Merge pull request #1280 from dgarske/crypto_hw

Add crypto hardware support for ECC sign

src/ssl.c

@@ -1771,10 +1771,9 @@ int wolfSSL_mcast_read(WOLFSSL* ssl, word16* id, void* data, int sz)
 
 #endif /* WOLFSSL_MULTICAST */
 
-#ifdef WOLFSSL_ASYNC_CRYPT
 
-/* let's use async hardware, WOLFSSL_SUCCESS on ok */
+/* helpers to set the device id, WOLFSSL_SUCCESS on ok */
-int wolfSSL_UseAsync(WOLFSSL* ssl, int devId)
+int wolfSSL_SetDevId(WOLFSSL* ssl, int devId)
 {
     if (ssl == NULL)
         return BAD_FUNC_ARG;
@@ -1783,10 +1782,7 @@ int wolfSSL_UseAsync(WOLFSSL* ssl, int devId)
 
     return WOLFSSL_SUCCESS;
 }
-
+int wolfSSL_CTX_SetDevId(WOLFSSL_CTX* ctx, int devId)
-
-/* let's use async hardware, WOLFSSL_SUCCESS on ok */
-int wolfSSL_CTX_UseAsync(WOLFSSL_CTX* ctx, int devId)
 {
     if (ctx == NULL)
         return BAD_FUNC_ARG;
@@ -1796,8 +1792,6 @@ int wolfSSL_CTX_UseAsync(WOLFSSL_CTX* ctx, int devId)
     return WOLFSSL_SUCCESS;
 }
 
-#endif /* WOLFSSL_ASYNC_CRYPT */
-
 /* helpers to get device id and heap */
 int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
 {

wolfcrypt/src/ecc.c

@@ -3390,6 +3390,10 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
     XMEMSET(key, 0, sizeof(ecc_key));
     key->state = ECC_STATE_NONE;
 
+#ifdef PLUTON_CRYPTO_ECC
+    key->devId = devId;
+#endif
+
 #ifdef WOLFSSL_ATECC508A
     key->slot = atmel_ecc_alloc();
     if (key->slot == ATECC_INVALID_SLOT) {
@@ -3485,41 +3489,61 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
                 break;
             }
 
-        #ifdef WOLFSSL_ATECC508A
+        /* hardware crypto */
-            /* Check args */
+        #if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC)
-            if (inlen != ATECC_KEY_SIZE || *outlen < SIGN_RSP_SIZE) {
+            #ifdef PLUTON_CRYPTO_ECC
-                return ECC_BAD_ARG_E;
+            if (key->devId != INVALID_DEVID) /* use hardware */
-            }
+            #endif
+            {
+                /* Check args */
+                if ( inlen != ECC_MAX_CRYPTO_HW_SIZE ||
+                    *outlen < ECC_MAX_CRYPTO_HW_SIZE*2) {
+                    return ECC_BAD_ARG_E;
+                }
 
-            /* Sign: Result is 32-bytes of R then 32-bytes of S */
+            #if defined(WOLFSSL_ATECC508A)
-            err = atcatls_sign(key->slot, in, out);
+                /* Sign: Result is 32-bytes of R then 32-bytes of S */
-            if (err != ATCA_SUCCESS) {
+                err = atcatls_sign(key->slot, in, out);
-               return BAD_COND_E;
+                if (err != ATCA_SUCCESS) {
-           }
+                   return BAD_COND_E;
+                }
+            #elif defined(PLUTON_CRYPTO_ECC)
+                /* perform ECC sign */
+                err = Crypto_EccSign(in, inlen, out, &outlen);
+                if (err != CRYPTO_RES_SUCCESS) {
+                   return BAD_COND_E;
+                }
+            #endif
 
-            /* Load R and S */
+                /* Load R and S */
-            err = mp_read_unsigned_bin(r, &out[0], ATECC_KEY_SIZE);
+                err = mp_read_unsigned_bin(r, &out[0], ECC_MAX_CRYPTO_HW_SIZE);
-            if (err != MP_OKAY) {
+                if (err != MP_OKAY) {
-                return err;
+                    return err;
-            }
+                }
-            err = mp_read_unsigned_bin(s, &out[ATECC_KEY_SIZE], ATECC_KEY_SIZE);
+                err = mp_read_unsigned_bin(s, &out[ECC_MAX_CRYPTO_HW_SIZE],
-            if (err != MP_OKAY) {
+                                           ECC_MAX_CRYPTO_HW_SIZE);
-                return err;
+                if (err != MP_OKAY) {
-            }
+                    return err;
+                }
 
-            /* Check for zeros */
+                /* Check for zeros */
-            if (mp_iszero(r) || mp_iszero(s)) {
+                if (mp_iszero(r) || mp_iszero(s)) {
-                return MP_ZERO_E;
+                    return MP_ZERO_E;
+                }
             }
+            #ifdef PLUTON_CRYPTO_ECC
+            else {
+                err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s);
+            }
+            #endif
 
         #else
-
             err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s);
+        #endif
             if (err < 0) {
                 break;
             }
 
-        #endif /* WOLFSSL_ATECC508A */
             FALL_THROUGH;
 
         case ECC_STATE_SIGN_ENCODE:

wolfssl/ssl.h

@@ -1880,8 +1880,10 @@ WOLFSSL_API int wolfSSL_CTX_UseClientSuites(WOLFSSL_CTX* ctx);
 WOLFSSL_API int wolfSSL_UseClientSuites(WOLFSSL* ssl);
 
 /* async additions */
-WOLFSSL_API int wolfSSL_UseAsync(WOLFSSL*, int devId);
+#define wolfSSL_UseAsync wolfSSL_SetDevId
-WOLFSSL_API int wolfSSL_CTX_UseAsync(WOLFSSL_CTX*, int devId);
+#define wolfSSL_CTX_UseAsync wolfSSL_CTX_SetDevId
+WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL*, int devId);
+WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX*, int devId);
 
 /* helpers to get device id and heap */
 WOLFSSL_API int   wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl);

wolfssl/wolfcrypt/ecc.h

@@ -109,7 +109,14 @@ enum {
     ECC_MAXSIZE_GEN = 74,   /* MAX Buffer size required when generating ECC keys*/
     ECC_MAX_PAD_SZ  = 4,    /* ECC maximum padding size */
     ECC_MAX_OID_LEN = 16,
-    ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ)
+    ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ),
+
+    /* max crypto hardware size */
+#ifdef WOLFSSL_ATECC508A
+    ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */
+#elif defined(PLUTON_CRYPTO_ECC)
+    ECC_MAX_CRYPTO_HW_SIZE = 32,
+#endif
 };
 
 /* Curve Types */
@@ -291,6 +298,9 @@ struct ecc_key {
     int  slot;        /* Key Slot Number (-1 unknown) */
     byte pubkey_raw[PUB_KEY_SIZE];
 #endif
+#ifdef PLUTON_CRYPTO_ECC
+    int devId;
+#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     mp_int* r;          /* sign/verify temps */
     mp_int* s;