wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 03:07:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for NXP SE050 testing with hardware.

Browse Source
This commit is contained in:
David Garske
2021-11-03 12:08:30 -07:00
parent e9fbd94150
commit b84edb5c67
4 changed files with 275 additions and 181 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
wolfcrypt/src/ecc.c
View File

@ -4720,7 +4720,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
err = NOT_COMPILED_IN;
}
#elif defined(WOLFSSL_SE050)
err = se050_ecc_create_key(key, curve_id, keysize);
err = se050_ecc_create_key(key, key->dp->id, key->dp->size);
key->type = ECC_PRIVATEKEY;
#elif defined(WOLFSSL_CRYPTOCELL)
@ -5239,10 +5239,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
(void)rng;
#elif defined(WOLFSSL_SE050)
err = se050_ecc_sign_hash_ex(in, inlen, out, outlen, key);
if (err == 0)
err = DecodeECC_DSA_Sig(out, *outlen, r, s);
return err;
(void)rng;
#endif
/* Load R and S */
@ -7032,11 +7029,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
#elif defined(WOLFSSL_KCAPI_ECC)
byte sigRS[MAX_ECC_BYTES*2];
#elif defined(WOLFSSL_SE050)
#ifdef WOLFSSL_SMALL_STACK
byte* sigRS = NULL;
#else
byte sigRS[ECC_MAX_CRYPTO_HW_SIZE * 2];
#endif
byte sigRS[ECC_MAX_CRYPTO_HW_SIZE * 2];
#elif !defined(WOLFSSL_SP_MATH) || defined(FREESCALE_LTC_ECC)
int did_init = 0;
ecc_point *mG = NULL, *mQ = NULL;
@ -7098,7 +7091,9 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
}
#endif
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \
defined(WOLFSSL_KCAPI_ECC) || defined(WOLFSSL_SE050)
/* Extract R and S */
err = mp_to_unsigned_bin(r, &sigRS[0]);
if (err != MP_OKAY) {
@ -7109,6 +7104,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
return err;
}
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
err = atmel_ecc_verify(hash, sigRS, key->pubkey_raw, res);
if (err != 0) {
return err;
@ -7116,17 +7112,6 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
(void)hashlen;
#elif defined(WOLFSSL_CRYPTOCELL)
/* Extract R and S */
err = mp_to_unsigned_bin(r, &sigRS[0]);
if (err != MP_OKAY) {
return err;
}
err = mp_to_unsigned_bin(s, &sigRS[keySz]);
if (err != MP_OKAY) {
return err;
}
/* truncate if hash is longer than key size */
if (msgLenInBytes > keySz) {
msgLenInBytes = keySz;
@ -7153,69 +7138,18 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
/* valid signature if we get to this point */
*res = 1;
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
/* Extract R and S */
err = mp_to_unsigned_bin(r, &sigRS[0]);
if (err != MP_OKAY) {
return err;
}
err = mp_to_unsigned_bin(s, &sigRS[keySz]);
if (err != MP_OKAY) {
return err;
}
err = silabs_ecc_verify_hash(&sigRS[0], keySz*2,
err = silabs_ecc_verify_hash(&sigRS[0], keySz * 2,
hash, hashlen,
res, key);
#elif defined(WOLFSSL_KCAPI_ECC)
/* Extract R and S */
err = mp_to_unsigned_bin(r, &sigRS[0]);
if (err != MP_OKAY) {
return err;
err = KcapiEcc_Verify(key, hash, hashlen, sigRS, keySz * 2);
if (err == 0) {
*res = 1;
}
err = mp_to_unsigned_bin(s, &sigRS[key->dp->size]);
if (err != MP_OKAY) {
return err;
}
err = KcapiEcc_Verify(key, hash, hashlen, sigRS, key->dp->size * 2);
#elif defined(WOLFSSL_SE050)
{
/* Used when following a hardware sign operation */
int rLeadingZero = mp_leading_bit(r);
int sLeadingZero = mp_leading_bit(s);
int rLen = mp_unsigned_bin_size(r);
int sLen = mp_unsigned_bin_size(s);
word32 signatureLen = rLeadingZero + sLeadingZero +
rLen + sLen + SIG_HEADER_SZ; /* see StoreECC_DSA_Sig */
err = se050_ecc_verify_hash_ex(hash, hashlen, sigRS, keySz * 2, key, res);
#endif
#ifdef WOLFSSL_SMALL_STACK
sigRS = (byte*)XMALLOC(signatureLen, NULL, DYNAMIC_TYPE_SIGNATURE);
if (sigRS == NULL) {
err = MEMORY_E;
}
#else
if (signatureLen > sizeof(sigRS)) {
err = BUFFER_E;
}
#endif
if (err == 0) {
err = StoreECC_DSA_Sig(sigRS, &signatureLen, r, s);
}
if (err == 0) {
err = se050_ecc_verify_hash_ex(hash, hashlen, sigRS,
signatureLen, key, res);
}
#ifdef WOLFSSL_SMALL_STACK
if (sigRS != NULL) {
XFREE(sigRS, NULL, DYNAMIC_TYPE_SIGNATURE);
sigRS = NULL;
}
#endif
if (err != 0)
return err;
}
#else
/* checking if private key with no public part */
if (key->type == ECC_PRIVATEKEY_ONLY) {
@ -8989,7 +8923,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen,
}
}
else
#endif
#endif
{
err = wc_export_int(&key->k, d, dLen, keySz, encType);
if (err != MP_OKAY)

293
wolfcrypt/src/port/nxp/se050_port.c
View File

@ -58,16 +58,21 @@
#endif
struct ecc_key;
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/asn_public.h>
#include <wolfssl/wolfcrypt/asn.h>
#ifndef SE050_ECC_DER_MAX
#define SE050_ECC_DER_MAX 256
#endif
/* enable for debugging */
/* #define SE050_DEBUG*/
/* enable to factory erase chip */
/* #define WOLFSSL_SE050_FACTORY_RESET */
/* Global variables */
static sss_session_t *cfg_se050_i2c_pi;
static sss_key_store_t *hostKeyStore;
static sss_key_store_t *keyStore;
static sss_key_store_t *gHostKeyStore;
static sss_key_store_t *gHeyStore;
int wc_se050_set_config(sss_session_t *pSession, sss_key_store_t *pHostKeyStore,
sss_key_store_t *pKeyStore)
@ -75,8 +80,8 @@ int wc_se050_set_config(sss_session_t *pSession, sss_key_store_t *pHostKeyStore,
WOLFSSL_MSG("Setting SE050 session configuration");
cfg_se050_i2c_pi = pSession;
hostKeyStore = pHostKeyStore;
keyStore = pKeyStore;
gHostKeyStore = pHostKeyStore;
gHeyStore = pKeyStore;
return 0;
}
@ -101,6 +106,10 @@ int wc_se050_init(const char* portName)
NULL,
#endif
&pCtx.ks);
#ifdef WOLFSSL_SE050_FACTORY_RESET
ex_sss_boot_factory_reset(&pCtx);
#endif
}
else {
ret = WC_HW_E;
@ -111,7 +120,7 @@ int wc_se050_init(const char* portName)
int se050_allocate_key(int keyType)
{
int keyId = 0;
int keyId = -1;
static int keyId_allocator = 100;
switch (keyType) {
case SE050_AES_KEY:
@ -121,6 +130,9 @@ int se050_allocate_key(int keyType)
keyId = keyId_allocator++;
break;
}
#ifdef SE050_DEBUG
printf("se050_allocate_key: keyId %d\n", keyId);
#endif
return keyId;
}
@ -131,6 +143,10 @@ int se050_get_random_number(uint32_t count, uint8_t* rand_out)
sss_status_t status;
sss_rng_context_t rng;
#ifdef SE050_DEBUG
printf("se050_get_random_number: %p (%d)\n", rand_out, count);
#endif
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
@ -292,6 +308,7 @@ int se050_aes_set_key(Aes* aes, const byte* key, word32 keylen,
}
else {
if (keyCreated) {
sss_key_store_erase_key(&host_keystore, &newKey);
sss_key_object_free(&newKey);
}
ret = WC_HW_E;
@ -398,8 +415,9 @@ void se050_aes_free(Aes* aes)
}
if (status == kStatus_SSS_Success) {
status = sss_key_object_get_handle(&keyObject, aes->keyId);
aes->keyId = 0;
aes->keyId = -1;
}
sss_key_store_erase_key(&host_keystore, &keyObject);
sss_key_object_free(&keyObject);
wolfSSL_CryptHwMutexUnLock();
@ -454,6 +472,11 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
int keySize;
int keySizeBits;
#ifdef SE050_DEBUG
printf("se050_ecc_sign_hash_ex: key %p, in %p (%d), out %p (%d), keyId %d\n",
key, in, inLen, out, *outLen, key->keyId);
#endif
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
@ -461,19 +484,15 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
return BAD_FUNC_ARG;
}
if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E;
}
/* truncate if digest is larger than 64 */
if (inLen > 64)
inLen = 64;
keySize = key->dp->size;
keySizeBits = keySize * 8;
if (keySizeBits > SSS_MAX_ECC_BITS)
keySizeBits = SSS_MAX_ECC_BITS;
/* truncate if digest is larger than key size */
if (inLen > (word32)keySize)
inLen = (word32)keySize;
if (inLen == 20)
algorithm = kAlgorithm_SSS_SHA1;
else if (inLen == 28)
@ -484,6 +503,17 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
algorithm = kAlgorithm_SSS_SHA384;
else if (inLen == 64)
algorithm = kAlgorithm_SSS_SHA512;
else {
/* not supported curve key size */
return ECC_CURVE_OID_E;
}
if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E;
}
/* mark that key was used for signing */
key->flags |= WC_ECC_FLAG_DEC_SIGN;
status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
if (status == kStatus_SSS_Success) {
@ -499,25 +529,45 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi,
&newKey, algorithm, kMode_SSS_Sign);
if (status == kStatus_SSS_Success) {
size_t outLenSz = (size_t)*outLen;
status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t *)in,
inLen, out, &outLenSz);
*outLen = (word32)outLenSz;
byte sigBuf[ECC_MAX_SIG_SIZE];
size_t sigSz = sizeof(sigBuf);
status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t*)in,
inLen, sigBuf, &sigSz);
if (status == kStatus_SSS_Success) {
/* SE050 returns ASN.1 encoded signature */
word32 rLen = keySize, sLen = keySize;
ret = DecodeECC_DSA_Sig_Bin(sigBuf, (word32)sigSz,
out, &rLen,
out+keySize, &sLen);
if (ret != 0) {
status = kStatus_SSS_Fail;
}
}
}
sss_asymmetric_context_free(&ctx_asymm);
}
if (status != kStatus_SSS_Success) {
ret = WC_HW_E;
if (status == kStatus_SSS_Success) {
ret = 0;
}
else {
if (ret == 0)
ret = WC_HW_E;
}
wolfSSL_CryptHwMutexUnLock();
#ifdef SE050_DEBUG
printf("se050_ecc_sign_hash_ex: ret %d, outLen %d\n", ret, *outLen);
#endif
(void)outLen; /* caller sets outLen */
return ret;
}
int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* signature,
word32 signatureLen, struct ecc_key* key, int* res)
int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* sigRS,
word32 sigRSLen, struct ecc_key* key, int* res)
{
int ret = 0;
sss_status_t status;
@ -525,23 +575,33 @@ int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* signature,
sss_object_t newKey;
sss_key_store_t host_keystore;
sss_algorithm_t algorithm = kAlgorithm_None;
int keyId;
int keySize;
int keySizeBits;
sss_cipher_type_t curveType;
int keyCreated = 0;
#ifdef SE050_DEBUG
printf("se050_ecc_verify_hash_ex: key %p, hash %p (%d), sig %p (%d)\n",
key, hash, hashLen, sigRS, sigRSLen);
#endif
*res = 0;
(void)sigRSLen;
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E;
}
keySize = key->dp->size;
keySizeBits = keySize * 8;
if (keySizeBits > SSS_MAX_ECC_BITS)
keySizeBits = SSS_MAX_ECC_BITS;
curveType = se050_map_curve(key->dp->id);
if (hashLen > 64)
hashLen = 64;
/* truncate hash if larger than key size */
if (hashLen > (word32)keySize)
hashLen = (word32)keySize;
if (hashLen == 20)
algorithm = kAlgorithm_SSS_SHA1;
@ -553,12 +613,14 @@ int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* signature,
algorithm = kAlgorithm_SSS_SHA384;
else if (hashLen == 64)
algorithm = kAlgorithm_SSS_SHA512;
else {
/* not supported curve key size */
return ECC_CURVE_OID_E;
}
keySize = key->dp->size;
keySizeBits = keySize * 8;
if (keySizeBits > SSS_MAX_ECC_BITS)
keySizeBits = SSS_MAX_ECC_BITS;
curveType = se050_map_curve(key->dp->id);
if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E;
}
status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
if (status == kStatus_SSS_Success) {
@ -570,20 +632,22 @@ int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* signature,
/* this is run when a key was not generated and was instead passed in */
if (status == kStatus_SSS_Success) {
if (key->keyId == 0) {
keyId = key->keyId;
if (keyId <= 0) {
byte derBuf[SE050_ECC_DER_MAX];
word32 derSz;
ret = wc_EccPublicKeyToDer(key, derBuf, (word32)sizeof(derBuf), 1);
if (ret >= 0) {
derSz = ret;
ret = 0;
}
else {
status = kStatus_SSS_Fail;
}
if (status == kStatus_SSS_Success) {
key->keyId = se050_allocate_key(SE050_ECC_KEY);
status = sss_key_object_allocate_handle(&newKey, key->keyId,
keyId = se050_allocate_key(SE050_ECC_KEY);
status = sss_key_object_allocate_handle(&newKey, keyId,
kSSS_KeyPart_Public, curveType, keySize,
kKeyObject_Mode_Transient);
}
@ -594,7 +658,7 @@ int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* signature,
}
}
else {
status = sss_key_object_get_handle(&newKey, key->keyId);
status = sss_key_object_get_handle(&newKey, keyId);
}
}
@ -602,21 +666,33 @@ int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* signature,
status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi,
&newKey, algorithm, kMode_SSS_Verify);
if (status == kStatus_SSS_Success) {
status = sss_asymmetric_verify_digest(&ctx_asymm, (uint8_t *)hash,
hashLen, signature, signatureLen);
/* SE050 expects ASN.1 encoded signature */
byte sigBuf[ECC_MAX_SIG_SIZE];
word32 sigSz = (word32)sizeof(sigBuf);
ret = StoreECC_DSA_Sig_Bin(sigBuf, &sigSz,
sigRS, keySize,
sigRS+keySize, keySize);
if (ret == 0) {
status = sss_asymmetric_verify_digest(&ctx_asymm,
(uint8_t*)hash, hashLen, sigBuf, sigSz);
}
else {
status = kStatus_SSS_Fail;
}
}
sss_asymmetric_context_free(&ctx_asymm);
}
if (status == kStatus_SSS_Success) {
key->keyId = keyId;
*res = 1;
ret = 0;
}
else {
if (keyCreated) {
sss_key_store_erase_key(&host_keystore, &newKey);
sss_key_object_free(&newKey);
key->keyId = 0;
}
if (ret == 0)
ret = WC_HW_E;
@ -624,6 +700,11 @@ int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, byte* signature,
wolfSSL_CryptHwMutexUnLock();
#ifdef SE050_DEBUG
printf("se050_ecc_verify_hash_ex: key %p, ret %d, res %d\n",
key, ret, *res);
#endif
return ret;
}
@ -634,6 +715,10 @@ void se050_ecc_free_key(struct ecc_key* key)
sss_object_t keyObject;
sss_key_store_t host_keystore;
#ifdef SE050_DEBUG
printf("se050_ecc_free_key: key %p, keyId %d\n", key, key->keyId);
#endif
if (cfg_se050_i2c_pi == NULL) {
return;
}
@ -656,8 +741,12 @@ void se050_ecc_free_key(struct ecc_key* key)
status = sss_key_object_get_handle(&keyObject, key->keyId);
}
if (status == kStatus_SSS_Success) {
if ((key->flags & WC_ECC_FLAG_DEC_SIGN) == 0) {
/* key was not used for signing, so release it */
sss_key_store_erase_key(&host_keystore, &keyObject);
}
sss_key_object_free(&keyObject);
key->keyId = 0;
key->keyId = -1;
}
wolfSSL_CryptHwMutexUnLock();
}
@ -676,19 +765,29 @@ int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize)
sss_cipher_type_t curveType;
int keyCreated = 0;
#ifdef SE050_DEBUG
printf("se050_ecc_create_key: key %p, curve %d, keySize %d\n",
key, curve_id, keySize);
#endif
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E;
}
curveType = se050_map_curve(curve_id);
keySizeBits = keySize * 8;
if (keySizeBits > SSS_MAX_ECC_BITS)
keySizeBits = SSS_MAX_ECC_BITS;
if (keySize == 30) {
/* not supported curve key size */
return ECC_CURVE_OID_E;
}
if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E;
}
status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
if (status == kStatus_SSS_Success) {
status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_ECC);
@ -700,7 +799,7 @@ int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize)
keyId = se050_allocate_key(SE050_ECC_KEY);
status = sss_key_object_allocate_handle(&keyPair, keyId,
kSSS_KeyPart_Pair, curveType, keySizeBits,
kKeyObject_Mode_None);
kKeyObject_Mode_Transient);
}
if (status == kStatus_SSS_Success) {
keyCreated = 1;
@ -724,6 +823,7 @@ int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize)
}
else {
if (keyCreated) {
sss_key_store_erase_key(&host_keystore, &keyPair);
sss_key_object_free(&keyPair);
}
if (ret == 0)
@ -732,6 +832,11 @@ int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize)
wolfSSL_CryptHwMutexUnLock();
#ifdef SE050_DEBUG
printf("se050_ecc_create_key: key %p, ret %d, keyId %d\n",
key, ret, key->keyId);
#endif
return ret;
}
@ -753,6 +858,11 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
int keyCreated = 0;
int deriveKeyCreated = 0;
#ifdef SE050_DEBUG
printf("se050_ecc_shared_secret: priv %p, pub %p, out %p (%d)\n",
private_key, public_key, out, *outlen);
#endif
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
@ -760,32 +870,32 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
return BAD_FUNC_ARG;
}
if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E;
}
keySize = private_key->dp->size;
keySizeBits = keySize * 8;
if (keySizeBits > SSS_MAX_ECC_BITS)
keySizeBits = SSS_MAX_ECC_BITS;
curveType = se050_map_curve(private_key->dp->id);
if (wolfSSL_CryptHwMutexLock() != 0) {
return BAD_MUTEX_E;
}
status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
if (status == kStatus_SSS_Success) {
status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_ECC);
}
if (status == kStatus_SSS_Success) {
status = sss_key_object_init(&ref_public_key, &host_keystore);
}
if (status == kStatus_SSS_Success) {
status = sss_key_object_init(&ref_private_key, &host_keystore);
}
if (status == kStatus_SSS_Success) {
status = sss_key_object_get_handle(&ref_private_key, private_key->keyId);
}
if (status == kStatus_SSS_Success) {
if (public_key->keyId <= 0) {
status = sss_key_object_init(&ref_public_key, &host_keystore);
}
if (status == kStatus_SSS_Success) {
keyId = public_key->keyId;
if (keyId <= 0) {
byte derBuf[256];
word32 derSz;
@ -793,6 +903,7 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
(word32)sizeof(derBuf), 1);
if (ret >= 0) {
derSz = ret;
ret = 0;
}
else {
status = kStatus_SSS_Fail;
@ -810,12 +921,11 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
}
}
else {
status = sss_key_object_get_handle(&ref_public_key,
public_key->keyId);
status = sss_key_object_get_handle(&ref_public_key, keyId);
}
}
if (status == kStatus_SSS_Success) {
status = sss_key_object_init(&deriveKey, hostKeyStore);
status = sss_key_object_init(&deriveKey, &host_keystore);
}
if (status == kStatus_SSS_Success) {
int keyIdAes = se050_allocate_key(SE050_AES_KEY);
@ -823,7 +933,7 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
status = sss_key_object_allocate_handle(&deriveKey,
keyIdAes,
kSSS_KeyPart_Default,
kSSS_CipherType_AES,
kSSS_CipherType_Binary,
keySize,
kKeyObject_Mode_Transient);
}
@ -838,7 +948,7 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
if (status == kStatus_SSS_Success) {
size_t outlenSz = (size_t)*outlen;
/* derived key export */
status = sss_key_store_get_key(hostKeyStore, &deriveKey, out,
status = sss_key_store_get_key(&host_keystore, &deriveKey, out,
&outlenSz, &keySizeBits);
*outlen = (word32)outlenSz;
}
@ -846,16 +956,18 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
sss_derive_key_context_free(&ctx_derive_key);
}
if (deriveKeyCreated) {
sss_key_store_erase_key(&host_keystore, &deriveKey);
sss_key_object_free(&deriveKey);
}
if (status == kStatus_SSS_Success) {
public_key->keyId = keyId;
ret = 0;
}
else {
if (keyCreated) {
sss_key_store_erase_key(&host_keystore, &public_key);
sss_key_object_free(&public_key);
public_key->keyId = 0;
}
if (ret == 0)
ret = WC_HW_E;
@ -863,6 +975,10 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
wolfSSL_CryptHwMutexUnLock();
#ifdef SE050_DEBUG
printf("se050_ecc_shared_secret: ret %d, outlen %d\n", ret, *outlen);
#endif
return ret;
}
#endif /* HAVE_ECC */
@ -879,6 +995,10 @@ int se050_ed25519_create_key(ed25519_key* key)
int keySize = ED25519_KEY_SIZE;
int keyCreated = 0;
#ifdef SE050_DEBUG
printf("se050_ed25519_create_key: %p\n", key);
#endif
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
@ -912,6 +1032,7 @@ int se050_ed25519_create_key(ed25519_key* key)
}
else {
if (keyCreated) {
sss_key_store_erase_key(&host_keystore, &newKey);
sss_key_object_free(&newKey);
}
ret = WC_HW_E;
@ -919,6 +1040,10 @@ int se050_ed25519_create_key(ed25519_key* key)
wolfSSL_CryptHwMutexUnLock();
#ifdef SE050_DEBUG
printf("se050_ed25519_create_key: ret %d, keyId %d\n", ret, key->keyId);
#endif
return ret;
}
@ -928,6 +1053,10 @@ void se050_ed25519_free_key(ed25519_key* key)
sss_object_t newKey;
sss_key_store_t host_keystore;
#ifdef SE050_DEBUG
printf("se050_ed25519_free_key: %p, id %d\n", key, key->keyId);
#endif
if (cfg_se050_i2c_pi == NULL) {
return;
}
@ -952,7 +1081,7 @@ void se050_ed25519_free_key(ed25519_key* key)
}
if (status == kStatus_SSS_Success) {
sss_key_object_free(&newKey);
key->keyId = 0;
key->keyId = -1;
}
wolfSSL_CryptHwMutexUnLock();
}
@ -966,8 +1095,10 @@ int se050_ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
sss_key_store_t host_keystore;
sss_object_t newKey;
inLen = 64;
*outLen = 64;
#ifdef SE050_DEBUG
printf("se050_ed25519_sign_msg: key %p, in %p (%d), out %p (%d), keyId %d\n",
key, in, inLen, out, *outLen, key->keyId);
#endif
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
@ -1009,6 +1140,10 @@ int se050_ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
wolfSSL_CryptHwMutexUnLock();
#ifdef SE050_DEBUG
printf("se050_ed25519_sign_msg: ret %d, outLen %d\n", ret, *outLen);
#endif
return ret;
}
@ -1025,6 +1160,11 @@ int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen,
int keySize = ED25519_KEY_SIZE;
int keyCreated = 0;
#ifdef SE050_DEBUG
printf("se050_ed25519_verify_msg: key %p, sig %p (%d), msg %p (%d)\n",
key, signature, signatureLen, msg, msgLen);
#endif
if (cfg_se050_i2c_pi == NULL) {
return WC_HW_E;
}
@ -1041,7 +1181,8 @@ int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen,
status = sss_key_object_init(&newKey, &host_keystore);
}
if (status == kStatus_SSS_Success) {
if (key->keyId == 0) {
keyId = key->keyId;
if (keyId <= 0) {
byte derBuf[48];
word32 derSz = 0, idx = 0;
@ -1049,6 +1190,7 @@ int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen,
(word32)sizeof(derBuf));
if (ret >= 0) {
derSz = ret;
ret = 0;
}
else {
status = kStatus_SSS_Fail;
@ -1066,23 +1208,21 @@ int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen,
}
}
else {
status = sss_key_object_get_handle(&newKey, key->keyId);
status = sss_key_object_get_handle(&newKey, keyId);
}
}
if (status == kStatus_SSS_Success) {
status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi,
&newKey, kAlgorithm_SSS_SHA512, kMode_SSS_Verify);
if (status == kStatus_SSS_Success) {
status = sss_se05x_asymmetric_verify(
(sss_se05x_asymmetric_t*)&ctx_asymm, (uint8_t*)msg, msgLen,
(uint8_t*)signature, (size_t)signatureLen);
}
sss_asymmetric_context_free(&ctx_asymm);
}
if (status == kStatus_SSS_Success) {
status = sss_se05x_asymmetric_verify(
(sss_se05x_asymmetric_t*)&ctx_asymm, (uint8_t*)msg, msgLen,
(uint8_t*)signature, (size_t)signatureLen);
}
sss_asymmetric_context_free(&ctx_asymm);
if (status == kStatus_SSS_Success) {
key->keyId = keyId;
*res = 1;
@ -1090,6 +1230,7 @@ int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen,
}
else {
if (keyCreated) {
sss_key_store_erase_key(&host_keystore, &newKey);
sss_key_object_free(&newKey);
}
if (ret == 0)
@ -1098,6 +1239,10 @@ int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen,
wolfSSL_CryptHwMutexUnLock();
#ifdef SE050_DEBUG
printf("se050_ed25519_verify_msg: ret %d, res %d\n", ret, *res);
#endif
return ret;
}

67
wolfcrypt/test/test.c
View File

@ -22002,6 +22002,8 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret == ECC_CURVE_OID_E)
goto done; /* catch case, where curve is not supported */
if (ret != 0)
ERROR_OUT(-9910, done);
TEST_SLEEP();
@ -22945,7 +22947,7 @@ static int ecc_def_curve_test(WC_RNG *rng)
#else
ecc_key key[1];
#endif
#ifdef WC_NO_RNG
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
word32 idx = 0;
#endif
@ -22970,46 +22972,59 @@ static int ecc_def_curve_test(WC_RNG *rng)
#ifndef WC_NO_RNG
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
#if defined(WOLFSSL_ASYNC_CRYPT)
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#else
/* use test ECC key */
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
(word32)sizeof_ecc_key_der_256);
(void)rng;
#endif
#endif
if (ret != 0) {
ret = -10092;
goto done;
}
TEST_SLEEP();
#ifndef NO_SIG_WRAPPER
#ifndef NO_SIG_WRAPPER
ret = ecc_sig_test(rng, key);
if (ret < 0)
goto done;
#endif
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_QNX_CAAM)
#endif
TEST_SLEEP();
#ifdef HAVE_ECC_DHE
ret = ecc_ssh_test(key, rng);
if (ret < 0)
goto done;
#endif
#else
(void)rng;
#endif /* !WC_NO_RNG */
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
/* Use test ECC key - ensure real private "d" exists */
#ifdef USE_CERT_BUFFERS_256
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
sizeof_ecc_key_der_256);
#else
{
XFILE file = XFOPEN("./certs/ecc-key.der", "rb");
byte der[128];
word32 derSz;
if (!file) {
ERROR_OUT(-10093, done);
}
derSz = (word32)XFREAD(der, 1, sizeof(der), file);
XFCLOSE(file);
ret = wc_EccPrivateKeyDecode(der, &idx, key, derSz);
}
#endif
if (ret != 0) {
goto done;
}
ret = ecc_exp_imp_test(key);
if (ret < 0)
goto done;
#endif
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_QNX_CAAM)
#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)
ret = ecc_mulmod_test(key);
if (ret < 0)
goto done;
#endif
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
ret = ecc_ssh_test(key, rng);
if (ret < 0)
goto done;
#endif
#endif /* WOLFSSL_ATECC508A */
done:
#ifdef WOLFSSL_SMALL_STACK

2
wolfssl/wolfcrypt/port/nxp/se050_port.h
View File

@ -128,7 +128,7 @@ WOLFSSL_LOCAL int se050_ecc_sign_hash_ex(const byte* in, word32 inLen,
byte* out, word32 *outLen, struct ecc_key* key);
WOLFSSL_LOCAL int se050_ecc_verify_hash_ex(const byte* hash, word32 hashlen,
byte* signature, word32 signatureLen, struct ecc_key* key, int* res);
byte* sigRS, word32 sigRSLen, struct ecc_key* key, int* res);
WOLFSSL_LOCAL int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize);
WOLFSSL_LOCAL int se050_ecc_shared_secret(struct ecc_key* private_key,