From 7b4147cbc6c5bd2dff9927b2c7dba179637cb6ce Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Tue, 3 Mar 2026 11:30:38 +0100 Subject: [PATCH] se050: add support for WOLFSSL_SE050_NOECDHE --- .wolfssl_known_macro_extras | 1 + wolfcrypt/src/ecc.c | 4 ++-- wolfcrypt/src/port/nxp/README_SE050.md | 6 ++++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index ea4c8eaaa93..4911345e189 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -886,6 +886,7 @@ WOLFSSL_SE050_HASH WOLFSSL_SE050_INIT WOLFSSL_SE050_NO_RSA WOLFSSL_SE050_NO_TRNG +WOLFSSL_SE050_NOECDHE WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT WOLFSSL_SERVER_EXAMPLE WOLFSSL_SETTINGS_FILE diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index d30151e9b00..1c3bd8d5691 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4729,7 +4729,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, err = silabs_ecc_shared_secret(private_key, public_key, out, outlen); #elif defined(WOLFSSL_KCAPI_ECC) err = KcapiEcc_SharedSecret(private_key, public_key, out, outlen); -#elif defined(WOLFSSL_SE050) +#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NOECDHE) err = se050_ecc_shared_secret(private_key, public_key, out, outlen); #else err = wc_ecc_shared_secret_ex(private_key, &public_key->pubkey, out, outlen); @@ -5725,7 +5725,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, else { err = NOT_COMPILED_IN; } -#elif defined(WOLFSSL_SE050) +#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NOECDHE) err = se050_ecc_create_key(key, key->dp->id, key->dp->size); key->type = ECC_PRIVATEKEY; #elif defined(WOLFSSL_CRYPTOCELL) diff --git a/wolfcrypt/src/port/nxp/README_SE050.md b/wolfcrypt/src/port/nxp/README_SE050.md index ee94f5a499c..7376164a102 100644 --- a/wolfcrypt/src/port/nxp/README_SE050.md +++ b/wolfcrypt/src/port/nxp/README_SE050.md @@ -246,6 +246,12 @@ defined, wolfCrypt will instead fall back to using `/dev/random` and Disables using the SE050 for RSA, useful for the SE050E which does not have RSA support. +**`WOLFSSL_SE050_NOECDHE`** + +Disables offloading ECDH key generation and shared secret operations to the +SE050. When defined, `wc_ecc_make_key()` and `wc_ecc_shared_secret()` will +use wolfCrypt software instead of the SE050. + ## wolfSSL HostCrypto Support The NXP SE05x Plug & Trust Middleware by default can use either OpenSSL or