wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4523 from dgarske/nxp_se050_fixes

Browse Source 
Fixes for NXP SE050 ECC create and key store id
This commit is contained in:
Sean Parkinson
2021-11-09 08:56:03 +10:00
committed by GitHub
parent 5a4577eb6c 3941eea626
commit dd833807d8
12 changed files with 726 additions and 525 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
configure.ac
View File

@@ -1451,6 +1451,9 @@ AC_ARG_WITH([se050],
# Requires AES direct # Requires AES direct
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
# Does not support SHA2-512 224/256
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
AC_MSG_RESULT([yes]) AC_MSG_RESULT([yes])
else else
AC_MSG_RESULT([yes]) AC_MSG_RESULT([yes])

10
wolfcrypt/src/aes.c
View File

@@ -68,7 +68,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#ifdef WOLFSSL_IMXRT_DCP #ifdef WOLFSSL_IMXRT_DCP
#include <wolfssl/wolfcrypt/port/nxp/dcp_port.h> #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h>
#endif #endif
#ifdef WOLFSSL_SE050 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h> #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
#endif #endif
@@ -867,7 +867,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#elif defined(WOLFSSL_DEVCRYPTO_AES) #elif defined(WOLFSSL_DEVCRYPTO_AES)
/* implemented in wolfcrypt/src/port/devcrypto/devcrypto_aes.c */ /* implemented in wolfcrypt/src/port/devcrypto/devcrypto_aes.c */
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
static int AES_ECB_encrypt(Aes* aes, const byte* inBlock, byte* outBlock, static int AES_ECB_encrypt(Aes* aes, const byte* inBlock, byte* outBlock,
int sz) int sz)
{ {
@@ -2598,7 +2598,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
return wc_AesSetKey(aes, userKey, keylen, iv, dir); return wc_AesSetKey(aes, userKey, keylen, iv, dir);
} }
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
int dir) int dir)
{ {
@@ -3876,7 +3876,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
#elif defined(WOLFSSL_DEVCRYPTO_CBC) #elif defined(WOLFSSL_DEVCRYPTO_CBC)
/* implemented in wolfcrypt/src/port/devcrypt/devcrypto_aes.c */ /* implemented in wolfcrypt/src/port/devcrypt/devcrypto_aes.c */
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{ {
return se050_aes_crypt(aes, in, out, sz, AES_ENCRYPTION, return se050_aes_crypt(aes, in, out, sz, AES_ENCRYPTION,
@@ -10363,7 +10363,7 @@ void wc_AesFree(Aes* aes)
} }
#endif #endif
#if defined(WOLFSSL_SE050) #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
se050_aes_free(aes); se050_aes_free(aes);
#endif #endif

114
wolfcrypt/src/ecc.c
View File

@@ -1218,7 +1218,7 @@ static int wc_ecc_export_x963_compressed(ecc_key*, byte* out, word32* outLen);
#if (defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH)) && \ #if (defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH)) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
mp_int* prime, mp_int* order); mp_int* prime, mp_int* order);
#endif #endif
@@ -4720,7 +4720,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
err = NOT_COMPILED_IN; err = NOT_COMPILED_IN;
} }
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050)
err = se050_ecc_create_key(key, curve_id, keysize); err = se050_ecc_create_key(key, key->dp->id, key->dp->size);
key->type = ECC_PRIVATEKEY; key->type = ECC_PRIVATEKEY;
#elif defined(WOLFSSL_CRYPTOCELL) #elif defined(WOLFSSL_CRYPTOCELL)
@@ -5239,10 +5239,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
(void)rng; (void)rng;
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050)
err = se050_ecc_sign_hash_ex(in, inlen, out, outlen, key); err = se050_ecc_sign_hash_ex(in, inlen, out, outlen, key);
if (err == 0) (void)rng;
err = DecodeECC_DSA_Sig(out, *outlen, r, s);
return err;
#endif #endif
/* Load R and S */ /* Load R and S */
@@ -7032,11 +7029,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
#elif defined(WOLFSSL_KCAPI_ECC) #elif defined(WOLFSSL_KCAPI_ECC)
byte sigRS[MAX_ECC_BYTES*2]; byte sigRS[MAX_ECC_BYTES*2];
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050)
#ifdef WOLFSSL_SMALL_STACK
byte* sigRS = NULL;
#else
byte sigRS[ECC_MAX_CRYPTO_HW_SIZE * 2]; byte sigRS[ECC_MAX_CRYPTO_HW_SIZE * 2];
#endif
#elif !defined(WOLFSSL_SP_MATH) || defined(FREESCALE_LTC_ECC) #elif !defined(WOLFSSL_SP_MATH) || defined(FREESCALE_LTC_ECC)
int did_init = 0; int did_init = 0;
ecc_point *mG = NULL, *mQ = NULL; ecc_point *mG = NULL, *mQ = NULL;
@@ -7098,17 +7091,24 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
} }
#endif #endif
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
/* Extract R and S */ defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \
err = mp_to_unsigned_bin(r, &sigRS[0]); defined(WOLFSSL_KCAPI_ECC) || defined(WOLFSSL_SE050)
/* Extract R and S with front zero padding (if required) */
XMEMSET(sigRS, 0, keySz * 2);
err = mp_to_unsigned_bin(r, sigRS +
(keySz - mp_unsigned_bin_size(r)));
if (err != MP_OKAY) { if (err != MP_OKAY) {
return err; return err;
} }
err = mp_to_unsigned_bin(s, &sigRS[keySz]); err = mp_to_unsigned_bin(s, sigRS + keySz +
(keySz - mp_unsigned_bin_size(s)));
if (err != MP_OKAY) { if (err != MP_OKAY) {
return err; return err;
} }
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
err = atmel_ecc_verify(hash, sigRS, key->pubkey_raw, res); err = atmel_ecc_verify(hash, sigRS, key->pubkey_raw, res);
if (err != 0) { if (err != 0) {
return err; return err;
@@ -7116,17 +7116,6 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
(void)hashlen; (void)hashlen;
#elif defined(WOLFSSL_CRYPTOCELL) #elif defined(WOLFSSL_CRYPTOCELL)
/* Extract R and S */
err = mp_to_unsigned_bin(r, &sigRS[0]);
if (err != MP_OKAY) {
return err;
}
err = mp_to_unsigned_bin(s, &sigRS[keySz]);
if (err != MP_OKAY) {
return err;
}
/* truncate if hash is longer than key size */ /* truncate if hash is longer than key size */
if (msgLenInBytes > keySz) { if (msgLenInBytes > keySz) {
msgLenInBytes = keySz; msgLenInBytes = keySz;
@@ -7153,69 +7142,18 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
/* valid signature if we get to this point */ /* valid signature if we get to this point */
*res = 1; *res = 1;
#elif defined(WOLFSSL_SILABS_SE_ACCEL) #elif defined(WOLFSSL_SILABS_SE_ACCEL)
/* Extract R and S */
err = mp_to_unsigned_bin(r, &sigRS[0]);
if (err != MP_OKAY) {
return err;
}
err = mp_to_unsigned_bin(s, &sigRS[keySz]);
if (err != MP_OKAY) {
return err;
}
err = silabs_ecc_verify_hash(&sigRS[0], keySz * 2, err = silabs_ecc_verify_hash(&sigRS[0], keySz * 2,
hash, hashlen, hash, hashlen,
res, key); res, key);
#elif defined(WOLFSSL_KCAPI_ECC) #elif defined(WOLFSSL_KCAPI_ECC)
/* Extract R and S */ err = KcapiEcc_Verify(key, hash, hashlen, sigRS, keySz * 2);
err = mp_to_unsigned_bin(r, &sigRS[0]); if (err == 0) {
if (err != MP_OKAY) { *res = 1;
return err;
} }
err = mp_to_unsigned_bin(s, &sigRS[key->dp->size]);
if (err != MP_OKAY) {
return err;
}
err = KcapiEcc_Verify(key, hash, hashlen, sigRS, key->dp->size * 2);
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050)
{ err = se050_ecc_verify_hash_ex(hash, hashlen, sigRS, keySz * 2, key, res);
/* Used when following a hardware sign operation */ #endif
int rLeadingZero = mp_leading_bit(r);
int sLeadingZero = mp_leading_bit(s);
int rLen = mp_unsigned_bin_size(r);
int sLen = mp_unsigned_bin_size(s);
word32 signatureLen = rLeadingZero + sLeadingZero +
rLen + sLen + SIG_HEADER_SZ; /* see StoreECC_DSA_Sig */
#ifdef WOLFSSL_SMALL_STACK
sigRS = (byte*)XMALLOC(signatureLen, NULL, DYNAMIC_TYPE_SIGNATURE);
if (sigRS == NULL) {
err = MEMORY_E;
}
#else
if (signatureLen > sizeof(sigRS)) {
err = BUFFER_E;
}
#endif
if (err == 0) {
err = StoreECC_DSA_Sig(sigRS, &signatureLen, r, s);
}
if (err == 0) {
err = se050_ecc_verify_hash_ex(hash, hashlen, sigRS,
signatureLen, key, res);
}
#ifdef WOLFSSL_SMALL_STACK
if (sigRS != NULL) {
XFREE(sigRS, NULL, DYNAMIC_TYPE_SIGNATURE);
sigRS = NULL;
}
#endif
if (err != 0)
return err;
}
#else #else
/* checking if private key with no public part */ /* checking if private key with no public part */
if (key->type == ECC_PRIVATEKEY_ONLY) { if (key->type == ECC_PRIVATEKEY_ONLY) {
@@ -8052,7 +7990,7 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
/* is ecc point on curve described by dp ? */ /* is ecc point on curve described by dp ? */
int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime) int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
@@ -8516,7 +8454,8 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
int err = MP_OKAY; int err = MP_OKAY;
#ifndef WOLFSSL_SP_MATH #ifndef WOLFSSL_SP_MATH
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_SE050)
mp_int* b = NULL; mp_int* b = NULL;
#ifdef USE_ECC_B_PARAM #ifdef USE_ECC_B_PARAM
DECLARE_CURVE_SPECS(curve, 4); DECLARE_CURVE_SPECS(curve, 4);
@@ -8527,7 +8466,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
DECLARE_CURVE_SPECS(curve, 3); DECLARE_CURVE_SPECS(curve, 3);
#endif /* USE_ECC_B_PARAM */ #endif /* USE_ECC_B_PARAM */
#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A && #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A &&
!WOLFSSL_CRYPTOCELL && !WOLFSSL_SILABS_SE_ACCEL */ !WOLFSSL_CRYPTOCELL && !WOLFSSL_SILABS_SE_ACCEL && !WOLFSSL_SE050 */
#endif /* !WOLFSSL_SP_MATH */ #endif /* !WOLFSSL_SP_MATH */
ASSERT_SAVED_VECTOR_REGISTERS(); ASSERT_SAVED_VECTOR_REGISTERS();
@@ -8558,7 +8497,8 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
#ifndef WOLFSSL_SP_MATH #ifndef WOLFSSL_SP_MATH
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \
defined(WOLFSSL_SE050)
/* consider key check success on HW crypto /* consider key check success on HW crypto
* ex: ATECC508/608A, CryptoCell and Silabs */ * ex: ATECC508/608A, CryptoCell and Silabs */
@@ -8679,10 +8619,10 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
FREE_CURVE_SPECS(); FREE_CURVE_SPECS();
#endif /* WOLFSSL_ATECC508A */ #endif /* WOLFSSL_ATECC508A */
#else #else
err = WC_KEY_SIZE_E;
#endif /* !WOLFSSL_SP_MATH */
(void)partial; (void)partial;
(void)priv; (void)priv;
return WC_KEY_SIZE_E;
#endif /* !WOLFSSL_SP_MATH */
return err; return err;
} }

5
wolfcrypt/src/port/nxp/README.md
View File

@@ -42,7 +42,10 @@ make
`` ``
Where `PATH` is the directory location of `simw-top`. Where `PATH` is the directory location of `simw-top`.
Example: `./configure --enable-debug --disable-shared --with-se050=/home/pi/simw-top CFLAGS="-DWOLFSSL_SE050_INIT"` Example: `./configure --with-se050=/home/pi/simw-top CFLAGS="-DWOLFSSL_SE050_INIT"`
To enable AES Cipher support use `WOLFSSL_SE050_CRYPT`
To enable SHA-1 and SHA-2 support use `WOLFSSL_SE050_HASH`
## Building Examples ## Building Examples

816
wolfcrypt/src/port/nxp/se050_port.c
View File

File diff suppressed because it is too large Load Diff

4
wolfcrypt/src/sha.c
View File

@@ -336,7 +336,7 @@
#elif defined(WOLFSSL_SILABS_SE_ACCEL) #elif defined(WOLFSSL_SILABS_SE_ACCEL)
/* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */ /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h> #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
@@ -846,7 +846,7 @@ void wc_ShaFree(wc_Sha* sha)
#ifdef WOLFSSL_PIC32MZ_HASH #ifdef WOLFSSL_PIC32MZ_HASH
wc_ShaPic32Free(sha); wc_ShaPic32Free(sha);
#endif #endif
#ifdef WOLFSSL_SE050 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
se050_hash_free(&sha->se050Ctx); se050_hash_free(&sha->se050Ctx);
#endif #endif
#if (defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ #if (defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \

6
wolfcrypt/src/sha256.c
View File

@@ -184,7 +184,7 @@ where 0 <= L < 2^64.
(!defined(WOLFSSL_ESP32WROOM32_CRYPT) || defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)) && \ (!defined(WOLFSSL_ESP32WROOM32_CRYPT) || defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)) && \
(!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_HASH)) && \ (!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_HASH)) && \
!defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050) !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH)
static int InitSha256(wc_Sha256* sha256) static int InitSha256(wc_Sha256* sha256)
@@ -585,7 +585,7 @@ static int InitSha256(wc_Sha256* sha256)
!defined(WOLFSSL_QNX_CAAM) !defined(WOLFSSL_QNX_CAAM)
/* functions defined in wolfcrypt/src/port/caam/caam_sha256.c */ /* functions defined in wolfcrypt/src/port/caam/caam_sha256.c */
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h> #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
@@ -1411,7 +1411,7 @@ static int InitSha256(wc_Sha256* sha256)
return ret; return ret;
} }
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h> #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId) int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId)

20
wolfcrypt/src/sha512.c
View File

@@ -49,7 +49,7 @@
#include <wolfssl/wolfcrypt/cryptocb.h> #include <wolfssl/wolfcrypt/cryptocb.h>
#endif #endif
#ifdef WOLFSSL_SE050 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include <wolfssl/wolfcrypt/port/nxp/se050_port.h> #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
#endif #endif
@@ -203,7 +203,7 @@
#elif defined(WOLFSSL_KCAPI_HASH) #elif defined(WOLFSSL_KCAPI_HASH)
/* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
int wc_InitSha512(wc_Sha512* sha512) int wc_InitSha512(wc_Sha512* sha512)
{ {
if (sha512 == NULL) if (sha512 == NULL)
@@ -952,7 +952,7 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
#if defined(WOLFSSL_KCAPI_HASH) #if defined(WOLFSSL_KCAPI_HASH)
/* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#else #else
@@ -1063,7 +1063,7 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
#if defined(WOLFSSL_KCAPI_HASH) #if defined(WOLFSSL_KCAPI_HASH)
/* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#else #else
@@ -1135,7 +1135,7 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
#endif /* WOLFSSL_KCAPI_HASH */ #endif /* WOLFSSL_KCAPI_HASH */
#ifndef WOLFSSL_SE050 #if !defined(WOLFSSL_SE050) || !defined(WOLFSSL_SE050_HASH)
int wc_InitSha512(wc_Sha512* sha512) int wc_InitSha512(wc_Sha512* sha512)
{ {
return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID); return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID);
@@ -1217,7 +1217,7 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
} }
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
#endif /* !WOLFSSL_SE050 */ #endif /* !WOLFSSL_SE050 || !WOLFSSL_SE050_HASH */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
@@ -1228,7 +1228,7 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
#if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \ #if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \
!defined(WOLFSSL_QNX_CAAM) !defined(WOLFSSL_QNX_CAAM)
/* functions defined in wolfcrypt/src/port/caam/caam_sha.c */ /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
{ {
if (sha384 == NULL) { if (sha384 == NULL) {
@@ -1566,7 +1566,7 @@ int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
#if defined(WOLFSSL_KCAPI_HASH) #if defined(WOLFSSL_KCAPI_HASH)
/* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#else #else
int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash) int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash)
@@ -1585,7 +1585,7 @@ void wc_Sha512_224Free(wc_Sha512* sha)
} }
#if defined(WOLFSSL_KCAPI_HASH) #if defined(WOLFSSL_KCAPI_HASH)
/* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#else #else
@@ -1630,7 +1630,7 @@ int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
} }
#if defined(WOLFSSL_KCAPI_HASH) #if defined(WOLFSSL_KCAPI_HASH)
/* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#else #else
int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash) int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash)

72
wolfcrypt/test/test.c
View File

@@ -22000,6 +22000,8 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
#if defined(WOLFSSL_ASYNC_CRYPT) #if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE); ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
#endif #endif
if (ret == ECC_CURVE_OID_E)
goto done; /* catch case, where curve is not supported */
if (ret != 0) if (ret != 0)
ERROR_OUT(-9910, done); ERROR_OUT(-9910, done);
TEST_SLEEP(); TEST_SLEEP();
@@ -22688,9 +22690,7 @@ static int ecc_sig_test(WC_RNG* rng, ecc_key* key)
} }
#endif #endif
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_QNX_CAAM)
static int ecc_exp_imp_test(ecc_key* key) static int ecc_exp_imp_test(ecc_key* key)
{ {
@@ -22820,8 +22820,6 @@ done:
} }
#endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_QNX_CAAM)
#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)
static int ecc_mulmod_test(ecc_key* key1) static int ecc_mulmod_test(ecc_key* key1)
{ {
@@ -22933,7 +22931,6 @@ static int ecc_ssh_test(ecc_key* key, WC_RNG* rng)
return 0; return 0;
} }
#endif /* HAVE_ECC_DHE && !WC_NO_RNG */ #endif /* HAVE_ECC_DHE && !WC_NO_RNG */
#endif
static int ecc_def_curve_test(WC_RNG *rng) static int ecc_def_curve_test(WC_RNG *rng)
{ {
@@ -22943,7 +22940,7 @@ static int ecc_def_curve_test(WC_RNG *rng)
#else #else
ecc_key key[1]; ecc_key key[1];
#endif #endif
#ifdef WC_NO_RNG #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
word32 idx = 0; word32 idx = 0;
#endif #endif
@@ -22970,54 +22967,73 @@ static int ecc_def_curve_test(WC_RNG *rng)
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
#if defined(WOLFSSL_ASYNC_CRYPT) #if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#else
/* use test ECC key */
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
(word32)sizeof_ecc_key_der_256);
(void)rng;
#endif #endif
if (ret != 0) { if (ret != 0) {
ret = -10092;
goto done; goto done;
} }
TEST_SLEEP();
#ifndef NO_SIG_WRAPPER #ifndef NO_SIG_WRAPPER
ret = ecc_sig_test(rng, key); ret = ecc_sig_test(rng, key);
if (ret < 0) if (ret < 0)
goto done; goto done;
#endif #endif
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ TEST_SLEEP();
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_QNX_CAAM) #ifdef HAVE_ECC_DHE
ret = ecc_ssh_test(key, rng);
if (ret < 0)
goto done;
#endif
wc_ecc_free(key);
#else
(void)rng;
#endif /* !WC_NO_RNG */
#if (defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
(defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT))
/* Use test ECC key - ensure real private "d" exists */
#ifdef USE_CERT_BUFFERS_256
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
sizeof_ecc_key_der_256);
#else
{
XFILE file = XFOPEN("./certs/ecc-key.der", "rb");
byte der[128];
word32 derSz;
if (!file) {
ERROR_OUT(-10093, done);
}
derSz = (word32)XFREAD(der, 1, sizeof(der), file);
XFCLOSE(file);
ret = wc_EccPrivateKeyDecode(der, &idx, key, derSz);
}
#endif
if (ret != 0) {
goto done;
}
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
ret = ecc_exp_imp_test(key); ret = ecc_exp_imp_test(key);
if (ret < 0) if (ret < 0)
goto done; goto done;
#endif #endif
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_QNX_CAAM)
#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)
ret = ecc_mulmod_test(key); ret = ecc_mulmod_test(key);
if (ret < 0) if (ret < 0)
goto done; goto done;
#endif #endif
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
ret = ecc_ssh_test(key, rng);
if (ret < 0)
goto done;
#endif #endif
#endif /* WOLFSSL_ATECC508A */
done: done:
wc_ecc_free(key);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
if (key != NULL) { if (key != NULL) {
wc_ecc_free(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
} }
#else
wc_ecc_free(key);
#endif #endif
return ret; return ret;
} }
#endif /* !NO_ECC256 || HAVE_ALL_CURVES */ #endif /* !NO_ECC256 || HAVE_ALL_CURVES */

31
wolfssl/wolfcrypt/port/nxp/se050_port.h
View File

@@ -54,30 +54,27 @@
/* Default key ID's */ /* Default key ID's */
#ifndef SE050_KEYID_AES #ifndef SE050_KEYSTOREID_AES
#define SE050_KEYID_AES 55 #define SE050_KEYSTOREID_AES 55
#endif #endif
#ifndef SE050_KEYID_ECC_SIGN #ifndef SE050_KEYSTOREID_ED25519
#define SE050_KEYID_ECC_SIGN 56 #define SE050_KEYSTOREID_ED25519 58
#endif #endif
#ifndef SE050_KEYID_ECC_VERIFY #ifndef SE050_KEYSTOREID_ECC
#define SE050_KEYID_ECC_VERIFY 57 #define SE050_KEYSTOREID_ECC 60
#endif #endif
#ifndef SE050_KEYID_ED25519
#define SE050_KEYID_ED25519 58
#endif
enum { enum {
SSS_BLOCK_SIZE = 512 SSS_BLOCK_SIZE = 512,
SSS_MAX_ECC_BITS = 521
}; };
enum SE050KeyType { enum SE050KeyType {
SE050_KEYID_ANY, SE050_ANY_KEY,
SE050_AES_KEY, SE050_AES_KEY,
SE050_ECC_SIGN, SE050_ECC_KEY,
SE050_ECC_VERIFY, SE050_ED25519_KEY
SE050_ED25519,
}; };
@@ -131,12 +128,12 @@ WOLFSSL_LOCAL int se050_ecc_sign_hash_ex(const byte* in, word32 inLen,
byte* out, word32 *outLen, struct ecc_key* key); byte* out, word32 *outLen, struct ecc_key* key);
WOLFSSL_LOCAL int se050_ecc_verify_hash_ex(const byte* hash, word32 hashlen, WOLFSSL_LOCAL int se050_ecc_verify_hash_ex(const byte* hash, word32 hashlen,
byte* signature, word32 signatureLen, struct ecc_key* key, int* res); byte* sigRS, word32 sigRSLen, struct ecc_key* key, int* res);
WOLFSSL_LOCAL int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize); WOLFSSL_LOCAL int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize);
WOLFSSL_LOCAL int se050_ecc_shared_secret(struct ecc_key* private_key, WOLFSSL_LOCAL int se050_ecc_shared_secret(struct ecc_key* private_key,
struct ecc_key* public_key, byte* out, word32* outlen); struct ecc_key* public_key, byte* out, word32* outlen);
WOLFSSL_LOCAL int se050_ecc_free_key(struct ecc_key* key); WOLFSSL_LOCAL void se050_ecc_free_key(struct ecc_key* key);
struct ed25519_key; struct ed25519_key;
WOLFSSL_LOCAL int se050_ed25519_create_key(struct ed25519_key* key); WOLFSSL_LOCAL int se050_ed25519_create_key(struct ed25519_key* key);

4
wolfssl/wolfcrypt/sha.h
View File

@@ -110,7 +110,7 @@ enum {
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#else #else
#if defined(WOLFSSL_SE050) #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include "wolfssl/wolfcrypt/port/nxp/se050_port.h" #include "wolfssl/wolfcrypt/port/nxp/se050_port.h"
#endif #endif
@@ -118,7 +118,7 @@ enum {
struct wc_Sha { struct wc_Sha {
#ifdef FREESCALE_LTC_SHA #ifdef FREESCALE_LTC_SHA
ltc_hash_ctx_t ctx; ltc_hash_ctx_t ctx;
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
SE050_HASH_Context se050Ctx; SE050_HASH_Context se050Ctx;
#elif defined(STM32_HASH) #elif defined(STM32_HASH)
STM32_HASH_Context stmCtx; STM32_HASH_Context stmCtx;

4
wolfssl/wolfcrypt/sha256.h
View File

@@ -144,7 +144,7 @@ enum {
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#else #else
#if defined(WOLFSSL_SE050) #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include "wolfssl/wolfcrypt/port/nxp/se050_port.h" #include "wolfssl/wolfcrypt/port/nxp/se050_port.h"
#endif #endif
@@ -152,7 +152,7 @@ enum {
struct wc_Sha256 { struct wc_Sha256 {
#ifdef FREESCALE_LTC_SHA #ifdef FREESCALE_LTC_SHA
ltc_hash_ctx_t ctx; ltc_hash_ctx_t ctx;
#elif defined(WOLFSSL_SE050) #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
SE050_HASH_Context se050Ctx; SE050_HASH_Context se050Ctx;
#elif defined(STM32_HASH_SHA2) #elif defined(STM32_HASH_SHA2)
STM32_HASH_Context stmCtx; STM32_HASH_Context stmCtx;