cjson
fuzzing
inputs
test1 test10 test11 test2 test3 test3.bu test3.uf test3.uu test4 test5 test6 test7 test8 test9library_config
cJSONConfig.cmake.in cJSONConfigVersion.cmake.in libcjson.pc.in libcjson_utils.pc.in uninstall.cmaketests
inputs
test1 test1.expected test10 test10.expected test11 test11.expected test2 test2.expected test3 test3.expected test4 test4.expected test5 test5.expected test6 test7 test7.expected test8 test8.expected test9 test9.expectedjson-patch-tests
.editorconfig .gitignore .npmignore README.md cjson-utils-tests.json package.json spec_tests.json tests.jsonunity
auto
colour_prompt.rb colour_reporter.rb generate_config.yml generate_module.rb generate_test_runner.rb parse_output.rb stylize_as_junit.rb test_file_filter.rb type_sanitizer.rb unity_test_summary.py unity_test_summary.rb unity_to_junit.pydocs
ThrowTheSwitchCodingStandard.md UnityAssertionsCheatSheetSuitableforPrintingandPossiblyFraming.pdf UnityAssertionsReference.md UnityConfigurationGuide.md UnityGettingStartedGuide.md UnityHelperScriptsGuide.md license.txtexamples
unity_config.hcurl
.github
scripts
cleancmd.pl cmp-config.pl cmp-pkg-config.sh codespell-ignore.words codespell.sh distfiles.sh pyspelling.words pyspelling.yaml randcurl.pl requirements-docs.txt requirements-proselint.txt requirements.txt shellcheck-ci.sh shellcheck.sh spellcheck.curl trimmarkdownheader.pl typos.sh typos.toml verify-examples.pl verify-synopsis.pl yamlcheck.sh yamlcheck.yamlworkflows
appveyor-status.yml checkdocs.yml checksrc.yml checkurls.yml codeql.yml configure-vs-cmake.yml curl-for-win.yml distcheck.yml fuzz.yml http3-linux.yml label.yml linux-old.yml linux.yml macos.yml non-native.yml windows.ymlCMake
CurlSymbolHiding.cmake CurlTests.c FindBrotli.cmake FindCares.cmake FindGSS.cmake FindGnuTLS.cmake FindLDAP.cmake FindLibbacktrace.cmake FindLibgsasl.cmake FindLibidn2.cmake FindLibpsl.cmake FindLibssh.cmake FindLibssh2.cmake FindLibuv.cmake FindMbedTLS.cmake FindNGHTTP2.cmake FindNGHTTP3.cmake FindNGTCP2.cmake FindNettle.cmake FindQuiche.cmake FindRustls.cmake FindWolfSSL.cmake FindZstd.cmake Macros.cmake OtherTests.cmake PickyWarnings.cmake Utilities.cmake cmake_uninstall.in.cmake curl-config.in.cmake unix-cache.cmake win32-cache.cmakedocs
cmdline-opts
.gitignore CMakeLists.txt MANPAGE.md Makefile.am Makefile.inc _AUTHORS.md _BUGS.md _DESCRIPTION.md _ENVIRONMENT.md _EXITCODES.md _FILES.md _GLOBBING.md _NAME.md _OPTIONS.md _OUTPUT.md _PROGRESS.md _PROTOCOLS.md _PROXYPREFIX.md _SEEALSO.md _SYNOPSIS.md _URL.md _VARIABLES.md _VERSION.md _WWW.md abstract-unix-socket.md alt-svc.md anyauth.md append.md aws-sigv4.md basic.md ca-native.md cacert.md capath.md cert-status.md cert-type.md cert.md ciphers.md compressed-ssh.md compressed.md config.md connect-timeout.md connect-to.md continue-at.md cookie-jar.md cookie.md create-dirs.md create-file-mode.md crlf.md crlfile.md curves.md data-ascii.md data-binary.md data-raw.md data-urlencode.md data.md delegation.md digest.md disable-eprt.md disable-epsv.md disable.md disallow-username-in-url.md dns-interface.md dns-ipv4-addr.md dns-ipv6-addr.md dns-servers.md doh-cert-status.md doh-insecure.md doh-url.md dump-ca-embed.md dump-header.md ech.md egd-file.md engine.md etag-compare.md etag-save.md expect100-timeout.md fail-early.md fail-with-body.md fail.md false-start.md follow.md form-escape.md form-string.md form.md ftp-account.md ftp-alternative-to-user.md ftp-create-dirs.md ftp-method.md ftp-pasv.md ftp-port.md ftp-pret.md ftp-skip-pasv-ip.md ftp-ssl-ccc-mode.md ftp-ssl-ccc.md ftp-ssl-control.md get.md globoff.md happy-eyeballs-timeout-ms.md haproxy-clientip.md haproxy-protocol.md head.md header.md help.md hostpubmd5.md hostpubsha256.md hsts.md http0.9.md http1.0.md http1.1.md http2-prior-knowledge.md http2.md http3-only.md http3.md ignore-content-length.md insecure.md interface.md ip-tos.md ipfs-gateway.md ipv4.md ipv6.md json.md junk-session-cookies.md keepalive-cnt.md keepalive-time.md key-type.md key.md knownhosts.md krb.md libcurl.md limit-rate.md list-only.md local-port.md location-trusted.md location.md login-options.md mail-auth.md mail-from.md mail-rcpt-allowfails.md mail-rcpt.md mainpage.idx manual.md max-filesize.md max-redirs.md max-time.md metalink.md mptcp.md negotiate.md netrc-file.md netrc-optional.md netrc.md next.md no-alpn.md no-buffer.md no-clobber.md no-keepalive.md no-npn.md no-progress-meter.md no-sessionid.md noproxy.md ntlm-wb.md ntlm.md oauth2-bearer.md out-null.md output-dir.md output.md parallel-immediate.md parallel-max-host.md parallel-max.md parallel.md pass.md path-as-is.md pinnedpubkey.md post301.md post302.md post303.md preproxy.md progress-bar.md proto-default.md proto-redir.md proto.md proxy-anyauth.md proxy-basic.md proxy-ca-native.md proxy-cacert.md proxy-capath.md proxy-cert-type.md proxy-cert.md proxy-ciphers.md proxy-crlfile.md proxy-digest.md proxy-header.md proxy-http2.md proxy-insecure.md proxy-key-type.md proxy-key.md proxy-negotiate.md proxy-ntlm.md proxy-pass.md proxy-pinnedpubkey.md proxy-service-name.md proxy-ssl-allow-beast.md proxy-ssl-auto-client-cert.md proxy-tls13-ciphers.md proxy-tlsauthtype.md proxy-tlspassword.md proxy-tlsuser.md proxy-tlsv1.md proxy-user.md proxy.md proxy1.0.md proxytunnel.md pubkey.md quote.md random-file.md range.md rate.md raw.md referer.md remote-header-name.md remote-name-all.md remote-name.md remote-time.md remove-on-error.md request-target.md request.md resolve.md retry-all-errors.md retry-connrefused.md retry-delay.md retry-max-time.md retry.md sasl-authzid.md sasl-ir.md service-name.md show-error.md show-headers.md sigalgs.md silent.md skip-existing.md socks4.md socks4a.md socks5-basic.md socks5-gssapi-nec.md socks5-gssapi-service.md socks5-gssapi.md socks5-hostname.md socks5.md speed-limit.md speed-time.md ssl-allow-beast.md ssl-auto-client-cert.md ssl-no-revoke.md ssl-reqd.md ssl-revoke-best-effort.md ssl-sessions.md ssl.md sslv2.md sslv3.md stderr.md styled-output.md suppress-connect-headers.md tcp-fastopen.md tcp-nodelay.md telnet-option.md tftp-blksize.md tftp-no-options.md time-cond.md tls-earlydata.md tls-max.md tls13-ciphers.md tlsauthtype.md tlspassword.md tlsuser.md tlsv1.0.md tlsv1.1.md tlsv1.2.md tlsv1.3.md tlsv1.md tr-encoding.md trace-ascii.md trace-config.md trace-ids.md trace-time.md trace.md unix-socket.md upload-file.md upload-flags.md url-query.md url.md use-ascii.md user-agent.md user.md variable.md verbose.md version.md vlan-priority.md write-out.md xattr.mdexamples
.checksrc .gitignore 10-at-a-time.c CMakeLists.txt Makefile.am Makefile.example Makefile.inc README.md adddocsref.pl address-scope.c altsvc.c anyauthput.c block_ip.c cacertinmem.c certinfo.c chkspeed.c connect-to.c cookie_interface.c crawler.c debug.c default-scheme.c ephiperfifo.c evhiperfifo.c externalsocket.c fileupload.c ftp-delete.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c ftpsget.c ftpupload.c ftpuploadfrommem.c ftpuploadresume.c getinfo.c getinmemory.c getredirect.c getreferrer.c ghiper.c headerapi.c hiperfifo.c hsts-preload.c htmltidy.c htmltitle.cpp http-options.c http-post.c http2-download.c http2-pushinmemory.c http2-serverpush.c http2-upload.c http3-present.c http3.c httpcustomheader.c httpput-postfields.c httpput.c https.c imap-append.c imap-authzid.c imap-copy.c imap-create.c imap-delete.c imap-examine.c imap-fetch.c imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c imap-tls.c interface.c ipv6.c keepalive.c localport.c log_failed_transfers.c maxconnects.c multi-app.c multi-debugcallback.c multi-double.c multi-event.c multi-formadd.c multi-legacy.c multi-post.c multi-single.c multi-uv.c netrc.c parseurl.c persistent.c pop3-authzid.c pop3-dele.c pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c postinmemory.c postit2-formadd.c postit2.c progressfunc.c protofeats.c range.c resolve.c rtsp-options.c sendrecv.c sepheaders.c sessioninfo.c sftpget.c sftpuploadresume.c shared-connection-cache.c simple.c simplepost.c simplessl.c smooth-gtk-thread.c smtp-authzid.c smtp-expn.c smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c smtp-tls.c smtp-vrfy.c sslbackend.c synctime.c threaded.c unixsocket.c url2file.c urlapi.c usercertinmem.c version-check.pl websocket-cb.c websocket-updown.c websocket.c xmlstream.cinternals
BUFQ.md BUFREF.md CHECKSRC.md CLIENT-READERS.md CLIENT-WRITERS.md CODE_STYLE.md CONNECTION-FILTERS.md CREDENTIALS.md CURLX.md DYNBUF.md HASH.md LLIST.md MID.md MQTT.md MULTI-EV.md NEW-PROTOCOL.md PEERS.md PORTING.md RATELIMITS.md README.md SCORECARD.md SPLAY.md STRPARSE.md THRDPOOL-AND-QUEUE.md TIME-KEEPING.md TLS-SESSIONS.md UINT_SETS.md WEBSOCKET.mdlibcurl
opts
CMakeLists.txt CURLINFO_ACTIVESOCKET.md CURLINFO_APPCONNECT_TIME.md CURLINFO_APPCONNECT_TIME_T.md CURLINFO_CAINFO.md CURLINFO_CAPATH.md CURLINFO_CERTINFO.md CURLINFO_CONDITION_UNMET.md CURLINFO_CONNECT_TIME.md CURLINFO_CONNECT_TIME_T.md CURLINFO_CONN_ID.md CURLINFO_CONTENT_LENGTH_DOWNLOAD.md CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md CURLINFO_CONTENT_LENGTH_UPLOAD.md CURLINFO_CONTENT_LENGTH_UPLOAD_T.md CURLINFO_CONTENT_TYPE.md CURLINFO_COOKIELIST.md CURLINFO_EARLYDATA_SENT_T.md CURLINFO_EFFECTIVE_METHOD.md CURLINFO_EFFECTIVE_URL.md CURLINFO_FILETIME.md CURLINFO_FILETIME_T.md CURLINFO_FTP_ENTRY_PATH.md CURLINFO_HEADER_SIZE.md CURLINFO_HTTPAUTH_AVAIL.md CURLINFO_HTTPAUTH_USED.md CURLINFO_HTTP_CONNECTCODE.md CURLINFO_HTTP_VERSION.md CURLINFO_LASTSOCKET.md CURLINFO_LOCAL_IP.md CURLINFO_LOCAL_PORT.md CURLINFO_NAMELOOKUP_TIME.md CURLINFO_NAMELOOKUP_TIME_T.md CURLINFO_NUM_CONNECTS.md CURLINFO_OS_ERRNO.md CURLINFO_POSTTRANSFER_TIME_T.md CURLINFO_PRETRANSFER_TIME.md CURLINFO_PRETRANSFER_TIME_T.md CURLINFO_PRIMARY_IP.md CURLINFO_PRIMARY_PORT.md CURLINFO_PRIVATE.md CURLINFO_PROTOCOL.md CURLINFO_PROXYAUTH_AVAIL.md CURLINFO_PROXYAUTH_USED.md CURLINFO_PROXY_ERROR.md CURLINFO_PROXY_SSL_VERIFYRESULT.md CURLINFO_QUEUE_TIME_T.md CURLINFO_REDIRECT_COUNT.md CURLINFO_REDIRECT_TIME.md CURLINFO_REDIRECT_TIME_T.md CURLINFO_REDIRECT_URL.md CURLINFO_REFERER.md CURLINFO_REQUEST_SIZE.md CURLINFO_RESPONSE_CODE.md CURLINFO_RETRY_AFTER.md CURLINFO_RTSP_CLIENT_CSEQ.md CURLINFO_RTSP_CSEQ_RECV.md CURLINFO_RTSP_SERVER_CSEQ.md CURLINFO_RTSP_SESSION_ID.md CURLINFO_SCHEME.md CURLINFO_SIZE_DELIVERED.md CURLINFO_SIZE_DOWNLOAD.md CURLINFO_SIZE_DOWNLOAD_T.md CURLINFO_SIZE_UPLOAD.md CURLINFO_SIZE_UPLOAD_T.md CURLINFO_SPEED_DOWNLOAD.md CURLINFO_SPEED_DOWNLOAD_T.md CURLINFO_SPEED_UPLOAD.md CURLINFO_SPEED_UPLOAD_T.md CURLINFO_SSL_ENGINES.md CURLINFO_SSL_VERIFYRESULT.md CURLINFO_STARTTRANSFER_TIME.md CURLINFO_STARTTRANSFER_TIME_T.md CURLINFO_TLS_SESSION.md CURLINFO_TLS_SSL_PTR.md CURLINFO_TOTAL_TIME.md CURLINFO_TOTAL_TIME_T.md CURLINFO_USED_PROXY.md CURLINFO_XFER_ID.md CURLMINFO_XFERS_ADDED.md CURLMINFO_XFERS_CURRENT.md CURLMINFO_XFERS_DONE.md CURLMINFO_XFERS_PENDING.md CURLMINFO_XFERS_RUNNING.md CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md CURLMOPT_MAXCONNECTS.md CURLMOPT_MAX_CONCURRENT_STREAMS.md CURLMOPT_MAX_HOST_CONNECTIONS.md CURLMOPT_MAX_PIPELINE_LENGTH.md CURLMOPT_MAX_TOTAL_CONNECTIONS.md CURLMOPT_NETWORK_CHANGED.md CURLMOPT_NOTIFYDATA.md CURLMOPT_NOTIFYFUNCTION.md CURLMOPT_PIPELINING.md CURLMOPT_PIPELINING_SERVER_BL.md CURLMOPT_PIPELINING_SITE_BL.md CURLMOPT_PUSHDATA.md CURLMOPT_PUSHFUNCTION.md CURLMOPT_QUICK_EXIT.md CURLMOPT_RESOLVE_THREADS_MAX.md CURLMOPT_SOCKETDATA.md CURLMOPT_SOCKETFUNCTION.md CURLMOPT_TIMERDATA.md CURLMOPT_TIMERFUNCTION.md CURLOPT_ABSTRACT_UNIX_SOCKET.md CURLOPT_ACCEPTTIMEOUT_MS.md CURLOPT_ACCEPT_ENCODING.md CURLOPT_ADDRESS_SCOPE.md CURLOPT_ALTSVC.md CURLOPT_ALTSVC_CTRL.md CURLOPT_APPEND.md CURLOPT_AUTOREFERER.md CURLOPT_AWS_SIGV4.md CURLOPT_BUFFERSIZE.md CURLOPT_CAINFO.md CURLOPT_CAINFO_BLOB.md CURLOPT_CAPATH.md CURLOPT_CA_CACHE_TIMEOUT.md CURLOPT_CERTINFO.md CURLOPT_CHUNK_BGN_FUNCTION.md CURLOPT_CHUNK_DATA.md CURLOPT_CHUNK_END_FUNCTION.md CURLOPT_CLOSESOCKETDATA.md CURLOPT_CLOSESOCKETFUNCTION.md CURLOPT_CONNECTTIMEOUT.md CURLOPT_CONNECTTIMEOUT_MS.md CURLOPT_CONNECT_ONLY.md CURLOPT_CONNECT_TO.md CURLOPT_CONV_FROM_NETWORK_FUNCTION.md CURLOPT_CONV_FROM_UTF8_FUNCTION.md CURLOPT_CONV_TO_NETWORK_FUNCTION.md CURLOPT_COOKIE.md CURLOPT_COOKIEFILE.md CURLOPT_COOKIEJAR.md CURLOPT_COOKIELIST.md CURLOPT_COOKIESESSION.md CURLOPT_COPYPOSTFIELDS.md CURLOPT_CRLF.md CURLOPT_CRLFILE.md CURLOPT_CURLU.md CURLOPT_CUSTOMREQUEST.md CURLOPT_DEBUGDATA.md CURLOPT_DEBUGFUNCTION.md CURLOPT_DEFAULT_PROTOCOL.md CURLOPT_DIRLISTONLY.md CURLOPT_DISALLOW_USERNAME_IN_URL.md CURLOPT_DNS_CACHE_TIMEOUT.md CURLOPT_DNS_INTERFACE.md CURLOPT_DNS_LOCAL_IP4.md CURLOPT_DNS_LOCAL_IP6.md CURLOPT_DNS_SERVERS.md CURLOPT_DNS_SHUFFLE_ADDRESSES.md CURLOPT_DNS_USE_GLOBAL_CACHE.md CURLOPT_DOH_SSL_VERIFYHOST.md CURLOPT_DOH_SSL_VERIFYPEER.md CURLOPT_DOH_SSL_VERIFYSTATUS.md CURLOPT_DOH_URL.md CURLOPT_ECH.md CURLOPT_EGDSOCKET.md CURLOPT_ERRORBUFFER.md CURLOPT_EXPECT_100_TIMEOUT_MS.md CURLOPT_FAILONERROR.md CURLOPT_FILETIME.md CURLOPT_FNMATCH_DATA.md CURLOPT_FNMATCH_FUNCTION.md CURLOPT_FOLLOWLOCATION.md CURLOPT_FORBID_REUSE.md CURLOPT_FRESH_CONNECT.md CURLOPT_FTPPORT.md CURLOPT_FTPSSLAUTH.md CURLOPT_FTP_ACCOUNT.md CURLOPT_FTP_ALTERNATIVE_TO_USER.md CURLOPT_FTP_CREATE_MISSING_DIRS.md CURLOPT_FTP_FILEMETHOD.md CURLOPT_FTP_SKIP_PASV_IP.md CURLOPT_FTP_SSL_CCC.md CURLOPT_FTP_USE_EPRT.md CURLOPT_FTP_USE_EPSV.md CURLOPT_FTP_USE_PRET.md CURLOPT_GSSAPI_DELEGATION.md CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md CURLOPT_HAPROXYPROTOCOL.md CURLOPT_HAPROXY_CLIENT_IP.md CURLOPT_HEADER.md CURLOPT_HEADERDATA.md CURLOPT_HEADERFUNCTION.md CURLOPT_HEADEROPT.md CURLOPT_HSTS.md CURLOPT_HSTSREADDATA.md CURLOPT_HSTSREADFUNCTION.md CURLOPT_HSTSWRITEDATA.md CURLOPT_HSTSWRITEFUNCTION.md CURLOPT_HSTS_CTRL.md CURLOPT_HTTP09_ALLOWED.md CURLOPT_HTTP200ALIASES.md CURLOPT_HTTPAUTH.md CURLOPT_HTTPGET.md CURLOPT_HTTPHEADER.md CURLOPT_HTTPPOST.md CURLOPT_HTTPPROXYTUNNEL.md CURLOPT_HTTP_CONTENT_DECODING.md CURLOPT_HTTP_TRANSFER_DECODING.md CURLOPT_HTTP_VERSION.md CURLOPT_IGNORE_CONTENT_LENGTH.md CURLOPT_INFILESIZE.md CURLOPT_INFILESIZE_LARGE.md CURLOPT_INTERFACE.md CURLOPT_INTERLEAVEDATA.md CURLOPT_INTERLEAVEFUNCTION.md CURLOPT_IOCTLDATA.md CURLOPT_IOCTLFUNCTION.md CURLOPT_IPRESOLVE.md CURLOPT_ISSUERCERT.md CURLOPT_ISSUERCERT_BLOB.md CURLOPT_KEEP_SENDING_ON_ERROR.md CURLOPT_KEYPASSWD.md CURLOPT_KRBLEVEL.md CURLOPT_LOCALPORT.md CURLOPT_LOCALPORTRANGE.md CURLOPT_LOGIN_OPTIONS.md CURLOPT_LOW_SPEED_LIMIT.md CURLOPT_LOW_SPEED_TIME.md CURLOPT_MAIL_AUTH.md CURLOPT_MAIL_FROM.md CURLOPT_MAIL_RCPT.md CURLOPT_MAIL_RCPT_ALLOWFAILS.md CURLOPT_MAXAGE_CONN.md CURLOPT_MAXCONNECTS.md CURLOPT_MAXFILESIZE.md CURLOPT_MAXFILESIZE_LARGE.md CURLOPT_MAXLIFETIME_CONN.md CURLOPT_MAXREDIRS.md CURLOPT_MAX_RECV_SPEED_LARGE.md CURLOPT_MAX_SEND_SPEED_LARGE.md CURLOPT_MIMEPOST.md CURLOPT_MIME_OPTIONS.md CURLOPT_NETRC.md CURLOPT_NETRC_FILE.md CURLOPT_NEW_DIRECTORY_PERMS.md CURLOPT_NEW_FILE_PERMS.md CURLOPT_NOBODY.md CURLOPT_NOPROGRESS.md CURLOPT_NOPROXY.md CURLOPT_NOSIGNAL.md CURLOPT_OPENSOCKETDATA.md CURLOPT_OPENSOCKETFUNCTION.md CURLOPT_PASSWORD.md CURLOPT_PATH_AS_IS.md CURLOPT_PINNEDPUBLICKEY.md CURLOPT_PIPEWAIT.md CURLOPT_PORT.md CURLOPT_POST.md CURLOPT_POSTFIELDS.md CURLOPT_POSTFIELDSIZE.md CURLOPT_POSTFIELDSIZE_LARGE.md CURLOPT_POSTQUOTE.md CURLOPT_POSTREDIR.md CURLOPT_PREQUOTE.md CURLOPT_PREREQDATA.md CURLOPT_PREREQFUNCTION.md CURLOPT_PRE_PROXY.md CURLOPT_PRIVATE.md CURLOPT_PROGRESSDATA.md CURLOPT_PROGRESSFUNCTION.md CURLOPT_PROTOCOLS.md CURLOPT_PROTOCOLS_STR.md CURLOPT_PROXY.md CURLOPT_PROXYAUTH.md CURLOPT_PROXYHEADER.md CURLOPT_PROXYPASSWORD.md CURLOPT_PROXYPORT.md CURLOPT_PROXYTYPE.md CURLOPT_PROXYUSERNAME.md CURLOPT_PROXYUSERPWD.md CURLOPT_PROXY_CAINFO.md CURLOPT_PROXY_CAINFO_BLOB.md CURLOPT_PROXY_CAPATH.md CURLOPT_PROXY_CRLFILE.md CURLOPT_PROXY_ISSUERCERT.md CURLOPT_PROXY_ISSUERCERT_BLOB.md CURLOPT_PROXY_KEYPASSWD.md CURLOPT_PROXY_PINNEDPUBLICKEY.md CURLOPT_PROXY_SERVICE_NAME.md CURLOPT_PROXY_SSLCERT.md CURLOPT_PROXY_SSLCERTTYPE.md CURLOPT_PROXY_SSLCERT_BLOB.md CURLOPT_PROXY_SSLKEY.md CURLOPT_PROXY_SSLKEYTYPE.md CURLOPT_PROXY_SSLKEY_BLOB.md CURLOPT_PROXY_SSLVERSION.md CURLOPT_PROXY_SSL_CIPHER_LIST.md CURLOPT_PROXY_SSL_OPTIONS.md CURLOPT_PROXY_SSL_VERIFYHOST.md CURLOPT_PROXY_SSL_VERIFYPEER.md CURLOPT_PROXY_TLS13_CIPHERS.md CURLOPT_PROXY_TLSAUTH_PASSWORD.md CURLOPT_PROXY_TLSAUTH_TYPE.md CURLOPT_PROXY_TLSAUTH_USERNAME.md CURLOPT_PROXY_TRANSFER_MODE.md CURLOPT_PUT.md CURLOPT_QUICK_EXIT.md CURLOPT_QUOTE.md CURLOPT_RANDOM_FILE.md CURLOPT_RANGE.md CURLOPT_READDATA.md CURLOPT_READFUNCTION.md CURLOPT_REDIR_PROTOCOLS.md CURLOPT_REDIR_PROTOCOLS_STR.md CURLOPT_REFERER.md CURLOPT_REQUEST_TARGET.md CURLOPT_RESOLVE.md CURLOPT_RESOLVER_START_DATA.md CURLOPT_RESOLVER_START_FUNCTION.md CURLOPT_RESUME_FROM.md CURLOPT_RESUME_FROM_LARGE.md CURLOPT_RTSP_CLIENT_CSEQ.md CURLOPT_RTSP_REQUEST.md CURLOPT_RTSP_SERVER_CSEQ.md CURLOPT_RTSP_SESSION_ID.md CURLOPT_RTSP_STREAM_URI.md CURLOPT_RTSP_TRANSPORT.md CURLOPT_SASL_AUTHZID.md CURLOPT_SASL_IR.md CURLOPT_SEEKDATA.md CURLOPT_SEEKFUNCTION.md CURLOPT_SERVER_RESPONSE_TIMEOUT.md CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md CURLOPT_SERVICE_NAME.md CURLOPT_SHARE.md CURLOPT_SOCKOPTDATA.md CURLOPT_SOCKOPTFUNCTION.md CURLOPT_SOCKS5_AUTH.md CURLOPT_SOCKS5_GSSAPI_NEC.md CURLOPT_SOCKS5_GSSAPI_SERVICE.md CURLOPT_SSH_AUTH_TYPES.md CURLOPT_SSH_COMPRESSION.md CURLOPT_SSH_HOSTKEYDATA.md CURLOPT_SSH_HOSTKEYFUNCTION.md CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md CURLOPT_SSH_KEYDATA.md CURLOPT_SSH_KEYFUNCTION.md CURLOPT_SSH_KNOWNHOSTS.md CURLOPT_SSH_PRIVATE_KEYFILE.md CURLOPT_SSH_PUBLIC_KEYFILE.md CURLOPT_SSLCERT.md CURLOPT_SSLCERTTYPE.md CURLOPT_SSLCERT_BLOB.md CURLOPT_SSLENGINE.md CURLOPT_SSLENGINE_DEFAULT.md CURLOPT_SSLKEY.md CURLOPT_SSLKEYTYPE.md CURLOPT_SSLKEY_BLOB.md CURLOPT_SSLVERSION.md CURLOPT_SSL_CIPHER_LIST.md CURLOPT_SSL_CTX_DATA.md CURLOPT_SSL_CTX_FUNCTION.md CURLOPT_SSL_EC_CURVES.md CURLOPT_SSL_ENABLE_ALPN.md CURLOPT_SSL_ENABLE_NPN.md CURLOPT_SSL_FALSESTART.md CURLOPT_SSL_OPTIONS.md CURLOPT_SSL_SESSIONID_CACHE.md CURLOPT_SSL_SIGNATURE_ALGORITHMS.md CURLOPT_SSL_VERIFYHOST.md CURLOPT_SSL_VERIFYPEER.md CURLOPT_SSL_VERIFYSTATUS.md CURLOPT_STDERR.md CURLOPT_STREAM_DEPENDS.md CURLOPT_STREAM_DEPENDS_E.md CURLOPT_STREAM_WEIGHT.md CURLOPT_SUPPRESS_CONNECT_HEADERS.md CURLOPT_TCP_FASTOPEN.md CURLOPT_TCP_KEEPALIVE.md CURLOPT_TCP_KEEPCNT.md CURLOPT_TCP_KEEPIDLE.md CURLOPT_TCP_KEEPINTVL.md CURLOPT_TCP_NODELAY.md CURLOPT_TELNETOPTIONS.md CURLOPT_TFTP_BLKSIZE.md CURLOPT_TFTP_NO_OPTIONS.md CURLOPT_TIMECONDITION.md CURLOPT_TIMEOUT.md CURLOPT_TIMEOUT_MS.md CURLOPT_TIMEVALUE.md CURLOPT_TIMEVALUE_LARGE.md CURLOPT_TLS13_CIPHERS.md CURLOPT_TLSAUTH_PASSWORD.md CURLOPT_TLSAUTH_TYPE.md CURLOPT_TLSAUTH_USERNAME.md CURLOPT_TRAILERDATA.md CURLOPT_TRAILERFUNCTION.md CURLOPT_TRANSFERTEXT.md CURLOPT_TRANSFER_ENCODING.md CURLOPT_UNIX_SOCKET_PATH.md CURLOPT_UNRESTRICTED_AUTH.md CURLOPT_UPKEEP_INTERVAL_MS.md CURLOPT_UPLOAD.md CURLOPT_UPLOAD_BUFFERSIZE.md CURLOPT_UPLOAD_FLAGS.md CURLOPT_URL.md CURLOPT_USERAGENT.md CURLOPT_USERNAME.md CURLOPT_USERPWD.md CURLOPT_USE_SSL.md CURLOPT_VERBOSE.md CURLOPT_WILDCARDMATCH.md CURLOPT_WRITEDATA.md CURLOPT_WRITEFUNCTION.md CURLOPT_WS_OPTIONS.md CURLOPT_XFERINFODATA.md CURLOPT_XFERINFOFUNCTION.md CURLOPT_XOAUTH2_BEARER.md CURLSHOPT_LOCKFUNC.md CURLSHOPT_SHARE.md CURLSHOPT_UNLOCKFUNC.md CURLSHOPT_UNSHARE.md CURLSHOPT_USERDATA.md Makefile.am Makefile.incinclude
curl
Makefile.am curl.h curlver.h easy.h header.h mprintf.h multi.h options.h stdcheaders.h system.h typecheck-gcc.h urlapi.h websockets.hlib
curlx
base64.c base64.h basename.c basename.h dynbuf.c dynbuf.h fopen.c fopen.h inet_ntop.c inet_ntop.h inet_pton.c inet_pton.h multibyte.c multibyte.h nonblock.c nonblock.h snprintf.c snprintf.h strcopy.c strcopy.h strdup.c strdup.h strerr.c strerr.h strparse.c strparse.h timediff.c timediff.h timeval.c timeval.h version_win32.c version_win32.h wait.c wait.h warnless.c warnless.h winapi.c winapi.hvauth
cleartext.c cram.c digest.c digest.h digest_sspi.c gsasl.c krb5_gssapi.c krb5_sspi.c ntlm.c ntlm_sspi.c oauth2.c spnego_gssapi.c spnego_sspi.c vauth.c vauth.hvquic
curl_ngtcp2.c curl_ngtcp2.h curl_quiche.c curl_quiche.h vquic-tls.c vquic-tls.h vquic.c vquic.h vquic_int.hvtls
apple.c apple.h cipher_suite.c cipher_suite.h gtls.c gtls.h hostcheck.c hostcheck.h keylog.c keylog.h mbedtls.c mbedtls.h openssl.c openssl.h rustls.c rustls.h schannel.c schannel.h schannel_int.h schannel_verify.c vtls.c vtls.h vtls_int.h vtls_scache.c vtls_scache.h vtls_spack.c vtls_spack.h wolfssl.c wolfssl.h x509asn1.c x509asn1.hm4
.gitignore curl-amissl.m4 curl-apple-sectrust.m4 curl-compilers.m4 curl-confopts.m4 curl-functions.m4 curl-gnutls.m4 curl-mbedtls.m4 curl-openssl.m4 curl-override.m4 curl-reentrant.m4 curl-rustls.m4 curl-schannel.m4 curl-sysconfig.m4 curl-wolfssl.m4 xc-am-iface.m4 xc-cc-check.m4 xc-lt-iface.m4 xc-val-flgs.m4 zz40-xc-ovr.m4 zz50-xc-ovr.m4projects
OS400
.checksrc README.OS400 ccsidcurl.c ccsidcurl.h config400.default curl.cmd curl.inc.in curlcl.c curlmain.c initscript.sh make-docs.sh make-include.sh make-lib.sh make-src.sh make-tests.sh makefile.sh os400sys.c os400sys.hWindows
tmpl
.gitattributes README.txt curl-all.sln curl.sln curl.vcxproj curl.vcxproj.filters libcurl.sln libcurl.vcxproj libcurl.vcxproj.filtersvms
Makefile.am backup_gnv_curl_src.com build_curl-config_script.com build_gnv_curl.com build_gnv_curl_pcsi_desc.com build_gnv_curl_pcsi_text.com build_gnv_curl_release_notes.com build_libcurl_pc.com build_vms.com clean_gnv_curl.com compare_curl_source.com config_h.com curl_crtl_init.c curl_gnv_build_steps.txt curl_release_note_start.txt curl_startup.com curlmsg.h curlmsg.msg curlmsg.sdl curlmsg_vms.h generate_config_vms_h_curl.com generate_vax_transfer.com gnv_conftest.c_first gnv_curl_configure.sh gnv_libcurl_symbols.opt gnv_link_curl.com macro32_exactcase.patch make_gnv_curl_install.sh make_pcsi_curl_kit_name.com pcsi_gnv_curl_file_list.txt pcsi_product_gnv_curl.com readme report_openssl_version.c setup_gnv_curl_build.com stage_curl_install.com vms_eco_level.hscripts
.checksrc CMakeLists.txt Makefile.am badwords badwords-all badwords.txt cd2cd cd2nroff cdall checksrc-all.pl checksrc.pl cmakelint.sh completion.pl contributors.sh contrithanks.sh coverage.sh delta dmaketgz extract-unit-protos firefox-db2pem.sh installcheck.sh maketgz managen mdlinkcheck mk-ca-bundle.pl mk-unity.pl nroff2cd perlcheck.sh pythonlint.sh randdisable release-notes.pl release-tools.sh schemetable.c singleuse.pl spacecheck.pl top-complexity top-length verify-release wcurlsrc
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc config2setopts.c config2setopts.h curl.rc curlinfo.c mk-file-embed.pl mkhelp.pl slist_wc.c slist_wc.h terminal.c terminal.h tool_cb_dbg.c tool_cb_dbg.h tool_cb_hdr.c tool_cb_hdr.h tool_cb_prg.c tool_cb_prg.h tool_cb_rea.c tool_cb_rea.h tool_cb_see.c tool_cb_see.h tool_cb_soc.c tool_cb_soc.h tool_cb_wrt.c tool_cb_wrt.h tool_cfgable.c tool_cfgable.h tool_dirhie.c tool_dirhie.h tool_doswin.c tool_doswin.h tool_easysrc.c tool_easysrc.h tool_filetime.c tool_filetime.h tool_findfile.c tool_findfile.h tool_formparse.c tool_formparse.h tool_getparam.c tool_getparam.h tool_getpass.c tool_getpass.h tool_help.c tool_help.h tool_helpers.c tool_helpers.h tool_hugehelp.h tool_ipfs.c tool_ipfs.h tool_libinfo.c tool_libinfo.h tool_listhelp.c tool_main.c tool_main.h tool_msgs.c tool_msgs.h tool_operate.c tool_operate.h tool_operhlp.c tool_operhlp.h tool_paramhlp.c tool_paramhlp.h tool_parsecfg.c tool_parsecfg.h tool_progress.c tool_progress.h tool_sdecls.h tool_setopt.c tool_setopt.h tool_setup.h tool_ssls.c tool_ssls.h tool_stderr.c tool_stderr.h tool_urlglob.c tool_urlglob.h tool_util.c tool_util.h tool_version.h tool_vms.c tool_vms.h tool_writeout.c tool_writeout.h tool_writeout_json.c tool_writeout_json.h tool_xattr.c tool_xattr.h var.c var.htests
certs
.gitignore CMakeLists.txt Makefile.am Makefile.inc genserv.pl srp-verifier-conf srp-verifier-db test-ca.cnf test-ca.prm test-client-cert.prm test-client-eku-only.prm test-localhost-san-first.prm test-localhost-san-last.prm test-localhost.nn.prm test-localhost.prm test-localhost0h.prmdata
.gitignore DISABLED Makefile.am data-xml1 data1400.c data1401.c data1402.c data1403.c data1404.c data1405.c data1406.c data1407.c data1420.c data1461.txt data1463.txt data1465.c data1481.c data1705-1.md data1705-2.md data1705-3.md data1705-4.md data1705-stdout.1 data1706-1.md data1706-2.md data1706-3.md data1706-4.md data1706-stdout.txt data320.html test1 test10 test100 test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 test1008 test1009 test101 test1010 test1011 test1012 test1013 test1014 test1015 test1016 test1017 test1018 test1019 test102 test1020 test1021 test1022 test1023 test1024 test1025 test1026 test1027 test1028 test1029 test103 test1030 test1031 test1032 test1033 test1034 test1035 test1036 test1037 test1038 test1039 test104 test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 test1048 test1049 test105 test1050 test1051 test1052 test1053 test1054 test1055 test1056 test1057 test1058 test1059 test106 test1060 test1061 test1062 test1063 test1064 test1065 test1066 test1067 test1068 test1069 test107 test1070 test1071 test1072 test1073 test1074 test1075 test1076 test1077 test1078 test1079 test108 test1080 test1081 test1082 test1083 test1084 test1085 test1086 test1087 test1088 test1089 test109 test1090 test1091 test1092 test1093 test1094 test1095 test1096 test1097 test1098 test1099 test11 test110 test1100 test1101 test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 test111 test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 test1118 test1119 test112 test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 test1128 test1129 test113 test1130 test1131 test1132 test1133 test1134 test1135 test1136 test1137 test1138 test1139 test114 test1140 test1141 test1142 test1143 test1144 test1145 test1146 test1147 test1148 test1149 test115 test1150 test1151 test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 test116 test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 test1168 test1169 test117 test1170 test1171 test1172 test1173 test1174 test1175 test1176 test1177 test1178 test1179 test118 test1180 test1181 test1182 test1183 test1184 test1185 test1186 test1187 test1188 test1189 test119 test1190 test1191 test1192 test1193 test1194 test1195 test1196 test1197 test1198 test1199 test12 test120 test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 test1208 test1209 test121 test1210 test1211 test1212 test1213 test1214 test1215 test1216 test1217 test1218 test1219 test122 test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 test1228 test1229 test123 test1230 test1231 test1232 test1233 test1234 test1235 test1236 test1237 test1238 test1239 test124 test1240 test1241 test1242 test1243 test1244 test1245 test1246 test1247 test1248 test1249 test125 test1250 test1251 test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 test126 test1260 test1261 test1262 test1263 test1264 test1265 test1266 test1267 test1268 test1269 test127 test1270 test1271 test1272 test1273 test1274 test1275 test1276 test1277 test1278 test1279 test128 test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 test1288 test1289 test129 test1290 test1291 test1292 test1293 test1294 test1295 test1296 test1297 test1298 test1299 test13 test130 test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 test1309 test131 test1310 test1311 test1312 test1313 test1314 test1315 test1316 test1317 test1318 test1319 test132 test1320 test1321 test1322 test1323 test1324 test1325 test1326 test1327 test1328 test1329 test133 test1330 test1331 test1332 test1333 test1334 test1335 test1336 test1337 test1338 test1339 test134 test1340 test1341 test1342 test1343 test1344 test1345 test1346 test1347 test1348 test1349 test135 test1350 test1351 test1352 test1353 test1354 test1355 test1356 test1357 test1358 test1359 test136 test1360 test1361 test1362 test1363 test1364 test1365 test1366 test1367 test1368 test1369 test137 test1370 test1371 test1372 test1373 test1374 test1375 test1376 test1377 test1378 test1379 test138 test1380 test1381 test1382 test1383 test1384 test1385 test1386 test1387 test1388 test1389 test139 test1390 test1391 test1392 test1393 test1394 test1395 test1396 test1397 test1398 test1399 test14 test140 test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 test1408 test1409 test141 test1410 test1411 test1412 test1413 test1414 test1415 test1416 test1417 test1418 test1419 test142 test1420 test1421 test1422 test1423 test1424 test1425 test1426 test1427 test1428 test1429 test143 test1430 test1431 test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 test144 test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 test1448 test1449 test145 test1450 test1451 test1452 test1453 test1454 test1455 test1456 test1457 test1458 test1459 test146 test1460 test1461 test1462 test1463 test1464 test1465 test1466 test1467 test1468 test1469 test147 test1470 test1471 test1472 test1473 test1474 test1475 test1476 test1477 test1478 test1479 test148 test1480 test1481 test1482 test1483 test1484 test1485 test1486 test1487 test1488 test1489 test149 test1490 test1491 test1492 test1493 test1494 test1495 test1496 test1497 test1498 test1499 test15 test150 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 test1508 test1509 test151 test1510 test1511 test1512 test1513 test1514 test1515 test1516 test1517 test1518 test1519 test152 test1520 test1521 test1522 test1523 test1524 test1525 test1526 test1527 test1528 test1529 test153 test1530 test1531 test1532 test1533 test1534 test1535 test1536 test1537 test1538 test1539 test154 test1540 test1541 test1542 test1543 test1544 test1545 test1546 test1547 test1548 test1549 test155 test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 test1558 test1559 test156 test1560 test1561 test1562 test1563 test1564 test1565 test1566 test1567 test1568 test1569 test157 test1570 test1571 test1572 test1573 test1574 test1575 test1576 test1577 test1578 test1579 test158 test1580 test1581 test1582 test1583 test1584 test1585 test1586 test1587 test1588 test1589 test159 test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 test1598 test1599 test16 test160 test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 test1608 test1609 test161 test1610 test1611 test1612 test1613 test1614 test1615 test1616 test1617 test1618 test1619 test162 test1620 test1621 test1622 test1623 test1624 test1625 test1626 test1627 test1628 test1629 test163 test1630 test1631 test1632 test1633 test1634 test1635 test1636 test1637 test1638 test1639 test164 test1640 test1641 test1642 test1643 test1644 test1645 test165 test1650 test1651 test1652 test1653 test1654 test1655 test1656 test1657 test1658 test1659 test166 test1660 test1661 test1662 test1663 test1664 test1665 test1666 test1667 test1668 test1669 test167 test1670 test1671 test1672 test1673 test1674 test1675 test1676 test168 test1680 test1681 test1682 test1683 test1684 test1685 test169 test17 test170 test1700 test1701 test1702 test1703 test1704 test1705 test1706 test1707 test1708 test1709 test171 test1710 test1711 test1712 test1713 test1714 test1715 test172 test1720 test1721 test173 test174 test175 test176 test177 test178 test179 test18 test180 test1800 test1801 test1802 test181 test182 test183 test184 test1847 test1848 test1849 test185 test1850 test1851 test186 test187 test188 test189 test19 test190 test1900 test1901 test1902 test1903 test1904 test1905 test1906 test1907 test1908 test1909 test191 test1910 test1911 test1912 test1913 test1914 test1915 test1916 test1917 test1918 test1919 test192 test1920 test1921 test193 test1933 test1934 test1935 test1936 test1937 test1938 test1939 test194 test1940 test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 test195 test1955 test1956 test1957 test1958 test1959 test196 test1960 test1964 test1965 test1966 test197 test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 test1978 test1979 test198 test1980 test1981 test1982 test1983 test1984 test199 test2 test20 test200 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 test2008 test2009 test201 test2010 test2011 test2012 test2013 test2014 test202 test2023 test2024 test2025 test2026 test2027 test2028 test2029 test203 test2030 test2031 test2032 test2033 test2034 test2035 test2037 test2038 test2039 test204 test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 test2048 test2049 test205 test2050 test2051 test2052 test2053 test2054 test2055 test2056 test2057 test2058 test2059 test206 test2060 test2061 test2062 test2063 test2064 test2065 test2066 test2067 test2068 test2069 test207 test2070 test2071 test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 test208 test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 test2088 test2089 test209 test2090 test2091 test2092 test21 test210 test2100 test2101 test2102 test2103 test2104 test211 test212 test213 test214 test215 test216 test217 test218 test219 test22 test220 test2200 test2201 test2202 test2203 test2204 test2205 test2206 test2207 test221 test222 test223 test224 test225 test226 test227 test228 test229 test23 test230 test2300 test2301 test2302 test2303 test2304 test2306 test2307 test2308 test2309 test231 test232 test233 test234 test235 test236 test237 test238 test239 test24 test240 test2400 test2401 test2402 test2403 test2404 test2405 test2406 test2407 test2408 test2409 test241 test2410 test2411 test242 test243 test244 test245 test246 test247 test248 test249 test25 test250 test2500 test2501 test2502 test2503 test2504 test2505 test2506 test251 test252 test253 test254 test255 test256 test257 test258 test259 test26 test260 test2600 test2601 test2602 test2603 test2604 test2605 test261 test262 test263 test264 test265 test266 test267 test268 test269 test27 test270 test2700 test2701 test2702 test2703 test2704 test2705 test2706 test2707 test2708 test2709 test271 test2710 test2711 test2712 test2713 test2714 test2715 test2716 test2717 test2718 test2719 test272 test2720 test2721 test2722 test2723 test273 test274 test275 test276 test277 test278 test279 test28 test280 test281 test282 test283 test284 test285 test286 test287 test288 test289 test29 test290 test291 test292 test293 test294 test295 test296 test297 test298 test299 test3 test30 test300 test3000 test3001 test3002 test3003 test3004 test3005 test3006 test3007 test3008 test3009 test301 test3010 test3011 test3012 test3013 test3014 test3015 test3016 test3017 test3018 test3019 test302 test3020 test3021 test3022 test3023 test3024 test3025 test3026 test3027 test3028 test3029 test303 test3030 test3031 test3032 test3033 test3034 test3035 test3036 test304 test305 test306 test307 test308 test309 test31 test310 test3100 test3101 test3102 test3103 test3104 test3105 test3106 test311 test312 test313 test314 test315 test316 test317 test318 test319 test32 test320 test3200 test3201 test3202 test3203 test3204 test3205 test3206 test3207 test3208 test3209 test321 test3210 test3211 test3212 test3213 test3214 test3215 test3216 test3217 test3218 test3219 test322 test3220 test323 test324 test325 test326 test327 test328 test329 test33 test330 test3300 test3301 test3302 test331 test332 test333 test334 test335 test336 test337 test338 test339 test34 test340 test341 test342 test343 test344 test345 test346 test347 test348 test349 test35 test350 test351 test352 test353 test354 test355 test356 test357 test358 test359 test36 test360 test361 test362 test363 test364 test365 test366 test367 test368 test369 test37 test370 test371 test372 test373 test374 test375 test376 test378 test379 test38 test380 test381 test383 test384 test385 test386 test387 test388 test389 test39 test390 test391 test392 test393 test394 test395 test396 test397 test398 test399 test4 test40 test400 test4000 test4001 test401 test402 test403 test404 test405 test406 test407 test408 test409 test41 test410 test411 test412 test413 test414 test415 test416 test417 test418 test419 test42 test420 test421 test422 test423 test424 test425 test426 test427 test428 test429 test43 test430 test431 test432 test433 test434 test435 test436 test437 test438 test439 test44 test440 test441 test442 test443 test444 test445 test446 test447 test448 test449 test45 test450 test451 test452 test453 test454 test455 test456 test457 test458 test459 test46 test460 test461 test462 test463 test467 test468 test469 test47 test470 test471 test472 test473 test474 test475 test476 test477 test478 test479 test48 test480 test481 test482 test483 test484 test485 test486 test487 test488 test489 test49 test490 test491 test492 test493 test494 test495 test496 test497 test498 test499 test5 test50 test500 test501 test502 test503 test504 test505 test506 test507 test508 test509 test51 test510 test511 test512 test513 test514 test515 test516 test517 test518 test519 test52 test520 test521 test522 test523 test524 test525 test526 test527 test528 test529 test53 test530 test531 test532 test533 test534 test535 test536 test537 test538 test539 test54 test540 test541 test542 test543 test544 test545 test546 test547 test548 test549 test55 test550 test551 test552 test553 test554 test555 test556 test557 test558 test559 test56 test560 test561 test562 test563 test564 test565 test566 test567 test568 test569 test57 test570 test571 test572 test573 test574 test575 test576 test577 test578 test579 test58 test580 test581 test582 test583 test584 test585 test586 test587 test588 test589 test59 test590 test591 test592 test593 test594 test595 test596 test597 test598 test599 test6 test60 test600 test601 test602 test603 test604 test605 test606 test607 test608 test609 test61 test610 test611 test612 test613 test614 test615 test616 test617 test618 test619 test62 test620 test621 test622 test623 test624 test625 test626 test627 test628 test629 test63 test630 test631 test632 test633 test634 test635 test636 test637 test638 test639 test64 test640 test641 test642 test643 test644 test645 test646 test647 test648 test649 test65 test650 test651 test652 test653 test654 test655 test656 test658 test659 test66 test660 test661 test662 test663 test664 test665 test666 test667 test668 test669 test67 test670 test671 test672 test673 test674 test675 test676 test677 test678 test679 test68 test680 test681 test682 test683 test684 test685 test686 test687 test688 test689 test69 test690 test691 test692 test693 test694 test695 test696 test697 test698 test699 test7 test70 test700 test701 test702 test703 test704 test705 test706 test707 test708 test709 test71 test710 test711 test712 test713 test714 test715 test716 test717 test718 test719 test72 test720 test721 test722 test723 test724 test725 test726 test727 test728 test729 test73 test730 test731 test732 test733 test734 test735 test736 test737 test738 test739 test74 test740 test741 test742 test743 test744 test745 test746 test747 test748 test749 test75 test750 test751 test752 test753 test754 test755 test756 test757 test758 test759 test76 test760 test761 test762 test763 test764 test765 test766 test767 test768 test769 test77 test770 test771 test772 test773 test774 test775 test776 test777 test778 test779 test78 test780 test781 test782 test783 test784 test785 test786 test787 test788 test789 test79 test790 test791 test792 test793 test794 test795 test796 test797 test798 test799 test8 test80 test800 test801 test802 test803 test804 test805 test806 test807 test808 test809 test81 test810 test811 test812 test813 test814 test815 test816 test817 test818 test819 test82 test820 test821 test822 test823 test824 test825 test826 test827 test828 test829 test83 test830 test831 test832 test833 test834 test835 test836 test837 test838 test839 test84 test840 test841 test842 test843 test844 test845 test846 test847 test848 test849 test85 test850 test851 test852 test853 test854 test855 test856 test857 test858 test859 test86 test860 test861 test862 test863 test864 test865 test866 test867 test868 test869 test87 test870 test871 test872 test873 test874 test875 test876 test877 test878 test879 test88 test880 test881 test882 test883 test884 test885 test886 test887 test888 test889 test89 test890 test891 test892 test893 test894 test895 test896 test897 test898 test899 test9 test90 test900 test901 test902 test903 test904 test905 test906 test907 test908 test909 test91 test910 test911 test912 test913 test914 test915 test916 test917 test918 test919 test92 test920 test921 test922 test923 test924 test925 test926 test927 test928 test929 test93 test930 test931 test932 test933 test934 test935 test936 test937 test938 test939 test94 test940 test941 test942 test943 test944 test945 test946 test947 test948 test949 test95 test950 test951 test952 test953 test954 test955 test956 test957 test958 test959 test96 test960 test961 test962 test963 test964 test965 test966 test967 test968 test969 test97 test970 test971 test972 test973 test974 test975 test976 test977 test978 test979 test98 test980 test981 test982 test983 test984 test985 test986 test987 test988 test989 test99 test990 test991 test992 test993 test994 test995 test996 test997 test998 test999http
testenv
__init__.py caddy.py certs.py client.py curl.py dante.py dnsd.py env.py httpd.py nghttpx.py ports.py sshd.py vsftpd.py ws_echo_server.pylibtest
.gitignore CMakeLists.txt Makefile.am Makefile.inc cli_ftp_upload.c cli_h2_pausing.c cli_h2_serverpush.c cli_h2_upgrade_extreme.c cli_hx_download.c cli_hx_upload.c cli_tls_session_reuse.c cli_upload_pausing.c cli_ws_data.c cli_ws_pingpong.c first.c first.h lib1156.c lib1301.c lib1308.c lib1485.c lib1500.c lib1501.c lib1502.c lib1506.c lib1507.c lib1508.c lib1509.c lib1510.c lib1511.c lib1512.c lib1513.c lib1514.c lib1515.c lib1517.c lib1518.c lib1520.c lib1522.c lib1523.c lib1525.c lib1526.c lib1527.c lib1528.c lib1529.c lib1530.c lib1531.c lib1532.c lib1533.c lib1534.c lib1535.c lib1536.c lib1537.c lib1538.c lib1540.c lib1541.c lib1542.c lib1545.c lib1549.c lib1550.c lib1551.c lib1552.c lib1553.c lib1554.c lib1555.c lib1556.c lib1557.c lib1558.c lib1559.c lib1560.c lib1564.c lib1565.c lib1567.c lib1568.c lib1569.c lib1571.c lib1576.c lib1582.c lib1587.c lib1588.c lib1589.c lib1591.c lib1592.c lib1593.c lib1594.c lib1597.c lib1598.c lib1599.c lib1662.c lib1900.c lib1901.c lib1902.c lib1903.c lib1905.c lib1906.c lib1907.c lib1908.c lib1910.c lib1911.c lib1912.c lib1913.c lib1915.c lib1916.c lib1918.c lib1919.c lib1920.c lib1921.c lib1933.c lib1934.c lib1935.c lib1936.c lib1937.c lib1938.c lib1939.c lib1940.c lib1945.c lib1947.c lib1948.c lib1955.c lib1956.c lib1957.c lib1958.c lib1959.c lib1960.c lib1964.c lib1965.c lib1970.c lib1971.c lib1972.c lib1973.c lib1974.c lib1975.c lib1977.c lib1978.c lib2023.c lib2032.c lib2082.c lib2301.c lib2302.c lib2304.c lib2306.c lib2308.c lib2309.c lib2402.c lib2404.c lib2405.c lib2502.c lib2504.c lib2505.c lib2506.c lib2700.c lib3010.c lib3025.c lib3026.c lib3027.c lib3033.c lib3034.c lib3100.c lib3101.c lib3102.c lib3103.c lib3104.c lib3105.c lib3207.c lib3208.c lib500.c lib501.c lib502.c lib503.c lib504.c lib505.c lib506.c lib507.c lib508.c lib509.c lib510.c lib511.c lib512.c lib513.c lib514.c lib515.c lib516.c lib517.c lib518.c lib519.c lib520.c lib521.c lib523.c lib524.c lib525.c lib526.c lib530.c lib533.c lib536.c lib537.c lib539.c lib540.c lib541.c lib542.c lib543.c lib544.c lib547.c lib549.c lib552.c lib553.c lib554.c lib555.c lib556.c lib557.c lib558.c lib559.c lib560.c lib562.c lib564.c lib566.c lib567.c lib568.c lib569.c lib570.c lib571.c lib572.c lib573.c lib574.c lib575.c lib576.c lib578.c lib579.c lib582.c lib583.c lib586.c lib589.c lib590.c lib591.c lib597.c lib598.c lib599.c lib643.c lib650.c lib651.c lib652.c lib653.c lib654.c lib655.c lib658.c lib659.c lib661.c lib666.c lib667.c lib668.c lib670.c lib674.c lib676.c lib677.c lib678.c lib694.c lib695.c lib751.c lib753.c lib757.c lib758.c lib766.c memptr.c mk-lib1521.pl test1013.pl test1022.pl test307.pl test610.pl test613.pl testtrace.c testtrace.h testutil.c testutil.h unitcheck.hserver
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc dnsd.c first.c first.h getpart.c mqttd.c resolve.c rtspd.c sockfilt.c socksd.c sws.c tftpd.c util.ctunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md tool1394.c tool1604.c tool1621.c tool1622.c tool1623.c tool1720.cunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md unit1300.c unit1302.c unit1303.c unit1304.c unit1305.c unit1307.c unit1309.c unit1323.c unit1330.c unit1395.c unit1396.c unit1397.c unit1398.c unit1399.c unit1600.c unit1601.c unit1602.c unit1603.c unit1605.c unit1606.c unit1607.c unit1608.c unit1609.c unit1610.c unit1611.c unit1612.c unit1614.c unit1615.c unit1616.c unit1620.c unit1625.c unit1626.c unit1627.c unit1636.c unit1650.c unit1651.c unit1652.c unit1653.c unit1654.c unit1655.c unit1656.c unit1657.c unit1658.c unit1660.c unit1661.c unit1663.c unit1664.c unit1666.c unit1667.c unit1668.c unit1669.c unit1674.c unit1675.c unit1676.c unit1979.c unit1980.c unit2600.c unit2601.c unit2602.c unit2603.c unit2604.c unit2605.c unit3200.c unit3205.c unit3211.c unit3212.c unit3213.c unit3214.c unit3216.c unit3219.c unit3300.c unit3301.c unit3302.cexamples
.env config.ini crypto_test.lua env_test.lua fs_example.lua http_server.lua https_test.lua ini_example.lua json.lua log.lua path_fs_example.lua process_example.lua request_download.lua request_test.lua run_all.lua sqlite_example.lua sqlite_http_template.lua stash_test.lua template_test.lua timer.lua websocket.luainiparser
example
iniexample.c iniwrite.c parse.c twisted-errors.ini twisted-genhuge.py twisted-ofkey.ini twisted-ofval.ini twisted.initest
CMakeLists.txt test_dictionary.c test_iniparser.c unity-config.yml unity_config.hjinjac
libjinjac
src
CMakeLists.txt ast.c ast.h block_statement.c block_statement.h buffer.c buffer.h buildin.c buildin.h common.h convert.c convert.h flex_decl.h jfunction.c jfunction.h jinja_expression.l jinja_expression.y jinjac_parse.c jinjac_parse.h jinjac_stream.c jinjac_stream.h jlist.c jlist.h jobject.c jobject.h parameter.c parameter.h str_obj.c str_obj.h trace.c trace.htest
.gitignore CMakeLists.txt autotest.rb test_01.expected test_01.jinja test_01b.expected test_01b.jinja test_01c.expected test_01c.jinja test_01d.expected test_01d.jinja test_02.expected test_02.jinja test_03.expected test_03.jinja test_04.expected test_04.jinja test_05.expected test_05.jinja test_06.expected test_06.jinja test_07.expected test_07.jinja test_08.expected test_08.jinja test_08b.expected test_08b.jinja test_09.expected test_09.jinja test_10.expected test_10.jinja test_11.expected test_11.jinja test_12.expected test_12.jinja test_13.expected test_13.jinja test_14.expected test_14.jinja test_15.expected test_15.jinja test_16.expected test_16.jinja test_17.expected test_17.jinja test_18.expected test_18.jinja test_18b.expected test_18b.jinja test_18c.expected test_18c.jinja test_19.expected test_19.jinja test_19b.expected test_19b.jinja test_19c.expected test_19c.jinja test_19d.expected test_19d.jinja test_19e.expected test_19e.jinja test_19f.expected test_19f.jinja test_20.expected test_20.jinja test_21.expected test_21.jinja test_22.expected test_22.jinja test_22a.expected test_22a.jinja test_22b.expected test_22b.jinja test_23.expected test_23.jinja test_24.expected test_24.jinjalibev
Changes LICENSE Makefile Makefile.am Makefile.in README Symbols.ev Symbols.event aclocal.m4 autogen.sh compile config.guess config.h config.h.in config.status config.sub configure configure.ac depcomp ev++.h ev.3 ev.c ev.h ev.pod ev_epoll.c ev_kqueue.c ev_poll.c ev_port.c ev_select.c ev_vars.h ev_win32.c ev_wrap.h event.c event.h install-sh libev.m4 libtool ltmain.sh missing mkinstalldirs stamp-h1luajit
doc
bluequad-print.css bluequad.css contact.html ext_buffer.html ext_c_api.html ext_ffi.html ext_ffi_api.html ext_ffi_semantics.html ext_ffi_tutorial.html ext_jit.html ext_profiler.html extensions.html install.html luajit.html running.html
dynasm
dasm_arm.h dasm_arm.lua dasm_arm64.h dasm_arm64.lua dasm_mips.h dasm_mips.lua dasm_mips64.lua dasm_ppc.h dasm_ppc.lua dasm_proto.h dasm_x64.lua dasm_x86.h dasm_x86.lua dynasm.luasrc
host
.gitignore README buildvm.c buildvm.h buildvm_asm.c buildvm_fold.c buildvm_lib.c buildvm_libbc.h buildvm_peobj.c genlibbc.lua genminilua.lua genversion.lua minilua.cjit
.gitignore bc.lua bcsave.lua dis_arm.lua dis_arm64.lua dis_arm64be.lua dis_mips.lua dis_mips64.lua dis_mips64el.lua dis_mips64r6.lua dis_mips64r6el.lua dis_mipsel.lua dis_ppc.lua dis_x64.lua dis_x86.lua dump.lua p.lua v.lua zone.luawolfssl
.github
workflows
ada.yml arduino.yml async-examples.yml async.yml atecc608-sim.yml bind.yml cmake-autoconf.yml cmake.yml codespell.yml coverity-scan-fixes.yml cryptocb-only.yml curl.yml cyrus-sasl.yml disable-pk-algs.yml docker-Espressif.yml docker-OpenWrt.yml emnet-nonblock.yml fil-c.yml freertos-mem-track.yml gencertbuf.yml grpc.yml haproxy.yml hostap-vm.yml intelasm-c-fallback.yml ipmitool.yml jwt-cpp.yml krb5.yml libspdm.yml libssh2.yml libvncserver.yml linuxkm.yml macos-apple-native-cert-validation.yml mbedtls.sh mbedtls.yml membrowse-comment.yml membrowse-onboard.yml membrowse-report.yml memcached.sh memcached.yml mono.yml mosquitto.yml msmtp.yml msys2.yml multi-arch.yml multi-compiler.yml net-snmp.yml nginx.yml no-malloc.yml no-tls.yml nss.sh nss.yml ntp.yml ocsp.yml openldap.yml openssh.yml openssl-ech.yml opensslcoexist.yml openvpn.yml os-check.yml packaging.yml pam-ipmi.yml pq-all.yml pr-commit-check.yml psk.yml puf.yml python.yml rng-tools.yml rust-wrapper.yml se050-sim.yml smallStackSize.yml socat.yml softhsm.yml sssd.yml stm32-sim.yml stsafe-a120-sim.yml stunnel.yml symbol-prefixes.yml threadx.yml tls-anvil.yml trackmemory.yml watcomc.yml win-csharp-test.yml wolfCrypt-Wconversion.yml wolfboot-integration.yml wolfsm.yml xcode.yml zephyr-4.x.yml zephyr.ymlIDE
ARDUINO
Arduino_README_prepend.md README.md include.am keywords.txt library.properties.template wolfssl-arduino.cpp wolfssl-arduino.sh wolfssl.hECLIPSE
Espressif
ESP-IDF
examples
template
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp8266wolfssl_benchmark
VisualGDB
wolfssl_benchmark_IDF_v4.4_ESP32.sln wolfssl_benchmark_IDF_v4.4_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32.sln wolfssl_benchmark_IDF_v5_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32C3.sln wolfssl_benchmark_IDF_v5_ESP32C3.vgdbproj wolfssl_benchmark_IDF_v5_ESP32S3.sln wolfssl_benchmark_IDF_v5_ESP32S3.vgdbprojwolfssl_client
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_client_ESP8266.vgdbprojwolfssl_server
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_server_ESP8266.vgdbprojwolfssl_test
VisualGDB
wolfssl_test-IDF_v5_ESP32.sln wolfssl_test-IDF_v5_ESP32.vgdbproj wolfssl_test-IDF_v5_ESP32C3.sln wolfssl_test-IDF_v5_ESP32C3.vgdbproj wolfssl_test-IDF_v5_ESP32C6.sln wolfssl_test-IDF_v5_ESP32C6.vgdbproj wolfssl_test_IDF_v5_ESP32S3.sln wolfssl_test_IDF_v5_ESP32S3.vgdbprojGCC-ARM
Makefile Makefile.bench Makefile.client Makefile.common Makefile.server Makefile.static Makefile.test README.md include.am linker.ld linker_fips.ldIAR-EWARM
embOS
SAMV71_XULT
embOS_SAMV71_XULT_user_settings
user_settings.h user_settings_simple_example.h user_settings_verbose_example.hembOS_wolfcrypt_benchmark_SAMV71_XULT
README_wolfcrypt_benchmark wolfcrypt_benchmark.ewd wolfcrypt_benchmark.ewpINTIME-RTOS
Makefile README.md include.am libwolfssl.c libwolfssl.vcxproj user_settings.h wolfExamples.c wolfExamples.h wolfExamples.sln wolfExamples.vcxproj wolfssl-lib.sln wolfssl-lib.vcxprojMQX
Makefile README-jp.md README.md client-tls.c include.am server-tls.c user_config.h user_settings.hMSVS-2019-AZSPHERE
wolfssl_new_azsphere
.gitignore CMakeLists.txt CMakeSettings.json app_manifest.json applibs_versions.h launch.vs.json main.cNETOS
Makefile.wolfcrypt.inc README.md include.am user_settings.h user_settings.h-cert2425 user_settings.h-cert3389 wolfssl_netos_custom.cPlatformIO
examples
wolfssl_benchmark
CMakeLists.txt README.md platformio.ini sdkconfig.defaults wolfssl_benchmark.code-workspaceROWLEY-CROSSWORKS-ARM
Kinetis_FlashPlacement.xml README.md arm_startup.c benchmark_main.c hw.h include.am kinetis_hw.c retarget.c test_main.c user_settings.h wolfssl.hzp wolfssl_ltc.hzpRenesas
e2studio
RA6M3
README.md README_APRA6M_en.md README_APRA6M_jp.md include.amRX72N
EnvisionKit
Simple
README_EN.md README_JP.mdwolfssl_demo
key_data.c key_data.h user_settings.h wolfssl_demo.c wolfssl_demo.h wolfssl_tsip_unit_test.cSTM32Cube
README.md STM32_Benchmarks.md default_conf.ftl include.am main.c wolfssl_example.c wolfssl_example.hWIN
README.txt include.am test.vcxproj user_settings.h user_settings_dtls.h wolfssl-fips.sln wolfssl-fips.vcxprojWIN-SRTP-KDF-140-3
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojWIN10
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojXCODE
Benchmark
include.amXilinxSDK
README.md bench.sh combine.sh eclipse_formatter_profile.xml graph.sh include.am user_settings.h wolfssl_example.capple-universal
wolfssl-multiplatform
iotsafe
Makefile README.md ca-cert.c devices.c devices.h include.am main.c memory-tls.c startup.c target.ld user_settings.hmynewt
README.md apps.wolfcrypttest.pkg.yml crypto.wolfssl.pkg.yml crypto.wolfssl.syscfg.yml include.am setup.shcerts
1024
ca-cert.der ca-cert.pem ca-key.der ca-key.pem client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der dh1024.der dh1024.pem dsa-pub-1024.pem dsa1024.der dsa1024.pem include.am rsa1024.der server-cert.der server-cert.pem server-key.der server-key.pemcrl
extra-crls
ca-int-cert-revoked.pem claim-root.pem crl_critical_entry.pem crlnum_57oct.pem crlnum_64oct.pem general-server-crl.pem large_crlnum.pem large_crlnum2.pemdilithium
bench_dilithium_level2_key.der bench_dilithium_level3_key.der bench_dilithium_level5_key.der include.amecc
bp256r1-key.der bp256r1-key.pem ca-secp256k1-cert.pem ca-secp256k1-key.pem client-bp256r1-cert.der client-bp256r1-cert.pem client-secp256k1-cert.der client-secp256k1-cert.pem genecc.sh include.am secp256k1-key.der secp256k1-key.pem secp256k1-param.pem secp256k1-privkey.der secp256k1-privkey.pem server-bp256r1-cert.der server-bp256r1-cert.pem server-secp256k1-cert.der server-secp256k1-cert.pem server2-secp256k1-cert.der server2-secp256k1-cert.pem wolfssl.cnf wolfssl_384.cnfed25519
ca-ed25519-key.der ca-ed25519-key.pem ca-ed25519-priv.der ca-ed25519-priv.pem ca-ed25519.der ca-ed25519.pem client-ed25519-key.der client-ed25519-key.pem client-ed25519-priv.der client-ed25519-priv.pem client-ed25519.der client-ed25519.pem eddsa-ed25519.der eddsa-ed25519.pem gen-ed25519-certs.sh gen-ed25519-keys.sh gen-ed25519.sh include.am root-ed25519-key.der root-ed25519-key.pem root-ed25519-priv.der root-ed25519-priv.pem root-ed25519.der root-ed25519.pem server-ed25519-cert.pem server-ed25519-key.der server-ed25519-key.pem server-ed25519-priv.der server-ed25519-priv.pem server-ed25519.der server-ed25519.pemed448
ca-ed448-key.der ca-ed448-key.pem ca-ed448-priv.der ca-ed448-priv.pem ca-ed448.der ca-ed448.pem client-ed448-key.der client-ed448-key.pem client-ed448-priv.der client-ed448-priv.pem client-ed448.der client-ed448.pem gen-ed448-certs.sh gen-ed448-keys.sh include.am root-ed448-key.der root-ed448-key.pem root-ed448-priv.der root-ed448-priv.pem root-ed448.der root-ed448.pem server-ed448-cert.pem server-ed448-key.der server-ed448-key.pem server-ed448-priv.der server-ed448-priv.pem server-ed448.der server-ed448.pemexternal
DigiCertGlobalRootCA.pem README.txt ca-digicert-ev.pem ca-globalsign-root.pem ca-google-root.pem ca_collection.pem include.amintermediate
ca_false_intermediate
gentestcert.sh int_ca.key server.key test_ca.key test_ca.pem test_int_not_cacert.pem test_sign_bynoca_srv.pem wolfssl_base.conf wolfssl_srv.conflms
bc_hss_L2_H5_W8_root.der bc_hss_L3_H5_W4_root.der bc_lms_chain_ca.der bc_lms_chain_leaf.der bc_lms_native_bc_root.der bc_lms_sha256_h10_w8_root.der bc_lms_sha256_h5_w4_root.der include.ammldsa
README.txt include.am mldsa44-cert.der mldsa44-cert.pem mldsa44-key.pem mldsa44_bare-priv.der mldsa44_bare-seed.der mldsa44_oqskeypair.der mldsa44_priv-only.der mldsa44_pub-spki.der mldsa44_seed-only.der mldsa44_seed-priv.der mldsa65-cert.der mldsa65-cert.pem mldsa65-key.pem mldsa65_bare-priv.der mldsa65_bare-seed.der mldsa65_oqskeypair.der mldsa65_priv-only.der mldsa65_pub-spki.der mldsa65_seed-only.der mldsa65_seed-priv.der mldsa87-cert.der mldsa87-cert.pem mldsa87-key.pem mldsa87_bare-priv.der mldsa87_bare-seed.der mldsa87_oqskeypair.der mldsa87_priv-only.der mldsa87_pub-spki.der mldsa87_seed-only.der mldsa87_seed-priv.derocsp
imposter-root-ca-cert.der imposter-root-ca-cert.pem imposter-root-ca-key.der imposter-root-ca-key.pem include.am index-ca-and-intermediate-cas.txt index-ca-and-intermediate-cas.txt.attr index-intermediate1-ca-issued-certs.txt index-intermediate1-ca-issued-certs.txt.attr index-intermediate2-ca-issued-certs.txt index-intermediate2-ca-issued-certs.txt.attr index-intermediate3-ca-issued-certs.txt index-intermediate3-ca-issued-certs.txt.attr intermediate1-ca-cert.der intermediate1-ca-cert.pem intermediate1-ca-key.der intermediate1-ca-key.pem intermediate2-ca-cert.der intermediate2-ca-cert.pem intermediate2-ca-key.der intermediate2-ca-key.pem intermediate3-ca-cert.der intermediate3-ca-cert.pem intermediate3-ca-key.der intermediate3-ca-key.pem ocsp-responder-cert.der ocsp-responder-cert.pem ocsp-responder-key.der ocsp-responder-key.pem openssl.cnf renewcerts-for-test.sh renewcerts.sh root-ca-cert.der root-ca-cert.pem root-ca-crl.pem root-ca-key.der root-ca-key.pem server1-cert.der server1-cert.pem server1-chain-noroot.pem server1-key.der server1-key.pem server2-cert.der server2-cert.pem server2-key.der server2-key.pem server3-cert.der server3-cert.pem server3-key.der server3-key.pem server4-cert.der server4-cert.pem server4-key.der server4-key.pem server5-cert.der server5-cert.pem server5-key.der server5-key.pem test-leaf-response.der test-multi-response.der test-response-nointern.der test-response-rsapss.der test-response.derp521
ca-p521-key.der ca-p521-key.pem ca-p521-priv.der ca-p521-priv.pem ca-p521.der ca-p521.pem client-p521-key.der client-p521-key.pem client-p521-priv.der client-p521-priv.pem client-p521.der client-p521.pem gen-p521-certs.sh gen-p521-keys.sh include.am root-p521-key.der root-p521-key.pem root-p521-priv.der root-p521-priv.pem root-p521.der root-p521.pem server-p521-cert.pem server-p521-key.der server-p521-key.pem server-p521-priv.der server-p521-priv.pem server-p521.der server-p521.pemrpk
client-cert-rpk.der client-ecc-cert-rpk.der include.am server-cert-rpk.der server-ecc-cert-rpk.derrsapss
ca-3072-rsapss-key.der ca-3072-rsapss-key.pem ca-3072-rsapss-priv.der ca-3072-rsapss-priv.pem ca-3072-rsapss.der ca-3072-rsapss.pem ca-rsapss-key.der ca-rsapss-key.pem ca-rsapss-priv.der ca-rsapss-priv.pem ca-rsapss.der ca-rsapss.pem client-3072-rsapss-key.der client-3072-rsapss-key.pem client-3072-rsapss-priv.der client-3072-rsapss-priv.pem client-3072-rsapss.der client-3072-rsapss.pem client-rsapss-key.der client-rsapss-key.pem client-rsapss-priv.der client-rsapss-priv.pem client-rsapss.der client-rsapss.pem gen-rsapss-keys.sh include.am renew-rsapss-certs.sh root-3072-rsapss-key.der root-3072-rsapss-key.pem root-3072-rsapss-priv.der root-3072-rsapss-priv.pem root-3072-rsapss.der root-3072-rsapss.pem root-rsapss-key.der root-rsapss-key.pem root-rsapss-priv.der root-rsapss-priv.pem root-rsapss.der root-rsapss.pem server-3072-rsapss-cert.pem server-3072-rsapss-key.der server-3072-rsapss-key.pem server-3072-rsapss-priv.der server-3072-rsapss-priv.pem server-3072-rsapss.der server-3072-rsapss.pem server-mix-rsapss-cert.pem server-rsapss-cert.pem server-rsapss-key.der server-rsapss-key.pem server-rsapss-priv.der server-rsapss-priv.pem server-rsapss.der server-rsapss.pemslhdsa
bench_slhdsa_sha2_128f_key.der bench_slhdsa_sha2_128s_key.der bench_slhdsa_sha2_192f_key.der bench_slhdsa_sha2_192s_key.der bench_slhdsa_sha2_256f_key.der bench_slhdsa_sha2_256s_key.der bench_slhdsa_shake128f_key.der bench_slhdsa_shake128s_key.der bench_slhdsa_shake192f_key.der bench_slhdsa_shake192s_key.der bench_slhdsa_shake256f_key.der bench_slhdsa_shake256s_key.der client-mldsa44-priv.pem client-mldsa44-sha2.der client-mldsa44-sha2.pem client-mldsa44-shake.der client-mldsa44-shake.pem gen-slhdsa-mldsa-certs.sh include.am root-slhdsa-sha2-128s-priv.der root-slhdsa-sha2-128s-priv.pem root-slhdsa-sha2-128s.der root-slhdsa-sha2-128s.pem root-slhdsa-shake-128s-priv.der root-slhdsa-shake-128s-priv.pem root-slhdsa-shake-128s.der root-slhdsa-shake-128s.pem server-mldsa44-priv.pem server-mldsa44-sha2.der server-mldsa44-sha2.pem server-mldsa44-shake.der server-mldsa44-shake.pemsm2
ca-sm2-key.der ca-sm2-key.pem ca-sm2-priv.der ca-sm2-priv.pem ca-sm2.der ca-sm2.pem client-sm2-key.der client-sm2-key.pem client-sm2-priv.der client-sm2-priv.pem client-sm2.der client-sm2.pem fix_sm2_spki.py gen-sm2-certs.sh gen-sm2-keys.sh include.am root-sm2-key.der root-sm2-key.pem root-sm2-priv.der root-sm2-priv.pem root-sm2.der root-sm2.pem self-sm2-cert.pem self-sm2-key.pem self-sm2-priv.pem server-sm2-cert.der server-sm2-cert.pem server-sm2-key.der server-sm2-key.pem server-sm2-priv.der server-sm2-priv.pem server-sm2.der server-sm2.pemstatickeys
dh-ffdhe2048-params.pem dh-ffdhe2048-pub.der dh-ffdhe2048-pub.pem dh-ffdhe2048.der dh-ffdhe2048.pem ecc-secp256r1.der ecc-secp256r1.pem gen-static.sh include.am x25519-pub.der x25519-pub.pem x25519.der x25519.pemtest
catalog.txt cert-bad-neg-int.der cert-bad-oid.der cert-bad-utf8.der cert-ext-ia.cfg cert-ext-ia.der cert-ext-ia.pem cert-ext-joi.cfg cert-ext-joi.der cert-ext-joi.pem cert-ext-mnc.der cert-ext-multiple.cfg cert-ext-multiple.der cert-ext-multiple.pem cert-ext-nc-combined.der cert-ext-nc-combined.pem cert-ext-nc.cfg cert-ext-nc.der cert-ext-nc.pem cert-ext-ncdns.der cert-ext-ncdns.pem cert-ext-ncip.der cert-ext-ncip.pem cert-ext-ncmixed.der cert-ext-ncmulti.der cert-ext-ncmulti.pem cert-ext-ncrid.der cert-ext-ncrid.pem cert-ext-nct.cfg cert-ext-nct.der cert-ext-nct.pem cert-ext-ndir-exc.cfg cert-ext-ndir-exc.der cert-ext-ndir-exc.pem cert-ext-ndir.cfg cert-ext-ndir.der cert-ext-ndir.pem cert-ext-ns.der cert-over-max-altnames.cfg cert-over-max-altnames.der cert-over-max-altnames.pem cert-over-max-nc.cfg cert-over-max-nc.der cert-over-max-nc.pem client-ecc-cert-ski.hex cn-ip-literal.der cn-ip-wildcard.der crit-cert.pem crit-key.pem dh1024.der dh1024.pem dh512.der dh512.pem digsigku.pem encrypteddata.msg gen-badsig.sh gen-ext-certs.sh gen-testcerts.sh include.am kari-keyid-cms.msg ktri-keyid-cms.msg ossl-trusted-cert.pem server-badaltname.der server-badaltname.pem server-badaltnull.der server-badaltnull.pem server-badcn.der server-badcn.pem server-badcnnull.der server-badcnnull.pem server-cert-ecc-badsig.der server-cert-ecc-badsig.pem server-cert-rsa-badsig.der server-cert-rsa-badsig.pem server-duplicate-policy.pem server-garbage.der server-garbage.pem server-goodalt.der server-goodalt.pem server-goodaltwild.der server-goodaltwild.pem server-goodcn.der server-goodcn.pem server-goodcnwild.der server-goodcnwild.pem server-localhost.der server-localhost.pem smime-test-canon.p7s smime-test-multipart-badsig.p7s smime-test-multipart.p7s smime-test.p7stest-pathlen
assemble-chains.sh chainA-ICA1-key.pem chainA-ICA1-pathlen0.pem chainA-assembled.pem chainA-entity-key.pem chainA-entity.pem chainB-ICA1-key.pem chainB-ICA1-pathlen0.pem chainB-ICA2-key.pem chainB-ICA2-pathlen1.pem chainB-assembled.pem chainB-entity-key.pem chainB-entity.pem chainC-ICA1-key.pem chainC-ICA1-pathlen1.pem chainC-assembled.pem chainC-entity-key.pem chainC-entity.pem chainD-ICA1-key.pem chainD-ICA1-pathlen127.pem chainD-assembled.pem chainD-entity-key.pem chainD-entity.pem chainE-ICA1-key.pem chainE-ICA1-pathlen128.pem chainE-assembled.pem chainE-entity-key.pem chainE-entity.pem chainF-ICA1-key.pem chainF-ICA1-pathlen1.pem chainF-ICA2-key.pem chainF-ICA2-pathlen0.pem chainF-assembled.pem chainF-entity-key.pem chainF-entity.pem chainG-ICA1-key.pem chainG-ICA1-pathlen0.pem chainG-ICA2-key.pem chainG-ICA2-pathlen1.pem chainG-ICA3-key.pem chainG-ICA3-pathlen99.pem chainG-ICA4-key.pem chainG-ICA4-pathlen5.pem chainG-ICA5-key.pem chainG-ICA5-pathlen20.pem chainG-ICA6-key.pem chainG-ICA6-pathlen10.pem chainG-ICA7-key.pem chainG-ICA7-pathlen100.pem chainG-assembled.pem chainG-entity-key.pem chainG-entity.pem chainH-ICA1-key.pem chainH-ICA1-pathlen0.pem chainH-ICA2-key.pem chainH-ICA2-pathlen2.pem chainH-ICA3-key.pem chainH-ICA3-pathlen2.pem chainH-ICA4-key.pem chainH-ICA4-pathlen2.pem chainH-assembled.pem chainH-entity-key.pem chainH-entity.pem chainI-ICA1-key.pem chainI-ICA1-no_pathlen.pem chainI-ICA2-key.pem chainI-ICA2-no_pathlen.pem chainI-ICA3-key.pem chainI-ICA3-pathlen2.pem chainI-assembled.pem chainI-entity-key.pem chainI-entity.pem chainJ-ICA1-key.pem chainJ-ICA1-no_pathlen.pem chainJ-ICA2-key.pem chainJ-ICA2-no_pathlen.pem chainJ-ICA3-key.pem chainJ-ICA3-no_pathlen.pem chainJ-ICA4-key.pem chainJ-ICA4-pathlen2.pem chainJ-assembled.pem chainJ-entity-key.pem chainJ-entity.pem include.am refreshkeys.shtest-serial0
ee_normal.pem ee_serial0.pem generate_certs.sh include.am intermediate_serial0.pem root_serial0.pem root_serial0_key.pem selfsigned_nonca_serial0.pemxmss
bc_xmss_chain_ca.der bc_xmss_chain_leaf.der bc_xmss_sha2_10_256_root.der bc_xmss_sha2_16_256_root.der bc_xmssmt_sha2_20_2_256_root.der bc_xmssmt_sha2_20_4_256_root.der bc_xmssmt_sha2_40_8_256_root.der include.amcmake
Config.cmake.in README.md config.in functions.cmake include.am options.h.in wolfssl-config-version.cmake.in wolfssl-targets.cmake.indebian
changelog.in control.in copyright include.am libwolfssl-dev.install libwolfssl.install rules.indoc
dox_comments
header_files
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h puf.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wc_she.h wc_slhdsa.h wolfio.hheader_files-ja
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wolfio.h
examples
async
Makefile README.md async_client.c async_server.c async_tls.c async_tls.h include.am user_settings.hconfigs
README.md include.am user_settings_EBSnet.h user_settings_all.h user_settings_arduino.h user_settings_baremetal.h user_settings_ca.h user_settings_curve25519nonblock.h user_settings_dtls13.h user_settings_eccnonblock.h user_settings_espressif.h user_settings_fipsv2.h user_settings_fipsv5.h user_settings_min_ecc.h user_settings_openssl_compat.h user_settings_pkcs7.h user_settings_platformio.h user_settings_pq.h user_settings_rsa_only.h user_settings_stm32.h user_settings_template.h user_settings_tls12.h user_settings_tls13.h user_settings_wolfboot_keytools.h user_settings_wolfssh.h user_settings_wolftpm.hechoclient
echoclient.c echoclient.h echoclient.sln echoclient.vcproj echoclient.vcxproj include.am quitlinuxkm
Kbuild Makefile README.md get_thread_size.c include.am linuxkm-fips-hash-wrapper.sh linuxkm-fips-hash.c linuxkm_memory.c linuxkm_memory.h linuxkm_wc_port.h lkcapi_aes_glue.c lkcapi_dh_glue.c lkcapi_ecdh_glue.c lkcapi_ecdsa_glue.c lkcapi_glue.c lkcapi_rsa_glue.c lkcapi_sha_glue.c module_exports.c.template module_hooks.c pie_redirect_table.c wolfcrypt.lds x86_vector_register_glue.cm4
ax_add_am_macro.m4 ax_am_jobserver.m4 ax_am_macros.m4 ax_append_compile_flags.m4 ax_append_flag.m4 ax_append_link_flags.m4 ax_append_to_file.m4 ax_atomic.m4 ax_bsdkm.m4 ax_check_compile_flag.m4 ax_check_link_flag.m4 ax_compiler_version.m4 ax_count_cpus.m4 ax_create_generic_config.m4 ax_debug.m4 ax_file_escapes.m4 ax_harden_compiler_flags.m4 ax_linuxkm.m4 ax_print_to_file.m4 ax_pthread.m4 ax_require_defined.m4 ax_tls.m4 ax_vcs_checkout.m4 hexversion.m4 lib_socket_nsl.m4 visibility.m4mqx
wolfcrypt_benchmark
ReferencedRSESystems.xml wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfcrypt_test
ReferencedRSESystems.xml wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfssl_client
ReferencedRSESystems.xml wolfssl_client_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchscripts
aria-cmake-build-test.sh asn1_oid_sum.pl benchmark.test benchmark_compare.sh cleanup_testfiles.sh crl-gen-openssl.test crl-revoked.test dertoc.pl dtls.test dtlscid.test external.test google.test include.am makedistsmall.sh memtest.sh ocsp-responder-openssl-interop.test ocsp-stapling-with-ca-as-responder.test ocsp-stapling-with-wolfssl-responder.test ocsp-stapling.test ocsp-stapling2.test ocsp-stapling_tls13multi.test ocsp.test openssl.test openssl_srtp.test pem.test ping.test pkcallbacks.test psk.test resume.test rsapss.test sniffer-gen.sh sniffer-ipv6.pcap sniffer-static-rsa.pcap sniffer-testsuite.test sniffer-tls12-keylog.out sniffer-tls12-keylog.pcap sniffer-tls12-keylog.sslkeylog sniffer-tls13-dh-resume.pcap sniffer-tls13-dh.pcap sniffer-tls13-ecc-resume.pcap sniffer-tls13-ecc.pcap sniffer-tls13-hrr.pcap sniffer-tls13-keylog.out sniffer-tls13-keylog.pcap sniffer-tls13-keylog.sslkeylog sniffer-tls13-x25519-resume.pcap sniffer-tls13-x25519.pcap stm32l4-v4_0_1_build.sh tls13.test trusted_peer.test unit.test.in user_settings_asm.shsrc
bio.c conf.c crl.c dtls.c dtls13.c include.am internal.c keys.c ocsp.c pk.c pk_ec.c pk_rsa.c quic.c sniffer.c ssl.c ssl_api_cert.c ssl_api_crl_ocsp.c ssl_api_pk.c ssl_asn1.c ssl_bn.c ssl_certman.c ssl_crypto.c ssl_ech.c ssl_load.c ssl_misc.c ssl_p7p12.c ssl_sess.c ssl_sk.c tls.c tls13.c wolfio.c x509.c x509_str.ctests
api
api.h api_decl.h create_ocsp_test_blobs.py include.am test_aes.c test_aes.h test_arc4.c test_arc4.h test_ascon.c test_ascon.h test_ascon_kats.h test_asn.c test_asn.h test_blake2.c test_blake2.h test_camellia.c test_camellia.h test_certman.c test_certman.h test_chacha.c test_chacha.h test_chacha20_poly1305.c test_chacha20_poly1305.h test_cmac.c test_cmac.h test_curve25519.c test_curve25519.h test_curve448.c test_curve448.h test_des3.c test_des3.h test_dh.c test_dh.h test_digest.h test_dsa.c test_dsa.h test_dtls.c test_dtls.h test_ecc.c test_ecc.h test_ed25519.c test_ed25519.h test_ed448.c test_ed448.h test_evp.c test_evp.h test_evp_cipher.c test_evp_cipher.h test_evp_digest.c test_evp_digest.h test_evp_pkey.c test_evp_pkey.h test_hash.c test_hash.h test_hmac.c test_hmac.h test_md2.c test_md2.h test_md4.c test_md4.h test_md5.c test_md5.h test_mldsa.c test_mldsa.h test_mlkem.c test_mlkem.h test_ocsp.c test_ocsp.h test_ocsp_test_blobs.h test_ossl_asn1.c test_ossl_asn1.h test_ossl_bio.c test_ossl_bio.h test_ossl_bn.c test_ossl_bn.h test_ossl_cipher.c test_ossl_cipher.h test_ossl_dgst.c test_ossl_dgst.h test_ossl_dh.c test_ossl_dh.h test_ossl_dsa.c test_ossl_dsa.h test_ossl_ec.c test_ossl_ec.h test_ossl_ecx.c test_ossl_ecx.h test_ossl_mac.c test_ossl_mac.h test_ossl_obj.c test_ossl_obj.h test_ossl_p7p12.c test_ossl_p7p12.h test_ossl_pem.c test_ossl_pem.h test_ossl_rand.c test_ossl_rand.h test_ossl_rsa.c test_ossl_rsa.h test_ossl_sk.c test_ossl_sk.h test_ossl_x509.c test_ossl_x509.h test_ossl_x509_acert.c test_ossl_x509_acert.h test_ossl_x509_crypto.c test_ossl_x509_crypto.h test_ossl_x509_ext.c test_ossl_x509_ext.h test_ossl_x509_info.c test_ossl_x509_info.h test_ossl_x509_io.c test_ossl_x509_io.h test_ossl_x509_lu.c test_ossl_x509_lu.h test_ossl_x509_name.c test_ossl_x509_name.h test_ossl_x509_pk.c test_ossl_x509_pk.h test_ossl_x509_str.c test_ossl_x509_str.h test_ossl_x509_vp.c test_ossl_x509_vp.h test_pkcs12.c test_pkcs12.h test_pkcs7.c test_pkcs7.h test_poly1305.c test_poly1305.h test_random.c test_random.h test_rc2.c test_rc2.h test_ripemd.c test_ripemd.h test_rsa.c test_rsa.h test_sha.c test_sha.h test_sha256.c test_sha256.h test_sha3.c test_sha3.h test_sha512.c test_sha512.h test_she.c test_she.h test_signature.c test_signature.h test_slhdsa.c test_slhdsa.h test_sm2.c test_sm2.h test_sm3.c test_sm3.h test_sm4.c test_sm4.h test_tls.c test_tls.h test_tls13.c test_tls13.h test_tls_ext.c test_tls_ext.h test_wc_encrypt.c test_wc_encrypt.h test_wolfmath.c test_wolfmath.h test_x509.c test_x509.hwolfcrypt
benchmark
README.md benchmark-VS2022.sln benchmark-VS2022.vcxproj benchmark-VS2022.vcxproj.user benchmark.c benchmark.h benchmark.sln benchmark.vcproj benchmark.vcxproj include.amsrc
port
Espressif
esp_crt_bundle
README.md cacrt_all.pem cacrt_deprecated.pem cacrt_local.pem esp_crt_bundle.c gen_crt_bundle.py pio_install_cryptography.pyRenesas
README.md renesas_common.c renesas_fspsm_aes.c renesas_fspsm_rsa.c renesas_fspsm_sha.c renesas_fspsm_util.c renesas_rx64_hw_sha.c renesas_rx64_hw_util.c renesas_tsip_aes.c renesas_tsip_rsa.c renesas_tsip_sha.c renesas_tsip_util.carm
armv8-32-aes-asm.S armv8-32-aes-asm_c.c armv8-32-chacha-asm.S armv8-32-chacha-asm_c.c armv8-32-curve25519.S armv8-32-curve25519_c.c armv8-32-mlkem-asm.S armv8-32-mlkem-asm_c.c armv8-32-poly1305-asm.S armv8-32-poly1305-asm_c.c armv8-32-sha256-asm.S armv8-32-sha256-asm_c.c armv8-32-sha3-asm.S armv8-32-sha3-asm_c.c armv8-32-sha512-asm.S armv8-32-sha512-asm_c.c armv8-aes-asm.S armv8-aes-asm_c.c armv8-aes.c armv8-chacha-asm.S armv8-chacha-asm_c.c armv8-curve25519.S armv8-curve25519_c.c armv8-mlkem-asm.S armv8-mlkem-asm_c.c armv8-poly1305-asm.S armv8-poly1305-asm_c.c armv8-sha256-asm.S armv8-sha256-asm_c.c armv8-sha256.c armv8-sha3-asm.S armv8-sha3-asm_c.c armv8-sha512-asm.S armv8-sha512-asm_c.c armv8-sha512.c cryptoCell.c cryptoCellHash.c thumb2-aes-asm.S thumb2-aes-asm_c.c thumb2-chacha-asm.S thumb2-chacha-asm_c.c thumb2-curve25519.S thumb2-curve25519_c.c thumb2-mlkem-asm.S thumb2-mlkem-asm_c.c thumb2-poly1305-asm.S thumb2-poly1305-asm_c.c thumb2-sha256-asm.S thumb2-sha256-asm_c.c thumb2-sha3-asm.S thumb2-sha3-asm_c.c thumb2-sha512-asm.S thumb2-sha512-asm_c.ccaam
README.md caam_aes.c caam_doc.pdf caam_driver.c caam_error.c caam_integrity.c caam_qnx.c caam_sha.c wolfcaam_aes.c wolfcaam_cmac.c wolfcaam_ecdsa.c wolfcaam_fsl_nxp.c wolfcaam_hash.c wolfcaam_hmac.c wolfcaam_init.c wolfcaam_qnx.c wolfcaam_rsa.c wolfcaam_seco.c wolfcaam_x25519.cdevcrypto
README.md devcrypto_aes.c devcrypto_ecdsa.c devcrypto_hash.c devcrypto_hmac.c devcrypto_rsa.c devcrypto_x25519.c wc_devcrypto.criscv
riscv-64-aes.c riscv-64-chacha.c riscv-64-poly1305.c riscv-64-sha256.c riscv-64-sha3.c riscv-64-sha512.cwolfssl
openssl
aes.h asn1.h asn1t.h bio.h bn.h buffer.h camellia.h cmac.h cms.h compat_types.h conf.h crypto.h des.h dh.h dsa.h ec.h ec25519.h ec448.h ecdh.h ecdsa.h ed25519.h ed448.h engine.h err.h evp.h fips_rand.h hmac.h include.am kdf.h lhash.h md4.h md5.h modes.h obj_mac.h objects.h ocsp.h opensslconf.h opensslv.h ossl_typ.h pem.h pkcs12.h pkcs7.h rand.h rc4.h ripemd.h rsa.h safestack.h sha.h sha3.h srp.h ssl.h ssl23.h stack.h tls1.h txt_db.h ui.h x509.h x509_vfy.h x509v3.hwolfcrypt
port
Renesas
renesas-fspsm-crypt.h renesas-fspsm-types.h renesas-rx64-hw-crypt.h renesas-tsip-crypt.h renesas_cmn.h renesas_fspsm_internal.h renesas_sync.h renesas_tsip_internal.h renesas_tsip_types.hcaam
caam_driver.h caam_error.h caam_qnx.h wolfcaam.h wolfcaam_aes.h wolfcaam_cmac.h wolfcaam_ecdsa.h wolfcaam_fsl_nxp.h wolfcaam_hash.h wolfcaam_qnx.h wolfcaam_rsa.h wolfcaam_seco.h wolfcaam_sha.h wolfcaam_x25519.hwrapper
Ada
examples
src
aes_verify_main.adb rsa_verify_main.adb sha256_main.adb spark_sockets.adb spark_sockets.ads spark_terminal.adb spark_terminal.ads tls_client.adb tls_client.ads tls_client_main.adb tls_server.adb tls_server.ads tls_server_main.adbtests
src
aes_bindings_tests.adb aes_bindings_tests.ads rsa_verify_bindings_tests.adb rsa_verify_bindings_tests.ads sha256_bindings_tests.adb sha256_bindings_tests.ads tests.adbCSharp
wolfSSL-Example-IOCallbacks
App.config wolfSSL-Example-IOCallbacks.cs wolfSSL-Example-IOCallbacks.csprojwolfSSL-TLS-ServerThreaded
App.config wolfSSL-TLS-ServerThreaded.cs wolfSSL-TLS-ServerThreaded.csprojrust
wolfssl-wolfcrypt
src
aes.rs blake2.rs chacha20_poly1305.rs cmac.rs cmac_mac.rs curve25519.rs dh.rs dilithium.rs ecc.rs ecdsa.rs ed25519.rs ed448.rs fips.rs hkdf.rs hmac.rs hmac_mac.rs kdf.rs lib.rs lms.rs mlkem.rs mlkem_kem.rs pbkdf2_password_hash.rs prf.rs random.rs rsa.rs rsa_pkcs1v15.rs sha.rs sha_digest.rs sys.rstests
test_aes.rs test_blake2.rs test_chacha20_poly1305.rs test_cmac.rs test_cmac_mac.rs test_curve25519.rs test_dh.rs test_dilithium.rs test_ecc.rs test_ecdsa.rs test_ed25519.rs test_ed448.rs test_hkdf.rs test_hmac.rs test_hmac_mac.rs test_kdf.rs test_lms.rs test_mlkem.rs test_mlkem_kem.rs test_pbkdf2_password_hash.rs test_prf.rs test_random.rs test_rsa.rs test_rsa_pkcs1v15.rs test_sha.rs test_sha_digest.rs test_wolfcrypt.rszephyr
samples
wolfssl_benchmark
CMakeLists.txt README install_test.sh prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.confwolfssl_test
CMakeLists.txt README install_test.sh prj-no-malloc.conf prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl/wolfcrypt/src/port/nxp/se050_port.c
raw
1/* se050_port.c
2 *
3 * Copyright (C) 2006-2026 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#ifdef HAVE_CONFIG_H
23 #include <config.h>
24#endif
25
26#include <stdint.h>
27
28#include <wolfssl/wolfcrypt/settings.h>
29
30#ifdef WOLFSSL_SE050
31
32#include <wolfssl/wolfcrypt/types.h> /* for MATH_INT_T */
33#include <wolfssl/wolfcrypt/wc_port.h>
34#include <wolfssl/wolfcrypt/aes.h>
35#include <wolfssl/wolfcrypt/error-crypt.h>
36#include <wolfssl/wolfcrypt/ed25519.h>
37#include <wolfssl/wolfcrypt/logging.h>
38#include <wolfssl/wolfcrypt/curve25519.h>
39
40#include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
41
42#ifdef WOLFSSL_SE050_INIT
43 #ifndef SE050_DEFAULT_PORT
44 #define SE050_DEFAULT_PORT "/dev/i2c-1"
45 #endif
46
47 #include "ex_sss_boot.h"
48#endif
49
50#ifdef HAVE_ECC
51 #include <wolfssl/wolfcrypt/ecc.h>
52 struct ecc_key;
53 #ifndef SE050_ECC_DER_MAX
54 #define SE050_ECC_DER_MAX 256
55 #endif
56#endif
57#if !defined(NO_RSA) && !defined(WOLFSSL_SE050_NO_RSA)
58 #include <wolfssl/wolfcrypt/rsa.h>
59 struct RsaKey;
60#endif
61#include <wolfssl/wolfcrypt/asn.h>
62
63#ifndef SE050_KEYID_START
64#define SE050_KEYID_START 100
65#endif
66
67/* enable for debugging */
68/* #define SE050_DEBUG*/
69/* enable to factory erase chip */
70/* #define WOLFSSL_SE050_FACTORY_RESET */
71
72/* Global variables */
73static sss_session_t *cfg_se050_i2c_pi;
74static sss_key_store_t *gHostKeyStore;
75static sss_key_store_t *gKeyStore;
76
77int wc_se050_set_config(sss_session_t *pSession, sss_key_store_t *pHostKeyStore,
78 sss_key_store_t *pKeyStore)
79{
80 WOLFSSL_MSG("Setting SE050 session configuration");
81
82 cfg_se050_i2c_pi = pSession;
83 gHostKeyStore = pHostKeyStore;
84 gKeyStore = pKeyStore;
85
86 return 0;
87}
88
89#ifdef WOLFSSL_SE050_INIT
90int wc_se050_init(const char* portName)
91{
92 int ret;
93 sss_status_t status;
94 static ex_sss_boot_ctx_t pCtx;
95
96 if (portName == NULL) {
97 portName = SE050_DEFAULT_PORT;
98 }
99
100 status = ex_sss_boot_open(&pCtx, portName);
101 if (status == kStatus_SSS_Success) {
102 ret = wc_se050_set_config(&pCtx.session,
103 #if SSS_HAVE_HOSTCRYPTO_ANY
104 &pCtx.host_ks,
105 #else
106 NULL,
107 #endif
108 &pCtx.ks);
109
110 #ifdef WOLFSSL_SE050_FACTORY_RESET
111 ex_sss_boot_factory_reset(&pCtx);
112 #endif
113 }
114 else {
115 WOLFSSL_MSG("Failed to open SE050 context");
116 ret = WC_HW_E;
117 }
118 return ret;
119}
120#endif
121
122/**
123 * Erase and free an object stored in SE050.
124 *
125 * keyId ID of object to erase
126 *
127 * Returns 0 on success, negative on error.
128 */
129int wc_se050_erase_object(word32 id)
130{
131 int ret = 0;
132 sss_object_t object;
133 sss_key_store_t host_keystore;
134 sss_status_t status = kStatus_SSS_Success;
135
136#ifdef SE050_DEBUG
137 printf("wc_se050_erase_object: id %d\n", id);
138#endif
139
140 if (cfg_se050_i2c_pi == NULL) {
141 return BAD_FUNC_ARG;
142 }
143
144 if (wolfSSL_CryptHwMutexLock() != 0) {
145 return BAD_MUTEX_E;
146 }
147
148 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
149 if (status == kStatus_SSS_Success) {
150 status = sss_key_store_allocate(&host_keystore,
151 SE050_KEYSTOREID_GENERIC);
152 }
153 if (status == kStatus_SSS_Success) {
154 status = sss_key_object_init(&object, &host_keystore);
155 }
156 if (status == kStatus_SSS_Success) {
157 status = sss_key_object_get_handle(&object, id);
158 }
159 if (status == kStatus_SSS_Success) {
160 sss_key_store_erase_key(&host_keystore, &object);
161 sss_key_object_free(&object);
162 }
163 wolfSSL_CryptHwMutexUnLock();
164
165 if (status != kStatus_SSS_Success) {
166 ret = WC_HW_E;
167 }
168
169 return ret;
170}
171
172word32 se050_allocate_key(int keyType)
173{
174 word32 keyId = 0;
175 static word32 keyId_allocator = SE050_KEYID_START;
176 switch (keyType) {
177 case SE050_AES_KEY:
178 case SE050_ECC_KEY:
179 case SE050_RSA_KEY:
180 case SE050_ED25519_KEY:
181 case SE050_CURVE25519_KEY:
182 case SE050_ANY_KEY:
183 keyId = keyId_allocator++;
184 break;
185 }
186#ifdef SE050_DEBUG
187 printf("se050_allocate_key: keyId %d\n", keyId);
188#endif
189 return keyId;
190}
191
192#if !defined(WC_NO_RNG) && !defined(WOLFSSL_SE050_NO_TRNG)
193int se050_get_random_number(uint32_t count, uint8_t* rand_out)
194{
195 int ret = 0;
196 sss_status_t status;
197 sss_rng_context_t rng;
198
199#ifdef SE050_DEBUG
200 printf("se050_get_random_number: %p (%d)\n", rand_out, count);
201#endif
202
203 if (cfg_se050_i2c_pi == NULL) {
204 return WC_HW_E;
205 }
206
207 if (wolfSSL_CryptHwMutexLock() != 0) {
208 return BAD_MUTEX_E;
209 }
210 status = sss_rng_context_init(&rng, cfg_se050_i2c_pi);
211 if (status == kStatus_SSS_Success) {
212 status = sss_rng_get_random(&rng, rand_out, count);
213 }
214 if (status == kStatus_SSS_Success) {
215 status = sss_rng_context_free(&rng);
216 }
217 if (status != kStatus_SSS_Success) {
218 ret = RNG_FAILURE_E;
219 }
220
221 wolfSSL_CryptHwMutexUnLock();
222
223 return ret;
224}
225#endif /* !WC_NO_RNG && !WOLFSSL_SE050_NO_TRNG */
226
227#ifdef WOLFSSL_SE050_HASH
228
229/* Used for sha/sha224/sha384/sha512 */
230int se050_hash_init(SE050_HASH_Context* se050Ctx, void* heap)
231{
232 se050Ctx->heap = heap;
233 se050Ctx->len = 0;
234 se050Ctx->used = 0;
235 se050Ctx->msg = NULL;
236 return 0;
237}
238
239int se050_hash_copy(SE050_HASH_Context* src, SE050_HASH_Context* dst)
240{
241 if (src == NULL || dst == NULL || (src->used != dst->used)) {
242 return BAD_FUNC_ARG;
243 }
244
245 if (src->used > 0) {
246 /* dst->msg points to same buffer as src->msg, needs to be allocated
247 * and dep copied over instead of plain pointer copy */
248 dst->msg = (byte*)XMALLOC(src->used, dst->heap,
249 DYNAMIC_TYPE_TMP_BUFFER);
250 if (dst->msg == NULL) {
251 PRINTF("Tried to allocate %d bytes\n", dst->used);
252 return MEMORY_E;
253 }
254 XMEMSET(dst->msg, 0, dst->used);
255 XMEMCPY(dst->msg, src->msg, src->used);
256 dst->used = src->used;
257 dst->len = src->used;
258 } else {
259 dst->msg = NULL;
260 dst->len = 0;
261 dst->used = 0;
262 }
263
264 return 0;
265}
266
267int se050_hash_update(SE050_HASH_Context* se050Ctx, const byte* data, word32 len)
268{
269 byte* tmp = NULL;
270 word32 usedSz = 0;
271
272 if (se050Ctx == NULL || (len > 0 && data == NULL) || (len == 0) ||
273 !WC_SAFE_SUM_WORD32(se050Ctx->used, len, usedSz)) {
274 return BAD_FUNC_ARG;
275 }
276
277 if (se050Ctx->len < usedSz) {
278 if (se050Ctx->msg == NULL) {
279 se050Ctx->msg = (byte*)XMALLOC(usedSz,
280 se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
281 if (se050Ctx->msg == NULL) {
282 return MEMORY_E;
283 }
284 XMEMSET(se050Ctx->msg, 0, usedSz);
285 }
286 else {
287 tmp = (byte*)XMALLOC(usedSz, se050Ctx->heap,
288 DYNAMIC_TYPE_TMP_BUFFER);
289 if (tmp == NULL) {
290 return MEMORY_E;
291 }
292 XMEMSET(tmp, 0, usedSz);
293 XMEMCPY(tmp, se050Ctx->msg, se050Ctx->used);
294 XFREE(se050Ctx->msg, se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
295 se050Ctx->msg = tmp;
296 }
297 se050Ctx->len = usedSz;
298 }
299
300 XMEMCPY(se050Ctx->msg + se050Ctx->used, data, len);
301 se050Ctx->used += len;
302
303 return 0;
304}
305
306int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash, size_t digestLen,
307 sss_algorithm_t algo)
308{
309 int ret;
310 sss_status_t status;
311 sss_digest_t digest_ctx;
312 const byte* data = se050Ctx->msg;
313 int size = (se050Ctx->used) / SSS_BLOCK_SIZE;
314 int leftover = (se050Ctx->used) % SSS_BLOCK_SIZE;
315 const byte* blocks = data;
316
317 if (cfg_se050_i2c_pi == NULL) {
318 return WC_HW_E;
319 }
320
321 if (wolfSSL_CryptHwMutexLock() != 0) {
322 return BAD_MUTEX_E;
323 }
324
325 status = sss_digest_context_init(&digest_ctx, cfg_se050_i2c_pi, algo,
326 kMode_SSS_Digest);
327 if (status == kStatus_SSS_Success) {
328 status = sss_digest_init(&digest_ctx);
329 }
330 if (status == kStatus_SSS_Success) {
331 /* used to send chunks of size 512 */
332 while (status == kStatus_SSS_Success && size--) {
333 status = sss_digest_update(&digest_ctx, blocks, SSS_BLOCK_SIZE);
334 blocks += SSS_BLOCK_SIZE;
335 }
336 if (status == kStatus_SSS_Success && leftover) {
337 status = sss_digest_update(&digest_ctx, blocks, leftover);
338 }
339 if (status == kStatus_SSS_Success) {
340 status = sss_digest_finish(&digest_ctx, hash, &digestLen);
341 }
342 sss_digest_context_free(&digest_ctx);
343 }
344
345 if (status == kStatus_SSS_Success) {
346 /* reset state */
347 XFREE(se050Ctx->msg, se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
348 ret = se050_hash_init(se050Ctx, se050Ctx->heap);
349 } else {
350 ret = WC_HW_E;
351 }
352
353 wolfSSL_CryptHwMutexUnLock();
354
355 return ret;
356}
357
358void se050_hash_free(SE050_HASH_Context* se050Ctx)
359{
360 XFREE(se050Ctx->msg, se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
361 se050Ctx->msg = NULL;
362 se050Ctx->len = 0;
363 se050Ctx->used = 0;
364}
365
366#endif /* WOLFSSL_SE050_HASH */
367
368#if defined(WOLFSSL_SE050_CRYPT) && !defined(NO_AES)
369
370int se050_aes_set_key(Aes* aes, const byte* key, word32 keylen,
371 const byte* iv, int dir)
372{
373 int ret = 0;
374 sss_status_t status;
375 sss_object_t newKey;
376 sss_key_store_t host_keystore;
377 word32 keyId;
378 int keyCreated = 0;
379
380 if (cfg_se050_i2c_pi == NULL) {
381 return WC_HW_E;
382 }
383
384 if (wolfSSL_CryptHwMutexLock() != 0) {
385 return BAD_MUTEX_E;
386 }
387
388 (void)dir;
389 (void)iv;
390
391 aes->rounds = keylen/4 + 6;
392
393 /* free existing key in slot first before storing new one */
394 ret = wc_se050_erase_object(aes->keyId);
395 if (ret != 0) {
396 wolfSSL_CryptHwMutexUnLock();
397 return ret;
398 }
399 aes->keyIdSet = 0;
400
401 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
402 if (status == kStatus_SSS_Success) {
403 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_AES);
404 }
405 if (status == kStatus_SSS_Success) {
406 status = sss_key_object_init(&newKey, &host_keystore);
407 }
408 if (status == kStatus_SSS_Success) {
409 keyId = se050_allocate_key(SE050_AES_KEY);
410 status = sss_key_object_allocate_handle(&newKey, keyId,
411 kSSS_KeyPart_Default, kSSS_CipherType_AES, keylen,
412 kKeyObject_Mode_Transient);
413 }
414 if (status == kStatus_SSS_Success) {
415 status = sss_key_store_set_key(&host_keystore, &newKey, key, keylen,
416 keylen * 8, NULL, 0);
417 }
418
419 if (status == kStatus_SSS_Success) {
420 keyCreated = 1;
421 aes->keyId = keyId;
422 aes->keyIdSet = 1;
423 ret = 0;
424 }
425 else {
426 if (keyCreated) {
427 sss_key_store_erase_key(&host_keystore, &newKey);
428 sss_key_object_free(&newKey);
429 }
430 ret = WC_HW_E;
431 }
432
433 wolfSSL_CryptHwMutexUnLock();
434
435 return ret;
436}
437
438int se050_aes_crypt(Aes* aes, const byte* in, byte* out, word32 sz, int dir,
439 sss_algorithm_t algorithm)
440{
441 int ret = 0;
442 sss_status_t status;
443 sss_object_t keyObject;
444 sss_key_store_t host_keystore;
445
446 if (cfg_se050_i2c_pi == NULL) {
447 return WC_HW_E;
448 }
449 if (aes->keyIdSet == 0) {
450 return BAD_FUNC_ARG;
451 }
452
453 if (wolfSSL_CryptHwMutexLock() != 0) {
454 return BAD_MUTEX_E;
455 }
456
457 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
458 if (status == kStatus_SSS_Success) {
459 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_AES);
460 }
461 if (status == kStatus_SSS_Success) {
462 status = sss_key_object_init(&keyObject, &host_keystore);
463 }
464 if (status == kStatus_SSS_Success) {
465 status = sss_key_object_get_handle(&keyObject, aes->keyId);
466 }
467
468 /* The first call to this function needs an initialization call,
469 * subsequent calls just need to call update */
470 if (status == kStatus_SSS_Success && aes->ctxInitDone == 0) {
471 sss_mode_t mode;
472
473 XMEMSET(&mode, 0, sizeof(mode));
474 if (dir == AES_DECRYPTION)
475 mode = kMode_SSS_Decrypt;
476 else if (dir == AES_ENCRYPTION)
477 mode = kMode_SSS_Encrypt;
478
479 if (status == kStatus_SSS_Success) {
480 status = sss_symmetric_context_init(&aes->aes_ctx,
481 cfg_se050_i2c_pi, &keyObject, algorithm, mode);
482 }
483 if (status == kStatus_SSS_Success) {
484 aes->ctxInitDone = 1;
485 status = sss_cipher_init(&aes->aes_ctx, (uint8_t*)aes->reg,
486 sizeof(aes->reg));
487 }
488 }
489 if (status == kStatus_SSS_Success) {
490 size_t outSz = (size_t)sz;
491 status = sss_cipher_update(&aes->aes_ctx, in, sz, out, &outSz);
492 }
493
494 ret = (status == kStatus_SSS_Success) ? 0 : WC_HW_E;
495
496 wolfSSL_CryptHwMutexUnLock();
497
498 return ret;
499}
500
501void se050_aes_free(Aes* aes)
502{
503 if (aes == NULL) {
504 return;
505 }
506
507 if (aes->ctxInitDone) {
508 sss_symmetric_context_free(&aes->aes_ctx);
509
510 /* sets back to zero to indicate that a free has been called */
511 aes->ctxInitDone = 0;
512 }
513
514 aes->keyId = 0;
515 aes->keyIdSet = 0;
516}
517
518#endif /* WOLFSSL_SE050_CRYPT && !NO_AES */
519
520/**
521 * Get size of a SE05X secure object at specified object ID.
522 *
523 * keystore SE050 keystore associated with object
524 * keyId SE050 key ID in which object is stored
525 *
526 * Size returned depends on object type:
527 * ECC key: curve size
528 * RSA/AES/DES/HMAC key: key size
529 * Binary file: file size
530 *
531 * Return size or negative on error
532 */
533static int se050_get_object_size(sss_key_store_t* keystore, word32 keyId)
534{
535 uint16_t size = 0;
536 smStatus_t status = SM_NOT_OK;
537 sss_se05x_key_store_t* se05x_keystore = NULL;
538
539 if (keystore == NULL) {
540 return BAD_FUNC_ARG;
541 }
542
543 se05x_keystore = (sss_se05x_key_store_t*)keystore;
544 status = Se05x_API_ReadSize(&se05x_keystore->session->s_ctx,
545 keyId, &size);
546 if (status != SM_OK) {
547 return WC_HW_E;
548 }
549
550 return (int)size;
551}
552
553/**
554 * Insert binary object into SE050 as persistent object.
555 *
556 * keyId SE050 key ID to store object in
557 * object binary object data
558 * objectSz size of binary object, bytes
559 *
560 * Returns 0 on success, negative on error
561 */
562int wc_se050_insert_binary_object(word32 keyId, const byte* object,
563 word32 objectSz)
564{
565 int ret = 0;
566 sss_object_t newObj;
567 sss_key_store_t host_keystore;
568 sss_status_t status = kStatus_SSS_Success;
569
570 if (wolfSSL_CryptHwMutexLock() != 0) {
571 return BAD_MUTEX_E;
572 }
573
574 /* Avoid key ID conflicts with temporary key storage */
575 if (keyId >= SE050_KEYID_START) {
576 wolfSSL_CryptHwMutexUnLock();
577 return BAD_FUNC_ARG;
578 }
579
580 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
581 if (status == kStatus_SSS_Success) {
582 status = sss_key_object_init(&newObj, &host_keystore);
583 }
584 if (status == kStatus_SSS_Success) {
585 status = sss_key_object_allocate_handle(&newObj, keyId,
586 kSSS_KeyPart_Default, kSSS_CipherType_Binary, objectSz,
587 kKeyObject_Mode_Persistent);
588 }
589 if (status == kStatus_SSS_Success) {
590 status = sss_key_store_set_key(&host_keystore, &newObj, object,
591 objectSz, (objectSz * 8), NULL, 0);
592 }
593 wolfSSL_CryptHwMutexUnLock();
594
595 if (status != kStatus_SSS_Success) {
596 ret = WC_HW_E;
597 }
598
599 return ret;
600}
601
602/**
603 * Get binary object from SE050 from specified key ID.
604 *
605 * keyId SE050 key ID to get binary object from
606 * out output buffer to place binary object
607 * outSz size of output buffer on input, size of written object on output
608 *
609 * Returns 0 on success, LENGTH_ONLY_E if out is NULL with outSz set to
610 * required buffer size, and other negative on error.
611 */
612int wc_se050_get_binary_object(word32 keyId, byte* out, word32* outSz)
613{
614 int ret = 0;
615 sss_object_t object;
616 sss_key_store_t host_keystore;
617 sss_status_t status = kStatus_SSS_Success;
618 size_t outBitSz = 0;
619
620 /* If out is NULL, outSz set to required size and LENGTH_ONLY_E returned */
621 if (outSz == NULL) {
622 return BAD_FUNC_ARG;
623 }
624
625 if (wolfSSL_CryptHwMutexLock() != 0) {
626 return BAD_MUTEX_E;
627 }
628
629 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
630 if (status == kStatus_SSS_Success) {
631 status = sss_key_object_init(&object, &host_keystore);
632 }
633 if (status == kStatus_SSS_Success) {
634 ret = se050_get_object_size(&host_keystore, keyId);
635 if (ret < 0) {
636 status = kStatus_SSS_Fail;
637 }
638 else {
639 if (out == NULL) {
640 *outSz = ret;
641 wolfSSL_CryptHwMutexUnLock();
642 return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
643 }
644 if ((word32)ret > *outSz) {
645 WOLFSSL_MSG("Output buffer not large enough for object");
646 wolfSSL_CryptHwMutexUnLock();
647 return BAD_LENGTH_E;
648 }
649 ret = 0;
650 }
651 }
652 if (status == kStatus_SSS_Success) {
653 status = sss_key_object_get_handle(&object, keyId);
654 }
655 if (status == kStatus_SSS_Success) {
656 outBitSz = (*outSz) * 8;
657 status = sss_key_store_get_key(&host_keystore, &object, out,
658 (size_t*)outSz, &outBitSz);
659 }
660 wolfSSL_CryptHwMutexUnLock();
661
662 if (status != kStatus_SSS_Success) {
663 ret = WC_HW_E;
664 }
665
666 return ret;
667}
668
669#if !defined(NO_RSA) && !defined(WOLFSSL_SE050_NO_RSA)
670
671/**
672 * Use specified SE050 key ID with this RsaKey struct.
673 * Should be called by wc_RsaUseKeyId() for using pre-populated
674 * SE050 keys.
675 *
676 * key Pointer to initialized RsaKey structure
677 * keyId SE050 key ID containing RSA key object
678 *
679 * Return 0 on success, negative on error.
680 */
681int se050_rsa_use_key_id(struct RsaKey* key, word32 keyId)
682{
683 int ret = 0;
684 sss_object_t keyObject;
685 sss_key_store_t host_keystore;
686 sss_status_t status = kStatus_SSS_Success;
687 uint8_t* derBuf = NULL;
688 size_t derSz = 0;
689 size_t derSzBits = 0;
690 word32 idx = 0;
691
692#ifdef SE050_DEBUG
693 printf("se050_rsa_use_key_id: key %p, keyId %d\n", key, keyId);
694#endif
695 if (key == NULL) {
696 return BAD_FUNC_ARG;
697 }
698
699 if (cfg_se050_i2c_pi == NULL) {
700 return WC_HW_E;
701 }
702
703 if (wolfSSL_CryptHwMutexLock() != 0) {
704 return BAD_MUTEX_E;
705 }
706
707 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
708 if (status == kStatus_SSS_Success) {
709 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_RSA);
710 }
711 if (status == kStatus_SSS_Success) {
712 status = sss_key_object_init(&keyObject, &host_keystore);
713 }
714 if (status == kStatus_SSS_Success) {
715 status = sss_key_object_get_handle(&keyObject, keyId);
716 }
717 if (status == kStatus_SSS_Success) {
718 ret = se050_get_object_size(&host_keystore, keyObject.keyId);
719 if (ret <= 0) {
720 status = kStatus_SSS_Fail;
721 }
722 else {
723 /* double derSz to allow for ASN.1 encoding space */
724 derSz = ((size_t)ret) * 2;
725 ret = 0;
726 derBuf = (uint8_t*)XMALLOC(derSz, key->heap,
727 DYNAMIC_TYPE_TMP_BUFFER);
728 if (derBuf == NULL) {
729 WOLFSSL_MSG("Error calling malloc for RSA DER buffer");
730 status = kStatus_SSS_Fail;
731 }
732 }
733 }
734 if (status == kStatus_SSS_Success) {
735 derSzBits = derSz * 8;
736 XMEMSET(derBuf, 0, derSz);
737 status = sss_key_store_get_key(&host_keystore, &keyObject,
738 derBuf, &derSz, &derSzBits);
739 (void)derSzBits; /* not used */
740 }
741 if (status == kStatus_SSS_Success) {
742 /* Populate RsaKey with general key info, for wolfCrypt to use */
743 ret = wc_RsaPublicKeyDecode(derBuf, &idx, key, (word32)derSz);
744 if (ret != 0) {
745 status = kStatus_SSS_Fail;
746 }
747 }
748 XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
749
750 if (status == kStatus_SSS_Success) {
751 key->keyId = keyId;
752 key->keyIdSet = 1;
753 key->type = RSA_PRIVATE;
754 ret = 0;
755 }
756 else if (ret == 0) {
757 ret = WC_HW_E;
758 }
759
760 sss_key_object_free(&keyObject);
761
762 wolfSSL_CryptHwMutexUnLock();
763
764#ifdef SE050_DEBUG
765 printf("se050_rsa_use_key_id: ret %d\n", ret);
766#endif
767
768 return ret;
769}
770
771/**
772 * Get SE050 key ID associated with this RsaKey struct.
773 * Should be called by wc_RsaGetKeyId() for the application to get
774 * what key ID wolfCrypt picked for this RsaKey struct when generating
775 * a key inside the SE050.
776 *
777 * key Pointer to initialized RsaKey structure
778 * keyId [OUT] SE050 key ID associated with this key structure
779 *
780 * Return 0 on success, negative on error.
781 */
782int se050_rsa_get_key_id(struct RsaKey* key, word32* keyId)
783{
784 int ret = 0;
785
786 if (key == NULL || keyId == NULL) {
787 return BAD_FUNC_ARG;
788 }
789
790 if (key->keyIdSet == 1) {
791 *keyId = key->keyId;
792
793 } else {
794 WOLFSSL_MSG("SE050 key ID not set for RsaKey struct");
795 ret = WC_HW_E;
796 }
797
798 return ret;
799}
800
801/**
802 * Create RSA key pair inside SE050.
803 *
804 * key RsaKey structure to store generated key information in
805 * size RSA key size to generate in bytes
806 * e RSA exponent, must be 65537 for SE050 compatibility
807 *
808 * Returns 0 on success, negative on error.
809 */
810int se050_rsa_create_key(struct RsaKey* key, int size, long e)
811{
812 int ret = 0;
813 word32 keyId = 0;
814 int keyCreated = 0;
815 sss_status_t status = kStatus_SSS_Success;
816 sss_object_t keyPair;
817 sss_key_store_t host_keystore;
818 uint8_t* derBuf = NULL;
819 size_t derSz = 0;
820 size_t derSzBits = 0;
821 word32 idx = 0;
822
823#ifdef SE050_DEBUG
824 printf("se050_rsa_create_key: key %p, size %d, e %ld\n", key, size, e);
825#endif
826
827 if (cfg_se050_i2c_pi == NULL) {
828 return WC_HW_E;
829 }
830
831 if (e != 65537) {
832 WOLFSSL_MSG("SE050 RSA key create only supports exponent of 65537");
833 return WC_HW_E;
834 }
835
836 if (wolfSSL_CryptHwMutexLock() != 0) {
837 return BAD_MUTEX_E;
838 }
839
840 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
841 if (status == kStatus_SSS_Success) {
842 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_RSA);
843 }
844 if (status == kStatus_SSS_Success) {
845 status = sss_key_object_init(&keyPair, &host_keystore);
846 }
847 if (status == kStatus_SSS_Success) {
848 keyId = se050_allocate_key(SE050_RSA_KEY);
849 status = sss_key_object_allocate_handle(&keyPair, keyId,
850 kSSS_KeyPart_Pair, kSSS_CipherType_RSA, (size / 8),
851 kKeyObject_Mode_Persistent);
852 }
853 if (status == kStatus_SSS_Success) {
854 /* Try to delete existing key first. Ignore return since will fail
855 * if no key exists */
856 sss_key_store_erase_key(&host_keystore, &keyPair);
857
858 keyCreated = 1;
859 status = sss_key_store_generate_key(&host_keystore, &keyPair,
860 size, NULL);
861 }
862 if (status == kStatus_SSS_Success) {
863 ret = se050_get_object_size(&host_keystore, keyPair.keyId);
864 if (ret <= 0) {
865 status = kStatus_SSS_Fail;
866 }
867 else {
868 /* double derSz to allow for ASN.1 encoding space */
869 derSz = ((size_t)ret) * 2;
870 ret = 0;
871 derBuf = (uint8_t*)XMALLOC(derSz, key->heap,
872 DYNAMIC_TYPE_TMP_BUFFER);
873 if (derBuf == NULL) {
874 WOLFSSL_MSG("Error calling malloc for RSA DER buffer");
875 status = kStatus_SSS_Fail;
876 }
877 }
878 }
879 if (status == kStatus_SSS_Success) {
880 derSzBits = derSz * 8;
881 XMEMSET(derBuf, 0, derSz);
882 status = sss_key_store_get_key(&host_keystore, &keyPair,
883 derBuf, &derSz, &derSzBits);
884 (void)derSzBits; /* not used */
885 }
886 if (status == kStatus_SSS_Success) {
887 ret = wc_RsaPublicKeyDecode(derBuf, &idx, key, (word32)derSz);
888 if (ret != 0) {
889 status = kStatus_SSS_Fail;
890 }
891 }
892 XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
893
894 if (status == kStatus_SSS_Success) {
895 key->keyId = keyId;
896 key->keyIdSet = 1;
897 key->type = RSA_PRIVATE;
898 ret = 0;
899 }
900 else {
901 if (keyCreated) {
902 sss_key_store_erase_key(&host_keystore, &keyPair);
903 sss_key_object_free(&keyPair);
904 }
905 if (ret == 0) {
906 ret = WC_HW_E;
907 }
908 }
909
910 wolfSSL_CryptHwMutexUnLock();
911
912#ifdef SE050_DEBUG
913 printf("se050_rsa_create_key: key %p, ret %d, keyId %d\n",
914 key, ret, key->keyId);
915#endif
916
917 return ret;
918}
919
920static int se050_rsa_insert_key(word32 keyId, const byte* rsaDer,
921 word32 rsaDerSize, int keyType)
922{
923 int ret = 0;
924 int keySize;
925 word32 idx = 0;
926 sss_object_t newKey;
927 sss_key_store_t host_keystore;
928 sss_status_t status = kStatus_SSS_Success;
929 struct RsaKey key;
930 sss_key_part_t keyPart = kSSS_KeyPart_Pair;
931
932 if (wolfSSL_CryptHwMutexLock() != 0) {
933 return BAD_MUTEX_E;
934 }
935
936 /* Avoid key ID conflicts with temporary key storage */
937 if (keyId >= SE050_KEYID_START) {
938 wolfSSL_CryptHwMutexUnLock();
939 return BAD_FUNC_ARG;
940 }
941
942 ret = wc_InitRsaKey(&key, NULL);
943 if (ret != 0) {
944 status = kStatus_SSS_Fail;
945 }
946 else {
947 if (keyType == RSA_PUBLIC) {
948 keyPart = kSSS_KeyPart_Public;
949 ret = wc_RsaPublicKeyDecode(rsaDer, &idx, &key, rsaDerSize);
950 }
951 else if (keyType == RSA_PRIVATE) {
952 keyPart = kSSS_KeyPart_Pair;
953 ret = wc_RsaPrivateKeyDecode(rsaDer, &idx, &key, rsaDerSize);
954 }
955 else {
956 ret = BAD_FUNC_ARG;
957 }
958
959 if (ret != 0) {
960 status = kStatus_SSS_Fail;
961 }
962 }
963
964 if (status == kStatus_SSS_Success) {
965 keySize = wc_RsaEncryptSize(&key);
966 if (keySize < 0) {
967 status = kStatus_SSS_Fail;
968 }
969 }
970 if (status == kStatus_SSS_Success) {
971 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
972 }
973 if (status == kStatus_SSS_Success) {
974 status = sss_key_object_init(&newKey, &host_keystore);
975 }
976 if (status == kStatus_SSS_Success) {
977 status = sss_key_object_allocate_handle(&newKey, keyId,
978 keyPart, kSSS_CipherType_RSA, keySize,
979 kKeyObject_Mode_Persistent);
980 }
981 if (status == kStatus_SSS_Success) {
982 status = sss_key_store_set_key(&host_keystore, &newKey, rsaDer,
983 rsaDerSize, (keySize * 8), NULL, 0);
984 }
985 wolfSSL_CryptHwMutexUnLock();
986
987 wc_FreeRsaKey(&key);
988 if (status != kStatus_SSS_Success) {
989 if (ret == 0) {
990 ret = WC_HW_E;
991 }
992 }
993
994 return ret;
995}
996
997/**
998 * Insert DER encoded RSA private key into SE050 as a persistent key.
999 *
1000 * keyId SE050 key ID to store key into
1001 * rsaDer DER encoded RSA private key
1002 * rsaDerSize size of DER buffer, bytes
1003 *
1004 * Returns 0 on success, negative on error
1005 */
1006int wc_se050_rsa_insert_private_key(word32 keyId, const byte* rsaDer,
1007 word32 rsaDerSize)
1008{
1009 return se050_rsa_insert_key(keyId, rsaDer, rsaDerSize, RSA_PRIVATE);
1010}
1011
1012/**
1013 * Insert DER encoded RSA public key into SE050 as a persistent key.
1014 *
1015 * keyId SE050 key ID to store key into
1016 * rsaDer DER encoded RSA public key
1017 * rsaDerSize size of DER buffer, bytes
1018 *
1019 * Returns 0 on success, negative on error
1020 */
1021int wc_se050_rsa_insert_public_key(word32 keyId, const byte* rsaDer,
1022 word32 rsaDerSize)
1023{
1024 return se050_rsa_insert_key(keyId, rsaDer, rsaDerSize, RSA_PUBLIC);
1025}
1026
1027/**
1028 * Free an RSA key object from the SE050. Erases key from persistent storage
1029 * if it was allocated by wolfSSL (not pre-provisioned).
1030 *
1031 * key Pointer to initialized RsaKey structure
1032 */
1033void se050_rsa_free_key(struct RsaKey* key)
1034{
1035 sss_status_t status = kStatus_SSS_Success;
1036 sss_object_t keyObject;
1037 sss_key_store_t host_keystore;
1038
1039#ifdef SE050_DEBUG
1040 printf("se050_rsa_free_key: key %p, keyId %d\n", key, key->keyId);
1041#endif
1042
1043 if (cfg_se050_i2c_pi == NULL) {
1044 return;
1045 }
1046 if (key->keyIdSet == 0) {
1047 return;
1048 }
1049
1050 if (wolfSSL_CryptHwMutexLock() != 0) {
1051 return;
1052 }
1053
1054 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
1055 if (status == kStatus_SSS_Success) {
1056 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_RSA);
1057 }
1058 if (status == kStatus_SSS_Success) {
1059 status = sss_key_object_init(&keyObject, &host_keystore);
1060 }
1061 if (status == kStatus_SSS_Success) {
1062 status = sss_key_object_get_handle(&keyObject, key->keyId);
1063 }
1064
1065 if (status == kStatus_SSS_Success) {
1066 /* Erase key from SE050 persistent storage if it was allocated
1067 * by wolfSSL (not a pre-provisioned key). Without this, persistent
1068 * key objects leak on the SE050 and can exhaust secure storage. */
1069 if (key->keyId >= SE050_KEYID_START) {
1070 sss_key_store_erase_key(&host_keystore, &keyObject);
1071 }
1072 sss_key_object_free(&keyObject);
1073 key->keyId = 0;
1074 key->keyIdSet = 0;
1075 }
1076 wolfSSL_CryptHwMutexUnLock();
1077}
1078
1079/**
1080 * Get SSS algorithm type for RSA signature operations.
1081 *
1082 * padType padding type
1083 * hash hash function
1084 * mgf mask generation function (for PSS)
1085 *
1086 * Returns algorithm type or kAlgorithm_None if none supported found
1087 */
1088static sss_algorithm_t se050_get_rsa_signature_type(int padType,
1089 enum wc_HashType hash, int mgf)
1090{
1091 sss_algorithm_t alg = kAlgorithm_None;
1092
1093 switch (padType) {
1094 case WC_RSA_PKCSV15_PAD:
1095 if (hash == WC_HASH_TYPE_NONE) {
1096 alg = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_NO_HASH;
1097 } else if (hash == WC_HASH_TYPE_SHA) {
1098 alg = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1;
1099 } else if (hash == WC_HASH_TYPE_SHA224) {
1100 alg = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224;
1101 } else if (hash == WC_HASH_TYPE_SHA256) {
1102 alg = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256;
1103 } else if (hash == WC_HASH_TYPE_SHA384) {
1104 alg = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384;
1105 } else if (hash == WC_HASH_TYPE_SHA512) {
1106 alg = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512;
1107 }
1108 break;
1109 case WC_RSA_OAEP_PAD:
1110 if (hash == WC_HASH_TYPE_SHA) {
1111 alg = kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1;
1112 } else if (hash == WC_HASH_TYPE_SHA224) {
1113 alg = kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224;
1114 } else if (hash == WC_HASH_TYPE_SHA256) {
1115 alg = kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256;
1116 } else if (hash == WC_HASH_TYPE_SHA384) {
1117 alg = kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384;
1118 } else if (hash == WC_HASH_TYPE_SHA512) {
1119 alg = kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512;
1120 }
1121 break;
1122 case WC_RSA_PSS_PAD:
1123 if (mgf == WC_MGF1SHA1) {
1124 alg = kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1;
1125 } else if (mgf == WC_MGF1SHA224) {
1126 alg = kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224;
1127 } else if (mgf == WC_MGF1SHA256) {
1128 alg = kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256;
1129 } else if (mgf == WC_MGF1SHA384) {
1130 alg = kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384;
1131 } else if (mgf == WC_MGF1SHA512) {
1132 alg = kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512;
1133 }
1134 break;
1135 case WC_RSA_NO_PAD:
1136 alg = kAlgorithm_SSS_RSASSA_NO_PADDING;
1137 break;
1138 default:
1139 break;
1140 }
1141
1142 return alg;
1143}
1144
1145static sss_algorithm_t se050_get_rsa_encrypt_type(int padType,
1146 enum wc_HashType hash)
1147{
1148 sss_algorithm_t alg = kAlgorithm_None;
1149 (void)hash;
1150
1151 switch (padType) {
1152 case WC_RSA_PKCSV15_PAD:
1153 alg = kAlgorithm_SSS_RSAES_PKCS1_V1_5;
1154 break;
1155 case WC_RSA_OAEP_PAD:
1156 /* lower level Se05x API translation maps OAEP-SHA1 alg type to
1157 * kSE05x_RSAEncryptionAlgo_PKCS1_OAEP (generic) */
1158 alg = kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1;
1159 break;
1160 case WC_RSA_NO_PAD:
1161 alg = kAlgorithm_SSS_RSASSA_NO_PADDING;
1162 break;
1163 default:
1164 break;
1165 }
1166
1167 return alg;
1168}
1169
1170/**
1171 * RSA sign operation.
1172 *
1173 * in input data to be signed
1174 * inLen length of input data, bytes
1175 * out output buffer containing signature
1176 * outLen length of output buffer, bytes
1177 * key pointer to initialized/populated RsaKey structure
1178 * rsa_type type of RSA: must be RSA_PRIVATE_ENCRYPT
1179 * pad_value should be RSA_BLOCK_TYPE_1 for signing
1180 * pad_type type of padding: WC_RSA_PKCSV15_PAD, WC_RSA_OAEP_PAD,
1181 * WC_RSA_NO_PAD, WC_RSA_PSS_PAD
1182 * hash type of hash algorithm, found in wolfssl/wolfcrypt/hash.h
1183 * mgf type of mask generation function to use
1184 * label optional label, not supported by SE050, must be NULL
1185 * labelSz size of label, not supported by SE050, must be 0
1186 * keySz size of RSA key, bytes
1187 *
1188 * Return size of signature on success, negative on error.
1189 */
1190int se050_rsa_sign(const byte* in, word32 inLen, byte* out,
1191 word32 outLen, struct RsaKey* key, int rsa_type,
1192 byte pad_value, int pad_type, enum wc_HashType hash,
1193 int mgf, byte* label, word32 labelSz, int keySz)
1194{
1195 int ret = 0;
1196 int keyCreated = 0;
1197 word32 keyId;
1198 size_t sigSz;
1199 sss_object_t newKey;
1200 sss_status_t status;
1201 sss_key_store_t host_keystore;
1202 sss_algorithm_t algorithm = kAlgorithm_None;
1203 sss_asymmetric_t ctx_asymm;
1204 byte* derBuf = NULL;
1205 int derSz = 0;
1206
1207 /* SE050 does not support optional label */
1208 (void)label;
1209 (void)labelSz;
1210
1211#ifdef SE050_DEBUG
1212 printf("se050_rsa_sign: key %p, in %p (%d), out %p (%d), "
1213 "key %p, type %d, pad_value = %d, pad_type = %d, mgf = %d\n",
1214 key, in, inLen, out, outLen, key, rsa_type, pad_value,
1215 pad_type, mgf);
1216#endif
1217
1218 if (in == NULL || out == NULL || key == NULL ||
1219 rsa_type != RSA_PRIVATE_ENCRYPT || pad_value != RSA_BLOCK_TYPE_1) {
1220 return BAD_FUNC_ARG;
1221 }
1222
1223 if (cfg_se050_i2c_pi == NULL) {
1224 return WC_HW_E;
1225 }
1226
1227 if (wolfSSL_CryptHwMutexLock() != 0) {
1228 return BAD_MUTEX_E;
1229 }
1230
1231 algorithm = se050_get_rsa_signature_type(pad_type, hash, mgf);
1232 if (algorithm == kAlgorithm_None) {
1233 WOLFSSL_MSG("Unsupported padding/hash/mgf combination for SE050");
1234 wolfSSL_CryptHwMutexUnLock();
1235 return BAD_FUNC_ARG;
1236 }
1237#ifdef SE050_DEBUG
1238 printf("se050_rsa_sign: algorithm = %d, keySz = %d, keyIdSet = %d\n",
1239 algorithm, keySz, key->keyIdSet);
1240#endif
1241
1242 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
1243#ifdef SE050_DEBUG
1244 printf("se050_rsa_sign: sss_key_store_context_init status = %d\n", status);
1245#endif
1246 if (status == kStatus_SSS_Success) {
1247 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_RSA);
1248#ifdef SE050_DEBUG
1249 printf("se050_rsa_sign: sss_key_store_allocate status = %d\n", status);
1250#endif
1251 }
1252 if (status == kStatus_SSS_Success) {
1253 status = sss_key_object_init(&newKey, &host_keystore);
1254#ifdef SE050_DEBUG
1255 printf("se050_rsa_sign: sss_key_object_init status = %d\n", status);
1256#endif
1257 }
1258 if (status == kStatus_SSS_Success) {
1259 keyId = key->keyId;
1260 if (key->keyIdSet == 0) {
1261 /* key was not generated in SE050, export RsaKey to DER
1262 * and use that to store into SE050 keystore */
1263 derSz = wc_RsaKeyToDer(key, NULL, 0);
1264#ifdef SE050_DEBUG
1265 printf("se050_rsa_sign: wc_RsaKeyToDer size query = %d\n", derSz);
1266#endif
1267 if (derSz < 0) {
1268 status = kStatus_SSS_Fail;
1269 ret = derSz;
1270 }
1271 else {
1272 derBuf = (byte*)XMALLOC(derSz, key->heap,
1273 DYNAMIC_TYPE_TMP_BUFFER);
1274 if (derBuf == NULL) {
1275 WOLFSSL_MSG("malloc failed when converting RsaKey to DER");
1276 status = kStatus_SSS_Fail;
1277 ret = MEMORY_E;
1278 }
1279 }
1280 if (status == kStatus_SSS_Success) {
1281 derSz = wc_RsaKeyToDer(key, derBuf, derSz);
1282#ifdef SE050_DEBUG
1283 printf("se050_rsa_sign: wc_RsaKeyToDer export = %d\n", derSz);
1284#endif
1285 if (derSz < 0) {
1286 status = kStatus_SSS_Fail;
1287 ret = derSz;
1288 }
1289 }
1290 if (status == kStatus_SSS_Success) {
1291 keyId = se050_allocate_key(SE050_RSA_KEY);
1292 status = sss_key_object_allocate_handle(&newKey, keyId,
1293 kSSS_KeyPart_Pair, kSSS_CipherType_RSA, keySz,
1294 kKeyObject_Mode_Persistent);
1295#ifdef SE050_DEBUG
1296 printf("se050_rsa_sign: sss_key_object_allocate_handle "
1297 "status = %d, keyId = %d\n", status, keyId);
1298#endif
1299 }
1300 if (status == kStatus_SSS_Success) {
1301 /* Try to delete existing key first, ignore return since will
1302 * fail if no key exists yet */
1303 status = sss_key_store_erase_key(&host_keystore, &newKey);
1304#ifdef SE050_DEBUG
1305 printf("se050_rsa_sign: sss_key_store_erase_key "
1306 "status = %d\n", status);
1307#endif
1308 /* Reset status - erase failing is expected if key doesn't
1309 * exist yet */
1310 status = kStatus_SSS_Success;
1311
1312 keyCreated = 1;
1313 status = sss_key_store_set_key(&host_keystore, &newKey, derBuf,
1314 derSz, (keySz * 8), NULL, 0);
1315#ifdef SE050_DEBUG
1316 printf("se050_rsa_sign: sss_key_store_set_key "
1317 "status = %d, derSz = %d, keyBits = %d\n",
1318 status, derSz, (keySz * 8));
1319#endif
1320 }
1321
1322 XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1323 }
1324 else {
1325 status = sss_key_object_get_handle(&newKey, keyId);
1326#ifdef SE050_DEBUG
1327 printf("se050_rsa_sign: sss_key_object_get_handle "
1328 "status = %d, keyId = %d\n", status, keyId);
1329#endif
1330 }
1331 }
1332
1333 if (status == kStatus_SSS_Success) {
1334 status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi,
1335 &newKey, algorithm, kMode_SSS_Sign);
1336#ifdef SE050_DEBUG
1337 printf("se050_rsa_sign: sss_asymmetric_context_init "
1338 "status = %d, algorithm = %d\n", status, algorithm);
1339#endif
1340 if (status == kStatus_SSS_Success) {
1341 sigSz = outLen;
1342 status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t*)in,
1343 inLen, out, &sigSz);
1344#ifdef SE050_DEBUG
1345 printf("se050_rsa_sign: sss_asymmetric_sign_digest "
1346 "status = %d, inLen = %d, sigSz = %d\n",
1347 status, inLen, (int)sigSz);
1348#endif
1349 }
1350 sss_asymmetric_context_free(&ctx_asymm);
1351 }
1352
1353 if (status == kStatus_SSS_Success) {
1354 key->keyId = keyId;
1355 key->keyIdSet = 1;
1356 ret = sigSz;
1357 }
1358 else {
1359 if (keyCreated) {
1360 sss_key_store_erase_key(&host_keystore, &newKey);
1361 sss_key_object_free(&newKey);
1362 }
1363 if (ret == 0) {
1364 ret = WC_HW_E;
1365 }
1366 }
1367
1368 wolfSSL_CryptHwMutexUnLock();
1369
1370#ifdef SE050_DEBUG
1371 printf("se050_rsa_sign: ret %d, outLen %d\n", ret, outLen);
1372#endif
1373
1374 return ret;
1375}
1376
1377/**
1378 * RSA verify operation.
1379 *
1380 * in input signature to be verified
1381 * inLen length of sig, bytes
1382 * out output buffer containing decoded data
1383 * outLen length of output buffer, bytes
1384 * key pointer to initialized/populated RsaKey structure
1385 * rsa_type type of RSA: must be RSA_PUBLIC_DECRYPT
1386 * pad_value should be RSA_BLOCK_TYPE_1 for sign/verify
1387 * pad_type type of padding: WC_RSA_PKCSV15_PAD, WC_RSA_OAEP_PAD,
1388 * WC_RSA_NO_PAD, WC_RSA_PSS_PAD
1389 * hash type of hash algorithm, found in wolfssl/wolfcrypt/hash.h
1390 * mgf type of mask generation function to use
1391 * label optional label, not supported by SE050, must be NULL
1392 * labelSz size of label, not supported by SE050, must be 0
1393 *
1394 * Returns size of decoded data on success, negative on error.
1395 */
1396int se050_rsa_verify(const byte* in, word32 inLen, byte* out, word32 outLen,
1397 struct RsaKey* key, int rsa_type, byte pad_value,
1398 int pad_type, enum wc_HashType hash, int mgf, byte* label,
1399 word32 labelSz)
1400{
1401 int ret = 0;
1402 word32 keyId;
1403 int keySz;
1404 int keyCreated = 0;
1405 size_t decLen = 0;
1406 sss_status_t status;
1407 sss_object_t newKey;
1408 sss_key_store_t host_keystore;
1409 sss_asymmetric_t ctx_asymm = {0};
1410 sss_se05x_asymmetric_t* se050_ctx_asymm = NULL;
1411 sss_algorithm_t algorithm = kAlgorithm_None;
1412 smStatus_t smStatus = SM_NOT_OK;
1413 byte* pad = NULL;
1414 byte* derBuf = NULL;
1415 int derSz = 0;
1416
1417#ifdef SE050_DEBUG
1418 printf("se050_rsa_pkcs1v15_verify: key %p, in %p (%d), out %p (%d)\n",
1419 key, in, inLen, out, outLen);
1420#endif
1421
1422 if (in == NULL || out == NULL || key == NULL ||
1423 rsa_type != RSA_PUBLIC_DECRYPT || pad_value != RSA_BLOCK_TYPE_1) {
1424 return BAD_FUNC_ARG;
1425 }
1426
1427 if (cfg_se050_i2c_pi == NULL) {
1428 return WC_HW_E;
1429 }
1430
1431 if (wolfSSL_CryptHwMutexLock() != 0) {
1432 return BAD_MUTEX_E;
1433 }
1434
1435 algorithm = se050_get_rsa_signature_type(pad_type, hash, mgf);
1436 if (algorithm == kAlgorithm_None) {
1437 WOLFSSL_MSG("Unsupported padding/hash/mgf combination for SE050");
1438 wolfSSL_CryptHwMutexUnLock();
1439 return BAD_FUNC_ARG;
1440 }
1441
1442 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
1443 if (status == kStatus_SSS_Success) {
1444 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_RSA);
1445 }
1446 if (status == kStatus_SSS_Success) {
1447 status = sss_key_object_init(&newKey, &host_keystore);
1448 }
1449 if (status == kStatus_SSS_Success) {
1450 keySz = wc_RsaEncryptSize(key);
1451 if (keySz < 0) {
1452 WOLFSSL_MSG("Failed to get RSA key size from struct");
1453 status = kStatus_SSS_Fail;
1454 }
1455 }
1456 if (status == kStatus_SSS_Success) {
1457 keyId = key->keyId;
1458 if (key->keyIdSet == 0) {
1459 /* key was not generated in SE050, export RsaKey to DER
1460 * and use that to store into SE050 keystore */
1461 derSz = wc_RsaKeyToPublicDer(key, NULL, 0);
1462 if (derSz < 0) {
1463 status = kStatus_SSS_Fail;
1464 ret = derSz;
1465 }
1466 else {
1467 derBuf = (byte*)XMALLOC(derSz, key->heap,
1468 DYNAMIC_TYPE_TMP_BUFFER);
1469 if (derBuf == NULL) {
1470 WOLFSSL_MSG("malloc failed when converting RsaKey to DER");
1471 status = kStatus_SSS_Fail;
1472 ret = MEMORY_E;
1473 }
1474 }
1475 if (status == kStatus_SSS_Success) {
1476 derSz = wc_RsaKeyToPublicDer(key, derBuf, derSz);
1477 if (derSz < 0) {
1478 status = kStatus_SSS_Fail;
1479 ret = derSz;
1480 }
1481 }
1482 if (status == kStatus_SSS_Success) {
1483 keyId = se050_allocate_key(SE050_RSA_KEY);
1484 status = sss_key_object_allocate_handle(&newKey, keyId,
1485 kSSS_KeyPart_Public, kSSS_CipherType_RSA, keySz,
1486 kKeyObject_Mode_Transient);
1487 }
1488 if (status == kStatus_SSS_Success) {
1489 /* Try to delete existing key first, ignore return since will
1490 * fail if no key exists yet */
1491 sss_key_store_erase_key(&host_keystore, &newKey);
1492
1493 keyCreated = 1;
1494 status = sss_key_store_set_key(&host_keystore, &newKey, derBuf,
1495 derSz, (keySz * 8), NULL, 0);
1496 }
1497
1498 XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1499 }
1500 else {
1501 status = sss_key_object_get_handle(&newKey, keyId);
1502 }
1503 }
1504
1505 if (status == kStatus_SSS_Success) {
1506 status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi,
1507 &newKey, algorithm, kMode_SSS_Verify);
1508 if (status == kStatus_SSS_Success) {
1509 /* Use lower Se05x API instead of sss_asymmetric_verify_digest()
1510 * since we need to return decoded data not just verify result */
1511 decLen = outLen;
1512 se050_ctx_asymm = (sss_se05x_asymmetric_t*)&ctx_asymm;
1513 smStatus = Se05x_API_RSAEncrypt(&se050_ctx_asymm->session->s_ctx,
1514 se050_ctx_asymm->keyObject->keyId,
1515 kSE05x_RSAEncryptionAlgo_NO_PAD,
1516 in, inLen, out, &decLen);
1517 if (smStatus == SM_OK) {
1518 /* find end of padding, pad points to start of actual data */
1519 ret = wc_RsaUnPad_ex(out, decLen, &pad, pad_value,
1520 pad_type, hash, mgf,
1521 label, labelSz, RSA_PSS_SALT_LEN_DEFAULT, (keySz * 8),
1522 key->heap);
1523 if (ret >= 0) {
1524 XMEMCPY(out, pad, ret);
1525 }
1526 else {
1527 WOLFSSL_MSG("Error in wc_RsaUnPad_ex for RSA verify");
1528 status = kStatus_SSS_Fail;
1529 }
1530 }
1531 else {
1532 WOLFSSL_MSG("Se05x_API_RSAEncrypt failed");
1533 status = kStatus_SSS_Fail;
1534 }
1535 }
1536
1537 sss_asymmetric_context_free(&ctx_asymm);
1538 }
1539
1540 if (status == kStatus_SSS_Success) {
1541 if (keyCreated) {
1542 /* We uploaded only the public part of the key for this verify.
1543 * Don't persist keyIdSet=1 -- a later sign on the same RsaKey
1544 * would reuse this binding and fail because the SE050 object has
1545 * no private material. Erase the transient object so the next
1546 * SE050 op (sign or verify) re-uploads from whatever the host
1547 * RsaKey currently holds. */
1548 sss_key_store_erase_key(&host_keystore, &newKey);
1549 sss_key_object_free(&newKey);
1550 }
1551 else {
1552 /* Pre-existing keyIdSet=1 binding (e.g. wc_RsaUseKeyId or prior
1553 * sign that uploaded a keypair). Preserve it. */
1554 key->keyId = keyId;
1555 key->keyIdSet = 1;
1556 }
1557 }
1558 else {
1559 if (keyCreated) {
1560 sss_key_store_erase_key(&host_keystore, &newKey);
1561 sss_key_object_free(&newKey);
1562 }
1563 if (ret == 0) {
1564 ret = WC_HW_E;
1565 }
1566 }
1567
1568 wolfSSL_CryptHwMutexUnLock();
1569
1570#ifdef SE050_DEBUG
1571 printf("se050_rsa_verify: key %p, ret %d\n", key, ret);
1572#endif
1573
1574 return ret;
1575}
1576
1577/**
1578 * RSA public encrypt operation.
1579 *
1580 * in input data to be encrypted
1581 * inLen length of input data, bytes
1582 * out output buffer containing encrypted data
1583 * outLen length of output buffer, bytes
1584 * key pointer to initialized/populated RsaKey structure
1585 * rsa_type type of RSA: must be RSA_PUBLIC_ENCRYPT
1586 * pad_value should be RSA_BLOCK_TYPE_2 for encrypting
1587 * pad_type type of padding: WC_RSA_PKCSV15_PAD, WC_RSA_OAEP_PAD,
1588 * WC_RSA_NO_PAD, WC_RSA_PSS_PAD
1589 * hash type of hash algorithm, found in wolfssl/wolfcrypt/hash.h
1590 * mgf type of mask generation function to use
1591 * label optional label, not supported by SE050, must be NULL
1592 * labelSz size of label, not supported by SE050, must be 0
1593 * keySz size of RSA key, bytes
1594 *
1595 * Returns size of encrypted data on success, negative on error.
1596 */
1597int se050_rsa_public_encrypt(const byte* in, word32 inLen, byte* out,
1598 word32 outLen, struct RsaKey* key, int rsa_type,
1599 byte pad_value, int pad_type,
1600 enum wc_HashType hash, int mgf, byte* label,
1601 word32 labelSz, int keySz)
1602{
1603 int ret = 0;
1604 int keyCreated = 0;
1605 word32 keyId;
1606 size_t encSz;
1607 sss_object_t newKey;
1608 sss_status_t status;
1609 sss_key_store_t host_keystore;
1610 sss_algorithm_t algorithm = kAlgorithm_None;
1611 sss_asymmetric_t ctx_asymm;
1612 byte* derBuf = NULL;
1613 int derSz = 0;
1614
1615 /* SE050 does not support optional label */
1616 (void)label;
1617 (void)labelSz;
1618 (void)mgf;
1619
1620#ifdef SE050_DEBUG
1621 printf("se050_rsa_public_encrypt: key %p, in %p (%d), out %p (%d), "
1622 "key %p\n", key, in, inLen, out, outLen, key);
1623#endif
1624
1625 if (in == NULL || out == NULL || key == NULL ||
1626 rsa_type != RSA_PUBLIC_ENCRYPT || pad_value != RSA_BLOCK_TYPE_2) {
1627 return BAD_FUNC_ARG;
1628 }
1629
1630 if (cfg_se050_i2c_pi == NULL) {
1631 return WC_HW_E;
1632 }
1633
1634 if (wolfSSL_CryptHwMutexLock() != 0) {
1635 return BAD_MUTEX_E;
1636 }
1637
1638 algorithm = se050_get_rsa_encrypt_type(pad_type, hash);
1639 if (algorithm == kAlgorithm_None) {
1640 WOLFSSL_MSG("Unsupported padding/hash/mgf combination for SE050");
1641 wolfSSL_CryptHwMutexUnLock();
1642 return BAD_FUNC_ARG;
1643 }
1644
1645 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
1646 if (status == kStatus_SSS_Success) {
1647 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_RSA);
1648 }
1649 if (status == kStatus_SSS_Success) {
1650 status = sss_key_object_init(&newKey, &host_keystore);
1651 }
1652 if (status == kStatus_SSS_Success) {
1653 keyId = key->keyId;
1654 if (key->keyIdSet == 0) {
1655 /* key was not generated in SE050, export RsaKey to DER
1656 * and use that to store into SE050 keystore */
1657 derSz = wc_RsaKeyToPublicDer(key, NULL, 0);
1658 if (derSz < 0) {
1659 status = kStatus_SSS_Fail;
1660 ret = derSz;
1661 }
1662 else {
1663 derBuf = (byte*)XMALLOC(derSz, key->heap,
1664 DYNAMIC_TYPE_TMP_BUFFER);
1665 if (derBuf == NULL) {
1666 WOLFSSL_MSG("malloc failed when converting RsaKey to DER");
1667 status = kStatus_SSS_Fail;
1668 ret = MEMORY_E;
1669 }
1670 }
1671 if (status == kStatus_SSS_Success) {
1672 derSz = wc_RsaKeyToPublicDer(key, derBuf, derSz);
1673 if (derSz < 0) {
1674 status = kStatus_SSS_Fail;
1675 ret = derSz;
1676 }
1677 }
1678 if (status == kStatus_SSS_Success) {
1679 keyId = se050_allocate_key(SE050_RSA_KEY);
1680 status = sss_key_object_allocate_handle(&newKey, keyId,
1681 kSSS_KeyPart_Public, kSSS_CipherType_RSA, keySz,
1682 kKeyObject_Mode_Persistent);
1683 }
1684 if (status == kStatus_SSS_Success) {
1685 /* Try to delete existing key first, ignore return since will
1686 * fail if no key exists yet */
1687 sss_key_store_erase_key(&host_keystore, &newKey);
1688
1689 keyCreated = 1;
1690 status = sss_key_store_set_key(&host_keystore, &newKey, derBuf,
1691 derSz, (keySz * 8), NULL, 0);
1692 }
1693 }
1694 else {
1695 status = sss_key_object_get_handle(&newKey, keyId);
1696 }
1697
1698 XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1699 }
1700
1701 if (status == kStatus_SSS_Success) {
1702 status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi,
1703 &newKey, algorithm, kMode_SSS_Encrypt);
1704 if (status == kStatus_SSS_Success) {
1705 encSz = outLen;
1706 status = sss_asymmetric_encrypt(&ctx_asymm, (uint8_t*)in, inLen,
1707 out, &encSz);
1708 }
1709 sss_asymmetric_context_free(&ctx_asymm);
1710 }
1711
1712 if (status == kStatus_SSS_Success) {
1713 if (keyCreated) {
1714 /* Public-key encrypt imported a temporary public object only.
1715 * Do not bind that SE050 object to the caller's RsaKey or later
1716 * private-key operations will try to reuse a public handle. */
1717 sss_key_store_erase_key(&host_keystore, &newKey);
1718 sss_key_object_free(&newKey);
1719 }
1720 else {
1721 key->keyId = keyId;
1722 key->keyIdSet = 1;
1723 }
1724 ret = encSz;
1725 }
1726 else {
1727 if (keyCreated) {
1728 sss_key_store_erase_key(&host_keystore, &newKey);
1729 sss_key_object_free(&newKey);
1730 }
1731 if (ret == 0) {
1732 ret = WC_HW_E;
1733 }
1734 }
1735
1736 wolfSSL_CryptHwMutexUnLock();
1737
1738#ifdef SE050_DEBUG
1739 printf("se050_rsa_public_encrypt: ret %d, outLen %d\n", ret, outLen);
1740#endif
1741
1742 return ret;
1743}
1744
1745/**
1746 * RSA public decrypt operation.
1747 *
1748 * in input data to be decrypted
1749 * inLen length of input data, bytes
1750 * out output buffer containing decrypted data
1751 * outLen length of output buffer, bytes
1752 * key pointer to initialized/populated RsaKey structure
1753 * rsa_type type of RSA: must be RSA_PRIVATE_DECRYPT
1754 * pad_value should be RSA_BLOCK_TYPE_2 for encrypting
1755 * pad_type type of padding: WC_RSA_PKCSV15_PAD, WC_RSA_OAEP_PAD,
1756 * WC_RSA_NO_PAD, WC_RSA_PSS_PAD
1757 * hash type of hash algorithm, found in wolfssl/wolfcrypt/hash.h
1758 * mgf type of mask generation function to use
1759 * label optional label, not supported by SE050, must be NULL
1760 * labelSz size of label, not supported by SE050, must be 0
1761 *
1762 * Returns size of decrypted data on success, negative on error.
1763 */
1764int se050_rsa_private_decrypt(const byte* in, word32 inLen, byte* out,
1765 word32 outLen, struct RsaKey* key, int rsa_type,
1766 byte pad_value, int pad_type,
1767 enum wc_HashType hash, int mgf, byte* label,
1768 word32 labelSz)
1769{
1770 int ret = 0;
1771 int keyCreated = 0;
1772 word32 keyId;
1773 int keySz;
1774 size_t decSz;
1775 sss_object_t newKey;
1776 sss_status_t status;
1777 sss_key_store_t host_keystore;
1778 sss_algorithm_t algorithm = kAlgorithm_None;
1779 sss_asymmetric_t ctx_asymm;
1780 byte* derBuf = NULL;
1781 int derSz = 0;
1782
1783 /* SE050 does not support optional label */
1784 (void)label;
1785 (void)labelSz;
1786 (void)mgf;
1787
1788#ifdef SE050_DEBUG
1789 printf("se050_rsa_public_decrypt: key %p, in %p (%d), out %p (%d), "
1790 "key %p\n", key, in, inLen, out, outLen, key);
1791#endif
1792
1793 if (in == NULL || out == NULL || key == NULL ||
1794 rsa_type != RSA_PRIVATE_DECRYPT || pad_value != RSA_BLOCK_TYPE_2) {
1795 return BAD_FUNC_ARG;
1796 }
1797
1798 if (cfg_se050_i2c_pi == NULL) {
1799 return WC_HW_E;
1800 }
1801
1802 if (wolfSSL_CryptHwMutexLock() != 0) {
1803 return BAD_MUTEX_E;
1804 }
1805
1806 algorithm = se050_get_rsa_encrypt_type(pad_type, hash);
1807 if (algorithm == kAlgorithm_None) {
1808 WOLFSSL_MSG("Unsupported padding/hash/mgf combination for SE050");
1809 wolfSSL_CryptHwMutexUnLock();
1810 return BAD_FUNC_ARG;
1811 }
1812
1813 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
1814 if (status == kStatus_SSS_Success) {
1815 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_RSA);
1816 }
1817 if (status == kStatus_SSS_Success) {
1818 status = sss_key_object_init(&newKey, &host_keystore);
1819 }
1820 if (status == kStatus_SSS_Success) {
1821 keySz = wc_RsaEncryptSize(key);
1822 if (keySz < 0) {
1823 WOLFSSL_MSG("Failed to get RSA key size from struct");
1824 status = kStatus_SSS_Fail;
1825 }
1826 }
1827 if (status == kStatus_SSS_Success) {
1828 keyId = key->keyId;
1829 if (key->keyIdSet == 0) {
1830 /* key was not generated in SE050, export RsaKey to DER
1831 * and use that to store into SE050 keystore */
1832 derSz = wc_RsaKeyToDer(key, NULL, 0);
1833 if (derSz < 0) {
1834 status = kStatus_SSS_Fail;
1835 ret = derSz;
1836 }
1837 else {
1838 derBuf = (byte*)XMALLOC(derSz, key->heap,
1839 DYNAMIC_TYPE_TMP_BUFFER);
1840 if (derBuf == NULL) {
1841 WOLFSSL_MSG("malloc failed when converting RsaKey to DER");
1842 status = kStatus_SSS_Fail;
1843 ret = MEMORY_E;
1844 }
1845 }
1846 if (status == kStatus_SSS_Success) {
1847 derSz = wc_RsaKeyToDer(key, derBuf, derSz);
1848 if (derSz < 0) {
1849 status = kStatus_SSS_Fail;
1850 ret = derSz;
1851 }
1852 }
1853 if (status == kStatus_SSS_Success) {
1854 keyId = se050_allocate_key(SE050_RSA_KEY);
1855 status = sss_key_object_allocate_handle(&newKey, keyId,
1856 kSSS_KeyPart_Pair, kSSS_CipherType_RSA, keySz,
1857 kKeyObject_Mode_Persistent);
1858 }
1859 if (status == kStatus_SSS_Success) {
1860 /* Try to delete existing key first, ignore return since will
1861 * fail if no key exists yet */
1862 sss_key_store_erase_key(&host_keystore, &newKey);
1863
1864 keyCreated = 1;
1865 status = sss_key_store_set_key(&host_keystore, &newKey, derBuf,
1866 derSz, (keySz * 8), NULL, 0);
1867 }
1868 }
1869 else {
1870 status = sss_key_object_get_handle(&newKey, keyId);
1871 }
1872
1873 XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1874 }
1875
1876 if (status == kStatus_SSS_Success) {
1877 status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi,
1878 &newKey, algorithm, kMode_SSS_Decrypt);
1879 if (status == kStatus_SSS_Success) {
1880 decSz = outLen;
1881 status = sss_asymmetric_decrypt(&ctx_asymm, (uint8_t*)in, inLen,
1882 out, &decSz);
1883 }
1884 sss_asymmetric_context_free(&ctx_asymm);
1885 }
1886
1887 if (status == kStatus_SSS_Success) {
1888 key->keyId = keyId;
1889 key->keyIdSet = 1;
1890 ret = decSz;
1891 }
1892 else {
1893 if (keyCreated) {
1894 sss_key_store_erase_key(&host_keystore, &newKey);
1895 sss_key_object_free(&newKey);
1896 }
1897 if (ret == 0) {
1898 ret = WC_HW_E;
1899 }
1900 }
1901
1902 wolfSSL_CryptHwMutexUnLock();
1903
1904#ifdef SE050_DEBUG
1905 printf("se050_rsa_public_decrypt: ret %d, outLen %d\n", ret, outLen);
1906#endif
1907
1908 return ret;
1909}
1910
1911#endif /* NO_RSA */
1912
1913#ifdef HAVE_ECC
1914
1915static int se050_map_curve(int curve_id, int keySize,
1916 int* keySizeBits, sss_cipher_type_t* pcurve_type)
1917{
1918 int ret = 0;
1919 sss_cipher_type_t curve_type = kSSS_CipherType_NONE;
1920
1921 *keySizeBits = keySize * 8; /* set default */
1922 switch (curve_id) {
1923 case ECC_SECP160K1:
1924 case ECC_SECP192K1:
1925 case ECC_SECP224K1:
1926 case ECC_SECP256K1:
1927 #ifdef HAVE_ECC_KOBLITZ
1928 curve_type = kSSS_CipherType_EC_NIST_K;
1929 #else
1930 ret = ECC_CURVE_OID_E;
1931 #endif
1932 break;
1933 case ECC_BRAINPOOLP160R1:
1934 case ECC_BRAINPOOLP192R1:
1935 case ECC_BRAINPOOLP224R1:
1936 case ECC_BRAINPOOLP256R1:
1937 case ECC_BRAINPOOLP320R1:
1938 case ECC_BRAINPOOLP384R1:
1939 case ECC_BRAINPOOLP512R1:
1940 #ifdef HAVE_ECC_BRAINPOOL
1941 curve_type = kSSS_CipherType_EC_BRAINPOOL;
1942 #else
1943 ret = ECC_CURVE_OID_E;
1944 #endif
1945 break;
1946 case ECC_CURVE_DEF:
1947 case ECC_SECP160R1:
1948 case ECC_SECP192R1:
1949 case ECC_SECP224R1:
1950 case ECC_SECP256R1:
1951 case ECC_SECP384R1:
1952 curve_type = kSSS_CipherType_EC_NIST_P;
1953 break;
1954 case ECC_SECP521R1:
1955 curve_type = kSSS_CipherType_EC_NIST_P;
1956 *keySizeBits = 521;
1957 break;
1958 case ECC_PRIME239V1:
1959 case ECC_PRIME192V2:
1960 case ECC_PRIME192V3:
1961 default:
1962 ret = ECC_CURVE_OID_E;
1963 break;
1964 }
1965 if (pcurve_type)
1966 *pcurve_type = curve_type;
1967 return ret;
1968}
1969
1970static sss_algorithm_t se050_map_hash_alg(int hashLen)
1971{
1972 sss_algorithm_t algorithm = kAlgorithm_None;
1973 if (hashLen == 20) {
1974 algorithm = kAlgorithm_SSS_SHA1;
1975 } else if (hashLen == 28) {
1976 algorithm = kAlgorithm_SSS_SHA224;
1977 } else if (hashLen == 32) {
1978 algorithm = kAlgorithm_SSS_SHA256;
1979 } else if (hashLen == 48) {
1980 algorithm = kAlgorithm_SSS_SHA384;
1981 } else if (hashLen == 64 || hashLen == 66) {
1982 /* ECC P-521 can pass key size 66, use SHA-512 */
1983 algorithm = kAlgorithm_SSS_SHA512;
1984 }
1985 return algorithm;
1986}
1987
1988static int se050_ecc_insert_key(word32 keyId, const byte* eccDer,
1989 word32 eccDerSize, int keyType)
1990{
1991 int ret = 0;
1992 struct ecc_key key;
1993 sss_object_t newKey;
1994 sss_key_store_t host_keystore;
1995 sss_status_t status = kStatus_SSS_Success;
1996 int keySizeBits = 0;
1997 int keySize = 0;
1998 word32 idx = 0;
1999 sss_cipher_type_t curveType = kSSS_CipherType_NONE;
2000 sss_key_part_t keyPart = kSSS_KeyPart_Pair;
2001
2002 if (wolfSSL_CryptHwMutexLock() != 0) {
2003 return BAD_MUTEX_E;
2004 }
2005
2006 /* Avoid key ID conflicts with temporary key storage */
2007 if (keyId >= SE050_KEYID_START) {
2008 wolfSSL_CryptHwMutexUnLock();
2009 return BAD_FUNC_ARG;
2010 }
2011
2012 ret = wc_ecc_init(&key);
2013 if (ret != 0) {
2014 status = kStatus_SSS_Fail;
2015 } else {
2016 if (keyType == ECC_PUBLICKEY) {
2017 keyPart = kSSS_KeyPart_Public;
2018 ret = wc_EccPublicKeyDecode(eccDer, &idx, &key, eccDerSize);
2019 }
2020 else if (keyType == ECC_PRIVATEKEY) {
2021 keyPart = kSSS_KeyPart_Pair;
2022 ret = wc_EccPrivateKeyDecode(eccDer, &idx, &key, eccDerSize);
2023 }
2024 else {
2025 ret = BAD_FUNC_ARG;
2026 }
2027
2028 if (ret != 0) {
2029 status = kStatus_SSS_Fail;
2030 }
2031 }
2032
2033 if (status == kStatus_SSS_Success) {
2034 keySize = key.dp->size;
2035 ret = se050_map_curve(key.dp->id, keySize, &keySizeBits, &curveType);
2036 if (ret != 0) {
2037 status = kStatus_SSS_Fail;
2038 }
2039 }
2040 if (status == kStatus_SSS_Success) {
2041 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
2042 }
2043 if (status == kStatus_SSS_Success) {
2044 status = sss_key_object_init(&newKey, &host_keystore);
2045 }
2046 if (status == kStatus_SSS_Success) {
2047 status = sss_key_object_allocate_handle(&newKey, keyId,
2048 keyPart, curveType, MAX_ECC_BYTES,
2049 kKeyObject_Mode_Persistent);
2050 }
2051 if (status == kStatus_SSS_Success) {
2052 status = sss_key_store_set_key(&host_keystore, &newKey, eccDer,
2053 eccDerSize, keySizeBits,
2054 NULL, 0);
2055 }
2056 wolfSSL_CryptHwMutexUnLock();
2057
2058 wc_ecc_free(&key);
2059 if (status != kStatus_SSS_Success) {
2060 if (ret == 0)
2061 ret = WC_HW_E;
2062 }
2063
2064 return ret;
2065}
2066
2067/**
2068 * Insert ECC public key into SE050 at specified key ID.
2069 *
2070 * keyId SE050 key ID to place public key into
2071 * eccDer DER encoded ECC public key
2072 * eccDerSize Size of eccDer, bytes
2073 *
2074 * Return 0 on success, negative on error.
2075 */
2076int wc_se050_ecc_insert_public_key(word32 keyId, const byte* eccDer,
2077 word32 eccDerSize)
2078{
2079 return se050_ecc_insert_key(keyId, eccDer, eccDerSize, ECC_PUBLICKEY);
2080}
2081
2082/**
2083 * Insert ECC private key into SE050 at specified key ID.
2084 *
2085 * keyId SE050 key ID to place private key into
2086 * eccDer DER encoded ECC private key
2087 * eccDerSize Size of eccDer, bytes
2088 *
2089 * Return 0 on success, negative on error.
2090 */
2091int wc_se050_ecc_insert_private_key(word32 keyId, const byte* eccDer,
2092 word32 eccDerSize)
2093{
2094 return se050_ecc_insert_key(keyId, eccDer, eccDerSize, ECC_PRIVATEKEY);
2095}
2096
2097int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, MATH_INT_T* r, MATH_INT_T* s,
2098 byte* out, word32 *outLen, struct ecc_key* key)
2099{
2100 int ret = 0;
2101 sss_status_t status;
2102 sss_asymmetric_t ctx_asymm;
2103 sss_key_store_t host_keystore;
2104 sss_object_t newKey;
2105 sss_algorithm_t algorithm;
2106 int keySize;
2107 int keySizeBits;
2108 int keyCreated = 0;
2109 word32 keyId;
2110 sss_cipher_type_t curveType;
2111
2112 byte sigBuf[ECC_MAX_SIG_SIZE];
2113 size_t sigSz = sizeof(sigBuf);
2114 word32 rLen = 0;
2115 word32 sLen = 0;
2116#ifndef WC_ALLOW_ECC_ZERO_HASH
2117 byte hashIsZero = 0;
2118 word32 zIdx;
2119#endif
2120
2121#ifdef SE050_DEBUG
2122 printf("se050_ecc_sign_hash_ex: key %p, in %p (%d), out %p (%d), "
2123 "keyId %d\n", key, in, inLen, out, *outLen, key->keyId);
2124#endif
2125
2126 if (in == NULL || r == NULL || s == NULL || out == NULL ||
2127 outLen == NULL || key == NULL) {
2128 return BAD_FUNC_ARG;
2129 }
2130
2131#ifndef WC_ALLOW_ECC_ZERO_HASH
2132 /* SE050 hardware does not reject all-zero digests; mirror the
2133 * software path's check so behavior is consistent. */
2134 for (zIdx = 0; zIdx < inLen; zIdx++)
2135 hashIsZero |= in[zIdx];
2136 if (hashIsZero == 0)
2137 return ECC_BAD_ARG_E;
2138#endif
2139
2140 if (cfg_se050_i2c_pi == NULL) {
2141 return WC_HW_E;
2142 }
2143
2144 keySize = key->dp->size;
2145 ret = se050_map_curve(key->dp->id, keySize, &keySizeBits, &curveType);
2146 if (ret != 0) {
2147 return ret;
2148 }
2149
2150 /* truncate if digest is larger than key size */
2151 if (inLen > (word32)keySize) {
2152 inLen = (word32)keySize;
2153 }
2154
2155 /* For P-521, if inLen is 66, truncate down to 64 for SHA-512 */
2156 if ((keySize == 66) && (inLen == 66)) {
2157 inLen = 64;
2158 }
2159
2160 algorithm = se050_map_hash_alg(inLen);
2161 if (algorithm == kAlgorithm_None) {
2162 WOLFSSL_MSG("SE050 ECDSA sign only supports SHA-1/224/256/384/512 digest sizes");
2163 return BAD_LENGTH_E;
2164 }
2165
2166 if (wolfSSL_CryptHwMutexLock() != 0) {
2167 return BAD_MUTEX_E;
2168 }
2169
2170 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
2171 if (status == kStatus_SSS_Success) {
2172 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_ECC);
2173 }
2174 if (status == kStatus_SSS_Success) {
2175 status = sss_key_object_init(&newKey, &host_keystore);
2176 }
2177 /* this is run when a key was not generated and was instead passed in */
2178 if (status == kStatus_SSS_Success) {
2179 keyId = key->keyId;
2180 if (key->keyIdSet == 0) {
2181 byte derBuf[SE050_ECC_DER_MAX];
2182 word32 derSz;
2183
2184 ret = wc_EccKeyToDer(key, derBuf, (word32)sizeof(derBuf));
2185 if (ret >= 0) {
2186 derSz = ret;
2187 ret = 0;
2188 }
2189 else {
2190 status = kStatus_SSS_Fail;
2191 }
2192 if (status == kStatus_SSS_Success) {
2193 keyId = se050_allocate_key(SE050_ECC_KEY);
2194 status = sss_key_object_allocate_handle(&newKey, keyId,
2195 kSSS_KeyPart_Pair, curveType, keySize,
2196 kKeyObject_Mode_Persistent);
2197 }
2198 if (status == kStatus_SSS_Success) {
2199 /* Try to delete existing key first, ignore return since will
2200 * fail if no key exists yet */
2201 sss_key_store_erase_key(&host_keystore, &newKey);
2202
2203 keyCreated = 1;
2204 status = sss_key_store_set_key(&host_keystore, &newKey, derBuf,
2205 derSz, keySizeBits, NULL, 0);
2206 }
2207 }
2208 else {
2209 status = sss_key_object_get_handle(&newKey, keyId);
2210 }
2211 }
2212
2213 if (status == kStatus_SSS_Success) {
2214
2215 status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi,
2216 &newKey, algorithm, kMode_SSS_Sign);
2217 if (status == kStatus_SSS_Success) {
2218
2219 status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t*)in, inLen,
2220 sigBuf, &sigSz);
2221 if (status == kStatus_SSS_Success) {
2222
2223 /* SE050 returns ASN.1 encoded signature */
2224 rLen = keySize;
2225 sLen = keySize;
2226
2227 ret = DecodeECC_DSA_Sig_Bin(sigBuf, (word32)sigSz,
2228 out, &rLen,
2229 out+keySize, &sLen);
2230
2231 if (ret != 0) {
2232 status = kStatus_SSS_Fail;
2233 } else {
2234 /* In case rLen is smaller than keySize, move S up */
2235 XMEMCPY(out + rLen, out + keySize, sLen);
2236 }
2237 }
2238 }
2239 sss_asymmetric_context_free(&ctx_asymm);
2240 }
2241
2242 if (status == kStatus_SSS_Success) {
2243 /* Load R and S into mp_int */
2244 ret = mp_read_unsigned_bin(r, out, rLen);
2245 if (ret == MP_OKAY) {
2246 ret = mp_read_unsigned_bin(s, out + rLen, sLen);
2247 }
2248 if (ret != MP_OKAY) {
2249 status = kStatus_SSS_Fail;
2250 }
2251 ret = 0;
2252 }
2253
2254 if (status == kStatus_SSS_Success) {
2255 key->keyId = keyId;
2256 key->keyIdSet = 1;
2257 ret = 0;
2258 }
2259 else {
2260 if (keyCreated) {
2261 sss_key_store_erase_key(&host_keystore, &newKey);
2262 sss_key_object_free(&newKey);
2263 }
2264 if (ret == 0)
2265 ret = WC_HW_E;
2266 }
2267
2268 wolfSSL_CryptHwMutexUnLock();
2269
2270#ifdef SE050_DEBUG
2271 printf("se050_ecc_sign_hash_ex: ret %d, outLen %d\n", ret, *outLen);
2272#endif
2273
2274 (void)outLen; /* caller sets outLen */
2275
2276 return ret;
2277}
2278
2279int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, MATH_INT_T* r,
2280 MATH_INT_T* s, struct ecc_key* key, int* res)
2281{
2282 int ret = 0;
2283 sss_status_t status;
2284 sss_asymmetric_t ctx_asymm;
2285 sss_object_t newKey;
2286 sss_key_store_t host_keystore;
2287 sss_algorithm_t algorithm;
2288 int keyId;
2289 int keySize;
2290 int keySizeBits;
2291 sss_cipher_type_t curveType;
2292 int keyCreated = 0;
2293
2294 byte rBuf[ECC_MAX_CRYPTO_HW_SIZE];
2295 byte sBuf[ECC_MAX_CRYPTO_HW_SIZE];
2296 byte sigBuf[ECC_MAX_SIG_SIZE];
2297 word32 rBufSz = (word32)sizeof(rBuf);
2298 word32 sBufSz = (word32)sizeof(sBuf);
2299 word32 sigSz = (word32)sizeof(sigBuf);
2300
2301#ifdef SE050_DEBUG
2302 printf("se050_ecc_verify_hash_ex: key %p, hash %p (%d)\n",
2303 key, hash, hashLen);
2304#endif
2305
2306 *res = 0;
2307
2308 if (cfg_se050_i2c_pi == NULL) {
2309 return WC_HW_E;
2310 }
2311
2312 keySize = key->dp->size;
2313 ret = se050_map_curve(key->dp->id, keySize, &keySizeBits, &curveType);
2314 if (ret != 0) {
2315 return ret;
2316 }
2317
2318 /* truncate hash if larger than key size */
2319 if (hashLen > (word32)keySize) {
2320 hashLen = (word32)keySize;
2321 }
2322
2323 /* For P-521, if inLen is 66, truncate down to 64 for SHA-512 */
2324 if ((keySize == 66) && (hashLen == 66)) {
2325 hashLen = 64;
2326 }
2327
2328 algorithm = se050_map_hash_alg(hashLen);
2329 if (algorithm == kAlgorithm_None) {
2330 WOLFSSL_MSG("SE050 ECDSA verify only supports SHA-1/224/256/384/512 digest sizes");
2331 return BAD_LENGTH_E;
2332 }
2333
2334 if (wolfSSL_CryptHwMutexLock() != 0) {
2335 return BAD_MUTEX_E;
2336 }
2337
2338 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
2339 if (status == kStatus_SSS_Success) {
2340 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_ECC);
2341 }
2342 if (status == kStatus_SSS_Success) {
2343 status = sss_key_object_init(&newKey, &host_keystore);
2344 }
2345
2346 /* this is run when a key was not generated and was instead passed in */
2347 if (status == kStatus_SSS_Success) {
2348 keyId = key->keyId;
2349 if (key->keyIdSet == 0) {
2350 byte derBuf[SE050_ECC_DER_MAX];
2351 word32 derSz;
2352
2353 ret = wc_EccPublicKeyToDer(key, derBuf, (word32)sizeof(derBuf), 1);
2354 if (ret >= 0) {
2355 derSz = ret;
2356 ret = 0;
2357 }
2358 else {
2359 status = kStatus_SSS_Fail;
2360 }
2361 if (status == kStatus_SSS_Success) {
2362 keyId = se050_allocate_key(SE050_ECC_KEY);
2363 status = sss_key_object_allocate_handle(&newKey, keyId,
2364 kSSS_KeyPart_Public, curveType, keySize,
2365 kKeyObject_Mode_Persistent);
2366 }
2367 if (status == kStatus_SSS_Success) {
2368 /* Try to delete existing key first, ignore return since will
2369 * fail if no key exists yet */
2370 sss_key_store_erase_key(&host_keystore, &newKey);
2371
2372 keyCreated = 1;
2373 status = sss_key_store_set_key(&host_keystore, &newKey, derBuf,
2374 derSz, keySizeBits, NULL, 0);
2375 }
2376 }
2377 else {
2378 status = sss_key_object_get_handle(&newKey, keyId);
2379 }
2380 }
2381
2382 if (status == kStatus_SSS_Success) {
2383 status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi,
2384 &newKey, algorithm, kMode_SSS_Verify);
2385
2386 if (status == kStatus_SSS_Success) {
2387 /* SE050 expects ASN.1 encoded signature */
2388 XMEMSET(rBuf, 0, sizeof(rBuf));
2389 XMEMSET(sBuf, 0, sizeof(sBuf));
2390
2391 rBufSz = mp_unsigned_bin_size(r);
2392 sBufSz = mp_unsigned_bin_size(s);
2393
2394 if (rBufSz > sizeof(rBuf) || sBufSz > sizeof(sBuf)) {
2395 WOLFSSL_MSG("Internal R/S buffers too small for signature");
2396 ret = BUFFER_E;
2397 }
2398
2399 if (ret == 0) {
2400 ret = mp_to_unsigned_bin(r, rBuf);
2401 if (ret == MP_OKAY) {
2402 ret = mp_to_unsigned_bin(s, sBuf);
2403 }
2404 }
2405
2406 if (ret == 0) {
2407 ret = StoreECC_DSA_Sig_Bin(sigBuf, &sigSz, rBuf, rBufSz,
2408 sBuf, sBufSz);
2409 }
2410
2411 if (ret == 0) {
2412 status = sss_asymmetric_verify_digest(&ctx_asymm,
2413 (uint8_t*)hash, hashLen, sigBuf, sigSz);
2414 }
2415 else {
2416 status = kStatus_SSS_Fail;
2417 }
2418 }
2419 sss_asymmetric_context_free(&ctx_asymm);
2420 }
2421
2422 if (status == kStatus_SSS_Success) {
2423 key->keyId = keyId;
2424 key->keyIdSet = 1;
2425 *res = 1;
2426 ret = 0;
2427 }
2428 else {
2429 if (keyCreated) {
2430 sss_key_store_erase_key(&host_keystore, &newKey);
2431 sss_key_object_free(&newKey);
2432 }
2433 if (ret == 0)
2434 ret = WC_HW_E;
2435 }
2436
2437 wolfSSL_CryptHwMutexUnLock();
2438
2439#ifdef SE050_DEBUG
2440 printf("se050_ecc_verify_hash_ex: key %p, ret %d, res %d\n",
2441 key, ret, *res);
2442#endif
2443
2444 return ret;
2445}
2446
2447
2448void se050_ecc_free_key(struct ecc_key* key)
2449{
2450 sss_status_t status = kStatus_SSS_Success;
2451 sss_object_t keyObject;
2452 sss_key_store_t host_keystore;
2453
2454#ifdef SE050_DEBUG
2455 printf("se050_ecc_free_key: key %p, keyId %d\n", key, key->keyId);
2456#endif
2457
2458 if (cfg_se050_i2c_pi == NULL) {
2459 return;
2460 }
2461 if (key->keyIdSet == 0) {
2462 return;
2463 }
2464
2465 if (wolfSSL_CryptHwMutexLock() != 0) {
2466 return;
2467 }
2468
2469 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
2470 if (status == kStatus_SSS_Success) {
2471 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_ECC);
2472 }
2473 if (status == kStatus_SSS_Success) {
2474 status = sss_key_object_init(&keyObject, &host_keystore);
2475 }
2476 if (status == kStatus_SSS_Success) {
2477 status = sss_key_object_get_handle(&keyObject, key->keyId);
2478 }
2479
2480 if (status == kStatus_SSS_Success) {
2481 /* Erase key from SE050 persistent storage if it was allocated
2482 * by wolfSSL (not a pre-provisioned key). Without this, persistent
2483 * key objects leak on the SE050 and can exhaust secure storage. */
2484 if (key->keyId >= SE050_KEYID_START) {
2485 sss_key_store_erase_key(&host_keystore, &keyObject);
2486 }
2487 sss_key_object_free(&keyObject);
2488 key->keyId = 0;
2489 key->keyIdSet = 0;
2490 }
2491 wolfSSL_CryptHwMutexUnLock();
2492}
2493
2494/**
2495 * Use specified SE050 key ID with this ecc_key struct.
2496 * Should be called by wc_ecc_use_key_id() for using pre-populated
2497 * SE050 keys.
2498 *
2499 * key Pointer to initialized ecc_key structure
2500 * keyId SE050 key ID containing ECC key object
2501 *
2502 * Return 0 on success, negative on error.
2503 */
2504int se050_ecc_use_key_id(struct ecc_key* key, word32 keyId)
2505{
2506 int ret = 0;
2507 sss_object_t keyObject;
2508 sss_key_store_t host_keystore;
2509 sss_status_t status = kStatus_SSS_Success;
2510 uint8_t derBuf[SE050_ECC_DER_MAX];
2511 size_t derSz = sizeof(derBuf);
2512 size_t derSzBits = 0;
2513 word32 idx = 0;
2514
2515#ifdef SE050_DEBUG
2516 printf("se050_ecc_use_key_id: key %p, keyId %d\n", key, keyId);
2517#endif
2518 if (key == NULL) {
2519 return BAD_FUNC_ARG;
2520 }
2521
2522 if (cfg_se050_i2c_pi == NULL) {
2523 return WC_HW_E;
2524 }
2525
2526 if (wolfSSL_CryptHwMutexLock() != 0) {
2527 return BAD_MUTEX_E;
2528 }
2529
2530 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
2531 if (status == kStatus_SSS_Success) {
2532 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_ECC);
2533 }
2534 if (status == kStatus_SSS_Success) {
2535 status = sss_key_object_init(&keyObject, &host_keystore);
2536 }
2537 if (status == kStatus_SSS_Success) {
2538 status = sss_key_object_get_handle(&keyObject, keyId);
2539 }
2540 if (status == kStatus_SSS_Success) {
2541 derSzBits = derSz * 8;
2542 status = sss_key_store_get_key(&host_keystore, &keyObject,
2543 derBuf, &derSz, &derSzBits);
2544 (void)derSzBits; /* not used */
2545 }
2546 if (status == kStatus_SSS_Success) {
2547 ret = wc_EccPublicKeyDecode(derBuf, &idx, key, (word32)derSz);
2548 if (ret != 0) {
2549 status = kStatus_SSS_Fail;
2550 }
2551 }
2552 if (status == kStatus_SSS_Success) {
2553 key->keyId = keyId;
2554 key->keyIdSet = 1;
2555 ret = 0;
2556 }
2557 else if (ret == 0) {
2558 ret = WC_HW_E;
2559 }
2560
2561 sss_key_object_free(&keyObject);
2562
2563 wolfSSL_CryptHwMutexUnLock();
2564
2565#ifdef SE050_DEBUG
2566 printf("se050_ecc_use_key_id: ret %d\n", ret);
2567#endif
2568
2569 return ret;
2570}
2571
2572/**
2573 * Get SE050 key ID associated with this ecc_key struct.
2574 * Should be called by wc_ecc_get_key_id() for the application to get
2575 * what key ID wolfCrypt picked for this ecc_key struct when generating
2576 * a key inside the SE050.
2577 *
2578 * key Pointer to initialized ecc_key structure
2579 * keyId [OUT] SE050 key ID associated with this key structure
2580 *
2581 * Return 0 on success, negative on error.
2582 */
2583int se050_ecc_get_key_id(struct ecc_key* key, word32* keyId)
2584{
2585 int ret = 0;
2586
2587 if (key == NULL || keyId == NULL) {
2588 return BAD_FUNC_ARG;
2589 }
2590
2591 if (key->keyIdSet == 1) {
2592 *keyId = key->keyId;
2593
2594 } else {
2595 WOLFSSL_MSG("SE050 key ID not set for ecc_key struct");
2596 ret = WC_HW_E;
2597 }
2598
2599 return ret;
2600}
2601
2602int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize)
2603{
2604 int ret = 0;
2605 sss_status_t status = kStatus_SSS_Success;
2606 sss_object_t keyPair;
2607 sss_key_store_t host_keystore;
2608 uint8_t derBuf[SE050_ECC_DER_MAX];
2609 size_t derSz = sizeof(derBuf);
2610 word32 keyId = 0;
2611 int keySizeBits;
2612 sss_cipher_type_t curveType;
2613 int keyCreated = 0;
2614
2615#ifdef SE050_DEBUG
2616 printf("se050_ecc_create_key: key %p, curve %d, keySize %d\n",
2617 key, curve_id, keySize);
2618#endif
2619
2620 if (cfg_se050_i2c_pi == NULL) {
2621 return WC_HW_E;
2622 }
2623
2624 ret = se050_map_curve(curve_id, keySize, &keySizeBits, &curveType);
2625 if (ret != 0) {
2626 return ret;
2627 }
2628
2629 if (wolfSSL_CryptHwMutexLock() != 0) {
2630 return BAD_MUTEX_E;
2631 }
2632
2633 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
2634 if (status == kStatus_SSS_Success) {
2635 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_ECC);
2636 }
2637 if (status == kStatus_SSS_Success) {
2638 status = sss_key_object_init(&keyPair, &host_keystore);
2639 }
2640 if (status == kStatus_SSS_Success) {
2641 keyId = se050_allocate_key(SE050_ECC_KEY);
2642 /* Using Transient key type here does not work with SE050 */
2643 status = sss_key_object_allocate_handle(&keyPair, keyId,
2644 kSSS_KeyPart_Pair, curveType, keySize,
2645 kKeyObject_Mode_Persistent);
2646 }
2647 if (status == kStatus_SSS_Success) {
2648 /* Try to delete existing key first. Ignore return since will fail
2649 * if no key exists */
2650 sss_key_store_erase_key(&host_keystore, &keyPair);
2651
2652 keyCreated = 1;
2653 status = sss_key_store_generate_key(&host_keystore, &keyPair,
2654 keySizeBits, NULL);
2655 }
2656 if (status == kStatus_SSS_Success) {
2657 size_t derSzBits = derSz * 8;
2658 status = sss_key_store_get_key(&host_keystore, &keyPair,
2659 derBuf, &derSz, &derSzBits);
2660 (void)derSzBits; /* not used */
2661 }
2662 if (status == kStatus_SSS_Success) {
2663 word32 idx = 0;
2664 ret = wc_EccPublicKeyDecode(derBuf, &idx, key, (word32)derSz);
2665 if (ret != 0) {
2666 status = kStatus_SSS_Fail;
2667 }
2668 }
2669 if (status == kStatus_SSS_Success) {
2670 key->keyId = keyId;
2671 key->keyIdSet = 1;
2672 ret = 0;
2673 }
2674 else {
2675 if (keyCreated) {
2676 sss_key_store_erase_key(&host_keystore, &keyPair);
2677 sss_key_object_free(&keyPair);
2678 }
2679 if (ret == 0)
2680 ret = WC_HW_E;
2681 }
2682
2683 wolfSSL_CryptHwMutexUnLock();
2684
2685#ifdef SE050_DEBUG
2686 printf("se050_ecc_create_key: key %p, ret %d, status %d, keyId %d\n",
2687 key, ret, status, key->keyId);
2688#endif
2689
2690 return ret;
2691}
2692
2693
2694int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
2695 byte* out, word32* outlen)
2696{
2697 int ret;
2698 sss_status_t status = kStatus_SSS_Success;
2699 sss_key_store_t host_keystore;
2700 sss_object_t ref_private_key;
2701 sss_object_t ref_public_key;
2702 sss_object_t deriveKey;
2703 sss_derive_key_t ctx_derive_key;
2704 word32 keyId = 0;
2705 int keySize;
2706 int keySizeBits;
2707 sss_cipher_type_t curveType;
2708 int keyCreated = 0;
2709 int deriveKeyCreated = 0;
2710
2711#ifdef SE050_DEBUG
2712 printf("se050_ecc_shared_secret: priv %p, pub %p, out %p (%d)\n",
2713 private_key, public_key, out, *outlen);
2714#endif
2715
2716 if (cfg_se050_i2c_pi == NULL) {
2717 return WC_HW_E;
2718 }
2719 if (private_key == NULL || public_key == NULL ||
2720 private_key->keyIdSet == 0) {
2721 return BAD_FUNC_ARG;
2722 }
2723
2724 keySize = private_key->dp->size;
2725 ret = se050_map_curve(private_key->dp->id, keySize, &keySizeBits,
2726 &curveType);
2727 if (ret != 0) {
2728 return ret;
2729 }
2730
2731 if (wolfSSL_CryptHwMutexLock() != 0) {
2732 return BAD_MUTEX_E;
2733 }
2734
2735 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
2736 if (status == kStatus_SSS_Success) {
2737 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_ECC);
2738 }
2739 if (status == kStatus_SSS_Success) {
2740 status = sss_key_object_init(&ref_private_key, &host_keystore);
2741 }
2742 if (status == kStatus_SSS_Success) {
2743 status = sss_key_object_get_handle(&ref_private_key,
2744 private_key->keyId);
2745 }
2746 if (status == kStatus_SSS_Success) {
2747 status = sss_key_object_init(&ref_public_key, &host_keystore);
2748 }
2749 if (status == kStatus_SSS_Success) {
2750 keyId = public_key->keyId;
2751 if (public_key->keyIdSet == 0) {
2752 byte derBuf[SE050_ECC_DER_MAX];
2753 word32 derSz;
2754
2755 ret = wc_EccPublicKeyToDer(public_key, derBuf,
2756 (word32)sizeof(derBuf), 1);
2757 if (ret >= 0) {
2758 derSz = ret;
2759 ret = 0;
2760 }
2761 else {
2762 status = kStatus_SSS_Fail;
2763 }
2764 if (status == kStatus_SSS_Success) {
2765 keyId = se050_allocate_key(SE050_ECC_KEY);
2766 status = sss_key_object_allocate_handle(&ref_public_key,
2767 keyId, kSSS_KeyPart_Public, curveType, keySize,
2768 kKeyObject_Mode_Persistent);
2769 }
2770 if (status == kStatus_SSS_Success) {
2771 /* Try to delete existing key first, ignore return since will
2772 * fail if no key exists yet */
2773 sss_key_store_erase_key(&host_keystore, &ref_public_key);
2774 status = sss_key_store_set_key(&host_keystore, &ref_public_key,
2775 derBuf, derSz, keySizeBits, NULL, 0);
2776 keyCreated = 1;
2777 }
2778 }
2779 else {
2780 status = sss_key_object_get_handle(&ref_public_key, keyId);
2781 }
2782 }
2783 if (status == kStatus_SSS_Success) {
2784 status = sss_key_object_init(&deriveKey, &host_keystore);
2785 }
2786 if (status == kStatus_SSS_Success) {
2787 word32 keyIdAes = se050_allocate_key(SE050_AES_KEY);
2788 status = sss_key_object_allocate_handle(&deriveKey,
2789 keyIdAes,
2790 kSSS_KeyPart_Default,
2791 kSSS_CipherType_Binary,
2792 keySize,
2793 kKeyObject_Mode_Transient);
2794 }
2795 if (status == kStatus_SSS_Success) {
2796 status = sss_derive_key_context_init(&ctx_derive_key, cfg_se050_i2c_pi,
2797 &ref_private_key, kAlgorithm_SSS_ECDH,
2798 kMode_SSS_ComputeSharedSecret);
2799 if (status == kStatus_SSS_Success) {
2800 /* Try to delete existing key first, ignore return since will
2801 * fail if no key exists yet */
2802 sss_key_store_erase_key(&host_keystore, &deriveKey);
2803 status = sss_derive_key_dh(&ctx_derive_key, &ref_public_key,
2804 &deriveKey);
2805 }
2806 if (status == kStatus_SSS_Success) {
2807 size_t outlenSz = (size_t)*outlen;
2808 size_t outlenSzBits = outlenSz * 8;
2809 deriveKeyCreated = 1;
2810 /* derived key export */
2811 status = sss_key_store_get_key(&host_keystore, &deriveKey,
2812 out, &outlenSz, &outlenSzBits);
2813 *outlen = (word32)outlenSz;
2814 (void)outlenSzBits; /* not used */
2815 }
2816
2817 sss_derive_key_context_free(&ctx_derive_key);
2818 }
2819 if (deriveKeyCreated) {
2820 sss_key_store_erase_key(&host_keystore, &deriveKey);
2821 sss_key_object_free(&deriveKey);
2822 }
2823
2824 if (status == kStatus_SSS_Success) {
2825 public_key->keyId = keyId;
2826 public_key->keyIdSet = 1;
2827 ret = 0;
2828 }
2829 else {
2830 if (keyCreated) {
2831 sss_key_store_erase_key(&host_keystore, &ref_public_key);
2832 sss_key_object_free(&ref_public_key);
2833 }
2834 if (ret == 0) {
2835 ret = WC_HW_E;
2836 }
2837 }
2838
2839 wolfSSL_CryptHwMutexUnLock();
2840
2841#ifdef SE050_DEBUG
2842 printf("se050_ecc_shared_secret: ret %d, status %d, outlen %d\n", ret,
2843 status, *outlen);
2844#endif
2845
2846 return ret;
2847}
2848#endif /* HAVE_ECC */
2849
2850#ifdef HAVE_ED25519
2851
2852int se050_ed25519_create_key(ed25519_key* key)
2853{
2854 int ret = 0;
2855 sss_status_t status;
2856 sss_key_store_t host_keystore;
2857 sss_object_t newKey;
2858 word32 keyId;
2859 int keySize = ED25519_KEY_SIZE;
2860 int keyCreated = 0;
2861
2862#ifdef SE050_DEBUG
2863 printf("se050_ed25519_create_key: %p\n", key);
2864#endif
2865
2866 if (cfg_se050_i2c_pi == NULL) {
2867 return WC_HW_E;
2868 }
2869
2870 if (wolfSSL_CryptHwMutexLock() != 0) {
2871 return BAD_MUTEX_E;
2872 }
2873
2874 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
2875 if (status == kStatus_SSS_Success) {
2876 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_ED25519);
2877 }
2878 if (status == kStatus_SSS_Success) {
2879 status = sss_key_object_init(&newKey, &host_keystore);
2880 }
2881 if (status == kStatus_SSS_Success) {
2882 keyId = se050_allocate_key(SE050_ED25519_KEY);
2883 status = sss_key_object_allocate_handle(&newKey, keyId,
2884 kSSS_KeyPart_Pair, kSSS_CipherType_EC_TWISTED_ED, keySize,
2885 kKeyObject_Mode_Transient);
2886 }
2887 if (status == kStatus_SSS_Success) {
2888 keyCreated = 1;
2889 status = sss_key_store_generate_key(&host_keystore, &newKey,
2890 keySize * 8, NULL);
2891 }
2892
2893 if (status == kStatus_SSS_Success) {
2894 key->keyId = keyId;
2895 key->keyIdSet = 1;
2896 ret = 0;
2897 }
2898 else {
2899 if (keyCreated) {
2900 sss_key_store_erase_key(&host_keystore, &newKey);
2901 sss_key_object_free(&newKey);
2902 }
2903 ret = WC_HW_E;
2904 }
2905
2906 wolfSSL_CryptHwMutexUnLock();
2907
2908#ifdef SE050_DEBUG
2909 printf("se050_ed25519_create_key: ret %d, keyId %ld\n", ret, key->keyId);
2910#endif
2911
2912 return ret;
2913}
2914
2915void se050_ed25519_free_key(ed25519_key* key)
2916{
2917 sss_status_t status;
2918 sss_object_t newKey;
2919 sss_key_store_t host_keystore;
2920
2921#ifdef SE050_DEBUG
2922 printf("se050_ed25519_free_key: %p, id %ld\n", key, key->keyId);
2923#endif
2924
2925 if (cfg_se050_i2c_pi == NULL) {
2926 return;
2927 }
2928 if (key->keyIdSet == 0) {
2929 return;
2930 }
2931
2932 if (wolfSSL_CryptHwMutexLock() != 0) {
2933 return;
2934 }
2935
2936 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
2937
2938 if (status == kStatus_SSS_Success) {
2939 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_ED25519);
2940 }
2941 if (status == kStatus_SSS_Success) {
2942 status = sss_key_object_init(&newKey, &host_keystore);
2943 }
2944 if (status == kStatus_SSS_Success) {
2945 status = sss_key_object_get_handle(&newKey, key->keyId);
2946 }
2947 if (status == kStatus_SSS_Success) {
2948 if (key->keyId >= SE050_KEYID_START) {
2949 sss_key_store_erase_key(&host_keystore, &newKey);
2950 }
2951 sss_key_object_free(&newKey);
2952 key->keyId = 0;
2953 key->keyIdSet = 0;
2954 }
2955 wolfSSL_CryptHwMutexUnLock();
2956}
2957
2958int se050_ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
2959 word32 *outLen, ed25519_key* key)
2960{
2961 int ret = 0;
2962 sss_status_t status = kStatus_SSS_Success;
2963 sss_asymmetric_t ctx_asymm;
2964 sss_key_store_t host_keystore;
2965 sss_object_t newKey;
2966 int keySize = ED25519_KEY_SIZE;
2967 int keyCreated = 0;
2968 word32 keyId;
2969
2970#ifdef SE050_DEBUG
2971 printf("se050_ed25519_sign_msg: key %p, in %p (%d), out %p (%d), "
2972 "keyId %ld\n", key, in, inLen, out, *outLen, key->keyId);
2973#endif
2974
2975 if (cfg_se050_i2c_pi == NULL) {
2976 return WC_HW_E;
2977 }
2978
2979 if (wolfSSL_CryptHwMutexLock() != 0) {
2980 return BAD_MUTEX_E;
2981 }
2982
2983 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
2984 if (status == kStatus_SSS_Success) {
2985 status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_ED25519);
2986 }
2987 if (status == kStatus_SSS_Success) {
2988 status = sss_key_object_init(&newKey, &host_keystore);
2989 }
2990 /* this is run when a key was not generated and was instead passed in */
2991 if (status == kStatus_SSS_Success) {
2992 keyId = key->keyId;
2993 if (key->keyIdSet == 0) {
2994 byte derBuf[SE050_ECC_DER_MAX];
2995 word32 derSz;
2996
2997 ret = wc_Ed25519KeyToDer(key, derBuf, (word32)sizeof(derBuf));
2998 if (ret >= 0) {
2999 derSz = ret;
3000 ret = 0;
3001 }
3002 else {
3003 status = kStatus_SSS_Fail;
3004 }
3005 if (status == kStatus_SSS_Success) {
3006 keyId = se050_allocate_key(SE050_ED25519_KEY);
3007 status = sss_key_object_allocate_handle(&newKey, keyId,
3008 kSSS_KeyPart_Pair, kSSS_CipherType_EC_TWISTED_ED, keySize,
3009 kKeyObject_Mode_Transient);
3010 }
3011 if (status == kStatus_SSS_Success) {
3012 keyCreated = 1;
3013 status = sss_key_store_set_key(&host_keystore, &newKey, derBuf,
3014 derSz, keySize * 8, NULL, 0);
3015 }
3016 }
3017 else {
3018 status = sss_key_object_get_handle(&newKey, keyId);
3019 }
3020 }
3021 if (status == kStatus_SSS_Success) {
3022 status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi,
3023 &newKey, kAlgorithm_SSS_SHA512, kMode_SSS_Sign);
3024 if (status == kStatus_SSS_Success) {
3025 size_t outlenSz = (size_t)*outLen;
3026 status = sss_se05x_asymmetric_sign(
3027 (sss_se05x_asymmetric_t *)&ctx_asymm,
3028 (uint8_t *)in, inLen, out, &outlenSz);
3029 *outLen = (word32)outlenSz;
3030 }
3031
3032 sss_asymmetric_context_free(&ctx_asymm);
3033 }
3034
3035 if (status != kStatus_SSS_Success) {
3036 if (keyCreated) {
3037 sss_key_store_erase_key(&host_keystore, &newKey);
3038 sss_key_object_free(&newKey);
3039 }
3040 ret = WC_HW_E;
3041 } else {
3042 key->keyId = keyId;
3043 key->keyIdSet = 1;
3044 }
3045
3046 wolfSSL_CryptHwMutexUnLock();
3047
3048#ifdef SE050_DEBUG
3049 printf("se050_ed25519_sign_msg: ret %d, outLen %d\n", ret, *outLen);
3050#endif
3051
3052 return ret;
3053}
3054
3055int se050_ed25519_verify_msg(const byte* signature, word32 signatureLen,
3056 const byte* msg, word32 msgLen, struct ed25519_key* key, int* res)
3057{
3058 int ret = 0;
3059 sss_status_t status = kStatus_SSS_Success;
3060 sss_asymmetric_t ctx_asymm;
3061 sss_object_t newKey;
3062 sss_key_store_t host_keystore;
3063 word32 keyId;
3064 int keySize = ED25519_KEY_SIZE;
3065 int keyCreated = 0;
3066
3067#ifdef SE050_DEBUG
3068 printf("se050_ed25519_verify_msg: key %p, sig %p (%d), msg %p (%d)\n",
3069 key, signature, signatureLen, msg, msgLen);
3070#endif
3071
3072 if (signature == NULL || msg == NULL || key == NULL || res == NULL) {
3073 return BAD_FUNC_ARG;
3074 }
3075
3076 *res = 0;
3077
3078 if (cfg_se050_i2c_pi == NULL) {
3079 return WC_HW_E;
3080 }
3081
3082 if (wolfSSL_CryptHwMutexLock() != 0) {
3083 return BAD_MUTEX_E;
3084 }
3085
3086 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
3087 if (status == kStatus_SSS_Success) {
3088 status = sss_key_store_allocate(&host_keystore,
3089 SE050_KEYSTOREID_ED25519);
3090 }
3091 if (status == kStatus_SSS_Success) {
3092 status = sss_key_object_init(&newKey, &host_keystore);
3093 }
3094 if (status == kStatus_SSS_Success) {
3095 keyId = key->keyId;
3096 if (key->keyIdSet == 0) {
3097 byte derBuf[ED25519_PUB_KEY_SIZE + 12]; /* seq + algo + bitstring */
3098 word32 derSz = 0;
3099
3100 ret = wc_Ed25519PublicKeyToDer(key, derBuf,
3101 (word32)sizeof(derBuf), 1);
3102 if (ret >= 0) {
3103 derSz = ret;
3104 ret = 0;
3105 }
3106 else {
3107 status = kStatus_SSS_Fail;
3108 }
3109 if (status == kStatus_SSS_Success) {
3110 keyId = se050_allocate_key(SE050_ED25519_KEY);
3111 status = sss_key_object_allocate_handle(&newKey, keyId,
3112 kSSS_KeyPart_Public, kSSS_CipherType_EC_TWISTED_ED, keySize,
3113 kKeyObject_Mode_Transient);
3114 }
3115 if (status == kStatus_SSS_Success) {
3116 keyCreated = 1;
3117 status = sss_key_store_set_key(&host_keystore, &newKey, derBuf,
3118 derSz, keySize * 8, NULL, 0);
3119 }
3120 }
3121 else {
3122 status = sss_key_object_get_handle(&newKey, keyId);
3123 }
3124 }
3125
3126 if (status == kStatus_SSS_Success) {
3127 status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi,
3128 &newKey, kAlgorithm_SSS_SHA512, kMode_SSS_Verify);
3129 if (status == kStatus_SSS_Success) {
3130 status = sss_se05x_asymmetric_verify(
3131 (sss_se05x_asymmetric_t*)&ctx_asymm, (uint8_t*)msg, msgLen,
3132 (uint8_t*)signature, (size_t)signatureLen);
3133 }
3134 sss_asymmetric_context_free(&ctx_asymm);
3135 }
3136
3137 if (status == kStatus_SSS_Success) {
3138 if (keyCreated) {
3139 /* We uploaded only the public part of the key for this verify.
3140 * Don't persist keyIdSet=1 -- a later sign on the same ed25519_key
3141 * would reuse this binding and fail because the SE050 object has
3142 * no private material. Erase the transient object so the next
3143 * SE050 op re-uploads. Mirrors the fix in se050_rsa_verify. */
3144 sss_key_store_erase_key(&host_keystore, &newKey);
3145 sss_key_object_free(&newKey);
3146 }
3147 else {
3148 /* Pre-existing keyIdSet=1 binding (from prior sign that uploaded
3149 * a keypair, or explicit caller setup). Preserve it. */
3150 key->keyId = keyId;
3151 key->keyIdSet = 1;
3152 }
3153 *res = 1;
3154 ret = 0;
3155 }
3156 else {
3157 if (keyCreated) {
3158 sss_key_store_erase_key(&host_keystore, &newKey);
3159 sss_key_object_free(&newKey);
3160 }
3161 if (ret == 0)
3162 ret = WC_HW_E;
3163 }
3164
3165 wolfSSL_CryptHwMutexUnLock();
3166
3167#ifdef SE050_DEBUG
3168 printf("se050_ed25519_verify_msg: ret %d, res %d\n", ret, *res);
3169#endif
3170
3171 return ret;
3172}
3173
3174#endif /* HAVE_ED25519 */
3175
3176
3177#ifdef HAVE_CURVE25519
3178
3179int se050_curve25519_create_key(curve25519_key* key, int keySize)
3180{
3181 int ret;
3182 sss_status_t status = kStatus_SSS_Success;
3183 sss_object_t keyPair;
3184 sss_key_store_t host_keystore;
3185 uint8_t derBuf[SE050_ECC_DER_MAX];
3186 size_t derSz = sizeof(derBuf);
3187 word32 keyId;
3188 int keyCreated = 0;
3189
3190#ifdef SE050_DEBUG
3191 printf("se050_curve25519_create_key: key %p, keySize %d\n",
3192 key, keySize);
3193#endif
3194
3195 if (cfg_se050_i2c_pi == NULL) {
3196 return WC_HW_E;
3197 }
3198 if (wolfSSL_CryptHwMutexLock() != 0) {
3199 return BAD_MUTEX_E;
3200 }
3201
3202 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
3203 if (status == kStatus_SSS_Success) {
3204 status = sss_key_store_allocate(&host_keystore,
3205 SE050_KEYSTOREID_CURVE25519);
3206 }
3207 if (status == kStatus_SSS_Success) {
3208 status = sss_key_object_init(&keyPair, &host_keystore);
3209 }
3210 if (status == kStatus_SSS_Success) {
3211 keyId = se050_allocate_key(SE050_CURVE25519_KEY);
3212 status = sss_key_object_allocate_handle(&keyPair, keyId,
3213 kSSS_KeyPart_Pair, kSSS_CipherType_EC_MONTGOMERY, keySize,
3214 kKeyObject_Mode_None);
3215 }
3216 if (status == kStatus_SSS_Success) {
3217 keyCreated = 1;
3218 status = sss_key_store_generate_key(&host_keystore, &keyPair,
3219 keySize * 8, NULL);
3220 }
3221 if (status == kStatus_SSS_Success) {
3222 size_t derSzBits = derSz * 8;
3223 status = sss_key_store_get_key(&host_keystore, &keyPair,
3224 derBuf, &derSz, &derSzBits);
3225 (void)derSzBits; /* not used */
3226 }
3227 if (status == kStatus_SSS_Success) {
3228 word32 idx = 0;
3229 byte pubKey[CURVE25519_KEYSIZE];
3230 word32 pubKeyLen = (word32)sizeof(pubKey);
3231
3232 ret = DecodeAsymKeyPublic(derBuf, &idx, (word32)derSz,
3233 pubKey, &pubKeyLen, X25519k);
3234 if (ret == 0) {
3235 ret = wc_curve25519_import_public_ex(pubKey, pubKeyLen, key,
3236 EC25519_LITTLE_ENDIAN);
3237 }
3238 if (ret != 0) {
3239 status = kStatus_SSS_Fail;
3240 }
3241 }
3242
3243 if (status == kStatus_SSS_Success) {
3244 key->keyId = keyId;
3245 key->keyIdSet = 1;
3246 ret = 0;
3247 }
3248 else {
3249 if (keyCreated) {
3250 sss_key_store_erase_key(&host_keystore, &keyPair);
3251 sss_key_object_free(&keyPair);
3252 }
3253 ret = WC_HW_E;
3254 }
3255 wolfSSL_CryptHwMutexUnLock();
3256
3257#ifdef SE050_DEBUG
3258 printf("se050_curve25519_create_key: key %p, ret %d, keyId %ld\n",
3259 key, ret, key->keyId);
3260#endif
3261
3262 return ret;
3263}
3264
3265int se050_curve25519_shared_secret(curve25519_key* private_key,
3266 curve25519_key* public_key, ECPoint* out)
3267{
3268 int ret = 0;
3269 sss_status_t status = kStatus_SSS_Success;
3270 sss_key_store_t host_keystore;
3271 sss_object_t ref_private_key;
3272 sss_object_t ref_public_key;
3273 sss_object_t deriveKey;
3274 sss_derive_key_t ctx_derive_key;
3275 word32 keyId;
3276 int keySize = CURVE25519_KEYSIZE;
3277 int keyCreated = 0;
3278 int deriveKeyCreated = 0;
3279
3280#ifdef SE050_DEBUG
3281 printf("se050_curve25519_shared_secret: priv %p, pub %p, out %p (%d)\n",
3282 private_key, public_key, out, out->pointSz);
3283#endif
3284
3285 if (cfg_se050_i2c_pi == NULL) {
3286 return WC_HW_E;
3287 }
3288
3289 if (private_key == NULL || public_key == NULL ||
3290 private_key->keyIdSet == 0) {
3291 return BAD_FUNC_ARG;
3292 }
3293
3294 if (wolfSSL_CryptHwMutexLock() != 0) {
3295 return BAD_MUTEX_E;
3296 }
3297
3298 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
3299 if (status == kStatus_SSS_Success) {
3300 status = sss_key_store_allocate(&host_keystore,
3301 SE050_KEYSTOREID_CURVE25519);
3302 }
3303 if (status == kStatus_SSS_Success) {
3304 status = sss_key_object_init(&ref_private_key, &host_keystore);
3305 }
3306 if (status == kStatus_SSS_Success) {
3307 status = sss_key_object_get_handle(&ref_private_key,
3308 private_key->keyId);
3309 }
3310 if (status == kStatus_SSS_Success) {
3311 status = sss_key_object_init(&ref_public_key, &host_keystore);
3312 }
3313 if (status == kStatus_SSS_Success) {
3314 keyId = public_key->keyId;
3315 if (public_key->keyIdSet == 0) {
3316 byte derBuf[CURVE25519_PUB_KEY_SIZE + 12]; /* seq + algo + bitstring */
3317 word32 derSz;
3318 byte pubKey[CURVE25519_PUB_KEY_SIZE];
3319 word32 pubKeyLen = (word32)sizeof(pubKey);
3320
3321 ret = wc_curve25519_export_public_ex(public_key, pubKey, &pubKeyLen,
3322 EC25519_LITTLE_ENDIAN);
3323 if (ret == 0) {
3324 ret = SetAsymKeyDerPublic(pubKey, pubKeyLen, derBuf,
3325 (word32)sizeof(derBuf), X25519k, 1);
3326 if (ret >= 0) {
3327 derSz = ret;
3328 ret = 0;
3329 }
3330 }
3331 if (ret != 0) {
3332 status = kStatus_SSS_Fail;
3333 }
3334 if (status == kStatus_SSS_Success) {
3335 keyId = se050_allocate_key(SE050_CURVE25519_KEY);
3336 status = sss_key_object_allocate_handle(&ref_public_key,
3337 keyId, kSSS_KeyPart_Public, kSSS_CipherType_EC_MONTGOMERY,
3338 keySize, kKeyObject_Mode_Transient);
3339 }
3340 if (status == kStatus_SSS_Success) {
3341 keyCreated = 1;
3342 status = sss_key_store_set_key(&host_keystore, &ref_public_key,
3343 derBuf, derSz, keySize * 8, NULL, 0);
3344 }
3345 }
3346 else {
3347 status = sss_key_object_get_handle(&ref_public_key, keyId);
3348 }
3349 }
3350 if (status == kStatus_SSS_Success) {
3351 status = sss_key_object_init(&deriveKey, &host_keystore);
3352 }
3353 if (status == kStatus_SSS_Success) {
3354 word32 keyIdAes = se050_allocate_key(SE050_AES_KEY);
3355 deriveKeyCreated = 1;
3356 status = sss_key_object_allocate_handle(&deriveKey,
3357 keyIdAes,
3358 kSSS_KeyPart_Default,
3359 kSSS_CipherType_Binary,
3360 keySize,
3361 kKeyObject_Mode_Transient);
3362 }
3363 if (status == kStatus_SSS_Success) {
3364 status = sss_derive_key_context_init(&ctx_derive_key, cfg_se050_i2c_pi,
3365 &ref_private_key, kAlgorithm_SSS_ECDH,
3366 kMode_SSS_ComputeSharedSecret);
3367 if (status == kStatus_SSS_Success) {
3368 status = sss_derive_key_dh(&ctx_derive_key, &ref_public_key,
3369 &deriveKey);
3370 }
3371 if (status == kStatus_SSS_Success) {
3372 size_t outlenSz = sizeof(out->point);
3373 size_t outlenSzBits = outlenSz * 8;
3374 /* derived key export */
3375 status = sss_key_store_get_key(&host_keystore, &deriveKey,
3376 out->point, &outlenSz, &outlenSzBits);
3377 out->pointSz = (word32)outlenSz;
3378 (void)outlenSzBits; /* not used */
3379 }
3380
3381 sss_derive_key_context_free(&ctx_derive_key);
3382 }
3383 if (deriveKeyCreated) {
3384 sss_key_store_erase_key(&host_keystore, &deriveKey);
3385 sss_key_object_free(&deriveKey);
3386 }
3387
3388 if (status == kStatus_SSS_Success) {
3389 public_key->keyId = keyId;
3390 public_key->keyIdSet = 1;
3391 ret = 0;
3392 }
3393 else {
3394 if (keyCreated) {
3395 sss_key_store_erase_key(&host_keystore, &ref_public_key);
3396 sss_key_object_free(&ref_public_key);
3397 }
3398 if (ret == 0)
3399 ret = WC_HW_E;
3400 }
3401
3402 wolfSSL_CryptHwMutexUnLock();
3403
3404#ifdef SE050_DEBUG
3405 printf("se050_curve25519_shared_secret: ret %d, outlen %d\n",
3406 ret, out->pointSz);
3407#endif
3408
3409 return ret;
3410}
3411
3412void se050_curve25519_free_key(struct curve25519_key* key)
3413{
3414 sss_status_t status;
3415 sss_object_t newKey;
3416 sss_key_store_t host_keystore;
3417
3418#ifdef SE050_DEBUG
3419 printf("se050_curve25519_free_key: %p, id %ld\n", key, key->keyId);
3420#endif
3421
3422 if (cfg_se050_i2c_pi == NULL || key->keyIdSet == 0) {
3423 return;
3424 }
3425
3426 if (wolfSSL_CryptHwMutexLock() != 0) {
3427 return;
3428 }
3429
3430 status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
3431
3432 if (status == kStatus_SSS_Success) {
3433 status = sss_key_store_allocate(&host_keystore,
3434 SE050_KEYSTOREID_CURVE25519);
3435 }
3436 if (status == kStatus_SSS_Success) {
3437 status = sss_key_object_init(&newKey, &host_keystore);
3438 }
3439 if (status == kStatus_SSS_Success) {
3440 status = sss_key_object_get_handle(&newKey, key->keyId);
3441 }
3442 if (status == kStatus_SSS_Success) {
3443 if (key->keyId >= SE050_KEYID_START) {
3444 sss_key_store_erase_key(&host_keystore, &newKey);
3445 }
3446 sss_key_object_free(&newKey);
3447 key->keyId = 0;
3448 key->keyIdSet = 0;
3449 }
3450 wolfSSL_CryptHwMutexUnLock();
3451}
3452#endif /* HAVE_CURVE25519 */
3453
3454#endif /* WOLFSSL_SE050 */