WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Cleanups and fixes for CryptoCell port: 

* Protection for .c includes.
* Improved make pub memory issue reporting.
* README.md updates.
* Cleanup of user_settings.h.
pull/2170/head
David Garske 2019-04-04 12:27:01 -07:00 committed by Tesfa Mael
parent 6c65550eab
commit 34c1d5cba0
7 changed files with 104 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
IDE/CRYPTOCELL/README.md
View File

@ -17,7 +17,8 @@ The `IDE/CRYPTOCELL/main.c` example application provides a function to run the s
- #undef NO_CRYPT_TEST
- #undef NO_CRYPT_BENCHMARK
```
#### Supported features
## Supported features
- SHA-256
- AES CBC
- CryptoCell 310 RNG
@ -28,29 +29,33 @@ The `IDE/CRYPTOCELL/main.c` example application provides a function to run the s
- Hardware RNG
- RTC for benchmark timing source
#### Setting up Nordic SDK with wolfSSL
## Setup
### Setting up Nordic SDK with wolfSSL
1. Download the wolfSSL source code or a zip file from GitHub and place it under your SDK `InstallFolder/external/` directory. You can also copy or simlink to the source.
```
For example,
$cd nRF5_SDK_15.2.0_9412b96/external
$git submodule add https://github.com/wolfSSL/wolfssl.git
$cd ~/nRF5_SDK_15.2.0_9412b96/external
$git clone --depth=1 https://github.com/wolfSSL/wolfssl.git
Or, assuming you have already cloned the wolfSSL source code under ~/wolfssl.
$cd nRF5_SDK_15.2.0_9412b96/external
$sudo ln -s ~/wolfssl .
$cd ~/nRF5_SDK_15.2.0_9412b96/external
$ln -s ~/wolfssl wolfssl
```
2. Copy the example project from [here](https://github.com/tmael/nRF5_SDK/tree/master/examples/crypto/nrf_cc310/wolfcrypt) into your `nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310/` directory.
```
$git clone https://github.com/tmael/nRF5_SDK.git
$cd ~/nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310
```
2. Copy the example project from [here](https://github.com/tmael/nRF5_SDK/tree/master/examples/crypto/nrf_cc310/wolfcrypt) into your `nRF5_SDK/examples/crypto/nrf_cc310` directory.
```
$cd /nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310
$cp -rf ~/wolfcrypt .
$cp -rf ~/nRF5_SDK/examples/crypto/nrf_cc310/wolfcrypt .
OR
$ln -s ~/nRF5_SDK/examples/crypto/nrf_cc310/wolfcrypt wolfcrypt
```
3. Launch the SEGGER Embedded Studio IDE
4. In the main menu, go to File >Open Solutions to open the example solution. Browse to the location containing the wolfcrypt code `/examples/crypto/nrf_cc310/wolfcrypt/pca10056/blank/ses/wolfcrypt_pca10056.emProject` and choose Open.
#### Building and Running
## Building and Running
In the main menu, go to Build > Rebuild your project, then load and run your image on your nRF52840 target platform. Review the test results on the console output.
### `wolfcrypt_test()`
@ -99,6 +104,7 @@ ECDSA 256 sign 50 ops took 1.004 sec, avg 20.080 ms, 49.801 ops/sec
ECDSA 256 verify 48 ops took 1.028 sec, avg 21.417 ms, 46.693 ops/sec
Benchmark Test Completed
```
## References
The test results were collected from an nRF52840 reference platform target with the following software and tool chains:
- Nordic nRF52840 development board (PCA10056 1.0.0 2018.49 683529999).

1
IDE/CRYPTOCELL/main.c
View File

@ -50,6 +50,7 @@ int main(void)
benchmark_test(NULL);
printf("\nBenchmark Test Completed\n");
#endif
if ((ret = wolfCrypt_Cleanup()) != 0) {
printf("wolfCrypt_Cleanup failed %d\n", ret);
return -1;

151
IDE/CRYPTOCELL/user_settings.h
View File

@ -19,7 +19,7 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Custom wolfSSL based on GCC ARM example /IDE/GCC-ARM/Header/user_settings.h*/
/* Example Settings for CryptoCell */
#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H
@ -29,12 +29,12 @@ extern "C" {
#endif
/* ------------------------------------------------------------------------- */
/* Platform */
/* CryptoCell */
/* ------------------------------------------------------------------------- */
#if 1
#define WOLFSSL_CRYPTOCELL
#define WOLFSSL_nRF5x_SDK_15_2 /* for benchmark timer */
//#define WOLFSSL_CRYPTOCELL_AES /* only CBC mode is supported */
#define WOLFSSL_CRYPTOCELL_AES /* only CBC mode is supported */
#else
/* run without CryptoCell,
include IDE/GCC-ARM/Source/wolf_main.c for current_time(). */
@ -44,8 +44,10 @@ extern "C" {
#define AES_MAX_KEY_SIZE 128
#endif /* WOLFSSL_CRYPTOCELL*/
/*END */
/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
#undef WOLFSSL_GENERAL_ALIGNMENT
#define WOLFSSL_GENERAL_ALIGNMENT 4
@ -88,29 +90,11 @@ extern "C" {
#define WOLFSSL_SP_CACHE_RESISTANT
//#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */
/* 64 or 32 bit version */
/* Assembly */
//#define WOLFSSL_SP_ASM /* required if using the ASM versions */
//#define WOLFSSL_SP_ARM32_ASM
//#define WOLFSSL_SP_ARM64_ASM
//#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#endif
/* ------------------------------------------------------------------------- */
/* FIPS - Requires eval or license from wolfSSL */
/* ------------------------------------------------------------------------- */
#undef HAVE_FIPS
#if 0
#define HAVE_FIPS
#undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION 2
#ifdef SINGLE_THREADED
#undef NO_THREAD_LS
#define NO_THREAD_LS
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Crypto */
/* ------------------------------------------------------------------------- */
@ -162,7 +146,7 @@ extern "C" {
//#define HAVE_ECC192
//#define HAVE_ECC224
#undef NO_ECC256
//#define HAVE_ECC384
#define HAVE_ECC384
//#define HAVE_ECC521
#endif
@ -187,16 +171,12 @@ extern "C" {
#define ECC_TIMING_RESISTANT
/* Enable cofactor support */
#ifdef HAVE_FIPS
#undef HAVE_ECC_CDH
#define HAVE_ECC_CDH
#endif
#undef HAVE_ECC_CDH
//#define HAVE_ECC_CDH
/* Validate import */
#ifdef HAVE_FIPS
#undef WOLFSSL_VALIDATE_ECC_IMPORT
#define WOLFSSL_VALIDATE_ECC_IMPORT
#endif
#undef WOLFSSL_VALIDATE_ECC_IMPORT
//#define WOLFSSL_VALIDATE_ECC_IMPORT
/* Compressed Key Support */
#undef HAVE_COMP_KEY
@ -206,9 +186,9 @@ extern "C" {
#ifdef USE_FAST_MATH
#ifdef NO_RSA
/* Custom fastmath size if not using RSA */
/* MAX = ROUND32(ECC BITS 256) + SIZE_OF_MP_DIGIT(32) */
/* MAX = ROUND32(ECC BITS 384) + SIZE_OF_MP_DIGIT(32) */
#undef FP_MAX_BITS
#define FP_MAX_BITS (256 + 32)
#define FP_MAX_BITS (384 + 32)
#else
#undef ALT_ECC_SIZE
#define ALT_ECC_SIZE
@ -219,6 +199,10 @@ extern "C" {
#undef TFM_ECC256
#define TFM_ECC256
#endif
#ifndef HAVE_ECC384
#undef TFM_ECC384
#define TFM_ECC384
#endif
#endif
#endif
@ -228,16 +212,12 @@ extern "C" {
/* Use table for DH instead of -lm (math) lib dependency */
#if 0
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_4096
//#define HAVE_FFDHE_6144
//#define HAVE_FFDHE_8192
#endif
#ifdef HAVE_FIPS
#define WOLFSSL_VALIDATE_FFC_IMPORT
#define HAVE_FFDHE_Q
#endif
#define HAVE_FFDHE_2048
//#define HAVE_FFDHE_4096
//#define HAVE_FFDHE_6144
//#define HAVE_FFDHE_8192
#else
#define NO_DH
#endif
@ -246,30 +226,29 @@ extern "C" {
/* AES */
#undef NO_AES
#if 1
#undef HAVE_AES_CBC
#define HAVE_AES_CBC
#undef HAVE_AES_CBC
#define HAVE_AES_CBC
/* If you need other than AES-CBC mode, you must undefine WOLFSSL_CRYPTOCELL_AES */
#if !defined(WOLFSSL_CRYPTOCELL_AES)
#undef HAVE_AESGCM
#define HAVE_AESGCM
#if !defined(WOLFSSL_CRYPTOCELL_AES)
#undef HAVE_AESGCM
#define HAVE_AESGCM
/* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
#define GCM_SMALL
/* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
#define GCM_SMALL
#undef WOLFSSL_AES_DIRECT
//#define WOLFSSL_AES_DIRECT
#undef WOLFSSL_AES_DIRECT
#define WOLFSSL_AES_DIRECT
#undef HAVE_AES_ECB
//#define HAVE_AES_ECB
#undef HAVE_AES_ECB
#define HAVE_AES_ECB
#undef WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_COUNTER
#undef HAVE_AESCCM
#define HAVE_AESCCM
#endif
#undef WOLFSSL_AES_COUNTER
//#define WOLFSSL_AES_COUNTER
#undef HAVE_AESCCM
//#define HAVE_AESCCM
#endif
#else
#define NO_AES
#endif
@ -490,43 +469,6 @@ extern "C" {
#define WOLFSSL_GENSEED_FORTEST
#endif
/* ------------------------------------------------------------------------- */
/* Custom Standard Lib */
/* ------------------------------------------------------------------------- */
/* Allows override of all standard library functions */
#undef STRING_USER
#if 0
#define STRING_USER
#include <string.h>
#undef USE_WOLF_STRSEP
#define USE_WOLF_STRSEP
#define XSTRSEP(s1,d) wc_strsep((s1),(d))
#undef USE_WOLF_STRTOK
#define USE_WOLF_STRTOK
#define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
#define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
#define XMEMCPY(d,s,l) memcpy((d),(s),(l))
#define XMEMSET(b,c,l) memset((b),(c),(l))
#define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
#define XMEMMOVE(d,s,l) memmove((d),(s),(l))
#define XSTRLEN(s1) strlen((s1))
#define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
#define XSTRSTR(s1,s2) strstr((s1),(s2))
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
#define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
#define XSNPRINTF snprintf
#endif
/* ------------------------------------------------------------------------- */
/* Enable Features */
@ -536,20 +478,13 @@ extern "C" {
#define WOLFSSL_TLS13
#endif
#undef WOLFSSL_KEY_GEN
#if 0
#if 1
#define WOLFSSL_KEY_GEN
#endif
#if defined(WOLFSSL_CRYPTOCELL)
#define WOLFSSL_KEY_GEN
#define WOLFSSL_OLD_PRIME_CHECK /* reduce DH test time */
#endif
#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN)
#define WOLFSSL_OLD_PRIME_CHECK
#endif
/* reduce DH test time */
#define WOLFSSL_OLD_PRIME_CHECK
#undef KEEP_PEER_CERT
//#define KEEP_PEER_CERT

3
wolfcrypt/src/ecc.c
View File

@ -3878,6 +3878,9 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn,
if (err == MP_OKAY) {
err = wc_ecc_mulmod_ex(&key->k, base, pub, curve->Af, curve->prime,
1, key->heap);
if (err == MP_MEM) {
err = MEMORY_E;
}
}
wc_ecc_del_point_h(base, key->heap);

27
wolfcrypt/src/port/arm/cryptoCell.c
View File

@ -24,8 +24,18 @@
#endif
#include <wolfssl/wolfcrypt/settings.h>
/* This source is included in wc_port.c */
/* WOLFSSL_CRYPTOCELL_C is defined by wc_port.c in case compile tries to
include this .c directly */
#ifdef WOLFSSL_CRYPTOCELL_C
#ifdef WOLFSSL_CRYPTOCELL
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
@ -34,12 +44,7 @@
#include <wolfcrypt/src/misc.c>
#endif
#ifndef WOLFSSL_CRYPTOCELL_C
#define WOLFSSL_CRYPTOCELL_C
#if defined(WOLFSSL_CRYPTOCELL)
#include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
/* Global Variables (extern) */
CRYS_RND_State_t wc_rndState;
CRYS_RND_WorkBuff_t wc_rndWorkBuff;
SaSiRndGenerateVectWorkFunc_t wc_rndGenVectFunc = CRYS_RND_GenerateVector;
@ -67,6 +72,7 @@ static void cc310_disable(void)
NVIC_DisableIRQ(CRYPTOCELL_IRQn);
}
}
int cc310_Init(void)
{
int ret = 0;
@ -94,6 +100,7 @@ int cc310_Init(void)
}
return ret;
}
void cc310_Free(void)
{
CRYSError_t crys_result;
@ -172,7 +179,8 @@ CRYS_RSA_HASH_OpMode_t cc310_hashModeRSA(enum wc_HashType hash_type)
return CRYS_RSA_After_HASH_NOT_KNOWN_mode;
}
}
#endif /* NO_RSA */
#endif /* !NO_RSA */
#ifdef HAVE_ECC
CRYS_ECPKI_HASH_OpMode_t cc310_hashModeECC(int hash_size)
{
@ -206,8 +214,7 @@ CRYS_ECPKI_HASH_OpMode_t cc310_hashModeECC(int hash_size)
#if !defined(NO_CRYPT_BENCHMARK) && defined(WOLFSSL_nRF5x_SDK_15_2)
static int mRtcSec = 0;
const nrfx_rtc_t rtc = NRFX_RTC_INSTANCE(0);
static const nrfx_rtc_t rtc = NRFX_RTC_INSTANCE(0);
static void rtc_handler(nrfx_rtc_int_type_t int_type)
{
@ -296,5 +303,5 @@ int nrf_random_generate(byte* output, word32 size)
return 0;
}
#endif /* !NO_CRYPT_BENCHMARK && WOLFSSL_nRF5x_SDK_15_2 */
#endif /* WOLFSSL_CRYPTOCELL_C */
#endif /* WOLFSSL_CRYPTOCELL_C */

33
wolfcrypt/src/port/arm/cryptoCellHash.c
View File

@ -24,8 +24,17 @@
#endif
#include <wolfssl/wolfcrypt/settings.h>
/* This source is included in wc_port.c */
/* WOLFSSL_CRYPTOCELL_HASH_C is defined by wc_port.c in case compile tries
to include this .c directly */
#ifdef WOLFSSL_CRYPTOCELL_HASH_C
#if !defined(NO_SHA256) && defined(WOLFSSL_CRYPTOCELL)
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
@ -34,12 +43,6 @@
#include <wolfcrypt/src/misc.c>
#endif
#if !defined(NO_SHA) && defined(WOLFSSL_CRYPTOCELL_HASH)
#include <wolfssl/wolfcrypt/sha256.h>
#if defined(WOLFSSL_CRYPTOCELL)
#include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
{
CRYSError_t ret = 0;
@ -60,9 +63,9 @@ int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
}
return ret;
}
}
WOLFSSL_API int wc_InitSha256(Sha256* sha256)
int wc_InitSha256(Sha256* sha256)
{
return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
}
@ -96,7 +99,7 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
} while (ret == CRYS_OK && remaining > 0);
return ret;
}
}
int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
{
@ -125,13 +128,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
{
if (sha256 == NULL)
return;
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (sha256->W != NULL) {
XFREE(sha256->W, NULL, DYNAMIC_TYPE_DIGEST);
sha256->W = NULL;
}
#endif
}
#endif /*WOLFSSL_CRYPTOCELL*/
#endif /* !NO_SHA256 */
#endif /* !NO_SHA256 && WOLFSSL_CRYPTOCELL */
#endif /* WOLFSSL_CRYPTOCELL_HASH_C */

12
wolfcrypt/src/wc_port.c
View File

@ -1492,7 +1492,7 @@ int wolfSSL_CryptHwMutexUnLock(void) {
osMutexRelease (*m);
return 0;
}
#elif defined(WOLFSSL_CMSIS_RTOSv2)
int wc_InitMutex(wolfSSL_Mutex *m)
{
@ -2195,10 +2195,12 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
#include <wolfcrypt/src/port/ti/ti-ccm.c> /* initialize and Mutex for TI Crypt Engine */
#include <wolfcrypt/src/port/ti/ti-hash.c> /* md5, sha1, sha224, sha256 */
#endif
#if defined(WOLFSSL_CRYPTOCELL)
#define WOLFSSL_CRYPTOCELL_C
#include <wolfcrypt/src/port/arm/cryptoCell.c> /* CC310, RTC and RNG */
#if !defined(NO_SHA256)
#define WOLFSSL_CRYPTOCELL_HASH
#include <wolfcrypt/src/port/arm/cryptoCellHash.c> /* sha256 */
#if !defined(NO_SHA256)
#define WOLFSSL_CRYPTOCELL_HASH_C
#include <wolfcrypt/src/port/arm/cryptoCellHash.c> /* sha256 */
#endif
#endif
#endif