Skip to content

se050: add support for WOLFSSL_SE050_NOECDHE #9853

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
rizlik wants to merge 1 commit into
base: master
Choose a base branch
from
+9 −2
Draft

se050: add support for WOLFSSL_SE050_NOECDHE #9853

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .wolfssl_known_macro_extras
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -886,6 +886,7 @@ WOLFSSL_SE050_HASH
WOLFSSL_SE050_INIT
WOLFSSL_SE050_NO_RSA
WOLFSSL_SE050_NO_TRNG
Copy link

Copilot AI Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WOLFSSL_SE050_NOECDHE is harder to parse than the surrounding SE050 macros (e.g., WOLFSSL_SE050_NO_RSA, WOLFSSL_SE050_NO_TRNG) which use word separators. Consider renaming to WOLFSSL_SE050_NO_ECDHE for consistency/readability, or providing a compatibility alias so both spellings work.

Suggested change
WOLFSSL_SE050_NO_TRNG
WOLFSSL_SE050_NO_TRNG
WOLFSSL_SE050_NO_ECDHE

Copilot uses AI. Check for mistakes.
WOLFSSL_SE050_NOECDHE
WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
WOLFSSL_SERVER_EXAMPLE
WOLFSSL_SETTINGS_FILE
Expand Down
4 changes: 2 additions & 2 deletions wolfcrypt/src/ecc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4729,7 +4729,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
err = silabs_ecc_shared_secret(private_key, public_key, out, outlen);
#elif defined(WOLFSSL_KCAPI_ECC)
err = KcapiEcc_SharedSecret(private_key, public_key, out, outlen);
#elif defined(WOLFSSL_SE050)
#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NOECDHE)
err = se050_ecc_shared_secret(private_key, public_key, out, outlen);
#else
err = wc_ecc_shared_secret_ex(private_key, &public_key->pubkey, out, outlen);
Expand Down Expand Up @@ -5725,7 +5725,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
else {
err = NOT_COMPILED_IN;
}
#elif defined(WOLFSSL_SE050)
#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NOECDHE)
err = se050_ecc_create_key(key, key->dp->id, key->dp->size);
key->type = ECC_PRIVATEKEY;
#elif defined(WOLFSSL_CRYPTOCELL)
Expand Down
6 changes: 6 additions & 0 deletions wolfcrypt/src/port/nxp/README_SE050.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,12 @@ defined, wolfCrypt will instead fall back to using `/dev/random` and
Disables using the SE050 for RSA, useful for the SE050E which does not have
RSA support.

**`WOLFSSL_SE050_NOECDHE`**

Disables offloading ECDH key generation and shared secret operations to the
SE050. When defined, `wc_ecc_make_key()` and `wc_ecc_shared_secret()` will
use wolfCrypt software instead of the SE050.
Comment on lines +251 to +253
Copy link

Copilot AI Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This wording is inconsistent with the implementation: the WOLFSSL_SE050_NOECDHE guard disables the SE050 path for wc_ecc_make_key() in general (ECC key creation), not specifically “ECDH key generation”. Please adjust the text to say “ECC/EC key generation” (or “EC key pair generation”) plus shared secret, so the README matches the behavior.

Suggested change
Disables offloading ECDH key generation and shared secret operations to the
SE050. When defined, `wc_ecc_make_key()` and `wc_ecc_shared_secret()` will
use wolfCrypt software instead of the SE050.
Disables offloading ECC/EC key pair generation and ECDH shared secret
operations to the SE050. When defined, `wc_ecc_make_key()` and
`wc_ecc_shared_secret()` will use wolfCrypt software instead of the SE050.

Copilot uses AI. Check for mistakes.

## wolfSSL HostCrypto Support

The NXP SE05x Plug & Trust Middleware by default can use either OpenSSL or
Expand Down