feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #4584 from ethanlooney/nxp_se050_curve25519

Browse Source 
Added curve25519 support for NXP SE050
This commit is contained in:
Daniele Lacamera
2021-12-02 02:47:36 -08:00
committed by GitHub
parent 48b15b0dfb 7396a0cb3a
commit baee7bace4
9 changed files with 396 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
wolfcrypt/src/curve25519.c
View File

@ -43,6 +43,9 @@
#if defined(FREESCALE_LTC_ECC) #if defined(FREESCALE_LTC_ECC)
#include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h> #include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
#endif #endif
#ifdef WOLFSSL_SE050
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
#endif
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h> #include <wolfssl/wolfcrypt/cryptocb.h>
@ -227,6 +230,9 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
} }
#endif #endif
#ifdef WOLFSSL_SE050
ret = se050_curve25519_create_key(key, keysize);
#else
ret = wc_curve25519_make_priv(rng, keysize, key->k); ret = wc_curve25519_make_priv(rng, keysize, key->k);
if (ret == 0) { if (ret == 0) {
key->privSet = 1; key->privSet = 1;
@ -234,6 +240,7 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
(int)sizeof(key->k), key->k); (int)sizeof(key->k), key->k);
key->pubSet = (ret == 0); key->pubSet = (ret == 0);
} }
#endif
return ret; return ret;
} }
@ -251,8 +258,8 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
curve25519_key* public_key, curve25519_key* public_key,
byte* out, word32* outlen, int endian) byte* out, word32* outlen, int endian)
{ {
int ret;
ECPoint o; ECPoint o;
int ret = 0;
/* sanity check */ /* sanity check */
if (private_key == NULL || public_key == NULL || if (private_key == NULL || public_key == NULL ||
@ -261,7 +268,11 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
} }
/* make sure we have a populated private and public key */ /* make sure we have a populated private and public key */
if (!private_key->privSet || !public_key->pubSet) { if (!public_key->pubSet
#ifndef WOLFSSL_SE050
|| !private_key->privSet
#endif
) {
return ECC_BAD_ARG_E; return ECC_BAD_ARG_E;
} }
@ -270,8 +281,6 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
return ECC_BAD_ARG_E; return ECC_BAD_ARG_E;
} }
XMEMSET(&o, 0, sizeof(o));
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
if (private_key->devId != INVALID_DEVID) { if (private_key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Curve25519(private_key, public_key, out, outlen, ret = wc_CryptoCb_Curve25519(private_key, public_key, out, outlen,
@ -282,17 +291,28 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
} }
#endif #endif
#ifdef FREESCALE_LTC_ECC XMEMSET(&o, 0, sizeof(o));
/* input point P on Curve25519 */
ret = nxp_ltc_curve25519(&o, private_key->k, &public_key->p,
kLTC_Curve25519);
#else
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = curve25519(o.point, private_key->k, public_key->p.point); #ifdef FREESCALE_LTC_ECC
/* input point P on Curve25519 */
RESTORE_VECTOR_REGISTERS(); ret = nxp_ltc_curve25519(&o, private_key->k, &public_key->p,
kLTC_Curve25519);
#else
#ifdef WOLFSSL_SE050
if (!private_key->privSet) {
/* use NXP SE050 is private key is not set */
ret = se050_curve25519_shared_secret(private_key, public_key, &o);
}
else
#endif #endif
{
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = curve25519(o.point, private_key->k, public_key->p.point);
RESTORE_VECTOR_REGISTERS();
}
#endif
if (ret != 0) { if (ret != 0) {
ForceZero(&o, sizeof(o)); ForceZero(&o, sizeof(o));
return ret; return ret;
@ -575,6 +595,11 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
return ECC_BAD_ARG_E; return ECC_BAD_ARG_E;
} }
#ifdef WOLFSSL_SE050
/* release NXP resources if set */
se050_curve25519_free_key(key);
#endif
/* import private scalar with endianess */ /* import private scalar with endianess */
curve25519_copy_point(key->k, priv, endian); curve25519_copy_point(key->k, priv, endian);
key->privSet = 1; key->privSet = 1;
@ -622,6 +647,10 @@ void wc_curve25519_free(curve25519_key* key)
if (key == NULL) if (key == NULL)
return; return;
#ifdef WOLFSSL_SE050
se050_curve25519_free_key(key);
#endif
key->dp = NULL; key->dp = NULL;
ForceZero(key->k, sizeof(key->k)); ForceZero(key->k, sizeof(key->k));
XMEMSET(&key->p, 0, sizeof(key->p)); XMEMSET(&key->p, 0, sizeof(key->p));

10
wolfcrypt/src/ecc.c
View File

@ -171,6 +171,10 @@ ECC Curve Sizes:
#include <wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h> #include <wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h>
#endif #endif
#ifdef WOLFSSL_SE050
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
#endif
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
#define GEN_MEM_ERR MP_MEM #define GEN_MEM_ERR MP_MEM
#elif defined(USE_FAST_MATH) #elif defined(USE_FAST_MATH)
@ -5258,9 +5262,15 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
} }
#elif defined(WOLFSSL_KCAPI_ECC) #elif defined(WOLFSSL_KCAPI_ECC)
err = KcapiEcc_Sign(key, in, inlen, out, outlen); err = KcapiEcc_Sign(key, in, inlen, out, outlen);
if (err != MP_OKAY) {
return err;
}
(void)rng; (void)rng;
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050)
err = se050_ecc_sign_hash_ex(in, inlen, out, outlen, key); err = se050_ecc_sign_hash_ex(in, inlen, out, outlen, key);
if (err != MP_OKAY) {
return err;
}
(void)rng; (void)rng;
#endif #endif

7
wolfcrypt/src/ed25519.c
View File

@ -44,6 +44,9 @@
#ifdef FREESCALE_LTC_ECC #ifdef FREESCALE_LTC_ECC
#include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h> #include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
#endif #endif
#ifdef WOLFSSL_SE050
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
#endif
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h> #include <wolfssl/wolfcrypt/cryptocb.h>
@ -827,10 +830,6 @@ int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId)
fe_init(); fe_init();
#endif #endif
#ifdef WOLFSSL_SE050
se050_ed25519_create_key(key);
#endif
#ifdef WOLFSSL_ED25519_PERSISTENT_SHA #ifdef WOLFSSL_ED25519_PERSISTENT_SHA
return ed25519_hash_init(key, &key->sha); return ed25519_hash_init(key, &key->sha);
#else /* !WOLFSSL_ED25519_PERSISTENT_SHA */ #else /* !WOLFSSL_ED25519_PERSISTENT_SHA */

329
wolfcrypt/src/port/nxp/se050_port.c
View File

@ -35,6 +35,7 @@
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/ed25519.h> #include <wolfssl/wolfcrypt/ed25519.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/curve25519.h>
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h> #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
@ -126,6 +127,7 @@ int se050_allocate_key(int keyType)
case SE050_AES_KEY: case SE050_AES_KEY:
case SE050_ECC_KEY: case SE050_ECC_KEY:
case SE050_ED25519_KEY: case SE050_ED25519_KEY:
case SE050_CURVE25519_KEY:
case SE050_ANY_KEY: case SE050_ANY_KEY:
keyId = keyId_allocator++; keyId = keyId_allocator++;
break; break;
@ -481,6 +483,23 @@ static int se050_map_curve(int curve_id, int keySize,
return ret; return ret;
} }
static sss_algorithm_t se050_map_hash_alg(int hashLen)
{
sss_algorithm_t algorithm = kAlgorithm_None;
if (hashLen == 20) {
algorithm = kAlgorithm_SSS_SHA1;
} else if (hashLen == 28) {
algorithm = kAlgorithm_SSS_SHA224;
} else if (hashLen == 32) {
algorithm = kAlgorithm_SSS_SHA256;
} else if (hashLen == 48) {
algorithm = kAlgorithm_SSS_SHA384;
} else if (hashLen == 64) {
algorithm = kAlgorithm_SSS_SHA512;
}
return algorithm;
}
int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out, int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
word32 *outLen, struct ecc_key* key) word32 *outLen, struct ecc_key* key)
{ {
@ -489,7 +508,7 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
sss_asymmetric_t ctx_asymm; sss_asymmetric_t ctx_asymm;
sss_key_store_t host_keystore; sss_key_store_t host_keystore;
sss_object_t newKey; sss_object_t newKey;
sss_algorithm_t algorithm = kAlgorithm_None; sss_algorithm_t algorithm;
int keySize; int keySize;
int keySizeBits; int keySizeBits;
@ -515,18 +534,12 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
if (inLen > (word32)keySize) if (inLen > (word32)keySize)
inLen = (word32)keySize; inLen = (word32)keySize;
if (inLen == 20) algorithm = se050_map_hash_alg(inLen);
algorithm = kAlgorithm_SSS_SHA1; if (algorithm == kAlgorithm_None) {
else if (inLen == 28) inLen = keySize; /* try key size */
algorithm = kAlgorithm_SSS_SHA224; algorithm = se050_map_hash_alg(inLen);
else if (inLen == 32) }
algorithm = kAlgorithm_SSS_SHA256; if (algorithm == kAlgorithm_None) {
else if (inLen == 48)
algorithm = kAlgorithm_SSS_SHA384;
else if (inLen == 64)
algorithm = kAlgorithm_SSS_SHA512;
else {
/* not supported curve key size */
return ECC_CURVE_OID_E; return ECC_CURVE_OID_E;
} }
@ -553,8 +566,8 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
if (status == kStatus_SSS_Success) { if (status == kStatus_SSS_Success) {
byte sigBuf[ECC_MAX_SIG_SIZE]; byte sigBuf[ECC_MAX_SIG_SIZE];
size_t sigSz = sizeof(sigBuf); size_t sigSz = sizeof(sigBuf);
status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t*)in, status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t*)in, inLen,
inLen, sigBuf, &sigSz); sigBuf, &sigSz);
if (status == kStatus_SSS_Success) { if (status == kStatus_SSS_Success) {
/* SE050 returns ASN.1 encoded signature */ /* SE050 returns ASN.1 encoded signature */
word32 rLen = keySize, sLen = keySize; word32 rLen = keySize, sLen = keySize;
@ -596,7 +609,7 @@ int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* sigRS,
sss_asymmetric_t ctx_asymm; sss_asymmetric_t ctx_asymm;
sss_object_t newKey; sss_object_t newKey;
sss_key_store_t host_keystore; sss_key_store_t host_keystore;
sss_algorithm_t algorithm = kAlgorithm_None; sss_algorithm_t algorithm;
int keyId; int keyId;
int keySize; int keySize;
int keySizeBits; int keySizeBits;
@ -625,18 +638,12 @@ int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* sigRS,
if (hashLen > (word32)keySize) if (hashLen > (word32)keySize)
hashLen = (word32)keySize; hashLen = (word32)keySize;
if (hashLen == 20) algorithm = se050_map_hash_alg(hashLen);
algorithm = kAlgorithm_SSS_SHA1; if (algorithm == kAlgorithm_None) {
else if (hashLen == 28) hashLen = keySize; /* try key size */
algorithm = kAlgorithm_SSS_SHA224; algorithm = se050_map_hash_alg(hashLen);
else if (hashLen == 32) }
algorithm = kAlgorithm_SSS_SHA256; if (algorithm == kAlgorithm_None) {
else if (hashLen == 48)
algorithm = kAlgorithm_SSS_SHA384;
else if (hashLen == 64)
algorithm = kAlgorithm_SSS_SHA512;
else {
/* not supported curve key size */
return ECC_CURVE_OID_E; return ECC_CURVE_OID_E;
} }
@ -814,7 +821,7 @@ int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize)
if (status == kStatus_SSS_Success) { if (status == kStatus_SSS_Success) {
keyId = se050_allocate_key(SE050_ECC_KEY); keyId = se050_allocate_key(SE050_ECC_KEY);
status = sss_key_object_allocate_handle(&keyPair, keyId, status = sss_key_object_allocate_handle(&keyPair, keyId,
kSSS_KeyPart_Pair, curveType, keySizeBits, kSSS_KeyPart_Pair, curveType, keySize,
kKeyObject_Mode_Transient); kKeyObject_Mode_Transient);
} }
if (status == kStatus_SSS_Success) { if (status == kStatus_SSS_Success) {
@ -914,7 +921,7 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
if (status == kStatus_SSS_Success) { if (status == kStatus_SSS_Success) {
keyId = public_key->keyId; keyId = public_key->keyId;
if (keyId <= 0) { if (keyId <= 0) {
byte derBuf[256]; byte derBuf[SE050_ECC_DER_MAX];
word32 derSz; word32 derSz;
ret = wc_EccPublicKeyToDer(public_key, derBuf, ret = wc_EccPublicKeyToDer(public_key, derBuf,
@ -1167,7 +1174,6 @@ int se050_ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
return ret; return ret;
} }
int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen, int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen,
const byte* msg, word32 msgLen, struct ed25519_key* key, int* res) const byte* msg, word32 msgLen, struct ed25519_key* key, int* res)
{ {
@ -1268,4 +1274,265 @@ int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen,
#endif /* HAVE_ED25519 */ #endif /* HAVE_ED25519 */
#ifdef HAVE_CURVE25519
int se050_curve25519_create_key(curve25519_key* key, int keySize)
{
int ret;
sss_status_t status = kStatus_SSS_Success;
sss_object_t keyPair;
sss_key_store_t host_keystore;
uint8_t derBuf[SE050_ECC_DER_MAX];
size_t derSz = sizeof(derBuf);
int keyId;
int keyCreated = 0;
#ifdef SE050_DEBUG
printf("se050_curve25519_create_key: key %p, keySize %d\n",
key, keySize);
#endif
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E;
}
status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
if (status == kStatus_SSS_Success) {
status = sss_key_store_allocate(&host_keystore,
SE050_KEYSTOREID_CURVE25519);
}
if (status == kStatus_SSS_Success) {
status = sss_key_object_init(&keyPair, &host_keystore);
}
if (status == kStatus_SSS_Success) {
keyId = se050_allocate_key(SE050_CURVE25519_KEY);
status = sss_key_object_allocate_handle(&keyPair, keyId,
kSSS_KeyPart_Pair, kSSS_CipherType_EC_MONTGOMERY, keySize,
kKeyObject_Mode_None);
}
if (status == kStatus_SSS_Success) {
keyCreated = 1;
status = sss_key_store_generate_key(&host_keystore, &keyPair,
keySize * 8, NULL);
}
if (status == kStatus_SSS_Success) {
size_t derSzBits = derSz * 8;
status = sss_key_store_get_key(&host_keystore, &keyPair,
derBuf, &derSz, &derSzBits);
(void)derSzBits; /* not used */
}
if (status == kStatus_SSS_Success) {
word32 idx = 0;
ret = wc_Curve25519PublicKeyDecode(derBuf, &idx, key, (word32)derSz);
if (ret == 0) {
key->p.point[CURVE25519_KEYSIZE-1] &= ~0x80; /* clear MSB */
}
else {
status = kStatus_SSS_Fail;
}
}
if (status == kStatus_SSS_Success) {
key->keyId = keyId;
ret = 0;
}
else {
if (keyCreated) {
sss_key_store_erase_key(&host_keystore, &keyPair);
sss_key_object_free(&keyPair);
}
ret = WC_HW_E;
}
wolfSSL_CryptHwMutexUnLock();
#ifdef SE050_DEBUG
printf("se050_curve25519_create_key: key %p, ret %d, keyId %d\n",
key, ret, key->keyId);
#endif
return ret;
}
int se050_curve25519_shared_secret(curve25519_key* private_key,
curve25519_key* public_key, ECPoint* out)
{
int ret;
sss_status_t status = kStatus_SSS_Success;
sss_key_store_t host_keystore;
sss_object_t ref_private_key;
sss_object_t ref_public_key;
sss_object_t deriveKey;
sss_derive_key_t ctx_derive_key;
int keyId;
int keySize = CURVE25519_KEYSIZE;
int keyCreated = 0;
int deriveKeyCreated = 0;
#ifdef SE050_DEBUG
printf("se050_curve25519_shared_secret: priv %p, pub %p, out %p (%d)\n",
private_key, public_key, out, out->pointSz);
#endif
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
if (private_key->keyId <= 0) {
return BAD_FUNC_ARG;
}
if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E;
}
status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
if (status == kStatus_SSS_Success) {
status = sss_key_store_allocate(&host_keystore,
SE050_KEYSTOREID_CURVE25519);
}
if (status == kStatus_SSS_Success) {
status = sss_key_object_init(&ref_private_key, &host_keystore);
}
if (status == kStatus_SSS_Success) {
status = sss_key_object_get_handle(&ref_private_key, private_key->keyId);
}
if (status == kStatus_SSS_Success) {
status = sss_key_object_init(&ref_public_key, &host_keystore);
}
if (status == kStatus_SSS_Success) {
keyId = public_key->keyId;
if (keyId <= 0) {
byte derBuf[SE050_ECC_DER_MAX];
word32 derSz;
ret = wc_Curve25519PublicKeyToDer(public_key, derBuf,
(word32)sizeof(derBuf), 1);
if (ret >= 0) {
derSz = ret;
ret = 0;
}
else {
status = kStatus_SSS_Fail;
}
if (status == kStatus_SSS_Success) {
keyId = se050_allocate_key(SE050_CURVE25519_KEY);
status = sss_key_object_allocate_handle(&ref_public_key,
keyId, kSSS_KeyPart_Public, kSSS_CipherType_EC_MONTGOMERY,
keySize, kKeyObject_Mode_Transient);
}
if (status == kStatus_SSS_Success) {
keyCreated = 1;
status = sss_key_store_set_key(&host_keystore, &ref_public_key,
derBuf, derSz, keySize * 8, NULL, 0);
}
}
else {
status = sss_key_object_get_handle(&ref_public_key, keyId);
}
}
if (status == kStatus_SSS_Success) {
status = sss_key_object_init(&deriveKey, &host_keystore);
}
if (status == kStatus_SSS_Success) {
int keyIdAes = se050_allocate_key(SE050_AES_KEY);
deriveKeyCreated = 1;
status = sss_key_object_allocate_handle(&deriveKey,
keyIdAes,
kSSS_KeyPart_Default,
kSSS_CipherType_Binary,
keySize,
kKeyObject_Mode_Transient);
}
if (status == kStatus_SSS_Success) {
status = sss_derive_key_context_init(&ctx_derive_key, cfg_se050_i2c_pi,
&ref_private_key, kAlgorithm_SSS_ECDH,
kMode_SSS_ComputeSharedSecret);
if (status == kStatus_SSS_Success) {
status = sss_derive_key_dh(&ctx_derive_key, &ref_public_key,
&deriveKey);
}
if (status == kStatus_SSS_Success) {
size_t outlenSz = sizeof(out->point);
size_t outlenSzBits = outlenSz * 8;
/* derived key export */
status = sss_key_store_get_key(&host_keystore, &deriveKey,
out->point, &outlenSz, &outlenSzBits);
out->pointSz = (word32)outlenSz;
(void)outlenSzBits; /* not used */
}
sss_derive_key_context_free(&ctx_derive_key);
}
if (deriveKeyCreated) {
sss_key_store_erase_key(&host_keystore, &deriveKey);
sss_key_object_free(&deriveKey);
}
if (status == kStatus_SSS_Success) {
public_key->keyId = keyId;
ret = 0;
}
else {
if (keyCreated) {
sss_key_store_erase_key(&host_keystore, &public_key);
sss_key_object_free(&public_key);
}
if (ret == 0)
ret = WC_HW_E;
}
wolfSSL_CryptHwMutexUnLock();
#ifdef SE050_DEBUG
printf("se050_curve25519_shared_secret: ret %d, outlen %d\n",
ret, out->pointSz);
#endif
return ret;
}
void se050_curve25519_free_key(struct curve25519_key* key)
{
sss_status_t status;
sss_object_t newKey;
sss_key_store_t host_keystore;
#ifdef SE050_DEBUG
printf("se050_curve25519_free_key: %p, id %d\n", key, key->keyId);
#endif
if (cfg_se050_i2c_pi == NULL) {
return;
}
if (key->keyId <= 0) {
return;
}
if (wolfSSL_CryptHwMutexLock() != 0) {
return;
}
status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
if (status == kStatus_SSS_Success) {
status = sss_key_store_allocate(&host_keystore,
SE050_KEYSTOREID_CURVE25519);
}
if (status == kStatus_SSS_Success) {
status = sss_key_object_init(&newKey, &host_keystore);
}
if (status == kStatus_SSS_Success) {
status = sss_key_object_get_handle(&newKey, key->keyId);
}
if (status == kStatus_SSS_Success) {
sss_key_object_free(&newKey);
key->keyId = -1;
}
wolfSSL_CryptHwMutexUnLock();
}
#endif /* HAVE_CURVE25519 */
#endif /* WOLFSSL_SE050 */ #endif /* WOLFSSL_SE050 */

6
wolfcrypt/src/sha256.c
View File

@ -145,7 +145,9 @@ where 0 <= L < 2^64.
#ifdef WOLFSSL_DEVCRYPTO_HASH #ifdef WOLFSSL_DEVCRYPTO_HASH
#include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h> #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
#endif #endif
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
#endif
#if defined(USE_INTEL_SPEEDUP) #if defined(USE_INTEL_SPEEDUP)
@ -587,7 +589,6 @@ static int InitSha256(wc_Sha256* sha256)
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
{ {
if (sha256 == NULL) { if (sha256 == NULL) {
@ -1418,7 +1419,6 @@ static int InitSha256(wc_Sha256* sha256)
} }
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId) int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId)
{ {
if (sha224 == NULL) { if (sha224 == NULL) {

8
wolfcrypt/src/sha512.c
View File

@ -47,10 +47,6 @@
#include <wolfssl/wolfcrypt/cryptocb.h> #include <wolfssl/wolfcrypt/cryptocb.h>
#endif #endif
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
#endif
/* deprecated USE_SLOW_SHA2 (replaced with USE_SLOW_SHA512) */ /* deprecated USE_SLOW_SHA2 (replaced with USE_SLOW_SHA512) */
#if defined(USE_SLOW_SHA2) && !defined(USE_SLOW_SHA512) #if defined(USE_SLOW_SHA2) && !defined(USE_SLOW_SHA512)
#define USE_SLOW_SHA512 #define USE_SLOW_SHA512
@ -151,6 +147,10 @@
#include <wolfcrypt/src/misc.c> #include <wolfcrypt/src/misc.c>
#endif #endif
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
#endif
#if defined(USE_INTEL_SPEEDUP) #if defined(USE_INTEL_SPEEDUP)
#if defined(__GNUC__) && ((__GNUC__ < 4) || \ #if defined(__GNUC__) && ((__GNUC__ < 4) || \

27
wolfcrypt/test/test.c
View File

@ -21607,7 +21607,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
/* create a new key since above test for loading key is not supported */ /* create a new key since above test for loading key is not supported */
#if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) || \ #if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) || \
defined(WOLFSSL_QNX_CAAM) defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SE050)
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-9861, done); ERROR_OUT(-9861, done);
@ -21622,8 +21622,10 @@ static int ecc_test_make_pub(WC_RNG* rng)
#if defined(WOLFSSL_ASYNC_CRYPT) #if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif #endif
if (ret == 0) if (ret == 0) {
ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp, &tmpSz, rng, key); ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp,
&tmpSz, rng, key);
}
} while (ret == WC_PENDING_E); } while (ret == WC_PENDING_E);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-9862, done); ERROR_OUT(-9862, done);
@ -21637,8 +21639,10 @@ static int ecc_test_make_pub(WC_RNG* rng)
#if defined(WOLFSSL_ASYNC_CRYPT) #if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif #endif
if (ret == 0) if (ret == 0) {
ret = wc_ecc_verify_hash(tmp, tmpSz, msg, (word32)XSTRLEN((const char* )msg), &verify, key); ret = wc_ecc_verify_hash(tmp, tmpSz, msg,
(word32)XSTRLEN((const char*)msg), &verify, key);
}
} while (ret == WC_PENDING_E); } while (ret == WC_PENDING_E);
if (ret != 0) { if (ret != 0) {
ERROR_OUT(-9863, done); ERROR_OUT(-9863, done);
@ -21668,7 +21672,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
ERROR_OUT(-9866, done); ERROR_OUT(-9866, done);
} }
#ifndef WOLFSSL_QNX_CAAM #if !defined(WOLFSSL_QNX_CAAM) && !defined(WOLFSSL_SE050)
/* make private only key */ /* make private only key */
wc_ecc_free(key); wc_ecc_free(key);
wc_ecc_init_ex(key, HEAP_HINT, devId); wc_ecc_init_ex(key, HEAP_HINT, devId);
@ -25331,12 +25335,16 @@ WOLFSSL_TEST_SUBROUTINE int curve25519_test(void)
#ifdef HAVE_CURVE25519_SHARED_SECRET #ifdef HAVE_CURVE25519_SHARED_SECRET
/* find shared secret key */ /* find shared secret key */
x = sizeof(sharedA); x = sizeof(sharedA);
if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) if ((ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x)) != 0) {
printf("wc_curve25519_shared_secret 1 %d\n", ret);
return -10703; return -10703;
}
y = sizeof(sharedB); y = sizeof(sharedB);
if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) if ((ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y)) != 0) {
printf("wc_curve25519_shared_secret 2 %d\n", ret);
return -10704; return -10704;
}
/* compare shared secret keys to test they are the same */ /* compare shared secret keys to test they are the same */
if (y != x) if (y != x)
@ -25401,6 +25409,9 @@ WOLFSSL_TEST_SUBROUTINE int curve25519_test(void)
!= 0) != 0)
return -10717; return -10717;
wc_curve25519_free(&userB);
wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
if (wc_curve25519_make_key(&rng, 32, &userB) != 0) if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
return -10718; return -10718;

6
wolfssl/wolfcrypt/curve25519.h
View File

@ -59,7 +59,7 @@ typedef struct {
/* ECC point, the internal structure is Little endian /* ECC point, the internal structure is Little endian
* the mathematical functions used the endianness */ * the mathematical functions used the endianness */
typedef struct { typedef struct ECPoint {
byte point[CURVE25519_KEYSIZE]; byte point[CURVE25519_KEYSIZE];
#ifdef FREESCALE_LTC_ECC #ifdef FREESCALE_LTC_ECC
byte pointY[CURVE25519_KEYSIZE]; byte pointY[CURVE25519_KEYSIZE];
@ -89,6 +89,10 @@ struct curve25519_key {
int devId; int devId;
#endif #endif
#ifdef WOLFSSL_SE050
int keyId;
#endif
/* bit fields */ /* bit fields */
byte pubSet:1; byte pubSet:1;
byte privSet:1; byte privSet:1;

13
wolfssl/wolfcrypt/port/nxp/se050_port.h
View File

@ -24,6 +24,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/visibility.h> #include <wolfssl/wolfcrypt/visibility.h>
#include <wolfssl/wolfcrypt/asn_public.h>
#ifdef __GNUC__ #ifdef __GNUC__
#pragma GCC diagnostic push #pragma GCC diagnostic push
@ -63,6 +64,9 @@
#ifndef SE050_KEYSTOREID_ECC #ifndef SE050_KEYSTOREID_ECC
#define SE050_KEYSTOREID_ECC 60 #define SE050_KEYSTOREID_ECC 60
#endif #endif
#ifndef SE050_KEYSTOREID_CURVE25519
#define SE050_KEYSTOREID_CURVE25519 59
#endif
enum { enum {
SSS_BLOCK_SIZE = 512, SSS_BLOCK_SIZE = 512,
@ -74,7 +78,8 @@ enum SE050KeyType {
SE050_ANY_KEY, SE050_ANY_KEY,
SE050_AES_KEY, SE050_AES_KEY,
SE050_ECC_KEY, SE050_ECC_KEY,
SE050_ED25519_KEY SE050_ED25519_KEY,
SE050_CURVE25519_KEY
}; };
@ -145,4 +150,10 @@ WOLFSSL_LOCAL int se050_ed25519_verify_msg(const byte* signature,
word32 signatureLen, const byte* msg, word32 msgLen, word32 signatureLen, const byte* msg, word32 msgLen,
struct ed25519_key* key, int* res); struct ed25519_key* key, int* res);
struct curve25519_key;
struct ECPoint;
WOLFSSL_LOCAL int se050_curve25519_create_key(struct curve25519_key* key, int keySize);
WOLFSSL_LOCAL int se050_curve25519_shared_secret(struct curve25519_key* private_key,
struct curve25519_key* public_key, struct ECPoint* out);
WOLFSSL_LOCAL void se050_curve25519_free_key(struct curve25519_key* key);
#endif /* _SE050_PORT_H_ */ #endif /* _SE050_PORT_H_ */