WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

adding devcrypto examples

pull/301/head
JacobBarthelmeh 2022-03-04 13:16:37 -08:00
parent da15ec48e4
commit 37e0b33f4b
10 changed files with 974 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
caam/seco/Makefile
View File

@ -1,9 +1,9 @@
# SECO Examples Makefile # SECO Examples Makefile
WOLFSSL_PATH ?= /usr/local WOLFSSL_PATH ?= /usr/local
DEVCRYPTO_PATH ?= /usr CRYPTODEV_DIR ?= /usr/include
ZLIB_PATH ?= /usr ZLIB_DIR ?= /usr
CFLAGS = -O -Wall -I$(WOLFSSL_PATH)/include -I$(SECO_PATH)/include -I$(DEVCRYPTO_PATH)/include CFLAGS = -O -Wall -I$(WOLFSSL_PATH)/include -I$(HSM_DIR)/include -I$(CRYPTODEV_DIR)
LIBS = -L$(WOLFSSL_PATH)/lib -L$(ZLIB_PATH)/lib -lm -lz -lpthread LIBS = -L$(WOLFSSL_PATH)/lib -L$(ZLIB_DIR)/lib -lm -lz -lpthread
# option variables # option variables
DYN_LIB = -lwolfssl DYN_LIB = -lwolfssl
@ -18,7 +18,7 @@ all: $(TARGETS)
# build template # build template
%: %.c %: %.c
$(CC) -o $@ $< $(CFLAGS) $(LIBS) $(STATIC_LIB) $(SECO_PATH)/lib/hsm_lib.a $(SECO_PATH)/lib/seco_nvm_manager.a $(CC) -o $@ $< $(CFLAGS) $(LIBS) $(STATIC_LIB) $(HSM_DIR)/lib/hsm_lib.a $(HSM_DIR)/lib/seco_nvm_manager.a
clean: clean:
rm -f $(TARGETS) rm -f $(TARGETS)

13
caam/seco/README.md
View File

@ -4,7 +4,14 @@ Example use cases when compiling wolfSSL with --enable-caam=seco
Setup the location to SECO HSM and NVM library, cryptodev header (if wolfSSL is built to look for it), wolfSSL library path, and libz install path. The following is examples of setting the envirnment variables: Setup the location to SECO HSM and NVM library, cryptodev header (if wolfSSL is built to look for it), wolfSSL library path, and libz install path. The following is examples of setting the envirnment variables:
export SECO_PATH=/home/user/imx-seco-libs/export/usr export HSM_DIR=/home/user/imx-seco-libs/export/usr
export DEVCRYPTO_PATH=/home/user/build-xwayland/sysroots-components/aarch64/cryptodev-linux/usr export CRYPTODEV_DIR=/home/user/build-xwayland/sysroots-components/aarch64/cryptodev-linux/usr/include
export WOLFSSL_PATH=/home/user/wolfssl-install export WOLFSSL_PATH=/home/user/wolfssl-install
export ZLIB_PATH=/home/user/zlib-aarch64-install export ZLIB_DIR=/home/user/zlib-aarch64-install
## Building wolfSSL
This is an example configure for building wolfSSL
./configure --host=aarch64-poky-linux --with-libz=$ZLIB_DIR --with-seco=$HSM_DIR --enable-caam=seco --enable-cmac --enable-aesgcm --enable-aesccm --enable-keygen CPPFLAGS="-DHAVE_AES_ECB -I$CRYPTODEV_DIR" --enable-devcrypto=seco --enable-curve25519 --enable-static --prefix=$WOLFSSL_PATH
## Additional cryptodev-linux Examples
Examples for use in conjunction with SECO are in the cryptodev directory

156
caam/seco/aes-ccm.c 100644
View File

@ -0,0 +1,156 @@
/* aes-ccm.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#include <stdio.h>
#if defined(HAVE_AESCCM)
#define MAX_UPDATES 100
static unsigned int createAesKey()
{
int keyGroup = 1; /* group one was chosen arbitrarily */
unsigned int keyIdOut;
int keyInfo = CAAM_KEY_PERSISTENT;
int keyType = CAAM_KEYTYPE_AES128;
byte pubOut[32];
/* generate a CMAC key in the HSM */
if (wc_SECO_GenerateKey(CAAM_GENERATE_KEY, keyGroup, pubOut, 0, keyType,
keyInfo, &keyIdOut) != 0) {
printf("Error generating key in hsm\n");
return -1;
}
return keyIdOut;
}
static int doCcm(unsigned int keyId, const byte* in, int inSz,
const byte* nonce)
{
Aes aes;
byte out[AES_BLOCK_SIZE*2];
byte cipherTxt[AES_BLOCK_SIZE*2];
byte authTag[AES_BLOCK_SIZE];
int i;
XMEMSET(authTag, 0, AES_BLOCK_SIZE);
XMEMSET(cipherTxt, 0, sizeof(cipherTxt));
wc_AesInit(&aes, NULL, WOLFSSL_CAAM_DEVID);
wc_SECO_AesSetKeyID(&aes, keyId);
printf("Encrypting : ");
for (i = 0; i < inSz; i++)
printf("%02X", in[i]);
printf("\n");
if (wc_AesCcmEncrypt(&aes, cipherTxt, in, inSz, nonce, 12, authTag, 16,
NULL, 0) != 0) {
printf("Issue with ccm encrypt\n");
}
printf("Cipher text: ");
for (i = 0; i < inSz; i++)
printf("%02X", cipherTxt[i]);
printf("\n");
printf("Tag : ");
for (i = 0; i < AES_BLOCK_SIZE; i++)
printf("%02X", authTag[i]);
printf("\n");
if (wc_AesCcmDecrypt(&aes, out, cipherTxt, inSz, nonce, 12, authTag, 16,
NULL, 0) != 0) {
printf("Issue with ccm decrypt\n");
}
printf("Decrypted : ");
for (i = 0; i < inSz; i++)
printf("%02X", out[i]);
printf("\n");
wc_AesFree(&aes);
return 0;
}
int main(int argc, char** argv)
{
word32 nonce = 0x1111;
int create = 0;
unsigned int keyId;
unsigned int keyStoreId;
const byte in[] = "test message to encrypt";
int inSz;
const byte n[] = {1,2,3,4,5,6,7,8,9,10,11,12};
inSz = (int)XSTRLEN((char*)in);
if (argc == 4) {
if (XSTRNCMP(argv[1], "1", 1) == 0) {
create = CAAM_KEYSTORE_CREATE;
}
keyId = (unsigned int)XATOI(argv[2]);
keyStoreId = (unsigned int)XATOI(argv[3]);
}
else {
printf("USAGE: %s <1/0 create> <keyid (0 if create)> <key store id>\n",
argv[0]);
return -1;
}
wolfSSL_Debugging_ON();
if (wolfCrypt_Init() != 0) {
printf("Could not initialize wolfSSL library!\n");
return -1;
}
if (wc_SECO_OpenHSM(keyStoreId, nonce, MAX_UPDATES, create) != 0) {
printf("unable to open HSM\n");
wolfCrypt_Cleanup();
return -1;
}
if (create) {
keyId = createAesKey();
}
printf("Key ID: %u\n", keyId);
doCcm(keyId, in, inSz, n);
wc_SECO_CloseHSM();
wolfCrypt_Cleanup();
return 0;
}
#else
#warning CCM support not detected
int main(int argc, char** argv)
{
printf("Recompile wolfSSL with --enable-aesccm for CCM use\n");
return 0;
}
#endif

144
caam/seco/aes-ecb.c 100644
View File

@ -0,0 +1,144 @@
/* aes-ecb.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#include <stdio.h>
#ifdef HAVE_AES_ECB
#define MAX_UPDATES 100
static unsigned int createAesKey()
{
int keyGroup = 1; /* group one was chosen arbitrarily */
unsigned int keyIdOut;
int keyInfo = CAAM_KEY_PERSISTENT;
int keyType = CAAM_KEYTYPE_AES128;
byte pubOut[32];
/* generate a CMAC key in the HSM */
if (wc_SECO_GenerateKey(CAAM_GENERATE_KEY, keyGroup, pubOut, 0, keyType,
keyInfo, &keyIdOut) != 0) {
printf("Error generating key in hsm\n");
return -1;
}
return keyIdOut;
}
static int doEcb(unsigned int keyId, const byte* in, int inSz)
{
Aes aes;
byte out[AES_BLOCK_SIZE*2];
byte cipherTxt[AES_BLOCK_SIZE*2];
int i;
XMEMSET(cipherTxt, 0, sizeof(cipherTxt));
wc_AesInit(&aes, NULL, WOLFSSL_CAAM_DEVID);
wc_SECO_AesSetKeyID(&aes, keyId);
printf("in = %p\n", in);
printf("out = %p\n", out);
printf("cipherTxt = %p\n", cipherTxt);
printf("Encrypting : ");
for (i = 0; i < inSz; i++)
printf("%02X", in[i]);
printf("\n");
if (wc_AesEcbEncrypt(&aes, cipherTxt, in, inSz) != 0) {
printf("Issue with ecb encrypt\n");
}
printf("Cipher text: ");
for (i = 0; i < inSz; i++)
printf("%02X", cipherTxt[i]);
printf("\n");
wc_AesEcbDecrypt(&aes, out, cipherTxt, inSz);
printf("Decrypted : ");
for (i = 0; i < inSz; i++)
printf("%02X", out[i]);
printf("\n");
wc_AesFree(&aes);
return 0;
}
int main(int argc, char** argv)
{
word32 nonce = 0x1111;
int create = 0;
unsigned int keyId;
unsigned int keyStoreId;
const byte in[] = "test message to encrypt";
if (argc == 4) {
if (XSTRNCMP(argv[1], "1", 1) == 0) {
create = CAAM_KEYSTORE_CREATE;
}
keyId = (unsigned int)XATOI(argv[2]);
keyStoreId = (unsigned int)XATOI(argv[3]);
}
else {
printf("USAGE: %s <1/0 create> <keyid (0 if create)> <key store id>\n",
argv[0]);
return -1;
}
wolfSSL_Debugging_ON();
if (wolfCrypt_Init() != 0) {
printf("Could not initialize wolfSSL library!\n");
return -1;
}
if (wc_SECO_OpenHSM(keyStoreId, nonce, MAX_UPDATES, create) != 0) {
printf("unable to open HSM\n");
wolfCrypt_Cleanup();
return -1;
}
if (create) {
keyId = createAesKey();
}
printf("Key ID: %u\n", keyId);
doEcb(keyId, in, AES_BLOCK_SIZE);
wc_SECO_CloseHSM();
wolfCrypt_Cleanup();
return 0;
}
#else
#warning compile wolfSSL with HAVE_AES_ECB for aes-ecb
int main(int argc, char** argv)
{
printf("Compile wolfSSL with HAVE_AES_ECB for aes-ecb\n");
return 0;
}
#endif

3
caam/seco/cmac.c
View File

@ -104,7 +104,8 @@ int main(int argc, char** argv)
} }
if (wc_SECO_OpenHSM(keyStoreId, nonce, MAX_UPDATES, create) != 0) { if (wc_SECO_OpenHSM(keyStoreId, nonce, MAX_UPDATES, create) != 0) {
printf("unable to open HSM\n"); printf("unable to open HSM, key store ID = %u create = %d\n",
keyStoreId, create);
wolfCrypt_Cleanup(); wolfCrypt_Cleanup();
return -1; return -1;
} }

24
caam/seco/cryptodev/Makefile 100644
View File

@ -0,0 +1,24 @@
# SECO Examples Makefile
WOLFSSL_PATH ?= /usr/local
CRYPTODEV_DIR ?= /usr/include
ZLIB_DIR ?= /usr
CFLAGS = -O -Wall -I$(WOLFSSL_PATH)/include -I$(HSM_DIR)/include -I$(CRYPTODEV_DIR)
LIBS = -L$(WOLFSSL_PATH)/lib -L$(ZLIB_DIR)/lib -lm -lz -lpthread
# option variables
DYN_LIB = -lwolfssl
STATIC_LIB = $(WOLFSSL_PATH)/lib/libwolfssl.a
# build targets
SRC=$(wildcard *.c)
TARGETS=$(patsubst %.c, %, $(SRC))
.PHONY: clean all
all: $(TARGETS)
# build template
%: %.c
$(CC) -o $@ $< $(CFLAGS) $(LIBS) $(STATIC_LIB) $(HSM_DIR)/lib/hsm_lib.a $(HSM_DIR)/lib/seco_nvm_manager.a
clean:
rm -f $(TARGETS)

202
caam/seco/cryptodev/ecc-sign-verify.c 100644
View File

@ -0,0 +1,202 @@
/* ecc-sign-verify.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/signature.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#include <stdio.h>
static void printEccKey(ecc_key* key)
{
byte pubX[MAX_ECC_BYTES];
byte pubY[MAX_ECC_BYTES];
byte pri[MAX_ECC_BYTES];
word32 qxSz = MAX_ECC_BYTES, qySz = MAX_ECC_BYTES, dSz = MAX_ECC_BYTES, i;
memset(pubX, 0, qxSz);
memset(pubY, 0, qySz);
memset(pri, 0, dSz);
if (wc_ecc_export_private_raw(key, pubX, &qxSz, pubY, &qySz, pri, &dSz)
!= MP_OKAY) {
printf("Error exporting private key\n");
return;
}
wc_ecc_export_private_only(key, pri, &dSz);
printf("Created KEY:\n");
printf("Public X :");
for (i = 0; i < qxSz; i++)
printf("%02X", pubX[i]);
printf("\n");
printf("Public Y :");
for (i = 0; i < qySz; i++)
printf("%02X", pubY[i]);
printf("\n");
printf("Private [%d]:", dSz);
for (i = 0; i < dSz; i++)
printf("%02X", pri[i]);
printf("\n");
/* if the key was encrypted it would be given an ID or blackKey flag set */
printf("Is Private Encrypted? %s\n", (key->blackKey) ? "YES":"NO");
}
/* create an ECC key using the given devId
* return 0 on success */
static int createEccKey(WC_RNG* rng, ecc_key* key, int sz, int devId)
{
int ret;
wc_ecc_init_ex(key, NULL, devId);
ret = wc_ecc_make_key(rng, sz, key);
if (ret != 0) {
printf("error making key\n");
}
else {
printEccKey(key);
}
wc_ecc_set_rng(key, rng);
return ret;
}
/* create signature
* return 0 on success */
static int createSignature(ecc_key* key, byte* sigOut, word32* sigOutSz,
byte* msg, word32 msgSz)
{
int ret;
WC_RNG rng;
wc_InitRng(&rng);
ret = wc_ecc_sign_hash(msg, msgSz, sigOut, sigOutSz, &rng, key);
if (ret != 0) {
printf("sign hash failed with error %d\n", ret);
}
wc_FreeRng(&rng);
return ret;
}
/* export the public key from 'from' and import it into key 'to' setting 'to'
* with the devId provided
* return 0 on success */
static int exportPubKey(ecc_key* from, ecc_key* to, int devId)
{
int ret;
byte pub[1024];
word32 pubSz = 1024;
wc_ecc_init_ex(to, NULL, devId);
ret = wc_ecc_export_x963(from, pub, &pubSz);
if (ret == 0) {
ret = wc_ecc_import_x963(pub, pubSz, to);
if (ret != 0) {
printf("issue %d importing public key\n", ret);
}
}
else {
printf("issue %d exporting public key\n", ret);
}
return ret;
}
/* attempt to verify the signature, prints success or failure */
static int verifySignature(ecc_key* key, byte* sig, word32 sigSz,
byte* msg, word32 msgSz)
{
int ret;
int stat = 0;
ret = wc_ecc_verify_hash(sig, sigSz, msg, msgSz, &stat, key);
printf("ret = %d stat = %d\n", ret, stat);
if (ret == 0 && stat == 1) {
printf("verification success\n");
}
else {
printf("verification fail [%d]\n", ret);
}
return ret;
}
int main(int argc, char** argv)
{
int ret;
ecc_key softKey, hardKey;
byte sig[1024];
byte msg[] = "Test signing and verifying";
word32 msgSz;
word32 sigSz = 1024, i;
WC_RNG rng;
msgSz = (word32)XSTRLEN((char*)msg);
wolfSSL_Debugging_ON();
if (wolfCrypt_Init() != 0) {
printf("Could not initialize wolfSSL library!\n");
return -1;
}
wc_InitRng(&rng);
XMEMSET(sig, 0, sigSz);
ret = createEccKey(&rng, &hardKey, 32, WOLFSSL_CAAM_DEVID);
if (ret == 0)
ret = createSignature(&hardKey, sig, &sigSz, msg, msgSz);
if (ret == 0) {
printf("signature created from hardware key:\n\t");
for (i = 0; i < sigSz; i++)
printf("%02X", sig[i]);
printf("\n");
/* use INVALID_DEVID to signal is a software ecc_key structure */
ret = exportPubKey(&hardKey, &softKey, INVALID_DEVID);
}
if (ret == 0) {
verifySignature(&softKey, sig, sigSz, msg, msgSz);
printf("\nverify signature using HSM key\n");
verifySignature(&hardKey, sig, sigSz, msg, msgSz);
printf("\nalter the signature and confirm verification fails\n");
sig[4] = !sig[4];
verifySignature(&softKey, sig, sigSz, msg, msgSz);
}
wc_ecc_free(&softKey);
wc_ecc_free(&hardKey);
wc_FreeRng(&rng);
wolfCrypt_Cleanup();
return 0;
}

171
caam/seco/cryptodev/ecdh.c 100644
View File

@ -0,0 +1,171 @@
/* ecdh.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#include <stdio.h>
static void printEccKey(ecc_key* key)
{
byte pubX[MAX_ECC_BYTES];
byte pubY[MAX_ECC_BYTES];
byte pri[MAX_ECC_BYTES];
word32 qxSz = MAX_ECC_BYTES, qySz = MAX_ECC_BYTES, dSz = MAX_ECC_BYTES, i;
memset(pubX, 0, qxSz);
memset(pubY, 0, qySz);
memset(pri, 0, dSz);
if (wc_ecc_export_private_raw(key, pubX, &qxSz, pubY, &qySz, pri, &dSz)
!= MP_OKAY) {
printf("Error exporting private key\n");
return;
}
wc_ecc_export_private_only(key, pri, &dSz);
printf("Created KEY:\n");
printf("Public X :");
for (i = 0; i < qxSz; i++)
printf("%02X", pubX[i]);
printf("\n");
printf("Public Y :");
for (i = 0; i < qySz; i++)
printf("%02X", pubY[i]);
printf("\n");
printf("Private [%d]:", dSz);
for (i = 0; i < dSz; i++)
printf("%02X", pri[i]);
printf("\n");
printf("Is Private Encrypted? %s\n", (key->blackKey) ? "YES":"NO");
}
static int createEccKey(WC_RNG* rng, ecc_key* key, int devId)
{
int ret;
wc_ecc_init_ex(key, NULL, devId);
ret = wc_ecc_make_key(rng, 32, key);
if (ret != 0) {
printf("error making key\n");
}
else {
printEccKey(key);
}
wc_ecc_set_rng(key, rng);
return ret;
}
int main(int argc, char** argv)
{
ecc_key softKey, hwKey;
byte sharedA[48];
byte sharedB[48];
word32 sharedSz = 32;
word32 i;
int ret;
WC_RNG rng;
wolfSSL_Debugging_ON();
if (wolfCrypt_Init() != 0) {
printf("Could not initialize wolfSSL library!\n");
return -1;
}
wc_InitRng(&rng);
ret = createEccKey(&rng, &hwKey, WOLFSSL_CAAM_DEVID);
if (ret != 0) {
printf("failed to create hardware key\n");
}
if (ret == 0) {
ret = createEccKey(&rng, &softKey, 0);
if (ret != 0) {
printf("failed to create software key\n");
}
}
if (ret == 0) {
ret = wc_ecc_shared_secret(&softKey, &hwKey, sharedA, &sharedSz);
if (ret != 0) {
printf("failed to create shared secret, ret = %d\n", ret);
}
else {
printf("Shared secret : ");
for (i = 0; i < sharedSz; i++)
printf("%02X", sharedA[i]);
printf("\n");
fflush(stdout);
}
}
if (ret == 0) {
XMEMSET(sharedB, 0, 32); sharedSz = 32;
ret = wc_ecc_shared_secret(&hwKey, &softKey, sharedB, &sharedSz);
if (ret != 0) {
printf("failed to create shared secret, ret = %d\n", ret);
}
else {
printf("Shared secret : ");
for (i = 0; i < sharedSz; i++)
printf("%02X", sharedB[i]);
printf("\n");
fflush(stdout);
}
}
if (ret == 0 && XMEMCMP(sharedA, sharedB, sharedSz) != 0) {
printf("shared secret missmatch!!\n");
ret = -1;
}
/* treat the encrypted private key like a normal software key and verify
* that it fails to create the correct shared secret */
if (ret == 0 && hwKey.blackKey != 0) {
hwKey.devId = INVALID_DEVID;
XMEMSET(sharedB, 0, 32); sharedSz = 32;
ret = wc_ecc_shared_secret(&hwKey, &softKey, sharedB, &sharedSz);
if (ret != 0) {
printf("failed to create shared secret, ret = %d\n", ret);
}
hwKey.devId = WOLFSSL_CAAM_DEVID;
}
if (ret == 0 && XMEMCMP(sharedA, sharedB, sharedSz) == 0) {
printf("shared secret matched when expected to fail!!\n");
ret = -1;
}
wc_ecc_free(&hwKey);
wc_ecc_free(&softKey);
wc_FreeRng(&rng);
wolfCrypt_Cleanup();
return ret;
}

78
caam/seco/cryptodev/hmac.c 100644
View File

@ -0,0 +1,78 @@
/* hmac.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#include <stdio.h>
int main(int argc, char** argv)
{
int ret, i;
Hmac hmac;
byte hash[WC_SHA256_DIGEST_SIZE];
const byte key[] = "Jefe";
const byte input[] = "what do ya want for nothing?";
const char expected[] =
"\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
"\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
"\x38\x43";
word32 inLen = (word32)XSTRLEN((char*)input);
int outLen = WC_SHA256_DIGEST_SIZE;
XMEMSET(hash, 0, outLen);
if (wolfCrypt_Init() != 0) {
printf("Error initializing wolfSSL library\n");
return -1;
}
/* initialize using WOLFSSL_CAAM_DEVID to use devcrypto code path */
if (wc_HmacInit(&hmac, NULL, WOLFSSL_CAAM_DEVID) != 0) {
printf("Issue initializing hmac\n");
}
ret = wc_HmacSetKey(&hmac, WC_SHA256, key, (word32)XSTRLEN((char*)key));
if (ret != 0)
printf("Issue with set key\n");
ret = wc_HmacUpdate(&hmac, input, inLen);
if (ret != 0)
printf("Issue with update\n");
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0)
printf("Issue with hmac final\n");
if (XMEMCMP(hash, expected, WC_SHA256_DIGEST_SIZE) != 0)
printf("result did not match expected result\n");
wc_HmacFree(&hmac);
printf("Result : ");
for (i = 0; i < outLen; i++)
printf("%02X", hash[i]);
printf("\n");
wolfCrypt_Cleanup();
return 0;
}

182
caam/seco/cryptodev/rsa.c 100644
View File

@ -0,0 +1,182 @@
/* rsa.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#include <stdio.h>
#define KEY_SIZE 3072
static int RsaGen(RsaKey* key, int size, long e, int devId)
{
int ret;
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_InitRsaKey_ex(key, NULL, devId);
if (ret == 0)
ret = wc_MakeRsaKey(key, size, e, &rng);
wc_FreeRng(&rng); /* always free rng if initialized */
}
return ret;
}
static int RsaSign(RsaKey* key, byte* in, int inSz, byte* out, int outSz)
{
int ret;
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0)
ret = wc_RsaSSL_Sign(in, inSz, out, outSz, key, &rng);
wc_FreeRng(&rng);
return ret;
}
int main(int argc, char** argv)
{
int ret, i;
int outSz;
RsaKey rsaHw, rsaSw;
byte msg[] = "message to encrypt";
int msgSz, resSz;
byte out[512];
byte res[512];
byte der[8192];
int derSz = 8192;
outSz = sizeof(out);
msgSz = sizeof(msg);
wolfSSL_Debugging_ON();
XMEMSET(out, 0, outSz);
if (wolfCrypt_Init() != 0) {
printf("Error initializing wolfSSL library\n");
return -1;
}
printf("Buffer to encrypt : ");
for (i = 0; i < msgSz; i++)
printf("%02X", msg[i]);
printf("\n");
/* create hardware key with encrypted private 'd' value */
printf("Creating key with hardware support\n");
ret = RsaGen(&rsaHw, KEY_SIZE, WC_RSA_EXPONENT, WOLFSSL_CAAM_DEVID);
if (ret != 0) {
printf("Issue with key generation\n");
}
/* create a key using software implementation */
printf("Creating key with software implementation\n");
ret = RsaGen(&rsaSw, KEY_SIZE, WC_RSA_EXPONENT, INVALID_DEVID);
if (ret != 0) {
printf("Issue with key generation\n");
}
/* for sign/verify sanity check importing the hardware key components */
wc_FreeRsaKey(&rsaSw);
wc_InitRsaKey_ex(&rsaSw, NULL, INVALID_DEVID);
ret = wc_RsaKeyToDer(&rsaHw, der, derSz);
if (ret <= 0) {
printf("failed to get DER of key : %d\n", ret);
ret = -1;
}
else {
word32 idx = 0;
derSz = ret;
ret = wc_RsaPrivateKeyDecode(der, &idx, &rsaSw, derSz);
}
/* sign and verify using hardware key with encrypted private 'd' value */
if (ret == 0) {
outSz = RsaSign(&rsaHw, msg, msgSz, out, outSz);
if (outSz > 0) {
printf("Result of RSA encrypt [%d]: ", outSz);
for (i = 0; i < outSz; i++)
printf("%02X", out[i]);
printf("\n");
resSz = wc_RsaSSL_Verify(out, outSz, res, outSz, &rsaHw);
if (resSz <= 0) {
printf("RSA decrypt failed\n");
}
else {
printf("Result of RSA decrypt: ");
for (i = 0; i < resSz; i++)
printf("%02X", res[i]);
printf("\n");
}
/* verify with software key should work too (only private encrypted) */
resSz = wc_RsaSSL_Verify(out, outSz, res, outSz, &rsaSw);
if (resSz <= 0) {
printf("RSA decrypt failed with software key\n");
}
else {
printf("Result of RSA decrypt with software key: ");
for (i = 0; i < resSz; i++)
printf("%02X", res[i]);
printf("\n");
}
}
else {
printf("RsaSign failed\n");
}
}
/* sign with black key used without decryption should fail */
if (ret == 0) {
outSz = RsaSign(&rsaSw, msg, msgSz, out, outSz);
if (outSz > 0) {
printf("Result of RSA encrypt [%d]: ", outSz);
for (i = 0; i < outSz; i++)
printf("%02X", out[i]);
printf("\n");
resSz = wc_RsaSSL_Verify(out, outSz, res, outSz, &rsaSw);
if (resSz > 0) {
printf("RSA decrypt should fail!!\n");
}
else {
printf("Succesful fail test case\n");
}
}
else {
printf("RsaSign failed\n");
}
}
wc_FreeRsaKey(&rsaHw);
wc_FreeRsaKey(&rsaSw);
wolfCrypt_Cleanup();
return 0;
}