diff --git a/IDE/Renesas/e2studio/GR-ROSE/README b/IDE/Renesas/e2studio/GR-ROSE/README new file mode 100644 index 000000000..7d067731e --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/README @@ -0,0 +1,149 @@ +----------------------------------------------------- +0. 初めに +----------------------------------------------------- + +このドキュメントではE2Studio上でwolfsslを含んだテストアプリケーションを作成する手順を示します。 + +このREADMEが含まれているフォルダには + 1.smc      ---スマートコンフィギュレータ用プロジェクトが格納されているフォルダです + 2.test     ---テストアプリケーション用プロジェクトが格納されているフォルダです + 3.wolfssl  ---テストアプリケーションにリンクされて使用されるwolfsslライブラリ用プロジェクトが格納されているフォルダです + 4.common   ---設定ファイル等が格納されたフォルダです + +フォルダが存在しています。 + +------------------------------------- +1.プロジェクトのインポート +------------------------------------- + +e2studioを起動したら、プロジェクト・エクスプローラー画面を表示させ、"ファイル"メニュー > ”ファイル・システムからプロジェクトを開く...”を選択し、 +プロジェクトインポートダイアログを表示させます。 + +ディレクトリボタンを押して、上記の1~3のフォルダの3プロジェクトをインポートしてください。 + +------------------------------------- +2.smcプロジェクトでソースファイルを生成させる +------------------------------------- + +smcプロジェクトにはsmc.scfgファイルが既に用意してあります。 +このファイルをダブルクリックするとスマートコンフィギュレータパースペクティブが開き、複数のタブを含んだ設定ページが表示されます。 +概要タブに現在選択されているコンポーネントがバージョンとともにリストアップされています。 +これらはテストアプリケーションの実行に必要なものが設定済みとなっています。 +ボード情報、クロック設定などもGR-ROSEに合わせて設定済みです。 + +設定が必要な個所は、 +コンポーネントタブで r_t4_rx コンポーネントの設定を表示させます。ここで、次のプロパティの値 +#IP address for ch0,when DHCP disable. + +として、GR-ROSEに設定するIPv4アドレスを皆さんの環境に合った値に設定してください。 +ここだけが設定が必要な個所です。 + +設定を保存し、画面右上のソースファイル生成ボタンを押してソースファイルを生成させてください。 + +------------------------------------- +3.testプロジェクトに生成させたソースファイルをコピーする +------------------------------------- + +e2studioのプロジェクト・エクスプローラー画面のtestプロジェクトのフォルダを展開すると、 +srcフォルダがあります。このフォルダに、smcプロジェクトフォルダ内のsrc/smc_genをコピーしてください。 + +------------------------------------- +4.testプロジェクトの動作を選択する +------------------------------------- + +テストアプリケーションは、暗号化テスト、ベンチマーク、TLSクライアント、TLSサーバーの +4種類の動作を選択できます。選択は、common/user_settings.hの +定義文を有効化することで行います。 + +------------------------------------- +5.wolfsslプロジェクト、testプロジェクトをビルドする +------------------------------------- + +ビルド前に必ず上記4の設定が終わっていることを確認してください。 +ビルドはwolfssl,testの順に行います。 + +------------------------------------- +6.エミュレータを使ってtestアプリケーションを実行する +------------------------------------- + +エミュレータとターゲットボードとPCをケーブルで接続したら、すでに、test HardwareDebug.launchが用意してありますから +e2studioの”実行” >”デバッグ”を選択してデバッグを開始してください。 + +お手持ちのエミュレータが異なる場合はデバッグ構成を変更して上記ファイルを更新してください。 + + +================================================================================= + +----------------------------------------------------- +0. About this document +----------------------------------------------------- + +This document will show you how to create a test application containing wolfssl on E2Studio. + +The folder that contains this README has: + 1.smc --- the folder where the smart configurator project is stored. + 2.test --- the folder where the test application project is stored + 3. wolfssl --- the folder where the project for the wolfssl library used by the test application is stored. + 4.common --- the folder where the configuration files etc. are stored + + +------------------------------------- +1. Import projects +------------------------------------- + +After starting e2studio, display the project explorer screen, +select "File" menu> "Open project from file system...", +Display the project import dialog. + +Press the directory button and import the 3 projects in the folders 1 to 3 above. + +------------------------------------- +2. Generate source files in smc project +------------------------------------- + +The smc.scfg file is already prepared in the smc project. +Double-clicking on this file will open the Smart Configurator perspective, +displaying a configuration page with multiple tabs. +The components currently selected in the Overview tab are listed along with their version. +These are already set up to run the test application. +Board information and clock settings are already set according to GR-ROSE. + +The points that need to be set are +Display the r_t4_rx component settings in the component tab. Where the value of the following property +#IP address for ch0,when DHCP disable. + +Then, set the IPv4 address set in GR-ROSE to a value that suits your environment. +This is the only place that needs to be set. + +Save the settings and press the source file generation button at the top right of the screen to generate the source file. + +------------------------------------- +3. Copy the source files generated in the test project +------------------------------------- + +When you expand the test project folder on the e2studio Project Explorer screen, +There is a src folder. Copy src/smc_gen in the smc project folder to test/src folder. + +------------------------------------- +4. Select the behavior of the test project +------------------------------------- + +Test applications include encryption test, benchmark, TLS client, TLS server +You can select four types of operation. Select from common/user_settings.h +This is done by activating one of those commented definition statements. + +------------------------------------- +5. Build wolfssl project, test project +------------------------------------- + +Make sure that the above 4 settings are completed before building. +Build in order of wolfssl and test. + +------------------------------------- +6. Run the test application using the emulator +------------------------------------- + +After connecting the emulator, target board and PC with a cable, test HardwareDebug.launch is already prepared. +Select "Run"> "Debug" in e2 studio to start debugging. + +If the emulator you have is different, change the debug configuration and update the above file. diff --git a/IDE/Renesas/e2studio/GR-ROSE/common/strings.h b/IDE/Renesas/e2studio/GR-ROSE/common/strings.h new file mode 100644 index 000000000..fd2cf86e6 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/common/strings.h @@ -0,0 +1,22 @@ +/* strings.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +int strncasecmp(const char *s1, const char * s2, unsigned int sz); diff --git a/IDE/Renesas/e2studio/GR-ROSE/common/unistd.h b/IDE/Renesas/e2studio/GR-ROSE/common/unistd.h new file mode 100644 index 000000000..d91dd4790 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/common/unistd.h @@ -0,0 +1,22 @@ +/* unistd.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* DUMMY Header */ diff --git a/IDE/Renesas/e2studio/GR-ROSE/common/user_settings.h b/IDE/Renesas/e2studio/GR-ROSE/common/user_settings.h new file mode 100644 index 000000000..58b5ba117 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/common/user_settings.h @@ -0,0 +1,172 @@ +/* user_settings.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*-- Renesas MCU type --------------------------------------------------------- + * + * + *----------------------------------------------------------------------------*/ + #define WOLFSSL_RENESAS_RX65N +/*#define WOLFSSL_RENESAS_RX72N*/ + + +/*-- Renesas TSIP usage and its version --------------------------------------- + * + * "WOLFSSL_RENESAS_TSIP" definition makes wolfSSL to use H/W acceleration + * for cipher operations. + * TSIP definition asks to have its version number. + * "WOLFSSL_RENESAS_TSIP_VER" takes following value: + * 106: TSIPv1.06 + * 109: TSIPv1.09 + * + *----------------------------------------------------------------------------*/ + #define WOLFSSL_RENESAS_TSIP + #define WOLFSSL_RENESAS_TSIP_VER 109 + + +/*-- TLS version definitions -------------------------------------------------- + * + * wolfSSL supports TLSv1.2 by default. In case you want your system suppots + * TLSv1.3, uncomment line below. + * + *----------------------------------------------------------------------------*/ +/*#define WOLFSSL_TLS13*/ + + +/*-- Operating System related definitions -------------------------------------- + * + * In case any realtime OS is used, define its name(e.g. FREERTOS). + * Otherwise, define "SINGLE_THREADED". They are exclusive each other. + * + *----------------------------------------------------------------------------*/ + #define SINGLE_THREADED +/*#define FREERTOS*/ + + +/*-- Cipher related definitions ----------------------------------------------- + * + * + *----------------------------------------------------------------------------*/ + + #define NO_DEV_RANDOM + #define USE_CERT_BUFFERS_2048 + #define WOLFSSL_DH_CONST + #define HAVE_TLS_EXTENSIONS + + #define HAVE_AESGCM + #define HAVE_AES_CBC + #define WOLFSSL_SHA512 + + #define HAVE_SUPPORTED_CURVES + #define HAVE_ECC + #define HAVE_CURVE25519 + #define CURVE25519_SMALL + #define HAVE_ED25519 + + #define WC_RSA_BLINDING + #define WOLFSSL_STATIC_RSA + + +/*-- Misc definitions --------------------------------------------------------- + * + * + *----------------------------------------------------------------------------*/ + #define SIZEOF_LONG_LONG 8 + +#if !defined(min) + #define min(data1, data2) _builtin_min(data1, data2) +#endif + + #define NO_MAIN_DRIVER + #define BENCH_EMBEDDED + #define NO_WOLFSSL_DIR + #define WOLFSSL_NO_CURRDIR + #define NO_FILESYSTEM + #define WOLFSSL_LOG_PRINTF + #define WOLFSSL_HAVE_MIN + #define WOLFSSL_HAVE_MAX + #define WOLFSSL_SMALL_STACK + #define NO_WRITEV + #define WOLFSSL_USER_IO + + #define WOLFSSL_USER_CURRTIME + #define USER_TIME + #define XTIME time + #define USE_WOLF_SUSECONDS_T + #define USE_WOLF_TIMEVAL_T + + #define WOLFSSL_USER_CURRTIME /* for benchmark */ + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + +/*-- Debugging options ------------------------------------------------------ + * + * "DEBUG_WOLFSSL" definition enables log to output into stdout. + * Note: wolfSSL_Debugging_ON() must be called just after wolfSSL_Init(). + *----------------------------------------------------------------------------*/ + +/*#define DEBUG_WOLFSSL*/ + +/*-- Definitions for fuctionality negation ----------------------------------- + * + * + *----------------------------------------------------------------------------*/ + +/*#define NO_RENESAS_TSIP_CRYPT*/ +/*#define NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION*/ + + +/*-- Consistency checking between definitions --------------------------------- + * + * + *----------------------------------------------------------------------------*/ + +/*-- TSIP TLS specific definitions --*/ +#if defined(WOLFSSL_RENESAS_TSIP) + #if !defined(WOLFSSL_RENESAS_TSIP_VER) + #error "WOLFSSL_RENESAS_TSIP_VER is required to be defined and have value" + #endif +#endif + +/*-- Complementary definitions ------------------------------------------------ + * + * + *----------------------------------------------------------------------------*/ + +#if defined(WOLFSSL_RENESAS_TSIP) + + #if !defined(NO_RENESAS_TSIP_CRYPT) + #define WOLFSSL_RENESAS_TSIP_CRYPT + #define WOLFSSL_RENESAS_TSIP_TLS + #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT + #endif + +#else + #define OPENSSL_EXTRA + #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */ +#endif + + +/*-- TLS version and required definitions --*/ +#if defined(WOLFSSL_TLS13) + #define HAVE_FFDHE_2048 + #define HAVE_HKDF + #define WC_RSA_PSS +#endif diff --git a/IDE/Renesas/e2studio/GR-ROSE/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/GR-ROSE/common/wolfssl_dummy.c new file mode 100644 index 000000000..61cd51f74 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/common/wolfssl_dummy.c @@ -0,0 +1,41 @@ +/* wolfssl_dummy.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +typedef unsigned long time_t; + +#define YEAR 2019 +#define MON 5 + +static int tick = 0; + +time_t time(time_t *t) +{ + return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++; +} + +#include +int strncasecmp(const char *s1, const char * s2, unsigned int sz) +{ + for( ; sz>0; sz--) + if(toupper(s1++) != toupper(s2++)) + return 1; + return 0; +} diff --git a/IDE/Renesas/e2studio/GR-ROSE/include.am b/IDE/Renesas/e2studio/GR-ROSE/include.am new file mode 100644 index 000000000..c56df0796 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/include.am @@ -0,0 +1,23 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/README +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/wolfssl/.cproject +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/wolfssl/.project +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/test/.cproject +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/test/.project +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/test/test_HardwareDebug.launch +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/test/src/test_main.c +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/test/src/key_data.c +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/test/src/key_data.h +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/test/src/wolf_client.c +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/test/src/wolf_server.c +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/test/src/wolfssl_demo.h +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/common/wolfssl_dummy.c +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/common/strings.h +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/common/unistd.h +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/common/user_settings.h +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/smc/.cproject +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/smc/.project +EXTRA_DIST+= IDE/Renesas/e2studio/GR-ROSE/smc/smc.scfg \ No newline at end of file diff --git a/IDE/Renesas/e2studio/GR-ROSE/smc/.cproject b/IDE/Renesas/e2studio/GR-ROSE/smc/.cproject new file mode 100644 index 000000000..0738090c8 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/smc/.cproject @@ -0,0 +1,143 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/IDE/Renesas/e2studio/GR-ROSE/smc/.project b/IDE/Renesas/e2studio/GR-ROSE/smc/.project new file mode 100644 index 000000000..eb9d9de48 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/smc/.project @@ -0,0 +1,31 @@ + + + smc + + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + com.renesas.cdt.managedbuild.renesas.misrachecker.builder + + + + + + org.eclipse.cdt.core.cnature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + + diff --git a/IDE/Renesas/e2studio/GR-ROSE/smc/smc.scfg b/IDE/Renesas/e2studio/GR-ROSE/smc/smc.scfg new file mode 100644 index 000000000..a3a47ef41 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/smc/smc.scfg @@ -0,0 +1,818 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/IDE/Renesas/e2studio/GR-ROSE/test/.cproject b/IDE/Renesas/e2studio/GR-ROSE/test/.cproject new file mode 100644 index 000000000..fba4a3d05 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/test/.cproject @@ -0,0 +1,457 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/IDE/Renesas/e2studio/GR-ROSE/test/.project b/IDE/Renesas/e2studio/GR-ROSE/test/.project new file mode 100644 index 000000000..0a6806653 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/test/.project @@ -0,0 +1,59 @@ + + + test + + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + com.renesas.cdt.managedbuild.renesas.misrachecker.builder + + + + + + org.eclipse.cdt.core.cnature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + + + + src/benchmark.c + 1 + $%7BPARENT-5-PROJECT_LOC%7D/wolfcrypt/benchmark/benchmark.c + + + src/benchmark.h + 1 + $%7BPARENT-5-PROJECT_LOC%7D/wolfcrypt/benchmark/benchmark.h + + + src/test.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/test/test.c + + + src/wolfssl_dummy.c + 1 + $%7BPARENT-1-PROJECT_LOC%7D/common/wolfssl_dummy.c + + + + + copy_PARENT + $%7BPARENT-3-ECLIPSE_HOME%7D/workspace/wolfssl + + + diff --git a/IDE/Renesas/e2studio/GR-ROSE/test/src/key_data.c b/IDE/Renesas/e2studio/GR-ROSE/test/src/key_data.c new file mode 100644 index 000000000..de9576476 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/test/src/key_data.c @@ -0,0 +1,339 @@ +/* key_data.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#include "key_data.h" + +/*------------------------------------------------------------------------- + TSIP v1.09 +--------------------------------------------------------------------------*/ +#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109) + +/* Key type of the encrypted user_public_key 0: RSA-2048 2: ECDSA-P256*/ +const uint32_t encrypted_user_key_type = 0; + +const st_key_block_data_t g_key_block_data = +{ + /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */ + { + 0xE9,0x67,0x79,0xF7,0x38,0x73,0xC8,0x59,0x94,0x62,0x7D,0xB9,0x83,0xDE,0x59,0x4A, + 0x92,0x53,0x6B,0x14,0x1B,0x2A,0x99,0xDF,0x95,0xFD,0x35,0x84,0x93,0xCE, 0xDB,0x10 + }, + /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */ + { + 0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, 0x34, 0xB2, 0x4D, 0x92 + }, + /* uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]; */ + { + 0x34, 0x59, 0xFF, 0xFE, 0xAA, 0xE9, 0x26, 0x60, 0x8C, 0xB8, 0x76, 0xD2, 0x98, 0x65, 0x72, 0x3B, + 0x19, 0x78, 0xB8, 0x9B, 0x0D, 0xD4, 0xFC, 0x2A, 0xF8, 0x54, 0x3B, 0x75, 0x0E, 0x40, 0x21, 0xF5, + 0xF2, 0x6D, 0x3F, 0x60, 0xD2, 0xDF, 0xE7, 0xDB, 0x67, 0xF1, 0xC7, 0x66, 0x5F, 0x37, 0xAF, 0x9D, + 0x08, 0xE7, 0xFD, 0xEF, 0x63, 0xA9, 0x78, 0x73, 0x1A, 0xE2, 0x47, 0x91, 0xB5, 0xA0, 0xCE, 0xA2, + 0xC7, 0x4F, 0x8A, 0xE5, 0x03, 0x6F, 0xC5, 0xB8, 0xC4, 0x40, 0x12, 0x2D, 0x37, 0x2F, 0xF2, 0xC5, + 0x73, 0x2D, 0xF8, 0xBF, 0x4A, 0xDC, 0xB7, 0x98, 0xDF, 0xE8, 0xED, 0xF8, 0x3B, 0x24, 0x8A, 0x01, + 0xAE, 0x64, 0x89, 0x9C, 0x79, 0x66, 0x99, 0xE4, 0xF8, 0xC1, 0x3E, 0x04, 0x56, 0x1E, 0x6E, 0xBA, + 0x2D, 0xAA, 0xB9, 0xE8, 0xA0, 0xC2, 0x27, 0xCF, 0x7C, 0x0F, 0xAD, 0x0A, 0x22, 0xEE, 0x61, 0xA8, + 0x32, 0xBE, 0xEE, 0xE7, 0x3F, 0x5D, 0xE5, 0xBD, 0x75, 0x6B, 0x35, 0xC1, 0x77, 0xCC, 0x7D, 0x0E, + 0x2E, 0x26, 0x67, 0xC4, 0x0E, 0x84, 0x34, 0xBD, 0x33, 0xB3, 0x0C, 0xD9, 0x07, 0xE5, 0x8E, 0x3E, + 0x7E, 0xCC, 0x56, 0x5D, 0x23, 0x5A, 0x96, 0x83, 0x0C, 0xD9, 0x7F, 0xB0, 0xF7, 0x53, 0xD9, 0x5C, + 0xE2, 0x1B, 0xDA, 0x63, 0x62, 0x19, 0x16, 0x9D, 0x75, 0x7B, 0xBB, 0x7E, 0xC9, 0xB5, 0xAD, 0x7D, + 0xBB, 0x5A, 0xFA, 0xA5, 0x5B, 0x54, 0xA1, 0x93, 0x6D, 0x53, 0x3C, 0x85, 0x69, 0x00, 0x15, 0x40, + 0x0E, 0x54, 0xD2, 0xBA, 0xB5, 0x80, 0x1C, 0x25, 0x85, 0x0E, 0x60, 0x87, 0x2A, 0x1A, 0xE7, 0x60, + 0xCB, 0x6A, 0xF5, 0xAF, 0x84, 0x4B, 0xB7, 0x0D, 0x0C, 0xC0, 0xB5, 0x02, 0xB2, 0x38, 0x9D, 0x7C, + 0xFA, 0x31, 0xF3, 0x50, 0xB3, 0x32, 0x69, 0x3A, 0x3C, 0x7A, 0xA5, 0x67, 0x19, 0x66, 0xD5, 0x62, + 0xA3, 0xF2, 0xF7, 0x77, 0x73, 0xF6, 0xE7, 0x8D, 0x51, 0x0C, 0x19, 0xA3, 0x0F, 0x8C, 0x79, 0xE0, + 0x7C, 0xCF, 0x8A, 0x03, 0x70, 0xC7, 0x25, 0x9D, 0xCE, 0x89, 0x77, 0x8E, 0x4C, 0xE6, 0x97, 0xC8 + }, + /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */ + { + 0x69, 0xDB, 0xC6, 0x86, 0xA5, 0x06, 0x22, 0x59, 0x11, 0x14, 0x73, 0x56, 0x3A, 0x9E, 0x44, 0xC3, + 0x9C, 0xA8, 0x76, 0xC6, 0xF6, 0xE8, 0xD8, 0xE2, 0x17, 0x66, 0x90, 0x65, 0x08, 0xB5, 0x39, 0x7F, + 0xD5, 0xC5, 0x6F, 0xD1, 0xCB, 0xFB, 0xB2, 0x76, 0x33, 0xA1, 0x22, 0x0F, 0xBE, 0x83, 0x91, 0x24 + }, +}; + + +/* ./ca-cert.der.sign, */ +const unsigned char ca_cert_sig[] = +{ + 0x25,0x7B,0x10,0x4D,0xAF,0xB1,0xC1,0x50,0x7B,0x63,0x17,0xA0,0x38,0xA7,0x03,0x44, + 0x7A,0x7E,0x8D,0x3D,0x38,0xEE,0x4B,0xE4,0xB2,0x48,0x76,0x07,0xF8,0x06,0xB1,0x9D, + 0xBB,0xD1,0x46,0xB5,0xF9,0x86,0x08,0x85,0x29,0x6F,0xED,0x26,0x2F,0x91,0x7B,0x2B, + 0x36,0xAC,0x7E,0x56,0x2D,0x2B,0x8E,0x81,0x1B,0x3C,0xFA,0x08,0x80,0x05,0x01,0xC1, + 0xF3,0x71,0xFE,0xE9,0x59,0xA7,0xB6,0x82,0x62,0x04,0xA5,0xE4,0x6E,0xC9,0x32,0xCC, + 0xB1,0x19,0xBC,0xDE,0x6A,0x9B,0xEB,0x60,0x92,0xC5,0x46,0xB7,0xFF,0xF4,0xC1,0x77, + 0x5A,0xF4,0x53,0x41,0x6A,0x44,0x8B,0x46,0x3B,0xBE,0x74,0xBA,0x62,0xAF,0xFF,0xF2, + 0x32,0xCD,0x7A,0x97,0xE1,0xA8,0xBF,0x62,0x76,0xDA,0xBF,0x93,0x8B,0x1E,0x87,0xCC, + 0xEE,0x5D,0xCF,0xE9,0xBE,0xA6,0x25,0x6C,0xC4,0x92,0x2E,0x69,0x29,0x8F,0xCD,0x4C, + 0x07,0x91,0x20,0xD1,0x16,0xF9,0x6A,0x23,0xC8,0x5E,0xD4,0x7C,0x38,0xA2,0x80,0xCB, + 0x59,0x32,0xDD,0x28,0x46,0x6E,0x19,0xE9,0xAD,0x68,0x2B,0x0C,0xA0,0xB5,0x2A,0x8F, + 0x73,0xC2,0xED,0xF2,0x60,0x4F,0xF3,0xCE,0xDC,0x1B,0xA7,0x88,0x66,0x42,0xF0,0xFD, + 0x9D,0x77,0x2C,0x04,0xC2,0x54,0x4C,0x1D,0x58,0x9E,0x6D,0x4E,0x21,0x73,0x7E,0x1A, + 0x2A,0xDC,0x54,0x24,0x66,0x63,0xBA,0xF1,0xF8,0x16,0xE7,0x29,0xB2,0x01,0x98,0xE5, + 0x49,0x6E,0x97,0x86,0x82,0x6C,0xF3,0x3B,0x54,0x57,0x2C,0xD8,0x8F,0xC5,0x70,0x3E, + 0x22,0xD7,0x6D,0x9F,0x27,0xEC,0xD6,0x12,0xE5,0x4F,0x1E,0x05,0x36,0x07,0xBA,0xB2 +}; +const int sizeof_ca_cert_sig = sizeof(ca_cert_sig); + +/* ./client-cert.der.sign, */ +const unsigned char client_cert_der_sign[] = +{ + 0x5D, 0x1F, 0x89, 0x41, 0xEC, 0x47, 0xC8, 0x90, 0x61, 0x79, + 0x8A, 0x16, 0x1F, 0x31, 0x96, 0x67, 0xD9, 0x3C, 0xEC, 0x6B, + 0x58, 0xC6, 0x5A, 0xED, 0x99, 0xB3, 0xEF, 0x27, 0x6F, 0x04, + 0x8C, 0xD9, 0x68, 0xB1, 0xD6, 0x23, 0x15, 0x84, 0x00, 0xE1, + 0x27, 0xD1, 0x1F, 0x68, 0xB7, 0x3F, 0x13, 0x53, 0x8A, 0x95, + 0x5A, 0x20, 0x7C, 0xB2, 0x76, 0x5B, 0xDC, 0xE0, 0xA6, 0x21, + 0x7C, 0x49, 0xCF, 0x93, 0xBA, 0xD5, 0x12, 0x9F, 0xEE, 0x90, + 0x5B, 0x3F, 0xA3, 0x9D, 0x13, 0x72, 0xAC, 0x72, 0x16, 0xFE, + 0x1D, 0xBE, 0xEB, 0x8E, 0xC7, 0xDC, 0xC4, 0xF8, 0x1A, 0xD8, + 0xA0, 0xA4, 0xF6, 0x04, 0x30, 0xF6, 0x7E, 0xB6, 0xC8, 0xE1, + 0xAB, 0x88, 0x37, 0x08, 0x63, 0x72, 0xAA, 0x46, 0xCC, 0xCA, + 0xF0, 0x9E, 0x02, 0x1E, 0x65, 0x67, 0xFF, 0x2C, 0x9D, 0x81, + 0x6C, 0x1E, 0xF1, 0x54, 0x05, 0x68, 0x68, 0x18, 0x72, 0x26, + 0x55, 0xB6, 0x2C, 0x95, 0xC0, 0xC9, 0xB2, 0xA7, 0x0B, 0x60, + 0xD7, 0xEB, 0x1D, 0x08, 0x1A, 0xA2, 0x54, 0x15, 0x89, 0xCB, + 0x83, 0x21, 0x5D, 0x15, 0x9B, 0x38, 0xAC, 0x89, 0x63, 0xD5, + 0x4B, 0xF4, 0x8B, 0x47, 0x93, 0x78, 0x43, 0xCB, 0x9B, 0x71, + 0xBF, 0x94, 0x76, 0xB5, 0xCE, 0x35, 0xA9, 0x1A, 0xD5, 0xA5, + 0xD8, 0x19, 0xA6, 0x04, 0x39, 0xB1, 0x09, 0x8C, 0x65, 0x02, + 0x58, 0x3A, 0x95, 0xEF, 0xA2, 0xC3, 0x85, 0x18, 0x61, 0x23, + 0x2D, 0xC5, 0xCD, 0x62, 0xC1, 0x19, 0x31, 0xE5, 0x36, 0x95, + 0x22, 0xDB, 0x3E, 0x1A, 0x3C, 0xE8, 0xC6, 0x2E, 0xDF, 0xD9, + 0x2F, 0x84, 0xC1, 0xF0, 0x38, 0x2B, 0xE5, 0x73, 0x35, 0x4F, + 0x05, 0xE2, 0xA5, 0x60, 0x79, 0xB0, 0x23, 0xDC, 0x56, 0x4C, + 0xE7, 0xD9, 0x1F, 0xCF, 0x6A, 0xFC, 0x55, 0xEB, 0xAA, 0x48, + 0x3E, 0x95, 0x2A, 0x10, 0x01, 0x05 +}; +const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign); + +uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 }; +uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 }; + + +/*------------------------------------------------------------------------- + TSIP v1.06 +--------------------------------------------------------------------------*/ +#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 106) + +const st_key_block_data_t g_key_block_data = +{ + + /* uint8_t encrypted_session_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */ + { + 0xCE, 0xE0, 0xE9, 0x86, 0x62, 0x59, 0xF9, 0x8F, 0x3C, 0xFB, 0x81, 0x39, 0xC2, 0x82, 0xC7, 0xC9, + 0xCD, 0xEA, 0x6B, 0x16, 0x66, 0x77, 0x38, 0xCA, 0xF5, 0x6E, 0x6D, 0x5B, 0xF0, 0x30, 0xA2, 0x94 + }, + /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */ + { + 0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, 0x34, 0xB2, 0x4D, 0x92 + }, + /* uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]; */ + { + 0xFC, 0xB4, 0x0F, 0x72, 0xFE, 0xB4, 0xB1, 0xF7, 0xDB, 0xA7, 0x49, 0x9E, 0x0F, 0xF6, 0x4B, 0xA7, + 0x08, 0x0D, 0x3A, 0xFD, 0xAB, 0x7D, 0x82, 0xD7, 0x26, 0x36, 0xFC, 0xED, 0x3E, 0x53, 0xBC, 0xA1, + 0x3D, 0x75, 0x03, 0x5B, 0x53, 0x6D, 0x63, 0xBB, 0xB0, 0x9A, 0xD7, 0xEB, 0x7C, 0x99, 0x3B, 0xE4, + 0xB7, 0xA3, 0x83, 0xE7, 0x27, 0xBE, 0x88, 0x06, 0x2B, 0x81, 0x66, 0xF8, 0x94, 0x3E, 0x86, 0x02, + 0x5F, 0x97, 0x05, 0xFD, 0x93, 0x78, 0x06, 0x3A, 0xC6, 0xD0, 0x3A, 0x82, 0x5D, 0x10, 0xC4, 0xE3, + 0x30, 0x68, 0x48, 0x25, 0x31, 0xCD, 0x50, 0xBC, 0x91, 0xAF, 0x00, 0x4B, 0xAA, 0x6E, 0x3F, 0x6E, + 0x7F, 0x6A, 0x43, 0xAB, 0xB7, 0x06, 0x8D, 0x05, 0x1D, 0x26, 0x17, 0xE9, 0xD9, 0x72, 0x35, 0xED, + 0x79, 0x13, 0xEB, 0x57, 0xED, 0x33, 0x3B, 0x9B, 0x75, 0x15, 0xAB, 0x13, 0xEE, 0xDB, 0xCC, 0x9F, + 0x78, 0xF0, 0x51, 0x67, 0x53, 0xC2, 0xC3, 0xEF, 0xB1, 0x16, 0x39, 0xCB, 0x24, 0x5D, 0x11, 0x43, + 0x3F, 0xDC, 0x90, 0xD2, 0xA9, 0x4B, 0x6C, 0x9C, 0xBC, 0x77, 0x7B, 0xA4, 0x02, 0x8A, 0xB3, 0x7A, + 0x99, 0x75, 0x76, 0x86, 0xE2, 0xEA, 0x83, 0x8D, 0x07, 0xB0, 0xF1, 0xF0, 0x6E, 0x21, 0x19, 0x2E, + 0x16, 0x6B, 0xA3, 0x81, 0xB2, 0xE6, 0x29, 0x16, 0xAA, 0xBC, 0x43, 0x73, 0x1C, 0xC4, 0xDB, 0x92, + 0x2A, 0xA9, 0x20, 0x37, 0x64, 0x4C, 0xE1, 0x95, 0x91, 0x8C, 0x1E, 0xCD, 0xA3, 0xFE, 0x8B, 0x23, + 0x89, 0x2B, 0x6D, 0xA8, 0x6D, 0xD1, 0x7C, 0x20, 0xB9, 0x32, 0xA3, 0x0C, 0x8A, 0x5E, 0xE8, 0x7B, + 0xC8, 0x32, 0xA2, 0x81, 0x30, 0x7D, 0x21, 0x56, 0x97, 0x9C, 0x0C, 0x68, 0xAD, 0xFD, 0x6D, 0xFD, + 0xE0, 0x04, 0xE5, 0xB3, 0xC7, 0xED, 0x84, 0xCB, 0xD4, 0xB0, 0x84, 0x09, 0x99, 0xC3, 0xFB, 0x8B, + 0x91, 0x55, 0x2C, 0xCB, 0x48, 0x06, 0xD1, 0x6C, 0xE0, 0x42, 0x13, 0xDF, 0x2B, 0x73, 0x25, 0xB3, + 0x15, 0xC5, 0x8A, 0xDF, 0x01, 0x2B, 0x96, 0x01, 0x95, 0x84, 0xE4, 0x8E, 0xBA, 0x32, 0xCB, 0x77 + }, +}; + +const uint32_t s_flash[] = +{ + 0xa6f0651c, 0xa17c5a15, 0xa23e1bfb, 0xc04e1bb9, + 0x5594fc81, 0x67fad158, 0xfda808ae, 0x7e01cb88, + 0xbf12d558, 0x9ec08adc, 0x21c25af2, 0x60d43062, + 0x82e6b470, 0x178879a6, 0x9ddb263f, 0xddb57b53, + 0x220ea793, 0x24de7b88, 0x9fa846e4, 0xdf9059f9, + 0x7ce55a19, 0x686689e5, 0x9aaef400, 0x88fd178a, + 0xf4e33b46, 0xc9394a88, 0x712823b9, 0xca75513f, + 0x63859e61, 0x45477873, 0x357b5776, 0x83cc1def, + 0x74cb65ab, 0xa919863c, 0x9f75e62e, 0x5fd62143, + 0xdbae440a, 0x34053525, 0x56e221e1, 0x8ffbaeb5, + 0xa75c55f0, 0x34727e44, 0x2c791463, 0x7670923f, + 0xc0287d97, 0x0a09b5c9, 0xfaecf18e, 0x09ceab85, + 0x687ad46f, 0x7e4d8adb, 0x6def5893, 0x6f236da3, + 0xab6e15e1, 0x653f41d0, 0x05652571, 0x9ec8ec15, + 0x2d4acb06, 0x7d5c2c26, 0xf49455cb, 0x9872dc50, + 0xb9fe50a2, 0x34bf45ae, 0x4cf2b6bf, 0xe1c75c7b, + 0x6e23718f, 0x227b0a55, 0x3a5e8b00, 0x83222dba, + 0x4041008f, 0x40fc8d01, 0xcd6c5c64, 0x0b8183b5, + 0x678bf9e7, 0x57844b52, 0xb4c81735, 0x559e77f3, + 0xb2b6800e, 0x715de4e2, 0x7a2720bb, 0x7b434710, + 0xee264103, 0x9db8c751, 0x78291c62, 0x77b883f4, + 0xa27d1216, 0x4e733ba6, 0x8a5f40dc, 0x32d2dd82, + 0x8a5fdc67, 0xd8fb0926, 0x9d5aec51, 0x08bfce4d, + 0x2a54839b, 0xe6601069, 0x564fbdbf, 0x9bb43dc7, + 0x9bb59d3a, 0xc3aaa60c, 0x2f2e75d7, 0x6a953972, + 0x6de4fd23, 0x546c212b, 0xe8aad33f, 0xca416c37, + 0xa74b36f9, 0x520330f0, 0x96145828, 0x09c21110, + 0x0b29365a, 0xfe9a9e60, 0x82b3a215, 0x752daa46, + 0x45bd59d6, 0x145ba47f, 0x75e40f92, 0x2f904860, + 0x609e3b0a, 0x8e6e6aa8, 0xe88ea1c3, 0x22a1db60, + 0x9947e0c7, 0x28416ca7, 0x3cb6abe6, 0x0e367da7, + 0x17b16976, 0x5323ccde, 0xc7337459, 0xf07293ad, +}; + +/* ./ca-cert.der.sign, */ +const unsigned char ca_cert_sig[] = +{ + 0x86, 0xD6, 0xC5, 0xB0, 0xE1, 0x37, 0x4C, 0x21, 0xF7, 0x8D, + 0x7C, 0x36, 0x80, 0xDB, 0x51, 0x58, 0x9D, 0x32, 0x5A, 0x1C, + 0xF3, 0xAC, 0x24, 0x17, 0xD4, 0x61, 0x9F, 0x09, 0x73, 0xA0, + 0x1E, 0x30, 0xE7, 0x6F, 0x00, 0xF8, 0xDB, 0xAA, 0x34, 0x4E, + 0x96, 0xA3, 0x3D, 0xBC, 0xE8, 0xFF, 0xBE, 0x4E, 0x62, 0x70, + 0x7B, 0xC7, 0x65, 0x2E, 0x9D, 0x1C, 0xE1, 0x5A, 0x7C, 0x2B, + 0xCD, 0x57, 0xEA, 0xF4, 0x16, 0xBC, 0x47, 0x26, 0xF5, 0x41, + 0x1F, 0x4E, 0xFD, 0xA5, 0x65, 0xAE, 0x31, 0xEB, 0xDF, 0x10, + 0xAF, 0xCB, 0xCB, 0x27, 0x84, 0xB6, 0x59, 0x3C, 0x6B, 0x9B, + 0x68, 0xAF, 0xEF, 0x35, 0xAF, 0x59, 0x9B, 0x07, 0x69, 0x75, + 0x1A, 0x99, 0x92, 0x0F, 0x0D, 0x02, 0x5A, 0x2C, 0x14, 0xD5, + 0x38, 0x8B, 0xD2, 0xB5, 0x35, 0xC7, 0x2D, 0xEB, 0x97, 0x4C, + 0xC8, 0x53, 0xCF, 0x7C, 0x0C, 0xB3, 0x00, 0x90, 0x99, 0x0B, + 0xB1, 0xBE, 0x8B, 0xEA, 0x96, 0xB4, 0x75, 0x35, 0x9D, 0xA1, + 0x2E, 0xF3, 0xF3, 0xEA, 0xF5, 0x7B, 0x83, 0xEF, 0x03, 0x06, + 0x3C, 0x41, 0x1C, 0x32, 0x84, 0x4A, 0xB8, 0xB0, 0xAE, 0x67, + 0xE9, 0xE4, 0xEE, 0x58, 0x43, 0x0C, 0x0D, 0xAE, 0x6C, 0xB8, + 0x94, 0x7F, 0x80, 0x33, 0xD3, 0xDC, 0x04, 0x02, 0xDC, 0x6F, + 0x17, 0xDC, 0xAE, 0x79, 0xED, 0xE3, 0x99, 0xAA, 0xE8, 0x4E, + 0x6A, 0x43, 0x73, 0xE6, 0xF3, 0xF8, 0x5A, 0x51, 0x55, 0x5E, + 0x55, 0x2D, 0xD6, 0xF7, 0xD5, 0xAB, 0xBE, 0xBD, 0xC8, 0x7D, + 0xB0, 0xA7, 0x9A, 0x46, 0xC0, 0xDC, 0x16, 0x83, 0xE9, 0x2C, + 0x56, 0x6C, 0x45, 0x52, 0x3E, 0x05, 0x4D, 0x5F, 0x11, 0xD0, + 0x93, 0x0F, 0x82, 0x6D, 0x6E, 0xC0, 0x01, 0x38, 0x3B, 0x2F, + 0xD9, 0x80, 0x51, 0x6D, 0xD1, 0x1B, 0x22, 0x72, 0xBB, 0x15, + 0x5D, 0xBC, 0xB8, 0x07, 0xBB, 0x96 +}; +const int sizeof_ca_cert_sig = sizeof(ca_cert_sig); + +/* ./client-cert.der.sign, */ +const unsigned char client_cert_der_sign[] = +{ + 0x5D, 0x1F, 0x89, 0x41, 0xEC, 0x47, 0xC8, 0x90, 0x61, 0x79, + 0x8A, 0x16, 0x1F, 0x31, 0x96, 0x67, 0xD9, 0x3C, 0xEC, 0x6B, + 0x58, 0xC6, 0x5A, 0xED, 0x99, 0xB3, 0xEF, 0x27, 0x6F, 0x04, + 0x8C, 0xD9, 0x68, 0xB1, 0xD6, 0x23, 0x15, 0x84, 0x00, 0xE1, + 0x27, 0xD1, 0x1F, 0x68, 0xB7, 0x3F, 0x13, 0x53, 0x8A, 0x95, + 0x5A, 0x20, 0x7C, 0xB2, 0x76, 0x5B, 0xDC, 0xE0, 0xA6, 0x21, + 0x7C, 0x49, 0xCF, 0x93, 0xBA, 0xD5, 0x12, 0x9F, 0xEE, 0x90, + 0x5B, 0x3F, 0xA3, 0x9D, 0x13, 0x72, 0xAC, 0x72, 0x16, 0xFE, + 0x1D, 0xBE, 0xEB, 0x8E, 0xC7, 0xDC, 0xC4, 0xF8, 0x1A, 0xD8, + 0xA0, 0xA4, 0xF6, 0x04, 0x30, 0xF6, 0x7E, 0xB6, 0xC8, 0xE1, + 0xAB, 0x88, 0x37, 0x08, 0x63, 0x72, 0xAA, 0x46, 0xCC, 0xCA, + 0xF0, 0x9E, 0x02, 0x1E, 0x65, 0x67, 0xFF, 0x2C, 0x9D, 0x81, + 0x6C, 0x1E, 0xF1, 0x54, 0x05, 0x68, 0x68, 0x18, 0x72, 0x26, + 0x55, 0xB6, 0x2C, 0x95, 0xC0, 0xC9, 0xB2, 0xA7, 0x0B, 0x60, + 0xD7, 0xEB, 0x1D, 0x08, 0x1A, 0xA2, 0x54, 0x15, 0x89, 0xCB, + 0x83, 0x21, 0x5D, 0x15, 0x9B, 0x38, 0xAC, 0x89, 0x63, 0xD5, + 0x4B, 0xF4, 0x8B, 0x47, 0x93, 0x78, 0x43, 0xCB, 0x9B, 0x71, + 0xBF, 0x94, 0x76, 0xB5, 0xCE, 0x35, 0xA9, 0x1A, 0xD5, 0xA5, + 0xD8, 0x19, 0xA6, 0x04, 0x39, 0xB1, 0x09, 0x8C, 0x65, 0x02, + 0x58, 0x3A, 0x95, 0xEF, 0xA2, 0xC3, 0x85, 0x18, 0x61, 0x23, + 0x2D, 0xC5, 0xCD, 0x62, 0xC1, 0x19, 0x31, 0xE5, 0x36, 0x95, + 0x22, 0xDB, 0x3E, 0x1A, 0x3C, 0xE8, 0xC6, 0x2E, 0xDF, 0xD9, + 0x2F, 0x84, 0xC1, 0xF0, 0x38, 0x2B, 0xE5, 0x73, 0x35, 0x4F, + 0x05, 0xE2, 0xA5, 0x60, 0x79, 0xB0, 0x23, 0xDC, 0x56, 0x4C, + 0xE7, 0xD9, 0x1F, 0xCF, 0x6A, 0xFC, 0x55, 0xEB, 0xAA, 0x48, + 0x3E, 0x95, 0x2A, 0x10, 0x01, 0x05 +}; +const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign); + +uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 }; +uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 }; + + + +#endif + + + + + + + + +#if 0 + + +#pragma section _FIRMWARE_UPDATE_CONTROL_BLOCK +const st_key_index_block_data_t g_key_index_block_data = +{ + /* struct firmware_update_control_data; */ + { + /* uint32_t user_program_max_cnt; */ + 0, + /* uint32_t lifecycle_state; */ + LIFECYCLE_STATE_BLANK, + /* uint32_t program_mac0[R_TSIP_AES_BLOCK_BYTE_SIZE / sizeof(uint32_t)]; */ + { + 0 + }, + /* uint32_t program_mac1[R_TSIP_AES_BLOCK_BYTE_SIZE / sizeof(uint32_t)]; */ + { + 0 + }, + }, + /* struct key_data; */ + { + /* tsip_rsa2048_public_key_index_t user_rsa2048_ne_key_index; */ + { + 0 + }, + /* tsip_update_key_ring_t user_update_key_index; */ + { + 0 + }, + }, + /* uint8_t hash_sha1[R_TSIP_SHA1_HASH_LENGTH_BYTE_SIZE]; */ + { + 0xC6, 0x10, 0x5D, 0xF5, 0x16, 0x83, 0x7E, 0xCE, 0x50, 0x55, 0x87, 0x7F, 0x39, 0xBD, 0xA3, 0x0F, + 0xC4, 0xB4, 0x7B, 0x5F + }, +}; +#pragma section + +#pragma section _FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR +const st_key_index_block_data_t g_key_index_block_data_mirror = +{ + 0 +}; +#pragma section + +st_key_index_block_data_t g_key_index_block_image = +{ + 0 +}; + +#endif + diff --git a/IDE/Renesas/e2studio/GR-ROSE/test/src/key_data.h b/IDE/Renesas/e2studio/GR-ROSE/test/src/key_data.h new file mode 100644 index 000000000..9ab94d23e --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/test/src/key_data.h @@ -0,0 +1,58 @@ +/* key_data.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef KEY_DATA_H_ +#define KEY_DATA_H_ + +#include + + +#if defined(WOLFSSL_RENESAS_TSIP) + + #include "r_tsip_rx_if.h" + +typedef struct st_key_block_data +{ + uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; + uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; + uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]; + uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; + // #if (WOLFSSL_RENESAS_TSIP_VER >= 109) + // uint32_t encrypted_user_key_type; + // #endif +} st_key_block_data_t; + + #if (WOLFSSL_RENESAS_TSIP_VER >= 109) + extern const uint32_t encrypted_user_key_type; + #endif + + extern const st_key_block_data_t g_key_block_data; + + + extern const unsigned char ca_cert_sig[]; + extern const unsigned char ca_cert_der[]; + extern const unsigned char client_cert_der_sign[]; + extern const int sizeof_ca_cert_der; + + +#endif /* (WOLFSSL_RENESAS_TSIP */ +#endif /* KEY_DATA_H_ */ + diff --git a/IDE/Renesas/e2studio/GR-ROSE/test/src/test_main.c b/IDE/Renesas/e2studio/GR-ROSE/test/src/test_main.c new file mode 100644 index 000000000..d248b6b3d --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/test/src/test_main.c @@ -0,0 +1,256 @@ +/* test_main.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +//#include "typedefine.h" +#ifdef __cplusplus +//#include // Remove the comment when you use ios +//_SINT ios_base::Init::init_cnt; // Remove the comment when you use ios +#endif + +#include "stdio.h" +#include "stdint.h" +#include +#include "wolfssl/wolfcrypt/types.h" +#include "wolfssl_demo.h" + +void main(void); +#ifdef __cplusplus +extern "C" { +void abort(void); +} +#endif + + +#if defined(TLS_CLIENT) || defined(TLS_SERVER) + #include "r_t4_itcpip.h" + #include "r_sys_time_rx_if.h" + #include "Pin.h" + + #define T4_WORK_SIZE (14800) + static UW tcpudp_work[(T4_WORK_SIZE / 4) + 1]; + + #if defined(WOLFSSL_RENESAS_TSIP) + #include "key_data.h" + #include + + extern const st_key_block_data_t g_key_block_data; + #endif + +#endif + +static long tick; +static void timeTick(void *pdata) +{ + tick++; +} + +typedef struct func_args { + int argc; + char** argv; + int return_code; +} func_args; + + +void wolfcrypt_test(func_args args); +int benchmark_test(void *args); + +double current_time(int reset) +{ + if(reset) tick = 0 ; + return ((double)tick/FREQ) ; +} + +#if defined(TLS_CLIENT) || defined(TLS_SERVER) + +int SetTsiptlsKey() +{ +#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER >=109) + + #if defined(TLS_CLIENT) + + tsip_inform_cert_sign((const byte *)ca_cert_sig); + tsip_inform_user_keys_ex( + (byte*)&g_key_block_data.encrypted_provisioning_key, + (byte*)&g_key_block_data.iv, + (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key, + encrypted_user_key_type); + + #elif defined(TLS_SERVER) + + tsip_inform_cert_sign((const byte *)client_cert_der_sign); + tsip_inform_user_keys_ex( + (byte*)&g_key_block_data.encrypted_provisioning_key, + (byte*)&g_key_block_data.iv, + (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key, + encrypted_user_key_type); + + #endif + +#elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER >=106) + + #if defined(TLS_CLIENT) + + tsip_inform_cert_sign((const byte *)ca_cert_sig); + tsip_inform_user_keys((byte*)&g_key_block_data.encrypted_session_key, + (byte*)&g_key_block_data.iv, + (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key); + + #elif defined(TLS_SERVER) + + tsip_inform_cert_sign((const byte *)client_cert_der_sign); + tsip_inform_user_keys((byte*)&g_key_block_data.encrypted_session_key, + (byte*)&g_key_block_data.iv, + (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key); + + #endif + +#endif + return 0; +} + +int Open_tcp( ) +{ + ER ercd; + W size; + sys_time_err_t sys_ercd; + char ver[128]; + + /* cast from uint8_t to char* */ + strcpy(ver, (char*)R_t4_version.library); + + sys_ercd = R_SYS_TIME_Open(); + if (sys_ercd != SYS_TIME_SUCCESS) { + printf("ERROR : R_SYS_TIME_Open() failed\n"); + return -1; + } + R_Pins_Create(); + /* start LAN controller */ + ercd = lan_open(); + /* initialize TCP/IP */ + size = tcpudp_get_ramsize(); + if (size > (sizeof(tcpudp_work))) { + printf("size > (sizeof(tcpudp_work))!\n"); + return -1; + } + ercd = tcpudp_open(tcpudp_work); + if (ercd != E_OK) { + printf("ERROR : tcpudp_open failed\n"); + return -1; + } + + return 0; +} + +void Close_tcp() +{ + /* end TCP/IP */ + tcpudp_close(); + lan_close(); + R_SYS_TIME_Close(); +} +#endif + +void main(void) +{ + (void)timeTick; + +#if defined(CRYPT_TEST) || defined(BENCHMARK) +#if defined(CRYPT_TEST) + int ret; + func_args args = { 0 }; + + if ((ret = wolfCrypt_Init()) != 0) { + printf("wolfCrypt_Init failed %d\n", ret); + } + + printf("Start wolfCrypt Test\n"); + wolfcrypt_test(args); + printf("End wolfCrypt Test\n"); + + if ((ret = wolfCrypt_Cleanup()) != 0) { + printf("wolfCrypt_Cleanup failed %d\n", ret); + } +#endif +#if defined(BENCHMARK) + #include "r_cmt_rx_if.h" + + uint32_t channel; + R_CMT_CreatePeriodic(FREQ, &timeTick, &channel); + + printf("Start wolfCrypt Benchmark\n"); + benchmark_test(NULL); + printf("End wolfCrypt Benchmark\n"); +#endif +#elif defined(TLS_CLIENT) + #include "r_cmt_rx_if.h" + +#if defined(WOLFSSL_RENESAS_TSIP) + const char* cipherlist[] = { + + "AES128-SHA", + "AES128-SHA256", + "AES256-SHA", + "AES256-SHA256" + }; + const int cipherlist_sz = 4; +#else + const char* cipherlist[] = { NULL }; + const int cipherlist_sz = 0; + +#endif + int i = 0; + + Open_tcp(); +#if defined(WOLFSSL_RENESAS_TSIP) + SetTsiptlsKey(); +#endif + + do { + if(cipherlist_sz > 0 ) printf("cipher : %s\n", cipherlist[i]); + + wolfSSL_TLS_client_init(cipherlist[i]); + + wolfSSL_TLS_client(); + + i++; + } while (i < cipherlist_sz); + + Close_tcp(); +#elif defined(TLS_SERVER) + + Open_tcp(); +#if defined(WOLFSSL_RENESAS_TSIP) + SetTsiptlsKey(); +#endif + + wolfSSL_TLS_server_init(); + wolfSSL_TLS_server(); + + Close_tcp(); +#endif +} + +#ifdef __cplusplus +void abort(void) +{ + +} +#endif diff --git a/IDE/Renesas/e2studio/GR-ROSE/test/src/wolf_client.c b/IDE/Renesas/e2studio/GR-ROSE/test/src/wolf_client.c new file mode 100644 index 000000000..ff09b1a80 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/test/src/wolf_client.c @@ -0,0 +1,212 @@ +/* wolf_client.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include +#include "r_t4_itcpip.h" +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/ssl.h" +#include "wolfssl/certs_test.h" +#include "key_data.h" +#include "wolfssl_demo.h" + + +#define SIMPLE_TLSSEVER_IP "192.168.1.3" +#define SIMPLE_TLSSERVER_PORT "11111" + +ER t4_tcp_callback(ID cepid, FN fncd , VP p_parblk); +uint32_t g_encrypted_root_public_key[140]; + +static WOLFSSL_CTX *client_ctx; + + +static int my_IORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx) +{ + int ret; + ID cepid; + + if(ctx != NULL) + cepid = *(ID *)ctx; + else + return WOLFSSL_CBIO_ERR_GENERAL; + + ret = tcp_rcv_dat(cepid, buff, sz, TMO_FEVR); + if(ret > 0) + return ret; + else + return WOLFSSL_CBIO_ERR_GENERAL; +} + +static int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx) +{ + int ret; + ID cepid; + + if(ctx != NULL) + cepid = *(ID *)ctx; + else + return WOLFSSL_CBIO_ERR_GENERAL; + + ret = tcp_snd_dat(cepid, buff, sz, TMO_FEVR); + if(ret == sz) + return ret; + else + return WOLFSSL_CBIO_ERR_GENERAL; +} + +static int getIPaddr(char *arg) +{ + int a1, a2, a3, a4; + if(sscanf(arg, "%d.%d.%d.%d", &a1, &a2, &a3, &a4) == 4) + return (a1 << 24) | (a2 << 16) | (a3 << 8) | a4; + else return 0; +} + +static int getPort(char *arg) +{ + int port; + if(sscanf(arg, "%d", &port) == 1) + return port; + else return 0; +} + +void wolfSSL_TLS_client_init(const char* cipherlist) +{ + + #ifndef NO_FILESYSTEM + #ifdef USE_ECC_CERT + char *cert = "./certs/ca-ecc-cert.pem"; + #else + char *cert = "./certs/ca-cert.pem"; + #endif + #else + #ifdef USE_ECC_CERT + const unsigned char *cert = ca_ecc_der_256; + #define SIZEOF_CERT sizeof_ca_ecc_der_256 + #else + const unsigned char *cert = ca_cert_der_2048; + #define SIZEOF_CERT sizeof_ca_cert_der_2048 + #endif + #endif + + wolfSSL_Init(); + #ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); + #endif + + /* Create and initialize WOLFSSL_CTX */ + if ((client_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method_ex((void *)NULL))) == NULL) { + printf("ERROR: failed to create WOLFSSL_CTX\n"); + return; + } + + #if !defined(NO_FILESYSTEM) + if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) { + printf("ERROR: can't load \"%s\"\n", cert); + return NULL; + } + #else + if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS){ + printf("ERROR: can't load certificate data\n"); + return; + } + #endif + + /* Register callbacks */ + wolfSSL_SetIORecv(client_ctx, my_IORecv); + wolfSSL_SetIOSend(client_ctx, my_IOSend); + + /* use specific cipher */ + if (cipherlist != NULL && wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(client_ctx); client_ctx = NULL; + printf("client can't set cipher list 1"); + } +} + +void wolfSSL_TLS_client( ) +{ + ID cepid = 1; + ER ercd; + int ret; + WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)client_ctx; + WOLFSSL *ssl; + + #define BUFF_SIZE 256 + static const char sendBuff[]= "Hello Server\n" ; + + char rcvBuff[BUFF_SIZE] = {0}; + + static T_IPV4EP my_addr = { 0, 0 }; + + T_IPV4EP dst_addr; + + if((dst_addr.ipaddr = getIPaddr(SIMPLE_TLSSEVER_IP)) == 0){ + printf("ERROR: IP address\n"); + return; + } + if((dst_addr.portno = getPort(SIMPLE_TLSSERVER_PORT)) == 0){ + printf("ERROR: IP address\n"); + return; + } + + if((ercd = tcp_con_cep(cepid, &my_addr, &dst_addr, TMO_FEVR)) != E_OK) { + printf("ERROR TCP Connect: %d\n", ercd); + return; + } + + if((ssl = wolfSSL_new(ctx)) == NULL) { + printf("ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0)); + return; + } + + /* set callback context */ + wolfSSL_SetIOReadCtx(ssl, (void *)&cepid); + wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid); + + + if(wolfSSL_connect(ssl) != SSL_SUCCESS) { + printf("ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0)); + return; + } + + if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) { + printf("ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0)); + return; + } + + if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE)) < 0) { + printf("ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0)); + return; + } + + rcvBuff[ret] = '\0' ; + printf("Received: %s\n\n", rcvBuff); + + /* frees all data before client termination */ + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + wolfSSL_Cleanup(); + + tcp_sht_cep(cepid); + tcp_cls_cep(cepid, TMO_FEVR); + + return; +} diff --git a/IDE/Renesas/e2studio/GR-ROSE/test/src/wolf_server.c b/IDE/Renesas/e2studio/GR-ROSE/test/src/wolf_server.c new file mode 100644 index 000000000..5d38b0358 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/test/src/wolf_server.c @@ -0,0 +1,203 @@ +/* wolf_server.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#include +#include +#include "r_t4_itcpip.h" + +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/ssl.h" +#include "wolfssl/certs_test.h" +#include "wolfssl_demo.h" + +static WOLFSSL_CTX *server_ctx; +static byte doCliCertCheck; + +static int my_IORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx) +{ + int ret; + ID cepid; + + if(ctx != NULL) + cepid = *(ID *)ctx; + else + return WOLFSSL_CBIO_ERR_GENERAL; + + ret = tcp_rcv_dat(cepid, buff, sz, TMO_FEVR); + if(ret == sz) + return ret; + else + return WOLFSSL_CBIO_ERR_GENERAL; +} + +static int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx) +{ + int ret; + ID cepid; + + if(ctx != NULL) + cepid = *(ID *)ctx; + else + return WOLFSSL_CBIO_ERR_GENERAL; + + ret = tcp_snd_dat(cepid, buff, sz, TMO_FEVR); + if(ret == sz) + return ret; + else + return WOLFSSL_CBIO_ERR_GENERAL; +} + + +void wolfSSL_TLS_server_init(byte doClientCheck) +{ + + int ret; + + + #ifndef NO_FILESYSTEM + #ifdef USE_ECC_CERT + char *cert = "./certs/server-ecc-cert.pem"; + char *key = "./certs/server-ecc-key.pem"; + #else + char *cert = "./certs/server-cert.pem"; + char *key = "./certs/server-key.pem"; + #endif + char *clientCert = "./certs/client-cert.pem"; + #else + #ifdef USE_ECC_CERT + char *cert = serv_ecc_der_256; + int sizeof_cert = sizeof_serv_ecc_der_256; + char *cert = serv_ecc_key_der_256; + int sizeof_key = sizeof_serv_ecc_key_der_256; + #else + const unsigned char *cert = server_cert_der_2048; + #define sizeof_cert sizeof_server_cert_der_2048 + const unsigned char *key = server_key_der_2048; + #define sizeof_key sizeof_server_key_der_2048 + const unsigned char *clientCert = client_cert_der_2048; + #define sizeof_clicert sizeof_client_cert_der_2048 + #endif + #endif + + + wolfSSL_Init(); + #ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); + #endif + + /* Create and initialize WOLFSSL_CTX */ + if ((server_ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex((void *)NULL))) + == NULL) { + printf("ERROR: failed to create WOLFSSL_CTX\n"); + return; + } + + #if !defined(NO_FILESYSTEM) + ret = wolfSSL_CTX_use_certificate_file(server_ctx, cert, 0); + #else + ret = wolfSSL_CTX_use_certificate_buffer(server_ctx, cert, + sizeof_cert, SSL_FILETYPE_ASN1); + #endif + if (ret != SSL_SUCCESS) { + printf("Error %d loading server-cert!\n", ret); + return; + } + + /* Load server key into WOLFSSL_CTX */ + #if !defined(NO_FILESYSTEM) + ret = wolfSSL_CTX_use_PrivateKey_file(server_ctx, key, 0); + #else + ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key, + SSL_FILETYPE_ASN1); + #endif + if (ret != SSL_SUCCESS) { + printf("Error %d loading server-key!\n", ret); + return; + } +#if defined(WOLFSSL_RENESAS_TSIP) + doCliCertCheck = 1; +#endif + if (doCliCertCheck) { + wolfSSL_CTX_set_verify(server_ctx, WOLFSSL_VERIFY_PEER | + WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); +#if !defined(NO_FILESYSTEM) + if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0) + != WOLFSSL_SUCCESS) +#else + if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert, + sizeof_clicert, + SSL_FILETYPE_ASN1) != SSL_SUCCESS) +#endif + printf("can't load ca file, Please run from wolfSSL home dir\n"); + } + + /* Register callbacks */ + wolfSSL_SetIORecv(server_ctx, my_IORecv); + wolfSSL_SetIOSend(server_ctx, my_IOSend); + +} + +void wolfSSL_TLS_server( ) +{ + ID cepid = 1; + ID repid = 1; + ER ercd; + WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)server_ctx; + + WOLFSSL *ssl; + int len; + #define BUFF_SIZE 256 + char buff[BUFF_SIZE]; + T_IPV4EP dst_addr = {0, 0}; + + if((ercd = tcp_acp_cep(cepid, repid, &dst_addr, TMO_FEVR)) != E_OK) { + printf("ERROR TCP Accept: %d\n", ercd); + return; + } + + if((ssl = wolfSSL_new(ctx)) == NULL) { + printf("ERROR: failed wolfSSL_new\n"); + return; + } + + wolfSSL_SetIOReadCtx(ssl, (void *)&cepid); + wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid); + + if (wolfSSL_accept(ssl) < 0) { + printf("ERROR: SSL Accept(%d)\n", wolfSSL_get_error(ssl, 0)); + return; + } + + if ((len = wolfSSL_read(ssl, buff, sizeof(buff) - 1)) < 0) { + printf("ERROR: SSL Read(%d)\n", wolfSSL_get_error(ssl, 0)); + return; + } + + buff[len] = '\0'; + printf("Received: %s\n", buff); + + if (wolfSSL_write(ssl, buff, len) != len) { + printf("ERROR: SSL Write(%d)\n", wolfSSL_get_error(ssl, 0)); + return; + } + + wolfSSL_free(ssl); + tcp_sht_cep(cepid); +} diff --git a/IDE/Renesas/e2studio/GR-ROSE/test/src/wolfssl_demo.h b/IDE/Renesas/e2studio/GR-ROSE/test/src/wolfssl_demo.h new file mode 100644 index 000000000..ca5482007 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/test/src/wolfssl_demo.h @@ -0,0 +1,48 @@ +/* wolfssl_demo.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_DEMO_H_ +#define WOLFSSL_DEMO_H_ + +#define FREQ 10000 /* Hz */ + +/* Enable wolfcrypt test */ +/* can be enabled with benchmark test */ +/* #define CRYPT_TEST */ + +/* Enable benchmark */ +/* can be enabled with cyrpt test */ +/* #define BENCHMARK*/ + +/* Enable TLS client */ +/* cannot enable with other definition */ +/*#define TLS_CLIENT*/ + +/* Enable TLS server */ +/* cannot enable with other definition */ +/* #define TLS_SERVER */ + +void wolfSSL_TLS_client_init(); +void wolfSSL_TLS_client(); +void wolfSSL_TLS_server_init(); +void wolfSSL_TLS_server(); + +#endif /* WOLFSSL_DEMO_H_ */ diff --git a/IDE/Renesas/e2studio/GR-ROSE/test/test_HardwareDebug.launch b/IDE/Renesas/e2studio/GR-ROSE/test/test_HardwareDebug.launch new file mode 100644 index 000000000..1aecc2d2e --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/test/test_HardwareDebug.launch @@ -0,0 +1,136 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/IDE/Renesas/e2studio/GR-ROSE/wolfssl/.cproject b/IDE/Renesas/e2studio/GR-ROSE/wolfssl/.cproject new file mode 100644 index 000000000..6b500a870 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/wolfssl/.cproject @@ -0,0 +1,104 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/IDE/Renesas/e2studio/GR-ROSE/wolfssl/.project b/IDE/Renesas/e2studio/GR-ROSE/wolfssl/.project new file mode 100644 index 000000000..46ee10091 --- /dev/null +++ b/IDE/Renesas/e2studio/GR-ROSE/wolfssl/.project @@ -0,0 +1,393 @@ + + + wolfssl + + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + + org.eclipse.cdt.core.cnature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + + + + src/crl.c + 1 + PARENT-5-PROJECT_LOC/src/crl.c + + + src/internal.c + 1 + PARENT-5-PROJECT_LOC/src/internal.c + + + src/keys.c + 1 + PARENT-5-PROJECT_LOC/src/keys.c + + + src/ocsp.c + 1 + PARENT-5-PROJECT_LOC/src/ocsp.c + + + src/sniffer.c + 1 + PARENT-5-PROJECT_LOC/src/sniffer.c + + + src/ssl.c + 1 + PARENT-5-PROJECT_LOC/src/ssl.c + + + src/tls.c + 1 + PARENT-5-PROJECT_LOC/src/tls.c + + + src/tls13.c + 1 + PARENT-5-PROJECT_LOC/src/tls13.c + + + src/wolfio.c + 1 + PARENT-5-PROJECT_LOC/src/wolfio.c + + + wolfcrypt/port/renesas_tsip_aes.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c + + + wolfcrypt/port/renesas_tsip_sha.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c + + + wolfcrypt/port/renesas_tsip_util.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_util.c + + + wolfcrypt/src/aes.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/aes.c + + + wolfcrypt/src/arc4.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/arc4.c + + + wolfcrypt/src/asm.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/asm.c + + + wolfcrypt/src/asn.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/asn.c + + + wolfcrypt/src/blake2b.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/blake2b.c + + + wolfcrypt/src/camellia.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/camellia.c + + + wolfcrypt/src/chacha.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/chacha.c + + + wolfcrypt/src/chacha20_poly1305.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/chacha20_poly1305.c + + + wolfcrypt/src/cmac.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/cmac.c + + + wolfcrypt/src/coding.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/coding.c + + + wolfcrypt/src/compress.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/compress.c + + + wolfcrypt/src/cpuid.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/cpuid.c + + + wolfcrypt/src/cryptocb.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/cryptocb.c + + + wolfcrypt/src/curve25519.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/curve25519.c + + + wolfcrypt/src/des3.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/des3.c + + + wolfcrypt/src/dh.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/dh.c + + + wolfcrypt/src/dsa.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/dsa.c + + + wolfcrypt/src/ecc.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ecc.c + + + wolfcrypt/src/ecc_fp.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ecc_fp.c + + + wolfcrypt/src/ed25519.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ed25519.c + + + wolfcrypt/src/error.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/error.c + + + wolfcrypt/src/fe_low_mem.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/fe_low_mem.c + + + wolfcrypt/src/fe_operations.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/fe_operations.c + + + wolfcrypt/src/ge_low_mem.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ge_low_mem.c + + + wolfcrypt/src/ge_operations.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ge_operations.c + + + wolfcrypt/src/hash.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/hash.c + + + wolfcrypt/src/hc128.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/hc128.c + + + wolfcrypt/src/hmac.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/hmac.c + + + wolfcrypt/src/idea.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/idea.c + + + wolfcrypt/src/include.am + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/include.am + + + wolfcrypt/src/integer.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/integer.c + + + wolfcrypt/src/logging.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/logging.c + + + wolfcrypt/src/md2.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/md2.c + + + wolfcrypt/src/md4.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/md4.c + + + wolfcrypt/src/md5.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/md5.c + + + wolfcrypt/src/memory.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/memory.c + + + wolfcrypt/src/pkcs12.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/pkcs12.c + + + wolfcrypt/src/pkcs7.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/pkcs7.c + + + wolfcrypt/src/poly1305.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/poly1305.c + + + wolfcrypt/src/pwdbased.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/pwdbased.c + + + wolfcrypt/src/rabbit.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/rabbit.c + + + wolfcrypt/src/random.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/random.c + + + wolfcrypt/src/ripemd.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ripemd.c + + + wolfcrypt/src/rsa.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/rsa.c + + + wolfcrypt/src/sha.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sha.c + + + wolfcrypt/src/sha256.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sha256.c + + + wolfcrypt/src/sha3.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sha3.c + + + wolfcrypt/src/sha512.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sha512.c + + + wolfcrypt/src/signature.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/signature.c + + + wolfcrypt/src/sp_arm32.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_arm32.c + + + wolfcrypt/src/sp_arm64.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_arm64.c + + + wolfcrypt/src/sp_c32.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_c32.c + + + wolfcrypt/src/sp_c64.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_c64.c + + + wolfcrypt/src/sp_int.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_int.c + + + wolfcrypt/src/sp_x86_64.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_x86_64.c + + + wolfcrypt/src/srp.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/srp.c + + + wolfcrypt/src/tfm.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/tfm.c + + + wolfcrypt/src/wc_encrypt.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_encrypt.c + + + wolfcrypt/src/wc_port.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_port.c + + + wolfcrypt/src/wolfevent.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wolfevent.c + + + wolfcrypt/src/wolfmath.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wolfmath.c + + + diff --git a/IDE/include.am b/IDE/include.am index 828b173ad..41ee002a9 100644 --- a/IDE/include.am +++ b/IDE/include.am @@ -25,6 +25,7 @@ include IDE/Renesas/e2studio/DK-S7G2/include.am include IDE/Renesas/cs+/Projects/include.am include IDE/Renesas/e2studio/Projects/include.am include IDE/Renesas/e2studio/RA6M3G/include.am +include IDE/Renesas/e2studio/GR-ROSE/include.am include IDE/WICED-STUDIO/include.am include IDE/CRYPTOCELL/include.am include IDE/M68K/include.am diff --git a/src/tls.c b/src/tls.c index 1b9858a75..493953ccb 100644 --- a/src/tls.c +++ b/src/tls.c @@ -134,15 +134,36 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions); #endif #ifdef WOLFSSL_RENESAS_TSIP_TLS + + #if (WOLFSSL_RENESAS_TSIP_VER >=109) + + int tsip_generateMasterSecretEx( + byte cipherSuiteFirst, + byte cipherSuite, + const byte* pr, /* pre-master */ + const byte* cr, /* client random */ + const byte* sr, /* server random */ + byte* ms); + + #elif (WOLFSSL_RENESAS_TSIP_VER >=106) + + int tsip_generateMasterSecret( + const byte* pre, + const byte* cr, + const byte* sr, + byte* ms); + + #endif + int tsip_useable(const WOLFSSL *ssl); - int tsip_generateMasterSecret(const byte *pre, - const byte *cr,const byte *sr, - byte *ms/* out */); int tsip_generateSeesionKey(WOLFSSL *ssl); - int tsip_generateVerifyData(const byte *ms, const byte *side, - const byte *handshake_hash, - byte *hashes /* out */); -#endif + int tsip_generateVerifyData( + const byte* ms, + const byte* side, + const byte* handshake_hash, + byte* hashes); + +#endif /*WOLFSSL_RENESAS_TSIP_TLS*/ int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen) { @@ -534,11 +555,26 @@ int MakeTlsMasterSecret(WOLFSSL* ssl) #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) if (tsip_useable(ssl)) { + + #if (WOLFSSL_RENESAS_TSIP_VER>=109) + + ret = tsip_generateMasterSecretEx( + ssl->options.cipherSuite0, + ssl->options.cipherSuite, + &ssl->arrays->preMasterSecret[VERSION_SZ], + ssl->arrays->clientRandom, + ssl->arrays->serverRandom, + ssl->arrays->tsip_masterSecret); + + #elif (WOLFSSL_RENESAS_TSIP_VER>=106) + ret = tsip_generateMasterSecret( &ssl->arrays->preMasterSecret[VERSION_SZ], ssl->arrays->clientRandom, ssl->arrays->serverRandom, ssl->arrays->tsip_masterSecret); + + #endif } else #endif ret = _MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index e3cd7ad24..16df32611 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -33,37 +33,139 @@ #include #include -/* mutex */ -wolfSSL_Mutex tsip_mutex; -static int tsip_CryptHwMutexInit_ = 0; + + + /* ./ca-cert.der.sign, */ /* expect to have these variables defined at user application */ -extern uint32_t s_flash[]; -extern uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE]; -extern uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]; -static const byte *ca_cert_sig; +extern uint32_t s_flash[]; +extern uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE]; +extern uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]; -/* user key */ + +wolfSSL_Mutex tsip_mutex; +static int tsip_CryptHwMutexInit_ = 0; +static const byte* ca_cert_sig; static tsip_key_data g_user_key_info; + /* tsip only keep one encrypted ca public key */ #if defined(WOLFSSL_RENESAS_TSIP_TLS) -static uint32_t g_encrypted_publicCA_key[R_TSIP_SINST_WORD_SIZE]; -static uint32_t g_CAscm_Idx; /* index of CM table */ +static uint32_t g_encrypted_publicCA_key[R_TSIP_SINST_WORD_SIZE]; +static uint32_t g_CAscm_Idx; /* index of CM table */ #endif -static int tsip_CryptHwMutexInit(wolfSSL_Mutex* mutex) { + + +static int tsip_CryptHwMutexInit(wolfSSL_Mutex* mutex) +{ return wc_InitMutex(mutex); } -static int tsip_CryptHwMutexLock(wolfSSL_Mutex* mutex) { +static int tsip_CryptHwMutexLock(wolfSSL_Mutex* mutex) +{ return wc_LockMutex(mutex); } -static int tsip_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) { +static int tsip_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) +{ return wc_UnLockMutex(mutex); } +#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109) + +static uint32_t GetTsipCipherSuite( + uint8_t cipherSuiteFirst, + uint8_t cipherSuite) +{ + WOLFSSL_MSG(">> GetTsipCipherSuite"); + uint32_t tsipCipher; + + if(cipherSuiteFirst == CIPHER_BYTE ) + { + switch(cipherSuite){ + + case TLS_RSA_WITH_AES_128_CBC_SHA: /*2F*/ + tsipCipher = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA; /*0*/ + break; + + case TLS_RSA_WITH_AES_128_CBC_SHA256: + tsipCipher = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA256; + break; + + case TLS_RSA_WITH_AES_256_CBC_SHA: + tsipCipher = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA; + break; + + case TLS_RSA_WITH_AES_256_CBC_SHA256: + tsipCipher = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA256; + break; + + default: + tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE; + break; + } + WOLFSSL_MSG( "<< GetTsipCipherSuite"); + return tsipCipher; + } + else if( cipherSuiteFirst == ECC_BYTE ) + { + tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE; + /* comment out until implementation completes + switch(cipherSuite){ + + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: + tsipCipher = R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256; + break; + + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: + tsipCipher = R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256; + break; + + case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: + tsipCipher = R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256; + break; + + case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: + tsipCipher = R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256; + break; + + default: + tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE; + break; + } */ + } + else{ + tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE; + } + + WOLFSSL_MSG( "<< GetTsipCipherSuite" ); + + return tsipCipher; +} +#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=106) + +/* convert def to tsip define */ +static byte _tls2tsipdef(byte cipher) +{ + byte def = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA; + switch(cipher){ + case l_TLS_RSA_WITH_AES_128_CBC_SHA: + break; + case l_TLS_RSA_WITH_AES_128_CBC_SHA256: + def = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA256; + break; + case l_TLS_RSA_WITH_AES_256_CBC_SHA: + def = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA; + break; + case l_TLS_RSA_WITH_AES_256_CBC_SHA256: + def = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA256; + break; + default:break; + } + return def; +} +#endif /* * lock hw engine. * this should be called before using engine. @@ -72,10 +174,12 @@ int tsip_hw_lock() { int ret = 0; - WOLFSSL_MSG("enter esp_sha_hw_lock"); + /*WOLFSSL_MSG("enter esp_sha_hw_lock");*/ if(tsip_CryptHwMutexInit_ == 0){ + ret = tsip_CryptHwMutexInit(&tsip_mutex); + if(ret == 0) { tsip_CryptHwMutexInit_ = 1; } else { @@ -87,8 +191,7 @@ int tsip_hw_lock() /* this should not happens */ return -1; } - - WOLFSSL_MSG("leave tsip_sha_try_hw_lock"); + /*WOLFSSL_MSG("leave tsip_sha_try_hw_lock");*/ return ret; } @@ -97,49 +200,58 @@ int tsip_hw_lock() */ void tsip_hw_unlock( void ) { - WOLFSSL_MSG("enter tsip_hw_unlock"); - /* unlock hw engine for next use */ + /* WOLFSSL_MSG("enter tsip_hw_unlock"); */ tsip_CryptHwMutexUnLock(&tsip_mutex); - WOLFSSL_MSG("leave tsip_hw_unlock"); + /* WOLFSSL_MSG("leave tsip_hw_unlock");*/ } + /* check if tsip tls functions can be used for the cipher */ /* cipher0 : in the some cipher suite, */ /* first byte becomes greater than 0, otherwise 0x00 */ /* side : CLIENT END or SEVER END */ int tsip_useable(const struct WOLFSSL *ssl) { + WOLFSSL_MSG(">> tsip_useable"); byte cipher0; byte cipher; byte side; /* sanity check */ - if (ssl == NULL) + if (ssl == NULL){ + WOLFSSL_MSG("<< tsip_useable: No"); return BAD_FUNC_ARG; - + } /* when rsa key index == NULL, tsip isn't used for cert verification. */ /* in the case, we cannot use TSIP. */ - if (!ssl->peerTsipEncRsaKeyIndex) + if (!ssl->peerTsipEncRsaKeyIndex){ + WOLFSSL_MSG("<< tsip_useable: No"); return 0; - + } /* when enabled Extended Master Secret, we cannot use TSIP. */ - if (ssl->options.haveEMS) + if (ssl->options.haveEMS){ + WOLFSSL_MSG("<< tsip_useable: No"); return 0; - + } cipher0 = ssl->options.cipherSuite0; cipher = ssl->options.cipherSuite; side = ssl->options.side; - if (cipher0 > 0x00) + if (cipher0 > 0x00){ + WOLFSSL_MSG("<< tsip_useable: No"); return 0; - + } if ((cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA || cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA256 || cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA || cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA256) && - side == WOLFSSL_CLIENT_END) + side == WOLFSSL_CLIENT_END){ + WOLFSSL_MSG("<< tsip_useable: Yes"); return 1; - else + } + else{ + WOLFSSL_MSG("<< tsip_useable: No"); return 0; + } } /* check if the g_alreadyVerified CA's key can be used for * @@ -157,18 +269,56 @@ byte tsip_rootCAverified( ) } /* open TSIP driver for use */ -int tsip_Open( ) { - +int tsip_Open() +{ + WOLFSSL_MSG(">> tsip_Open"); int ret; if ((ret = tsip_hw_lock()) == 0) { - /* open the TSIP */ + +#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=109) + + ret = R_TSIP_Open(NULL,NULL); + if( ret != TSIP_SUCCESS ) { + WOLFSSL_MSG("RENESAS TSIP Open failed"); + } + + if( ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key ){ + + ret = R_TSIP_GenerateTlsRsaPublicKeyIndex( + g_user_key_info.encrypted_provisioning_key, + g_user_key_info.iv, + g_user_key_info.encrypted_user_tls_key, + &g_user_key_info.user_rsa2048_tls_pubindex); /* OUT */ + + R_TSIP_Close(); /* close once */ + + if( ret != TSIP_SUCCESS ){ + + WOLFSSL_MSG("R_TSIP_GenerataeTlsRsa: NG" ); + + } else { + + /* open again with newly created TLS public key index*/ + ret = R_TSIP_Open( + &g_user_key_info.user_rsa2048_tls_pubindex, + (tsip_update_key_ring_t*)s_inst2); + + if (ret != TSIP_SUCCESS) { + WOLFSSL_MSG("R_TSIP_(Re)Open: NG"); + } + /* init vars */ + g_CAscm_Idx = (uint32_t)-1; + } + } + +#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=106) + ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2); if( ret != TSIP_SUCCESS ) { WOLFSSL_MSG("RENESAS TSIP Open failed"); } -#if defined(WOLFSSL_RENESAS_TSIP_TLS) /* generate TLS Rsa public key for Certificate verification */ if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) { ret = R_TSIP_GenerateTlsRsaPublicKeyIndex( @@ -194,17 +344,25 @@ int tsip_Open( ) { g_CAscm_Idx = (uint32_t)-1; } } +#else + ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2); + if( ret != TSIP_SUCCESS ) { + WOLFSSL_MSG("RENESAS TSIP Open failed"); + } #endif /* unlock hw */ tsip_hw_unlock(); } else WOLFSSL_MSG("Failed to lock tsip hw \n"); + WOLFSSL_MSG( "<< tsip_Open"); return ret; } /* close TSIP driver */ -void tsip_Close( ) { +void tsip_Close() +{ + WOLFSSL_MSG(">> tsip_Close"); int ret; if ((ret = tsip_hw_lock()) == 0) { @@ -220,6 +378,7 @@ void tsip_Close( ) { } } else WOLFSSL_MSG("Failed to unlock tsip hw \n"); + WOLFSSL_MSG("<< tsip_Close"); } /* Support functions for TSIP TLS Capability */ @@ -232,15 +391,39 @@ void tsip_inform_cert_sign(const byte *sign) if(sign) ca_cert_sig = sign; } - +#if (WOLFSSL_RENESAS_TSIP_VER>=109) +void tsip_inform_user_keys_ex( + byte* encrypted_provisioning_key, + byte* iv, + byte* encrypted_user_tls_key, + word32 encrypted_user_tls_key_type) +{ + WOLFSSL_MSG(">> tsip_inform_user_keys_ex"); + g_user_key_info.encrypted_provisioning_key = NULL; + g_user_key_info.iv = NULL; + g_user_key_info.encrypted_user_tls_key = NULL; + + if ( encrypted_provisioning_key ) { + g_user_key_info.encrypted_provisioning_key = encrypted_provisioning_key; + } + if ( iv ) { + g_user_key_info.iv = iv; + } + if ( encrypted_user_tls_key ) { + g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key; + } + + g_user_key_info.encrypted_user_tls_key_type = encrypted_user_tls_key_type; + WOLFSSL_MSG("<< tsip_inform_user_keys_ex"); +} +#elif (WOLFSSL_RENESAS_TSIP_VER>=106) /* inform user key */ /* the function expects to be called from user application */ /* user has to create these key information by Renesas tool in advance.*/ void tsip_inform_user_keys( byte *encrypted_session_key, byte *iv, - byte *encrypted_user_tls_key -) + byte *encrypted_user_tls_key) { g_user_key_info.encrypted_session_key = NULL; g_user_key_info.iv = NULL; @@ -256,34 +439,23 @@ void tsip_inform_user_keys( g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key; } } +#endif #ifndef NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION -/* convert def to tsip define */ -static byte _tls2tsipdef(byte cipher) -{ - byte def = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA; - switch(cipher){ - case l_TLS_RSA_WITH_AES_128_CBC_SHA: - break; - case l_TLS_RSA_WITH_AES_128_CBC_SHA256: - def = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA256; - break; - case l_TLS_RSA_WITH_AES_256_CBC_SHA: - def = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA; - break; - case l_TLS_RSA_WITH_AES_256_CBC_SHA256: - def = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA256; - break; - default:break; - } - return def; -} + /* Sha1Hmac */ -int tsip_Sha1Hmac(const struct WOLFSSL *ssl, const byte *myInner, - word32 innerSz, const byte *in, word32 sz, byte *digest, - word32 verify) +int tsip_Sha1Hmac( + const struct WOLFSSL *ssl, + const byte* myInner, + word32 innerSz, + const byte* in, + word32 sz, + byte* digest, + word32 verify) { + WOLFSSL_MSG(">> tsip_Sha1Hmac()"); + tsip_hmac_sha_handle_t _handle; tsip_hmac_sha_key_index_t key_index; int ret; @@ -299,35 +471,50 @@ int tsip_Sha1Hmac(const struct WOLFSSL *ssl, const byte *myInner, if ( (ssl->options.side == WOLFSSL_CLIENT_END && !verify) || (ssl->options.side == WOLFSSL_SERVER_END && verify) ) - XMEMCPY(key_index.value, ssl->keys.tsip_client_write_MAC_secret, - sizeof(key_index.value)); - else - XMEMCPY(key_index.value, ssl->keys.tsip_server_write_MAC_secret, - sizeof(key_index.value)); - ret = R_TSIP_Sha1HmacGenerateInit(&_handle, &key_index); + key_index = ssl->keys.tsip_client_write_MAC_secret; + else + key_index = ssl->keys.tsip_server_write_MAC_secret; + + ret = R_TSIP_Sha1HmacGenerateInit( + &_handle, + &key_index); if (ret == TSIP_SUCCESS) - ret = R_TSIP_Sha1HmacGenerateUpdate(&_handle, (uint8_t*)myInner, - (uint32_t)innerSz); + ret = R_TSIP_Sha1HmacGenerateUpdate( + &_handle, + (uint8_t*)myInner, + (uint32_t)innerSz); if (ret == TSIP_SUCCESS) - ret = R_TSIP_Sha1HmacGenerateUpdate(&_handle, (uint8_t*)in, sz); + ret = R_TSIP_Sha1HmacGenerateUpdate( + &_handle, + (uint8_t*)in, + sz); if (ret == TSIP_SUCCESS) - ret = R_TSIP_Sha1HmacGenerateFinal(&_handle, digest); + ret = R_TSIP_Sha1HmacGenerateFinal( + &_handle, + digest); - /* unlock hw */ + tsip_hw_unlock(); - + WOLFSSL_MSG("<< tsip_Sha1Hmac"); return ret; } /* Sha256Hmac */ -int tsip_Sha256Hmac(const struct WOLFSSL *ssl, const byte *myInner, - word32 innerSz, const byte *in, word32 sz, byte *digest, - word32 verify) +int tsip_Sha256Hmac( + const struct WOLFSSL *ssl, + const byte* myInner, + word32 innerSz, + const byte* in, + word32 sz, + byte* digest, + word32 verify) { + WOLFSSL_MSG(">> tsip_Sha256Hmac"); + tsip_hmac_sha_handle_t _handle; tsip_hmac_sha_key_index_t key_index; int ret; @@ -338,32 +525,40 @@ int tsip_Sha256Hmac(const struct WOLFSSL *ssl, const byte *myInner, if ( (ssl->options.side == WOLFSSL_CLIENT_END && !verify) || (ssl->options.side == WOLFSSL_SERVER_END && verify) ) - XMEMCPY(key_index.value, ssl->keys.tsip_client_write_MAC_secret, - sizeof(key_index.value)); - else - XMEMCPY(key_index.value, ssl->keys.tsip_server_write_MAC_secret, - sizeof(key_index.value)); + + key_index = ssl->keys.tsip_client_write_MAC_secret; + else + key_index = ssl->keys.tsip_server_write_MAC_secret; if ((ret = tsip_hw_lock()) != 0) { WOLFSSL_MSG("hw lock failed\n"); return ret; } - ret = R_TSIP_Sha256HmacGenerateInit(&_handle, &key_index); + ret = R_TSIP_Sha256HmacGenerateInit( + &_handle, + &key_index); if (ret == TSIP_SUCCESS) - ret = R_TSIP_Sha256HmacGenerateUpdate(&_handle, (uint8_t*)myInner, - innerSz); + ret = R_TSIP_Sha256HmacGenerateUpdate( + &_handle, + (uint8_t*)myInner, + innerSz); if (ret == TSIP_SUCCESS) - ret = R_TSIP_Sha256HmacGenerateUpdate(&_handle, (uint8_t*)in, sz); + ret = R_TSIP_Sha256HmacGenerateUpdate( + &_handle, + (uint8_t*)in, + sz); if (ret == TSIP_SUCCESS) - ret = R_TSIP_Sha256HmacGenerateFinal(&_handle, digest); + ret = R_TSIP_Sha256HmacGenerateFinal( + &_handle, + digest); /* unlock hw */ tsip_hw_unlock(); - + WOLFSSL_MSG("<< tsip_Sha256Hmac"); return ret; } @@ -372,6 +567,7 @@ int tsip_generateVerifyData(const byte *ms, /* master secret */ const byte *side, const byte *handshake_hash, byte *hashes /* out */) { + WOLFSSL_MSG(">> tsip_generateVerifyData"); int ret ; uint32_t l_side = R_TSIP_TLS_GENERATE_CLIENT_VERIFY; @@ -394,13 +590,14 @@ int tsip_generateVerifyData(const byte *ms, /* master secret */ } /* unlock hw */ tsip_hw_unlock(); - + WOLFSSL_MSG("<< tsip_generateVerifyData"); return ret; } /* generate keys for TLS communication */ int tsip_generateSeesionKey(struct WOLFSSL *ssl) { + WOLFSSL_MSG(">> tsip_generateSeesionKey()"); int ret; Ciphers *enc; Ciphers *dec; @@ -413,13 +610,39 @@ int tsip_generateSeesionKey(struct WOLFSSL *ssl) return BAD_FUNC_ARG; if ((ret = tsip_hw_lock()) == 0) { + +#if (WOLFSSL_RENESAS_TSIP_VER>=109) + + uint8_t nonce[TSIP_SESSIONKEY_NONCE_SIZE] = {0}; + wc_RNG_GenerateBlock(ssl->rng, nonce,TSIP_SESSIONKEY_NONCE_SIZE); + ret = R_TSIP_TlsGenerateSessionKey( - _tls2tsipdef(ssl->options.cipherSuite), - (uint32_t*)ssl->arrays->tsip_masterSecret, - (uint8_t*)ssl->arrays->clientRandom, - (uint8_t*)ssl->arrays->serverRandom, &key_client_mac, - &key_server_mac, &key_client_aes, &key_server_aes, - NULL, NULL); + GetTsipCipherSuite( + ssl->options.cipherSuite0, + ssl->options.cipherSuite), + (uint32_t*)ssl->arrays->tsip_masterSecret, + (uint8_t*) ssl->arrays->clientRandom, + (uint8_t*) ssl->arrays->serverRandom, + nonce, + &key_client_mac, + &key_server_mac, + &key_client_aes, + &key_server_aes, + NULL, NULL); + +#elif (WOLFSSL_RENESAS_TSIP_VER>=106) + + ret = R_TSIP_TlsGenerateSessionKey( + _tls2tsipdef(ssl->options.cipherSuite), + (uint32_t*)ssl->arrays->tsip_masterSecret, + (uint8_t*)ssl->arrays->clientRandom, + (uint8_t*)ssl->arrays->serverRandom, + &key_client_mac, + &key_server_mac, + &key_client_aes, + &key_server_aes, + NULL, NULL); +#endif if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed\n"); } else { @@ -465,10 +688,11 @@ int tsip_generateSeesionKey(struct WOLFSSL *ssl) sizeof(key_client_aes)); } /* copy hac key index into keys */ - XMEMCPY(ssl->keys.tsip_client_write_MAC_secret, key_client_mac.value, - sizeof(key_client_mac.value)); - XMEMCPY(ssl->keys.tsip_server_write_MAC_secret, key_server_mac.value, - sizeof(key_client_mac.value)); + + + ssl->keys.tsip_client_write_MAC_secret = key_client_mac; + ssl->keys.tsip_server_write_MAC_secret = key_server_mac; + /* set up key size and marked readly */ if (enc){ enc->aes->ctx.keySize = ssl->specs.key_size; @@ -487,13 +711,55 @@ int tsip_generateSeesionKey(struct WOLFSSL *ssl) } else WOLFSSL_MSG("hw lock failed\n"); + WOLFSSL_MSG("<< tsip_generateSeesionKey"); return ret; } /* generate Master secrete by TSIP */ -int tsip_generateMasterSecret(const byte *pr, /* pre-master */ - const byte *cr, /* client random */ - const byte *sr, /* server random */ - byte *ms) +#if (WOLFSSL_RENESAS_TSIP_VER>=109) + +int tsip_generateMasterSecretEx( + byte cipherSuiteFirst, + byte cipherSuite, + const byte *pr, /* pre-master */ + const byte *cr, /* client random */ + const byte *sr, /* server random */ + byte *ms) +{ + WOLFSSL_MSG(">> tsip_generateMasterSecretEx"); + int ret; + + if ((pr == NULL) || (cr == NULL) || (sr == NULL) || + (ms == NULL)) + return BAD_FUNC_ARG; + + uint32_t tsipCS = GetTsipCipherSuite(cipherSuiteFirst,cipherSuite ); + if( tsipCS == 0xffffffff) + return BAD_FUNC_ARG; + + if ((ret = tsip_hw_lock()) == 0) { + ret = R_TSIP_TlsGenerateMasterSecret( + tsipCS, + (uint32_t*)pr, + (uint8_t*)cr, (uint8_t*)sr, (uint32_t*)ms); + if (ret != TSIP_SUCCESS) { + WOLFSSL_MSG("R_TSIP_TlsGenerateMasterSecret failed\n"); + } + /* unlock hw */ + tsip_hw_unlock(); + } else { + WOLFSSL_MSG(" hw lock failed "); + } + WOLFSSL_MSG("<< tsip_generateMasterSecretEx"); + return ret; +} + +#elif (WOLFSSL_RENESAS_TSIP_VER>=106) + +int tsip_generateMasterSecret( + const byte* pr, /* pre-master */ + const byte* cr, /* client random */ + const byte* sr, /* server random */ + byte* ms) { int ret; @@ -502,8 +768,12 @@ int tsip_generateMasterSecret(const byte *pr, /* pre-master */ return BAD_FUNC_ARG; if ((ret = tsip_hw_lock()) == 0) { - ret = R_TSIP_TlsGenerateMasterSecret( (uint32_t*)pr, - (uint8_t*)cr, (uint8_t*)sr, (uint32_t*)ms); + ret = R_TSIP_TlsGenerateMasterSecret( + (uint32_t*)pr, + (uint8_t*)cr, + (uint8_t*)sr, + (uint32_t*)ms); + if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_TlsGenerateMasterSecret failed\n"); } @@ -515,9 +785,11 @@ int tsip_generateMasterSecret(const byte *pr, /* pre-master */ return ret; } +#endif /* generate pre-Master secrete by TSIP */ int tsip_generatePremasterSecret(byte *premaster, word32 preSz ) { + WOLFSSL_MSG(">> tsip_generatePremasterSecret"); int ret; if (premaster == NULL) @@ -530,17 +802,25 @@ int tsip_generatePremasterSecret(byte *premaster, word32 preSz ) if (ret != TSIP_SUCCESS) { WOLFSSL_MSG(" R_TSIP_TlsGeneratePreMasterSecret failed\n"); } + /* unlock hw */ tsip_hw_unlock(); } else { WOLFSSL_MSG(" hw lock failed or preSz is smaller than 80"); } - + WOLFSSL_MSG("<< tsip_generatePremasterSecret"); return ret; } -/* generate encrypted pre-Master secrete by TSIP */ -int tsip_generateEncryptPreMasterSecret(WOLFSSL *ssl, byte *out, word32 *outSz) + +/* +* generate encrypted pre-Master secrete by TSIP +*/ +int tsip_generateEncryptPreMasterSecret( + WOLFSSL* ssl, + byte* out, + word32* outSz) { + WOLFSSL_MSG(">> tsip_generateEncryptPreMasterSecret"); int ret; if ((ssl == NULL) || (out == NULL) || (outSz == NULL)) @@ -548,10 +828,22 @@ int tsip_generateEncryptPreMasterSecret(WOLFSSL *ssl, byte *out, word32 *outSz) if ((ret = tsip_hw_lock()) == 0) { if (*outSz >= 256) + + #if (WOLFSSL_RENESAS_TSIP_VER>=109) + + ret = R_TSIP_TlsEncryptPreMasterSecretWithRsa2048PublicKey( + (uint32_t*)ssl->peerTsipEncRsaKeyIndex, + (uint32_t*)&ssl->arrays->preMasterSecret[VERSION_SZ], + (uint8_t*)out); + + #elif (WOLFSSL_RENESAS_TSIP_VER>=106) + ret = R_TSIP_TlsEncryptPreMasterSecret( (uint32_t*)ssl->peerTsipEncRsaKeyIndex, (uint32_t*)&ssl->arrays->preMasterSecret[VERSION_SZ], (uint8_t*)out); + + #endif else ret = -1; @@ -560,23 +852,26 @@ int tsip_generateEncryptPreMasterSecret(WOLFSSL *ssl, byte *out, word32 *outSz) } else { *outSz = 256; /* TSIP can only handles 2048 RSA */ } - /* unlock hw */ + tsip_hw_unlock(); + } else { WOLFSSL_MSG(" hw lock failed "); } - + WOLFSSL_MSG("<< tsip_generateEncryptPreMasterSecret"); return ret; } #endif /* NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION */ /* Certificate verification by TSIP */ -int tsip_tls_CertVerify(const byte *cert, word32 certSz, - const byte *signature, word32 sigSz, - word32 key_n_start, word32 key_n_len, - word32 key_e_start, word32 key_e_len, - byte *tsip_encRsaKeyIndex) +int tsip_tls_CertVerify( + const byte* cert, word32 certSz, + const byte* signature, word32 sigSz, + word32 key_n_start,word32 key_n_len, + word32 key_e_start,word32 key_e_len, + byte* tsip_encRsaKeyIndex) { + WOLFSSL_MSG(">> tsip_tls_CertVerify"); int ret; if (cert == NULL) @@ -592,6 +887,24 @@ int tsip_tls_CertVerify(const byte *cert, word32 certSz, } if ((ret = tsip_hw_lock()) == 0) { + + #if (WOLFSSL_RENESAS_TSIP_VER>=109) + + ret = R_TSIP_TlsCertificateVerification( + g_user_key_info.encrypted_user_tls_key_type, + (uint32_t*)g_encrypted_publicCA_key,/* encrypted public key */ + (uint8_t*)cert, /* certificate der */ + certSz, /* length of der */ + (uint8_t*)signature, /* sign data by RSA PSS */ + key_n_start, /* start position of public key n in bytes */ + (key_n_start + key_n_len), /* length of the public key n */ + key_e_start, /* start pos, key e in bytes */ + (key_e_start + key_e_len), /* length of the public key e */ + (uint32_t*)tsip_encRsaKeyIndex /* returned encrypted key */ + ); + + #elif (WOLFSSL_RENESAS_TSIP_VER>=106) + ret = R_TSIP_TlsCertificateVerification( (uint32_t*)g_encrypted_publicCA_key,/* encrypted public key */ (uint8_t*)cert, /* certificate der */ @@ -603,7 +916,8 @@ int tsip_tls_CertVerify(const byte *cert, word32 certSz, (key_e_start + key_e_len), /* length of the public key e */ (uint32_t*)tsip_encRsaKeyIndex /* returned encrypted key */ ); - + #endif + if (ret != TSIP_SUCCESS) { WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification() failed"); } @@ -611,15 +925,17 @@ int tsip_tls_CertVerify(const byte *cert, word32 certSz, } else { WOLFSSL_MSG(" hw lock failed "); } - + WOLFSSL_MSG("<< tsip_tls_CertVerify"); return ret; } /* Root Certificate verification */ -int tsip_tls_RootCertVerify(const byte *cert, word32 cert_len, - word32 key_n_start, word32 key_n_len, - word32 key_e_start, word32 key_e_len, - word32 cm_row) +int tsip_tls_RootCertVerify( + const byte* cert, word32 cert_len, + word32 key_n_start, word32 key_n_len, + word32 key_e_start, word32 key_e_len, + word32 cm_row) { + WOLFSSL_MSG(">> tsip_tls_RootCertVerify"); int ret; /* call to generate encrypted public key for certificate verification */ uint8_t *signature = (uint8_t*)ca_cert_sig; @@ -633,23 +949,36 @@ int tsip_tls_RootCertVerify(const byte *cert, word32 cert_len, } if ((ret = tsip_hw_lock()) == 0) { - ret = R_TSIP_TlsRootCertificateVerification( - /* CA cert */ - (uint8_t*)cert, - /* length of CA cert */ - (uint32_t)cert_len, - /* Byte position of public key */ - key_n_start, - (key_n_start + key_n_len), - key_e_start, - (key_e_start + key_e_len), - /* signature by "RSA 2048 PSS with SHA256" */ - (uint8_t*)ca_cert_sig, - /* RSA-2048 public key used by - RSA-2048 PSS with SHA256. 560 Bytes*/ - g_encrypted_publicCA_key - ); + #if (WOLFSSL_RENESAS_TSIP_VER>=109) + + ret = R_TSIP_TlsRootCertificateVerification( + g_user_key_info.encrypted_user_tls_key_type, + (uint8_t*)cert, /* CA cert */ + (uint32_t)cert_len, /* length of CA cert */ + key_n_start, /* Byte position of public key */ + (key_n_start + key_n_len), + key_e_start, + (key_e_start + key_e_len), + (uint8_t*)ca_cert_sig, /* "RSA 2048 PSS with SHA256" */ + g_encrypted_publicCA_key); /* RSA-2048 public key 560 bytes */ + + #elif (WOLFSSL_RENESAS_TSIP_VER>=106) + + ret = R_TSIP_TlsRootCertificateVerification( + (uint8_t*)cert,/* CA cert */ + (uint32_t)cert_len,/* length of CA cert */ + key_n_start, /* Byte position of public key */ + (key_n_start + key_n_len), + key_e_start, + (key_e_start + key_e_len), + (uint8_t*)ca_cert_sig,/* "RSA 2048 PSS with SHA256" */ + /* RSA-2048 public key used by + RSA-2048 PSS with SHA256. 560 Bytes*/ + g_encrypted_publicCA_key ); + + #endif + if (ret != TSIP_SUCCESS) { WOLFSSL_MSG(" R_TSIP_TlsRootCertVerify() failed"); } else { @@ -660,7 +989,7 @@ int tsip_tls_RootCertVerify(const byte *cert, word32 cert_len, } else { WOLFSSL_MSG(" hw lock failed "); } - + WOLFSSL_MSG("<< tsip_tls_RootCertVerify"); return ret; } #endif /* WOLFSSL_RENESAS_TSIP_TLS */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index a6dc8695f..127d9bb53 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2121,8 +2121,10 @@ typedef struct Keys { byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */ #endif #ifdef WOLFSSL_RENESAS_TSIP_TLS - byte tsip_client_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; - byte tsip_server_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; + + tsip_hmac_sha_key_index_t tsip_client_write_MAC_secret; + tsip_hmac_sha_key_index_t tsip_server_write_MAC_secret; + #endif } Keys; diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index 2055ee024..996c8c40e 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -35,6 +35,13 @@ extern "C" { #endif +#define TSIP_SESSIONKEY_NONCE_SIZE 8 + +typedef enum { + WOLFSSL_TSIP_NOERROR = 0, + WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff, +}wolfssl_tsip_error_number; + typedef enum { tsip_Key_SESSION = 1, tsip_Key_AES128 = 2, @@ -52,6 +59,34 @@ enum { l_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, }; +#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109) + +typedef struct +{ + uint8_t *encrypted_provisioning_key; + uint8_t *iv; + uint8_t *encrypted_user_tls_key; + uint32_t encrypted_user_tls_key_type; + tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex; +} tsip_key_data; + +void tsip_inform_user_keys_ex( + byte* provisioning_key, /* key got from DLM server */ + byte* iv, /* iv used for public key */ + byte* encrypted_public_key,/*RSA2048 or ECDSAp256 public key*/ + word32 public_key_type); /* 0: RSA-2048 2:ECDSA P-256 */ + +int tsip_generateMasterSecretEx( + byte cipherSuiteFirst, + byte cipherSuite, + const byte* pr, /* pre-master */ + const byte* cr, /* client random */ + const byte* sr, /* server random */ + byte* ms); + + +#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=106) + typedef struct { uint8_t *encrypted_session_key; @@ -60,45 +95,81 @@ typedef struct tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex; } tsip_key_data; -struct WOLFSSL; - -int tsip_Open( ); -void tsip_Close( ); -int tsip_hw_lock(); -void tsip_hw_unlock( void ); -int tsip_usable(const struct WOLFSSL *ssl); -void tsip_inform_sflash_signedcacert(const byte *ps_flash, - const byte *psigned_ca_cert, word32 len); -void tsip_inform_cert_sign(const byte *sign); -/* set / get key */ void tsip_inform_user_keys(byte *encrypted_session_key, byte *iv, byte *encrypted_user_tls_key); - -byte tsip_rootCAverified( ); -byte tsip_checkCA(word32 cmIdx); -int tsip_tls_RootCertVerify(const byte *cert , word32 cert_len, - word32 key_n_start, word32 key_n_len, - word32 key_e_start, word32 key_e_len, - word32 cm_row); -int tsip_tls_CertVerify(const byte *cert, word32 certSz, - const byte *signature, word32 sigSz, - word32 key_n_start, word32 key_n_len, - word32 key_e_start, word32 key_e_len, - byte *tsip_encRsaKeyIdx); -void tsip_inform_key_position(const word32 key_n_start, const word32 key_n_len, - const word32 key_e_start, const word32 key_e_len); -int tsip_generatePremasterSecret(byte *premaster, word32 preSz); -int tsip_generateEncryptPreMasterSecret(struct WOLFSSL *ssl, byte *out, - word32 *outSz); int tsip_generateMasterSecret(const byte *pre, const byte *cr,const byte *sr, byte *ms); -int tsip_generateSeesionKey(struct WOLFSSL *ssl); -int tsip_Sha256Hmac(const struct WOLFSSL *ssl, const byte *myInner, - word32 innerSz, const byte *in, word32 sz, byte *digest, - word32 verify); -int tsip_Sha1Hmac(const struct WOLFSSL *ssl, const byte *myInner, - word32 innerSz, const byte *in, word32 sz, byte *digest, - word32 verify); +#endif + +struct WOLFSSL; + +int tsip_Open(); + +void tsip_Close(); + +int tsip_hw_lock(); + +void tsip_hw_unlock( void ); + +int tsip_usable(const struct WOLFSSL *ssl); + +void tsip_inform_sflash_signedcacert( + const byte* ps_flash, + const byte* psigned_ca_cert, + word32 len); +void tsip_inform_cert_sign(const byte *sign); + +byte tsip_rootCAverified(); + +byte tsip_checkCA(word32 cmIdx); + +int tsip_tls_RootCertVerify( + const byte* cert, word32 cert_len, + word32 key_n_start, word32 key_n_len, + word32 key_e_start, word32 key_e_len, + word32 cm_row); + +int tsip_tls_CertVerify( + const byte* cert, word32 certSz, + const byte* signature, word32 sigSz, + word32 key_n_start, word32 key_n_len, + word32 key_e_start, word32 key_e_len, + byte* tsip_encRsaKeyIdx); + +void tsip_inform_key_position( + const word32 key_n_start, + const word32 key_n_len, + const word32 key_e_start, + const word32 key_e_len); + +int tsip_generatePremasterSecret( + byte* premaster, + word32 preSz); + +int tsip_generateEncryptPreMasterSecret( + struct WOLFSSL* ssl, + byte* out, + word32* outSz); + +int tsip_generateSeesionKey(struct WOLFSSL *ssl); + +int tsip_Sha256Hmac( + const struct WOLFSSL *ssl, + const byte* myInner, + word32 innerSz, + const byte* in, + word32 sz, + byte* digest, + word32 verify); + +int tsip_Sha1Hmac( + const struct WOLFSSL *ssl, + const byte* myInner, + word32 innerSz, + const byte* in, + word32 sz, + byte* digest, + word32 verify); #if (!defined(NO_SHA) || !defined(NO_SHA256)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) @@ -128,10 +199,10 @@ typedef wolfssl_TSIP_Hash wc_Sha; #endif /* NO_SHA */ #if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) -typedef struct { - tsip_aes_key_index_t tsip_keyIdx; - word32 keySize; -} TSIP_AES_CTX; + typedef struct { + tsip_aes_key_index_t tsip_keyIdx; + word32 keySize; + } TSIP_AES_CTX; struct Aes; int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in,