From c7c90cd2cc20bc0fe7388f665957f6833c13a70d Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 17 Jan 2023 11:20:44 +0100 Subject: [PATCH] Back-end calls for ecc sign/verify/getpublic --- arch.mk | 1 + include/user_settings.h | 16 +++- include/wolfboot/wc_secure.h | 4 +- src/wc_callable.c | 143 ++++++++++++++++++++++++++++++----- test-app/app_stm32l5.c | 2 +- 5 files changed, 140 insertions(+), 26 deletions(-) diff --git a/arch.mk b/arch.mk index f52e6423..686f6956 100644 --- a/arch.mk +++ b/arch.mk @@ -168,6 +168,7 @@ ifeq ($(ARCH),ARM) ifeq ($(WCSM),1) OBJS+=./src/wc_callable.o WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/random.o + WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/asn.o CFLAGS+=-DWOLFCRYPT_SECURE_MODE SECURE_LDFLAGS+=-Wl,--cmse-implib -Wl,--out-implib=./src/wc_secure_calls.o endif diff --git a/include/user_settings.h b/include/user_settings.h index 807d62c8..36b9c0d5 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -57,7 +57,6 @@ extern int tolower(int c); # define WOLFSSL_SHA512 # define USE_SLOW_SHA512 # define NO_RSA -# define NO_ASN #endif /* ED448 */ @@ -68,7 +67,6 @@ extern int tolower(int c); # define NO_ED448_SIGN # define NO_ED448_EXPORT # define NO_RSA -# define NO_ASN # define WOLFSSL_SHA3 # define WOLFSSL_SHAKE256 #endif @@ -105,6 +103,10 @@ extern int tolower(int c); # define NO_ECC_EXPORT # define NO_ECC_DHE # define NO_ECC_KEY_EXPORT +# define NO_ASN +#else +# define HAVE_ECC_SIGN +# define HAVE_ECC_CDH #endif /* Curve */ @@ -134,7 +136,6 @@ extern int tolower(int c); #endif # define NO_RSA -# define NO_ASN #endif #ifdef WOLFBOOT_SIGN_RSA2048 @@ -362,4 +363,13 @@ extern int tolower(int c); # define WOLFSSL_SMALL_STACK #endif +#ifdef WOLFTPM_MMIO + void delay(int msec); + #define XTPM_WAIT() delay(1000); + #define DEBUG_WOLFTPM + #define WOLFTPM_ADV_IO + void uart_printf(const char* fmt, ...); + #define XPRINTF uart_printf +#endif + #endif /* !H_USER_SETTINGS_ */ diff --git a/include/wolfboot/wc_secure.h b/include/wolfboot/wc_secure.h index 5ef63855..090ab619 100644 --- a/include/wolfboot/wc_secure.h +++ b/include/wolfboot/wc_secure.h @@ -8,8 +8,8 @@ /* Secure calls prototypes for the non-secure world */ -int __attribute__((cmse_nonsecure_call)) nsc_test(void); -int __attribute__((cmse_nonsecure_call)) wcsm_ecc_keygen(uint32_t key_size, int ecc_curve); +int __attribute__((cmse_nonsecure_entry)) nsc_test(void); +int __attribute__((cmse_nonsecure_entry)) wcsm_ecc_keygen(uint32_t key_size, int ecc_curve); diff --git a/src/wc_callable.c b/src/wc_callable.c index 8480f5be..81c3b789 100644 --- a/src/wc_callable.c +++ b/src/wc_callable.c @@ -3,60 +3,75 @@ #include "wolfssl/ssl.h" #include "wolfssl/wolfcrypt/ecc.h" #include "wolfssl/wolfcrypt/aes.h" +#include "wolfssl/wolfcrypt/random.h" #include "wolfboot/wolfboot.h" #include -#ifndef WCSM_SLOTS - #define WCSM_SLOTS (4) +#ifndef WCS_SLOTS + #define WCS_SLOTS (4) #endif -struct wcsm_key +#define WCS_TYPE_AES 1 +#define WCS_TYPE_ECC 2 + +#define ACCESS_ENCDEC (1 << 0) +#define ACCESS_SIGN (1 << 1) +#define ACCESS_VERIFY (1 << 2) +#define ACCESS_DERIVE (1 << 3) +#define ACCESS_EXPORT_PUBLIC (1 << 4) +#define ACCESS_EXPORT_PRIVATE (1 << 5) +#define ACCESS_USAGE_COUNTER (1 << 6) +#define ACCESS_VALID_DATE (1 << 7) + +struct wcs_key { uint32_t id; uint32_t type; int in_use; size_t size; - union wcsm_key_type_u { + uint32_t access_flags; + union wcs_key_type_u { Aes aes; ecc_key ecc; + /* .... */ } key; }; -struct wcsm_key WCSM_Keys[WCSM_SLOTS] = { }; +static struct wcs_key WCS_Keys[WCS_SLOTS] = { }; +static WC_RNG wcs_rng; static int new_slot(void) { int key_slot = 0; - while (WCSM_Keys[key_slot].in_use) { + while (WCS_Keys[key_slot].in_use) { key_slot++; - if (key_slot >= WCSM_SLOTS) + if (key_slot >= WCS_SLOTS) return -1; } return key_slot; } -int __attribute__((cmse_nonsecure_entry)) wcsm_ecc_keygen(size_t key_size, +int __attribute__((cmse_nonsecure_entry)) wcs_ecc_keygen(size_t key_size, int ecc_curve) { int slot_id; - struct wcsm_key *wk; + struct wcs_key *wk; int ret; ecc_key *new_key = NULL; - WC_RNG *rng = NULL; slot_id = new_slot(); if (slot_id < 0) return -1; - if (slot_id >= WCSM_SLOTS) + if (slot_id >= WCS_SLOTS) return -1; /* TODO: important: arguments check */ - wk = &WCSM_Keys[slot_id]; + wk = &WCS_Keys[slot_id]; if (wc_ecc_init(new_key) != 0) return -1; - ret = wc_ecc_make_key_ex(rng, key_size, new_key, ecc_curve); + ret = wc_ecc_make_key_ex(&wcs_rng, key_size, new_key, ecc_curve); if (ret < 0) return -1; wk->in_use++; @@ -65,13 +80,98 @@ int __attribute__((cmse_nonsecure_entry)) wcsm_ecc_keygen(size_t key_size, return slot_id; } +struct wcs_sign_call_params +{ + int slot_id; + const byte *in; + word32 inSz; + byte *out; + word32 outSz; + int verify_res; +}; + +struct wcs_verify_call_params +{ + int slot_id; + const byte *sig; + word32 sigSz; + byte *hash; + word32 hashSz; + int verify_res; +}; + +int __attribute__((cmse_nonsecure_entry)) wcs_ecc_sign_call(struct wcs_sign_call_params *p) +{ + int slot_id = p->slot_id; + int ret; + + /* TODO: sanity check memory range for param pointer */ + + if (slot_id > WCS_SLOTS) + return -1; + if (WCS_Keys[slot_id].in_use == 0) + return -1; + if (WCS_Keys[slot_id].type != WCS_TYPE_ECC) + return -1; + if ((WCS_Keys[slot_id].access_flags & ACCESS_SIGN) == 0) + return -1; + ret = wc_ecc_sign_hash(p->in, p->inSz, p->out, &p->outSz, &wcs_rng, &WCS_Keys[slot_id].key.ecc); + return ret; +} + +int __attribute__((cmse_nonsecure_entry)) wcs_ecc_verify_call(struct wcs_verify_call_params *p) +{ + int slot_id = p->slot_id; + int ret; + + /* TODO: sanity check memory range for param pointer */ + + if (slot_id > WCS_SLOTS) + return -1; + if (WCS_Keys[slot_id].in_use == 0) + return -1; + if (WCS_Keys[slot_id].type != WCS_TYPE_ECC) + return -1; + if ((WCS_Keys[slot_id].access_flags & ACCESS_SIGN) == 0) + return -1; + ret = wc_ecc_verify_hash(p->sig, p->sigSz, p->hash, p->hashSz, p->verify_res, &WCS_Keys[slot_id].key.ecc); + return ret; +} + +int __attribute__((cmse_nonsecure_entry)) wcs_ecc_getpublic(int slot_id, byte *pubkey, word32 *pubkeySz) +{ + int ret; + word32 x_sz, y_sz; + x_sz = *pubkeySz / 2; + y_sz = x_sz; + + /* TODO: sanity check memory range for pubkey/pubkeySz pointers */ + + if (slot_id > WCS_SLOTS) + return -1; + if (WCS_Keys[slot_id].in_use == 0) + return -1; + if (WCS_Keys[slot_id].type != WCS_TYPE_ECC) + return -1; + if ((WCS_Keys[slot_id].access_flags & ACCESS_SIGN) == 0) + return -1; + + /* TODO: check bidirectional argument pubkeySz for valid ecc key size */ + + ret = wc_ecc_export_public_raw(&WCS_Keys[slot_id].key.ecc, pubkey, &x_sz, pubkey + x_sz, &y_sz); + if (ret == 0) { + *pubkeySz = x_sz + y_sz; + } + return ret; +} + + + /* -int wcsm_ecc_sign(); -int wcsm_ecc_verify(); -int wcsm_ecc_getpublic(); -int wcsm_ecdh(); -int wcsm_aes_encrypt(); -int wcsm_aes_decrypt(); +int wcs_ecc_getpublic(); +int wcs_ecdh(); +int wcs_aes_encrypt(); +int wcs_aes_decrypt(); */ @@ -81,6 +181,9 @@ int __attribute__((cmse_nonsecure_entry)) nsc_test(void) return 0; } - +void wsc_Init(void) +{ + wc_InitRng(&wcs_rng); +} #endif diff --git a/test-app/app_stm32l5.c b/test-app/app_stm32l5.c index f481ec8c..5668b35e 100644 --- a/test-app/app_stm32l5.c +++ b/test-app/app_stm32l5.c @@ -103,7 +103,7 @@ void main(void) boot_led_off(); if (wolfBoot_current_firmware_version() > 1) boot_led_on(); -#ifdef WOLFBOOT_SECURE_CALLS +#ifdef WOLFCRYPT_SECURE_MODE nsc_test(); #endif