Fixes for NXP SE050 key sizes and key id use. Related to #4526

wolfcrypt/src/ecc.c

@@ -1218,7 +1218,7 @@ static int wc_ecc_export_x963_compressed(ecc_key*, byte* out, word32* outLen);
 
 #if (defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH)) && \
     !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(WOLFSSL_CRYPTOCELL)
+    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
 static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
         mp_int* prime, mp_int* order);
 #endif
@@ -8052,7 +8052,7 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
 
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(WOLFSSL_CRYPTOCELL)
+    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
 
 /* is ecc point on curve described by dp ? */
 int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
@@ -8516,7 +8516,8 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
     int    err = MP_OKAY;
 #ifndef WOLFSSL_SP_MATH
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL)
+    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
+    !defined(WOLFSSL_SE050)
     mp_int* b = NULL;
     #ifdef USE_ECC_B_PARAM
         DECLARE_CURVE_SPECS(curve, 4);
@@ -8527,7 +8528,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
         DECLARE_CURVE_SPECS(curve, 3);
     #endif /* USE_ECC_B_PARAM */
 #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A && 
-          !WOLFSSL_CRYPTOCELL && !WOLFSSL_SILABS_SE_ACCEL */
+          !WOLFSSL_CRYPTOCELL && !WOLFSSL_SILABS_SE_ACCEL && !WOLFSSL_SE050 */
 #endif /* !WOLFSSL_SP_MATH */
 
     ASSERT_SAVED_VECTOR_REGISTERS();
@@ -8558,7 +8559,8 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
 
 #ifndef WOLFSSL_SP_MATH
 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
-    defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL)
+    defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \
+    defined(WOLFSSL_SE050)
 
     /* consider key check success on HW crypto 
      * ex: ATECC508/608A, CryptoCell and Silabs */
@@ -8678,9 +8680,9 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
 
     FREE_CURVE_SPECS();
 #endif /* WOLFSSL_ATECC508A */
-#else
     (void)partial;
     (void)priv;
+#else
     return WC_KEY_SIZE_E;
 #endif /* !WOLFSSL_SP_MATH */
     return err;

wolfcrypt/src/port/nxp/README.md

@@ -42,7 +42,7 @@ make
 ``
 
 Where `PATH` is the directory location of `simw-top`.
-Example: `./configure --enable-debug --disable-shared --with-se050=/home/pi/simw-top CFLAGS="-DWOLFSSL_SE050_INIT"`
+Example: `./configure --with-se050=/home/pi/simw-top CFLAGS="-DWOLFSSL_SE050_INIT"`
 
 To enable AES Cipher support use `WOLFSSL_SE050_CRYPT`
 To enable SHA-1 and SHA-2 support use `WOLFSSL_SE050_HASH`

wolfssl/wolfcrypt/port/nxp/se050_port.h

@@ -65,15 +65,16 @@
 #endif
 
 enum {
-    SSS_BLOCK_SIZE = 512
+    SSS_BLOCK_SIZE = 512,
+
+    SSS_MAX_ECC_BITS = 521
 };
 
 enum SE050KeyType {
-    SE050_KEYID_ANY,
+    SE050_ANY_KEY,
     SE050_AES_KEY,
-    SE050_ECC_SIGN,
+    SE050_ECC_KEY,
-    SE050_ECC_VERIFY,
+    SE050_ED25519_KEY
-    SE050_ED25519,
 };
 
 
@@ -132,7 +133,7 @@ WOLFSSL_LOCAL int se050_ecc_verify_hash_ex(const byte* hash, word32 hashlen,
 WOLFSSL_LOCAL int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize);
 WOLFSSL_LOCAL int se050_ecc_shared_secret(struct ecc_key* private_key,
     struct ecc_key* public_key, byte* out, word32* outlen);
-WOLFSSL_LOCAL int se050_ecc_free_key(struct ecc_key* key);
+WOLFSSL_LOCAL void se050_ecc_free_key(struct ecc_key* key);
 
 struct ed25519_key;
 WOLFSSL_LOCAL int se050_ed25519_create_key(struct ed25519_key* key);