Fixes for building NXP SE050. Add support for automatic initialization of the SE050 if WOLFSSL_SE050_INIT is defined. Optionally can override the portName using SE050_DEFAULT_PORT.

2025-08-03 20:54:41 +02:00 · 2021-09-02 14:17:27 -07:00
parent 2028d8b63d
commit 185d48938d
5 changed files with 176 additions and 31 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -1337,7 +1337,7 @@ AC_ARG_WITH([cryptoauthlib],
 )
 # NXP SE050
-# current configure options line: "./configure --with-se050=/home/pi/Downloads/new_simw_top"
+# Example: "./configure --with-se050=/home/pi/simw_top"
 ENABLED_SE050="no"
 trylibse050dir=""
 AC_ARG_WITH([se050],
@@ -1356,14 +1356,20 @@ AC_ARG_WITH([se050],
                trylibse050dir="/usr/local/lib/"
            fi
            LDFLAGS="$LDFLAGS -L$trylibse050dir/build/sss"
            CPPFLAGS="$CPPFLAGS -I$trylibse050dir/build"
            CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/inc"
            CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/ex/inc"
            CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/port/default"
            CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/inc"
            CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/libCommon/infra"
            AC_CHECK_FILES([$trylibse050dir/build/sss/libSSS_APIs.a], [SE050_STATIC=yes], [SE050_STATIC=no])
            if test "x$SE050_STATIC" = "xyes"; then
-                LIB_STATIC_ADD="$trylibse050dir/build/sss/libSSS_APIs.a $LIB_STATIC_ADD"
+                LIB_STATIC_ADD="$trylibse050dir/build/sss/ex/src/libex_common.a \
                                $trylibse050dir/build/sss/libSSS_APIs.a \
                                $trylibse050dir/build/hostlib/hostLib/se05x/libse05x.a \
                                $trylibse050dir/build/hostlib/hostLib/liba7x_utils.a \
                                $trylibse050dir/build/hostlib/hostLib/libCommon/libsmCom.a $LIB_STATIC_ADD"
            else
                AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0); ]])],[ libse050_linked=yes ],[ libse050_linked=no ])
                if test "x$libse050_linked" = "xno" ; then
@@ -1381,7 +1387,7 @@ AC_ARG_WITH([se050],
        fi
        ENABLED_SE050="yes"
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SE050"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SE050 -DSSS_USE_FTR_FILE"
    ]
 )
--- a/wolfcrypt/src/port/nxp/README.md
+++ b/wolfcrypt/src/port/nxp/README.md
@@ -4,7 +4,7 @@ Support for the NXP DCP, KSDK and SE050 hardware acceleration boards.
 ## NXP SE050
-Support for the SE050 on-board crypto hardware acceleration for symmetric AES, SHA1/SHA256/SHA384/SHA512, ECC (including ed25519) and RNG. **(discuss p-256 ECC)**
+Support for the SE050 on-board crypto hardware acceleration for symmetric AES, SHA1/SHA256/SHA384/SHA512, ECC (including ed25519) and RNG.
 ## SE050 Acceleration
@@ -16,6 +16,22 @@ The code required to communicate with the SE050 is the `EdgeLock SE05x Plug & Tr
 Follow the build instruction in AN12570 (EdgeLockTM SE05x Quick start guide with Raspberry Pi) [here](https://www.nxp.com/docs/en/application-note/AN12570.pdf). 
 In summary here are the steps for building:
 ```
 # from simw-top directory
 mkdir build
 cd build
 ccmake ..
 # Change:
 #   `Host OS` to `Raspbian`
 #   `Host Crypto` to `None`
 #   `SMCOM` to `T1oI2C`
 c # to configure
 q
 make
 ```
 ## Building wolfSSL
 To enable support run:
@@ -26,7 +42,7 @@ make
 ``
 Where `PATH` is the directory location of `simw-top`.
-Example: `./configure --with-se050=/Users/[user]/simw-top`
+Example: `./configure --enable-debug --disable-shared --with-se050=/home/pi/simw-top CFLAGS="-DWOLFSSL_SE050_INIT"`
 ## Building Examples
@@ -46,7 +62,7 @@ Open the `simw-top/demos/se05x/se05x_Minimal` directory and edit `se05x_Minimal.
 #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
 `` 
-If you would like to run our wolfcrypt test or  benchmark tool, add: `#include "test.h"` or `#include benchmark.h`.
+If you would like to run our wolfcrypt test or benchmark tool, add: `#include "test.h"` or `#include benchmark.h`.
 Below is the code that was replaced in `ex_sss_entry()` to run the wolfcrypt test:
--- a/wolfcrypt/src/port/nxp/se050_port.c
+++ b/wolfcrypt/src/port/nxp/se050_port.c
@@ -26,18 +26,25 @@
 #include <stdint.h>
 #include <wolfssl/wolfcrypt/settings.h>
 #ifdef WOLFSSL_SE050
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/aes.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/ed25519.h>
-
+#include <wolfssl/wolfcrypt/logging.h>
 #ifdef WOLFSSL_SE050
 #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
-#include "fsl_sss_api.h"
+
-#include "fsl_sss_se05x_types.h"
+#ifdef WOLFSSL_SE050_INIT
    #ifndef SE050_DEFAULT_PORT
    #define SE050_DEFAULT_PORT "/dev/i2c-1"
    #endif
    #include "ex_sss_boot.h"
 #endif
 #ifdef WOLFSSL_SP_MATH
    struct sp_int;
@@ -77,6 +84,34 @@ int wc_se050_SetConfig(sss_session_t *pSession, sss_key_store_t *pHostKeyStore,
    return 0;
 }
 #ifdef WOLFSSL_SE050_INIT
 int wc_se050_init(const char* portName)
 {
    int ret;
    sss_status_t status;
    static ex_sss_boot_ctx_t pCtx;
    if (portName == NULL) {
        portName = SE050_DEFAULT_PORT;
    }
    status = ex_sss_boot_open(&pCtx, portName);
    if (status == kStatus_SSS_Success) {
        ret = wc_se050_SetConfig(&pCtx.session,
        #if SSS_HAVE_HOSTCRYPTO_ANY
            &pCtx.host_ks,
        #else
            NULL,
        #endif
            &pCtx.ks);
    }
    else {
        ret = WC_HW_E;
    }
    return ret;
 }
 #endif
 int se050_allocate_key(void)
 {
    static int keyId_allocater = 100;
@@ -90,6 +125,10 @@ int se050_get_random_number(uint32_t count, uint8_t* rand_out)
    sss_rng_context_t rng;
    int ret = 0;
    if (cfg_se050_i2c_pi == NULL) {
        return WC_HW_E;
    }
    if (wolfSSL_CryptHwMutexLock() != 0) {
        return BAD_MUTEX_E;
    }
@@ -157,6 +196,10 @@ int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash, size_t digestLen,
    int          leftover = (se050Ctx->len) % SSS_BLOCK_SIZE;
    const byte*  blocks = data;
    if (cfg_se050_i2c_pi == NULL) {
        return WC_HW_E;
    }
    if (wolfSSL_CryptHwMutexLock() != 0) {
        return BAD_MUTEX_E;
    }
@@ -167,18 +210,19 @@ int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash, size_t digestLen,
        status = sss_digest_init(&digest_ctx);
    }
    if (status == kStatus_SSS_Success) {
-    /* used to send chunks of size 512 */
+        /* used to send chunks of size 512 */
-    while (status == kStatus_SSS_Success && size--) {
+        while (status == kStatus_SSS_Success && size--) {
-        status = sss_digest_update(&digest_ctx, blocks, SSS_BLOCK_SIZE);
+            status = sss_digest_update(&digest_ctx, blocks, SSS_BLOCK_SIZE);
-        blocks += SSS_BLOCK_SIZE;
+            blocks += SSS_BLOCK_SIZE;
        }
        if (status == kStatus_SSS_Success && leftover) {
            status = sss_digest_update(&digest_ctx, blocks, leftover);
        }
        if (status == kStatus_SSS_Success) {
            status = sss_digest_finish(&digest_ctx, hash, &digestLen);
        }
        sss_digest_context_free(&digest_ctx);
    }
    if (status == kStatus_SSS_Success && leftover) {
        status = sss_digest_update(&digest_ctx, blocks, leftover);
    }
    if (status == kStatus_SSS_Success) {
        status = sss_digest_finish(&digest_ctx, hash, &digestLen);
    }
    sss_digest_context_free(&digest_ctx);
    wolfSSL_CryptHwMutexUnLock();
@@ -200,7 +244,9 @@ int se050_aes_set_key(Aes* aes, const byte* key, word32 len,
    int keyId = se050_allocate_key();
    int ret = BAD_MUTEX_E;
-    WOLFSSL_MSG("se050_set_key");
+    if (cfg_se050_i2c_pi == NULL) {
        return WC_HW_E;
    }
    (void)dir;
    (void)iv;
@@ -252,6 +298,10 @@ int se050_aes_crypt(Aes* aes, const byte* in, byte* out, word32 sz, int dir,
    sss_key_store_t host_keystore;
    int             ret = BAD_MUTEX_E;
    if (cfg_se050_i2c_pi == NULL) {
        return WC_HW_E;
    }
    XMEMSET(&mode, 0, sizeof(mode));
    if (dir == AES_DECRYPTION)
@@ -292,7 +342,8 @@ int se050_aes_crypt(Aes* aes, const byte* in, byte* out, word32 sz, int dir,
        }
    }
    if (status == kStatus_SSS_Success) {
-        status = sss_cipher_update(&aes->aes_ctx, in, sz, out, &sz);
+        size_t outSz = (size_t)sz;
        status = sss_cipher_update(&aes->aes_ctx, in, sz, out, &outSz);
    }
    wolfSSL_CryptHwMutexUnLock();
@@ -308,11 +359,15 @@ void se050_aes_free(Aes* aes)
    sss_key_store_t host_keystore;
    sss_object_t    keyObject;
    if (cfg_se050_i2c_pi == NULL) {
        return;
    }
    /* sets back to zero to indicate that a free has been called */
    aes->ctxInitDone = 0;
    if (wolfSSL_CryptHwMutexLock() != 0) {
-        return BAD_MUTEX_E;
+        return;
    }
    status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
@@ -350,6 +405,10 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
    int         keysize = (word32)key->dp->size;
    int         ret = BAD_MUTEX_E;
    if (cfg_se050_i2c_pi == NULL) {
        return WC_HW_E;
    }
    /* truncate if digest is larger than 64 */
    if (inLen > 64)
        inLen = 64;
@@ -397,8 +456,10 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
    }
    if (status == kStatus_SSS_Success) {
        size_t outLenSz = (size_t)*outLen;
        status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t *)in, inLen,
-                                                                out, outLen);
+                                                                out, &outLenSz);
        *outLen = outLenSz;
    }
    sss_asymmetric_context_free(&ctx_asymm);
@@ -427,10 +488,12 @@ int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* signature,
    int         ret;
    int         keySize = (word32)key->dp->size;
    WOLFSSL_MSG("se050_ecc_verify_hash_ex");
    *res = 0;
    if (cfg_se050_i2c_pi == NULL) {
        return WC_HW_E;
    }
    if (hashLen > 64)
        hashLen = 64;
@@ -547,6 +610,10 @@ int se050_ecc_free_key(struct ecc_key* key)
    int             ret = WC_HW_E;
    sss_key_store_t host_keystore;
    if (cfg_se050_i2c_pi == NULL) {
        return WC_HW_E;
    }
    if (key->keyId <= 0) {
        return BAD_FUNC_ARG;
    }
@@ -589,6 +656,11 @@ int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize)
    size_t keyPairExportBitLen = sizeof(keyPairExport) * 8;
    int ret;
    if (cfg_se050_i2c_pi == NULL) {
        return WC_HW_E;
    }
    (void)curve_id;
    if (wolfSSL_CryptHwMutexLock() != 0) {
@@ -648,6 +720,10 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
    size_t                  ecdhKeyBitLen = keySize;
    int                     ret = WC_HW_E;
    if (cfg_se050_i2c_pi == NULL) {
        return WC_HW_E;
    }
    if (private_key->keyId <= 0 || public_key->keyId <= 0) {
        return BAD_FUNC_ARG;
    }
@@ -711,8 +787,10 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
    }
    if (status == kStatus_SSS_Success) {
-        status = sss_key_store_get_key(hostKeyStore, &deriveKey, out, outlen,
+        size_t outlenSz = (size_t)*outlen;
        status = sss_key_store_get_key(hostKeyStore, &deriveKey, out, &outlenSz,
                                                                &ecdhKeyBitLen);
        *outlen = outlenSz;
    }
    if (ctx_derive_key.session != NULL)
        sss_derive_key_context_free(&ctx_derive_key);
@@ -741,6 +819,10 @@ int se050_ed25519_create_key(ed25519_key* key)
    int             keyId;
    int             ret = 0;
    if (cfg_se050_i2c_pi == NULL) {
        return WC_HW_E;
    }
    if (wolfSSL_CryptHwMutexLock() != 0) {
        return BAD_MUTEX_E;
    }
@@ -786,6 +868,10 @@ void se050_ed25519_free_key(ed25519_key* key)
    sss_object_t newKey;
    sss_key_store_t host_keystore;
    if (cfg_se050_i2c_pi == NULL) {
        return;
    }
    if (wolfSSL_CryptHwMutexLock() != 0) {
        return BAD_MUTEX_E;
    }
@@ -819,6 +905,10 @@ int se050_ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
    inLen = 64;
    *outLen = 64;
    if (cfg_se050_i2c_pi == NULL) {
        return WC_HW_E;
    }
    if (wolfSSL_CryptHwMutexLock() != 0) {
        return BAD_MUTEX_E;
    }
@@ -869,6 +959,10 @@ int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen,
    sss_key_store_t     host_keystore;
    int                 ret = 0;
    if (cfg_se050_i2c_pi == NULL) {
        return WC_HW_E;
    }
    msgLen = 64;
    if (wolfSSL_CryptHwMutexLock() != 0) {
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -91,6 +91,10 @@
    #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h>
 #endif
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_INIT)
 #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
 #endif
 #ifdef WOLFSSL_SCE
    #include "hal_data.h"
 #endif
@@ -230,6 +234,10 @@ int wolfCrypt_Init(void)
        ret = sl_se_init();
    #endif
    #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_INIT)
        ret = wc_se050_init(NULL);
    #endif
    #ifdef WOLFSSL_ARMASM
        WOLFSSL_MSG("Using ARM hardware acceleration");
    #endif
--- a/wolfssl/wolfcrypt/port/nxp/se050_port.h
+++ b/wolfssl/wolfcrypt/port/nxp/se050_port.h
@@ -23,8 +23,25 @@
 #define _SE050_PORT_H_
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/visibility.h>
 #ifdef __GNUC__
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wundef"
 #pragma GCC diagnostic ignored "-Wredundant-decls"
 #endif
 #include "fsl_sss_se05x_types.h"
 #include "fsl_sss_se05x_apis.h"
 #if (SSS_HAVE_SSS > 1)
 #include "fsl_sss_api.h"
 #endif
 #ifdef __GNUC__
 #pragma GCC diagnostic pop
 #endif
 enum {
    SSS_BLOCK_SIZE = 512
@@ -37,10 +54,14 @@ typedef struct {
    word32 len;
 } SE050_HASH_Context;
-
+/* Public Functions */
 WOLFSSL_API int wc_se050_SetConfig(sss_session_t *pSession,
    sss_key_store_t *pHostKeyStore, sss_key_store_t *pKeyStore);
 #ifdef WOLFSSL_SE050_INIT
 WOLFSSL_API int wc_se050_init(const char* portName);
 #endif
 /* Private Functions */
 WOLFSSL_LOCAL int se050_allocate_key(void);
 WOLFSSL_LOCAL int se050_get_random_number(uint32_t count, uint8_t* rand_out);