feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #6520 from miyazakh/tsip_cryptonly

Browse Source 
Support TSIP crypt only
This commit is contained in:
Chris Conlon
2023-08-01 10:13:18 -06:00
committed by GitHub
parent 1468d77e50 02ec92a3b9
commit 27a59761b9
40 changed files with 1399 additions and 532 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
View File

@ -220,14 +220,29 @@
#if defined(WOLFSSL_RENESAS_TSIP)
#if !defined(NO_RENESAS_TSIP_CRYPT)
#define WOLFSSL_RENESAS_TSIP_CRYPT
/*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/
/* Enable TSIP TLS (default)
* TSIP CRYPTONLY is also enabled.
* Disable TSIP TLS
* TSIP CRYPTONLY is only enabled.
*/
#define WOLFSSL_RENESAS_TSIP_TLS
#define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
#if !defined(NO_RENESAS_TSIP_CRYPT)
#define WOLFSSL_RENESAS_TSIP_CRYPTONLY
#define HAVE_PK_CALLBACKS
#define WOLF_CRYPTO_CB
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
#define WOLF_PRIVATE_KEY_ID
#endif
#endif
#if !defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
# undef WOLFSSL_RENESAS_TSIP_TLS
# undef WOLFSSL_RENESAS_TSIP_CRYPT
#endif
#else
#define OPENSSL_EXTRA
@ -244,3 +259,8 @@
#define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
#if !defined(WOLFSSL_RENESAS_TSIP_TLS)
#define min(x,y) ((x)<(y)?(x):(y))
#endif

11
IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
View File

@ -21,7 +21,7 @@
#include <wolfssl/wolfcrypt/wc_port.h>
#define YEAR 2022
#define YEAR 2023
#define MON 6
static int tick = 0;
@ -40,3 +40,12 @@ int strncasecmp(const char *s1, const char * s2, unsigned int sz)
return 1;
return 0;
}
#if !defined(WOLFSSL_RENESAS_TSIP)
/* dummy return true when char is alphanumeric character */
int isascii(const char *s)
{
return isalnum(s);
}
#endif

12
IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c
View File

@ -285,11 +285,11 @@ void wolfSSL_TLS_client( )
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* TSIP specific ECC private key */
if (tsip_use_PrivateKey_buffer(ssl,
if (tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_private_key,
sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
TSIP_ECCP256) != 0) {
printf("ERROR tsip_use_PrivateKey_buffer\n");
printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
goto out;
}
@ -314,20 +314,20 @@ void wolfSSL_TLS_client( )
/* Note: TSIP asks client key pair for client authentication. */
/* TSIP specific RSA private key */
if (tsip_use_PrivateKey_buffer(ssl,
if (tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
TSIP_RSA2048) != 0) {
printf("ERROR tsip_use_PrivateKey_buffer\n");
printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
goto out;
}
/* TSIP specific RSA public key */
if (tsip_use_PublicKey_buffer(ssl,
if (tsip_use_PublicKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),
TSIP_RSA2048) != 0) {
printf("ERROR tsip_use_PublicKey_buffer\n");
printf("ERROR tsip_use_PublicKey_buffer_TLS\n");
goto out;
}

5
IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/.project
View File

@ -79,6 +79,11 @@
<type>1</type>
<locationURI>PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c</locationURI>
</link>
<link>
<name>wolfcrypt/port/renesas_tsip_rsa.c</name>
<type>1</type>
<locationURI>PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c</locationURI>
</link>
<link>
<name>wolfcrypt/port/renesas_tsip_sha.c</name>
<type>1</type>

2
IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/wolfssl.rcpc
View File

@ -22,6 +22,7 @@
<Category Name="port">
<Path>..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_common.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_aes.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_rsa.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_sha.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_util.c</Path>
</Category>
@ -143,6 +144,7 @@
<Path>Debug\wolfio.obj</Path>
<Path>Debug\renesas_common.obj</Path>
<Path>Debug\renesas_tsip_aes.obj</Path>
<Path>Debug\renesas_tsip_rsa.obj</Path>
<Path>Debug\renesas_tsip_sha.obj</Path>
<Path>Debug\renesas_tsip_util.obj</Path>
<Path>Debug\aes.obj</Path>

14
IDE/Renesas/e2studio/RX65N/RSK/resource/section.esi
View File

@ -8,18 +8,24 @@
<sections name="R_2"/>
<sections name="R"/>
<sections name="RPFRAM2"/>
<sections name="B_ETHERNET_BUFFERS_1">
<sectionAddress xsi:type="com.renesas.linkersection.model:FixedAddress" fixedAddress="65536"/>
</sections>
<sections name="B_RX_DESC_1"/>
<sections name="B_TX_DESC_1"/>
<sections name="C_FIRMWARE_UPDATE_CONTROL_BLOCK">
<sectionAddress xsi:type="com.renesas.linkersection.model:FixedAddress" fixedAddress="1048576"/>
</sections>
<sections name="C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR"/>
<sections name="C_PKCS11_STORAGE*">
<sectionAddress xsi:type="com.renesas.linkersection.model:FixedAddress" fixedAddress="1050624"/>
</sections>
<sections name="C_SYSTEM_CONFIG*">
<sectionAddress xsi:type="com.renesas.linkersection.model:FixedAddress" fixedAddress="1067008"/>
</sections>
<sections name="B_ETHERNET_BUFFERS_1">
<sections name="B">
<sectionAddress xsi:type="com.renesas.linkersection.model:FixedAddress" fixedAddress="8388608"/>
</sections>
<sections name="B_RX_DESC_1"/>
<sections name="B_TX_DESC_1"/>
<sections name="B"/>
<sections name="B_1"/>
<sections name="B_2"/>
<sections name="C_1">

5
IDE/Renesas/e2studio/RX65N/RSK/wolfssl/.project
View File

@ -79,6 +79,11 @@
<type>1</type>
<locationURI>PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c</locationURI>
</link>
<link>
<name>wolfcrypt/port/renesas_tsip_rsa.c</name>
<type>1</type>
<locationURI>PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c</locationURI>
</link>
<link>
<name>wolfcrypt/port/renesas_tsip_sha.c</name>
<type>1</type>

2
IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
View File

@ -267,6 +267,4 @@ const unsigned char client_cert_der_sign[] =
};
const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 };
uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
#endif

21
IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
View File

@ -224,14 +224,29 @@
#if defined(WOLFSSL_RENESAS_TSIP)
#if !defined(NO_RENESAS_TSIP_CRYPT)
#define WOLFSSL_RENESAS_TSIP_CRYPT
/*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/
/* Enable TSIP TLS (default)
* TSIP CRYPTONLY is also enabled.
* Disable TSIP TLS
* TSIP CRYPTONLY is only enabled.
*/
#define WOLFSSL_RENESAS_TSIP_TLS
#define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
#if !defined(NO_RENESAS_TSIP_CRYPT)
#define WOLFSSL_RENESAS_TSIP_CRYPTONLY
#define HAVE_PK_CALLBACKS
#define WOLF_CRYPTO_CB
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
#define WOLF_PRIVATE_KEY_ID
#endif
#endif
#if !defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
# undef WOLFSSL_RENESAS_TSIP_TLS
# undef WOLFSSL_RENESAS_TSIP_CRYPT
#endif
#else
#define OPENSSL_EXTRA

16
IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
View File

@ -294,22 +294,22 @@ static void Tls_client()
/* TSIP specific ECC private key */
if (ret == 0){
ret = tsip_use_PrivateKey_buffer(ssl,
ret = tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_private_key,
sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
TSIP_ECCP256);
if (ret != 0) {
printf("ERROR tsip_use_PrivateKey_buffer\n");
printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
}
}
# if defined(WOLFSSL_CHECK_SIG_FAULTS)
if (ret == 0){
ret = tsip_use_PublicKey_buffer(ssl,
ret = tsip_use_PublicKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_public_key,
sizeof(g_key_block_data.encrypted_user_ecc256_public_key),
TSIP_ECCP256);
if (ret != 0) {
printf("ERROR tsip_use_PublicKey_buffer\n");
printf("ERROR tsip_use_PublicKey_buffer_TLS\n");
}
}
#endif /* WOLFSSL_CHECK_SIG_FAULTS */
@ -339,21 +339,21 @@ static void Tls_client()
/* TSIP specific RSA private key */
if (ret == 0) {
ret = tsip_use_PrivateKey_buffer(ssl,
ret = tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
TSIP_RSA2048);
if (ret != 0) {
printf("ERROR tsip_use_PrivateKey_buffer :%d\n", ret);
printf("ERROR tsip_use_PrivateKey_buffer_TLS :%d\n", ret);
}
}
if (ret == 0) {
ret = tsip_use_PublicKey_buffer(ssl,
ret = tsip_use_PublicKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),
TSIP_RSA2048);
if (ret != 0) {
printf("ERROR tsip_use_PublicKey_buffer: %d\n", ret);
printf("ERROR tsip_use_PublicKey_buffer_TLS: %d\n", ret);
}
}

4
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
View File

@ -21,8 +21,8 @@
#include <wolfssl/wolfcrypt/wc_port.h>
#define YEAR 2022
#define MON 6
#define YEAR 2023
#define MON 5
static int tick = 0;

32
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject
View File

@ -54,11 +54,7 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_config}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx}&quot;"/>
@ -66,6 +62,10 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.511269805" name="プリプロセッサ・マクロの定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
@ -97,11 +97,7 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_config}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx}&quot;"/>
@ -109,6 +105,10 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
</option>
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.502444415" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
</tool>
@ -267,11 +267,7 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_config}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx}&quot;"/>
@ -279,6 +275,10 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.935611572" name="プリプロセッサ・マクロの定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" valueType="definedSymbols">
<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
@ -307,11 +307,7 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_config}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx}&quot;"/>
@ -319,6 +315,10 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
</option>
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.1482916460" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
</tool>

5
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.project
View File

@ -39,6 +39,11 @@
<type>1</type>
<locationURI>PARENT-2-PROJECT_LOC/wolfssl_demo/user_settings.h</locationURI>
</link>
<link>
<name>src/wolfssl_tsip_unit_test.c</name>
<type>1</type>
<locationURI>PARENT-2-PROJECT_LOC/wolfssl_demo/wolfssl_tsip_unit_test.c</locationURI>
</link>
<link>
<name>src/key_data/key_data.c</name>
<type>1</type>

2
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
View File

@ -31,7 +31,7 @@
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#endif
#define SIMPLE_TLSSEVER_IP "192.168.10.10"
#define SIMPLE_TLSSEVER_IP "192.168.11.9"
#define SIMPLE_TLSSERVER_PORT "11111"
ER t4_tcp_callback(ID cepid, FN fncd , VP p_parblk);

17
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
View File

@ -287,6 +287,23 @@ void main(void)
wolfSSL_TLS_server();
#endif
Close_tcp();
#elif defined(TSIP_CRYPT_UNIT_TEST)
if ((ret = wolfCrypt_Init()) != 0) {
printf("wolfCrypt_Init failed %d\n", ret);
}
printf("Start wolf tsip crypt Test\n");
printf(" \n");
printf(" simple crypt test by using TSIP\n");
tsip_crypt_test();
printf(" \n");
printf("End wolf tsip crypt Test\n");
if ((ret = wolfCrypt_Cleanup()) != 0) {
printf("wolfCrypt_Cleanup failed %d\n", ret);
}
#endif
}

10
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
View File

@ -950,11 +950,6 @@
<source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
<source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
</configuration>
<configuration inuse="true" name="r_tsip_rx">
<component description="依存モジュール: r_bsp バージョン 7.00&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update.&#10;The &quot;.l&quot; in version number means library version." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.15.l" version="1.15.l"/>
<source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
<source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
</configuration>
<configuration inuse="true" name="r_bsp">
<component description="依存モジュール: なし&#10;The r_bsp package provides a foundation for code to be built on top of. It provides startup code, iodefines, and MCU information for different boards. There are 2 folders that make up the r_bsp package. The 'mcu' folder contains files that are common to a MCU group. These files provide functionality such as easy register access, CPU functions, and a file named 'mcu_info.h' for each MCU group. The 'mcu_info.h' file has information about the MCU on the board and is configured based on the information given in r_bsp_config.h. The information in 'mcu_info.h' is used to help configure Renesas middleware that uses the r_bsp package. The 'board' folder has a folder with startup code for each supported board. Which MCU and board is chosen is decided by the settings in 'platform.h'. The user can choose which board they are using by uncommenting the include path that applies to their board. For example, if you are using the RSK+RX64M then you would uncomment the #include &quot;./board/generic_rx64m/r_bsp.h&quot; include path. Users are encouraged to add their own boards to the 'board' directory. BSPs are configured by using the r_bsp_config.h file. Each board will have a reference configuration file named r_bsp_config_reference.h. The user should copy this file to their project, rename it to r_bsp_config.h, and use the options inside the file to configure the BSP for their project." detailDescription="Board Support Packages." display="r_bsp" id="r_bsp7.20" version="7.20">
<gridItem id="BSP_CFG_USER_STACK_ENABLE" selectedIndex="1"/>
@ -1136,6 +1131,11 @@
<source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
<source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
</configuration>
<configuration inuse="true" name="r_tsip_rx">
<component description="依存モジュール: r_bsp バージョン 7.30&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update.&#10;The &quot;.l&quot; in version number means library version." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.18.l" version="1.18.l"/>
<source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
<source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
</configuration>
</tool>
<tool id="System">
<section id="ocd">

5
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.project
View File

@ -79,6 +79,11 @@
<type>1</type>
<locationURI>PARENT-7-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c</locationURI>
</link>
<link>
<name>wolfcrypt/port/renesas_tsip_rsa.c</name>
<type>1</type>
<locationURI>PARENT-7-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c</locationURI>
</link>
<link>
<name>wolfcrypt/port/renesas_tsip_sha.c</name>
<type>1</type>

2
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/wolfssl.rcpc
View File

@ -22,6 +22,7 @@
<Category Name="port">
<Path>..\..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_common.c</Path>
<Path>..\..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_aes.c</Path>
<Path>..\..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_rsa.c</Path>
<Path>..\..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_sha.c</Path>
<Path>..\..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_util.c</Path>
</Category>
@ -145,6 +146,7 @@
<Path>Debug\wolfio.obj</Path>
<Path>Debug\renesas_common.obj</Path>
<Path>Debug\renesas_tsip_aes.obj</Path>
<Path>Debug\renesas_tsip_rsa.obj</Path>
<Path>Debug\renesas_tsip_sha.obj</Path>
<Path>Debug\renesas_tsip_util.obj</Path>
<Path>Debug\aes.obj</Path>

5
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl/.project
View File

@ -79,6 +79,11 @@
<type>1</type>
<locationURI>PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c</locationURI>
</link>
<link>
<name>wolfcrypt/port/renesas_tsip_rsa.c</name>
<type>1</type>
<locationURI>PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c</locationURI>
</link>
<link>
<name>wolfcrypt/port/renesas_tsip_sha.c</name>
<type>1</type>

23
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
View File

@ -28,7 +28,6 @@
*----------------------------------------------------------------------------*/
#define WOLFSSL_RENESAS_RX72N
/*-- Renesas TSIP usage and its version ---------------------------------------
*
* "WOLFSSL_RENESAS_TSIP" definition makes wolfSSL to use H/W acceleration
@ -45,6 +44,7 @@
#define WOLFSSL_RENESAS_TSIP
#define WOLFSSL_RENESAS_TSIP_VER 117
#if defined(SIMPLE_TLS_CLIENT) || defined(SIMPLE_TLS_SERVER)
#undef WOLFSSL_RENESAS_TSIP
#undef WOLFSSL_RENESAS_TSIP_VER
@ -157,6 +157,7 @@
*----------------------------------------------------------------------------*/
#define SIZEOF_LONG_LONG 8
#define WOLFSSL_SMALL_STACK
/*
* -- "NO_ASN_TIME" macro is to avoid certificate expiration validation --
@ -236,15 +237,29 @@
*----------------------------------------------------------------------------*/
#if defined(WOLFSSL_RENESAS_TSIP)
/*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/
/* Enable TSIP TLS (default)
* TSIP CRYPTONLY is also enabled.
* Disable TSIP TLS
* TSIP CRYPTONLY is only enabled.
*/
#define WOLFSSL_RENESAS_TSIP_TLS
#if !defined(NO_RENESAS_TSIP_CRYPT)
#define WOLFSSL_RENESAS_TSIP_CRYPT
#define WOLFSSL_RENESAS_TSIP_TLS
#define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
#define WOLFSSL_RENESAS_TSIP_CRYPTONLY
#define HAVE_PK_CALLBACKS
#define WOLF_CRYPTO_CB
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
#define WOLF_PRIVATE_KEY_ID
#endif
#endif
#if !defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
# undef WOLFSSL_RENESAS_TSIP_TLS
# undef WOLFSSL_RENESAS_TSIP_CRYPT
#endif
#else
#define OPENSSL_EXTRA

12
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
View File

@ -382,15 +382,15 @@ static void Tls_client(void *pvParam)
#if defined(USE_ECC_CERT)
/* Client authentication using ECDSA certificate can be handled by TSIP.
* Therefore, the client private key should be TSIP-specific format
* and be set by tsip_use_PrivateKey_buffer.
* and be set by tsip_use_PrivateKey_buffer_TLS.
*/
if (ret == 0){
ret = tsip_use_PrivateKey_buffer(ssl,
ret = tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_private_key,
sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
TSIP_ECCP256);
if (ret != 0) {
printf("ERROR tsip_use_PrivateKey_buffer\n");
printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
}
}
# if defined(WOLFSSL_CHECK_SIG_FAULTS)
@ -409,16 +409,16 @@ static void Tls_client(void *pvParam)
/* Client authentication using RSA certificate can be handled by TSIP.
* Note that the internal verification of the signature process requires
* not only the client's private key but also its public key, so pass them
* using tsip_use_PrivateKey_buffer and tsip_use_PublicKey_buffer
* using tsip_use_PrivateKey_buffer_TLS and tsip_use_PublicKey_buffer_TLS
* respectively.
*/
if (ret == 0) {
ret = tsip_use_PrivateKey_buffer(ssl,
ret = tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
TSIP_RSA2048);
if (ret != 0) {
printf("ERROR tsip_use_PrivateKey_buffer :%d\n", ret);
printf("ERROR tsip_use_PrivateKey_buffer_TLS :%d\n", ret);
}
}
if (ret == 0) {

2
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
View File

@ -45,7 +45,7 @@
#define LIBRARY_LOG_LEVEL LOG_INFO
#endif
#include "logging_stack.h"
#include "wolfssl/ssl.h"
/* Enable wolfcrypt test demo */
/*#define CRYPT_TEST */

322
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
View File

@ -19,6 +19,14 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl_simple_demo.h>
#ifdef TSIP_CRYPT_UNIT_TEST
#include "r_bsp_config.h"
#if BSP_CFG_USTACK_BYTES < 0x4000
# error "more than 0x4000 stack needed to run the unit tests."
#endif
#include <stdio.h>
#include <string.h>
@ -28,6 +36,7 @@
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
@ -36,6 +45,7 @@
#endif
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#ifdef FREERTOS
#include "FreeRTOS.h"
# if defined(FREERTOS_TCP)
#include "FreeRTOS_IP.h"
@ -43,6 +53,7 @@
#include "platform/iot_network.h"
#include "platform.h"
# endif
#endif
#ifndef NO_SHA
int sha_test();
@ -59,7 +70,7 @@
printf(" passed \n");\
else \
printf(" failed \n");
#ifdef FREERTOS
static xSemaphoreHandle exit_semaph;
static byte exit_loop = 0;
static byte sha_multTst_rslt = 0;
@ -68,6 +79,7 @@ static byte Aes128_Cbc_multTst_rslt = 0;
static byte Aes256_Cbc_multTst_rslt = 0;
static byte Aes128_Gcm_multTst_rslt = 0;
static byte Aes256_Gcm_multTst_rslt = 0;
#endif /* FREERTOS */
#if defined(HAVE_AES_CBC)
@ -83,11 +95,39 @@ static tsip_aes_key_index_t g_user_aes256_key_index2;
#endif
typedef struct tagInfo
{
tsip_aes_key_index_t aes_key;
} Info;
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
static TsipUserCtx userContext;
void Clr_CallbackCtx(TsipUserCtx *g)
{
if (g->rsa1024pri_keyIdx != NULL)
XFREE(g->rsa1024pri_keyIdx,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (g->rsa1024pub_keyIdx != NULL)
XFREE(g->rsa1024pub_keyIdx,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (g->rsa2048pri_keyIdx != NULL)
XFREE(g->rsa2048pri_keyIdx,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (g->rsa2048pub_keyIdx != NULL)
XFREE(g->rsa2048pub_keyIdx,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
XMEMSET(g, 0, sizeof(TsipUserCtx));
}
#endif
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
@ -160,6 +200,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
return ret;
}
#ifdef FREERTOS
static void tskAes128_Cbc_Test(void *pvParam)
{
int ret = 0;
@ -177,7 +218,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
xSemaphoreGive(exit_semaph);
vTaskDelete(NULL);
}
#endif /* FREERTOS */
#endif
#ifdef WOLFSSL_AES_256
@ -212,6 +253,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
};
(void)verify;
if (prnt)
printf(" tsip_aes256_test() ");
@ -276,7 +318,7 @@ out:
return ret;
}
#ifdef FREERTOS
static void tskAes256_Cbc_Test(void *pvParam)
{
int ret = 0;
@ -294,7 +336,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
xSemaphoreGive(exit_semaph);
vTaskDelete(NULL);
}
#endif /* FREERTOS */
#endif /* WOLFSSL_AES_256 */
#if defined(WOLFSSL_AES_256)
@ -368,6 +410,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
int ret;
(void) result;
(void) c1;
(void) t1;
if (prnt) {
printf(" tsip_aes256_gcm_test() ");
@ -467,7 +511,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
return ret;
}
#ifdef FREERTOS
static void tskAes256_Gcm_Test(void *pvParam)
{
int ret = 0;
@ -485,6 +529,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
xSemaphoreGive(exit_semaph);
vTaskDelete(NULL);
}
#endif /* FREERTOS */
#endif
#if defined(WOLFSSL_AES_128)
@ -539,7 +584,8 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
int ret;
(void) result;
(void) c3;
(void) t3;
if (prnt) {
printf(" tsip_aes128_gcm_test() ");
}
@ -602,7 +648,7 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
return ret;
}
#ifdef FREERTOS
static void tskAes128_Gcm_Test(void *pvParam)
{
int ret = 0;
@ -620,69 +666,11 @@ static void tskAes128_Gcm_Test(void *pvParam)
xSemaphoreGive(exit_semaph);
vTaskDelete(NULL);
}
#endif /* FREERTOS */
#endif
int tsip_crypt_test()
{
int ret = 0;
e_tsip_err_t tsip_error_code;
/* Generate AES tsip Key */
tsip_error_code = R_TSIP_GenerateAes128RandomKeyIndex(
&g_user_aes128_key_index1);
if (tsip_error_code == TSIP_SUCCESS)
tsip_error_code = R_TSIP_GenerateAes128RandomKeyIndex(
&g_user_aes128_key_index2);
if (tsip_error_code == TSIP_SUCCESS)
tsip_error_code = R_TSIP_GenerateAes256RandomKeyIndex(
&g_user_aes256_key_index1);
if (tsip_error_code == TSIP_SUCCESS)
tsip_error_code = R_TSIP_GenerateAes256RandomKeyIndex(
&g_user_aes256_key_index2);
if (tsip_error_code == TSIP_SUCCESS) {
#ifndef NO_SHA
printf(" sha_test()");
ret = sha_test();
RESULT_STR(ret)
#endif
#ifndef NO_SHA256
printf(" sha256_test()");
ret = sha256_test();
RESULT_STR(ret)
#endif
ret = tsip_aes_cbc_test(1, &g_user_aes128_key_index1);
if (ret == 0) {
ret = tsip_aes256_test(1, &g_user_aes256_key_index1);
}
if (ret == 0) {
ret = tsip_aesgcm128_test(1, &g_user_aes128_key_index1);
}
if (ret == 0) {
ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1);
}
}
else
ret = -1;
return ret;
}
#ifdef FREERTOS
#ifndef NO_SHA
@ -722,7 +710,102 @@ static void tskSha256_Test(void *pvParam)
vTaskDelete(NULL);
}
#endif
#endif /* FREERTOS */
#if !defined(NO_RSA)
/* testing rsa sign/verify w/ rsa 2048 bit key */
#define TEST_STRING "Everyone gets Friday off."
#define TEST_STRING2 "Everyone gets Friday ofv."
#define TEST_STRING_SZ 25
#define RSA_TEST_BYTES 256 /* up to 2048-bit key */
static int tsip_rsa_SignVerify_test(int prnt, int keySize)
{
int ret = 0;
RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WC_RNG rng;
const char inStr [] = TEST_STRING;
const char inStr2[] = TEST_STRING2;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
byte *in = NULL;
byte *in2 = NULL;
byte *out= NULL;
in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
(void) prnt;
if (key == NULL || in == NULL || out == NULL) {
ret = -1;
goto out;
}
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(key, 0, sizeof *key);
XMEMCPY(in, inStr, inLen);
XMEMCPY(in2, inStr2, inLen);
ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
if (ret != 0) {
goto out;
}
if ((ret = wc_InitRng(&rng)) != 0)
goto out;
if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
goto out;
/* make rsa key by SCE */
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
goto out;
}
ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
if (ret < 0) {
goto out;
}
/* this should fail */
ret = wc_RsaSSL_Verify(in2, inLen, out, keySize/8, key);
if (ret != SIG_VERIFY_E) {
ret = -1;
goto out;
}
/* this should succeed */
ret = wc_RsaSSL_Verify(in, inLen, out, keySize/8, key);
if (ret < 0) {
ret = -1;
goto out;
}
ret = 0;
out:
if (key != NULL) {
wc_FreeRsaKey(key);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (in != NULL) {
XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (in2 != NULL) {
XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (out != NULL) {
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
}
#endif /* NO_RSA */
#ifdef TSIP_MULTIUNIT_TEST
int tsip_crypt_sha_multitest()
{
int ret = 0;
@ -1018,4 +1101,109 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
return ret;
}
#endif
int tsip_crypt_test()
{
int ret = 0;
e_tsip_err_t tsip_error_code;
/* Generate AES tsip Key */
tsip_error_code = R_TSIP_GenerateAes128RandomKeyIndex(
&g_user_aes128_key_index1);
if (tsip_error_code == TSIP_SUCCESS)
tsip_error_code = R_TSIP_GenerateAes128RandomKeyIndex(
&g_user_aes128_key_index2);
if (tsip_error_code == TSIP_SUCCESS)
tsip_error_code = R_TSIP_GenerateAes256RandomKeyIndex(
&g_user_aes256_key_index1);
if (tsip_error_code == TSIP_SUCCESS)
tsip_error_code = R_TSIP_GenerateAes256RandomKeyIndex(
&g_user_aes256_key_index2);
if (tsip_error_code == TSIP_SUCCESS) {
#ifndef NO_SHA
printf(" sha_test()");
ret = sha_test();
RESULT_STR(ret)
#endif
#ifndef NO_SHA256
printf(" sha256_test()");
ret = sha256_test();
RESULT_STR(ret)
#endif
ret = tsip_aes_cbc_test(1, &g_user_aes128_key_index1);
if (ret == 0) {
ret = tsip_aes256_test(1, &g_user_aes256_key_index1);
}
if (ret == 0) {
ret = tsip_aesgcm128_test(1, &g_user_aes128_key_index1);
}
if (ret == 0) {
ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1);
}
#if defined(WOLFSSL_KEY_GEN)&& \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (ret == 0) {
Clr_CallbackCtx(&userContext);
ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &userContext);
if (ret > 0)
ret = 0;
}
if (ret == 0) {
printf(" tsip_rsa_SignVerify_test(1024)");
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
userContext.sing_hash_type = sha256_mac;
userContext.keyflgs_crypt.bits.message_type = 0;
ret = tsip_rsa_SignVerify_test(1, 1024);
RESULT_STR(ret)
}
Clr_CallbackCtx(&userContext);
if (ret == 0) {
printf(" tsip_rsa_SignVerify_test(2048)");
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
userContext.sing_hash_type = sha256_mac;
userContext.keyflgs_crypt.bits.message_type = 0;
ret = tsip_rsa_SignVerify_test(1, 2048);
RESULT_STR(ret)
}
Clr_CallbackCtx(&userContext);
#endif
}
else
ret = -1;
return ret;
}
#endif /* TSIP_CRYPT_UNIT_TEST */

1
wolfcrypt/src/include.am
View File

@ -122,6 +122,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
wolfcrypt/src/port/arm/cryptoCellHash.c \
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c \
wolfcrypt/src/port/Renesas/renesas_tsip_sha.c \
wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c \
wolfcrypt/src/port/Renesas/renesas_tsip_util.c \
wolfcrypt/src/port/Renesas/renesas_sce_util.c \
wolfcrypt/src/port/Renesas/renesas_sce_aes.c \

53
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -23,14 +23,16 @@
#if defined(WOLFSSL_RENESAS_SCEPROTECT) \
|| defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) \
|| defined(WOLFSSL_RENESAS_TSIP_TLS)
|| defined(WOLFSSL_RENESAS_TSIP_TLS) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#define cmn_hw_lock wc_sce_hw_lock
#define cmn_hw_unlock wc_sce_hw_unlock
#elif defined(WOLFSSL_RENESAS_TSIP_TLS)
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#define cmn_hw_lock tsip_hw_lock
#define cmn_hw_unlock tsip_hw_unlock
@ -51,6 +53,7 @@ static int gdevId = 7890; /* initial dev Id for Crypt Callback */
#include <wolfssl/wolfcrypt/cryptocb.h>
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl)
{
int ret = 0;
@ -115,6 +118,8 @@ WOLFSSL_LOCAL int Renesas_cmn_EccSignCb(WOLFSSL* ssl,
WOLFSSL_LEAVE("Renesas_cmn_EccSignCb", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* Renesas Security Library Common Callback
* For Crypto Callbacks
*
@ -129,7 +134,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
WOLFSSL_ENTER("Renesas_cmn_CryptoDevCb");
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
@ -144,15 +150,19 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->algo_type, cbInfo->session_key_set);
#endif
#if defined(WOLFSSL_RENESAS_TSIP)
#if defined(WOLFSSL_RENESAS_TSIP) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
ret = CRYPTOCB_UNAVAILABLE;
if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES) || !defined(NO_DES3)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM &&
cbInfo->session_key_set == 1) {
if (info->cipher.type == WC_CIPHER_AES_GCM
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo->session_key_set == 1
#endif
) {
if (info->cipher.enc) {
ret = wc_tsip_AesGcmEncrypt(
@ -186,8 +196,11 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
#endif /* HAVE_AESGCM */
#ifdef HAVE_AES_CBC
if (info->cipher.type == WC_CIPHER_AES_CBC &&
cbInfo->session_key_set == 1) {
if (info->cipher.type == WC_CIPHER_AES_CBC
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo->session_key_set == 1
#endif
) {
if (info->cipher.enc) {
ret = wc_tsip_AesCbcEncrypt(
@ -208,6 +221,14 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */
}
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 ||
info->pk.rsakg.size == 2048)) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
}
#endif
/* Is called for signing
* Can handle only RSA PkCS#1v1.5 padding scheme here.
*/
@ -217,9 +238,14 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
ret = tsip_SignRsaPkcs(info, ctx);
}
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) {
ret = wc_tsip_RsaVerifyPkcs(info, ctx);
}
#endif
}
#endif /* NO_RSA */
#if defined(HAVE_ECC)
#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS)
else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
ret = tsip_SignEcdsa(info, ctx);
}
@ -482,7 +508,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
(void)ssl;
(void)ctx;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
@ -490,7 +517,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
#endif
if (cbInfo == NULL
#if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \
#if (!defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) &&\
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(HAVE_RENESAS_SYNC)
|| ssl == NULL) {
#else
@ -517,6 +545,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
}
#if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) && \
!defined(HAVE_RENESAS_SYNC)
if (ssl)
wolfSSL_SetDevId(ssl, cbInfo->devId);
@ -543,7 +572,7 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id)
#endif /* WOLF_CRYPTO_CB */
#endif /* WOLFSSL_RENESAS_SCEPROTECT || WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY
/* WOLFSSL_RENESAS_TSIP_TLS*/
WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)

41
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@ -30,7 +30,8 @@
#ifndef NO_AES
#if defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
#if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES)
#include <wolfssl/wolfcrypt/wc_port.h>
@ -60,7 +61,7 @@ typedef e_tsip_err_t (*aesGcmDecUpdateFn)
typedef e_tsip_err_t (*aesGcmDecFinalFn)
(tsip_gcm_handle_t*, uint8_t*, uint32_t*, uint8_t*, uint32_t);
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* function pointer type defs for TLSv13 handshake AES-GCM/CCM encryption */
typedef e_tsip_err_t (*Tls13AesEncInitFn)
@ -374,7 +375,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
WOLFSSL_LEAVE("tsip_Tls13AesDecrypt", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#if (WOLFSSL_RENESAS_TSIP_VER >= 109)
@ -395,8 +396,11 @@ WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
#if !defined(NO_AES) || !defined(NO_DES3)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM &&
cbInfo->session_key_set == 1) {
if (info->cipher.type == WC_CIPHER_AES_GCM
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo->session_key_set == 1
#endif
) {
if (info->cipher.enc) {
ret = wc_tsip_AesGcmEncrypt(
@ -430,8 +434,11 @@ WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
}
#endif /* HAVE_AESGCM */
#ifdef HAVE_AES_CBC
if (info->cipher.type == WC_CIPHER_AES_CBC &&
cbInfo->session_key_set == 1) {
if (info->cipher.type == WC_CIPHER_AES_CBC
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo->session_key_set == 1
#endif
) {
if (info->cipher.enc) {
ret = wc_tsip_AesCbcEncrypt(
@ -680,6 +687,7 @@ int wc_tsip_AesGcmEncrypt(
XMEMCPY(aadBuf, authIn, authInSz);
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (ret == 0 &&
userCtx->session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
@ -701,8 +709,11 @@ int wc_tsip_AesGcmEncrypt(
WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed");
ret = -1;
}
} else if (userCtx->user_aes128_key_set == 1 ||
userCtx->user_aes256_key_set == 1) {
} else
#endif
if (ret == 0 &&
(userCtx->user_aes128_key_set == 1 ||
userCtx->user_aes256_key_set == 1)) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_client_aes, &userCtx->user_aes256_key_index,
sizeof(tsip_aes_key_index_t));
@ -875,6 +886,7 @@ int wc_tsip_AesGcmDecrypt(
XMEMCPY(aadBuf, authIn, authInSz);
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (ret == 0 &&
userCtx->session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
@ -895,8 +907,12 @@ int wc_tsip_AesGcmDecrypt(
WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed");
ret = -1;
}
} else if (userCtx->user_aes128_key_set == 1 ||
userCtx->user_aes256_key_set == 1) {
} else
#endif
if (ret == 0 &&
(userCtx->user_aes128_key_set == 1 ||
userCtx->user_aes256_key_set == 1)) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_server_aes, &userCtx->user_aes256_key_index,
sizeof(tsip_aes_key_index_t));
@ -959,5 +975,6 @@ int wc_tsip_AesGcmDecrypt(
WOLFSSL_LEAVE("wc_tsip_AesGcmDecrypt", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_CRYPT */
#endif /* WOLFSSL_RENESAS_TSIP_TLS) || WOLFSSL_RENESAS_TSIP_CRYPTONLY
&& NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES */
#endif /* NO_AES */

302
wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c Normal file
View File

@ -0,0 +1,302 @@
/* renesas_sce_rsa.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/wolfcrypt/settings.h>
#if !defined(NO_RSA) && \
(defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
#include <string.h>
#include <stdio.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
/* Make Rsa key for TSIP and set it to callback ctx
* Assumes to be called by Crypt Callback
*
* size desired keylenth, in bits. supports 1024 or 2048 bits
* ctx Callback context including pointer to hold generated key
* return TSIP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
{
e_tsip_err_t ret;
TsipUserCtx *info = (TsipUserCtx*)ctx;
tsip_rsa1024_key_pair_index_t *tsip_pair1024_key = NULL;
tsip_rsa2048_key_pair_index_t *tsip_pair2048_key = NULL;
/* sanity check */
if (ctx == NULL)
return BAD_FUNC_ARG;
if ((ret = tsip_hw_lock()) == 0) {
if (size == 1024) {
tsip_pair1024_key =
(tsip_rsa1024_key_pair_index_t*)XMALLOC(
sizeof(tsip_rsa1024_key_pair_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tsip_pair1024_key == NULL)
return MEMORY_E;
ret = R_TSIP_GenerateRsa1024RandomKeyIndex(tsip_pair1024_key);
}
else if (size == 2048) {
tsip_pair2048_key =
(tsip_rsa2048_key_pair_index_t*)XMALLOC(
sizeof(tsip_rsa2048_key_pair_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tsip_pair2048_key == NULL)
return MEMORY_E;
ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key);
}
else
return CRYPTOCB_UNAVAILABLE;
if (ret == TSIP_SUCCESS) {
if (size == 1024) {
if (info->rsa1024pri_keyIdx != NULL) {
XFREE(info->rsa1024pri_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
if (info->rsa1024pub_keyIdx != NULL) {
XFREE(info->rsa1024pub_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
info->rsa1024pri_keyIdx =
(tsip_rsa1024_private_key_index_t*)XMALLOC(
sizeof(tsip_rsa1024_private_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa1024pri_keyIdx == NULL) {
XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
info->rsa1024pub_keyIdx =
(tsip_rsa1024_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa1024_public_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa1024pub_keyIdx == NULL) {
XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pri_keyIdx, 0,
DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
/* copy generated key pair and free malloced key */
XMEMCPY(info->rsa1024pri_keyIdx,
&tsip_pair1024_key->private,
sizeof(tsip_rsa1024_private_key_index_t));
XMEMCPY(info->rsa1024pub_keyIdx,
&tsip_pair1024_key->public,
sizeof(tsip_rsa1024_public_key_index_t));
XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
}
else if (size == 2048) {
if (info->rsa2048pri_keyIdx != NULL) {
XFREE(info->rsa2048pri_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
if (info->rsa2048pub_keyIdx != NULL) {
XFREE(info->rsa2048pub_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
info->rsa2048pri_keyIdx =
(tsip_rsa2048_private_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_private_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa2048pri_keyIdx == NULL) {
XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
info->rsa2048pub_keyIdx =
(tsip_rsa2048_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_public_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa2048pub_keyIdx == NULL) {
XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa2048pri_keyIdx, 0,
DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
/* copy generated key pair and free malloced key */
XMEMCPY(info->rsa2048pri_keyIdx,
&tsip_pair2048_key->private,
sizeof(tsip_rsa2048_private_key_index_t));
XMEMCPY(info->rsa2048pub_keyIdx,
&tsip_pair2048_key->public,
sizeof(tsip_rsa2048_public_key_index_t));
XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
}
}
else {
WOLFSSL_MSG("Failed to generate key pair by TSIP");
return CRYPTOCB_UNAVAILABLE;
}
tsip_hw_unlock();
}
return 0;
}
/* Perform Rsa verify by TSIP
* Assumes to be called by Crypt Callback
*
* in Buffer to hold plaintext
* inLen Length of plaintext in bytes
* out Buffer to hold generated signature
* outLen Length of signature in bytes
* key rsa key object
* ctx The callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData;
uint8_t tsip_hash_type;
/* sanity check */
if (info == NULL || tuc == NULL){
return BAD_FUNC_ARG;
}
if (ret == 0) {
if (tuc->sing_hash_type == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
else if (tuc->sing_hash_type == sha_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
else if (tuc->sing_hash_type == sha256_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
else
ret = CRYPTOCB_UNAVAILABLE;
}
switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1)
{
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 1024 not set");
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
}
break;
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1)
{
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 1024 not set");
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
}
break;
default:
WOLFSSL_MSG("wrapped private key is not supported");
ret = CRYPTOCB_UNAVAILABLE;
break;
}
if (ret == 0) {
hashData.pdata = (uint8_t*)info->pk.rsa.in;
hashData.data_length = info->pk.rsa.inLen;
hashData.data_type =
tuc->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
sigData.pdata = (uint8_t*)info->pk.rsa.out;
sigData.data_length = info->pk.rsa.outLen;
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024:
err = R_TSIP_RsassaPkcs1024SignatureVerification(&sigData,
&hashData,
(tsip_rsa1024_public_key_index_t *)
tuc->rsa1024pub_keyIdx,
tsip_hash_type);
if (err == TSIP_ERR_AUTHENTICATION) {
ret = SIG_VERIFY_E;
}
else if (err == TSIP_SUCCESS) {
ret = 0;
}
else {
ret = WC_HW_E;
}
break;
case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureVerification(&sigData,
&hashData,
(tsip_rsa2048_public_key_index_t *)
tuc->rsa2048pub_keyIdx,
tsip_hash_type);
if (err == TSIP_ERR_AUTHENTICATION) {
ret = SIG_VERIFY_E;
}
else if (err == TSIP_SUCCESS) {
ret = 0;
}
else {
ret = WC_HW_E;
}
break;
}
tsip_hw_unlock();
}
}
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#endif /* WOLFSSL_RENESAS_TSIP_TLS || \
WOLFSSL_RENESAS_TSIP_CRYPTONLY */

18
wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
View File

@ -36,18 +36,16 @@
#include <wolfssl/wolfcrypt/logging.h>
#if defined(WOLFSSL_RENESAS_TSIP_CRYPT)
#if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
#include <wolfssl/wolfcrypt/memory.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#if !defined(NO_SHA) && !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include <wolfssl/wolfcrypt/sha.h>
extern struct WOLFSSL_HEAP_HINT* tsip_heap_hint;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* get hmac from handshake messages exchanged with server.
*
*/
@ -278,7 +276,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
WOLFSSL_LEAVE("tsip_GetMessageSha256", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
@ -471,7 +469,9 @@ static int TSIPHashCopy(wolfssl_TSIP_Hash* src, wolfssl_TSIP_Hash* dst)
return 0;
}
/* */
#if !defined(NO_SHA) && !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include <wolfssl/wolfcrypt/sha.h>
int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
{
return TSIPHashInit(sha, heap, devId, TSIP_SHA1);
@ -496,7 +496,7 @@ int wc_ShaCopy(wc_Sha256* src, wc_Sha256* dst)
{
return TSIPHashCopy(src, dst);
}
#endif /* !NO_SHA */
#endif /* !NO_SHA && !NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH*/
#if !defined(NO_SHA256) && !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include <wolfssl/wolfcrypt/sha256.h>
@ -527,5 +527,5 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
return TSIPHashCopy(src, dst);
}
#endif /* !NO_SHA256 */
#endif /* WOLFSSL_RENESAS_TSIP_CRYPT */
#endif /* WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#endif /* #if !defined(NO_SHA) || !defined(NO_SHA256) */

599
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@ -56,22 +56,21 @@ typedef e_tsip_err_t (*shaHmacFinalFn)
/* ./ca-cert.der.sign, */
/* expect to have these variables defined at user application */
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=109)
#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=109)
extern uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE];
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=106)
#elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106)
extern uint32_t s_flash[];
extern uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE];
#endif
wolfSSL_Mutex tsip_mutex;
static int tsip_CryptHwMutexInit_ = 0;
static const byte* ca_cert_sig = NULL;
static tsip_key_data g_user_key_info;
struct WOLFSSL_HEAP_HINT* tsip_heap_hint = NULL;
/* tsip only keep one encrypted ca public key */
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
static const byte* ca_cert_sig = NULL;
static uint32_t g_encrypted_publicCA_key[R_TSIP_SINST_WORD_SIZE];
/* index of CM table. must be global since renesas_common access it. */
@ -103,7 +102,38 @@ static int tsip_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
{
return wc_UnLockMutex(mutex);
}
#ifdef WOLF_PRIVATE_KEY_ID
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
/* Set client encrypted public key data.
* parameters:
* ssl WOLFSSL object
* keyBuf buffer holding wrapped key which Renesas key tool generated.
* keyBufLen buffer length
* keyType 0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256
* return 0 on success, others on failure.
*/
WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl,
const char* keyBuf, int keyBufLen, int keyType)
{
int ret = 0;
TsipUserCtx* tuc = NULL;
WOLFSSL_ENTER("tsip_use_PublicKey_buffer_TLS");
if (ssl == NULL
|| keyBuf == NULL || keyBufLen == 0) {
ret = BAD_FUNC_ARG;
}
if (ret == 0){
tuc = ssl->RenesasUserCtx;
tuc->wrappedPublicKey = (uint8_t*)keyBuf;
tuc->wrappedKeyType = keyType;
}
WOLFSSL_LEAVE("tsip_use_PublicKey_buffer", ret);
return ret;
}
/* Set client encrypted private key data.
* parameters:
* ssl WOLFSSL object
@ -112,13 +142,13 @@ static int tsip_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
* keyType 0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256
* return 0 on success, others on failure.
*/
WOLFSSL_API int tsip_use_PrivateKey_buffer(struct WOLFSSL* ssl,
WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
const char* keyBuf, int keyBufLen, int keyType)
{
int ret = 0;
TsipUserCtx* tuc = NULL;
WOLFSSL_ENTER("tsip_use_PrivateKey_buffer");
WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_TLS");
if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 ) {
ret = BAD_FUNC_ARG;
@ -137,40 +167,74 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer(struct WOLFSSL* ssl,
}
}
WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer", ret);
WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer_TLS", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
/* Set client encrypted public key data.
* parameters:
* ssl WOLFSSL object
* uc Tsip user context
* keyBuf buffer holding wrapped key which Renesas key tool generated.
* keyBufLen buffer length
* keyType 0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256
* return 0 on success, others on failure.
*/
WOLFSSL_API int tsip_use_PublicKey_buffer(WOLFSSL* ssl,
WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
const char* keyBuf, int keyBufLen, int keyType)
{
int ret = 0;
TsipUserCtx* tuc = NULL;
WOLFSSL_ENTER("tsip_use_PublicKey_buffer");
WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt");
if (ssl == NULL || keyBuf == NULL || keyBufLen == 0) {
if (uc == NULL
|| keyBuf == NULL || keyBufLen == 0) {
ret = BAD_FUNC_ARG;
}
if (ret == 0){
tuc = ssl->RenesasUserCtx;
tuc = uc;
tuc->wrappedPublicKey = (uint8_t*)keyBuf;
tuc->wrappedKeyType = keyType;
}
WOLFSSL_LEAVE("tsip_use_PublicKey_buffer", ret);
WOLFSSL_LEAVE("tsip_use_PublicKey_buffer_crypt", ret);
return ret;
}
#endif /* WOLF_PRIVATE_KEY_ID */
/* Set client encrypted private key data.
* parameters:
* uc Tsip user context
* keyBuf buffer holding wrapped key which Renesas key tool generated.
* keyBufLen buffer length
* keyType 0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256
* return 0 on success, others on failure.
*/
WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
const char* keyBuf, int keyBufLen, int keyType)
{
int ret = 0;
TsipUserCtx* tuc = NULL;
WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_crypt");
if (uc == NULL || keyBuf == NULL || keyBufLen == 0 ) {
ret = BAD_FUNC_ARG;
}
if (ret == 0){
tuc = uc;
tuc->wrappedPrivateKey = (uint8_t*)keyBuf;
tuc->wrappedKeyType = keyType;
}
WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer_crypt", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* Obsolete function. Use tsip_use_PrivateKey_buffer instead.
* Set client encrypted private key data.
@ -1582,192 +1646,14 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
}
#endif /* WOLFSSL_TLS13 */
/*
* Import wrapped private key then convert it into TSIP key_index format.
* The target key should be set with tsip_use_PrivateKey_buffer in advance.
* Acceptable key types are:
* TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now)
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
*/
static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
uint8_t* provisioning_key = g_user_key_info.encrypted_provisioning_key;
uint8_t* iv = g_user_key_info.iv;
uint8_t* encPrivKey;
WOLFSSL_ENTER("tsipImportPrivateKey");
if (tuc == NULL)
return BAD_FUNC_ARG;
encPrivKey = tuc->wrappedPrivateKey;
if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) {
WOLFSSL_MSG("Missing some key materials used for import" );
return CRYPTOCB_UNAVAILABLE;
}
if (ret == 0) {
if (keyType != tuc->wrappedKeyType) {
WOLFSSL_MSG("No public key of specified type is set" );
return CRYPTOCB_UNAVAILABLE;
}
}
if ((ret = tsip_hw_lock()) == 0) {
switch (keyType) {
#if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA2048:
tuc->ClientRsa2048PrivKey_set = 0;
err = R_TSIP_GenerateRsa2048PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey,
&(tuc->Rsa2048PrivateKeyIdx));
if (err == TSIP_SUCCESS) {
tuc->ClientRsa2048PrivKey_set = 1;
}
else {
ret = WC_HW_E;
}
break;
#endif
case TSIP_KEY_TYPE_RSA4096:
/* not supported as of TSIPv1.15 */
ret = CRYPTOCB_UNAVAILABLE;
break;
#if defined(HAVE_ECC)
case TSIP_KEY_TYPE_ECDSAP256:
tuc->ClientEccP256PrivKey_set = 0;
err = R_TSIP_GenerateEccP256PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey,
&(tuc->EcdsaP256PrivateKeyIdx));
if (err == TSIP_SUCCESS) {
tuc->ClientEccP256PrivKey_set = 1;
}
else {
ret = WC_HW_E;
}
break;
#endif
default:
ret = BAD_FUNC_ARG;
break;
}
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("mutex locking error");
}
WOLFSSL_LEAVE("tsipImportPrivateKey", ret);
return ret;
}
/*
* Import wrapped public key then convert it into TSIP key_index format.
* The target key should be set with tsip_use_PublicKey_buffer in advance.
* Acceptable key types are:
* TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now)
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
*/
static int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
uint8_t* provisioning_key = g_user_key_info.encrypted_provisioning_key;
uint8_t* iv = g_user_key_info.iv;
uint8_t* encPubKey;
WOLFSSL_ENTER("tsipImportPublicKey");
if (tuc == NULL ) {
return BAD_FUNC_ARG;
}
encPubKey = tuc->wrappedPublicKey;
if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) {
WOLFSSL_MSG("Missing some key materials used for import" );
return CRYPTOCB_UNAVAILABLE;
}
if (ret == 0) {
if (keyType != tuc->wrappedKeyType) {
WOLFSSL_MSG("No public key of specified type is set" );
return CRYPTOCB_UNAVAILABLE;
}
}
if ((ret = tsip_hw_lock()) == 0) {
switch(keyType) {
#if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA2048:
tuc->ClientRsa2048PubKey_set = 0;
err = R_TSIP_GenerateRsa2048PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
&(tuc->Rsa2048PublicKeyIdx));
if (err == TSIP_SUCCESS) {
tuc->ClientRsa2048PubKey_set = 1;
}
else {
ret = WC_HW_E;
}
break;
#endif
#if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA4096:
/* not supported as of TSIPv1.15 */
ret = CRYPTOCB_UNAVAILABLE;
break;
#endif
#if defined(HAVE_ECC)
case TSIP_KEY_TYPE_ECDSAP256:
tuc->ClientEccP256PubKey_set = 0;
err = R_TSIP_GenerateEccP256PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
&(tuc->EcdsaP256PublicKeyIdx));
if (err == TSIP_SUCCESS) {
tuc->ClientEccP256PubKey_set = 1;
}
else {
ret = WC_HW_E;
}
break;
#endif
default:
ret = BAD_FUNC_ARG;
break;
}
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("mutex locking error");
}
WOLFSSL_LEAVE("tsipImportPublicKey", ret);
return ret;
}
#if defined(WOLFSSL_TLS13)
/* Send the TLS v1.3 CertificateVerify message. A part of the message is
* processed by TSIP for acceleration.
*
* Prior to this function call, the appropriate key-pair should be set via
* tsip_use_PrivateKey_buffer and tsip_use_PublicKey_buffer APIs. Those key pair
* can be generated by the tool named "Renesas secure flash programmer".
* tsip_use_PrivateKey_buffer_TLS and tsip_use_PublicKey_buffer_TLS APIs.
* Those key pair can be generated by the tool named
* "Renesas secure flash programmer".
* When RSA certificate is used, both public and private keys should be set.
* The public key is used for self-verify the generated certificateVerify
* message. When ECC certificate is used, the self-verify will be performed only
@ -2039,7 +1925,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109)
@ -2453,6 +2339,212 @@ static byte _tls2tsipdef(byte cipher)
return def;
}
#endif
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/*
* Import wrapped private key then convert it into TSIP key_index format.
* The target key should be set with tsip_use_PrivateKey_buffer in advance.
* Acceptable key types are:
* TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now)
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
*/
static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
uint8_t* provisioning_key = g_user_key_info.encrypted_provisioning_key;
uint8_t* iv = g_user_key_info.iv;
uint8_t* encPrivKey;
WOLFSSL_ENTER("tsipImportPrivateKey");
if (tuc == NULL)
return BAD_FUNC_ARG;
encPrivKey = tuc->wrappedPrivateKey;
if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) {
WOLFSSL_MSG("Missing some key materials used for import" );
return CRYPTOCB_UNAVAILABLE;
}
if (ret == 0) {
if (keyType != tuc->wrappedKeyType) {
WOLFSSL_MSG("No public key of specified type is set" );
return CRYPTOCB_UNAVAILABLE;
}
}
if ((ret = tsip_hw_lock()) == 0) {
switch (keyType) {
#if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA2048:
tuc->ClientRsa2048PrivKey_set = 0;
err = R_TSIP_GenerateRsa2048PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey,
&(tuc->Rsa2048PrivateKeyIdx));
if (err == TSIP_SUCCESS) {
tuc->ClientRsa2048PrivKey_set = 1;
}
else {
ret = WC_HW_E;
}
break;
#endif
case TSIP_KEY_TYPE_RSA4096:
/* not supported as of TSIPv1.15 */
ret = CRYPTOCB_UNAVAILABLE;
break;
#if defined(HAVE_ECC)
case TSIP_KEY_TYPE_ECDSAP256:
tuc->ClientEccP256PrivKey_set = 0;
err = R_TSIP_GenerateEccP256PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey,
&(tuc->EcdsaP256PrivateKeyIdx));
if (err == TSIP_SUCCESS) {
tuc->ClientEccP256PrivKey_set = 1;
}
else {
ret = WC_HW_E;
}
break;
#endif
default:
ret = BAD_FUNC_ARG;
break;
}
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("mutex locking error");
}
WOLFSSL_LEAVE("tsipImportPrivateKey", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/*
* Import wrapped public key then convert it into TSIP key_index format.
* The target key should be set with tsip_use_PublicKey_buffer in advance.
* Acceptable key types are:
* TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now)
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
*/
WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
uint8_t* provisioning_key = g_user_key_info.encrypted_provisioning_key;
uint8_t* iv = g_user_key_info.iv;
uint8_t* encPubKey;
WOLFSSL_ENTER("tsipImportPublicKey");
if (tuc == NULL ) {
return BAD_FUNC_ARG;
}
encPubKey = tuc->wrappedPublicKey;
if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) {
WOLFSSL_MSG("Missing some key materials used for import" );
return CRYPTOCB_UNAVAILABLE;
}
if (ret == 0) {
if (keyType != tuc->wrappedKeyType) {
WOLFSSL_MSG("No public key of specified type is set" );
return CRYPTOCB_UNAVAILABLE;
}
}
if ((ret = tsip_hw_lock()) == 0) {
switch(keyType) {
#if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA2048:
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientRsa2048PubKey_set = 0;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (tuc->rsa2048pub_keyIdx != NULL) {
XFREE(tuc->rsa2048pub_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
tuc->rsa2048pub_keyIdx =
(tsip_rsa2048_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_public_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tuc->rsa2048pub_keyIdx == NULL) {
return MEMORY_E;
}
#endif
err = R_TSIP_GenerateRsa2048PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->Rsa2048PublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->rsa2048pub_keyIdx
#endif
);
if (err == TSIP_SUCCESS) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientRsa2048PubKey_set = 1;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.rsapub2048_key_set = 1;
#endif
}
else {
ret = WC_HW_E;
}
break;
#endif
#if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA4096:
/* not supported as of TSIPv1.15 */
ret = CRYPTOCB_UNAVAILABLE;
break;
#endif
#if defined(HAVE_ECC) && \
defined(WOLFSSL_RENESAS_TSIP_TLS)
case TSIP_KEY_TYPE_ECDSAP256:
tuc->ClientEccP256PubKey_set = 0;
err = R_TSIP_GenerateEccP256PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
&(tuc->EcdsaP256PublicKeyIdx));
if (err == TSIP_SUCCESS) {
tuc->ClientEccP256PubKey_set = 1;
}
else {
ret = WC_HW_E;
}
break;
#endif
default:
ret = BAD_FUNC_ARG;
break;
}
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("mutex locking error");
}
WOLFSSL_LEAVE("tsipImportPublicKey", ret);
return ret;
}
/*
* lock hw engine.
* this should be called before using engine.
@ -2488,7 +2580,7 @@ WOLFSSL_LOCAL void tsip_hw_unlock(void)
{
tsip_CryptHwMutexUnLock(&tsip_mutex);
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
/* check if tsip tls functions can be used for the cipher */
/* return :1 when tsip can be used , 0 not be used. */
int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated)
@ -2584,7 +2676,7 @@ int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated)
WOLFSSL_LEAVE("tsip_usable", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* open TSIP driver
@ -2598,13 +2690,13 @@ WOLFSSL_LOCAL int tsip_Open(void)
if ((ret = tsip_hw_lock()) == 0) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=109)
#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=109)
ret = R_TSIP_Open(NULL,NULL);
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("RENESAS TSIP Open failed");
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
ret = R_TSIP_GenerateTlsRsaPublicKeyIndex(
@ -2634,14 +2726,14 @@ WOLFSSL_LOCAL int tsip_Open(void)
g_CAscm_Idx = (uint32_t)-1;
}
}
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=106)
#endif
#elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106)
ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("RENESAS TSIP Open failed");
}
#if defined(WOLFSSL_RENESAS_TLS)
/* generate TLS Rsa public key for Certificate verification */
if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
ret = R_TSIP_GenerateTlsRsaPublicKeyIndex(
@ -2668,6 +2760,7 @@ WOLFSSL_LOCAL int tsip_Open(void)
g_CAscm_Idx = (uint32_t)-1;
}
}
#endif
#else
ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
if (ret != TSIP_SUCCESS) {
@ -2707,16 +2800,6 @@ WOLFSSL_LOCAL void tsip_Close(void)
WOLFSSL_LEAVE("tsip_Close", 0);
}
/* Support functions for TSIP TLS Capability */
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
/* to inform ca certificate sign */
/* signature format expects RSA 2048 PSS with SHA256 */
void tsip_inform_cert_sign(const byte *sign)
{
if (sign)
ca_cert_sig = sign;
}
#if (WOLFSSL_RENESAS_TSIP_VER>=109)
void tsip_inform_user_keys_ex(
byte* encrypted_provisioning_key,
@ -2767,8 +2850,16 @@ void tsip_inform_user_keys(
}
#endif
/* Support functions for TSIP TLS Capability */
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
/* to inform ca certificate sign */
/* signature format expects RSA 2048 PSS with SHA256 */
void tsip_inform_cert_sign(const byte *sign)
{
if (sign)
ca_cert_sig = sign;
}
/* Sha1Hmac */
int wc_tsip_Sha1HmacGenerate(
const WOLFSSL *ssl,
@ -3552,10 +3643,15 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
WOLFSSL_ENTER("tsip_SignRsaPkcs");
if (info == NULL || tuc == NULL || tuc->ssl == NULL) {
if (info == NULL || tuc == NULL
#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
|| tuc->ssl == NULL
#endif
) {
ret = BAD_FUNC_ARG;
}
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (ret == 0) {
ssl = tuc->ssl;
@ -3570,6 +3666,7 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
if (ssl->options.hashAlgo == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
@ -3580,21 +3677,81 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
else
ret = CRYPTOCB_UNAVAILABLE;
}
#else
(void)ssl;
if (ret == 0) {
if (tuc->sing_hash_type == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
else if (tuc->sing_hash_type == sha_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
else if (tuc->sing_hash_type == sha256_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
else
ret = CRYPTOCB_UNAVAILABLE;
}
switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1)
{
WOLFSSL_MSG("tsip rsa private key 2048 not set");
ret = CRYPTOCB_UNAVAILABLE;
}
break;
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1)
{
WOLFSSL_MSG("tsip rsa private key 2048 not set");
ret = CRYPTOCB_UNAVAILABLE;
}
break;
default:
WOLFSSL_MSG("wrapped private key is not supported");
ret = CRYPTOCB_UNAVAILABLE;
break;
}
#endif
if (ret == 0) {
#ifdef WOLFSSL_RENESAS_TSIP_TLS
hashData.pdata = (uint8_t*)ssl->buffers.digest.buffer;
hashData.data_type = 1;
sigData.pdata = (uint8_t*)info->pk.rsa.in;
sigData.data_length = 0; /* signature size will be returned here */
#else
hashData.pdata = (uint8_t*)info->pk.rsa.in;
hashData.data_length= info->pk.rsa.inLen;
hashData.data_type = tuc->keyflgs_crypt.bits.message_type;
sigData.pdata = (uint8_t*)info->pk.rsa.out;
sigData.data_length = 0;
#endif
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
case TSIP_KEY_TYPE_RSA1024:
err = R_TSIP_RsassaPkcs1024SignatureGenerate(
&hashData, &sigData,
(tsip_rsa1024_private_key_index_t*)
tuc->rsa1024pri_keyIdx,
tsip_hash_type);
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
}
break;
#endif
case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureGenerate(
&hashData, &sigData,
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&tuc->Rsa2048PrivateKeyIdx,
#else
(tsip_rsa2048_private_key_index_t*)
tuc->rsa2048pri_keyIdx,
#endif
tsip_hash_type);
if (err != TSIP_SUCCESS) {
@ -3624,7 +3781,7 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
}
#endif /* !NO_RSA */
#if !defined(NO_RSA)
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_TSIP_TLS)
WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
WOLFSSL* ssl,
unsigned char* sig, unsigned int sigSz,
@ -3719,9 +3876,9 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
WOLFSSL_LEAVE("tsip_VerifyRsaPkcsCb", ret);
return ret;
}
#endif /* !NO_RSA */
#endif /* !NO_RSA && TSIP_TLS */
#if defined(HAVE_ECC)
#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS)
/* Perform signing with the client's ECC private key on hash value of messages
* exchanged with server.
*
@ -3861,7 +4018,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
WOLFSSL_LEAVE("tsip_SignEcdsa", ret);
return ret;
}
#endif /* HAVE_ECC */
#endif /* HAVE_ECC && TSIP_TLS */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG

10
wolfcrypt/src/rsa.c
View File

@ -3391,8 +3391,10 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
pad_value, pad_type, hash, mgf, label,
labelSz, sz);
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
/* SCE needs wrapped key which is passed via
#elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \
(!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
/* SCE needs warpped key which is passed via
* user ctx object of crypt-call back.
*/
#ifdef WOLF_CRYPTO_CB
@ -3550,7 +3552,9 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
}
return ret;
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \
(!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Rsa(in, inLen, out,

14
wolfcrypt/src/sha.c
View File

@ -347,7 +347,8 @@
return ret;
}
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
#elif (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
/* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
@ -927,8 +928,9 @@ void wc_ShaFree(wc_Sha* sha)
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
se050_hash_free(&sha->se050Ctx);
#endif
#if (defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) || \
#if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) || \
defined(WOLFSSL_RENESAS_RX64_HASH)
if (sha->msg != NULL) {
XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -946,7 +948,8 @@ void wc_ShaFree(wc_Sha* sha)
#if !defined(WOLFSSL_TI_HASH) && !defined(WOLFSSL_IMXRT_DCP)
#if !defined(WOLFSSL_RENESAS_TSIP_CRYPT) || \
#if (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \
defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#if !defined(WOLFSSL_RENESAS_RX64_HASH)
@ -1023,7 +1026,8 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
}
#endif /* WOLFSSL_RENESAS_RX64_HASH */
#endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
#endif /* !defined(WOLFSSL_RENESAS_TSIP_CRYPT) ||
#endif /* !defined(WOLFSSL_RENESAS_TSIP_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) ||
defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) */
#endif /* !defined(WOLFSSL_TI_HASH) && !defined(WOLFSSL_IMXRT_DCP) */

13
wolfcrypt/src/sha256.c
View File

@ -219,7 +219,9 @@ on the specific device platform.
defined(WOLFSSL_QNX_CAAM)) && \
!defined(WOLFSSL_AFALG_HASH) && !defined(WOLFSSL_DEVCRYPTO_HASH) && \
(!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_HASH)) && \
(!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \
((!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \
defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \
!defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \
((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \
@ -797,7 +799,8 @@ static int InitSha256(wc_Sha256* sha256)
return InitSha256(sha256);
}
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
#elif (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
/* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
@ -1809,7 +1812,8 @@ void wc_Sha256Free(wc_Sha256* sha256)
#endif /* WOLFSSL_DEVCRYPTO */
#if (defined(WOLFSSL_AFALG_HASH) && defined(WOLFSSL_AFALG_HASH_KEEP)) || \
(defined(WOLFSSL_DEVCRYPTO_HASH) && defined(WOLFSSL_DEVCRYPTO_HASH_KEEP)) || \
(defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
((defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) || \
((defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
@ -2002,7 +2006,8 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
#elif defined(WOLFSSL_DEVCRYPTO_HASH)
/* implemented in wolfcrypt/src/port/devcrypto/devcrypt_hash.c */
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
#elif (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
/* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */

4
wolfcrypt/src/wc_port.c
View File

@ -174,7 +174,7 @@ int wolfCrypt_Init(void)
}
#endif
#if defined(WOLFSSL_RENESAS_TSIP_CRYPT)
#if defined(WOLFSSL_RENESAS_TSIP)
ret = tsip_Open( );
if( ret != TSIP_SUCCESS ) {
WOLFSSL_MSG("RENESAS TSIP Open failed");
@ -468,7 +468,7 @@ int wolfCrypt_Cleanup(void)
#ifdef WOLFSSL_SILABS_SE_ACCEL
ret = sl_se_deinit();
#endif
#if defined(WOLFSSL_RENESAS_TSIP_CRYPT)
#if defined(WOLFSSL_RENESAS_TSIP)
tsip_Close();
#endif
#if defined(WOLFSSL_DEVCRYPTO)

10
wolfssl/wolfcrypt/aes.h
View File

@ -144,8 +144,9 @@ WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
#include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
#if (defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)) ||\
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h>
#endif
@ -304,8 +305,9 @@ struct Aes {
#if defined(WOLFSSL_CRYPTOCELL)
aes_context_t ctx;
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
#if (defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)) ||\
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TSIP_AES_CTX ctx;
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT) ||\

78
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -21,7 +21,8 @@
#ifndef __RENESAS_TSIP_CRYPT_H__
#define __RENESAS_TSIP_CRYPT_H__
#if !defined(WOLFCRYPT_ONLY)
#if !defined(WOLFCRYPT_ONLY) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_TSIP_IAREWRX)
#include "r_bsp/mcu/all/r_rx_compiler.h"
@ -29,7 +30,8 @@
#include "r_tsip_rx_if.h"
#endif
#if defined(WOLFSSL_RENESAS_TSIP)
#if defined(WOLFSSL_RENESAS_TSIP) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#include "r_tsip_rx_if.h"
#endif
@ -88,6 +90,10 @@ typedef enum {
TSIP_KEY_TYPE_RSA2048 = 0,
TSIP_KEY_TYPE_RSA4096 = 1,
TSIP_KEY_TYPE_ECDSAP256 = 2,
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
TSIP_KEY_TYPE_RSA1024 = 3,
#endif
} wolfssl_TSIP_KEY_TYPE;
struct WOLFSSL;
@ -114,14 +120,28 @@ typedef struct MsgBag
byte buff[MSGBAG_SIZE];
} MsgBag;
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
typedef void* renesas_tsip_key;
/* flags Crypt Only */
struct tsip_keyflgs_cryt {
uint8_t aes256_key_set:1;
uint8_t aes128_key_set:1;
uint8_t rsapri2048_key_set:1;
uint8_t rsapub2048_key_set:1;
uint8_t rsapri1024_key_set:1;
uint8_t rsapub1024_key_set:1;
uint8_t message_type:1;/*message 0, hashed 1*/
};
#endif
/*
* TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format.
*/
typedef struct TsipUserCtx {
/* unique number for each session */
int devId;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* 0:working as a TLS client, 1: as a server */
byte side;
@ -139,12 +159,13 @@ typedef struct TsipUserCtx {
/* handle is used as work area for Tls13 handshake */
tsip_tls13_handle_t handle13;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* client key pair wrapped by provisioning key */
byte* wrappedPrivateKey;
byte* wrappedPublicKey;
int wrappedKeyType;
int wrappedKeyType;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#if !defined(NO_RSA)
/* RSA-2048bit private and public key-index for client authentication */
tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx;
@ -227,7 +248,27 @@ typedef struct TsipUserCtx {
uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* for tsip crypt only mode */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
renesas_tsip_key rsa1024pri_keyIdx;
renesas_tsip_key rsa1024pub_keyIdx;
renesas_tsip_key rsa2048pri_keyIdx;
renesas_tsip_key rsa2048pub_keyIdx;
/* sign/verify hash type :
* md5, sha1 or sha256
*/
int sing_hash_type;
/* flags shows status if tsip keys are installed */
union {
uint8_t chr;
struct tsip_keyflgs_cryt bits;
} keyflgs_crypt;
#endif
/* installed key handling */
tsip_aes_key_index_t user_aes256_key_index;
uint8_t user_aes256_key_set:1;
@ -238,6 +279,7 @@ typedef struct TsipUserCtx {
uint32_t tsip_cipher;
/* flags */
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#if !defined(NO_RSA)
uint8_t ClientRsa2048PrivKey_set:1;
uint8_t ClientRsa2048PubKey_set:1;
@ -264,7 +306,7 @@ typedef struct TsipUserCtx {
uint8_t ServerWriteTrafficKey_set:1;
uint8_t ClientWriteTrafficKey_set:1;
uint8_t session_key_set:1;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
} TsipUserCtx;
@ -321,10 +363,21 @@ WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx);
WOLFSSL_API int tsip_set_clientPrivateKeyEnc(const byte* key, int keyType);
#if defined(WOLF_PRIVATE_KEY_ID)
WOLFSSL_API int tsip_use_PrivateKey_buffer(struct WOLFSSL* ssl,
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl,
const char* keyBuf, int keyBufLen, int keyType);
WOLFSSL_API int tsip_use_PublicKey_buffer(struct WOLFSSL* ssl,
WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
const char* keyBuf, int keyBufLen, int keyType);
#endif
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
WOLFSSL_API int tsip_use_PubicKey_buffer_crypt(TsipUserCtx *uc,
const char* keyBuf, int keyBufLen, int keyType);
WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
const char* keyBuf, int keyBufLen, int keyType);
#endif
#endif /* WOLF_PRIVATE_KEY_ID */
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
@ -345,7 +398,6 @@ WOLFSSL_API void tsip_inform_user_keys(
#endif
/*----------------------------------------------------*/
/* internal use functions */
/*----------------------------------------------------*/
@ -489,7 +541,7 @@ WOLFSSL_LOCAL int wc_tsip_generateVerifyData(
const uint8_t* side,
const uint8_t* handshake_hash,
uint8_t* hashes);
#ifndef NO_AES
WOLFSSL_LOCAL int wc_tsip_AesCbcEncrypt(
Aes* aes,
byte* out,
@ -517,7 +569,7 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt(
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
#endif /* NO_AES */
WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify(
const WOLFSSL *ssl,
const byte* message,
@ -583,7 +635,9 @@ WOLFSSL_LOCAL int wc_tsip_generateSessionKey(
TsipUserCtx* ctx,
int devId);
WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx);
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info,
TsipUserCtx* tuc);
#if defined(WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG)

3
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
View File

@ -63,7 +63,8 @@ typedef wolfssl_TSIP_Hash wc_Sha256;
#endif /* NO_SHA */
#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) ||\
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#include "r_tsip_rx_if.h"
typedef struct {

8
wolfssl/wolfcrypt/settings.h
View File

@ -369,18 +369,10 @@
#endif
#endif /* WOLFSSL_ESPIDF */
#if defined(WOLFCRYPT_ONLY)
#undef WOLFSSL_RENESAS_TSIP
#endif /* WOLFCRYPT_ONLY */
#if defined(WOLFSSL_RENESAS_TSIP)
#define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64
#define TSIP_TLS_MASTERSECRET_SIZE 80 /* 20 words */
#define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte */
#if !defined(NO_RENESAS_TSIP_CRYPT) && defined(WOLFSSL_RENESAS_RX65N)
#define WOLFSSL_RENESAS_TSIP_CRYPT
#define WOLFSSL_RENESAS_TSIP_TLS
#define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
#endif
#endif /* WOLFSSL_RENESAS_TSIP */
#if !defined(WOLFSSL_NO_HASH_RAW) && defined(WOLFSSL_RENESAS_RX64_HASH)

3
wolfssl/wolfcrypt/sha.h
View File

@ -110,7 +110,8 @@ enum {
#elif defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM)
#include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
#elif (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h"
#elif defined(WOLFSSL_RENESAS_RX64_HASH)

3
wolfssl/wolfcrypt/sha256.h
View File

@ -150,7 +150,8 @@ enum {
#include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
#elif defined(WOLFSSL_AFALG_HASH)
#include "wolfssl/wolfcrypt/port/af_alg/afalg_hash.h"
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
#elif (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h"
#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \