From 6d0dbbe1c03069e255f09b2de4f46a3ae4a30d17 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 5 Mar 2021 14:43:23 +0700 Subject: [PATCH] add IDE/QNX/README.md and add WOLFSSL_QNX_CAAM guard --- IDE/QNX/README.md | 28 ++++++++++++++++++++++++++++ IDE/QNX/include.am | 1 + wolfcrypt/src/ecc.c | 9 ++++----- wolfssl/wolfcrypt/wolfmath.h | 4 +++- 4 files changed, 36 insertions(+), 6 deletions(-) create mode 100644 IDE/QNX/README.md diff --git a/IDE/QNX/README.md b/IDE/QNX/README.md new file mode 100644 index 000000000..800f54cdc --- /dev/null +++ b/IDE/QNX/README.md @@ -0,0 +1,28 @@ +# QNX CAAM Driver And Examples + +This directory contains; +- A Makefile for creating the QNX CAAM driver located at IDE/QNX/CAAM-DRIVER/Makefile +- An example TLS server located at IDE/QNX/example-server/ +- An example client located at IDE/QNX/example-client +- An example CMAC use located at IDE/QNX/example-cmac + +To build either of these, first build wolfSSL with support for use with QNX CAAM. To do this use the configure option --enable-caam=qnx + +``` +bash +source ~/qnx700/qnxsdp-env.sh +./configure --host=arm-unknown-nto-qnx7.0.0eabi --enable-caam=qnx +make +``` + +Once the wolfSSL library has been built cd to IDE/QNX/CAAM-DRIVER and run "make". This will produce the wolfCrypt resource manager. It should be started on the device with root permisions. Once wolfCrypt is running on the device with root permisions then any user with access to open a connection to wolfCrypt can make use of the driver. + + +### Supported Operations By CAAM Driver +- ECC black key creation +- ECC black key sign / verify / ecdh +- Black blob creation and open +- Red blob creation and open +- Cover keys (turn to black key) +- CMAC with and without black keys +- TRNG used by default to seed Hash DRBG diff --git a/IDE/QNX/include.am b/IDE/QNX/include.am index be4e6c0e5..3236ecd5e 100644 --- a/IDE/QNX/include.am +++ b/IDE/QNX/include.am @@ -2,6 +2,7 @@ # included from Top Level Makefile.am # All paths should be given relative to the root +EXTRA_DIST+= IDE/QNX/README.md EXTRA_DIST+= IDE/QNX/CAAM-DRIVER/Makefile EXTRA_DIST+= IDE/QNX/example-server/Makefile EXTRA_DIST+= IDE/QNX/example-server/server-tls.c diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 78b377ca8..01d416503 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -8052,8 +8052,8 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, /* Hardware cannot export private portion */ return NOT_COMPILED_IN; #else + #ifdef WOLFSSL_QNX_CAAM if (encType == WC_TYPE_BLACK_KEY) { - #ifdef WOLFSSL_QNX_CAAM if (key->blackKey > 0) { if (*dLen < keySz + WC_CAAM_MAC_SZ) { *dLen = keySz + WC_CAAM_MAC_SZ; @@ -8069,11 +8069,10 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, WOLFSSL_MSG("No black key stored in structure"); return BAD_FUNC_ARG; } - #else - return NOT_COMPILED_IN; - #endif } - else { + else + #endif + { err = wc_export_int(&key->k, d, dLen, keySz, encType); if (err != MP_OKAY) return err; diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h index f421d2ab6..68814d3de 100644 --- a/wolfssl/wolfcrypt/wolfmath.h +++ b/wolfssl/wolfcrypt/wolfmath.h @@ -64,7 +64,9 @@ WOLFSSL_API int mp_rand(mp_int* a, int digits, WC_RNG* rng); #define WC_TYPE_HEX_STR 1 #define WC_TYPE_UNSIGNED_BIN 2 -#define WC_TYPE_BLACK_KEY 3 +#if defined(WOLFSSL_QNX_CAAM) + #define WC_TYPE_BLACK_KEY 3 +#endif WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len, word32 keySz, int encType);