Merge pull request #7369 from dgarske/infineon_modustoolbox

Support for Infineon Modus Toolbox with wolfSSL

Author: JacobBarthelmeh

.cyignore

@@ -0,0 +1,40 @@
+# wolfSSL folders
+$(SEARCH_wolfssl)/IDE
+$(SEARCH_wolfssl)/examples
+$(SEARCH_wolfssl)/linuxkm
+$(SEARCH_wolfssl)/mcapi
+$(SEARCH_wolfssl)/mplabx
+$(SEARCH_wolfssl)/mqx
+$(SEARCH_wolfssl)/tirtos
+$(SEARCH_wolfssl)/tests
+$(SEARCH_wolfssl)/testsuite
+$(SEARCH_wolfssl)/wolfcrypt/src/port/autosar
+$(SEARCH_wolfssl)/zephyr
+
+# wolfSSL files
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_xts_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_x86_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/chacha_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/fe_x25519_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/poly1305_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha256_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha512_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha3_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sm3_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sp_x86_64_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sp_sm2_x86_64_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/wc_kyber_asm.S
+
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha3-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha512-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-aes-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha512-asm.S

IDE/Infineon/README.md

@@ -0,0 +1,33 @@
+# Infineon Modus Toolbox
+
+Steps for building wolfSSL/wolfTPM with the Infineon Modus Toolbox examples:
+
+1) Add Dependency:
+
+In "deps" folder add wolfssl.mtb containing:
+
+```
+https://github.com/wolfssl/wolfssl#v5.7.0-stable#$$ASSET_REPO$$/wolfssl/wolfssl-stable
+```
+
+For wolfTPM add wolftpm.mtb containing:
+
+```
+https://github.com/wolfssl/wolftpm#master#$$ASSET_REPO$$/wolftpm/wolftpm-stable
+```
+
+2) Add components:
+In `Makefile` under `COMPONENTS` add `WOLFSSL` and `WOLFTPM`.
+
+3) Add defines:
+
+Add `DEFINES+=WOLFSSL_USER_SETTINGS WOLFTPM_USER_SETTINGS` in Makefile.
+
+4) Build settings:
+
+Add a `user_settings.h` file for wolfSSL/wolfTPM build settings into `config` directory.
+A template is provided here in `IDE/Infineon/user_settings.h`.
+
+5) Ignores:
+
+The required library ignores are found in the `.cyignore` file in the wolfSSL and wolfTPM root.

IDE/Infineon/include.am

@@ -0,0 +1,7 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/Infineon/README.md \
+    IDE/Infineon/user_settings.h

IDE/Infineon/user_settings.h

@@ -0,0 +1,168 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Example build settings for Infineon Modus Toolbox */
+/* Enables wolfSSL TLS v1.2-v1.3 and TPM support */
+/* SHA-1, SHA-2, AES CBC/GCM, ECDHE, ECDSA, RSA, HMAC, HKDF */
+
+#ifndef WOLF_USER_SETTINGS_TPM_H
+#define WOLF_USER_SETTINGS_TPM_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Platform / Porting */
+#define NO_FILESYSTEM /* File system disable */
+#define SINGLE_THREADED /* No threading */
+#define WOLFSSL_USER_IO /* user recv/send callbacks for network IO */
+#define NO_WRITEV
+#define NO_MAIN_DRIVER
+#define WOLFSSL_IGNORE_FILE_WARN /* ignore file include warnings */
+#define WOLFSSL_SMALL_STACK /* limit stack usage */
+#define BENCH_EMBEDDED
+
+/* TLS (allow TLS v1.3 or v1.2) */
+#define WOLFSSL_TLS13
+//#define WOLFSSL_NO_TLS12
+#define NO_OLD_TLS
+#define WOLFSSL_EITHER_SIDE /* allow context to be created for either server or client */
+
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_SERVER_RENEGOTIATION_INFO
+#define HAVE_ENCRYPT_THEN_MAC
+
+#ifdef WOLFSSL_TLS13
+    #define HAVE_HKDF
+    #define WC_RSA_PSS
+    #define WOLFSSL_PSS_LONG_SALT
+#endif
+
+/* Enable crypto callbacks - for TPM offloading */
+#define WOLF_CRYPTO_CB
+
+/* Enable SP math all (sp_int.c) with multi-precision support */
+#define WOLFSSL_SP_MATH_ALL
+
+#if 1
+    /* Single Precision math for ECC 256 and RSA 2048 */
+    #define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_HAVE_SP_ECC
+    #define WOLFSSL_SP_SMALL
+#endif
+
+#if 0
+    /* only single precision math */
+    #define WOLFSSL_SP_MATH
+#endif
+
+/* Enable hardening (timing resistance) */
+#define TFM_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+#define WC_RSA_BLINDING
+
+/* Enable PRNG (SHA2-256) */
+#define HAVE_HASHDRBG
+
+/* Asymmetric */
+#if 1 /* RSA - needed to encrypt salt */
+    #undef  NO_RSA
+    #ifdef USE_LOW_RESOURCE
+        #define WOLFSSL_RSA_PUBLIC_ONLY
+        #define WOLFSSL_RSA_VERIFY_INLINE
+        #define NO_CHECK_PRIVATE_KEY
+    #endif
+#else
+    #define NO_RSA
+#endif
+
+#if 1 /* ECC - needed for encrypt ECC salt */
+    #define HAVE_ECC
+    #define ECC_USER_CURVES /* default to only SECP256R1 */
+#endif
+
+#if 0 /* DH - TPM doesn't support it */
+    #undef  NO_DH
+    #define HAVE_FFDHE_2048
+    #define HAVE_DH_DEFAULT_PARAMS
+#else
+    #define NO_DH
+#endif
+
+/* Symmetric Hash */
+#undef NO_SHA /* allow SHA-1 */
+#undef NO_SHA256 /* allow SHA2-256 */
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+
+/* Symmetric Cipher */
+#define WOLFSSL_AES_CFB
+#define HAVE_AES_DECRYPT
+
+#define HAVE_AES_KEYWRAP
+#define WOLFSSL_AES_DIRECT
+#define HAVE_AESGCM
+#define GCM_TABLE_4BIT
+
+/* Features */
+#define WOLFSSL_ASN_TEMPLATE
+
+#define WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_EXT
+
+#define HAVE_PKCS7
+#define HAVE_X963_KDF
+#define WOLFSSL_BASE64_ENCODE
+
+#if 1
+    #define HAVE_SESSION_TICKETS
+    #define SMALL_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+/* Disables */
+#define NO_PKCS8
+#define NO_PKCS12
+#define NO_PWDBASED
+#define NO_DSA
+#define NO_DES3
+#define NO_RC4
+#define NO_PSK
+#define NO_MD4
+#define NO_MD5
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
+
+/* Logging */
+#ifdef ENABLE_SECURE_SOCKETS_LOGS
+    #define DEBUG_WOLFSSL
+#else
+    #define NO_ERROR_STRINGS
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLF_USER_SETTINGS_TPM_H */

IDE/include.am

@@ -60,6 +60,7 @@ include IDE/apple-universal/include.am
 include IDE/MPLABX16/include.am
 include IDE/MPLABX16/wolfssl.X/nbproject/include.am
 include IDE/MPLABX16/wolfcrypt_test.X/nbproject/include.am
+include IDE/Infineon/include.am
 
 EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif
 EXTRA_DIST+= IDE/OPENSTM32/README.md

Makefile.am

@@ -138,6 +138,7 @@ dist_example_DATA=
 
 ACLOCAL_AMFLAGS= -I m4
 
+EXTRA_DIST+= .cyignore
 EXTRA_DIST+= wolfssl.vcproj
 EXTRA_DIST+= wolfssl.vcxproj
 EXTRA_DIST+= wolfssl64.sln

examples/configs/user_settings_wolftpm.h

@@ -131,7 +131,7 @@ extern "C" {
 #else
     #define NO_RSA
 #endif
-#ifndef USE_LOW_RESOURCE /* ECC */
+#if 1 /* ECC - needed for encrypt ECC salt */
     #define HAVE_ECC
     #define ECC_USER_CURVES /* default to only SECP256R1 */
 #endif

wolfcrypt/src/random.c

@@ -128,6 +128,8 @@ This library contains implementation for the random number generator.
 #elif defined(WOLFSSL_TELIT_M2MB)
 #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
 #elif defined(WOLFSSL_IMXRT1170_CAAM)
+#elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL)
+    #include "cyhal_trng.h" /* Infineon/Cypress HAL RNG implementation */
 #elif defined(WOLFSSL_GETRANDOM)
     #include <errno.h>
     #include <sys/random.h>
@@ -3832,6 +3834,40 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         return ret;
     }
 
+#elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL)
+
+    /* Infineon/Cypress HAL RNG implementation */
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        cyhal_trng_t obj;
+        cy_rslt_t result;
+        uint32_t val;
+        word32 i = 0;
+
+        (void)os;
+
+        result = cyhal_trng_init(&obj);
+        if (result == CY_RSLT_SUCCESS) {
+            while (i < sz) {
+                /* If not aligned or there is odd/remainder add single byte */
+                if( (i + sizeof(word32)) > sz ||
+                    ((wc_ptr_t)&output[i] % sizeof(word32)) != 0
+                ) {
+                    val = cyhal_trng_generate(&obj);
+                    output[i++] = (byte)val;
+                }
+                else {
+                    /* Use native 32 instruction */
+                    val = cyhal_trng_generate(&obj);
+                    *((uint32_t*)&output[i]) = val;
+                    i += sizeof(word32);
+                }
+            }
+            cyhal_trng_free(&obj);
+        }
+        return 0;
+    }
+
 #elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) || \
       defined(WOLFSSL_IAR_ARM)  || defined(WOLFSSL_MDK_ARM) || \
       defined(WOLFSSL_uITRON4)  || defined(WOLFSSL_uTKERNEL2) || \