Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New additions for MAXQ with wolfPKCS11 #8343

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

New additions for MAXQ with wolfPKCS11 #8343

wants to merge 1 commit into from

Conversation

anhu
Copy link
Member

@anhu anhu commented Jan 8, 2025

  • Support using MAXQ for:
    • AES-ECB
    • AES-CCM
    • AES-CBC
    • ECC Key Generation and ECDH
  • in wc_ecc_import_private_key_ex():
    • check to make sure devId is not invalid before calling wc_MAXQ10XX_EccSetKey().
    • This is because the raspberry pi sometimes need to sign stuff.
  • in aes_set_key() and ecc_set_key():
    • delete a key in case it already exists; ignore error since it might not exist.
    • unlock, lock the HW mutex around ECDSA_sign() because it needs access to rng
  • in wolfSSL_MAXQ10XX_CryptoDevCb:
    • allow maxq1065 to call the crypto callback.
    • do not set the key during signing; use pre provisioned one instead (DEVICE_KEY_PAIR_OBJ_ID)

@anhu anhu requested a review from wolfSSL-Bot January 8, 2025 23:32
@anhu anhu self-assigned this Jan 8, 2025
dgarske
dgarske requested changes Jan 8, 2025
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work

wolfcrypt/src/port/maxim/maxq10xx.c Outdated
return rc;
}

memset(fixed_info, 0xaa, fixed_info_len);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use XMEMSET

wolfcrypt/src/port/maxim/maxq10xx.c Outdated
/* Output contains the public key and shared secret concatenated. The public
* key is (0x04 || X || Y) which means its 65 bytes. The shared secret is
* in the 32 bytes after that. */
memcpy(ss, &output[65], *ss_len);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

XMEMCPY

@anhu
New additions for MAXQ with wolfPKCS11
accce53 
- Support using MAXQ for:
    - AES-ECB
    - AES-CCM
    - AES-CBC
    - ECC Key Generation and ECDH
- in wc_ecc_import_private_key_ex():
    - check to make sure devId is not invalid before calling wc_MAXQ10XX_EccSetKey().
    - This is because the raspberry pi sometimes need to sign stuff.
- in aes_set_key() and ecc_set_key():
    - delete a key in case it already exists; ignore error since it might not exist.
    - unlock, lock the HW mutex around ECDSA_sign() because it needs access to rng
- in wolfSSL_MAXQ10XX_CryptoDevCb:
    - allow maxq1065 to call the crypto callback.
    - do not set the key during signing; use pre provisioned one instead (DEVICE_KEY_PAIR_OBJ_ID)
@anhu anhu requested a review from dgarske January 9, 2025 00:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wolfSSL-Bot wolfSSL-Bot Awaiting requested review from wolfSSL-Bot

@dgarske dgarske Awaiting requested review from dgarske

Requested changes must be addressed to merge this pull request.

Assignees

@anhu anhu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@anhu @dgarske