Skip to content

se050: add support for WOLFSSL_SE050_NOECDHE#9853

Draft
rizlik wants to merge 1 commit intowolfSSL:masterfrom
rizlik:se050
Draft

se050: add support for WOLFSSL_SE050_NOECDHE#9853
rizlik wants to merge 1 commit intowolfSSL:masterfrom
rizlik:se050

Conversation

@rizlik
Copy link
Contributor

@rizlik rizlik commented Mar 3, 2026

No description provided.

Copilot AI review requested due to automatic review settings March 3, 2026 10:32
Copilot AI reviewed Mar 3, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a build-time switch to disable SE050 offloading for ECC key generation and ECDH shared secret operations, letting wolfCrypt software implementations handle those paths instead.

Changes:

  • Documented new WOLFSSL_SE050_NOECDHE build option for SE050 port.
  • Gated SE050 ECDH shared secret and ECC key creation offload behind !defined(WOLFSSL_SE050_NOECDHE).
  • Registered the new macro in .wolfssl_known_macro_extras.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
wolfcrypt/src/port/nxp/README_SE050.md Documents the new macro and its behavioral impact.
wolfcrypt/src/ecc.c Disables SE050 offload paths for key generation and shared secret when the macro is defined.
.wolfssl_known_macro_extras Adds the macro to the known-macro list.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.wolfssl_known_macro_extras
@@ -886,6 +886,7 @@ WOLFSSL_SE050_HASH
WOLFSSL_SE050_INIT
WOLFSSL_SE050_NO_RSA
WOLFSSL_SE050_NO_TRNG
Copy link

Copilot AI Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WOLFSSL_SE050_NOECDHE is harder to parse than the surrounding SE050 macros (e.g., WOLFSSL_SE050_NO_RSA, WOLFSSL_SE050_NO_TRNG) which use word separators. Consider renaming to WOLFSSL_SE050_NO_ECDHE for consistency/readability, or providing a compatibility alias so both spellings work.

Suggested change
WOLFSSL_SE050_NO_TRNG
WOLFSSL_SE050_NO_TRNG
WOLFSSL_SE050_NO_ECDHE

Copilot uses AI. Check for mistakes.
wolfcrypt/src/port/nxp/README_SE050.md
Comment on lines +251 to +253
Disables offloading ECDH key generation and shared secret operations to the
SE050. When defined, `wc_ecc_make_key()` and `wc_ecc_shared_secret()` will
use wolfCrypt software instead of the SE050.
Copy link

Copilot AI Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This wording is inconsistent with the implementation: the WOLFSSL_SE050_NOECDHE guard disables the SE050 path for wc_ecc_make_key() in general (ECC key creation), not specifically “ECDH key generation”. Please adjust the text to say “ECC/EC key generation” (or “EC key pair generation”) plus shared secret, so the README matches the behavior.

Suggested change
Disables offloading ECDH key generation and shared secret operations to the
SE050. When defined, `wc_ecc_make_key()` and `wc_ecc_shared_secret()` will
use wolfCrypt software instead of the SE050.
Disables offloading ECC/EC key pair generation and ECDH shared secret
operations to the SE050. When defined, `wc_ecc_make_key()` and
`wc_ecc_shared_secret()` will use wolfCrypt software instead of the SE050.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rizlik