feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

implement TSIP RSA Public Enc/Private Dec

Browse Source
This commit is contained in:
Hideki Miyazaki
2024-10-27 10:33:57 +09:00
parent 3f651a8dd0
commit 32c1f8bbd7
4 changed files with 232 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
View File

@ -240,11 +240,16 @@
#if defined(WOLFSSL_RENESAS_TSIP) #if defined(WOLFSSL_RENESAS_TSIP)
/*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/ /*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/
/* Enable TSIP TLS (default) /* Enable TSIP TLS (default)
* TSIP CRYPTONLY is also enabled. * TSIP CRYPT is also enabled.
* Disable TSIP TLS * Disable TSIP TLS
* TSIP CRYPT is also disabled
* TSIP CRYPTONLY is only enabled. * TSIP CRYPTONLY is only enabled.
*/ */
#define WOLFSSL_RENESAS_TSIP_TLS #define WOLFSSL_RENESAS_TSIP_TLS
/* #define WOLFSSL_RENESAS_TSIP_CRYPTONLY */
/* #define WOLFSSL_KEY_GEN */
/* #define RSA_MIN_SIZE 1024 */
#if !defined(NO_RENESAS_TSIP_CRYPT) #if !defined(NO_RENESAS_TSIP_CRYPT)
#define HAVE_PK_CALLBACKS #define HAVE_PK_CALLBACKS

98
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
View File

@ -711,6 +711,88 @@ static void tskSha256_Test(void *pvParam)
#define TEST_STRING_SZ 25 #define TEST_STRING_SZ 25
#define RSA_TEST_BYTES 256 /* up to 2048-bit key */ #define RSA_TEST_BYTES 256 /* up to 2048-bit key */
static int tsip_rsa_test(int prnt, int keySize)
{
int ret = 0;
RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WC_RNG rng;
const char inStr [] = TEST_STRING;
const char inStr2[] = TEST_STRING2;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
word32 out_actual_len = 0;
byte *in = NULL;
byte *in2 = NULL;
byte *out= NULL;
byte *out2 = NULL;
in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL || in == NULL || out == NULL ||
in2 == NULL || out2 == NULL) {
ret = -1;
goto out;
}
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(key, 0, sizeof *key);
XMEMCPY(in, inStr, inLen);
XMEMCPY(in2, inStr2, inLen);
XMEMSET(out, 0, outSz);
XMEMSET(out2, 0, outSz);
ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
if (ret != 0) {
goto out;
}
if ((ret = wc_InitRng(&rng)) != 0)
goto out;
if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
goto out;
/* Set Rsa Key created by TSIP in Advance */
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
goto out;
}
ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
if (ret < 0) {
goto out;
}
ret = wc_RsaPrivateDecrypt(out, (word32)(keySize/8), out2, outSz, key);
if (ret < 0) {
ret = -1;
goto out;
}
if (XMEMCMP(in, out2, inLen) != 0) {
ret = -2;
goto out;
}
ret = 0;
out:
if (key != NULL) {
wc_FreeRsaKey(key);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
(void) prnt;
return ret;
}
static int tsip_rsa_SignVerify_test(int prnt, int keySize) static int tsip_rsa_SignVerify_test(int prnt, int keySize)
{ {
int ret = 0; int ret = 0;
@ -1155,6 +1237,22 @@ int tsip_crypt_test()
ret = 0; ret = 0;
} }
#if RSA_MIN_SIZE <= 1024
if (ret == 0) {
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
printf(" tsip_rsa_test(1024)");
ret = tsip_rsa_test(1, 1024);
RESULT_STR(ret)
}
#endif
if (ret == 0) {
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
printf(" tsip_rsa_test(2048)");
ret = tsip_rsa_test(1, 2048);
RESULT_STR(ret)
}
if (ret == 0) { if (ret == 0) {
printf(" tsip_rsa_SignVerify_test(1024)"); printf(" tsip_rsa_SignVerify_test(1024)");

29
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -251,27 +251,34 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
} }
if (info->algo_type == WC_ALGO_TYPE_PK) { if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA) #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_KEY_GEN) #if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) { (info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
} } else
#endif #endif
if (info->pk.type == WC_PK_TYPE_RSA &&
/* RSA Signing (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
* Can handle only RSA PkCS#1v1.5 padding scheme here. info->pk.rsa.type == RSA_PUBLIC_ENCRYPT)) {
*/ /* rsa public encrypt/private decrypt */
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) { ret = wc_tsip_RsaFunction(info, cbInfo);
} else
#endif
if (info->pk.type == WC_PK_TYPE_RSA &&
info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
/* RSA Signing
* Can handle only RSA PkCS#1v1.5 padding scheme here.
*/
ret = tsip_SignRsaPkcs(info, cbInfo); ret = tsip_SignRsaPkcs(info, cbInfo);
} }
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
/* RSA Verify */ /* RSA Verify */
if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) { else if (info->pk.type == WC_PK_TYPE_RSA &&
info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
ret = wc_tsip_RsaVerifyPkcs(info, cbInfo); ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
} }
#endif #endif
#endif /* !NO_RSA */
#if defined(HAVE_ECC) #if defined(HAVE_ECC)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)

144
wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
View File

@ -22,8 +22,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#if !defined(NO_RSA) && \ #if !defined(NO_RSA) && \
(defined(WOLFSSL_RENESAS_TSIP_TLS) || \ defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
@ -121,6 +120,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
info->keyflgs_crypt.bits.rsapri1024_key_set = 1; info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
info->keyflgs_crypt.bits.rsapub1024_key_set = 1; info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
} }
else if (size == 2048) { else if (size == 2048) {
XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
@ -158,6 +158,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
info->keyflgs_crypt.bits.rsapri2048_key_set = 1; info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
info->keyflgs_crypt.bits.rsapub2048_key_set = 1; info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
} }
} }
@ -167,42 +168,14 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
return 0; return 0;
} }
/* Generate TSIP key index if needed
/* Perform Rsa verify by TSIP
* Assumes to be called by Crypt Callback
* *
* in Buffer to hold plaintext * tuc struct pointer of TsipUserCtx
* inLen Length of plaintext in bytes * return FSP_SUCCESS(0) on Success, otherwise CRYPTOCB_UNAVAILABLE
* out Buffer to hold generated signature
* outLen Length of signature in bytes
* key rsa key object
* ctx The callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/ */
static int tsip_RsakeyImport(TsipUserCtx* tuc)
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
{ {
int ret = 0; int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData;
uint8_t tsip_hash_type;
/* sanity check */
if (info == NULL || tuc == NULL){
return BAD_FUNC_ARG;
}
if (ret == 0) {
if (tuc->sign_hash_type == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
else if (tuc->sign_hash_type == sha_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
else if (tuc->sign_hash_type == sha256_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
else
ret = CRYPTOCB_UNAVAILABLE;
}
switch (tuc->wrappedKeyType) { switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024: case TSIP_KEY_TYPE_RSA1024:
@ -230,7 +203,110 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
break; break;
} }
return ret;
}
/* Perform rsa encryption/decryption by TSIP
* Assumes to be called by Crypt Callback
*
* info struct pointer of wc_CryptoInfo including necessary info
* tuc struct pointer of TsipUserCtx including TSIP key info
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret;
int keySize;
int type;
tsip_rsa_byte_data_t plain, cipher;
if (info == NULL || tuc == NULL) {
return BAD_FUNC_ARG;
}
if(tsip_RsakeyImport(tuc) == 0) {
type = info->pk.rsa.type;
keySize = (int)tuc->wrappedKeyType;
if ((ret = tsip_hw_lock()) == 0) {
if (type == RSA_PUBLIC_ENCRYPT) {
plain.pdata = (uint8_t*)info->pk.rsa.in;
plain.data_length = info->pk.rsa.inLen;
cipher.pdata = (uint8_t*)info->pk.rsa.out;
cipher.data_length = info->pk.rsa.outLen;
if (keySize == TSIP_KEY_TYPE_RSA1024) {
ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,
tuc->rsa1024pub_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher,
tuc->rsa2048pub_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
}
else if (type == RSA_PRIVATE_DECRYPT) {
plain.pdata = (uint8_t*)info->pk.rsa.out;
plain.data_length = info->pk.rsa.outLen;
cipher.pdata = (uint8_t*)info->pk.rsa.in;
cipher.data_length = info->pk.rsa.inLen;
if (keySize == TSIP_KEY_TYPE_RSA1024) {
ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain,
tuc->rsa1024pri_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain,
tuc->rsa2048pri_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
}
tsip_hw_unlock();
}
}
return ret;
}
/* Perform Rsa verify by TSIP
* Assumes to be called by Crypt Callback
*
* info struct pointer of wc_CryptoInfo including necessary info
* tuc struct pointer of TsipUserCtx including TSIP key info
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData;
uint8_t tsip_hash_type;
/* sanity check */
if (info == NULL || tuc == NULL){
return BAD_FUNC_ARG;
}
if (ret == 0) { if (ret == 0) {
if (tuc->sign_hash_type == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
else if (tuc->sign_hash_type == sha_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
else if (tuc->sign_hash_type == sha256_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
else
ret = CRYPTOCB_UNAVAILABLE;
}
if (tsip_RsakeyImport(tuc) == 0) {
hashData.pdata = (uint8_t*)info->pk.rsa.in; hashData.pdata = (uint8_t*)info->pk.rsa.in;
hashData.data_length = info->pk.rsa.inLen; hashData.data_length = info->pk.rsa.inLen;
hashData.data_type = hashData.data_type =