diff --git a/IDE/CRYPTOCELL/README.md b/IDE/CRYPTOCELL/README.md index 4f50d174e..5786f1ccf 100644 --- a/IDE/CRYPTOCELL/README.md +++ b/IDE/CRYPTOCELL/README.md @@ -17,7 +17,8 @@ The `IDE/CRYPTOCELL/main.c` example application provides a function to run the s - #undef NO_CRYPT_TEST - #undef NO_CRYPT_BENCHMARK ``` -#### Supported features + +## Supported features - SHA-256 - AES CBC - CryptoCell 310 RNG @@ -28,29 +29,33 @@ The `IDE/CRYPTOCELL/main.c` example application provides a function to run the s - Hardware RNG - RTC for benchmark timing source -#### Setting up Nordic SDK with wolfSSL +## Setup +### Setting up Nordic SDK with wolfSSL 1. Download the wolfSSL source code or a zip file from GitHub and place it under your SDK `InstallFolder/external/` directory. You can also copy or simlink to the source. ``` For example, - $cd nRF5_SDK_15.2.0_9412b96/external - $git submodule add https://github.com/wolfSSL/wolfssl.git + $cd ~/nRF5_SDK_15.2.0_9412b96/external + $git clone --depth=1 https://github.com/wolfSSL/wolfssl.git Or, assuming you have already cloned the wolfSSL source code under ~/wolfssl. - $cd nRF5_SDK_15.2.0_9412b96/external - $sudo ln -s ~/wolfssl . + $cd ~/nRF5_SDK_15.2.0_9412b96/external + $ln -s ~/wolfssl wolfssl +``` +2. Copy the example project from [here](https://github.com/tmael/nRF5_SDK/tree/master/examples/crypto/nrf_cc310/wolfcrypt) into your `nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310/` directory. +``` + $git clone https://github.com/tmael/nRF5_SDK.git + $cd ~/nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310 -``` -2. Copy the example project from [here](https://github.com/tmael/nRF5_SDK/tree/master/examples/crypto/nrf_cc310/wolfcrypt) into your `nRF5_SDK/examples/crypto/nrf_cc310` directory. -``` - $cd /nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310 - $cp -rf ~/wolfcrypt . + $cp -rf ~/nRF5_SDK/examples/crypto/nrf_cc310/wolfcrypt . + OR + $ln -s ~/nRF5_SDK/examples/crypto/nrf_cc310/wolfcrypt wolfcrypt ``` 3. Launch the SEGGER Embedded Studio IDE 4. In the main menu, go to File >Open Solutions to open the example solution. Browse to the location containing the wolfcrypt code `/examples/crypto/nrf_cc310/wolfcrypt/pca10056/blank/ses/wolfcrypt_pca10056.emProject` and choose Open. -#### Building and Running +## Building and Running In the main menu, go to Build > Rebuild your project, then load and run your image on your nRF52840 target platform. Review the test results on the console output. ### `wolfcrypt_test()` @@ -99,6 +104,7 @@ ECDSA 256 sign 50 ops took 1.004 sec, avg 20.080 ms, 49.801 ops/sec ECDSA 256 verify 48 ops took 1.028 sec, avg 21.417 ms, 46.693 ops/sec Benchmark Test Completed ``` + ## References The test results were collected from an nRF52840 reference platform target with the following software and tool chains: - Nordic nRF52840 development board (PCA10056 1.0.0 2018.49 683529999). diff --git a/IDE/CRYPTOCELL/main.c b/IDE/CRYPTOCELL/main.c index 89bfaf449..61863cfcf 100644 --- a/IDE/CRYPTOCELL/main.c +++ b/IDE/CRYPTOCELL/main.c @@ -50,6 +50,7 @@ int main(void) benchmark_test(NULL); printf("\nBenchmark Test Completed\n"); #endif + if ((ret = wolfCrypt_Cleanup()) != 0) { printf("wolfCrypt_Cleanup failed %d\n", ret); return -1; diff --git a/IDE/CRYPTOCELL/user_settings.h b/IDE/CRYPTOCELL/user_settings.h index 0997a9678..3d21d840b 100644 --- a/IDE/CRYPTOCELL/user_settings.h +++ b/IDE/CRYPTOCELL/user_settings.h @@ -19,7 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* Custom wolfSSL based on GCC ARM example /IDE/GCC-ARM/Header/user_settings.h*/ +/* Example Settings for CryptoCell */ #ifndef WOLFSSL_USER_SETTINGS_H #define WOLFSSL_USER_SETTINGS_H @@ -29,12 +29,12 @@ extern "C" { #endif /* ------------------------------------------------------------------------- */ -/* Platform */ +/* CryptoCell */ /* ------------------------------------------------------------------------- */ #if 1 #define WOLFSSL_CRYPTOCELL #define WOLFSSL_nRF5x_SDK_15_2 /* for benchmark timer */ - //#define WOLFSSL_CRYPTOCELL_AES /* only CBC mode is supported */ + #define WOLFSSL_CRYPTOCELL_AES /* only CBC mode is supported */ #else /* run without CryptoCell, include IDE/GCC-ARM/Source/wolf_main.c for current_time(). */ @@ -44,8 +44,10 @@ extern "C" { #define AES_MAX_KEY_SIZE 128 #endif /* WOLFSSL_CRYPTOCELL*/ -/*END */ +/* ------------------------------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------------------------------- */ #undef WOLFSSL_GENERAL_ALIGNMENT #define WOLFSSL_GENERAL_ALIGNMENT 4 @@ -88,29 +90,11 @@ extern "C" { #define WOLFSSL_SP_CACHE_RESISTANT //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */ - /* 64 or 32 bit version */ + /* Assembly */ //#define WOLFSSL_SP_ASM /* required if using the ASM versions */ - //#define WOLFSSL_SP_ARM32_ASM - //#define WOLFSSL_SP_ARM64_ASM + //#define WOLFSSL_SP_ARM_CORTEX_M_ASM #endif -/* ------------------------------------------------------------------------- */ -/* FIPS - Requires eval or license from wolfSSL */ -/* ------------------------------------------------------------------------- */ -#undef HAVE_FIPS -#if 0 - #define HAVE_FIPS - - #undef HAVE_FIPS_VERSION - #define HAVE_FIPS_VERSION 2 - - #ifdef SINGLE_THREADED - #undef NO_THREAD_LS - #define NO_THREAD_LS - #endif -#endif - - /* ------------------------------------------------------------------------- */ /* Crypto */ /* ------------------------------------------------------------------------- */ @@ -162,7 +146,7 @@ extern "C" { //#define HAVE_ECC192 //#define HAVE_ECC224 #undef NO_ECC256 - //#define HAVE_ECC384 + #define HAVE_ECC384 //#define HAVE_ECC521 #endif @@ -187,16 +171,12 @@ extern "C" { #define ECC_TIMING_RESISTANT /* Enable cofactor support */ - #ifdef HAVE_FIPS - #undef HAVE_ECC_CDH - #define HAVE_ECC_CDH - #endif + #undef HAVE_ECC_CDH + //#define HAVE_ECC_CDH /* Validate import */ - #ifdef HAVE_FIPS - #undef WOLFSSL_VALIDATE_ECC_IMPORT - #define WOLFSSL_VALIDATE_ECC_IMPORT - #endif + #undef WOLFSSL_VALIDATE_ECC_IMPORT + //#define WOLFSSL_VALIDATE_ECC_IMPORT /* Compressed Key Support */ #undef HAVE_COMP_KEY @@ -206,9 +186,9 @@ extern "C" { #ifdef USE_FAST_MATH #ifdef NO_RSA /* Custom fastmath size if not using RSA */ - /* MAX = ROUND32(ECC BITS 256) + SIZE_OF_MP_DIGIT(32) */ + /* MAX = ROUND32(ECC BITS 384) + SIZE_OF_MP_DIGIT(32) */ #undef FP_MAX_BITS - #define FP_MAX_BITS (256 + 32) + #define FP_MAX_BITS (384 + 32) #else #undef ALT_ECC_SIZE #define ALT_ECC_SIZE @@ -219,6 +199,10 @@ extern "C" { #undef TFM_ECC256 #define TFM_ECC256 #endif + #ifndef HAVE_ECC384 + #undef TFM_ECC384 + #define TFM_ECC384 + #endif #endif #endif @@ -228,16 +212,12 @@ extern "C" { /* Use table for DH instead of -lm (math) lib dependency */ #if 0 #define WOLFSSL_DH_CONST - #define HAVE_FFDHE_2048 - #define HAVE_FFDHE_4096 - //#define HAVE_FFDHE_6144 - //#define HAVE_FFDHE_8192 #endif - #ifdef HAVE_FIPS - #define WOLFSSL_VALIDATE_FFC_IMPORT - #define HAVE_FFDHE_Q - #endif + #define HAVE_FFDHE_2048 + //#define HAVE_FFDHE_4096 + //#define HAVE_FFDHE_6144 + //#define HAVE_FFDHE_8192 #else #define NO_DH #endif @@ -246,30 +226,29 @@ extern "C" { /* AES */ #undef NO_AES #if 1 - #undef HAVE_AES_CBC - #define HAVE_AES_CBC + #undef HAVE_AES_CBC + #define HAVE_AES_CBC + /* If you need other than AES-CBC mode, you must undefine WOLFSSL_CRYPTOCELL_AES */ -#if !defined(WOLFSSL_CRYPTOCELL_AES) - #undef HAVE_AESGCM - #define HAVE_AESGCM + #if !defined(WOLFSSL_CRYPTOCELL_AES) + #undef HAVE_AESGCM + #define HAVE_AESGCM - /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ - #define GCM_SMALL + /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ + #define GCM_SMALL + #undef WOLFSSL_AES_DIRECT + //#define WOLFSSL_AES_DIRECT - #undef WOLFSSL_AES_DIRECT - #define WOLFSSL_AES_DIRECT + #undef HAVE_AES_ECB + //#define HAVE_AES_ECB - #undef HAVE_AES_ECB - #define HAVE_AES_ECB - - #undef WOLFSSL_AES_COUNTER - #define WOLFSSL_AES_COUNTER - - #undef HAVE_AESCCM - #define HAVE_AESCCM -#endif + #undef WOLFSSL_AES_COUNTER + //#define WOLFSSL_AES_COUNTER + #undef HAVE_AESCCM + //#define HAVE_AESCCM + #endif #else #define NO_AES #endif @@ -490,43 +469,6 @@ extern "C" { #define WOLFSSL_GENSEED_FORTEST #endif -/* ------------------------------------------------------------------------- */ -/* Custom Standard Lib */ -/* ------------------------------------------------------------------------- */ -/* Allows override of all standard library functions */ -#undef STRING_USER -#if 0 - #define STRING_USER - - #include - - #undef USE_WOLF_STRSEP - #define USE_WOLF_STRSEP - #define XSTRSEP(s1,d) wc_strsep((s1),(d)) - - #undef USE_WOLF_STRTOK - #define USE_WOLF_STRTOK - #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) - - #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) - - #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) - #define XMEMSET(b,c,l) memset((b),(c),(l)) - #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) - #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) - - #define XSTRLEN(s1) strlen((s1)) - #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) - #define XSTRSTR(s1,s2) strstr((s1),(s2)) - - #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) - #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) - #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) - - #define XSNPRINTF snprintf -#endif - - /* ------------------------------------------------------------------------- */ /* Enable Features */ @@ -536,20 +478,13 @@ extern "C" { #define WOLFSSL_TLS13 #endif - #undef WOLFSSL_KEY_GEN -#if 0 +#if 1 #define WOLFSSL_KEY_GEN #endif -#if defined(WOLFSSL_CRYPTOCELL) - #define WOLFSSL_KEY_GEN - #define WOLFSSL_OLD_PRIME_CHECK /* reduce DH test time */ -#endif - -#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN) - #define WOLFSSL_OLD_PRIME_CHECK -#endif +/* reduce DH test time */ +#define WOLFSSL_OLD_PRIME_CHECK #undef KEEP_PEER_CERT //#define KEEP_PEER_CERT diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 09586661c..e41d3e98c 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3878,6 +3878,9 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn, if (err == MP_OKAY) { err = wc_ecc_mulmod_ex(&key->k, base, pub, curve->Af, curve->prime, 1, key->heap); + if (err == MP_MEM) { + err = MEMORY_E; + } } wc_ecc_del_point_h(base, key->heap); diff --git a/wolfcrypt/src/port/arm/cryptoCell.c b/wolfcrypt/src/port/arm/cryptoCell.c index 0edb194a3..600b8961f 100644 --- a/wolfcrypt/src/port/arm/cryptoCell.c +++ b/wolfcrypt/src/port/arm/cryptoCell.c @@ -24,8 +24,18 @@ #endif #include + +/* This source is included in wc_port.c */ +/* WOLFSSL_CRYPTOCELL_C is defined by wc_port.c in case compile tries to + include this .c directly */ +#ifdef WOLFSSL_CRYPTOCELL_C + +#ifdef WOLFSSL_CRYPTOCELL + #include #include +#include +#include #ifdef NO_INLINE #include @@ -34,12 +44,7 @@ #include #endif -#ifndef WOLFSSL_CRYPTOCELL_C -#define WOLFSSL_CRYPTOCELL_C - -#if defined(WOLFSSL_CRYPTOCELL) -#include - +/* Global Variables (extern) */ CRYS_RND_State_t wc_rndState; CRYS_RND_WorkBuff_t wc_rndWorkBuff; SaSiRndGenerateVectWorkFunc_t wc_rndGenVectFunc = CRYS_RND_GenerateVector; @@ -67,6 +72,7 @@ static void cc310_disable(void) NVIC_DisableIRQ(CRYPTOCELL_IRQn); } } + int cc310_Init(void) { int ret = 0; @@ -94,6 +100,7 @@ int cc310_Init(void) } return ret; } + void cc310_Free(void) { CRYSError_t crys_result; @@ -172,7 +179,8 @@ CRYS_RSA_HASH_OpMode_t cc310_hashModeRSA(enum wc_HashType hash_type) return CRYS_RSA_After_HASH_NOT_KNOWN_mode; } } -#endif /* NO_RSA */ +#endif /* !NO_RSA */ + #ifdef HAVE_ECC CRYS_ECPKI_HASH_OpMode_t cc310_hashModeECC(int hash_size) { @@ -206,8 +214,7 @@ CRYS_ECPKI_HASH_OpMode_t cc310_hashModeECC(int hash_size) #if !defined(NO_CRYPT_BENCHMARK) && defined(WOLFSSL_nRF5x_SDK_15_2) static int mRtcSec = 0; - -const nrfx_rtc_t rtc = NRFX_RTC_INSTANCE(0); +static const nrfx_rtc_t rtc = NRFX_RTC_INSTANCE(0); static void rtc_handler(nrfx_rtc_int_type_t int_type) { @@ -296,5 +303,5 @@ int nrf_random_generate(byte* output, word32 size) return 0; } #endif /* !NO_CRYPT_BENCHMARK && WOLFSSL_nRF5x_SDK_15_2 */ -#endif /* WOLFSSL_CRYPTOCELL_C */ +#endif /* WOLFSSL_CRYPTOCELL_C */ diff --git a/wolfcrypt/src/port/arm/cryptoCellHash.c b/wolfcrypt/src/port/arm/cryptoCellHash.c index a5119810d..8796e1eeb 100644 --- a/wolfcrypt/src/port/arm/cryptoCellHash.c +++ b/wolfcrypt/src/port/arm/cryptoCellHash.c @@ -24,8 +24,17 @@ #endif #include + +/* This source is included in wc_port.c */ +/* WOLFSSL_CRYPTOCELL_HASH_C is defined by wc_port.c in case compile tries + to include this .c directly */ +#ifdef WOLFSSL_CRYPTOCELL_HASH_C +#if !defined(NO_SHA256) && defined(WOLFSSL_CRYPTOCELL) + #include #include +#include +#include #ifdef NO_INLINE #include @@ -34,12 +43,6 @@ #include #endif -#if !defined(NO_SHA) && defined(WOLFSSL_CRYPTOCELL_HASH) -#include - -#if defined(WOLFSSL_CRYPTOCELL) -#include - int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) { CRYSError_t ret = 0; @@ -60,9 +63,9 @@ int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) } return ret; - } +} -WOLFSSL_API int wc_InitSha256(Sha256* sha256) +int wc_InitSha256(Sha256* sha256) { return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID); } @@ -96,7 +99,7 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) } while (ret == CRYS_OK && remaining > 0); return ret; - } +} int wc_Sha256Final(wc_Sha256* sha256, byte* hash) { @@ -125,13 +128,7 @@ void wc_Sha256Free(wc_Sha256* sha256) { if (sha256 == NULL) return; - -#ifdef WOLFSSL_SMALL_STACK_CACHE - if (sha256->W != NULL) { - XFREE(sha256->W, NULL, DYNAMIC_TYPE_DIGEST); - sha256->W = NULL; - } -#endif } -#endif /*WOLFSSL_CRYPTOCELL*/ -#endif /* !NO_SHA256 */ + +#endif /* !NO_SHA256 && WOLFSSL_CRYPTOCELL */ +#endif /* WOLFSSL_CRYPTOCELL_HASH_C */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 45b3567ad..d61c25c98 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1492,7 +1492,7 @@ int wolfSSL_CryptHwMutexUnLock(void) { osMutexRelease (*m); return 0; } - + #elif defined(WOLFSSL_CMSIS_RTOSv2) int wc_InitMutex(wolfSSL_Mutex *m) { @@ -2195,10 +2195,12 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) #include /* initialize and Mutex for TI Crypt Engine */ #include /* md5, sha1, sha224, sha256 */ #endif + #if defined(WOLFSSL_CRYPTOCELL) + #define WOLFSSL_CRYPTOCELL_C #include /* CC310, RTC and RNG */ -#if !defined(NO_SHA256) - #define WOLFSSL_CRYPTOCELL_HASH - #include /* sha256 */ + #if !defined(NO_SHA256) + #define WOLFSSL_CRYPTOCELL_HASH_C + #include /* sha256 */ + #endif #endif -#endif \ No newline at end of file