wolfSSL has supported the NXP SE050 since wolfSSL 5.0.0 (November 1, 2021), giving wolfSSL and wolfCrypt users the ability to use cryptography and secure key generation/storage inside the SE050 while using wolfSSL’s own APIs from the application level. We recently made some substantial additions and enhancements to wolfSSL’s SE050 support, including the following. These are currently in our master branch on GitHub, and will be included in the next stable release of wolfSSL.
- SE050 RSA support (sign/verify/encrypt/decrypt, PKCS#1v1.5/PSS/OAEP padding, up to 4096-bit)
- Allowing use of larger key IDs, fully utilizing SE050’s key ID range
- Ability to get or set SE050 key IDs to/from wolfCrypt
RsaKey
orecc_key
structures - New APIs to store and get binary objects from SE050
- New API to erase SE050 objects at a specified key ID
- New API to get the object size at a specified key ID
- New define
WOLFSSL_SE050_NO_TRNG
to fall back to usage of/dev/random
and/dev/urandom
instead of SE050 TRNG - Additional documentation (README_SE050.md)
- Install
se050_port.h
withmake install
for public API use on Linux hosts - Fix default library and include paths with “
--with-se050
” configure option - Fix for ECC P-521 where curve size can be larger than SHA-512 digest size
- Fixes to SE050 message digest support
- Fixes for wolfCrypt test compatibility with SE050 enabled
wolfSSL SE050 Examples
To help users get going easier and more quickly, we have published example applications designed to be integrated into the SE05x Middleware on Linux (tested on Raspbian with a Raspberry Pi). This examples are located in our wolfssl-examples repository on GitHub, along with documentation on how to integrate and build. Examples include:
- wolfCrypt test application
- wolfCrypt benchmark application
- wolfCrypt SE050 key and certificate insertion and use
- wolfCrypt CSR generation
wolfSSL HostCrypto support for SCP03 Authentication
wolfSSL can be used on the host side (HostCrypto) for secure SCP03 (Secure Channel Protocol ’03’) authentication, in place of either OpenSSL or mbedTLS. To make this possible, wolfSSL has written a HostCrypto layer that can be applied as a patch to the NXP SE05x Middleware. Using wolfSSL HostCrypto will use wolfSSL’s software cryptography on the host side to establish the SCP03 channel. After secure channel establishment, wolfSSL can then be used while offloading crypto and key operations to the SE050.
A patch for the SE05x Middleware for adding wolfSSL HostCrypto support can be found in our osp repository (Open Source Ports) on GitHub, along with documentation on how to patch and build on a Raspberry Pi / Raspbian environment.
Support and More Details
For more details on wolfSSL’s SE050 support, or if you have questions on any of the above, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247.