mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 19:24:42 +02:00
Improvements to the STSAFE-A100 error code handling.
This commit is contained in:
David Garske
@@ -44,7 +44,7 @@ int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate,
|
|||||||
/* Try reading device certificate from ST-SAFE Zone 0 */
|
/* Try reading device certificate from ST-SAFE Zone 0 */
|
||||||
err = stsafe_interface_read_device_certificate_raw(
|
err = stsafe_interface_read_device_certificate_raw(
|
||||||
pRawCertificate, (uint32_t*)pRawCertificateLen);
|
pRawCertificate, (uint32_t*)pRawCertificateLen);
|
||||||
if (err == 0) {
|
if (err == STSAFE_A_OK) {
|
||||||
#if 0
|
#if 0
|
||||||
/* example for loading into WOLFSSL_CTX */
|
/* example for loading into WOLFSSL_CTX */
|
||||||
err = wolfSSL_CTX_use_certificate_buffer(ctx,
|
err = wolfSSL_CTX_use_certificate_buffer(ctx,
|
||||||
@@ -57,6 +57,9 @@ int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate,
|
|||||||
*pRawCertificate = NULL;
|
*pRawCertificate = NULL;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
err = WC_HW_E;
|
||||||
|
}
|
||||||
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
@@ -87,6 +90,10 @@ int SSL_STSAFE_CreateKeyCb(WOLFSSL* ssl, ecc_key* key, word32 keySz,
|
|||||||
/* generate new ephemeral key on device */
|
/* generate new ephemeral key on device */
|
||||||
err = stsafe_interface_create_key(&slot, curve_id, (uint8_t*)&pubKeyRaw[0]);
|
err = stsafe_interface_create_key(&slot, curve_id, (uint8_t*)&pubKeyRaw[0]);
|
||||||
if (err != 0) {
|
if (err != 0) {
|
||||||
|
#ifdef USE_STSAFE_VERBOSE
|
||||||
|
STSAFE_INTERFACE_PRINTF("stsafe_interface_create_key error: %d\n", err);
|
||||||
|
#endif
|
||||||
|
err = WC_HW_E;
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -159,6 +166,12 @@ int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl,
|
|||||||
/* Verify signature */
|
/* Verify signature */
|
||||||
err = stsafe_interface_verify(curve_id, (uint8_t*)hash, sigRS,
|
err = stsafe_interface_verify(curve_id, (uint8_t*)hash, sigRS,
|
||||||
pubKeyX, pubKeyY, (int32_t*)result);
|
pubKeyX, pubKeyY, (int32_t*)result);
|
||||||
|
if (err != STSAFE_A_OK) {
|
||||||
|
#ifdef USE_STSAFE_VERBOSE
|
||||||
|
STSAFE_INTERFACE_PRINTF("stsafe_interface_verify error: %d\n", err);
|
||||||
|
#endif
|
||||||
|
err = WC_HW_E;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
wc_ecc_free(&key);
|
wc_ecc_free(&key);
|
||||||
@@ -199,7 +212,11 @@ int SSL_STSAFE_SignCertificateCb(WOLFSSL* ssl, const byte* in,
|
|||||||
/* Sign will always use the curve type in slot 0 (the TLS curve needs to match) */
|
/* Sign will always use the curve type in slot 0 (the TLS curve needs to match) */
|
||||||
XMEMSET(sigRS, 0, sizeof(sigRS));
|
XMEMSET(sigRS, 0, sizeof(sigRS));
|
||||||
err = stsafe_interface_sign(STSAFE_A_SLOT_0, curve_id, digest, sigRS);
|
err = stsafe_interface_sign(STSAFE_A_SLOT_0, curve_id, digest, sigRS);
|
||||||
if (err != 0) {
|
if (err != STSAFE_A_OK) {
|
||||||
|
#ifdef USE_STSAFE_VERBOSE
|
||||||
|
STSAFE_INTERFACE_PRINTF("stsafe_interface_sign error: %d\n", err);
|
||||||
|
#endif
|
||||||
|
err = WC_HW_E;
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -208,7 +225,7 @@ int SSL_STSAFE_SignCertificateCb(WOLFSSL* ssl, const byte* in,
|
|||||||
s = &sigRS[key_sz];
|
s = &sigRS[key_sz];
|
||||||
err = wc_ecc_rs_raw_to_sig((const byte*)r, key_sz, (const byte*)s, key_sz,
|
err = wc_ecc_rs_raw_to_sig((const byte*)r, key_sz, (const byte*)s, key_sz,
|
||||||
out, outSz);
|
out, outSz);
|
||||||
if (err !=0) {
|
if (err != 0) {
|
||||||
#ifdef USE_STSAFE_VERBOSE
|
#ifdef USE_STSAFE_VERBOSE
|
||||||
WOLFSSL_MSG("Error converting RS to Signature");
|
WOLFSSL_MSG("Error converting RS to Signature");
|
||||||
#endif
|
#endif
|
||||||
@@ -266,7 +283,11 @@ int SSL_STSAFE_SharedSecretCb(WOLFSSL* ssl, ecc_key* otherKey,
|
|||||||
}
|
}
|
||||||
|
|
||||||
err = stsafe_interface_create_key(&slot, curve_id, (uint8_t*)&pubKeyRaw[0]);
|
err = stsafe_interface_create_key(&slot, curve_id, (uint8_t*)&pubKeyRaw[0]);
|
||||||
if (err != 0) {
|
if (err != STSAFE_A_OK) {
|
||||||
|
#ifdef USE_STSAFE_VERBOSE
|
||||||
|
STSAFE_INTERFACE_PRINTF("stsafe_interface_create_key error: %d\n", err);
|
||||||
|
#endif
|
||||||
|
err = WC_HW_E;
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -303,6 +324,12 @@ int SSL_STSAFE_SharedSecretCb(WOLFSSL* ssl, ecc_key* otherKey,
|
|||||||
/* Compute shared secret */
|
/* Compute shared secret */
|
||||||
err = stsafe_interface_shared_secret(curve_id, &otherKeyX[0], &otherKeyY[0],
|
err = stsafe_interface_shared_secret(curve_id, &otherKeyX[0], &otherKeyY[0],
|
||||||
out, (int32_t*)outlen);
|
out, (int32_t*)outlen);
|
||||||
|
if (err != STSAFE_A_OK) {
|
||||||
|
#ifdef USE_STSAFE_VERBOSE
|
||||||
|
STSAFE_INTERFACE_PRINTF("stsafe_interface_shared_secret error: %d\n", err);
|
||||||
|
#endif
|
||||||
|
err = WC_HW_E;
|
||||||
|
}
|
||||||
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
@@ -381,6 +408,10 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
|
|||||||
rc = stsafe_interface_create_key(&slot, curve_id,
|
rc = stsafe_interface_create_key(&slot, curve_id,
|
||||||
(uint8_t*)pubKeyRaw);
|
(uint8_t*)pubKeyRaw);
|
||||||
if (rc != 0) {
|
if (rc != 0) {
|
||||||
|
#ifdef USE_STSAFE_VERBOSE
|
||||||
|
STSAFE_INTERFACE_PRINTF("stsafe_interface_create_key error: %d\n", rc);
|
||||||
|
#endif
|
||||||
|
rc = WC_HW_E;
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -416,6 +447,10 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
|
|||||||
rc = stsafe_interface_sign(STSAFE_A_SLOT_0, curve_id,
|
rc = stsafe_interface_sign(STSAFE_A_SLOT_0, curve_id,
|
||||||
(uint8_t*)info->pk.eccsign.in, sigRS);
|
(uint8_t*)info->pk.eccsign.in, sigRS);
|
||||||
if (rc != 0) {
|
if (rc != 0) {
|
||||||
|
#ifdef USE_STSAFE_VERBOSE
|
||||||
|
STSAFE_INTERFACE_PRINTF("stsafe_interface_sign error: %d\n", rc);
|
||||||
|
#endif
|
||||||
|
rc = WC_HW_E;
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -468,6 +503,12 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
|
|||||||
rc = stsafe_interface_verify(curve_id,
|
rc = stsafe_interface_verify(curve_id,
|
||||||
(uint8_t*)info->pk.eccverify.hash, sigRS, pubKeyX, pubKeyY,
|
(uint8_t*)info->pk.eccverify.hash, sigRS, pubKeyX, pubKeyY,
|
||||||
(int32_t*)info->pk.eccverify.res);
|
(int32_t*)info->pk.eccverify.res);
|
||||||
|
if (rc != 0) {
|
||||||
|
#ifdef USE_STSAFE_VERBOSE
|
||||||
|
STSAFE_INTERFACE_PRINTF("stsafe_interface_verify error: %d\n", rc);
|
||||||
|
#endif
|
||||||
|
rc = WC_HW_E;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (info->pk.type == WC_PK_TYPE_ECDH) {
|
else if (info->pk.type == WC_PK_TYPE_ECDH) {
|
||||||
@@ -497,6 +538,12 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
|
|||||||
rc = stsafe_interface_shared_secret(curve_id,
|
rc = stsafe_interface_shared_secret(curve_id,
|
||||||
otherKeyX, otherKeyY,
|
otherKeyX, otherKeyY,
|
||||||
info->pk.ecdh.out, (int32_t*)info->pk.ecdh.outlen);
|
info->pk.ecdh.out, (int32_t*)info->pk.ecdh.outlen);
|
||||||
|
if (rc != 0) {
|
||||||
|
#ifdef USE_STSAFE_VERBOSE
|
||||||
|
STSAFE_INTERFACE_PRINTF("stsafe_interface_shared_secret error: %d\n", rc);
|
||||||
|
#endif
|
||||||
|
rc = WC_HW_E;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user