Fix for RX TSIP ECDSA Verify hash padding/truncation. Fix to set ECDSA crypto callback "res" on success.

2024-07-01 13:43:26 -07:00
parent 73a1938e89
commit 7ad0248558
2 changed files with 42 additions and 13 deletions
--- a/wolfcrypt/src/port/Renesas/renesas_common.c
+++ b/wolfcrypt/src/port/Renesas/renesas_common.c
@ -257,12 +257,12 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
         * Can handle only RSA PkCS#1v1.5 padding scheme here.
         */
        if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
-            ret = tsip_SignRsaPkcs(info, ctx);
+            ret = tsip_SignRsaPkcs(info, cbInfo);
        }
        #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
        /* RSA Verify */
        if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
-            ret = wc_tsip_RsaVerifyPkcs(info, ctx);
+            ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
        }
        #endif
    #endif /* !NO_RSA */
@ -270,12 +270,12 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
    #if defined(HAVE_ECC)
        #if defined(WOLFSSL_RENESAS_TSIP_TLS)
        if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
-            ret = tsip_SignEcdsa(info, ctx);
+            ret = tsip_SignEcdsa(info, cbInfo);
        }
        #endif
        #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
        if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
-            ret = tsip_VerifyEcdsa(info, ctx);
+            ret = tsip_VerifyEcdsa(info, cbInfo);
        }
        #endif
    #endif /* HAVE_ECC */
@ -814,7 +814,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
    WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
    if (Renesas_cmn_usable(ssl, 0)) {
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-        ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, cbInfo->devId);
+        ret = wc_tsip_generateSessionKey(ssl, cbInfo, cbInfo->devId);
 #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
        ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId);
 #endif
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
@ -4005,7 +4005,17 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */

 #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-/*   Perform verify with the wrapped public key, provided hash and signature r+s
+/* zero pad or truncate hash */
+static int tsip_HashPad(int curveSz, uint8_t* hash,
+    const uint8_t* hashIn, int hashSz)
+{
+    if (hashSz > curveSz)
+        hashSz = curveSz;
+    XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
+    return curveSz;
+}
+
+/* Perform verify with the wrapped public key, provided hash and signature r+s
 *
 * parameters
 *   info->pk.eccverify.in    : the buffer holding hash value of messages
@ -4021,6 +4031,9 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
    int ret = 0;
    e_tsip_err_t    err = TSIP_SUCCESS;
    tsip_ecdsa_byte_data_t hashData, sigData;
+    /* hard coding largest digest size, since WC_MAX_DIGEST_SZ could be 32
+     * if using SHA2-256 with ECDSA SECP384R1 */
+    uint8_t hash[48];

    WOLFSSL_ENTER("tsip_VerifyEcdsa");

@ -4028,14 +4041,15 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
        ret = CRYPTOCB_UNAVAILABLE;
    }

+    XMEMSET(hash, 0, sizeof(hash));
+
    if (ret == 0) {
        /* import public key_index from wrapped key */
        ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
    }

    if (ret == 0) {
-        hashData.pdata       = (uint8_t*)info->pk.eccverify.hash;
-        hashData.data_length = info->pk.eccverify.hashlen;
+        hashData.pdata      = (uint8_t*)hash;
        hashData.data_type  = tuc->keyflgs_crypt.bits.message_type;
        sigData.pdata       = (uint8_t*)info->pk.eccverify.sig;
        sigData.data_length = info->pk.eccverify.siglen;
@ -4044,23 +4058,38 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
            switch (tuc->wrappedKeyType) {
            #if !defined(NO_ECC256)
                case TSIP_KEY_TYPE_ECDSAP256:
+                    /* zero pad or truncate */
+                    hashData.data_length = tsip_HashPad(32, hash,
+                        info->pk.eccverify.hash, info->pk.eccverify.hashlen);
+
                    err = R_TSIP_EcdsaP256SignatureVerification(&sigData,
                        &hashData, &tuc->eccpub_keyIdx);
-                    if (err != TSIP_SUCCESS) {
+                    if (err == TSIP_SUCCESS) {
+                        *info->pk.eccverify.res = 1; /* success */
+                    }
+                    else {
                        ret = WC_HW_E;
                    }
                    break;
-                #endif
+                    break;
+            #endif

-                #if defined(HAVE_ECC384)
+            #if defined(HAVE_ECC384)
                case TSIP_KEY_TYPE_ECDSAP384:
+                    /* zero pad or truncate */
+                    hashData.data_length = tsip_HashPad(48, hash,
+                        info->pk.eccverify.hash, info->pk.eccverify.hashlen);
+
                    err = R_TSIP_EcdsaP384SignatureVerification(&sigData,
                        &hashData, &tuc->eccpub_keyIdx);
-                    if (err != TSIP_SUCCESS) {
+                    if (err == TSIP_SUCCESS) {
+                        *info->pk.eccverify.res = 1; /* success */
+                    }
+                    else {
                        ret = WC_HW_E;
                    }
                    break;
-                #endif
+            #endif

                default:
                    WOLFSSL_MSG("ECDSA public key size not available");