return 0; +} + + +/* All hashing algorithms have common code except the 'type' to perform. + * This helper function implements the common code. + * returns 0 on success + */ +static int wc_CAAM_CommonHash(caam_handle_t* hndl, caam_hash_ctx_t *ctx, + const byte* in, int inSz, byte* digest, size_t digestSz, int hashType) +{ + int ret = 0; + status_t status; + + if (in != NULL && inSz > 0) { + byte *alignedIn = NULL; + byte *tmpIn = NULL; + + if ((wc_ptr_t)in % CAAM_BUFFER_ALIGN) { + /* input not alligned */ + tmpIn = (byte*)XMALLOC(inSz + CAAM_BUFFER_ALIGN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + alignedIn = tmpIn + (CAAM_BUFFER_ALIGN - + ((wc_ptr_t)tmpIn % CAAM_BUFFER_ALIGN)); + XMEMCPY(alignedIn, in, inSz); + } + else { + alignedIn = (byte*)in; + } + + status = CAAM_HASH_Update(ctx, alignedIn, inSz); + if (tmpIn != NULL) { + XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (status != kStatus_Success) { + return WC_HW_E; + } + } + + if (digest != NULL) { + byte *tmpOut = NULL; + + byte *alignedOut = NULL; + size_t sz = digestSz; + + if ((wc_ptr_t)digest % CAAM_BUFFER_ALIGN) { + /* input not alligned */ + tmpOut = (byte*)XMALLOC(sz + CAAM_BUFFER_ALIGN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + alignedOut = tmpOut + (CAAM_BUFFER_ALIGN - + ((wc_ptr_t)tmpOut % CAAM_BUFFER_ALIGN)); + } + else { + alignedOut = digest; + } + + status = CAAM_HASH_Finish(ctx, alignedOut, &sz); + if (tmpOut != NULL) { + XMEMCPY(digest, alignedOut, sz); + XFREE(tmpOut, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (status != kStatus_Success) { + WOLFSSL_MSG("Failed on CAAM_HASH_Finish"); + return WC_HW_E; + } + else { + ret = wc_CAAM_HashInit(hndl, ctx, hashType); + } + } + + return ret; +} +#endif + + +#if !defined(NO_SHA) +/* SHA returns 0 on success */ +int wc_CAAM_ShaHash(wc_Sha* sha, const byte* in, word32 inSz, byte* digest) +{ + return wc_CAAM_CommonHash(&sha->hndl, &sha->ctx, in, inSz, digest, + WC_SHA_DIGEST_SIZE, WC_HASH_TYPE_SHA); + +} +#endif + +#ifdef WOLFSSL_SHA224 +/* SHA224 returns 0 on success */ +int wc_CAAM_Sha224Hash(wc_Sha224* sha, const byte* in, word32 inSz, + byte* digest) +{ + return wc_CAAM_CommonHash(&sha->hndl, &sha->ctx, in, inSz, digest, + WC_SHA224_DIGEST_SIZE, WC_HASH_TYPE_SHA224); +} +#endif + +#if !defined(NO_SHA256) +/* SHA256 returns 0 on success */ +int wc_CAAM_Sha256Hash(wc_Sha256* sha, const byte* in, word32 inSz, + byte* digest) +{ + return wc_CAAM_CommonHash(&sha->hndl, &sha->ctx, in, inSz, digest, + WC_SHA256_DIGEST_SIZE, WC_HASH_TYPE_SHA256); +} +#endif + +#ifdef WOLFSSL_SHA384 +/* SHA384 returns 0 on success */ +int wc_CAAM_Sha384Hash(wc_Sha384* sha, const byte* in, word32 inSz, + byte* digest) +{ + return wc_CAAM_CommonHash(&sha->hndl, &sha->ctx, in, inSz, digest, + WC_SHA384_DIGEST_SIZE, WC_HASH_TYPE_SHA384); + +} +#endif + +#ifdef WOLFSSL_SHA512 +/* SHA512 returns 0 on success */ +int wc_CAAM_Sha512Hash(wc_Sha512* sha, const byte* in, word32 inSz, + byte* digest) +{ + return wc_CAAM_CommonHash(&sha->hndl, &sha->ctx, in, inSz, digest, + WC_SHA512_DIGEST_SIZE, WC_HASH_TYPE_SHA512); +} +#endif + +#ifndef NO_AES_CBC +/* AES-CBC returns 0 on success */ +static int DoAesCBC(unsigned int args[4], CAAM_BUFFER *buf, int sz) +{ + status_t status; + caam_handle_t hndl; + + /* @TODO running on alternate job rings - performance enhancement */ + hndl.jobRing = kCAAM_JobRing0; + + if (args[0] == CAAM_DEC) { + status = CAAM_AES_DecryptCbc(CAAM, &hndl, + (const uint8_t*)buf[2].TheAddress, (uint8_t*)buf[3].TheAddress, + buf[3].Length, (const uint8_t*)buf[4].TheAddress, + (const uint8_t*)buf[0].TheAddress, buf[0].Length); + + /* store updated CBC state */ + XMEMCPY((byte*)buf[4].TheAddress, + (byte*)buf[2].TheAddress + buf[2].Length - AES_BLOCK_SIZE, + AES_BLOCK_SIZE); + } + else { + status = CAAM_AES_EncryptCbc(CAAM, &hndl, + (const uint8_t*)buf[2].TheAddress, (uint8_t*)buf[3].TheAddress, + buf[3].Length, (const uint8_t*)buf[4].TheAddress, + (const uint8_t*)buf[0].TheAddress, buf[0].Length); + + /* store updated CBC state */ + XMEMCPY((byte*)buf[4].TheAddress, + (byte*)buf[3].TheAddress + buf[3].Length - AES_BLOCK_SIZE, + AES_BLOCK_SIZE); + } + + if (status != kStatus_Success) { + return -1; + } + return 0; +} +#endif + +#ifdef WOLFSSL_AES_COUNTER +/* AES-CTR returns 0 on success */ +static int DoAesCTR(unsigned int args[4], CAAM_BUFFER *buf, int sz) +{ + status_t status; + caam_handle_t hndl; + byte *tmpIn = NULL; + byte *tmpOut = NULL; + byte *alignedIn = NULL; + byte *alignedOut = NULL; + + if (buf[2].TheAddress % CAAM_BUFFER_ALIGN) { + /* input not alligned */ + tmpIn = (byte*)XMALLOC(buf[2].Length + CAAM_BUFFER_ALIGN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + alignedIn = tmpIn + (CAAM_BUFFER_ALIGN - + ((wc_ptr_t)tmpIn % CAAM_BUFFER_ALIGN)); + XMEMCPY(alignedIn, (byte*)buf[2].TheAddress, buf[2].Length); + } + else { + alignedIn = (byte*)buf[2].TheAddress; + } + + if (buf[3].TheAddress % CAAM_BUFFER_ALIGN) { + /* output not alligned */ + tmpOut = (byte*)XMALLOC(buf[3].Length + CAAM_BUFFER_ALIGN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + alignedOut = tmpOut + (CAAM_BUFFER_ALIGN - + ((wc_ptr_t)tmpOut % CAAM_BUFFER_ALIGN)); + } + else { + alignedOut = (byte*)buf[3].TheAddress; + } + + /* @TODO running on alternate job rings - performance enhancement */ + hndl.jobRing = kCAAM_JobRing0; + + status = CAAM_AES_CryptCtr(CAAM, &hndl, alignedIn, alignedOut, + buf[3].Length, (byte*)buf[4].TheAddress, (byte*)buf[0].TheAddress, + buf[0].Length, (byte*)buf[2].TheAddress, NULL); + if (tmpOut != NULL) { + XMEMCPY((byte*)buf[3].TheAddress, alignedOut, buf[3].Length); + XFREE(tmpOut, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (tmpIn != NULL) { + XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (status != kStatus_Success) { + return -1; + } + return 0; +} +#endif + + +#if defined(HAVE_ECC) && defined(WOLFSSL_CAAM_ECC) +#include + +/* helper function get the ECDSEL value, this is a value that signals the + * hardware to use preloaded curve parameters + */ +static word32 GetECDSEL(int curveId) +{ + word32 ecdsel = 0; + + switch (curveId) { + case ECC_SECP192R1: + ecdsel = CAAM_ECDSA_P192; + break; + + case ECC_SECP224R1: + ecdsel = CAAM_ECDSA_P224; + break; + + case ECC_CURVE_DEF: + case ECC_SECP256R1: + ecdsel = CAAM_ECDSA_P256; + break; + + case ECC_SECP384R1: + ecdsel = CAAM_ECDSA_P384; + break; + + case ECC_SECP521R1: + ecdsel = CAAM_ECDSA_P521; + break; + + default: + WOLFSSL_MSG("not using preset curve parameters"); + } + + return ecdsel; +} + + +/* ECC sign operation on hardware, can handle black keys + * returns 0 on success + */ +int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen, + WC_RNG *rng, ecc_key *key, int devId) +{ + const ecc_set_type* dp; + int ret = 0; + ALIGN16 byte k[MAX_ECC_BYTES + WC_CAAM_MAC_SZ]; + word32 kSz = MAX_ECC_BYTES + WC_CAAM_MAC_SZ; + + /* input needs to be aligned */ + byte *alignedIn = NULL; + byte *tmpIn = NULL; + + ALIGN16 byte r[MAX_ECC_BYTES] = {0}; + ALIGN16 byte s[MAX_ECC_BYTES] = {0}; + word32 rSz = MAX_ECC_BYTES; + word32 sSz = MAX_ECC_BYTES; + int keySz; + word32 ecdsel; + word32 enc; + status_t status; + caam_handle_t hndl; + + /* @TODO running on alternate job rings - performance enhancement */ + hndl.jobRing = kCAAM_JobRing0; + + (void)rng; + if (key->dp != NULL) { + dp = key->dp; + } + else { + dp = wc_ecc_get_curve_params(key->idx); + } + + if (dp->id != ECC_SECP256R1 && dp->id != ECC_SECP384R1) { + WOLFSSL_MSG("Limiting CAAM to P256/P384 for now"); + return CRYPTOCB_UNAVAILABLE; + } + + /* check for known predetermined parameters */ + ecdsel = GetECDSEL(dp->id); + if (ecdsel == 0) { + WOLFSSL_MSG("Unsupported curve type"); + return BAD_FUNC_ARG; + } + keySz = kSz = wc_ecc_size(key); + + /* private key */ + if (key->blackKey == CAAM_BLACK_KEY_SM) { + ret = -1; /* only handling black keys not SM (secure memory) ones */ + } + else { + if (key->blackKey == CAAM_BLACK_KEY_CCM) { + if (mp_to_unsigned_bin_len(&key->k, k, kSz + WC_CAAM_MAC_SZ) + != MP_OKAY) { + return MP_TO_E; + } + } + else { + if (mp_to_unsigned_bin_len(&key->k, k, kSz) != MP_OKAY) { + return MP_TO_E; + } + } + } + + ecdsel = GetECDSEL(dp->id); + if (ecdsel == 0) { + WOLFSSL_MSG("unknown key type or size"); + return CRYPTOCB_UNAVAILABLE; + } + + switch (key->blackKey) { + case 0: + enc = 0; + break; + case CAAM_BLACK_KEY_ECB: + enc = CAAM_PKHA_ENC_PRI_AESECB; + break; + } + + if ((wc_ptr_t)in % CAAM_BUFFER_ALIGN) { + /* input not alligned */ + tmpIn = (byte*)XMALLOC(inlen + CAAM_BUFFER_ALIGN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + alignedIn = tmpIn + (CAAM_BUFFER_ALIGN - + ((wc_ptr_t)tmpIn % CAAM_BUFFER_ALIGN)); + XMEMCPY(alignedIn, in, inlen); + } + else { + alignedIn = (byte*)in; + } + + + status = CAAM_ECC_Sign(CAAM, &hndl, k, kSz, alignedIn, inlen, r, rSz, s, + sSz, ecdsel, enc); + if (tmpIn != NULL) { + XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + if (status != kStatus_Success) { + ret = -1; + } + + /* convert signature from raw bytes to signature format */ + if (ret == 0) { + mp_int mpr, mps; + + mp_init(&mpr); + mp_init(&mps); + + mp_read_unsigned_bin(&mpr, r, keySz); + mp_read_unsigned_bin(&mps, s, keySz); + + ret = StoreECC_DSA_Sig(out, outlen, &mpr, &mps); + mp_free(&mpr); + mp_free(&mps); + if (ret != 0) { + WOLFSSL_MSG("Issue converting to signature"); + return -1; + } + } + + return ret; +} + + +/* helper function to handle r/s with verify + * returns 0 on success + */ +static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash, + word32 hashlen, int* res, ecc_key* key) +{ + const ecc_set_type* dp; + int keySz; + word32 ecdsel = 0; + + /* input needs to be aligned */ + byte *alignedIn = NULL; + byte *tmpIn = NULL; + + ALIGN16 byte rbuf[MAX_ECC_BYTES] = {0}; + ALIGN16 byte sbuf[MAX_ECC_BYTES] = {0}; + + ALIGN16 byte qx[MAX_ECC_BYTES] = {0}; + ALIGN16 byte qy[MAX_ECC_BYTES] = {0}; + ALIGN16 byte qxy[MAX_ECC_BYTES * 2] = {0}; + word32 qxLen, qyLen; + + status_t status; + caam_handle_t hndl; + + /* @TODO running on alternate job rings - performance enhancement */ + hndl.jobRing = kCAAM_JobRing0; + + if (key->dp != NULL) { + dp = key->dp; + } + else { + dp = wc_ecc_get_curve_params(key->idx); + } + + /* right now only support P256/P384 @TODO */ + if (dp->id != ECC_SECP256R1 && dp->id != ECC_SECP384R1) { + WOLFSSL_MSG("Only support P256 and P384 verify with CAAM for now"); + return CRYPTOCB_UNAVAILABLE; + } + + /* check for known predetermined parameters */ + ecdsel = GetECDSEL(dp->id); + + if (ecdsel == 0) { + WOLFSSL_MSG("Curve parameters not supported"); + return CRYPTOCB_UNAVAILABLE; + } + + /* Wx,y public key */ + keySz = wc_ecc_size(key); + qxLen = qyLen = MAX_ECC_BYTES; + + if (wc_ecc_export_public_raw(key, qx, &qxLen, qy, &qyLen) != 0) { + WOLFSSL_MSG("Issue exporting public key part"); + return -1; + } + XMEMCPY(qxy, qx, qxLen); + XMEMCPY(qxy+qxLen, qy, qyLen); + + if (mp_to_unsigned_bin_len(r, rbuf, keySz) != MP_OKAY) { + return MP_TO_E; + } + + if (mp_to_unsigned_bin_len(s, sbuf, keySz) != MP_OKAY) { + return MP_TO_E; + } + + if ((wc_ptr_t)hash % CAAM_BUFFER_ALIGN) { + /* input not alligned */ + tmpIn = (byte*)XMALLOC(hashlen + CAAM_BUFFER_ALIGN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + alignedIn = tmpIn + (CAAM_BUFFER_ALIGN - + ((wc_ptr_t)tmpIn % CAAM_BUFFER_ALIGN)); + XMEMCPY(alignedIn, hash, hashlen); + } + else { + alignedIn = (byte*)hash; + } + + status = CAAM_ECC_Verify(CAAM, &hndl, qxy, qxLen+qyLen, rbuf, + keySz, sbuf, keySz, alignedIn, hashlen, ecdsel); + if (tmpIn != NULL) { + XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + *res = 0; + if (status == kStatus_Success) { + *res = 1; + } + + return MP_OKAY; +} + + +/* ECC verify operation using hardware + * returns 0 on success, and sets "res" with verify result (1 for verify ok) + */ +int wc_CAAM_EccVerify(const byte* sig, word32 siglen, const byte* hash, + word32 hashlen, int* res, ecc_key* key, int devId) +{ + int ret; + mp_int r, s; + + ret = DecodeECC_DSA_Sig(sig, siglen, &r, &s); + if (ret == 0) { + ret = wc_CAAM_EccVerify_ex(&r, &s, hash, hashlen, res, key); + mp_free(&r); + mp_free(&s); + } + + (void)devId; + return ret; +} + + +/* ECDH operation using hardware, can handle black keys + * returns 0 on success + */ +int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out, + word32* outlen, int devId) +{ + const ecc_set_type* dp; + int keySz; + word32 ecdsel = 0; /* ecc parameters in hardware */ + int enc; + status_t status; + + ALIGN16 byte k[MAX_ECC_BYTES + WC_CAAM_MAC_SZ] = {0}; + ALIGN16 byte qx[MAX_ECC_BYTES] = {0}; + ALIGN16 byte qy[MAX_ECC_BYTES] = {0}; + ALIGN16 byte qxy[MAX_ECC_BYTES * 2] = {0}; + word32 qxSz, qySz; + caam_handle_t hndl; + + /* @TODO running on alternate job rings - performance enhancement */ + hndl.jobRing = kCAAM_JobRing0; + + if (private_key->dp != NULL) { + dp = private_key->dp; + } + else { + dp = wc_ecc_get_curve_params(private_key->idx); + } + + if (dp->id != ECC_SECP256R1 && dp->id != ECC_SECP384R1) { + return CRYPTOCB_UNAVAILABLE; + } + + /* check for known predetermined parameters */ + ecdsel = GetECDSEL(dp->id); + if (ecdsel == 0) { /* predefined value not known, loading all parameters */ + WOLFSSL_MSG("Unsupported curve parameters"); + return CRYPTOCB_UNAVAILABLE; + } + + keySz = wc_ecc_size(private_key); + if (*outlen < (word32)keySz) { + WOLFSSL_MSG("out buffer is to small"); + return BUFFER_E; + } + + /* public key */ + qxSz = qySz = MAX_ECC_BYTES; + if (wc_ecc_export_public_raw(public_key, qx, &qxSz, qy, &qySz) != 0) { + WOLFSSL_MSG("Issue exporting public key part"); + return -1; + } + XMEMCPY(qxy, qx, qxSz); + XMEMCPY(qxy+qxSz, qy, qySz); + + /* private key */ + if (keySz > MAX_ECC_BYTES) { + return BUFFER_E; + } + + enc = 0; + if (private_key->blackKey == CAAM_BLACK_KEY_ECB) { + enc = CAAM_PKHA_ENC_PRI_AESECB; + } + + if (private_key->blackKey == CAAM_BLACK_KEY_CCM) { + if (mp_to_unsigned_bin_len(&private_key->k, k, + keySz + WC_CAAM_MAC_SZ) != MP_OKAY) { + return MP_TO_E; + } + } + else { + if (mp_to_unsigned_bin_len(&private_key->k, k, keySz) != MP_OKAY) { + return MP_TO_E; + } + } + + if (*outlen < (word32)keySz) { + return -1; + } + + status = CAAM_ECC_ECDH(CAAM, &hndl, k, keySz, qxy, keySz*2, out, keySz, + ecdsel, enc); + if (status == kStatus_Success) { + *outlen = keySz; + return MP_OKAY; + } + else { + return -1; + } +} + +#ifdef WOLFSSL_KEY_GEN +/* creates a [ private black key ] [ x , y ] + * returns 0 on success + */ +int wc_CAAM_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId, + int devId) +{ + int ret = 0; + ALIGN16 byte xy[MAX_ECC_BYTES * 2]; + ALIGN16 byte k[MAX_ECC_BYTES]; + word32 kSz = MAX_ECC_BYTES; + word32 xySz = MAX_ECC_BYTES * 2; + word32 ecdsel; + word32 enc; + status_t status; + caam_handle_t hndl; + + XMEMSET(xy, 0, MAX_ECC_BYTES * 2); + XMEMSET(k, 0, MAX_ECC_BYTES); + + /* @TODO running on alternate job rings - performance enhancement */ + hndl.jobRing = kCAAM_JobRing0; + + key->type = ECC_PRIVATEKEY; + + /* if set to default curve then assume SECP256R1 */ + if (keySize == 32 && curveId == ECC_CURVE_DEF) curveId = ECC_SECP256R1; + if (keySize == 48 && curveId == ECC_CURVE_DEF) curveId = ECC_SECP384R1; + + if (curveId != ECC_SECP256R1 && curveId != ECC_SECP384R1) { + /* currently only implemented P256/P384 support */ + return CRYPTOCB_UNAVAILABLE; + } + + ecdsel = GetECDSEL(curveId); + if (ecdsel == 0) { + WOLFSSL_MSG("unknown key type or size"); + return CRYPTOCB_UNAVAILABLE; + } + + if (key->blackKey == CAAM_BLACK_KEY_ECB) { + enc = CAAM_PKHA_ENC_PRI_AESECB; + } + + if (key->blackKey == 0) { + #ifdef WOLFSSL_CAAM_NO_BLACK_KEY + enc = 0; + #else + key->blackKey = CAAM_BLACK_KEY_ECB; + enc = CAAM_PKHA_ENC_PRI_AESECB; + #endif + } + + status = CAAM_ECC_Keygen(CAAM, &hndl, k, &kSz, xy, &xySz, ecdsel, + enc); + if (status != kStatus_Success) { + ret = -1; + } + + if (ret == 0 && + wc_ecc_import_unsigned(key, xy, xy + keySize, k, curveId) != 0) { + WOLFSSL_MSG("issue importing key"); + ret = -1; + } + + return ret; +} +#endif /* WOLFSSL_KEY_GEN */ +#endif /* HAVE_ECC */ + + +/* Do a synchronous operations and block till done + * returns 0 on success */ +int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf, + int sz) +{ + int ret = 0; + + caam_handle_t hndl; + hndl.jobRing = kCAAM_JobRing0; + + switch (type) { + case CAAM_ENTROPY: + if (CAAM_RNG_GetRandomData(CAAM, &hndl, kCAAM_RngStateHandle0, + (uint8_t *)buf[0].TheAddress, buf[0].Length, + kCAAM_RngDataAny, NULL) != kStatus_Success) { + ret = WC_HW_E; + } + break; + +#ifndef NO_AES_CBC + case CAAM_AESCBC: + ret = DoAesCBC(args, buf, sz); + break; +#endif + +#ifdef WOLFSSL_AES_COUNTER + case CAAM_AESCTR: + ret = DoAesCTR(args, buf, sz); + break; +#endif + +#ifdef CAAM_BLOB_EXPANSION + case CAAM_BLOB_ENCAP: + if (CAAM_Blob(CAAM, &hndl, (byte*)buf[1].TheAddress, + buf[1].Length, (byte*)buf[2].TheAddress, + buf[2].Length, (byte*)buf[0].TheAddress, + buf[0].Length, CAAM_ENCAP_BLOB, + (args[0] = 0)? CAAM_RED_BLOB : CAAM_BLACK_BLOB) + != kStatus_Success) { + ret = WC_HW_E; + } + break; + + case CAAM_BLOB_DECAP: + if (CAAM_Blob(CAAM, &hndl, (byte*)buf[1].TheAddress, buf[1].Length, + (byte*)buf[2].TheAddress, buf[2].Length, + (byte*)buf[0].TheAddress, buf[0].Length, + CAAM_DECAP_BLOB, + (args[0] = 0)? CAAM_RED_BLOB : CAAM_BLACK_BLOB) + != kStatus_Success) { + ret = WC_HW_E; + } + break; +#endif + + default: + WOLFSSL_MSG("Unknown/unsupported type"); + return -1; + } + + if (ret != 0) { + return -1; + } + + return Success; +} + +#endif /* WOLFSSL_IMXRT1170_CAAM */ diff --git a/wolfcrypt/src/port/caam/wolfcaam_hash.c b/wolfcrypt/src/port/caam/wolfcaam_hash.c index b7ccbc868..982866b09 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_hash.c +++ b/wolfcrypt/src/port/caam/wolfcaam_hash.c @@ -25,7 +25,8 @@ #include -#if defined(WOLFSSL_CAAM) && defined(WOLFSSL_CAAM_HASH) +#if defined(WOLFSSL_CAAM) && defined(WOLFSSL_CAAM_HASH) \ + && !defined(WOLFSSL_IMXRT1170_CAAM) #include #include @@ -84,7 +85,7 @@ static int _InitSha(byte* ctx, word32 ctxSz, void* heap, int devId, arg[1] = ctxSz + WC_CAAM_CTXLEN; arg[2] = (word32)devId; - if ((ret = wc_caamAddAndWait(buf, arg, type)) != 0) { + if ((ret = wc_caamAddAndWait(buf, 1, arg, type)) != 0) { WOLFSSL_MSG("Error with CAAM SHA init"); return ret; } @@ -137,7 +138,7 @@ static int _ShaUpdate(wc_Sha* sha, const byte* data, word32 len, word32 digestSz arg[0] = CAAM_ALG_UPDATE; arg[1] = digestSz + WC_CAAM_CTXLEN; - if ((ret = wc_caamAddAndWait(buf, arg, type)) != 0) { + if ((ret = wc_caamAddAndWait(buf, 2, arg, type)) != 0) { WOLFSSL_MSG("Error with CAAM SHA update"); return ret; } @@ -169,7 +170,7 @@ static int _ShaUpdate(wc_Sha* sha, const byte* data, word32 len, word32 digestSz arg[0] = CAAM_ALG_UPDATE; arg[1] = digestSz + WC_CAAM_CTXLEN; - if ((ret = wc_caamAddAndWait(buf, arg, type)) != 0) { + if ((ret = wc_caamAddAndWait(buf, 2, arg, type)) != 0) { WOLFSSL_MSG("Error with CAAM SHA update"); return ret; } @@ -244,7 +245,7 @@ int wc_CAAM_ShaHash(wc_Sha* sha, const byte* in, word32 inSz, byte* digest) ret = _wc_Hash_Grow(&(sha->msg), &(sha->used), &(sha->len), in, inSz, sha->heap); #else - ret = _ShaUpdate(sha, data, len, SHA_DIGEST_SIZE, CAAM_SHA); + ret = _ShaUpdate(sha, in, inSz, SHA_DIGEST_SIZE, CAAM_SHA); #endif } @@ -319,7 +320,7 @@ int wc_CAAM_Sha256Hash(wc_Sha256* sha256, const byte* in, word32 inSz, #ifdef WOLFSSL_HASH_KEEP ret = wc_Sha256_Grow(sha256, in, inSz); #else - ret = _ShaUpdate(sha256, data, len, SHA256_DIGEST_SIZE, CAAM_SHA256); + ret = _ShaUpdate(sha256, in, inSz, SHA256_DIGEST_SIZE, CAAM_SHA256); #endif } diff --git a/wolfcrypt/src/port/caam/wolfcaam_init.c b/wolfcrypt/src/port/caam/wolfcaam_init.c index d6c4850bb..a0b868dec 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_init.c +++ b/wolfcrypt/src/port/caam/wolfcaam_init.c @@ -22,11 +22,21 @@ #include #endif + +/* + * WOLFSSL_CAAM is used to enable CAAM support + * + * Different Hardware Ports + * WOLFSSL_IMX6_CAAM build for QNX + IMX6 + * WOLFSSL_SECO_CAAM make use of NXP's SECO HSM library on i.MX8 + * WOLFSSL_IMXRT1170_CAAM make use of NXP's CAAM driver for RT1170 series boards + * + */ #include #if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \ defined(WOLFSSL_IMX6UL_CAAM) || defined(WOLFSSL_IMX6_CAAM_BLOB) || \ - defined(WOLFSSL_SECO_CAAM) + defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) #include #include @@ -175,7 +185,6 @@ static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx) case WC_ALGO_TYPE_HASH: #ifdef WOLFSSL_CAAM_HASH - #ifdef WOLFSSL_SECO_CAAM switch(info->hash.type) { #ifdef WOLFSSL_SHA224 case WC_HASH_TYPE_SHA224: @@ -213,7 +222,6 @@ static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx) WOLFSSL_MSG("Unknown or unsupported hash type"); ret = CRYPTOCB_UNAVAILABLE; } - #endif #endif /* WOLFSSL_CAAM_HASH */ break; diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 4cdd4bbff..5ca568eb9 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -170,6 +170,7 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) #elif defined(WOLFSSL_ZEPHYR) #elif defined(WOLFSSL_TELIT_M2MB) #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG) +#elif defined(WOLFSSL_IMXRT1170_CAAM) #elif defined(WOLFSSL_GETRANDOM) #include #include @@ -3321,7 +3322,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } #elif (defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \ - defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_QNX_CAAM)) + defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_QNX_CAAM) || \ + defined(WOLFSSL_IMXRT1170_CAAM)) #include @@ -3358,7 +3360,9 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) if (ret != RAN_BLOCK_E && ret != 0) { return ret; } +#ifndef WOLFSSL_IMXRT1170_CAAM usleep(100); +#endif } if (i == times && ret != 0) { diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index bcfd1005d..11cf844ae 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -46,6 +46,10 @@ #include #endif +#ifdef WOLFSSL_IMXRT1170_CAAM +#include +#endif + /* fips wrapper calls, user can call direct */ #if defined(HAVE_FIPS) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) @@ -549,6 +553,9 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) #else (void)devId; #endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef WOLFSSL_IMXRT1170_CAAM + ret = wc_CAAM_HashInit(&sha->hndl, &sha->ctx, WC_HASH_TYPE_SHA); +#endif return ret; } diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 8996f4dcf..9a56f4f9d 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -84,6 +84,11 @@ on the specific device platform. #include #endif +#ifdef WOLFSSL_IMXRT1170_CAAM + #include +#endif + + /* determine if we are using Espressif SHA hardware acceleration */ #undef WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ @@ -840,6 +845,9 @@ static int InitSha256(wc_Sha256* sha256) #else (void)devId; #endif /* WOLFSSL_ASYNC_CRYPT */ + #ifdef WOLFSSL_IMXRT1170_CAAM + ret = wc_CAAM_HashInit(&sha256->hndl, &sha256->ctx, WC_HASH_TYPE_SHA256); + #endif return ret; } @@ -1585,7 +1593,9 @@ static int InitSha256(wc_Sha256* sha256) #else (void)devId; #endif /* WOLFSSL_ASYNC_CRYPT */ - +#ifdef WOLFSSL_IMXRT1170_CAAM + ret = wc_CAAM_HashInit(&sha224->hndl, &sha224->ctx, WC_HASH_TYPE_SHA224); +#endif return ret; } diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 43b28fcc7..bffa98501 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -47,6 +47,10 @@ #include #endif +#ifdef WOLFSSL_IMXRT1170_CAAM + #include +#endif + /* deprecated USE_SLOW_SHA2 (replaced with USE_SLOW_SHA512) */ #if defined(USE_SLOW_SHA2) && !defined(USE_SLOW_SHA512) #define USE_SLOW_SHA512 @@ -606,7 +610,9 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId, #else (void)devId; #endif /* WOLFSSL_ASYNC_CRYPT */ - +#ifdef WOLFSSL_IMXRT1170_CAAM + ret = wc_CAAM_HashInit(&sha512->hndl, &sha512->ctx, WC_HASH_TYPE_SHA512); +#endif return ret; } @@ -1436,7 +1442,9 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) #else (void)devId; #endif /* WOLFSSL_ASYNC_CRYPT */ - +#ifdef WOLFSSL_IMXRT1170_CAAM + ret = wc_CAAM_HashInit(&sha384->hndl, &sha384->ctx, WC_HASH_TYPE_SHA384); +#endif return ret; } diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 77cdb1f34..b082706fc 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -80,7 +80,7 @@ #if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \ defined(WOLFSSL_IMX6UL_CAAM) || defined(WOLFSSL_IMX6_CAAM_BLOB) || \ - defined(WOLFSSL_SECO_CAAM) + defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) #include #endif #if defined(WOLFSSL_DEVCRYPTO) @@ -347,7 +347,7 @@ int wolfCrypt_Init(void) #if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \ defined(WOLFSSL_IMX6UL_CAAM) || defined(WOLFSSL_IMX6_CAAM_BLOB) || \ - defined(WOLFSSL_SECO_CAAM) + defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) if ((ret = wc_caamInit()) != 0) { return ret; } @@ -433,7 +433,7 @@ int wolfCrypt_Cleanup(void) #if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \ defined(WOLFSSL_IMX6_CAAM_BLOB) || \ - defined(WOLFSSL_SECO_CAAM) + defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) wc_caamFree(); #endif #if defined(WOLFSSL_CRYPTOCELL) @@ -2788,6 +2788,34 @@ time_t fsl_time(time_t* t) } #endif +#if defined(FREESCALE_SNVS_RTC) +time_t fsl_time(time_t* t) +{ + struct tm tm_time; + time_t ret; + + snvs_hp_rtc_datetime_t rtcDate; + snvs_hp_rtc_config_t snvsRtcConfig; + + SNVS_HP_RTC_GetDefaultConfig(&snvsRtcConfig); + SNVS_HP_RTC_Init(SNVS, &snvsRtcConfig); + + SNVS_HP_RTC_GetDatetime(SNVS, &rtcDate); + + tm_time.tm_year = rtcDate.year; + tm_time.tm_mon = rtcDate.month; + tm_time.tm_mday = rtcDate.day; + tm_time.tm_hour = rtcDate.hour; + tm_time.tm_min = rtcDate.minute; + tm_time.tm_sec = rtcDate.second; + + ret = mktime(&tm_time); + if (t != NULL) + *t = ret; + return ret; +} +#endif + #if defined(MICRIUM) time_t micrium_time(time_t* timer) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a0d7a1498..4c3458c37 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -593,7 +593,7 @@ WOLFSSL_TEST_SUBROUTINE int mutex_test(void); #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) WOLFSSL_TEST_SUBROUTINE int memcb_test(void); #endif -#ifdef WOLFSSL_IMX6_CAAM_BLOB +#ifdef WOLFSSL_CAAM_BLOB WOLFSSL_TEST_SUBROUTINE int blob_test(void); #endif @@ -1523,7 +1523,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ TEST_PASS("memcb test passed!\n"); #endif -#ifdef WOLFSSL_IMX6_CAAM_BLOB +#ifdef WOLFSSL_CAAM_BLOB if ( (ret = blob_test()) != 0) return err_sys("blob test failed!\n", ret); else @@ -13433,15 +13433,21 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void) byte *c = NULL; byte *b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #ifndef WOLFSSL_NO_REALLOC if (b) { c = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (c) b = c; } + #endif if (b) XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if ((b == NULL) || (c == NULL)) { + if ((b == NULL) + #ifndef WOLFSSL_NO_REALLOC + || (c == NULL) + #endif + ) { return -7217; } } @@ -24212,7 +24218,7 @@ static int ecc_test_make_pub(WC_RNG* rng) /* create a new key since above test for loading key is not supported */ #if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) || \ defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SE050) || \ - defined(WOLFSSL_SECO_CAAM) + defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); if (ret != 0) { ERROR_OUT(-9861, done); @@ -43534,7 +43540,7 @@ exit_memcb: #endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */ -#ifdef WOLFSSL_IMX6_CAAM_BLOB +#if defined(WOLFSSL_CAAM_BLOB) WOLFSSL_TEST_SUBROUTINE int blob_test(void) { int ret = 0; diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index 0fb71eeb5..86f6fdb64 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -40,16 +40,20 @@ typedef struct WOLFSSL_SHA_CTX { /* big enough to hold wolfcrypt Sha, but check on init */ #if defined(STM32_HASH) - void* holder[(112 + WC_ASYNC_DEV_SIZE + sizeof(STM32_HASH_Context)) / sizeof(void*)]; + void* holder[(112 + WC_ASYNC_DEV_SIZE + sizeof(STM32_HASH_Context)) / + sizeof(void*)]; +#elif defined(WOLFSSL_IMXRT1170_CAAM) + void* holder[(112 + WC_ASYNC_DEV_SIZE + sizeof(caam_hash_ctx_t) + + sizeof(caam_handle_t)) / sizeof(void*)]; #else void* holder[(112 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; #endif - #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) +#if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))]; - #endif - #ifdef WOLF_CRYPTO_CB +#endif +#ifdef WOLF_CRYPTO_CB void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / sizeof(void*)]; - #endif +#endif } WOLFSSL_SHA_CTX; WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha); @@ -107,8 +111,20 @@ typedef WOLFSSL_SHA_CTX SHA_CTX; * to Sha224, is expected to also be 16 byte aligned addresses. */ typedef struct WOLFSSL_SHA224_CTX { /* big enough to hold wolfcrypt Sha224, but check on init */ +#if defined(WOLFSSL_IMXRT1170_CAAM) + ALIGN16 void* holder[(274 + CTX_SHA2_HW_ADDER + WC_ASYNC_DEV_SIZE + + sizeof(caam_hash_ctx_t) + sizeof(caam_handle_t)) / sizeof(void*)]; +#else ALIGN16 void* holder[(274 + CTX_SHA2_HW_ADDER + WC_ASYNC_DEV_SIZE) / - sizeof(void*)]; + sizeof(void*)]; +#endif +#if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) + ALIGN16 void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))]; +#endif +#ifdef WOLF_CRYPTO_CB + ALIGN16 void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / + sizeof(void*)]; +#endif } WOLFSSL_SHA224_CTX; WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha); @@ -141,8 +157,20 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX; * to Sha256, is expected to also be 16 byte aligned addresses. */ typedef struct WOLFSSL_SHA256_CTX { /* big enough to hold wolfcrypt Sha256, but check on init */ +#if defined(WOLFSSL_IMXRT1170_CAAM) + ALIGN16 void* holder[(274 + CTX_SHA2_HW_ADDER + WC_ASYNC_DEV_SIZE + + sizeof(caam_hash_ctx_t) + sizeof(caam_handle_t)) / sizeof(void*)]; +#else ALIGN16 void* holder[(274 + CTX_SHA2_HW_ADDER + WC_ASYNC_DEV_SIZE) / - sizeof(void*)]; + sizeof(void*)]; +#endif +#if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) + ALIGN16 void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))]; +#endif +#ifdef WOLF_CRYPTO_CB + ALIGN16 void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / + sizeof(void*)]; +#endif } WOLFSSL_SHA256_CTX; WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256); @@ -185,7 +213,18 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX; #ifdef WOLFSSL_SHA384 typedef struct WOLFSSL_SHA384_CTX { /* big enough to hold wolfCrypt Sha384, but check on init */ - void* holder[(288 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; +#if defined(WOLFSSL_IMXRT1170_CAAM) + void* holder[(268 + WC_ASYNC_DEV_SIZE + + sizeof(caam_hash_ctx_t) + sizeof(caam_handle_t)) / sizeof(void*)]; +#else + void* holder[(268 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; +#endif +#if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) + void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))]; +#endif +#ifdef WOLF_CRYPTO_CB + void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / sizeof(void*)]; +#endif } WOLFSSL_SHA384_CTX; WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha); @@ -214,7 +253,18 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX; #ifdef WOLFSSL_SHA512 typedef struct WOLFSSL_SHA512_CTX { /* big enough to hold wolfCrypt Sha384, but check on init */ +#if defined(WOLFSSL_IMXRT1170_CAAM) + void* holder[(288 + WC_ASYNC_DEV_SIZE + + sizeof(caam_hash_ctx_t) + sizeof(caam_handle_t)) / sizeof(void*)]; +#else void* holder[(288 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; +#endif +#if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) + void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))]; +#endif +#ifdef WOLF_CRYPTO_CB + void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / sizeof(void*)]; +#endif } WOLFSSL_SHA512_CTX; WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha); diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 529fc171d..c8d831c5e 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -182,7 +182,8 @@ nobase_include_HEADERS+= wolfssl/wolfcrypt/port/caam/wolfcaam.h \ wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h \ wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h \ wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h \ - wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h + wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h \ + wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h endif if BUILD_IOTSAFE diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam.h b/wolfssl/wolfcrypt/port/caam/wolfcaam.h index 9b464fc27..ba9d75135 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam.h @@ -30,10 +30,13 @@ #include #elif defined(WOLFSSL_SECO_CAAM) #include +#elif defined(WOLFSSL_IMXRT1170_CAAM) + #include #endif #if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \ - defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SECO_CAAM) + defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SECO_CAAM) || \ + defined(WOLFSSL_IMXRT1170_CAAM) /* unique devId for CAAM use on crypto callbacks */ @@ -92,7 +95,8 @@ WOLFSSL_API int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz, #define WC_CAAM_BLACK_KEYMOD_SZ 16 #define WC_CAAM_MAX_ENTROPY 44 -#if !defined(WOLFSSL_QNX_CAAM) && !defined(WOLFSSL_SECO_CAAM) +#if !defined(WOLFSSL_QNX_CAAM) && !defined(WOLFSSL_SECO_CAAM) && \ + !defined(WOLFSSL_IMXRT1170_CAAM) WOLFSSL_API int wc_caamSetResource(IODevice ioDev); #ifndef WC_CAAM_READ #define WC_CAAM_READ(reg) wc_caamReadRegister((reg)) diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h new file mode 100644 index 000000000..7cdda7f5e --- /dev/null +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h @@ -0,0 +1,91 @@ +/* wolfcaam_fsl_nxp.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* This file is for interacting with the driver code */ +#ifndef WOLFCAAM_FSL_NXP_H +#define WOLFCAAM_FSL_NXP_H + +#include + +#ifdef WOLFSSL_IMXRT1170_CAAM + +#include "fsl_device_registers.h" +#include "fsl_caam.h" + +/* check for patched version of fsl_caam */ +#ifdef CAAM_ECC_EXPANSION + #define WOLFSSL_CAAM_ECC +#endif +#ifdef CAAM_BLOB_EXPANSION + #define WOLFSSL_CAAM_BLOB +#endif + +#define Error int +#define Value int +#define Boolean int +#define Success 1 +#define Failure 0 +#define INTERRUPT_Panic() +#define MemoryMapMayNotBeEmpty -1 +#define CAAM_WAITING -2 +#define NoActivityReady -1 +#define MemoryOperationNotPerformed -1 + +#define CAAM_ADDRESS uintptr_t +#ifndef WOLFSSL_CAAM_BUFFER +#define WOLFSSL_CAAM_BUFFER + typedef struct CAAM_BUFFER { + int BufferType; + CAAM_ADDRESS TheAddress; + int Length; + } CAAM_BUFFER; +#endif + +#define DataBuffer 0 +#define LastBuffer 0 +#define Success 1 + +/* unique devId for CAAM use on crypto callbacks */ +#define WOLFSSL_CAAM_DEVID 7 + +#include +#include +#include +#include + +#define ResourceNotAvailable -3 +#define CAAM_WAITING -2 + +WOLFSSL_LOCAL int SynchronousSendRequest(int type, unsigned int args[4], + CAAM_BUFFER *buf, int sz); +WOLFSSL_LOCAL int wc_CAAMInitInterface(void); +WOLFSSL_LOCAL void wc_CAAMFreeInterface(void); + +#define CAAM_SEND_REQUEST(type, sz, arg, buf) \ + SynchronousSendRequest((type), (arg), (buf), (sz)) +#define CAAM_INIT_INTERFACE wc_CAAMInitInterface +#define CAAM_FREE_INTERFACE wc_CAAMFreeInterface +#endif + +#define CAAM_BUFFER_ALIGN 16 + +#endif /* WOLFCAAM_QNX_H */ diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h index 459c64ace..5fca631f3 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h @@ -26,6 +26,10 @@ #include +#ifdef WOLFSSL_IMXRT1170_CAAM +WOLFSSL_LOCAL int wc_CAAM_HashInit(caam_handle_t* hndl, caam_hash_ctx_t* ctx, int type); +#endif + #ifndef NO_SHA WOLFSSL_LOCAL int wc_CAAM_ShaHash(wc_Sha* sha, const byte* in, word32 inSz, byte* digest); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 67cd4d217..6fab76337 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1803,6 +1803,12 @@ extern void uITRON4_free(void *p) ; #endif #endif +#ifdef WOLFSSL_IMXRT1170_CAAM + #define WOLFSSL_CAAM + #define WOLFSSL_CAAM_HASH + #define WOLFSSL_CAAM_CIPHER +#endif + /* If DCP is used without SINGLE_THREADED, enforce WOLFSSL_CRYPT_HW_MUTEX */ #if defined(WOLFSSL_IMXRT_DCP) && !defined(SINGLE_THREADED) #undef WOLFSSL_CRYPT_HW_MUTEX diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index d661fe8a0..4f0d1cc47 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -52,6 +52,11 @@ #include "fsl_ltc.h" #endif +#if defined(WOLFSSL_IMXRT1170_CAAM) + #include "fsl_device_registers.h" + #include "fsl_caam.h" +#endif + #ifdef WOLFSSL_IMXRT_DCP #include "fsl_dcp.h" #endif @@ -156,6 +161,10 @@ struct wc_Sha { int devId; void* devCtx; /* generic crypto callback context */ #endif + #ifdef WOLFSSL_IMXRT1170_CAAM + caam_hash_ctx_t ctx; + caam_handle_t hndl; + #endif #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) byte* msg; word32 used; diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index a0e9d4a75..93e1acf81 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -61,6 +61,11 @@ #include "fsl_ltc.h" #endif +#if defined(WOLFSSL_IMXRT1170_CAAM) + #include "fsl_device_registers.h" + #include "fsl_caam.h" +#endif + #ifdef WOLFSSL_IMXRT_DCP #include "fsl_dcp.h" #endif @@ -223,6 +228,10 @@ struct wc_Sha256 { int devId; void* devCtx; /* generic crypto callback context */ #endif +#ifdef WOLFSSL_IMXRT1170_CAAM + caam_hash_ctx_t ctx; + caam_handle_t hndl; +#endif #ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 29f829efe..4011c7df5 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -91,6 +91,11 @@ #include #endif +#if defined(WOLFSSL_IMXRT1170_CAAM) + #include "fsl_device_registers.h" + #include "fsl_caam.h" +#endif + #if defined(_MSC_VER) #define SHA512_NOINLINE __declspec(noinline) #elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) @@ -192,6 +197,10 @@ struct wc_Sha512 { #ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif +#ifdef WOLFSSL_IMXRT1170_CAAM + caam_hash_ctx_t ctx; + caam_handle_t hndl; +#endif #endif /* WOLFSSL_PSOC6_CRYPTO */ }; diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 7e5f1a4d6..30493c47b 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -833,7 +833,13 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #ifndef XTIME #define XTIME(t1) fsl_time((t1)) #endif - +#elif defined(FREESCALE_SNVS_RTC) + #include + #include "fsl_snvs_hp.h" + time_t fsl_time(time_t* t); + #ifndef XTIME + #define XTIME(t1) fsl_time((t1)) + #endif #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #ifdef FREESCALE_MQX_4_0 #include diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h index 7c1bb8cd6..bf2c4a742 100644 --- a/wolfssl/wolfcrypt/wolfmath.h +++ b/wolfssl/wolfcrypt/wolfmath.h @@ -65,7 +65,7 @@ WOLFSSL_API int mp_rand(mp_int* a, int digits, WC_RNG* rng); #define WC_TYPE_HEX_STR 1 #define WC_TYPE_UNSIGNED_BIN 2 -#if defined(WOLFSSL_QNX_CAAM) +#if defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) #define WC_TYPE_BLACK_KEY 3 #endif