diff --git a/README.md b/README.md index 22115321..85d495a1 100644 --- a/README.md +++ b/README.md @@ -283,6 +283,16 @@ This directory contains a wolfCrypt benchmark test application for i.MX RT1060-E Please see the [RT1060/README.md](RT1060/README.md) for further usage and details. +
+ +#### NXP SE050 + +This directory contains example applications for NXP's SE050. The examples +have been tested on a Raspberry Pi with SE050 EdgeLock. + +Please see the [SE050/README.md](SE050/README.md) for further details. + +
#### SGX_Linux (Linux Enclave) diff --git a/SE050/README.md b/SE050/README.md new file mode 100644 index 00000000..08bd0c3a --- /dev/null +++ b/SE050/README.md @@ -0,0 +1,111 @@ +# wolfSSL NXP SE050 Examples + +wolfSSL includes support for the NXP SE050 Plug & Trust Secure Element. For +details about the NXP SE050, see [NXP's SE050 page](https://www.nxp.com/products/security-and-authentication/authentication/edgelock-se050-plug-trust-secure-element-family-enhanced-iot-security-with-maximum-flexibility:SE050). + +This directory contains wolfSSL examples for NXP SE050. The examples have been +written for and tested on a Raspberry Pi with NXP SE050 EdgeLock development +kit. + +For complete details on wolfSSL's support for NXP SE050, see +[README_SE050.md](https://www.github.com/wolfssl/wolfssl/wolfcrypt/src/port/nxp/README_SE050.md). +That document also describes how to download, build, and compile the SE05x +Middleware. It should be followed first before moving on to installing and +running these examples. + +## Installing Example Applications + +These instructions assume that the SE050 middleware has already been installed +in Raspbian and is located at `/home/pi/se_mw/simw-top`. + +Before building these demo, the "wolfssl" folder which contains these demos +should be copied into the SE05x middleware source tree at: + +``` +/home/pi/se_mw/simw-top/demos/wolfssl +``` + +This will mean the wolfSSL demo applications will be at: + +``` +/home/pi/se_mw/simw-top/demos/wolfssl/wolfcrypt_benchmark +/home/pi/se_mw/simw-top/demos/wolfssl/wolfcrypt_generate_csr +/home/pi/se_mw/simw-top/demos/wolfssl/wolfcrypt_key_cert_insert +/home/pi/se_mw/simw-top/demos/wolfssl/wolfcrypt_test +``` + +The 'wolfssl' demo directory needs to be tied into the CMake build system. Open +the following file: + +``` +/home/pi/se_mw/simw-top/demos/CMakeLists.txt +``` + +Add the following at the bottom of this file: + +``` +ADD_SUBDIRECTORY(wolfssl) +``` + +If the SE05x middleware has not yet been set up for compilation: + +``` +$ cd /home/pi/se_mw/simw-top/scripts +$ ./create_cmake_projects.py rpi +$ cd /home/pi/se_mw/simw-top_build/raspbian_native_se050_t1oi2c +$ ccmake . +< adjust options to match SE050 dev kit > +< 'c', to configure > +< 'g', to generate > +$ cmake --build . +``` + +This will build the SE05x middleware along with demos, including the wolfCrypt +test application. + +**IMPORTANT:** Note that the wolfCrypt test and benchmark application examples +included here need benchmark.c, benchmark.h, test.c, and test.h copied over +from a valid wolfSSL source tree. See notes in those example README.md files +for more information. + +## NXP SE050 EdgeLock Configuration + +wolfSSL most recently tested these examples on a Raspberry Pi with NXP +EdgeLock development kit. The following CMake options were used. This uses +OpenSSL as the HostCrypto Provider and enables SCP03 authentication. + +![CMake Configuration](images/se05x_middleware_cmake_openssl_scp03.png) + +## Example Applications + +### wolfCrypt Test Application + +This application will run the wolfCrypt test application, running cryptography +test vectors through all algorithms enabled in wolfSSL. For details, see +[README.md](./wolfssl/wolfcrypt_test/README.md). + +### wolfCrypt Benchmark Application + +This application will run the wolfCrypt benchmark application, benchmarking +all enabled algorithms in wolfSSL. For details, see +[README.md](./wolfssl/wolfcrypt_benchmark/README.md). + +### wolfCrypt SE050 Key and Certificate Insertion and Use Example + +This example inserts and uses certificates and keys into the SE050. It does an +ECDSA verify operation of an ASCII-encoded {R,S} signature, reads back out the +RSA and ECC certificates imported and verifies they match the original ones, +then erases keys and certificates that were imported into the SE050. For +details, see [README.md](./wolfssl/wolfcrypt_key_cert_insert/README.md). + +### wolfCrypt CSR Generation Example + +This example generates a Certificate Signing Request (CSR) using a key +generated and stored in the SE050. This examples requires that wolfSSL be +compiled with `--enable-certgen --enable-certreq`. For details, see +[README.md](./wolfssl/wolfcrypt_generate_csr/README.md). + +## Support + +For support questions and issues, please email wolfSSL at support@wolfssl.com. + diff --git a/SE050/images/se05x_middleware_cmake_openssl_scp03.png b/SE050/images/se05x_middleware_cmake_openssl_scp03.png new file mode 100644 index 00000000..7b4acdc2 Binary files /dev/null and b/SE050/images/se05x_middleware_cmake_openssl_scp03.png differ diff --git a/SE050/wolfssl/CMakeLists.txt b/SE050/wolfssl/CMakeLists.txt new file mode 100644 index 00000000..9d2d6a79 --- /dev/null +++ b/SE050/wolfssl/CMakeLists.txt @@ -0,0 +1,4 @@ +ADD_SUBDIRECTORY(wolfcrypt_benchmark) +ADD_SUBDIRECTORY(wolfcrypt_test) +ADD_SUBDIRECTORY(wolfcrypt_key_cert_insert) +ADD_SUBDIRECTORY(wolfcrypt_generate_csr) diff --git a/SE050/wolfssl/wolfcrypt_benchmark/CMakeLists.txt b/SE050/wolfssl/wolfcrypt_benchmark/CMakeLists.txt new file mode 100644 index 00000000..5c979ee0 --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_benchmark/CMakeLists.txt @@ -0,0 +1,34 @@ +PROJECT(wolfcrypt_benchmark) +FILE( + GLOB + files + *.c +) + +ADD_EXECUTABLE( + ${PROJECT_NAME} + ${KSDK_STARTUP_FILE} ${files} +) + +TARGET_COMPILE_DEFINITIONS( + ${PROJECT_NAME} + PRIVATE SIMW_DEMO_ENABLE__DEMO_WOLFCRYPTBENCHMARK NO_MAIN_DRIVER BENCH_EMBEDDED USE_CERT_BUFFERS_2048 USE_CERT_BUFFERS_256 +) + +TARGET_INCLUDE_DIRECTORIES( + ${PROJECT_NAME} + PRIVATE ${SIMW_TOP_DIR}/sss/ex/inc /home/pi/se_mw/wolfssl +) + +TARGET_LINK_LIBRARIES( + ${PROJECT_NAME} + SSS_APIs + ex_common + wolfssl +) + +CREATE_BINARY(${PROJECT_NAME}) + +IF(SSS_HAVE_HOST_LINUX_LIKE) + INSTALL(TARGETS ${PROJECT_NAME} DESTINATION bin) +ENDIF() diff --git a/SE050/wolfssl/wolfcrypt_benchmark/README.md b/SE050/wolfssl/wolfcrypt_benchmark/README.md new file mode 100644 index 00000000..66164d0e --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_benchmark/README.md @@ -0,0 +1,145 @@ +# wolfCrypt Benchmark Demo Application + +This demo application runs the wolfCrypt benchmark app. It benchmarks all +algorithms enabled in wolfCrypt. It has been tested using a Raspberry Pi +and SE050 EdgeLock development kit. + +## Building the Demo + +Before building this demo, follow initial setup instructions in the parent +[README.md](../../README.md). + +**IMPORTANT:** This example requires the benchmark.c and benchmark.h files from +a wolfSSL source package be copied into this directory before compiling and +running the example. There are stub files included in this example directory +that should be overwritten: + +``` +$ cp wolfssl-X.X.X/wolfcrypt/benchmark/benchmark.c ./ +$ cp wolfssl-X.X.X/wolfcrypt/benchmark/benchmark.h ./ +``` + +Once this example directory has been copied into the SE05x middleware directory +tree in the correct location, compiling the middleware will also compile this +demo application: + +``` +$ cd /home/pi/se_mw/simw-top_build/raspbian_native_se050_t1oi2c +$ cmake --build . +``` + +## Running the Demo + +To run the demo: + +``` +$ cd /home/pi/se_mw/simw-top_build/raspbian_native_se050_t1oi2c/bin +$ ./wolfcrypt_benchmark +``` + +On successful run, output similar to the following will print out: + +``` +App :INFO :PlugAndTrust_v04.02.00_20220524 +App :INFO :Running ./wolfcrypt_benchmark +App :INFO :If you want to over-ride the selection, use ENV=EX_SSS_BOOT_SSS_PORT or pass in command line arguments. +sss :INFO :atr (Len=35) + 00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08 + 01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41 + 54 50 4F +sss :WARN :Communication channel is Plain. +sss :WARN :!!!Not recommended for production use.!!! +App :INFO :running setconfig +App :INFO :Ran setconfig successfully +wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each) +RNG 12 MiB took 1.001 seconds, 11.928 MiB/s +AES-128-CBC-enc 20 MiB took 1.000 seconds, 19.724 MiB/s +AES-128-CBC-dec 19 MiB took 1.001 seconds, 19.438 MiB/s +AES-192-CBC-enc 17 MiB took 1.001 seconds, 16.982 MiB/s +AES-192-CBC-dec 17 MiB took 1.001 seconds, 16.612 MiB/s +AES-256-CBC-enc 15 MiB took 1.001 seconds, 14.755 MiB/s +AES-256-CBC-dec 15 MiB took 1.001 seconds, 14.580 MiB/s +AES-128-GCM-enc 10 MiB took 1.002 seconds, 9.967 MiB/s +AES-128-GCM-dec 10 MiB took 1.002 seconds, 9.965 MiB/s +AES-192-GCM-enc 9 MiB took 1.002 seconds, 9.208 MiB/s +AES-192-GCM-dec 9 MiB took 1.000 seconds, 9.202 MiB/s +AES-256-GCM-enc 8 MiB took 1.001 seconds, 8.492 MiB/s +AES-256-GCM-dec 8 MiB took 1.000 seconds, 8.495 MiB/s +AES-128-GCM-enc-no_AAD 10 MiB took 1.001 seconds, 9.975 MiB/s +AES-128-GCM-dec-no_AAD 10 MiB took 1.002 seconds, 10.035 MiB/s +AES-192-GCM-enc-no_AAD 9 MiB took 1.001 seconds, 9.269 MiB/s +AES-192-GCM-dec-no_AAD 9 MiB took 1.002 seconds, 9.262 MiB/s +AES-256-GCM-enc-no_AAD 9 MiB took 1.002 seconds, 8.554 MiB/s +AES-256-GCM-dec-no_AAD 9 MiB took 1.003 seconds, 8.545 MiB/s +GMAC Table 4-bit 22 MiB took 1.000 seconds, 21.581 MiB/s +AES-128-ECB-enc 15 MiB took 1.000 seconds, 14.996 MiB/s +AES-128-ECB-dec 15 MiB took 1.000 seconds, 14.983 MiB/s +AES-192-ECB-enc 13 MiB took 1.000 seconds, 13.356 MiB/s +AES-192-ECB-dec 13 MiB took 1.000 seconds, 13.240 MiB/s +AES-256-ECB-enc 12 MiB took 1.000 seconds, 11.929 MiB/s +AES-256-ECB-dec 12 MiB took 1.000 seconds, 11.921 MiB/s +CHACHA 38 MiB took 1.000 seconds, 37.518 MiB/s +CHA-POLY 26 MiB took 1.000 seconds, 26.211 MiB/s +MD5 129 MiB took 1.000 seconds, 129.068 MiB/s +POLY1305 118 MiB took 1.000 seconds, 118.446 MiB/s +SHA 66 MiB took 1.000 seconds, 66.223 MiB/s +SHA-256 31 MiB took 1.001 seconds, 31.328 MiB/s +SHA-384 16 MiB took 1.000 seconds, 15.918 MiB/s +SHA-512 16 MiB took 1.000 seconds, 15.914 MiB/s +HMAC-MD5 127 MiB took 1.000 seconds, 126.965 MiB/s +HMAC-SHA 65 MiB took 1.000 seconds, 65.453 MiB/s +HMAC-SHA256 31 MiB took 1.001 seconds, 30.983 MiB/s +HMAC-SHA384 16 MiB took 1.000 seconds, 15.551 MiB/s +HMAC-SHA512 16 MiB took 1.001 seconds, 15.653 MiB/s +PBKDF2 4 KiB took 1.002 seconds, 3.618 KiB/s +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id FFFF +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10000 +RSA 1024 key gen 2 ops took 1.377 sec, avg 688.364 ms, 1.453 ops/sec +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10001 +RSA 2048 key gen 1 ops took 7.441 sec, avg 7440.538 ms, 0.134 ops/sec +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10002 +RSA 2048 public 10 ops took 1.133 sec, avg 113.271 ms, 8.828 ops/sec +RSA 2048 private 6 ops took 1.278 sec, avg 212.942 ms, 4.696 ops/sec +DH 2048 key gen 46 ops took 1.002 sec, avg 21.780 ms, 45.915 ops/sec +DH 2048 agree 22 ops took 1.027 sec, avg 46.693 ms, 21.416 ops/sec +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10003 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10004 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10005 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10006 +ECC [ SECP256R1] 256 key gen 4 ops took 1.149 sec, avg 287.259 ms, 3.481 ops/sec +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10007 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10008 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10009 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1000A +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1000B +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1000C +ECDHE [ SECP256R1] 256 agree 4 ops took 1.710 sec, avg 427.612 ms, 2.339 ops/sec +ECDSA [ SECP256R1] 256 sign 10 ops took 1.010 sec, avg 100.953 ms, 9.906 ops/sec +ECDSA [ SECP256R1] 256 verify 10 ops took 1.010 sec, avg 100.998 ms, 9.901 ops/sec +Benchmark complete +``` + +## Demo Notes + +The `benchmark.c` and `benchmark.h` file in this directory have been copied +directly from the wolfSSL download directory, at: + +``` +wolfssl-X.X.X/wolfcrypt/benchmark/benchmark.c +wolfssl-X.X.X/wolfcrypt/benchmark/benchmark.h +``` + diff --git a/SE050/wolfssl/wolfcrypt_benchmark/benchmark.c b/SE050/wolfssl/wolfcrypt_benchmark/benchmark.c new file mode 100644 index 00000000..dbe183a4 --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_benchmark/benchmark.c @@ -0,0 +1,23 @@ +/* benchmark.c + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#error "Overwrite this file with wolfcrypt/benchmark/benchmark.c from wolfSSL" + diff --git a/SE050/wolfssl/wolfcrypt_benchmark/benchmark.h b/SE050/wolfssl/wolfcrypt_benchmark/benchmark.h new file mode 100644 index 00000000..9a192a32 --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_benchmark/benchmark.h @@ -0,0 +1,23 @@ +/* benchmark.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#error "Overwrite this file with wolfcrypt/benchmark/benchmark.h from wolfSSL" + diff --git a/SE050/wolfssl/wolfcrypt_benchmark/wolfcrypt_benchmark.c b/SE050/wolfssl/wolfcrypt_benchmark/wolfcrypt_benchmark.c new file mode 100644 index 00000000..74480523 --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_benchmark/wolfcrypt_benchmark.c @@ -0,0 +1,73 @@ +/* wolfcrypt_benchmark.c + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include +#include +#include "benchmark.h" + +#include +#include +#include + +#ifdef __cplusplus +} +#endif + +#if defined(SIMW_DEMO_ENABLE__DEMO_WOLFCRYPTBENCHMARK) + +static ex_sss_boot_ctx_t gex_sss_boot_ctx; + +#define EX_SSS_BOOT_PCONTEXT (&gex_sss_boot_ctx) +#define EX_SSS_BOOT_DO_ERASE 1 +#define EX_SSS_BOOT_EXPOSE_ARGC_ARGV 0 + +#include + +sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx) +{ + int ret = 0; + sss_status_t status = kStatus_SSS_Success; + sss_session_t *pSession = (sss_session_t*)&pCtx->session; + sss_key_store_t *pKeyStore = (sss_key_store_t*)&pCtx->ks; + + LOG_I("running setconfig"); + ret = wc_se050_set_config(pSession, NULL, pKeyStore); + if (ret != 0) { + LOG_E("wc_se050_set_config failed"); + return kStatus_SSS_Fail; + } + LOG_I("Ran setconfig successfully"); + + wolfSSL_Init(); + benchmark_test(NULL); + wolfSSL_Cleanup(); + + LOG_I("Finished wolfCrypt Benchmark"); + return status; +} + +#endif /* SIMW_DEMO_ENABLE__DEMO_WOLFCRYPTBENCHMARK */ diff --git a/SE050/wolfssl/wolfcrypt_generate_csr/CMakeLists.txt b/SE050/wolfssl/wolfcrypt_generate_csr/CMakeLists.txt new file mode 100644 index 00000000..99d3085d --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_generate_csr/CMakeLists.txt @@ -0,0 +1,34 @@ +PROJECT(wolfcrypt_generate_csr) +FILE( + GLOB + files + wolfcrypt_generate_csr.c +) + +ADD_EXECUTABLE( + ${PROJECT_NAME} + ${KSDK_STARTUP_FILE} ${files} +) + +TARGET_COMPILE_DEFINITIONS( + ${PROJECT_NAME} + PRIVATE SIMW_DEMO_ENABLE__DEMO_WOLFCRYPT_GENERATE_CSR +) + +TARGET_INCLUDE_DIRECTORIES( + ${PROJECT_NAME} + PRIVATE ${SIMW_TOP_DIR}/sss/ex/inc +) + +TARGET_LINK_LIBRARIES( + ${PROJECT_NAME} + SSS_APIs + ex_common + wolfssl +) + +CREATE_BINARY(${PROJECT_NAME}) + +IF(SSS_HAVE_HOST_LINUX_LIKE) + INSTALL(TARGETS ${PROJECT_NAME} DESTINATION bin) +ENDIF() diff --git a/SE050/wolfssl/wolfcrypt_generate_csr/README.md b/SE050/wolfssl/wolfcrypt_generate_csr/README.md new file mode 100644 index 00000000..2ad58ca8 --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_generate_csr/README.md @@ -0,0 +1,74 @@ +# wolfCrypt SE050 Certificate Signing Request (CSR) Example + +This example uses wolfSSL to generate a Certificate Signing Request (CSR) using +a key that is generated and stored in the SE050: + +1. Generates a 256 bit ECC key pair in SE050. + +2. Generates a certificate request with wolfCrypt and signs it with the + ECC private key from step 1. + +3. Converts the CSR from DER to PEM format and prints that to the console. + +4. Deletes the generated key in SE050 (for example cleanup), and cleans up + wolfSSL library resources. + +## Building the Demo + +Before building this demo, follow initial setup instructions in the parent +[README.md](../../README.md). + +Once this example directory has been copied into the SE05x middleware directory +tree in the correct location, compiling the middleware will also compile this +demo application: + +``` +$ cd /home/pi/se_mw/simw-top_build/raspbian_native_se050_t1oi2c +$ cmake --build . +``` + +## Running the Demo + +To run the demo: + +``` +$ cd /home/pi/se_mw/simw-top_build/raspbian_native_se050_t1oi2c/bin +$ ./wolfcrypt_generate_csr +``` + +On successful run, output similar to the following will print out: + +``` +App :INFO :PlugAndTrust_v04.02.00_20220524 +App :INFO :Running ./wolfcrypt_generate_csr +App :INFO :If you want to over-ride the selection, use ENV=EX_SSS_BOOT_SSS_PORT or pass in command line arguments. +App :INFO :Using default PlatfSCP03 keys. You can use keys from file using ENV=EX_SSS_BOOT_SCP03_PATH +sss :INFO :atr (Len=35) + 00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08 + 01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41 + 54 50 4F +App :INFO :Running wc_se050_set_config() +App :INFO :SE050 config successfully set in wolfSSL +App :INFO :wolfCrypt example of CSR generation + +App :INFO :Initializing RNG + +App :INFO :Generating ECC key in SE050 + +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id FFFF +App :INFO :Generated ECC key in SE050 ID: 0x0000ffff + +App :INFO :Generated CSR (530 bytes) + +App :INFO :-----BEGIN CERTIFICATE REQUEST----- +MIIBTjCB8wIBAjCBkDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1UMRAwDgYDVQQH +DAdCb3plbWFuMREwDwYDVQQKDAhUZXN0IE9yZzEUMBIGA1UECwwLRGV2ZWxvcG1l +bnQxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m +b0BleGFtcGxlLmNvbTBZMBM +App :INFO :Erasing ECC key stored in SE050 slot: 0x0000ffff + +App :INFO :Done with sample app +App :INFO :ex_sss Finished +``` + diff --git a/SE050/wolfssl/wolfcrypt_generate_csr/wolfcrypt_generate_csr.c b/SE050/wolfssl/wolfcrypt_generate_csr/wolfcrypt_generate_csr.c new file mode 100644 index 00000000..b29c502b --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_generate_csr/wolfcrypt_generate_csr.c @@ -0,0 +1,201 @@ +/* wolfcrypt_generate_csr.c + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* wolfCrypt example that generates a CSR using key generated in SE050. */ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#ifdef __cplusplus +} +#endif + +#if defined(SIMW_DEMO_ENABLE__DEMO_WOLFCRYPT_GENERATE_CSR) + +static ex_sss_boot_ctx_t gex_sss_boot_ctx; + +#define EX_SSS_BOOT_PCONTEXT (&gex_sss_boot_ctx) +#define EX_SSS_BOOT_DO_ERASE 1 +#define EX_SSS_BOOT_EXPOSE_ARGC_ARGV 0 + +#include + +sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx) +{ +#if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) + int ret = 0; + sss_status_t status = kStatus_SSS_Success; + sss_session_t *pSession = (sss_session_t*)&pCtx->session; + sss_key_store_t *pKeyStore = (sss_key_store_t*)&pCtx->ks; + + word32 keyId = 0; + WC_RNG rng; + ecc_key ecc; + Cert req; + byte der[1024]; + byte pem[1024]; + int derSz; + int pemSz; + + LOG_I("Running wc_se050_set_config()"); + ret = wc_se050_set_config(pSession, NULL, pKeyStore); + if (ret != 0) { + LOG_E("wc_se050_set_config failed"); + return kStatus_SSS_Fail; + } + LOG_I("SE050 config successfully set in wolfSSL"); + + /* Initialize wolfSSL library */ + wolfSSL_Init(); + + LOG_I("wolfCrypt example of CSR generation\n"); + + XMEMSET(der, 0, sizeof(der)); + XMEMSET(pem, 0, sizeof(pem)); + + LOG_I("Initializing RNG\n"); + ret = wc_InitRng(&rng); + if (ret != 0) { + LOG_I("wc_RngInit() error, ret = %d\n", ret); + } + + /* Generate ECC key, stored in SE050 */ + if (ret == 0) { + LOG_I("Generating ECC key in SE050\n"); + ret = wc_ecc_init(&ecc); + if (ret != 0) { + LOG_I("wc_ecc_init error, ret = %d\n", ret); + } + } + + if (ret == 0) { + ret = wc_ecc_make_key(&rng, 32, &ecc); + if (ret != 0) { + LOG_I("wc_ecc_make_key error, ret = %d\n", ret); + } else { + ret = wc_ecc_get_key_id(&ecc, &keyId); + if (ret != 0) { + LOG_I("wc_ecc_get_key_id error, ret = %d\n", ret); + } else { + LOG_I("Generated ECC key in SE050 ID: 0x%08x\n", keyId); + } + } + } + + if (ret == 0) { + ret = wc_InitCert(&req); + if (ret != 0) { + LOG_I("wc_InitCert error, ret = %d\n", ret); + } + } + + if (ret == 0) { + strncpy(req.subject.country, "US", CTC_NAME_SIZE); + strncpy(req.subject.state, "MT", CTC_NAME_SIZE); + strncpy(req.subject.locality, "Bozeman", CTC_NAME_SIZE); + strncpy(req.subject.org, "Test Org", CTC_NAME_SIZE); + strncpy(req.subject.unit, "Development", CTC_NAME_SIZE); + strncpy(req.subject.commonName, "www.example.com", CTC_NAME_SIZE); + strncpy(req.subject.email, "info@example.com", CTC_NAME_SIZE); + + ret = wc_MakeCertReq_ex(&req, der, sizeof(der), ECC_TYPE, + (void*)&ecc); + if (ret <= 0) { + LOG_I("wc_MakeCertReq_ex error, ret = %d\n", ret); + } else { + derSz = ret; + ret = 0; + } + } + + if (ret == 0) { + ret = wc_SignCert_ex(req.bodySz, req.sigType, der, sizeof(der), + ECC_TYPE, (void*)&ecc, &rng); + if (ret <= 0) { + LOG_I("wc_SignCert_ex error, ret = %d\n", ret); + } else { + derSz = ret; + ret = 0; + } + } + + if (ret == 0) { + XMEMSET(pem, 0, sizeof(pem)); + ret = wc_DerToPem(der, derSz, pem, sizeof(pem), CERTREQ_TYPE); + if (ret <= 0) { + LOG_I("wc_DerToPem error, ret = %d\n", ret); + } else { + pemSz = ret; + LOG_I("Generated CSR (%d bytes)\n", pemSz); + ret = 0; + LOG_I("%s", pem); + } + } + + + /* Delete generated key in SE050 */ + if (ret == 0) { + LOG_I("Erasing ECC key stored in SE050 slot: 0x%08x\n", keyId); + ret = wc_se050_erase_object(keyId); + if (ret != 0) { + LOG_I("Failed to erase ECC key in SE050\n"); + } + } + + /* Free ECC key and RNG */ + if (ret == 0) { + ret = wc_ecc_free(&ecc); + if (ret != 0) { + LOG_I("wc_ecc_free error, ret = %d\n", ret); + } + } + if (ret == 0) { + ret = wc_FreeRng(&rng); + if (ret != 0) { + LOG_I("wc_FreeRng error, ret = %d\n", ret); + } + } + + /* Cleanup wolfSSL library resources */ + wolfSSL_Cleanup(); + + LOG_I("Done with sample app"); + return status; +#else + LOG_E("Examples requires wolfSSL be compiled with WOLFSSL_CERT_GEN " + "and WOLFSSL_CERT_REQ"); + return kStatus_SSS_Fail; +#endif /* WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */ +} + +#endif /* SIMW_DEMO_ENABLE__DEMO_WOLFCRYPT_GENERATE_CSR */ diff --git a/SE050/wolfssl/wolfcrypt_key_cert_insert/CMakeLists.txt b/SE050/wolfssl/wolfcrypt_key_cert_insert/CMakeLists.txt new file mode 100644 index 00000000..efa5efac --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_key_cert_insert/CMakeLists.txt @@ -0,0 +1,34 @@ +PROJECT(wolfcrypt_key_cert_insert) +FILE( + GLOB + files + *.c +) + +ADD_EXECUTABLE( + ${PROJECT_NAME} + ${KSDK_STARTUP_FILE} ${files} +) + +TARGET_COMPILE_DEFINITIONS( + ${PROJECT_NAME} + PRIVATE SIMW_DEMO_ENABLE__DEMO_WOLFCRYPT_KEY_CERT_INSERT USE_CERT_BUFFERS_2048 USE_CERT_BUFFERS_256 +) + +TARGET_INCLUDE_DIRECTORIES( + ${PROJECT_NAME} + PRIVATE ${SIMW_TOP_DIR}/sss/ex/inc +) + +TARGET_LINK_LIBRARIES( + ${PROJECT_NAME} + SSS_APIs + ex_common + wolfssl +) + +CREATE_BINARY(${PROJECT_NAME}) + +IF(SSS_HAVE_HOST_LINUX_LIKE) + INSTALL(TARGETS ${PROJECT_NAME} DESTINATION bin) +ENDIF() diff --git a/SE050/wolfssl/wolfcrypt_key_cert_insert/README.md b/SE050/wolfssl/wolfcrypt_key_cert_insert/README.md new file mode 100644 index 00000000..571e1657 --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_key_cert_insert/README.md @@ -0,0 +1,106 @@ +# wolfCrypt SE050 Key and Certificate Insertion and Use Example + +This example inserts and uses keys and certificates into SE050, including: + +1. Inserts sample RSA and ECC certs and keys into SE050 key IDs. Sample keys +and certs used are from wolfSSL's `` header and are demo +certs/keys that ship with wolfSSL: + + ``` + server_key_der_2048 RSA private key (2048-bit) + server_cert_der_2048 RSA cert (2048-bit), matches above key + public key from above RSA public key extracted from above cert + ecc_key_der_256 ECC private key (NIST P-256) + serv_ecc_der_256 ECC cert (NIST P-256), matches above key + public key from above ECC public key extracted from above cert + ``` + +2. Does an ECDSA verify using one of the ECC public keys and a ECDSA signature +in the form of ASCII R and S components. + +3. Reads back out the RSA and ECC certificate inserted, verifies they match the +original inserted. + +4. Erases the keys and certs from the SE050. + +## Building the Demo + +Before building this demo, follow initial setup instructions in the parent +[README.md](../../README.md). + +Once this example directory has been copied into the SE05x middleware directory +tree in the correct location, compiling the middleware will also compile this +demo application: + +``` +$ cd /home/pi/se_mw/simw-top_build/raspbian_native_se050_t1oi2c +$ cmake --build . +``` + +## Running the Demo + +To run the demo: + +``` +$ cd /home/pi/se_mw/simw-top_build/raspbian_native_se050_t1oi2c/bin +$ ./wolfcrypt_key_cert_insert +``` + +On successful run, output similar to the following will print out: + +``` +App :INFO :PlugAndTrust_v04.02.00_20220524 +App :INFO :Running ./wolfcrypt_key_cert_insert +App :INFO :If you want to over-ride the selection, use ENV=EX_SSS_BOOT_SSS_PORT or pass in command line arguments. +sss :INFO :atr (Len=35) + 00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08 + 01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41 + 54 50 4F +sss :WARN :Communication channel is Plain. +sss :WARN :!!!Not recommended for production use.!!! +App :INFO :Running wc_se050_set_config() +App :INFO :SE050 config successfully set in wolfSSL +App :INFO :Inserted RSA private key into SE050 key ID: 0x00005002 + +App :INFO :Inserted RSA certificate into SE050 key ID: 0x00005003 + +App :INFO :RSA key written to DER, 294 bytes + +App :INFO :Inserted RSA public key into SE050 key ID: 0x00005004 + +App :INFO :Inserted ECC private key into SE050 key ID: 0x00005005 + +App :INFO :Inserted ECC certificate into SE050 key ID: 0x00005006 + +App :INFO :Inserted ECC public key into SE050 key ID: 0x00005007 + +App :INFO :Setting ecc_key to use ID from SE050 + +App :INFO :Verifying ECDSA signature with SE050 key ID: 0x00005007 + +App :INFO :ECDSA verify success! + +App :INFO :Read RSA certificate (1260 bytes) + +App :INFO :RSA cert matches original loaded + +App :INFO :Read ECC certificate (677 bytes) + +App :INFO :ECC cert matches original loaded + +App :INFO :Erased RSA private key, key ID: 0x00005002 + +App :INFO :Erased RSA certificate, key ID: 0x00005003 + +App :INFO :Erased RSA public key, key ID: 0x00005004 + +App :INFO :Erased ECC private key, key ID: 0x00005005 + +App :INFO :Erased ECC certificate, key ID: 0x00005006 + +App :INFO :Erased ECC public key, key ID: 0x00005007 + +App :INFO :Done with sample app +App :INFO :ex_sss Finished +``` + diff --git a/SE050/wolfssl/wolfcrypt_key_cert_insert/wolfcrypt_key_cert_insert.c b/SE050/wolfssl/wolfcrypt_key_cert_insert/wolfcrypt_key_cert_insert.c new file mode 100644 index 00000000..4d9ec9cb --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_key_cert_insert/wolfcrypt_key_cert_insert.c @@ -0,0 +1,532 @@ +/* wolfcrypt_key_cert_insert.c + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* + * Example app inserts and uses keys and certificates into SE050. + * + * 1. Inserts sample RSA and ECC certs and keys into SE050 key IDs. + * Sample keys and certs used are from wolfSSL's + * header and are demo certs/keys that ship with wolfSSL: + * server_key_der_2048 RSA private key (2048-bit) + * server_cert_der_2048 RSA cert (2048-bit), matches above key + * public key from above RSA public key extracted from above cert + * ecc_key_der_256 ECC private key (NIST P-256) + * serv_ecc_der_256 ECC cert (NIST P-256), matches above key + * public key from above ECC public key extracted from above cert + * 2. Does an ECDSA verify using one of the ECC public keys and a + * ECDSA signature in the form of ASCII R and S components. + * 3. Reads back out the RSA and ECC certificate inserted, verifies + * they match the original inserted. + * 4. Erases the keys and certs from the SE050. + */ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#ifdef __cplusplus +} +#endif + +#if defined(SIMW_DEMO_ENABLE__DEMO_WOLFCRYPT_KEY_CERT_INSERT) + +static ex_sss_boot_ctx_t gex_sss_boot_ctx; + +#define EX_SSS_BOOT_PCONTEXT (&gex_sss_boot_ctx) +#define EX_SSS_BOOT_DO_ERASE 1 +#define EX_SSS_BOOT_EXPOSE_ARGC_ARGV 0 + +#define KEYID_RSA_PRIVATE 0x00005002 /* stores server_key_der_2048 */ +#define KEYID_RSA_CERT 0x00005003 /* stores server_cert_der_2048 */ +#define KEYID_RSA_PUBLIC 0x00005004 /* stores server_cert_der_2048 pub key */ +#define KEYID_ECC_PRIVATE 0x00005005 /* stores ecc_key_der_256 */ +#define KEYID_ECC_CERT 0x00005006 /* stores serv_ecc_der_256 */ +#define KEYID_ECC_PUBLIC 0x00005007 /* stores serv_ecc_der_256 public key */ + +#include + +static int se050_verify_ecc_sig_rs(const char* sigR, const char* sigS, + byte* digest, word32 digestSz, word32 keyId) +{ + int ret = 0; + int res = 0; + byte eccSig[ECC_MAX_SIG_SIZE]; + word32 eccSigSz; + ecc_key eccKey; + + if (sigR == NULL || sigS == NULL || digest == NULL || digestSz == 0) { + return -1; + } + + eccSigSz = sizeof(eccSig); + memset(eccSig, 0, eccSigSz); + + ret = wc_ecc_rs_to_sig(sigR, sigS, eccSig, &eccSigSz); + if (ret != 0) { + LOG_I("wc_ecc_rs_to_sig() failed, ret = %d\n", ret); + } + + /* Create ecc_key struct with SE050 key ID */ + if (ret == 0) { + ret = wc_ecc_init(&eccKey); + if (ret != 0) { + LOG_I("wc_ecc_init error, ret = %d\n", ret); + } + } + + if (ret == 0) { + LOG_I("Setting ecc_key to use ID from SE050\n"); + ret = wc_ecc_use_key_id(&eccKey, keyId, 0); + if (ret != 0) { + LOG_I("wc_ecc_use_key_id error, ret = %d\n", ret); + } + } + + if (ret == 0) { + LOG_I("Verifying ECDSA signature with SE050 key ID: 0x%08x\n", keyId); + ret = wc_ecc_verify_hash(eccSig, eccSigSz, digest, digestSz, &res, + &eccKey); + if (ret != 0 || res != 1) { + LOG_I("wc_ecc_verify_hash failed, ret = %d\n", ret); + } + } + + if (ret == 0) { + if (res != 1) { + LOG_I("ECDSA verify failed!\n"); + } else { + LOG_I("ECDSA verify success!\n"); + } + } + + /* Free ECC key and RNG */ + if (ret == 0) { + ret = wc_ecc_free(&eccKey); + if (ret != 0) { + LOG_I("wc_ecc_free error, ret = %d\n", ret); + } + } + + return ret; +} + +/** + * Insert sample certs/keys into SE050 key IDs: + * + * Key ID Credential + * ------ -------------------------------- + * KEYID_RSA_PRIVATE RSA private key + * KEYID_RSA_CERT RSA certificate + * KEYID_ECC_PRIVATE ECC private key + * KEYID_ECC_CERT ECC certificate + * KEYID_ECC_PUBLIC ECC public key (from cert above) + * + * Return 0 on success, negative on error. + */ +static int write_certs_keys_to_se050(void) +{ + int ret = 0; + + DecodedCert cert; + byte derKey[1024]; + word32 derKeySz = 0; + word32 idx = 0; + RsaKey rsaKey; + + /* Insert RSA private key */ + ret = wc_se050_rsa_insert_private_key(KEYID_RSA_PRIVATE, + server_key_der_2048, + sizeof_server_key_der_2048); + if (ret != 0) { + LOG_I("Error in se050_rsa_insert_private_key, ret = %d\n", ret); + } else { + LOG_I("Inserted RSA private key into SE050 key ID: 0x%08x\n", + KEYID_RSA_PRIVATE); + } + + /* Insert RSA certificate */ + ret = wc_se050_insert_binary_object(KEYID_RSA_CERT, + server_cert_der_2048, + sizeof_server_cert_der_2048); + if (ret != 0) { + LOG_I("Error in wc_se050_insert_binary_object, ret = %d\n", ret); + } else { + LOG_I("Inserted RSA certificate into SE050 key ID: 0x%08x\n", + KEYID_RSA_CERT); + } + + /* Extract RSA public key from cert DER */ + if (ret == 0) { + wc_InitDecodedCert(&cert, server_cert_der_2048, + sizeof_server_cert_der_2048, NULL); + + ret = wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) { + LOG_I("wc_ParseCert failed, ret = %d\n", ret); + } + else { + derKeySz = sizeof(derKey); + ret = wc_GetPubKeyDerFromCert(&cert, derKey, &derKeySz); + if (ret != 0) { + LOG_I("wc_GetPubKeyDerFromCert failed, ret = %d\n", ret); + } + } + wc_FreeDecodedCert(&cert); + } + + /* Convert RSA public key DER to format for SE050, needs header added */ + if (ret == 0) { + ret = wc_InitRsaKey(&rsaKey, NULL); + if (ret != 0) { + LOG_I("wc_InitRsaKey failed, ret = %d\n", ret); + } + else { + idx = 0; + ret = wc_RsaPublicKeyDecode(derKey, &idx, &rsaKey, derKeySz); + if (ret != 0) { + LOG_I("wc_RsaPublicKeyDecode failed, ret = %d\n", ret); + } + else { + derKeySz = sizeof(derKey); + ret = wc_RsaKeyToPublicDer_ex(&rsaKey, derKey, derKeySz, 1); + if (ret <= 0) { + LOG_I("wc_RsaKeyToDer failed, ret = %d\n", ret); + } else { + LOG_I("RSA key written to DER, %d bytes\n", ret); + derKeySz = ret; + ret = 0; + } + } + } + wc_FreeRsaKey(&rsaKey); + } + + /* Insert RSA public key from cert into SE050 */ + if (ret == 0) { + ret = wc_se050_rsa_insert_public_key(KEYID_RSA_PUBLIC, derKey, derKeySz); + if (ret != 0) { + LOG_I("Error in se050_rsa_insert_public_key, ret = %d\n", ret); + } else { + LOG_I("Inserted RSA public key into SE050 key ID: 0x%08x\n", + KEYID_RSA_PUBLIC); + } + } + + /* Insert ECC private key */ + ret = wc_se050_ecc_insert_private_key(KEYID_ECC_PRIVATE, ecc_key_der_256, + sizeof_ecc_key_der_256); + if (ret != 0) { + LOG_I("Error in se050_ecc_insert_private_key, ret = %d\n", ret); + } else { + LOG_I("Inserted ECC private key into SE050 key ID: 0x%08x\n", + KEYID_ECC_PRIVATE); + } + + /* Insert ECC certificate */ + ret = wc_se050_insert_binary_object(KEYID_ECC_CERT, serv_ecc_der_256, + sizeof_serv_ecc_der_256); + if (ret != 0) { + LOG_I("Error in wc_se050_insert_binary_object, ret = %d\n", ret); + } else { + LOG_I("Inserted ECC certificate into SE050 key ID: 0x%08x\n", + KEYID_ECC_CERT); + } + + /* Extract ECC public key from cert DER */ + if (ret == 0) { + wc_InitDecodedCert(&cert, serv_ecc_der_256, + sizeof_serv_ecc_der_256, NULL); + + ret = wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) { + LOG_I("wc_ParseCert failed, ret = %d\n", ret); + } + else { + derKeySz = sizeof(derKey); + ret = wc_GetPubKeyDerFromCert(&cert, derKey, &derKeySz); + if (ret != 0) { + LOG_I("wc_GetPubKeyDerFromCert failed, ret = %d\n", ret); + } + } + wc_FreeDecodedCert(&cert); + } + + /* Insert ECC public key from cert into SE050 */ + if (ret == 0) { + ret = wc_se050_ecc_insert_public_key(KEYID_ECC_PUBLIC, derKey, + derKeySz); + if (ret != 0) { + LOG_I("Error in se050_ecc_insert_public_key, ret = %d\n", ret); + } else { + LOG_I("Inserted ECC public key into SE050 key ID: 0x%08x\n", + KEYID_ECC_PUBLIC); + } + } + + return ret; +} + +/** + * Test reading certificates back out of SE050. + * + * Read sample certificates stored into the following key IDs: + * - KEYID_RSA_CERT + * - KEYID_ECC_CERT + * + * Return 0 on success, negative on error. + */ +static int read_certs_from_se050(void) +{ + int err = 0; + int ret = -1; + + byte* tmp = NULL; + word32 tmpSz = 0; + + /* get object size, to allocate memory */ + ret = wc_se050_get_binary_object(KEYID_RSA_CERT, tmp, &tmpSz); + if (ret != LENGTH_ONLY_E) { + LOG_I("wc_se050_get_binary_object did not return length only " + "like expected\n"); + err = 1; + } + + if (err == 0) { + /* allocate memory to read RSA cert */ + tmp = (byte*)XMALLOC(tmpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + LOG_I("Failed to allocate memory to read RSA cert\n"); + err = 1; + } + } + + if (err == 0) { + /* read RSA cert into tmp buffer */ + XMEMSET(tmp, 0, tmpSz); + ret = wc_se050_get_binary_object(KEYID_RSA_CERT, tmp, &tmpSz); + if (ret != 0) { + LOG_I("wc_se050_get_binary_object failed, ret = %d\n", ret); + err = 1; + } else { + LOG_I("Read RSA certificate (%d bytes)\n", tmpSz); + } + } + + if (err == 0) { + /* make sure RSA cert is same as one we originally wrote */ + if ((tmpSz != sizeof_server_cert_der_2048) || + (memcmp(tmp, server_cert_der_2048, tmpSz) != 0)) { + LOG_I("Error: RSA cert differs from original!\n"); + err = 1; + } else { + LOG_I("RSA cert matches original loaded\n"); + } + } + + if (err == 0) { + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = NULL; + tmpSz = 0; + + ret = wc_se050_get_binary_object(KEYID_ECC_CERT, tmp, &tmpSz); + if (ret != LENGTH_ONLY_E) { + LOG_I("wc_se050_get_binary_object did not return length only " + "like expected\n"); + err = 1; + } + } + + if (err == 0) { + /* allocate memory to read ECC cert */ + tmp = (byte*)XMALLOC(tmpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + LOG_I("Failed to allocate memory to read ECC cert\n"); + err = 1; + } + } + + if (err == 0) { + /* read ECC cert into tmp buffer */ + XMEMSET(tmp, 0, tmpSz); + ret = wc_se050_get_binary_object(KEYID_ECC_CERT, tmp, &tmpSz); + if (ret != 0) { + LOG_I("wc_se050_get_binary_object failed, ret = %d\n", ret); + err = 1; + } else { + LOG_I("Read ECC certificate (%d bytes)\n", tmpSz); + } + } + + if (err == 0) { + /* make sure ECC cert is same as one we originally wrote */ + if ((tmpSz != sizeof_serv_ecc_der_256) || + (memcmp(tmp, serv_ecc_der_256, tmpSz) != 0)) { + LOG_I("Error: ECC cert differs from original!\n"); + err = 1; + } else { + LOG_I("ECC cert matches original loaded\n"); + } + } + + if (tmp != NULL) { + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + if (err == 0) { + ret = 0; + } + + return ret; +} + +/** + * Erase sample certs/keys from SE050 + * + * Returns 0 on success, negative on error. + */ +static int erase_certs_keys_from_se050(void) +{ + int ret = 0; + + ret = wc_se050_erase_object(KEYID_RSA_PRIVATE); + if (ret != 0) { + LOG_I("Failed to erase RSA private key, ret = %d\n", ret); + } else { + LOG_I("Erased RSA private key, key ID: 0x%08x\n", KEYID_RSA_PRIVATE); + } + ret = wc_se050_erase_object(KEYID_RSA_CERT); + if (ret != 0) { + LOG_I("Failed to erase RSA certificate, ret = %d\n", ret); + } else { + LOG_I("Erased RSA certificate, key ID: 0x%08x\n", KEYID_RSA_CERT); + } + ret = wc_se050_erase_object(KEYID_RSA_PUBLIC); + if (ret != 0) { + LOG_I("Failed to erase RSA public key, ret = %d\n", ret); + } else { + LOG_I("Erased RSA public key, key ID: 0x%08x\n", KEYID_RSA_PUBLIC); + } + ret = wc_se050_erase_object(KEYID_ECC_PRIVATE); + if (ret != 0) { + LOG_I("Failed to erase ECC private key, ret = %d\n", ret); + } else { + LOG_I("Erased ECC private key, key ID: 0x%08x\n", KEYID_ECC_PRIVATE); + } + ret = wc_se050_erase_object(KEYID_ECC_CERT); + if (ret != 0) { + LOG_I("Failed to erase ECC certificate, ret = %d\n", ret); + } else { + LOG_I("Erased ECC certificate, key ID: 0x%08x\n", KEYID_ECC_CERT); + } + ret = wc_se050_erase_object(KEYID_ECC_PUBLIC); + if (ret != 0) { + LOG_I("Failed to erase ECC public key, ret = %d\n", ret); + } else { + LOG_I("Erased ECC public key, key ID: 0x%08x\n", KEYID_ECC_PUBLIC); + } + + return ret; +} + +sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx) +{ + int ret = 0; + sss_status_t status = kStatus_SSS_Success; + sss_session_t *pSession = (sss_session_t*)&pCtx->session; + sss_key_store_t *pKeyStore = (sss_key_store_t*)&pCtx->ks; + + const char* sigR = + "ccfaa12a0aa1b9aa9f1fd107865c8ab5b21f36ce6ca8fe5b2c8154280009f74e"; + const char* sigS = + "c09defd7a7c67a61ce1099dceaf840054351e199bf1a405675bf3ccb1939b024"; + + /* Test "hash" value, used to pre-generate the above R,S signature */ + const byte hashData[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + }; + + LOG_I("Running wc_se050_set_config()"); + ret = wc_se050_set_config(pSession, NULL, pKeyStore); + if (ret != 0) { + LOG_E("wc_se050_set_config failed"); + return kStatus_SSS_Fail; + } + LOG_I("SE050 config successfully set in wolfSSL"); + + /* Initialize wolfSSL library */ + wolfSSL_Init(); + + /* Write sample keys/certs to SE050 */ + ret = write_certs_keys_to_se050(); + if (ret != 0) { + LOG_E("Failed to write sample keys/certs to SE050\n"); + } + + /* Test verifying ECDSA {r,s} signature with KEYID_ECC_PUBLIC. + * NOTE: The R and S values here were pre-generated using wolfSSL + * and the private ECC key named "ecc_key_der_256" in the + * header. The certificate which wraps the + * public key for "ecc_key_der_256" is "serv_ecc_der_256". The public + * key from that certificate has been extracted and stored into key ID + * KEYID_ECC_PUBLIC. */ + if (ret == 0) { + ret = se050_verify_ecc_sig_rs(sigR, sigS, (byte*)hashData, + sizeof(hashData), KEYID_ECC_PUBLIC); + } + + /* Test reading back certs from SE050 */ + if (ret == 0) { + ret = read_certs_from_se050(); + } + + /* Erase sample keys/certs from SE050 */ + ret = erase_certs_keys_from_se050(); + if (ret != 0) { + LOG_E("Failed to erase sample certs/keys from SE050\n"); + } + + /* Cleanup wolfSSL library resources */ + wolfSSL_Cleanup(); + + LOG_I("Done with sample app"); + return status; +} + +#endif /* SIMW_DEMO_ENABLE__DEMO_WOLFCRYPT_KEY_CERT_INSERT */ diff --git a/SE050/wolfssl/wolfcrypt_test/CMakeLists.txt b/SE050/wolfssl/wolfcrypt_test/CMakeLists.txt new file mode 100644 index 00000000..373b3803 --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_test/CMakeLists.txt @@ -0,0 +1,34 @@ +PROJECT(wolfcrypt_test) +FILE( + GLOB + files + *.c +) + +ADD_EXECUTABLE( + ${PROJECT_NAME} + ${KSDK_STARTUP_FILE} ${files} +) + +TARGET_COMPILE_DEFINITIONS( + ${PROJECT_NAME} + PRIVATE SIMW_DEMO_ENABLE__DEMO_WOLFCRYPTTEST NO_MAIN_DRIVER BENCH_EMBEDDED USE_CERT_BUFFERS_2048 USE_CERT_BUFFERS_256 +) + +TARGET_INCLUDE_DIRECTORIES( + ${PROJECT_NAME} + PRIVATE ${SIMW_TOP_DIR}/sss/ex/inc /home/pi/se_mw/wolfssl +) + +TARGET_LINK_LIBRARIES( + ${PROJECT_NAME} + SSS_APIs + ex_common + wolfssl +) + +CREATE_BINARY(${PROJECT_NAME}) + +IF(SSS_HAVE_HOST_LINUX_LIKE) + INSTALL(TARGETS ${PROJECT_NAME} DESTINATION bin) +ENDIF() diff --git a/SE050/wolfssl/wolfcrypt_test/README.md b/SE050/wolfssl/wolfcrypt_test/README.md new file mode 100644 index 00000000..721426f5 --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_test/README.md @@ -0,0 +1,219 @@ +# wolfCrypt Test Demo Application + +This demo application runs the wolfCrypt test app. It tests all +algorithms enabled in wolfCrypt. It has been tested using a Raspberry Pi +and SE050 EdgeLock development kit. + +## Building the Demo + +Before building this demo, follow initial setup instructions in the parent +[README.md](../../README.md). + +**IMPORTANT:** This example requires the test.c and test.h files from a +wolfSSL source package be copied into this directory before compiling and +running the example. There are stub files included in this example directory +that should be overwritten: + +``` +$ cp wolfssl-X.X.X/wolfcrypt/test/test.c ./ +$ cp wolfssl-X.X.X/wolfcrypt/test/test.h ./ +``` + +Once this example directory has been copied into the SE05x middleware directory +tree in the correct location, compiling the middleware will also compile this +demo application: + +``` +$ cd /home/pi/se_mw/simw-top_build/raspbian_native_se050_t1oi2c +$ cmake --build . +``` + +## Running the Demo + +To run the demo: + +``` +$ cd /home/pi/se_mw/simw-top_build/raspbian_native_se050_t1oi2c/bin +$ ./wolfcrypt_test +``` + +On successful run, output similar to the following will print out: + +``` +App :INFO :PlugAndTrust_v04.02.00_20220524 +App :INFO :Running ./wolfcrypt_test +App :INFO :If you want to over-ride the selection, use ENV=EX_SSS_BOOT_SSS_PORT or pass in command line arguments. +sss :INFO :atr (Len=35) + 00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08 + 01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41 + 54 50 4F +sss :WARN :Communication channel is Plain. +sss :WARN :!!!Not recommended for production use.!!! +App :INFO :running setconfig +App :INFO :Ran setconfig successfully +------------------------------------------------------------------------------ + wolfSSL version 5.5.1 +------------------------------------------------------------------------------ +error test passed! +MEMORY test passed! +base64 test passed! +asn test passed! +RANDOM test passed! +MD5 test passed! +SHA test passed! +SHA-256 test passed! +SHA-384 test passed! +SHA-512 test passed! +Hash test passed! +HMAC-MD5 test passed! +HMAC-SHA test passed! +HMAC-SHA256 test passed! +HMAC-SHA384 test passed! +HMAC-SHA512 test passed! +HMAC-KDF test passed! +TLSv1.3 KDF test passed! +GMAC test passed! +Chacha test passed! +POLY1305 test passed! +ChaCha20-Poly1305 AEAD test passed! +AES test passed! +AES192 test passed! +AES256 test passed! +AES-GCM test passed! +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id FFFF +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10000 +RSA test passed! +DH test passed! +PWDBASED test passed! +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10001 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10002 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10003 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10004 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10005 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10006 +CHRIS: before ecc_sign_hash call, ret = 0 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10007 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10008 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10009 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1000A +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1000B +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1000C +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1000D +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1000E +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1000F +CHRIS: before ecc_sign_hash call, ret = 0 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10010 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10011 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10012 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10013 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10014 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10015 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10016 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10017 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10018 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10019 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1001A +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1001B +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1001C +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1001D +CHRIS: before ecc_sign_hash call, ret = 0 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1001E +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1001F +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10020 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10021 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10022 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10023 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10024 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10025 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10026 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10027 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10028 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10029 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1002A +CHRIS: before ecc_sign_hash call, ret = 0 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1002B +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1002C +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1002D +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1002E +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 1002F +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10030 +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10031 +ECC test passed! +sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn +sss :WARN :Could not delete Key id 10032 +ECC buffer test passed! +logging test passed! +time test passed! +mutex test passed! +memcb test passed! +Test complete +App :INFO :Ran wolfCrypt test +App :INFO :ex_sss Finished +``` + +## Demo Notes + +The `test.c` and `test.h` file in this directory have been copied +directly from the wolfSSL download directory, at: + +``` +wolfssl-X.X.X/wolfcrypt/test/test.c +wolfssl-X.X.X/wolfcrypt/test/test.h +``` + +It is expected to see warning messages in the console log about failures to +delete key ids. wolfCrypt internally tries to delete temporary/test keys, +and if those keys have not been stored in the SE050 the debug logs will show +these messages. + diff --git a/SE050/wolfssl/wolfcrypt_test/test.c b/SE050/wolfssl/wolfcrypt_test/test.c new file mode 100644 index 00000000..92d250b6 --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_test/test.c @@ -0,0 +1,23 @@ +/* test.c + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#error "Overwrite this file with wolfcrypt/test/test.c from wolfSSL" + diff --git a/SE050/wolfssl/wolfcrypt_test/test.h b/SE050/wolfssl/wolfcrypt_test/test.h new file mode 100644 index 00000000..26668318 --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_test/test.h @@ -0,0 +1,23 @@ +/* test.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#error "Overwrite this file with wolfcrypt/test/test.h from wolfSSL" + diff --git a/SE050/wolfssl/wolfcrypt_test/wolfcrypt_test.c b/SE050/wolfssl/wolfcrypt_test/wolfcrypt_test.c new file mode 100644 index 00000000..bdd4f8ec --- /dev/null +++ b/SE050/wolfssl/wolfcrypt_test/wolfcrypt_test.c @@ -0,0 +1,73 @@ +/* wolfcrypt_test.c + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include +#include +#include "test.h" + +#include +#include +#include + +#ifdef __cplusplus +} +#endif + +#if defined(SIMW_DEMO_ENABLE__DEMO_WOLFCRYPTTEST) + +static ex_sss_boot_ctx_t gex_sss_boot_ctx; + +#define EX_SSS_BOOT_PCONTEXT (&gex_sss_boot_ctx) +#define EX_SSS_BOOT_DO_ERASE 1 +#define EX_SSS_BOOT_EXPOSE_ARGC_ARGV 0 + +#include + +sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx) +{ + int ret = 0; + sss_status_t status = kStatus_SSS_Success; + sss_session_t *pSession = (sss_session_t*)&pCtx->session; + sss_key_store_t *pKeyStore = (sss_key_store_t*)&pCtx->ks; + + LOG_I("running setconfig"); + ret = wc_se050_set_config(pSession, NULL, pKeyStore); + if (ret != 0) { + LOG_E("wc_se050_set_config failed"); + return kStatus_SSS_Fail; + } + LOG_I("Ran setconfig successfully"); + + wolfSSL_Init(); + wolfcrypt_test(NULL); + wolfSSL_Cleanup(); + + LOG_I("Ran wolfCrypt test"); + return status; +} + +#endif /* SIMW_DEMO_ENABLE__DEMO_WOLFCRYPTTEST */