forked from wolfSSL/wolfssl
Merge pull request #5121 from miyazakh/sce_example_update2
This commit is contained in:
Chris Conlon
GitHub
@ -1,6 +1,6 @@
|
|||||||
/* wolfssl_demo.h
|
/* wolfssl_demo.h
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||||
*
|
*
|
||||||
* This file is part of wolfSSL.
|
* This file is part of wolfSSL.
|
||||||
*
|
*
|
||||||
@ -35,34 +35,47 @@
|
|||||||
#define DIRECT_KEY_ADDRESS_256 FLASH_HP_DF_BLOCK_1
|
#define DIRECT_KEY_ADDRESS_256 FLASH_HP_DF_BLOCK_1
|
||||||
#define DIRECT_KEY_ADDRESS_128 FLASH_HP_DF_BLOCK_2
|
#define DIRECT_KEY_ADDRESS_128 FLASH_HP_DF_BLOCK_2
|
||||||
|
|
||||||
|
/* Client connects to the server with these details. */
|
||||||
|
#define SERVER_IP "192.168.11.49"
|
||||||
|
#define DEFAULT_PORT 11111
|
||||||
|
|
||||||
/* Enable wolfcrypt test */
|
/* Enable wolfcrypt test */
|
||||||
/* can be enabled with benchmark test */
|
/* can be enabled with benchmark test */
|
||||||
/*#define CRYPT_TEST*/
|
/* #define CRYPT_TEST */
|
||||||
|
|
||||||
/* Enable benchmark */
|
/* Enable benchmark */
|
||||||
/* can be enabled with cyrpt test */
|
/* can be enabled with cyrpt test */
|
||||||
/*#define BENCHMARK*/
|
/* #define BENCHMARK */
|
||||||
|
|
||||||
/* Enable TLS client */
|
/* Enable TLS client */
|
||||||
/* cannot enable with CRYPT_TEST or BENCHMARK */
|
/* cannot enable with CRYPT_TEST or BENCHMARK */
|
||||||
#define TLS_CLIENT
|
#define TLS_CLIENT
|
||||||
/* Specify cipher suites that are supported by SCE
|
|
||||||
* ClientHello specifies the cipher suite to communicate peer Server
|
|
||||||
* so that TLS handshake uses SCE protect mode
|
|
||||||
*/
|
|
||||||
#define TEST_CIPHER_SPECIFIED
|
|
||||||
|
|
||||||
/* Use RSA certificates */
|
/* Use RSA certificates */
|
||||||
#define USE_CERT_BUFFERS_2048
|
#define USE_CERT_BUFFERS_2048
|
||||||
/* Use ECC certificates */
|
/* Use ECC certificates */
|
||||||
/*#define USE_CERT_BUFFERS_256*/
|
/*#define USE_CERT_BUFFERS_256 */
|
||||||
|
|
||||||
#if defined(USE_CERT_BUFFERS_2048) && defined(USE_CERT_BUFFERS_256)
|
#if defined(USE_CERT_BUFFERS_2048) && defined(USE_CERT_BUFFERS_256)
|
||||||
#error please set either macro USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_256
|
#error please set either macro USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_256
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
typedef struct tagTestInfo
|
||||||
|
{
|
||||||
|
int id;
|
||||||
|
int port;
|
||||||
|
char name[32];
|
||||||
|
const char* cipher;
|
||||||
|
WOLFSSL_CTX* ctx;
|
||||||
|
wolfSSL_Logging_cb log_f;
|
||||||
|
} TestInfo;
|
||||||
|
|
||||||
|
void sce_test();
|
||||||
|
void TCPInit();
|
||||||
void wolfSSL_TLS_client_init();
|
void wolfSSL_TLS_client_init();
|
||||||
void wolfSSL_TLS_client();
|
void wolfSSL_TLS_client_do(void *pvParam);
|
||||||
|
void wolfSSL_TLS_cleanup();
|
||||||
|
extern WOLFSSL_CTX *client_ctx;
|
||||||
|
|
||||||
static void util_Cleanup(xSocket_t xSock, WOLFSSL_CTX *ctx, WOLFSSL *ssl) {
|
static void util_Cleanup(xSocket_t xSock, WOLFSSL_CTX *ctx, WOLFSSL *ssl) {
|
||||||
printf("Cleaning up socket and wolfSSL objects.\n");
|
printf("Cleaning up socket and wolfSSL objects.\n");
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
/* myprintf.c
|
/* myprintf.c
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||||
*
|
*
|
||||||
* This file is part of wolfSSL.
|
* This file is part of wolfSSL.
|
||||||
*
|
*
|
||||||
@ -22,6 +22,8 @@
|
|||||||
|
|
||||||
#define SEGGER_INDEX (0)
|
#define SEGGER_INDEX (0)
|
||||||
|
|
||||||
|
int myprintf(const char * sFormat, ...);
|
||||||
|
|
||||||
int myprintf(const char * sFormat, ...)
|
int myprintf(const char * sFormat, ...)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
/* test_main.c
|
/* test_main.c
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||||
*
|
*
|
||||||
* This file is part of wolfSSL.
|
* This file is part of wolfSSL.
|
||||||
*
|
*
|
||||||
@ -19,15 +19,16 @@
|
|||||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
#include "stdio.h"
|
#include "stdio.h"
|
||||||
#include "stdint.h"
|
#include "stdint.h"
|
||||||
|
#include "wolfssl_demo.h"
|
||||||
#include <wolfssl/wolfcrypt/settings.h>
|
#include <wolfssl/wolfcrypt/settings.h>
|
||||||
#include <wolfssl/wolfcrypt/types.h>
|
#include <wolfssl/wolfcrypt/types.h>
|
||||||
|
|
||||||
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||||
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
|
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
|
||||||
User_SCEPKCbInfo guser_PKCbInfo;
|
|
||||||
|
User_SCEPKCbInfo guser_PKCbInfo;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <wolfssl_demo.h>
|
#include <wolfssl_demo.h>
|
||||||
@ -40,6 +41,8 @@ void abort(void);
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
void R_BSP_WarmStart(bsp_warm_start_event_t event);
|
||||||
|
|
||||||
/* the function is called just before main() to set up pins */
|
/* the function is called just before main() to set up pins */
|
||||||
/* this needs to be called to setup IO Port */
|
/* this needs to be called to setup IO Port */
|
||||||
void R_BSP_WarmStart (bsp_warm_start_event_t event)
|
void R_BSP_WarmStart (bsp_warm_start_event_t event)
|
||||||
@ -106,7 +109,7 @@ typedef struct func_args {
|
|||||||
void wolfcrypt_test(func_args args);
|
void wolfcrypt_test(func_args args);
|
||||||
int benchmark_test(void *args);
|
int benchmark_test(void *args);
|
||||||
|
|
||||||
|
/* Entry function of SCE test */
|
||||||
void sce_test(void)
|
void sce_test(void)
|
||||||
{
|
{
|
||||||
|
|
||||||
@ -154,51 +157,65 @@ void sce_test(void)
|
|||||||
#include "r_sce.h"
|
#include "r_sce.h"
|
||||||
|
|
||||||
#if defined(USE_CERT_BUFFERS_256)
|
#if defined(USE_CERT_BUFFERS_256)
|
||||||
#if defined(TEST_CIPHER_SPECIFIED)
|
const char* cipherlist[] = {
|
||||||
const char* cipherlist[] = {
|
NULL, /* not specify cipher suite */
|
||||||
"ECDHE-ECDSA-AES128-SHA256",
|
#if defined(WOLFSSL_TLS13)
|
||||||
"ECDHE-ECDSA-AES128-GCM-SHA256"
|
NULL, NULL, NULL,
|
||||||
};
|
#else
|
||||||
const int cipherlist_sz = 2;
|
"ECDHE-ECDSA-AES128-GCM-SHA256",
|
||||||
#else
|
"ECDHE-ECDSA-AES256-SHA", /* SW only */
|
||||||
const char* cipherlist[] = {
|
"ECDHE-ECDSA-AES128-SHA256",
|
||||||
NULL
|
#endif
|
||||||
};
|
};
|
||||||
const int cipherlist_sz = 1;
|
const int cipherlist_sz = 4;
|
||||||
#endif /* TEST_CIPHER_SPECIFIED */
|
TestInfo info[cipherlist_sz];
|
||||||
|
|
||||||
#else
|
#else
|
||||||
#if defined(TEST_CIPHER_SPECIFIED)
|
const char* cipherlist[] = {
|
||||||
const char* cipherlist[] = {
|
NULL, /* not specify cipher suite */
|
||||||
"AES128-SHA256",
|
#if defined(WOLFSSL_TLS13)
|
||||||
"AES256-SHA256",
|
NULL, NULL, NULL, NULL, NULL,
|
||||||
"ECDHE-RSA-AES128-SHA256",
|
#else
|
||||||
"ECDHE-RSA-AES128-GCM-SHA256"
|
"ECDHE-RSA-AES128-GCM-SHA256",
|
||||||
};
|
"ECDHE-RSA-AES256-SHA", /* SW only */
|
||||||
const int cipherlist_sz = 4;
|
"ECDHE-RSA-AES128-SHA256",
|
||||||
#else
|
"AES128-SHA256",
|
||||||
const char* cipherlist[] = {
|
"AES256-SHA256",
|
||||||
NULL
|
#endif
|
||||||
};
|
};
|
||||||
const int cipherlist_sz = 1;
|
const int cipherlist_sz = 6;
|
||||||
#endif /* TEST_CIPHER_SPECIFIED */
|
TestInfo info[cipherlist_sz];
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int i = 0;
|
int i = 0;
|
||||||
|
|
||||||
|
printf("\n Start Client Example, ");
|
||||||
|
printf("\n Connecting to %s\n\n", SERVER_IP);
|
||||||
|
|
||||||
SetScetlsKey();
|
SetScetlsKey();
|
||||||
|
|
||||||
TCPInit();
|
TCPInit();
|
||||||
|
|
||||||
do {
|
wolfSSL_TLS_client_init();
|
||||||
if(cipherlist_sz > 0 && cipherlist[i] != NULL )
|
|
||||||
printf("cipher : %s\n", cipherlist[i]);
|
do {
|
||||||
|
|
||||||
|
info[i].port = DEFAULT_PORT;
|
||||||
|
info[i].cipher = cipherlist[i];
|
||||||
|
info[i].ctx = client_ctx;
|
||||||
|
info[i].id = i;
|
||||||
|
|
||||||
|
memset(info[i].name, 0, sizeof(info[i].name));
|
||||||
|
sprintf(info[i].name, "wolfSSL_TLS_client_do(%02d)", i);
|
||||||
|
|
||||||
|
wolfSSL_TLS_client_do(&info[i]);
|
||||||
|
|
||||||
wolfSSL_TLS_client_init(cipherlist[i]);
|
|
||||||
wolfSSL_TLS_client();
|
|
||||||
|
|
||||||
i++;
|
i++;
|
||||||
} while (i < cipherlist_sz);
|
} while (i < cipherlist_sz);
|
||||||
|
|
||||||
|
printf("\n End of Client Example");
|
||||||
|
|
||||||
|
wolfSSL_TLS_cleanup();
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
/* wolf_client.c
|
/* wolf_client.c
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||||
*
|
*
|
||||||
* This file is part of wolfSSL.
|
* This file is part of wolfSSL.
|
||||||
*
|
*
|
||||||
@ -29,22 +29,36 @@
|
|||||||
#include "wolfssl/certs_test.h"
|
#include "wolfssl/certs_test.h"
|
||||||
|
|
||||||
uint32_t g_encrypted_root_public_key[140];
|
uint32_t g_encrypted_root_public_key[140];
|
||||||
static WOLFSSL_CTX *client_ctx;
|
WOLFSSL_CTX *client_ctx = NULL;
|
||||||
|
|
||||||
extern uint8_t g_ether0_mac_address[6];
|
extern uint8_t g_ether0_mac_address[6];
|
||||||
typedef struct user_EccPKCbInfo;
|
|
||||||
extern struct user_PKCbInfo guser_PKCbInfo;
|
|
||||||
static const byte ucIPAddress[4] = { 192, 168, 11, 241 };
|
static const byte ucIPAddress[4] = { 192, 168, 11, 241 };
|
||||||
static const byte ucNetMask[4] = { 255, 255, 255, 0 };
|
static const byte ucNetMask[4] = { 255, 255, 255, 0 };
|
||||||
static const byte ucGatewayAddress[4] = { 192, 168, 11, 1 };
|
static const byte ucGatewayAddress[4] = { 192, 168, 11, 1 };
|
||||||
static const byte ucDNSServerAddress[4] = { 192, 168, 11, 1 };
|
static const byte ucDNSServerAddress[4] = { 192, 168, 11, 1 };
|
||||||
|
|
||||||
/* Client connects to the server with these details. */
|
|
||||||
#define SERVER_IP "192.168.11.40"
|
|
||||||
#define DEFAULT_PORT 11111
|
|
||||||
|
|
||||||
#define FR_SOCKET_SUCCESS 0
|
#define FR_SOCKET_SUCCESS 0
|
||||||
|
|
||||||
|
extern struct User_PKCbInfo guser_PKCbInfo;
|
||||||
|
|
||||||
|
int SEGGER_RTT_vprintf(unsigned BufferIndex, const char * sFormat, va_list * pParamList);
|
||||||
|
|
||||||
|
static int msg(const char* pname, int l,
|
||||||
|
const char * sFormat, ...)
|
||||||
|
{
|
||||||
|
int r = 0;
|
||||||
|
va_list ParamList;
|
||||||
|
|
||||||
|
va_start(ParamList, sFormat);
|
||||||
|
|
||||||
|
printf("[%s][%02d] ", pname, l);
|
||||||
|
r = SEGGER_RTT_vprintf(0, sFormat, &ParamList);
|
||||||
|
|
||||||
|
va_end(ParamList);
|
||||||
|
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
void TCPInit( )
|
void TCPInit( )
|
||||||
{
|
{
|
||||||
BaseType_t fr_status;
|
BaseType_t fr_status;
|
||||||
@ -60,7 +74,7 @@ void TCPInit( )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void wolfSSL_TLS_client_init(const char* cipherlist)
|
void wolfSSL_TLS_client_init()
|
||||||
{
|
{
|
||||||
|
|
||||||
#ifndef NO_FILESYSTEM
|
#ifndef NO_FILESYSTEM
|
||||||
@ -80,9 +94,6 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
wolfSSL_Init();
|
wolfSSL_Init();
|
||||||
#ifdef DEBUG_WOLFSSL
|
|
||||||
wolfSSL_Debugging_ON();
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Create and initialize WOLFSSL_CTX */
|
/* Create and initialize WOLFSSL_CTX */
|
||||||
if ((client_ctx = wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
|
if ((client_ctx = wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
|
||||||
@ -90,8 +101,8 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||||
/* set callback functions for ECC */
|
/* set callback functions for ECC */
|
||||||
wc_sce_set_callbacks(client_ctx);
|
wc_sce_set_callbacks(client_ctx);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(NO_FILESYSTEM)
|
#if !defined(NO_FILESYSTEM)
|
||||||
@ -105,85 +116,122 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* use specific cipher */
|
|
||||||
if (cipherlist != NULL && wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != WOLFSSL_SUCCESS) {
|
|
||||||
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
|
|
||||||
printf("client can't set cipher list 1");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void wolfSSL_TLS_client( )
|
void wolfSSL_TLS_client_do(void *pvParam)
|
||||||
{
|
{
|
||||||
|
|
||||||
int ret;
|
int ret;
|
||||||
|
int i = 0;
|
||||||
|
|
||||||
|
TestInfo* p = (TestInfo*)pvParam;
|
||||||
/* FreeRTOS+TCP Objects */
|
/* FreeRTOS+TCP Objects */
|
||||||
socklen_t xSize = sizeof(struct freertos_sockaddr);
|
socklen_t xSize = sizeof(struct freertos_sockaddr);
|
||||||
xSocket_t xClientSocket = NULL;
|
xSocket_t xClientSocket = NULL;
|
||||||
struct freertos_sockaddr xRemoteAddress;
|
struct freertos_sockaddr xRemoteAddress;
|
||||||
|
|
||||||
WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)client_ctx;
|
WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx;
|
||||||
WOLFSSL *ssl;
|
WOLFSSL *ssl = NULL;
|
||||||
|
const char* pcName = p->name;
|
||||||
|
|
||||||
#define BUFF_SIZE 256
|
#define BUFF_SIZE 256
|
||||||
static const char sendBuff[]= "Hello Server\n" ;
|
static const char sendBuff[]= "Hello Server\n" ;
|
||||||
|
|
||||||
char rcvBuff[BUFF_SIZE] = {0};
|
char rcvBuff[BUFF_SIZE] = {0};
|
||||||
|
|
||||||
|
i = p->id;
|
||||||
/* Client Socket Setup */
|
/* Client Socket Setup */
|
||||||
xRemoteAddress.sin_port = FreeRTOS_htons(DEFAULT_PORT);
|
xRemoteAddress.sin_port = FreeRTOS_htons(p->port);
|
||||||
xRemoteAddress.sin_addr = FreeRTOS_inet_addr(SERVER_IP);
|
xRemoteAddress.sin_addr = FreeRTOS_inet_addr(SERVER_IP);
|
||||||
|
|
||||||
/* Create a FreeRTOS TCP Socket and connect */
|
/* Create a FreeRTOS TCP Socket and connect */
|
||||||
xClientSocket = FreeRTOS_socket(FREERTOS_AF_INET,
|
xClientSocket = FreeRTOS_socket(FREERTOS_AF_INET,
|
||||||
FREERTOS_SOCK_STREAM,
|
FREERTOS_SOCK_STREAM,
|
||||||
FREERTOS_IPPROTO_TCP);
|
FREERTOS_IPPROTO_TCP);
|
||||||
configASSERT(xClientSocket != FREERTOS_INVALID_SOCKET);
|
|
||||||
FreeRTOS_bind(xClientSocket, &xRemoteAddress, sizeof(xSize));
|
|
||||||
|
|
||||||
/* Client Socket Connect */
|
configASSERT(xClientSocket != FREERTOS_INVALID_SOCKET);
|
||||||
ret = FreeRTOS_connect(xClientSocket,
|
|
||||||
&xRemoteAddress,
|
|
||||||
sizeof(xRemoteAddress));
|
|
||||||
if (ret != FR_SOCKET_SUCCESS) {
|
|
||||||
printf("Error [%d]: FreeRTOS_connect.\n",ret);
|
|
||||||
util_inf_loop(xClientSocket, ctx, ssl);
|
|
||||||
}
|
|
||||||
|
|
||||||
if((ssl = wolfSSL_new(ctx)) == NULL) {
|
|
||||||
printf("ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
|
||||||
/* set callback ctx */
|
|
||||||
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
|
|
||||||
#endif
|
|
||||||
/* Attach wolfSSL to the socket */
|
|
||||||
ret = wolfSSL_set_fd(ssl, (int) xClientSocket);
|
|
||||||
if (ret != WOLFSSL_SUCCESS) {
|
|
||||||
printf("Error [%d]: wolfSSL_set_fd.\n",ret);
|
|
||||||
util_inf_loop(xClientSocket, ctx, ssl);
|
|
||||||
}
|
|
||||||
|
|
||||||
if(wolfSSL_connect(ssl) != SSL_SUCCESS) {
|
FreeRTOS_bind(xClientSocket, NULL, sizeof(xSize));
|
||||||
printf("ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0));
|
|
||||||
return;
|
/* Client Socket Connect */
|
||||||
|
ret = FreeRTOS_connect(xClientSocket,
|
||||||
|
&xRemoteAddress,
|
||||||
|
sizeof(xRemoteAddress));
|
||||||
|
if (ret != FR_SOCKET_SUCCESS) {
|
||||||
|
msg(pcName, i, " Error [%d]: FreeRTOS_connect.\n", ret);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
msg(pcName, i, " Start to connect to the server.\n");
|
||||||
|
|
||||||
|
if((ssl = wolfSSL_new(ctx)) == NULL) {
|
||||||
|
msg(pcName, i, " ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||||
|
/* set callback ctx */
|
||||||
|
memset(&guser_PKCbInfo, 0, sizeof(User_SCEPKCbInfo));
|
||||||
|
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Attach wolfSSL to the socket */
|
||||||
|
ret = wolfSSL_set_fd(ssl, (int) xClientSocket);
|
||||||
|
if (ret != WOLFSSL_SUCCESS) {
|
||||||
|
msg(pcName, i, " Error [%d]: wolfSSL_set_fd.\n",ret);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(p->cipher)
|
||||||
|
msg(pcName, i, " Cipher : %s\n", p->cipher);
|
||||||
|
/* use specific cipher */
|
||||||
|
if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher) != WOLFSSL_SUCCESS) {
|
||||||
|
msg(pcName, i, " client can't set cipher list 1");
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
#ifdef DEBUG_WOLFSSL
|
||||||
|
wolfSSL_Debugging_ON();
|
||||||
|
if (p->log_f != NULL)
|
||||||
|
wolfSSL_SetLoggingCb(p->log_f);
|
||||||
|
#endif
|
||||||
|
if(wolfSSL_connect(ssl) != SSL_SUCCESS) {
|
||||||
|
msg(pcName, i, " ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0));
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
#ifdef DEBUG_WOLFSSL
|
||||||
|
wolfSSL_Debugging_OFF();
|
||||||
|
#endif
|
||||||
|
if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff)) != (int)strlen(sendBuff)) {
|
||||||
|
msg(pcName, i, " ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE)) < 0) {
|
||||||
|
msg(pcName, i, " ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0));
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
rcvBuff[ret] = '\0' ;
|
||||||
|
msg(pcName, i, " Received: %s\n\n", rcvBuff);
|
||||||
|
|
||||||
|
out:
|
||||||
|
if (ssl) {
|
||||||
|
wolfSSL_shutdown(ssl);
|
||||||
|
wolfSSL_free(ssl);
|
||||||
|
ssl = NULL;
|
||||||
|
/* need to reset callback */
|
||||||
|
wc_sce_set_callbacks(client_ctx);
|
||||||
}
|
}
|
||||||
|
/* clean up socket */
|
||||||
if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
|
if (xClientSocket) {
|
||||||
printf("ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
|
FreeRTOS_shutdown(xClientSocket, FREERTOS_SHUT_RDWR);
|
||||||
return;
|
FreeRTOS_closesocket(xClientSocket);
|
||||||
}
|
xClientSocket = NULL;
|
||||||
|
}
|
||||||
if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE)) < 0) {
|
}
|
||||||
printf("ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0));
|
|
||||||
return;
|
void wolfSSL_TLS_cleanup()
|
||||||
}
|
{
|
||||||
|
if (client_ctx) {
|
||||||
rcvBuff[ret] = '\0' ;
|
wolfSSL_CTX_free(client_ctx);
|
||||||
printf("Received: %s\n\n", rcvBuff);
|
}
|
||||||
|
wolfSSL_Cleanup();
|
||||||
/* frees all data before client termination */
|
|
||||||
wolfSSL_free(ssl);
|
|
||||||
wolfSSL_CTX_free(ctx);
|
|
||||||
wolfSSL_Cleanup();
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -357,6 +357,8 @@ static void wolfssl_log(const int logLevel, const char *const logMessage)
|
|||||||
xil_printf("%s\r\n", logMessage);
|
xil_printf("%s\r\n", logMessage);
|
||||||
#elif defined(WOLFSSL_LINUXKM)
|
#elif defined(WOLFSSL_LINUXKM)
|
||||||
printk("%s\n", logMessage);
|
printk("%s\n", logMessage);
|
||||||
|
#elif defined(WOLFSSL_RENESAS_RA6M4)
|
||||||
|
myprintf("%s\n", logMessage);
|
||||||
#else
|
#else
|
||||||
fprintf(stderr, "%s\n", logMessage);
|
fprintf(stderr, "%s\n", logMessage);
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
/* renesas_common.c
|
/* renesas_common.c
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||||
*
|
*
|
||||||
* This file is part of wolfSSL.
|
* This file is part of wolfSSL.
|
||||||
*
|
*
|
||||||
@ -380,8 +380,9 @@ static byte sce_tsip_rootCAverified(void)
|
|||||||
* keySz Length of key in bytes
|
* keySz Length of key in bytes
|
||||||
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
|
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
|
||||||
*/
|
*/
|
||||||
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
|
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, unsigned char* sig,
|
||||||
byte** out, const byte* key, word32 keySz, void* ctx)
|
unsigned int sigSz, unsigned char** out,
|
||||||
|
const unsigned char* key, unsigned int keySz, void* ctx)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
@ -404,7 +405,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
|
|||||||
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
|
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||||
ret = wc_SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx);
|
ret = wc_SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx);
|
||||||
|
|
||||||
if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) {
|
if (ret == 0) {
|
||||||
/* Set Callback for SharedSecret when successful */
|
/* Set Callback for SharedSecret when successful */
|
||||||
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
|
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
|
||||||
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
|
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
|
||||||
@ -431,9 +432,9 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
|
|||||||
* result a pointer to int indicates if the verify is ok
|
* result a pointer to int indicates if the verify is ok
|
||||||
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
|
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
|
||||||
*/
|
*/
|
||||||
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
|
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
|
||||||
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
|
unsigned int sigSz, const unsigned char* hash, unsigned int hashSz,
|
||||||
const uint8_t* key, uint32_t keySz, int* result, void* ctx)
|
const unsigned char* key, unsigned int keySz, int* result, void* ctx)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
@ -455,7 +456,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
|
|||||||
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
|
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||||
ret = wc_SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz,
|
ret = wc_SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz,
|
||||||
result, ctx);
|
result, ctx);
|
||||||
if (ret == 0 && *result == 1 && ret != CRYPTOCB_UNAVAILABLE) {
|
if (ret == 0 && *result == 1) {
|
||||||
/* Set callback for SharedSecret when being successful */
|
/* Set callback for SharedSecret when being successful */
|
||||||
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
|
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
|
||||||
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
|
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
|
||||||
@ -526,17 +527,17 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
|
|||||||
|
|
||||||
WOLFSSL_ENTER("Renesas_cmn_TlsFinished");
|
WOLFSSL_ENTER("Renesas_cmn_TlsFinished");
|
||||||
|
|
||||||
/* sanity check */
|
|
||||||
if (ssl == NULL || ctx == NULL || side == NULL || handshake_hash == NULL ||
|
|
||||||
hashes == NULL) {
|
|
||||||
return BAD_FUNC_ARG;
|
|
||||||
}
|
|
||||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
|
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
|
||||||
ret = wc_tsip_generateVerifyData(ssl->arrays->tsip_masterSecret,
|
ret = wc_tsip_generateVerifyData(ssl->arrays->tsip_masterSecret,
|
||||||
side, handshake_hash, hashes);
|
side, handshake_hash, hashes);
|
||||||
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
|
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||||
ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret,
|
if (Renesas_cmn_usable(ssl, 1)) {
|
||||||
side, handshake_hash, hashes);
|
ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret,
|
||||||
|
side, handshake_hash, hashes);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
ret = PROTOCOLCB_UNAVAILABLE;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
@ -598,14 +599,13 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
|
|||||||
|
|
||||||
WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
|
WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
|
||||||
|
|
||||||
/* sanity check */
|
|
||||||
if (ssl == NULL || ctx == NULL)
|
|
||||||
return BAD_FUNC_ARG;
|
|
||||||
|
|
||||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
|
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
|
||||||
ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, devId);
|
ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, devId);
|
||||||
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
|
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||||
ret = wc_sce_generateSessionKey(ssl, ctx, devId);
|
if (Renesas_cmn_usable(ssl, 0)) {
|
||||||
|
ret = wc_sce_generateSessionKey(ssl, ctx, devId);
|
||||||
|
} else
|
||||||
|
ret = PROTOCOLCB_UNAVAILABLE;
|
||||||
#endif
|
#endif
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
wolfSSL_CTX_SetEncryptKeysCb(ssl->ctx, Renesas_cmn_EncryptKeys);
|
wolfSSL_CTX_SetEncryptKeysCb(ssl->ctx, Renesas_cmn_EncryptKeys);
|
||||||
@ -737,8 +737,10 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx)
|
|||||||
wolfSSL_SetGenSessionKeyCtx(ssl, NULL);
|
wolfSSL_SetGenSessionKeyCtx(ssl, NULL);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else {
|
||||||
|
WOLFSSL_MSG("PROTOCOLCB_UNAVAILABLE\n");
|
||||||
ret = PROTOCOLCB_UNAVAILABLE;
|
ret = PROTOCOLCB_UNAVAILABLE;
|
||||||
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
/* renesas_sce_aes.c
|
/* renesas_sce_aes.c
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||||
*
|
*
|
||||||
* This file is part of wolfSSL.
|
* This file is part of wolfSSL.
|
||||||
*
|
*
|
||||||
@ -134,7 +134,8 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
|
|||||||
/* allocate buffers for plaintext, ciphertext and authTag to make sure
|
/* allocate buffers for plaintext, ciphertext and authTag to make sure
|
||||||
* those buffers 32bit aligned as SCE requests.
|
* those buffers 32bit aligned as SCE requests.
|
||||||
*/
|
*/
|
||||||
delta = sz % AES_BLOCK_SIZE;
|
delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 :
|
||||||
|
AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE);
|
||||||
plainBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
|
plainBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
|
||||||
cipherBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
|
cipherBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
|
||||||
aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
|
aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
|
||||||
@ -205,7 +206,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
|
|||||||
ret = updateFn(&_handle, plainBuf, cipherBuf, sz, NULL, 0UL);
|
ret = updateFn(&_handle, plainBuf, cipherBuf, sz, NULL, 0UL);
|
||||||
}
|
}
|
||||||
if (ret != FSP_SUCCESS) {
|
if (ret != FSP_SUCCESS) {
|
||||||
WOLFSSL_MSG("R_SCE_AesXXXGcmEncryptUpdate: failed");
|
WOLFSSL_MSG("R_SCE_AesXXXGcmEncryptUpdate2: failed");
|
||||||
ret = -1;
|
ret = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -217,18 +218,21 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
|
|||||||
*/
|
*/
|
||||||
dataLen = 0;
|
dataLen = 0;
|
||||||
ret = finalFn(&_handle,
|
ret = finalFn(&_handle,
|
||||||
cipherBuf + (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE,
|
cipherBuf + (sz + delta - AES_BLOCK_SIZE),
|
||||||
&dataLen,
|
&dataLen,
|
||||||
aTagBuf);
|
aTagBuf);
|
||||||
|
|
||||||
if (ret == FSP_SUCCESS) {
|
if (ret == FSP_SUCCESS) {
|
||||||
/* copy encrypted data to out */
|
/* copy encrypted data to out */
|
||||||
XMEMCPY(out, cipherBuf, dataLen);
|
if (sz != dataLen) {
|
||||||
|
WOLFSSL_MSG("sz is not equal to dataLen!!!!");
|
||||||
/* copy auth tag to caller's buffer */
|
ret = -1;
|
||||||
XMEMCPY((void*)authTag, (void*)aTagBuf,
|
} else {
|
||||||
|
XMEMCPY(out, cipherBuf, dataLen);
|
||||||
|
/* copy auth tag to caller's buffer */
|
||||||
|
XMEMCPY((void*)authTag, (void*)aTagBuf,
|
||||||
min(authTagSz, SCE_AES_GCM_AUTH_TAG_SIZE ));
|
min(authTagSz, SCE_AES_GCM_AUTH_TAG_SIZE ));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
WOLFSSL_MSG("R_SCE_AesxxxGcmEncryptFinal: failed");
|
WOLFSSL_MSG("R_SCE_AesxxxGcmEncryptFinal: failed");
|
||||||
@ -319,7 +323,8 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
|
|||||||
/* allocate buffers for plain-text, cipher-text, authTag and AAD.
|
/* allocate buffers for plain-text, cipher-text, authTag and AAD.
|
||||||
* TSIP requests those buffers 32bit aligned.
|
* TSIP requests those buffers 32bit aligned.
|
||||||
*/
|
*/
|
||||||
delta = sz % AES_BLOCK_SIZE;
|
delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 :
|
||||||
|
AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE);
|
||||||
cipherBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
|
cipherBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
|
||||||
plainBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
|
plainBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
|
||||||
aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
|
aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
|
||||||
@ -396,14 +401,20 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
|
|||||||
if (ret == FSP_SUCCESS) {
|
if (ret == FSP_SUCCESS) {
|
||||||
dataLen = 0;
|
dataLen = 0;
|
||||||
ret = finalFn(&_handle,
|
ret = finalFn(&_handle,
|
||||||
plainBuf + (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE,
|
plainBuf + (sz + delta - AES_BLOCK_SIZE),
|
||||||
&dataLen,
|
&dataLen,
|
||||||
aTagBuf,
|
aTagBuf,
|
||||||
min(16, authTagSz));
|
min(16, authTagSz));
|
||||||
|
|
||||||
if (ret == FSP_SUCCESS) {
|
if (ret == FSP_SUCCESS) {
|
||||||
/* copy plain data to out */
|
/* copy plain data to out */
|
||||||
XMEMCPY(out, plainBuf, dataLen);
|
if (sz != dataLen) {
|
||||||
|
WOLFSSL_MSG("sz is not equal to dataLen!!!!");
|
||||||
|
ret = -1;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
XMEMCPY(out, plainBuf, dataLen);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
WOLFSSL_MSG("R_SCE_AesXXXGcmDecryptFinal: failed");
|
WOLFSSL_MSG("R_SCE_AesXXXGcmDecryptFinal: failed");
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
/* renesas_sce_util.c
|
/* renesas_sce_util.c
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||||
*
|
*
|
||||||
* This file is part of wolfSSL.
|
* This file is part of wolfSSL.
|
||||||
*
|
*
|
||||||
@ -207,25 +207,33 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
|
|||||||
XMEMCPY(&peerkey[4], qx, qxLen);
|
XMEMCPY(&peerkey[4], qx, qxLen);
|
||||||
XMEMCPY(&peerkey[4+qxLen], qy, qyLen);
|
XMEMCPY(&peerkey[4+qxLen], qy, qyLen);
|
||||||
|
|
||||||
/* 0 : RSA 2048bit, 1 : Reserved, 2 : ECDSA P-256 */
|
if ((ret = wc_sce_hw_lock()) == 0) {
|
||||||
ret = R_SCE_TLS_ServerKeyExchangeVerify(
|
/* 0 : RSA 2048bit, 1 : Reserved, 2 : ECDSA P-256 */
|
||||||
type,
|
ret = R_SCE_TLS_ServerKeyExchangeVerify(
|
||||||
(uint8_t*) ssl->arrays->clientRandom,
|
type,
|
||||||
(uint8_t*) ssl->arrays->serverRandom,
|
(uint8_t*) ssl->arrays->clientRandom,
|
||||||
(uint8_t*) peerkey,
|
(uint8_t*) ssl->arrays->serverRandom,
|
||||||
(uint8_t*) sig,
|
(uint8_t*) peerkey,
|
||||||
(uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
|
(uint8_t*) sig,
|
||||||
(uint32_t*)cbInfo->encrypted_ephemeral_ecdh_public_key);
|
(uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
|
||||||
|
(uint32_t*)cbInfo->encrypted_ephemeral_ecdh_public_key);
|
||||||
|
|
||||||
if (ret != FSP_SUCCESS) {
|
if (ret != FSP_SUCCESS) {
|
||||||
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
|
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
|
||||||
cbInfo->pk_key_set = 0;
|
cbInfo->pk_key_set = 0;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
ret = WOLFSSL_SUCCESS;
|
||||||
|
cbInfo->pk_key_set = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
ret = WOLFSSL_SUCCESS;
|
WOLFSSL_MSG("Failed to lock sce hw ");
|
||||||
cbInfo->pk_key_set = 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* unlock hw */
|
||||||
|
wc_sce_hw_unlock();
|
||||||
|
|
||||||
XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@ -328,12 +336,13 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
|
|||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Callback for ECC shared secret */
|
/* Callback for ECC shared secret */
|
||||||
WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
||||||
uint8_t* pubKeyDer, unsigned int* pubKeySz,
|
uint8_t* pubKeyDer, unsigned int* pubKeySz,
|
||||||
uint8_t* out, unsigned int* outlen, int side, void* ctx)
|
uint8_t* out, unsigned int* outlen, int side, void* ctx)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret = WOLFSSL_SUCCESS;
|
||||||
(void) otherKey;
|
(void) otherKey;
|
||||||
(void) side;
|
(void) side;
|
||||||
|
|
||||||
@ -351,36 +360,44 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
|||||||
side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
|
side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
|
||||||
|
|
||||||
if (cbInfo->pk_key_set == 1) {
|
if (cbInfo->pk_key_set == 1) {
|
||||||
/* Generate ECC PUblic key pair */
|
if ((ret = wc_sce_hw_lock()) == 0) {
|
||||||
ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate(
|
/* Generate ECC PUblic key pair */
|
||||||
&cbInfo->ecc_p256_wrapped_key,
|
ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate(
|
||||||
(uint8_t*)&cbInfo->ecc_ecdh_public_key/* Qx 32 bytes and Qy 32 bytes*/ );
|
&cbInfo->ecc_p256_wrapped_key,
|
||||||
if (ret != FSP_SUCCESS) {
|
(uint8_t*)&cbInfo->ecc_ecdh_public_key/* Qx 32 bytes and Qy 32 bytes*/ );
|
||||||
WOLFSSL_PKMSG("Failed secp256r1_EphemeralWrappedKeyPairGenerate %d\n", ret);
|
if (ret != FSP_SUCCESS) {
|
||||||
return ret;
|
WOLFSSL_PKMSG("Failed secp256r1_EphemeralWrappedKeyPairGenerate %d\n", ret);
|
||||||
}
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
/* copy generated ecdh public key inot buffer */
|
/* copy generated ecdh public key inot buffer */
|
||||||
pubKeyDer[0] = ECC_POINT_UNCOMP;
|
pubKeyDer[0] = ECC_POINT_UNCOMP;
|
||||||
*pubKeySz = 1 + sizeof(cbInfo->ecc_ecdh_public_key);
|
*pubKeySz = 1 + sizeof(cbInfo->ecc_ecdh_public_key);
|
||||||
XMEMCPY(&pubKeyDer[1], &cbInfo->ecc_ecdh_public_key,
|
XMEMCPY(&pubKeyDer[1], &cbInfo->ecc_ecdh_public_key,
|
||||||
sizeof(cbInfo->ecc_ecdh_public_key));
|
sizeof(cbInfo->ecc_ecdh_public_key));
|
||||||
|
|
||||||
/* Generate Premaster Secret */
|
/* Generate Premaster Secret */
|
||||||
ret = R_SCE_TLS_PreMasterSecretGenerateForECC_secp256r1(
|
ret = R_SCE_TLS_PreMasterSecretGenerateForECC_secp256r1(
|
||||||
(uint32_t*)&cbInfo->encrypted_ephemeral_ecdh_public_key,
|
(uint32_t*)&cbInfo->encrypted_ephemeral_ecdh_public_key,
|
||||||
&cbInfo->ecc_p256_wrapped_key,
|
&cbInfo->ecc_p256_wrapped_key,
|
||||||
(uint32_t*)out/* pre-master secret 64 bytes */);
|
(uint32_t*)out/* pre-master secret 64 bytes */);
|
||||||
if (ret != FSP_SUCCESS) {
|
if (ret != FSP_SUCCESS) {
|
||||||
WOLFSSL_PKMSG("Failed PreMasterSecretGenerateForECC_secp256r1 %d\n", ret);
|
WOLFSSL_PKMSG("Failed PreMasterSecretGenerateForECC_secp256r1 %d\n", ret);
|
||||||
return ret;
|
return ret;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
/* set master secret generation callback for use */
|
||||||
|
wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret);
|
||||||
|
wolfSSL_SetGenMasterSecretCtx(ssl, cbInfo);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
/* set master secret generation callback for use */
|
WOLFSSL_MSG("Failed to lock sce hw ");
|
||||||
wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret);
|
|
||||||
wolfSSL_SetGenMasterSecretCtx(ssl, cbInfo);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* unlock hw */
|
||||||
|
wc_sce_hw_unlock();
|
||||||
|
|
||||||
*outlen = 64;
|
*outlen = 64;
|
||||||
WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
|
WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
|
||||||
}
|
}
|
||||||
@ -389,7 +406,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
/* Return tls cipher suite enumeration that is supported by SCE library */
|
/* Return tls cipher suite enumeration that is supported by SCE library */
|
||||||
static uint32_t GetSceCipherSuite(
|
static uint32_t GetSceCipherSuite(
|
||||||
uint8_t cipherSuiteFirst,
|
uint8_t cipherSuiteFirst,
|
||||||
uint8_t cipherSuite)
|
uint8_t cipherSuite)
|
||||||
{
|
{
|
||||||
@ -458,7 +475,7 @@ WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl,
|
|||||||
uint8_t session_key_generated)
|
uint8_t session_key_generated)
|
||||||
{
|
{
|
||||||
WOLFSSL_ENTER("sce_usable");
|
WOLFSSL_ENTER("sce_usable");
|
||||||
byte Scecipher;
|
uint32_t sceCipher;
|
||||||
byte side;
|
byte side;
|
||||||
const Ciphers *enc;
|
const Ciphers *enc;
|
||||||
const Ciphers *dec;
|
const Ciphers *dec;
|
||||||
@ -494,11 +511,12 @@ WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* retrieve cipher suite if SCE supports */
|
/* retrieve cipher suite if SCE supports */
|
||||||
Scecipher = GetSceCipherSuite(ssl->options.cipherSuite0,
|
sceCipher = GetSceCipherSuite(ssl->options.cipherSuite0,
|
||||||
ssl->options.cipherSuite);
|
ssl->options.cipherSuite);
|
||||||
side = ssl->options.side;
|
side = ssl->options.side;
|
||||||
|
|
||||||
if (Scecipher != WOLFSSL_SCE_ILLEGAL_CIPHERSUITE && side == WOLFSSL_CLIENT_END)
|
if (sceCipher != (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE
|
||||||
|
&& side == WOLFSSL_CLIENT_END)
|
||||||
return 1;
|
return 1;
|
||||||
else
|
else
|
||||||
return 0;
|
return 0;
|
||||||
@ -578,7 +596,7 @@ WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const struct WOLFSSL *ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
wolfSSL_SetTlsHmacInner((struct WOLFSSL*)ssl, myInner,
|
wolfSSL_SetTlsHmacInner((struct WOLFSSL*)ssl, myInner,
|
||||||
messageSz, content, 1);
|
(word32)messageSz, (int)content, 1);
|
||||||
|
|
||||||
ret = R_SCE_SHA256HMAC_VerifyInit(
|
ret = R_SCE_SHA256HMAC_VerifyInit(
|
||||||
&_handle,
|
&_handle,
|
||||||
@ -768,8 +786,9 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(struct WOLFSSL *ssl,
|
|||||||
/* unlock hw */
|
/* unlock hw */
|
||||||
wc_sce_hw_unlock();
|
wc_sce_hw_unlock();
|
||||||
}
|
}
|
||||||
else
|
else {
|
||||||
WOLFSSL_LEAVE("hw lock failed", ret);
|
WOLFSSL_LEAVE("hw lock failed", ret);
|
||||||
|
}
|
||||||
|
|
||||||
WOLFSSL_LEAVE("sce_generateSessionKey", ret);
|
WOLFSSL_LEAVE("sce_generateSessionKey", ret);
|
||||||
return ret;
|
return ret;
|
||||||
@ -1052,7 +1071,7 @@ WOLFSSL_LOCAL int wc_sce_storeKeyCtx(struct WOLFSSL* ssl, User_SCEPKCbInfo* info
|
|||||||
XMEMCPY(info->sce_clientRandom, ssl->arrays->clientRandom, 32);
|
XMEMCPY(info->sce_clientRandom, ssl->arrays->clientRandom, 32);
|
||||||
XMEMCPY(info->sce_serverRandom, ssl->arrays->serverRandom, 32);
|
XMEMCPY(info->sce_serverRandom, ssl->arrays->serverRandom, 32);
|
||||||
|
|
||||||
info->sce_cipher = GetSceCipherSuite(ssl->options.cipherSuite0,
|
info->sce_cipher = (uint8_t)GetSceCipherSuite(ssl->options.cipherSuite0,
|
||||||
ssl->options.cipherSuite);
|
ssl->options.cipherSuite);
|
||||||
}
|
}
|
||||||
WOLFSSL_LEAVE("sce_storeKeyCtx", ret);
|
WOLFSSL_LEAVE("sce_storeKeyCtx", ret);
|
||||||
@ -1105,6 +1124,7 @@ WOLFSSL_API void wc_sce_set_callbacks(WOLFSSL_CTX* ctx)
|
|||||||
wolfSSL_CTX_SetRsaEncCb(ctx, Renesas_cmn_RsaEnc);
|
wolfSSL_CTX_SetRsaEncCb(ctx, Renesas_cmn_RsaEnc);
|
||||||
wolfSSL_CTX_SetVerifyMacCb(ctx, Renesas_cmn_VerifyHmac);
|
wolfSSL_CTX_SetVerifyMacCb(ctx, Renesas_cmn_VerifyHmac);
|
||||||
|
|
||||||
|
/* reset callbacks */
|
||||||
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
|
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
|
||||||
}
|
}
|
||||||
/* Set callback contexts needed for sce TLS api handling */
|
/* Set callback contexts needed for sce TLS api handling */
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
/* renesas_cmn.h
|
/* renesas_cmn.h
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||||
*
|
*
|
||||||
* This file is part of wolfSSL.
|
* This file is part of wolfSSL.
|
||||||
*
|
*
|
||||||
@ -33,11 +33,11 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in,
|
|||||||
const unsigned char* keyDer, unsigned int keySz, void* ctx);
|
const unsigned char* keyDer, unsigned int keySz, void* ctx);
|
||||||
WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message,
|
WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message,
|
||||||
word32 messageSz, word32 macSz, word32 content, void* ctx);
|
word32 messageSz, word32 macSz, word32 content, void* ctx);
|
||||||
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
|
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
|
||||||
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
|
unsigned int sigSz, const unsigned char* hash, unsigned int hashSz,
|
||||||
const uint8_t* key, uint32_t keySz, int* result, void* ctx);
|
const unsigned char* key, unsigned int keySz, int* result, void* ctx);
|
||||||
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
|
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, unsigned char* sig, unsigned int sigSz,
|
||||||
uint8_t** out, const byte* key, uint32_t keySz, void* ctx);
|
unsigned char** out, const unsigned char* key, unsigned int keySz, void* ctx);
|
||||||
WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
|
WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
|
||||||
word32 sz, int padSz, int content, int verify, int epochOrder);
|
word32 sz, int padSz, int content, int verify, int epochOrder);
|
||||||
WOLFSSL_LOCAL int Renesas_cmn_usable(const WOLFSSL *ssl, byte seskey_gennerated);
|
WOLFSSL_LOCAL int Renesas_cmn_usable(const WOLFSSL *ssl, byte seskey_gennerated);
|
||||||
@ -56,4 +56,4 @@ int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
|
|||||||
word32 key_n_start, word32 key_n_len, word32 key_e_start,
|
word32 key_n_start, word32 key_n_len, word32 key_e_start,
|
||||||
word32 key_e_len, word32 cm_row);
|
word32 key_e_len, word32 cm_row);
|
||||||
WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx);
|
WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx);
|
||||||
#endif /* __RENESAS_CMN_H__ */
|
#endif /* __RENESAS_CMN_H__ */
|
||||||
|
|||||||
Reference in New Issue
Block a user