013a6da63d
release v5.5.4-stable. Changes include minor build fixes and README updates. |
||
---|---|---|
.. | ||
images | ||
wolfssl | ||
README.md |
README.md
wolfSSL NXP SE050 Examples
wolfSSL includes support for the NXP SE050 Plug & Trust Secure Element. For details about the NXP SE050, see NXP's SE050 page.
This directory contains wolfSSL examples for NXP SE050. The examples have been written for and tested on a Raspberry Pi with NXP SE050 EdgeLock development kit.
For complete details on wolfSSL's support for NXP SE050, see README_SE050.md. That document also describes how to download, build, and compile the SE05x Middleware. It should be followed first before moving on to installing and running these examples.
Installing Example Applications
These instructions assume that the SE050 middleware has already been installed
in Raspbian and is located at /home/pi/se_mw/simw-top
. Also that wolfSSL has
been built and installed. See instructions in the wolfSSL repository at
wolfcrypt/src/port/nxp/README_SE050.md
.
Example SE050 Pi installation steps:
$ cd se_mw/simw-top
$ mkdir build && cd build
$ ccmake .
# Make sure the following are set:
# `Host OS` to `Raspbian`
# `Host Crypto` to `None` (see HostCrypto section below)
# `SMCOM` to `T1oI2C`
$ c # to configure
$ g # to generate
$ q
$ cmake --build .
$ sudo make install
Example wolfSSL installation:
./configure --with-se050=/home/pi/se_mw/simw-top/ --enable-keygen --enable-cryptocb \
--disable-examples --disable-crypttests
make
sudo make install
Before building these demos, the "wolfssl" folder which contains these demos
should be copied into the SE05x middleware source tree at: ~/se_mw/simw-top/demos/wolfssl
.
Example: cp -r wolfssl ~/se_mw/simw-top/demos/
This will mean the wolfSSL demo applications will be at:
~/se_mw/simw-top/demos/wolfssl/wolfcrypt_benchmark
~/se_mw/simw-top/demos/wolfssl/wolfcrypt_generate_csr
~/se_mw/simw-top/demos/wolfssl/wolfcrypt_key_cert_insert
~/se_mw/simw-top/demos/wolfssl/wolfcrypt_test
~/se_mw/simw-top/demos/wolfssl/wolfssl_client
~/se_mw/simw-top/demos/wolfssl/wolfssl_client_cert_key
The 'wolfssl' demo directory needs to be tied into the CMake build system. Open the following file:
~/se_mw/simw-top/demos/CMakeLists.txt
Add the following at the bottom of this file:
ADD_SUBDIRECTORY(wolfssl)
If the SE05x middleware has not yet been set up for compilation:
$ cd ~/se_mw/simw-top/scripts
$ python ./create_cmake_projects.py rpi
$ cd ~/se_mw/simw-top_build/raspbian_native_se050_t1oi2c
$ ccmake .
< adjust options to match SE050 dev kit >
< 'c', to configure >
< 'g', to generate >
$ cmake --build .
This will build the SE05x middleware along with demos, including the wolfCrypt test application.
IMPORTANT: Note that the wolfCrypt test and benchmark application examples included here need benchmark.c, benchmark.h, test.c, and test.h copied over from a valid wolfSSL source tree. See notes in those example README.md files for more information.
cp ~/wolfssl/wolfcrypt/benchmark/benchmark.c ./wolfssl/wolfcrypt_benchmark/
cp ~/wolfssl/wolfcrypt/benchmark/benchmark.h ./wolfssl/wolfcrypt_benchmark/
cp ~/wolfssl/wolfcrypt/test/test.c ./wolfssl/wolfcrypt_test/
cp ~/wolfssl/wolfcrypt/test/test.h ./wolfssl/wolfcrypt_test/
NXP SE050 EdgeLock Configuration
wolfSSL most recently tested these examples on a Raspberry Pi with NXP EdgeLock development kit. The following CMake options were used. This uses OpenSSL as the HostCrypto Provider and enables SCP03 authentication.
Example Applications
wolfCrypt Test Application
This application will run the wolfCrypt test application, running cryptography test vectors through all algorithms enabled in wolfSSL. For details, see README.md.
wolfCrypt Benchmark Application
This application will run the wolfCrypt benchmark application, benchmarking all enabled algorithms in wolfSSL. For details, see README.md.
wolfCrypt SE050 Key and Certificate Insertion and Use Example
This example inserts and uses certificates and keys into the SE050. It does an ECDSA verify operation of an ASCII-encoded {R,S} signature, reads back out the RSA and ECC certificates imported and verifies they match the original ones, then erases keys and certificates that were imported into the SE050. For details, see README.md.
wolfCrypt CSR Generation Example
This example generates a Certificate Signing Request (CSR) using a key
generated and stored in the SE050. This examples requires that wolfSSL be
compiled with --enable-certgen --enable-certreq
. For details, see
README.md.
wolfSSL SSL/TLS Client Example
This example demonstrates a simple SSL/TLS client, using hardware-based cryptography supported inside the SE050. It loads and uses a certificate and private key from C arrays/buffers. For a more advanced demo which uses the private key directly from the SE050, see the following example. For details, see README.md.
wolfSSL SSL/TLS Client Example with Cert and Private Key in SE050
This example demonstrates a simple SSL/TLS client, using hardware-based cryptography supported inside the SE050. It loads and uses a certificate and private key from C arrays/buffers into the SE050, then does all private key operations inside the SE050 for the TLS private key, based on a key ID. For details, see README.md.
Support
For support questions and issues, please email wolfSSL at support@wolfssl.com.