wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for building NXP SE050. Add support for automatic initialization of the SE050 if WOLFSSL_SE050_INIT is defined. Optionally can override the portName using SE050_DEFAULT_PORT.

Browse Source
This commit is contained in:
David Garske
2021-09-02 14:17:27 -07:00
parent 2028d8b63d
commit 185d48938d
5 changed files with 176 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
configure.ac
View File

@@ -1337,7 +1337,7 @@ AC_ARG_WITH([cryptoauthlib],
) )
# NXP SE050 # NXP SE050
# current configure options line: "./configure --with-se050=/home/pi/Downloads/new_simw_top" # Example: "./configure --with-se050=/home/pi/simw_top"
ENABLED_SE050="no" ENABLED_SE050="no"
trylibse050dir="" trylibse050dir=""
AC_ARG_WITH([se050], AC_ARG_WITH([se050],
@@ -1356,14 +1356,20 @@ AC_ARG_WITH([se050],
trylibse050dir="/usr/local/lib/" trylibse050dir="/usr/local/lib/"
fi fi
LDFLAGS="$LDFLAGS -L$trylibse050dir/build/sss" LDFLAGS="$LDFLAGS -L$trylibse050dir/build/sss"
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/build"
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/inc" CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/inc"
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/ex/inc"
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/port/default" CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/port/default"
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/inc" CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/inc"
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/libCommon/infra" CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/libCommon/infra"
AC_CHECK_FILES([$trylibse050dir/build/sss/libSSS_APIs.a], [SE050_STATIC=yes], [SE050_STATIC=no]) AC_CHECK_FILES([$trylibse050dir/build/sss/libSSS_APIs.a], [SE050_STATIC=yes], [SE050_STATIC=no])
if test "x$SE050_STATIC" = "xyes"; then if test "x$SE050_STATIC" = "xyes"; then
LIB_STATIC_ADD="$trylibse050dir/build/sss/libSSS_APIs.a $LIB_STATIC_ADD" LIB_STATIC_ADD="$trylibse050dir/build/sss/ex/src/libex_common.a \
$trylibse050dir/build/sss/libSSS_APIs.a \
$trylibse050dir/build/hostlib/hostLib/se05x/libse05x.a \
$trylibse050dir/build/hostlib/hostLib/liba7x_utils.a \
$trylibse050dir/build/hostlib/hostLib/libCommon/libsmCom.a $LIB_STATIC_ADD"
else else
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0); ]])],[ libse050_linked=yes ],[ libse050_linked=no ]) AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0); ]])],[ libse050_linked=yes ],[ libse050_linked=no ])
if test "x$libse050_linked" = "xno" ; then if test "x$libse050_linked" = "xno" ; then
@@ -1381,7 +1387,7 @@ AC_ARG_WITH([se050],
fi fi
ENABLED_SE050="yes" ENABLED_SE050="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SE050" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SE050 -DSSS_USE_FTR_FILE"
] ]
) )

20
wolfcrypt/src/port/nxp/README.md
View File

@@ -4,7 +4,7 @@ Support for the NXP DCP, KSDK and SE050 hardware acceleration boards.
## NXP SE050 ## NXP SE050
Support for the SE050 on-board crypto hardware acceleration for symmetric AES, SHA1/SHA256/SHA384/SHA512, ECC (including ed25519) and RNG. **(discuss p-256 ECC)** Support for the SE050 on-board crypto hardware acceleration for symmetric AES, SHA1/SHA256/SHA384/SHA512, ECC (including ed25519) and RNG.
## SE050 Acceleration ## SE050 Acceleration
@@ -16,6 +16,22 @@ The code required to communicate with the SE050 is the `EdgeLock SE05x Plug & Tr
Follow the build instruction in AN12570 (EdgeLockTM SE05x Quick start guide with Raspberry Pi) [here](https://www.nxp.com/docs/en/application-note/AN12570.pdf). Follow the build instruction in AN12570 (EdgeLockTM SE05x Quick start guide with Raspberry Pi) [here](https://www.nxp.com/docs/en/application-note/AN12570.pdf).
In summary here are the steps for building:
```
# from simw-top directory
mkdir build
cd build
ccmake ..
# Change:
# `Host OS` to `Raspbian`
# `Host Crypto` to `None`
# `SMCOM` to `T1oI2C`
c # to configure
q
make
```
## Building wolfSSL ## Building wolfSSL
To enable support run: To enable support run:
@@ -26,7 +42,7 @@ make
`` ``
Where `PATH` is the directory location of `simw-top`. Where `PATH` is the directory location of `simw-top`.
Example: `./configure --with-se050=/Users/[user]/simw-top` Example: `./configure --enable-debug --disable-shared --with-se050=/home/pi/simw-top CFLAGS="-DWOLFSSL_SE050_INIT"`
## Building Examples ## Building Examples

118
wolfcrypt/src/port/nxp/se050_port.c
View File

@@ -26,18 +26,25 @@
#include <stdint.h> #include <stdint.h>
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#ifdef WOLFSSL_SE050
#include <wolfssl/wolfcrypt/types.h> #include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/wc_port.h> #include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/aes.h> #include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/ed25519.h> #include <wolfssl/wolfcrypt/ed25519.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef WOLFSSL_SE050
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h> #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
#include "fsl_sss_api.h"
#include "fsl_sss_se05x_types.h" #ifdef WOLFSSL_SE050_INIT
#ifndef SE050_DEFAULT_PORT
#define SE050_DEFAULT_PORT "/dev/i2c-1"
#endif
#include "ex_sss_boot.h"
#endif
#ifdef WOLFSSL_SP_MATH #ifdef WOLFSSL_SP_MATH
struct sp_int; struct sp_int;
@@ -77,6 +84,34 @@ int wc_se050_SetConfig(sss_session_t *pSession, sss_key_store_t *pHostKeyStore,
return 0; return 0;
} }
#ifdef WOLFSSL_SE050_INIT
int wc_se050_init(const char* portName)
{
int ret;
sss_status_t status;
static ex_sss_boot_ctx_t pCtx;
if (portName == NULL) {
portName = SE050_DEFAULT_PORT;
}
status = ex_sss_boot_open(&pCtx, portName);
if (status == kStatus_SSS_Success) {
ret = wc_se050_SetConfig(&pCtx.session,
#if SSS_HAVE_HOSTCRYPTO_ANY
&pCtx.host_ks,
#else
NULL,
#endif
&pCtx.ks);
}
else {
ret = WC_HW_E;
}
return ret;
}
#endif
int se050_allocate_key(void) int se050_allocate_key(void)
{ {
static int keyId_allocater = 100; static int keyId_allocater = 100;
@@ -90,6 +125,10 @@ int se050_get_random_number(uint32_t count, uint8_t* rand_out)
sss_rng_context_t rng; sss_rng_context_t rng;
int ret = 0; int ret = 0;
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
if (wolfSSL_CryptHwMutexLock() != 0) { if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E; return BAD_MUTEX_E;
} }
@@ -157,6 +196,10 @@ int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash, size_t digestLen,
int leftover = (se050Ctx->len) % SSS_BLOCK_SIZE; int leftover = (se050Ctx->len) % SSS_BLOCK_SIZE;
const byte* blocks = data; const byte* blocks = data;
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
if (wolfSSL_CryptHwMutexLock() != 0) { if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E; return BAD_MUTEX_E;
} }
@@ -179,6 +222,7 @@ int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash, size_t digestLen,
status = sss_digest_finish(&digest_ctx, hash, &digestLen); status = sss_digest_finish(&digest_ctx, hash, &digestLen);
} }
sss_digest_context_free(&digest_ctx); sss_digest_context_free(&digest_ctx);
}
wolfSSL_CryptHwMutexUnLock(); wolfSSL_CryptHwMutexUnLock();
@@ -200,7 +244,9 @@ int se050_aes_set_key(Aes* aes, const byte* key, word32 len,
int keyId = se050_allocate_key(); int keyId = se050_allocate_key();
int ret = BAD_MUTEX_E; int ret = BAD_MUTEX_E;
WOLFSSL_MSG("se050_set_key"); if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
(void)dir; (void)dir;
(void)iv; (void)iv;
@@ -252,6 +298,10 @@ int se050_aes_crypt(Aes* aes, const byte* in, byte* out, word32 sz, int dir,
sss_key_store_t host_keystore; sss_key_store_t host_keystore;
int ret = BAD_MUTEX_E; int ret = BAD_MUTEX_E;
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
XMEMSET(&mode, 0, sizeof(mode)); XMEMSET(&mode, 0, sizeof(mode));
if (dir == AES_DECRYPTION) if (dir == AES_DECRYPTION)
@@ -292,7 +342,8 @@ int se050_aes_crypt(Aes* aes, const byte* in, byte* out, word32 sz, int dir,
} }
} }
if (status == kStatus_SSS_Success) { if (status == kStatus_SSS_Success) {
status = sss_cipher_update(&aes->aes_ctx, in, sz, out, &sz); size_t outSz = (size_t)sz;
status = sss_cipher_update(&aes->aes_ctx, in, sz, out, &outSz);
} }
wolfSSL_CryptHwMutexUnLock(); wolfSSL_CryptHwMutexUnLock();
@@ -308,11 +359,15 @@ void se050_aes_free(Aes* aes)
sss_key_store_t host_keystore; sss_key_store_t host_keystore;
sss_object_t keyObject; sss_object_t keyObject;
if (cfg_se050_i2c_pi == NULL) {
return;
}
/* sets back to zero to indicate that a free has been called */ /* sets back to zero to indicate that a free has been called */
aes->ctxInitDone = 0; aes->ctxInitDone = 0;
if (wolfSSL_CryptHwMutexLock() != 0) { if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E; return;
} }
status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
@@ -350,6 +405,10 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
int keysize = (word32)key->dp->size; int keysize = (word32)key->dp->size;
int ret = BAD_MUTEX_E; int ret = BAD_MUTEX_E;
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
/* truncate if digest is larger than 64 */ /* truncate if digest is larger than 64 */
if (inLen > 64) if (inLen > 64)
inLen = 64; inLen = 64;
@@ -397,8 +456,10 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
} }
if (status == kStatus_SSS_Success) { if (status == kStatus_SSS_Success) {
size_t outLenSz = (size_t)*outLen;
status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t *)in, inLen, status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t *)in, inLen,
out, outLen); out, &outLenSz);
*outLen = outLenSz;
} }
sss_asymmetric_context_free(&ctx_asymm); sss_asymmetric_context_free(&ctx_asymm);
@@ -427,10 +488,12 @@ int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* signature,
int ret; int ret;
int keySize = (word32)key->dp->size; int keySize = (word32)key->dp->size;
WOLFSSL_MSG("se050_ecc_verify_hash_ex");
*res = 0; *res = 0;
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
if (hashLen > 64) if (hashLen > 64)
hashLen = 64; hashLen = 64;
@@ -547,6 +610,10 @@ int se050_ecc_free_key(struct ecc_key* key)
int ret = WC_HW_E; int ret = WC_HW_E;
sss_key_store_t host_keystore; sss_key_store_t host_keystore;
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
if (key->keyId <= 0) { if (key->keyId <= 0) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -589,6 +656,11 @@ int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize)
size_t keyPairExportBitLen = sizeof(keyPairExport) * 8; size_t keyPairExportBitLen = sizeof(keyPairExport) * 8;
int ret; int ret;
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
(void)curve_id; (void)curve_id;
if (wolfSSL_CryptHwMutexLock() != 0) { if (wolfSSL_CryptHwMutexLock() != 0) {
@@ -648,6 +720,10 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
size_t ecdhKeyBitLen = keySize; size_t ecdhKeyBitLen = keySize;
int ret = WC_HW_E; int ret = WC_HW_E;
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
if (private_key->keyId <= 0 || public_key->keyId <= 0) { if (private_key->keyId <= 0 || public_key->keyId <= 0) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -711,8 +787,10 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
} }
if (status == kStatus_SSS_Success) { if (status == kStatus_SSS_Success) {
status = sss_key_store_get_key(hostKeyStore, &deriveKey, out, outlen, size_t outlenSz = (size_t)*outlen;
status = sss_key_store_get_key(hostKeyStore, &deriveKey, out, &outlenSz,
&ecdhKeyBitLen); &ecdhKeyBitLen);
*outlen = outlenSz;
} }
if (ctx_derive_key.session != NULL) if (ctx_derive_key.session != NULL)
sss_derive_key_context_free(&ctx_derive_key); sss_derive_key_context_free(&ctx_derive_key);
@@ -741,6 +819,10 @@ int se050_ed25519_create_key(ed25519_key* key)
int keyId; int keyId;
int ret = 0; int ret = 0;
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
if (wolfSSL_CryptHwMutexLock() != 0) { if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E; return BAD_MUTEX_E;
} }
@@ -786,6 +868,10 @@ void se050_ed25519_free_key(ed25519_key* key)
sss_object_t newKey; sss_object_t newKey;
sss_key_store_t host_keystore; sss_key_store_t host_keystore;
if (cfg_se050_i2c_pi == NULL) {
return;
}
if (wolfSSL_CryptHwMutexLock() != 0) { if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E; return BAD_MUTEX_E;
} }
@@ -819,6 +905,10 @@ int se050_ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
inLen = 64; inLen = 64;
*outLen = 64; *outLen = 64;
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
if (wolfSSL_CryptHwMutexLock() != 0) { if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E; return BAD_MUTEX_E;
} }
@@ -869,6 +959,10 @@ int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen,
sss_key_store_t host_keystore; sss_key_store_t host_keystore;
int ret = 0; int ret = 0;
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
msgLen = 64; msgLen = 64;
if (wolfSSL_CryptHwMutexLock() != 0) { if (wolfSSL_CryptHwMutexLock() != 0) {

8
wolfcrypt/src/wc_port.c
View File

@@ -91,6 +91,10 @@
#include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h> #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h>
#endif #endif
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_INIT)
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
#endif
#ifdef WOLFSSL_SCE #ifdef WOLFSSL_SCE
#include "hal_data.h" #include "hal_data.h"
#endif #endif
@@ -230,6 +234,10 @@ int wolfCrypt_Init(void)
ret = sl_se_init(); ret = sl_se_init();
#endif #endif
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_INIT)
ret = wc_se050_init(NULL);
#endif
#ifdef WOLFSSL_ARMASM #ifdef WOLFSSL_ARMASM
WOLFSSL_MSG("Using ARM hardware acceleration"); WOLFSSL_MSG("Using ARM hardware acceleration");
#endif #endif

23
wolfssl/wolfcrypt/port/nxp/se050_port.h
View File

@@ -23,8 +23,25 @@
#define _SE050_PORT_H_ #define _SE050_PORT_H_
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/visibility.h>
#ifdef __GNUC__
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wundef"
#pragma GCC diagnostic ignored "-Wredundant-decls"
#endif
#include "fsl_sss_se05x_types.h"
#include "fsl_sss_se05x_apis.h"
#if (SSS_HAVE_SSS > 1)
#include "fsl_sss_api.h" #include "fsl_sss_api.h"
#endif
#ifdef __GNUC__
#pragma GCC diagnostic pop
#endif
enum { enum {
SSS_BLOCK_SIZE = 512 SSS_BLOCK_SIZE = 512
@@ -37,10 +54,14 @@ typedef struct {
word32 len; word32 len;
} SE050_HASH_Context; } SE050_HASH_Context;
/* Public Functions */
WOLFSSL_API int wc_se050_SetConfig(sss_session_t *pSession, WOLFSSL_API int wc_se050_SetConfig(sss_session_t *pSession,
sss_key_store_t *pHostKeyStore, sss_key_store_t *pKeyStore); sss_key_store_t *pHostKeyStore, sss_key_store_t *pKeyStore);
#ifdef WOLFSSL_SE050_INIT
WOLFSSL_API int wc_se050_init(const char* portName);
#endif
/* Private Functions */
WOLFSSL_LOCAL int se050_allocate_key(void); WOLFSSL_LOCAL int se050_allocate_key(void);
WOLFSSL_LOCAL int se050_get_random_number(uint32_t count, uint8_t* rand_out); WOLFSSL_LOCAL int se050_get_random_number(uint32_t count, uint8_t* rand_out);