From ea34fb1643de63c24b48878c35442c9c4d96e4ba Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Wed, 20 Jul 2022 10:41:54 +0100 Subject: [PATCH 1/3] Add ECC private key insertion for SE050 This adds a utility function which allows an ECC private key to be inserted into the SE050's permanent storage. --- wolfcrypt/src/port/nxp/se050_port.c | 66 +++++++++++++++++++++++++ wolfssl/wolfcrypt/port/nxp/se050_port.h | 2 + 2 files changed, 68 insertions(+) diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c index bae46f112..110546445 100644 --- a/wolfcrypt/src/port/nxp/se050_port.c +++ b/wolfcrypt/src/port/nxp/se050_port.c @@ -501,6 +501,72 @@ static sss_algorithm_t se050_map_hash_alg(int hashLen) return algorithm; } +int se050_ecc_insert_private_key(int keyId, const byte* eccDer, + word32 eccDerSize) +{ + int ret; + struct ecc_key key; + sss_object_t newKey; + sss_key_store_t host_keystore; + sss_status_t status = kStatus_SSS_Success; + int keySizeBits; + int keySize; + word32 idx = 0; + sss_cipher_type_t curveType; + + if (wolfSSL_CryptHwMutexLock() != 0) { + return BAD_MUTEX_E; + } + + /* Avoid key ID conflicts with temporary key storage */ + if (keyId >= 100) { + return BAD_FUNC_ARG; + } + + ret = wc_ecc_init(&key); + if (ret != 0) { + status = kStatus_SSS_Fail; + } else { + ret = wc_EccPrivateKeyDecode(eccDer, &idx, &key, eccDerSize); + if (ret != 0) { + status = kStatus_SSS_Fail; + } + } + + if (status == kStatus_SSS_Success) { + keySize = key.dp->size; + ret = se050_map_curve(key.dp->id, keySize, &keySizeBits, &curveType); + if (ret != 0) { + status = kStatus_SSS_Fail; + } + } + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&newKey, &host_keystore); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_allocate_handle(&newKey, keyId, + kSSS_KeyPart_Pair, curveType, MAX_ECC_BYTES, + kKeyObject_Mode_Persistent); + } + if (status == kStatus_SSS_Success) { + status = sss_key_store_set_key(&host_keystore, &newKey, ecc_key_der_256, + sizeof_ecc_key_der_256, keySizeBits, + NULL, 0); + } + wolfSSL_CryptHwMutexUnLock(); + + if (status == kStatus_SSS_Success) { + ret = 0; + } + else { + if (ret == 0) + ret = WC_HW_E; + } + + return ret; +} + int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out, word32 *outLen, struct ecc_key* key) { diff --git a/wolfssl/wolfcrypt/port/nxp/se050_port.h b/wolfssl/wolfcrypt/port/nxp/se050_port.h index bd59ba12f..fb1a95e10 100644 --- a/wolfssl/wolfcrypt/port/nxp/se050_port.h +++ b/wolfssl/wolfcrypt/port/nxp/se050_port.h @@ -138,6 +138,8 @@ WOLFSSL_LOCAL int se050_ecc_create_key(struct ecc_key* key, int curve_id, int ke WOLFSSL_LOCAL int se050_ecc_shared_secret(struct ecc_key* private_key, struct ecc_key* public_key, byte* out, word32* outlen); WOLFSSL_LOCAL void se050_ecc_free_key(struct ecc_key* key); +WOLFSSL_LOCAL int se050_ecc_insert_private_key(int keyId, const byte* eccDer, + word32 eccDerSize); struct ed25519_key; WOLFSSL_LOCAL int se050_ed25519_create_key(struct ed25519_key* key); From d7b4abfa0b14a24eb306455d93117cb890bbcd2b Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Wed, 20 Jul 2022 16:25:39 +0100 Subject: [PATCH 2/3] Fixups to the SE050 ECC pkey insert function --- wolfcrypt/src/port/nxp/se050_port.c | 16 +++++++++------- wolfssl/wolfcrypt/port/nxp/se050_port.h | 5 +++-- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c index 110546445..633295e8a 100644 --- a/wolfcrypt/src/port/nxp/se050_port.c +++ b/wolfcrypt/src/port/nxp/se050_port.c @@ -65,6 +65,10 @@ struct ecc_key; #define SE050_ECC_DER_MAX 256 #endif +#ifndef SE050_KEYID_START +#define SE050_KEYID_START 100 +#endif + /* enable for debugging */ /* #define SE050_DEBUG*/ /* enable to factory erase chip */ @@ -122,7 +126,7 @@ int wc_se050_init(const char* portName) int se050_allocate_key(int keyType) { int keyId = -1; - static int keyId_allocator = 100; + static int keyId_allocator = SE050_KEYID_START; switch (keyType) { case SE050_AES_KEY: case SE050_ECC_KEY: @@ -504,7 +508,7 @@ static sss_algorithm_t se050_map_hash_alg(int hashLen) int se050_ecc_insert_private_key(int keyId, const byte* eccDer, word32 eccDerSize) { - int ret; + int ret = 0; struct ecc_key key; sss_object_t newKey; sss_key_store_t host_keystore; @@ -519,7 +523,7 @@ int se050_ecc_insert_private_key(int keyId, const byte* eccDer, } /* Avoid key ID conflicts with temporary key storage */ - if (keyId >= 100) { + if (keyId >= SE050_KEYID_START) { return BAD_FUNC_ARG; } @@ -556,10 +560,8 @@ int se050_ecc_insert_private_key(int keyId, const byte* eccDer, } wolfSSL_CryptHwMutexUnLock(); - if (status == kStatus_SSS_Success) { - ret = 0; - } - else { + wc_ecc_free(&key); + if (status != kStatus_SSS_Success) { if (ret == 0) ret = WC_HW_E; } diff --git a/wolfssl/wolfcrypt/port/nxp/se050_port.h b/wolfssl/wolfcrypt/port/nxp/se050_port.h index fb1a95e10..97c571714 100644 --- a/wolfssl/wolfcrypt/port/nxp/se050_port.h +++ b/wolfssl/wolfcrypt/port/nxp/se050_port.h @@ -95,6 +95,8 @@ WOLFSSL_API int wc_se050_set_config(sss_session_t *pSession, #ifdef WOLFSSL_SE050_INIT WOLFSSL_API int wc_se050_init(const char* portName); #endif +WOLFSSL_API int se050_ecc_insert_private_key(int keyId, const byte* eccDer, + word32 eccDerSize); /* Private Functions */ WOLFSSL_LOCAL int se050_allocate_key(int keyType); @@ -138,8 +140,7 @@ WOLFSSL_LOCAL int se050_ecc_create_key(struct ecc_key* key, int curve_id, int ke WOLFSSL_LOCAL int se050_ecc_shared_secret(struct ecc_key* private_key, struct ecc_key* public_key, byte* out, word32* outlen); WOLFSSL_LOCAL void se050_ecc_free_key(struct ecc_key* key); -WOLFSSL_LOCAL int se050_ecc_insert_private_key(int keyId, const byte* eccDer, - word32 eccDerSize); + struct ed25519_key; WOLFSSL_LOCAL int se050_ed25519_create_key(struct ed25519_key* key); From 07d29407575f98efa0e5e0b54e14fd1f775a2318 Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Wed, 20 Jul 2022 16:42:09 +0100 Subject: [PATCH 3/3] Fix issue caused by undo in IDE --- wolfcrypt/src/port/nxp/se050_port.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c index 633295e8a..ae08ca437 100644 --- a/wolfcrypt/src/port/nxp/se050_port.c +++ b/wolfcrypt/src/port/nxp/se050_port.c @@ -554,8 +554,8 @@ int se050_ecc_insert_private_key(int keyId, const byte* eccDer, kKeyObject_Mode_Persistent); } if (status == kStatus_SSS_Success) { - status = sss_key_store_set_key(&host_keystore, &newKey, ecc_key_der_256, - sizeof_ecc_key_der_256, keySizeBits, + status = sss_key_store_set_key(&host_keystore, &newKey, eccDer, + eccDerSize, keySizeBits, NULL, 0); } wolfSSL_CryptHwMutexUnLock();