WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

New additions for MAXQ with wolfPKCS11 

- Support using MAXQ for:
    - AES-ECB
    - AES-CCM
    - AES-CBC
    - ECC Key Generation and ECDH
- in wc_ecc_import_private_key_ex():
    - check to make sure devId is not invalid before calling wc_MAXQ10XX_EccSetKey().
    - This is because the raspberry pi sometimes need to sign stuff.
- in aes_set_key() and ecc_set_key():
    - delete a key in case it already exists; ignore error since it might not exist.
    - unlock, lock the HW mutex around ECDSA_sign() because it needs access to rng
- in wolfSSL_MAXQ10XX_CryptoDevCb:
    - allow maxq1065 to call the crypto callback.
    - do not set the key during signing; use pre provisioned one instead (DEVICE_KEY_PAIR_OBJ_ID)
pull/8343/head
Anthony Hu 2025-01-08 18:30:11 -05:00
parent 5b07d41cb3
commit 18396c4740
3 changed files with 499 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wolfcrypt/src/ecc.c
View File

@ -11352,7 +11352,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
#endif #endif
#ifdef WOLFSSL_MAXQ10XX_CRYPTO #ifdef WOLFSSL_MAXQ10XX_CRYPTO
if (ret == 0) { if ((ret == 0) && (key->devId != INVALID_DEVID)) {
ret = wc_MAXQ10XX_EccSetKey(key, key->dp->size); ret = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
} }
#elif defined(WOLFSSL_SILABS_SE_ACCEL) #elif defined(WOLFSSL_SILABS_SE_ACCEL)

482
wolfcrypt/src/port/maxim/maxq10xx.c
View File

@ -97,7 +97,9 @@ void dbg_dumphex(const char *identifier, const uint8_t* pdata, uint32_t plen);
#define MAX_SIGNKEY_DATASIZE 96 #define MAX_SIGNKEY_DATASIZE 96
#define MAX_SIG_DATASIZE 64 #define MAX_SIG_DATASIZE 64
#define ECC_KEYCOMPLEN 32 #define ECC_KEYCOMPLEN 32
#define ESTABLISH_OUT_MAX 128
#define FIXED_INFO_LEN 32
#define FIXED_INFO_VALUE 0xaa
#ifdef WOLFSSL_MAXQ108X #ifdef WOLFSSL_MAXQ108X
#define PSK_KID (0x1235) #define PSK_KID (0x1235)
@ -600,6 +602,9 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen)
goto end_AesSetKey; goto end_AesSetKey;
} }
/* Delete object if one already exists. Ignore error in case it doesn't
* exist. */
(void)MXQ_DeleteObject(obj_id);
mxq_rc = MXQ_CreateObject(obj_id, keylen, MXQ_OBJTYPE_SECRETKEY, mxq_rc = MXQ_CreateObject(obj_id, keylen, MXQ_OBJTYPE_SECRETKEY,
OBJPROP_PERSISTENT, OBJPROP_PERSISTENT,
(char *)"ahs=rwdgx:ahs=rwdgx:ahs=rwdgx"); (char *)"ahs=rwdgx:ahs=rwdgx:ahs=rwdgx");
@ -626,13 +631,26 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen)
LoadDefaultImportKey(sign_key, &sign_key_len, &sign_key_curve, LoadDefaultImportKey(sign_key, &sign_key_len, &sign_key_curve,
&sign_key_type); &sign_key_type);
/* Unlock because signing operation will need to use the RNG. */
#if defined(MAXQ10XX_MUTEX)
wolfSSL_CryptHwMutexUnLock();
#endif
rc = ECDSA_sign(signature, &signature_len, sign_key, key_buff, key_buff_len, rc = ECDSA_sign(signature, &signature_len, sign_key, key_buff, key_buff_len,
sign_key_curve); sign_key_curve);
if (rc) { if (rc) {
WOLFSSL_ERROR_MSG("MAXQ: ECDSA_sign() failed"); WOLFSSL_ERROR_MSG("MAXQ: ECDSA_sign() failed");
goto end_AesSetKey; goto end_AesSetKey_noUnlock;
} }
#if defined(MAXQ10XX_MUTEX)
rc = maxq_CryptHwMutexTryLock();
if (rc != 0) {
WOLFSSL_ERROR_MSG("MAXQ: aes_set_key() lock could not be acquired");
rc = NOT_COMPILED_IN;
goto end_AesSetKey_noUnlock;
}
#endif
mxq_rc = MXQ_ImportKey(obj_id, getSignAlgoFromCurve(sign_key_curve), mxq_rc = MXQ_ImportKey(obj_id, getSignAlgoFromCurve(sign_key_curve),
PUBKEY_IMPORT_OBJID, key_buff, key_buff_len, PUBKEY_IMPORT_OBJID, key_buff, key_buff_len,
signature, signature_len); signature, signature_len);
@ -647,6 +665,7 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen)
end_AesSetKey: end_AesSetKey:
wolfSSL_CryptHwMutexUnLock(); wolfSSL_CryptHwMutexUnLock();
end_AesSetKey_noUnlock:
return rc; return rc;
} }
#endif /* MAXQ_AESGCM */ #endif /* MAXQ_AESGCM */
@ -680,12 +699,14 @@ void wc_MAXQ10XX_AesFree(Aes* aes)
} }
#ifdef MAXQ_ECC #ifdef MAXQ_ECC
static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen) static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen,
int for_ecdh)
{ {
mxq_err_t mxq_rc; mxq_err_t mxq_rc;
int rc; int rc;
word32 keylen; word32 keylen;
int objtype; int objtype;
mxq_keyuse_t key_use;
mxq_u1 key_buff[MAX_KEY_DATASIZE]; mxq_u1 key_buff[MAX_KEY_DATASIZE];
mxq_length key_buff_len = sizeof(key_buff); mxq_length key_buff_len = sizeof(key_buff);
unsigned char sign_key[MAX_SIGNKEY_DATASIZE]; unsigned char sign_key[MAX_SIGNKEY_DATASIZE];
@ -708,6 +729,13 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
objtype = MXQ_OBJTYPE_KEYPAIR; objtype = MXQ_OBJTYPE_KEYPAIR;
} }
if (for_ecdh) {
key_use = MXQ_KEYUSE_KEY_EXCHAGE;
}
else {
key_use = MXQ_KEYUSE_DATASIGNATURE;
}
#if defined(MAXQ10XX_MUTEX) #if defined(MAXQ10XX_MUTEX)
rc = maxq_CryptHwMutexTryLock(); rc = maxq_CryptHwMutexTryLock();
if (rc != 0) { if (rc != 0) {
@ -728,6 +756,9 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
goto end_EccSetKey; goto end_EccSetKey;
} }
/* Delete object if one already exists. Ignore error in case it doesn't
* exist. */
(void)MXQ_DeleteObject(obj_id);
mxq_rc = MXQ_CreateObject(obj_id, keylen, objtype, OBJPROP_PERSISTENT, mxq_rc = MXQ_CreateObject(obj_id, keylen, objtype, OBJPROP_PERSISTENT,
(char *)"ahs=rwdgx:ahs=rwdgx:ahs=rwdgx"); (char *)"ahs=rwdgx:ahs=rwdgx:ahs=rwdgx");
if (mxq_rc) { if (mxq_rc) {
@ -741,7 +772,7 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
mxq_rc = MXQ_BuildKey(key_buff, &key_buff_len, MXQ_KEYTYPE_ECC, mxq_rc = MXQ_BuildKey(key_buff, &key_buff_len, MXQ_KEYTYPE_ECC,
MXQ_KEYPARAM_EC_P256R1, keycomplen, keylen, MXQ_KEYPARAM_EC_P256R1, keycomplen, keylen,
MXQ_KEYUSE_DATASIGNATURE, ALGO_ECDSA_SHA_256, key_use, ALGO_ECDSA_SHA_256,
MXQ_KEYUSE_NONE, ALGO_NONE, (mxq_u1 *)userKey); MXQ_KEYUSE_NONE, ALGO_NONE, (mxq_u1 *)userKey);
if (mxq_rc) { if (mxq_rc) {
WOLFSSL_ERROR_MSG("MAXQ: MXQ_BuildKey() failed"); WOLFSSL_ERROR_MSG("MAXQ: MXQ_BuildKey() failed");
@ -752,13 +783,27 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
LoadDefaultImportKey(sign_key, &sign_key_len, &sign_key_curve, LoadDefaultImportKey(sign_key, &sign_key_len, &sign_key_curve,
&sign_key_type); &sign_key_type);
/* Unlock because signing operation will need to use the RNG. */
#if defined(MAXQ10XX_MUTEX)
wolfSSL_CryptHwMutexUnLock();
#endif
rc = ECDSA_sign(signature, &signature_len, sign_key, key_buff, key_buff_len, rc = ECDSA_sign(signature, &signature_len, sign_key, key_buff, key_buff_len,
sign_key_curve); sign_key_curve);
if (rc) { if (rc) {
WOLFSSL_ERROR_MSG("MAXQ: ECDSA_sign() failed"); WOLFSSL_ERROR_MSG("MAXQ: ECDSA_sign() failed");
goto end_EccSetKey; goto end_EccSetKey_noUnlock;
} }
#if defined(MAXQ10XX_MUTEX)
rc = maxq_CryptHwMutexTryLock();
if (rc != 0) {
WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired");
rc = NOT_COMPILED_IN;
goto end_EccSetKey_noUnlock;
}
#endif
mxq_rc = MXQ_ImportKey(obj_id, getSignAlgoFromCurve(sign_key_curve), mxq_rc = MXQ_ImportKey(obj_id, getSignAlgoFromCurve(sign_key_curve),
PUBKEY_IMPORT_OBJID, key_buff, key_buff_len, PUBKEY_IMPORT_OBJID, key_buff, key_buff_len,
signature, signature_len); signature, signature_len);
@ -772,9 +817,207 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
key->maxq_ctx.key_pending = 0; key->maxq_ctx.key_pending = 0;
end_EccSetKey: end_EccSetKey:
#if defined(MAXQ10XX_MUTEX)
wolfSSL_CryptHwMutexUnLock(); wolfSSL_CryptHwMutexUnLock();
#endif
end_EccSetKey_noUnlock:
return rc; return rc;
} }
static int ecc_gen_key(ecc_key* key, word32 keycomplen)
{
mxq_err_t mxq_rc;
int rc;
word32 keylen;
int objtype;
mxq_u1 key_buff[MAX_KEY_DATASIZE];
mxq_length key_buff_len = sizeof(key_buff);
unsigned char sign_key[MAX_SIGNKEY_DATASIZE];
int sign_key_len, sign_key_curve, sign_key_type;
mxq_u1 signature[MAX_SIG_DATASIZE];
int signature_len = (int)sizeof(signature);
if ((key->type != 0) && (key->type != ECC_PRIVATEKEY)
&& (key->type != ECC_PRIVATEKEY_ONLY)) {
return BAD_FUNC_ARG;
}
key->type = ECC_PRIVATEKEY;
keylen = keycomplen * 3;
objtype = MXQ_OBJTYPE_KEYPAIR;
#if defined(MAXQ10XX_MUTEX)
rc = maxq_CryptHwMutexTryLock();
if (rc != 0) {
WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired");
rc = NOT_COMPILED_IN;
return rc;
}
#endif
if (key->maxq_ctx.key_obj_id) {
wc_MAXQ10XX_EccFree(key);
}
int obj_id = alloc_ecc_key_id();
if (!obj_id) {
WOLFSSL_ERROR_MSG("MAXQ: alloc_ecc_key_id() failed");
rc = NOT_COMPILED_IN;
goto end_EccGenKey;
}
/* Delete object if one already exists. Ignore error in case it doesn't
* exist. */
(void)MXQ_DeleteObject(obj_id);
mxq_rc = MXQ_CreateObject(obj_id, keylen, objtype, OBJPROP_PERSISTENT,
(char *)"ahs=rwdgx:ahs=rwdgx:ahs=rwdgx");
if (mxq_rc) {
WOLFSSL_ERROR_MSG("MAXQ: MXQ_CreateObject() failed");
rc = NOT_COMPILED_IN;
goto end_EccGenKey;
}
/* store the object id in the context */
key->maxq_ctx.key_obj_id = obj_id;
/* Note that total_keylen is 0 and psrc is NULL. This ensures that when
* MXQ_ImportKey() is called, it does a keygen; not import. */
mxq_rc = MXQ_BuildKey(key_buff, &key_buff_len, MXQ_KEYTYPE_ECC,
MXQ_KEYPARAM_EC_P256R1, keycomplen, 0,
MXQ_KEYUSE_KEY_EXCHAGE, ALGO_ECDSA_SHA_256,
MXQ_KEYUSE_NONE, ALGO_NONE, NULL);
if (mxq_rc) {
WOLFSSL_ERROR_MSG("MAXQ: MXQ_BuildKey() failed");
rc = WC_HW_E;
goto end_EccGenKey;
}
LoadDefaultImportKey(sign_key, &sign_key_len, &sign_key_curve,
&sign_key_type);
/* Unlock because signing operation will need to use the RNG. */
#if defined(MAXQ10XX_MUTEX)
wolfSSL_CryptHwMutexUnLock();
#endif
rc = ECDSA_sign(signature, &signature_len, sign_key, key_buff, key_buff_len,
sign_key_curve);
if (rc) {
WOLFSSL_ERROR_MSG("MAXQ: ECDSA_sign() failed");
goto end_EccGenKey_noUnlock;
}
#if defined(MAXQ10XX_MUTEX)
rc = maxq_CryptHwMutexTryLock();
if (rc != 0) {
WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired");
rc = NOT_COMPILED_IN;
goto end_EccGenKey_noUnlock;
}
#endif
mxq_rc = MXQ_ImportKey(obj_id, getSignAlgoFromCurve(sign_key_curve),
PUBKEY_IMPORT_OBJID, key_buff, key_buff_len,
signature, signature_len);
if (mxq_rc) {
WOLFSSL_ERROR_MSG("MAXQ: MXQ_ImportKey() failed");
rc = WC_HW_E;
goto end_EccGenKey;
}
key->maxq_ctx.hw_ecc = 1;
end_EccGenKey:
#if defined(MAXQ10XX_MUTEX)
wolfSSL_CryptHwMutexUnLock();
#endif
end_EccGenKey_noUnlock:
return rc;
}
static int ecc_establish(ecc_key* key, ecc_key* peer, byte *ss, word32 *ss_len)
{
mxq_err_t mxq_rc;
int rc = 0;
byte fixed_info_len = FIXED_INFO_LEN;
byte fixed_info[FIXED_INFO_LEN];
mxq_length output_len = ESTABLISH_OUT_MAX;
byte output[ESTABLISH_OUT_MAX];
word32 peerKeySz = peer->dp->size;
uint8_t peerKeyBuf[MAX_EC_KEY_SIZE];
uint8_t* peerKey = peerKeyBuf;
uint8_t* qx = peerKey;
uint8_t* qy = &peerKey[peerKeySz];
word32 qxLen = peerKeySz;
word32 qyLen = peerKeySz;
/* ECC P256 shared secret is 32 bytes. */
if (*ss_len != 32) {
return BAD_FUNC_ARG;
}
if (peer == NULL) {
return BAD_FUNC_ARG;
}
if (key == NULL) {
return BAD_FUNC_ARG;
}
if (key->maxq_ctx.hw_ecc != 1) {
/* The key was not generated. Lets import it. */
if (key->maxq_ctx.hw_ecc == 0) {
rc = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
if (rc != 0) {
return rc;
}
}
if (key->maxq_ctx.hw_ecc == -1) {
return CRYPTOCB_UNAVAILABLE;
}
rc = ecc_set_key(key, key->maxq_ctx.ecc_key, key->dp->size, 1);
}
if (rc != 0) {
return rc;
}
if (key->maxq_ctx.key_obj_id == 0) {
return WC_HW_E;
}
wc_ecc_export_public_raw(peer, qx, &qxLen, qy, &qyLen);
if (rc != 0) {
return rc;
}
/* This follows what is done in other MAXQ10xx examples. */
XMEMSET(fixed_info, FIXED_INFO_VALUE, fixed_info_len);
/* 0xFFFF indicates that the peer's public key will be in the buffer; not
* referenced via key ID. */
mxq_rc = MXQ_EstablishKey(SHARE_SECRET, MXQ_KEYPARAM_EC_P256R1,
key->maxq_ctx.key_obj_id, 0xFFFF, peerKey,
0, NULL, 0, 0, 0, 0, fixed_info_len, fixed_info,
0, 0, NULL, output, &output_len);
if (mxq_rc) {
WOLFSSL_ERROR_MSG("MAXQ: MXQ_EstablishKey() failed");
rc = WC_HW_E;
}
/* Output contains the public key and shared secret concatenated. The public
* key is (0x04 || X || Y) which means its 65 bytes. The shared secret is
* in the 32 bytes after that. */
XMEMCPY(ss, &output[1 + ECC256_KEYSIZE + ECC256_KEYSIZE], *ss_len);
return rc;
}
#endif /* MAXQ_ECC */ #endif /* MAXQ_ECC */
void wc_MAXQ10XX_EccFree(ecc_key* key) void wc_MAXQ10XX_EccFree(ecc_key* key)
@ -894,12 +1137,14 @@ static int maxq10xx_cipher_do(mxq_algo_id_t algo_id, mxq_u1 encrypt,
cparams.p_aad = p_aad; cparams.p_aad = p_aad;
cparams.aad_length = aad_len; cparams.aad_length = aad_len;
if (encrypt) { if ((algo_id == ALGO_CIPHER_AES_GCM) || (algo_id == ALGO_CIPHER_AES_CCM)) {
cparams.aead_tag_len = tag_len; if (encrypt) {
} cparams.aead_tag_len = tag_len;
else { }
XMEMCPY(cparams.aead_tag, p_tag, tag_len); else {
cparams.aead_tag_len = tag_len; XMEMCPY(cparams.aead_tag, p_tag, tag_len);
cparams.aead_tag_len = tag_len;
}
} }
mxq_rc = MXQ_Cipher_Init(encrypt, algo_id, key_id, &cparams, 0); mxq_rc = MXQ_Cipher_Init(encrypt, algo_id, key_id, &cparams, 0);
@ -1222,6 +1467,173 @@ static int do_aesgcm(wc_CryptoInfo* info)
} }
#endif /* !NO_AES && HAVE_AESGCM && MAXQ_AESGCM */ #endif /* !NO_AES && HAVE_AESGCM && MAXQ_AESGCM */
static int do_aescbc(wc_CryptoInfo* info)
{
int rc;
byte *out = info->cipher.aescbc.out;
const byte *in = info->cipher.aescbc.in;
if (info->cipher.aescbc.sz == 0) {
return CRYPTOCB_UNAVAILABLE;
}
if (info->cipher.aescbc.aes->reg == NULL) {
return CRYPTOCB_UNAVAILABLE;
}
/* Cannot do in place decryption because we get the incoming IV and that
* would already get over written. */
if (in == out) {
return CRYPTOCB_UNAVAILABLE;
}
if (info->cipher.aescbc.aes->maxq_ctx.key_pending) {
rc = aes_set_key(
info->cipher.aescbc.aes,
(const byte *)info->cipher.aescbc.aes->maxq_ctx.key,
info->cipher.aescbc.aes->keylen);
if (rc != 0) {
return rc;
}
}
rc = wolfSSL_CryptHwMutexLock();
if (rc != 0) {
return rc;
}
rc = maxq10xx_cipher_do(
ALGO_CIPHER_AES_CBC,
info->cipher.enc,
info->cipher.aescbc.aes->maxq_ctx.key_obj_id,
(byte *)info->cipher.aescbc.in,
(byte *)info->cipher.aescbc.out,
info->cipher.aescbc.sz,
(byte *)info->cipher.aescbc.aes->reg, WC_AES_BLOCK_SIZE,
NULL, 0,
NULL, 0);
wolfSSL_CryptHwMutexUnLock();
/* Take the last 16 bytes and throw them into reg. Then it will be ready in
* case Update() is called. For both encryption and decryption, we get it
* from the ciphertext. (Note in and out usage) */
if (info->cipher.enc) {
XMEMCPY(info->cipher.aescbc.aes->reg,
&out[info->cipher.aescbc.sz - WC_AES_BLOCK_SIZE],
WC_AES_BLOCK_SIZE);
}
else {
XMEMCPY(info->cipher.aescbc.aes->reg,
&in[info->cipher.aescbc.sz - WC_AES_BLOCK_SIZE],
WC_AES_BLOCK_SIZE);
}
/* done */
return rc;
}
#ifdef HAVE_AES_ECB
static int do_aesecb(wc_CryptoInfo* info)
{
int rc;
if (info->cipher.aesecb.sz == 0) {
return CRYPTOCB_UNAVAILABLE;
}
if (info->cipher.aesecb.aes->reg == NULL) {
return CRYPTOCB_UNAVAILABLE;
}
if (info->cipher.aesecb.aes->maxq_ctx.key_pending) {
rc = aes_set_key(
info->cipher.aesecb.aes,
(const byte *)info->cipher.aesecb.aes->maxq_ctx.key,
info->cipher.aesecb.aes->keylen);
if (rc != 0) {
return rc;
}
}
rc = wolfSSL_CryptHwMutexLock();
if (rc != 0) {
return rc;
}
rc = maxq10xx_cipher_do(
ALGO_CIPHER_AES_ECB,
info->cipher.enc,
info->cipher.aesecb.aes->maxq_ctx.key_obj_id,
(byte *)info->cipher.aesecb.in,
(byte *)info->cipher.aesecb.out,
info->cipher.aesecb.sz,
NULL, 0,
NULL, 0,
NULL, 0);
wolfSSL_CryptHwMutexUnLock();
/* done */
return rc;
}
#endif /* HAVE_AES_ECB */
#ifdef HAVE_AESCCM
static int do_aesccm(wc_CryptoInfo* info)
{
int rc;
wc_CryptoCb_AesAuthEnc *aesccm = (info->cipher.enc) ?
(wc_CryptoCb_AesAuthEnc*)&info->cipher.aesccm_enc :
/* dec->enc cast is okay */
(wc_CryptoCb_AesAuthEnc*)&info->cipher.aesccm_dec;
if (aesccm->sz == 0) {
return CRYPTOCB_UNAVAILABLE;
}
if (aesccm->aes->reg == NULL) {
return CRYPTOCB_UNAVAILABLE;
}
/* Cannot do in place decryption because we get the incoming IV and that
* would already get over written. */
if (aesccm->in == aesccm->out) {
return CRYPTOCB_UNAVAILABLE;
}
if (aesccm->aes->maxq_ctx.key_pending) {
rc = aes_set_key(
aesccm->aes,
(const byte *)aesccm->aes->maxq_ctx.key,
aesccm->aes->keylen);
if (rc != 0) {
return rc;
}
}
rc = wolfSSL_CryptHwMutexLock();
if (rc != 0) {
return rc;
}
rc = maxq10xx_cipher_do(
ALGO_CIPHER_AES_CCM,
info->cipher.enc,
aesccm->aes->maxq_ctx.key_obj_id,
(byte *)aesccm->in,
(byte *)aesccm->out,
aesccm->sz,
(byte *)aesccm->nonce, aesccm->nonceSz,
(byte *)aesccm->authIn, aesccm->authInSz,
(byte *)aesccm->authTag, aesccm->authTagSz);
wolfSSL_CryptHwMutexUnLock();
/* done */
return rc;
}
#endif /* HAVE_AESCCM */
#if !defined(NO_SHA) && !defined(NO_SHA256) && defined(MAXQ_SHA256) #if !defined(NO_SHA) && !defined(NO_SHA256) && defined(MAXQ_SHA256)
static int do_sha256(wc_CryptoInfo* info) static int do_sha256(wc_CryptoInfo* info)
{ {
@ -1296,10 +1708,11 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
(void)devId; (void)devId;
(void)ctx; (void)ctx;
/* In the case of MAXQ1065, this callback is always enabled. */
#if defined(WOLFSSL_MAXQ108X) #if defined(WOLFSSL_MAXQ108X)
if (!tls13active) if (!tls13active)
#endif
return CRYPTOCB_UNAVAILABLE; return CRYPTOCB_UNAVAILABLE;
#endif
if (info->algo_type == WC_ALGO_TYPE_CIPHER) { if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES) || !defined(NO_DES3) #if !defined(NO_AES) || !defined(NO_DES3)
@ -1310,10 +1723,19 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
#endif /* HAVE_AESGCM && MAXQ_AESGCM */ #endif /* HAVE_AESGCM && MAXQ_AESGCM */
#ifdef HAVE_AES_CBC #ifdef HAVE_AES_CBC
if (info->cipher.type == WC_CIPHER_AES_CBC) { if (info->cipher.type == WC_CIPHER_AES_CBC) {
/* TODO */ rc = do_aescbc(info);
return CRYPTOCB_UNAVAILABLE;
} }
#endif /* HAVE_AES_CBC */ #endif /* HAVE_AES_CBC */
#ifdef HAVE_AESCCM
if (info->cipher.type == WC_CIPHER_AES_CCM) {
rc = do_aesccm(info);
}
#endif /* HAVE_AESCCM */
#ifdef HAVE_AES_ECB
if (info->cipher.type == WC_CIPHER_AES_ECB) {
rc = do_aesecb(info);
}
#endif /* HAVE_AES_ECB */
#endif /* !NO_AES || !NO_DES3 */ #endif /* !NO_AES || !NO_DES3 */
} }
#if !defined(NO_SHA) || !defined(NO_SHA256) #if !defined(NO_SHA) || !defined(NO_SHA256)
@ -1343,12 +1765,22 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
else if (info->algo_type == WC_ALGO_TYPE_PK) { else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if defined(HAVE_ECC) && defined(MAXQ_ECC) #if defined(HAVE_ECC) && defined(MAXQ_ECC)
if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
/* TODO */ if (info->pk.eckg.key->maxq_ctx.hw_ecc == -1) {
return CRYPTOCB_UNAVAILABLE; return CRYPTOCB_UNAVAILABLE;
}
rc = ecc_gen_key(info->pk.eckg.key, info->pk.eckg.key->dp->size);
if (rc != 0) {
return rc;
}
} }
else if (info->pk.type == WC_PK_TYPE_ECDH) { else if (info->pk.type == WC_PK_TYPE_ECDH) {
/* TODO */ rc = ecc_establish(info->pk.ecdh.private_key,
return CRYPTOCB_UNAVAILABLE; info->pk.ecdh.public_key,
info->pk.ecdh.out, info->pk.ecdh.outlen);
if (rc != 0) {
return rc;
}
} }
else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
if (info->pk.eccsign.key->maxq_ctx.hw_ecc == 0) { if (info->pk.eccsign.key->maxq_ctx.hw_ecc == 0) {
@ -1363,22 +1795,32 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
return CRYPTOCB_UNAVAILABLE; return CRYPTOCB_UNAVAILABLE;
} }
#if defined(WOLFSSL_MAXQ108X)
/* This is not done for MAXQ1065 because we want to use the pre-
* provisioned key in the case of PKCS11. */
if (info->pk.eccsign.key->maxq_ctx.key_pending) { if (info->pk.eccsign.key->maxq_ctx.key_pending) {
rc = ecc_set_key(info->pk.eccsign.key, rc = ecc_set_key(info->pk.eccsign.key,
info->pk.eccsign.key->maxq_ctx.ecc_key, info->pk.eccsign.key->maxq_ctx.ecc_key,
info->pk.eccsign.key->dp->size); info->pk.eccsign.key->dp->size, 0);
if (rc != 0) { if (rc != 0) {
return rc; return rc;
} }
} }
#endif
rc = wolfSSL_CryptHwMutexLock(); rc = wolfSSL_CryptHwMutexLock();
if (rc != 0) { if (rc != 0) {
return rc; return rc;
} }
/* Note that we are using the DEVICE_KEY_PAIR_OBJ_ID; its the pre-
* provisioned key in the case of MAXQ1065. */
rc = maxq10xx_ecc_sign_local( rc = maxq10xx_ecc_sign_local(
#if defined(WOLFSSL_MAXQ108X)
info->pk.eccsign.key->maxq_ctx.key_obj_id, info->pk.eccsign.key->maxq_ctx.key_obj_id,
#else
DEVICE_KEY_PAIR_OBJ_ID,
#endif
(byte *)info->pk.eccsign.in, info->pk.eccsign.inlen, (byte *)info->pk.eccsign.in, info->pk.eccsign.inlen,
info->pk.eccsign.out, info->pk.eccsign.outlen, info->pk.eccsign.out, info->pk.eccsign.outlen,
info->pk.eccsign.key->dp->size); info->pk.eccsign.key->dp->size);
@ -1412,7 +1854,7 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
if (info->pk.eccverify.key->maxq_ctx.key_pending) { if (info->pk.eccverify.key->maxq_ctx.key_pending) {
rc = ecc_set_key(info->pk.eccverify.key, rc = ecc_set_key(info->pk.eccverify.key,
info->pk.eccverify.key->maxq_ctx.ecc_key, info->pk.eccverify.key->maxq_ctx.ecc_key,
info->pk.eccverify.key->dp->size); info->pk.eccverify.key->dp->size, 0);
if (rc != 0) { if (rc != 0) {
return rc; return rc;
} }

84
wolfssl/wolfcrypt/cryptocb.h
View File

@ -101,6 +101,38 @@ enum wc_CryptoCbCmdType {
}; };
#endif #endif
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
typedef struct {
Aes* aes;
byte* out;
const byte* in;
word32 sz;
const byte* nonce;
word32 nonceSz;
const byte* iv;
word32 ivSz;
byte* authTag;
word32 authTagSz;
const byte* authIn;
word32 authInSz;
} wc_CryptoCb_AesAuthEnc;
typedef struct {
Aes* aes;
byte* out;
const byte* in;
word32 sz;
const byte* nonce;
word32 nonceSz;
const byte* iv;
word32 ivSz;
const byte* authTag;
word32 authTagSz;
const byte* authIn;
word32 authInSz;
} wc_CryptoCb_AesAuthDec;
#endif
/* Crypto Information Structure for callbacks */ /* Crypto Information Structure for callbacks */
typedef struct wc_CryptoInfo { typedef struct wc_CryptoInfo {
int algo_type; /* enum wc_AlgoType */ int algo_type; /* enum wc_AlgoType */
@ -291,56 +323,12 @@ typedef struct wc_CryptoInfo {
union { union {
#endif #endif
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
struct { wc_CryptoCb_AesAuthEnc aesgcm_enc;
Aes* aes; wc_CryptoCb_AesAuthDec aesgcm_dec;
byte* out;
const byte* in;
word32 sz;
const byte* iv;
word32 ivSz;
byte* authTag;
word32 authTagSz;
const byte* authIn;
word32 authInSz;
} aesgcm_enc;
struct {
Aes* aes;
byte* out;
const byte* in;
word32 sz;
const byte* iv;
word32 ivSz;
const byte* authTag;
word32 authTagSz;
const byte* authIn;
word32 authInSz;
} aesgcm_dec;
#endif /* HAVE_AESGCM */ #endif /* HAVE_AESGCM */
#ifdef HAVE_AESCCM #ifdef HAVE_AESCCM
struct { wc_CryptoCb_AesAuthEnc aesccm_enc;
Aes* aes; wc_CryptoCb_AesAuthDec aesccm_dec;
byte* out;
const byte* in;
word32 sz;
const byte* nonce;
word32 nonceSz;
byte* authTag;
word32 authTagSz;
const byte* authIn;
word32 authInSz;
} aesccm_enc;
struct {
Aes* aes;
byte* out;
const byte* in;
word32 sz;
const byte* nonce;
word32 nonceSz;
const byte* authTag;
word32 authTagSz;
const byte* authIn;
word32 authInSz;
} aesccm_dec;
#endif /* HAVE_AESCCM */ #endif /* HAVE_AESCCM */
#if defined(HAVE_AES_CBC) #if defined(HAVE_AES_CBC)
struct { struct {