diff --git a/src/ssl.c b/src/ssl.c index 9c0309e5b..8dee25f0e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1771,10 +1771,9 @@ int wolfSSL_mcast_read(WOLFSSL* ssl, word16* id, void* data, int sz) #endif /* WOLFSSL_MULTICAST */ -#ifdef WOLFSSL_ASYNC_CRYPT -/* let's use async hardware, WOLFSSL_SUCCESS on ok */ -int wolfSSL_UseAsync(WOLFSSL* ssl, int devId) +/* helpers to set the device id, WOLFSSL_SUCCESS on ok */ +int wolfSSL_SetDevId(WOLFSSL* ssl, int devId) { if (ssl == NULL) return BAD_FUNC_ARG; @@ -1783,10 +1782,7 @@ int wolfSSL_UseAsync(WOLFSSL* ssl, int devId) return WOLFSSL_SUCCESS; } - - -/* let's use async hardware, WOLFSSL_SUCCESS on ok */ -int wolfSSL_CTX_UseAsync(WOLFSSL_CTX* ctx, int devId) +int wolfSSL_CTX_SetDevId(WOLFSSL_CTX* ctx, int devId) { if (ctx == NULL) return BAD_FUNC_ARG; @@ -1796,8 +1792,6 @@ int wolfSSL_CTX_UseAsync(WOLFSSL_CTX* ctx, int devId) return WOLFSSL_SUCCESS; } -#endif /* WOLFSSL_ASYNC_CRYPT */ - /* helpers to get device id and heap */ int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl) { diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 9f5d02355..95666c5c5 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3390,6 +3390,10 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) XMEMSET(key, 0, sizeof(ecc_key)); key->state = ECC_STATE_NONE; +#ifdef PLUTON_CRYPTO_ECC + key->devId = devId; +#endif + #ifdef WOLFSSL_ATECC508A key->slot = atmel_ecc_alloc(); if (key->slot == ATECC_INVALID_SLOT) { @@ -3485,41 +3489,61 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, break; } - #ifdef WOLFSSL_ATECC508A - /* Check args */ - if (inlen != ATECC_KEY_SIZE || *outlen < SIGN_RSP_SIZE) { - return ECC_BAD_ARG_E; - } + /* hardware crypto */ + #if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) + #ifdef PLUTON_CRYPTO_ECC + if (key->devId != INVALID_DEVID) /* use hardware */ + #endif + { + /* Check args */ + if ( inlen != ECC_MAX_CRYPTO_HW_SIZE || + *outlen < ECC_MAX_CRYPTO_HW_SIZE*2) { + return ECC_BAD_ARG_E; + } - /* Sign: Result is 32-bytes of R then 32-bytes of S */ - err = atcatls_sign(key->slot, in, out); - if (err != ATCA_SUCCESS) { - return BAD_COND_E; - } + #if defined(WOLFSSL_ATECC508A) + /* Sign: Result is 32-bytes of R then 32-bytes of S */ + err = atcatls_sign(key->slot, in, out); + if (err != ATCA_SUCCESS) { + return BAD_COND_E; + } + #elif defined(PLUTON_CRYPTO_ECC) + /* perform ECC sign */ + err = Crypto_EccSign(in, inlen, out, &outlen); + if (err != CRYPTO_RES_SUCCESS) { + return BAD_COND_E; + } + #endif - /* Load R and S */ - err = mp_read_unsigned_bin(r, &out[0], ATECC_KEY_SIZE); - if (err != MP_OKAY) { - return err; - } - err = mp_read_unsigned_bin(s, &out[ATECC_KEY_SIZE], ATECC_KEY_SIZE); - if (err != MP_OKAY) { - return err; - } + /* Load R and S */ + err = mp_read_unsigned_bin(r, &out[0], ECC_MAX_CRYPTO_HW_SIZE); + if (err != MP_OKAY) { + return err; + } + err = mp_read_unsigned_bin(s, &out[ECC_MAX_CRYPTO_HW_SIZE], + ECC_MAX_CRYPTO_HW_SIZE); + if (err != MP_OKAY) { + return err; + } - /* Check for zeros */ - if (mp_iszero(r) || mp_iszero(s)) { - return MP_ZERO_E; + /* Check for zeros */ + if (mp_iszero(r) || mp_iszero(s)) { + return MP_ZERO_E; + } } + #ifdef PLUTON_CRYPTO_ECC + else { + err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s); + } + #endif #else - err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s); + #endif if (err < 0) { break; } - #endif /* WOLFSSL_ATECC508A */ FALL_THROUGH; case ECC_STATE_SIGN_ENCODE: diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 7aa6eaf10..b5ed5b811 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1880,8 +1880,10 @@ WOLFSSL_API int wolfSSL_CTX_UseClientSuites(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_UseClientSuites(WOLFSSL* ssl); /* async additions */ -WOLFSSL_API int wolfSSL_UseAsync(WOLFSSL*, int devId); -WOLFSSL_API int wolfSSL_CTX_UseAsync(WOLFSSL_CTX*, int devId); +#define wolfSSL_UseAsync wolfSSL_SetDevId +#define wolfSSL_CTX_UseAsync wolfSSL_CTX_SetDevId +WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL*, int devId); +WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX*, int devId); /* helpers to get device id and heap */ WOLFSSL_API int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl); diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index f60aeae56..b11ddecc6 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -109,7 +109,14 @@ enum { ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/ ECC_MAX_PAD_SZ = 4, /* ECC maximum padding size */ ECC_MAX_OID_LEN = 16, - ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ) + ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ), + + /* max crypto hardware size */ +#ifdef WOLFSSL_ATECC508A + ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */ +#elif defined(PLUTON_CRYPTO_ECC) + ECC_MAX_CRYPTO_HW_SIZE = 32, +#endif }; /* Curve Types */ @@ -291,6 +298,9 @@ struct ecc_key { int slot; /* Key Slot Number (-1 unknown) */ byte pubkey_raw[PUB_KEY_SIZE]; #endif +#ifdef PLUTON_CRYPTO_ECC + int devId; +#endif #ifdef WOLFSSL_ASYNC_CRYPT mp_int* r; /* sign/verify temps */ mp_int* s;