forked from wolfSSL/wolfssl
Add Zephyr support for nRF5340 with CryptoCell-312, PSA Crypto fixes (#5418)
* PSA: set AES key bits, define PSA_ALG_NONE/PSA_KEY_ID_NULL if needed * Zephyr: add TimeNowInMilliseconds() for tls13.c, clock_settime() for test.c, update CMakeLists.txt * Skip including unistd.h for Zephyr in benchmark.c * Zephyr: update README, add nRF5340dk support to wolfssl_test sample app * Zephyr: add wolfCrypt benchmark sample app * Zephyr: add nRF5340 support to tls_thread sample app * PSA: use specific hash algo with psa_sign/verify_hash() * Zephyr: add support for PSA Crypto API with PK callbacks to wolfssl_tls_threaded sample app * Zephyr: add new files to zephyr/include.am
This commit is contained in:
Chris Conlon
GitHub
@ -1618,6 +1618,14 @@ end:
|
||||
/* Convert to milliseconds number. */
|
||||
return (word32)(now.tv_sec * 1000 + now.tv_usec / 1000);
|
||||
}
|
||||
#elif defined(WOLFSSL_ZEPHYR)
|
||||
word32 TimeNowInMilliseconds(void)
|
||||
{
|
||||
#if defined(CONFIG_ARCH_POSIX)
|
||||
k_cpu_idle();
|
||||
#endif
|
||||
return (word32)k_uptime_get() / 1000;
|
||||
}
|
||||
|
||||
#else
|
||||
/* The time in milliseconds.
|
||||
|
||||
@ -44,7 +44,9 @@
|
||||
!defined(NO_ERROR_STRINGS) && !defined(NO_MAIN_DRIVER) && \
|
||||
!defined(BENCH_EMBEDDED))
|
||||
#include <errno.h>
|
||||
#include <unistd.h>
|
||||
#ifndef WOLFSSL_ZEPHYR
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Macro to disable benchmark */
|
||||
|
||||
@ -52,6 +52,7 @@ static int wc_psa_aes_import_key(Aes *aes, const uint8_t *key,
|
||||
aes->ctx_initialized = 0;
|
||||
|
||||
psa_set_key_type(&key_attr, PSA_KEY_TYPE_AES);
|
||||
psa_set_key_bits(&key_attr, key_length * 8);
|
||||
psa_set_key_usage_flags(&key_attr,
|
||||
dir == AES_ENCRYPTION ? PSA_KEY_USAGE_ENCRYPT :
|
||||
dir == AES_DECRYPTION ? PSA_KEY_USAGE_DECRYPT : 0);
|
||||
@ -125,7 +126,7 @@ int wc_psa_aes_get_key_size(Aes *aes, word32 *keySize)
|
||||
* @dir: direction to use with this key
|
||||
*
|
||||
*
|
||||
* NOTE: if we don't know for teh mode or the direction (@alg == 0) the key
|
||||
* NOTE: if we don't know the mode or the direction (@alg == 0) the key
|
||||
* import operation will be delayed until the first wc_psa_aes_encrypt_decrypt()
|
||||
* invocation. In this case the key is temporary stored inside the AES
|
||||
* object. Indeed PSA requires that the mode of operation is already known when
|
||||
@ -147,7 +148,7 @@ int wc_psa_aes_set_key(Aes *aes, const uint8_t *key, size_t key_length,
|
||||
if (s != PSA_SUCCESS)
|
||||
return WC_HW_E;
|
||||
|
||||
aes->ctx_initialized =0;
|
||||
aes->ctx_initialized = 0;
|
||||
}
|
||||
|
||||
/* a key was already imported, destroy it first */
|
||||
|
||||
@ -255,6 +255,31 @@ static int psa_ecc_shared_secret_cb(WOLFSSL* ssl, struct ecc_key* other_key,
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Map hash length to equivalent psa_algorithm_t type.
|
||||
*
|
||||
* hash_len - length of hash
|
||||
*
|
||||
* Return psa_algorithm_t representing hash algorithm for hash length, or
|
||||
* PSA_ALG_NONE if no match.
|
||||
*/
|
||||
static int psa_map_hash_alg(int hash_len)
|
||||
{
|
||||
switch (hash_len) {
|
||||
case 20:
|
||||
return PSA_ALG_SHA_1;
|
||||
case 28:
|
||||
return PSA_ALG_SHA_224;
|
||||
case 32:
|
||||
return PSA_ALG_SHA_256;
|
||||
case 48:
|
||||
return PSA_ALG_SHA_384;
|
||||
case 64:
|
||||
return PSA_ALG_SHA_512;
|
||||
default:
|
||||
return PSA_ALG_NONE;
|
||||
}
|
||||
}
|
||||
|
||||
static int psa_ecc_sign_cb(WOLFSSL* ssl, const unsigned char* input,
|
||||
unsigned int input_length,
|
||||
unsigned char* signature, word32* signature_size,
|
||||
@ -266,6 +291,7 @@ static int psa_ecc_sign_cb(WOLFSSL* ssl, const unsigned char* input,
|
||||
psa_status_t status;
|
||||
size_t rs_length;
|
||||
word32 point_len;
|
||||
psa_algorithm_t hash_algo;
|
||||
int ret;
|
||||
|
||||
(void)ssl;
|
||||
@ -277,8 +303,11 @@ static int psa_ecc_sign_cb(WOLFSSL* ssl, const unsigned char* input,
|
||||
if (psa_ctx == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* Get correct hash algorithm that matches input hash length */
|
||||
hash_algo = psa_map_hash_alg(input_length);
|
||||
|
||||
status = psa_sign_hash(psa_ctx->private_key,
|
||||
PSA_ALG_ECDSA_ANY, input,
|
||||
PSA_ALG_ECDSA(hash_algo), input,
|
||||
input_length, rs, sizeof(rs),
|
||||
&rs_length);
|
||||
if (status != PSA_SUCCESS)
|
||||
@ -294,7 +323,8 @@ static int psa_ecc_sign_cb(WOLFSSL* ssl, const unsigned char* input,
|
||||
}
|
||||
|
||||
static int psa_ecc_decode_public_key(const uint8_t *key, word32 key_length,
|
||||
psa_key_id_t *key_id)
|
||||
psa_key_id_t *key_id,
|
||||
psa_algorithm_t hash_algo)
|
||||
{
|
||||
uint8_t raw_key[(MAX_ECC_BYTES * 2) + 1];
|
||||
psa_key_attributes_t attr = { 0 };
|
||||
@ -327,7 +357,7 @@ static int psa_ecc_decode_public_key(const uint8_t *key, word32 key_length,
|
||||
psa_set_key_type(&attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(ecc_curve));
|
||||
psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_VERIFY_HASH);
|
||||
psa_set_key_bits(&attr, ecc_curve_size * 8);
|
||||
psa_set_key_algorithm(&attr, PSA_ALG_ECDSA_ANY);
|
||||
psa_set_key_algorithm(&attr, PSA_ALG_ECDSA(hash_algo));
|
||||
|
||||
PSA_LOCK();
|
||||
status = psa_import_key(&attr, raw_key, raw_key_length, key_id);
|
||||
@ -354,13 +384,17 @@ static int psa_ecc_verify_cb(WOLFSSL* ssl, const byte* sig, word32 sig_length,
|
||||
psa_key_id_t tmp_key;
|
||||
word32 r_len, s_len;
|
||||
psa_status_t status;
|
||||
psa_algorithm_t hash_algo;
|
||||
int ret;
|
||||
|
||||
(void)ssl;
|
||||
(void)ctx;
|
||||
WOLFSSL_ENTER("psa_ecc_verify_cb");
|
||||
|
||||
ret = psa_ecc_decode_public_key(key, key_length, &tmp_key);
|
||||
/* Get correct hash algorithm that matches input hash length */
|
||||
hash_algo = psa_map_hash_alg(hash_length);
|
||||
|
||||
ret = psa_ecc_decode_public_key(key, key_length, &tmp_key, hash_algo);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
@ -375,7 +409,7 @@ static int psa_ecc_verify_cb(WOLFSSL* ssl, const byte* sig, word32 sig_length,
|
||||
XMEMCPY(raw_signature + r_len, s, s_len);
|
||||
|
||||
PSA_LOCK();
|
||||
status = psa_verify_hash(tmp_key, PSA_ALG_ECDSA_ANY, hash,
|
||||
status = psa_verify_hash(tmp_key, PSA_ALG_ECDSA(hash_algo), hash,
|
||||
hash_length, raw_signature, r_len + s_len);
|
||||
PSA_UNLOCK();
|
||||
|
||||
|
||||
@ -1537,6 +1537,13 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
|
||||
tz.tz_dsttime = 0;
|
||||
os_settimeofday(&utctime, &tz);
|
||||
#endif
|
||||
#ifdef WOLFSSL_ZEPHYR
|
||||
/* set dummy wallclock time. */
|
||||
struct timespec utctime;
|
||||
utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
|
||||
utctime.tv_nsec = 0;
|
||||
clock_settime(CLOCK_REALTIME, &utctime);
|
||||
#endif
|
||||
#ifdef DEVKITPRO
|
||||
void *framebuffer;
|
||||
GXRModeObj *rmode = NULL;
|
||||
|
||||
@ -67,6 +67,13 @@
|
||||
#include <wolfssl/ssl.h>
|
||||
#endif
|
||||
|
||||
#ifndef PSA_ALG_NONE
|
||||
#define PSA_ALG_NONE ((psa_algorithm_t)0)
|
||||
#endif
|
||||
#ifndef PSA_KEY_ID_NULL
|
||||
#define PSA_KEY_ID_NULL ((psa_key_id_t)0)
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_PSA_GLOBAL_LOCK)
|
||||
void PSA_LOCK(void);
|
||||
void PSA_UNLOCK(void);
|
||||
|
||||
@ -16,13 +16,14 @@ if(CONFIG_WOLFSSL)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/zephyr/zephyr_init.c)
|
||||
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/crl.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/dtls13.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/internal.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/keys.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/ocsp.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/sniffer.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/ssl.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/tls13.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/tls.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/tls13.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/wolfio.c)
|
||||
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/aes.c)
|
||||
@ -31,26 +32,33 @@ if(CONFIG_WOLFSSL)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/asn.c)
|
||||
#zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/async.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/blake2b.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/blake2s.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/camellia.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/chacha20_poly1305.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/chacha.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/chacha20_poly1305.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/cmac.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/coding.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/compress.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/cpuid.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/cryptocb.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/curve25519.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/curve448.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/des3.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dh.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dsa.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ecc.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ecc_fp.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/eccsi.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ed25519.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ed448.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/error.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/falcon.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_448.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_low_mem.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_operations.c)
|
||||
#zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fips.c)
|
||||
#zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fips_test.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ge_448.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ge_low_mem.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ge_operations.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/hash.c)
|
||||
@ -70,22 +78,26 @@ if(CONFIG_WOLFSSL)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/random.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ripemd.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/rsa.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sakke.c)
|
||||
#zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/selftest.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha256.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha3.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha512.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/signature.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/siphash.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_arm32.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_arm64.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_armthumb.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_c32.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_c64.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_cortexm.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_dsp32.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_int.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_x86_64.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/srp.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/tfm.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_dsp.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_encrypt.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_pkcs11.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_port.c)
|
||||
@ -93,6 +105,11 @@ if(CONFIG_WOLFSSL)
|
||||
#zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfcrypt_last.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfmath.c)
|
||||
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa_aes.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa_hash.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa_pkcbs.c)
|
||||
|
||||
zephyr_library_link_libraries(wolfSSL)
|
||||
|
||||
|
||||
@ -12,7 +12,9 @@ It provides the following zephyr code.
|
||||
- modules/crypto/wolfssl/zephyr/
|
||||
- Configuration and CMake files for wolfSSL as a Zephyr module
|
||||
- modules/crypto/wolfssl/zephyr/samples/wolfssl_test
|
||||
- wolfcrypt unit test application
|
||||
- wolfCrypt test application
|
||||
- modules/crypto/wolfssl/zephyr/samples/wolfssl_bench
|
||||
- wolfCrypt benchmark application
|
||||
- modules/crypto/wolfssl/zephyr/samples/wolfssl_tls_sock
|
||||
- socket based sample of TLS
|
||||
- modules/crypto/wolfssl/zephyr/samples/wolfssl_tls_thread
|
||||
@ -22,7 +24,7 @@ It provides the following zephyr code.
|
||||
|
||||
### Modify your project's west manifest
|
||||
|
||||
Add wolfssl as a project:
|
||||
Add wolfssl as a project to your west.yml:
|
||||
```
|
||||
manifest:
|
||||
remotes:
|
||||
@ -38,17 +40,27 @@ manifest:
|
||||
remote: wolfssl
|
||||
```
|
||||
|
||||
If you are using the Nordic nRF Connect SDK with Zephyr, the sdk-nrf manifest
|
||||
file is located at: `vX.X.X/nrf/west.yml`. On OSX the default installation
|
||||
location for the nRF Connect SDK is at `/opt/nordic/ncs/vX.X.X`.
|
||||
|
||||
Update west's modules:
|
||||
|
||||
```bash
|
||||
west update
|
||||
```
|
||||
|
||||
Now west recognizes 'wolfssl' as a module, and will include it's Kconfig and CMakeFiles.txt in the build system.
|
||||
Now west recognizes 'wolfssl' as a module, and will include it's Kconfig and
|
||||
CMakeFiles.txt in the build system.
|
||||
|
||||
## Build & test
|
||||
If using the Nordic nRF Connect SDK, to get access to a terminal with west
|
||||
tool access, open "nRF Connect for Desktop", then "Toolchain Manager",
|
||||
and finally next to the SDK version you are using click the drop down arrow,
|
||||
then "Open Terminal".
|
||||
|
||||
build and execute wolfssl_test
|
||||
## Build and Run wolfCrypt Test Application
|
||||
|
||||
build and execute `wolfssl_test`
|
||||
|
||||
```
|
||||
cd [zephyrproject]
|
||||
@ -56,7 +68,17 @@ west build -p auto -b qemu_x86 modules/crypto/wolfssl/zephyr/samples/wolfssl_tes
|
||||
west build -t run
|
||||
```
|
||||
|
||||
### Run wolfSSL example wolfssl_tls_sock
|
||||
## Build and Run wolfCrypt Benchmark Application
|
||||
|
||||
build and execute `wolfssl_benchmark`
|
||||
|
||||
```
|
||||
cd [zephyrproject]
|
||||
west build -p auto -b qemu_x86 modules/crypto/wolfssl/zephyr/samples/wolfssl_benchmark
|
||||
west build -t run
|
||||
```
|
||||
|
||||
### Build and Run wolfSSL example `wolfssl_tls_sock`
|
||||
|
||||
```
|
||||
cd [zephyrproject]
|
||||
@ -64,7 +86,7 @@ west build -p auto -b qemu_x86 modules/crypto/wolfssl/zephyr/samples/wolfssl_tls
|
||||
west build -t run
|
||||
```
|
||||
|
||||
### Run wolfSSL example wolfssl_tls_thread
|
||||
### Build and Run wolfSSL example `wolfssl_tls_thread`
|
||||
|
||||
```
|
||||
cd [zephyrproject]
|
||||
|
||||
@ -8,11 +8,22 @@ EXTRA_DIST+= zephyr/Kconfig.tls-generic
|
||||
EXTRA_DIST+= zephyr/zephyr_init.c
|
||||
EXTRA_DIST+= zephyr/module.yml
|
||||
EXTRA_DIST+= zephyr/wolfssl/options.h
|
||||
EXTRA_DIST+= zephyr/nrf5340dk_nrf5340_user_settings.h
|
||||
EXTRA_DIST+= zephyr/user_settings.h
|
||||
EXTRA_DIST+= zephyr/user_settings-tls-generic.h
|
||||
EXTRA_DIST+= zephyr/README.md
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/CMakeLists.txt
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/README
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp.conf
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/install_test.sh
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/prj.conf
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/sample.yaml
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_test/CMakeLists.txt
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_test/README
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp.conf
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_test/install_test.sh
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_test/prj.conf
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_test/sample.yaml
|
||||
@ -25,6 +36,8 @@ EXTRA_DIST+= zephyr/samples/wolfssl_tls_sock/src
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/CMakeLists.txt
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/README
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp.conf
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/install_sample.sh
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/prj.conf
|
||||
EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/sample.yaml
|
||||
|
||||
133
zephyr/nrf5340dk_nrf5340_user_settings.h
Normal file
133
zephyr/nrf5340dk_nrf5340_user_settings.h
Normal file
@ -0,0 +1,133 @@
|
||||
/* nrf5340dk_nrf5340_user_settings.h
|
||||
*
|
||||
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#ifndef WOLFSSL_OPTIONS_H
|
||||
#define WOLFSSL_OPTIONS_H
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* Platform */
|
||||
#undef WOLFSSL_ZEPHYR
|
||||
#define WOLFSSL_ZEPHYR
|
||||
|
||||
#define WOLFSSL_GENERAL_ALIGNMENT 4
|
||||
#define SIZEOF_LONG_LONG 8
|
||||
|
||||
/* Enable PSA Crypto API for CryptoCell 312 crypto use */
|
||||
#define WOLFSSL_HAVE_PSA
|
||||
#define WOLFSSL_PSA_GLOBAL_LOCK
|
||||
|
||||
/* Enable SP Math */
|
||||
#define WOLFSSL_SP_MATH
|
||||
#define WOLFSSL_SP_MATH_ALL
|
||||
#define WOLFSSL_HAVE_SP_RSA
|
||||
#define WOLFSSL_HAVE_SP_DH
|
||||
#define WOLFSSL_HAVE_SP_ECC
|
||||
|
||||
/* Enable SP Math assembly support for ARM32 */
|
||||
#define SP_WORD_SIZE 32
|
||||
#define WOLFSSL_SP_ASM
|
||||
#define WOLFSSL_SP_ARM32
|
||||
#define WOLFSSL_SP_ARM32_ASM
|
||||
|
||||
/* Crypto */
|
||||
#define WC_RSA_BLINDING
|
||||
#define WC_RSA_PSS
|
||||
#define WOLFSSL_DH_CONST
|
||||
#define HAVE_FFDHE_2048
|
||||
|
||||
#define HAVE_ECC
|
||||
#define ECC_USER_CURVES
|
||||
//#define HAVE_ECC192
|
||||
//#define HAVE_ECC224
|
||||
#undef NO_ECC256
|
||||
//#define HAVE_ECC384
|
||||
//#define HAVE_ECC521
|
||||
#define ECC_SHAMIR
|
||||
#define ECC_TIMING_RESISTANT
|
||||
|
||||
#define WOLFSSL_AES_DIRECT
|
||||
#define HAVE_AES_ECB
|
||||
#define HAVE_AES_CBC
|
||||
#define HAVE_AESCCM
|
||||
#define HAVE_AESGCM
|
||||
#define GCM_TABLE_4BIT
|
||||
|
||||
/* AES-CTR is not working correctly with Nordic PSA Crypto API */
|
||||
/* #define WOLFSSL_AES_COUNTER */
|
||||
|
||||
#define HAVE_CHACHA
|
||||
#define HAVE_POLY1305
|
||||
#define HAVE_ONE_TIME_AUTH
|
||||
|
||||
/* Nordic Security PSA Crypto CryptoCell integration does not support SHA-1 */
|
||||
#define NO_SHA
|
||||
#define WOLFSSL_SHA224
|
||||
#define WOLFSSL_SHA384
|
||||
#define WOLFSSL_SHA512
|
||||
#define WOLFSSL_SHA3
|
||||
|
||||
#define HAVE_HKDF
|
||||
#define WOLFSSL_CMAC
|
||||
|
||||
/* Benchmark / Test */
|
||||
#define BENCH_EMBEDDED
|
||||
#define USE_CERT_BUFFERS_256
|
||||
#define USE_CERT_BUFFERS_2048
|
||||
#define NO_FILESYSTEM
|
||||
|
||||
/* RNG */
|
||||
#define HAVE_HASHDRBG
|
||||
|
||||
/* Features */
|
||||
#define WOLFSSL_TLS13
|
||||
#define WOLFSSL_OLD_PRIME_CHECK
|
||||
#define HAVE_TLS_EXTENSIONS
|
||||
#define HAVE_SUPPORTED_CURVES
|
||||
#define HAVE_EXTENDED_MASTER
|
||||
#define WOLFSSL_BASE64_ENCODE
|
||||
#define WC_NO_ASYNC_THREADING
|
||||
|
||||
/* Disable features that require SHA-1 (see note above) */
|
||||
#define NO_OLD_TLS
|
||||
#define NO_DSA
|
||||
|
||||
/* Disable other features (re-enable if needed) */
|
||||
#define NO_RC4
|
||||
#define NO_PSK
|
||||
#define NO_MD4
|
||||
#define NO_PWDBASED
|
||||
#define NO_DES3
|
||||
|
||||
#if defined(CONFIG_WOLFSSL_DEBUG)
|
||||
#undef DEBUG_WOLFSSL
|
||||
#define DEBUG_WOLFSSL
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_OPTIONS_H */
|
||||
|
||||
8
zephyr/samples/wolfssl_benchmark/CMakeLists.txt
Normal file
8
zephyr/samples/wolfssl_benchmark/CMakeLists.txt
Normal file
@ -0,0 +1,8 @@
|
||||
cmake_minimum_required(VERSION 3.13.1)
|
||||
find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
|
||||
project(wolfssl_benchmark)
|
||||
|
||||
target_sources(app PRIVATE ${ZEPHYR_WOLFSSL_MODULE_DIR}/wolfcrypt/benchmark/benchmark.c)
|
||||
target_include_directories(app PRIVATE ${ZEPHYR_WOLFSSL_MODULE_DIR}/wolfcrypt/benchmark)
|
||||
target_sources(app PRIVATE ${app_sources})
|
||||
add_definitions(-DWOLFSSL_USER_SETTINGS)
|
||||
12
zephyr/samples/wolfssl_benchmark/README
Normal file
12
zephyr/samples/wolfssl_benchmark/README
Normal file
@ -0,0 +1,12 @@
|
||||
|
||||
wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
|
||||
under the GPLv2 or a standard commercial license. For our users who cannot use
|
||||
wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
|
||||
Please contact wolfSSL Inc. directly at:
|
||||
|
||||
Email: licensing@wolfssl.com
|
||||
Phone: +1 425 245-8247
|
||||
|
||||
More information can be found on the wolfSSL website at www.wolfssl.com.
|
||||
|
||||
|
||||
@ -0,0 +1,22 @@
|
||||
# Set user_settings.h file to be used for native wolfSSL build settings
|
||||
CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
|
||||
|
||||
##### PSA and CC3XX #####
|
||||
# Enable Nordic Security Module
|
||||
CONFIG_NRF_SECURITY=y
|
||||
CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
|
||||
# Enable PSA API support (comes from mbedTLS)
|
||||
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
|
||||
# Enable/configure mbedTLS heap
|
||||
CONFIG_MBEDTLS_ENABLE_HEAP=y
|
||||
CONFIG_MBEDTLS_HEAP_SIZE=8192
|
||||
# Disable nrf_oberon crypto library PSA backend
|
||||
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
|
||||
# Enable ARM CryptoCell cc3xx driver PSA backend
|
||||
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y
|
||||
|
||||
##### Logging #####
|
||||
CONFIG_USE_SEGGER_RTT=y
|
||||
CONFIG_LOG_BACKEND_RTT=y
|
||||
CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=15360
|
||||
|
||||
@ -0,0 +1,25 @@
|
||||
CONFIG_BUILD_WITH_TFM=y
|
||||
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
|
||||
|
||||
# Set user_settings.h file to be used for native wolfSSL build settings
|
||||
CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
|
||||
|
||||
##### PSA and CC3XX #####
|
||||
# Enable Nordic Security Module
|
||||
CONFIG_NRF_SECURITY=y
|
||||
CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
|
||||
# Enable PSA API support (comes from mbedTLS)
|
||||
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
|
||||
# Enable/configure mbedTLS heap
|
||||
CONFIG_MBEDTLS_ENABLE_HEAP=y
|
||||
CONFIG_MBEDTLS_HEAP_SIZE=8192
|
||||
# Disable nrf_oberon crypto library PSA backend
|
||||
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
|
||||
# Enable ARM CryptoCell cc3xx driver PSA backend
|
||||
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y
|
||||
|
||||
##### Logging #####
|
||||
CONFIG_USE_SEGGER_RTT=y
|
||||
CONFIG_LOG_BACKEND_RTT=y
|
||||
CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=15360
|
||||
|
||||
49
zephyr/samples/wolfssl_benchmark/install_test.sh
Executable file
49
zephyr/samples/wolfssl_benchmark/install_test.sh
Executable file
@ -0,0 +1,49 @@
|
||||
#!/bin/sh
|
||||
|
||||
WOLFSSL_SRC_DIR=../../..
|
||||
|
||||
if [ ! -d $WOLFSSL_SRC_DIR ]; then
|
||||
echo "Directory does not exist: $WOLFSSL_SRC_DIR"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -f $WOLFSSL_SRC_DIR/wolfcrypt/benchmark/benchmark.c ]; then
|
||||
echo "Missing source file: $WOLFSSL_SRC_DIR/wolfcrypt/benchmark/benchmark.h"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ZEPHYR_DIR=
|
||||
if [ $# -ne 1 ]; then
|
||||
echo "Need location of zephyr project as a command line argument"
|
||||
exit 1
|
||||
else
|
||||
ZEPHYR_DIR=$1
|
||||
fi
|
||||
if [ ! -d $ZEPHR_DIR ]; then
|
||||
echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
|
||||
exit 1
|
||||
fi
|
||||
ZEPHYR_SAMPLES_DIR=$ZEPHYR_DIR/zephyr/samples/modules
|
||||
if [ ! -d $ZEPHYR_SAMPLES_DIR ]; then
|
||||
echo "Zephyr samples/modules directory does not exist: $ZEPHYR_SAMPLES_DIR"
|
||||
exit 1
|
||||
fi
|
||||
ZEPHYR_WOLFSSL_DIR=$ZEPHYR_SAMPLES_DIR/wolfssl_benchmark
|
||||
|
||||
echo "wolfSSL directory:"
|
||||
echo " $ZEPHYR_WOLFSSL_DIR"
|
||||
rm -rf $ZEPHYR_WOLFSSL_DIR
|
||||
mkdir $ZEPHYR_WOLFSSL_DIR
|
||||
|
||||
echo "Copy in Build files ..."
|
||||
cp -r * $ZEPHYR_WOLFSSL_DIR/
|
||||
rm $ZEPHYR_WOLFSSL_DIR/$0
|
||||
|
||||
echo "Copy Source Code ..."
|
||||
rm -rf $ZEPHYR_WOLFSSL_DIR/src
|
||||
mkdir $ZEPHYR_WOLFSSL_DIR/src
|
||||
|
||||
cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/benchmark/benchmark.c $ZEPHYR_WOLFSSL_DIR/src/
|
||||
cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/benchmark/benchmark.h $ZEPHYR_WOLFSSL_DIR/src/
|
||||
|
||||
echo "Done"
|
||||
|
||||
29
zephyr/samples/wolfssl_benchmark/prj.conf
Normal file
29
zephyr/samples/wolfssl_benchmark/prj.conf
Normal file
@ -0,0 +1,29 @@
|
||||
|
||||
# Configure stack and heap sizes
|
||||
CONFIG_MAIN_STACK_SIZE=32768
|
||||
CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=16384
|
||||
|
||||
# Clock for time()
|
||||
CONFIG_POSIX_CLOCK=y
|
||||
|
||||
# TLS configuration
|
||||
CONFIG_WOLFSSL=y
|
||||
CONFIG_WOLFSSL_BUILTIN=y
|
||||
|
||||
# Floating Point
|
||||
CONFIG_FPU=y
|
||||
|
||||
# Logging
|
||||
CONFIG_PRINTK=y
|
||||
CONFIG_CBPRINTF_LIBC_SUBSTS=y
|
||||
CONFIG_CBPRINTF_FP_SUPPORT=y
|
||||
CONFIG_CONSOLE=y
|
||||
CONFIG_LOG=y
|
||||
CONFIG_LOG_BACKEND_UART=y
|
||||
CONFIG_LOG_BUFFER_SIZE=15360
|
||||
#CONFIG_WOLFSSL_DEBUG=y
|
||||
|
||||
# Entropy
|
||||
CONFIG_ENTROPY_GENERATOR=y
|
||||
CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
|
||||
|
||||
10
zephyr/samples/wolfssl_benchmark/sample.yaml
Normal file
10
zephyr/samples/wolfssl_benchmark/sample.yaml
Normal file
@ -0,0 +1,10 @@
|
||||
sample:
|
||||
description: wolfCrypt benchmark sample app
|
||||
name: wolfCrypt benchmark
|
||||
common:
|
||||
min_flash: 65
|
||||
min_ram: 36
|
||||
tags: crypto wolfssl userspace random
|
||||
tests:
|
||||
crypto.wolfssl_benchmark:
|
||||
platform_allow: qemu_x86 nrf5340dk_nrf5340_cpuapp_ns nrf5340dk_nrf5340_cpuapp
|
||||
@ -1,5 +1,5 @@
|
||||
cmake_minimum_required(VERSION 3.13.1)
|
||||
include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
|
||||
find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
|
||||
project(wolfssl_test)
|
||||
|
||||
target_sources(app PRIVATE ${ZEPHYR_WOLFSSL_MODULE_DIR}/wolfcrypt/test/test.c)
|
||||
|
||||
@ -0,0 +1,22 @@
|
||||
# Set user_settings.h file to be used for native wolfSSL build settings
|
||||
CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
|
||||
|
||||
##### PSA and CC3XX #####
|
||||
# Enable Nordic Security Module
|
||||
CONFIG_NRF_SECURITY=y
|
||||
CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
|
||||
# Enable PSA API support (comes from mbedTLS)
|
||||
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
|
||||
# Enable/configure mbedTLS heap
|
||||
CONFIG_MBEDTLS_ENABLE_HEAP=y
|
||||
CONFIG_MBEDTLS_HEAP_SIZE=8192
|
||||
# Disable nrf_oberon crypto library PSA backend
|
||||
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
|
||||
# Enable ARM CryptoCell cc3xx driver PSA backend
|
||||
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y
|
||||
|
||||
##### Logging #####
|
||||
CONFIG_USE_SEGGER_RTT=y
|
||||
CONFIG_LOG_BACKEND_RTT=y
|
||||
CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=15360
|
||||
|
||||
@ -0,0 +1,25 @@
|
||||
CONFIG_BUILD_WITH_TFM=y
|
||||
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
|
||||
|
||||
# Set user_settings.h file to be used for native wolfSSL build settings
|
||||
CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
|
||||
|
||||
##### PSA and CC3XX #####
|
||||
# Enable Nordic Security Module
|
||||
CONFIG_NRF_SECURITY=y
|
||||
CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
|
||||
# Enable PSA API support (comes from mbedTLS)
|
||||
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
|
||||
# Enable/configure mbedTLS heap
|
||||
CONFIG_MBEDTLS_ENABLE_HEAP=y
|
||||
CONFIG_MBEDTLS_HEAP_SIZE=8192
|
||||
# Disable nrf_oberon crypto library PSA backend
|
||||
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
|
||||
# Enable ARM CryptoCell cc3xx driver PSA backend
|
||||
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y
|
||||
|
||||
##### Logging #####
|
||||
CONFIG_USE_SEGGER_RTT=y
|
||||
CONFIG_LOG_BACKEND_RTT=y
|
||||
CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=15360
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
|
||||
# Configure stack and heap sizes
|
||||
CONFIG_MAIN_STACK_SIZE=32768
|
||||
CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=16384
|
||||
|
||||
@ -11,7 +12,13 @@ CONFIG_WOLFSSL_BUILTIN=y
|
||||
|
||||
# Logging
|
||||
CONFIG_PRINTK=y
|
||||
CONFIG_WOLFSSL_DEBUG=y
|
||||
CONFIG_CBPRINTF_LIBC_SUBSTS=y
|
||||
CONFIG_CBPRINTF_FP_SUPPORT=y
|
||||
CONFIG_CONSOLE=y
|
||||
CONFIG_LOG=y
|
||||
CONFIG_LOG_BACKEND_UART=y
|
||||
CONFIG_LOG_BUFFER_SIZE=15360
|
||||
#CONFIG_WOLFSSL_DEBUG=y
|
||||
|
||||
# Entropy
|
||||
CONFIG_ENTROPY_GENERATOR=y
|
||||
|
||||
@ -1,7 +1,10 @@
|
||||
sample:
|
||||
description: wolfCrypt test sample app
|
||||
name: wolfCrypt test
|
||||
common:
|
||||
min_flash: 65
|
||||
min_ram: 36
|
||||
tags: crypto wolfssl userspace random
|
||||
tests:
|
||||
crypto.wolfssl_test:
|
||||
platform_whitelist: qemu_x86
|
||||
platform_allow: qemu_x86 nrf5340dk_nrf5340_cpuapp_ns nrf5340dk_nrf5340_cpuapp
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
cmake_minimum_required(VERSION 3.13.1)
|
||||
include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
|
||||
find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
|
||||
project(wolfssl_tls_threaded)
|
||||
|
||||
FILE(GLOB app_sources src/*.c)
|
||||
|
||||
@ -0,0 +1,22 @@
|
||||
# Set user_settings.h file to be used for native wolfSSL build settings
|
||||
CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
|
||||
|
||||
##### PSA and CC3XX #####
|
||||
# Enable Nordic Security Module
|
||||
CONFIG_NRF_SECURITY=y
|
||||
CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
|
||||
# Enable PSA API support (comes from mbedTLS)
|
||||
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
|
||||
# Enable/configure mbedTLS heap
|
||||
CONFIG_MBEDTLS_ENABLE_HEAP=y
|
||||
CONFIG_MBEDTLS_HEAP_SIZE=8192
|
||||
# Disable nrf_oberon crypto library PSA backend
|
||||
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
|
||||
# Enable ARM CryptoCell cc3xx driver PSA backend
|
||||
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y
|
||||
|
||||
##### Logging #####
|
||||
CONFIG_USE_SEGGER_RTT=y
|
||||
CONFIG_LOG_BACKEND_RTT=y
|
||||
CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=15360
|
||||
|
||||
@ -0,0 +1,25 @@
|
||||
CONFIG_BUILD_WITH_TFM=y
|
||||
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
|
||||
|
||||
# Set user_settings.h file to be used for native wolfSSL build settings
|
||||
CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
|
||||
|
||||
##### PSA and CC3XX #####
|
||||
# Enable Nordic Security Module
|
||||
CONFIG_NRF_SECURITY=y
|
||||
CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
|
||||
# Enable PSA API support (comes from mbedTLS)
|
||||
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
|
||||
# Enable/configure mbedTLS heap
|
||||
CONFIG_MBEDTLS_ENABLE_HEAP=y
|
||||
CONFIG_MBEDTLS_HEAP_SIZE=8192
|
||||
# Disable nrf_oberon crypto library PSA backend
|
||||
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
|
||||
# Enable ARM CryptoCell cc3xx driver PSA backend
|
||||
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y
|
||||
|
||||
##### Logging #####
|
||||
CONFIG_USE_SEGGER_RTT=y
|
||||
CONFIG_LOG_BACKEND_RTT=y
|
||||
CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=15360
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
CONFIG_MAIN_STACK_SIZE=16384
|
||||
CONFIG_ENTROPY_GENERATOR=y
|
||||
CONFIG_INIT_STACKS=y
|
||||
CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
|
||||
CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=65536
|
||||
|
||||
# Clock for time()
|
||||
CONFIG_POSIX_CLOCK=y
|
||||
@ -10,14 +10,20 @@ CONFIG_POSIX_CLOCK=y
|
||||
# Networking
|
||||
CONFIG_NETWORKING=y
|
||||
CONFIG_NET_TEST=y
|
||||
CONFIG_NET_LOOPBACK=y
|
||||
CONFIG_NET_IPV4=y
|
||||
CONFIG_NET_IPV6=y
|
||||
CONFIG_NET_SOCKETS=y
|
||||
CONFIG_DNS_RESOLVER=y
|
||||
|
||||
# Logging
|
||||
# Enable logging using RTT and UART
|
||||
CONFIG_PRINTK=y
|
||||
CONFIG_CBPRINTF_LIBC_SUBSTS=y
|
||||
CONFIG_CBPRINTF_FP_SUPPORT=y
|
||||
CONFIG_CONSOLE=y
|
||||
CONFIG_LOG=y
|
||||
CONFIG_LOG_BACKEND_UART=y
|
||||
CONFIG_LOG_BUFFER_SIZE=15360
|
||||
#CONFIG_WOLFSSL_DEBUG=y
|
||||
|
||||
# TLS configuration
|
||||
|
||||
@ -19,9 +19,12 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#include <wolfssl/options.h>
|
||||
#ifndef WOLFSSL_USER_SETTINGS
|
||||
#include <wolfssl/options.h>
|
||||
#endif
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
#include <wolfssl/ssl.h>
|
||||
#define USE_CERT_BUFFERS_2048
|
||||
#define USE_CERT_BUFFERS_256
|
||||
#include <wolfssl/certs_test.h>
|
||||
#include <wolfssl/test.h>
|
||||
|
||||
@ -29,9 +32,19 @@
|
||||
#define printf printk
|
||||
#endif
|
||||
|
||||
/* wolfSSL PSA Crypto API integration with ECDH/ECDSA currently requires
|
||||
* use of wolfSSL Public Key (PK) callbacks.
|
||||
*
|
||||
* PSA Crypto API integration for this sample was tested on a
|
||||
* Nordic nRF5340dk.
|
||||
*/
|
||||
#if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
|
||||
#include <wolfssl/wolfcrypt/port/psa/psa.h>
|
||||
#endif
|
||||
|
||||
#define BUFFER_SIZE 2048
|
||||
#define STATIC_MEM_SIZE (96*1024)
|
||||
#define THREAD_STACK_SIZE (12*1024)
|
||||
#define THREAD_STACK_SIZE (13*1024)
|
||||
|
||||
/* The stack to use in the server's thread. */
|
||||
K_THREAD_STACK_DEFINE(server_stack, THREAD_STACK_SIZE);
|
||||
@ -57,6 +70,13 @@ unsigned char server_buffer[BUFFER_SIZE];
|
||||
int server_buffer_sz = 0;
|
||||
wolfSSL_Mutex server_mutex;
|
||||
|
||||
#if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
|
||||
static struct psa_ssl_ctx server_psa_ctx;
|
||||
static struct psa_ssl_ctx client_psa_ctx;
|
||||
/* psa_key_id_t representing server key loaded into PSA Crypto API */
|
||||
static psa_key_id_t ecc_key_id;
|
||||
#endif
|
||||
|
||||
/* Application data to send. */
|
||||
static const char msgHTTPGet[] = "GET /index.html HTTP/1.0\r\n\r\n";
|
||||
static const char msgHTTPIndex[] =
|
||||
@ -161,7 +181,7 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
|
||||
WOLFSSL* client_ssl = NULL;
|
||||
|
||||
/* Create and initialize WOLFSSL_CTX */
|
||||
if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
|
||||
if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_3_client_method(),
|
||||
HEAP_HINT_CLIENT)) == NULL) {
|
||||
printf("ERROR: failed to create WOLFSSL_CTX\n");
|
||||
ret = -1;
|
||||
@ -169,14 +189,23 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
|
||||
|
||||
if (ret == 0) {
|
||||
/* Load client certificates into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_cert_der_2048,
|
||||
sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) !=
|
||||
if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_ecc_cert_der_256,
|
||||
sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1) !=
|
||||
WOLFSSL_SUCCESS) {
|
||||
printf("ERROR: failed to load CA certificate\n");
|
||||
ret = -1;
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
|
||||
if (ret == 0) {
|
||||
if (wolfSSL_CTX_psa_enable(client_ctx) != WOLFSSL_SUCCESS) {
|
||||
printf("ERROR: failed to enable PSA Crypto API for WOLFSSL_CTX\n");
|
||||
ret = -1;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
/* Register callbacks */
|
||||
wolfSSL_SetIORecv(client_ctx, recv_client);
|
||||
@ -189,6 +218,16 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
|
||||
if (ret == 0) {
|
||||
XMEMSET(&client_psa_ctx, 0, sizeof(client_psa_ctx));
|
||||
if (wolfSSL_set_psa_ctx(client_ssl, &client_psa_ctx) != WOLFSSL_SUCCESS) {
|
||||
printf("ERROR: wolfSSL_set_psa_ctx() failed\n");
|
||||
ret = -1;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
/* make wolfSSL object nonblocking */
|
||||
wolfSSL_set_using_nonblock(client_ssl, 1);
|
||||
@ -198,8 +237,12 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
|
||||
*ssl = client_ssl;
|
||||
}
|
||||
else {
|
||||
if (client_ssl != NULL)
|
||||
if (client_ssl != NULL) {
|
||||
#if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
|
||||
wolfSSL_free_psa_ctx(&client_psa_ctx);
|
||||
#endif
|
||||
wolfSSL_free(client_ssl);
|
||||
}
|
||||
if (client_ctx != NULL)
|
||||
wolfSSL_CTX_free(client_ctx);
|
||||
}
|
||||
@ -220,7 +263,49 @@ static int wolfssl_client_connect(WOLFSSL* ssl)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
|
||||
|
||||
/* ./certs/ecc-key.pem */
|
||||
static const unsigned char ecc_key_256[] =
|
||||
{
|
||||
0x45, 0xB6, 0x69, 0x02, 0x73, 0x9C, 0x6C, 0x85, 0xA1, 0x38,
|
||||
0x5B, 0x72, 0xE8, 0xE8, 0xC7, 0xAC, 0xC4, 0x03, 0x8D, 0x53,
|
||||
0x35, 0x04, 0xFA, 0x6C, 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8,
|
||||
0x09, 0x8C
|
||||
};
|
||||
|
||||
/* Provision server private key using PSA Crypto API.
|
||||
*
|
||||
* key_id - resulting psa_key_id_t
|
||||
*
|
||||
* Returns - 0 on success, negative on error
|
||||
*/
|
||||
static int psa_private_key_provisioning(psa_key_id_t *key_id)
|
||||
{
|
||||
psa_key_attributes_t key_attr = { 0 };
|
||||
psa_key_type_t key_type;
|
||||
psa_status_t status;
|
||||
|
||||
key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1);
|
||||
|
||||
psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_SIGN_HASH);
|
||||
psa_set_key_lifetime(&key_attr, PSA_KEY_LIFETIME_VOLATILE);
|
||||
psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
|
||||
psa_set_key_type(&key_attr, key_type);
|
||||
psa_set_key_bits(&key_attr, 256);
|
||||
|
||||
status = psa_import_key(&key_attr, ecc_key_256,
|
||||
sizeof(ecc_key_256), key_id);
|
||||
|
||||
if (status != PSA_SUCCESS) {
|
||||
printf("ERROR: provisioning of private key failed: [%d] \n", status);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_HAVE_PSA & HAVE_PK_CALLBACKS */
|
||||
|
||||
/* Create a new wolfSSL server with a certificate for authentication. */
|
||||
static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
|
||||
@ -229,32 +314,57 @@ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
|
||||
WOLFSSL_CTX* server_ctx = NULL;
|
||||
WOLFSSL* server_ssl = NULL;
|
||||
|
||||
/* Create and initialize WOLFSSL_CTX */
|
||||
if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
|
||||
HEAP_HINT_SERVER)) == NULL) {
|
||||
printf("ERROR: failed to create WOLFSSL_CTX\n");
|
||||
#if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
|
||||
/* Provision ECC private key with PSA Crypto API */
|
||||
if (psa_private_key_provisioning(&ecc_key_id) != 0) {
|
||||
printf("ERROR: failed to provision PSA private key\n");
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
XMEMSET(&server_psa_ctx, 0, sizeof(server_psa_ctx));
|
||||
wolfSSL_psa_set_private_key_id(&server_psa_ctx, ecc_key_id);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
/* Create and initialize WOLFSSL_CTX */
|
||||
if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_3_server_method(),
|
||||
HEAP_HINT_SERVER)) == NULL) {
|
||||
printf("ERROR: failed to create WOLFSSL_CTX\n");
|
||||
ret = -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
/* Load client certificates into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_use_certificate_buffer(server_ctx,
|
||||
server_cert_der_2048, sizeof_server_cert_der_2048,
|
||||
serv_ecc_der_256, sizeof_serv_ecc_der_256,
|
||||
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
|
||||
printf("ERROR: failed to load server certificate\n");
|
||||
ret = -1;
|
||||
}
|
||||
}
|
||||
|
||||
#if !defined(WOLFSSL_HAVE_PSA) || \
|
||||
(defined(WOLFSSL_HAVE_PSA) && !defined(HAVE_PK_CALLBACKS))
|
||||
if (ret == 0) {
|
||||
/* Load client certificates into WOLFSSL_CTX */
|
||||
if (wolfSSL_CTX_use_PrivateKey_buffer(server_ctx,
|
||||
server_key_der_2048, sizeof_server_key_der_2048,
|
||||
ecc_key_der_256, sizeof_ecc_key_der_256,
|
||||
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
|
||||
printf("ERROR: failed to load server key\n");
|
||||
ret = -1;
|
||||
}
|
||||
}
|
||||
#else
|
||||
if (ret == 0) {
|
||||
if (wolfSSL_CTX_psa_enable(server_ctx) != WOLFSSL_SUCCESS) {
|
||||
printf("ERROR: failed to enable PSA\n");
|
||||
ret = -1;
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_HAVE_PSA */
|
||||
|
||||
if (ret == 0) {
|
||||
/* Register callbacks */
|
||||
@ -268,6 +378,16 @@ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
|
||||
if (ret == 0) {
|
||||
if (wolfSSL_set_psa_ctx(server_ssl, &server_psa_ctx)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
printf("ERROR: failed to enable PSA in WOLFSSL struct\n");
|
||||
ret = -1;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
/* make wolfSSL object nonblocking */
|
||||
wolfSSL_set_using_nonblock(server_ssl, 1);
|
||||
@ -277,8 +397,12 @@ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
|
||||
*ssl = server_ssl;
|
||||
}
|
||||
else {
|
||||
if (server_ssl != NULL)
|
||||
if (server_ssl != NULL) {
|
||||
#if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
|
||||
wolfSSL_free_psa_ctx(&server_psa_ctx);
|
||||
#endif
|
||||
wolfSSL_free(server_ssl);
|
||||
}
|
||||
if (server_ctx != NULL)
|
||||
wolfSSL_CTX_free(server_ctx);
|
||||
}
|
||||
@ -390,7 +514,6 @@ void server_thread(void* arg1, void* arg2, void* arg3)
|
||||
WOLFSSL_CTX* server_ctx = NULL;
|
||||
WOLFSSL* server_ssl = NULL;
|
||||
|
||||
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
if (wc_LoadStaticMemory(&HEAP_HINT_SERVER, gMemoryServer,
|
||||
sizeof(gMemoryServer),
|
||||
@ -425,6 +548,12 @@ void server_thread(void* arg1, void* arg2, void* arg3)
|
||||
printf("Server Memory Stats\n");
|
||||
#endif
|
||||
wolfssl_memstats(server_ssl);
|
||||
|
||||
#if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
|
||||
if (server_ssl != NULL) {
|
||||
wolfSSL_free_psa_ctx(&server_psa_ctx);
|
||||
}
|
||||
#endif
|
||||
wolfssl_free(server_ctx, server_ssl);
|
||||
}
|
||||
|
||||
@ -433,7 +562,13 @@ int main()
|
||||
int ret = 0;
|
||||
WOLFSSL_CTX* client_ctx = NULL;
|
||||
WOLFSSL* client_ssl = NULL;
|
||||
THREAD_TYPE serverThread;
|
||||
THREAD_TYPE serverThread;
|
||||
|
||||
/* set dummy wallclock time for cert validation without NTP/etc */
|
||||
struct timespec utctime;
|
||||
utctime.tv_sec = 1658510212; /* Friday, July 22, 2022 5:16:52 PM GMT */
|
||||
utctime.tv_nsec = 0;
|
||||
clock_settime(CLOCK_REALTIME, &utctime);
|
||||
|
||||
wolfSSL_Init();
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
@ -490,6 +625,12 @@ int main()
|
||||
printf("Client Memory Stats\n");
|
||||
#endif
|
||||
wolfssl_memstats(client_ssl);
|
||||
|
||||
#if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
|
||||
if (client_ssl != NULL) {
|
||||
wolfSSL_free_psa_ctx(&client_psa_ctx);
|
||||
}
|
||||
#endif
|
||||
wolfssl_free(client_ctx, client_ssl);
|
||||
|
||||
wolfSSL_Cleanup();
|
||||
|
||||
@ -126,6 +126,18 @@ extern "C" {
|
||||
#undef WOLFSSL_STATIC_MEMORY
|
||||
#define WOLFSSL_STATIC_MEMORY
|
||||
|
||||
#undef WOLFSSL_TLS13
|
||||
#define WOLFSSL_TLS13
|
||||
|
||||
#undef HAVE_HKDF
|
||||
#define HAVE_HKDF
|
||||
|
||||
#undef WC_RSA_PSS
|
||||
#define WC_RSA_PSS
|
||||
|
||||
#undef HAVE_FFDHE_2048
|
||||
#define HAVE_FFDHE_2048
|
||||
|
||||
#if 0
|
||||
#undef WOLFSSL_HAVE_SP_RSA
|
||||
#define WOLFSSL_HAVE_SP_RSA
|
||||
|
||||
Reference in New Issue
Block a user