mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 15:00:49 +02:00
se050: add support for SE050 SIGN ONLY options
This commit is contained in:
@@ -880,7 +880,10 @@ WOLFSSL_SE050_AUTO_ERASE
|
||||
WOLFSSL_SE050_CRYPT
|
||||
WOLFSSL_SE050_HASH
|
||||
WOLFSSL_SE050_INIT
|
||||
WOLFSSL_SE050_NOECDHE
|
||||
WOLFSSL_SE050_NO_ECDSA_VERIFY
|
||||
WOLFSSL_SE050_NO_RSA
|
||||
WOLFSSL_SE050_NO_RSA_VERIFY
|
||||
WOLFSSL_SE050_NO_TRNG
|
||||
WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
|
||||
WOLFSSL_SERVER_EXAMPLE
|
||||
|
||||
+6
-3
@@ -291,6 +291,9 @@ ECC Curve Sizes:
|
||||
#undef HAVE_ECC_VERIFY_HELPER
|
||||
#define HAVE_ECC_VERIFY_HELPER
|
||||
#endif
|
||||
#if defined(WOLFSSL_SE050_NO_ECDSA_VERIFY)
|
||||
#define HAVE_ECC_VERIFY_HELPER
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
|
||||
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
|
||||
@@ -4767,7 +4770,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
err = silabs_ecc_shared_secret(private_key, public_key, out, outlen);
|
||||
#elif defined(WOLFSSL_KCAPI_ECC)
|
||||
err = KcapiEcc_SharedSecret(private_key, public_key, out, outlen);
|
||||
#elif defined(WOLFSSL_SE050)
|
||||
#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NOECDHE)
|
||||
err = se050_ecc_shared_secret(private_key, public_key, out, outlen);
|
||||
#else
|
||||
err = wc_ecc_shared_secret_ex(private_key, &public_key->pubkey, out, outlen);
|
||||
@@ -5761,7 +5764,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
|
||||
else {
|
||||
err = NOT_COMPILED_IN;
|
||||
}
|
||||
#elif defined(WOLFSSL_SE050)
|
||||
#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NOECDHE)
|
||||
err = se050_ecc_create_key(key, key->dp->id, key->dp->size);
|
||||
key->type = ECC_PRIVATEKEY;
|
||||
#elif defined(WOLFSSL_CRYPTOCELL)
|
||||
@@ -9261,7 +9264,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
#elif defined(WOLFSSL_XILINX_CRYPT_VERSAL)
|
||||
byte sigRS[ECC_MAX_CRYPTO_HW_SIZE * 2];
|
||||
byte hashcopy[ECC_MAX_CRYPTO_HW_SIZE] = {0};
|
||||
#elif defined(WOLFSSL_SE050)
|
||||
#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_ECDSA_VERIFY)
|
||||
#else
|
||||
int curveLoaded = 0;
|
||||
DECLARE_CURVE_SPECS(ECC_CURVE_FIELD_COUNT);
|
||||
|
||||
@@ -246,6 +246,25 @@ defined, wolfCrypt will instead fall back to using `/dev/random` and
|
||||
Disables using the SE050 for RSA, useful for the SE050E which does not have
|
||||
RSA support.
|
||||
|
||||
**`WOLFSSL_SE050_NOECDHE`**
|
||||
|
||||
Disables offloading ECDH key generation and shared secret operations to the
|
||||
SE050. When defined, `wc_ecc_make_key()` and `wc_ecc_shared_secret()` will
|
||||
use wolfCrypt software instead of the SE050.
|
||||
|
||||
**`WOLFSSL_SE050_NO_ECDSA_VERIFY`**
|
||||
|
||||
When defined, ECDSA signing (`wc_ecc_sign_hash()`) continues to be offloaded
|
||||
to the SE050, but ECDSA verification (`wc_ecc_verify_hash()`) uses wolfCrypt
|
||||
software.
|
||||
|
||||
**`WOLFSSL_SE050_NO_RSA_VERIFY`**
|
||||
|
||||
When defined, RSA PKCS#1 v1.5 signing (`wc_RsaSSL_Sign()`) continues to be
|
||||
offloaded to the SE050, but RSA PKCS#1 v1.5 verification (`wc_RsaSSL_Verify()`)
|
||||
uses wolfCrypt software (public-key exponentiation + unpad). RSA PSS verify and
|
||||
RSA key-exchange decrypt are unaffected.
|
||||
|
||||
## wolfSSL HostCrypto Support
|
||||
|
||||
The NXP SE05x Plug & Trust Middleware by default can use either OpenSSL or
|
||||
|
||||
@@ -3660,6 +3660,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
#if !defined(WOLFSSL_SE050_NO_RSA_VERIFY)
|
||||
else if (rsa_type == RSA_PUBLIC_DECRYPT &&
|
||||
pad_value == RSA_BLOCK_TYPE_1 &&
|
||||
pad_type != WC_RSA_PSS_PAD) {
|
||||
@@ -3675,6 +3676,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
#endif /* !WOLFSSL_SE050_NO_RSA_VERIFY */
|
||||
#endif /* RSA CRYPTO HW */
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user