diff --git a/cmake/README.md b/cmake/README.md index 077a436e4..838b31ffd 100644 --- a/cmake/README.md +++ b/cmake/README.md @@ -1,15 +1,8 @@ This is an example of adding the wolfSSL library as a subdirectory to a project -and using cmake to build. +and using cmake to build. Each subdirectory has a README file on how to build the example. -## Steps to build: - -``` -# clone or download the wolfssl bundle and put it in the subdirectory wolfssl -git clone https://github.com/wolfssl/wolfssl -mkdir build -cd build -cmake .. -DCMAKE_C_FLAGS=-I../include/ -make -./hash example_string -``` +## Example Builds: + +- user-settings-example (contains a very bare user_settings.h example) +- caam-nxp-example (contains an example of building with NXP SDK and CAAM) diff --git a/cmake/caam-nxp-example/CMakeLists.txt b/cmake/caam-nxp-example/CMakeLists.txt new file mode 100644 index 000000000..2d7c931bb --- /dev/null +++ b/cmake/caam-nxp-example/CMakeLists.txt @@ -0,0 +1,154 @@ +set(CMAKE_SYSTEM_NAME Generic) +CMAKE_MINIMUM_REQUIRED (VERSION 3.10.0) + +# ENABLE ASM +ENABLE_LANGUAGE(ASM) + +set(CMAKE_STATIC_LIBRARY_PREFIX) +set(CMAKE_STATIC_LIBRARY_SUFFIX) + +set(CMAKE_EXECUTABLE_LIBRARY_PREFIX) +set(CMAKE_EXECUTABLE_LIBRARY_SUFFIX) + +set(EXECUTABLE_OUTPUT_PATH ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_BUILD_TYPE}) +set(LIBRARY_OUTPUT_PATH ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_BUILD_TYPE}) + +project(wolfssl-caam-example) + +set(MCUX_SDK_PROJECT_NAME CSR_example_cm7.elf) + +message("Example cmake project including wolfSSL for NXP CAAM") + +# add global define to include user_settings.h +add_compile_definitions(WOLFSSL_USER_SETTINGS) +add_compile_definitions(CACHE_MODE_WRITE_THROUGH=1) +add_compile_definitions(CRYPTO_USE_DRIVER_CAAM) + +set(BUILD_SHARED_LIBS OFF) +set(WOLFSSL_EXAMPLES OFF) +set(WOLFSSL_CRYPT_TESTS OFF) +set(WOLFSSL_CAAM ON) +set(WOLFSSL_USER_SETTINGS ON) +set(WOLFSSL_CONFIG_H OFF) + +if (CONFIG_BIG_ENDIAN) + set(CMAKE_C_BYTE_ORDER BIG_ENDIAN) + set(CMAKE_CXX_BYTE_OREDER BIG_ENDIAN) +else () + set(CMAKE_C_BYTE_ORDER LITTLE_ENDIAN) + set(CMAKE_CXX_BYTE_OREDER LITTLE_ENDIAN) +endif() + +# include location to example user_settings.h +include_directories(wolfssl/IDE/MCUEXPRESSO/RT1170) + +# key name ProjDirPath is used in the example flags.cmake to find .ld files +set(ProjDirPath + ${CMAKE_CURRENT_BINARY_DIR} +) + +set(NXP_EXAMPE_FREERTOS + ${CMAKE_SOURCE_DIR}/boards/evkmimxrt1170/rtos_examples/freertos_hello/cm7/ +) +set(NXP_PROJECT_TEMPLATE + ${CMAKE_SOURCE_DIR}/devices/MIMXRT1176/project_template/ +) + + +include(${NXP_EXAMPE_FREERTOS}/armgcc/flags.cmake) +include(${NXP_EXAMPE_FREERTOS}/armgcc/config.cmake) + +include_directories( + ${NXP_PROJECT_TEMPLATE} + ${NXP_EXAMPE_FREERTOS} + rtos/freertos/freertos_kernel/include + rtos/freertos/freertos_kernel/portable/GCC/ARM_CM4F + devices/MIMXRT1176 + devices/MIMXRT1176/drivers + CMSIS/Core/Include +) + + +# add in our application and boad files +add_executable(${MCUX_SDK_PROJECT_NAME} + ${CMAKE_SOURCE_DIR}/CSR_example.c + + "${NXP_PROJECT_TEMPLATE}/pin_mux.c" + "${NXP_PROJECT_TEMPLATE}/pin_mux.h" + "${NXP_PROJECT_TEMPLATE}/board.c" + "${NXP_PROJECT_TEMPLATE}/board.h" + "${NXP_PROJECT_TEMPLATE}/clock_config.c" + "${NXP_PROJECT_TEMPLATE}/clock_config.h" + "${NXP_PROJECT_TEMPLATE}/peripherals.c" + "${NXP_PROJECT_TEMPLATE}/peripherals.h" + + "${NXP_EXAMPE_FREERTOS}/FreeRTOSConfig.h" + "${NXP_EXAMPE_FREERTOS}/dcd.c" + "${NXP_EXAMPE_FREERTOS}/dcd.h" + "${NXP_EXAMPE_FREERTOS}/evkmimxrt1170_connect_cm4_cm7side.jlinkscript" +) + +target_include_directories(${MCUX_SDK_PROJECT_NAME} PRIVATE + ${NXP_EXAMPE_FREERTOS} +) + +set(CMAKE_MODULE_PATH + ${CMAKE_SOURCE_DIR}/devices/MIMXRT1176/drivers + ${CMAKE_SOURCE_DIR}/rtos/freertos/freertos_kernel + ${CMAKE_SOURCE_DIR}/devices/MIMXRT1176 + ${CMAKE_SOURCE_DIR}/devices/MIMXRT1176/utilities + ${CMAKE_SOURCE_DIR}/components/uart + ${CMAKE_SOURCE_DIR}/components/serial_manager + ${CMAKE_SOURCE_DIR}/components/lists + ${CMAKE_SOURCE_DIR}/devices/MIMXRT1176/xip + ${CMAKE_SOURCE_DIR}/boards/evkmimxrt1170/xip + ${CMAKE_SOURCE_DIR}/devices/MIMXRT1176/drivers/cm7 + ${CMAKE_SOURCE_DIR}/components/silicon_id + ${CMAKE_SOURCE_DIR}/CMSIS/Core/Include +) + +# include modules +include(component_lpuart_adapter_MIMXRT1176_cm7) +include(component_serial_manager_MIMXRT1176_cm7) +include(component_lists_MIMXRT1176_cm7) +include(component_serial_manager_uart_MIMXRT1176_cm7) +include(component_silicon_id_MIMXRT1176_cm7) +include(device_MIMXRT1176_CMSIS_MIMXRT1176_cm7) +include(device_MIMXRT1176_startup_MIMXRT1176_cm7) +include(device_MIMXRT1176_system_MIMXRT1176_cm7) +include(utility_debug_console_MIMXRT1176_cm7) +include(utility_assert_MIMXRT1176_cm7) +include(utilities_misc_utilities_MIMXRT1176_cm7) +include(driver_clock_MIMXRT1176_cm7) +include(driver_lpuart_MIMXRT1176_cm7) +include(driver_common_MIMXRT1176_cm7) +include(driver_iomuxc_MIMXRT1176_cm7) +include(driver_igpio_MIMXRT1176_cm7) +include(driver_xip_device_MIMXRT1176_cm7) +include(driver_xip_board_evkmimxrt1170_MIMXRT1176_cm7) +include(driver_pmu_1_MIMXRT1176_cm7) +include(driver_dcdc_soc_MIMXRT1176_cm7) +include(driver_cache_armv7_m7_MIMXRT1176_cm7) +include(driver_anatop_ai_MIMXRT1176_cm7) +include(CMSIS_Include_core_cm_MIMXRT1176_cm7) +include(middleware_freertos-kernel_MIMXRT1176_cm7) +include(middleware_freertos-kernel_extension_MIMXRT1176_cm7) +include(middleware_freertos-kernel_heap_4_MIMXRT1176_cm7) + +# include CAAM module +include(driver_caam_MIMXRT1176_cm7) + +# include module hp snvs for RTC +include(driver_snvs_hp_MIMXRT1176_cm7) + +# pull in the wolfSSL CMakeLists.txt for building +add_subdirectory(wolfssl) + +TARGET_LINK_LIBRARIES(${MCUX_SDK_PROJECT_NAME} PRIVATE -Wl,--start-group) +target_link_libraries(${MCUX_SDK_PROJECT_NAME} PRIVATE m) +target_link_libraries(${MCUX_SDK_PROJECT_NAME} PRIVATE c) +target_link_libraries(${MCUX_SDK_PROJECT_NAME} PRIVATE gcc) +target_link_libraries(${MCUX_SDK_PROJECT_NAME} PRIVATE nosys) +target_link_libraries(${MCUX_SDK_PROJECT_NAME} PRIVATE wolfssl) +TARGET_LINK_LIBRARIES(${MCUX_SDK_PROJECT_NAME} PRIVATE -Wl,--end-group) + diff --git a/cmake/caam-nxp-example/CSR_example.c b/cmake/caam-nxp-example/CSR_example.c new file mode 100644 index 000000000..55da9ca1d --- /dev/null +++ b/cmake/caam-nxp-example/CSR_example.c @@ -0,0 +1,274 @@ +/* csr_example.c + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#include +#include "board.h" +#include "peripherals.h" +#include "pin_mux.h" +#include "clock_config.h" +#include "MIMXRT1176_cm7.h" +#include "fsl_debug_console.h" + + +/* wolfSSL includes */ +#include +#include +#include +#include +#include +#include + +#define LARGE_TEMP_SZ 4096 + +#if !defined(WOLFSSL_KEY_GEN) || !defined(WOLFSSL_CERT_GEN) || \ + !defined(WOLFSSL_CERT_REQ) + #error correct wolfSSL defines not set +#endif + +/* generate a key to use for signing */ +static int CreateKey(ecc_key* key, WC_RNG* rng) +{ + int ret; + + ret = wc_ecc_init_ex(key, NULL, WOLFSSL_CAAM_DEVID); + if (ret != 0) { + PRINTF("Key initialization failed: %d\r\n", ret); + return ret; + } + + ret = wc_ecc_make_key_ex(rng, 32, key, ECC_SECP256R1); + if (ret != 0) { + PRINTF("Key generation failed: %d\r\n", ret); + return ret; + } + + PRINTF("Successfully created a new key\r\n"); + return ret; +} + + +/* export the key that was generated */ +static int ExportKey(ecc_key* key, byte* der, word32* derSz, + byte* blob, word32* blobSz) +{ + int ret; + word32 i; + + PRINTF("\n\rExporting Key\r\n"); + ret = wc_EccKeyToDer(key, der, *derSz); + if (ret <= 0) { + PRINTF("Key To DER failed: %d\r\n", ret); + return ret; + } + *derSz = (word32)ret; + + PRINTF("DER of Key : "); + for (i = 0; i < *derSz; i++) + PRINTF("%02X", der[i]); + PRINTF("\r\n"); + + /* export private key in a black blob */ +#ifndef WOLFSSL_CAAM_BLOB + PRINTF("WOLFSSL_CAAM_BLOB not defined\r\n"); +#else + if (ret >= 0) { + /* using an arbitrary keymod, this needs to be the same as whats + * used for decapsulating the blob */ + byte mod[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; + int modSz = WC_CAAM_BLACK_KEYMOD_SZ; + int type = WC_CAAM_BLOB_BLACK; + + byte pri[MAX_ECC_BYTES]; + word32 priSz = MAX_ECC_BYTES; + + ret = wc_ecc_export_private_only(key, pri, &priSz); + if (ret >= 0) { + ret = wc_caamCreateBlob_ex(pri, priSz, blob, blobSz, type, mod, + modSz); + } + PRINTF("BLACK BLOB [%d] :", *blobSz); + for (i = 0; i < *blobSz; i++) + PRINTF("%02X", blob[i]); + PRINTF("\r\n"); + } +#endif + + return 0; +} + + +/* import the key into a wolfSSL structure */ +static int ImportKey(ecc_key* key, byte* der, int derSz, + byte* blob, int blobSz) +{ + int ret; + word32 idx = 0; + + /* clear out ecc_key structure */ + wc_ecc_free(key); + memset(key, 0, sizeof(ecc_key)); + + ret = wc_ecc_init_ex(key, NULL, WOLFSSL_CAAM_DEVID); + if (ret == 0) { + ret = wc_EccPrivateKeyDecode(der, &idx, key, derSz); + } + +#ifdef WOLFSSL_CAAM_BLOB + if (ret == 0) { + /* using an arbitrary keymod, this needs to be the same as whats + * used for decapsulating the blob */ + byte mod[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; + int modSz = WC_CAAM_BLACK_KEYMOD_SZ; + int type = WC_CAAM_BLOB_BLACK; + + byte pri[MAX_ECC_BYTES]; + word32 priSz = MAX_ECC_BYTES; + + ret = wc_caamOpenBlob_ex(blob, blobSz, pri, &priSz, type, mod, modSz); + + if (ret == 0) { + byte pub[MAX_ECC_BYTES]; + word32 pubSz = MAX_ECC_BYTES; + + ret = wc_ecc_export_x963(key, pub, &pubSz); + if (ret == 0) { + ret = wc_ecc_import_private_key(pri, priSz, pub, pubSz, key); + } + } + } +#endif + + + return ret; +} + + +/* setup structure for CSR, sign, and export it */ +static int CreateCSR(ecc_key* key, WC_RNG* rng, byte* csr, word32* csrSz) +{ + int ret; + Cert req; + int type = ECC_TYPE; /* also ava. RSA_TYPE, ED25519_TYPE */ + + ret = wc_InitCert(&req); + if (ret != 0) { + PRINTF("Init Cert failed: %d\r\n", ret); + } + + if (ret == 0) { + strncpy(req.subject.country, "US", CTC_NAME_SIZE); + strncpy(req.subject.state, "MT", CTC_NAME_SIZE); + strncpy(req.subject.locality, "Bozeman", CTC_NAME_SIZE); + strncpy(req.subject.org, "wolfSSL", CTC_NAME_SIZE); + strncpy(req.subject.unit, "Development", CTC_NAME_SIZE); + strncpy(req.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE); + strncpy(req.subject.email, "info@wolfssl.com", CTC_NAME_SIZE); + req.version = 0; + ret = wc_MakeCertReq_ex(&req, csr, *csrSz, type, key); + if (ret <= 0) { + PRINTF("Make Cert Req failed: %d\r\n", ret); + } + } + + if (ret > 0) { + req.sigType = CTC_SHA256wECDSA; + ret = wc_SignCert_ex(req.bodySz, req.sigType, csr, *csrSz, type, + key, rng); + if (ret <= 0) { + PRINTF("Sign Cert failed: %d\r\n", ret); + } + else { + int i; + + *csrSz = (word32)ret; + + PRINTF("\n\rCSR : "); + for (i = 0; i < ret; i++) + PRINTF("%02X", csr[i]); + PRINTF("\r\n"); + } + } + + return ret; +} + + +int main(void) +{ + ecc_key key; + WC_RNG rng; + int ret; + + /* Init board hardware. */ + BOARD_InitBootPins(); + BOARD_InitBootClocks(); + BOARD_InitBootPeripherals(); +#ifndef BOARD_INIT_DEBUG_CONSOLE_PERIPHERAL + /* Init FSL debug console. */ + BOARD_InitDebugConsole(); +#endif + + if (wolfCrypt_Init() != 0) { + PRINTF("Error initializing wolfCrypt!!\r\n"); + } + else { + byte der[LARGE_TEMP_SZ]; + byte blob[LARGE_TEMP_SZ]; + word32 blobSz = LARGE_TEMP_SZ; + word32 derSz = LARGE_TEMP_SZ; + + ret = wc_InitRng(&rng); + if (ret != 0) { + PRINTF("Failed to init RNG : %d\n", ret); + } + + if (ret == 0) + ret = CreateKey(&key, &rng); + if (ret >= 0) + ret = ExportKey(&key, der, &derSz, blob, &blobSz); + if (ret >= 0) + ret = ImportKey(&key, der, derSz, blob, blobSz); + if (ret >= 0) { + derSz = LARGE_TEMP_SZ; + ret = CreateCSR(&key, &rng, der, &derSz); + } + + wc_ecc_free(&key); + wc_FreeRng(&rng); + + PRINTF("Done\r\n"); + + /* last wolfSSL call in application before exit */ + wolfCrypt_Cleanup(); + } + + /* Force the counter to be placed into memory. */ + volatile static int i = 0 ; + /* Enter an infinite loop, just incrementing a counter. */ + while(1) { + i++ ; + /* 'Dummy' NOP to allow source level single stepping of + tight while() loop */ + __asm volatile ("nop"); + } + return 0 ; +} diff --git a/cmake/caam-nxp-example/PKCS7_example.c b/cmake/caam-nxp-example/PKCS7_example.c new file mode 100644 index 000000000..5337f0135 --- /dev/null +++ b/cmake/caam-nxp-example/PKCS7_example.c @@ -0,0 +1,378 @@ +/* PKCS7_example.c + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include "board.h" +#include "peripherals.h" +#include "pin_mux.h" +#include "clock_config.h" +#include "MIMXRT1176_cm7.h" +#include "fsl_debug_console.h" +#include "fsl_snvs_hp.h" + +/* wolfSSL includes */ +#include +#include +#include +#include +#include +#include + +#define LARGE_TMP_SIZE 4096 + +static int SetDate() +{ + snvs_hp_rtc_datetime_t rtcDate; + snvs_hp_rtc_config_t snvsRtcConfig; + + SNVS_HP_RTC_GetDefaultConfig(&snvsRtcConfig); + SNVS_HP_RTC_Init(SNVS, &snvsRtcConfig); + + /* Set a start date time and start RT */ + rtcDate.year = 2022U; + rtcDate.month = 12U; + rtcDate.day = 25U; + rtcDate.hour = 19U; + rtcDate.minute = 0; + rtcDate.second = 0; + + /* Set RTC time to default time and date and start the RTC */ + SNVS_HP_RTC_SetDatetime(SNVS, &rtcDate); + + return 0; +} + + +/* generate a key to use for signing */ +static int CreateKey(ecc_key* key, WC_RNG* rng) +{ + int ret; + + ret = wc_ecc_init_ex(key, NULL, WOLFSSL_CAAM_DEVID); + if (ret != 0) { + PRINTF("Key initialization failed: %d\r\n", ret); + return ret; + } + + ret = wc_ecc_make_key_ex(rng, 32, key, ECC_SECP256R1); + if (ret != 0) { + PRINTF("Key generation failed: %d\r\n", ret); + #if defined(configTOTAL_HEAP_SIZE) + if (configTOTAL_HEAP_SIZE < 10241 && ret == MEMORY_E) + PRINTF("Heap size set with configTOTAL_HEAP_SIZE is likely too " + "small\r\n"); + #endif + return ret; + } + + PRINTF("Successfully created a new key\r\n"); + return ret; +} + + +static int CreateCert(WC_RNG* rng, byte* out, int* outSz, + byte* keyOut, int* keySz) +{ + ecc_key key; + int ret; + Cert cert; + + ret = CreateKey(&key, rng); + + /* make cert with key */ + if (ret == 0) { + wc_InitCert(&cert); + + (void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.state, "MT", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.locality, "Bozeman", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.org, "yourOrgNameHere", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.unit, "yourUnitNameHere", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.commonName, "www.yourDomain.com", + CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.email, "yourEmail@yourDomain.com", + CTC_NAME_SIZE); + + cert.selfSigned = 1; + cert.isCA = 1; + cert.sigType = CTC_SHA256wECDSA; + + ret = wc_SetSubjectKeyIdFromPublicKey(&cert, NULL, &key); + if (ret != 0) { + PRINTF("Set subject key id from public key failed: %d\r\n", ret); + } + } + + if (ret == 0) { + ret = wc_MakeCert(&cert, out, *outSz, NULL, &key, rng); + if (ret < 0) { + PRINTF("MakeCert failed : %d [%s]\r\n", ret, + wc_GetErrorString(ret)); + } + } + + if (ret >= 0) { + ret = wc_SignCert(cert.bodySz, cert.sigType, out, *outSz, NULL, + &key, rng); + if (ret > 0) { + *outSz = ret; + ret = 0; + } + else { + PRINTF("Sign cert. failed: %d\r\n", ret); + } + } + + /* return DER version of key */ + if (ret == 0) { + PRINTF("\n\rExporting Key\r\n"); + ret = wc_EccKeyToDer(&key, keyOut, *keySz); + if (ret <= 0) { + PRINTF("Key To DER failed: %d\r\n", ret); + } + else { + *keySz = (word32)ret; + } + } + + return ret; +} + + +static int EnvelopData(WC_RNG* rng, byte* in, int inSz, + byte* cert, int certSz, + byte* key, int keySz, + byte* out, int* outSz) +{ + int ret = MEMORY_E; + PKCS7* pkcs7; + + /* create envelope */ + pkcs7 = wc_PKCS7_New(NULL, WOLFSSL_CAAM_DEVID); + if (pkcs7 != NULL) { + pkcs7->content = in; + pkcs7->contentSz = inSz; + pkcs7->contentOID = DATA; + pkcs7->encryptOID = AES256CBCb; + pkcs7->rng = rng; + + pkcs7->keyWrapOID = AES256_WRAP; + pkcs7->keyAgreeOID = dhSinglePass_stdDH_sha256kdf_scheme; + + ret = wc_PKCS7_AddRecipient_KARI(pkcs7, cert, certSz, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, + NULL, 0, 0); + if (ret < 0) { + PRINTF("PKCS7 add recipient failed: %d\r\n", ret); + } + } + + if (ret >= 0) { + ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, *outSz); + if (ret > 0) { + *outSz = ret; + } + else { + PRINTF("Encode enveloped data failed: %d\r\n", ret); + } + } + wc_PKCS7_Free(pkcs7); + + return ret; +} + +static int SignBundle(WC_RNG* rng, byte* content, int contentSz, + byte* cert, int certSz, + byte* key, int keySz, + byte* out, int* outSz) +{ + PKCS7* pkcs7; + int ret = MEMORY_E; + + pkcs7 = wc_PKCS7_New(NULL, WOLFSSL_CAAM_DEVID); + if (pkcs7 != NULL) { + wc_PKCS7_InitWithCert(pkcs7, cert, certSz); + + pkcs7->content = content; + pkcs7->contentSz = contentSz; + pkcs7->privateKey = key; + pkcs7->privateKeySz = keySz; + pkcs7->encryptOID = ECDSAk; + pkcs7->hashOID = SHA256h; + pkcs7->rng = rng; + + ret = wc_PKCS7_EncodeSignedData(pkcs7, out, *outSz); + if (ret > 0) { + *outSz = ret; + } + else { + PRINTF("Encode signed data failed: %d\r\n", ret); + } + } + + wc_PKCS7_Free(pkcs7); + return ret; +} + + +static int DecodeEnvelope(WC_RNG* rng, byte* content, int contentSz, + byte* cert, int certSz, byte* key, int keySz) +{ + int i; + int ret = 0; + PKCS7* pkcs7; + byte decoded[LARGE_TMP_SIZE]; + int decodedSz = LARGE_TMP_SIZE; + + pkcs7 = wc_PKCS7_New(NULL, WOLFSSL_CAAM_DEVID); + if (pkcs7 == NULL) { + ret = MEMORY_E; + } + + if (ret == 0) { + wc_PKCS7_InitWithCert(pkcs7, cert, certSz); + ret = wc_PKCS7_SetKey(pkcs7, key, keySz); + pkcs7->rng = rng; + } + + if (ret == 0) { + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, content, + contentSz, decoded, decodedSz); + } + + if (ret == 0 && decodedSz > 0) { + PRINTF("\r\nDecoded Data : "); + for (i = 0; i < decodedSz; i++) + PRINTF("%c", decoded[i]); + PRINTF("\r\n"); + } + + wc_PKCS7_Free(pkcs7); + return ret; +} + +static int VerifyBundle(WC_RNG* rng, byte* cert, int certSz, + byte* key, int keySz, byte* in, int inSz) +{ + PKCS7* pkcs7; + int ret = 0; + + pkcs7 = wc_PKCS7_New(NULL, WOLFSSL_CAAM_DEVID); + if (pkcs7 == NULL) { + ret = MEMORY_E; + } + + if (ret == 0) { + wc_PKCS7_InitWithCert(pkcs7, cert, certSz); + ret = wc_PKCS7_VerifySignedData(pkcs7, in, inSz); + } + + if (ret < 0) { + PRINTF("Verify failed with ret = %d\r\n", ret); + } + else { + PRINTF("Verified PKCS7 bundle\r\n"); + DecodeEnvelope(rng, pkcs7->content, pkcs7->contentSz, cert, certSz, key, + keySz); + } + + wc_PKCS7_Free(pkcs7); + return 0; +} + + +int main(void) +{ + int ret; + + /* Init board hardware. */ + BOARD_InitBootPins(); + BOARD_InitBootClocks(); + BOARD_InitBootPeripherals(); +#ifndef BOARD_INIT_DEBUG_CONSOLE_PERIPHERAL + /* Init FSL debug console. */ + BOARD_InitDebugConsole(); +#endif + + SetDate(); + if (wolfCrypt_Init() != 0) { + PRINTF("Issue with wolfCrypt init!!!\r\n"); + } + else { + WC_RNG rng; + byte cert[LARGE_TMP_SIZE]; + int certSz = LARGE_TMP_SIZE; + byte key[1024]; + int keySz = 1024; + byte msg[] = "Test message to envelop"; + byte env[LARGE_TMP_SIZE]; + int envSz = LARGE_TMP_SIZE; + byte bundle[LARGE_TMP_SIZE]; + int bundleSz = LARGE_TMP_SIZE; + + wc_InitRng(&rng); + + ret = CreateCert(&rng, cert, &certSz, key, &keySz); + if (ret >= 0) { + ret = EnvelopData(&rng, msg, sizeof(msg), cert, certSz, + key, keySz, env, &envSz); + } + + if (ret >= 0) { + ret = SignBundle(&rng, env, envSz, cert, certSz, + key, keySz, bundle, &bundleSz); + } + +// uncomment to print hex of PKCS7 bundle +// if (ret >= 0) { +// PRINTF("\r\nPKCS7 BUNDLE : "); +// for (i = 0; i < bundleSz; i++) +// PRINTF("%02X", bundle[i]); +// PRINTF("\r\n"); +// } + + /* verify and decode */ + if (ret >= 0) { + ret = VerifyBundle(&rng, cert, certSz, key, keySz, bundle, bundleSz); + } + + wc_FreeRng(&rng); + + if (ret >= 0) { + PRINTF("Done\r\n"); + } + else { + PRINTF("Failed!\r\n"); + } + wolfCrypt_Cleanup(); + } + + /* Force the counter to be placed into memory. */ + volatile static int i = 0 ; + /* Enter an infinite loop, just incrementing a counter. */ + while(1) { + i++ ; + /* 'Dummy' NOP to allow source level single stepping of + tight while() loop */ + __asm volatile ("nop"); + } + return 0 ; +} diff --git a/cmake/caam-nxp-example/README.md b/cmake/caam-nxp-example/README.md new file mode 100644 index 000000000..4f5dbe8dd --- /dev/null +++ b/cmake/caam-nxp-example/README.md @@ -0,0 +1,38 @@ +### Steps to setup + +- Download the NXP SDK for the board, in this case SDK_2.12.1_MIMXRT1170-EVK +(use the NXP SDK builder for creating the SDK https://mcuxpresso.nxp.com) +. Note to make sure that the SDK contains armgcc build examples. +- unzip / untar the SDK into this example directory +- make sure that arm cross compiler is available (on ubuntu this is sudo apt-get install gcc-arm-none-eabi) +- set the ARMGCC_DIR env. with `export ARMGCC_DIR=/usr` + +### Steps that the build.sh script does + +(note that you can rung build.sh to handle these steps) + +- place wolfssl directory into the example directory +- patch CAAM driver files for ECC/Blob use with wolfssl/IDE/MCUEXPRESSO/RT1170/fsl_caam_c.patch and wolfssl/IDE/MCUEXPRESSO/RT1170/fsl_caam_h.patch +- mkdir build && cd build +- copy over example linker files from boards/evkmimxrt1170/rtos_examples/freertos_hello/cm7/armgcc/ +- cmake .. -DCMAKE_TOOLCHAIN_FILE=../tools/cmake_toolchain_files/armgcc.cmake -DCMAKE_C_FLAGS=-I../wolfssl/IDE/MCUEXPRESSO/RT1170/ -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=debug +- make + +### Run the application +The resulting elf file will be placed in ./build/debug/ + +MCUExpresso documentation goes over multiple ways to flash an elf to the board, please see the documentation in `/docs/*` for guidance. + + +### Results of application + +``` +Successfully created a new key + +Exporting Key +DER of Key : 3077 2 1 1 420C61B5B3B7C8CEB D2DFC6217BCEA6F4686A9 52C 2892F6EEB4525EECDD6D9BFA0 A 6 82A8648CE3D 3 1 7A144 342 0 443BA77DCB38136 53758CBB35926DCEAD08E 997996184636DB23E43 099167BAC193BADE5A4 E1BDED17441 F247835DD363C624B2442771AA8 D8F3F77B8D7 +BLACK BLOB [80] :D0858F1E12E68BEE3D17F9567E3E 9DD772B83F388E45725 06C8086 8BD4A8C55C15E82928618D821ECA7298C6B4D3290F37DE042EE471F1184EC4EEC918D83 8B6C4BEAFA8BF63 73598D5DFFEC528 + +CSR : 3082 14B3081F2 2 1 030818F31 B30 9 6 355 4 613 2555331 B30 9 6 355 4 8 C 24D54311030 E 6 355 4 7 C 7426F7A656D616E311030 E 6 355 4 A C 7776F6C6653534C31143012 6 355 4 B C B446576656C6F706D656E7431183016 6 355 4 3 C F7777772E776F6C6673736C2E636F6D311F301D 6 92A864886F7 D 1 9 11610696E666F40776F6C6673736C2E636F6D30593013 6 72A8648CE3D 2 1 6 82A8648CE3D 3 1 7 342 0 443BA77DCB38136 53758CBB35926DCEAD08E 997996184636DB23E43 099167BAC193BADE5A4 E1BDED17441 F247835DD363C624B2442771AA8 D8F3F77B8D7A0 030 A 6 82A8648CE3D 4 3 2 348 03045 2203DE519A7942DF8607A613D90A432F7B8BAB8813B12 4442D137B 7DA A10779D 221 0B9E2 5B08DB0AC49B8AD45258460 E 2BC9CEB98CD1D69697856BF 88E4AAA78 +Done +``` diff --git a/cmake/caam-nxp-example/build.sh b/cmake/caam-nxp-example/build.sh new file mode 100755 index 000000000..16cc6e0ad --- /dev/null +++ b/cmake/caam-nxp-example/build.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# fail out if commands fail +set -e + +rm -rf build + + +# place wolfssl directory into the example directory +if [ ! -d wolfssl ]; then + echo "Cloning wolfssl..." + git clone --depth=1 git@github.com:wolfssl/wolfssl &> /dev/null +else + echo "Using exiting wolfssl directory" +fi + + +# patch CAAM driver files for ECC/Blob use with wolfssl/IDE/MCUEXPRESSO/RT1170/fsl_caam_c.patch and wolfssl/IDE/MCUEXPRESSO/RT1170/fsl_caam_h.patch +echo "Patching CAAM driver..." +cd devices/MIMXRT1176/drivers/ +if ! patch --dry-run -sfR < ../../../wolfssl/IDE/MCUEXPRESSO/RT1170/fsl_caam_c.patch &> /dev/null; then + echo " patching fsl_caam.c" + patch < ../../../wolfssl/IDE/MCUEXPRESSO/RT1170/fsl_caam_c.patch &> /dev/null +else + echo " existing fsl_caam.c patch in place" +fi +if ! patch --dry-run -sfR < ../../../wolfssl/IDE/MCUEXPRESSO/RT1170/fsl_caam_h.patch &> /dev/null; then + echo " patching fsl_caam.h" + patch < ../../../wolfssl/IDE/MCUEXPRESSO/RT1170/fsl_caam_h.patch &> /dev/null +else + echo " existing fsl_caam.h patch in place" +fi +cd ../../../ + +# mkdir build && cd build +mkdir build && cd build + +# copy over example linker files from boards/evkmimxrt1170/rtos_examples/freertos_hello/cm7/armgcc/ +cp ../boards/evkmimxrt1170/rtos_examples/freertos_hello/cm7/armgcc/*.ld . + +# use cmake to build +cmake .. -DCMAKE_TOOLCHAIN_FILE=../tools/cmake_toolchain_files/armgcc.cmake -DCMAKE_C_FLAGS=-I../wolfssl/IDE/MCUEXPRESSO/RT1170/ -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=debug +make + +echo "Done building elf, located now in ./build/debug" +exit 0 diff --git a/cmake/CMakeLists.txt b/cmake/user-setttings-example/CMakeLists.txt similarity index 93% rename from cmake/CMakeLists.txt rename to cmake/user-setttings-example/CMakeLists.txt index c2e4e23b1..1f67782c1 100644 --- a/cmake/CMakeLists.txt +++ b/cmake/user-setttings-example/CMakeLists.txt @@ -26,6 +26,6 @@ target_link_libraries(wolfssl PRIVATE ) # add in our application -add_executable(hash myApp.c) +add_executable(hash ${CMAKE_SOURCE_DIR}/../myApp.c) target_link_libraries(hash wolfssl) diff --git a/cmake/user-setttings-example/README.md b/cmake/user-setttings-example/README.md new file mode 100644 index 000000000..c6ce6fa35 --- /dev/null +++ b/cmake/user-setttings-example/README.md @@ -0,0 +1,13 @@ +## Steps to build: + +``` +# clone or download the wolfssl bundle and put it in the subdirectory wolfssl +git clone https://github.com/wolfssl/wolfssl +mkdir build +cd build +cmake .. -DCMAKE_C_FLAGS=-I../include/ +make +./hash example_string +``` + + diff --git a/cmake/include/user_settings.h b/cmake/user-setttings-example/include/user_settings.h similarity index 100% rename from cmake/include/user_settings.h rename to cmake/user-setttings-example/include/user_settings.h