From 29f051e585dd423cb2a9160e72b279bf8984bb98 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 20 Aug 2021 15:45:10 -0700 Subject: [PATCH] Fixes and cleanups for NXP SE050 support. --- configure.ac | 36 +- wolfcrypt/src/aes.c | 30 +- wolfcrypt/src/ecc.c | 43 +- wolfcrypt/src/ed25519.c | 7 +- wolfcrypt/src/include.am | 6 + wolfcrypt/src/port/nxp/README.md | 98 ++ wolfcrypt/src/port/nxp/se050_port.c | 1173 +++++++++++------------ wolfcrypt/src/random.c | 2 +- wolfcrypt/src/sha.c | 1 - wolfcrypt/src/sha512.c | 27 +- wolfssl/wolfcrypt/port/nxp/README.md | 68 -- wolfssl/wolfcrypt/port/nxp/se050_port.h | 64 +- 12 files changed, 805 insertions(+), 750 deletions(-) create mode 100644 wolfcrypt/src/port/nxp/README.md delete mode 100644 wolfssl/wolfcrypt/port/nxp/README.md diff --git a/configure.ac b/configure.ac index c1048664d..100b96470 100644 --- a/configure.ac +++ b/configure.ac @@ -1337,16 +1337,15 @@ AC_ARG_WITH([cryptoauthlib], ) # NXP SE050 -#current configure options line: "./configure --with-se050=/home/pi/Downloads/new_simw_top" +# current configure options line: "./configure --with-se050=/home/pi/Downloads/new_simw_top" ENABLED_SE050="no" trylibse050dir="" AC_ARG_WITH([se050], [AS_HELP_STRING([--with-se050=PATH],[PATH to SE050 install (default /usr/local/lib/)])], [ AC_MSG_CHECKING([for SE050]) - CPPFLAGS="$CPPFLAGS -DWOLFSSL_SE050" - LIBS="$LIBS -lSSS_APIs" + LIBS="$LIBS -lSSS_APIs" AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ sss_mac_init(0);]])],[ libse050_linked=yes ],[ libse050_linked=no ]) if test "x$libse050_linked" = "xno" ; then @@ -1356,20 +1355,25 @@ AC_ARG_WITH([se050], if test "x$withval" = "xyes" ; then trylibse050dir="/usr/local/lib/" fi - LDFLAGS="$LDFLAGS -L$trylibse050dir/simw-top_build/raspbian_native_se050_t1oi2c/sss/" - CPPFLAGS="$CPPFLAGS -I$trylibse050dir/simw-top/sss/inc -I$trylibse050dir/simw-top/sss/port/default \ - -I$trylibse050dir/simw-top/hostlib/hostLib/inc/ -I$trylibse050dir/simw-top/hostlib/hostLib/libCommon/infra " + LDFLAGS="$LDFLAGS -L$trylibse050dir/build/sss" + CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/inc" + CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/port/default" + CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/inc" + CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/libCommon/infra" - - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ sss_mac_init(0); ]])],[ libse050_linked=yes ],[ libse050_linked=no ]) - - if test "x$libse050_linked" = "xno" ; then - AC_MSG_ERROR([SE050 isn't found. - If it's already installed, specify its path using --with-SE050=/dir/]) + AC_CHECK_FILES([$trylibse050dir/build/sss/libSSS_APIs.a], [SE050_STATIC=yes], [SE050_STATIC=no]) + if test "x$SE050_STATIC" = "xyes"; then + LIB_STATIC_ADD="$trylibse050dir/build/sss/libSSS_APIs.a $LIB_STATIC_ADD" + else + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ sss_mac_init(0); ]])],[ libse050_linked=yes ],[ libse050_linked=no ]) + if test "x$libse050_linked" = "xno" ; then + AC_MSG_ERROR([SE050 isn't found. + If it's already installed, specify its path using --with-se050=/dir/]) + fi fi - AM_LDFLAGS="$AM_LDFLAGS -L$trylibse050dir/simw-top_build/raspbian_native_se050_t1oi2c/sss/" - AM_CFLAGS="$AM_CFLAGS -I$trylibse050dir/simw-top/sss/inc/ \ - -DWOLFSSL_AES_DIRECT" + + # Requires AES direct + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" AC_MSG_RESULT([yes]) else @@ -7079,6 +7083,7 @@ AM_CONDITIONAL([BUILD_RC2],[test "x$ENABLED_RC2" = "xyes"]) AM_CONDITIONAL([BUILD_QNXCAAM],[test "x$ENABLED_CAAM" = "xqnx"]) AM_CONDITIONAL([BUILD_IOTSAFE],[test "x$ENABLED_IOTSAFE" = "xyes"]) AM_CONDITIONAL([BUILD_IOTSAFE_HWRNG],[test "x$ENABLED_IOTSAFE_HWRNG" = "xyes"]) +AM_CONDITIONAL([BUILD_SE050],[test "x$ENABLED_SE050" = "xyes"]) if test "$ax_enable_debug" = "yes" || test "$ENABLED_STACKSIZE" != "no" || @@ -7453,6 +7458,7 @@ echo " * Crypto callbacks: $ENABLED_CRYPTOCB" echo " * i.MX6 CAAM: $ENABLED_CAAM" echo " * IoT-Safe: $ENABLED_IOTSAFE" echo " * IoT-Safe HWRNG: $ENABLED_IOTSAFE_HWRNG" +echo " * NXP SE050: $ENABLED_SE050" echo "" echo "---" diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 8cd2a7b83..1538f095e 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -871,15 +871,16 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #elif defined(WOLFSSL_SE050) static int AES_ECB_encrypt(Aes* aes, const byte* inBlock, byte* outBlock, - int sz) + int sz) { - return se050_aes_crypt(aes, inBlock, outBlock, sz, AES_ENCRYPTION, kAlgorithm_SSS_AES_ECB); + return se050_aes_crypt(aes, inBlock, outBlock, sz, AES_ENCRYPTION, + kAlgorithm_SSS_AES_ECB); } - static int AES_ECB_decrypt(Aes* aes, const byte* inBlock, byte* outBlock, - int sz) + int sz) { - return se050_aes_crypt(aes, inBlock, outBlock, sz, AES_DECRYPTION, kAlgorithm_SSS_AES_ECB); + return se050_aes_crypt(aes, inBlock, outBlock, sz, AES_DECRYPTION, + kAlgorithm_SSS_AES_ECB); } static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) { @@ -2603,24 +2604,27 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir) { - int ret = 0; + int ret; - if (aes == NULL || !((keylen == 16) || (keylen == 24) || (keylen == 32))) { - return BAD_FUNC_ARG; - } + if (aes == NULL || (keylen != 16 && keylen != 24 && keylen != 32)) { + return BAD_FUNC_ARG; + } + aes->ctxInitDone = 0; #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ defined(WOLFSSL_AES_OFB) aes->left = 0; #endif + ret = se050_aes_set_key(aes, userKey, keylen, iv, dir); if (ret == 0) { ret = wc_AesSetIV(aes, iv); } return ret; } - int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, - const byte* iv, int dir) + + int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) { return wc_AesSetKey(aes, userKey, keylen, iv, dir); } @@ -3883,12 +3887,12 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { return se050_aes_crypt(aes, in, out, sz, AES_ENCRYPTION, - kAlgorithm_SSS_AES_CBC); + kAlgorithm_SSS_AES_CBC); } int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { return se050_aes_crypt(aes, in, out, sz, AES_DECRYPTION, - kAlgorithm_SSS_AES_CBC); + kAlgorithm_SSS_AES_CBC); } #elif defined(WOLFSSL_SILABS_SE_ACCEL) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index cdff3b34f..76f2b3eec 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4701,8 +4701,7 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id, err = NOT_COMPILED_IN; } #elif defined(WOLFSSL_SE050) - key->keyId = se050_allocate_key(); - err = se050_ecc_create_key(key, key->keyId, keysize); + err = se050_ecc_create_key(key, curve_id, keysize); key->type = ECC_PRIVATEKEY; #elif defined(WOLFSSL_CRYPTOCELL) @@ -5008,6 +5007,11 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) #if defined(WOLFSSL_DSP) key->handle = -1; #endif + +#ifdef WOLFSSL_SE050 + key->keyId = -1; +#endif + return ret; } @@ -5190,7 +5194,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen, #elif defined(WOLFSSL_KCAPI_ECC) err = KcapiEcc_Sign(key, in, inlen, out, outlen); (void)rng; - #elif defined (WOLFSSL_SE050) + #elif defined(WOLFSSL_SE050) err = se050_ecc_sign_hash_ex(in, inlen, out, outlen, key); if (err == 0) err = DecodeECC_DSA_Sig(out, *outlen, r, s); @@ -6295,7 +6299,7 @@ int wc_ecc_free(ecc_key* key) #endif #ifdef WOLFSSL_SE050 - se050_ecc_free_key(key); + se050_ecc_free_key(key); #endif #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) @@ -7116,22 +7120,23 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, err = KcapiEcc_Verify(key, hash, hashlen, sigRS, key->dp->size * 2); #elif defined(WOLFSSL_SE050) - /* Used when following a hardware sign operation */ + { + /* Used when following a hardware sign operation */ + int rLeadingZero = mp_leading_bit(r); + int sLeadingZero = mp_leading_bit(s); + int rLen = mp_unsigned_bin_size(r); + int sLen = mp_unsigned_bin_size(s); + word32 signatureLen = rLeadingZero + sLeadingZero + + rLen + sLen + SIG_HEADER_SZ; /* see StoreECC_DSA_Sig */ - int rLeadingZero = mp_leading_bit(r); - int sLeadingZero = mp_leading_bit(s); - int rLen = mp_unsigned_bin_size(r); - int sLen = mp_unsigned_bin_size(s); - - word32 signatureLen = rLeadingZero + sLeadingZero + rLen + sLen + SIG_HEADER_SZ; /* see StoreECC_DSA_Sig */ - - err = StoreECC_DSA_Sig(sigRS, &signatureLen, r, s); - if (err != 0) - return err; - - err = se050_ecc_verify_hash_ex(hash, hashlen, sigRS, signatureLen, key, res); - if (err != 0) - return err; + err = StoreECC_DSA_Sig(sigRS, &signatureLen, r, s); + if (err == 0) { + err = se050_ecc_verify_hash_ex(hash, hashlen, sigRS, + signatureLen, key, res); + } + if (err != 0) + return err; + } #else /* checking if private key with no public part */ if (key->type == ECC_PRIVATEKEY_ONLY) { diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index f8f726031..2b87c86f0 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -262,11 +262,12 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, word32 *outLen, ed25519_key* key, byte type, const byte* context, byte contextLen) { + int ret; #ifdef WOLFSSL_SE050 (void)context; (void)contextLen; (void)type; - int ret = se050_ed25519_sign_msg(in, inLen, out, outLen, key); + ret = se050_ed25519_sign_msg(in, inLen, out, outLen, key); #else #ifdef FREESCALE_LTC_ECC byte tempBuf[ED25519_PRV_KEY_SIZE]; @@ -277,7 +278,6 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, byte nonce[WC_SHA512_DIGEST_SIZE]; byte hram[WC_SHA512_DIGEST_SIZE]; byte az[ED25519_PRV_KEY_SIZE]; - int ret; /* sanity check on arguments */ if (in == NULL || out == NULL || outLen == NULL || key == NULL || @@ -681,8 +681,7 @@ int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg, (void)type; (void)context; (void)contextLen; - if (ed25519Ctx != NULL) - (void)ed25519Ctx; + (void)ed25519Ctx; ret = se050_ed25519_verify_msg(sig, sigLen, msg, msgLen, key, res); #else #ifdef WOLFSSL_ED25519_PERSISTENT_SHA diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 868fdadfe..c08529519 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -68,6 +68,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/arm/armv8-32-sha512-asm.c \ wolfcrypt/src/port/nxp/ksdk_port.c \ wolfcrypt/src/port/nxp/dcp_port.c \ + wolfcrypt/src/port/nxp/se050_port.c \ + wolfcrypt/src/port/nxp/README.md \ wolfcrypt/src/port/atmel/README.md \ wolfcrypt/src/port/xilinx/xil-sha3.c \ wolfcrypt/src/port/xilinx/xil-aesgcm.c \ @@ -174,3 +176,7 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/port/caam/wolfcaam_qnx.c src_libwolfssl_la_SOURCES += wolfcrypt/src/port/caam/wolfcaam_ecdsa.c src_libwolfssl_la_SOURCES += wolfcrypt/src/port/caam/wolfcaam_cmac.c endif + +if BUILD_SE050 +src_libwolfssl_la_SOURCES += wolfcrypt/src/port/nxp/se050_port.c +endif diff --git a/wolfcrypt/src/port/nxp/README.md b/wolfcrypt/src/port/nxp/README.md new file mode 100644 index 000000000..ac74f069b --- /dev/null +++ b/wolfcrypt/src/port/nxp/README.md @@ -0,0 +1,98 @@ +# NXP Ports + +Support for the NXP DCP, KSDK and SE050 hardware acceleration boards. + +## NXP SE050 + +Support for the SE050 on-board crypto hardware acceleration for symmetric AES, SHA1/SHA256/SHA384/SHA512, ECC (including ed25519) and RNG. **(discuss p-256 ECC)** + +## SE050 Acceleration + +For details about SE050 HW acceleration, see [NXP's SE050 page](https://www.nxp.com/products/security-and-authentication/authentication/edgelock-se050-plug-trust-secure-element-family-enhanced-iot-security-with-maximum-flexibility:SE050). + +## Building simw-top + +The code required to communicate with the SE050 is the `EdgeLock SE05x Plug & Trust Middleware (03.03.00)`, which can be found here [link](https://www.nxp.com/products/security-and-authentication/authentication/edgelock-se050-plug-trust-secure-element-family-enhanced-iot-security-with-maximum-flexibility:SE050?tab=Design_Tools_Tab) (An NXP account is required to download). + +Follow the build instruction in AN12570 (EdgeLockTM SE05x Quick start guide with Raspberry Pi) [here](https://www.nxp.com/docs/en/application-note/AN12570.pdf). + +## Building wolfSSL + +To enable support run: + +``sh +./configure --with-se050=PATH +make +`` + +Where `PATH` is the directory location of `simw-top`. +Example: `./configure --with-se050=/Users/[user]/simw-top` + +## Building Examples + +Confirm that you are able to run the examples from the directory: + +``sh +/simw-top_build/raspbian_native_se050_t1oi2c/bin/ +`` + +Modify one of those examples in order to tie into wolfSSL. The `./se05x_Minimal` is the easiest one to modify. + +Open the `simw-top/demos/se05x/se05x_Minimal` directory and edit `se05x_Minimal.c`. Add these headers to source file: + +``c +#include +#include +#include +`` + +If you would like to run our wolfcrypt test or benchmark tool, add: `#include "test.h"` or `#include benchmark.h`. + +Below is the code that was replaced in `ex_sss_entry()` to run the wolfcrypt test: + +``c +sss_status_t status = kStatus_SSS_Success; +int ret; + +sss_session_t *pSession2 = (sss_session_t *)&pCtx->session; +sss_key_store_t *pHostSession = (sss_key_store_t *)&pCtx->host_ks; + +LOG_I("running setconfig"); +ret = wc_se050_SetConfig(pSession2, pHostSession); +if (ret != 0) { + return kStatus_SSS_Fail; +} +LOG_I("ran setconfig correctly"); +wolfcrypt_test(NULL); + +LOG_I("ran wolfcrypt test"); +return status; +`` + +Note: `wolfcrypt_test(NULL);` can be replaced with `benchmark_test();` + +The two variables used in `wc_se050_SetConfig` are session and key store variables that are required to reference parts of the hardware. + +The Makefile needs to be edited. At the top of the Makefile, the base wolfssl directory needs to be added to `INCLUDE_FLAGS`. + +Next, Inside `CFLAGS`, the `se05x_Minimal` directory needs to be added so that test.c and benchmark.c are included. + +Finally, underneath 'all', test.c, test.h, benchmark.c and benchmark.h need to be added, along with `-L[wolfssl directory] -lwolfssl` at the end of the line. + +### Wolfcrypt Test + +To run the wolfcrypt test, two files, `test.h` and `test.c` need to be added to the `./se05x_Minimal` directory. These files can be found inside of `/wolfcrypt/test`. +Make sure `NO_MAIN_DRIVER` is defined to avoid `int main()` conflicts. Either in the Makefile or modify test.h to define it. + +You should be able to run `wolfcrypt_test()` now. + +### wolfCrypt Benchmark + +To run the benchmark, both `benchmark.c` and `benchmark.h` need to be copied from wolfcrypt/benchmark to the `./se05x_Minimal` directory. +In addition, the entire `./certs` directory will need to copied into the directory. +Make sure `NO_MAIN_DRIVER` is defined to avoid `int main()` conflicts. Either in the Makefile or modify test.h to define it. +Now you can run `benchmark_test()`. + +## Support + +For questions please email support@wolfssl.com diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c index 4384f3994..c011f29ce 100644 --- a/wolfcrypt/src/port/nxp/se050_port.c +++ b/wolfcrypt/src/port/nxp/se050_port.c @@ -33,37 +33,53 @@ #include -#if defined(WOLFSSL_SE050) +#ifdef WOLFSSL_SE050 #include #include "fsl_sss_api.h" #include "fsl_sss_se05x_types.h" +#ifdef WOLFSSL_SP_MATH + struct sp_int; + #define MATH_INT_T struct sp_int +#elif defined(USE_FAST_MATH) + struct fp_int; + #define MATH_INT_T struct fp_int +#else + struct mp_int; + #define MATH_INT_T struct mp_int +#endif +struct ecc_key; +#include +#include + +/* ECC SIGN 70 = keyStoreId - Implementation specific ID */ +/* AES 55 = keyStoreId - Implementation specific ID */ +/* ECC Shared Secret 60 = keyStoreId - Implementation specific ID */ +/* ECC VERIFY 61 = keyStoreId - Implementation specific ID */ +/* ECC VERIFY AFTER SIGN 60 = keyStoreId - Implementation specific ID */ +/* ED25519 55 = keyStoreId - Implementation specific ID */ /* Global variables */ static sss_session_t *cfg_se050_i2c_pi; static sss_key_store_t *hostKeyStore; static sss_key_store_t *keyStore; -int keyId_allocater = 100; -int wolfcrypt_se050_SetConfig(sss_session_t *pSession, sss_key_store_t *pHostKeyStore, sss_key_store_t *pKeyStore) +int wc_se050_SetConfig(sss_session_t *pSession, sss_key_store_t *pHostKeyStore, + sss_key_store_t *pKeyStore) { - printf("Setting SE050 session configuration\n"); - - XMEMSET(&cfg_se050_i2c_pi, 0, sizeof(cfg_se050_i2c_pi)); - cfg_se050_i2c_pi = pSession; - - XMEMSET(&hostKeyStore, 0, sizeof(hostKeyStore)); - hostKeyStore = pHostKeyStore; - - XMEMSET(&keyStore, 0, sizeof(keyStore)); - keyStore = pKeyStore; - - return 0; + WOLFSSL_MSG("Setting SE050 session configuration"); + + cfg_se050_i2c_pi = pSession; + hostKeyStore = pHostKeyStore; + keyStore = pKeyStore; + + return 0; } -int se050_allocate_key() +int se050_allocate_key(void) { + static int keyId_allocater = 100; return keyId_allocater++; } @@ -71,27 +87,28 @@ int se050_allocate_key() int se050_get_random_number(uint32_t count, uint8_t* rand_out) { sss_status_t status; - sss_rng_context_t rng; - int ret = 0; + sss_rng_context_t rng; + int ret = 0; - if (wolfSSL_CryptHwMutexLock() == 0) { - status = sss_rng_context_init(&rng, cfg_se050_i2c_pi); + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; + } + status = sss_rng_context_init(&rng, cfg_se050_i2c_pi); - if (status == kStatus_SSS_Success) - status = sss_rng_get_random(&rng, rand_out, count); + if (status == kStatus_SSS_Success) + status = sss_rng_get_random(&rng, rand_out, count); - if (status == kStatus_SSS_Success) - status = sss_rng_context_free(&rng); + if (status == kStatus_SSS_Success) + status = sss_rng_context_free(&rng); - if (status != kStatus_SSS_Success) { - ret = RNG_FAILURE_E; - } + if (status != kStatus_SSS_Success) { + ret = RNG_FAILURE_E; } wolfSSL_CryptHwMutexUnLock(); return ret; } -#endif /* WC_NO_RNG */ +#endif /* !WC_NO_RNG */ /* Used for sha/sha224/sha384/sha512 */ int se050_hash_init(SE050_HASH_Context* se050Ctx, void* heap) @@ -108,81 +125,61 @@ int se050_hash_update(SE050_HASH_Context* se050Ctx, const byte* data, word32 len if (se050Ctx == NULL || (len > 0 && data == NULL)) { return BAD_FUNC_ARG; } - + if (se050Ctx->len < se050Ctx->used + len) { if (se050Ctx->msg == NULL) { - se050Ctx->msg = (byte*)XMALLOC(se050Ctx->used + len, se050Ctx->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (se050Ctx->msg == NULL) { - return MEMORY_E; - } - } + se050Ctx->msg = (byte*)XMALLOC(se050Ctx->used + len, + se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + } else { - byte* pt = (byte*)XREALLOC(se050Ctx->msg, se050Ctx->used + len, se050Ctx->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (pt == NULL) { - return MEMORY_E; - } - se050Ctx->msg = pt; + se050Ctx->msg = (byte*)XREALLOC(se050Ctx->msg, se050Ctx->used + len, + se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + if (se050Ctx->msg == NULL) { + return MEMORY_E; } se050Ctx->len = se050Ctx->used + len; } + XMEMCPY(se050Ctx->msg + se050Ctx->used, data , len); se050Ctx->used += len; + return 0; } -int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash, size_t digestLen, sss_algorithm_t algo) +int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash, size_t digestLen, + sss_algorithm_t algo) { sss_status_t status; sss_digest_t digest_ctx; - // XMEMSET(&digest_ctx, 0, sizeof(digest_ctx)); - - const byte* data = se050Ctx->msg; - int size = (se050Ctx->len) / SSS_BLOCK_SIZE; - int leftover = (se050Ctx->len) % SSS_BLOCK_SIZE; - const byte* blocks; - blocks = data; - - - if (wolfSSL_CryptHwMutexLock() == 0) { - status = sss_digest_context_init(&digest_ctx, cfg_se050_i2c_pi, algo, kMode_SSS_Digest); - if(status != kStatus_SSS_Success){ - printf("error 1\n"); - return -1; - } - - status = sss_digest_init(&digest_ctx); - if(status != kStatus_SSS_Success){ - printf("error 2 - hash_final...\n"); - return -1; - } - /* used to send chunks of size 512 */ - while (size--) { - status = sss_digest_update(&digest_ctx, blocks, SSS_BLOCK_SIZE); - if(status != kStatus_SSS_Success){ - printf("error 3\n"); - return -1; - } - blocks += SSS_BLOCK_SIZE; - } - if (leftover) { - status = sss_digest_update(&digest_ctx, blocks, leftover); - if(status != kStatus_SSS_Success){ - printf("error 3\n"); - return -1; - } - } - - status = sss_digest_finish(&digest_ctx, hash, &digestLen); - if(status != kStatus_SSS_Success){ - printf("error 4\n"); - return -1; - } - sss_digest_context_free(&digest_ctx); + const byte* data = se050Ctx->msg; + int size = (se050Ctx->len) / SSS_BLOCK_SIZE; + int leftover = (se050Ctx->len) % SSS_BLOCK_SIZE; + const byte* blocks = data; + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; } + status = sss_digest_context_init(&digest_ctx, cfg_se050_i2c_pi, algo, + kMode_SSS_Digest); + if (status == kStatus_SSS_Success) { + status = sss_digest_init(&digest_ctx); + } + if (status == kStatus_SSS_Success) { + /* used to send chunks of size 512 */ + while (status == kStatus_SSS_Success && size--) { + status = sss_digest_update(&digest_ctx, blocks, SSS_BLOCK_SIZE); + blocks += SSS_BLOCK_SIZE; + } + if (status == kStatus_SSS_Success && leftover) { + status = sss_digest_update(&digest_ctx, blocks, leftover); + } + if (status == kStatus_SSS_Success) { + status = sss_digest_finish(&digest_ctx, hash, &digestLen); + } + sss_digest_context_free(&digest_ctx); + wolfSSL_CryptHwMutexUnLock(); return 0; @@ -197,55 +194,64 @@ void se050_hash_free(SE050_HASH_Context* se050Ctx) int se050_aes_set_key(Aes* aes, const byte* key, word32 len, const byte* iv, int dir) { - printf("\n\nrunning se050_set_key\n"); - (void)dir; - (void)iv; sss_status_t status; - aes->rounds = len/4 + 6; sss_object_t newKey; sss_key_store_t host_keystore; - uint32_t keyId = se050_allocate_key(); - aes->keyId = keyId; + int keyId = se050_allocate_key(); int ret = BAD_MUTEX_E; - - if (wolfSSL_CryptHwMutexLock() == 0) { - ret = 0; - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); - if (status == kStatus_SSS_Success) { - status = sss_key_store_allocate(&host_keystore, 55); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&newKey, &host_keystore); - } -/* aes_test runs perfectly with kKeyObject_Mode_Persistent, but might have caused previous board to have no free key slots */ - if (status == kStatus_SSS_Success) { - status = sss_key_object_allocate_handle(&newKey, keyId, kSSS_KeyPart_Default, - kSSS_CipherType_AES, len, - kKeyObject_Mode_Transient); //kKeyObject_Mode_Persistent - } + WOLFSSL_MSG("se050_set_key"); - if (status == kStatus_SSS_Success) { - status = sss_key_store_set_key(&host_keystore, &newKey, key, len, - len * 8, NULL, 0); - } + (void)dir; + (void)iv; + + aes->rounds = len/4 + 6; + aes->keyId = keyId; + + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; } + + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 55); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&newKey, &host_keystore); + } + + /* aes_test runs perfectly with kKeyObject_Mode_Persistent, + * but might have caused previous board to have no free key slots */ + if (status == kStatus_SSS_Success) { + status = sss_key_object_allocate_handle(&newKey, keyId, + kSSS_KeyPart_Default, kSSS_CipherType_AES, len, + kKeyObject_Mode_Transient); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_store_set_key(&host_keystore, &newKey, key, len, + len * 8, NULL, 0); + } + wolfSSL_CryptHwMutexUnLock(); - if (status != kStatus_SSS_Success) + if (status != kStatus_SSS_Success) ret = WC_HW_E; return ret; } -int se050_aes_crypt(Aes* aes, const byte* in, byte* out, word32 sz, int dir, sss_algorithm_t algorithm) -{ +int se050_aes_crypt(Aes* aes, const byte* in, byte* out, word32 sz, int dir, + sss_algorithm_t algorithm) +{ sss_status_t status; sss_object_t keyObject; sss_mode_t mode; sss_key_store_t host_keystore; int ret = BAD_MUTEX_E; + XMEMSET(&mode, 0, sizeof(mode)); if (dir == AES_DECRYPTION) @@ -253,42 +259,45 @@ int se050_aes_crypt(Aes* aes, const byte* in, byte* out, word32 sz, int dir, sss else if (dir == AES_ENCRYPTION) mode = kMode_SSS_Encrypt; - if (wolfSSL_CryptHwMutexLock() == 0) { - ret = 0; + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; + } - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); - + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 55); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&keyObject, &host_keystore); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_get_handle(&keyObject, aes->keyId); + } + + /* The first call to this function needs an initialization call, + * subsequent calls just need to call update */ + if (aes->ctxInitDone == 0) { + aes->ctxInitDone = 1; if (status == kStatus_SSS_Success) { - status = sss_key_store_allocate(&host_keystore, 55); + status = sss_symmetric_context_init(&aes->aes_ctx, + cfg_se050_i2c_pi, &keyObject, algorithm, mode); } if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&keyObject, &host_keystore); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_get_handle(&keyObject, aes->keyId); - } - - /* The first call to this function needs an initialization call, subsequent calls just need to call update */ - if (aes->ctxInitDone == 0) { - aes->ctxInitDone = 1; - if (status == kStatus_SSS_Success) { - status = sss_symmetric_context_init(&aes->aes_ctx, cfg_se050_i2c_pi, - &keyObject, algorithm, mode); - } - - if (status == kStatus_SSS_Success) { - status = sss_cipher_init(&aes->aes_ctx, (uint8_t *)aes->reg, sizeof(aes->reg)); - } - } - if (status == kStatus_SSS_Success) { - status = sss_cipher_update(&aes->aes_ctx, in, sz, out, &sz); + status = sss_cipher_init(&aes->aes_ctx, (uint8_t*)aes->reg, + sizeof(aes->reg)); } } + if (status == kStatus_SSS_Success) { + status = sss_cipher_update(&aes->aes_ctx, in, sz, out, &sz); + } + wolfSSL_CryptHwMutexUnLock(); - if (status != kStatus_SSS_Success) + if (status != kStatus_SSS_Success) ret = WC_HW_E; return ret; } @@ -298,46 +307,35 @@ void se050_aes_free(Aes* aes) sss_status_t status; sss_key_store_t host_keystore; sss_object_t keyObject; - aes->ctxInitDone = 0; /* sets back to zero to indicate that a free has been called */ - if (wolfSSL_CryptHwMutexLock() == 0) { - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); - - if (status == kStatus_SSS_Success) { - status = sss_key_store_allocate(&host_keystore, 55); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&keyObject, &host_keystore); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_get_handle(&keyObject, aes->keyId); - } - sss_key_object_free(&keyObject); - - sss_symmetric_context_free(&aes->aes_ctx); + /* sets back to zero to indicate that a free has been called */ + aes->ctxInitDone = 0; + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; } + + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 55); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&keyObject, &host_keystore); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_get_handle(&keyObject, aes->keyId); + } + sss_key_object_free(&keyObject); + + sss_symmetric_context_free(&aes->aes_ctx); + wolfSSL_CryptHwMutexUnLock(); } -#endif /* NO_AES */ - -#ifdef WOLFSSL_SP_MATH - struct sp_int; - #define MATH_INT_T struct sp_int -#elif defined(USE_FAST_MATH) - struct fp_int; - #define MATH_INT_T struct fp_int -#else - struct mp_int; - #define MATH_INT_T struct mp_int -#endif -struct ecc_key; -#include -#include - +#endif /* !NO_AES */ #ifdef HAVE_ECC int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out, @@ -347,13 +345,11 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out, sss_asymmetric_t ctx_asymm; sss_key_store_t host_keystore; sss_object_t newKey; - sss_algorithm_t algorithm; - XMEMSET(&algorithm, 0, sizeof(algorithm)); - - uint32_t keyId = se050_allocate_key(); + sss_algorithm_t algorithm = kAlgorithm_None; + int keyId = se050_allocate_key(); int keysize = (word32)key->dp->size; int ret = BAD_MUTEX_E; - + /* truncate if digest is larger than 64 */ if (inLen > 64) inLen = 64; @@ -369,73 +365,71 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out, else if (inLen == 64) algorithm = kAlgorithm_SSS_SHA512; - - if (wolfSSL_CryptHwMutexLock() == 0) { - ret = 0; - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); - - if (status == kStatus_SSS_Success) { - status = sss_key_store_allocate(&host_keystore, 70); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&newKey, &host_keystore); - } - - - if (status == kStatus_SSS_Success) { - status = sss_key_object_allocate_handle(&newKey, keyId, kSSS_KeyPart_Pair, - kSSS_CipherType_EC_NIST_P, keysize, - kKeyObject_Mode_Transient); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_store_generate_key(&host_keystore, &newKey, - keysize * 8, NULL); - } - - if (status == kStatus_SSS_Success) { - status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi, - &newKey, algorithm, kMode_SSS_Sign); - } - - if (status == kStatus_SSS_Success) { - status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t *)in, inLen, - out, outLen); - } - sss_asymmetric_context_free(&ctx_asymm); - - + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; } - wolfSSL_CryptHwMutexUnLock(); - - if (status != kStatus_SSS_Success) - ret = WC_HW_E; - - key->keyId = keyId; - return ret; + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 70); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&newKey, &host_keystore); + } + + + if (status == kStatus_SSS_Success) { + status = sss_key_object_allocate_handle(&newKey, keyId, + kSSS_KeyPart_Pair, kSSS_CipherType_EC_NIST_P, keysize, + kKeyObject_Mode_Transient); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_store_generate_key(&host_keystore, &newKey, + keysize * 8, NULL); + } + + if (status == kStatus_SSS_Success) { + status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi, + &newKey, algorithm, kMode_SSS_Sign); + } + + if (status == kStatus_SSS_Success) { + status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t *)in, inLen, + out, outLen); + } + sss_asymmetric_context_free(&ctx_asymm); + + wolfSSL_CryptHwMutexUnLock(); + + if (status == kStatus_SSS_Success) { + key->keyId = keyId; + ret = 0; + } + else { + ret = WC_HW_E; + } + + return ret; } int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* signature, word32 signatureLen, struct ecc_key* key, int* res) { - printf("runing verify!\n"); - sss_status_t status; sss_asymmetric_t ctx_asymm; sss_object_t newKey; sss_key_store_t host_keystore; - sss_algorithm_t algorithm; - - XMEMSET(&algorithm, 0, sizeof(algorithm)); - + sss_algorithm_t algorithm = kAlgorithm_None; word32 derSz = 0; - int ret = WC_HW_E; - byte* derBuf; - uint32_t keyId = rand(); + int ret; int keySize = (word32)key->dp->size; - *res = 0; + + WOLFSSL_MSG("se050_ecc_verify_hash_ex"); + + *res = 0; if (hashLen > 64) hashLen = 64; @@ -451,99 +445,97 @@ int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* signature, else if (hashLen == 64) algorithm = kAlgorithm_SSS_SHA512; - printf("KeyId 3 = %d\n", key->keyId); - - if (wolfSSL_CryptHwMutexLock() == 0) { - if (key->keyId == 0) { //this is run when a key was not generated and was instead passed in - - ret = wc_EccKeyToPKCS8(key, NULL, &derSz); - if (ret != -202){ - printf("first wc_EccKeyToPKCS8 failed\n"); - return -1; - } - derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); - ret = wc_EccKeyToPKCS8(key, derBuf, &derSz); - if (ret <= 0){ - printf("second wc_EccKeyToPKCS8 failed, ret = %d\n", ret); - return -1; - } + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; + } - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); - - if (status == kStatus_SSS_Success) { - status = sss_key_store_allocate(&host_keystore, 61); - } + /* this is run when a key was not generated and was instead passed in */ + if (key->keyId == 0) { + int keyId = se050_allocate_key(); + byte* derBuf = NULL; - if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&newKey, &host_keystore); - } - - - if (status == kStatus_SSS_Success) { - status = sss_key_object_allocate_handle(&newKey, keyId, kSSS_KeyPart_Pair, - kSSS_CipherType_EC_NIST_P, derSz, - kKeyObject_Mode_Transient); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_store_set_key(&host_keystore, &newKey, derBuf, - derSz, keySize * 8, NULL, 0); - } - - if (status == kStatus_SSS_Success) { - status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi, - &newKey, algorithm, kMode_SSS_Verify); - } - - printf("ran through inital key setup !\n"); - - - if (status == kStatus_SSS_Success) { - status = sss_asymmetric_verify_digest(&ctx_asymm, (uint8_t *)hash, - hashLen, signature, signatureLen); - } - - sss_asymmetric_context_free(&ctx_asymm); - printf("sss_asymmetric_verify_digest with set key worked!\n\n\n"); - - } - else if (key->keyId != 0) { //this is run after a sign function has taken place - ret = 0; - - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); - - if (status == kStatus_SSS_Success) - status = sss_key_store_allocate(&host_keystore, 60); - - if (status == kStatus_SSS_Success) - status = sss_key_object_init(&newKey, &host_keystore); - - if (status == kStatus_SSS_Success) - status = sss_key_object_get_handle(&newKey, key->keyId); - - if (status == kStatus_SSS_Success) { - status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi, - &newKey, algorithm, kMode_SSS_Verify); - } - - if (status == kStatus_SSS_Success) { - status = sss_asymmetric_verify_digest(&ctx_asymm, (uint8_t *)hash, - hashLen, signature, signatureLen); - } - - sss_asymmetric_context_free(&ctx_asymm); + ret = wc_EccKeyToPKCS8(key, NULL, &derSz); + if (ret != LENGTH_ONLY_E) { + return ret; } + derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + return MEMORY_E; + } + ret = wc_EccKeyToPKCS8(key, derBuf, &derSz); + if (ret <= 0) { + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 61); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&newKey, &host_keystore); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_allocate_handle(&newKey, keyId, + kSSS_KeyPart_Pair, kSSS_CipherType_EC_NIST_P, derSz, + kKeyObject_Mode_Transient); + } + if (status == kStatus_SSS_Success) { + status = sss_key_store_set_key(&host_keystore, &newKey, derBuf, + derSz, keySize * 8, NULL, 0); + } + if (derBuf) { + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + if (status == kStatus_SSS_Success) { + status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi, + &newKey, algorithm, kMode_SSS_Verify); + } + if (status == kStatus_SSS_Success) { + status = sss_asymmetric_verify_digest(&ctx_asymm, (uint8_t *)hash, + hashLen, signature, signatureLen); + } + + sss_asymmetric_context_free(&ctx_asymm); + + key->keyId = keyId; + } + /* this is run after a sign function has taken place */ + else if (key->keyId != 0) { + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 60); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&newKey, &host_keystore); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_get_handle(&newKey, key->keyId); + } + if (status == kStatus_SSS_Success) { + status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi, + &newKey, algorithm, kMode_SSS_Verify); + } + if (status == kStatus_SSS_Success) { + status = sss_asymmetric_verify_digest(&ctx_asymm, (uint8_t *)hash, + hashLen, signature, signatureLen); + } + + sss_asymmetric_context_free(&ctx_asymm); } wolfSSL_CryptHwMutexUnLock(); - if (status != kStatus_SSS_Success) + if (status == kStatus_SSS_Success) { + *res = 1; + ret = 0; + } + else { ret = WC_HW_E; + } - printf("ran verify correctly!!\n\n\n"); - - - *res = 1; return 0; } @@ -555,89 +547,93 @@ int se050_ecc_free_key(struct ecc_key* key) int ret = WC_HW_E; sss_key_store_t host_keystore; - /* less tha 10,000 as one example from test.c tried to free a key that was not created on the SE050 */ - if(key->keyId != 0 && key->keyId < 10000) { - if (wolfSSL_CryptHwMutexLock() == 0) { - ret = 0; - - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); - - if (status == kStatus_SSS_Success) - status = sss_key_store_allocate(&host_keystore, 60); - - if (status == kStatus_SSS_Success) - status = sss_key_object_init(&keyObject, &host_keystore); - - if (status == kStatus_SSS_Success) - status = sss_key_object_get_handle(&keyObject, key->keyId); - - if (status == kStatus_SSS_Success) - sss_key_object_free(&keyObject); - } + if (key->keyId <= 0) { + return BAD_FUNC_ARG; } - wolfSSL_CryptHwMutexUnLock(); - if (status != kStatus_SSS_Success) + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; + } + + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 60); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&keyObject, &host_keystore); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_get_handle(&keyObject, key->keyId); + } + if (status == kStatus_SSS_Success) { + sss_key_object_free(&keyObject); + } + wolfSSL_CryptHwMutexUnLock(); + + if (status != kStatus_SSS_Success) { ret = WC_CLEANUP_E; + } return ret; } -int se050_ecc_create_key(struct ecc_key* key, int keyId, int keySize) +int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize) { - sss_status_t status = kStatus_SSS_Success; - sss_object_t keyPair; - sss_key_store_t host_keystore; - - uint8_t keyPairExport[128]; - size_t keyPairExportLen = sizeof(keyPairExport); - size_t keyPairExportBitLen = sizeof(keyPairExport) * 8; - int ret = WC_HW_E; + sss_status_t status = kStatus_SSS_Success; + sss_object_t keyPair; + sss_key_store_t host_keystore; + int keyId = se050_allocate_key(); + uint8_t keyPairExport[MAX_ECC_BYTES]; + size_t keyPairExportLen = sizeof(keyPairExport); + size_t keyPairExportBitLen = sizeof(keyPairExport) * 8; + int ret; + (void)curve_id; - if (wolfSSL_CryptHwMutexLock() == 0) { - ret = 0; - - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); - if (status == kStatus_SSS_Success) { - status = sss_key_store_allocate(&host_keystore, 60); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&keyPair, &host_keystore); - } - - - if (status == kStatus_SSS_Success) { - status = sss_key_object_allocate_handle(&keyPair, keyId, kSSS_KeyPart_Pair, - kSSS_CipherType_EC_NIST_P, 256, - kKeyObject_Mode_None); //kKeyObject_Mode_Transient - } - - if (status == kStatus_SSS_Success) { - status = sss_key_store_generate_key(&host_keystore, &keyPair, 256, NULL); - } - - - if (status == kStatus_SSS_Success) { - status = sss_key_store_get_key(&host_keystore, &keyPair, keyPairExport, - &keyPairExportLen, &keyPairExportBitLen); - } + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; } - wolfSSL_CryptHwMutexUnLock(); - if (status != kStatus_SSS_Success) - ret = WC_CLEANUP_E; + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 60); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&keyPair, &host_keystore); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_allocate_handle(&keyPair, keyId, + kSSS_KeyPart_Pair, kSSS_CipherType_EC_NIST_P, 256, + kKeyObject_Mode_None); + } + if (status == kStatus_SSS_Success) { + status = sss_key_store_generate_key(&host_keystore, &keyPair, + 256, NULL); + } + if (status == kStatus_SSS_Success) { + status = sss_key_store_get_key(&host_keystore, &keyPair, + keyPairExport, &keyPairExportLen, &keyPairExportBitLen); + } - mp_read_unsigned_bin(key->pubkey.x, keyPairExport, keySize); - mp_read_unsigned_bin(key->pubkey.y, keyPairExport + keySize, keySize); + wolfSSL_CryptHwMutexUnLock(); + + if (status == kStatus_SSS_Success) { + mp_read_unsigned_bin(key->pubkey.x, keyPairExport, keySize); + mp_read_unsigned_bin(key->pubkey.y, keyPairExport + keySize, keySize); + key->keyId = keyId; + ret = 0; + } + else { + ret = WC_HW_E; + } return ret; } -int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, - word32* outlen) +int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, + byte* out, word32* outlen) { sss_status_t status = kStatus_SSS_Success; sss_key_store_t host_keystore; @@ -646,90 +642,88 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out sss_object_t ref_public_key; sss_object_t deriveKey; sss_derive_key_t ctx_derive_key; - int keyId = se050_allocate_key(); + int keyId; int keySize = (word32)public_key->dp->size; size_t ecdhKeyLen = keySize; size_t ecdhKeyBitLen = keySize; int ret = WC_HW_E; - - if (public_key->keyId == 0) { - public_key->keyId = se050_allocate_key(); - se050_ecc_create_key(public_key, public_key->keyId, keySize); - - } - if (private_key->keyId == 0) { - private_key->keyId = se050_allocate_key(); - se050_ecc_create_key(private_key, private_key->keyId, keySize); + if (private_key->keyId <= 0 || public_key->keyId <= 0) { + return BAD_FUNC_ARG; } - if (wolfSSL_CryptHwMutexLock() == 0) { + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; + } + + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 60); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&ref_public_key, &host_keystore); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_get_handle(&ref_public_key, public_key->keyId); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_store_context_init(&host_keystore_2, cfg_se050_i2c_pi); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore_2, 60); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&ref_private_key, &host_keystore_2); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_get_handle(&ref_private_key, private_key->keyId); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&deriveKey, hostKeyStore); + } + + if (status == kStatus_SSS_Success) { + keyId = se050_allocate_key(); + + status = sss_key_object_allocate_handle(&deriveKey, + keyId, + kSSS_KeyPart_Default, + kSSS_CipherType_AES, + ecdhKeyLen, + kKeyObject_Mode_Transient); + } + + if (status == kStatus_SSS_Success) { + status = sss_derive_key_context_init(&ctx_derive_key, cfg_se050_i2c_pi, + &ref_private_key, kAlgorithm_SSS_ECDH, + kMode_SSS_ComputeSharedSecret); + } + + if (status == kStatus_SSS_Success) { + status = sss_derive_key_dh(&ctx_derive_key, &ref_public_key, &deriveKey); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_store_get_key(hostKeyStore, &deriveKey, out, outlen, + &ecdhKeyBitLen); + } + if (ctx_derive_key.session != NULL) + sss_derive_key_context_free(&ctx_derive_key); + if (deriveKey.keyStore != NULL) + sss_key_object_free(&deriveKey); + + if (status == kStatus_SSS_Success) ret = 0; - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); - - if (status == kStatus_SSS_Success) { - status = sss_key_store_allocate(&host_keystore, 60); - } + else + ret = WC_HW_E; - if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&ref_public_key, &host_keystore); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_get_handle(&ref_public_key, public_key->keyId); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_store_context_init(&host_keystore_2, cfg_se050_i2c_pi); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_store_allocate(&host_keystore_2, 60); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&ref_private_key, &host_keystore_2); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_get_handle(&ref_private_key, private_key->keyId); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&deriveKey, hostKeyStore); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_allocate_handle(&deriveKey, - keyId, - kSSS_KeyPart_Default, //try kSSS_KeyPart_Part, didn't have any noticable changes - kSSS_CipherType_AES, - ecdhKeyLen, - kKeyObject_Mode_Transient); //try kKeyObject_Mode_None - } - - if (status == kStatus_SSS_Success) { - status = sss_derive_key_context_init(&ctx_derive_key, cfg_se050_i2c_pi, - &ref_private_key, kAlgorithm_SSS_ECDH, - kMode_SSS_ComputeSharedSecret); - } - - if (status == kStatus_SSS_Success) { - status = sss_derive_key_dh(&ctx_derive_key, &ref_public_key, &deriveKey); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_store_get_key(hostKeyStore, &deriveKey, out, outlen, - &ecdhKeyBitLen); - } - if (ctx_derive_key.session != NULL) - sss_derive_key_context_free(&ctx_derive_key); - if (deriveKey.keyStore != NULL) - sss_key_object_free(&deriveKey); - - if (status != kStatus_SSS_Success) - ret = WC_HW_E; - } wolfSSL_CryptHwMutexUnLock(); return ret; @@ -738,190 +732,187 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out #ifdef HAVE_ED25519 - int se050_ed25519_create_key(ed25519_key* key) { - printf("\n\nrunning se050_ed25519_create_key\n"); sss_status_t status; sss_key_store_t host_keystore; sss_object_t newKey; int keysize = ED25519_KEY_SIZE; - uint32_t keyId = se050_allocate_key(); - key->keyId = keyId; + int keyId; int ret = 0; - if (wolfSSL_CryptHwMutexLock() == 0) { - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); - - if (status == kStatus_SSS_Success) { - status = sss_key_store_allocate(&host_keystore, 55); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&newKey, &host_keystore); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_allocate_handle(&newKey, keyId, kSSS_KeyPart_Pair, - kSSS_CipherType_EC_TWISTED_ED, keysize, - kKeyObject_Mode_Transient); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_store_generate_key(&host_keystore, &newKey, keysize * 8, NULL); - } - - if (status != kStatus_SSS_Success) { - sss_key_object_free(&newKey); - ret = WC_HW_E; - } - + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; } + + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 55); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&newKey, &host_keystore); + } + + if (status == kStatus_SSS_Success) { + keyId = se050_allocate_key(); + status = sss_key_object_allocate_handle(&newKey, keyId, + kSSS_KeyPart_Pair, kSSS_CipherType_EC_TWISTED_ED, keysize, + kKeyObject_Mode_Transient); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_store_generate_key(&host_keystore, &newKey, + keysize * 8, NULL); + } + + if (status == kStatus_SSS_Success) { + key->keyId = keyId; + ret = 0; + } + else { + sss_key_object_free(&newKey); + ret = WC_HW_E; + } + wolfSSL_CryptHwMutexUnLock(); - - printf("ran se050_ed25519_create_key\n\n\n"); return ret; } void se050_ed25519_free_key(ed25519_key* key) { - sss_status_t status; - sss_object_t newKey; - sss_key_store_t host_keystore; + sss_status_t status; + sss_object_t newKey; + sss_key_store_t host_keystore; - if (wolfSSL_CryptHwMutexLock() == 0) { + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; + } - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); - - if (status == kStatus_SSS_Success) { - status = sss_key_store_allocate(&host_keystore, 60); - } - if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&newKey, &host_keystore); - } - if (status == kStatus_SSS_Success) { - status = sss_key_object_get_handle(&newKey, key->keyId); - } - if (status == kStatus_SSS_Success) { - sss_key_object_free(&newKey); - } - } - wolfSSL_CryptHwMutexUnLock(); + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 55); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&newKey, &host_keystore); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_get_handle(&newKey, key->keyId); + } + if (status == kStatus_SSS_Success) { + sss_key_object_free(&newKey); + } + wolfSSL_CryptHwMutexUnLock(); } - int se050_ed25519_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen, ed25519_key* key) { - printf("\n\nhit se050_ed25519_sign_msg...\n"); sss_status_t status = kStatus_SSS_Success; sss_asymmetric_t ctx_asymm; - sss_key_store_t host_keystore; + sss_key_store_t host_keystore; sss_object_t newKey; int ret = 0; - inLen = 64; - *outLen = 64; - /* used to fix edge case when ed25519_init is not called prior to signing */ - /* figure out if needed or not for -10801 */ - if (key->keyId > 10000 || key->keyId == 0) { - key->keyId = se050_allocate_key(); - ret = se050_ed25519_create_key(key); - if (ret != 0) { - printf("calling se050_ed25519_create_key failed..., ret = %d\n", ret); - } + inLen = 64; + *outLen = 64; + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; } - if (wolfSSL_CryptHwMutexLock() == 0 && ret == 0) { - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); - if (status == kStatus_SSS_Success) { - status = sss_key_store_allocate(&host_keystore, 60); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&newKey, &host_keystore); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_get_handle(&newKey, key->keyId); - } - - if (status == kStatus_SSS_Success) { - status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi, - &newKey, kAlgorithm_SSS_SHA512, kMode_SSS_Sign); - } - - if (status == kStatus_SSS_Success) { - status = sss_se05x_asymmetric_sign((sss_se05x_asymmetric_t *)&ctx_asymm, - (uint8_t *)in, inLen, out, outLen); - } - - if(status != kStatus_SSS_Success){ - printf("status != kStatus_SSS_Success, status = %d\n", status); - sss_key_object_free(&newKey); - ret = WC_HW_E; - } - sss_asymmetric_context_free(&ctx_asymm); + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 55); } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&newKey, &host_keystore); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_get_handle(&newKey, key->keyId); + } + + if (status == kStatus_SSS_Success) { + status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi, + &newKey, kAlgorithm_SSS_SHA512, kMode_SSS_Sign); + } + + if (status == kStatus_SSS_Success) { + status = sss_se05x_asymmetric_sign((sss_se05x_asymmetric_t *)&ctx_asymm, + (uint8_t *)in, inLen, out, outLen); + } + + sss_asymmetric_context_free(&ctx_asymm); + + if (status != kStatus_SSS_Success) { + sss_key_object_free(&newKey); + ret = WC_HW_E; + } + wolfSSL_CryptHwMutexUnLock(); - return ret; + return ret; } -int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen, const byte* msg, - word32 msgLen, struct ed25519_key* key, int* res) +int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen, + const byte* msg, word32 msgLen, struct ed25519_key* key, int* res) { - printf("runing se050_ed25519_verify_msg!\n"); - sss_status_t status = kStatus_SSS_Success; sss_asymmetric_t ctx_asymm; sss_object_t newKey; sss_key_store_t host_keystore; int ret = 0; - msgLen = 64; - *res = 1; - if (wolfSSL_CryptHwMutexLock() == 0) { - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + msgLen = 64; - if (status == kStatus_SSS_Success) { - status = sss_key_store_allocate(&host_keystore, 61); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_init(&newKey, &host_keystore); - } - - if (status == kStatus_SSS_Success) { - status = sss_key_object_get_handle(&newKey, key->keyId); - } - - if (status == kStatus_SSS_Success) { - status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi, - &newKey, kAlgorithm_SSS_SHA512, kMode_SSS_Verify); - } - - if (status == kStatus_SSS_Success) { - status = sss_se05x_asymmetric_verify((sss_se05x_asymmetric_t *)&ctx_asymm, - (uint8_t *)msg, msgLen, - (uint8_t *)signature, (size_t)signatureLen); - } - - sss_asymmetric_context_free(&ctx_asymm); + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; } + + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, 61); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&newKey, &host_keystore); + } + + if (status == kStatus_SSS_Success) { + status = sss_key_object_get_handle(&newKey, key->keyId); + } + + if (status == kStatus_SSS_Success) { + status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi, + &newKey, kAlgorithm_SSS_SHA512, kMode_SSS_Verify); + } + + if (status == kStatus_SSS_Success) { + status = sss_se05x_asymmetric_verify( + (sss_se05x_asymmetric_t*)&ctx_asymm, (uint8_t*)msg, msgLen, + (uint8_t*)signature, (size_t)signatureLen); + } + + sss_asymmetric_context_free(&ctx_asymm); + wolfSSL_CryptHwMutexUnLock(); - if (status != kStatus_SSS_Success) { + if (status == kStatus_SSS_Success) { + *res = 1; + } + else { ret = WC_HW_E; - *res = 0; } return ret; } #endif /* HAVE_ED25519 */ -#endif /* SE050 */ +#endif /* WOLFSSL_SE050 */ diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 41e0f682a..722e49a1d 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -2582,7 +2582,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) (void)os; - if(output == NULL) { + if (output == NULL) { return BUFFER_E; } ret = wolfSSL_CryptHwMutexLock(); diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 925519168..3952200c1 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -347,7 +347,6 @@ (void)devId; return se050_hash_init(&sha->se050Ctx, heap); - } int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 558325832..13aef4ba0 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -49,6 +49,10 @@ #include #endif +#ifdef WOLFSSL_SE050 + #include +#endif + /* deprecated USE_SLOW_SHA2 (replaced with USE_SLOW_SHA512) */ #if defined(USE_SLOW_SHA2) && !defined(USE_SLOW_SHA512) #define USE_SLOW_SHA512 @@ -200,7 +204,6 @@ /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ #elif defined(WOLFSSL_SE050) - //#include int wc_InitSha512(wc_Sha512* sha512) { if (sha512 == NULL) @@ -224,17 +227,31 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash) { int ret = 0; + int devId = INVALID_DEVID; + if (sha512 == NULL) { + return BAD_FUNC_ARG; + } + #ifdef WOLF_CRYPTO_CB + devId = sha512->devId; + #endif ret = se050_hash_final(&sha512->se050Ctx, hash, WC_SHA512_DIGEST_SIZE, kAlgorithm_SSS_SHA512); - (void)wc_InitSha512_ex(sha512); + (void)wc_InitSha512_ex(sha512, sha512->heap, devId); return ret; } int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash) { int ret = 0; + int devId = INVALID_DEVID; + if (sha512 == NULL) { + return BAD_FUNC_ARG; + } + #ifdef WOLF_CRYPTO_CB + devId = sha512->devId; + #endif ret = se050_hash_final(&sha512->se050Ctx, hash, WC_SHA512_DIGEST_SIZE, kAlgorithm_SSS_SHA512); - (void)wc_InitSha512(sha512); + (void)wc_InitSha512_ex(sha512, sha512->heap, devId); return ret; } void wc_Sha512Free(wc_Sha512* sha512) @@ -948,6 +965,7 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) #else +#ifndef WOLFSSL_SE050 static WC_INLINE int Sha512Final(wc_Sha512* sha512) { byte* local = (byte*)sha512->buffer; @@ -1207,6 +1225,7 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) } #endif /* OPENSSL_EXTRA */ #endif /* WOLFSSL_SHA512 */ +#endif /* WOLFSSL_SE050 */ /* -------------------------------------------------------------------------- */ /* SHA384 */ @@ -1217,8 +1236,6 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) !defined(WOLFSSL_QNX_CAAM) /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */ #elif defined(WOLFSSL_SE050) - #include - int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) { if (sha384 == NULL) { diff --git a/wolfssl/wolfcrypt/port/nxp/README.md b/wolfssl/wolfcrypt/port/nxp/README.md deleted file mode 100644 index 1e1e37bf3..000000000 --- a/wolfssl/wolfcrypt/port/nxp/README.md +++ /dev/null @@ -1,68 +0,0 @@ - -# NXP Ports - -Support for the NXP DCP, KSDK and SE050 hardware acceleration boards. - -## NXP SE050 -Support for the SE050 on-board crypto hardware acceleration for symmetric AES, SHA1/SHA256/SHA384/SHA512, ECC (including ed25519) and RNG. **(discuss p-256 ECC)** - -## SE050 Acceleration -For details about SE050 HW acceleration, see [NXP's SE050 page](https://www.nxp.com/products/security-and-authentication/authentication/edgelock-se050-plug-trust-secure-element-family-enhanced-iot-security-with-maximum-flexibility:SE050). - -## Building - -To enable support run: -``` -./configure --with-se050=PATH -``` -Followed by: -``` -make && make install -``` -With PATH being the directory location of simw-top. - -The code required to communicate with the SE050 can be found at this NXP [link](https://www.nxp.com/products/security-and-authentication/authentication/edgelock-se050-plug-trust-secure-element-family-enhanced-iot-security-with-maximum-flexibility:SE050?tab=Design_Tools_Tab) (An NXP account is required to download). Follow the instructions [here](https://www.nxp.com/docs/en/application-note/AN12570.pdf) to install and setup with a Raspberry Pi. -Confirm that you are able to run the examples from the -``` -/simw-top_build/raspbian_native_se050_t1oi2c/bin/ -``` -directory. Once that's done, it's time to modify one of those examples in order to tie into wolfSSL. -The ``./se05x_Minimal `` is the easiest one to modify. Open the ``simw-top/demos/se05x/se05x_Minimal `` directory and edit ``se05x_Minimal.c``. Add these headers to source file: -``` -#include -#include -#include -``` -If you would like to run our wolfcrypt test or benchmark tool, add: -``#include "test.h"`` or ``#include benchmark.h``, respectively. Below is the code that was replaced in ``ex_sss_entry()`` that ran the wolfcrypt test: -``` - sss_status_t status = kStatus_SSS_Success; - int ret; - - sss_session_t *pSession2 = (sss_session_t *)&pCtx->session; - sss_key_store_t *pHostSession = (sss_key_store_t *)&pCtx->host_ks; - - LOG_I("running setconfig"); - ret = wolfcrypt_se050_SetConfig(pSession2, pHostSession); - if (ret != 0) { - return kStatus_SSS_Fail; - } - LOG_I("ran setconfig correctly"); - wolfcrypt_test(NULL); - - LOG_I("ran wolfcrypt test"); - return status; -``` - -``wolfcrypt_test(NULL);`` can be replaced with ``benchmark_test();`` -The two variables used in ``wolfcrypt_se050_SetConfig`` are session and key store variables that are required to reference parts of the hardware. - -Next, the Makefile needs to be edited. -At the top of the Makefile, the base wolfssl directory needs to be added to ``INCLUDE_FLAGS``. Next, Inside ``CFLAGS``, the ``se05x_Minimal`` directory needs to be added so that test.c and benchmark.c are included. Finally, underneath 'all', test.c, test.h, benchmark.c and benchmark.h need to be added, along with ``-L (wolfssl directory) -lwolfssl`` at the end of the line. -## Wolfcrypt Test -To run the wolfcrypt test, two files, ``test.h`` and ``test.c`` need to be added to the ``./se05x_Minimal`` directory. These files can be found inside of ``/wolfcrypt/test``. -Next, ``#define NO_MAIN_DRIVER`` needs to be added to test.h. -You should be able to run `wolfcrypt_test()` now. - -## Benchmark -To run the benchmark, both ``benchmark.c`` and ``benchmark.h`` need to be copied from wolfcrypt/benchmark to the `./se05x_Minimal` directory. In addition, the entire `./certs` directory will need to copied into the directory. ``#define NO_MAIN_DRIVER`` will need to be added to `benchmark.h`. You should be able to run `benchmark_test() ` now. diff --git a/wolfssl/wolfcrypt/port/nxp/se050_port.h b/wolfssl/wolfcrypt/port/nxp/se050_port.h index 7db7884e3..9208b4443 100644 --- a/wolfssl/wolfcrypt/port/nxp/se050_port.h +++ b/wolfssl/wolfcrypt/port/nxp/se050_port.h @@ -22,7 +22,6 @@ #ifndef _SE050_PORT_H_ #define _SE050_PORT_H_ - #include #include "fsl_sss_api.h" @@ -39,27 +38,25 @@ typedef struct { } SE050_HASH_Context; -WOLFSSL_API int wolfcrypt_se050_SetConfig(sss_session_t *pSession, sss_key_store_t *pHostKeyStore, sss_key_store_t *pKeyStore); - -int se050_allocate_key(void); - -int se050_get_random_number(uint32_t count, uint8_t* rand_out); - - - -int se050_hash_init(SE050_HASH_Context* se050Ctx, void* heap); -int se050_hash_update(SE050_HASH_Context* se050Ctx, const byte* data, word32 len); -int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash, size_t digestLen, word32 algo); -void se050_hash_free(SE050_HASH_Context* se050Ctx); +WOLFSSL_API int wc_se050_SetConfig(sss_session_t *pSession, + sss_key_store_t *pHostKeyStore, sss_key_store_t *pKeyStore); +WOLFSSL_LOCAL int se050_allocate_key(void); +WOLFSSL_LOCAL int se050_get_random_number(uint32_t count, uint8_t* rand_out); +WOLFSSL_LOCAL int se050_hash_init(SE050_HASH_Context* se050Ctx, void* heap); +WOLFSSL_LOCAL int se050_hash_update(SE050_HASH_Context* se050Ctx, + const byte* data, word32 len); +WOLFSSL_LOCAL int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash, + size_t digestLen, word32 algo); +WOLFSSL_LOCAL void se050_hash_free(SE050_HASH_Context* se050Ctx); struct Aes; -int se050_aes_set_key(struct Aes* aes, const byte* key, word32 len, const byte* iv, int dir); -int se050_aes_crypt(struct Aes* aes, const byte* in, byte* out, word32 sz, int dir, sss_algorithm_t algorithm); -void se050_aes_free(struct Aes* aes); -//int se050_aes_ctr_crypt(struct Aes* aes, const byte* in, byte* out, word32 sz); - +WOLFSSL_LOCAL int se050_aes_set_key(struct Aes* aes, const byte* key, + word32 len, const byte* iv, int dir); +WOLFSSL_LOCAL int se050_aes_crypt(struct Aes* aes, const byte* in, byte* out, + word32 sz, int dir, sss_algorithm_t algorithm); +WOLFSSL_LOCAL void se050_aes_free(struct Aes* aes); struct ecc_key; @@ -74,25 +71,26 @@ struct WC_RNG; struct mp_int; #define MATH_INT_T struct mp_int #endif -int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out, - word32 *outLen, struct ecc_key* key); -int se050_ecc_verify_hash_ex(const byte* hash, word32 hashlen, byte* signature, - word32 signatureLen, struct ecc_key* key, int* res); +WOLFSSL_LOCAL int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, + byte* out, word32 *outLen, struct ecc_key* key); -int se050_ecc_create_key(struct ecc_key* key, int keyId, int keySize); -int se050_ecc_shared_secret(struct ecc_key* private_key, struct ecc_key* public_key, byte* out, - word32* outlen); -int se050_ecc_free_key(struct ecc_key* key); +WOLFSSL_LOCAL int se050_ecc_verify_hash_ex(const byte* hash, word32 hashlen, + byte* signature, word32 signatureLen, struct ecc_key* key, int* res); + +WOLFSSL_LOCAL int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize); +WOLFSSL_LOCAL int se050_ecc_shared_secret(struct ecc_key* private_key, + struct ecc_key* public_key, byte* out, word32* outlen); +WOLFSSL_LOCAL int se050_ecc_free_key(struct ecc_key* key); struct ed25519_key; -//#include -int se050_ed25519_create_key(struct ed25519_key* key); -void se050_ed25519_free_key(struct ed25519_key* key); -int se050_ed25519_sign_msg(const byte* in, word32 inLen, byte* out, - word32 *outLen, struct ed25519_key* key); +WOLFSSL_LOCAL int se050_ed25519_create_key(struct ed25519_key* key); +WOLFSSL_LOCAL void se050_ed25519_free_key(struct ed25519_key* key); +WOLFSSL_LOCAL int se050_ed25519_sign_msg(const byte* in, word32 inLen, + byte* out, word32 *outLen, struct ed25519_key* key); -int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen, const byte* msg, - word32 msgLen, struct ed25519_key* key, int* res); +WOLFSSL_LOCAL int se050_ed25519_verify_msg(const byte* signature, + word32 signatureLen, const byte* msg, word32 msgLen, + struct ed25519_key* key, int* res); #endif /* _SE050_PORT_H_ */