feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add support for TSIP v1.17

Browse Source
This commit is contained in:
TakayukiMatsuo
2023-03-07 03:40:58 +09:00
parent 09dd9a0ca3
commit 7d2a9136b6
24 changed files with 530 additions and 503 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
View File

@ -32,7 +32,7 @@ This sample program uses the following hardware and software libraries. If a new
|IDE| Renesas e2Studio Version:2022-01 |
|Emulator| E1, E2 Emulator Lite |
|Toolchain|CCRX v3.04.00|
|TSIP| TSIP v1.15|
|TSIP| TSIP v1.17|
<br>
The project of this sample program has a configuration file that uses the following FIT components.
@ -47,7 +47,7 @@ However, the FIT components themselves are not included in the distribution of t
|Generic system timer for RX MCUs|1.01|r_sys_time_rx|
|TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
|TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
|TSIP(Trusted Secure IP) driver|1.15.l|r_tsip_rx|
|TSIP(Trusted Secure IP) driver|1.17.l|r_tsip_rx|
<br>
Note) As of April 2022, TIPS v1.15 does not seem to be able to be added as a FIT component by adding a component in the Smart Configurator Perspective. Add it manually along the method described later.
@ -139,7 +139,7 @@ Now that the test application is ready to build.
### 8.1 TLS version supported by the test application
<br>
If you use TSIP v1.15 or later, you can use the TLS1.3 protocol in addition to the existing TLS1.2. The following macro is defined to {board-name-folder}/common/user_settings.h.
You can use the TLS1.3 protocol in addition to the existing TLS1.2. The following macro is defined to {board-name-folder}/common/user_settings.h.
<br><br>
```
@ -307,8 +307,8 @@ will become necessary. Please refer to the manual provided by Renesas for how to
----
wolfSSL supports client authentication as follows:
- In TLS1.3, ECDSA certificates are handled by TSIP, RSA certificates are handled by software.
- In TLS1.2, both ECDSA and RSA certificates are handled by TSIP.
- Both ECDSA certificates and RSA certificates are handled by TSIP.
(1) Loading client certificate
@ -338,16 +338,11 @@ Define “WOLF_PRIVATE_KEY_ID” in your user_settings.h.
## 11. Limitations
----
<br>
wolfSSL, which supports TSIPv1.15, has the following functional restrictions.
wolfSSL, which supports TSIPv1.17, has the following functional restrictions.
<br><br>
1. Handshake message packets exchanged with the server during the TLS handshake are stored in plaintext in memory. This is used to calculate the hash of handshake messages. The content will be deleted at the end of the session.
1. In TLS 1.3, the client authentication function using TSIP is supported only for ECDSA client certificates. In the case of RSA certificate, it will be processed by software.
1. In TLS1.3, among the server authentication functions, “CertificateVerify” message from the server is processed by software.
1. Session resumption and early data using TSIP are not supported.
The above limitations 1 through 4 are expected to be improved by TSIP from the next version onwards.
The above limitations are expected to be improved by TSIP or wolfSSL from the next version onwards.

20
IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md
View File

@ -33,7 +33,7 @@ Renesas社製MCU RX65Nを搭載した評価ボードGR-ROSEをターゲットと
|IDE| Renesas e2Studio Version:2022-01 |
|エミュレーター| E1, E2エミュレーターLite |
|Toolchain|CCRX v3.04.00|
|TSIP| TSIP v1.15|
|TSIP| TSIP v1.17|
<br>
本サンプルプログラムのプロジェクトには以下のFITコンポーネントを使用する設定ファイルが用意されています。
@ -50,7 +50,7 @@ Renesas社製MCU RX65Nを搭載した評価ボードGR-ROSEをターゲットと
|Generic system timer for RX MCUs|1.01|r_sys_time_rx|
|TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
|TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
|TSIP(Trusted Secure IP) driver|1.15.l|r_tsip_rx|
|TSIP(Trusted Secure IP) driver|1.17.l|r_tsip_rx|
注意2022年4月現在、TIPSv1.15はFITコンポーネントとしてスマートコンフィギュレータパースペクティブのコンポーネントの追加操作では追加できないようです。後ほど説明する手動での追加方法を使って追加してください。<br>
@ -145,7 +145,7 @@ testアプリケーションのビルドの準備が整ったので、ビルド
### 8.1 testアプリケーションのサポートするTLSバージョン
<br>
TSIPv1.15以降を使用する場合には、これまでのTLS1.2に加えてTLS1.3プロトコルが使用できます。{board-name-folder}/common/user_settings.hに既定で以下のマクロ定義が設定されています。
TLS1.2に加えてTLS1.3プロトコルが使用できます。{board-name-folder}/common/user_settings.hに既定で以下のマクロ定義が設定されています。
<br><br>
```
@ -304,8 +304,8 @@ Received: I hear you fa shizzle!
-----
クライアント認証機能は以下のようにサポートしています。
- TLS1.3ではECDSA証明書はTSIPを使って処理し、RSA証明書はソフトウエアで処理します。
- TLS1.2ではECDSA証明書とRSA証明書は共にTSIPを使って処理します。
- ECDSA証明書あるいはRSA証明書はTSIPを使って処理します。
(1) クライアント証明書のロード
wolfSSL_CTX_use_certificate_buffer あるいはwolfSSL_CTX_use_certificate_chain_buffer_format を使ってクライアント証明書をロードしてください。
@ -336,14 +336,10 @@ user_settings.hにWOLF_PRIVATE_KEY_IDの定義を行ってください。
## 11. 制限事項
-----
TSIPv1.15をサポートしたwolfSSLでは以下の機能制限があります。
TSIPv1.17をサポートしたwolfSSLでは以下の機能制限があります。
1. TLSハンドシェーク中にサーバーと交換したメッセージパケットが平文でメモリ上に蓄積されています。これはハンドシェークメッセージのハッシュ計算に使用されます。内容はセッション終了時に削除されます。
2. TLS1.3ではTSIPを使ったクライアント認証機能はECDSAクライアント証明書の場合にのみサポートされます。RSA証明書の場合はソフトウエアでの処理となります
2. TSIPを使ってのセッション再開およびearly dataはサポートされません
3. TLS1.3ではTSIPを使ったサーバー認証機能のうち、CertificateVerifyメッセージの検証はソフトウエアでの処理となります。
4. TSIPを使ってのセッション再開およびearly dataはサポートされません。
上記制限事項1~4は次版以降のTSIPによって改善が見込まれています。
上記制限事項は次版以降のTSIPあるいはwolfSSLによって改善が見込まれています。

2
IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
View File

@ -40,7 +40,7 @@
* 115: TSIPv1.15
*----------------------------------------------------------------------------*/
#define WOLFSSL_RENESAS_TSIP
#define WOLFSSL_RENESAS_TSIP_VER 115
#define WOLFSSL_RENESAS_TSIP_VER 117
/*-- TLS version definitions --------------------------------------------------

88
IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c
View File

@ -186,56 +186,56 @@ const uint32_t encrypted_user_key_type =
const unsigned char ca_ecc_cert_der_sig[] =
{
0x6e, 0x7d, 0x2b, 0xd3, 0x6d, 0x6a, 0x70, 0x31, 0xbf, 0xcd, 0x6f, 0x32,
0x74, 0x8b, 0x4d, 0xdf, 0x7c, 0x72, 0xc6, 0x78, 0x61, 0x2b, 0x0f, 0xcc,
0xbc, 0xa3, 0x25, 0x54, 0x04, 0xfa, 0x9e, 0xf7, 0x1c, 0xa2, 0xe1, 0x33,
0x90, 0x08, 0xcd, 0x3c, 0xc1, 0x03, 0x66, 0xb6, 0x3f, 0xf1, 0xbf, 0xaf,
0x0d, 0xb0, 0xeb, 0xe4, 0xc7, 0x54, 0x60, 0x34, 0x3b, 0x62, 0xcf, 0x28,
0x95, 0xa2, 0x08, 0x79, 0xc5, 0x51, 0xf3, 0xe1, 0x88, 0x3b, 0xa0, 0x1d,
0x1d, 0x42, 0x5a, 0xba, 0x09, 0xe4, 0x64, 0xa1, 0x83, 0xf4, 0x60, 0x44,
0x89, 0xd3, 0xdd, 0x6c, 0x71, 0x7b, 0xd1, 0xb0, 0x28, 0x7b, 0x98, 0xe2,
0x4b, 0x99, 0x9a, 0x22, 0xd0, 0xeb, 0x1c, 0x5c, 0xbe, 0x49, 0x1a, 0xcf,
0xd7, 0x4b, 0x19, 0xe9, 0xdf, 0x82, 0x21, 0xe3, 0x87, 0x7a, 0x25, 0x58,
0x8f, 0x29, 0x0e, 0xce, 0xf4, 0x09, 0x0f, 0x2f, 0x04, 0xe9, 0xd2, 0xf9,
0xcc, 0xb7, 0x7a, 0x46, 0x5d, 0x98, 0x05, 0x54, 0x89, 0x8e, 0x09, 0x79,
0xa8, 0x6f, 0xf6, 0x12, 0xdd, 0x93, 0x38, 0x83, 0x14, 0x3f, 0x42, 0xcf,
0x03, 0x9d, 0x84, 0x9d, 0xe9, 0x6e, 0x9f, 0x87, 0x0f, 0xb8, 0x15, 0x9b,
0x9b, 0x4c, 0x32, 0x3b, 0x82, 0x7b, 0x3d, 0xd4, 0x85, 0x1e, 0x71, 0x99,
0x67, 0x40, 0x59, 0xad, 0x8c, 0x31, 0xd7, 0xa2, 0x81, 0xfd, 0x46, 0x21,
0xd7, 0xc8, 0x89, 0x3d, 0x17, 0x3f, 0x5e, 0x82, 0x5e, 0xfa, 0x7b, 0x34,
0x7a, 0x1b, 0x85, 0x86, 0xf8, 0x02, 0xf2, 0xf3, 0x01, 0x2c, 0xbd, 0x4a,
0x98, 0x0f, 0xe9, 0x4b, 0x1a, 0xa3, 0xee, 0xfc, 0x77, 0xda, 0xcf, 0xee,
0x9c, 0xca, 0xf9, 0xbf, 0xaa, 0x5b, 0xbc, 0x01, 0x4b, 0xd4, 0x74, 0x7c,
0xee, 0xfb, 0x7c, 0xc4, 0x31, 0xb7, 0x46, 0x9e, 0x94, 0x84, 0xa3, 0x82,
0x0c, 0x7b, 0x61, 0x4e
0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
0xc0, 0x73, 0x11, 0x1e
};
const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
/* ./ca-cert.der.sign, */
const unsigned char ca_cert_der_sig[] =
{
0x0a, 0xc8, 0xbb, 0x7e, 0x5a, 0x72, 0x6a, 0x5b, 0xf0, 0xc6, 0xbf, 0x36,
0x8e, 0xe1, 0xcd, 0xbc, 0x08, 0xfd, 0x22, 0x5a, 0x3b, 0x48, 0x33, 0xb9,
0x12, 0x55, 0x80, 0x6c, 0x36, 0x14, 0x05, 0x24, 0x63, 0x20, 0x8b, 0x26,
0x69, 0xa9, 0xe3, 0x15, 0xb9, 0x00, 0x8d, 0xea, 0x3a, 0xee, 0x2d, 0x41,
0xec, 0x43, 0x4a, 0x17, 0x48, 0x26, 0x4a, 0xd6, 0xe4, 0x1b, 0xa5, 0x97,
0x2e, 0xf6, 0x41, 0xa7, 0xa2, 0x2b, 0x83, 0x2c, 0xad, 0x6e, 0x4e, 0xfc,
0x57, 0xf1, 0x28, 0xf0, 0xa7, 0xf9, 0x5b, 0x48, 0xab, 0xed, 0x63, 0x22,
0xed, 0x1e, 0xf1, 0x9d, 0xab, 0xbf, 0x9c, 0x78, 0x04, 0x49, 0xad, 0xf1,
0x43, 0x2f, 0x21, 0x9c, 0x90, 0xb8, 0x35, 0x14, 0x68, 0x12, 0x89, 0x00,
0x20, 0x5b, 0x83, 0x52, 0xb7, 0xec, 0x26, 0x01, 0x26, 0xe1, 0x0f, 0xf6,
0x98, 0xd1, 0xb6, 0x28, 0x84, 0xc8, 0xa5, 0x3e, 0xe9, 0xfb, 0x19, 0x2e,
0x8f, 0xd7, 0x66, 0x98, 0xc0, 0x5e, 0x7b, 0xbc, 0x1a, 0xd9, 0x27, 0xb9,
0x76, 0xcc, 0x58, 0x48, 0x0c, 0x0c, 0x22, 0x23, 0x19, 0xfd, 0x22, 0xfa,
0x47, 0x90, 0x38, 0x62, 0xe0, 0x91, 0x79, 0x35, 0x3d, 0xa2, 0x83, 0x99,
0x2b, 0x86, 0x7a, 0x88, 0x9b, 0x07, 0xe7, 0xc5, 0x95, 0x69, 0x9a, 0x2b,
0x2e, 0x47, 0xcf, 0xfd, 0x9e, 0x64, 0xb5, 0xca, 0x44, 0x94, 0x95, 0xf3,
0x2a, 0x8f, 0x4a, 0xcf, 0x0f, 0xd4, 0x7e, 0x0d, 0x0f, 0x2a, 0x0b, 0xb6,
0x89, 0x64, 0xe3, 0x8c, 0x02, 0x3e, 0x76, 0x66, 0x68, 0x19, 0xa9, 0x07,
0x5a, 0xc6, 0x33, 0xcd, 0x27, 0xff, 0x07, 0xd4, 0x91, 0x5b, 0x11, 0x3a,
0xe3, 0xf5, 0x69, 0x70, 0xa7, 0xfe, 0xf2, 0xf0, 0xbd, 0x11, 0xaf, 0xa7,
0x37, 0xda, 0x24, 0x75, 0x3e, 0x1a, 0x39, 0x49, 0xb4, 0x1e, 0x0e, 0xaf,
0x5d, 0x1e, 0x94, 0xdf
0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
0x1d, 0xdb, 0x57, 0xb8
};
const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
/* ./client-cert.der.sign, */

9
IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c
View File

@ -193,7 +193,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
return;
}
#if defined(WOLFSSL_TLS13) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
@ -309,12 +309,9 @@ void wolfSSL_TLS_client( )
#else
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && !defined(WOLFSSL_TLS13)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
/* Note 1: TSIP asks client key pair for client authentication.
* Note 2: as of TSIP v1.15, client authentication is not supported by TSIP
* for RSA certificate on TLS1.3.
*/
/* Note: TSIP asks client key pair for client authentication. */
/* TSIP specific RSA private key */
if (tsip_use_PrivateKey_buffer(ssl,

BIN
IDE/Renesas/e2studio/RX65N/RSK/InstructionManualForExample_RSK+RX65N-2MB_EN.pdf
View File

Binary file not shown.

BIN
IDE/Renesas/e2studio/RX65N/RSK/InstructionManualForExample_RSK+RX65N-2MB_JP.pdf
View File

Binary file not shown.

88
IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
View File

@ -187,56 +187,56 @@ const uint32_t encrypted_user_key_type =
const unsigned char ca_ecc_cert_der_sig[] =
{
0x6e, 0x7d, 0x2b, 0xd3, 0x6d, 0x6a, 0x70, 0x31, 0xbf, 0xcd, 0x6f, 0x32,
0x74, 0x8b, 0x4d, 0xdf, 0x7c, 0x72, 0xc6, 0x78, 0x61, 0x2b, 0x0f, 0xcc,
0xbc, 0xa3, 0x25, 0x54, 0x04, 0xfa, 0x9e, 0xf7, 0x1c, 0xa2, 0xe1, 0x33,
0x90, 0x08, 0xcd, 0x3c, 0xc1, 0x03, 0x66, 0xb6, 0x3f, 0xf1, 0xbf, 0xaf,
0x0d, 0xb0, 0xeb, 0xe4, 0xc7, 0x54, 0x60, 0x34, 0x3b, 0x62, 0xcf, 0x28,
0x95, 0xa2, 0x08, 0x79, 0xc5, 0x51, 0xf3, 0xe1, 0x88, 0x3b, 0xa0, 0x1d,
0x1d, 0x42, 0x5a, 0xba, 0x09, 0xe4, 0x64, 0xa1, 0x83, 0xf4, 0x60, 0x44,
0x89, 0xd3, 0xdd, 0x6c, 0x71, 0x7b, 0xd1, 0xb0, 0x28, 0x7b, 0x98, 0xe2,
0x4b, 0x99, 0x9a, 0x22, 0xd0, 0xeb, 0x1c, 0x5c, 0xbe, 0x49, 0x1a, 0xcf,
0xd7, 0x4b, 0x19, 0xe9, 0xdf, 0x82, 0x21, 0xe3, 0x87, 0x7a, 0x25, 0x58,
0x8f, 0x29, 0x0e, 0xce, 0xf4, 0x09, 0x0f, 0x2f, 0x04, 0xe9, 0xd2, 0xf9,
0xcc, 0xb7, 0x7a, 0x46, 0x5d, 0x98, 0x05, 0x54, 0x89, 0x8e, 0x09, 0x79,
0xa8, 0x6f, 0xf6, 0x12, 0xdd, 0x93, 0x38, 0x83, 0x14, 0x3f, 0x42, 0xcf,
0x03, 0x9d, 0x84, 0x9d, 0xe9, 0x6e, 0x9f, 0x87, 0x0f, 0xb8, 0x15, 0x9b,
0x9b, 0x4c, 0x32, 0x3b, 0x82, 0x7b, 0x3d, 0xd4, 0x85, 0x1e, 0x71, 0x99,
0x67, 0x40, 0x59, 0xad, 0x8c, 0x31, 0xd7, 0xa2, 0x81, 0xfd, 0x46, 0x21,
0xd7, 0xc8, 0x89, 0x3d, 0x17, 0x3f, 0x5e, 0x82, 0x5e, 0xfa, 0x7b, 0x34,
0x7a, 0x1b, 0x85, 0x86, 0xf8, 0x02, 0xf2, 0xf3, 0x01, 0x2c, 0xbd, 0x4a,
0x98, 0x0f, 0xe9, 0x4b, 0x1a, 0xa3, 0xee, 0xfc, 0x77, 0xda, 0xcf, 0xee,
0x9c, 0xca, 0xf9, 0xbf, 0xaa, 0x5b, 0xbc, 0x01, 0x4b, 0xd4, 0x74, 0x7c,
0xee, 0xfb, 0x7c, 0xc4, 0x31, 0xb7, 0x46, 0x9e, 0x94, 0x84, 0xa3, 0x82,
0x0c, 0x7b, 0x61, 0x4e
0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
0xc0, 0x73, 0x11, 0x1e
};
const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
/* ./ca-cert.der.sign, */
const unsigned char ca_cert_der_sig[] =
{
0x0a, 0xc8, 0xbb, 0x7e, 0x5a, 0x72, 0x6a, 0x5b, 0xf0, 0xc6, 0xbf, 0x36,
0x8e, 0xe1, 0xcd, 0xbc, 0x08, 0xfd, 0x22, 0x5a, 0x3b, 0x48, 0x33, 0xb9,
0x12, 0x55, 0x80, 0x6c, 0x36, 0x14, 0x05, 0x24, 0x63, 0x20, 0x8b, 0x26,
0x69, 0xa9, 0xe3, 0x15, 0xb9, 0x00, 0x8d, 0xea, 0x3a, 0xee, 0x2d, 0x41,
0xec, 0x43, 0x4a, 0x17, 0x48, 0x26, 0x4a, 0xd6, 0xe4, 0x1b, 0xa5, 0x97,
0x2e, 0xf6, 0x41, 0xa7, 0xa2, 0x2b, 0x83, 0x2c, 0xad, 0x6e, 0x4e, 0xfc,
0x57, 0xf1, 0x28, 0xf0, 0xa7, 0xf9, 0x5b, 0x48, 0xab, 0xed, 0x63, 0x22,
0xed, 0x1e, 0xf1, 0x9d, 0xab, 0xbf, 0x9c, 0x78, 0x04, 0x49, 0xad, 0xf1,
0x43, 0x2f, 0x21, 0x9c, 0x90, 0xb8, 0x35, 0x14, 0x68, 0x12, 0x89, 0x00,
0x20, 0x5b, 0x83, 0x52, 0xb7, 0xec, 0x26, 0x01, 0x26, 0xe1, 0x0f, 0xf6,
0x98, 0xd1, 0xb6, 0x28, 0x84, 0xc8, 0xa5, 0x3e, 0xe9, 0xfb, 0x19, 0x2e,
0x8f, 0xd7, 0x66, 0x98, 0xc0, 0x5e, 0x7b, 0xbc, 0x1a, 0xd9, 0x27, 0xb9,
0x76, 0xcc, 0x58, 0x48, 0x0c, 0x0c, 0x22, 0x23, 0x19, 0xfd, 0x22, 0xfa,
0x47, 0x90, 0x38, 0x62, 0xe0, 0x91, 0x79, 0x35, 0x3d, 0xa2, 0x83, 0x99,
0x2b, 0x86, 0x7a, 0x88, 0x9b, 0x07, 0xe7, 0xc5, 0x95, 0x69, 0x9a, 0x2b,
0x2e, 0x47, 0xcf, 0xfd, 0x9e, 0x64, 0xb5, 0xca, 0x44, 0x94, 0x95, 0xf3,
0x2a, 0x8f, 0x4a, 0xcf, 0x0f, 0xd4, 0x7e, 0x0d, 0x0f, 0x2a, 0x0b, 0xb6,
0x89, 0x64, 0xe3, 0x8c, 0x02, 0x3e, 0x76, 0x66, 0x68, 0x19, 0xa9, 0x07,
0x5a, 0xc6, 0x33, 0xcd, 0x27, 0xff, 0x07, 0xd4, 0x91, 0x5b, 0x11, 0x3a,
0xe3, 0xf5, 0x69, 0x70, 0xa7, 0xfe, 0xf2, 0xf0, 0xbd, 0x11, 0xaf, 0xa7,
0x37, 0xda, 0x24, 0x75, 0x3e, 0x1a, 0x39, 0x49, 0xb4, 0x1e, 0x0e, 0xaf,
0x5d, 0x1e, 0x94, 0xdf
0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
0x1d, 0xdb, 0x57, 0xb8
};
const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
/* ./client-cert.der.sign, */

8
IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
View File

@ -37,9 +37,10 @@
* 113: TSIPv1.13
* 114: TSIPv1.14
* 115: TSIPv1.15
* 117: TSIPv1.17
*----------------------------------------------------------------------------*/
#define WOLFSSL_RENESAS_TSIP
#define WOLFSSL_RENESAS_TSIP_VER 115
#define WOLFSSL_RENESAS_TSIP_VER 117
/*-- TLS version definitions --------------------------------------------------
@ -109,6 +110,11 @@
*/
#define USE_ECC_CERT
/* Enable WOLFSSL_CHECK_SIG_FAULTS definition when self-verify for
* Ecc signature is required. It is disabled by default.
*/
/*#define WOLFSSL_CHECK_SIG_FAULTS*/
/* In this example application, Root CA cert buffer named
* "ca_ecc_cert_der_256" is used under the following macro definition
* for ECDSA.

27
IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
View File

@ -61,7 +61,7 @@
#define TLSSERVER_IP "192.168.1.14"
#define TLSSERVER_PORT 11111
#define YEAR 2022
#define YEAR 2023
#define MON 3
#define FREQ 10000 /* Hz */
@ -196,8 +196,7 @@ static void Tls_client_init(const char* cipherlist)
printf("client can't set cipher list");
}
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS) && \
(WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS)
if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
@ -303,7 +302,18 @@ static void Tls_client()
printf("ERROR tsip_use_PrivateKey_buffer\n");
}
}
# if defined(WOLFSSL_CHECK_SIG_FAULTS)
if (ret == 0){
ret = tsip_use_PublicKey_buffer(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_public_key,
sizeof(g_key_block_data.encrypted_user_ecc256_public_key),
TSIP_ECCP256);
if (ret != 0) {
printf("ERROR tsip_use_PublicKey_buffer\n");
}
}
#endif /* WOLFSSL_CHECK_SIG_FAULTS */
#else
/* DER format ECC private key */
@ -323,12 +333,9 @@ static void Tls_client()
#else
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && !defined(WOLFSSL_TLS13)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
/* Note 1: TSIP asks RSA client key pair for client authentication.
* Note 2: as of TSIP v1.15, client authentication is not supported by TSIP
* for RSA certificate on TLS1.3.
*/
/* Note: TSIP asks RSA client key pair for client authentication. */
/* TSIP specific RSA private key */
if (ret == 0) {
@ -363,7 +370,7 @@ static void Tls_client()
}
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS && !WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#endif /* USE_ECC_CERT */

BIN
IDE/Renesas/e2studio/RX72N/EnvisionKit/InstructionManualForExample_RX72N_EnvisonKit_EN.pdf
View File

Binary file not shown.

BIN
IDE/Renesas/e2studio/RX72N/EnvisionKit/InstructionManualForExample_RX72N_EnvisonKit_JP.pdf
View File

Binary file not shown.

2
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
View File

@ -202,7 +202,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
return;
}
#if defined(WOLFSSL_TLS13) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;

88
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
View File

@ -186,56 +186,56 @@ const uint32_t encrypted_user_key_type =
const unsigned char ca_ecc_cert_der_sig[] =
{
0x6e, 0x7d, 0x2b, 0xd3, 0x6d, 0x6a, 0x70, 0x31, 0xbf, 0xcd, 0x6f, 0x32,
0x74, 0x8b, 0x4d, 0xdf, 0x7c, 0x72, 0xc6, 0x78, 0x61, 0x2b, 0x0f, 0xcc,
0xbc, 0xa3, 0x25, 0x54, 0x04, 0xfa, 0x9e, 0xf7, 0x1c, 0xa2, 0xe1, 0x33,
0x90, 0x08, 0xcd, 0x3c, 0xc1, 0x03, 0x66, 0xb6, 0x3f, 0xf1, 0xbf, 0xaf,
0x0d, 0xb0, 0xeb, 0xe4, 0xc7, 0x54, 0x60, 0x34, 0x3b, 0x62, 0xcf, 0x28,
0x95, 0xa2, 0x08, 0x79, 0xc5, 0x51, 0xf3, 0xe1, 0x88, 0x3b, 0xa0, 0x1d,
0x1d, 0x42, 0x5a, 0xba, 0x09, 0xe4, 0x64, 0xa1, 0x83, 0xf4, 0x60, 0x44,
0x89, 0xd3, 0xdd, 0x6c, 0x71, 0x7b, 0xd1, 0xb0, 0x28, 0x7b, 0x98, 0xe2,
0x4b, 0x99, 0x9a, 0x22, 0xd0, 0xeb, 0x1c, 0x5c, 0xbe, 0x49, 0x1a, 0xcf,
0xd7, 0x4b, 0x19, 0xe9, 0xdf, 0x82, 0x21, 0xe3, 0x87, 0x7a, 0x25, 0x58,
0x8f, 0x29, 0x0e, 0xce, 0xf4, 0x09, 0x0f, 0x2f, 0x04, 0xe9, 0xd2, 0xf9,
0xcc, 0xb7, 0x7a, 0x46, 0x5d, 0x98, 0x05, 0x54, 0x89, 0x8e, 0x09, 0x79,
0xa8, 0x6f, 0xf6, 0x12, 0xdd, 0x93, 0x38, 0x83, 0x14, 0x3f, 0x42, 0xcf,
0x03, 0x9d, 0x84, 0x9d, 0xe9, 0x6e, 0x9f, 0x87, 0x0f, 0xb8, 0x15, 0x9b,
0x9b, 0x4c, 0x32, 0x3b, 0x82, 0x7b, 0x3d, 0xd4, 0x85, 0x1e, 0x71, 0x99,
0x67, 0x40, 0x59, 0xad, 0x8c, 0x31, 0xd7, 0xa2, 0x81, 0xfd, 0x46, 0x21,
0xd7, 0xc8, 0x89, 0x3d, 0x17, 0x3f, 0x5e, 0x82, 0x5e, 0xfa, 0x7b, 0x34,
0x7a, 0x1b, 0x85, 0x86, 0xf8, 0x02, 0xf2, 0xf3, 0x01, 0x2c, 0xbd, 0x4a,
0x98, 0x0f, 0xe9, 0x4b, 0x1a, 0xa3, 0xee, 0xfc, 0x77, 0xda, 0xcf, 0xee,
0x9c, 0xca, 0xf9, 0xbf, 0xaa, 0x5b, 0xbc, 0x01, 0x4b, 0xd4, 0x74, 0x7c,
0xee, 0xfb, 0x7c, 0xc4, 0x31, 0xb7, 0x46, 0x9e, 0x94, 0x84, 0xa3, 0x82,
0x0c, 0x7b, 0x61, 0x4e
0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
0xc0, 0x73, 0x11, 0x1e
};
const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
/* ./ca-cert.der.sign, */
const unsigned char ca_cert_der_sig[] =
{
0x0a, 0xc8, 0xbb, 0x7e, 0x5a, 0x72, 0x6a, 0x5b, 0xf0, 0xc6, 0xbf, 0x36,
0x8e, 0xe1, 0xcd, 0xbc, 0x08, 0xfd, 0x22, 0x5a, 0x3b, 0x48, 0x33, 0xb9,
0x12, 0x55, 0x80, 0x6c, 0x36, 0x14, 0x05, 0x24, 0x63, 0x20, 0x8b, 0x26,
0x69, 0xa9, 0xe3, 0x15, 0xb9, 0x00, 0x8d, 0xea, 0x3a, 0xee, 0x2d, 0x41,
0xec, 0x43, 0x4a, 0x17, 0x48, 0x26, 0x4a, 0xd6, 0xe4, 0x1b, 0xa5, 0x97,
0x2e, 0xf6, 0x41, 0xa7, 0xa2, 0x2b, 0x83, 0x2c, 0xad, 0x6e, 0x4e, 0xfc,
0x57, 0xf1, 0x28, 0xf0, 0xa7, 0xf9, 0x5b, 0x48, 0xab, 0xed, 0x63, 0x22,
0xed, 0x1e, 0xf1, 0x9d, 0xab, 0xbf, 0x9c, 0x78, 0x04, 0x49, 0xad, 0xf1,
0x43, 0x2f, 0x21, 0x9c, 0x90, 0xb8, 0x35, 0x14, 0x68, 0x12, 0x89, 0x00,
0x20, 0x5b, 0x83, 0x52, 0xb7, 0xec, 0x26, 0x01, 0x26, 0xe1, 0x0f, 0xf6,
0x98, 0xd1, 0xb6, 0x28, 0x84, 0xc8, 0xa5, 0x3e, 0xe9, 0xfb, 0x19, 0x2e,
0x8f, 0xd7, 0x66, 0x98, 0xc0, 0x5e, 0x7b, 0xbc, 0x1a, 0xd9, 0x27, 0xb9,
0x76, 0xcc, 0x58, 0x48, 0x0c, 0x0c, 0x22, 0x23, 0x19, 0xfd, 0x22, 0xfa,
0x47, 0x90, 0x38, 0x62, 0xe0, 0x91, 0x79, 0x35, 0x3d, 0xa2, 0x83, 0x99,
0x2b, 0x86, 0x7a, 0x88, 0x9b, 0x07, 0xe7, 0xc5, 0x95, 0x69, 0x9a, 0x2b,
0x2e, 0x47, 0xcf, 0xfd, 0x9e, 0x64, 0xb5, 0xca, 0x44, 0x94, 0x95, 0xf3,
0x2a, 0x8f, 0x4a, 0xcf, 0x0f, 0xd4, 0x7e, 0x0d, 0x0f, 0x2a, 0x0b, 0xb6,
0x89, 0x64, 0xe3, 0x8c, 0x02, 0x3e, 0x76, 0x66, 0x68, 0x19, 0xa9, 0x07,
0x5a, 0xc6, 0x33, 0xcd, 0x27, 0xff, 0x07, 0xd4, 0x91, 0x5b, 0x11, 0x3a,
0xe3, 0xf5, 0x69, 0x70, 0xa7, 0xfe, 0xf2, 0xf0, 0xbd, 0x11, 0xaf, 0xa7,
0x37, 0xda, 0x24, 0x75, 0x3e, 0x1a, 0x39, 0x49, 0xb4, 0x1e, 0x0e, 0xaf,
0x5d, 0x1e, 0x94, 0xdf
0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
0x1d, 0xdb, 0x57, 0xb8
};
const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
/* ./client-cert.der.sign, */

8
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
View File

@ -40,9 +40,10 @@
* 113: TSIPv1.13
* 114: TSIPv1.14
* 115: TSIPv1.15
* 117: TSIPv1.17
*----------------------------------------------------------------------------*/
#define WOLFSSL_RENESAS_TSIP
#define WOLFSSL_RENESAS_TSIP_VER 115
#define WOLFSSL_RENESAS_TSIP_VER 117
#if defined(SIMPLE_TLS_CLIENT) || defined(SIMPLE_TLS_SERVER)
#undef WOLFSSL_RENESAS_TSIP
@ -121,6 +122,11 @@
*/
#define USE_ECC_CERT
/* Enable WOLFSSL_CHECK_SIG_FAULTS definition when self-verify for
* Ecc signature is required. It is disabled by default.
*/
/*#define WOLFSSL_CHECK_SIG_FAULTS*/
/* In this example application, Root CA cert buffer named
* "ca_ecc_cert_der_256" is used under the following macro definition
* for ECDSA.

52
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
View File

@ -69,7 +69,7 @@
#define TLSSERVER_IP "192.168.11.49"
#define TLSSERVER_PORT 11111
#define YEAR 2022
#define YEAR 2023
#define MON 3
#define FREQ 10000 /* Hz */
#define MAX_MSGSTR 80
@ -240,8 +240,7 @@ static void Tls_client_init()
}
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS) && \
(WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS)
if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
@ -379,10 +378,11 @@ static void Tls_client(void *pvParam)
/* set client key(s) */
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(USE_ECC_CERT)
/* Client authentication using ECDSA certificate for TLS1.2 and 1.3 will be
* handled by TSIP. Therefore, the client private key should be
* TSIP-specific format and be set by tsip_use_PrivateKey_buffer.
/* Client authentication using ECDSA certificate can be handled by TSIP.
* Therefore, the client private key should be TSIP-specific format
* and be set by tsip_use_PrivateKey_buffer.
*/
if (ret == 0){
ret = tsip_use_PrivateKey_buffer(ssl,
@ -393,28 +393,24 @@ static void Tls_client(void *pvParam)
printf("ERROR tsip_use_PrivateKey_buffer\n");
}
}
#else
#if defined(WOLFSSL_TLS13)
/* Client authentication using RSA certificate for TLS1.3 cannot be
* handled by TSIP v1.15. Therefore, the client private key should be
* set using wolfSSL_use_PrivateKey_buffer for software processing.
*/
if (ret == 0) {
err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1);
if (err != SSL_SUCCESS) {
printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
wolfSSL_get_error(ssl, 0));
ret = -1;
}
# if defined(WOLFSSL_CHECK_SIG_FAULTS)
if (ret == 0){
ret = tsip_use_PublicKey_buffer(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_public_key,
sizeof(g_key_block_data.encrypted_user_ecc256_public_key),
TSIP_ECCP256);
if (ret != 0) {
printf("ERROR tsip_use_PublicKey_buffer\n");
}
#else
/* Client authentication using RSA certificate for TLS1.2 can be
* handled by TSIP. Note that the internal verification of
* the signature process requires not only the client's private key but
* also its public key, so pass them using tsip_use_PrivateKey_buffer
* and tsip_use_PublicKey_buffer respectively.
}
#endif /* WOLFSSL_CHECK_SIG_FAULTS */
#else
/* Client authentication using RSA certificate can be handled by TSIP.
* Note that the internal verification of the signature process requires
* not only the client's private key but also its public key, so pass them
* using tsip_use_PrivateKey_buffer and tsip_use_PublicKey_buffer
* respectively.
*/
if (ret == 0) {
ret = tsip_use_PrivateKey_buffer(ssl,
@ -434,7 +430,7 @@ static void Tls_client(void *pvParam)
printf("ERROR tsip_use_PublicKey_buffer: %d\n", ret);
}
}
#endif /* WOLFSSL_TLS13 */
#endif /* USE_ECC_CERT */
#else
#if defined(USE_ECC_CERT)

4
src/internal.c
View File

@ -9388,12 +9388,12 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz)
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_StoreMessage(ssl, data, sz);
if (ret != 0 && ret != CRYPTOCB_UNAVAILABLE) {
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#ifndef NO_OLD_TLS
#ifndef NO_SHA

4
src/tls.c
View File

@ -7121,7 +7121,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
kse->keyLen = keySize;
kse->pubKeyLen = keySize * 2 + 1;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13GenEccKeyPair(ssl, kse);
if (ret != CRYPTOCB_UNAVAILABLE) {
return ret;
@ -7925,7 +7925,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
ssl->peerEccKeyPresent = 0;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13GenSharedSecret(ssl, keyShareEntry);
if (ret != CRYPTOCB_UNAVAILABLE) {
return ret;

28
src/tls13.c
View File

@ -1042,7 +1042,7 @@ int DeriveEarlySecret(WOLFSSL* ssl)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13DeriveEarlySecret(ssl);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
@ -1078,7 +1078,7 @@ int DeriveHandshakeSecret(WOLFSSL* ssl)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13DeriveHandshakeSecret(ssl);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
@ -1113,7 +1113,7 @@ int DeriveMasterSecret(WOLFSSL* ssl)
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13DeriveMasterSecret(ssl);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
@ -1338,7 +1338,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
#endif
int provision;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13DeriveKeys(ssl, secret, side);
if (ret != CRYPTOCB_UNAVAILABLE) {
return ret;
@ -2418,7 +2418,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
ssl->error = 0; /* clear async */
}
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13AesEncrypt(ssl, output, input, dataSz);
if (ret != CRYPTOCB_UNAVAILABLE) {
if (ret > 0) {
@ -2427,7 +2427,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
return ret;
}
ret = 0;
#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
switch (ssl->encrypt.state) {
case CIPHER_STATE_BEGIN:
@ -2778,7 +2778,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
WOLFSSL_ENTER("DecryptTls13");
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13AesDecrypt(ssl, output, input, sz);
if (ret != CRYPTOCB_UNAVAILABLE) {
@ -8163,13 +8163,13 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
ssl->options.buildingMsg = 1;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13SendCertVerify(ssl);
if (ret != CRYPTOCB_UNAVAILABLE) {
goto exit_scv;
}
ret = 0;
#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#ifdef WOLFSSL_DTLS13
/* can be negative */
@ -8763,7 +8763,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_DO);
WOLFSSL_ENTER("DoTls13CertificateVerify");
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13CertificateVerify(ssl, input, inOutIdx, totalSz);
if (ret != CRYPTOCB_UNAVAILABLE) {
goto exit_dcv;
@ -9270,7 +9270,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (*inOutIdx + size > totalSz)
return BUFFER_E;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13HandleFinished(ssl, input, inOutIdx, size, totalSz);
if (ret == 0) {
ssl->options.serverState = SERVER_FINISHED_COMPLETE;
@ -9285,7 +9285,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret;
}
ret = 0;
#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
if (ssl->options.handShakeDone) {
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
@ -9451,7 +9451,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
AddTls13HandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (ssl->options.side == WOLFSSL_CLIENT_END) {
ret = tsip_Tls13SendFinished(ssl, output, outputSz, input, 1);
if (ret != CRYPTOCB_UNAVAILABLE) {
@ -9459,7 +9459,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
}
ret = 0;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* make finished hashes */
if (ssl->options.handShakeDone) {

2
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -53,7 +53,7 @@ WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl)
int ret = 0;
WOLFSSL_ENTER("Renesas_cmn_Cleanup");
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_TlsCleanup(ssl);
#endif

12
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@ -60,7 +60,7 @@ typedef e_tsip_err_t (*aesGcmDecUpdateFn)
typedef e_tsip_err_t (*aesGcmDecFinalFn)
(tsip_gcm_handle_t*, uint8_t*, uint32_t*, uint8_t*, uint32_t);
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* function pointer type defs for TLSv13 handshake AES-GCM/CCM encryption */
typedef e_tsip_err_t (*Tls13AesEncInitFn)
@ -80,10 +80,10 @@ typedef e_tsip_err_t (*Tls13AesDecUpdateFn)
typedef e_tsip_err_t (*Tls13AesDecFinalFn)
(tsip_tls13_handle_t*, uint8_t*, uint32_t*);
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* encrypt plain data.
*
* return cipher data size on success, negative value on failure.
@ -228,10 +228,10 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
WOLFSSL_LEAVE("tsip_Tls13AesEncrypt", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* decrypt encrypted handshake data for TLSv1.3
* AES-GCM or AES-CCM can be used
* return 0 on success, otherwise on error.
@ -375,7 +375,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 109)
#ifdef WOLF_CRYPTO_CB

12
wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
View File

@ -47,7 +47,7 @@
extern struct WOLFSSL_HEAP_HINT* tsip_heap_hint;
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* get hmac from handshake messages exchanged with server.
*
*/
@ -135,9 +135,9 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
WOLFSSL_LEAVE("tsipTls13GetHmacMessages", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* store handshake message for later hash or hmac operation.
*
*/
@ -211,9 +211,9 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
WOLFSSL_LEAVE("tsip_StoreMessage", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
int* sz)
{
@ -278,7 +278,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
WOLFSSL_LEAVE("tsip_GetMessageSha256", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */

543
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@ -81,6 +81,8 @@ extern uint32_t g_CAscm_Idx;
/* The server certificate verification label. */
static const byte serverCertVfyLabel[TSIP_CERT_VFY_LABEL_SZ] =
"TLS 1.3, server CertificateVerify";
static const byte clientCertVfyLabel[TSIP_CERT_VFY_LABEL_SZ] =
"TLS 1.3, client CertificateVerify";
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
@ -192,7 +194,7 @@ WOLFSSL_API int tsip_set_clientPrivateKeyEnc(const byte* encKey, int keyType)
return ret;
}
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* Flush raw handshake messages in MsgBag
*
*/
@ -215,9 +217,9 @@ static void tsipFlushMessages(struct WOLFSSL* ssl)
ForceZero(bag, sizeof(MsgBag));
}
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl)
{
int ret = 0;
@ -236,9 +238,9 @@ WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl)
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
/* generate ECC P265 key pair for ECDHE.
* generated public key is stored in KeyShareEntry.pubkey and private key is
@ -356,9 +358,9 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse)
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
/* generate shared secret(pre-master secret)
* get peer's raw ECDHE public key from KeyShareEntry.
@ -449,9 +451,9 @@ WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
{
@ -478,9 +480,9 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
/* derive handshake secret.
* get pre-master secret stored in TsipUserCtx.sharedSecret13Idx.
@ -556,9 +558,9 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
{
@ -640,9 +642,9 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
{
@ -724,9 +726,9 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
{
@ -816,9 +818,9 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
{
@ -888,9 +890,9 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
{
@ -960,9 +962,9 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
/* Derive the keys for TLS v1.3.
*
@ -1059,9 +1061,9 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl,
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
{
@ -1133,9 +1135,9 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
/* verify handshake
* ssl WOLFSSL object
@ -1223,9 +1225,9 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
/* handles finished message from server.
* verify hmac in the message. Also output verify data to
@ -1269,9 +1271,9 @@ WOLFSSL_LOCAL int tsip_Tls13HandleFinished(
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
/* Build TLS v1.3 Message and make it encrypted with AEAD algorithm.
* TSIP supports AES-GCM and AES-CCM.
@ -1369,9 +1371,9 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl,
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
/* Send finished message to the server.
*
@ -1436,96 +1438,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished(
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
static int tsipTls13GetPeerRSAPublicKeyIndex(struct WOLFSSL* ssl, uint8_t* key)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
TsipUserCtx* tuc = NULL;
WOLFSSL_ENTER("tsipTls13GetPeerRSAPublicKeyIndex");
if (ret == 0) {
tuc = ssl->RenesasUserCtx;
if (tuc == NULL) {
WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
ret = CRYPTOCB_UNAVAILABLE;
}
}
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
err = R_TSIP_GenerateRsa2048PublicKeyIndex(
g_user_key_info.encrypted_provisioning_key,
g_user_key_info.iv,
key,
&(tuc->serverRsa2048PubKey13Idx));
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
}
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("mutex locking error");
}
}
WOLFSSL_LEAVE("tsipTls13GetPeerRSAPublicKeyIndex", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
static int tsipTls13GetPeerECCPublicKeyIndex(struct WOLFSSL* ssl, uint8_t* key)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
TsipUserCtx* tuc = NULL;
WOLFSSL_ENTER("tsipTls13GetPeerECCPublicKeyIndex");
if (ret == 0) {
tuc = ssl->RenesasUserCtx;
if (tuc == NULL) {
WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
ret = CRYPTOCB_UNAVAILABLE;
}
}
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
err = R_TSIP_GenerateEccP256PublicKeyIndex(
g_user_key_info.encrypted_provisioning_key,
g_user_key_info.iv,
key,
&(tuc->serverEccP256PubKey13Idx));
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
}
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("mutex locking error");
}
}
WOLFSSL_LEAVE("tsipTls13GetPeerECCPublicKeyIndex", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
/* Parse and handle a TLS v1.3 CertificateVerify message sent from a server.
*
@ -1542,53 +1455,57 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
const byte* input, word32* inOutIdx,
word32 totalSz)
{
/* As of TSIP v1.15, R_TSIP_Tls13CertificateVerifyVerification can not
* handle peer's RSA key and also not accept encrypted peer's public key
* output from R_TSIP_TlsCertificateVerification.
* need to wait for next TSIP release.
*
* To retain code below until the future TSIP resolve this limitation and
* to cheat compilers the code is not dead, set CRYPTOCB_UNAVAILABLE
* to variable ret at the beginning of this function.
*/
int ret = 0;
byte* sigData = NULL;
byte hiAlgo,loAlgo;
int isRsa = -1;
int messageSz;
word16 signatureLen;
word16 idx;
e_tsip_err_t err = TSIP_SUCCESS;
TsipUserCtx* tuc = NULL;
tsip_rsa_byte_data_t signature;
tsip_rsa_byte_data_t message;
e_tsip_tls13_signature_scheme_type_t sig_scheme;
WOLFSSL_ENTER("tsip_Tls13CertificateVerify");
ret = CRYPTOCB_UNAVAILABLE;
if (ssl == NULL || input == NULL || inOutIdx == NULL) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
if (ENUM_LEN + ENUM_LEN > totalSz) {
ret = BUFFER_ERROR;
}
/* parse certificate verify message to get hash-algo */
hiAlgo = *(input + *inOutIdx);
loAlgo = *(input + *inOutIdx + 1);
}
if (ret == 0) {
/* get signature length */
ato16(input + *inOutIdx + 2, &signatureLen);
/* tsip accept ecc_dsa or rsa_pss */
if (ENUM_LEN + ENUM_LEN + OPAQUE16_LEN > totalSz) {
ret = BUFFER_ERROR;
}
}
if (ret == 0) {
if (ENUM_LEN + ENUM_LEN + OPAQUE16_LEN + signatureLen > totalSz) {
ret = BUFFER_ERROR;
}
}
if (ret == 0) {
/* check if tsip accepts signature algorithm */
if (hiAlgo == NEW_SA_MAJOR && loAlgo == sha256_mac) {
/* rsa_pss_rsae_sha256 0x0804 */
WOLFSSL_MSG("Peer sent RSA sig");
isRsa = 1;
sig_scheme = TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256;
}
if (hiAlgo == 0x04 && loAlgo == ecc_dsa_sa_algo) {
else if (hiAlgo == 0x04 && loAlgo == ecc_dsa_sa_algo) {
/* ecdsa_secp256r1_sha256 0x0403 */
WOLFSSL_MSG("Peer sent ECC sig");
isRsa = 0;
sig_scheme = TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256;
}
if ( isRsa == -1 ) {
else {
ret = CRYPTOCB_UNAVAILABLE;
}
}
@ -1602,28 +1519,13 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
}
}
/* check if peer public key is stored */
/* check if peer's public key is stored */
if (ret == 0) {
if (ssl->peerSceTsipEncRsaKeyIndex == NULL) {
ret = CRYPTOCB_UNAVAILABLE;
}
}
/* get the public key type and size of the peer */
if (ret == 0) {
if (isRsa) {
ret = tsipTls13GetPeerRSAPublicKeyIndex(ssl,
ssl->peerSceTsipEncRsaKeyIndex);
}
else {
ret = tsipTls13GetPeerECCPublicKeyIndex(ssl,
ssl->peerSceTsipEncRsaKeyIndex);
}
if (ret != 0) {
WOLFSSL_MSG("Failed to convert peer's public key to TSIP Key-idx");
}
}
if (ret == 0) {
/* create sign data */
sigData = tuc->sigDataCertVerify;
@ -1641,46 +1543,33 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
}
if (ret == 0) {
messageSz += idx; /* get sigData size */
signature.pdata = (uint8_t*)(input + *inOutIdx + 2);
signature.data_length = signatureLen;
message.pdata = sigData;
message.data_length = messageSz;
message.data_type = 0;
}
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
if (isRsa) { /* verify with peer's RSA 2048bit public key */
err = R_TSIP_RsassaPkcs2048SignatureVerification(
&signature,
&message,
&(tuc->serverRsa2048PubKey13Idx),
R_TSIP_RSA_HASH_SHA256);
err = R_TSIP_Tls13CertificateVerifyVerification(
(uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
sig_scheme,
&sigData[idx],
(uint8_t*)(input + *inOutIdx),
totalSz);
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
if (err == TSIP_ERR_AUTHENTICATION) {
WOLFSSL_MSG("Certificate Verification failed.");
}
if (err == TSIP_SUCCESS) {
*inOutIdx += totalSz;
*inOutIdx += ssl->keys.padSz;
ssl->options.peerAuthGood = 1;
ssl->options.havePeerVerify = 1;
#if !defined(NO_WOLFSSL_CLIENT)
if (ssl->options.side == WOLFSSL_CLIENT_END)
ssl->options.serverState = SERVER_CERT_VERIFY_COMPLETE;
#endif
}
else {
ret = WC_HW_E;
if (err == TSIP_ERR_AUTHENTICATION) {
WOLFSSL_MSG("Certificate Verification failed.");
}
}
else { /* verify with peer's ECC P256 public key */
err = R_TSIP_Tls13CertificateVerifyVerification(
(uint32_t*)&(tuc->serverEccP256PubKey13Idx),
TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
&sigData[idx],
(uint8_t*)(input + *inOutIdx),
totalSz);
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
if (err == TSIP_ERR_AUTHENTICATION) {
WOLFSSL_MSG("Certificate Verification failed.");
}
}
}
tsip_hw_unlock();
}
else {
@ -1692,16 +1581,22 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
static int tsipImportPrivateKey(TsipUserCtx* tuc)
/*
* Import wrapped private key then convert it into TSIP key_index format.
* The target key should be set with tsip_use_PrivateKey_buffer in advance.
* Acceptable key types are:
* TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now)
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
*/
static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
uint8_t* provisioning_key = g_user_key_info.encrypted_provisioning_key;
uint8_t* iv = g_user_key_info.iv;
uint8_t* encPrivKey;
int keyType;
WOLFSSL_ENTER("tsipImportPrivateKey");
@ -1709,12 +1604,19 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc)
return BAD_FUNC_ARG;
encPrivKey = tuc->wrappedPrivateKey;
keyType = tuc->wrappedKeyType;
if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) {
WOLFSSL_MSG("Missing some key materials used for import" );
return CRYPTOCB_UNAVAILABLE;
}
if (ret == 0) {
if (keyType != tuc->wrappedKeyType) {
WOLFSSL_MSG("No public key of specified type is set" );
return CRYPTOCB_UNAVAILABLE;
}
}
if ((ret = tsip_hw_lock()) == 0) {
switch (keyType) {
@ -1767,15 +1669,21 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc)
WOLFSSL_LEAVE("tsipImportPrivateKey", ret);
return ret;
}
static int tsipImportPublicKey(TsipUserCtx* tuc)
/*
* Import wrapped public key then convert it into TSIP key_index format.
* The target key should be set with tsip_use_PublicKey_buffer in advance.
* Acceptable key types are:
* TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now)
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
*/
static int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
uint8_t* provisioning_key = g_user_key_info.encrypted_provisioning_key;
uint8_t* iv = g_user_key_info.iv;
uint8_t* encPubKey;
int keyType;
WOLFSSL_ENTER("tsipImportPublicKey");
@ -1784,12 +1692,19 @@ static int tsipImportPublicKey(TsipUserCtx* tuc)
}
encPubKey = tuc->wrappedPublicKey;
keyType = tuc->wrappedKeyType;
if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) {
WOLFSSL_MSG("Missing some key materials used for import" );
return CRYPTOCB_UNAVAILABLE;
}
if (ret == 0) {
if (keyType != tuc->wrappedKeyType) {
WOLFSSL_MSG("No public key of specified type is set" );
return CRYPTOCB_UNAVAILABLE;
}
}
if ((ret = tsip_hw_lock()) == 0) {
switch(keyType) {
@ -1845,29 +1760,47 @@ static int tsipImportPublicKey(TsipUserCtx* tuc)
return ret;
}
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
#if defined(WOLFSSL_TLS13)
/* Send the TLS v1.3 CertificateVerify message.
/* Send the TLS v1.3 CertificateVerify message. A part of the message is
* processed by TSIP for acceleration.
*
* limitation:
* this function returns CRYPTOCB_UNAVAILABLE when the RSA private key is used.
* Since, R_TSIP_Tls13CertificateVerifyVerification does not accept RSA private
* key as of TSIP v1.15.
* Prior to this function call, the appropriate key-pair should be set via
* tsip_use_PrivateKey_buffer and tsip_use_PublicKey_buffer APIs. Those key pair
* can be generated by the tool named "Renesas secure flash programmer".
* When RSA certificate is used, both public and private keys should be set.
* The public key is used for self-verify the generated certificateVerify
* message. When ECC certificate is used, the self-verify will be performed only
* WOLFSSL_CHECK_SIG_FAULTS is defined.
*
* Returns 0 on success, CRYPTOCB_UNAVAILABLE when the required key is not
* provided or unsupported algo is specified and otherwise failure.
*/
WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
byte* sigData = NULL;
word16 idx;
int isTLS13 = 0;
TsipUserCtx* tuc = NULL;
byte* output = NULL;
byte* message = NULL;
byte* derSig = NULL;
int isRsa = -1;
uint32_t messageSz,recordSz,hashSz;
byte* sigData = NULL;
byte hash[WC_SHA256_DIGEST_SIZE];
byte sig_rs[R_TSIP_ECDSA_DATA_BYTE_SIZE];
tsip_rsa_byte_data_t rsa_sig,rsa_hash;
tsip_ecdsa_byte_data_t ecdsa_sig,ecdsa_hash;
WOLFSSL_ENTER("tsip_Tls13SendCertVerify");
(void)derSig;
(void)rsa_sig;
(void)rsa_hash;
(void)ecdsa_sig;
(void)ecdsa_hash;
(void)sig_rs;
if (ssl == NULL) {
ret = BAD_FUNC_ARG;
@ -1878,7 +1811,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
ssl->version.minor == TLSv1_3_MINOR)
isTLS13 = 1;
/* TSIP works only in TLS13 client side */
/* check if it's TLS13 and client side */
if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
ret = CRYPTOCB_UNAVAILABLE;
}
@ -1893,44 +1826,44 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
}
if (ret == 0) {
/* check if private key index has been set */
if (!tuc->ClientRsa2048PrivKey_set && !tuc->ClientEccP256PrivKey_set) {
if (tuc->wrappedPrivateKey) {
ret = tsipImportPrivateKey(tuc);
}
else {
WOLFSSL_MSG("Private key is not set for client authentication");
ret = CRYPTOCB_UNAVAILABLE;
}
}
}
if (ret == 0) {
#if !defined(NO_RSA)
if (tuc->ClientRsa2048PrivKey_set) {
#if !defined(NO_RSA)
if (ssl->options.haveRSA)
isRsa = 1;
}
else
#endif
#ifdef HAVE_ECC
if (ssl->options.haveECC)
isRsa = 0;
else
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
if (tuc->ClientEccP256PrivKey_set) {
isRsa = 0;
}
#endif /* HAVE_ECC */
#endif /* HAVE_ECC */
isRsa = -1;
if (isRsa == -1) {
WOLFSSL_MSG("Private key is not set for client authentication");
if (isRsa != 0 && isRsa != 1) {
ret = CRYPTOCB_UNAVAILABLE;
}
}
/* create sign data */
if (ret == 0) {
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
if (isRsa) {
if (!tuc->ClientRsa2048PrivKey_set) {
ret = NO_PRIVATE_KEY;
}
}
else {
if (!tuc->ClientEccP256PrivKey_set) {
ret = NO_PRIVATE_KEY;
}
}
}
if (ret == 0) {
sigData = tuc->sigDataCertVerify;
ForceZero(sigData, sizeof(tuc->sigDataCertVerify));
ret = tsip_GetMessageSha256(ssl, sigData, (int*)&hashSz);
/* get message hash */
ForceZero(hash, sizeof(hash));
ret = tsip_GetMessageSha256(ssl, hash, (int*)&hashSz);
}
if (ret == 0) {
@ -1940,33 +1873,31 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
recordSz = 0;
}
/* perform signature */
if (ret == 0) {
/* get output buffer for record header */
output = ssl->buffers.outputBuffer.buffer +
ssl->buffers.outputBuffer.length;
/* buffer for message header */
message = output + RECORD_HEADER_SZ;
}
/* generate signature */
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
if (isRsa) {
/* as of TSIP v1.15, RSA private key */
ret = CRYPTOCB_UNAVAILABLE;
err = R_TSIP_Tls13CertificateVerifyGenerate(
(uint32_t*)&(tuc->Rsa2048PrivateKeyIdx),
TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256,
hash,
message + HANDSHAKE_HEADER_SZ,
&messageSz);
}
else {
/* R_TSIP_Tls13CertificateVerifyGenerate outputs message body */
err = R_TSIP_Tls13CertificateVerifyGenerate(
(uint32_t*)&(tuc->EcdsaP256PrivateKeyIdx),
TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
sigData,
hash,
message + HANDSHAKE_HEADER_SZ,
&messageSz);
}
@ -1981,6 +1912,102 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
}
}
if (ret == 0) {
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
if (isRsa) {
if (!tuc->ClientRsa2048PubKey_set) {
ret = NO_PRIVATE_KEY;
}
}
else {
#if defined(WOLFSSL_CHECK_SIG_FAULTS)
if (!tuc->ClientEccP256PubKey_set) {
ret = NO_PRIVATE_KEY;
}
#endif /* WOLFSSL_CHECK_SIG_FAULTS */
}
}
if (ret == 0) {
sigData = tuc->sigDataCertVerify;
idx = 0;
ForceZero(sigData, sizeof(tuc->sigDataCertVerify));
XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
TSIP_SIGNING_DATA_PREFIX_SZ);
idx += TSIP_SIGNING_DATA_PREFIX_SZ;
XMEMCPY(&sigData[idx], clientCertVfyLabel, TSIP_CERT_VFY_LABEL_SZ);
idx += TSIP_CERT_VFY_LABEL_SZ;
XMEMCPY(&sigData[idx], hash, hashSz);
}
if (ret == 0) {
/* extract signature data from generated CertificateVerify message */
if (!isRsa) {
#if defined(WOLFSSL_CHECK_SIG_FAULTS)
idx = 4;
derSig = message +
HANDSHAKE_HEADER_SZ + HASH_SIG_SIZE + VERIFY_HEADER;
if (derSig[idx] == 0x00)
idx++;
XMEMCPY(sig_rs, &derSig[idx], R_TSIP_ECDSA_DATA_BYTE_SIZE / 2);
idx += (R_TSIP_ECDSA_DATA_BYTE_SIZE / 2) + ASN_TAG_SZ + 1;
if (derSig[idx] == 0x00)
idx++;
XMEMCPY(&sig_rs[R_TSIP_ECDSA_DATA_BYTE_SIZE / 2],
&derSig[idx], R_TSIP_ECDSA_DATA_BYTE_SIZE / 2);
#endif /* WOLFSSL_CHECK_SIG_FAULTS */
}
}
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
if (isRsa) {
rsa_sig.pdata = message + HANDSHAKE_HEADER_SZ +
HASH_SIG_SIZE + VERIFY_HEADER;
rsa_hash.pdata = sigData;
rsa_hash.data_length = TSIP_SIGNING_DATA_PREFIX_SZ +
TSIP_CERT_VFY_LABEL_SZ + sizeof(hash);
rsa_hash.data_type = 0;
err = R_TSIP_RsassaPss2048SignatureVerification(
&rsa_sig, &rsa_hash,
&tuc->Rsa2048PublicKeyIdx,
R_TSIP_RSA_HASH_SHA256);
WOLFSSL_MSG("Perform self-verify for rsa signature");
}
else {
err = TSIP_SUCCESS;
#if defined(WOLFSSL_CHECK_SIG_FAULTS)
ecdsa_sig.pdata = sig_rs;
ecdsa_hash.pdata = sigData;
ecdsa_hash.data_length = TSIP_SIGNING_DATA_PREFIX_SZ +
TSIP_CERT_VFY_LABEL_SZ + sizeof(hash);
ecdsa_hash.data_type = 0;
err = R_TSIP_EcdsaP256SignatureVerification(
&ecdsa_sig, &ecdsa_hash,
&tuc->EcdsaP256PublicKeyIdx);
WOLFSSL_MSG("Perform self-verify for ecc signature");
#endif /* WOLFSSL_CHECK_SIG_FAULTS */
}
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("Failed to verify signature");
ret = VERIFY_SIGN_ERROR;
}
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("mutex locking error");
}
}
/* create message header */
if (ret == 0) {
@ -2005,7 +2032,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
return ret;
}
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109)
@ -3533,15 +3560,15 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (ret == 0) {
/* import private key_index from wrapped key */
ret = tsipImportPrivateKey(tuc);
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
if (ssl->suites->hashAlgo == md5_mac)
if (ssl->options.hashAlgo == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
else if (ssl->suites->hashAlgo == sha_mac)
else if (ssl->options.hashAlgo == sha_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
else if (ssl->suites->hashAlgo == sha256_mac)
else if (ssl->options.hashAlgo == sha256_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
else
ret = CRYPTOCB_UNAVAILABLE;
@ -3625,15 +3652,15 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
if (ret == 0) {
/* import public key_index from wrapped key */
ret = tsipImportPublicKey(tuc);
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
if (ssl->suites->hashAlgo == md5_mac)
if (ssl->options.hashAlgo == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
else if (ssl->suites->hashAlgo == sha_mac)
else if (ssl->options.hashAlgo == sha_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
else if (ssl->suites->hashAlgo == sha256_mac)
else if (ssl->options.hashAlgo == sha256_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
else {
ret = CRYPTOCB_UNAVAILABLE;
@ -3734,7 +3761,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (ret == 0) {
/* import private key_index from wrapped key */
ret = tsipImportPrivateKey(tuc);
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {

17
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -29,6 +29,11 @@
#include "r_tsip_rx_if.h"
#endif
#if defined(WOLFSSL_RENESAS_TSIP)
#include "r_tsip_rx_if.h"
#endif
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/ssl.h>
@ -130,7 +135,6 @@ typedef struct TsipUserCtx {
/* HEAP_HINT */
void* heap;
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* TLSv1.3 handshake related members, mainly keys */
/* handle is used as work area for Tls13 handshake */
@ -201,13 +205,6 @@ typedef struct TsipUserCtx {
/* signature data area for TLS1.3 CertificateVerify message */
byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
/* peer's Rsa 2046 bit public key index for CertificateVerify message */
tsip_rsa2048_public_key_index_t serverRsa2048PubKey13Idx;
/* peer's Ecc P256 public key index for CertificateVerify message */
tsip_ecc_public_key_index_t serverEccP256PubKey13Idx;
#endif /* WOLFSSL_RENESAS_TSIP_VER >=115 */
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
@ -363,7 +360,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc);
#if (WOLFSSL_RENESAS_TSIP_VER >=115)
#ifdef WOLF_CRYPTO_CB
struct wc_CryptoInfo;
@ -430,7 +427,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(struct WOLFSSL*ssl);
#endif /* WOLF_CRYPTO_CB */
#endif /* WOLFSSL_RENESAS_TSIP_VER >=115 */
#if (WOLFSSL_RENESAS_TSIP_VER >=109)