feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

addressed review comments

Browse Source
This commit is contained in:
Hideki Miyazaki
2023-04-27 15:13:38 +09:00
parent 4fd629d4e7
commit a2776ad35e
9 changed files with 247 additions and 170 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
View File

@ -135,7 +135,7 @@ void Clr_CallbackCtx(User_SCEPKCbInfo *g)
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (g->sce_wrapped_key_aes128 != NULL)
XFREE(g->sce_wrapped_key_aes256,
XFREE(g->sce_wrapped_key_aes128,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
@ -220,6 +220,8 @@ void sce_test(void)
printf("wolfCrypt_Cleanup failed %d\n", ret);
}
Clr_CallbackCtx(&guser_PKCbInfo);
#elif defined(BENCHMARK) && \
(defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY))
@ -253,7 +255,7 @@ void sce_test(void)
(uint32_t *)DIRECT_KEY_ADDRESS_256,
HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4);
p1->type = SCE_KEY_INDEX_TYPE_AES256;
guser_PKCbInfo.flags2.bits.aes256_installedkey_set = 1;
guser_PKCbInfo.keyflgs_crypt.bits.aes256_installedkey_set = 1;
/* aes 128 */
memcpy(p2->value,
@ -261,13 +263,16 @@ void sce_test(void)
HW_SCE_AES128_KEY_INDEX_WORD_SIZE*4);
p2->type = SCE_KEY_INDEX_TYPE_AES128;
guser_PKCbInfo.flags2.bits.aes128_installedkey_set = 1;
guser_PKCbInfo.keyflgs_crypt.bits.aes128_installedkey_set = 1;
}
#endif
printf("Start wolfCrypt Benchmark\n");
benchmark_test(NULL);
printf("End wolfCrypt Benchmark\n");
/* free */
Clr_CallbackCtx(&guser_PKCbInfo);
#elif defined(TLS_CLIENT)
#include "hal_data.h"
#include "r_sce.h"

62
IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
View File

@ -386,7 +386,7 @@ static int sce_aesgcm256_test(int prnt, sce_aes_wrapped_key_t* aes256_key)
goto out;
} else {
userContext.sce_wrapped_key_aes256 = (void*)aes256_key;
userContext.flags2.bits.aes256_installedkey_set = 1;
userContext.keyflgs_crypt.bits.aes256_installedkey_set = 1;
enc->ctx.keySize = (word32)enc->keylen;
}
@ -582,7 +582,7 @@ static int sce_aesgcm128_test(int prnt, sce_aes_wrapped_key_t* aes128_key)
goto out;
} else {
userContext.sce_wrapped_key_aes128 = aes128_key;
userContext.flags2.bits.aes128_installedkey_set = 1;
userContext.keyflgs_crypt.bits.aes128_installedkey_set = 1;
enc->ctx.keySize = (word32)enc->keylen;
}
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
@ -656,11 +656,15 @@ static int sce_rsa_test(int prnt, int keySize)
const char inStr2[] = TEST_STRING2;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
byte *in = NULL;
byte *in2 = NULL;
byte *out= NULL;
byte *out2 = NULL;
byte *in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
byte *in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
byte *out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
byte *out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL || in == NULL || out == NULL ||
in2 == NULL || out2 == NULL) {
@ -682,8 +686,11 @@ static int sce_rsa_test(int prnt, int keySize)
if ((ret = wc_InitRng(&rng)) != 0)
goto out;
/* make ras key by SCE */
if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
goto out;
/* make rsa key by SCE */
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
goto out;
}
@ -694,7 +701,7 @@ static int sce_rsa_test(int prnt, int keySize)
}
ret = wc_RsaPrivateDecrypt(out, keySize/8, out2, outSz, key);
if (ret != 0) {
if (ret < 0) {
ret = -1;
goto out;
}
@ -703,6 +710,7 @@ static int sce_rsa_test(int prnt, int keySize)
goto out;
}
ret = 0;
out:
if (key != NULL) {
wc_FreeRsaKey(key);
@ -735,10 +743,14 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
byte *in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
byte *in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
byte *out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
byte *in = NULL;
byte *in2 = NULL;
byte *out= NULL;
in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
(void) prnt;
if (key == NULL || in == NULL || out == NULL) {
@ -759,12 +771,15 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
if ((ret = wc_InitRng(&rng)) != 0)
goto out;
/* make ras key by SCE */
if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
goto out;
/* make rsa key by SCE */
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
goto out;
}
guser_PKCbInfo.flags2.bits.message_type = 0;
guser_PKCbInfo.keyflgs_crypt.bits.message_type = 0;
ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
if (ret < 0) {
goto out;
@ -778,11 +793,11 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
}
/* this should succeed */
ret = wc_RsaSSL_Verify(in, inLen, out, keySize/8, key);
if (ret != 0) {
if (ret < 0) {
ret = -1;
goto out;
}
ret = 0;
out:
if (key != NULL) {
wc_FreeRsaKey(key);
@ -833,11 +848,26 @@ int sce_crypt_test()
if ( ret > 0)
ret = 0;
if (ret == 0) {
printf(" sce_rsa_test(512)(this will be done"
" by SW because SCE doesn't support 512 bits key size.)");
ret = sce_rsa_test(1, 512);
RESULT_STR(ret)
}
if (ret == 0) {
printf(" sce_rsa_test(1024)");
ret = sce_rsa_test(1, 1024);
RESULT_STR(ret)
}
if (ret == 0) {
printf(" sce_rsa_SignVerify_test(512)(this will be done"
" by SW because SCE doesn't support 512 bits key size.)");
ret = sce_rsa_SignVerify_test(1, 512);
RESULT_STR(ret)
}
if (ret == 0) {
printf(" sce_rsa_SignVerify_test(1024)");
ret = sce_rsa_SignVerify_test(1, 1024);

148
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -21,7 +21,7 @@
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) \
|| defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) \
|| defined(WOLFSSL_RENESAS_TSIP_TLS)
@ -235,13 +235,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info->cipher.type == WC_CIPHER_AES_GCM) {
if (info->cipher.enc &&
(cbInfo->flags1.bits.session_key_set == 1 ||
(cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
(cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 32) ||
(cbInfo->flags2.bits.aes128_installedkey_set == 1 &&
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 16))) {
if (cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 32) {
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
@ -250,7 +250,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->cipher.aesgcm_enc.aes->ctx.keySize = 32;
}
else if (cbInfo->flags2.bits.aes128_installedkey_set == 1 &&
else if (
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 16) {
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
@ -273,13 +274,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
(void*)ctx);
}
else if (cbInfo->flags1.bits.session_key_set == 1 ||
(cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
else if (cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 32) ||
(cbInfo->flags2.bits.aes128_installedkey_set == 1 &&
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 16)) {
if (cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 32) {
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
@ -288,7 +289,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->cipher.aesgcm_dec.aes->ctx.keySize = 32;
}
else if (cbInfo->flags2.bits.aes128_installedkey_set == 1 &&
else if (
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 16) {
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
@ -314,23 +316,25 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#endif /* HAVE_AESGCM */
#ifdef HAVE_AES_CBC
if ((info->cipher.type == WC_CIPHER_AES_CBC) &&
(cbInfo->flags1.bits.session_key_set == 1 ||
(cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
(cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) ||
(cbInfo->flags2.bits.aes128_installedkey_set == 1 &&
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 16))) {
if (info->cipher.enc) {
if (cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) {
if (
cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
info->cipher.aescbc.aes->ctx.keySize = 32;
}
else if (cbInfo->flags2.bits.aes128_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 16) {
else if (
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1
&& info->cipher.aescbc.aes->keylen == 16) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
@ -344,15 +348,16 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->cipher.aescbc.sz);
}
else {
if (cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) {
if (
cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
info->cipher.aescbc.aes->ctx.keySize = 32;
} else if (cbInfo->flags2.bits.aes128_installedkey_set
== 1 && info->cipher.aescbc.aes->keylen == 16) {
} else if (
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1
&& info->cipher.aescbc.aes->keylen == 16) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
@ -373,40 +378,63 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 ||
info->pk.rsakg.size == 2048)) {
ret = wc_sce_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
}
#endif
if (info->pk.type == WC_PK_TYPE_RSA) {
if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
info->pk.rsa.type == RSA_PUBLIC_ENCRYPT )
{
ret = wc_sce_RsaFunction(info->pk.rsa.in,
info->pk.rsa.inLen,
info->pk.rsa.out,
info->pk.rsa.outLen,
info->pk.rsa.type,
info->pk.rsa.key,
info->pk.rsa.rng,
(void*)ctx);
/* to perform RSA on SCE, wrapped keys should be installed
* in advance. SCE supports 1024 or 2048 bits key size.
* otherwise, falls-through happens.
*/
if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1
||
cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1
||
cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1
||
cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1
) {
if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
info->pk.rsa.type == RSA_PUBLIC_ENCRYPT )
{
ret = wc_sce_RsaFunction(info->pk.rsa.in,
info->pk.rsa.inLen,
info->pk.rsa.out,
info->pk.rsa.outLen,
info->pk.rsa.type,
info->pk.rsa.key,
info->pk.rsa.rng,
(void*)ctx);
}
else if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT /* sign */){
ret = wc_sce_RsaSign(info->pk.rsa.in,
info->pk.rsa.inLen,
info->pk.rsa.out,
info->pk.rsa.outLen,
info->pk.rsa.key,
(void*)ctx);
}
else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) {
ret = wc_sce_RsaVerify(info->pk.rsa.in,
info->pk.rsa.inLen,
info->pk.rsa.out,
info->pk.rsa.outLen,
info->pk.rsa.key,
(void*)ctx);
}
}
else if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT /* sign */){
ret = wc_sce_RsaSign(info->pk.rsa.in,
info->pk.rsa.inLen,
info->pk.rsa.out,
info->pk.rsa.outLen,
info->pk.rsa.key,
(void*)ctx);
else {
WOLFSSL_MSG(
"SCE can handle 1024 or 2048 bit key size. "
"key size is not either 1024 or 2048. "
"Or wrapped key is not installed. "
"RSA operation falls through to SW operation.");
}
else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) {
ret = wc_sce_RsaVerify(info->pk.rsa.in,
info->pk.rsa.inLen,
info->pk.rsa.out,
info->pk.rsa.outLen,
info->pk.rsa.key,
(void*)ctx);
}
}
#endif /* NO_RSA && WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
}
@ -468,7 +496,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
#else
) {
#endif
printf("invaid devid\n");
printf("Invalid devId\n");
return INVALID_DEVID;
}
/* need exclusive control because of static variable */
@ -488,9 +516,11 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
return INVALID_DEVID;
}
#if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \
!defined(HAVE_RENESAS_SYNC)
if (ssl)
wolfSSL_SetDevId(ssl, cbInfo->devId);
#endif
/* sanity check for overflow */
if (gdevId < 0) {
gdevId = 7890;
@ -651,8 +681,9 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
* cm_row CA index
* return FSP_SUCCESS(0) on success, otherwise WOLFSSL_FATAL_ERROR
*/
int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start,
word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row)
int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
word32 key_n_start, word32 key_n_len, word32 key_e_start,
word32 key_e_len, word32 cm_row)
{
int ret;
@ -721,7 +752,8 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
/* Renesas Security Library Common Callback
* Callback for setting Encrypt Keys.
* Register callback for setting Encrypt Keys when keys are generated by SCE/TSIP
* Register callback for setting Encrypt Keys when keys are generated
* by SCE/TSIP
*
* ssl the WOLFSSL object
* ctx Callback context
@ -745,7 +777,7 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
if (cbInfo->flags1.bits.session_key_set == 1) {
if (cbInfo->keyflgs_tls.bits.session_key_set == 1) {
#endif
ret = 0;

76
wolfcrypt/src/port/Renesas/renesas_sce_aes.c
View File

@ -155,7 +155,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
if (ret == 0 &&
info->flags1.bits.session_key_set == 1) {
info->keyflgs_tls.bits.session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here.
*/
@ -176,28 +176,29 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
}
}
else
else {
#else
if (ret == 0)
if (ret == 0) {
#endif
if (info->flags2.bits.aes256_installedkey_set == 1 ||
info->flags2.bits.aes128_installedkey_set == 1) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_client_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_client_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
}
else {
XMEMCPY(&key_client_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
}
iv_l = iv;
ivSz_l = ivSz;
}
else {
XMEMCPY(&key_client_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1;
}
iv_l = iv;
ivSz_l = ivSz;
}
else {
WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1;
}
if (ret == 0) {
@ -350,7 +351,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
}
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
if (ret == 0 &&
info->flags1.bits.session_key_set == 1) {
info->keyflgs_tls.bits.session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here.
*/
@ -370,30 +371,31 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
ret = -1;
}
}
else
else {
#else
if (ret == 0)
if (ret == 0) {
#endif
if (info->flags2.bits.aes256_installedkey_set == 1 ||
info->flags2.bits.aes128_installedkey_set == 1) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_server_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_server_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
}
else {
XMEMCPY(&key_server_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
}
iv_l = iv;
ivSz_l = ivSz;
}
else {
XMEMCPY(&key_server_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1;
}
iv_l = iv;
ivSz_l = ivSz;
}
else {
WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1;
}
if (ret == 0) {
/* since key_index has iv and ivSz in it, no need to pass them init
* func. Pass NULL and 0 as 3rd and 4th parameter respectively.

65
wolfcrypt/src/port/Renesas/renesas_sce_rsa.c
View File

@ -36,12 +36,13 @@
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
/* Make Rsa key for SCE and set it to callback ctx
* Assumes to be called by Crypt Callback
*
* size desired keylenth, in bits. supports 1024 or 2048 bits
* ctx Callback context including pointer to hold generated key
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
{
fsp_err_t ret;
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
@ -118,8 +119,8 @@ WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
sizeof(sce_rsa1024_public_wrapped_key_t));
XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
info->flags2.bits.rsapri1024_installedkey_set = 1;
info->flags2.bits.rsapub1024_installedkey_set = 1;
info->keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
info->keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
}
else if (size == 2048) {
if (info->sce_wrapped_key_rsapri2048 != NULL) {
@ -160,8 +161,8 @@ WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
sizeof(sce_rsa2048_public_wrapped_key_t));
XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
info->flags2.bits.rsapri2048_installedkey_set = 1;
info->flags2.bits.rsapub2048_installedkey_set = 1;
info->keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
info->keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
}
}
@ -175,6 +176,7 @@ WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
}
/* Perform rsa encryption/decryption by SCE
* Assumes to be called by Crypt Callback
*
* in Buffer to hold plain text
* inLen Length of plain text in bytes
@ -185,7 +187,7 @@ WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
* ctx Callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
word32 outLen, int type, struct RsaKey* key,
struct WC_RNG* rng, void* ctx)
{
@ -207,13 +209,14 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
}
keySize = 0;
if (info->flags2.bits.rsapri2048_installedkey_set == 1 ||
info->flags2.bits.rsapub2048_installedkey_set == 1 )
if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
keySize = 2048;
else
else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
keySize = 1024;
if (keySize != 2048 && keySize != 1024) {
if (keySize == 0) {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
@ -228,7 +231,7 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
cipher.data_length = outLen;
if (keySize == 1024) {
if(info->flags2.bits.rsapub1024_installedkey_set == 1)
if(info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1)
ret = R_SCE_RSAES_PKCS1024_Encrypt(&plain, &cipher,
(sce_rsa1024_public_wrapped_key_t*)
info->sce_wrapped_key_rsapub1024);
@ -238,7 +241,7 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
}
}
else {
if(info->flags2.bits.rsapub2048_installedkey_set == 1)
if(info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1)
ret = R_SCE_RSAES_PKCS2048_Encrypt(&plain, &cipher,
(sce_rsa2048_public_wrapped_key_t*)
info->sce_wrapped_key_rsapub2048);
@ -255,7 +258,7 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
cipher.data_length = inLen;
if (keySize == 1024) {
if(info->flags2.bits.rsapri1024_installedkey_set == 1)
if(info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1)
ret = R_SCE_RSAES_PKCS1024_Decrypt(&cipher, &plain,
(sce_rsa1024_private_wrapped_key_t*)
info->sce_wrapped_key_rsapri1024);
@ -265,7 +268,7 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
}
}
else {
if(info->flags2.bits.rsapri2048_installedkey_set == 1)
if(info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1)
ret = R_SCE_RSAES_PKCS2048_Decrypt(&cipher, &plain,
(sce_rsa2048_private_wrapped_key_t*)
info->sce_wrapped_key_rsapri2048);
@ -282,7 +285,8 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
}
/* Perform Rsa sign by SCE
*
* Assumes to be called by Crypt Callback
*
* in Buffer to hold plaintext
* inLen Length of plaintext in bytes
* out Buffer to hold generated signature
@ -292,7 +296,7 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
word32* outLen, struct RsaKey* key, void* ctx)
{
int ret;
@ -311,13 +315,14 @@ WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
}
keySize = 0;
if (info->flags2.bits.rsapri2048_installedkey_set == 1 ||
info->flags2.bits.rsapub2048_installedkey_set == 1 )
if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
keySize = 2048;
else
else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
keySize = 1024;
if (keySize != 2048 && keySize != 1024) {
if (keySize == 0) {
WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
@ -325,7 +330,7 @@ WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
message_hash.pdata = in;
message_hash.data_length = inLen;
message_hash.data_type =
info->flags2.bits.message_type;/* message 0, hash 1 */
info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
signature.pdata = out;
signature.data_length = outLen;
@ -354,7 +359,8 @@ WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
}
/* Perform Rsa verify by SCE
*
* Assumes to be called by Crypt Callback
*
* in Buffer to hold plaintext
* inLen Length of plaintext in bytes
* out Buffer to hold generated signature
@ -364,7 +370,7 @@ WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
word32* outLen,struct RsaKey* key, void* ctx)
{
int ret;
@ -383,13 +389,14 @@ WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
}
keySize = 0;
if (info->flags2.bits.rsapri2048_installedkey_set == 1 ||
info->flags2.bits.rsapub2048_installedkey_set == 1 )
if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
keySize = 2048;
else
else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
keySize = 1024;
if (keySize != 2048 && keySize != 1024) {
if (keySize == 0) {
WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
@ -398,7 +405,7 @@ WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
message_hash.pdata = in;
message_hash.data_length = inLen;
message_hash.data_type =
info->flags2.bits.message_type;/* message 0, hash 1 */
info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
signature.pdata = out;
signature.data_length = outLen;

12
wolfcrypt/src/port/Renesas/renesas_sce_util.c
View File

@ -223,11 +223,11 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
cbInfo->flags1.bits.pk_key_set = 0;
cbInfo->keyflgs_tls.bits.pk_key_set = 0;
}
else {
ret = WOLFSSL_SUCCESS;
cbInfo->flags1.bits.pk_key_set = 1;
cbInfo->keyflgs_tls.bits.pk_key_set = 1;
}
}
else {
@ -361,7 +361,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
if (cbInfo->flags1.bits.pk_key_set == 1) {
if (cbInfo->keyflgs_tls.bits.pk_key_set == 1) {
if ((ret = wc_sce_hw_lock()) == 0) {
/* Generate ECC PUblic key pair */
ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate(
@ -784,7 +784,7 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
dec->aes->devId = devId;
/* marked as session key is set */
cbInfo->flags1.bits.session_key_set = 1;
cbInfo->keyflgs_tls.bits.session_key_set = 1;
}
/* unlock hw */
wc_sce_hw_unlock();
@ -1138,8 +1138,8 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
return -1;
}
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx] = (User_SCEPKCbInfo*)user_ctx;
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->flags1.bits.pk_key_set = 0;
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->flags1.bits.session_key_set = 0;
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.pk_key_set = 0;
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.session_key_set = 0;
wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
wolfSSL_SetRsaEncCtx(ssl, user_ctx);

21
wolfcrypt/src/rsa.c
View File

@ -3377,7 +3377,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
/* SCE needs warpped key which is passed via
* user ctx object of crypt-call back.
*/
#ifdef WOLF_CRYPTO_CB
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
/* SCE supports 1024 and 2048 bits */
ret = wc_CryptoCb_Rsa(in, inLen, out,
@ -3387,8 +3387,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
/* fall-through when unavailable */
ret = 0; /* reset error code and try using software */
}
#endif
#endif
#endif /* WOLFSSL_SE050 */
key->state = RSA_STATE_ENCRYPT_PAD;
@ -3535,14 +3534,14 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Rsa(in, inLen, out,
outLen, rsa_type, key, rng);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code and try using software */
}
if (key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Rsa(in, inLen, out,
outLen, rsa_type, key, rng);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code and try using software */
}
#endif
#endif /* WOLFSSL_CRYPTOCELL */

3
wolfcrypt/src/wc_port.c
View File

@ -61,7 +61,8 @@
#if defined(WOLFSSL_RENESAS_TSIP)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#endif
#if defined(WOLFSSL_RENESAS_SCE)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#endif
#if defined(WOLFSSL_RENESAS_RX64_HASH)

19
wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h
View File

@ -36,14 +36,14 @@ extern "C" {
typedef void* renesas_sce_wrappedkey;
/* related to TLS */
struct sce_flags1 {
/* flsgas related to TLS */
struct sce_keyflgs_tls {
uint8_t pk_key_set:1;
uint8_t session_key_set:1;
};
/* Crypt Only */
struct sce_flags2 {
/* flags Crypt Only */
struct sce_keyflgs_cryt {
uint8_t aes256_installedkey_set:1;
uint8_t aes128_installedkey_set:1;
uint8_t rsapri2048_installedkey_set:1;
@ -88,13 +88,14 @@ typedef struct tagUser_SCEPKCbInfo {
/* flag whether encrypted ec key is set */
union {
uint8_t chr;
struct sce_flags1 bits;
} flags1;
struct sce_keyflgs_tls bits;
} keyflgs_tls;
/* key status flags */
/* flags shows status if wrapped keys are installed */
union {
uint8_t chr;
struct sce_flags2 bits;
} flags2
struct sce_keyflgs_cryt bits;
} keyflgs_crypt;
} User_SCEPKCbInfo;