Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

This is a WIP! #8000

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion wolfcrypt/src/ecc.c
Original file line number Diff line number Diff line change
Expand Up @@ -11269,7 +11269,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
#endif

#ifdef WOLFSSL_MAXQ10XX_CRYPTO
if (ret == 0) {
if (ret == 0 && key->devId != INVALID_DEVID) {
ret = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
}
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
Expand Down
224 changes: 126 additions & 98 deletions wolfcrypt/src/port/maxim/maxq10xx.c
Original file line number Diff line number Diff line change
Expand Up @@ -752,13 +752,26 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
LoadDefaultImportKey(sign_key, &sign_key_len, &sign_key_curve,
&sign_key_type);

#if defined(MAXQ10XX_MUTEX)
wolfSSL_CryptHwMutexUnLock();
#endif

rc = ECDSA_sign(signature, &signature_len, sign_key, key_buff, key_buff_len,
sign_key_curve);
if (rc) {
WOLFSSL_ERROR_MSG("MAXQ: ECDSA_sign() failed");
goto end_EccSetKey;
goto end_EccSetKey_noUnlock;
}

#if defined(MAXQ10XX_MUTEX)
rc = maxq_CryptHwMutexTryLock();
if (rc != 0) {
WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired");
rc = NOT_COMPILED_IN;
return rc;
}
#endif

mxq_rc = MXQ_ImportKey(obj_id, getSignAlgoFromCurve(sign_key_curve),
PUBKEY_IMPORT_OBJID, key_buff, key_buff_len,
signature, signature_len);
Expand All @@ -772,7 +785,10 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
key->maxq_ctx.key_pending = 0;

end_EccSetKey:
#if defined(MAXQ10XX_MUTEX)
wolfSSL_CryptHwMutexUnLock();
#endif
end_EccSetKey_noUnlock:
return rc;
}
#endif /* MAXQ_ECC */
Expand Down Expand Up @@ -1087,6 +1103,104 @@ static int maxq10xx_ecc_verify_local(
*result = (mxq_rc ? 0 : 1);
return 0;
}

static int maxq10xx_ecc_key_gen(WOLFSSL* ssl, ecc_key* key, word32 keySz,
int ecc_curve, void* ctx)
{
int rc;
mxq_err_t mxq_rc;
unsigned char mxq_key[MAX_EC_KEY_SIZE];
(void)ctx;
(void)ssl;

WOLFSSL_ENTER("maxq10xx_ecc_key_gen");

if (tls13_ecc_obj_id == -1) {
tls13_ecc_obj_id = alloc_temp_key_id();
if (tls13_ecc_obj_id == -1) {
WOLFSSL_ERROR_MSG("MAXQ: alloc_temp_key_id() failed");
rc = NOT_COMPILED_IN;
return rc;
}
}

rc = wolfSSL_CryptHwMutexLock();
if (rc != 0) {
return rc;
}
mxq_rc = MXQ_TLS13_Generate_Key(mxq_key, tls13_ecc_obj_id, MXQ_KEYTYPE_ECC,
getMaxqKeyParamFromCurve(key->dp->id),
keySz, NULL, 0, NULL);

wolfSSL_CryptHwMutexUnLock();
if (mxq_rc) {
WOLFSSL_ERROR_MSG("MAXQ: MXQ_TLS13_Generate_Key() failed");
return WC_HW_E;
}

rc = wc_ecc_import_unsigned(key, (byte*)mxq_key, (byte*)mxq_key + keySz,
NULL, ecc_curve);
if (rc) {
WOLFSSL_ERROR_MSG("MAXQ: wc_ecc_import_raw_ex() failed");
}

return rc;
}

static int maxq10xx_compute_ecc_shared_secret(ecc_key *p_key,
mxq_u2 csid_param)
{
int rc;
mxq_err_t mxq_rc;
byte result_public_key[1 + (2 * ECC256_KEYSIZE)];
mxq_length key_len_param = sizeof(result_public_key);
XMEMSET(result_public_key, 0, key_len_param);

rc = wolfSSL_CryptHwMutexLock();
if (rc != 0) {
return rc;
}

mxq_rc = MXQ_Ecdh_Compute_Shared(MXQ_KEYPARAM_EC_P256R1,
NULL, result_public_key,
key_len_param, csid_param);
wolfSSL_CryptHwMutexUnLock();
if (mxq_rc) {
WOLFSSL_ERROR_MSG("MAXQ: MXQ_Ecdh_Compute_Shared() failed");
return WC_HW_E;
}

/* client public key */
p_key->state = 0;

rc = wc_ecc_set_curve(p_key, ECC256_KEYSIZE, ECC_SECP256R1);
if (rc != 0) {
WOLFSSL_ERROR_MSG("MAXQ: wc_ecc_set_curve() failed");
return rc;
}

p_key->flags = WC_ECC_FLAG_NONE;
p_key->type = ECC_PUBLICKEY;

rc = mp_read_unsigned_bin(p_key->pubkey.x, &result_public_key[1],
ECC256_KEYSIZE);
if (rc != 0) {
WOLFSSL_ERROR_MSG("MAXQ: mp_read_unsigned_bin() failed");
return rc;
}

rc = mp_read_unsigned_bin(p_key->pubkey.y,
&result_public_key[1 + ECC256_KEYSIZE],
ECC256_KEYSIZE);
if (rc != 0) {
WOLFSSL_ERROR_MSG("MAXQ: mp_read_unsigned_bin() failed");
return rc;
}

p_key->maxq_ctx.hw_storage = 1;
return rc;
}

#endif /* MAXQ_ECC */

#ifdef MAXQ_RNG
Expand Down Expand Up @@ -1343,11 +1457,17 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if defined(HAVE_ECC) && defined(MAXQ_ECC)
if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
/* TODO */
rc = maxq10xx_ecc_key_gen(NULL,
info->pk.eckg.key,
info->pk.eckg.size,
info->pk.eckg.curveId,
NULL);
return CRYPTOCB_UNAVAILABLE;
}
else if (info->pk.type == WC_PK_TYPE_ECDH) {
/* TODO */
/* Note that 0xC02B is a dummy value: ECDHE-ECDSA-AES128-CCM-8 */
rc = maxq10xx_compute_ecc_shared_secret(info->pk.ecdh.public_key,
0xC02B);
return CRYPTOCB_UNAVAILABLE;
}
else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
Expand Down Expand Up @@ -2035,13 +2155,9 @@ static int maxq10xx_tls12_ecc_shared_secret(WOLFSSL* ssl, ecc_key* otherKey,
int side, void* ctx)
{
int rc;
mxq_err_t mxq_rc;
ecc_key *p_key = NULL;
mxq_length key_len_param;
mxq_u1* server_public_key_param;
mxq_u2 csid_param = ssl->options.cipherSuite |
(ssl->options.cipherSuite0 << 8);
byte result_public_key[1 + (2 * ECC256_KEYSIZE)];
(void)ctx;
(void)otherKey;
(void)out;
Expand All @@ -2066,62 +2182,17 @@ static int maxq10xx_tls12_ecc_shared_secret(WOLFSSL* ssl, ecc_key* otherKey,
return rc;
}

p_key = (ecc_key*)ssl->hsKey;

rc = wolfSSL_CryptHwMutexLock();
p_key = ssl->hsKey;
rc = maxq10xx_compute_ecc_shared_secret(p_key, csid_param);
if (rc != 0) {
return rc;
}

XMEMSET(result_public_key, 0, sizeof(result_public_key));

server_public_key_param = NULL;
key_len_param = sizeof(result_public_key);

mxq_rc = MXQ_Ecdh_Compute_Shared(MXQ_KEYPARAM_EC_P256R1,
server_public_key_param, result_public_key,
key_len_param, csid_param);
if (mxq_rc) {
WOLFSSL_ERROR_MSG("MAXQ: MXQ_Ecdh_Compute_Shared() failed");
wolfSSL_CryptHwMutexUnLock();
return WC_HW_E;
}

wolfSSL_CryptHwMutexUnLock();

/* client public key */
p_key->state = 0;

rc = wc_ecc_set_curve(p_key, ECC256_KEYSIZE, ECC_SECP256R1);
if (rc != 0) {
WOLFSSL_ERROR_MSG("MAXQ: wc_ecc_set_curve() failed");
return rc;
}

p_key->flags = WC_ECC_FLAG_NONE;
p_key->type = ECC_PUBLICKEY;

rc = mp_read_unsigned_bin(p_key->pubkey.x, &result_public_key[1],
ECC256_KEYSIZE);
if (rc != 0) {
WOLFSSL_ERROR_MSG("MAXQ: mp_read_unsigned_bin() failed");
return rc;
}

rc = mp_read_unsigned_bin(p_key->pubkey.y,
&result_public_key[1 + ECC256_KEYSIZE],
ECC256_KEYSIZE);
rc = wc_ecc_export_x963(p_key, pubKeyDer, pubKeySz);
if (rc != 0) {
WOLFSSL_ERROR_MSG("MAXQ: mp_read_unsigned_bin() failed");
return rc;
}

p_key->maxq_ctx.hw_storage = 1;

PRIVATE_KEY_UNLOCK();
rc = wc_ecc_export_x963(p_key, pubKeyDer, pubKeySz);
PRIVATE_KEY_LOCK();

return rc;
}

Expand Down Expand Up @@ -2344,49 +2415,6 @@ static int maxq10xx_dh_agree(WOLFSSL* ssl, struct DhKey* key,
return rc;
}

static int maxq10xx_ecc_key_gen(WOLFSSL* ssl, ecc_key* key, word32 keySz,
int ecc_curve, void* ctx)
{
int rc;
mxq_err_t mxq_rc;
unsigned char mxq_key[MAX_EC_KEY_SIZE];
(void)ctx;
(void)ssl;

WOLFSSL_ENTER("maxq10xx_ecc_key_gen");

if (tls13_ecc_obj_id == -1) {
tls13_ecc_obj_id = alloc_temp_key_id();
if (tls13_ecc_obj_id == -1) {
WOLFSSL_ERROR_MSG("MAXQ: alloc_temp_key_id() failed");
rc = NOT_COMPILED_IN;
return rc;
}
}

rc = wolfSSL_CryptHwMutexLock();
if (rc != 0) {
return rc;
}
mxq_rc = MXQ_TLS13_Generate_Key(mxq_key, tls13_ecc_obj_id, MXQ_KEYTYPE_ECC,
getMaxqKeyParamFromCurve(key->dp->id),
keySz, NULL, 0, NULL);

wolfSSL_CryptHwMutexUnLock();
if (mxq_rc) {
WOLFSSL_ERROR_MSG("MAXQ: MXQ_TLS13_Generate_Key() failed");
return WC_HW_E;
}

rc = wc_ecc_import_unsigned(key, (byte*)mxq_key, (byte*)mxq_key + keySz,
NULL, ecc_curve);
if (rc) {
WOLFSSL_ERROR_MSG("MAXQ: wc_ecc_import_raw_ex() failed");
}

return rc;
}

static int maxq10xx_ecc_verify(WOLFSSL* ssl, const byte* sig,
word32 sigSz, const byte* hash,
word32 hashSz, const byte* key,
Expand Down