diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h index 207ffb0cf..fa80de840 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h @@ -220,13 +220,28 @@ #if defined(WOLFSSL_RENESAS_TSIP) + /*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/ + /* Enable TSIP TLS (default) + * TSIP CRYPTONLY is also enabled. + * Disable TSIP TLS + * TSIP CRYPTONLY is only enabled. + */ + #define WOLFSSL_RENESAS_TSIP_TLS + #if !defined(NO_RENESAS_TSIP_CRYPT) - #define WOLFSSL_RENESAS_TSIP_CRYPT - #define WOLFSSL_RENESAS_TSIP_TLS - #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT + #define WOLFSSL_RENESAS_TSIP_CRYPTONLY #define HAVE_PK_CALLBACKS #define WOLF_CRYPTO_CB - #define WOLF_PRIVATE_KEY_ID + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT + #define WOLF_PRIVATE_KEY_ID + #endif + #endif + + #if !defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + # undef WOLFSSL_RENESAS_TSIP_TLS + # undef WOLFSSL_RENESAS_TSIP_CRYPT #endif #else @@ -244,3 +259,8 @@ #define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) + +#if !defined(WOLFSSL_RENESAS_TSIP_TLS) + #define min(x,y) ((x)<(y)?(x):(y)) +#endif + diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c index 84501e844..251d6481b 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c @@ -21,7 +21,7 @@ #include -#define YEAR 2022 +#define YEAR 2023 #define MON 6 static int tick = 0; @@ -40,3 +40,12 @@ int strncasecmp(const char *s1, const char * s2, unsigned int sz) return 1; return 0; } + +#if !defined(WOLFSSL_RENESAS_TSIP) +/* dummy return true when char is alphanumeric character */ +int isascii(const char *s) +{ + return isalnum(s); +} +#endif + diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c index 681a1ef74..76cfb41a5 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c @@ -285,18 +285,18 @@ void wolfSSL_TLS_client( ) #ifdef WOLFSSL_RENESAS_TSIP_TLS /* TSIP specific ECC private key */ - if (tsip_use_PrivateKey_buffer(ssl, + if (tsip_use_PrivateKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_ecc256_private_key, sizeof(g_key_block_data.encrypted_user_ecc256_private_key), TSIP_ECCP256) != 0) { - printf("ERROR tsip_use_PrivateKey_buffer\n"); + printf("ERROR tsip_use_PrivateKey_buffer_TLS\n"); goto out; } #else /* DER format ECC private key */ - if (wolfSSL_use_PrivateKey_buffer(ssl, + if (wolfSSL_use_PrivateKey_buffer(ssl, ecc_clikey_der_256, sizeof_ecc_clikey_der_256, WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) { @@ -314,20 +314,20 @@ void wolfSSL_TLS_client( ) /* Note: TSIP asks client key pair for client authentication. */ /* TSIP specific RSA private key */ - if (tsip_use_PrivateKey_buffer(ssl, + if (tsip_use_PrivateKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_rsa2048_private_key, sizeof(g_key_block_data.encrypted_user_rsa2048_private_key), TSIP_RSA2048) != 0) { - printf("ERROR tsip_use_PrivateKey_buffer\n"); + printf("ERROR tsip_use_PrivateKey_buffer_TLS\n"); goto out; } /* TSIP specific RSA public key */ - if (tsip_use_PublicKey_buffer(ssl, + if (tsip_use_PublicKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_rsa2048_public_key, sizeof(g_key_block_data.encrypted_user_rsa2048_public_key), TSIP_RSA2048) != 0) { - printf("ERROR tsip_use_PublicKey_buffer\n"); + printf("ERROR tsip_use_PublicKey_buffer_TLS\n"); goto out; } diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/.project b/IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/.project index 9642014f8..e59778702 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/.project +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/.project @@ -79,6 +79,11 @@ 1 PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c + + wolfcrypt/port/renesas_tsip_rsa.c + 1 + PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c + wolfcrypt/port/renesas_tsip_sha.c 1 diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/wolfssl.rcpc b/IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/wolfssl.rcpc index 2fa605c3d..4cf3634fe 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/wolfssl.rcpc +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/wolfssl.rcpc @@ -22,6 +22,7 @@ ..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_common.c ..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_aes.c + ..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_rsa.c ..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_sha.c ..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_util.c @@ -143,6 +144,7 @@ Debug\wolfio.obj Debug\renesas_common.obj Debug\renesas_tsip_aes.obj + Debug\renesas_tsip_rsa.obj Debug\renesas_tsip_sha.obj Debug\renesas_tsip_util.obj Debug\aes.obj diff --git a/IDE/Renesas/e2studio/RX65N/RSK/resource/section.esi b/IDE/Renesas/e2studio/RX65N/RSK/resource/section.esi index 19ad71371..6e39acffc 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/resource/section.esi +++ b/IDE/Renesas/e2studio/RX65N/RSK/resource/section.esi @@ -8,18 +8,24 @@ + + + + + + + + + - + - - - diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl/.project b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl/.project index 9642014f8..e59778702 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl/.project +++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl/.project @@ -79,6 +79,11 @@ 1 PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c + + wolfcrypt/port/renesas_tsip_rsa.c + 1 + PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c + wolfcrypt/port/renesas_tsip_sha.c 1 diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c index 84fa3167f..29d0adcbd 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c +++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c @@ -267,6 +267,4 @@ const unsigned char client_cert_der_sign[] = }; const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign); -uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 }; -uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 }; #endif diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h index 058e1a47a..f856d4e5e 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h +++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h @@ -224,13 +224,28 @@ #if defined(WOLFSSL_RENESAS_TSIP) + /*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/ + /* Enable TSIP TLS (default) + * TSIP CRYPTONLY is also enabled. + * Disable TSIP TLS + * TSIP CRYPTONLY is only enabled. + */ + #define WOLFSSL_RENESAS_TSIP_TLS + #if !defined(NO_RENESAS_TSIP_CRYPT) - #define WOLFSSL_RENESAS_TSIP_CRYPT - #define WOLFSSL_RENESAS_TSIP_TLS - #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT + #define WOLFSSL_RENESAS_TSIP_CRYPTONLY #define HAVE_PK_CALLBACKS #define WOLF_CRYPTO_CB - #define WOLF_PRIVATE_KEY_ID + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT + #define WOLF_PRIVATE_KEY_ID + #endif + #endif + + #if !defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + # undef WOLFSSL_RENESAS_TSIP_TLS + # undef WOLFSSL_RENESAS_TSIP_CRYPT #endif #else diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c index e61512c15..5614f3f1f 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c +++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c @@ -294,22 +294,22 @@ static void Tls_client() /* TSIP specific ECC private key */ if (ret == 0){ - ret = tsip_use_PrivateKey_buffer(ssl, + ret = tsip_use_PrivateKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_ecc256_private_key, sizeof(g_key_block_data.encrypted_user_ecc256_private_key), TSIP_ECCP256); if (ret != 0) { - printf("ERROR tsip_use_PrivateKey_buffer\n"); + printf("ERROR tsip_use_PrivateKey_buffer_TLS\n"); } } # if defined(WOLFSSL_CHECK_SIG_FAULTS) if (ret == 0){ - ret = tsip_use_PublicKey_buffer(ssl, + ret = tsip_use_PublicKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_ecc256_public_key, sizeof(g_key_block_data.encrypted_user_ecc256_public_key), TSIP_ECCP256); if (ret != 0) { - printf("ERROR tsip_use_PublicKey_buffer\n"); + printf("ERROR tsip_use_PublicKey_buffer_TLS\n"); } } #endif /* WOLFSSL_CHECK_SIG_FAULTS */ @@ -339,21 +339,21 @@ static void Tls_client() /* TSIP specific RSA private key */ if (ret == 0) { - ret = tsip_use_PrivateKey_buffer(ssl, + ret = tsip_use_PrivateKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_rsa2048_private_key, sizeof(g_key_block_data.encrypted_user_rsa2048_private_key), TSIP_RSA2048); if (ret != 0) { - printf("ERROR tsip_use_PrivateKey_buffer :%d\n", ret); + printf("ERROR tsip_use_PrivateKey_buffer_TLS :%d\n", ret); } } if (ret == 0) { - ret = tsip_use_PublicKey_buffer(ssl, + ret = tsip_use_PublicKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_rsa2048_public_key, sizeof(g_key_block_data.encrypted_user_rsa2048_public_key), TSIP_RSA2048); if (ret != 0) { - printf("ERROR tsip_use_PublicKey_buffer: %d\n", ret); + printf("ERROR tsip_use_PublicKey_buffer_TLS: %d\n", ret); } } diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c index c6d70e756..2c48ed510 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c @@ -21,8 +21,8 @@ #include -#define YEAR 2022 -#define MON 6 +#define YEAR 2023 +#define MON 5 static int tick = 0; @@ -43,5 +43,5 @@ int strncasecmp(const char *s1, const char * s2, unsigned int sz) /* dummy return true when char is alphanumeric character */ int isascii(const char *s) { - return isalnum(s); + return isalnum(s); } diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject index 460072091..5f7ceb0e4 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject @@ -54,11 +54,7 @@ - - - - @@ -66,6 +62,10 @@ + + + + @@ -267,11 +267,7 @@ - - - - @@ -279,6 +275,10 @@ + + + + diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.project b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.project index 2616e947e..10951ff4b 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.project +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.project @@ -39,6 +39,11 @@ 1 PARENT-2-PROJECT_LOC/wolfssl_demo/user_settings.h + + src/wolfssl_tsip_unit_test.c + 1 + PARENT-2-PROJECT_LOC/wolfssl_demo/wolfssl_tsip_unit_test.c + src/key_data/key_data.c 1 diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c index 946aaeeb1..e91a4533e 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c @@ -31,7 +31,7 @@ #include #endif -#define SIMPLE_TLSSEVER_IP "192.168.10.10" +#define SIMPLE_TLSSEVER_IP "192.168.11.9" #define SIMPLE_TLSSERVER_PORT "11111" ER t4_tcp_callback(ID cepid, FN fncd , VP p_parblk); diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c index cb629a38b..42d62359f 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c @@ -27,7 +27,7 @@ #include "wolfssl/wolfcrypt/types.h" #if defined(SIMPLE_TCP_CLIENT) || defined(SIMPLE_TLS_CLIENT) || \ - defined(SIMPLE_TLS_TSIP_CLIENT) + defined(SIMPLE_TLS_TSIP_CLIENT) #define SIMPLE_CLIENT #endif @@ -251,7 +251,7 @@ void main(void) printf("End wolfCrypt Benchmark\n"); #endif #elif defined(SIMPLE_TCP_CLIENT) || defined(SIMPLE_TLS_CLIENT) || \ - defined(SIMPLE_TLS_TSIP_CLIENT) + defined(SIMPLE_TLS_TSIP_CLIENT) #include "r_cmt_rx_if.h" Open_tcp(); @@ -265,7 +265,7 @@ void main(void) #if defined(SIMPLE_TCP_CLIENT) simple_tcp_client(); #elif defined(SIMPLE_TLS_CLIENT) || defined(SIMPLE_TLS_TSIP_CLIENT) - if(cipherlist_sz > 0 ) printf("cipher : %s\n", cipherlist[i]); + if(cipherlist_sz > 0 ) printf("cipher : %s\n", cipherlist[i]); wolfSSL_TLS_client_init(cipherlist[i]); wolfSSL_TLS_client(); @@ -287,6 +287,23 @@ void main(void) wolfSSL_TLS_server(); #endif Close_tcp(); +#elif defined(TSIP_CRYPT_UNIT_TEST) + if ((ret = wolfCrypt_Init()) != 0) { + printf("wolfCrypt_Init failed %d\n", ret); + } + + printf("Start wolf tsip crypt Test\n"); + + printf(" \n"); + printf(" simple crypt test by using TSIP\n"); + tsip_crypt_test(); + + printf(" \n"); + printf("End wolf tsip crypt Test\n"); + + if ((ret = wolfCrypt_Cleanup()) != 0) { + printf("wolfCrypt_Cleanup failed %d\n", ret); + } #endif } diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h index 21e9849a7..c62cd4a38 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h @@ -54,7 +54,7 @@ void wolfSSL_TLS_server(); void simple_tcp_server(); #if defined(SIMPLE_TCP_CLIENT) || defined(SIMPLE_TLS_CLIENT) || \ - defined(SIMPLE_TCP_SERVER) || defined(SIMPLE_TLS_SERVER) + defined(SIMPLE_TCP_SERVER) || defined(SIMPLE_TLS_SERVER) #define min(x,y) ((x)<(y)?(x):(y)) int isascii(const char *s); #endif diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg index a0b715db5..bf7fe0920 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg @@ -950,11 +950,6 @@ - - - - - @@ -1136,6 +1131,11 @@ + + + + +
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.project b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.project index 2c1641be0..068886b4c 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.project +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.project @@ -79,6 +79,11 @@ 1 PARENT-7-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c + + wolfcrypt/port/renesas_tsip_rsa.c + 1 + PARENT-7-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c + wolfcrypt/port/renesas_tsip_sha.c 1 diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/wolfssl.rcpc b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/wolfssl.rcpc index e86cb0e82..6e8f27d1e 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/wolfssl.rcpc +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/wolfssl.rcpc @@ -22,6 +22,7 @@ ..\..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_common.c ..\..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_aes.c + ..\..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_rsa.c ..\..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_sha.c ..\..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_util.c @@ -145,6 +146,7 @@ Debug\wolfio.obj Debug\renesas_common.obj Debug\renesas_tsip_aes.obj + Debug\renesas_tsip_rsa.obj Debug\renesas_tsip_sha.obj Debug\renesas_tsip_util.obj Debug\aes.obj diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl/.project b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl/.project index 9642014f8..e59778702 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl/.project +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl/.project @@ -79,6 +79,11 @@ 1 PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c + + wolfcrypt/port/renesas_tsip_rsa.c + 1 + PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c + wolfcrypt/port/renesas_tsip_sha.c 1 diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h index f75d68d33..f65c25c9d 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h @@ -28,7 +28,6 @@ *----------------------------------------------------------------------------*/ #define WOLFSSL_RENESAS_RX72N - /*-- Renesas TSIP usage and its version --------------------------------------- * * "WOLFSSL_RENESAS_TSIP" definition makes wolfSSL to use H/W acceleration @@ -45,6 +44,7 @@ #define WOLFSSL_RENESAS_TSIP #define WOLFSSL_RENESAS_TSIP_VER 117 + #if defined(SIMPLE_TLS_CLIENT) || defined(SIMPLE_TLS_SERVER) #undef WOLFSSL_RENESAS_TSIP #undef WOLFSSL_RENESAS_TSIP_VER @@ -157,6 +157,7 @@ *----------------------------------------------------------------------------*/ #define SIZEOF_LONG_LONG 8 + #define WOLFSSL_SMALL_STACK /* * -- "NO_ASN_TIME" macro is to avoid certificate expiration validation -- @@ -220,7 +221,7 @@ #endif /*-- Consistency checking between definitions --------------------------------- * - * + * *----------------------------------------------------------------------------*/ /*-- TSIP TLS specific definitions --*/ @@ -236,14 +237,28 @@ *----------------------------------------------------------------------------*/ #if defined(WOLFSSL_RENESAS_TSIP) + /*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/ + /* Enable TSIP TLS (default) + * TSIP CRYPTONLY is also enabled. + * Disable TSIP TLS + * TSIP CRYPTONLY is only enabled. + */ + #define WOLFSSL_RENESAS_TSIP_TLS #if !defined(NO_RENESAS_TSIP_CRYPT) - #define WOLFSSL_RENESAS_TSIP_CRYPT - #define WOLFSSL_RENESAS_TSIP_TLS - #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT + #define WOLFSSL_RENESAS_TSIP_CRYPTONLY #define HAVE_PK_CALLBACKS #define WOLF_CRYPTO_CB - #define WOLF_PRIVATE_KEY_ID + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT + #define WOLF_PRIVATE_KEY_ID + #endif + #endif + + #if !defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + # undef WOLFSSL_RENESAS_TSIP_TLS + # undef WOLFSSL_RENESAS_TSIP_CRYPT #endif #else diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c index f32e119c4..5d1f91367 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c @@ -382,15 +382,15 @@ static void Tls_client(void *pvParam) #if defined(USE_ECC_CERT) /* Client authentication using ECDSA certificate can be handled by TSIP. * Therefore, the client private key should be TSIP-specific format - * and be set by tsip_use_PrivateKey_buffer. + * and be set by tsip_use_PrivateKey_buffer_TLS. */ if (ret == 0){ - ret = tsip_use_PrivateKey_buffer(ssl, + ret = tsip_use_PrivateKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_ecc256_private_key, sizeof(g_key_block_data.encrypted_user_ecc256_private_key), TSIP_ECCP256); if (ret != 0) { - printf("ERROR tsip_use_PrivateKey_buffer\n"); + printf("ERROR tsip_use_PrivateKey_buffer_TLS\n"); } } # if defined(WOLFSSL_CHECK_SIG_FAULTS) @@ -409,16 +409,16 @@ static void Tls_client(void *pvParam) /* Client authentication using RSA certificate can be handled by TSIP. * Note that the internal verification of the signature process requires * not only the client's private key but also its public key, so pass them - * using tsip_use_PrivateKey_buffer and tsip_use_PublicKey_buffer + * using tsip_use_PrivateKey_buffer_TLS and tsip_use_PublicKey_buffer_TLS * respectively. */ if (ret == 0) { - ret = tsip_use_PrivateKey_buffer(ssl, + ret = tsip_use_PrivateKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_rsa2048_private_key, sizeof(g_key_block_data.encrypted_user_rsa2048_private_key), TSIP_RSA2048); if (ret != 0) { - printf("ERROR tsip_use_PrivateKey_buffer :%d\n", ret); + printf("ERROR tsip_use_PrivateKey_buffer_TLS :%d\n", ret); } } if (ret == 0) { @@ -536,7 +536,7 @@ static void Tls_client_demo(void) "TLS13-AES128-GCM-SHA256", "TLS13-AES128-CCM-SHA256", #endif - "ECDHE-ECDSA-AES128-SHA256", + "ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-GCM-SHA256", }; #if defined(WOLFSSL_TLS13) diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h index d621bbd30..c11e59c83 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h @@ -45,7 +45,7 @@ #define LIBRARY_LOG_LEVEL LOG_INFO #endif #include "logging_stack.h" - +#include "wolfssl/ssl.h" /* Enable wolfcrypt test demo */ /*#define CRYPT_TEST */ diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c index 35c644765..f89b48cf1 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c @@ -19,6 +19,14 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include + +#ifdef TSIP_CRYPT_UNIT_TEST + +#include "r_bsp_config.h" +#if BSP_CFG_USTACK_BYTES < 0x4000 +# error "more than 0x4000 stack needed to run the unit tests." +#endif #include #include @@ -28,6 +36,7 @@ #include #include #include +#include #ifdef NO_INLINE #include #else @@ -36,12 +45,14 @@ #endif #include +#ifdef FREERTOS #include "FreeRTOS.h" -#if defined(FREERTOS_TCP) +# if defined(FREERTOS_TCP) #include "FreeRTOS_IP.h" #include "FreeRTOS_Sockets.h" #include "platform/iot_network.h" #include "platform.h" +# endif #endif #ifndef NO_SHA @@ -59,7 +70,7 @@ printf(" passed \n");\ else \ printf(" failed \n"); - +#ifdef FREERTOS static xSemaphoreHandle exit_semaph; static byte exit_loop = 0; static byte sha_multTst_rslt = 0; @@ -68,26 +79,55 @@ static byte Aes128_Cbc_multTst_rslt = 0; static byte Aes256_Cbc_multTst_rslt = 0; static byte Aes128_Gcm_multTst_rslt = 0; static byte Aes256_Gcm_multTst_rslt = 0; +#endif /* FREERTOS */ #if defined(HAVE_AES_CBC) -#if defined(WOLFSSL_AES_128) -static tsip_aes_key_index_t g_user_aes128_key_index1; -static tsip_aes_key_index_t g_user_aes128_key_index2; -#endif +# if defined(WOLFSSL_AES_128) + static tsip_aes_key_index_t g_user_aes128_key_index1; + static tsip_aes_key_index_t g_user_aes128_key_index2; +# endif -#if defined(WOLFSSL_AES_256) -static tsip_aes_key_index_t g_user_aes256_key_index1; -static tsip_aes_key_index_t g_user_aes256_key_index2; -#endif +# if defined(WOLFSSL_AES_256) + static tsip_aes_key_index_t g_user_aes256_key_index1; + static tsip_aes_key_index_t g_user_aes256_key_index2; +# endif #endif + + typedef struct tagInfo { tsip_aes_key_index_t aes_key; } Info; +#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY + static TsipUserCtx userContext; + + void Clr_CallbackCtx(TsipUserCtx *g) + { + + if (g->rsa1024pri_keyIdx != NULL) + XFREE(g->rsa1024pri_keyIdx, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (g->rsa1024pub_keyIdx != NULL) + XFREE(g->rsa1024pub_keyIdx, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (g->rsa2048pri_keyIdx != NULL) + XFREE(g->rsa2048pri_keyIdx, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (g->rsa2048pub_keyIdx != NULL) + XFREE(g->rsa2048pub_keyIdx, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + XMEMSET(g, 0, sizeof(TsipUserCtx)); + } + +#endif + #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key) @@ -160,6 +200,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key) return ret; } +#ifdef FREERTOS static void tskAes128_Cbc_Test(void *pvParam) { int ret = 0; @@ -177,7 +218,7 @@ static void tskAes128_Cbc_Test(void *pvParam) xSemaphoreGive(exit_semaph); vTaskDelete(NULL); } - +#endif /* FREERTOS */ #endif #ifdef WOLFSSL_AES_256 @@ -212,6 +253,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key) 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }; + (void)verify; if (prnt) printf(" tsip_aes256_test() "); @@ -276,7 +318,7 @@ out: return ret; } - +#ifdef FREERTOS static void tskAes256_Cbc_Test(void *pvParam) { int ret = 0; @@ -294,7 +336,7 @@ static void tskAes256_Cbc_Test(void *pvParam) xSemaphoreGive(exit_semaph); vTaskDelete(NULL); } - +#endif /* FREERTOS */ #endif /* WOLFSSL_AES_256 */ #if defined(WOLFSSL_AES_256) @@ -368,6 +410,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) int ret; (void) result; + (void) c1; + (void) t1; if (prnt) { printf(" tsip_aes256_gcm_test() "); @@ -467,7 +511,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) return ret; } - +#ifdef FREERTOS static void tskAes256_Gcm_Test(void *pvParam) { int ret = 0; @@ -485,6 +529,7 @@ static void tskAes256_Gcm_Test(void *pvParam) xSemaphoreGive(exit_semaph); vTaskDelete(NULL); } +#endif /* FREERTOS */ #endif #if defined(WOLFSSL_AES_128) @@ -539,7 +584,8 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key) int ret; (void) result; - + (void) c3; + (void) t3; if (prnt) { printf(" tsip_aes128_gcm_test() "); } @@ -602,7 +648,7 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key) return ret; } - +#ifdef FREERTOS static void tskAes128_Gcm_Test(void *pvParam) { int ret = 0; @@ -620,69 +666,11 @@ static void tskAes128_Gcm_Test(void *pvParam) xSemaphoreGive(exit_semaph); vTaskDelete(NULL); } - +#endif /* FREERTOS */ #endif -int tsip_crypt_test() -{ - int ret = 0; - e_tsip_err_t tsip_error_code; - /* Generate AES tsip Key */ - tsip_error_code = R_TSIP_GenerateAes128RandomKeyIndex( - &g_user_aes128_key_index1); - - if (tsip_error_code == TSIP_SUCCESS) - tsip_error_code = R_TSIP_GenerateAes128RandomKeyIndex( - &g_user_aes128_key_index2); - - if (tsip_error_code == TSIP_SUCCESS) - tsip_error_code = R_TSIP_GenerateAes256RandomKeyIndex( - &g_user_aes256_key_index1); - - if (tsip_error_code == TSIP_SUCCESS) - tsip_error_code = R_TSIP_GenerateAes256RandomKeyIndex( - &g_user_aes256_key_index2); - - if (tsip_error_code == TSIP_SUCCESS) { - - #ifndef NO_SHA - printf(" sha_test()"); - ret = sha_test(); - RESULT_STR(ret) - #endif - - #ifndef NO_SHA256 - printf(" sha256_test()"); - ret = sha256_test(); - RESULT_STR(ret) - #endif - - ret = tsip_aes_cbc_test(1, &g_user_aes128_key_index1); - - if (ret == 0) { - - ret = tsip_aes256_test(1, &g_user_aes256_key_index1); - - } - - if (ret == 0) { - - ret = tsip_aesgcm128_test(1, &g_user_aes128_key_index1); - - } - - if (ret == 0) { - - ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1); - - } - } - else - ret = -1; - - return ret; -} +#ifdef FREERTOS #ifndef NO_SHA @@ -722,7 +710,102 @@ static void tskSha256_Test(void *pvParam) vTaskDelete(NULL); } #endif +#endif /* FREERTOS */ +#if !defined(NO_RSA) + +/* testing rsa sign/verify w/ rsa 2048 bit key */ +#define TEST_STRING "Everyone gets Friday off." +#define TEST_STRING2 "Everyone gets Friday ofv." +#define TEST_STRING_SZ 25 +#define RSA_TEST_BYTES 256 /* up to 2048-bit key */ + +static int tsip_rsa_SignVerify_test(int prnt, int keySize) +{ + int ret = 0; + + RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WC_RNG rng; + const char inStr [] = TEST_STRING; + const char inStr2[] = TEST_STRING2; + const word32 inLen = (word32)TEST_STRING_SZ; + const word32 outSz = RSA_TEST_BYTES; + + byte *in = NULL; + byte *in2 = NULL; + byte *out= NULL; + + in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + (void) prnt; + + if (key == NULL || in == NULL || out == NULL) { + ret = -1; + goto out; + } + + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(key, 0, sizeof *key); + XMEMCPY(in, inStr, inLen); + XMEMCPY(in2, inStr2, inLen); + + ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/); + if (ret != 0) { + goto out; + } + + if ((ret = wc_InitRng(&rng)) != 0) + goto out; + + if ((ret = wc_RsaSetRNG(key, &rng)) != 0) + goto out; + + /* make rsa key by SCE */ + if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) { + goto out; + } + + ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng); + if (ret < 0) { + goto out; + } + + /* this should fail */ + ret = wc_RsaSSL_Verify(in2, inLen, out, keySize/8, key); + if (ret != SIG_VERIFY_E) { + ret = -1; + goto out; + } + /* this should succeed */ + ret = wc_RsaSSL_Verify(in, inLen, out, keySize/8, key); + if (ret < 0) { + ret = -1; + goto out; + } + ret = 0; + out: + if (key != NULL) { + wc_FreeRsaKey(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (in != NULL) { + XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (in2 != NULL) { + XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (out != NULL) { + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + return ret; +} +#endif /* NO_RSA */ + + +#ifdef TSIP_MULTIUNIT_TEST int tsip_crypt_sha_multitest() { int ret = 0; @@ -1018,4 +1101,109 @@ int tsip_crypt_Sha_AesCbcGcm_multitest() return ret; } +#endif + +int tsip_crypt_test() +{ + int ret = 0; + e_tsip_err_t tsip_error_code; + + /* Generate AES tsip Key */ + tsip_error_code = R_TSIP_GenerateAes128RandomKeyIndex( + &g_user_aes128_key_index1); + + if (tsip_error_code == TSIP_SUCCESS) + tsip_error_code = R_TSIP_GenerateAes128RandomKeyIndex( + &g_user_aes128_key_index2); + + if (tsip_error_code == TSIP_SUCCESS) + tsip_error_code = R_TSIP_GenerateAes256RandomKeyIndex( + &g_user_aes256_key_index1); + + if (tsip_error_code == TSIP_SUCCESS) + tsip_error_code = R_TSIP_GenerateAes256RandomKeyIndex( + &g_user_aes256_key_index2); + + if (tsip_error_code == TSIP_SUCCESS) { + + #ifndef NO_SHA + printf(" sha_test()"); + ret = sha_test(); + RESULT_STR(ret) + #endif + + #ifndef NO_SHA256 + printf(" sha256_test()"); + ret = sha256_test(); + RESULT_STR(ret) + #endif + + ret = tsip_aes_cbc_test(1, &g_user_aes128_key_index1); + + if (ret == 0) { + + ret = tsip_aes256_test(1, &g_user_aes256_key_index1); + + } + + if (ret == 0) { + + ret = tsip_aesgcm128_test(1, &g_user_aes128_key_index1); + + } + + if (ret == 0) { + + ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1); + + } + #if defined(WOLFSSL_KEY_GEN)&& \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + + if (ret == 0) { + + Clr_CallbackCtx(&userContext); + + ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &userContext); + + if (ret > 0) + ret = 0; + } + + if (ret == 0) { + + printf(" tsip_rsa_SignVerify_test(1024)"); + + userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024; + userContext.sing_hash_type = sha256_mac; + userContext.keyflgs_crypt.bits.message_type = 0; + + ret = tsip_rsa_SignVerify_test(1, 1024); + RESULT_STR(ret) + } + + Clr_CallbackCtx(&userContext); + + if (ret == 0) { + printf(" tsip_rsa_SignVerify_test(2048)"); + + userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048; + userContext.sing_hash_type = sha256_mac; + userContext.keyflgs_crypt.bits.message_type = 0; + + ret = tsip_rsa_SignVerify_test(1, 2048); + RESULT_STR(ret) + } + + Clr_CallbackCtx(&userContext); + #endif + } + else + ret = -1; + + + return ret; +} + +#endif /* TSIP_CRYPT_UNIT_TEST */ diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index ed4145734..83a12b902 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -122,6 +122,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/arm/cryptoCellHash.c \ wolfcrypt/src/port/Renesas/renesas_tsip_aes.c \ wolfcrypt/src/port/Renesas/renesas_tsip_sha.c \ + wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c \ wolfcrypt/src/port/Renesas/renesas_tsip_util.c \ wolfcrypt/src/port/Renesas/renesas_sce_util.c \ wolfcrypt/src/port/Renesas/renesas_sce_aes.c \ diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 85aedec04..b601e5ac5 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -23,14 +23,16 @@ #if defined(WOLFSSL_RENESAS_SCEPROTECT) \ || defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) \ - || defined(WOLFSSL_RENESAS_TSIP_TLS) + || defined(WOLFSSL_RENESAS_TSIP_TLS) \ + || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #if defined(WOLFSSL_RENESAS_SCEPROTECT) || \ defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) #include #define cmn_hw_lock wc_sce_hw_lock #define cmn_hw_unlock wc_sce_hw_unlock -#elif defined(WOLFSSL_RENESAS_TSIP_TLS) +#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #include #define cmn_hw_lock tsip_hw_lock #define cmn_hw_unlock tsip_hw_unlock @@ -51,6 +53,7 @@ static int gdevId = 7890; /* initial dev Id for Crypt Callback */ #include +#if defined(WOLFSSL_RENESAS_TSIP_TLS) WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl) { int ret = 0; @@ -59,7 +62,7 @@ WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl) #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_TlsCleanup(ssl); #endif - + WOLFSSL_LEAVE("Renesas_cmn_Cleanup", ret); return ret; } @@ -79,7 +82,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl, } /* This function is a callback passed to wolfSSL_CTX_SetRsaSignCheckCb. * It tries to verify the signature passed to it by decrypting with a public - * key. + * key. * returns 0 on success, CRYPTOCB_UNAVAILABLE when public key is not set. */ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCheckCb(WOLFSSL* ssl, @@ -92,9 +95,9 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCheckCb(WOLFSSL* ssl, WOLFSSL_ENTER("Renesas_cmn_RsaSignCheckCb"); #if defined(WOLFSSL_RENESAS_TSIP) - + return tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx); - + #endif /* WOLFSSL_RENESAS_TSIP */ WOLFSSL_LEAVE("Renesas_cmn_RsaSignCheckCb", ret); @@ -111,10 +114,12 @@ WOLFSSL_LOCAL int Renesas_cmn_EccSignCb(WOLFSSL* ssl, WOLFSSL_ENTER("Renesas_cmn_EccSignCb"); /* This is just a stub function that provides no logic */ - + WOLFSSL_LEAVE("Renesas_cmn_EccSignCb", ret); return ret; } +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ + /* Renesas Security Library Common Callback * For Crypto Callbacks * @@ -129,7 +134,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) WOLFSSL_ENTER("Renesas_cmn_CryptoDevCb"); -#if defined(WOLFSSL_RENESAS_TSIP_TLS) +#if defined(WOLFSSL_RENESAS_TSIP_TLS) \ + || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; #elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \ defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) @@ -144,15 +150,19 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->algo_type, cbInfo->session_key_set); #endif -#if defined(WOLFSSL_RENESAS_TSIP) +#if defined(WOLFSSL_RENESAS_TSIP) \ + || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) ret = CRYPTOCB_UNAVAILABLE; if (info->algo_type == WC_ALGO_TYPE_CIPHER) { #if !defined(NO_AES) || !defined(NO_DES3) #ifdef HAVE_AESGCM - if (info->cipher.type == WC_CIPHER_AES_GCM && - cbInfo->session_key_set == 1) { + if (info->cipher.type == WC_CIPHER_AES_GCM + #ifdef WOLFSSL_RENESAS_TSIP_TLS + && cbInfo->session_key_set == 1 + #endif + ) { if (info->cipher.enc) { ret = wc_tsip_AesGcmEncrypt( @@ -186,8 +196,11 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } #endif /* HAVE_AESGCM */ #ifdef HAVE_AES_CBC - if (info->cipher.type == WC_CIPHER_AES_CBC && - cbInfo->session_key_set == 1) { + if (info->cipher.type == WC_CIPHER_AES_CBC + #ifdef WOLFSSL_RENESAS_TSIP_TLS + && cbInfo->session_key_set == 1 + #endif + ) { if (info->cipher.enc) { ret = wc_tsip_AesCbcEncrypt( @@ -208,7 +221,15 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #endif /* HAVE_AES_CBC */ #endif /* !NO_AES || !NO_DES3 */ } - /* Is called for signing + #if defined(WOLFSSL_KEY_GEN) + if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && + (info->pk.rsakg.size == 1024 || + info->pk.rsakg.size == 2048)) { + ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); + } + #endif + + /* Is called for signing * Can handle only RSA PkCS#1v1.5 padding scheme here. */ if (info->algo_type == WC_ALGO_TYPE_PK) { @@ -217,9 +238,14 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) { ret = tsip_SignRsaPkcs(info, ctx); } + #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) { + ret = wc_tsip_RsaVerifyPkcs(info, ctx); + } + #endif } #endif /* NO_RSA */ - #if defined(HAVE_ECC) + #if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS) else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { ret = tsip_SignEcdsa(info, ctx); } @@ -333,7 +359,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } else if ( - cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 + cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && info->cipher.aescbc.aes->keylen == 16) { XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key, &cbInfo->sce_wrapped_key_aes128, @@ -376,7 +402,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) else if (info->algo_type == WC_ALGO_TYPE_PK) { - + #if !defined(NO_RSA) #if defined(WOLFSSL_KEY_GEN) if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && @@ -386,19 +412,19 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } #endif if (info->pk.type == WC_PK_TYPE_RSA) { - /* to perform RSA on SCE, wrapped keys should be installed + /* to perform RSA on SCE, wrapped keys should be installed * in advance. SCE supports 1024 or 2048 bits key size. * otherwise, falls-through happens. */ if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 || cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 - || - cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 + || + cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 || - cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 + cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 ) { - + if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT || info->pk.rsa.type == RSA_PUBLIC_ENCRYPT ) { @@ -474,7 +500,7 @@ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated) * ssl : a pointer to WOLFSSL object * ctx : callback context * return valid device Id on success, otherwise INVALID_DEVIID - * device Id starts from 7890, and increases + 1 its number + * device Id starts from 7890, and increases + 1 its number * when the method is successfully called. */ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) @@ -482,7 +508,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) (void)ssl; (void)ctx; - #if defined(WOLFSSL_RENESAS_TSIP_TLS) + #if defined(WOLFSSL_RENESAS_TSIP_TLS) \ + || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; #elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \ defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) @@ -490,7 +517,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) #endif if (cbInfo == NULL - #if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \ + #if (!defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) &&\ + !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(HAVE_RENESAS_SYNC) || ssl == NULL) { #else @@ -508,8 +536,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) WOLFSSL_MSG("Failed to lock tsip hw"); return INVALID_DEVID; } - - if (wc_CryptoCb_RegisterDevice(cbInfo->devId, + + if (wc_CryptoCb_RegisterDevice(cbInfo->devId, Renesas_cmn_CryptoDevCb, cbInfo) < 0) { /* undo devId number */ gdevId--; @@ -517,6 +545,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) } #if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \ + !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) && \ !defined(HAVE_RENESAS_SYNC) if (ssl) wolfSSL_SetDevId(ssl, cbInfo->devId); @@ -525,7 +554,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) if (gdevId < 0) { gdevId = 7890; } - + return cbInfo->devId; } @@ -543,7 +572,7 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id) #endif /* WOLF_CRYPTO_CB */ #endif /* WOLFSSL_RENESAS_SCEPROTECT || WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY - /* WOLFSSL_RENESAS_TSIP_TLS*/ + WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */ #if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS) @@ -681,8 +710,8 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig, * cm_row CA index * return FSP_SUCCESS(0) on success, otherwise WOLFSSL_FATAL_ERROR */ -int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, - word32 key_n_start, word32 key_n_len, word32 key_e_start, +int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, + word32 key_n_start, word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row) { int ret; @@ -752,7 +781,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, /* Renesas Security Library Common Callback * Callback for setting Encrypt Keys. - * Register callback for setting Encrypt Keys when keys are generated + * Register callback for setting Encrypt Keys when keys are generated * by SCE/TSIP * * ssl the WOLFSSL object @@ -771,7 +800,7 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) #if defined(WOLFSSL_RENESAS_TSIP_TLS) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; - + if (cbInfo->session_key_set == 1) { #elif defined(WOLFSSL_RENESAS_SCEPROTECT) User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx; @@ -811,7 +840,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx) User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx; #endif (void)ctx; - + WOLFSSL_ENTER("Renesas_cmn_generateSessionKey"); if (Renesas_cmn_usable(ssl, 0)) { #if defined(WOLFSSL_RENESAS_TSIP_TLS) @@ -819,11 +848,11 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx) #elif defined(WOLFSSL_RENESAS_SCEPROTECT) ret = wc_sce_generateSessionKey(ssl, ctx, cbInfo->devId); #endif - } + } else { ret = PROTOCOLCB_UNAVAILABLE; } - + if (ret == 0) { wolfSSL_CTX_SetEncryptKeysCb(ssl->ctx, Renesas_cmn_EncryptKeys); wolfSSL_SetEncryptKeysCtx(ssl, ctx); @@ -1118,7 +1147,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, if (Renesas_cmn_usable(ssl, 1)) { if (ssl->specs.hash_size == WC_SHA256_DIGEST_SIZE) { wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); - ret = wc_sce_Sha256GenerateHmac(ssl, myInner, + ret = wc_sce_Sha256GenerateHmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ, in, sz, digest); } else diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c index 334d04336..d4f474195 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c @@ -30,7 +30,8 @@ #ifndef NO_AES -#if defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ +#if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES) #include @@ -60,7 +61,7 @@ typedef e_tsip_err_t (*aesGcmDecUpdateFn) typedef e_tsip_err_t (*aesGcmDecFinalFn) (tsip_gcm_handle_t*, uint8_t*, uint32_t*, uint8_t*, uint32_t); - +#ifdef WOLFSSL_RENESAS_TSIP_TLS /* function pointer type defs for TLSv13 handshake AES-GCM/CCM encryption */ typedef e_tsip_err_t (*Tls13AesEncInitFn) @@ -109,17 +110,17 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt( tsip_aes_key_index_t* key = NULL; WOLFSSL_ENTER("tsip_Tls13AesEncrypt"); - + if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) { return BAD_FUNC_ARG; - } + } if (ssl->options.side != WOLFSSL_CLIENT_END) { return CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */ } /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); return CRYPTOCB_UNAVAILABLE; @@ -165,7 +166,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt( cs, key, sz); - + if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13DecryptUpdate error"); ret = WC_HW_E; @@ -179,7 +180,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt( dataSz = min(remain, AES_BLOCK_SIZE); ForceZero(plain, sizeof(plain)); ForceZero(cipher, sizeof(cipher)); - XMEMCPY(plain, input + idxIn, dataSz); + XMEMCPY(plain, input + idxIn, dataSz); err = R_TSIP_Tls13EncryptUpdate( @@ -187,13 +188,13 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt( (uint8_t*)plain, (uint8_t*)cipher, dataSz); - + if (err == TSIP_SUCCESS) { if (dataSz >= AES_BLOCK_SIZE) { XMEMCPY(output + idxOut, cipher, dataSz); idxOut += dataSz; } - idxIn += dataSz; + idxIn += dataSz; remain -= dataSz; } else { @@ -259,14 +260,14 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt( if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) { return BAD_FUNC_ARG; - } + } if (ssl->options.side != WOLFSSL_CLIENT_END) { return CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */ } /* get user context for TSIP */ - tuc = ssl->RenesasUserCtx; + tuc = ssl->RenesasUserCtx; if (tuc == NULL) { WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); return CRYPTOCB_UNAVAILABLE; @@ -304,7 +305,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt( blocks = sz / AES_BLOCK_SIZE; remain = sz; conRemain = sz - TSIP_AES_GCM_AUTH_TAG_SIZE; - + if ((ret = tsip_hw_lock()) == 0) { err = R_TSIP_Tls13DecryptInit( @@ -314,7 +315,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt( cs, key, sz); - + if (err != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_Tls13DecryptInit error"); ret = WC_HW_E; @@ -334,14 +335,14 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt( (uint8_t*)cipher, (uint8_t*)plain, dataSz); - + if (err == TSIP_SUCCESS) { if (dataSz >= AES_BLOCK_SIZE && conRemain >= AES_BLOCK_SIZE) { XMEMCPY(output + idxOut, plain, dataSz); idxOut += dataSz; conRemain -= min(conRemain, dataSz); } - idxIn += dataSz; + idxIn += dataSz; remain -= dataSz; } else { @@ -374,13 +375,13 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt( WOLFSSL_LEAVE("tsip_Tls13AesDecrypt", ret); return ret; } - +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ #if (WOLFSSL_RENESAS_TSIP_VER >= 109) #ifdef WOLF_CRYPTO_CB -WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, +WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx) { int ret = NOT_COMPILED_IN; @@ -390,13 +391,16 @@ WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, if (info == NULL || ctx == NULL) return BAD_FUNC_ARG; - + if (info->algo_type == WC_ALGO_TYPE_CIPHER) { #if !defined(NO_AES) || !defined(NO_DES3) #ifdef HAVE_AESGCM - if (info->cipher.type == WC_CIPHER_AES_GCM && - cbInfo->session_key_set == 1) { + if (info->cipher.type == WC_CIPHER_AES_GCM + #ifdef WOLFSSL_RENESAS_TSIP_TLS + && cbInfo->session_key_set == 1 + #endif + ) { if (info->cipher.enc) { ret = wc_tsip_AesGcmEncrypt( @@ -430,8 +434,11 @@ WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, } #endif /* HAVE_AESGCM */ #ifdef HAVE_AES_CBC - if (info->cipher.type == WC_CIPHER_AES_CBC && - cbInfo->session_key_set == 1) { + if (info->cipher.type == WC_CIPHER_AES_CBC + #ifdef WOLFSSL_RENESAS_TSIP_TLS + && cbInfo->session_key_set == 1 + #endif + ) { if (info->cipher.enc) { ret = wc_tsip_AesCbcEncrypt( @@ -680,7 +687,8 @@ int wc_tsip_AesGcmEncrypt( XMEMCPY(aadBuf, authIn, authInSz); } - if (ret == 0 && + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + if (ret == 0 && userCtx->session_key_set == 1) { /* generate AES-GCM session key. The key stored in * Aes.ctx.tsip_keyIdx is not used here. @@ -701,8 +709,11 @@ int wc_tsip_AesGcmEncrypt( WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed"); ret = -1; } - } else if (userCtx->user_aes128_key_set == 1 || - userCtx->user_aes256_key_set == 1) { + } else + #endif + if (ret == 0 && + (userCtx->user_aes128_key_set == 1 || + userCtx->user_aes256_key_set == 1)) { if (aes->ctx.keySize == 32) { XMEMCPY(&key_client_aes, &userCtx->user_aes256_key_index, sizeof(tsip_aes_key_index_t)); @@ -726,7 +737,7 @@ int wc_tsip_AesGcmEncrypt( err = initFn(&hdl, &key_client_aes, (uint8_t*)iv_l, ivSz_l); if (err == TSIP_SUCCESS) { - err = updateFn(&hdl, NULL, NULL, 0UL, (uint8_t*)aadBuf, authInSz); + err = updateFn(&hdl, NULL, NULL, 0UL, (uint8_t*)aadBuf, authInSz); } if (err == TSIP_SUCCESS) { err = updateFn(&hdl, plainBuf, cipherBuf, sz, NULL, 0UL); @@ -814,14 +825,14 @@ int wc_tsip_AesGcmDecrypt( uint8_t* aadBuf = NULL; const uint8_t* iv_l = NULL; uint32_t ivSz_l = 0; - + tsip_aes_key_index_t key_server_aes; TsipUserCtx *userCtx; WOLFSSL_ENTER("wc_tsip_AesGcmDecrypt"); if (aes == NULL || in == NULL || out == NULL || sz == 0 || ctx == NULL || - iv == 0 || + iv == 0 || (authInSz != 0 && authIn == NULL) || (authInSz == 0 && authIn != NULL) || (authTagSz != 0 && authTag == NULL) || @@ -875,7 +886,8 @@ int wc_tsip_AesGcmDecrypt( XMEMCPY(aadBuf, authIn, authInSz); } - if (ret == 0 && + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + if (ret == 0 && userCtx->session_key_set == 1) { /* generate AES-GCM session key. The key stored in * Aes.ctx.tsip_keyIdx is not used here. @@ -895,8 +907,12 @@ int wc_tsip_AesGcmDecrypt( WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed"); ret = -1; } - } else if (userCtx->user_aes128_key_set == 1 || - userCtx->user_aes256_key_set == 1) { + } else + + #endif + if (ret == 0 && + (userCtx->user_aes128_key_set == 1 || + userCtx->user_aes256_key_set == 1)) { if (aes->ctx.keySize == 32) { XMEMCPY(&key_server_aes, &userCtx->user_aes256_key_index, sizeof(tsip_aes_key_index_t)); @@ -905,10 +921,10 @@ int wc_tsip_AesGcmDecrypt( XMEMCPY(&key_server_aes, &userCtx->user_aes128_key_index, sizeof(tsip_aes_key_index_t)); } - + iv_l = iv; ivSz_l = ivSz; - + } if (ret == 0) { @@ -959,5 +975,6 @@ int wc_tsip_AesGcmDecrypt( WOLFSSL_LEAVE("wc_tsip_AesGcmDecrypt", ret); return ret; } -#endif /* WOLFSSL_RENESAS_TSIP_CRYPT */ +#endif /* WOLFSSL_RENESAS_TSIP_TLS) || WOLFSSL_RENESAS_TSIP_CRYPTONLY + && NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES */ #endif /* NO_AES */ diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c new file mode 100644 index 000000000..1a77b4020 --- /dev/null +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c @@ -0,0 +1,302 @@ +/* renesas_sce_rsa.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#if !defined(NO_RSA) && \ + (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) + +#include +#include + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include +#include +#include +#include +#include + +#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY +/* Make Rsa key for TSIP and set it to callback ctx + * Assumes to be called by Crypt Callback + * + * size desired keylenth, in bits. supports 1024 or 2048 bits + * ctx Callback context including pointer to hold generated key + * return TSIP_SUCCESS(0) on Success, otherwise negative value + */ +WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) +{ + e_tsip_err_t ret; + TsipUserCtx *info = (TsipUserCtx*)ctx; + + tsip_rsa1024_key_pair_index_t *tsip_pair1024_key = NULL; + tsip_rsa2048_key_pair_index_t *tsip_pair2048_key = NULL; + + /* sanity check */ + if (ctx == NULL) + return BAD_FUNC_ARG; + + if ((ret = tsip_hw_lock()) == 0) { + if (size == 1024) { + tsip_pair1024_key = + (tsip_rsa1024_key_pair_index_t*)XMALLOC( + sizeof(tsip_rsa1024_key_pair_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + if (tsip_pair1024_key == NULL) + return MEMORY_E; + + ret = R_TSIP_GenerateRsa1024RandomKeyIndex(tsip_pair1024_key); + } + else if (size == 2048) { + tsip_pair2048_key = + (tsip_rsa2048_key_pair_index_t*)XMALLOC( + sizeof(tsip_rsa2048_key_pair_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + if (tsip_pair2048_key == NULL) + return MEMORY_E; + + ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key); + } + else + return CRYPTOCB_UNAVAILABLE; + + if (ret == TSIP_SUCCESS) { + if (size == 1024) { + if (info->rsa1024pri_keyIdx != NULL) { + XFREE(info->rsa1024pri_keyIdx, NULL, + DYNAMIC_TYPE_RSA_BUFFER); + } + if (info->rsa1024pub_keyIdx != NULL) { + XFREE(info->rsa1024pub_keyIdx, NULL, + DYNAMIC_TYPE_RSA_BUFFER); + } + info->rsa1024pri_keyIdx = + (tsip_rsa1024_private_key_index_t*)XMALLOC( + sizeof(tsip_rsa1024_private_key_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + + if (info->rsa1024pri_keyIdx == NULL) { + XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + return MEMORY_E; + } + + info->rsa1024pub_keyIdx = + (tsip_rsa1024_public_key_index_t*)XMALLOC( + sizeof(tsip_rsa1024_public_key_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + + if (info->rsa1024pub_keyIdx == NULL) { + XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(info->rsa1024pri_keyIdx, 0, + DYNAMIC_TYPE_RSA_BUFFER); + return MEMORY_E; + } + /* copy generated key pair and free malloced key */ + XMEMCPY(info->rsa1024pri_keyIdx, + &tsip_pair1024_key->private, + sizeof(tsip_rsa1024_private_key_index_t)); + XMEMCPY(info->rsa1024pub_keyIdx, + &tsip_pair1024_key->public, + sizeof(tsip_rsa1024_public_key_index_t)); + XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + + info->keyflgs_crypt.bits.rsapri1024_key_set = 1; + info->keyflgs_crypt.bits.rsapub1024_key_set = 1; + } + else if (size == 2048) { + if (info->rsa2048pri_keyIdx != NULL) { + XFREE(info->rsa2048pri_keyIdx, NULL, + DYNAMIC_TYPE_RSA_BUFFER); + } + if (info->rsa2048pub_keyIdx != NULL) { + XFREE(info->rsa2048pub_keyIdx, NULL, + DYNAMIC_TYPE_RSA_BUFFER); + } + info->rsa2048pri_keyIdx = + (tsip_rsa2048_private_key_index_t*)XMALLOC( + sizeof(tsip_rsa2048_private_key_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + + if (info->rsa2048pri_keyIdx == NULL) { + XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + return MEMORY_E; + } + + info->rsa2048pub_keyIdx = + (tsip_rsa2048_public_key_index_t*)XMALLOC( + sizeof(tsip_rsa2048_public_key_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + + if (info->rsa2048pub_keyIdx == NULL) { + XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(info->rsa2048pri_keyIdx, 0, + DYNAMIC_TYPE_RSA_BUFFER); + return MEMORY_E; + } + /* copy generated key pair and free malloced key */ + XMEMCPY(info->rsa2048pri_keyIdx, + &tsip_pair2048_key->private, + sizeof(tsip_rsa2048_private_key_index_t)); + XMEMCPY(info->rsa2048pub_keyIdx, + &tsip_pair2048_key->public, + sizeof(tsip_rsa2048_public_key_index_t)); + XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + + info->keyflgs_crypt.bits.rsapri2048_key_set = 1; + info->keyflgs_crypt.bits.rsapub2048_key_set = 1; + + } + } + else { + WOLFSSL_MSG("Failed to generate key pair by TSIP"); + return CRYPTOCB_UNAVAILABLE; + } + + tsip_hw_unlock(); + } + + return 0; +} + + +/* Perform Rsa verify by TSIP + * Assumes to be called by Crypt Callback + * + * in Buffer to hold plaintext + * inLen Length of plaintext in bytes + * out Buffer to hold generated signature + * outLen Length of signature in bytes + * key rsa key object + * ctx The callback context + * return FSP_SUCCESS(0) on Success, otherwise negative value + */ + +WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) +{ + int ret = 0; + e_tsip_err_t err = TSIP_SUCCESS; + tsip_rsa_byte_data_t hashData, sigData; + + uint8_t tsip_hash_type; + + + /* sanity check */ + if (info == NULL || tuc == NULL){ + return BAD_FUNC_ARG; + } + + if (ret == 0) { + if (tuc->sing_hash_type == md5_mac) + tsip_hash_type = R_TSIP_RSA_HASH_MD5; + else if (tuc->sing_hash_type == sha_mac) + tsip_hash_type = R_TSIP_RSA_HASH_SHA1; + else if (tuc->sing_hash_type == sha256_mac) + tsip_hash_type = R_TSIP_RSA_HASH_SHA256; + else + ret = CRYPTOCB_UNAVAILABLE; + } + + switch (tuc->wrappedKeyType) { + case TSIP_KEY_TYPE_RSA1024: + if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) + { + ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); + + WOLFSSL_MSG("tsip rsa private key 1024 not set"); + if (ret != 0) + ret = CRYPTOCB_UNAVAILABLE; + + } + break; + case TSIP_KEY_TYPE_RSA2048: + if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) + { + ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); + + WOLFSSL_MSG("tsip rsa private key 1024 not set"); + if (ret != 0) + ret = CRYPTOCB_UNAVAILABLE; + } + break; + default: + WOLFSSL_MSG("wrapped private key is not supported"); + ret = CRYPTOCB_UNAVAILABLE; + break; + } + + if (ret == 0) { + hashData.pdata = (uint8_t*)info->pk.rsa.in; + hashData.data_length = info->pk.rsa.inLen; + hashData.data_type = + tuc->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */ + + sigData.pdata = (uint8_t*)info->pk.rsa.out; + sigData.data_length = info->pk.rsa.outLen; + + if ((ret = tsip_hw_lock()) == 0) { + switch (tuc->wrappedKeyType) { + case TSIP_KEY_TYPE_RSA1024: + err = R_TSIP_RsassaPkcs1024SignatureVerification(&sigData, + &hashData, + (tsip_rsa1024_public_key_index_t *) + tuc->rsa1024pub_keyIdx, + tsip_hash_type); + if (err == TSIP_ERR_AUTHENTICATION) { + ret = SIG_VERIFY_E; + } + else if (err == TSIP_SUCCESS) { + ret = 0; + } + else { + ret = WC_HW_E; + } + break; + case TSIP_KEY_TYPE_RSA2048: + err = R_TSIP_RsassaPkcs2048SignatureVerification(&sigData, + &hashData, + (tsip_rsa2048_public_key_index_t *) + tuc->rsa2048pub_keyIdx, + tsip_hash_type); + if (err == TSIP_ERR_AUTHENTICATION) { + ret = SIG_VERIFY_E; + } + else if (err == TSIP_SUCCESS) { + ret = 0; + } + else { + ret = WC_HW_E; + } + break; + } + tsip_hw_unlock(); + } + } + + return ret; +} +#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ +#endif /* WOLFSSL_RENESAS_TSIP_TLS || \ + WOLFSSL_RENESAS_TSIP_CRYPTONLY */ diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c index 66d2d5862..a1a02f3b4 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c @@ -36,18 +36,16 @@ #include -#if defined(WOLFSSL_RENESAS_TSIP_CRYPT) +#if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) #include #include #include -#if !defined(NO_SHA) && !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) -#include - extern struct WOLFSSL_HEAP_HINT* tsip_heap_hint; - +#ifdef WOLFSSL_RENESAS_TSIP_TLS /* get hmac from handshake messages exchanged with server. * */ @@ -278,7 +276,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash, WOLFSSL_LEAVE("tsip_GetMessageSha256", ret); return ret; } - +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ @@ -471,7 +469,9 @@ static int TSIPHashCopy(wolfssl_TSIP_Hash* src, wolfssl_TSIP_Hash* dst) return 0; } - /* */ +#if !defined(NO_SHA) && !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) +#include + int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) { return TSIPHashInit(sha, heap, devId, TSIP_SHA1); @@ -496,7 +496,7 @@ int wc_ShaCopy(wc_Sha256* src, wc_Sha256* dst) { return TSIPHashCopy(src, dst); } -#endif /* !NO_SHA */ +#endif /* !NO_SHA && !NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH*/ #if !defined(NO_SHA256) && !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) #include @@ -527,5 +527,5 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) return TSIPHashCopy(src, dst); } #endif /* !NO_SHA256 */ -#endif /* WOLFSSL_RENESAS_TSIP_CRYPT */ +#endif /* WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */ #endif /* #if !defined(NO_SHA) || !defined(NO_SHA256) */ diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index 372c41b66..200c0ceb8 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -56,22 +56,21 @@ typedef e_tsip_err_t (*shaHmacFinalFn) /* ./ca-cert.der.sign, */ /* expect to have these variables defined at user application */ -#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=109) +#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=109) extern uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]; -#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=106) +#elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106) extern uint32_t s_flash[]; extern uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE]; #endif wolfSSL_Mutex tsip_mutex; static int tsip_CryptHwMutexInit_ = 0; -static const byte* ca_cert_sig = NULL; static tsip_key_data g_user_key_info; - struct WOLFSSL_HEAP_HINT* tsip_heap_hint = NULL; /* tsip only keep one encrypted ca public key */ #if defined(WOLFSSL_RENESAS_TSIP_TLS) +static const byte* ca_cert_sig = NULL; static uint32_t g_encrypted_publicCA_key[R_TSIP_SINST_WORD_SIZE]; /* index of CM table. must be global since renesas_common access it. */ @@ -103,44 +102,8 @@ static int tsip_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) { return wc_UnLockMutex(mutex); } -#ifdef WOLF_PRIVATE_KEY_ID -/* Set client encrypted private key data. - * parameters: - * ssl WOLFSSL object - * keyBuf buffer holding wrapped key which Renesas key tool generated. - * keyBufLen buffer length - * keyType 0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256 - * return 0 on success, others on failure. - */ -WOLFSSL_API int tsip_use_PrivateKey_buffer(struct WOLFSSL* ssl, - const char* keyBuf, int keyBufLen, int keyType) -{ - int ret = 0; - TsipUserCtx* tuc = NULL; - - WOLFSSL_ENTER("tsip_use_PrivateKey_buffer"); - - if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 ) { - ret = BAD_FUNC_ARG; - } - if (ret == 0){ - tuc = ssl->RenesasUserCtx; - - tuc->wrappedPrivateKey = (uint8_t*)keyBuf; - tuc->wrappedKeyType = keyType; - - /* store keyType as Id since Id capacity is 32 bytes */ - ret = wolfSSL_use_PrivateKey_Id(ssl, - (const unsigned char*)keyBuf, 32, tuc->devId); - if (ret == WOLFSSL_SUCCESS) { - ret = 0; - } - } - - WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer", ret); - return ret; -} +#if defined(WOLFSSL_RENESAS_TSIP_TLS) /* Set client encrypted public key data. * parameters: * ssl WOLFSSL object @@ -149,15 +112,16 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer(struct WOLFSSL* ssl, * keyType 0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256 * return 0 on success, others on failure. */ -WOLFSSL_API int tsip_use_PublicKey_buffer(WOLFSSL* ssl, +WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl, const char* keyBuf, int keyBufLen, int keyType) { int ret = 0; TsipUserCtx* tuc = NULL; - WOLFSSL_ENTER("tsip_use_PublicKey_buffer"); + WOLFSSL_ENTER("tsip_use_PublicKey_buffer_TLS"); - if (ssl == NULL || keyBuf == NULL || keyBufLen == 0) { + if (ssl == NULL + || keyBuf == NULL || keyBufLen == 0) { ret = BAD_FUNC_ARG; } @@ -170,7 +134,107 @@ WOLFSSL_API int tsip_use_PublicKey_buffer(WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_use_PublicKey_buffer", ret); return ret; } -#endif /* WOLF_PRIVATE_KEY_ID */ +/* Set client encrypted private key data. + * parameters: + * ssl WOLFSSL object + * keyBuf buffer holding wrapped key which Renesas key tool generated. + * keyBufLen buffer length + * keyType 0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256 + * return 0 on success, others on failure. + */ +WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl, + const char* keyBuf, int keyBufLen, int keyType) +{ + int ret = 0; + TsipUserCtx* tuc = NULL; + + WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_TLS"); + + if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 ) { + ret = BAD_FUNC_ARG; + } + if (ret == 0){ + tuc = ssl->RenesasUserCtx; + + tuc->wrappedPrivateKey = (uint8_t*)keyBuf; + tuc->wrappedKeyType = keyType; + + /* store keyType as Id since Id capacity is 32 bytes */ + ret = wolfSSL_use_PrivateKey_Id(ssl, + (const unsigned char*)keyBuf, 32, tuc->devId); + if (ret == WOLFSSL_SUCCESS) { + ret = 0; + } + } + + WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer_TLS", ret); + return ret; +} +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ +#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + +/* Set client encrypted public key data. + * parameters: + * uc Tsip user context + * keyBuf buffer holding wrapped key which Renesas key tool generated. + * keyBufLen buffer length + * keyType 0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256 + * return 0 on success, others on failure. + */ +WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc, + const char* keyBuf, int keyBufLen, int keyType) +{ + int ret = 0; + TsipUserCtx* tuc = NULL; + + WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt"); + + if (uc == NULL + || keyBuf == NULL || keyBufLen == 0) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0){ + tuc = uc; + tuc->wrappedPublicKey = (uint8_t*)keyBuf; + tuc->wrappedKeyType = keyType; + } + + WOLFSSL_LEAVE("tsip_use_PublicKey_buffer_crypt", ret); + return ret; +} +/* Set client encrypted private key data. + * parameters: + * uc Tsip user context + * keyBuf buffer holding wrapped key which Renesas key tool generated. + * keyBufLen buffer length + * keyType 0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256 + * return 0 on success, others on failure. + */ +WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc, + const char* keyBuf, int keyBufLen, int keyType) +{ + int ret = 0; + TsipUserCtx* tuc = NULL; + + WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_crypt"); + + if (uc == NULL || keyBuf == NULL || keyBufLen == 0 ) { + ret = BAD_FUNC_ARG; + } + if (ret == 0){ + tuc = uc; + + tuc->wrappedPrivateKey = (uint8_t*)keyBuf; + tuc->wrappedKeyType = keyType; + } + + WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer_crypt", ret); + return ret; +} +#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ + +#ifdef WOLFSSL_RENESAS_TSIP_TLS /* Obsolete function. Use tsip_use_PrivateKey_buffer instead. * Set client encrypted private key data. @@ -1582,192 +1646,14 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, } #endif /* WOLFSSL_TLS13 */ -/* - * Import wrapped private key then convert it into TSIP key_index format. - * The target key should be set with tsip_use_PrivateKey_buffer in advance. - * Acceptable key types are: - * TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key - * TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now) - * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key - */ -static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType) -{ - int ret = 0; - e_tsip_err_t err = TSIP_SUCCESS; - uint8_t* provisioning_key = g_user_key_info.encrypted_provisioning_key; - uint8_t* iv = g_user_key_info.iv; - uint8_t* encPrivKey; - - WOLFSSL_ENTER("tsipImportPrivateKey"); - - if (tuc == NULL) - return BAD_FUNC_ARG; - - encPrivKey = tuc->wrappedPrivateKey; - - if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) { - WOLFSSL_MSG("Missing some key materials used for import" ); - return CRYPTOCB_UNAVAILABLE; - } - - if (ret == 0) { - if (keyType != tuc->wrappedKeyType) { - WOLFSSL_MSG("No public key of specified type is set" ); - return CRYPTOCB_UNAVAILABLE; - } - } - - if ((ret = tsip_hw_lock()) == 0) { - switch (keyType) { - - #if !defined(NO_RSA) - case TSIP_KEY_TYPE_RSA2048: - - tuc->ClientRsa2048PrivKey_set = 0; - err = R_TSIP_GenerateRsa2048PrivateKeyIndex( - provisioning_key, iv, (uint8_t*)encPrivKey, - &(tuc->Rsa2048PrivateKeyIdx)); - if (err == TSIP_SUCCESS) { - tuc->ClientRsa2048PrivKey_set = 1; - } - else { - ret = WC_HW_E; - } - break; - #endif - - case TSIP_KEY_TYPE_RSA4096: - /* not supported as of TSIPv1.15 */ - ret = CRYPTOCB_UNAVAILABLE; - break; - - #if defined(HAVE_ECC) - case TSIP_KEY_TYPE_ECDSAP256: - - tuc->ClientEccP256PrivKey_set = 0; - err = R_TSIP_GenerateEccP256PrivateKeyIndex( - provisioning_key, iv, (uint8_t*)encPrivKey, - &(tuc->EcdsaP256PrivateKeyIdx)); - if (err == TSIP_SUCCESS) { - tuc->ClientEccP256PrivKey_set = 1; - } - else { - ret = WC_HW_E; - } - break; - #endif - - default: - ret = BAD_FUNC_ARG; - break; - } - tsip_hw_unlock(); - } - else { - WOLFSSL_MSG("mutex locking error"); - } - WOLFSSL_LEAVE("tsipImportPrivateKey", ret); - return ret; -} -/* - * Import wrapped public key then convert it into TSIP key_index format. - * The target key should be set with tsip_use_PublicKey_buffer in advance. - * Acceptable key types are: - * TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key - * TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now) - * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key - */ -static int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) -{ - int ret = 0; - e_tsip_err_t err = TSIP_SUCCESS; - uint8_t* provisioning_key = g_user_key_info.encrypted_provisioning_key; - uint8_t* iv = g_user_key_info.iv; - uint8_t* encPubKey; - - WOLFSSL_ENTER("tsipImportPublicKey"); - - if (tuc == NULL ) { - return BAD_FUNC_ARG; - } - - encPubKey = tuc->wrappedPublicKey; - - if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) { - WOLFSSL_MSG("Missing some key materials used for import" ); - return CRYPTOCB_UNAVAILABLE; - } - - if (ret == 0) { - if (keyType != tuc->wrappedKeyType) { - WOLFSSL_MSG("No public key of specified type is set" ); - return CRYPTOCB_UNAVAILABLE; - } - } - - if ((ret = tsip_hw_lock()) == 0) { - switch(keyType) { - - #if !defined(NO_RSA) - case TSIP_KEY_TYPE_RSA2048: - - tuc->ClientRsa2048PubKey_set = 0; - err = R_TSIP_GenerateRsa2048PublicKeyIndex( - provisioning_key, iv, (uint8_t*)encPubKey, - &(tuc->Rsa2048PublicKeyIdx)); - if (err == TSIP_SUCCESS) { - tuc->ClientRsa2048PubKey_set = 1; - } - else { - ret = WC_HW_E; - } - break; - #endif - - #if !defined(NO_RSA) - case TSIP_KEY_TYPE_RSA4096: - /* not supported as of TSIPv1.15 */ - ret = CRYPTOCB_UNAVAILABLE; - break; - #endif - - #if defined(HAVE_ECC) - case TSIP_KEY_TYPE_ECDSAP256: - - tuc->ClientEccP256PubKey_set = 0; - err = R_TSIP_GenerateEccP256PublicKeyIndex( - provisioning_key, iv, (uint8_t*)encPubKey, - &(tuc->EcdsaP256PublicKeyIdx)); - if (err == TSIP_SUCCESS) { - tuc->ClientEccP256PubKey_set = 1; - } - else { - ret = WC_HW_E; - } - break; - #endif - - default: - ret = BAD_FUNC_ARG; - break; - } - tsip_hw_unlock(); - } - else { - WOLFSSL_MSG("mutex locking error"); - } - WOLFSSL_LEAVE("tsipImportPublicKey", ret); - return ret; -} - - #if defined(WOLFSSL_TLS13) /* Send the TLS v1.3 CertificateVerify message. A part of the message is * processed by TSIP for acceleration. * * Prior to this function call, the appropriate key-pair should be set via - * tsip_use_PrivateKey_buffer and tsip_use_PublicKey_buffer APIs. Those key pair - * can be generated by the tool named "Renesas secure flash programmer". + * tsip_use_PrivateKey_buffer_TLS and tsip_use_PublicKey_buffer_TLS APIs. + * Those key pair can be generated by the tool named + * "Renesas secure flash programmer". * When RSA certificate is used, both public and private keys should be set. * The public key is used for self-verify the generated certificateVerify * message. When ECC certificate is used, the self-verify will be performed only @@ -2039,7 +1925,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) return ret; } #endif /* WOLFSSL_TLS13 */ - +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109) @@ -2453,6 +2339,212 @@ static byte _tls2tsipdef(byte cipher) return def; } #endif + +#ifdef WOLFSSL_RENESAS_TSIP_TLS +/* + * Import wrapped private key then convert it into TSIP key_index format. + * The target key should be set with tsip_use_PrivateKey_buffer in advance. + * Acceptable key types are: + * TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key + * TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now) + * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key + */ +static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType) +{ + int ret = 0; + e_tsip_err_t err = TSIP_SUCCESS; + uint8_t* provisioning_key = g_user_key_info.encrypted_provisioning_key; + uint8_t* iv = g_user_key_info.iv; + uint8_t* encPrivKey; + + WOLFSSL_ENTER("tsipImportPrivateKey"); + + if (tuc == NULL) + return BAD_FUNC_ARG; + + encPrivKey = tuc->wrappedPrivateKey; + + if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) { + WOLFSSL_MSG("Missing some key materials used for import" ); + return CRYPTOCB_UNAVAILABLE; + } + + if (ret == 0) { + if (keyType != tuc->wrappedKeyType) { + WOLFSSL_MSG("No public key of specified type is set" ); + return CRYPTOCB_UNAVAILABLE; + } + } + + if ((ret = tsip_hw_lock()) == 0) { + switch (keyType) { + + #if !defined(NO_RSA) + case TSIP_KEY_TYPE_RSA2048: + + tuc->ClientRsa2048PrivKey_set = 0; + err = R_TSIP_GenerateRsa2048PrivateKeyIndex( + provisioning_key, iv, (uint8_t*)encPrivKey, + &(tuc->Rsa2048PrivateKeyIdx)); + if (err == TSIP_SUCCESS) { + tuc->ClientRsa2048PrivKey_set = 1; + } + else { + ret = WC_HW_E; + } + break; + #endif + + case TSIP_KEY_TYPE_RSA4096: + /* not supported as of TSIPv1.15 */ + ret = CRYPTOCB_UNAVAILABLE; + break; + + #if defined(HAVE_ECC) + case TSIP_KEY_TYPE_ECDSAP256: + + tuc->ClientEccP256PrivKey_set = 0; + err = R_TSIP_GenerateEccP256PrivateKeyIndex( + provisioning_key, iv, (uint8_t*)encPrivKey, + &(tuc->EcdsaP256PrivateKeyIdx)); + if (err == TSIP_SUCCESS) { + tuc->ClientEccP256PrivKey_set = 1; + } + else { + ret = WC_HW_E; + } + break; + #endif + + default: + ret = BAD_FUNC_ARG; + break; + } + tsip_hw_unlock(); + } + else { + WOLFSSL_MSG("mutex locking error"); + } + WOLFSSL_LEAVE("tsipImportPrivateKey", ret); + return ret; +} + +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ + +/* + * Import wrapped public key then convert it into TSIP key_index format. + * The target key should be set with tsip_use_PublicKey_buffer in advance. + * Acceptable key types are: + * TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key + * TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now) + * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key + */ +WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) +{ + int ret = 0; + e_tsip_err_t err = TSIP_SUCCESS; + uint8_t* provisioning_key = g_user_key_info.encrypted_provisioning_key; + uint8_t* iv = g_user_key_info.iv; + uint8_t* encPubKey; + + WOLFSSL_ENTER("tsipImportPublicKey"); + + if (tuc == NULL ) { + return BAD_FUNC_ARG; + } + + encPubKey = tuc->wrappedPublicKey; + + if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) { + WOLFSSL_MSG("Missing some key materials used for import" ); + return CRYPTOCB_UNAVAILABLE; + } + + if (ret == 0) { + if (keyType != tuc->wrappedKeyType) { + WOLFSSL_MSG("No public key of specified type is set" ); + return CRYPTOCB_UNAVAILABLE; + } + } + + if ((ret = tsip_hw_lock()) == 0) { + switch(keyType) { + + #if !defined(NO_RSA) + case TSIP_KEY_TYPE_RSA2048: + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + tuc->ClientRsa2048PubKey_set = 0; + #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + if (tuc->rsa2048pub_keyIdx != NULL) { + XFREE(tuc->rsa2048pub_keyIdx, NULL, + DYNAMIC_TYPE_RSA_BUFFER); + } + + tuc->rsa2048pub_keyIdx = + (tsip_rsa2048_public_key_index_t*)XMALLOC( + sizeof(tsip_rsa2048_public_key_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + if (tuc->rsa2048pub_keyIdx == NULL) { + return MEMORY_E; + } + #endif + err = R_TSIP_GenerateRsa2048PublicKeyIndex( + provisioning_key, iv, (uint8_t*)encPubKey, + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + &(tuc->Rsa2048PublicKeyIdx) + #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + tuc->rsa2048pub_keyIdx + #endif + ); + if (err == TSIP_SUCCESS) { + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + tuc->ClientRsa2048PubKey_set = 1; + #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + tuc->keyflgs_crypt.bits.rsapub2048_key_set = 1; + #endif + } + else { + ret = WC_HW_E; + } + break; + #endif + + #if !defined(NO_RSA) + case TSIP_KEY_TYPE_RSA4096: + /* not supported as of TSIPv1.15 */ + ret = CRYPTOCB_UNAVAILABLE; + break; + #endif + + #if defined(HAVE_ECC) && \ + defined(WOLFSSL_RENESAS_TSIP_TLS) + case TSIP_KEY_TYPE_ECDSAP256: + + tuc->ClientEccP256PubKey_set = 0; + err = R_TSIP_GenerateEccP256PublicKeyIndex( + provisioning_key, iv, (uint8_t*)encPubKey, + &(tuc->EcdsaP256PublicKeyIdx)); + if (err == TSIP_SUCCESS) { + tuc->ClientEccP256PubKey_set = 1; + } + else { + ret = WC_HW_E; + } + break; + #endif + + default: + ret = BAD_FUNC_ARG; + break; + } + tsip_hw_unlock(); + } + else { + WOLFSSL_MSG("mutex locking error"); + } + WOLFSSL_LEAVE("tsipImportPublicKey", ret); + return ret; +} /* * lock hw engine. * this should be called before using engine. @@ -2488,7 +2580,7 @@ WOLFSSL_LOCAL void tsip_hw_unlock(void) { tsip_CryptHwMutexUnLock(&tsip_mutex); } - +#if defined(WOLFSSL_RENESAS_TSIP_TLS) /* check if tsip tls functions can be used for the cipher */ /* return :1 when tsip can be used , 0 not be used. */ int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated) @@ -2584,7 +2676,7 @@ int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated) WOLFSSL_LEAVE("tsip_usable", ret); return ret; } - +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ /* open TSIP driver @@ -2598,13 +2690,13 @@ WOLFSSL_LOCAL int tsip_Open(void) if ((ret = tsip_hw_lock()) == 0) { -#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=109) +#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=109) ret = R_TSIP_Open(NULL,NULL); if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("RENESAS TSIP Open failed"); } - + #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) { ret = R_TSIP_GenerateTlsRsaPublicKeyIndex( @@ -2634,14 +2726,14 @@ WOLFSSL_LOCAL int tsip_Open(void) g_CAscm_Idx = (uint32_t)-1; } } - -#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=106) + #endif +#elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106) ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2); if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("RENESAS TSIP Open failed"); } - + #if defined(WOLFSSL_RENESAS_TLS) /* generate TLS Rsa public key for Certificate verification */ if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) { ret = R_TSIP_GenerateTlsRsaPublicKeyIndex( @@ -2668,6 +2760,7 @@ WOLFSSL_LOCAL int tsip_Open(void) g_CAscm_Idx = (uint32_t)-1; } } + #endif #else ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2); if (ret != TSIP_SUCCESS) { @@ -2707,16 +2800,6 @@ WOLFSSL_LOCAL void tsip_Close(void) WOLFSSL_LEAVE("tsip_Close", 0); } -/* Support functions for TSIP TLS Capability */ -#if defined(WOLFSSL_RENESAS_TSIP_TLS) - -/* to inform ca certificate sign */ -/* signature format expects RSA 2048 PSS with SHA256 */ -void tsip_inform_cert_sign(const byte *sign) -{ - if (sign) - ca_cert_sig = sign; -} #if (WOLFSSL_RENESAS_TSIP_VER>=109) void tsip_inform_user_keys_ex( byte* encrypted_provisioning_key, @@ -2767,8 +2850,16 @@ void tsip_inform_user_keys( } #endif +/* Support functions for TSIP TLS Capability */ +#if defined(WOLFSSL_RENESAS_TSIP_TLS) - +/* to inform ca certificate sign */ +/* signature format expects RSA 2048 PSS with SHA256 */ +void tsip_inform_cert_sign(const byte *sign) +{ + if (sign) + ca_cert_sig = sign; +} /* Sha1Hmac */ int wc_tsip_Sha1HmacGenerate( const WOLFSSL *ssl, @@ -3552,15 +3643,20 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) WOLFSSL_ENTER("tsip_SignRsaPkcs"); - if (info == NULL || tuc == NULL || tuc->ssl == NULL) { + if (info == NULL || tuc == NULL + #ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY + || tuc->ssl == NULL + #endif + ) { ret = BAD_FUNC_ARG; } - + +#ifdef WOLFSSL_RENESAS_TSIP_TLS if (ret == 0) { ssl = tuc->ssl; if (ssl->version.major == SSLv3_MAJOR && - ssl->version.minor == TLSv1_3_MINOR) { + ssl->version.minor == TLSv1_3_MINOR) { ret = CRYPTOCB_UNAVAILABLE; } } @@ -3570,6 +3666,7 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType); } + if (ret == 0) { if (ssl->options.hashAlgo == md5_mac) tsip_hash_type = R_TSIP_RSA_HASH_MD5; @@ -3578,23 +3675,83 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) else if (ssl->options.hashAlgo == sha256_mac) tsip_hash_type = R_TSIP_RSA_HASH_SHA256; else - ret = CRYPTOCB_UNAVAILABLE; + ret = CRYPTOCB_UNAVAILABLE; } - +#else + (void)ssl; + if (ret == 0) { + if (tuc->sing_hash_type == md5_mac) + tsip_hash_type = R_TSIP_RSA_HASH_MD5; + else if (tuc->sing_hash_type == sha_mac) + tsip_hash_type = R_TSIP_RSA_HASH_SHA1; + else if (tuc->sing_hash_type == sha256_mac) + tsip_hash_type = R_TSIP_RSA_HASH_SHA256; + else + ret = CRYPTOCB_UNAVAILABLE; + } + + switch (tuc->wrappedKeyType) { + case TSIP_KEY_TYPE_RSA1024: + if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) + { + WOLFSSL_MSG("tsip rsa private key 2048 not set"); + ret = CRYPTOCB_UNAVAILABLE; + } + break; + case TSIP_KEY_TYPE_RSA2048: + if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) + { + WOLFSSL_MSG("tsip rsa private key 2048 not set"); + ret = CRYPTOCB_UNAVAILABLE; + } + break; + default: + WOLFSSL_MSG("wrapped private key is not supported"); + ret = CRYPTOCB_UNAVAILABLE; + break; + } + +#endif + + if (ret == 0) { + #ifdef WOLFSSL_RENESAS_TSIP_TLS hashData.pdata = (uint8_t*)ssl->buffers.digest.buffer; hashData.data_type = 1; sigData.pdata = (uint8_t*)info->pk.rsa.in; sigData.data_length = 0; /* signature size will be returned here */ - + #else + hashData.pdata = (uint8_t*)info->pk.rsa.in; + hashData.data_length= info->pk.rsa.inLen; + hashData.data_type = tuc->keyflgs_crypt.bits.message_type; + sigData.pdata = (uint8_t*)info->pk.rsa.out; + sigData.data_length = 0; + #endif if ((ret = tsip_hw_lock()) == 0) { switch (tuc->wrappedKeyType) { - + #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY + case TSIP_KEY_TYPE_RSA1024: + err = R_TSIP_RsassaPkcs1024SignatureGenerate( + &hashData, &sigData, + (tsip_rsa1024_private_key_index_t*) + tuc->rsa1024pri_keyIdx, + tsip_hash_type); + + if (err != TSIP_SUCCESS) { + ret = WC_HW_E; + } + break; + #endif case TSIP_KEY_TYPE_RSA2048: err = R_TSIP_RsassaPkcs2048SignatureGenerate( &hashData, &sigData, + #ifdef WOLFSSL_RENESAS_TSIP_TLS &tuc->Rsa2048PrivateKeyIdx, + #else + (tsip_rsa2048_private_key_index_t*) + tuc->rsa2048pri_keyIdx, + #endif tsip_hash_type); if (err != TSIP_SUCCESS) { @@ -3624,7 +3781,7 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) } #endif /* !NO_RSA */ -#if !defined(NO_RSA) +#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_TSIP_TLS) WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( WOLFSSL* ssl, unsigned char* sig, unsigned int sigSz, @@ -3647,7 +3804,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( } if (ssl->version.major == SSLv3_MAJOR && - ssl->version.minor == TLSv1_3_MINOR) { + ssl->version.minor == TLSv1_3_MINOR) { ret = CRYPTOCB_UNAVAILABLE; } @@ -3719,9 +3876,9 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( WOLFSSL_LEAVE("tsip_VerifyRsaPkcsCb", ret); return ret; } -#endif /* !NO_RSA */ +#endif /* !NO_RSA && TSIP_TLS */ -#if defined(HAVE_ECC) +#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS) /* Perform signing with the client's ECC private key on hash value of messages * exchanged with server. * @@ -3761,7 +3918,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) ssl = tuc->ssl; if (ssl->version.major == SSLv3_MAJOR && - ssl->version.minor == TLSv1_3_MINOR) { + ssl->version.minor == TLSv1_3_MINOR) { ret = CRYPTOCB_UNAVAILABLE; } } @@ -3861,7 +4018,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) WOLFSSL_LEAVE("tsip_SignEcdsa", ret); return ret; } -#endif /* HAVE_ECC */ +#endif /* HAVE_ECC && TSIP_TLS */ #ifdef WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 4141498cd..914f13494 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3391,8 +3391,10 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, pad_value, pad_type, hash, mgf, label, labelSz, sz); } - #elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) - /* SCE needs wrapped key which is passed via + #elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \ + (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) + /* SCE needs warpped key which is passed via * user ctx object of crypt-call back. */ #ifdef WOLF_CRYPTO_CB @@ -3550,7 +3552,9 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, } return ret; } - #elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) + #elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \ + (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { ret = wc_CryptoCb_Rsa(in, inLen, out, diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 75c2d2de5..0415d00b6 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -347,7 +347,8 @@ return ret; } -#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ +#elif (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */ @@ -927,8 +928,9 @@ void wc_ShaFree(wc_Sha* sha) #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) se050_hash_free(&sha->se050Ctx); #endif -#if (defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ - !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) || \ +#if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) || \ defined(WOLFSSL_RENESAS_RX64_HASH) if (sha->msg != NULL) { XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -946,7 +948,8 @@ void wc_ShaFree(wc_Sha* sha) #if !defined(WOLFSSL_TI_HASH) && !defined(WOLFSSL_IMXRT_DCP) -#if !defined(WOLFSSL_RENESAS_TSIP_CRYPT) || \ +#if (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \ defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) #if !defined(WOLFSSL_RENESAS_RX64_HASH) @@ -1023,7 +1026,8 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) } #endif /* WOLFSSL_RENESAS_RX64_HASH */ #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */ -#endif /* !defined(WOLFSSL_RENESAS_TSIP_CRYPT) || +#endif /* !defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) || defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) */ #endif /* !defined(WOLFSSL_TI_HASH) && !defined(WOLFSSL_IMXRT_DCP) */ diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index b59bb81af..735659a0f 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -219,7 +219,9 @@ on the specific device platform. defined(WOLFSSL_QNX_CAAM)) && \ !defined(WOLFSSL_AFALG_HASH) && !defined(WOLFSSL_DEVCRYPTO_HASH) && \ (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_HASH)) && \ - (!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \ + ((!defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \ + defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \ !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \ ((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \ @@ -797,7 +799,8 @@ static int InitSha256(wc_Sha256* sha256) return InitSha256(sha256); } -#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ +#elif (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */ @@ -1809,7 +1812,8 @@ void wc_Sha256Free(wc_Sha256* sha256) #endif /* WOLFSSL_DEVCRYPTO */ #if (defined(WOLFSSL_AFALG_HASH) && defined(WOLFSSL_AFALG_HASH_KEEP)) || \ (defined(WOLFSSL_DEVCRYPTO_HASH) && defined(WOLFSSL_DEVCRYPTO_HASH_KEEP)) || \ - (defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ + ((defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) || \ ((defined(WOLFSSL_RENESAS_SCEPROTECT) || \ defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \ @@ -2002,7 +2006,8 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz) #elif defined(WOLFSSL_DEVCRYPTO_HASH) /* implemented in wolfcrypt/src/port/devcrypto/devcrypt_hash.c */ -#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ +#elif (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 367d60927..2206476e9 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -174,7 +174,7 @@ int wolfCrypt_Init(void) } #endif - #if defined(WOLFSSL_RENESAS_TSIP_CRYPT) + #if defined(WOLFSSL_RENESAS_TSIP) ret = tsip_Open( ); if( ret != TSIP_SUCCESS ) { WOLFSSL_MSG("RENESAS TSIP Open failed"); @@ -468,7 +468,7 @@ int wolfCrypt_Cleanup(void) #ifdef WOLFSSL_SILABS_SE_ACCEL ret = sl_se_deinit(); #endif - #if defined(WOLFSSL_RENESAS_TSIP_CRYPT) + #if defined(WOLFSSL_RENESAS_TSIP) tsip_Close(); #endif #if defined(WOLFSSL_DEVCRYPTO) diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index e5d872379..4e4409b3b 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -144,8 +144,9 @@ WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, #include #endif -#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ - defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) +#if (defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)) ||\ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #include #endif @@ -304,8 +305,9 @@ struct Aes { #if defined(WOLFSSL_CRYPTOCELL) aes_context_t ctx; #endif -#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ - defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) +#if (defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)) ||\ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) TSIP_AES_CTX ctx; #endif #if defined(WOLFSSL_RENESAS_SCEPROTECT) ||\ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index bd5881089..2c2a9a7d0 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -21,7 +21,8 @@ #ifndef __RENESAS_TSIP_CRYPT_H__ #define __RENESAS_TSIP_CRYPT_H__ -#if !defined(WOLFCRYPT_ONLY) +#if !defined(WOLFCRYPT_ONLY) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #if defined(WOLFSSL_RENESAS_TSIP_IAREWRX) #include "r_bsp/mcu/all/r_rx_compiler.h" @@ -29,7 +30,8 @@ #include "r_tsip_rx_if.h" #endif -#if defined(WOLFSSL_RENESAS_TSIP) +#if defined(WOLFSSL_RENESAS_TSIP) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #include "r_tsip_rx_if.h" #endif @@ -69,7 +71,7 @@ enum { l_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, l_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, - l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, + l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, l_TLS_AES_128_GCM_SHA256 = 0x01, l_TLS_AES_128_CCM_SHA256 = 0x04, }; @@ -88,6 +90,10 @@ typedef enum { TSIP_KEY_TYPE_RSA2048 = 0, TSIP_KEY_TYPE_RSA4096 = 1, TSIP_KEY_TYPE_ECDSAP256 = 2, + #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY + TSIP_KEY_TYPE_RSA1024 = 3, + #endif + } wolfssl_TSIP_KEY_TYPE; struct WOLFSSL; @@ -114,14 +120,28 @@ typedef struct MsgBag byte buff[MSGBAG_SIZE]; } MsgBag; - +#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY + + typedef void* renesas_tsip_key; + + /* flags Crypt Only */ + struct tsip_keyflgs_cryt { + uint8_t aes256_key_set:1; + uint8_t aes128_key_set:1; + uint8_t rsapri2048_key_set:1; + uint8_t rsapub2048_key_set:1; + uint8_t rsapri1024_key_set:1; + uint8_t rsapub1024_key_set:1; + uint8_t message_type:1;/*message 0, hashed 1*/ + }; +#endif /* * TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format. */ typedef struct TsipUserCtx { /* unique number for each session */ int devId; - +#ifdef WOLFSSL_RENESAS_TSIP_TLS /* 0:working as a TLS client, 1: as a server */ byte side; @@ -139,12 +159,13 @@ typedef struct TsipUserCtx { /* handle is used as work area for Tls13 handshake */ tsip_tls13_handle_t handle13; - +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ /* client key pair wrapped by provisioning key */ byte* wrappedPrivateKey; byte* wrappedPublicKey; - int wrappedKeyType; + int wrappedKeyType; +#ifdef WOLFSSL_RENESAS_TSIP_TLS #if !defined(NO_RSA) /* RSA-2048bit private and public key-index for client authentication */ tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx; @@ -227,7 +248,27 @@ typedef struct TsipUserCtx { uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4]; uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ]; uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ]; - +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ +/* for tsip crypt only mode */ +#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY + + renesas_tsip_key rsa1024pri_keyIdx; + renesas_tsip_key rsa1024pub_keyIdx; + renesas_tsip_key rsa2048pri_keyIdx; + renesas_tsip_key rsa2048pub_keyIdx; + + /* sign/verify hash type : + * md5, sha1 or sha256 + */ + int sing_hash_type; + + /* flags shows status if tsip keys are installed */ + union { + uint8_t chr; + struct tsip_keyflgs_cryt bits; + } keyflgs_crypt; + +#endif /* installed key handling */ tsip_aes_key_index_t user_aes256_key_index; uint8_t user_aes256_key_set:1; @@ -238,6 +279,7 @@ typedef struct TsipUserCtx { uint32_t tsip_cipher; /* flags */ +#ifdef WOLFSSL_RENESAS_TSIP_TLS #if !defined(NO_RSA) uint8_t ClientRsa2048PrivKey_set:1; uint8_t ClientRsa2048PubKey_set:1; @@ -264,7 +306,7 @@ typedef struct TsipUserCtx { uint8_t ServerWriteTrafficKey_set:1; uint8_t ClientWriteTrafficKey_set:1; uint8_t session_key_set:1; - +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ } TsipUserCtx; @@ -289,7 +331,7 @@ typedef struct uint32_t encrypted_user_private_key_type; uint8_t * encrypted_user_public_key; uint32_t encrypted_user_public_key_type; - tsip_ecc_private_key_index_t client_private_key_index; + tsip_ecc_private_key_index_t client_private_key_index; tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex; } tsip_key_data; @@ -321,10 +363,21 @@ WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx); WOLFSSL_API int tsip_set_clientPrivateKeyEnc(const byte* key, int keyType); #if defined(WOLF_PRIVATE_KEY_ID) -WOLFSSL_API int tsip_use_PrivateKey_buffer(struct WOLFSSL* ssl, + +#if defined(WOLFSSL_RENESAS_TSIP_TLS) +WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl, const char* keyBuf, int keyBufLen, int keyType); -WOLFSSL_API int tsip_use_PublicKey_buffer(struct WOLFSSL* ssl, +WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl, const char* keyBuf, int keyBufLen, int keyType); +#endif + +#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) +WOLFSSL_API int tsip_use_PubicKey_buffer_crypt(TsipUserCtx *uc, + const char* keyBuf, int keyBufLen, int keyType); +WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc, + const char* keyBuf, int keyBufLen, int keyType); +#endif + #endif /* WOLF_PRIVATE_KEY_ID */ #if (WOLFSSL_RENESAS_TSIP_VER >=109) @@ -345,7 +398,6 @@ WOLFSSL_API void tsip_inform_user_keys( #endif - /*----------------------------------------------------*/ /* internal use functions */ /*----------------------------------------------------*/ @@ -489,7 +541,7 @@ WOLFSSL_LOCAL int wc_tsip_generateVerifyData( const uint8_t* side, const uint8_t* handshake_hash, uint8_t* hashes); - +#ifndef NO_AES WOLFSSL_LOCAL int wc_tsip_AesCbcEncrypt( Aes* aes, byte* out, @@ -517,7 +569,7 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt( const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz, void* ctx); - +#endif /* NO_AES */ WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify( const WOLFSSL *ssl, const byte* message, @@ -583,7 +635,9 @@ WOLFSSL_LOCAL int wc_tsip_generateSessionKey( TsipUserCtx* ctx, int devId); - +WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx); +WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, + TsipUserCtx* tuc); #if defined(WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG) diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h index fb9f79dfd..93738780a 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h @@ -63,7 +63,8 @@ typedef wolfssl_TSIP_Hash wc_Sha256; #endif /* NO_SHA */ -#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) +#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) ||\ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #include "r_tsip_rx_if.h" typedef struct { diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 6a804c656..d8e52d901 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -369,18 +369,10 @@ #endif #endif /* WOLFSSL_ESPIDF */ -#if defined(WOLFCRYPT_ONLY) - #undef WOLFSSL_RENESAS_TSIP -#endif /* WOLFCRYPT_ONLY */ #if defined(WOLFSSL_RENESAS_TSIP) #define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64 #define TSIP_TLS_MASTERSECRET_SIZE 80 /* 20 words */ #define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte */ - #if !defined(NO_RENESAS_TSIP_CRYPT) && defined(WOLFSSL_RENESAS_RX65N) - #define WOLFSSL_RENESAS_TSIP_CRYPT - #define WOLFSSL_RENESAS_TSIP_TLS - #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT - #endif #endif /* WOLFSSL_RENESAS_TSIP */ #if !defined(WOLFSSL_NO_HASH_RAW) && defined(WOLFSSL_RENESAS_RX64_HASH) diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 5568b2e0a..339423ad9 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -110,7 +110,8 @@ enum { #elif defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM) #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" -#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ +#elif (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h" #elif defined(WOLFSSL_RENESAS_RX64_HASH) diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 872bf1bd8..0920013d1 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -150,7 +150,8 @@ enum { #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" #elif defined(WOLFSSL_AFALG_HASH) #include "wolfssl/wolfcrypt/port/af_alg/afalg_hash.h" -#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ +#elif (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h" #elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \