WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fixes to SE050 port 

This fixes the following things:

* Memory leaks in SE050 SHA messages
* Add key to SE050 for ECC sign hash function
* Remove circular include
* Correct prototype for `se050_hash_final`
* A few defined check fixes
pull/5334/head
Andrew Hutchings 2022-07-07 16:11:54 +01:00
parent a771baf551
commit 34d897e433
6 changed files with 54 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
wolfcrypt/src/port/nxp/se050_port.c
View File

@ -258,7 +258,8 @@ int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash, size_t digestLen,
void se050_hash_free(SE050_HASH_Context* se050Ctx)
{
(void)se050Ctx;
XFREE(se050Ctx->msg, se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
se050Ctx->msg = NULL;
}
#ifndef NO_AES
@ -511,6 +512,9 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
sss_algorithm_t algorithm;
int keySize;
int keySizeBits;
int keyCreated = 0;
int keyId;
sss_cipher_type_t curveType;
#ifdef SE050_DEBUG
printf("se050_ecc_sign_hash_ex: key %p, in %p (%d), out %p (%d), keyId %d\n",
@ -525,7 +529,7 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
}
keySize = key->dp->size;
ret = se050_map_curve(key->dp->id, keySize, &keySizeBits, NULL);
ret = se050_map_curve(key->dp->id, keySize, &keySizeBits, &curveType);
if (ret != 0) {
return ret;
}
@ -557,9 +561,38 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
if (status == kStatus_SSS_Success) {
status = sss_key_object_init(&newKey, &host_keystore);
}
/* this is run when a key was not generated and was instead passed in */
if (status == kStatus_SSS_Success) {
status = sss_key_object_get_handle(&newKey, key->keyId);
keyId = key->keyId;
if (keyId <= 0) {
byte derBuf[SE050_ECC_DER_MAX];
word32 derSz;
ret = wc_EccKeyToDer(key, derBuf, (word32)sizeof(derBuf));
if (ret >= 0) {
derSz = ret;
ret = 0;
}
else {
status = kStatus_SSS_Fail;
}
if (status == kStatus_SSS_Success) {
keyId = se050_allocate_key(SE050_ECC_KEY);
status = sss_key_object_allocate_handle(&newKey, keyId,
kSSS_KeyPart_Pair, curveType, keySize,
kKeyObject_Mode_Transient);
}
if (status == kStatus_SSS_Success) {
keyCreated = 1;
status = sss_key_store_set_key(&host_keystore, &newKey, derBuf,
derSz, keySizeBits, NULL, 0);
}
}
else {
status = sss_key_object_get_handle(&newKey, keyId);
}
}
if (status == kStatus_SSS_Success) {
status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi,
&newKey, algorithm, kMode_SSS_Sign);
@ -583,9 +616,14 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, byte* out,
}
if (status == kStatus_SSS_Success) {
key->keyId = keyId;
ret = 0;
}
else {
if (keyCreated) {
sss_key_store_erase_key(&host_keystore, &newKey);
sss_key_object_free(&newKey);
}
if (ret == 0)
ret = WC_HW_E;
}

4
wolfcrypt/src/sha.c
View File

@ -358,7 +358,6 @@
int ret = 0;
ret = se050_hash_final(&sha->se050Ctx, hash, WC_SHA_DIGEST_SIZE,
kAlgorithm_SSS_SHA1);
(void)wc_InitSha(sha);
return ret;
}
int wc_ShaFinalRaw(wc_Sha* sha, byte* hash)
@ -366,7 +365,6 @@
int ret = 0;
ret = se050_hash_final(&sha->se050Ctx, hash, WC_SHA_DIGEST_SIZE,
kAlgorithm_SSS_SHA1);
(void)wc_InitSha(sha);
return ret;
}
@ -849,7 +847,7 @@ void wc_ShaFree(wc_Sha* sha)
wc_ShaPic32Free(sha);
#endif
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
se050_hash_free(&sha->se050Ctx);
se050_hash_free(&sha->se050Ctx);
#endif
#if (defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH))

5
wolfcrypt/src/sha256.c
View File

@ -619,7 +619,6 @@ static int InitSha256(wc_Sha256* sha256)
int ret = 0;
ret = se050_hash_final(&sha256->se050Ctx, hash, WC_SHA256_DIGEST_SIZE,
kAlgorithm_SSS_SHA256);
(void)wc_InitSha256(sha256);
return ret;
}
int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash)
@ -627,7 +626,6 @@ static int InitSha256(wc_Sha256* sha256)
int ret = 0;
ret = se050_hash_final(&sha256->se050Ctx, hash, WC_SHA256_DIGEST_SIZE,
kAlgorithm_SSS_SHA256);
(void)wc_InitSha256(sha256);
return ret;
}
@ -1696,6 +1694,9 @@ void wc_Sha256Free(wc_Sha256* sha256)
sha256->msg = NULL;
}
#endif
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
se050_hash_free(&sha256->se050Ctx);
#endif
#if defined(WOLFSSL_KCAPI_HASH)
KcapiHashFree(&sha256->kcapi);
#endif

10
wolfcrypt/src/sha512.c
View File

@ -232,7 +232,6 @@
#endif
ret = se050_hash_final(&sha512->se050Ctx, hash, WC_SHA512_DIGEST_SIZE,
kAlgorithm_SSS_SHA512);
(void)wc_InitSha512_ex(sha512, sha512->heap, devId);
return ret;
}
int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
@ -247,12 +246,11 @@
#endif
ret = se050_hash_final(&sha512->se050Ctx, hash, WC_SHA512_DIGEST_SIZE,
kAlgorithm_SSS_SHA512);
(void)wc_InitSha512_ex(sha512, sha512->heap, devId);
return ret;
}
void wc_Sha512Free(wc_Sha512* sha512)
{
(void)sha512;
se050_hash_free(&sha512->se050Ctx);
}
#else
@ -1264,7 +1262,6 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
int ret = 0;
ret = se050_hash_final(&sha384->se050Ctx, hash, WC_SHA384_DIGEST_SIZE,
kAlgorithm_SSS_SHA384);
(void)wc_InitSha384(sha384);
return ret;
}
int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash)
@ -1272,7 +1269,6 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
int ret = 0;
ret = se050_hash_final(&sha384->se050Ctx, hash, WC_SHA384_DIGEST_SIZE,
kAlgorithm_SSS_SHA384);
(void)wc_InitSha384(sha384);
return ret;
}
@ -1482,6 +1478,10 @@ void wc_Sha384Free(wc_Sha384* sha384)
}
#endif
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
se050_hash_free(&sha384->se050Ctx);
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
wolfAsync_DevCtxFree(&sha384->asyncDev, WOLFSSL_ASYNC_MARKER_SHA384);
#endif /* WOLFSSL_ASYNC_CRYPT */

5
wolfssl/wolfcrypt/port/nxp/se050_port.h
View File

@ -24,7 +24,6 @@
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/visibility.h>
#include <wolfssl/wolfcrypt/asn_public.h>
#ifdef __GNUC__
#pragma GCC diagnostic push
@ -39,7 +38,7 @@
#include "fsl_sss_api.h"
#endif
#ifdef WOLFSSL_SE050
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
/* NXP SE050 - Disable SHA512 224/256 support */
#ifndef WOLFSSL_NOSHA512_224
#define WOLFSSL_NOSHA512_224
@ -105,7 +104,7 @@ WOLFSSL_LOCAL int se050_hash_init(SE050_HASH_Context* se050Ctx, void* heap);
WOLFSSL_LOCAL int se050_hash_update(SE050_HASH_Context* se050Ctx,
const byte* data, word32 len);
WOLFSSL_LOCAL int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash,
size_t digestLen, word32 algo);
size_t digestLen, sss_algorithm_t algo);
WOLFSSL_LOCAL void se050_hash_free(SE050_HASH_Context* se050Ctx);
struct Aes;

4
wolfssl/wolfcrypt/sha512.h
View File

@ -142,7 +142,7 @@ enum {
#if defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM)
#include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
#else
#if defined(WOLFSSL_SE050)
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include "wolfssl/wolfcrypt/port/nxp/se050_port.h"
#endif
/* wc_Sha512 digest */
@ -177,7 +177,7 @@ struct wc_Sha512 {
#ifdef WOLFSSL_KCAPI_HASH
wolfssl_KCAPI_Hash kcapi;
#endif
#if defined(WOLFSSL_SE050)
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
SE050_HASH_Context se050Ctx;
#endif
#if defined(WOLFSSL_HASH_KEEP)