wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

some fixes and updates

Browse Source
This commit is contained in:
kosmax871
2025-05-25 20:43:56 +02:00
committed by Maxim Kostin
parent b13fdaa05e
commit 7c1980fe01
3 changed files with 95 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

246
wolfcrypt/src/port/tropicsquare/tropic01.c
View File

@@ -33,72 +33,61 @@
#include <wolfssl/wolfcrypt/port/tropicsquare/tropic01.h> #include <wolfssl/wolfcrypt/port/tropicsquare/tropic01.h>
static Tropic01CryptoDevCtx g_ctx = {0};
static lt_handle_t g_h;
// Default factory pairing keys
byte pkey_index_0 = PAIRING_KEY_SLOT_INDEX_0;
// Engineering samples 01 keys:
byte sh0priv[] = {0xd0,0x99,0x92,0xb1,0xf1,0x7a,0xbc,0x4d,0xb9,0x37,0x17,0x68,0xa2,0x7d,0xa0,0x5b,0x18,0xfa,0xb8,0x56,0x13,0xa7,0x84,0x2c,0xa6,0x4c,0x79,0x10,0xf2,0x2e,0x71,0x6b};
byte sh0pub[] = {0xe7,0xf7,0x35,0xba,0x19,0xa3,0x3f,0xd6,0x73,0x23,0xab,0x37,0x26,0x2d,0xe5,0x36,0x08,0xca,0x57,0x85,0x76,0x53,0x43,0x52,0xe1,0x8f,0x64,0xe6,0x13,0xd3,0x8d,0x54};
/* /*
* TROPIC01 hardware RNG implementation * TROPIC01 hardware RNG implementation
*/ */
static int Tropic01_GetRandom(byte* out, word32 sz, Tropic01CryptoDevCtx* ctx) static int Tropic01_GetRandom(byte* out, word32 sz)
{ {
int ret = 0; int ret = 0;
// Default factory pairing keys
byte pkey_index_0 = PAIRING_KEY_SLOT_INDEX_0;
// Engineering samples 01 keys:
byte sh0priv[] = {0xd0,0x99,0x92,0xb1,0xf1,0x7a,0xbc,0x4d,0xb9,0x37,0x17,0x68,0xa2,0x7d,0xa0,0x5b,0x18,0xfa,0xb8,0x56,0x13,0xa7,0x84,0x2c,0xa6,0x4c,0x79,0x10,0xf2,0x2e,0x71,0x6b};
byte sh0pub[] = {0xe7,0xf7,0x35,0xba,0x19,0xa3,0x3f,0xd6,0x73,0x23,0xab,0x37,0x26,0x2d,0xe5,0x36,0x08,0xca,0x57,0x85,0x76,0x53,0x43,0x52,0xe1,0x8f,0x64,0xe6,0x13,0xd3,0x8d,0x54};
lt_handle_t h;
lt_ret_t rett;
WOLFSSL_MSG_EX("TROPIC01: GetRandom: Requesting %u bytes", sz); WOLFSSL_MSG_EX("TROPIC01: GetRandom: Requesting %u bytes", sz);
if (out == NULL || ctx == NULL || !ctx->initialized || sz == 0) if (out == NULL || sz == 0)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
/* Call TROPIC01 TRNG API to get random data */ /* Call TROPIC01 TRNG API to get random data */
rett = lt_init(&h); ret = lt_random_get(&g_h, out, sz);
if(rett != LT_OK) {
//printf("Error lt_init(): %s", lt_ret_verbose(ret));
return rett;
}
ret = verify_chip_and_start_secure_session(&h, sh0priv, sh0pub, pkey_index_0);
if(ret != LT_OK) { if(ret != LT_OK) {
//printf("Error sec channel: %s", lt_ret_verbose(ret)); WOLFSSL_MSG_EX("TROPIC01: GetKey: Failed to retrieve key, ret=%d", ret);
lt_deinit(&h); Tropic01_Deinit();
return ret; return WC_HW_E;
}
ret = lt_random_get(&h, out, sz);
if(ret != LT_OK) {
//printf("Error l3 cmd: %s", lt_ret_verbose(ret));
lt_deinit(&h);
return ret;
}
ret = lt_deinit(&h);
if(ret != LT_OK) {
//printf("Error lt_deinit(): %s", lt_ret_verbose(ret));
return ret;
} }
WOLFSSL_MSG_EX("TROPIC01: GetRandom: Completed with ret=%d", ret); WOLFSSL_MSG_EX("TROPIC01: GetRandom: Completed with ret=%d", ret);
return ret; /*
for (word32 i = 0; i < sz; i++) {
WOLFSSL_MSG_EX("TROPIC01: GetRandom: out[%d] = 0x%02x", i, out[i]);
}
*/
return 0;
} }
/* /*
* Retrive the AES key from the secure memory of TROPIC01 * Retrive the AES key from the secure memory of TROPIC01
*/ */
static int Tropic01_GetKey(Aes* aes, int keySlot, word32 keySz, Tropic01CryptoDevCtx* ctx) static int Tropic01_GetKey(Aes* aes, int keySlot, word32 keySz)
{ {
int ret;
// Default factory pairing keys
byte pkey_index_0 = PAIRING_KEY_SLOT_INDEX_0;
// Engineering samples 01 keys:
byte sh0priv[] = {0xd0,0x99,0x92,0xb1,0xf1,0x7a,0xbc,0x4d,0xb9,0x37,0x17,0x68,0xa2,0x7d,0xa0,0x5b,0x18,0xfa,0xb8,0x56,0x13,0xa7,0x84,0x2c,0xa6,0x4c,0x79,0x10,0xf2,0x2e,0x71,0x6b};
byte sh0pub[] = {0xe7,0xf7,0x35,0xba,0x19,0xa3,0x3f,0xd6,0x73,0x23,0xab,0x37,0x26,0x2d,0xe5,0x36,0x08,0xca,0x57,0x85,0x76,0x53,0x43,0x52,0xe1,0x8f,0x64,0xe6,0x13,0xd3,0x8d,0x54};
lt_handle_t h;
lt_ret_t rett; lt_ret_t rett;
WOLFSSL_MSG_EX("TROPIC01: GetKey: Retrieving key from slot %d", keySlot); WOLFSSL_MSG_EX("TROPIC01: GetKey: Retrieving key from slot %d", keySlot);
if (aes == NULL || ctx == NULL || !ctx->initialized || keySlot < 0 || keySlot >= 511) if (aes == NULL || keySlot < 0 || keySlot >= 511)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
/* Check key size */ /* Check key size */
if (keySz != 16 && keySz != 24 && keySz != 32) { if (keySz != 16 && keySz != 24 && keySz != 32) {
WOLFSSL_MSG_EX("TROPIC01: GetKey: Unsupported key size %u", keySz); WOLFSSL_MSG_EX("TROPIC01: GetKey: Unsupported key size %u", keySz);
@@ -106,117 +95,19 @@ static int Tropic01_GetKey(Aes* aes, int keySlot, word32 keySz, Tropic01CryptoDe
} }
/* Retrieve key from TROPIC01 */ /* Retrieve key from TROPIC01 */
rett = lt_init(&h);
rett = lt_r_mem_data_read(&g_h, keySlot, (byte*)aes->key, keySz);
if(rett != LT_OK) { if(rett != LT_OK) {
//printf("Error lt_init(): %s", lt_ret_verbose(ret)); WOLFSSL_MSG_EX("TROPIC01: GetKey: Failed to retrieve key, ret=%d", rett);
return rett; Tropic01_Deinit();
} return WC_HW_E;
ret = verify_chip_and_start_secure_session(&h, sh0priv, sh0pub, pkey_index_0);
if(ret != LT_OK) {
//printf("Error sec channel: %s", lt_ret_verbose(ret));
lt_deinit(&h);
return ret;
}
ret = lt_r_mem_data_read(&h, keySlot, (byte*)aes->key, keySz);
if(ret != LT_OK) {
//printf("Error l3 cmd: %s", lt_ret_verbose(ret));
lt_deinit(&h);
return 1;
}
ret = lt_deinit(&h);
if(ret != LT_OK) {
//printf("Error lt_deinit(): %s", lt_ret_verbose(ret));
return ret;
} }
if (ret != 0) {
WOLFSSL_MSG_EX("TROPIC01: GetKey: Failed to retrieve key, ret=%d", ret);
return ret;
}
WOLFSSL_MSG_EX("TROPIC01: GetKey: Key retrieved successfully"); WOLFSSL_MSG_EX("TROPIC01: GetKey: Key retrieved successfully");
return 0; return 0;
} }
/**
* Find an available key slot in the TROPIC01
*/
static int Tropic01_FindFreeKeySlot(Tropic01CryptoDevCtx* ctx)
{
int i;
WOLFSSL_MSG("TROPIC01: FindFreeKeySlot: Searching for available slot");
for (i = 0; i < 8; i++) {
if (ctx->keySlotUsage[i] == 0) {
ctx->keySlotUsage[i] = 1;
WOLFSSL_MSG_EX("TROPIC01: FindFreeKeySlot: Found slot %d", i);
return i;
}
}
WOLFSSL_MSG("TROPIC01: FindFreeKeySlot: No free slots available");
return -1;
}
/**
* Store AES key in TROPIC01 secure memory
*/
static int Tropic01_StoreKey(Aes* aes, const byte* key, word32 keySz, Tropic01CryptoDevCtx* ctx)
{
int ret;
int keySlot;
Tropic01KeyRef* keyRef;
WOLFSSL_MSG_EX("TROPIC01: StoreKey: Storing key of size %u bytes", keySz);
if (aes == NULL || key == NULL || ctx == NULL || !ctx->initialized)
return BAD_FUNC_ARG;
/* Check key size */
if (keySz != 16 && keySz != 24 && keySz != 32) {
WOLFSSL_MSG_EX("TROPIC01: StoreKey: Unsupported key size %u", keySz);
return BAD_FUNC_ARG;
}
/* Find available key slot */
keySlot = Tropic01_FindFreeKeySlot(ctx);
if (keySlot < 0) {
WOLFSSL_MSG("TROPIC01: StoreKey: No free key slots available");
return MEMORY_E;
}
/* Allocate key reference */
keyRef = (Tropic01KeyRef*)XMALLOC(sizeof(Tropic01KeyRef), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (keyRef == NULL) {
ctx->keySlotUsage[keySlot] = 0;
return MEMORY_E;
}
/* Store key in TROPIC01 */
/* Example TROPIC01_StoreKey call */
ret = 0; /* Replace with actual implementation */
if (ret != 0) {
WOLFSSL_MSG_EX("TROPIC01: StoreKey: Failed to store key in slot %d, ret=%d", keySlot, ret);
XFREE(keyRef, NULL, DYNAMIC_TYPE_TMP_BUFFER);
ctx->keySlotUsage[keySlot] = 0;
return ret;
}
/* Initialize key reference */
keyRef->keySlot = keySlot;
keyRef->keySize = keySz;
keyRef->keyType = 0;
keyRef->isValid = 1;
/* Store reference in AES structure */
//aes->devKey = keySlot;
//aes->devCtx = keyRef;
WOLFSSL_MSG_EX("TROPIC01: StoreKey: Key stored successfully in slot %d", keySlot);
return 0;
}
/** /**
* Crypto Callback function for TROPIC01 * Crypto Callback function for TROPIC01
@@ -224,24 +115,29 @@ static int Tropic01_StoreKey(Aes* aes, const byte* key, word32 keySz, Tropic01Cr
int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
{ {
int ret = CRYPTOCB_UNAVAILABLE; int ret = CRYPTOCB_UNAVAILABLE;
Tropic01CryptoDevCtx* tropicCtx = (Tropic01CryptoDevCtx*)ctx;
if (info == NULL || tropicCtx == NULL || !tropicCtx->initialized || devId == -2) if (info == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
(void)ctx;
(void)devId;
if (g_ctx.initialized == 0) {
WOLFSSL_MSG("TROPIC01: CryptoCB: Device not initialized");
return CRYPTOCB_UNAVAILABLE;
}
switch (info->algo_type) { switch (info->algo_type) {
case WC_ALGO_TYPE_RNG: case WC_ALGO_TYPE_RNG:
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: RNG generation request (%u bytes)", info->rng.sz); WOLFSSL_MSG_EX("TROPIC01: CryptoCB: RNG generation request (%u bytes)", info->rng.sz);
ret = Tropic01_GetRandom(info->rng.out, info->rng.sz, tropicCtx); ret = Tropic01_GetRandom(info->rng.out, info->rng.sz);
break; break;
case WC_ALGO_TYPE_SEED: case WC_ALGO_TYPE_SEED:
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: SEED generation request (%u bytes)", info->seed.sz); WOLFSSL_MSG_EX("TROPIC01: CryptoCB: SEED generation request (%u bytes)", info->seed.sz);
ret = Tropic01_GetRandom(info->seed.seed, info->seed.sz, tropicCtx); ret = Tropic01_GetRandom(info->seed.seed, info->seed.sz);
break; break;
case WC_ALGO_TYPE_CIPHER: case WC_ALGO_TYPE_CIPHER:
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: AES request (%u bytes)", info->aes_setkey.keySz); WOLFSSL_MSG("TROPIC01: CryptoCB: AES request ");
ret = Tropic01_StoreKey(NULL, NULL, 32, tropicCtx); //ret = Tropic01_StoreKey(NULL, NULL, 32);
//ret = Tropic01_GetKey(NULL, NULL, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); //ret = Tropic01_GetKey(NULL, NULL, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx);
#if !defined(NO_AES) || !defined(NO_DES3) #if !defined(NO_AES) || !defined(NO_DES3)
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
@@ -249,7 +145,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
if (info->cipher.enc) { if (info->cipher.enc) {
/* set devId to invalid, so software is used */ /* set devId to invalid, so software is used */
info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID; info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID;
ret = Tropic01_GetKey(info->cipher.aesgcm_enc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); ret = Tropic01_GetKey(info->cipher.aesgcm_enc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE);
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-GCM encryption, ret=%d", ret); WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-GCM encryption, ret=%d", ret);
return ret; return ret;
@@ -272,7 +168,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
else { else {
/* set devId to invalid, so software is used */ /* set devId to invalid, so software is used */
info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID; info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID;
ret = Tropic01_GetKey(info->cipher.aesgcm_dec.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); ret = Tropic01_GetKey(info->cipher.aesgcm_dec.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE);
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-GCM decryption, ret=%d", ret); WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-GCM decryption, ret=%d", ret);
return ret; return ret;
@@ -299,7 +195,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
if (info->cipher.enc) { if (info->cipher.enc) {
/* set devId to invalid, so software is used */ /* set devId to invalid, so software is used */
info->cipher.aescbc.aes->devId = INVALID_DEVID; info->cipher.aescbc.aes->devId = INVALID_DEVID;
ret = Tropic01_GetKey(info->cipher.aescbc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); ret = Tropic01_GetKey(info->cipher.aescbc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE);
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-CBC encryption, ret=%d", ret); WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-CBC encryption, ret=%d", ret);
return ret; return ret;
@@ -316,7 +212,7 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
else { else {
/* set devId to invalid, so software is used */ /* set devId to invalid, so software is used */
info->cipher.aescbc.aes->devId = INVALID_DEVID; info->cipher.aescbc.aes->devId = INVALID_DEVID;
ret = Tropic01_GetKey(info->cipher.aescbc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE, tropicCtx); ret = Tropic01_GetKey(info->cipher.aescbc.aes, TROPIC01_AES_KEY_SLOT_DEFAULT, TROPIC01_AES_MAX_KEY_SIZE);
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-CBC decryption, ret=%d", ret); WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Failed to get key for AES-CBC decryption, ret=%d", ret);
return ret; return ret;
@@ -330,26 +226,60 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx)
/* reset devId */ /* reset devId */
info->cipher.aescbc.aes->devId = devId; info->cipher.aescbc.aes->devId = devId;
} }
for (int i = 0; i < info->cipher.aescbc.aes->keylen; i++) {
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: aes->key[%d] = 0x%02x", i, info->cipher.aescbc.aes->key[i]);
}
for (word32 i = 0; i < info->cipher.aescbc.sz; i++) {
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: out[%d] = 0x%02x", i, info->cipher.aescbc.out[i]);
}
} }
#endif /* HAVE_AES_CBC */ #endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */ #endif /* !NO_AES || !NO_DES3 */
break; break;
default: default:
WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Unsupported algorithm type %d", info->algo_type); //WOLFSSL_MSG_EX("TROPIC01: CryptoCB: Unsupported algorithm type %d", info->algo_type);
break; break;
} }
return ret; return ret;
} }
int Tropic01_Init(Tropic01CryptoDevCtx* ctx) int Tropic01_Init()
{ {
if (ctx == NULL) lt_ret_t ret;
return BAD_FUNC_ARG;
ctx->initialized = 1; g_ctx.initialized = 0;
XMEMSET(ctx->keySlotUsage, 0, sizeof(ctx->keySlotUsage)); ret = lt_init(&g_h);
if(ret != LT_OK) {
WOLFSSL_MSG_EX("TROPIC01: lt_init failed with a code %d", ret);
return WC_HW_E;
}
ret = verify_chip_and_start_secure_session(&g_h, sh0priv, sh0pub, pkey_index_0);
if(ret != LT_OK) {
WOLFSSL_MSG_EX("TROPIC01: secure session failed with a code %d", ret);
lt_deinit(&g_h);
return WC_HW_E;
}
g_ctx.initialized = 1;
WOLFSSL_MSG("TROPIC01: Crypto device initialized successfully");
return 0;
}
int Tropic01_Deinit()
{
lt_ret_t ret;
if (g_ctx.initialized) {
ret = lt_deinit(&g_h);
if(ret != LT_OK) {
WOLFSSL_MSG_EX("TROPIC01: lt_deinit failed with a code %d", ret);
return WC_HW_E;
}
g_ctx.initialized = 0;
WOLFSSL_MSG("TROPIC01: Crypto device deinitialized successfully");
}
return 0; return 0;
} }

2
wolfcrypt/src/wc_port.c
View File

@@ -299,7 +299,7 @@ int wolfCrypt_Init(void)
stsafe_interface_init(); stsafe_interface_init();
#endif #endif
#if defined(WOLFSSL_TROPIC01) #if defined(WOLFSSL_TROPIC01)
ret = Tropic01_Init(NULL); ret = Tropic01_Init();
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG("Tropic01 init failed"); WOLFSSL_MSG("Tropic01 init failed");
return ret; return ret;

11
wolfssl/wolfcrypt/port/tropicsquare/tropic01.h
View File

@@ -39,18 +39,18 @@
#define LT_USE_TREZOR_CRYPTO 1 #define LT_USE_TREZOR_CRYPTO 1
#define LT_HELPERS #define LT_HELPERS
#include "libtropic.h" #include <libtropic.h>
#include "libtropic_common.h" #include <libtropic_common.h>
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
/* Device ID that's unique and valid (not INVALID_DEVID -2) */ /* Device ID that's unique and valid (not INVALID_DEVID -2) */
#define WOLF_TROPIC01_DEVID 0x75757; /* TROPIC01 ID*/ #define WOLF_TROPIC01_DEVID 0x75757 /* TROPIC01 ID*/
#define TROPIC01_AES_MAX_KEY_SIZE 32 #define TROPIC01_AES_MAX_KEY_SIZE 32
#define TROPIC01_AES_KEY_SLOT_DEFAULT 8 #define TROPIC01_AES_KEY_SLOT_DEFAULT 1
#define PAIRING_KEY_SLOT_INDEX_0 0 #define PAIRING_KEY_SLOT_INDEX_0 0
@@ -69,7 +69,8 @@ typedef struct {
} Tropic01CryptoDevCtx; } Tropic01CryptoDevCtx;
int Tropic01_Init(Tropic01CryptoDevCtx* ctx); int Tropic01_Init(void);
int Tropic01_Deinit(void);
int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx); int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx);
//static int Tropic01_GetRandom(byte* out, word32 sz, Tropic01CryptoDevCtx* ctx); //static int Tropic01_GetRandom(byte* out, word32 sz, Tropic01CryptoDevCtx* ctx);