diff --git a/IDE/Renesas/e2studio/RZN2L/README.md b/IDE/Renesas/e2studio/RZN2L/README.md new file mode 100644 index 000000000..a2f556285 --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/README.md @@ -0,0 +1,536 @@ +wolfSSL for Renesas RZN2L Board +================================================= + +## Description + +This directory contains e2studio projects targeted at the Renesas RZ MCUs. +The example projects include a wolfSSL TLS client and server. +They also include benchmark and cryptography tests for the wolfCrypt library. + +The example project contains both the wolfSSL and wolfCrypt libraries. +It is built as a `Renesas RZ/N C/C++ FSP Project` and contains the Renesas RZ +configuration. The wolfssl project uses `Renesas Secure IP on RZ` +as hardware acceleration for cyptography. + +**Limitation** + +Due to lacking of TLS related feature on RSIP driver version, TLS connection examples below use `SHA` and `Random generation` of RSIP driver. + +The example project summary is listed below and is relevant for every project. + +### Project Summary +|Item|Name/Version| +|:--|:--| +|Board|RZN2L| +|Device|R9A07G084M04GBG| +|Toolchain|GCC for Renesas RZ| +|Toolchain Version|10.3.1.20210824| +|FSP Version|1.2.0| + +#### Selected software components + +|Components|Version|Note| +|:--|:--|:--| +|Board Support Package Common Files|v1.20|| +|I/O Port|v1.2.0|| +|Arm CMSIS Version 5 - Core (M)|v5.7.0+renesas.1|| +|Board support package for R9A07G084M04GBG|v1.2.0|| +|Board support package for RZN2L|v1.2.0|| +|Board support package for RZN2L - FSP Data|v1.2.0|| +|RSK+RZN2L Board Support Files (RAM execution without flash memory)|v1.2.0|| +|FreeRTOS - Buffer Allocation 2|v1.2.0|| +|FreeRTOS - Memory Management - Heap 4|v1.2.0|| +|FreeRTOS+TCP|v1.2.0|| +|Ethernet PHY |v1.2.0|| +|Ethernet Selector|v1.2.0|| +|Ethernet|v1.2.0|| +|Ethernet Switch|v1.2.0|| +|SCI UART|v1.2.0|| +|r_ether to FreeRTOS+TCP Wrapper|v1.2.0|| +|Renesas Secure IP Driver|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module| +|RSIP Engine for RZ/N2L|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module| + + +## Setup Steps and Build wolfSSL Library + +1.) Import projects from [File]->[Open projects from File System] + ++ Select folder at /path/to/wolfssl/IDE/Renesas/e2studio/RZN2L/test + +2.) Create a `dummy_application` Renesas RZ/N C/C++ FSP Project. + ++ Click File->New->`RZ/N C/C++ FSP Project`. ++ Enter project name `dummu_application`. ++ Select Board: to `RSK+RZN2L (RAM execution without flash memory)`. ++ Select Device: to `R9A07G084M04GBG`. Click Next. ++ Check to `Executable` ++ Select FreeRTOS from RTOS selection. Click Finish. ++ Check `FreeRTOS minimal - Static Allocation`. Click Finish. ++ Open FSP Configurator by clicking configuration.xml in the project --> ++ Go to `Stacks` tab ++ Add new thread by clicking `New Thread`, and set properties below + +|Property|Value| +|:--|:--| +|Thread Symbol|rzn2l_tst_thread| +|Thread Name|rzn2l_tst_thread| +|Thread Stack size|increase depending on your environment
e.g. 0xA000| +|Thread MemoryAllocation|Dyamic| +|Common General Use Mutexes|Enabled| +|Common General Enable Backward Compatibility|Enabled| +|Common Memory Allocation Support Dynamic Allocation|Enabled| +|Common Memory Allocation Total Heap Size|increase depending on your environment
e.g. 0x20000| + ++ Add `Heap 4` stack to rzn2l_tst_thread from `New Stack` -> `FreeRTOS` -> `FreeRTOS Heap 4` ++ Add `UART Driver` stack to rzn2l_tst_thread from `New Stack` -> `Connectivity` -> `UART Driver` ++ Add `FreeRTOS + TCP` stack to rzn2l_tst_thread from `New Stack` -> -> `FreeRTOS` -> `Libraries` -> `FreeRTOS+TCP` and set properties + ++ Save `dummy_application` FSP configuration ++ Copy configuration.xml under `dummy_application` to `test_RZN2L` ++ Open FSP configuration by clicking copied configuration.xml at `test_RZN2L` ++ Click `Generate Project Content` on FSP configuration GUI + +3.) Prepare UART to logging + ++ Download Sample package from [BACnet Start-Up](https://www.renesas.com/us/en/products/microcontrollers-microprocessors/rz-mpus/bacnet-start-rzn2l-rsk) ++ Copy the following C source files from the project to src/serial_io folder of `test_RZN2L` + + um_serial_io_uart.c + + um_serial_io_task_writer.c + + um_serial_io_cfg.h + + um_common_api.h + + um_common_cfg.h + + um_serial_io.c + + um_serial_io.h + + um_serial_io_api.h + + um_serial_io_internal.h ++ Open um_serial_io_task_writer.c and re-name printf to uart_printf + +3.) Build `test_RZN2L` project + +## Run `test_RZN2L` + +1). Right click the project and Select menu Debug -> Renesas GDB Hardware debugging +2). Select J-Link ARM and R9A07G084M04 +3). Break at Entory point. Change `cpsr` register value from 0xXXXXX1yy to 0xXXXXX1da + +## Run TLS 1.3 Client +1.) Enable `WOLFSSL_TLS13` macro in `user_settings.h` + +2.) Enable `TLS_CLIENT` macro in `wolfssl_demo.h` of test_RZN2L project + +3.) Client IP address and Server IP address + ++ Client IP address can be changed by the following line in `rzn2l_tst_thread_entry.c`. +``` +static const byte ucIPAddress[4] = { 192, 168, 11, 241 }; +``` ++ Server IP address can be changed by the following line in wolf_client.c. +``` +#define SERVER_IP "192.168.11.65" +``` + +3.) Build test_RZN2L project + +4.) Prepare peer wolfssl server + ++ On Linux ++ Clone wolfssl from [github repository](https://github.com/wolfssl/wolfssl.git) +``` +$ ./autogen.sh +$ ./configure +$ make +``` + ++ Run peer wolfSSL server + ++ RSA sign and verify use, launch server with the following option +``` +$./examples/server/server -b -d -i -v 4 +``` + ++ For ECDSA sign and verify use, +Enable the `USE_CRT_BUFFER_256` macro in `wolfssl_demo.h` +Disble the `USE_CRT_BUFFER_2048` macro in `wolfssl_demo.h` + ++ launch server with the following option. +``` +$./examples/server/server -b -d -i -v 4 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +``` + +5.) Run the example Client + +You will see the following message on a UART terminal when using RSA sign and verify or ECDSA sign and verify. +``` + Started Serial I/O interface. + Start TLS Connection to 192.168.11.65 port(11111) + Error [-116]: FreeRTOS_connect. <-- A number of messages will be showed by depending on number of connection failures. + Start to connect to the server. + Cipher : TLS13-AES128-GCM-SHA256 + Received: I hear you fa shizzle! + + Start to connect to the server. + Cipher : TLS13-AES256-GCM-SHA384 + Received: I hear you fa shizzle! + + End of Client Example +``` + +## Run TLS 1.2 Client +1.) Disable `WOLFSSL_TLS13` macro in `user_settings.h` + +2.) Enable `TLS_CLIENT` macro in `wolfssl_demo.h` of test_RZN2L project + +3.) Client IP address and Server IP address + ++ Client IP address can be changed by the following line in `rzn2l_tst_thread_entry.c`. +``` +static const byte ucIPAddress[4] = { 192, 168, 11, 241 }; +``` ++ Server IP address can be changed by the following line in wolf_client.c. +``` +#define SERVER_IP "192.168.11.65" +``` + +3.) Build test_RZN2L project + +4.) Prepare peer wolfssl server + ++ On Linux ++ Clone wolfssl from [github repository](https://github.com/wolfssl/wolfssl.git) +``` +$ ./autogen.sh +$ ./configure +$ make +``` + ++ Run peer wolfSSL server + ++ RSA sign and verify use, launch server with the following option +``` +$./examples/server/server -b -d -i -v 3 +``` + ++ For ECDSA sign and verify use, +Enable the `USE_CRT_BUFFER_256` macro in `wolfssl_demo.h` +Disble the `USE_CRT_BUFFER_2048` macro in `wolfssl_demo.h` + ++ launch server with the following option. +``` +$./examples/server/server -b -d -i -v 3 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +``` + +5.) Run the example Client + +You will see the following message on a UART terminal when using RSA sign and verify. +``` +Started Serial I/O interface. + Start TLS Connection to 192.168.11.65 port(11111) + Error [-116]: FreeRTOS_connect. + Start to connect to the server. + Cipher : ECDHE-RSA-AES128-GCM-SHA256 + Received: I hear you fa shizzle! + + Start to connect to the server. + Cipher : ECDHE-RSA-AES256-SHA + Received: I hear you fa shizzle! + + Start to connect to the server. + Cipher : ECDHE-RSA-AES128-SHA256 + Received: I hear you fa shizzle! + + + End of Client Example +``` + +You will see the following message on a UART terminal when using ECDSA sign and verify. +``` +Started Serial I/O interface. + Start TLS Connection to 192.168.11.65 port(11111) + Error [-116]: FreeRTOS_connect. + Start to connect to the server. + Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 + Received: I hear you fa shizzle! + + Start to connect to the server. + Cipher : ECDHE-ECDSA-AES256-SHA + Received: I hear you fa shizzle! + + Start to connect to the server. + Cipher : ECDHE-ECDSA-AES128-SHA256 + Received: I hear you fa shizzle! + + + End of Client Example +``` + +## Run TLS 1.3 Server +1.) Enable `WOLFSSL_TLS13` macro in `user_settings.h` + +2.) Enable `TLS_SERVER` macro in `wolfssl_demo.h` of test_RZN2L project + +3.) Client IP address and Server IP address + ++ Server IP address can be changed by the following line in `rzn2l_tst_thread_entry.c`. +``` +static const byte ucIPAddress[4] = { 192, 168, 11, 241 }; +``` + +3.) Build test_RZN2L project + ++ For ECDSA sign and verify use, +Enable the `USE_CRT_BUFFER_256` macro in `wolfssl_demo.h` +Disble the `USE_CRT_BUFFER_2048` macro in `wolfssl_demo.h` + ++ launch server from e2studio + +4.) Prepare peer wolfssl client + ++ On Linux ++ Clone wolfssl from [github repository](https://github.com/wolfssl/wolfssl.git) +``` +$ ./autogen.sh +$ ./configure +$ make +``` + +5.) Run peer wolfSSL client + ++ RSA sign and verify use, run peer client with the following option +``` +$./examples/client/client -h 192.168.11.241 -p 11111 -v 4 +``` + +You will see the following message on a UART terminal when using RSA sign and verify. +``` +Started Serial I/O interface. + Start TLS Accept at 192.168.011.241 port(11111) +Received: hello wolfssl! +Cleaning up socket and wolfSSL objects. +Waiting connection.... +``` + +You will see the follwoing message on Linux terminal. +``` +$ ./examples/client/client -h 192.168.11.241 -p 11111 -v 4 +SSL version is TLSv1.3 +SSL cipher suite is TLS_AES_128_GCM_SHA256 +SSL curve name is SECP256R1 +I hear ya fa s +``` + ++ ECDSA sign and verify use, run peer client with the following option +``` +$./examples/client/client -h 192.168.11.241 -p 11111 -v 3 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem -k ./certs/ecc-client-key.pem +``` + +You will see the following message on a UART terminal when using ECDSA sign and verify. +``` +Started Serial I/O interface. + Start TLS Accept at 192.168.011.241 port(11111) +Received: hello wolfssl! +Cleaning up socket and wolfSSL objects. +Waiting connection.... +``` +You will see the follwoing message on Linux terminal. +``` +$ ./examples/client/client -h 192.168.11.241 -p 11111 -v 4 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem -k ./cert +s/ecc-client-key.pem +SSL version is TLSv1.3 +SSL cipher suite is TLS_AES_128_GCM_SHA256 +SSL curve name is SECP256R1 +I hear ya fa s +``` + +## Run TLS 1.2 Server +1.) Disable `WOLFSSL_TLS13` macro in `user_settings.h` + +2.) Enable `TLS_SERVER` macro in `wolfssl_demo.h` of test_RZN2L project + +3.) Client IP address and Server IP address + ++ Server IP address can be changed by the following line in `rzn2l_tst_thread_entry.c`. +``` +static const byte ucIPAddress[4] = { 192, 168, 11, 241 }; +``` + +3.) Build test_RZN2L project + ++ For ECDSA sign and verify use, +Enable the `USE_CRT_BUFFER_256` macro in `wolfssl_demo.h` +Disble the `USE_CRT_BUFFER_2048` macro in `wolfssl_demo.h` + ++ launch server from e2studio + +4.) Prepare peer wolfssl client + ++ On Linux ++ Clone wolfssl from [github repository](https://github.com/wolfssl/wolfssl.git) +``` +$ ./autogen.sh +$ ./configure +$ make +``` + +5.) Run peer wolfSSL client + ++ RSA sign and verify use, run peer client with the following option +``` +$./examples/client/client -h 192.168.11.241 -p 11111 -v 4 +``` + +You will see the following message on a UART terminal when using RSA sign and verify. +``` +Started Serial I/O interface. + Start TLS Accept at 192.168.011.241 port(11111) +Received: hello wolfssl! +Cleaning up socket and wolfSSL objects. +Waiting connection.... +``` + +You will see the follwoing message on Linux terminal. +``` +$ ./examples/client/client -h 192.168.11.241 -p 11111 -v 3 +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +SSL curve name is SECP256R1 +I hear ya fa s +``` + ++ ECDSA sign and verify use, run peer client with the following option +``` +$./examples/client/client -h 192.168.11.241 -p 11111 -v 3 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem -k ./certs/ecc-client-key.pem +``` + +You will see the following message on a UART terminal when using ECDSA sign and verify. +``` +Started Serial I/O interface. + Start TLS Accept at 192.168.011.241 port(11111) +Received: hello wolfssl! +Cleaning up socket and wolfSSL objects. +Waiting connection.... +``` +You will see the follwoing message on Linux terminal. +``` +$ ./examples/client/client -h 192.168.11.241 -p 11111 -v 3 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem -k ./certs/ecc-client-key.pem +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +SSL curve name is SECP256R1 +I hear ya fa s +``` +## Run Crypt test +1.) Enable `CRYPT_TEST` macro in `wolfssl_demo.h` + +2.) Run `test_RZN2L` from e2studio + +Sample Output + +``` +------------------------------------------------------------------------------ + wolfSSL version 5.6.3 +------------------------------------------------------------------------------ +error test passed! +MEMORY test passed! +base64 test passed! +asn test passed! +RANDOM test passed! +MD5 test passed! +MD4 test passed! +SHA test passed! +SHA-224 test passed! +SHA-256 test passed! +SHA-384 test passed! +SHA-512 test passed! +SHA-512/224 test passed! +SHA-512/256 test passed! +Hash test passed! +HMAC-MD5 test passed! +HMAC-SHA test passed! +HMAC-SHA224 test passed! +HMAC-SHA256 test passed! +HMAC-SHA384 test passed! +HMAC-SHA512 test passed! +HMAC-KDF test passed! +TLSv1.3 KDF test passed! +DES test passed! +DES3 test passed! +AES test passed! +AES256 test passed! +AES-GCM test passed! +RSA test passed! +PWDBASED test passed! +ECC test passed! +ECC buffer test passed! +CURVE25519 test passed! +logging test passed! +time test passed! +mutex test passed! +crypto callback test passed! +Test complete + End wolfCrypt Test +``` + +**Note** +`SHA1/224/256/384/512` and `Randome generation` of RSIP driver are enabled at the sampele output above while running wolfCrypt test. + +## Run Benchmark + +1.) Enable `BENCHMARK` macro in `wolfssl_demo.h` + +2.) Run `test_RZN2L` from e2studio + +Sample Output +``` +Started Serial I/O interface. Start wolfCrypt Benchmark +wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each) +RNG 825.0 KiB took 1.021 seconds, 808.031 KiB/s +AES-128-CBC-enc 1.0 MiB took 1.006 seconds, 1.189 MiB/s +AES-128-CBC-dec 1.0 MiB took 1.000 seconds, 1.221 MiB/s +AES-192-CBC-enc 1.0 MiB took 1.015 seconds, 1.058 MiB/s +AES-192-CBC-dec 1.0 MiB took 1.020 seconds, 1.077 MiB/s +AES-256-CBC-enc 1000.0 KiB took 1.020 seconds, 980.392 KiB/s +AES-256-CBC-dec 1000.0 KiB took 1.010 seconds, 990.099 KiB/s +AES-128-GCM-enc 400.0 KiB took 1.019 seconds, 392.542 KiB/s +AES-128-GCM-dec 400.0 KiB took 1.019 seconds, 392.542 KiB/s +AES-192-GCM-enc 400.0 KiB took 1.061 seconds, 377.003 KiB/s +AES-192-GCM-dec 400.0 KiB took 1.061 seconds, 377.003 KiB/s +AES-256-GCM-enc 375.0 KiB took 1.034 seconds, 362.669 KiB/s +AES-256-GCM-dec 375.0 KiB took 1.033 seconds, 363.020 KiB/s +AES-128-GCM-enc-no_AAD 400.0 KiB took 1.009 seconds, 396.432 KiB/s +AES-128-GCM-dec-no_AAD 400.0 KiB took 1.008 seconds, 396.825 KiB/s +AES-192-GCM-enc-no_AAD 400.0 KiB took 1.051 seconds, 380.590 KiB/s +AES-192-GCM-dec-no_AAD 400.0 KiB took 1.051 seconds, 380.590 KiB/s +AES-256-GCM-enc-no_AAD 375.0 KiB took 1.023 seconds, 366.569 KiB/s +AES-256-GCM-dec-no_AAD 375.0 KiB took 1.024 seconds, 366.211 KiB/s +GMAC Default 589.0 KiB took 1.001 seconds, 588.412 KiB/s +3DES 325.0 KiB took 1.043 seconds, 311.601 KiB/s +MD5 12.0 MiB took 1.000 seconds, 12.231 MiB/s +SHA 2.0 MiB took 1.001 seconds, 2.171 MiB/s +SHA-224 2.0 MiB took 1.001 seconds, 2.171 MiB/s +SHA-256 2.0 MiB took 1.002 seconds, 2.169 MiB/s +SHA-384 2.0 MiB took 1.001 seconds, 2.171 MiB/s +SHA-512 2.0 MiB took 1.002 seconds, 2.169 MiB/s +SHA-512/224 2.0 MiB took 1.002 seconds, 2.169 MiB/s +SHA-512/256 2.0 MiB took 1.002 seconds, 2.169 MiB/s +HMAC-MD5 12.0 MiB took 1.001 seconds, 12.195 MiB/s +HMAC-SHA 2.0 MiB took 1.001 seconds, 2.146 MiB/s +HMAC-SHA224 2.0 MiB took 1.001 seconds, 2.146 MiB/s +HMAC-SHA256 2.0 MiB took 1.002 seconds, 2.144 MiB/s +HMAC-SHA384 2.0 MiB took 1.007 seconds, 2.134 MiB/s +HMAC-SHA512 2.0 MiB took 1.007 seconds, 2.134 MiB/s +PBKDF2 288.0 bytes took 1.025 seconds, 280.976 bytes/s +RSA 2048 public 48 ops took 1.028 sec, avg 21.417 ms, 46.693 ops/sec +RSA 2048 private 2 ops took 2.787 sec, avg 1393.500 ms, 0.718 ops/sec +ECC [ SECP256R1] 256 key gen 2 ops took 1.467 sec, avg 733.500 ms, 1.363 ops/sec +ECDHE [ SECP256R1] 256 agree 2 ops took 1.465 sec, avg 732.500 ms, 1.365 ops/sec +ECDSA [ SECP256R1] 256 sign 2 ops took 8.049 sec, avg 4024.500 ms, 0.248 ops/sec +ECDSA [ SECP256R1] 256 verify 2 ops took 2.794 sec, avg 1396.1000 ms, 0.716 ops/sec +CURVE 25519 key gen 2 ops took 1.077 sec, avg 538.500 ms, 1.857 ops/sec +CURVE 25519 agree 2 ops took 1.077 sec, avg 538.500 ms, 1.857 ops/sec +Benchmark complete + End wolfCrypt Benchmark +``` +**Note** +`SHA1/224/256/384/512` and `Randome generation` of RSIP driver are enabled at the sampele output above. +## Support + +For support inquiries and questions, please email support@wolfssl.com. Feel free to reach out to info@wolfssl.jp as well. diff --git a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h new file mode 100644 index 000000000..c173f1ec0 --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h @@ -0,0 +1,112 @@ +/* user_settings.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +/* Operating Environment and Threading */ +#if defined(WOLFSSL_RENESAS_RSIP) + /* FSP SM stands for Flexible Software Package Security Module + * WOLFSSL_RENESAS_FSPSM enables fundamental code when it uses. + * e.g. Open/Close/Random generator + * WOLFSSL_RENESAS_FSPSPM_TLS enables TLS related code for FSP SM + * e.g. Certificate verification, Master Secret Generation + * WOLFSSL_RENESAS_SCEPROTECT enables specific code for SCE if needed + */ + #define WOLFSSL_RENESAS_FSPSM + /* Not yet supported TLS related capabilities */ + /* # define WOLFSSL_RENESAS_FSPSM_TLS */ + +#endif + + /* XXX_CRYPTONLY definition enables FSP SM module for Crypto only use. + * Therefore, it disables TLS related API use + */ +/* #define WOLFSSL_RENESAS_RSIP_CRYPTONLY */ + +#if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY) + #undef WOLFSSL_RENESAS_FSPSM_TLS + #define WOLFSSL_RENESAS_FSPSM_CRYPTONLY + + #if !defined(WOLFSSL_RENESAS_RSPI) + #define WOLFSSL_RENESAS_RSPI + #endif +#endif + +#define FREERTOS +#define FREERTOS_TCP + +#define NO_MAIN_DRIVER +#define BENCH_EMBEDDED +#define NO_WRITEV +#define WOLFSSL_NO_FLOAT_FMT + +#define NO_DEV_RANDOM +#define SIZEOF_LONG_LONG 8 +#define NO_WOLFSSL_DIR +#define WOLFSSL_NO_CURRDIR +#define NO_WOLF_C99 +#define NO_MULTIBYTE_PRINT +#define NO_FILESYSTEM + +#define XVALIDATEDATE(d, f,t) (0) + +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +#define HAVE_AESGCM +#define WOLFSSL_SHA224 +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 +#define HAVE_ECC +#define HAVE_CURVE25519 +#define CURVE25519_SMALL + +#define WOLFSSL_SMALL_STACK +#define USE_FAST_MATH + +/* static RSA */ +#define WOLFSSL_STATIC_RSA + +/* Enable to use TLS1.3 */ +#define WOLFSSL_TLS13 + +#if defined(WOLFSSL_TLS13) + #include + #define HAVE_FFDHE_2048 + #define HAVE_HKDF + #define WC_RSA_PSS + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES +#endif + +#define WOLF_CRYPTO_CB +#if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY) + #define HAVE_RENESAS_SYNC + #define WC_USE_DEVID 7890 + #define NO_AES_192 + #define NO_SW_BENCH +#endif + +#if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY) + #define WOLFSSL_KEY_GEN +#endif + +int uart_printf (const char *__restrict format, ...); +#undef printf +#define printf uart_printf diff --git a/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h b/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h new file mode 100644 index 000000000..9f5a8cd0a --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h @@ -0,0 +1,108 @@ +/* wolfssl_demo.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_DEMO_H_ +#define WOLFSSL_DEMO_H_ + +#include +#include "FreeRTOS_IP.h" +#include "FreeRTOS_Sockets.h" + +#define FREQ 10000 /* Hz */ + +/* Client connects to the server with these details. */ +#define SERVER_IP "192.168.11.65" +#define DEFAULT_PORT 11111 + +typedef struct tagTestInfo +{ + int id; + int port; + char name[32]; + const char* cipher; + WOLFSSL_CTX* ctx; +} TestInfo; + +/* Enable Crypt Unit Test */ +/* #define UNIT_TEST */ + +/* Enable wolfcrypt test */ +/* can be enabled with benchmark test */ +#define CRYPT_TEST + +/* Enable benchmark */ +/* can be enabled with cyrpt test */ +/* #define BENCHMARK */ + +/* Enable TLS client */ +/* #define TLS_CLIENT */ + +/* Enable TLS Server */ +/* #define TLS_SERVER */ + +#if defined(TLS_CLIENT) + extern WOLFSSL_CTX *client_ctx; + + /* Use RSA certificates */ + #define USE_CERT_BUFFERS_2048 + /* Use ECC certificates */ + /*#define USE_CERT_BUFFERS_256*/ +#endif + +#if defined(TLS_SERVER) + extern WOLFSSL_CTX *server_ctx; + + /* Use RSA certificates */ + #define USE_CERT_BUFFERS_2048 + /* Use ECC certificates */ + /*#define USE_CERT_BUFFERS_256*/ +#endif + +#if defined(USE_CERT_BUFFERS_2048) && defined(USE_CERT_BUFFERS_256) + #error please set either macro USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_256 +#endif + +#define FR_SOCKET_SUCCESS 0 + +static void util_Cleanup(WOLFSSL_CTX *ctx, WOLFSSL *ssl) { + printf("Cleaning up socket and wolfSSL objects.\n"); + if (ssl != NULL) + wolfSSL_free(ssl); + if (ctx != NULL) + wolfSSL_CTX_free(ctx); + wolfSSL_Cleanup(); +} + +static inline void util_inf_loop(WOLFSSL_CTX *ctx, WOLFSSL *ssl) { + util_Cleanup(ctx, ssl); + printf("Reached infinite loop.\n"); + while (1) + ; +} + +void TCPInit(); +void wolfSSL_TLS_client_init(); +int wolfSSL_TLS_client_do(void *pvParam); +void wolfSSL_TLS_server_init(); +int wolfSSL_TLS_server_do(void *pvParam); +void wolfSSL_TLS_cleanup(); + +#endif /* WOLFSSL_DEMO_H_ */ diff --git a/IDE/Renesas/e2studio/RZN2L/include.am b/IDE/Renesas/e2studio/RZN2L/include.am new file mode 100644 index 000000000..af40725cb --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/include.am @@ -0,0 +1,17 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/README.md +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/.cproject +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/.project +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfCrypt/.gitignore +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfSSL/.gitignore +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h +EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/user_settings.h \ No newline at end of file diff --git a/IDE/Renesas/e2studio/RZN2L/test/.cproject b/IDE/Renesas/e2studio/RZN2L/test/.cproject new file mode 100644 index 000000000..a10ae077d --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/test/.cproject @@ -0,0 +1,1219 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/IDE/Renesas/e2studio/RZN2L/test/.project b/IDE/Renesas/e2studio/RZN2L/test/.project new file mode 100644 index 000000000..9610054e4 --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/test/.project @@ -0,0 +1,440 @@ + + + test_RZN2L + + + + + + com.renesas.cdt.ddsc.contentgen.ddscBuilder + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + com.renesas.cdt.ddsc.contentgen.ddscInterlockBundleBuilder + + + + + + org.eclipse.cdt.core.cnature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + com.renesas.cdt.ddsc.contentgen.ddscNature + com.renesas.cdt.rz.ddsc.contentgen.rznNature + + + + common/user_settings.h + 1 + PARENT-1-PROJECT_LOC/common/user_settings.h + + + common/wolfssl_demo.h + 1 + PARENT-1-PROJECT_LOC/common/wolfssl_demo.h + + + src/test/benchmark.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/benchmark/benchmark.c + + + src/test/test.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/test/test.c + + + src/wolfCrypt/aes.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/aes.c + + + src/wolfCrypt/arc4.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/arc4.c + + + src/wolfCrypt/asm.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/asm.c + + + src/wolfCrypt/asn.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/asn.c + + + src/wolfCrypt/blake2b.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/blake2b.c + + + src/wolfCrypt/camellia.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/camellia.c + + + src/wolfCrypt/chacha.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/chacha.c + + + src/wolfCrypt/chacha20_poly1305.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/chacha20_poly1305.c + + + src/wolfCrypt/cmac.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/cmac.c + + + src/wolfCrypt/coding.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/coding.c + + + src/wolfCrypt/compress.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/compress.c + + + src/wolfCrypt/cpuid.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/cpuid.c + + + src/wolfCrypt/cryptocb.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/cryptocb.c + + + src/wolfCrypt/curve25519.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/curve25519.c + + + src/wolfCrypt/des3.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/des3.c + + + src/wolfCrypt/dh.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/dh.c + + + src/wolfCrypt/dsa.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/dsa.c + + + src/wolfCrypt/ecc.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ecc.c + + + src/wolfCrypt/ecc_fp.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ecc_fp.c + + + src/wolfCrypt/ed25519.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ed25519.c + + + src/wolfCrypt/error.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/error.c + + + src/wolfCrypt/fe_low_mem.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/fe_low_mem.c + + + src/wolfCrypt/fe_operations.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/fe_operations.c + + + src/wolfCrypt/ge_low_mem.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ge_low_mem.c + + + src/wolfCrypt/ge_operations.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ge_operations.c + + + src/wolfCrypt/hash.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/hash.c + + + src/wolfCrypt/hmac.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/hmac.c + + + src/wolfCrypt/integer.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/integer.c + + + src/wolfCrypt/kdf.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/kdf.c + + + src/wolfCrypt/logging.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/logging.c + + + src/wolfCrypt/md2.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/md2.c + + + src/wolfCrypt/md4.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/md4.c + + + src/wolfCrypt/md5.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/md5.c + + + src/wolfCrypt/memory.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/memory.c + + + src/wolfCrypt/pkcs12.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/pkcs12.c + + + src/wolfCrypt/pkcs7.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/pkcs7.c + + + src/wolfCrypt/poly1305.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/poly1305.c + + + src/wolfCrypt/pwdbased.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/pwdbased.c + + + src/wolfCrypt/random.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/random.c + + + src/wolfCrypt/rsa.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/rsa.c + + + src/wolfCrypt/sha.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sha.c + + + src/wolfCrypt/sha256.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sha256.c + + + src/wolfCrypt/sha3.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sha3.c + + + src/wolfCrypt/sha512.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sha512.c + + + src/wolfCrypt/signature.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/signature.c + + + src/wolfCrypt/sp_arm32.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_arm32.c + + + src/wolfCrypt/sp_arm64.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_arm64.c + + + src/wolfCrypt/sp_armthumb.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_armthumb.c + + + src/wolfCrypt/sp_c32.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_c32.c + + + src/wolfCrypt/sp_c64.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_c64.c + + + src/wolfCrypt/sp_cortexm.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_cortexm.c + + + src/wolfCrypt/sp_dsp32.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_dsp32.c + + + src/wolfCrypt/sp_int.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_int.c + + + src/wolfCrypt/sp_x86_64.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_x86_64.c + + + src/wolfCrypt/srp.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/srp.c + + + src/wolfCrypt/tfm.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/tfm.c + + + src/wolfCrypt/wc_dsp.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_dsp.c + + + src/wolfCrypt/wc_encrypt.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_encrypt.c + + + src/wolfCrypt/wc_pkcs11.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_pkcs11.c + + + src/wolfCrypt/wc_port.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_port.c + + + src/wolfCrypt/wolfevent.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wolfevent.c + + + src/wolfCrypt/wolfmath.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wolfmath.c + + + src/wolfSSL/crl.c + 1 + PARENT-5-PROJECT_LOC/src/crl.c + + + src/wolfSSL/internal.c + 1 + PARENT-5-PROJECT_LOC/src/internal.c + + + src/wolfSSL/keys.c + 1 + PARENT-5-PROJECT_LOC/src/keys.c + + + src/wolfSSL/ocsp.c + 1 + PARENT-5-PROJECT_LOC/src/ocsp.c + + + src/wolfSSL/sniffer.c + 1 + PARENT-5-PROJECT_LOC/src/sniffer.c + + + src/wolfSSL/ssl.c + 1 + PARENT-5-PROJECT_LOC/src/ssl.c + + + src/wolfSSL/tls.c + 1 + PARENT-5-PROJECT_LOC/src/tls.c + + + src/wolfSSL/tls13.c + 1 + PARENT-5-PROJECT_LOC/src/tls13.c + + + src/wolfSSL/wolfio.c + 1 + PARENT-5-PROJECT_LOC/src/wolfio.c + + + src/wolfCrypt/port/renesas_common.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_common.c + + + src/wolfCrypt/port/renesas_fspsm_aes.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c + + + src/wolfCrypt/port/renesas_fspsm_rsa.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c + + + src/wolfCrypt/port/renesas_fspsm_sha.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c + + + src/wolfCrypt/port/renesas_fspsm_util.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c + + + diff --git a/IDE/Renesas/e2studio/RZN2L/test/script/fsp_ram_execution.ld b/IDE/Renesas/e2studio/RZN2L/test/script/fsp_ram_execution.ld new file mode 100644 index 000000000..8f373e0a2 --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/test/script/fsp_ram_execution.ld @@ -0,0 +1,243 @@ +/* + Linker File for Renesas RZ/N2L FSP +*/ + +MEMORY +{ + ATCM : ORIGIN = 0x00000000, LENGTH = 0x00020000 + BTCM : ORIGIN = 0x00100000, LENGTH = 0x00020000 + SYSTEM_RAM : ORIGIN = 0x10000000, LENGTH = 0x00180000 + SYSTEM_RAM_MIRROR : ORIGIN = 0x30000000, LENGTH = 0x00180000 + xSPI0_CS0_SPACE_MIRROR : ORIGIN = 0x40000000, LENGTH = 0x04000000 + xSPI0_CS1_SPACE_MIRROR : ORIGIN = 0x44000000, LENGTH = 0x04000000 + xSPI1_CS0_SPACE_MIRROR : ORIGIN = 0x48000000, LENGTH = 0x04000000 + xSPI1_CS1_SPACE_MIRROR : ORIGIN = 0x4C000000, LENGTH = 0x04000000 + CS0_SPACE_MIRROR : ORIGIN = 0x50000000, LENGTH = 0x04000000 + CS2_SPACE_MIRROR : ORIGIN = 0x54000000, LENGTH = 0x04000000 + CS3_SPACE_MIRROR : ORIGIN = 0x58000000, LENGTH = 0x04000000 + CS5_SPACE_MIRROR : ORIGIN = 0x5C000000, LENGTH = 0x04000000 + xSPI0_CS0_SPACE : ORIGIN = 0x60000000, LENGTH = 0x04000000 + xSPI0_CS1_SPACE : ORIGIN = 0x64000000, LENGTH = 0x04000000 + xSPI1_CS0_SPACE : ORIGIN = 0x68000000, LENGTH = 0x04000000 + xSPI1_CS1_SPACE : ORIGIN = 0x6C000000, LENGTH = 0x04000000 + CS0_SPACE : ORIGIN = 0x70000000, LENGTH = 0x04000000 + CS2_SPACE : ORIGIN = 0x74000000, LENGTH = 0x04000000 + CS3_SPACE : ORIGIN = 0x78000000, LENGTH = 0x04000000 + CS5_SPACE : ORIGIN = 0x7C000000, LENGTH = 0x04000000 +} + +SECTIONS +{ + .loader_text 0x00102000 : AT (0x00102000) + { + *(.loader_text) + */fsp/src/bsp/cmsis/Device/RENESAS/Source/*.o(.text*) + */fsp/src/bsp/mcu/all/bsp_clocks.o(.text*) + */fsp/src/bsp/mcu/all/bsp_irq.o(.text*) + */fsp/src/bsp/mcu/all/bsp_register_protection.o(.text*) + */fsp/src/r_ioport/r_ioport.o(.text*) + KEEP(*(.warm_start)) + } > BTCM + .loader_data : + { + */fsp/src/bsp/cmsis/Device/RENESAS/Source/*.o(.data*) + */fsp/src/bsp/mcu/all/bsp_clocks.o(.data*) + */fsp/src/bsp/mcu/all/bsp_irq.o(.data*) + */fsp/src/bsp/mcu/all/bsp_register_protection.o(.data*) + */fsp/src/r_ioport/r_ioport.o(.data*) + __loader_bss_start = .; + */fsp/src/bsp/cmsis/Device/RENESAS/Source/*.o(.bss*) + */fsp/src/bsp/mcu/all/bsp_clocks.o(.bss*) + */fsp/src/bsp/mcu/all/bsp_irq.o(.bss*) + */fsp/src/bsp/mcu/all/bsp_register_protection.o(.bss*) + */fsp/src/r_ioport/r_ioport.o(.bss*) + */fsp/src/bsp/cmsis/Device/RENESAS/Source/*.o(COMMON) + */fsp/src/bsp/mcu/all/bsp_clocks.o(COMMON) + */fsp/src/bsp/mcu/all/bsp_irq.o(COMMON) + */fsp/src/bsp/mcu/all/bsp_register_protection.o(.COMMON) + */fsp/src/r_ioport/r_ioport.o(.COMMON) + __loader_bss_end = . ; + } > BTCM + .intvec 0x00000000 : AT (0x00000000) + { + _fvector_start = .; + KEEP(*(.intvec)) + _fvector_end = .; + } > ATCM + .text 0x30000000 : AT (0x30000000) + { + _text_start = .; + *(.text*) + + KEEP(*(.init)) + KEEP(*(.fini)) + + /* .ctors */ + *crtbegin.o(.ctors) + *crtbegin?.o(.ctors) + *(EXCLUDE_FILE(*crtend?.o *crtend.o) .ctors) + *(SORT(.ctors.*)) + *(.ctors) + _ctor_end = .; + + /* .dtors */ + *crtbegin.o(.dtors) + *crtbegin?.o(.dtors) + *(EXCLUDE_FILE(*crtend?.o *crtend.o) .dtors) + *(SORT(.dtors.*)) + *(.dtors) + _dtor_end = .; + + *(.rodata*) + _erodata = .; + KEEP(*(.eh_frame*)) + } > SYSTEM_RAM_MIRROR + .rvectors : + { + _rvectors_start = .; + KEEP(*(.rvectors)) + _rvectors_end = .; + } > SYSTEM_RAM_MIRROR + .ARM.extab : + { + *(.ARM.extab* .gnu.linkonce.armextab.*) + } > SYSTEM_RAM_MIRROR + __exidx_start = .; + .ARM.exidx : + { + *(.ARM.exidx* .gnu.linkonce.armexidx.*) + } > SYSTEM_RAM_MIRROR + __exidx_end = .; + .got : + { + *(.got) + *(.got.plt) + _text_end = .; + } > SYSTEM_RAM_MIRROR + .data : + { + _data_start = .; + + *(vtable) + *(.data.*) + *(.data) + + . = ALIGN(4); + /* preinit data */ + PROVIDE_HIDDEN (__preinit_array_start = .); + KEEP(*(.preinit_array)) + PROVIDE_HIDDEN (__preinit_array_end = .); + + . = ALIGN(4); + /* init data */ + PROVIDE_HIDDEN (__init_array_start = .); + KEEP(*(SORT(.init_array.*))) + KEEP(*(.init_array)) + PROVIDE_HIDDEN (__init_array_end = .); + + . = ALIGN(4); + /* finit data */ + PROVIDE_HIDDEN (__fini_array_start = .); + KEEP(*(SORT(.fini_array.*))) + KEEP(*(.fini_array)) + PROVIDE_HIDDEN (__fini_array_end = .); + + KEEP(*(.jcr*)) + + . = ALIGN(4); + + /* All data end */ + _data_end = .; + } > SYSTEM_RAM_MIRROR + .bss : + { + . = ALIGN(4); + __bss_start__ = .; + _bss = .; + *(.bss*) + *(COMMON) + . = ALIGN(4); + __bss_end__ = .; + _ebss = .; + _end = .; + } > SYSTEM_RAM_MIRROR + .heap (NOLOAD) : + { + . = ALIGN(8); + __HeapBase = .; + /* Place the STD heap here. */ + KEEP(*(.heap)) + __HeapLimit = .; + } > SYSTEM_RAM_MIRROR + .thread_stack (NOLOAD): + { + . = ALIGN(8); + __ThreadStackBase = .; + /* Place the Thread stacks here. */ + KEEP(*(.stack*)) + __ThreadStackLimit = .; + } > SYSTEM_RAM_MIRROR + .sys_stack (NOLOAD) : + { + . = ALIGN(8); + __SysStackBase = .; + /* Place the sys_stack here. */ + KEEP(*(.sys_stack)) + __SysStackLimit = .; + } > BTCM + .svc_stack (NOLOAD) : + { + . = ALIGN(8); + __SvcStackBase = .; + /* Place the svc_stack here. */ + KEEP(*(.svc_stack)) + __SvcStackLimit = .; + } > BTCM + .irq_stack (NOLOAD) : + { + . = ALIGN(8); + __IrqStackBase = .; + /* Place the irq_stack here. */ + KEEP(*(.irq_stack)) + __IrqStackLimit = .; + } > BTCM + .fiq_stack (NOLOAD) : + { + . = ALIGN(8); + __FiqStackBase = .; + /* Place the fiq_stack here. */ + KEEP(*(.fiq_stack)) + __FiqStackLimit = .; + } > BTCM + .und_stack (NOLOAD) : + { + . = ALIGN(8); + __UndStackBase = .; + /* Place the und_stack here. */ + KEEP(*(.und_stack)) + __UndStackLimit = .; + } > BTCM + .abt_stack (NOLOAD) : + { + . = ALIGN(8); + __AbtStackBase = .; + /* Place the abt_stack here. */ + KEEP(*(.abt_stack)) + __AbtStackLimit = .; + } > BTCM + .shared_noncache_buffer 0x300C0000 : AT (0x300C0000) + { + . = ALIGN(32); + _sncbuffer_start = .; + KEEP(*(.shared_noncache_buffer*)) + _sncbuffer_end = .; + } > SYSTEM_RAM_MIRROR + .noncache_buffer 0x30100000 : AT (0x30100000) + { + . = ALIGN(32); + _ncbuffer_start = .; + KEEP(*(.noncache_buffer*)) + _ncbuffer_end = .; + } > SYSTEM_RAM_MIRROR +} + diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c b/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c new file mode 100644 index 000000000..520c56800 --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c @@ -0,0 +1,438 @@ +/* rzn2l_tst_thread_entry.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#include "rzn2l_tst_thread.h" + +#include "um_common_cfg.h" +#include "um_common_api.h" +#include "um_serial_io_api.h" +#include "um_serial_io.h" + +#include "wolfssl_demo.h" +#include "user_settings.h" + +typedef struct func_args { + int argc; + char** argv; + int return_code; +} func_args; + +static serial_io_instance_ctrl_t g_serial_io0_ctrl; +static serial_io_cfg_t const g_serial_io0_cfg = +{ + .p_uart_instance = &g_uart0, +}; +serial_io_instance_t const g_serial_io0 = +{ + .p_ctrl = &g_serial_io0_ctrl, + .p_cfg = &g_serial_io0_cfg, + .p_api = &g_serial_io_on_serial_io, +}; + +FSP_CPP_HEADER +void R_BSP_WarmStart(bsp_warm_start_event_t event) +BSP_PLACE_IN_SECTION(".warm_start"); +FSP_CPP_FOOTER + +void R_BSP_WarmStart(bsp_warm_start_event_t event) +{ + if (BSP_WARM_START_RESET == event) { + } + + if (BSP_WARM_START_POST_C == event){ + R_IOPORT_Open (&g_ioport_ctrl, &g_bsp_pin_cfg); + } +} + +#if defined(TLS_CLIENT) || \ + defined(TLS_SERVER) + extern uint8_t g_ether0_mac_address[6]; + const byte ucIPAddress[4] = { 192, 168, 11, 241 }; + const byte ucNetMask[4] = { 255, 255, 255, 0 }; + const byte ucGatewayAddress[4] = { 192, 168, 11, 1 }; + const byte ucDNSServerAddress[4] = { 192, 168, 11, 1 }; +#endif + +#if defined(WOLFSSL_RENESAS_FSPSM) && \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + +#if defined(UNIT_TEST) + int rsip_crypt_test(); +#endif + +#if (defined(BENCHMARK) || defined(CRYPT_TEST)) \ + && defined(HAVE_RENESAS_SYNC) && defined(HAVE_AES_CBC) + FSPSM_ST guser_PKCbInfo; +#endif + +void Clr_CallbackCtx(FSPSM_ST *g); +void RSIP_KeyGeneration(FSPSM_ST *g); + +void RSIP_KeyGeneration(FSPSM_ST *g) +{ + fsp_err_t rsip_error_code = FSP_SUCCESS; + + if (g->wrapped_key_aes128 != NULL) { + rsip_error_code = R_RSIP_KeyGenerate(&gFSPSM_ctrl, + RSIP_KEY_TYPE_AES_128, + g->wrapped_key_aes128); + if (rsip_error_code == FSP_SUCCESS) + g->keyflgs_crypt.bits.aes128_installedkey_set = 1; + } + + if (g->wrapped_key_aes256 != NULL) { + rsip_error_code = R_RSIP_KeyGenerate(&gFSPSM_ctrl, + RSIP_KEY_TYPE_AES_256, + g->wrapped_key_aes256); + if (rsip_error_code == FSP_SUCCESS) + g->keyflgs_crypt.bits.aes256_installedkey_set = 1; + } + + if (g->wrapped_key_rsapri1024 != NULL && + g->wrapped_key_rsapub1024 != NULL) { + rsip_error_code = R_RSIP_KeyPairGenerate(&gFSPSM_ctrl, + RSIP_KEY_PAIR_TYPE_RSA_1024, + g->wrapped_key_rsapub1024, + g->wrapped_key_rsapri1024); + if (rsip_error_code == FSP_SUCCESS) { + g->keyflgs_crypt.bits.rsapri1024_installedkey_set = 1; + g->keyflgs_crypt.bits.rsapub1024_installedkey_set = 1; + } + } + + if (g->wrapped_key_rsapri2048 != NULL && + g->wrapped_key_rsapub2048 != NULL) { + rsip_error_code = R_RSIP_KeyPairGenerate(&gFSPSM_ctrl, + RSIP_KEY_PAIR_TYPE_RSA_2048, + g->wrapped_key_rsapub2048, + g->wrapped_key_rsapri2048); + if (rsip_error_code == FSP_SUCCESS) { + g->keyflgs_crypt.bits.rsapri2048_installedkey_set = 1; + g->keyflgs_crypt.bits.rsapub2048_installedkey_set = 1; + } + } +} + +/* only pointer sets to NULL */ +/* onwer of keys should be freed */ +void Clr_CallbackCtx(FSPSM_ST *g) +{ + (void) g; + + if (g->wrapped_key_aes256 != NULL) + g->wrapped_key_aes256 = NULL; + + if (g->wrapped_key_aes128 != NULL) + g->wrapped_key_aes128 = NULL; + + #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY) + if (g->wrapped_key_rsapri2048 != NULL) + g->wrapped_key_rsapri2048 = NULL; + + if (g->wrapped_key_rsapub2048 != NULL) + g->wrapped_key_rsapub2048 = NULL; + + if (g->wrapped_key_rsapri1024 != NULL) + g->wrapped_key_rsapri1024 = NULL; + + if (g->wrapped_key_rsapub2048 != NULL) + g->wrapped_key_rsapub2048 = NULL; + #endif + + XMEMSET(g, 0, sizeof(FSPSM_ST)); +} +#endif + + +#if defined(TLS_CLIENT) || \ + defined(TLS_SERVER) + +extern WOLFSSL_CTX *client_ctx; +extern WOLFSSL_CTX *server_ctx; + +void TCPInit( ) +{ + BaseType_t fr_status; + + /* FreeRTOS+TCP Ethernet and IP Setup */ + fr_status = FreeRTOS_IPInit(ucIPAddress, + ucNetMask, + ucGatewayAddress, + ucDNSServerAddress, + g_ether0_mac_address); + + if (pdPASS != fr_status) { + printf("Error [%ld]: FreeRTOS_IPInit.\n",fr_status); + } +} + + +void wolfSSL_TLS_cleanup() +{ +#if defined(TLS_CLIENT) + if (client_ctx) { + wolfSSL_CTX_free(client_ctx); + } +#endif +#if defined(TLS_SERVER) + if (server_ctx) { + wolfSSL_CTX_free(server_ctx); + } +#endif + wolfSSL_Cleanup(); +} + +#endif + +serial_io_instance_t const * gp_serial_io0 = &g_serial_io0; +static void serial_init() +{ + usr_err_t usr_err; + + /** Open Serial I/O module. */ + usr_err = gp_serial_io0->p_api->open + (gp_serial_io0->p_ctrl, gp_serial_io0->p_cfg ); + if( USR_SUCCESS != usr_err ) + { + USR_DEBUG_BLOCK_CPU(); + } + + /** Start Serial I/O module. */ + usr_err = gp_serial_io0->p_api->start( gp_serial_io0->p_ctrl ); + if( USR_SUCCESS != usr_err ) + { + USR_DEBUG_BLOCK_CPU(); + } + printf( " Started Serial I/O interface." ); +} + +/* rzn2l_tst_thread entry function */ +/* pvParameters contains TaskHandle_t */ +void rzn2l_tst_thread_entry(void *pvParameters) +{ + FSP_PARAMETER_NOT_USED (pvParameters); + + + serial_init(); + +#if defined(UNIT_TEST) + + int ret; + + printf("\n"); + printf("\n Start wolf RSIP Crypt Test\n"); + + if ((ret = wolfCrypt_Init()) != 0) { + printf(" wolfCrypt_Init failed %d\n", ret); + } +#if defined(WOLFSSL_RENESAS_FSPSM) && \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + printf(" \n"); + printf(" RSIP Unit Test\n"); + rsip_crypt_test(); +#else + printf(" \n"); + printf(" RSIP Unit Test Not Run\n"); +#endif + printf(" \n"); + printf(" End wolf RSIP crypt Test\n"); + + if ((ret = wolfCrypt_Cleanup()) != 0) { + printf("wolfCrypt_Cleanup failed %d\n", ret); + } + +#elif defined(CRYPT_TEST) + #include "wolfcrypt/test/test.h" +#if defined(HAVE_RENESAS_SYNC) && \ + defined(HAVE_AES_CBC) + + Clr_CallbackCtx(&guser_PKCbInfo); + + #if defined(WOLFSSL_AES_128) + uint8_t wrapped_key1[RSIP_BYTE_SIZE_WRAPPED_KEY_AES_128]; + FSPSM_AES_WKEY user_aes128_key_index = + (FSPSM_AES_WKEY)wrapped_key1; + guser_PKCbInfo.wrapped_key_aes128 = user_aes128_key_index; + #endif + + #if defined(WOLFSSL_AES_256) + uint8_t wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_AES_256]; + FSPSM_AES_WKEY user_aes256_key_index = + (FSPSM_AES_WKEY)wrapped_key2; + guser_PKCbInfo.wrapped_key_aes256 = user_aes256_key_index; + #endif + /* Generate Wrapped aes key */ + RSIP_KeyGeneration(&guser_PKCbInfo); +#endif + + int ret; + + func_args args = { 0 }; + + if ((ret = wolfCrypt_Init()) != 0) { + printf("wolfCrypt_Init failed %d\n", ret); + } + + printf("\n"); + printf("\n Start wolfCrypt Test\n"); + wolfcrypt_test((void*)&args); + printf(" End wolfCrypt Test\n"); + + if ((ret = wolfCrypt_Cleanup()) != 0) { + printf("wolfCrypt_Cleanup failed %d\n", ret); + } +#if defined(HAVE_RENESAS_SYNC) && \ + defined(HAVE_AES_CBC) + Clr_CallbackCtx(&guser_PKCbInfo); +#endif + +#elif defined(BENCHMARK) +#if defined(HAVE_RENESAS_SYNC) && \ + defined(HAVE_AES_CBC) + + Clr_CallbackCtx(&guser_PKCbInfo); + + #if defined(WOLFSSL_AES_128) + uint8_t wrapped_key1[RSIP_BYTE_SIZE_WRAPPED_KEY_AES_128]; + FSPSM_AES_WKEY user_aes128_key_index = + (FSPSM_AES_WKEY)wrapped_key1; + guser_PKCbInfo.wrapped_key_aes128 = user_aes128_key_index; + #endif + + #if defined(WOLFSSL_AES_256) + uint8_t wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_AES_256]; + FSPSM_AES_WKEY user_aes256_key_index = + (FSPSM_AES_WKEY)wrapped_key2; + guser_PKCbInfo.wrapped_key_aes256 = user_aes256_key_index; + #endif + /* Generate Wrapped aes key */ + RSIP_KeyGeneration(&guser_PKCbInfo); +#endif + printf(" Start wolfCrypt Benchmark\n"); + + benchmark_test(NULL); + + printf(" End wolfCrypt Benchmark\n"); +#if defined(HAVE_RENESAS_SYNC) && \ + defined(HAVE_AES_CBC) + Clr_CallbackCtx(&guser_PKCbInfo); +#endif + +#elif defined(TLS_CLIENT) + + int i = 0; + const int Max_Retry = 10; + + #if defined(WOLFSSL_TLS13) + const char* cipherlist[] = { + "TLS13-AES128-GCM-SHA256", + "TLS13-AES256-GCM-SHA384", + }; + const int cipherlist_sz = 2; + TestInfo info[cipherlist_sz]; + #elif defined(USE_CERT_BUFFERS_2048) + const char* cipherlist[] = { + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES256-SHA", + "ECDHE-RSA-AES128-SHA256" + }; + const int cipherlist_sz = 3; + TestInfo info[cipherlist_sz]; + #elif defined(USE_CERT_BUFFERS_256) + const char* cipherlist[] = { + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-ECDSA-AES128-SHA256" + }; + const int cipherlist_sz = 3; + TestInfo info[cipherlist_sz]; + #endif + + TCPInit(); + + int TCP_connect_retry = 0; + + printf("\n Start TLS Connection to %s port(%d)\n", SERVER_IP, DEFAULT_PORT); + wolfSSL_TLS_client_init(); + + do { + + info[i].port = DEFAULT_PORT; + info[i].cipher = cipherlist[i]; + info[i].ctx = client_ctx; + info[i].id = i; + + XMEMSET(info[i].name, 0, sizeof(info[i].name)); + XSPRINTF(info[i].name, "wolfSSL_TLS_client_do(%02d)", i); + + if(wolfSSL_TLS_client_do(&info[i]) == -116) { + TCP_connect_retry++; + continue; + } + TCP_connect_retry = 0; + i++; + } while (i < cipherlist_sz && TCP_connect_retry < Max_Retry); + + printf("\n End of Client Example"); + + wolfSSL_TLS_cleanup(); +#elif defined(TLS_SERVER) + + int i = 0; + const int Max_Retry = 10; + TestInfo info; + + TCPInit(); + + int TCP_connect_retry = 0; + + printf("\n Start TLS Accept at %03d.%03d.%03d.%03d port(%d)\n", + ucIPAddress[0], + ucIPAddress[1], + ucIPAddress[2], + ucIPAddress[3],DEFAULT_PORT); + wolfSSL_TLS_server_init(); + + do { + + info.port = DEFAULT_PORT; + info.cipher = NULL; + info.ctx = server_ctx; + info.id = i; + + XMEMSET(info.name, 0, sizeof(info.name)); + XSPRINTF(info.name, "wolfSSL_TLS_server_do(%02d)", + TCP_connect_retry); + if(wolfSSL_TLS_server_do(&info) == -116) { + TCP_connect_retry++; + continue; + } + TCP_connect_retry = 0; + } while (TCP_connect_retry < Max_Retry); + + printf("\n End of Client Example"); + +#endif + /* TODO: add your own code here */ + while (1) + { + vTaskDelay (1); + } +} diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore b/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore new file mode 100644 index 000000000..c96a04f00 --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore \ No newline at end of file diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c new file mode 100644 index 000000000..f2d610da1 --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c @@ -0,0 +1,184 @@ +/* wolf_client.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include "wolfssl_demo.h" + +#if defined(TLS_CLIENT) + +#include +#include +#include +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/ssl.h" +#include "wolfssl/certs_test.h" + +WOLFSSL_CTX *client_ctx = NULL; + +void wolfSSL_TLS_client_init() +{ + #ifndef NO_FILESYSTEM + #ifdef USE_ECC_CERT + char *cert = "./certs/ca-ecc-cert.pem"; + #else + char *cert = "./certs/ca-cert.pem"; + #endif + #else + #ifdef USE_CERT_BUFFERS_256 + const unsigned char *cert = ca_ecc_cert_der_256; + #define SIZEOF_CERT sizeof_ca_ecc_cert_der_256 + #else + const unsigned char *cert = ca_cert_der_2048; + #define SIZEOF_CERT sizeof_ca_cert_der_2048 + #endif + #endif + + wolfSSL_Init(); + + /* Create and initialize WOLFSSL_CTX */ + if ((client_ctx = wolfSSL_CTX_new( + wolfSSLv23_client_method_ex((void *)NULL))) == NULL) { + printf("ERROR: failed to create WOLFSSL_CTX\n"); + return; + } + + #if !defined(NO_FILESYSTEM) + if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) { + printf("ERROR: can't load \"%s\"\n", cert); + return NULL; + } + #else + if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, + SSL_FILETYPE_ASN1) != SSL_SUCCESS){ + printf("ERROR: can't load certificate data\n"); + return; + } + #endif +} + +int wolfSSL_TLS_client_do(void *pvParam) +{ + + int ret; + + TestInfo* p = (TestInfo*)pvParam; + /* FreeRTOS+TCP Objects */ + socklen_t xSize = sizeof(struct freertos_sockaddr); + xSocket_t xClientSocket = NULL; + struct freertos_sockaddr xRemoteAddress; + + WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx; + WOLFSSL *ssl = NULL; + + #define BUFF_SIZE 256 + static const char sendBuff[]= "Hello Server\n" ; + + char rcvBuff[BUFF_SIZE] = {0}; + + /* Client Socket Setup */ + xRemoteAddress.sin_port = FreeRTOS_htons(p->port); + xRemoteAddress.sin_addr = FreeRTOS_inet_addr(SERVER_IP); + + /* Create a FreeRTOS TCP Socket and connect */ + xClientSocket = FreeRTOS_socket(FREERTOS_AF_INET, + FREERTOS_SOCK_STREAM, + FREERTOS_IPPROTO_TCP); + + configASSERT(xClientSocket != FREERTOS_INVALID_SOCKET); + + FreeRTOS_bind(xClientSocket, NULL, sizeof(xSize)); + + /* Client Socket Connect */ + ret = FreeRTOS_connect(xClientSocket, + &xRemoteAddress, + sizeof(xRemoteAddress)); + + if (ret != FR_SOCKET_SUCCESS) { + printf(" Error [%d]: FreeRTOS_connect.\n", ret); + goto out; + } + + printf(" Start to connect to the server.\n"); + + if((ssl = wolfSSL_new(ctx)) == NULL) { + printf(" ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0)); + goto out; + } + + /* Attach wolfSSL to the socket */ + ret = wolfSSL_set_fd(ssl, (int) xClientSocket); + if (ret != WOLFSSL_SUCCESS) { + printf(" Error [%d]: wolfSSL_set_fd.\n",ret); + } + + printf(" Cipher : %s\n", + (p->cipher == NULL) ? "NULL" : p->cipher); + /* use specific cipher */ + if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher) + != WOLFSSL_SUCCESS) { + printf(" client can't set cipher list 1"); + goto out; + } + + #ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); + #endif + + if(wolfSSL_connect(ssl) != SSL_SUCCESS) { + printf(" ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0)); + goto out; + } + + #ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_OFF(); + #endif + + if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff)) + != (int)strlen(sendBuff)) { + printf(" ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0)); + goto out; + } + + if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE)) < 0) { + printf(" ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0)); + goto out; + } + + rcvBuff[ret] = '\0' ; + printf(" Received: %s\n\n", rcvBuff); + + out: + if (ssl) { + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + ssl = NULL; + /* need to reset callback */ + } + /* clean up socket */ + if (xClientSocket) { + FreeRTOS_shutdown(xClientSocket, FREERTOS_SHUT_RDWR); + FreeRTOS_closesocket(xClientSocket); + xClientSocket = NULL; + } + + return ret; +} + +#endif /* TLS_CLIENT */ diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c new file mode 100644 index 000000000..b4ce624c9 --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c @@ -0,0 +1,210 @@ +/* wolf_server.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#include "wolfssl_demo.h" + +#if defined(TLS_SERVER) + +#include +#include + +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/ssl.h" +#include "wolfssl/certs_test.h" +#include "wolfssl_demo.h" + +WOLFSSL_CTX *server_ctx = NULL; + +void wolfSSL_TLS_server_init() +{ + + int ret; + + #if defined(USE_CERT_BUFFERS_256) + const unsigned char *cert = serv_ecc_der_256; + #define sizeof_cert sizeof_serv_ecc_der_256 + const unsigned char *key = ecc_key_der_256; + #define sizeof_key sizeof_serv_ecc_der_256 + const unsigned char *clientCert = cliecc_cert_der_256; + #define sizeof_clicert sizeof_cliecc_cert_der_256 + #else + const unsigned char *cert = server_cert_der_2048; + #define sizeof_cert sizeof_server_cert_der_2048 + const unsigned char *key = server_key_der_2048; + #define sizeof_key sizeof_server_key_der_2048 + const unsigned char *clientCert = client_cert_der_2048; + #define sizeof_clicert sizeof_client_cert_der_2048 + #endif + + wolfSSL_Init(); + + #ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); + #endif + + /* Create and initialize WOLFSSL_CTX */ + if ((server_ctx = wolfSSL_CTX_new( + wolfSSLv23_server_method_ex((void *)NULL))) == NULL) { + printf("ERROR: failed to create WOLFSSL_CTX\n"); + return; + } + + ret = wolfSSL_CTX_use_certificate_buffer(server_ctx, cert, + sizeof_cert, SSL_FILETYPE_ASN1); + if (ret != SSL_SUCCESS) { + printf("Error %d loading server-cert!\n", ret); + return; + } + + /* Load server key into WOLFSSL_CTX */ + ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key, + SSL_FILETYPE_ASN1); + if (ret != SSL_SUCCESS) { + printf("Error %d loading server-key!\n", ret); + return; + } + + if (1) { + wolfSSL_CTX_set_verify(server_ctx, WOLFSSL_VERIFY_PEER | + WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert, + sizeof_clicert, + SSL_FILETYPE_ASN1) != SSL_SUCCESS) + printf("can't load ca file, Please run from wolfSSL home dir\n"); + } +} + +int wolfSSL_TLS_server_do(void *pvParam) +{ + int ret; + WOLFSSL *ssl = NULL; + word32 len; + #define BUFF_SIZE 256 + char buff[BUFF_SIZE]; + + TestInfo* p = (TestInfo*)pvParam; + WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx;; + + /* FreeRTOS+TCP parameters and objects */ + struct freertos_sockaddr xClient, xBindAddress; + Socket_t xListeningSocket, xConnectedSocket; + socklen_t xSize = sizeof(xClient); + const BaseType_t xBacklog = 1; /* Max number of connections */ + static const TickType_t xReceiveTimeOut = portMAX_DELAY; + + /* Send/Receive Message */ + const char *reply = "I hear ya fa shizzle!\n"; + len = (word32)XSTRLEN(*reply); + + /* Attempt to open the socket. */ + xListeningSocket = FreeRTOS_socket(FREERTOS_AF_INET, + FREERTOS_SOCK_STREAM, + FREERTOS_IPPROTO_TCP); + configASSERT(xListeningSocket != FREERTOS_INVALID_SOCKET); + + /* Set a time out so accept() will just wait for a connection. */ + FreeRTOS_setsockopt(xListeningSocket, 0, + FREERTOS_SO_RCVTIMEO, &xReceiveTimeOut, sizeof(xReceiveTimeOut)); + + xBindAddress.sin_port = (uint16_t) DEFAULT_PORT; + xBindAddress.sin_port = FreeRTOS_htons(xBindAddress.sin_port); + + configASSERT(xListeningSocket != FREERTOS_INVALID_SOCKET); + + ret = FreeRTOS_bind(xListeningSocket, &xBindAddress, sizeof(xBindAddress)); + if (ret == FR_SOCKET_SUCCESS) + ret = FreeRTOS_listen(xListeningSocket, xBacklog); + + if (ret != FR_SOCKET_SUCCESS) { + printf("Error [%d]: FreeRTOS_bind.\n",ret); + goto out; + } + + while (1) { + ret = WOLFSSL_FAILURE; + xConnectedSocket = FreeRTOS_accept(xListeningSocket, &xClient, &xSize); + configASSERT(xConnectedSocket != FREERTOS_INVALID_SOCKET); + + if((ssl = wolfSSL_new(ctx)) == NULL) { + printf("ERROR: failed wolfSSL_new\n"); + goto out; + } + /* Attach wolfSSL to the socket */ + ret = wolfSSL_set_fd(ssl, (int) xConnectedSocket); + /* Establish TLS connection */ + if (ret != WOLFSSL_SUCCESS) { + printf("Error [%d]: wolfSSL_set_fd.\n",ret); + goto out; + } + + if (wolfSSL_accept(ssl) < 0) { + printf("ERROR: SSL Accept(%d)\n", wolfSSL_get_error(ssl, 0)); + goto out; + } + + + if ((len = wolfSSL_read(ssl, buff, sizeof(buff) - 1)) < 0) { + printf("ERROR: SSL Read(%d)\n", wolfSSL_get_error(ssl, 0)); + goto out; + } + + buff[len] = '\0'; + printf("Received: %s\n", buff); + + /* Write our reply into buff */ + memset(buff, 0, sizeof(buff)); + memcpy(buff, reply, len); + + /* Reply back to the client */ + if (wolfSSL_write(ssl, buff, len) != len) { + printf("ERROR: SSL Write(%d)\n", wolfSSL_get_error(ssl, 0)); + } + + /* Cleanup after this connection */ + printf("Cleaning up socket and wolfSSL objects.\n"); + if (xConnectedSocket != NULL) + FreeRTOS_closesocket(xConnectedSocket); + if (ssl != NULL) + wolfSSL_free(ssl); + + printf("Waiting connection...."); + } + +out: + if (ssl) { + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + } + + /* clean up socket */ + if (xConnectedSocket) { + FreeRTOS_shutdown(xConnectedSocket, FREERTOS_SHUT_RDWR); + FreeRTOS_closesocket(xConnectedSocket); + xConnectedSocket = NULL; + } + if (xListeningSocket) { + FreeRTOS_shutdown(xListeningSocket, FREERTOS_SHUT_RDWR); + FreeRTOS_closesocket(xListeningSocket); + xListeningSocket = NULL; + } + + return ret; +} +#endif /* TLS_SERVER */ diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c new file mode 100644 index 000000000..e22c95cb4 --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c @@ -0,0 +1,1319 @@ +/* wolfssl_sce_unit_test.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#include +#include +#include + +#include + +#if defined(WOLFSSL_RENESAS_FSPSM) && \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + +#include +#include +#include +#include +#include +#include + +#include "FreeRTOS.h" + +extern FSPSM_INSTANCE gFSPSM_ctrl; +int devId1 = INVALID_DEVID; + +#ifndef NO_SHA + int sha_test(); +#endif + +#ifndef NO_SHA256 + int sha256_test(); + void tskSha256_Test1(void *pvParam); + int rsip_crypt_sha256_multitest(); +#endif +#ifdef WOLFSSL_SHA224 + int sha224_test(); +#endif +#ifdef WOLFSSL_SHA384 + int sha384_test(); +#endif +#ifdef WOLFSSL_SHA512 + int sha512_test(); +#endif + +#define STACK_SIZE (1 * 1024) + +#define RESULT_STR(ret) if (ret == 0)\ + printf(" \tPassed \n");\ + else \ + printf(" \tFailed \n"); + +static xSemaphoreHandle exit_semaph; +static byte exit_loop = 0; +static byte sha256_multTst_rslt1 = 0; +static byte sha256_multTst_rslt2 = 0; +static byte Aes128_Cbc_multTst_rslt = 0; +static byte Aes256_Cbc_multTst_rslt = 0; +static byte Aes128_Gcm_multTst_rslt = 0; +static byte Aes256_Gcm_multTst_rslt = 0; + +int rsip_crypt_AesCbc_multitest(); +int rsip_crypt_AesGcm_multitest(); +int rsip_crypt_Sha_AesCbcGcm_multitest(); +int rsip_crypt_sha_multitest(); +int rsip_crypt_test(); + +void Clr_CallbackCtx(FSPSM_ST *g); + +FSPSM_ST gCbInfo; +FSPSM_ST gCbInfo_a; /* for multi testing */ + +#if defined(HAVE_AES_CBC) + +#if defined(WOLFSSL_AES_128) + uint8_t wrapped_key1[RSIP_BYTE_SIZE_WRAPPED_KEY_AES_128]; + uint8_t wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_AES_128]; + FSPSM_AES_WKEY g_user_aes128_key_index1 = + (FSPSM_AES_WKEY)wrapped_key1; + FSPSM_AES_WKEY g_user_aes128_key_index2 = + (FSPSM_AES_WKEY)wrapped_key2; +#endif + +#if defined(WOLFSSL_AES_256) + uint8_t wrapped_key3[RSIP_BYTE_SIZE_WRAPPED_KEY_AES_256]; + uint8_t wrapped_key4[RSIP_BYTE_SIZE_WRAPPED_KEY_AES_256]; + FSPSM_AES_WKEY g_user_aes256_key_index1 = + (FSPSM_AES_WKEY)wrapped_key3; + FSPSM_AES_WKEY g_user_aes256_key_index2 = + (FSPSM_AES_WKEY)wrapped_key4; +#endif + +#endif + +#if !defined(NO_RSA) + uint8_t rsa1024_wrapped_key1[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_1024_PUBLIC]; + uint8_t rsa1024_wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_1024_PRIVATE ]; + uint8_t rsa2048_wrapped_key1[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_2048_PUBLIC]; + uint8_t rsa2048_wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_2048_PRIVATE ]; + + FSPSM_RSA1024_WPB_KEY* g_user_rsa1024_public_key = + (FSPSM_RSA1024_WPB_KEY*)rsa1024_wrapped_key1; + FSPSM_RSA1024_WPI_KEY* g_user_rsa1024_private_key = + (FSPSM_RSA1024_WPI_KEY*)rsa1024_wrapped_key2; + FSPSM_RSA2048_WPB_KEY* g_user_rsa2048_public_key = + (FSPSM_RSA2048_WPB_KEY*)rsa2048_wrapped_key1; + FSPSM_RSA2048_WPI_KEY* g_user_rsa2048_private_key = + (FSPSM_RSA2048_WPI_KEY*)rsa2048_wrapped_key2; +#endif +typedef struct tagInfo +{ + FSPSM_AES_WKEY aes_key; +} Info; + +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + +static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_WKEY aes_key) +{ + + Aes aes[1]; + + byte cipher[AES_BLOCK_SIZE]; + byte plain[AES_BLOCK_SIZE]; + word32 keySz = (word32)(128/8); + int ret = 0; + + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + /* "Now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + byte iv[] = "1234567890abcdef "; /* align */ + + XMEMSET(cipher, 0, AES_BLOCK_SIZE); + XMEMSET(plain, 0, AES_BLOCK_SIZE); + + if (prnt) { + printf(" rsip_aes_cbc_test() "); + } + + ret = wc_AesInit(aes, NULL, devId1); + if (ret == 0) { + ret = wc_AesSetKey(aes, (byte*)aes_key, keySz, + iv, AES_ENCRYPTION); + if (ret == 0) { + ret = wc_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE); + } + + wc_AesFree(aes); + } + + if (ret != 0) + ret = -1; + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesInit(aes, NULL, devId1); + if (ret == 0) { + ret = wc_AesSetKey(aes, (byte*)aes_key, keySz, + iv, AES_DECRYPTION); + if (ret == 0) + ret = wc_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE); + + wc_AesFree(aes); + } + if (ret != 0) + ret = -2; + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0) + ret = -3; +#endif /* HAVE_AES_DECRYPT */ + + (void)plain; + + if (prnt) { + RESULT_STR(ret) + } + + return ret; +} + +static void tskAes128_Cbc_Test(void *pvParam) +{ + int ret = 0; + Info *p = (Info*)pvParam; + + while (exit_loop == 0) { + ret = rsip_aes128_cbc_test(0, p->aes_key); + vTaskDelay(10/portTICK_PERIOD_MS); + if (ret != 0) { + printf(" result was not good(%d). rsip_aes_cbc_test\n", ret); + Aes128_Cbc_multTst_rslt = 1; + } + } + + xSemaphoreGive(exit_semaph); + vTaskDelete(NULL); +} + +#endif + +#ifdef WOLFSSL_AES_256 +static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_WKEY aes_key) +{ + Aes enc[1]; + byte cipher[AES_BLOCK_SIZE]; + byte plain[AES_BLOCK_SIZE]; + Aes dec[1]; + const word32 keySz = (word32)(256/8); + int ret = 0; + + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition, + * Appendix F.2.5 */ + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + WOLFSSL_SMALL_STACK_STATIC byte iv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F + }; + + if (prnt) + printf(" rsip_aes256_test() "); + + if (wc_AesInit(enc, NULL, devId1) != 0) { + ret = -1; + goto out; + } + + if (wc_AesInit(dec, NULL, devId1) != 0){ + ret = -2; + goto out; + } + + ret = wc_AesSetKey(enc, (uint8_t*)aes_key, + keySz, iv, AES_ENCRYPTION); + if (ret != 0){ + ret = -3; + goto out; + } + + ret = wc_AesSetKey(dec, (uint8_t*)aes_key, + keySz, iv, AES_DECRYPTION); + if (ret != 0) { + ret = -4; + goto out; + } + + XMEMSET(cipher, 0, AES_BLOCK_SIZE); + ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg)); + + if (ret != 0) { + ret = -5; + goto out; + } + + XMEMSET(plain, 0, AES_BLOCK_SIZE); + ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher)); + + if (ret != 0){ + ret = -6; + goto out; + } + if (XMEMCMP(plain, msg, (int) sizeof(plain))) { + ret = -7; + goto out; + } + +out: + wc_AesFree(enc); + wc_AesFree(dec); + + if (prnt) { + RESULT_STR(ret) + } + + return ret; +} + +static void tskAes256_Cbc_Test(void *pvParam) +{ + int ret = 0; + Info *p = (Info*)pvParam; + + while (exit_loop == 0) { + ret = rsip_aes256_cbc_test(0, p->aes_key); + vTaskDelay(10/portTICK_PERIOD_MS); + if (ret != 0) { + printf(" result was not good(%d). rsip_aes256_test\n", ret); + Aes256_Cbc_multTst_rslt = 1; + } + } + + xSemaphoreGive(exit_semaph); + vTaskDelete(NULL); +} + +#endif /* WOLFSSL_AES_256 */ + +#if defined(WOLFSSL_AES_256) +static int rsip_aesgcm256_test(int prnt, FSPSM_AES_WKEY aes256_key) +{ + Aes enc[1]; + Aes dec[1]; + FSPSM_ST userContext; + word32 keySz = (word32)(256/8); + /* + * This is Test Case 16 from the document Galois/ + * Counter Mode of Operation (GCM) by McGrew and + * Viega. + */ + WOLFSSL_SMALL_STACK_STATIC const byte p[] = + { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte a[] = + { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = + { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte c1[] = + { + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, + 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, + 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, + 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, + 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, + 0xbc, 0xc9, 0xf6, 0x62 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte t1[] = + { + 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, + 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b + }; + + byte resultT[sizeof(t1)]; + byte resultP[sizeof(p) + AES_BLOCK_SIZE]; + byte resultC[sizeof(p) + AES_BLOCK_SIZE]; + int result = 0; + int ret; + + (void) result; + + if (prnt) { + printf(" rsip_aes256_gcm_test() "); + } + + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + XMEMSET(&userContext, 0, sizeof(FSPSM_ST)); + + if (wc_AesInit(enc, NULL, devId1) != 0) { + ret = -1; + goto out; + } + if (wc_AesInit(dec, NULL, devId1) != 0) { + ret = -2; + goto out; + } + + result = wc_AesGcmSetKey(enc, (byte*)aes256_key, + keySz); + if (result != 0) { + ret = -3; + goto out; + } + + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), + (byte*)iv1, sizeof(iv1), + resultT, sizeof(resultT), + a, sizeof(a)); + + if (result != 0) { + ret = -4; + goto out; + } + + result = wc_AesGcmSetKey(dec, (byte*)aes256_key, + keySz); + if (result != 0) { + ret = -7; + goto out; + } + + result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), + iv1, sizeof(iv1), resultT, sizeof(resultT), + a, sizeof(a)); + if (result != 0){ + ret = -8; + goto out; + } + if (XMEMCMP(p, resultP, sizeof(p))) { + ret = -9; + goto out; + } + + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + + wc_AesGcmSetKey(enc, (byte*)aes256_key, + RSIP_BYTE_SIZE_WRAPPED_KEY_AES_256); + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), + (byte*)iv1, sizeof(iv1), + resultT + 1, sizeof(resultT) - 1, + a, sizeof(a)); + if (result != 0) { + ret = -10; + goto out; + } + + result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p), + iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, + a, sizeof(a)); + + if (result != 0) { + ret = -11; + goto out; + } + if (XMEMCMP(p, resultP, sizeof(p))) { + ret = -12; + goto out; + } + + ret = 0; + + out: + wc_AesFree(enc); + wc_AesFree(dec); + + if (prnt) { + RESULT_STR(ret) + } + + return ret; +} + +static void tskAes256_Gcm_Test(void *pvParam) +{ + int ret = 0; + Info *p = (Info*)pvParam; + + while (exit_loop == 0) { + ret = rsip_aesgcm256_test(0, p->aes_key); + vTaskDelay(10/portTICK_PERIOD_MS); + if (ret != 0) { + printf(" result was not good(%d). rsip_aesgcm256_test\n", ret); + Aes256_Gcm_multTst_rslt = 1; + } + } + + xSemaphoreGive(exit_semaph); + vTaskDelete(NULL); +} +#endif + +#if defined(WOLFSSL_AES_128) + +static int rsip_aesgcm128_test(int prnt, FSPSM_AES_WKEY aes128_key) +{ + Aes enc[1]; + Aes dec[1]; + FSPSM_ST userContext; + word32 keySz = (word32)(128/8); + /* + * This is Test Case 16 from the document Galois/ + * Counter Mode of Operation (GCM) by McGrew and + * Viega. + */ + WOLFSSL_SMALL_STACK_STATIC const byte p[] = + { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte t1[] = + { + 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, + 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b + }; + + /* The following is an interesting test case from the example + * FIPS test vectors for AES-GCM. IVlen = 1 byte */ + WOLFSSL_SMALL_STACK_STATIC const byte p3[] = + { + 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5, + 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = + { + 0xca + }; + + WOLFSSL_SMALL_STACK_STATIC const byte c3[] = + { + 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f, + 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte a3[] = + { + 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1, + 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte t3[] = + { + 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95, + 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6 + }; + + byte resultT[sizeof(t1)]; + byte resultP[sizeof(p) + AES_BLOCK_SIZE]; + byte resultC[sizeof(p) + AES_BLOCK_SIZE]; + int result = 0; + int ret; + + (void) result; + + if (prnt) { + printf(" rsip_aes128_gcm_test() "); + } + + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + XMEMSET(&userContext, 0, sizeof(FSPSM_ST)); + + if (wc_AesInit(enc, NULL, devId1) != 0) { + ret = -1; + goto out; + } + + if (wc_AesInit(dec, NULL, devId1) != 0) { + ret = -2; + goto out; + } + + wc_AesGcmSetKey(enc, (byte*)aes128_key, keySz); + if (result != 0) { + ret = -3; + goto out; + } + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3), + resultT, sizeof(t3), a3, sizeof(a3)); + if (result != 0) { + ret = -4; + goto out; + } + + + result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3), + iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3)); + if (result != 0) { + ret = -5; + goto out; + } + if (XMEMCMP(p3, resultP, sizeof(p3))) { + ret = -6; + goto out; + } + + ret = 0; + + out: + wc_AesFree(enc); + wc_AesFree(dec); + + if (prnt) { + RESULT_STR(ret) + } + + return ret; +} + +static void tskAes128_Gcm_Test(void *pvParam) +{ + int ret = 0; + Info *p = (Info*)pvParam; + + while (exit_loop == 0) { + ret = rsip_aesgcm128_test(0, p->aes_key); + vTaskDelay(10/portTICK_PERIOD_MS); + if (ret != 0) { + printf(" result was not good(%d). rsip_aesgcm128_test\n", ret); + Aes128_Gcm_multTst_rslt = 1; + } + } + + xSemaphoreGive(exit_semaph); + vTaskDelete(NULL); +} + +#endif + +#if !defined(NO_RSA) + +/* testing rsa sign/verify w/ rsa 2048 bit key */ +#define TEST_STRING "Everyone gets Friday off." +#define TEST_STRING2 "Everyone gets Friday ofv." +#define TEST_STRING_SZ 25 +#define RSA_TEST_BYTES 256 /* up to 2048-bit key */ + +static int rsip_rsa_test(int prnt, int keySize) +{ + int ret = 0; + + RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WC_RNG rng; + const char inStr [] = TEST_STRING; + const char inStr2[] = TEST_STRING2; + const word32 inLen = (word32)TEST_STRING_SZ; + const word32 outSz = RSA_TEST_BYTES; + word32 out_actual_len = 0; + byte *in = NULL; + byte *in2 = NULL; + byte *out= NULL; + byte *out2 = NULL; + + in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (key == NULL || in == NULL || out == NULL || + in2 == NULL || out2 == NULL) { + ret = -1; + goto out; + } + + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(key, 0, sizeof *key); + XMEMCPY(in, inStr, inLen); + XMEMCPY(in2, inStr2, inLen); + XMEMSET(out, 0, outSz); + XMEMSET(out2, 0, outSz); + + ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/); + if (ret != 0) { + goto out; + } + + if ((ret = wc_InitRng(&rng)) != 0) + goto out; + + if ((ret = wc_RsaSetRNG(key, &rng)) != 0) + goto out; + + /* Set Rsa Key created by RSIP in Advance */ + if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) { + goto out; + } + + ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng); + if (ret < 0) { + goto out; + } + + ret = wc_RsaPrivateDecrypt(out, (word32)(keySize/8), out2, outSz, key); + if (ret < 0) { + ret = -1; + goto out; + } + + if (XMEMCMP(in, out2, inLen) != 0) { + ret = -2; + goto out; + } + + ret = 0; +out: + if (key != NULL) { + wc_FreeRsaKey(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (in != NULL) { + XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (in2 != NULL) { + XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (out != NULL) { + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (out2 != NULL) { + XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + (void) prnt; + return ret; +} + +static int rsip_rsa_SignVerify_test(int prnt, int keySize) +{ + int ret = 0; + + RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WC_RNG rng; + word32 sigSz; + const char inStr [] = TEST_STRING; + const char inStr2[] = TEST_STRING2; + const word32 inLen = (word32)TEST_STRING_SZ; + const word32 outSz = RSA_TEST_BYTES; + + byte *in = NULL; + byte *in2 = NULL; + byte *out= NULL; + byte *plain = NULL; + + in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + plain= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + (void) prnt; + + if (key == NULL || in == NULL || out == NULL || plain == NULL) { + ret = -1; + goto out; + } + + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(key, 0, sizeof *key); + XMEMCPY(in, inStr, inLen); + XMEMCPY(in2, inStr2, inLen); + + ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/); + if (ret != 0) { + goto out; + } + + if ((ret = wc_InitRng(&rng)) != 0) + goto out; + + if ((ret = wc_RsaSetRNG(key, &rng)) != 0) + goto out; + + /* make rsa key by SCE */ + if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) { + goto out; + } + + gCbInfo.keyflgs_crypt.bits.message_type = 0; + ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng); + if (ret < 0) { + goto out; + } + sigSz = (word32)ret; + //* this should fail */ + ret = wc_RsaSSL_Verify(in2, inLen, out, (word32)(keySize/8), key); + if (ret != FSP_ERR_CRYPTO_RSIP_FAIL) { + ret = -1; + goto out; + } + /* this should succeed */ + ret = wc_RsaSSL_Verify(in, inLen, out, (word32)(keySize/8), key); + if (ret < 0) { + ret = -1; + goto out; + } + ret = 0; + out: + if (key != NULL) { + wc_FreeRsaKey(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (in != NULL) { + XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (in2 != NULL) { + XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (out != NULL) { + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + return ret; +} +#endif + + + +#ifndef NO_SHA256 + +void tskSha256_Test1(void *pvParam) +{ + int ret = 0; + (void)pvParam; + + while (exit_loop == 0) { + ret = sha256_test(); + vTaskDelay(10/portTICK_PERIOD_MS); + if (ret != 0) { + printf(" result was not good(%d). sha_test\n", ret); + sha256_multTst_rslt1 = 1; + } + } + + xSemaphoreGive(exit_semaph); + vTaskDelete(NULL); +} + +static void tskSha256_Test2(void *pvParam) +{ + int ret = 0; + (void)pvParam; + + while (exit_loop == 0) { + ret = sha256_test(); + vTaskDelay(10/portTICK_PERIOD_MS); + if (ret != 0) { + printf(" result was not good(%d). sha256_test\n", ret); + sha256_multTst_rslt2 = 1; + } + } + + xSemaphoreGive(exit_semaph); + vTaskDelete(NULL); +} +#endif + +int rsip_crypt_sha256_multitest() +{ + int ret = 0; + int num = 0; + int i; + BaseType_t xRet; + +#ifndef NO_SHA256 + num+=2; +#endif + exit_loop = 0; + sha256_multTst_rslt1 = 0; + sha256_multTst_rslt2 = 0; + + exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0); + xRet = pdPASS; + +#ifndef NO_SHA256 + xRet = xTaskCreate(tskSha256_Test1, "sha256_test1", + STACK_SIZE, NULL, 2, NULL); + if (xRet == pdPASS) + xRet = xTaskCreate(tskSha256_Test2, "sha256_test2", + STACK_SIZE, NULL, 3, NULL); +#endif + + if (xRet == pdPASS) { + printf(" Waiting for completing tasks ..."); + vTaskDelay(10000/portTICK_PERIOD_MS); + exit_loop = true; + + for (i = 0; i < num; i++) { + if(!xSemaphoreTake(exit_semaph, 2000/portTICK_PERIOD_MS)) { + printf("exit semaphore not released by test task"); + ret = -1; + xRet = pdFAIL; + } + } + } + + vSemaphoreDelete(exit_semaph); + + if ((xRet == pdPASS) && + (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0)) + ret = 0; + else + ret = -1; + + RESULT_STR(ret) + + return ret; +} + + +int rsip_crypt_AesCbc_multitest() +{ + int ret = 0; + int num = 0; + int i; + Info info_aes1; + Info info_aes2; + Info info_aes256_1; + Info info_aes256_2; + BaseType_t xRet; + +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + num+=2; +#endif +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + num+=2; +#endif + exit_loop = 0; + Aes128_Cbc_multTst_rslt = 0; + Aes256_Cbc_multTst_rslt = 0; + + exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0); + xRet = pdPASS; + +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1, + sizeof(FSPSM_AES_WKEY)); + xRet = xTaskCreate(tskAes128_Cbc_Test, "aes_cbc_tes1t", + STACK_SIZE, &info_aes1, 3, NULL); +#endif +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + XMEMCPY(&info_aes2.aes_key, &g_user_aes128_key_index2, + sizeof(FSPSM_AES_WKEY)); + if (xRet == pdPASS) + xRet = xTaskCreate(tskAes128_Cbc_Test, "aes_cbc_test2", + STACK_SIZE, &info_aes2, 3, NULL); +#endif + +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + XMEMCPY(&info_aes256_1.aes_key, &g_user_aes256_key_index1, + sizeof(FSPSM_AES_WKEY)); + if (xRet == pdPASS) + xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1", + STACK_SIZE, &info_aes256_1, 3, NULL); +#endif +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + XMEMCPY(&info_aes256_2.aes_key, &g_user_aes256_key_index2, + sizeof(FSPSM_AES_WKEY)); + if (xRet == pdPASS) + xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2", + STACK_SIZE, &info_aes256_2, 3, NULL); +#endif + + if (xRet == pdPASS) { + printf(" Waiting for completing tasks ... "); + vTaskDelay(10000/portTICK_PERIOD_MS); + exit_loop = 1; + + for (i = 0; i < num; i++) { + if(!xSemaphoreTake(exit_semaph, 2000/portTICK_PERIOD_MS)) { + printf("exit semaphore not released by test task"); + ret = -1; + xRet = pdFAIL; + } + } + } + + vSemaphoreDelete(exit_semaph); + + if ((xRet == pdPASS) && + (Aes128_Cbc_multTst_rslt == 0 && Aes256_Cbc_multTst_rslt == 0)) + ret = 0; + else + ret = -1; + + RESULT_STR(ret) + + return ret; +} + + +int rsip_crypt_AesGcm_multitest() +{ + int ret = 0; + int num = 0; + int i; + Info info_aes1; + Info info_aes2; + Info info_aes256_1; + Info info_aes256_2; + BaseType_t xRet; + +#if defined(WOLFSSL_AES_128) + num+=2; +#endif +#if defined(WOLFSSL_AES_256) + num+=2; +#endif + + exit_loop = 0; + Aes128_Gcm_multTst_rslt = 0; + Aes256_Gcm_multTst_rslt = 0; + + exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0); + xRet = pdPASS; + +#if defined(WOLFSSL_AES_128) + XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1, + sizeof(FSPSM_AES_WKEY)); + xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test1", + STACK_SIZE, &info_aes1, 3, NULL); +#endif + +#if defined(WOLFSSL_AES_128) + XMEMCPY(&info_aes2.aes_key, &g_user_aes128_key_index2, + sizeof(FSPSM_AES_WKEY)); + if (xRet == pdPASS) + xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2", + STACK_SIZE, &info_aes2, 3, NULL); +#endif + +#if defined(WOLFSSL_AES_256) + XMEMCPY(&info_aes256_1.aes_key, &g_user_aes256_key_index1, + sizeof(FSPSM_AES_WKEY)); + if (xRet == pdPASS) + xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test1", + STACK_SIZE, &info_aes256_1, 3, NULL); +#endif + +#if defined(WOLFSSL_AES_256) + XMEMCPY(&info_aes256_2.aes_key, &g_user_aes256_key_index2, + sizeof(FSPSM_AES_WKEY)); + if (xRet == pdPASS) + xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", + STACK_SIZE, &info_aes256_2, 3, NULL); +#endif + + if (xRet == pdPASS) { + printf(" Waiting for completing tasks ... "); + vTaskDelay(10000/portTICK_PERIOD_MS); + exit_loop = 1; + + for (i = 0; i < num; i++) { + if(!xSemaphoreTake(exit_semaph, 2000/portTICK_PERIOD_MS)) { + printf("exit semaphore not released by test task"); + ret = -1; + xRet = pdFAIL; + } + } + } + + vSemaphoreDelete(exit_semaph); + + if ((xRet == pdPASS) && + (Aes128_Gcm_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0)) + ret = 0; + else + ret = -1; + + RESULT_STR(ret) + + return ret; +} + +int rsip_crypt_Sha_AesCbcGcm_multitest() +{ + int ret = 0; + int num = 0; + int i; + Info info_aes128cbc; + Info info_aes128gcm; + Info info_aes256cbc; + Info info_aes256gcm; + BaseType_t xRet; + +#ifndef NO_SHA256 + num+=2; +#endif + +#if defined(WOLFSSL_AES_128) + num+=2; +#endif +#if defined(WOLFSSL_AES_256) + num+=2; +#endif + + exit_loop = 0; + sha256_multTst_rslt1 = 0; + sha256_multTst_rslt2 = 0; + Aes128_Cbc_multTst_rslt = 0; + Aes256_Cbc_multTst_rslt = 0; + Aes128_Gcm_multTst_rslt = 0; + Aes256_Gcm_multTst_rslt = 0; + + exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0); + xRet = pdPASS; + +#ifndef NO_SHA256 + xRet = xTaskCreate(tskSha256_Test1, "sha256_test1", + STACK_SIZE, NULL, 3, NULL); + + if (xRet == pdPASS) + xRet = xTaskCreate(tskSha256_Test2, "sha256_test2", + STACK_SIZE, NULL, 3, NULL); +#endif + +#if defined(WOLFSSL_AES_128) + XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1, + sizeof(FSPSM_AES_WKEY)); + if (xRet == pdPASS) + xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1", + STACK_SIZE, &info_aes128cbc, 3, NULL); +#endif + +#if defined(WOLFSSL_AES_128) + XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2, + sizeof(FSPSM_AES_WKEY)); + if (xRet == pdPASS) + xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2", + STACK_SIZE, &info_aes128gcm, 3, NULL); +#endif + +#if defined(WOLFSSL_AES_256) + XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1, + sizeof(FSPSM_AES_WKEY)); + if (xRet == pdPASS) + xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1", + STACK_SIZE, &info_aes256cbc, 3, NULL); +#endif + +#if defined(WOLFSSL_AES_256) + XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2, + sizeof(FSPSM_AES_WKEY)); + if (xRet == pdPASS) + xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", + STACK_SIZE, &info_aes256gcm, 3, NULL); +#endif + + if (xRet == pdPASS) { + printf(" Waiting for completing tasks ... "); + vTaskDelay(10000/portTICK_PERIOD_MS); + exit_loop = 1; + + for (i = 0; i < num; i++) { + if(!xSemaphoreTake(exit_semaph, 2000/portTICK_PERIOD_MS)) { + printf("exit semaphore not released by test task"); + ret = -1; + xRet = pdFAIL; + } + } + } + + vSemaphoreDelete(exit_semaph); + + if ((xRet == pdPASS) && + (Aes128_Gcm_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0) && + (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0)) { + + ret = 0; + } + else { + ret = -1; + } + + RESULT_STR(ret) + + return ret; +} + +int rsip_crypt_test() +{ + int ret = 0; + fsp_err_t rsip_error_code = FSP_SUCCESS; + + /* Generate AES sce Key */ + + if (rsip_error_code == FSP_SUCCESS) { + #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY) + /* set up Crypt Call back */ + Clr_CallbackCtx(&gCbInfo); + Clr_CallbackCtx(&gCbInfo_a); + + /* sets wrapped aes key */ + gCbInfo.wrapped_key_aes128 = g_user_aes128_key_index1; + gCbInfo.wrapped_key_aes256 = g_user_aes256_key_index1; + /* sets wrapped rsa key */ + gCbInfo.wrapped_key_rsapri1024 = g_user_rsa1024_private_key; + gCbInfo.wrapped_key_rsapub1024 = g_user_rsa1024_public_key; + gCbInfo.wrapped_key_rsapri2048 = g_user_rsa2048_private_key; + gCbInfo.wrapped_key_rsapub2048 = g_user_rsa2048_public_key; + + RSIP_KeyGeneration(&gCbInfo); + + /* Key generation for multi testing */ + gCbInfo_a.wrapped_key_aes128 = g_user_aes128_key_index2; + gCbInfo_a.wrapped_key_aes256 = g_user_aes256_key_index2; + RSIP_KeyGeneration(&gCbInfo_a); + + /* set callback ctx */ + ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &gCbInfo); + + if ( ret > 0) { + devId1 = ret; + ret = 0; + } + + if (ret == 0) { + printf(" rsip_rsa_test(512)(this will be done" + " by SW because RSIP doesn't support 512 bits key size.)"); + ret = rsip_rsa_test(1, 512); + RESULT_STR(ret) + } + + if (ret == 0) { + printf(" rsip_rsa_test(1024)"); + ret = rsip_rsa_test(1, 1024); + RESULT_STR(ret) + } + + if (ret == 0) { + printf(" rsip_rsa_test(2048)"); + ret = rsip_rsa_test(1, 2048); + RESULT_STR(ret) + } + + if (ret == 0) { + gCbInfo.hash_type = RSIP_HASH_TYPE_SHA256 ; + printf(" rsip_rsa_SignVerify_test(1024)"); + ret = rsip_rsa_SignVerify_test(1, 1024); + RESULT_STR(ret) + } + + if (ret == 0 && rsip_error_code == FSP_SUCCESS) { + printf(" rsip_rsa_SignVerify_test(2048)"); + ret = rsip_rsa_SignVerify_test(1, 2048); + RESULT_STR(ret) + } + + #endif /* WOLFSSL_RENESAS_RSIP_CRYPTONLY */ + + #ifndef NO_SHA256 + printf(" sha256_test()"); + ret = sha256_test(); + RESULT_STR(ret) + #endif + #ifdef WOLFSSL_SHA224 + printf(" sha224_test()"); + ret = sha224_test(); + RESULT_STR(ret) + #endif + #ifdef WOLFSSL_SHA384 + printf(" sha384_test()"); + ret = sha384_test(); + RESULT_STR(ret) + #endif + #ifdef WOLFSSL_SHA512 + printf(" sha512_test()"); + ret = sha512_test(); + RESULT_STR(ret) + #endif + + ret = rsip_aes128_cbc_test(1, g_user_aes128_key_index1); + + if (ret == 0) { + ret = rsip_aes256_cbc_test(1, g_user_aes256_key_index1); + } + + if (ret == 0) { + ret = rsip_aesgcm128_test(1, g_user_aes128_key_index1); + } + + if (ret == 0) { + ret = rsip_aesgcm256_test(1, g_user_aes256_key_index1); + } + + if (ret == 0) { + printf(" multi sha thread test\n"); + ret = rsip_crypt_sha256_multitest(); + } + + if (ret == 0) { + printf(" multi Aes cbc thread test\n"); + ret = rsip_crypt_AesCbc_multitest(); + } + + if (ret == 0) { + printf(" multi Aes Gcm thread test\n"); + ret = rsip_crypt_AesGcm_multitest(); + } + #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY) + Clr_CallbackCtx(&gCbInfo); + Clr_CallbackCtx(&gCbInfo_a); + #endif + } + else + ret = -1; + + return ret; +} + +#endif /* WOLFSSL_RENESAS_RSIP */ diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/wolfCrypt/.gitignore b/IDE/Renesas/e2studio/RZN2L/test/src/wolfCrypt/.gitignore new file mode 100644 index 000000000..c96a04f00 --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/test/src/wolfCrypt/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore \ No newline at end of file diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/wolfSSL/.gitignore b/IDE/Renesas/e2studio/RZN2L/test/src/wolfSSL/.gitignore new file mode 100644 index 000000000..c96a04f00 --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/test/src/wolfSSL/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore \ No newline at end of file diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c b/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c new file mode 100644 index 000000000..b809003c6 --- /dev/null +++ b/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c @@ -0,0 +1,33 @@ +/* wolfssl_dummy.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#define YEAR 2023 +#define MON 5 + +static int tick = 0; + +time_t time(time_t *t) +{ + (void)t; + return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++; +} diff --git a/IDE/include.am b/IDE/include.am index dcdbb2c63..4f84b43fd 100644 --- a/IDE/include.am +++ b/IDE/include.am @@ -35,6 +35,7 @@ include IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am include IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am include IDE/Renesas/e2studio/RX65N/RSK/include.am include IDE/Renesas/e2studio/RA6M4/include.am +include IDE/Renesas/e2studio/RZN2L/include.am include IDE/WICED-STUDIO/include.am include IDE/CRYPTOCELL/include.am include IDE/M68K/include.am diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index b00c428a0..dc9c0af14 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1323,7 +1323,11 @@ static const char* bench_result_words2[][5] = { #ifndef NO_HW_BENCH #define BENCH_DEVID #endif - #define BENCH_DEVID_GET_NAME(useDeviceID) (useDeviceID) ? "HW" : "SW" + #ifndef HAVE_RENESAS_SYNC + #define BENCH_DEVID_GET_NAME(useDeviceID) (useDeviceID) ? "HW" : "SW" + #else + #define BENCH_DEVID_GET_NAME(useDeviceID) "" + #endif #else #define BENCH_DEVID_GET_NAME(useDeviceID) "" #endif @@ -1587,7 +1591,10 @@ static const XGEN_ALIGN byte bench_iv_buf[] = }; static THREAD_LS_T byte* bench_key = NULL; static THREAD_LS_T byte* bench_iv = NULL; - +#ifdef HAVE_RENESAS_SYNC +static THREAD_LS_T byte* bench_key1 = NULL; +static THREAD_LS_T byte* bench_key2 = NULL; +#endif #ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_STATIC_MEMORY_TEST_SZ static byte gBenchMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ]; @@ -2381,6 +2388,11 @@ static void* benchmarks_do(void* args) } XMEMCPY(bench_key, bench_key_buf, sizeof(bench_key_buf)); XMEMCPY(bench_iv, bench_iv_buf, sizeof(bench_iv_buf)); +#elif defined(HAVE_RENESAS_SYNC) + bench_key1 = (byte*)guser_PKCbInfo.wrapped_key_aes128; + bench_key2 = (byte*)guser_PKCbInfo.wrapped_key_aes256; + bench_key = (byte*)bench_key_buf; + bench_iv = (byte*)bench_iv_buf; #else bench_key = (byte*)bench_key_buf; bench_iv = (byte*)bench_iv_buf; @@ -2396,7 +2408,7 @@ static void* benchmarks_do(void* args) #ifndef NO_SW_BENCH bench_aescbc(0); #endif - #if defined(BENCH_DEVID) || defined(HAVE_RENESAS_SYNC) + #if defined(BENCH_DEVID) bench_aescbc(1); #endif } @@ -2412,8 +2424,12 @@ static void* benchmarks_do(void* args) !defined(NO_HW_BENCH) bench_aes_aad_options_wrap(bench_aesgcm, 1); #endif - - bench_gmac(); + #ifndef NO_SW_BENCH + bench_gmac(0); + #endif + #if defined(BENCH_DEVID) + bench_gmac(1); + #endif } #endif #ifdef HAVE_AES_ECB @@ -2765,6 +2781,7 @@ static void* benchmarks_do(void* args) #endif #ifndef NO_RSA +#ifndef HAVE_RENESAS_SYNC #ifdef WOLFSSL_KEY_GEN if (bench_all || (bench_asym_algs & BENCH_RSA_KEYGEN)) { #ifndef NO_SW_BENCH @@ -2806,6 +2823,7 @@ static void* benchmarks_do(void* args) } #endif #endif +#endif #ifndef NO_DH if (bench_all || (bench_asym_algs & BENCH_DH)) { @@ -3440,17 +3458,27 @@ exit: void bench_aescbc(int useDeviceID) { #ifdef WOLFSSL_AES_128 +#ifdef HAVE_RENESAS_SYNC + bench_aescbc_internal(useDeviceID, bench_key1, 16, bench_iv, + "AES-128-CBC-enc", "AES-128-CBC-dec"); +#else bench_aescbc_internal(useDeviceID, bench_key, 16, bench_iv, "AES-128-CBC-enc", "AES-128-CBC-dec"); #endif +#endif #ifdef WOLFSSL_AES_192 bench_aescbc_internal(useDeviceID, bench_key, 24, bench_iv, "AES-192-CBC-enc", "AES-192-CBC-dec"); #endif #ifdef WOLFSSL_AES_256 +#ifdef HAVE_RENESAS_SYNC + bench_aescbc_internal(useDeviceID, bench_key2, 32, bench_iv, + "AES-256-CBC-enc", "AES-256-CBC-dec"); +#else bench_aescbc_internal(useDeviceID, bench_key, 32, bench_iv, "AES-256-CBC-enc", "AES-256-CBC-dec"); #endif +#endif } #endif /* HAVE_AES_CBC */ @@ -3756,18 +3784,28 @@ void bench_aesgcm(int useDeviceID) #if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES) \ && !defined(WOLFSSL_XILINX_CRYPT) \ || defined(WOLFSSL_XILINX_CRYPT_VERSAL) +#ifdef HAVE_RENESAS_SYNC + bench_aesgcm_internal(useDeviceID, bench_key1, 16, bench_iv, 12, + AES_GCM_STRING(128, enc), AES_GCM_STRING(128, dec)); +#else bench_aesgcm_internal(useDeviceID, bench_key, 16, bench_iv, 12, AES_GCM_STRING(128, enc), AES_GCM_STRING(128, dec)); #endif +#endif #if defined(WOLFSSL_AES_192) && !defined(WOLFSSL_AFALG_XILINX_AES) \ && !defined(WOLFSSL_XILINX_CRYPT) bench_aesgcm_internal(useDeviceID, bench_key, 24, bench_iv, 12, AES_GCM_STRING(192, enc), AES_GCM_STRING(192, dec)); #endif #ifdef WOLFSSL_AES_256 +#ifdef HAVE_RENESAS_SYNC + bench_aesgcm_internal(useDeviceID, bench_key2, 32, bench_iv, 12, + AES_GCM_STRING(256, enc), AES_GCM_STRING(256, dec)); +#else bench_aesgcm_internal(useDeviceID, bench_key, 32, bench_iv, 12, AES_GCM_STRING(256, enc), AES_GCM_STRING(256, dec)); #endif +#endif #ifdef WOLFSSL_AESGCM_STREAM #undef AES_GCM_STRING #define AES_GCM_STRING(n, dir) AES_AAD_STRING("AES-" #n "-GCM-STREAM-" #dir) @@ -3791,7 +3829,7 @@ void bench_aesgcm(int useDeviceID) } /* GMAC */ -void bench_gmac(void) +void bench_gmac(int useDeviceID) { int ret, count = 0; Gmac gmac; @@ -3815,9 +3853,13 @@ void bench_gmac(void) XMEMSET(bench_plain, 0, bench_size); XMEMSET(tag, 0, sizeof(tag)); XMEMSET(&gmac, 0, sizeof(Gmac)); /* clear context */ - (void)wc_AesInit((Aes*)&gmac, HEAP_HINT, INVALID_DEVID); + (void)wc_AesInit((Aes*)&gmac, HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID); +#ifdef HAVE_RENESAS_SYNC + wc_GmacSetKey(&gmac, bench_key1, 16); +#else wc_GmacSetKey(&gmac, bench_key, 16); - +#endif bench_stats_start(&count, &start); do { ret = wc_GmacUpdate(&gmac, bench_iv, 12, bench_plain, bench_size, diff --git a/wolfcrypt/benchmark/benchmark.h b/wolfcrypt/benchmark/benchmark.h index 6e5d80f8c..744c667dd 100644 --- a/wolfcrypt/benchmark/benchmark.h +++ b/wolfcrypt/benchmark/benchmark.h @@ -51,7 +51,7 @@ void bench_chacha(void); void bench_chacha20_poly1305_aead(void); void bench_aescbc(int useDeviceID); void bench_aesgcm(int useDeviceID); -void bench_gmac(void); +void bench_gmac(int useDeviceID); void bench_aesccm(int useDeviceID); void bench_aesecb(int useDeviceID); void bench_aesxts(void); diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 8a46dd1fc..c2cbfffc8 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2796,6 +2796,11 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( #elif defined(WOLFSSL_SILABS_SE_ACCEL) /* implemented in wolfcrypt/src/port/silabs/silabs_aes.c */ +#elif ((defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_AES)) + /* implemented in wolfcrypt/src/port/renesas/renesas_fspsm_aes.c */ + #else /* Software AES - SetKey */ @@ -4816,6 +4821,7 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) if (!((len == 16) || (len == 24) || (len == 32))) return BAD_FUNC_ARG; + if (aes == NULL) { #ifdef WOLFSSL_IMX6_CAAM_BLOB ForceZero(local, sizeof(local)); @@ -4832,7 +4838,6 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) #ifdef WOLFSSL_AESGCM_STREAM aes->gcmKeySet = 1; #endif - #ifdef WOLFSSL_AESNI /* AES-NI code generates its own H value. */ if (haveAESNI) @@ -4844,6 +4849,12 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) } #endif /* WOLFSSL_SECO_CAAM */ + #if ((defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_AES)) + return ret; + #endif /* WOLFSSL_RENESAS_RSIP && WOLFSSL_RENESAS_FSPSM_CRYPTONLY*/ + #if !defined(FREESCALE_LTC_AES_GCM) if (ret == 0) ret = wc_AesEncrypt(aes, iv, aes->gcm.H); @@ -9651,6 +9662,9 @@ int wc_AesInit(Aes* aes, void* heap, int devId) ret = wc_psa_aes_init(aes); #endif +#if defined(WOLFSSL_RENESAS_FSPSM) + XMEMSET(&aes->ctx, 0, sizeof(aes->ctx)); +#endif return ret; } @@ -9764,6 +9778,12 @@ void wc_AesFree(Aes* aes) #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(aes, sizeof(Aes)); #endif + +#if ((defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_AES)) + wc_fspsm_Aesfree(aes); +#endif } diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 74d33825c..3cfbd72b7 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -51,6 +51,8 @@ uint32_t g_CAscm_Idx = (uint32_t)-1; /* index of CM table */ static int gdevId = 7890; /* initial dev Id for Crypt Callback */ #ifdef WOLF_CRYPTO_CB +/* store callback ctx by devId */ +FSPSM_ST *gCbCtx[MAX_FSPSM_CBINDEX]; #include @@ -271,25 +273,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && info->cipher.aesgcm_enc.aes->keylen == 16))) { - if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && - info->cipher.aesgcm_enc.aes->keylen == 32) { - - XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.wrapped_key, - &cbInfo->wrapped_key_aes256, - sizeof(FSPSM_AES_WKEY)); - info->cipher.aesgcm_enc.aes->ctx.keySize = 32; - - } - else if ( - cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && - info->cipher.aesgcm_enc.aes->keylen == 16) { - - XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.wrapped_key, - &cbInfo->wrapped_key_aes128, - sizeof(FSPSM_AES_WKEY)); - info->cipher.aesgcm_enc.aes->ctx.keySize = 16; - } - ret = wc_fspsm_AesGcmEncrypt( info->cipher.aesgcm_enc.aes, (byte*)info->cipher.aesgcm_enc.out, @@ -310,25 +293,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && info->cipher.aesgcm_dec.aes->keylen == 16)) { - if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && - info->cipher.aesgcm_dec.aes->keylen == 32) { - - XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.wrapped_key, - &cbInfo->wrapped_key_aes256, - sizeof(FSPSM_AES_WKEY)); - info->cipher.aesgcm_dec.aes->ctx.keySize = 32; - - } - else if ( - cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && - info->cipher.aesgcm_dec.aes->keylen == 16) { - - XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.wrapped_key, - &cbInfo->wrapped_key_aes128, - sizeof(FSPSM_AES_WKEY)); - info->cipher.aesgcm_dec.aes->ctx.keySize = 16; - } - ret = wc_fspsm_AesGcmDecrypt( info->cipher.aesgcm_dec.aes, (byte*)info->cipher.aesgcm_dec.out, @@ -351,26 +315,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->cipher.aescbc.aes->keylen == 32) || (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && info->cipher.aescbc.aes->keylen == 16))) { - if (info->cipher.enc) { - if ( - cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && - info->cipher.aescbc.aes->keylen == 32) { - XMEMCPY(&info->cipher.aescbc.aes->ctx.wrapped_key, - &cbInfo->wrapped_key_aes256, - sizeof(FSPSM_AES_WKEY)); - info->cipher.aescbc.aes->ctx.keySize = 32; - - } - else if ( - cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 - && info->cipher.aescbc.aes->keylen == 16) { - XMEMCPY(&info->cipher.aescbc.aes->ctx.wrapped_key, - &cbInfo->wrapped_key_aes128, - sizeof(FSPSM_AES_WKEY)); - info->cipher.aescbc.aes->ctx.keySize = 16; - } - ret = wc_fspsm_AesCbcEncrypt( info->cipher.aescbc.aes, (byte*)info->cipher.aescbc.out, @@ -378,22 +323,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->cipher.aescbc.sz); } else { - if ( - cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && - info->cipher.aescbc.aes->keylen == 32) { - XMEMCPY(&info->cipher.aescbc.aes->ctx.wrapped_key, - &cbInfo->wrapped_key_aes256, - sizeof(FSPSM_AES_WKEY)); - info->cipher.aescbc.aes->ctx.keySize = 32; - } else if ( - cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 - && info->cipher.aescbc.aes->keylen == 16) { - XMEMCPY(&info->cipher.aescbc.aes->ctx.wrapped_key, - &cbInfo->wrapped_key_aes128, - sizeof(FSPSM_AES_WKEY)); - info->cipher.aescbc.aes->ctx.keySize = 16; - } - ret = wc_fspsm_AesCbcDecrypt( info->cipher.aescbc.aes, (byte*)info->cipher.aescbc.out, @@ -412,7 +341,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && (info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) { - ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); + ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key, + info->pk.rsakg.size, (void*)ctx); } #endif if (info->pk.type == WC_PK_TYPE_RSA) { @@ -420,14 +350,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) * in advance. SCE supports 1024 or 2048 bits key size. * otherwise, falls-through happens. */ - if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 - || - cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 - || - cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 - || - cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 - ) { + if (info->pk.rsa.key->ctx.keySz == 1024 || + info->pk.rsa.key->ctx.keySz == 2048) { if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT || info->pk.rsa.type == RSA_PUBLIC_ENCRYPT ) @@ -435,11 +359,10 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) ret = wc_fspsm_RsaFunction(info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, - info->pk.rsa.outLen, + &info->pk.rsa.outLen, info->pk.rsa.type, info->pk.rsa.key, - info->pk.rsa.rng, - (void*)ctx); + info->pk.rsa.rng); } else if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT /* sign */){ ret = wc_fspsm_RsaSign(info->pk.rsa.in, @@ -498,6 +421,21 @@ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated) return ret; } +/* Renesas Security Library Common Method + * Get Callback ctx by devId + * + * devId : devId to get its CTX + * return asocciated CTX when the method is succesfully called. + * otherwise, NULL + */ +WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId) +{ + if (devId >= 7890 && devId <= (MAX_FSPSM_CBINDEX + 7890)) + return gCbCtx[devId - 7890]; + else + return NULL; +} + /* Renesas Security Library Common Method * Crypt Callback initialization * @@ -559,6 +497,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) gdevId = 7890; } + gCbCtx[cbInfo->devId - 7890] = (void*)cbInfo; + return cbInfo->devId; } diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c index e194c12be..4a7bf34a0 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c @@ -34,6 +34,9 @@ #include #include #include +#ifdef WOLF_CRYPTO_CB + #include +#endif #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h" #ifdef NO_INLINE @@ -45,8 +48,14 @@ struct Aes; +WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId); + #define SCE_AES_GCM_AUTH_TAG_SIZE 16 +#if defined(WOLFSSL_RENESAS_RSIP) +extern FSPSM_INSTANCE gFSPSM_ctrl; +#endif + typedef fsp_err_t (*aesGcmEncInitFn) (FSPSM_AESGCM_HANDLE*, FSPSM_AES_WKEY*, uint8_t*, uint32_t); typedef fsp_err_t (*aesGcmEncUpdateFn) @@ -61,6 +70,134 @@ typedef fsp_err_t (*aesGcmDecUpdateFn) typedef fsp_err_t (*aesGcmDecFinalFn) (FSPSM_AESGCM_HANDLE*, uint8_t*, uint32_t*, uint8_t*, uint32_t); +#if defined(WOLFSSL_RENESAS_RSIP) +/* wrapper for Gcm enrypt init */ +static fsp_err_t _R_RSIP_AES_GCM_EncryptInit(FSPSM_AESGCM_HANDLE* h, + FSPSM_AES_WKEY* k, uint8_t* iv, + uint32_t iv_l) +{ + (void) h; + return R_RSIP_AES_GCM_EncryptInit(&gFSPSM_ctrl, (FSPSM_AES_WKEY const)*k, + (uint8_t* const)iv, iv_l); +} +/* wrapper for Gcm enrypt update */ +static fsp_err_t _R_RSIP_AES_GCM_EncryptUpdate(FSPSM_AESGCM_HANDLE* h, + uint8_t* p_plain, uint8_t* p_cipher, uint32_t plain_length, + uint8_t* p_add, uint32_t add_len) +{ + (void) h; + return R_RSIP_AES_GCM_EncryptUpdate(&gFSPSM_ctrl, (uint8_t* const) p_plain, + (uint8_t* const) p_cipher, + (uint32_t const) plain_length, + (uint8_t* const) p_add, + (uint32_t const) add_len); +} +/* wrapper for Gcm enrypt final */ +static fsp_err_t _R_RSIP_AES_GCM_EncryptFinal(FSPSM_AESGCM_HANDLE* h, + uint8_t* p_cipher, uint32_t* c_len, + uint8_t* p_atag) +{ + (void) h; + return R_RSIP_AES_GCM_EncryptFinal(&gFSPSM_ctrl, (uint8_t* const) p_cipher, + (uint32_t* const) c_len, + (uint8_t* const) p_atag); +} +/* wrapper for Gcm decrypt init */ +static fsp_err_t _R_RSIP_AES_GCM_DecryptInit(FSPSM_AESGCM_HANDLE* h, + FSPSM_AES_WKEY* k, uint8_t* iv, uint32_t iv_l) +{ + (void) h; + return R_RSIP_AES_GCM_DecryptInit(&gFSPSM_ctrl, (FSPSM_AES_WKEY const)*k, + (uint8_t* const)iv, iv_l); +} +/* wrapper for Gcm decrypt update */ +static fsp_err_t _R_RSIP_AES_GCM_DecryptUpdate(FSPSM_AESGCM_HANDLE* h, + uint8_t* p_cipher, uint8_t* p_plain, uint32_t c_length, + uint8_t* p_add, uint32_t add_len) +{ + (void) h; + return R_RSIP_AES_GCM_DecryptUpdate(&gFSPSM_ctrl, (uint8_t* const) p_cipher, + (uint8_t* const) p_plain, + (uint32_t const) c_length, + (uint8_t* const) p_add, + (uint32_t const) add_len); +} +/* wrapper for Gcm decrypt final */ +static fsp_err_t _R_RSIP_AES_GCM_DecryptFinal(FSPSM_AESGCM_HANDLE* h, + uint8_t* p_plain, uint32_t* plain_len, + uint8_t* p_atag, uint32_t atag_len) +{ + (void) h; + return R_RSIP_AES_GCM_DecryptFinal(&gFSPSM_ctrl, (uint8_t* const) p_plain, + (uint32_t* const) plain_len, + (uint8_t* const) p_atag, + (uint32_t const) atag_len); +} +/* wrapper for aes cbc encrypt init */ +static fsp_err_t _R_RSIP_AESCBC_Cipher_EncryptInit(FSPSM_AES_HANDLE* h, + FSPSM_AES_WKEY k, + uint8_t* iv) +{ + (void) h; + return R_RSIP_AES_Cipher_EncryptInit(&gFSPSM_ctrl, + RSIP_AES_MODE_CBC, + k, iv); +} +/* wrapper for aes cbc encrypt update */ +static fsp_err_t _R_RSIP_AESCBC_Cipher_EncryptUpdate(FSPSM_AES_HANDLE* h, + uint8_t* p_plain, + uint8_t* p_cipher, + uint32_t plain_length) +{ + (void) h; + return R_RSIP_AES_Cipher_EncryptUpdate(&gFSPSM_ctrl, + (const uint8_t* const)p_plain, + (uint8_t* const)p_cipher, + (const uint32_t)plain_length); +} +/* wrapper for aes cbc encrypt final */ +static fsp_err_t _R_RSIP_AESCBC_Cipher_EncryptFinal(FSPSM_AES_HANDLE* h, + uint8_t* p_cipher, + uint32_t* cipher_lengh) +{ + (void) h; + return R_RSIP_AES_Cipher_EncryptFinal(&gFSPSM_ctrl, + (uint8_t* const)p_cipher, + (uint32_t* const)cipher_lengh); +} +/* wrapper for aes cbc decrypt init */ +static fsp_err_t _R_RSIP_AESCBC_Cipher_DecryptInit(FSPSM_AES_HANDLE* h, + FSPSM_AES_WKEY k, + uint8_t* iv) +{ + (void) h; + return R_RSIP_AES_Cipher_DecryptInit(&gFSPSM_ctrl, + RSIP_AES_MODE_CBC, + k, iv); +} +/* wrapper for aes cbc decrypt update */ +static fsp_err_t _R_RSIP_AESCBC_Cipher_DecryptUpdate(FSPSM_AES_HANDLE* h, + uint8_t* p_cipher, + uint8_t* p_plain, + uint32_t cipher_lengh) +{ + (void) h; + return R_RSIP_AES_Cipher_DecryptUpdate(&gFSPSM_ctrl, + (const uint8_t* const)p_cipher, + (uint8_t* const)p_plain, + (const uint32_t)cipher_lengh); +} +/* wrapper for aes cbc encrypt final */ +static fsp_err_t _R_RSIP_AESCBC_Cipher_DecryptFinal(FSPSM_AES_HANDLE* h, + uint8_t* p_plain, + uint32_t* plain_lengh) +{ + (void) h; + return R_RSIP_AES_Cipher_DecryptFinal(&gFSPSM_ctrl, + (uint8_t* const)p_plain, + (uint32_t* const)plain_lengh); +} +#endif /* Perform Aes Gcm encryption by FSP SM * * aes The AES object. @@ -97,11 +234,14 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, const uint8_t* iv_l = NULL; uint32_t ivSz_l = 0; +#ifdef WOLFSSL_RENESAS_FSPSM_TLS FSPSM_HMAC_WKEY key_client_mac; FSPSM_HMAC_WKEY key_server_mac; +#endif FSPSM_AES_WKEY key_client_aes; FSPSM_AES_WKEY key_server_aes; - + (void) key_server_aes; + /* sanity check */ if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) { return BAD_FUNC_ARG; @@ -136,13 +276,14 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, * those buffers 32bit aligned as SCE requests. */ delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 : - AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE); + (byte)(AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE)); plainBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES); cipherBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES); aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap, DYNAMIC_TYPE_AES); - if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL) { + if ((sz > 0 && plainBuf == NULL) || + ((sz + delta) > 0 && cipherBuf == NULL) || aTagBuf == NULL) { WOLFSSL_MSG("wc_fspsm_AesGcmEncrypt: buffer allocation failed"); ret = -1; } @@ -183,14 +324,22 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out, if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 || info->keyflgs_crypt.bits.aes128_installedkey_set == 1) { if (aes->ctx.keySize == 32) { + #if defined(WOLFSSL_RENESAS_RSIP) + key_client_aes = aes->ctx.wrapped_key; + #else XMEMCPY(&key_client_aes, (FSPSM_AES_WKEY*)info->wrapped_key_aes256, sizeof(FSPSM_AES_WKEY)); + #endif } else { + #if defined(WOLFSSL_RENESAS_RSIP) + key_client_aes = aes->ctx.wrapped_key; + #else XMEMCPY(&key_client_aes, (FSPSM_AES_WKEY*)info->wrapped_key_aes128, sizeof(FSPSM_AES_WKEY)); + #endif } iv_l = iv; ivSz_l = ivSz; @@ -297,11 +446,13 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, const uint8_t* iv_l = NULL; uint32_t ivSz_l = 0; +#ifdef WOLFSSL_RENESAS_TLS FSPSM_HMAC_WKEY key_client_mac; FSPSM_HMAC_WKEY key_server_mac; +#endif FSPSM_AES_WKEY key_client_aes; FSPSM_AES_WKEY key_server_aes; - + (void) key_client_aes; /* sanity check */ if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) { return BAD_FUNC_ARG; @@ -334,7 +485,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, * TSIP requests those buffers 32bit aligned. */ delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 : - AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE); + (byte)(AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE)); cipherBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES); plainBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES); aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap, @@ -378,14 +529,22 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out, if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 || info->keyflgs_crypt.bits.aes128_installedkey_set == 1) { if (aes->ctx.keySize == 32) { + #if defined(WOLFSSL_RENESAS_RSIP) + key_server_aes = aes->ctx.wrapped_key; + #else XMEMCPY(&key_server_aes, (FSPSM_AES_WKEY*)info->wrapped_key_aes256, sizeof(FSPSM_AES_WKEY)); + #endif } else { + #if defined(WOLFSSL_RENESAS_RSIP) + key_server_aes = aes->ctx.wrapped_key; + #else XMEMCPY(&key_server_aes, (FSPSM_AES_WKEY*)info->wrapped_key_aes128, sizeof(FSPSM_AES_WKEY)); + #endif } iv_l = iv; ivSz_l = ivSz; @@ -480,10 +639,22 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out, } if (aes->ctx.keySize == 16) { - ret = FSPSM_AES128CBCEnc_Init(&_handle, &aes->ctx.wrapped_key, iv); + ret = FSPSM_AES128CBCEnc_Init(&_handle, + #ifdef WOLFSSL_RENESAS_RSIP + aes->ctx.wrapped_key, + #else + &aes->ctx.wrapped_key, + #endif + iv); } else if (aes->ctx.keySize == 32) { - ret = FSPSM_AES256CBCEnc_Init(&_handle, &aes->ctx.wrapped_key, iv); + ret = FSPSM_AES256CBCEnc_Init(&_handle, + #ifdef WOLFSSL_RENESAS_RSIP + aes->ctx.wrapped_key, + #else + &aes->ctx.wrapped_key, + #endif + iv); } else { WOLFSSL_MSG("invalid key Size for SCE. Key size is neither 16 or 32."); @@ -548,10 +719,22 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out, } if (aes->ctx.keySize == 16) { - ret = FSPSM_AES128CBCDec_Init(&_handle, &aes->ctx.wrapped_key, iv); + ret = FSPSM_AES128CBCDec_Init(&_handle, + #ifdef WOLFSSL_RENESAS_RSIP + aes->ctx.wrapped_key, + #else + &aes->ctx.wrapped_key, + #endif + iv); } else if (aes->ctx.keySize == 32) { - ret = FSPSM_AES256CBCDec_Init(&_handle, &aes->ctx.wrapped_key, iv); + ret = FSPSM_AES256CBCDec_Init(&_handle, + #ifdef WOLFSSL_RENESAS_RSIP + aes->ctx.wrapped_key, + #else + &aes->ctx.wrapped_key, + #endif + iv); } else { wc_fspsm_hw_unlock(); @@ -586,5 +769,56 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out, return ret; } -#endif /* WOLFSSL_RENESAS_TSIP_CRYPT */ + +/* free contentx related to FSP SM + * + * aes The AES object. + * return none + */ +WOLFSSL_LOCAL void wc_fspsm_Aesfree(Aes* aes) +{ +#if defined(WOLFSSL_RENESAS_RSIP) + if (aes->ctx.wrapped_key) { + /* aes ctx just points user created wrapped key. + * therefore, it just sets pointing to NULL. + * user key should be freed by owenr(user) + */ + aes->ctx.wrapped_key = NULL; + } +#endif +} + +int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) +{ + (void) userKey; + (void) dir; + + if (aes == NULL || userKey == NULL || + !((keylen == 16) || (keylen == 32))) { + return BAD_FUNC_ARG; + } + + if (aes->devId == INVALID_DEVID) { + return BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_AES_COUNTER + aes->left = 0; +#endif + + /* if there is previous key, free */ + if(aes->ctx.wrapped_key) + wc_fspsm_Aesfree(aes); + + /* generate aes key beased on length */ + aes->ctx.wrapped_key = (FSPSM_AES_WKEY)userKey; + aes->keylen = (int)keylen; + aes->ctx.keySize = keylen; + + return wc_AesSetIV(aes, iv); +} +#endif /* WOLFSSL_RENESAS_FSPSM_TLS + WOLFSSL_RENESAS_FSPSM_CRYPTONLY + NO_WOLFSSL_RENESAS_FSPSM_AES */ #endif /* NO_AES */ diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c index 141015c4f..5db4435d5 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c @@ -36,147 +36,76 @@ #include #include -/* Make Rsa key for SCE and set it to callback ctx - * Assumes to be called by Crypt Callback +#if defined(WOLFSSL_RENESAS_RSIP) +extern FSPSM_INSTANCE gFSPSM_ctrl; +#endif + +/* Set Ctx pointer to NULL. + * A created wrapped key should be freed by user * + * key RsaKey object + * return none + */ +WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(RsaKey *key) +{ + if (key == NULL) + return; + + if(key->ctx.wrapped_pri1024_key) + key->ctx.wrapped_pri1024_key = NULL; + + if(key->ctx.wrapped_pub1024_key) + key->ctx.wrapped_pub1024_key = NULL; + + if(key->ctx.wrapped_pri2048_key) + key->ctx.wrapped_pri2048_key = NULL; + + if(key->ctx.wrapped_pub2048_key) + key->ctx.wrapped_pub2048_key = NULL; +} + +/* Set Rsa key by pre-created wrapped user key + * + * key RsaKey object * size desired keylenth, in bits. supports 1024 or 2048 bits * ctx Callback context including pointer to hold generated key * return FSP_SUCCESS(0) on Success, otherwise negative value */ -WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(int size, void* ctx) +WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(RsaKey *key, int size, void* ctx) { - fsp_err_t ret; FSPSM_ST *info = (FSPSM_ST*)ctx; - FSPSM_RSA1024_WPA_KEY *wrapped_pair1024_key = NULL; - FSPSM_RSA2048_WPA_KEY *wrapped_pair2048_key = NULL; - /* sanity check */ - if (ctx == NULL) + if (key == NULL || size < 0 || ctx == NULL) return BAD_FUNC_ARG; - - if ((ret = wc_fspsm_hw_lock()) == 0) { - if (size == 1024) { - wrapped_pair1024_key = - (FSPSM_RSA1024_WPA_KEY*)XMALLOC( - sizeof(FSPSM_RSA1024_WPA_KEY), NULL, - DYNAMIC_TYPE_RSA_BUFFER); - if (wrapped_pair1024_key == NULL) - return MEMORY_E; - - ret = FSPSM_RSA1024_KEYPA_GEN(wrapped_pair1024_key); + if (size == 1024) { + if(info->keyflgs_crypt.bits.rsapri1024_installedkey_set != 1 || + info->keyflgs_crypt.bits.rsapub1024_installedkey_set != 1) { + WOLFSSL_MSG("Caller should create user key in advance."); + WOLFSSL_MSG("Caller also need to installedkey to 1."); + return BAD_FUNC_ARG; } - else if (size == 2048) { - wrapped_pair2048_key = - (FSPSM_RSA2048_WPA_KEY*)XMALLOC( - sizeof(FSPSM_RSA2048_WPA_KEY), NULL, - DYNAMIC_TYPE_RSA_BUFFER); - if (wrapped_pair2048_key == NULL) - return MEMORY_E; - - ret = FSPSM_RSA1024_KEYPA_GEN(wrapped_pair2048_key); + key->ctx.wrapped_pri1024_key = info->wrapped_key_rsapri1024; + key->ctx.wrapped_pub1024_key = info->wrapped_key_rsapub1024; + key->ctx.keySz = 1024; + } else if (size == 2048) { + if(info->keyflgs_crypt.bits.rsapri2048_installedkey_set != 1 || + info->keyflgs_crypt.bits.rsapub2048_installedkey_set != 1) { + WOLFSSL_MSG("Caller should create user key in advance."); + WOLFSSL_MSG("Caller also need to installedkey to 1."); + return BAD_FUNC_ARG; } - else - return CRYPTOCB_UNAVAILABLE; - - if (ret == FSP_SUCCESS) { - if (size == 1024) { - if (info->wrapped_key_rsapri1024 != NULL) { - XFREE(info->wrapped_key_rsapri1024, NULL, - DYNAMIC_TYPE_RSA_BUFFER); - } - if (info->wrapped_key_rsapub1024 != NULL) { - XFREE(info->wrapped_key_rsapub1024, NULL, - DYNAMIC_TYPE_RSA_BUFFER); - } - info->wrapped_key_rsapri1024 = - (FSPSM_RSA1024_WPI_KEY*)XMALLOC( - sizeof(FSPSM_RSA1024_WPI_KEY), NULL, - DYNAMIC_TYPE_RSA_BUFFER); - - if (info->wrapped_key_rsapri1024 == NULL) { - XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); - return MEMORY_E; - } - - info->wrapped_key_rsapub1024 = - (FSPSM_RSA1024_WPB_KEY*)XMALLOC( - sizeof(FSPSM_RSA1024_WPB_KEY), NULL, - DYNAMIC_TYPE_RSA_BUFFER); - - if (info->wrapped_key_rsapub1024 == NULL) { - XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); - XFREE(info->wrapped_key_rsapub1024, 0, - DYNAMIC_TYPE_RSA_BUFFER); - return MEMORY_E; - } - /* copy generated key pair and free malloced key */ - XMEMCPY(info->wrapped_key_rsapri1024, - &wrapped_pair1024_key->priv_key, - sizeof(FSPSM_RSA1024_WPI_KEY)); - XMEMCPY(info->wrapped_key_rsapub1024, - &wrapped_pair1024_key->pub_key, - sizeof(FSPSM_RSA1024_WPB_KEY)); - XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); - - info->keyflgs_crypt.bits.rsapri1024_installedkey_set = 1; - info->keyflgs_crypt.bits.rsapub1024_installedkey_set = 1; - } - else if (size == 2048) { - if (info->wrapped_key_rsapri2048 != NULL) { - XFREE(info->wrapped_key_rsapri2048, NULL, - DYNAMIC_TYPE_RSA_BUFFER); - } - if (info->wrapped_key_rsapub2048 != NULL) { - XFREE(info->wrapped_key_rsapub2048, NULL, - DYNAMIC_TYPE_RSA_BUFFER); - } - info->wrapped_key_rsapri2048 = - (FSPSM_RSA2048_WPI_KEY*)XMALLOC( - sizeof(FSPSM_RSA2048_WPI_KEY), NULL, - DYNAMIC_TYPE_RSA_BUFFER); - - if (info->wrapped_key_rsapri2048 == NULL) { - XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); - return MEMORY_E; - } - - info->wrapped_key_rsapub2048 = - (FSPSM_RSA2048_WPB_KEY*)XMALLOC( - sizeof(FSPSM_RSA2048_WPB_KEY), NULL, - DYNAMIC_TYPE_RSA_BUFFER); - - if (info->wrapped_key_rsapub2048 == NULL) { - XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); - XFREE(info->wrapped_key_rsapub1024, 0, - DYNAMIC_TYPE_RSA_BUFFER); - return MEMORY_E; - } - /* copy generated key pair and free malloced key */ - XMEMCPY(info->wrapped_key_rsapri2048, - &wrapped_pair2048_key->priv_key, - sizeof(FSPSM_RSA2048_WPI_KEY)); - XMEMCPY(info->wrapped_key_rsapub2048, - &wrapped_pair2048_key->pub_key, - sizeof(FSPSM_RSA2048_WPB_KEY)); - XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); - - info->keyflgs_crypt.bits.rsapri2048_installedkey_set = 1; - info->keyflgs_crypt.bits.rsapub2048_installedkey_set = 1; - - } - } - else { - WOLFSSL_MSG("Failed to generate key pair by SCE"); - return CRYPTOCB_UNAVAILABLE; - } - - wc_fspsm_hw_unlock(); - } + key->ctx.wrapped_pri2048_key = info->wrapped_key_rsapri2048; + key->ctx.wrapped_pub2048_key = info->wrapped_key_rsapub2048; + key->ctx.keySz = 2048; + } else + return CRYPTOCB_UNAVAILABLE; + + return 0; } -/* Perform rsa encryption/decryption by SCE +/* Perform rsa encryption/decryption by FSP SM * Assumes to be called by Crypt Callback * * in Buffer to hold plain text @@ -189,14 +118,13 @@ WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(int size, void* ctx) * return FSP_SUCCESS(0) on Success, otherwise negative value */ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out, - word32 outLen, int type, struct RsaKey* key, - struct WC_RNG* rng, void* ctx) + word32 *outLen, int type, struct RsaKey* key, + struct WC_RNG* rng) { int ret; FSPSM_RSA_DATA plain; FSPSM_RSA_DATA cipher; - FSPSM_ST *info = (FSPSM_ST*)ctx; int keySize; @@ -204,79 +132,53 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out, (void) rng; /* sanity check */ - if (in == NULL || out == NULL || outLen == NULL || - ctx == NULL){ + if (in == NULL || out == NULL || + ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){ return BAD_FUNC_ARG; } - keySize = 0; - if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 || - info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 ) - keySize = 2048; - else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 || - info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 ) - keySize = 1024; + keySize = (int)key->ctx.keySz; if (keySize == 0) { WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, " "1024 or 2048 bits."); return BAD_FUNC_ARG; } - + if ((ret = wc_fspsm_hw_lock()) == 0) { if (type == RSA_PUBLIC_ENCRYPT) { plain.pdata = (byte*)in; plain.data_length = inLen; cipher.pdata = out; - cipher.data_length = outLen; + cipher.data_length = *outLen; if (keySize == 1024) { - if(info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1) - ret = FSPSM_RSA1024_PKCSENC_FUNC(&plain, &cipher, - (FSPSM_RSA1024_WPB_KEY*) - info->wrapped_key_rsapub1024); - else { - WOLFSSL_MSG("wrapped public 1024 bits key is not set."); - return BAD_FUNC_ARG; - } + ret = FSPSM_RSA1024_PKCSENC_FUNC(&plain, &cipher, + (FSPSM_RSA1024_WPB_KEY*) + key->ctx.wrapped_pub1024_key); } else { - if(info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1) - ret = FSPSM_RSA2048_PKCSENC_FUNC(&plain, &cipher, + ret = FSPSM_RSA2048_PKCSENC_FUNC(&plain, &cipher, (FSPSM_RSA2048_WPB_KEY*) - info->wrapped_key_rsapub2048); - else { - WOLFSSL_MSG("wrapped public 2048 bits key is not set."); - return BAD_FUNC_ARG; - } + key->ctx.wrapped_pub2048_key); } } else if (type == RSA_PRIVATE_DECRYPT) { plain.pdata = out; - plain.data_length = outLen; + plain.data_length = *outLen; cipher.pdata = (byte*)in; cipher.data_length = inLen; if (keySize == 1024) { - if(info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1) - ret = FSPSM_RSA1024_PKCSDEC_FUNC(&cipher, &plain, + ret = FSPSM_RSA1024_PKCSDEC_FUNC(&cipher, &plain, (FSPSM_RSA1024_WPI_KEY*) - info->wrapped_key_rsapri1024); - else { - WOLFSSL_MSG("wrapped private 2048 bits key is not set."); - return BAD_FUNC_ARG; - } + key->ctx.wrapped_pri1024_key, &outLen); } else { - if(info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1) - ret = FSPSM_RSA2048_PKCSDEC_FUNC(&cipher, &plain, + ret = FSPSM_RSA2048_PKCSDEC_FUNC(&cipher, &plain, (FSPSM_RSA2048_WPI_KEY*) - info->wrapped_key_rsapri2048); - else { - WOLFSSL_MSG("wrapped private 2048 bits key is not set."); - return BAD_FUNC_ARG; - } + key->ctx.wrapped_pri2048_key, &outLen); } } @@ -285,7 +187,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out, return ret; } -/* Perform Rsa sign by SCE +/* Perform Rsa sign by FSP SM * Assumes to be called by Crypt Callback * * in Buffer to hold plaintext @@ -307,49 +209,41 @@ WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out, FSPSM_ST *info = (FSPSM_ST*)ctx; int keySize; - (void) key; - /* sanity check */ - if (in == NULL || out == NULL || outLen == NULL || - key == NULL || ctx == NULL){ + if (in == NULL || out == NULL || (word32*)outLen <= 0 || info == NULL || + ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){ return BAD_FUNC_ARG; } - keySize = 0; - if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 || - info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 ) - keySize = 2048; - else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 || - info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 ) - keySize = 1024; - - if (keySize == 0) { - WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits."); - return BAD_FUNC_ARG; - } + keySize = (int)key->ctx.keySz; - message_hash.pdata = in; + message_hash.pdata = (byte *)in; message_hash.data_length = inLen; message_hash.data_type = info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */ signature.pdata = out; - signature.data_length = outLen; + signature.data_length = (word32*)outLen; + + #if defined(WOLFSSL_RENESAS_RSIP) + message_hash.hash_type = signature.hash_type = + info->hash_type; /* hash type */ + #endif if ((ret = wc_fspsm_hw_lock()) == 0) { if (keySize == 1024) { - ret = FSPSM_RSA1024_SIGN_FUNC(&message_hash, + ret = FSPSM_RSA1024_SIGN_FUNC(&message_hash, &signature, (FSPSM_RSA1024_WPI_KEY *) - info->wrapped_key_rsapri1024, + key->ctx.wrapped_pri1024_key, HW_SCE_RSA_HASH_SHA256); } else { - ret = FSPSM_RSA2048_SIGN_FUNC(&message_hash, + ret = FSPSM_RSA2048_SIGN_FUNC(&message_hash, &signature, (FSPSM_RSA2048_WPI_KEY *) - info->wrapped_key_rsapri2048, + key->ctx.wrapped_pri2048_key, HW_SCE_RSA_HASH_SHA256); } @@ -359,7 +253,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out, return ret; } -/* Perform Rsa verify by SCE +/* Perform Rsa verify by FSP SM * Assumes to be called by Crypt Callback * * in Buffer to hold plaintext @@ -384,51 +278,41 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out, (void) key; /* sanity check */ - if (in == NULL || out == NULL || outLen == NULL || - key == NULL || ctx == NULL){ + if (in == NULL || out == NULL || (word32*)outLen <= 0 || info == NULL || + ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){ return BAD_FUNC_ARG; } - keySize = 0; - if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 || - info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 ) - keySize = 2048; - else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 || - info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 ) - keySize = 1024; - - if (keySize == 0) { - WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits."); - return BAD_FUNC_ARG; - } + keySize = (int)key->ctx.keySz; - message_hash.pdata = in; + message_hash.pdata =(byte*)in; message_hash.data_length = inLen; message_hash.data_type = info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */ signature.pdata = out; - signature.data_length = outLen; + signature.data_length = (word32*)outLen; + #if defined(WOLFSSL_RENESAS_RSIP) + message_hash.hash_type = signature.hash_type = + info->hash_type; /* hash type */ + #endif if ((ret = wc_fspsm_hw_lock()) == 0) { if (keySize == 1024) { - ret = FSPSM_RSA1024_VRY_FUNC(&signature, &message_hash, (FSPSM_RSA1024_WPB_KEY *) - info->wrapped_key_rsapub1024, + key->ctx.wrapped_pub1024_key, HW_SCE_RSA_HASH_SHA256); } else { - ret = FSPSM_RSA2048_VRY_FUNC(&signature, &message_hash, (FSPSM_RSA2048_WPB_KEY *) - info->wrapped_key_rsapub2048, + key->ctx.wrapped_pub2048_key, HW_SCE_RSA_HASH_SHA256 ); } - wc_fspsm_hw_unlock(); } diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c index 67b06b4d8..530839938 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c @@ -30,12 +30,65 @@ #include -#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ +#if defined(WOLFSSL_RENESAS_RSIP) || \ + defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) #include #include +#if defined(WOLFSSL_RENESAS_RSIP) +extern FSPSM_INSTANCE gFSPSM_ctrl; + +/* wrapper for RSIP SHA1 Init */ +static fsp_err_t _R_RSIP_SHA1_GenerateInit(FSPSM_SHA_HANDLE* h) +{ + return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA1 ); +} +/* wrapper for RSIP SHA224 Init */ +static fsp_err_t _R_RSIP_SHA224_GenerateInit(FSPSM_SHA_HANDLE* h) +{ + return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA224 ); +} +/* wrapper for RSIP SHA256 Init */ +static fsp_err_t _R_RSIP_SHA256_GenerateInit(FSPSM_SHA_HANDLE* h) +{ + return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA256 ); +} +/* wrapper for RSIP SHA384 Init */ +static fsp_err_t _R_RSIP_SHA384_GenerateInit(FSPSM_SHA_HANDLE* h) +{ + return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA384 ); +} +/* wrapper for RSIP SHA512 Init */ +static fsp_err_t _R_RSIP_SHA512_GenerateInit(FSPSM_SHA_HANDLE* h) +{ + return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA512 ); +} +/* wrapper for RSIP SHA512_224 Init */ +static fsp_err_t _R_RSIP_SHA512_224_GenerateInit(FSPSM_SHA_HANDLE* h) +{ + return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA512_224 ); +} +/* wrapper for RSIP SHA512_256 Init */ +static fsp_err_t _R_RSIP_SHA512_256_GenerateInit(FSPSM_SHA_HANDLE* h) +{ + return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA512_256 ); +} +/* wrapper for RSIP SHA Update */ +static fsp_err_t _R_RSIP_SHA_GenerateUpdate(FSPSM_SHA_HANDLE* h, + uint8_t* m, uint32_t len) +{ + return R_RSIP_SHA_GenerateUpdate(&gFSPSM_ctrl, h, m, len ); +} +/* wrapper for RSIP SHA Final */ +static fsp_err_t _R_RSIP_SHA_GenerateFinal(FSPSM_SHA_HANDLE* h, + uint8_t* d, uint32_t *sz) +{ + (void) sz; + return R_RSIP_SHA_GenerateFinal(&gFSPSM_ctrl, h, d); +} +#endif /* WOLFSSL_RENESAS_RSIP */ /* Free up allocation for msg * * hash The FSPSM Hash object. @@ -137,11 +190,13 @@ static int FSPSM_HashUpdate(wolfssl_FSPSM_Hash* hash, */ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) { - int ret; + int ret = FSP_SUCCESS; void* heap; FSPSM_SHA_HANDLE handle; uint32_t sz; + (void) outSz; + fsp_err_t (*Init)(FSPSM_SHA_HANDLE*); fsp_err_t (*Update)(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t); fsp_err_t (*Final )(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t*); @@ -154,8 +209,33 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) Init = FSPSM_SHA256_Init; Update = FSPSM_SHA256_Up; Final = FSPSM_SHA256_Final; - } - else +#if defined(WOLFSSL_RENESAS_RSIP) + } else if (hash->sha_type == FSPSM_SHA1) { + Init = FSPSM_SHA1_Init; + Update = FSPSM_SHA1_Up; + Final = FSPSM_SHA1_Final; + } else if (hash->sha_type == FSPSM_SHA224) { + Init = FSPSM_SHA224_Init; + Update = FSPSM_SHA224_Up; + Final = FSPSM_SHA224_Final; + } else if (hash->sha_type == FSPSM_SHA384) { + Init = FSPSM_SHA384_Init; + Update = FSPSM_SHA384_Up; + Final = FSPSM_SHA384_Final; + } else if (hash->sha_type == FSPSM_SHA512) { + Init = FSPSM_SHA512_Init; + Update = FSPSM_SHA512_Up; + Final = FSPSM_SHA512_Final; + } else if (hash->sha_type == FSPSM_SHA512_224) { + Init = FSPSM_SHA512_224_Init; + Update = FSPSM_SHA512_224_Up; + Final = FSPSM_SHA512_224_Final; + } else if (hash->sha_type == FSPSM_SHA512_256) { + Init = FSPSM_SHA512_256_Init; + Update = FSPSM_SHA512_256_Up; + Final = FSPSM_SHA512_256_Final; +#endif + } else return BAD_FUNC_ARG; heap = hash->heap; @@ -166,22 +246,32 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) ret = Update(&handle, (uint8_t*)hash->msg, hash->used); if (ret == FSP_SUCCESS) { ret = Final(&handle, out, (uint32_t*)&sz); - if (ret != FSP_SUCCESS || sz != outSz) { - return ret; + if (ret != FSP_SUCCESS + #if defined(WOLFSSL_RENESAS_SCEPROTECT) + || sz != outSz + #endif + ) { + WOLFSSL_MSG("Sha operation failed"); + WOLFSSL_ERROR(WC_HW_E); + ret = WC_HW_E; } } } wc_fspsm_hw_unlock(); FSPSM_HashFree(hash); - return FSPSM_HashInit(hash, heap, 0, hash->sha_type); + FSPSM_HashInit(hash, heap, 0, hash->sha_type); + + return ret; } /* Hash operation to message and return a result */ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) { - int ret; + int ret = FSP_SUCCESS; FSPSM_SHA_HANDLE handle; - uint32_t sz; + uint32_t sz = 0; + + (void) outSz; fsp_err_t (*Init)(FSPSM_SHA_HANDLE*); fsp_err_t (*Update)(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t); @@ -195,8 +285,33 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) Init = FSPSM_SHA256_Init; Update = FSPSM_SHA256_Up; Final = FSPSM_SHA256_Final; - } - else +#if defined(WOLFSSL_RENESAS_RSIP) + } else if (hash->sha_type == FSPSM_SHA1) { + Init = FSPSM_SHA1_Init; + Update = FSPSM_SHA1_Up; + Final = FSPSM_SHA1_Final; + } else if (hash->sha_type == FSPSM_SHA224) { + Init = FSPSM_SHA224_Init; + Update = FSPSM_SHA224_Up; + Final = FSPSM_SHA224_Final; + } else if (hash->sha_type == FSPSM_SHA384) { + Init = FSPSM_SHA384_Init; + Update = FSPSM_SHA384_Up; + Final = FSPSM_SHA384_Final; + } else if (hash->sha_type == FSPSM_SHA512) { + Init = FSPSM_SHA512_Init; + Update = FSPSM_SHA512_Up; + Final = FSPSM_SHA512_Final; + } else if (hash->sha_type == FSPSM_SHA512_224) { + Init = FSPSM_SHA512_224_Init; + Update = FSPSM_SHA512_224_Up; + Final = FSPSM_SHA512_224_Final; + } else if (hash->sha_type == FSPSM_SHA512_256) { + Init = FSPSM_SHA512_256_Init; + Update = FSPSM_SHA512_256_Up; + Final = FSPSM_SHA512_256_Final; +#endif + } else return BAD_FUNC_ARG; wc_fspsm_hw_lock(); @@ -205,15 +320,21 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz) ret = Update(&handle, (uint8_t*)hash->msg, hash->used); if (ret == FSP_SUCCESS) { ret = Final(&handle, out, &sz); - if (ret != FSP_SUCCESS || sz != outSz) { - return ret; + if (ret != FSP_SUCCESS + #if defined(WOLFSSL_RENESAS_SCEPROTECT) + || sz != outSz + #endif + ) { + WOLFSSL_MSG("Sha operation failed"); + WOLFSSL_ERROR(WC_HW_E); + ret = WC_HW_E; } } } wc_fspsm_hw_unlock(); - return 0; + return ret; } /* copy hash result from src to dst */ static int FSPSM_HashCopy(wolfssl_FSPSM_Hash* src, wolfssl_FSPSM_Hash* dst) @@ -235,7 +356,71 @@ static int FSPSM_HashCopy(wolfssl_FSPSM_Hash* src, wolfssl_FSPSM_Hash* dst) return 0; } +#if !defined(NO_SHA) && defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) +#include + +int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) +{ + return FSPSM_HashInit(sha, heap, devId, FSPSM_SHA1); +} + +int wc_ShaUpdate(wc_Sha* sha, const byte* in, word32 sz) +{ + return FSPSM_HashUpdate(sha, in, sz); +} + +int wc_ShaFinal(wc_Sha* sha, byte* hash) +{ + return FSPSM_HashFinal(sha, hash, WC_SHA_DIGEST_SIZE); +} + +int wc_ShaGetHash(wc_Sha* sha, byte* hash) +{ + return FSPSM_HashGet(sha, hash, WC_SHA_DIGEST_SIZE); +} + +int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) +{ + return FSPSM_HashCopy(src, dst); +} +#endif /* !NO_SHA && WOLFSSL_RENESAS_RSIP*/ + +#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) +#include + +/* WolfCrypt wrapper function for RX64 SHA224 Init */ +int wc_InitSha224_ex(wc_Sha224* sha, void* heap, int devId) +{ + return FSPSM_HashInit(sha, heap, devId, FSPSM_SHA224); +} +/* WolfCrypt wrapper function for RX64 SHA224 Update */ +int wc_Sha224Update(wc_Sha224* sha, const byte* in, word32 sz) +{ + return FSPSM_HashUpdate(sha, in, sz); +} +/* WolfCrypt wrapper function for RX64 SHA224 Final */ +int wc_Sha224Final(wc_Sha224* sha, byte* hash) +{ + return FSPSM_HashFinal(sha, hash, WC_SHA224_DIGEST_SIZE); +} +/* WolfCrypt wrapper function for RX64 SHA224 Get */ +int wc_Sha224GetHash(wc_Sha224* sha, byte* hash) +{ + return FSPSM_HashGet(sha, hash, WC_SHA224_DIGEST_SIZE); +} +/* WolfCrypt wrapper function for RX64 SHA224 Copy */ +int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst) +{ + return FSPSM_HashCopy(src, dst); +} +#endif /* WOLFSSL_SHA224 */ + #if !defined(NO_SHA256) +#if (defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_RSIP)) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) #include /* wrapper for wc_InitSha256_ex */ @@ -264,5 +449,125 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) return FSPSM_HashCopy(src, dst); } #endif /* !NO_SHA256 */ +#endif /* WOLFSSL_RENESAS_SCEPROTECT) || \ + * WOLFSSL_RENESAS_RSIP */ + +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) +#include +/* wrapper for wc_InitSha384_ex */ +int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devid) +{ + return FSPSM_HashInit(sha, heap, devid, FSPSM_SHA384); +} +/* wrapper for wc_InitSha384_ex */ +int wc_Sha384Update(wc_Sha384* sha, const byte* in, word32 sz) +{ + return FSPSM_HashUpdate(sha, in, sz); +} +/* wrapper for wc_Sha384Final */ +int wc_Sha384Final(wc_Sha384* sha, byte* hash) +{ + return FSPSM_HashFinal(sha, hash, WC_SHA384_DIGEST_SIZE); +} +/* wrapper for wc_Sha384GetHash */ +int wc_Sha384GetHash(wc_Sha384* sha, byte* hash) +{ + return FSPSM_HashGet(sha, hash, WC_SHA384_DIGEST_SIZE); +} +/* wrapper for wc_Sha384Copy */ +int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) +{ + return FSPSM_HashCopy(src, dst); +} +#endif /* WOLFSSL_SHA384 */ + +#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) +#include + +/* wrapper for wc_InitSha512_ex */ +int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devid) +{ + return FSPSM_HashInit(sha, heap, devid, FSPSM_SHA512); +} + +/* wrapper for wc_Sha512Update */ +int wc_Sha512Update(wc_Sha512* sha, const byte* in, word32 sz) +{ + return FSPSM_HashUpdate(sha, in, sz); +} + +/* wrapper for wc_Sha512Final */ +int wc_Sha512Final(wc_Sha512* sha, byte* hash) +{ + return FSPSM_HashFinal(sha, hash, WC_SHA512_DIGEST_SIZE); +} +/* wrapper for wc_Sha512GetHash */ +int wc_Sha512GetHash(wc_Sha512* sha, byte* hash) +{ + return FSPSM_HashGet(sha, hash, WC_SHA512_DIGEST_SIZE); +} +/* wrapper for wc_Sha512Copy */ +int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) +{ + return FSPSM_HashCopy(src, dst); +} + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(WOLFSSL_NOSHA512_224) && \ + (defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) + +/* create KCAPI handle for SHA512 operation */ +int wc_InitSha512_224_ex(wc_Sha512* sha, void* heap, int devid) +{ + return FSPSM_HashInit(sha, heap, devid, FSPSM_SHA512_224); +} + +int wc_Sha512_224Final(wc_Sha512* sha, byte* hash) +{ + return FSPSM_HashFinal(sha, hash, WC_SHA512_224_DIGEST_SIZE); +} +int wc_Sha512_224GetHash(wc_Sha512* sha, byte* hash) +{ + return FSPSM_HashGet(sha, hash, WC_SHA512_224_DIGEST_SIZE); +} + +int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst) +{ + return FSPSM_HashCopy(src, dst); +} +#endif /* !WOLFSSL_NOSHA512_224 */ + +#if !defined(WOLFSSL_NOSHA512_256) && \ + (defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) + +/* create KCAPI handle for SHA512 operation */ +int wc_InitSha512_256_ex(wc_Sha512* sha, void* heap, int devid) +{ + return FSPSM_HashInit(sha, heap, devid, FSPSM_SHA512_256); +} + +int wc_Sha512_256Final(wc_Sha512* sha, byte* hash) +{ + return FSPSM_HashFinal(sha, hash, WC_SHA512_256_DIGEST_SIZE); +} +int wc_Sha512_256GetHash(wc_Sha512* sha, byte* hash) +{ + return FSPSM_HashGet(sha, hash, WC_SHA512_224_DIGEST_SIZE); +} + +int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst) +{ + return FSPSM_HashCopy(src, dst); +} +#endif /* !WOLFSSL_NOSHA512_256 */ +#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ + +#endif /* WOLFSSL_SHA512 */ + + #endif /* WOLFSSL_RENESAS_FSPSM_TLS */ #endif /* #if !defined(NO_SHA) || !defined(NO_SHA256) */ diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c index e53552573..4491113a7 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c @@ -20,9 +20,17 @@ */ #include -#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ - defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) +#if defined(WOLFSSL_RENESAS_RSIP) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT) + +#include + +/* expect to have these variables defined at user application */ +extern FSPSM_INSTANCE gFSPSM_ctrl; +extern FSPSM_CONFIG gFSPSM_cfg; + +#if defined(WOLFSSL_RENESAS_FSPSM) #include #include @@ -47,9 +55,6 @@ WOLFSSL_GLOBAL FSPSM_ST_PKC gPKCbInfo; #endif -/* expect to have these variables defined at user application */ -extern FSPSM_INSTANCE gFSPSM_ctrl; -extern FSPSM_CONFIG gFSPSM_cfg; #ifdef WOLFSSL_RENESAS_FSPSM_TLS static const byte* ca_cert_sig; @@ -57,11 +62,14 @@ static fspsm_key_data g_user_key_info; static uint32_t g_encrypted_publicCA_key[HW_SCE_SINST_WORD_SIZE]; extern uint32_t g_CAscm_Idx; /* index of CM table */ +static uint32_t fspsm_sess_idx = 0; #endif +#endif /* WOLFSSL_RENESAS_FSPSM*/ + wolfSSL_Mutex fspsm_mutex; static int fspsm_CryptHwMutexInit_ = 0; -static uint32_t fspsm_sess_idx = 0; + /* Mutex Init */ static int fspsm_CryptHwMutexInit(wolfSSL_Mutex* mutex) @@ -175,7 +183,8 @@ WOLFSSL_LOCAL void wc_fspsm_Close() } } -#ifdef WOLFSSL_RENESAS_FSPSM_TLS +#if defined(WOLFSSL_RENESAS_FSPSM) && \ + defined(WOLFSSL_RENESAS_FSPSM_TLS) #if defined(WOLFSSL_RENESAS_FSPSM_ECC) /* Verify Server Key Exchange while doing ECDH key exchange */ @@ -346,6 +355,9 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig, return ret; } +#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + /* Callback for ECC shared secret */ WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, uint8_t* pubKeyDer, unsigned int* pubKeySz, @@ -1185,3 +1197,4 @@ WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) #endif /* !WOLFSSL_RENESAS_FSPSM_CRYPTONLY */ #endif /* WOLFSSL_RENESAS_FSPSM_TLS || WOLFSSL_RENESAS_FSPSM_CRYPTONLY */ +#endif /* WOLFSSL_RENESAS_FSPSM) && WOLFSSL_RENESAS_FSPSM_TLS */ diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index c75e0c563..59e7ada71 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3476,7 +3476,15 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } #elif defined(WOLFSSL_RENESAS_FSPSM) || \ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + + #if defined(WOLFSSL_RENESAS_SCEPROTECT) #include "r_sce.h" + #define R_RANDOM_GEN(b) R_SCE_RandomNumberGenerate(b) + #elif defined(WOLFSSL_RENESAS_RSIP) + #include "r_rsip.h" + extern rsip_ctrl_t rsip_ctrl; + #define R_RANDOM_GEN(b) R_RSIP_RandomNumberGenerate(&rsip_ctrl,b) + #endif int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { @@ -3490,7 +3498,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) len = sz; } /* return 4 words random number*/ - ret = R_SCE_RandomNumberGenerate(buffer); + ret = R_RANDOM_GEN(buffer); if(ret == FSP_SUCCESS) { XMEMCPY(output, &buffer, len); output += len; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index e65228689..6dc842d3e 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -235,6 +235,14 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) key->handle = NULL; #endif + +#if defined(WOLFSSL_RENESAS_FSPSM) + key->ctx.wrapped_pri1024_key = NULL; + key->ctx.wrapped_pub1024_key = NULL; + key->ctx.wrapped_pri2048_key = NULL; + key->ctx.wrapped_pub2048_key = NULL; + key->ctx.keySz = 0; +#endif return ret; } @@ -589,6 +597,11 @@ int wc_FreeRsaKey(RsaKey* key) wc_MemZero_Check(key, sizeof(RsaKey)); #endif +#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + wc_fspsm_RsaKeyFree(key); +#endif + return ret; } diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 603b8be6f..a175b5a24 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -308,6 +308,11 @@ /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */ +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + + /* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ + #elif defined(WOLFSSL_IMXRT_DCP) #include /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ @@ -886,6 +891,8 @@ void wc_ShaFree(wc_Sha* sha) #if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) || \ + (defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) || \ defined(WOLFSSL_RENESAS_RX64_HASH) if (sha->msg != NULL) { XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -902,9 +909,11 @@ void wc_ShaFree(wc_Sha* sha) #if !defined(WOLFSSL_TI_HASH) && !defined(WOLFSSL_IMXRT_DCP) -#if (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \ +#if ((!defined(WOLFSSL_RENESAS_TSIP_TLS) && \ !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \ - defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) + defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \ + (!defined(WOLFSSL_RENESAS_RSIP) || \ + defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) #if !defined(WOLFSSL_RENESAS_RX64_HASH) #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 747d3dd46..f5337b0b2 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -176,8 +176,8 @@ on the specific device platform. defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \ !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \ - ((!defined(WOLFSSL_RENESAS_FSPSM_TLS) && \ - !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) \ + ((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \ + !defined(WOLFSSL_RENESAS_RSIP)) \ || defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) && \ (!defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)) && \ !defined(WOLFSSL_RENESAS_RX64_HASH) @@ -757,8 +757,8 @@ static int InitSha256(wc_Sha256* sha256) /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */ -#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \ - !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) +#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP)) \ + && !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) /* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ @@ -1513,6 +1513,11 @@ static int InitSha256(wc_Sha256* sha256) /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */ +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + + /* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ + #else #define NEED_SOFT_SHA224 @@ -1708,7 +1713,9 @@ static int InitSha256(wc_Sha256* sha256) #if defined(WOLFSSL_KCAPI_HASH) KcapiHashFree(&sha224->kcapi); #endif - #if defined(WOLFSSL_RENESAS_RX64_HASH) + #if defined(WOLFSSL_RENESAS_RX64_HASH) || \ + (defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) if (sha224->msg != NULL) { ForceZero(sha224->msg, sha224->len); XFREE(sha224->msg, sha224->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -1771,7 +1778,7 @@ void wc_Sha256Free(wc_Sha256* sha256) ((defined(WOLFSSL_RENESAS_TSIP_TLS) || \ defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) || \ - (defined(WOLFSSL_RENESAS_SCEPROTECT) && \ + ((defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP)) && \ !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) || \ defined(WOLFSSL_RENESAS_RX64_HASH) || \ defined(WOLFSSL_HASH_KEEP) @@ -1847,7 +1854,9 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz) #ifndef WOLFSSL_TI_HASH -#if !defined(WOLFSSL_RENESAS_RX64_HASH) +#if !defined(WOLFSSL_RENESAS_RX64_HASH) && \ + (!defined(WOLFSSL_RENESAS_RSIP) || \ + defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) #ifdef WOLFSSL_SHA224 #if defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_NO_KCAPI_SHA224) @@ -1968,10 +1977,10 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz) /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */ -#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \ - !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) +#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP))\ + && !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) - /* implemented in wolfcrypt/src/port/Renesas/renesas_sce_sha.c */ + /* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ #elif defined(WOLFSSL_PSOC6_CRYPTO) /* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */ diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 83af39c4b..a97bb2a3e 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -136,6 +136,10 @@ #elif defined(WOLFSSL_KCAPI_HASH) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ + #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) int wc_InitSha512(wc_Sha512* sha512) { @@ -896,6 +900,9 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) #if defined(WOLFSSL_KCAPI_HASH) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */ #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) #else @@ -1032,6 +1039,10 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ + #else static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz) @@ -1136,7 +1147,9 @@ void wc_Sha512Free(wc_Sha512* sha512) KcapiHashFree(&sha512->kcapi); #endif -#if defined(WOLFSSL_HASH_KEEP) +#if defined(WOLFSSL_HASH_KEEP) || \ + (defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) if (sha512->msg != NULL) { ForceZero(sha512->msg, sha512->len); XFREE(sha512->msg, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -1254,6 +1267,10 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) #elif defined(WOLFSSL_KCAPI_HASH) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ + #else static int InitSha384(wc_Sha384* sha384) @@ -1461,7 +1478,8 @@ void wc_Sha384Free(wc_Sha384* sha384) KcapiHashFree(&sha384->kcapi); #endif -#if defined(WOLFSSL_HASH_KEEP) +#if defined(WOLFSSL_HASH_KEEP) || \ + (defined(WOLFSSL_RENESAS_RSIP) && !defined(NO_WOLFSSL_RENESAS_HASH)) if (sha384->msg != NULL) { ForceZero(sha384->msg, sha384->len); XFREE(sha384->msg, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -1494,6 +1512,10 @@ void wc_Sha384Free(wc_Sha384* sha384) #if defined(WOLFSSL_KCAPI_HASH) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ + #else static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash, @@ -1617,6 +1639,10 @@ int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len) #if defined(WOLFSSL_KCAPI_HASH) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ + #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) #else @@ -1641,6 +1667,9 @@ void wc_Sha512_224Free(wc_Sha512* sha) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ #else int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash) @@ -1689,6 +1718,10 @@ int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len) } #if defined(WOLFSSL_KCAPI_HASH) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ + #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) #else @@ -1711,6 +1744,9 @@ void wc_Sha512_256Free(wc_Sha512* sha) #if defined(WOLFSSL_KCAPI_HASH) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ #else int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash) @@ -1750,7 +1786,9 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data) #if defined(WOLFSSL_KCAPI_HASH) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ - +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */ #else int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 143681c78..7be960118 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -346,6 +346,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0"; #ifdef HAVE_CAVIUM_OCTEON_SYNC #include #endif + #ifdef HAVE_RENESAS_SYNC + #include + #endif #endif #ifdef _MSC_VER @@ -402,6 +405,7 @@ const byte const_byte_array[] = "A+Gd\0\0\0"; #endif #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_RSIP) || \ defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \ defined(WOLFSSL_SECO_CAAM) #define HASH_SIZE_LIMIT @@ -1005,6 +1009,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ printf("Couldn't init the Cavium Octeon\n"); } #endif +#ifdef HAVE_RENESAS_SYNC + devId = wc_CryptoCb_CryptInitRenesasCmn(NULL, &guser_PKCbInfo); + if (devId == INVALID_DEVID) { + printf("Couldn't get the Renesas device ID\n"); + } +#endif #endif #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \ @@ -1289,7 +1299,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \ - !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) + !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \ + !defined(WOLFSSL_RENESAS_FSPSM) if ( (ret = gmac_test()) != 0) TEST_FAIL("GMAC test failed!\n", ret); else @@ -1365,14 +1376,15 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ else TEST_PASS("AES test passed!\n"); -#ifdef WOLFSSL_AES_192 +#if defined(WOLFSSL_AES_192) && \ + !defined(WOLFSSL_RENESAS_FSPSM) if ( (ret = aes192_test()) != 0) TEST_FAIL("AES192 test failed!\n", ret); else TEST_PASS("AES192 test passed!\n"); #endif -#ifdef WOLFSSL_AES_256 +#if defined(WOLFSSL_AES_256) if ( (ret = aes256_test()) != 0) TEST_FAIL("AES256 test failed!\n", ret); else @@ -1392,6 +1404,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ TEST_FAIL("AES-GCM test failed!\n", ret); #endif #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \ + !defined(WOLFSSL_RENESAS_FSPSM) && \ !defined(WOLFSSL_KCAPI_AES) && !(defined(WOLF_CRYPTO_CB) && \ (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))) if ((ret = aesgcm_default_test()) != 0) { @@ -1454,7 +1467,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ TEST_PASS("SM-4 test passed!\n"); #endif -#if !defined(NO_RSA) +#if !defined(NO_RSA) && !defined(HAVE_RENESAS_SYNC) #ifdef WC_RSA_NO_PADDING if ( (ret = rsa_no_pad_test()) != 0) TEST_FAIL("RSA NOPAD test failed!\n", ret); @@ -1754,7 +1767,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #if defined(WOLF_CRYPTO_CB) && \ !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \ - defined(WOLFSSL_QNX_CAAM)) + defined(WOLFSSL_QNX_CAAM) || defined(HAVE_RENESAS_SYNC)) if ( (ret = cryptocb_test()) != 0) TEST_FAIL("crypto callback test failed!\n", ret); else @@ -2696,7 +2709,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void) /* BEGIN LARGE HASH TEST */ { byte large_input[1024]; #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \ - defined(HASH_SIZE_LIMIT) + defined(WOLFSSL_RENESAS_RSIP) || defined(HASH_SIZE_LIMIT) const char* large_digest = "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59" "\x15\x8c\x6d\xb6"; @@ -2709,7 +2722,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void) large_input[i] = (byte)(i & 0xFF); } #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \ - defined(HASH_SIZE_LIMIT) + defined(WOLFSSL_RENESAS_RSIP) || defined(HASH_SIZE_LIMIT) times = 20; #else times = 100; @@ -10734,8 +10747,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb }; - - WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef "; /* align */ + #ifdef HAVE_RENESAS_SYNC + const byte *key = + (byte*)guser_PKCbInfo.wrapped_key_aes128; + #else + WOLFSSL_SMALL_STACK_STATIC const + byte key[] = "0123456789abcdef "; /* align */ + #endif WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; /* align */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -10788,8 +10806,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ + /* skipped because wrapped key use in case of renesas sm */ + #ifndef HAVE_RENESAS_SYNC if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif #endif /* WOLFSSL_AES_128 */ #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) @@ -10920,7 +10941,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) #endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */ /* Test of AES IV state with encrypt/decrypt */ -#ifdef WOLFSSL_AES_128 +#if defined(WOLFSSL_AES_128) && !defined(HAVE_RENESAS_SYNC) { /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition" * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf @@ -10960,9 +10981,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifndef HAVE_RENESAS_SYNC if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - + #endif ret = wc_AesCbcEncrypt(enc, cipher + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -11001,7 +11023,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) #endif /* HAVE_AES_DECRYPT */ } -#endif /* WOLFSSL_AES_128 */ +#endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */ #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_COUNTER @@ -11068,11 +11090,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) } #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ +#ifndef HAVE_RENESAS_SYNC ret = aes_key_size_test(); if (ret != 0) goto out; +#endif -#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + !defined(HAVE_RENESAS_SYNC) ret = aes_cbc_test(); if (ret != 0) goto out; @@ -11304,13 +11329,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba, 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 }; - +#ifdef HAVE_RENESAS_SYNC + byte *key = + (byte*)guser_PKCbInfo.wrapped_key_aes256; + int kyeSz = (256/8); +#else WOLFSSL_SMALL_STACK_STATIC byte key[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 }; + int kyeSz = (int)sizeof(key); +#endif WOLFSSL_SMALL_STACK_STATIC byte iv[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F @@ -11334,11 +11365,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif - ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); + ret = wc_AesSetKey(enc, key, kyeSz, iv, AES_ENCRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION); + ret = wc_AesSetKey(dec, key, kyeSz, iv, AES_DECRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif @@ -11362,10 +11393,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) ERROR_OUT(WC_TEST_RET_ENC_NC, out); } #endif - +#ifndef HAVE_RENESAS_SYNC if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - +#endif wc_AesFree(enc); #ifdef HAVE_AES_DECRYPT wc_AesFree(dec); @@ -11638,6 +11669,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) #endif #ifdef WOLFSSL_AES_256 +#ifdef HAVE_RENESAS_SYNC + const byte *k1 = (byte*)guser_PKCbInfo.wrapped_key_aes256; + int k1Sz = (int)(256/8); +#else WOLFSSL_SMALL_STACK_STATIC const byte k1[] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, @@ -11645,7 +11680,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 }; - + int k1Sz = (int)sizeof(k1); +#endif WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, @@ -11731,11 +11767,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2 }; +#ifdef HAVE_RENESAS_SYNC + const byte *k3 = + (byte*)guser_PKCbInfo.wrapped_key_aes128; + int k3Sz = (int)(128/8); +#else WOLFSSL_SMALL_STACK_STATIC const byte k3[] = { 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a, 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b }; + int k3Sz = (int)sizeof(k3); +#endif WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = { @@ -11826,7 +11869,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef WOLFSSL_AES_256 - ret = wc_AesGcmSetKey(enc, k1, sizeof(k1)); + ret = wc_AesGcmSetKey(enc, k1, k1Sz); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -11838,13 +11881,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifndef HAVE_RENESAS_SYNC if (XMEMCMP(c1, resultC, sizeof(c1))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(t1, resultT, sizeof(t1))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif #ifdef HAVE_AES_DECRYPT - ret = wc_AesGcmSetKey(dec, k1, sizeof(k1)); + ret = wc_AesGcmSetKey(dec, k1, k1Sz); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -11890,7 +11935,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) #endif /* BENCH_AESGCM_LARGE */ #if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_256) /* Variable IV length test */ - for (ivlen=1; ivlen<(int)sizeof(k1); ivlen++) { + for (ivlen=1; ivlenpdata, \ + (uint32_t const)(p)->data_length, \ + (uint8_t *const)(c)->pdata); + + #define FSPSM_RSA2048_PKCSENC_FUNC(p,c,k) FSPSM_RSA1024_PKCSENC_FUNC(p,c,k) + /* decrypt */ + #define FSPSM_RSA1024_PKCSDEC_FUNC(c,p,k,l) R_RSIP_RSAES_PKCS1_V1_5_Decrypt\ + (&gFSPSM_ctrl, k, (uint8_t const *const)(c)->pdata, \ + (uint8_t *const)(p)->pdata,\ + (uint32_t *const)l, \ + (uint32_t const)(p)->data_length); + #define FSPSM_RSA2048_PKCSDEC_FUNC(c,p,k,l) \ + FSPSM_RSA1024_PKCSDEC_FUNC(c,p,k,l) + + /* sign */ + #define FSPSM_RSA1024_SIGN_FUNC(m,s,k,t) R_RSIP_RSASSA_PKCS1_V1_5_Sign\ + (&gFSPSM_ctrl, k, (m)->hash_type, (uint8_t const *const)(m)->pdata,\ + (uint8_t *const)(s)->pdata) + #define FSPSM_RSA2048_SIGN_FUNC(m,s,k,t) FSPSM_RSA1024_SIGN_FUNC(m,s,k,t) + + /* verify */ + #define FSPSM_RSA1024_VRY_FUNC(s,m,k,t) R_RSIP_RSASSA_PKCS1_V1_5_Verify\ + (&gFSPSM_ctrl, k, (m)->hash_type, (uint8_t const *const)(m)->pdata,\ + (uint8_t *const)(s)->pdata) + #define FSPSM_RSA2048_VRY_FUNC(s,m,k,t) FSPSM_RSA1024_VRY_FUNC(s,m,k,t) + #endif #endif /* __RENESAS_FSP_CRYPT_H__ */ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h index 44dfcac90..1213eeee8 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h @@ -44,7 +44,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, word32 messageSz, word32 macSz, word32 content, void* ctx); WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig, - unsigned int sigSz, const unsigned char* hash, unsigned int hashSz, + unsigned int sigSz, const unsigned char* hash, unsigned int hashSz, const unsigned char* key, unsigned int keySz, int* result, void* ctx); WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, unsigned char* sig, unsigned int sigSz, @@ -68,6 +68,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigne int* result, void* ctx); /* Common Methods */ +WOLFSSL_LOCAL void* Renesas_cmn_GetCbCtxBydevId(int devId); int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx); void wc_CryptoCb_CleanupRenesasCmn(int* id); int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h b/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h index bdf941fd5..365abf5a3 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h @@ -25,8 +25,8 @@ #ifdef HAVE_RENESAS_SYNC struct WOLFSSL; -struct User_SCEPKCbInfo; -extern User_SCEPKCbInfo guser_PKCbInfo; +struct FSPSM_ST; +extern FSPSM_ST guser_PKCbInfo; WOLFSSL_API int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx); WOLFSSL_API void wc_CryptoCb_CleanupRenesasCmn(int* id); diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 2d6eabc3c..ac807556c 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -94,6 +94,10 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #include #endif +#if defined(WOLFSSL_RENESAS_FSPSM) + #include +#endif + #ifdef __cplusplus extern "C" { #endif @@ -255,6 +259,9 @@ struct RsaKey { #if defined(WOLFSSL_DEVCRYPTO_RSA) WC_CRYPTODEV ctx; #endif +#if defined(WOLFSSL_RENESAS_FSPSM) + FSPSM_RSA_CTX ctx; +#endif }; #ifndef WC_RSAKEY_TYPE_DEFINED diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 2565b505c..65cc60ecf 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -104,6 +104,9 @@ enum { #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h" #elif defined(WOLFSSL_RENESAS_RX64_HASH) #include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h" +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h" #else #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index c9284a310..9dfd5e1d2 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -134,7 +134,8 @@ enum { defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h" -#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \ +#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_RSIP)) && \ !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h" #elif defined(WOLFSSL_RENESAS_RX64_HASH) diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index c4c42d7b7..33d34ee25 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -119,6 +119,10 @@ enum { #if defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM) #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" +#elif defined(WOLFSSL_RENESAS_RSIP) && \ + !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) + #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h" + #else #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) #include "wolfssl/wolfcrypt/port/nxp/se050_port.h" diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 64550212c..9a8b51138 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -171,7 +171,8 @@ #endif #if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3) ||\ - defined(WOLFSSL_RENESAS_RA6M4) + defined(WOLFSSL_RENESAS_RA6M4) || \ + defined(WOLFSSL_RENESAS_RZN2L) /* Uses FREERTOS_TCP */ #include #endif