wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6463 from dgarske/silabs_erf32

Browse Source 
Updated support for Silicon Labs Simplicity Studio and the ERF32 Gecko SDK
This commit is contained in:
JacobBarthelmeh
2023-07-07 11:42:00 -06:00
committed by GitHub
parent 91fb24161b abe1bce914
commit 7213cb3cfb
15 changed files with 1247 additions and 335 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
IDE/SimplicityStudio/README.md Normal file
View File

@@ -0,0 +1,92 @@
# Silicon Labs Simplicity Studio
Tested with ERF32xG21 Starter Kit and Gecko SDK v3.2.2 and v4.2.3.
## Simplicity Studio Example
Based on `cli_kernel_freertos`.
* Create a new example project for your board based on the CLI FreeRTOS example.
* Create a new `wolfssl` and put wolfSSL into it. Tip: Use `./scripts/makedistsmall.sh` to produce a reduced bundle.
* Exclude (or delete) all .S and asm.c files.
* Exclude (or delete) directory not used (only the `src`, `wolfcrypt` and `wolfssl` directory are used).
* Add the `IDE/SimplicityStudio/user_settings.h` into `wolfssl/user_settings.h`.
* Add the `IDE/SimplicityStudio/test_wolf.c` to the project root.
* Add C preprocessor `WOLFSSL_USER_SETTINGS`.
* Add C include path `wolfssl`.
* Disable UART flow control: `config/sl_iostream_usart_vcom_config.h` -> `#define SL_IOSTREAM_USART_VCOM_FLOW_CONTROL_TYPE usartHwFlowControlNone`
* Adjust stack and heap to larger size 12KB:
- Adjust the CLI stack. Edit `config/sl_cli_config_inst.h` to `#define SL_CLI_INST_TASK_STACK_SIZE (12*1024)`
- Adjust the FreeRTOS heap. Edit `config/FreeRTOSConfig.h` to `#define configTOTAL_HEAP_SIZE (12*1024)`
* Add the following code to `cli.c`:
```c
extern void wolf_test(sl_cli_command_arg_t *arguments);
extern void wolf_bench(sl_cli_command_arg_t *arguments);
static const sl_cli_command_info_t cmd_wolf_test =
SL_CLI_COMMAND(wolf_test, "Run wolfCrypt tests", "",
{ SL_CLI_ARG_WILDCARD, SL_CLI_ARG_END, });
static const sl_cli_command_info_t cmd_wolf_bench =
SL_CLI_COMMAND(wolf_bench, "Run wolfCrypt benchmarks", "",
{ SL_CLI_ARG_WILDCARD, SL_CLI_ARG_END, });
static sl_cli_command_entry_t a_table[] = {
{ "wolf_test", &cmd_wolf_test, false },
{ "wolf_bench", &cmd_wolf_bench, false },
{ NULL, NULL, false },
};
```
* If running wolfCrypt benchmark enable printf float
- `C/C++ Build Settings` -> `Settings` -> `Tool Settings` -> `GNU ARM C Linker` -> `General` -> `C Library "Printf float"`.
## SE Manager
For SE Manager cryptography hardware acceleration see [/wolfcrypt/src/port/silabs/README.md](/wolfcrypt/src/port/silabs/README.md).
Enabled with `WOLFSSL_SILABS_SE_ACCEL`. Requires the "SE Manager" component to be installed.
## Benchmarks with SE Accel
Tested on ERF32xG21 Starter Kit (Cortex M33 at 80 MHz) and Gecko SDK v3.2.2 (-Os).
```
Benchmark Test
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 200 KiB took 1.057 seconds, 189.215 KiB/s
AES-128-CBC-enc 6 MiB took 1.000 seconds, 5.542 MiB/s
AES-128-CBC-dec 6 MiB took 1.000 seconds, 5.518 MiB/s
AES-192-CBC-enc 5 MiB took 1.001 seconds, 5.415 MiB/s
AES-192-CBC-dec 5 MiB took 1.001 seconds, 5.390 MiB/s
AES-256-CBC-enc 5 MiB took 1.004 seconds, 5.301 MiB/s
AES-256-CBC-dec 5 MiB took 1.001 seconds, 5.268 MiB/s
AES-128-GCM-enc 5 MiB took 1.003 seconds, 4.844 MiB/s
AES-128-GCM-dec 5 MiB took 1.003 seconds, 4.625 MiB/s
AES-192-GCM-enc 5 MiB took 1.002 seconds, 4.751 MiB/s
AES-192-GCM-dec 5 MiB took 1.002 seconds, 4.532 MiB/s
AES-256-GCM-enc 5 MiB took 1.002 seconds, 4.654 MiB/s
AES-256-GCM-dec 4 MiB took 1.000 seconds, 4.443 MiB/s
AES-128-GCM-enc-no_AAD 5 MiB took 1.004 seconds, 4.888 MiB/s
AES-128-GCM-dec-no_AAD 5 MiB took 1.001 seconds, 4.658 MiB/s
AES-192-GCM-enc-no_AAD 5 MiB took 1.000 seconds, 4.785 MiB/s
AES-192-GCM-dec-no_AAD 5 MiB took 1.000 seconds, 4.565 MiB/s
AES-256-GCM-enc-no_AAD 5 MiB took 1.004 seconds, 4.693 MiB/s
AES-256-GCM-dec-no_AAD 4 MiB took 1.003 seconds, 4.479 MiB/s
GMAC Small 5 MiB took 1.000 seconds, 4.653 MiB/s
CHACHA 2 MiB took 1.012 seconds, 1.809 MiB/s
CHA-POLY 1 MiB took 1.006 seconds, 1.189 MiB/s
POLY1305 5 MiB took 1.004 seconds, 5.082 MiB/s
SHA 8 MiB took 1.000 seconds, 7.812 MiB/s
SHA-256 8 MiB took 1.000 seconds, 8.032 MiB/s
HMAC-SHA 7 MiB took 1.000 seconds, 7.056 MiB/s
HMAC-SHA256 7 MiB took 1.002 seconds, 7.237 MiB/s
RSA 2048 public 30 ops took 1.022 sec, avg 34.067 ms, 29.354 ops/sec
RSA 2048 private 2 ops took 2.398 sec, avg 1199.000 ms, 0.834 ops/sec
ECC [ SECP256R1] 256 key gen 172 ops took 1.004 sec, avg 5.837 ms, 171.315 ops/sec
ECDHE [ SECP256R1] 256 agree 186 ops took 1.005 sec, avg 5.403 ms, 185.075 ops/sec
ECDSA [ SECP256R1] 256 sign 174 ops took 1.007 sec, avg 5.787 ms, 172.790 ops/sec
ECDSA [ SECP256R1] 256 verify 160 ops took 1.003 sec, avg 6.269 ms, 159.521 ops/sec
Benchmark complete
Benchmark Test: Return code 0
```

7
IDE/SimplicityStudio/include.am Normal file
View File

@@ -0,0 +1,7 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST+= IDE/SimplicityStudio/README.md
EXTRA_DIST+= IDE/SimplicityStudio/test_wolf.c
EXTRA_DIST+= IDE/SimplicityStudio/user_settings.h

244
IDE/SimplicityStudio/test_wolf.c Normal file
View File

@@ -0,0 +1,244 @@
/* test_wolf.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Example for running wolfCrypt test and benchmark from
* SiLabs Simplicity Studio's CLI example */
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/signature.h>
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/asn_public.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfcrypt/test/test.h>
#include <wolfcrypt/benchmark/benchmark.h>
#include <stdio.h>
#include "sl_cli.h"
#include "sl_cli_instances.h"
#include "sl_cli_arguments.h"
#include "sl_cli_handles.h"
#ifndef NO_CRYPT_TEST
typedef struct func_args {
int argc;
char** argv;
int return_code;
} func_args;
static func_args args = { 0 };
#endif
void wolf_test(sl_cli_command_arg_t *arguments)
{
int ret;
#ifndef NO_CRYPT_TEST
wolfCrypt_Init();
printf("\nCrypt Test\n");
wolfcrypt_test(&args);
ret = args.return_code;
printf("Crypt Test: Return code %d\n", ret);
wolfCrypt_Cleanup();
#else
ret = NOT_COMPILED_IN;
#endif
(void)arguments;
(void)ret;
}
void wolf_bench(sl_cli_command_arg_t *arguments)
{
int ret;
#ifndef NO_CRYPT_BENCHMARK
wolfCrypt_Init();
printf("\nBenchmark Test\n");
benchmark_test(&args);
ret = args.return_code;
printf("Benchmark Test: Return code %d\n", ret);
wolfCrypt_Cleanup();
#else
ret = NOT_COMPILED_IN;
#endif
(void)arguments;
(void)ret;
}
/* ecc key gen, sign and verify examples */
#define TEST_ECC_KEYSZ 32
#define TEST_DATA_SIZE 128
#define TEST_KEYGEN_TRIES 100
#define TEST_ECDSA_TRIES 100
/* #define TEST_VERIFY_ONLY */
/* #define TEST_PRIVATE_IMPORT */
void wolf_ecc_test(sl_cli_command_arg_t *arguments)
{
int ret = 0, i, j;
byte data[TEST_DATA_SIZE];
word32 dataLen = (word32)sizeof(data);
WC_RNG rng;
ecc_key eccKey;
word32 inOutIdx;
#ifdef TEST_PRIVATE_IMPORT
/* ./certs/ecc-client-key.der, ECC */
const unsigned char ecc_clikey_der_256[] = {
0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xF8, 0xCF, 0x92,
0x6B, 0xBD, 0x1E, 0x28, 0xF1, 0xA8, 0xAB, 0xA1, 0x23, 0x4F,
0x32, 0x74, 0x18, 0x88, 0x50, 0xAD, 0x7E, 0xC7, 0xEC, 0x92,
0xF8, 0x8F, 0x97, 0x4D, 0xAF, 0x56, 0x89, 0x65, 0xC7, 0xA0,
0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01,
0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4,
0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80,
0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA,
0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56,
0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
0xB4
};
const int sizeof_ecc_clikey_der_256 = sizeof(ecc_clikey_der_256);
#endif
#ifdef TEST_VERIFY_ONLY
/* ./certs/ecc-client-keyPub.der, ECC */
const unsigned char ecc_clikeypub_der_256[] = {
0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4,
0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80,
0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA,
0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56,
0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
0xB4
};
const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256);
/* Signature for hash of 128-bytes data 0,1,2.... */
const byte sig[] = {
0x30, 0x45,
0x02, 0x20,
0x5e, 0x01, 0x3d, 0xfb, 0x18, 0x61, 0xe3, 0xe3,
0xa0, 0xff, 0x9b, 0x99, 0xb5, 0x2f, 0x89, 0xba,
0xb3, 0xbb, 0x62, 0x08, 0x9b, 0x94, 0x0e, 0x61,
0x9c, 0x00, 0x7b, 0x43, 0x9c, 0x28, 0xcb, 0xf6,
0x02, 0x21,
0x00,
0xb4, 0x72, 0x2f, 0x22, 0x92, 0xa2, 0x8d, 0x01,
0x6b, 0x01, 0x35, 0x5c, 0xcb, 0x34, 0xa2, 0x21,
0x32, 0xe2, 0xe6, 0x66, 0xd0, 0x9e, 0x3e, 0x8e,
0x84, 0x5d, 0xa4, 0x69, 0x54, 0x52, 0xfc, 0xef
};
word32 sigLen = (word32)sizeof(sig);
#else
byte sig[ECC_MAX_SIG_SIZE];
word32 sigLen;
#endif
memset(&rng, 0, sizeof(rng));
memset(&eccKey, 0, sizeof(eccKey));
wolfSSL_Debugging_ON();
wolfCrypt_Init();
/* test data */
for (i=0; i<(int)dataLen; i++) {
data[i] = (byte)i;
}
ret = wc_InitRng(&rng);
if (ret != 0) {
goto exit;
}
for (i=0; i<TEST_KEYGEN_TRIES; i++) {
ret = wc_ecc_init_ex(&eccKey, NULL, 0);
if (ret == 0) {
inOutIdx = 0;
#ifdef TEST_VERIFY_ONLY
ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &inOutIdx,
&eccKey, sizeof_ecc_clikeypub_der_256);
#else
#if (defined(_SILICON_LABS_SECURITY_FEATURE) && \
_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
/* Load ecc_key with vault's public key.
* When only the public area of a key is loaded silabs_ecc.c
* (silabs_ecc_sign_hash) will use the vault key to sign */
ret = silabs_ecc_load_vault(&eccKey);
#elif defined(TEST_PRIVATE_IMPORT)
ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &inOutIdx,
&eccKey, sizeof_ecc_clikey_der_256);
#else
ret = wc_ecc_make_key(&rng, TEST_ECC_KEYSZ, &eccKey);
#endif
#endif
}
for (j=0; j<TEST_ECDSA_TRIES; j++) {
#ifndef TEST_VERIFY_ONLY
if (ret == 0) {
/* generate signature using ecc key */
sigLen = (word32)sizeof(sig);
ret = wc_SignatureGenerate(
WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
data, dataLen,
sig, &sigLen,
&eccKey, (word32)sizeof(eccKey),
&rng);
}
#endif
if (ret == 0) {
ret = wc_SignatureVerify(
WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
data, dataLen,
sig, sigLen,
&eccKey, (word32)sizeof(eccKey));
}
if (ret == 0) {
fprintf(stderr, "Verification Passed %d %d\n", i, j);
}
else {
fprintf(stderr, "Verification failed!! (ret %d) %d %d\n",
ret, i, j);
break;
}
} /* sign/verify tries */
wc_ecc_free(&eccKey);
if (ret != 0)
break;
} /* key gen tries */
exit:
wc_FreeRng(&rng);
wolfCrypt_Cleanup();
(void)arguments;
}

522
IDE/SimplicityStudio/user_settings.h Normal file
View File

@@ -0,0 +1,522 @@
/* user_settings.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Template based on examples/config/user_settings_template.h, but modified to
* include `WOLFSSL_SILABS_SE_ACCEL` and tune for ARM Cortex M. */
#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H
#ifdef __cplusplus
extern "C" {
#endif
/* Silicon Labs ERF32 Hardware Acceleration */
#define WOLFSSL_SILABS_SE_ACCEL
/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
#define WOLFSSL_GENERAL_ALIGNMENT 4
#define SIZEOF_LONG_LONG 8
#define HAVE_STRINGS_H
/* Use FreeRTOS */
#if 1
#define FREERTOS
#else
/* disable mutex locking */
#define SINGLE_THREADED
#endif
/* reduce stack use. For variables over 100 bytes allocate from heap */
#define WOLFSSL_SMALL_STACK
/* Disable the built-in socket support and use the IO callbacks.
* Set IO callbacks with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
*/
#define WOLFSSL_USER_IO
/* ------------------------------------------------------------------------- */
/* Math Configuration */
/* ------------------------------------------------------------------------- */
/* Math Choices: SP (preferred), TFM or Normal (heap) */
#if 1
/* Wolf Single Precision Math */
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
//#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
//#define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
//#define WOLFSSL_SP_CACHE_RESISTANT
//#define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
#define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
//#define WOLFSSL_SP_NO_MALLOC
//#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
/* use smaller version of code */
#define WOLFSSL_SP_SMALL
/* SP Assembly Speedups - specific to chip type */
#define WOLFSSL_SP_ASM
#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#elif 1
/* Fast Math (tfm.c) (stack based and timing resistant) */
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#else
/* Normal (integer.c) (heap based, not timing resistant) - not recommended*/
#define USE_INTEGER_HEAP_MATH
#endif
/* ------------------------------------------------------------------------- */
/* Crypto */
/* ------------------------------------------------------------------------- */
/* RSA */
#undef NO_RSA
#if 1
#ifdef USE_FAST_MATH
/* Maximum math bits (Max RSA key bits * 2) */
#define FP_MAX_BITS 4096
#endif
/* half as much memory but twice as slow */
//#define RSA_LOW_MEM
/* Enables blinding mode, to prevent timing attacks */
#define WC_RSA_BLINDING
/* RSA PSS Support */
#define WC_RSA_PSS
#else
#define NO_RSA
#endif
/* DH */
#undef NO_DH
#if 1
/* Use table for DH instead of -lm (math) lib dependency */
#if 1
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048
//#define HAVE_FFDHE_4096
//#define HAVE_FFDHE_6144
//#define HAVE_FFDHE_8192
#endif
#else
#define NO_DH
#endif
/* ECC */
#undef HAVE_ECC
#if 1
#define HAVE_ECC
/* Manually define enabled curves */
#define ECC_USER_CURVES
#ifdef ECC_USER_CURVES
/* Manual Curve Selection */
//#define HAVE_ECC192
//#define HAVE_ECC224
#undef NO_ECC256
//#define HAVE_ECC384
//#define HAVE_ECC521
#endif
/* Fixed point cache (speeds repeated operations against same private key) */
//#define FP_ECC
#ifdef FP_ECC
/* Bits / Entries */
#define FP_ENTRIES 2
#define FP_LUT 4
#endif
/* Optional ECC calculation method */
/* Note: doubles heap usage, but slightly faster */
#define ECC_SHAMIR
/* Reduces heap usage, but slower */
#define ECC_TIMING_RESISTANT
/* Compressed ECC Key Support */
//#define HAVE_COMP_KEY
/* Use alternate ECC size for ECC math */
#ifdef USE_FAST_MATH
/* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
#if defined(NO_RSA) && defined(NO_DH)
/* Custom fastmath size if not using RSA/DH */
#define FP_MAX_BITS (256 * 2)
#else
/* use heap allocation for ECC points */
#define ALT_ECC_SIZE
/* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
//#define FP_MAX_BITS_ECC (256 * 2)
#endif
/* Speedups specific to curve */
#ifndef NO_ECC256
#define TFM_ECC256
#endif
#endif
#endif
/* AES */
#undef NO_AES
#if 1
#define HAVE_AES_CBC
/* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
#define HAVE_AESGCM
#define GCM_SMALL
//#define WOLFSSL_AES_DIRECT
//#define HAVE_AES_ECB
//#define WOLFSSL_AES_COUNTER
//#define HAVE_AESCCM
#else
#define NO_AES
#endif
/* DES3 */
#undef NO_DES3
#if 0
#else
#define NO_DES3
#endif
/* ChaCha20 / Poly1305 */
#undef HAVE_CHACHA
#undef HAVE_POLY1305
#if 1
#define HAVE_CHACHA
#define HAVE_POLY1305
/* Needed for Poly1305 */
#define HAVE_ONE_TIME_AUTH
#endif
/* Ed25519 / Curve25519 */
#undef HAVE_CURVE25519
#undef HAVE_ED25519
#if 0
#define HAVE_CURVE25519
#define HAVE_ED25519 /* ED25519 Requires SHA512 */
/* Optionally use small math (less flash usage, but much slower) */
#if 1
#define CURVED25519_SMALL
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Hashing */
/* ------------------------------------------------------------------------- */
/* Sha */
#undef NO_SHA
#if 1
/* 1k smaller, but 25% slower */
//#define USE_SLOW_SHA
#else
#define NO_SHA
#endif
/* Sha256 */
#undef NO_SHA256
#if 1
/* not unrolled - ~2k smaller and ~25% slower */
//#define USE_SLOW_SHA256
/* Sha224 */
#if 0
#define WOLFSSL_SHA224
#endif
#else
#define NO_SHA256
#endif
/* Sha512 */
#undef WOLFSSL_SHA512
#if 0
#define WOLFSSL_SHA512
/* Sha384 */
#undef WOLFSSL_SHA384
#if 0
#define WOLFSSL_SHA384
#endif
/* over twice as small, but 50% slower */
//#define USE_SLOW_SHA512
#endif
/* Sha3 */
#undef WOLFSSL_SHA3
#if 0
#define WOLFSSL_SHA3
#endif
/* MD5 */
#undef NO_MD5
#if 0
#else
#define NO_MD5
#endif
/* HKDF */
#undef HAVE_HKDF
#if 1
#define HAVE_HKDF
#endif
/* CMAC */
#undef WOLFSSL_CMAC
#if 0
#define WOLFSSL_CMAC
#endif
/* ------------------------------------------------------------------------- */
/* Benchmark / Test */
/* ------------------------------------------------------------------------- */
/* Use reduced benchmark / test sizes */
#define BENCH_EMBEDDED
/* Use test buffers from array (not filesystem) */
#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_2048
/* ------------------------------------------------------------------------- */
/* Debugging */
/* ------------------------------------------------------------------------- */
#undef DEBUG_WOLFSSL
#undef NO_ERROR_STRINGS
#if 0
#define DEBUG_WOLFSSL
#else
#if 0
#define NO_ERROR_STRINGS
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Memory */
/* ------------------------------------------------------------------------- */
/* Override Memory API's */
#if 0
#define XMALLOC_OVERRIDE
/* prototypes for user heap override functions */
/* Note: Realloc only required for normal math */
#include <stddef.h> /* for size_t */
extern void *myMalloc(size_t n, void* heap, int type);
extern void myFree(void *p, void* heap, int type);
extern void *myRealloc(void *p, size_t n, void* heap, int type);
#define XMALLOC(n, h, t) myMalloc(n, h, t)
#define XFREE(p, h, t) myFree(p, h, t)
#define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
#endif
#if 0
/* Static memory requires fast math */
#define WOLFSSL_STATIC_MEMORY
/* Disable fallback malloc/free */
#define WOLFSSL_NO_MALLOC
#if 1
#define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
#endif
#endif
/* Memory callbacks */
#if 0
#undef USE_WOLFSSL_MEMORY
#define USE_WOLFSSL_MEMORY
/* Use this to measure / print heap usage */
#if 0
#define WOLFSSL_TRACK_MEMORY
#define WOLFSSL_DEBUG_MEMORY
#endif
#else
#ifndef WOLFSSL_STATIC_MEMORY
#define NO_WOLFSSL_MEMORY
/* Otherwise we will use stdlib malloc, free and realloc */
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Port */
/* ------------------------------------------------------------------------- */
/* Override Current Time */
#if 0
/* Allows custom "custom_time()" function to be used for benchmark */
#define WOLFSSL_USER_CURRTIME
#define WOLFSSL_GMTIME
#define USER_TICKS
extern unsigned long my_time(unsigned long* timer);
#define XTIME my_time
#endif
/* ------------------------------------------------------------------------- */
/* RNG */
/* ------------------------------------------------------------------------- */
/* Choose RNG method */
#if 1
/* Custom Seed Source */
#if 0
/* Size of returned HW RNG value */
#define CUSTOM_RAND_TYPE unsigned int
extern unsigned int my_rng_seed_gen(void);
#undef CUSTOM_RAND_GENERATE
#define CUSTOM_RAND_GENERATE my_rng_seed_gen
#endif
/* Use built-in P-RNG (SHA256 based) with HW RNG */
/* P-RNG + HW RNG (P-RNG is ~8K) */
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
#else
#undef WC_NO_HASHDRBG
#define WC_NO_HASHDRBG
/* Bypass P-RNG and use only HW RNG */
extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
#undef CUSTOM_RAND_GENERATE_BLOCK
#define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
#endif
/* ------------------------------------------------------------------------- */
/* Custom Standard Lib */
/* ------------------------------------------------------------------------- */
/* Allows override of all standard library functions */
#undef STRING_USER
#if 0
#define STRING_USER
#include <string.h>
#define USE_WOLF_STRSEP
#define XSTRSEP(s1,d) wc_strsep((s1),(d))
#define USE_WOLF_STRTOK
#define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
#define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
#define XMEMCPY(d,s,l) memcpy((d),(s),(l))
#define XMEMSET(b,c,l) memset((b),(c),(l))
#define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
#define XMEMMOVE(d,s,l) memmove((d),(s),(l))
#define XSTRLEN(s1) strlen((s1))
#define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
#define XSTRSTR(s1,s2) strstr((s1),(s2))
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
#define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
#define XSNPRINTF snprintf
#endif
/* ------------------------------------------------------------------------- */
/* Enable Features */
/* ------------------------------------------------------------------------- */
#define WOLFSSL_TLS13
#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define WOLFSSL_BASE64_ENCODE
#define WOLFSSL_PUB_PEM_TO_DER
//#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
//#define KEEP_PEER_CERT
//#define HAVE_COMP_KEY
/* TLS Session Cache */
#if 0
#define SMALL_SESSION_CACHE
#else
#define NO_SESSION_CACHE
#endif
/* ------------------------------------------------------------------------- */
/* Disable Features */
/* ------------------------------------------------------------------------- */
//#define NO_WOLFSSL_SERVER
//#define NO_WOLFSSL_CLIENT
//#define NO_CRYPT_TEST
//#define NO_CRYPT_BENCHMARK
//#define WOLFCRYPT_ONLY
/* do not warm when file is included to be built and not required to be */
#define WOLFSSL_IGNORE_FILE_WARN
/* In-lining of misc.c functions */
/* If defined, must include wolfcrypt/src/misc.c in build */
/* Slower, but about 1k smaller */
//#define NO_INLINE
#define NO_FILESYSTEM
#define NO_WRITEV
#define NO_MAIN_DRIVER
#define NO_DEV_RANDOM
#define NO_OLD_TLS
#define NO_PSK
#define NO_DSA
#define NO_RC4
#define NO_MD4
#define NO_PWDBASED
//#define NO_CODING
//#define NO_ASN_TIME
//#define NO_CERTS
//#define NO_SIG_WRAPPER
#ifdef __cplusplus
}
#endif
#endif /* WOLFSSL_USER_SETTINGS_H */

1
IDE/include.am
View File

@@ -54,6 +54,7 @@ include IDE/MCUEXPRESSO/include.am
include IDE/Espressif/include.am
include IDE/STARCORE/include.am
include IDE/MDK5-ARM/include.am
include IDE/SimplicityStudio/include.am
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif
EXTRA_DIST+= IDE/OPENSTM32/README.md

27
examples/configs/user_settings_template.h
View File

@@ -52,8 +52,8 @@ extern "C" {
/* reduce stack use. For variables over 100 bytes allocate from heap */
#define WOLFSSL_SMALL_STACK
/* disable the built-in socket support and use the IO callbacks.
* Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
/* Disable the built-in socket support and use the IO callbacks.
* Set IO callbacks with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
*/
#define WOLFSSL_USER_IO
#endif
@@ -61,17 +61,7 @@ extern "C" {
/* ------------------------------------------------------------------------- */
/* Math Configuration */
/* ------------------------------------------------------------------------- */
#undef USE_FAST_MATH
#if 1
/* fast math (tfmc.) (stack based and timing resistant) */
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#else
/* normal heap based integer.c (not timing resistant) */
#endif
/* Wolf Single Precision Math */
#undef WOLFSSL_SP
#if 1
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
@@ -80,7 +70,7 @@ extern "C" {
//#define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
//#define WOLFSSL_SP_CACHE_RESISTANT
#define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
//#define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
#define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
//#define WOLFSSL_SP_NO_MALLOC
@@ -99,8 +89,16 @@ extern "C" {
//#define WOLFSSL_SP_ARM64_ASM
//#define WOLFSSL_SP_ARM_THUMB_ASM
//#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#elif 1
/* Fast Math (tfm.c) (stack based and timing resistant) */
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#else
/* Normal (integer.c) (heap based, not timing resistant) - not recommended*/
#define USE_INTEGER_HEAP_MATH
#endif
/* ------------------------------------------------------------------------- */
/* Crypto */
/* ------------------------------------------------------------------------- */
@@ -508,6 +506,9 @@ extern "C" {
//#define NO_CRYPT_BENCHMARK
//#define WOLFCRYPT_ONLY
/* do not warm when file is included to be built and not required to be */
#define WOLFSSL_IGNORE_FILE_WARN
/* In-lining of misc.c functions */
/* If defined, must include wolfcrypt/src/misc.c in build */
/* Slower, but about 1k smaller */

84
wolfcrypt/src/ecc.c
View File

@@ -216,13 +216,30 @@ ECC Curve Sizes:
#endif
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(WOLFSSL_KCAPI_ECC) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(NO_ECC_MAKE_PUB) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_KCAPI_ECC) && !defined(WOLFSSL_SE050) && \
!defined(WOLFSSL_XILINX_CRYPT_VERSAL)
#undef HAVE_ECC_VERIFY_HELPER
#define HAVE_ECC_VERIFY_HELPER
#endif
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_KCAPI_ECC) && !defined(NO_ECC_MAKE_PUB) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
#undef HAVE_ECC_MAKE_PUB
#define HAVE_ECC_MAKE_PUB
#endif
#if !defined(WOLFSSL_SP_MATH) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_SE050) && !defined(WOLFSSL_STM32_PKA) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
#undef HAVE_ECC_CHECK_PUBKEY_ORDER
#define HAVE_ECC_CHECK_PUBKEY_ORDER
#endif
#if defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS < MAX_ECC_BITS_NEEDED
#define MAX_ECC_BITS_USE SP_INT_BITS
#else
@@ -1309,18 +1326,11 @@ const size_t ecc_sets_count = ECC_SET_COUNT - 1;
static oid_cache_t ecc_oid_cache[ECC_SET_COUNT];
#endif
/* Forward declarations */
#if defined(HAVE_COMP_KEY) && defined(HAVE_ECC_KEY_EXPORT)
static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen);
#endif
#if !defined(WOLFSSL_SP_MATH) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_STM32_PKA)
#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
mp_int* prime, mp_int* order);
#endif
@@ -8362,6 +8372,7 @@ static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s)
}
#endif /* !WOLFSSL_STM32_PKA && !WOLFSSL_PSOC6_CRYPTO */
#ifdef HAVE_ECC_VERIFY_HELPER
static int ecc_verify_hash_sp(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* res, ecc_key* key)
{
@@ -8749,6 +8760,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
return err;
}
#endif /* !WOLFSSL_SP_MATH || FREESCALE_LTC_ECC */
#endif /* HAVE_ECC_VERIFY_HELPER */
/**
Verify an ECC signature
@@ -8825,10 +8837,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
}
#endif
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \
defined(WOLFSSL_KCAPI_ECC) || defined(WOLFSSL_SE050) || \
defined(WOLFSSL_XILINX_CRYPT_VERSAL)
#ifndef HAVE_ECC_VERIFY_HELPER
#ifndef WOLFSSL_SE050
/* Extract R and S with front zero padding (if required),
@@ -8975,7 +8984,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
(void)curveLoaded;
wc_ecc_curve_free(curve);
FREE_CURVE_SPECS();
#endif /* WOLFSSL_ATECC508A */
#endif /* HAVE_ECC_VERIFY_HELPER */
(void)keySz;
(void)hashlen;
@@ -9936,7 +9945,7 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
}
#endif /* (FIPS v5 or later || WOLFSSL_VALIDATE_ECC_KEYGEN) &&!WOLFSSL_KCAPI_ECC */
#ifndef WOLFSSL_SP_MATH
#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER
/* validate order * pubkey = point at infinity, 0 on success */
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
mp_int* prime, mp_int* order)
@@ -10107,11 +10116,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
#endif
#ifndef WOLFSSL_SP_MATH
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \
defined(WOLFSSL_SE050) || defined(WOLF_CRYPTO_CB_ONLY_ECC) || \
defined(WOLFSSL_XILINX_CRYPT_VERSAL) || defined(WOLFSSL_STM32_PKA)
#ifndef HAVE_ECC_CHECK_PUBKEY_ORDER
/* consider key check success on HW crypto
* ex: ATECC508/608A, CryptoCell and Silabs
*
@@ -10243,7 +10248,8 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
#endif
FREE_CURVE_SPECS();
#endif /* HW Based Crypto */
#endif /* HAVE_ECC_CHECK_PUBKEY_ORDER */
#else
err = WC_KEY_SIZE_E;
#endif /* !WOLFSSL_SP_MATH */
@@ -10522,7 +10528,7 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
}
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
if (err == MP_OKAY)
err = silabs_ecc_import(key, keysize);
err = silabs_ecc_import(key, keysize, 1, 0);
#elif defined(WOLFSSL_SE050)
if (err == MP_OKAY) {
/* reset key ID, in case used before */
@@ -10769,18 +10775,6 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
ret = mp_read_unsigned_bin(key->k, priv, privSz);
}
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
if (ret == MP_OKAY)
ret = mp_read_unsigned_bin(key->k, priv, privSz);
if (ret == MP_OKAY) {
if (pub) {
ret = silabs_ecc_import(key, key->dp->size);
}
else {
ret = silabs_ecc_import_private(key, key->dp->size);
}
}
#elif defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM)
if ((wc_ecc_size(key) + WC_CAAM_MAC_SZ) == (int)privSz) {
#ifdef WOLFSSL_CAAM_BLACK_KEY_SM
@@ -10898,6 +10892,10 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
if (ret == 0) {
ret = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
}
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
if (ret == 0) {
ret = silabs_ecc_import(key, key->dp->size, (pub != NULL), 1);
}
#endif
return ret;
@@ -11038,7 +11036,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
#endif
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_SILABS_SE_ACCEL) || defined(WOLFSSL_CRYPTOCELL)
defined(WOLFSSL_CRYPTOCELL)
word32 keySz = 0;
#endif
@@ -11127,11 +11125,6 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
err = wc_export_int(key->pubkey.y, &key->pubkey_raw[keySz],
&keySz, keySz, WC_TYPE_UNSIGNED_BIN);
}
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
keySz = key->dp->size;
if (err == MP_OKAY) {
err = silabs_ecc_sig_to_rs(key, keySz);
}
#elif defined(WOLFSSL_CRYPTOCELL)
if (err == MP_OKAY) {
keyRaw[0] = ECC_POINT_UNCOMP;
@@ -11211,9 +11204,6 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
/* Hardware doesn't support loading private key */
err = NOT_COMPILED_IN;
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
err = silabs_ecc_import_private_raw(key, keySz, d, encType);
#elif defined(WOLFSSL_CRYPTOCELL)
key->type = ECC_PRIVATEKEY;
@@ -11295,6 +11285,10 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
if (err == MP_OKAY) {
err = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
}
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
if (err == MP_OKAY) {
err = silabs_ecc_import(key, key->dp->size, 1, (d != NULL));
}
#endif
if (err != MP_OKAY) {

7
wolfcrypt/src/port/silabs/README.md
View File

@@ -15,6 +15,10 @@ To enable support define the following:
#define WOLFSSL_SILABS_SE_ACCEL
```
## Simplicity Studio Example
For the Silicon Labs Simplicity Studio exmaple see [/IDE/SimplicityStudio/README.md](/IDE/SimplicityStudio/README.md).
## Caveats
:warning: **Be sure to update the SE firmware** Testing and results were done using SE firmware `1.2.6`
@@ -33,8 +37,7 @@ Update was preformed under Simplicity Studio directory:
The SE manager supports multi-threading for FreeRTOS and Micrium
([ref](https://docs.silabs.com/gecko-platform/latest/service/api/group-sl-se-manager#autotoc-md152)).
If a different OS is used with multi-threading, additional mutex
protection may be necessary.
If a different OS is used with multi-threading, additional mutex protection may be necessary.
## Benchmarks

325
wolfcrypt/src/port/silabs/silabs_ecc.c
View File

@@ -31,6 +31,12 @@
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/port/silabs/silabs_ecc.h>
#include "sl_se_manager_internal_keys.h"
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
static sl_se_key_descriptor_t private_device_key =
SL_SE_APPLICATION_ATTESTATION_KEY;
#endif
#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
/* FIPS build has replaced ecc.h. */
@@ -40,11 +46,17 @@
#define SILABS_UNSUPPORTED_KEY_TYPE 0xFFFFFFFF
static sl_se_key_type_t silabs_map_key_type (ecc_curve_id curve_id)
/* For older Gecko SDK's with spelling error */
#ifndef SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY
#define SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY \
SL_SE_KEY_FLAG_ASYMMMETRIC_SIGNING_ONLY
#endif
static sl_se_key_type_t silabs_map_key_type(ecc_curve_id curve_id)
{
sl_se_key_type_t res = SILABS_UNSUPPORTED_KEY_TYPE;
switch(curve_id) {
switch (curve_id) {
case ECC_SECP192R1:
res = SL_SE_KEY_TYPE_ECC_P192;
break;
@@ -84,28 +96,41 @@ static sl_se_key_type_t silabs_map_key_type (ecc_curve_id curve_id)
return res;
}
int silabs_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, ecc_key* key)
int silabs_ecc_sign_hash(const byte* in, word32 inlen, byte* out,
word32 *outlen, ecc_key* key)
{
sl_status_t sl_stat = sl_se_init_command_context(&(key->cmd_ctx));
sl_status_t sl_stat;
sl_se_key_descriptor_t* slkey = &key->key;
word32 siglen = *outlen;
sl_stat = sl_se_validate_key(&(key->key));
if (key->dp->size * 2 <= (int)siglen) {
if ((int)siglen >= key->dp->size * 2) {
siglen = key->dp->size * 2;
}
sl_stat = sl_se_ecc_sign(
&(key->cmd_ctx),
&(key->key),
0,
1,
in,
inlen,
out,
siglen
);
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
/* if signing and not private key provided then use vault key */
if (key->type != ECC_PRIVATEKEY ||
mp_unsigned_bin_size(wc_ecc_key_get_priv(key)) == 0) {
slkey = &private_device_key;
}
#endif
sl_stat = sl_se_init_command_context(&key->cmd_ctx);
if (sl_stat == SL_STATUS_OK) {
sl_stat = sl_se_validate_key(slkey);
}
if (sl_stat == SL_STATUS_OK) {
sl_stat = sl_se_ecc_sign(
&key->cmd_ctx,
slkey,
0,
1,
in,
inlen,
out,
siglen
);
}
return (sl_stat == SL_STATUS_OK) ? 0 : WC_HW_E;
}
@@ -115,18 +140,18 @@ int silabs_ecc_verify_hash(const byte* sig, word32 siglen,
const byte* hash, word32 hashlen,
int* stat, ecc_key* key)
{
sl_status_t sl_stat = sl_se_init_command_context(&(key->cmd_ctx));
sl_stat = sl_se_ecc_verify(
&(key->cmd_ctx),
&(key->key),
0,
1,
hash,
hashlen,
sig,
siglen);
sl_status_t sl_stat = sl_se_init_command_context(&key->cmd_ctx);
if (sl_stat == SL_STATUS_OK) {
sl_stat = sl_se_ecc_verify(
&key->cmd_ctx,
&key->key,
0,
1,
hash,
hashlen,
sig,
siglen);
}
if (sl_stat == SL_STATUS_OK) {
*stat = 1;
} else if (sl_stat == SL_STATUS_INVALID_SIGNATURE) {
@@ -134,7 +159,6 @@ int silabs_ecc_verify_hash(const byte* sig, word32 siglen,
} else {
return WC_HW_E;
}
return 0;
}
#endif
@@ -144,161 +168,86 @@ int silabs_ecc_make_key(ecc_key* key, int keysize)
sl_status_t sl_stat;
key->key.type = silabs_map_key_type(key->dp->id);
if (SILABS_UNSUPPORTED_KEY_TYPE == key->key.type)
if (key->key.type == SILABS_UNSUPPORTED_KEY_TYPE)
return WC_HW_E;
key->key.size = keysize;
key->key.storage.method = SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT;
key->key.flags = SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY
| SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY
| SL_SE_KEY_FLAG_ASYMMMETRIC_SIGNING_ONLY;
key->key.flags = (SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY |
SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY |
SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY);
sl_stat = sl_se_get_storage_size(&key->key, &key->key.storage.location.buffer.size);
key->key.storage.location.buffer.pointer = key->key_raw;
sl_stat = sl_se_get_storage_size(&key->key,
&key->key.storage.location.buffer.size);
if (sl_stat == SL_STATUS_OK) {
key->key.storage.location.buffer.pointer = key->key_raw;
sl_stat = sl_se_generate_key(&key->cmd_ctx,
&key->key);
}
if (sl_stat == SL_STATUS_OK) {
key->type = ECC_PRIVATEKEY;
sl_stat = sl_se_generate_key(&(key->cmd_ctx),
&(key->key));
key->type = ECC_PRIVATEKEY;
/* copy key to mp components */
mp_read_unsigned_bin (key->pubkey.x,
key->key.storage.location.buffer.pointer,
keysize);
mp_read_unsigned_bin (key->pubkey.y,
key->key.storage.location.buffer.pointer + keysize,
keysize);
mp_read_unsigned_bin (wc_ecc_key_get_priv(key),
key->key.storage.location.buffer.pointer + 2 * keysize,
keysize);
/* copy key to mp components */
mp_read_unsigned_bin(key->pubkey.x,
key->key.storage.location.buffer.pointer, keysize);
mp_read_unsigned_bin(key->pubkey.y,
key->key.storage.location.buffer.pointer + keysize, keysize);
mp_read_unsigned_bin(wc_ecc_key_get_priv(key),
key->key.storage.location.buffer.pointer + (2 * keysize), keysize);
}
return (sl_stat == SL_STATUS_OK) ? 0 : WC_HW_E;
}
int silabs_ecc_import(ecc_key* key, word32 keysize)
int silabs_ecc_import(ecc_key* key, word32 keysize, int pub, int priv)
{
sl_status_t sl_stat;
int err = MP_OKAY;
word32 used = keysize;
word32 used;
key->key.type = silabs_map_key_type(key->dp->id);
if (SILABS_UNSUPPORTED_KEY_TYPE == key->key.type)
if (key->key.type == SILABS_UNSUPPORTED_KEY_TYPE || keysize == 0)
return WC_HW_E;
key->key.size = keysize;
key->key.storage.method = SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT;
key->key.flags = SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY
| SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY
| SL_SE_KEY_FLAG_ASYMMMETRIC_SIGNING_ONLY;
key->key.flags = (
(pub ? SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY : 0) |
(priv ? SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY : 0) |
SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY);
sl_stat = sl_se_get_storage_size(&key->key, &key->key.storage.location.buffer.size);
sl_stat = sl_se_get_storage_size(&key->key,
&key->key.storage.location.buffer.size);
key->key.storage.location.buffer.pointer = key->key_raw;
if (sl_stat != SL_STATUS_OK)
return WC_HW_E;
key->type = ECC_PRIVATEKEY;
if (priv && pub)
key->type = ECC_PRIVATEKEY;
else if (priv)
key->type = ECC_PRIVATEKEY_ONLY;
else
key->type = ECC_PUBLICKEY;
/* copy key from mp components */
if (err == MP_OKAY)
err = wc_export_int(key->pubkey.x, key->key.storage.location.buffer.pointer,
&used, keysize,
WC_TYPE_UNSIGNED_BIN);
if (err == MP_OKAY)
err = wc_export_int(key->pubkey.y, key->key.storage.location.buffer.pointer + keysize,
&used, keysize,
WC_TYPE_UNSIGNED_BIN);
if (err == MP_OKAY)
err = wc_export_int(wc_ecc_key_get_priv(key),
key->key.storage.location.buffer.pointer + 2 * keysize, &used,
keysize, WC_TYPE_UNSIGNED_BIN);
return err;
}
int silabs_ecc_import_private(ecc_key* key, word32 keysize)
{
sl_status_t sl_stat;
int ret = 0;
word32 keySz = keysize;
key->key.type = silabs_map_key_type(key->dp->id);
if (SILABS_UNSUPPORTED_KEY_TYPE == key->key.type)
return WC_HW_E;
key->key.size = key->dp->size;
key->key.storage.method = SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT;
key->key.flags = SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY
| SL_SE_KEY_FLAG_ASYMMMETRIC_SIGNING_ONLY;
sl_stat = sl_se_get_storage_size(&key->key, &key->key.storage.location.buffer.size);
key->key.storage.location.buffer.pointer = key->key_raw;
if (sl_stat != SL_STATUS_OK)
return WC_HW_E;
ret = wc_export_int(wc_ecc_key_get_priv(key),
key->key.storage.location.buffer.pointer, &keySz, keySz,
WC_TYPE_UNSIGNED_BIN);
if (keySz != keysize)
ret = WC_HW_E;
return ret;
}
int silabs_ecc_sig_to_rs(ecc_key* key, word32 keySz)
{
sl_status_t sl_stat;
int err = MP_OKAY;
key->key.type = silabs_map_key_type(key->dp->id);
if (SILABS_UNSUPPORTED_KEY_TYPE == key->key.type)
return WC_HW_E;
key->key.size = keySz;
key->key.storage.method = SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT;
key->key.flags = SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY
| SL_SE_KEY_FLAG_ASYMMMETRIC_SIGNING_ONLY;
sl_stat = sl_se_get_storage_size(&key->key, &key->key.storage.location.buffer.size);
key->key.storage.location.buffer.pointer = key->key_raw;
if (sl_stat != SL_STATUS_OK)
return WC_HW_E;
if (err == MP_OKAY) {
keySz = key->dp->size;
if (err == MP_OKAY && pub) {
used = keysize;
err = wc_export_int(key->pubkey.x,
key->key.storage.location.buffer.pointer,
&keySz, keySz, WC_TYPE_UNSIGNED_BIN);
if (err == MP_OKAY)
err = wc_export_int(key->pubkey.y,
key->key.storage.location.buffer.pointer + keySz,
&keySz, keySz, WC_TYPE_UNSIGNED_BIN);
key->key.storage.location.buffer.pointer,
&used, keysize, WC_TYPE_UNSIGNED_BIN);
}
return err;
}
int silabs_ecc_import_private_raw(ecc_key* key, word32 keySz, const char* d, int encType)
{
sl_status_t sl_stat;
int err = MP_OKAY;
key->type = ECC_PRIVATEKEY;
key->key.flags |= SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY;
sl_stat = sl_se_get_storage_size(&key->key, &key->key.storage.location.buffer.size);
if (sl_stat != SL_STATUS_OK)
return WC_HW_E;
if (encType == WC_TYPE_HEX_STR)
err = mp_read_radix(wc_ecc_key_get_priv(key), d, MP_RADIX_HEX);
else
err = mp_read_unsigned_bin(wc_ecc_key_get_priv(key), (const byte*)d,
key->dp->size);
if (err == MP_OKAY) {
if (err == MP_OKAY && pub) {
used = keysize;
err = wc_export_int(key->pubkey.y,
key->key.storage.location.buffer.pointer + keysize,
&used, keysize, WC_TYPE_UNSIGNED_BIN);
}
if (err == MP_OKAY && priv) {
used = keysize;
err = wc_export_int(wc_ecc_key_get_priv(key),
key->key.storage.location.buffer.pointer + (2 * keySz), &keySz,
keySz, WC_TYPE_UNSIGNED_BIN);
key->key.storage.location.buffer.pointer + (keysize * 2),
&used, keysize, WC_TYPE_UNSIGNED_BIN);
}
return err;
}
@@ -337,7 +286,7 @@ int silabs_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
sl_stat = sl_se_ecdh_compute_shared_secret(
&cmd,
&(private_key->key),
&private_key->key,
&pub_key,
&key_out);
@@ -349,4 +298,68 @@ int silabs_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
return (sl_stat == SL_STATUS_OK) ? 0 : WC_HW_E;
}
int silabs_ecc_export_public(ecc_key* key, sl_se_key_descriptor_t* seKey)
{
int ret;
sl_status_t sl_stat;
sl_se_command_context_t cmd;
if (key == NULL || seKey == NULL)
return BAD_FUNC_ARG;
if (seKey->type == SL_SE_KEY_TYPE_ECC_P192)
ret = wc_ecc_set_curve(key, 24, ECC_SECP192R1);
else if (seKey->type == SL_SE_KEY_TYPE_ECC_P256)
ret = wc_ecc_set_curve(key, 32, ECC_SECP256R1);
#ifdef SL_SE_KEY_TYPE_ECC_P384
else if (seKey->type == SL_SE_KEY_TYPE_ECC_P384)
ret = wc_ecc_set_curve(key, 48, ECC_SECP384R1);
#endif
#ifdef SL_SE_KEY_TYPE_ECC_P521
else if (seKey->type == SL_SE_KEY_TYPE_ECC_P521)
ret = wc_ecc_set_curve(key, 66, ECC_SECP521R1);
#endif
else
ret = ECC_CURVE_OID_E;
if (ret != 0)
return ret;
key->type = ECC_PUBLICKEY;
key->key.type = seKey->type;
key->key.size = key->dp->size;
key->key.storage.method = SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT;
key->key.flags = (SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY |
SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY);
sl_stat = sl_se_get_storage_size(&key->key,
&key->key.storage.location.buffer.size);
key->key.storage.location.buffer.pointer = key->key_raw;
if (sl_stat == SL_STATUS_OK) {
sl_stat = sl_se_export_public_key(&cmd, seKey, &key->key);
}
if (sl_stat != SL_STATUS_OK) {
ret = WC_HW_E;
}
if (ret == 0) {
/* export public x and y */
ret = mp_read_unsigned_bin(key->pubkey.x,
key->key.storage.location.buffer.pointer,
key->key.size);
}
if (ret == 0) {
ret = mp_read_unsigned_bin(key->pubkey.y,
key->key.storage.location.buffer.pointer + key->key.size,
key->key.size);
}
return ret;
}
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
int silabs_ecc_load_vault(ecc_key* key)
{
return silabs_ecc_export_public(key, &private_device_key);
}
#endif
#endif /* WOLFSSL_SILABS_SE_ACCEL */

152
wolfcrypt/src/port/silabs/silabs_hash.c
View File

@@ -1,4 +1,4 @@
/* silabs_se_hash.c
/* silabs_hash.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
@@ -35,58 +35,52 @@
#include <wolfssl/wolfcrypt/port/silabs/silabs_hash.h>
static sl_se_hash_type_t wc_silabs_gethashtype(enum wc_HashType type)
{
/* set init state */
switch (type) {
case WC_HASH_TYPE_SHA:
return SL_SE_HASH_SHA1;
break;
case WC_HASH_TYPE_SHA224:
return SL_SE_HASH_SHA224;
break;
case WC_HASH_TYPE_SHA256:
return SL_SE_HASH_SHA256;
#ifdef WOLFSSL_SILABS_SHA384
case WC_HASH_TYPE_SHA384:
return SL_SE_HASH_SHA384;
#endif
#ifdef WOLFSSL_SILABS_SHA512
case WC_HASH_TYPE_SHA512:
return SL_SE_HASH_SHA512;
#endif
default:
break;
}
return SL_SE_HASH_NONE;
}
int wc_silabs_se_hash_init (wc_silabs_sha_t* sha, enum wc_HashType type)
{
int ret = 0;
sl_status_t rr;
sl_status_t rr;
sl_se_hash_type_t ht = wc_silabs_gethashtype(type);
if (ht == SL_SE_HASH_NONE) {
return NOT_COMPILED_IN;
}
/* set sizes and state */
XMEMSET(sha, 0, sizeof(wc_silabs_sha_t));
/* set init state */
switch(type) {
case WC_HASH_TYPE_SHA:
rr = sl_se_hash_starts(&sha->hash_ctx,
&sha->cmd_ctx,
SL_SE_HASH_SHA1,
&sha->hash_type_ctx);
break;
case WC_HASH_TYPE_SHA224:
rr = sl_se_hash_starts(&sha->hash_ctx,
&sha->cmd_ctx,
SL_SE_HASH_SHA224,
&sha->hash_type_ctx);
break;
case WC_HASH_TYPE_SHA256:
rr = sl_se_hash_starts(&sha->hash_ctx,
&sha->cmd_ctx,
SL_SE_HASH_SHA256,
&sha->hash_type_ctx);
break;
#ifdef WOLFSSL_SILABS_SHA384
case WC_HASH_TYPE_SHA384:
rr = sl_se_hash_starts(&sha->hash_ctx,
&sha->cmd_ctx,
SL_SE_HASH_SHA384,
&sha->hash_type_ctx);
break;
#ifdef WOLFSSL_SILABS_SE_ACCEL_3
rr = sl_se_hash_starts(&sha->hash_ctx, &sha->cmd_ctx, ht,
&sha->hash_type_ctx);
#else
rr = sl_se_hash_multipart_starts(&sha->hash_type_ctx, &sha->cmd_ctx, ht);
#endif
#ifdef WOLFSSL_SILABS_SHA512
case WC_HASH_TYPE_SHA512:
rr = sl_se_hash_starts(&sha->hash_ctx,
&sha->cmd_ctx,
SL_SE_HASH_SHA512,
&sha->hash_type_ctx);
break;
#endif
default:
ret = BAD_FUNC_ARG;
break;
}
if (rr != SL_STATUS_OK) {
ret = WC_HW_E;
}
@@ -94,32 +88,43 @@ int wc_silabs_se_hash_init (wc_silabs_sha_t* sha, enum wc_HashType type)
return ret;
}
int wc_silabs_se_hash_update (wc_silabs_sha_t* sha, const byte* data, word32 len)
int wc_silabs_se_hash_update(wc_silabs_sha_t* sha, const byte* data,
word32 len)
{
int ret = 0;
sl_status_t status;
sl_status_t status = sl_se_hash_update(&sha->hash_ctx, data, len);
#ifdef WOLFSSL_SILABS_SE_ACCEL_3
status = sl_se_hash_update(&sha->hash_ctx, data, len);
#else
status = sl_se_hash_multipart_update(&sha->hash_type_ctx, &sha->cmd_ctx,
data, len);
#endif
if (status != SL_STATUS_OK) {
ret = BUFFER_E;
ret = WC_HW_E;
}
return ret;
}
int wc_silabs_se_hash_final (wc_silabs_sha_t* sha, byte* hash)
int wc_silabs_se_hash_final(wc_silabs_sha_t* sha, byte* hash, word32 len)
{
int ret = 0;
sl_status_t status;
sl_status_t status = sl_se_hash_finish(&sha->hash_ctx, hash, sha->hash_ctx.size);
#ifdef WOLFSSL_SILABS_SE_ACCEL_3
status = sl_se_hash_finish(&sha->hash_ctx, hash, len);
#else
status = sl_se_hash_multipart_finish(&sha->hash_type_ctx, &sha->cmd_ctx,
hash, len);
#endif
if (status != SL_STATUS_OK) {
ret = BUFFER_E;
ret = WC_HW_E;
}
return ret;
}
int wc_HashUpdate_ex (wc_silabs_sha_t* sha, const byte* data, word32 len)
static int wc_HashUpdate_ex(wc_silabs_sha_t* sha, const byte* data, word32 len)
{
int ret = 0;
@@ -130,13 +135,12 @@ int wc_HashUpdate_ex (wc_silabs_sha_t* sha, const byte* data, word32 len)
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
ret = wc_silabs_se_hash_update(sha, data, len);
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
int wc_HashFinal_ex(wc_silabs_sha_t* sha, byte* hash)
static int wc_HashFinal_ex(wc_silabs_sha_t* sha, byte* hash, word32 len)
{
int ret = 0;
@@ -146,7 +150,7 @@ int wc_HashFinal_ex(wc_silabs_sha_t* sha, byte* hash)
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
ret = wc_silabs_se_hash_final(sha, hash);
ret = wc_silabs_se_hash_final(sha, hash, len);
wolfSSL_CryptHwMutexUnLock();
}
@@ -164,17 +168,17 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
(void)devId;
(void)heap;
return wc_silabs_se_hash_init(&(sha->silabsCtx), WC_HASH_TYPE_SHA);
return wc_silabs_se_hash_init(&sha->silabsCtx, WC_HASH_TYPE_SHA);
}
int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
{
return wc_HashUpdate_ex(&(sha->silabsCtx), data, len);
return wc_HashUpdate_ex(&sha->silabsCtx, data, len);
}
int wc_ShaFinal(wc_Sha* sha, byte* hash)
{
int ret = wc_HashFinal_ex(&(sha->silabsCtx), hash);
int ret = wc_HashFinal_ex(&sha->silabsCtx, hash, WC_SHA_DIGEST_SIZE);
(void)wc_InitSha(sha); /* reset state */
@@ -193,18 +197,18 @@ int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId)
(void)devId;
(void)heap;
return wc_silabs_se_hash_init(&(sha->silabsCtx), WC_HASH_TYPE_SHA256);
return wc_silabs_se_hash_init(&sha->silabsCtx, WC_HASH_TYPE_SHA256);
}
int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len)
{
return wc_HashUpdate_ex(&(sha->silabsCtx), data, len);
return wc_HashUpdate_ex(&sha->silabsCtx, data, len);
}
int wc_Sha256Final(wc_Sha256* sha, byte* hash)
{
int ret = wc_HashFinal_ex(&(sha->silabsCtx), hash);
int ret = wc_HashFinal_ex(&sha->silabsCtx, hash, WC_SHA256_DIGEST_SIZE);
(void)wc_InitSha256(sha); /* reset state */
@@ -212,7 +216,7 @@ int wc_Sha256Final(wc_Sha256* sha, byte* hash)
}
#endif /* ! NO_SHA256 */
#ifndef NO_SHA224
#ifdef WOLFSSL_SHA224
int wc_InitSha224_ex(wc_Sha224* sha, void* heap, int devId)
{
if (sha == NULL) {
@@ -222,24 +226,24 @@ int wc_InitSha224_ex(wc_Sha224* sha, void* heap, int devId)
(void)devId;
(void)heap;
return wc_silabs_se_hash_init(&(sha->silabsCtx), WC_HASH_TYPE_SHA224);
return wc_silabs_se_hash_init(&sha->silabsCtx, WC_HASH_TYPE_SHA224);
}
int wc_Sha224Update(wc_Sha224* sha, const byte* data, word32 len)
{
return wc_HashUpdate_ex(&(sha->silabsCtx), data, len);
return wc_HashUpdate_ex(&sha->silabsCtx, data, len);
}
int wc_Sha224Final(wc_Sha224* sha, byte* hash)
{
int ret = wc_HashFinal_ex(&(sha->silabsCtx), hash);
int ret = wc_HashFinal_ex(&sha->silabsCtx, hash, WC_SHA224_DIGEST_SIZE);
(void)wc_InitSha224(sha); /* reset state */
return ret;
}
#endif /* ! NO_SHA224 */
#endif /* WOLFSSL_SHA224 */
#ifdef WOLFSSL_SILABS_SHA384
int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devId)
@@ -251,18 +255,18 @@ int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devId)
(void)devId;
(void)heap;
return wc_silabs_se_hash_init(&(sha->silabsCtx), WC_HASH_TYPE_SHA384);
return wc_silabs_se_hash_init(&sha->silabsCtx, WC_HASH_TYPE_SHA384);
}
int wc_Sha384Update(wc_Sha384* sha, const byte* data, word32 len)
{
return wc_HashUpdate_ex(&(sha->silabsCtx), data, len);
return wc_HashUpdate_ex(&sha->silabsCtx, data, len);
}
int wc_Sha384Final(wc_Sha384* sha, byte* hash)
{
int ret = wc_HashFinal_ex(&(sha->silabsCtx), hash);
int ret = wc_HashFinal_ex(&sha->silabsCtx, hash, WC_SHA384_DIGEST_SIZE);
(void)wc_InitSha384(sha); /* reset state */
@@ -280,18 +284,18 @@ int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devId)
(void)devId;
(void)heap;
return wc_silabs_se_hash_init(&(sha->silabsCtx), WC_HASH_TYPE_SHA512);
return wc_silabs_se_hash_init(&sha->silabsCtx, WC_HASH_TYPE_SHA512);
}
int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len)
{
return wc_HashUpdate_ex(&(sha->silabsCtx), data, len);
return wc_HashUpdate_ex(&sha->silabsCtx, data, len);
}
int wc_Sha512Final(wc_Sha512* sha, byte* hash)
{
int ret = wc_HashFinal_ex(&(sha->silabsCtx), hash);
int ret = wc_HashFinal_ex(&sha->silabsCtx, hash, WC_SHA512_DIGEST_SIZE);
(void)wc_InitSha512(sha); /* reset state */
@@ -299,4 +303,4 @@ int wc_Sha512Final(wc_Sha512* sha, byte* hash)
}
#endif /* WOLFSSL_SILABS_SHA512 */
#endif /* defined(WOLFSSL_SILABS_SE_ACCEL) */
#endif /* WOLFSSL_SILABS_SE_ACCEL */

6
wolfcrypt/src/sha.c
View File

@@ -995,9 +995,9 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
XMEMCPY(dst, src, sizeof(wc_Sha));
#ifdef WOLFSSL_SILABS_SE_ACCEL
dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3)
dst->silabsCtx.hash_ctx.cmd_ctx = &dst->silabsCtx.cmd_ctx;
dst->silabsCtx.hash_ctx.hash_type_ctx = &dst->silabsCtx.hash_type_ctx;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA)

12
wolfcrypt/src/sha256.c
View File

@@ -1933,9 +1933,9 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
dst->W = NULL;
#endif
#ifdef WOLFSSL_SILABS_SE_ACCEL
dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3)
dst->silabsCtx.hash_ctx.cmd_ctx = &dst->silabsCtx.cmd_ctx;
dst->silabsCtx.hash_ctx.hash_type_ctx = &dst->silabsCtx.hash_type_ctx;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA224)
@@ -2068,9 +2068,9 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
dst->W = NULL;
#endif
#ifdef WOLFSSL_SILABS_SE_ACCEL
dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3)
dst->silabsCtx.hash_ctx.cmd_ctx = &dst->silabsCtx.cmd_ctx;
dst->silabsCtx.hash_ctx.hash_type_ctx = &dst->silabsCtx.hash_type_ctx;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)

14
wolfcrypt/src/sha512.c
View File

@@ -1616,9 +1616,10 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
dst->W = NULL;
#endif
#ifdef WOLFSSL_SILABS_SHA512
dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) && \
defined(WOLFSSL_SILABS_SHA512)
dst->silabsCtx.hash_ctx.cmd_ctx = &dst->silabsCtx.cmd_ctx;
dst->silabsCtx.hash_ctx.hash_type_ctx = &dst->silabsCtx.hash_type_ctx;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
@@ -1867,9 +1868,10 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
dst->W = NULL;
#endif
#ifdef WOLFSSL_SILABS_SHA384
dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) && \
defined(WOLFSSL_SILABS_SHA384)
dst->silabsCtx.hash_ctx.cmd_ctx = &dst->silabsCtx.cmd_ctx;
dst->silabsCtx.hash_ctx.hash_type_ctx = &dst->silabsCtx.hash_type_ctx;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)

15
wolfssl/wolfcrypt/port/silabs/silabs_ecc.h
View File

@@ -44,20 +44,19 @@ int silabs_ecc_verify_hash (const byte* sig, word32 siglen,
int* stat, ecc_key* key);
int silabs_ecc_make_key(ecc_key* key, int keysize);
int silabs_ecc_import(ecc_key* key, word32 keysize);
int silabs_ecc_import_private(ecc_key* key, word32 keysize);
int silabs_ecc_sig_to_rs(ecc_key* key, word32 keySz);
int silabs_ecc_import_private_raw(ecc_key* key, word32 keySz, const char* d, int encType);
int silabs_ecc_import(ecc_key* key, word32 keysize, int pub, int priv);
int silabs_ecc_export_public(ecc_key* key, sl_se_key_descriptor_t* seKey);
int silabs_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
byte* out, word32* outlen);
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
int silabs_ecc_load_vault(ecc_key* key);
#endif
#endif /* WOLFSSL_SILABS_SE_ACCEL */
#endif /* _SILABS_ECC_H_ */

74
wolfssl/wolfcrypt/port/silabs/silabs_hash.h
View File

@@ -22,45 +22,75 @@
#ifndef _SILABS_HASH_H_
#define _SILABS_HASH_H_
#include <em_device.h>
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_SILABS_SE_ACCEL)
#include <em_device.h>
#include <wolfssl/wolfcrypt/types.h>
#include <sl_se_manager.h>
#include <sl_se_manager_hash.h>
#if defined(SL_SE_HASH_SHA384) && !defined(NO_SHA384)
#define WOLFSSL_SILABS_SHA384
/* workaround to detect older Gecko SDK version 3 */
#if !defined(WOLFSSL_SILABS_SE_ACCEL_3) && !defined(SL_SE_PRF_HMAC_SHA1)
/* Use streaming instead of new multipart */
#define WOLFSSL_SILABS_SE_ACCEL_3
#endif
#if defined(SL_SE_HASH_SHA512) && !defined(NO_SHA384)
#define WOLFSSL_SILABS_SHA512
/* Enable SHA2-2384 and SHA2-512 if HW supports and enabled */
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
#ifdef WOLFSSL_SHA384
#define WOLFSSL_SILABS_SHA384
#endif
#ifdef WOLFSSL_SHA512
#define WOLFSSL_SILABS_SHA512
#endif
#endif
#ifdef WOLFSSL_SILABS_SE_ACCEL_3
/* Gecko SDK v3 uses "streaming" interface */
typedef struct {
sl_se_hash_streaming_context_t hash_ctx;
sl_se_command_context_t cmd_ctx;
union hash_type_ctx_u {
sl_se_sha1_streaming_context_t sha1_ctx;
sl_se_sha224_streaming_context_t sha224_ctx;
sl_se_sha256_streaming_context_t sha256_ctx;
#ifdef WOLFSSL_SILABS_SHA384
sl_se_sha384_streaming_context_t sha384_ctx;
#endif
#ifdef WOLFSSL_SILABS_SHA512
sl_se_sha512_streaming_context_t sha512_ctx;
#endif
} hash_type_ctx;
sl_se_hash_streaming_context_t hash_ctx;
sl_se_command_context_t cmd_ctx;
union hash_type_ctx_u {
sl_se_sha1_streaming_context_t sha1_ctx;
sl_se_sha224_streaming_context_t sha224_ctx;
sl_se_sha256_streaming_context_t sha256_ctx;
#ifdef WOLFSSL_SILABS_SHA384
sl_se_sha384_streaming_context_t sha384_ctx;
#endif
#ifdef WOLFSSL_SILABS_SHA512
sl_se_sha512_streaming_context_t sha512_ctx;
#endif
} hash_type_ctx;
} wc_silabs_sha_t;
#else
/* Gecko SDK v4 or later uses "multipart" interface */
typedef struct {
sl_se_command_context_t cmd_ctx;
union hash_type_ctx_u {
sl_se_sha1_multipart_context_t sha1_ctx;
sl_se_sha224_multipart_context_t sha224_ctx;
sl_se_sha256_multipart_context_t sha256_ctx;
#ifdef WOLFSSL_SILABS_SHA384
sl_se_sha384_multipart_context_t sha384_ctx;
#endif
#ifdef WOLFSSL_SILABS_SHA512
sl_se_sha512_multipart_context_t sha512_ctx;
#endif
} hash_type_ctx;
} wc_silabs_sha_t;
#endif
int wc_silabs_se_hash_init (wc_silabs_sha_t* sha, enum wc_HashType type);
int wc_silabs_se_hash_update (wc_silabs_sha_t* sha, const byte* data, word32 len);
int wc_silabs_se_hash_final (wc_silabs_sha_t* sha, byte* hash);
int wc_silabs_se_hash_init(wc_silabs_sha_t* sha, enum wc_HashType type);
int wc_silabs_se_hash_update(wc_silabs_sha_t* sha, const byte* data,
word32 len);
int wc_silabs_se_hash_final(wc_silabs_sha_t* sha, byte* hash, word32 len);
#endif /* defined(WOLFSSL_SILABS_SE_ACCEL) */
#endif /* WOLFSSL_SILABS_SE_ACCEL */
#endif /* _SILABS_HASH_H_ */