feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #6301 from miyazakh/ra_cryptonly

Browse Source 
Add Renesas SCE RSA Crypt Only support
This commit is contained in:
Chris Conlon
2023-05-12 16:32:15 -06:00
committed by GitHub
parent 1b6ab01d0b a2776ad35e
commit a474179cdf
20 changed files with 1143 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
IDE/Renesas/e2studio/RA6M4/README.md
View File

@ -30,21 +30,21 @@ The wolfssl Project Summary is listed below and is relevant for every project.
|Components|Version|
|:--|:--|
|Board Support Package Common Files|v3.5.0|
|Secure Cryptography Engine on RA6 Protected Mode|v3.5.0|
|I/O Port|v3.5.0|
|Arm CMSIS Version 5 - Core (M)|v5.8.0+fsp.3.5.0|
|Board Support Package Common Files|v3.6.0|
|Secure Cryptography Engine on RA6 Protected Mode|v3.6.0|
|I/O Port|v3.6.0|
|Arm CMSIS Version 5 - Core (M)|v5.8.0+fsp.3.6.0|
|RA6M4-EK Board Support Files|v3.5.0|
|Board support package for R7FA6M4AF3CFB|v3.5.0|
|Board support package for RA6M4|v3.5.0|
|Board support package for RA6M4 - FSP Data|v3.5.0|
|FreeRTOS|v10.4.3-LTS.Patch.2+fsp.3.5.0|
|FreeRTOS - Memory Management - Heap 4|v10.4.3-LTS.Patch.2+fsp.3.5.0|
|r_ether to FreeRTOS+TCP Wrapper|v3.5.0|
|Ethernet|v3.5.0|
|Ethernet PHY|v3.5.0|
|FreeRTOS+TCP|v2.3.2-LTS.Patch.1+fsp.3.5.0|
|FreeRTOS - Buffer Allocation 2|v2.3.2-LTS.Patch.1+fsp.3.5.0|
|Board support package for R7FA6M4AF3CFB|v3.6.0|
|Board support package for RA6M4|v3.6.0|
|Board support package for RA6M4 - FSP Data|v3.6.0|
|FreeRTOS|v10.4.3-LTS.Patch.2+fsp.3.6.0|
|FreeRTOS - Memory Management - Heap 4|v10.4.3-LTS.Patch.2+fsp.3.6.0|
|r_ether to FreeRTOS+TCP Wrapper|v3.6.0|
|Ethernet|v3.6.0|
|Ethernet PHY|v3.6.0|
|FreeRTOS+TCP|v2.3.2-LTS.Patch.1+fsp.3.6.0|
|FreeRTOS - Buffer Allocation 2|v2.3.2-LTS.Patch.1+fsp.3.6.0|
## Setup Steps and Build wolfSSL Library
@ -168,7 +168,7 @@ $./examples/server/server -b -d -i
ECDSA sign and verify use, launch server with the following option
```
$./examples/server/server -b -d -c -i ./certs/server-ecc.pem -k ./certs/ecc-key.pem
$./examples/server/server -b -d -i -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
```
5.) Run the example Client

4
IDE/Renesas/e2studio/RA6M4/common/user_settings.h
View File

@ -78,3 +78,7 @@
#if defined(WOLFSSL_RENESAS_SCEPROTECT) && defined(SCEKEY_INSTALLED)
#define HAVE_RENESAS_SYNC
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#define WOLFSSL_KEY_GEN
#endif

104
IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
View File

@ -72,32 +72,32 @@ const st_user_key_block_data_t g_key_block_data =
* This is used for Root Certificate verify by SCE */
const unsigned char ca_cert_der_sign[] =
{
0x0E, 0x7F, 0xB2, 0x0B, 0x4E, 0x8C, 0x11, 0x5E, 0xAC, 0xD7,
0x77, 0x3D, 0x9E, 0xA0, 0x4B, 0xA5, 0xE2, 0x9F, 0x97, 0xEB,
0xD0, 0x1B, 0x65, 0x08, 0x7D, 0x39, 0x2E, 0xD0, 0x97, 0x19,
0xB6, 0x47, 0xF4, 0xCC, 0xA0, 0x24, 0xFA, 0xA6, 0x08, 0x11,
0xF4, 0xDC, 0x82, 0xCC, 0xB6, 0x14, 0xF1, 0x4A, 0x63, 0x67,
0xF2, 0x87, 0x0C, 0xA9, 0x31, 0x03, 0xAF, 0xD5, 0x4B, 0x1B,
0xD9, 0x99, 0x6E, 0xB4, 0xBD, 0xAB, 0x7F, 0x64, 0xB8, 0x8B,
0xFF, 0x45, 0xFC, 0xE5, 0x86, 0xE8, 0x95, 0x4E, 0xBD, 0x7F,
0x21, 0xB5, 0xCD, 0x25, 0x85, 0x16, 0x32, 0x6C, 0x8A, 0xC5,
0xE7, 0xEB, 0x58, 0xA8, 0xCC, 0xD2, 0x33, 0xFC, 0xBB, 0x88,
0xBC, 0x15, 0xDB, 0xDD, 0x6B, 0x15, 0xE3, 0x43, 0x31, 0xA9,
0xA2, 0x2E, 0x9C, 0x8C, 0x44, 0x69, 0x1A, 0x72, 0x49, 0xAD,
0x94, 0x8B, 0xD9, 0xA7, 0x47, 0x91, 0xA1, 0xF0, 0xAA, 0xA4,
0xAB, 0x5B, 0xC9, 0x8F, 0x48, 0xFE, 0x6B, 0x06, 0x7A, 0xF0,
0xC0, 0x39, 0xEF, 0xF1, 0x38, 0x96, 0x03, 0xC8, 0xDC, 0xBE,
0xF7, 0xDB, 0xBA, 0x09, 0xA4, 0x62, 0xD1, 0x39, 0xAD, 0x1D,
0xEB, 0x28, 0x85, 0x53, 0x76, 0xF2, 0x52, 0x3B, 0x26, 0xF2,
0x16, 0x01, 0xB0, 0xEF, 0x2B, 0x09, 0x2F, 0x30, 0x17, 0x6F,
0x04, 0x5C, 0x75, 0xE5, 0x7D, 0xD0, 0xCB, 0x84, 0xDE, 0xEB,
0x24, 0x45, 0x3D, 0x3A, 0x56, 0xC4, 0x64, 0x63, 0xD9, 0x00,
0x23, 0x5F, 0xEE, 0xD9, 0x2E, 0xA9, 0xDC, 0x94, 0xA7, 0x8D,
0xB6, 0xD9, 0xDF, 0x96, 0x8F, 0x8B, 0x81, 0x83, 0x8A, 0x8E,
0x36, 0x45, 0xC7, 0xB7, 0x59, 0xA0, 0x9D, 0xE8, 0xFE, 0x62,
0x5C, 0x7A, 0xF2, 0x9E, 0xF9, 0xB6, 0x75, 0x46, 0x44, 0x6D,
0x96, 0xFC, 0x3E, 0xE2, 0x17, 0x52, 0x0D, 0x70, 0x37, 0xD9,
0xAE, 0x1D, 0x25, 0x30, 0xF7, 0xD9
0x19, 0xB4, 0xD1, 0x53, 0xBB, 0x87, 0x0B, 0xD8, 0xD8, 0xFC,
0x22, 0x21, 0xA6, 0xC1, 0xE5, 0xB2, 0x7A, 0xEF, 0xAF, 0x89,
0x8B, 0x92, 0xC9, 0x4E, 0x59, 0xF0, 0x0B, 0xAB, 0x24, 0x84,
0x60, 0x2D, 0x81, 0x42, 0x4A, 0x05, 0x2F, 0x2D, 0xAB, 0x20,
0x3F, 0x8D, 0xCA, 0x9F, 0x37, 0x4B, 0xDF, 0xE3, 0x2A, 0xA3,
0x3F, 0x4E, 0x09, 0x20, 0x08, 0xD4, 0x46, 0xD9, 0xF0, 0xD8,
0xA7, 0x43, 0x60, 0xE2, 0x1D, 0xF7, 0x25, 0x64, 0x38, 0xD2,
0xB1, 0x4E, 0x1F, 0x84, 0xFC, 0xC5, 0x55, 0x2C, 0x1A, 0xA2,
0xCE, 0x99, 0xD0, 0x21, 0x93, 0xA5, 0xDB, 0x6F, 0x14, 0x2C,
0xDF, 0x9A, 0x01, 0x6A, 0x9A, 0xCC, 0xB0, 0x08, 0xD8, 0xCF,
0xA8, 0x94, 0x41, 0x23, 0xBB, 0xC2, 0xA3, 0x8B, 0x77, 0x35,
0x27, 0x0D, 0x94, 0x16, 0xF3, 0xCA, 0x16, 0xA2, 0x4C, 0x2F,
0xB0, 0x8D, 0xE6, 0x38, 0xCC, 0x9C, 0x34, 0xE8, 0xDC, 0xDC,
0x1C, 0x5C, 0x88, 0x52, 0x97, 0x47, 0xC6, 0xB6, 0x66, 0xCF,
0xCE, 0xBF, 0xF0, 0x24, 0x19, 0x0F, 0x07, 0xA5, 0xC4, 0xC6,
0x37, 0x0D, 0x2A, 0x11, 0x6A, 0x66, 0x64, 0x62, 0x0E, 0xE6,
0xCB, 0xAF, 0xFB, 0x2E, 0x8E, 0x37, 0x1E, 0x6D, 0xD1, 0xAD,
0xE4, 0x16, 0x06, 0xFB, 0x43, 0x2E, 0x4D, 0x64, 0x18, 0xB2,
0x4C, 0xE7, 0xD3, 0xE9, 0x9B, 0x95, 0x13, 0x7D, 0x7D, 0x93,
0xC2, 0x34, 0x43, 0x0C, 0xFF, 0x58, 0xD3, 0xA7, 0x21, 0x8E,
0x2B, 0xB3, 0x36, 0x90, 0xF1, 0x1E, 0x0E, 0x87, 0x41, 0x48,
0xC9, 0x69, 0x57, 0x89, 0xD0, 0xF7, 0x86, 0x47, 0x8F, 0xF5,
0xA8, 0x13, 0x24, 0x0A, 0x7E, 0xE3, 0xBB, 0x9F, 0xF1, 0xDF,
0x30, 0xE7, 0x88, 0x70, 0x8A, 0x46, 0xD9, 0x1A, 0x50, 0x42,
0x4F, 0xCF, 0xC3, 0xCB, 0xCF, 0xE4, 0xA7, 0xA3, 0x74, 0x0A,
0xDE, 0x14, 0xAF, 0xA5, 0x7F, 0xE2
};
const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
@ -108,32 +108,32 @@ const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
*/
const unsigned char ca_ecc_cert_der_sign[] =
{
0x41, 0xFC, 0x2C, 0xFD, 0x21, 0xFB, 0xF2, 0x98, 0xF3, 0x25,
0x06, 0x8C, 0x2C, 0x4A, 0x12, 0xDB, 0xDD, 0x38, 0x39, 0x83,
0xD5, 0x80, 0xB4, 0x52, 0xA5, 0x35, 0xA6, 0x5C, 0x38, 0x41,
0xDA, 0xBE, 0x64, 0x84, 0x7C, 0x63, 0x7D, 0x2A, 0xBB, 0xB9,
0x93, 0xED, 0x27, 0xE3, 0x2B, 0xAB, 0xC4, 0xBC, 0x08, 0xBE,
0xA6, 0xF7, 0x40, 0xA3, 0x1E, 0xB1, 0x8C, 0xF8, 0x4B, 0x78,
0x9F, 0xFE, 0xAA, 0x86, 0x15, 0xF5, 0xDD, 0xB3, 0xCD, 0xF5,
0x3A, 0x81, 0x26, 0x3E, 0x04, 0x05, 0x65, 0xF9, 0x53, 0x8E,
0x10, 0x1F, 0xE8, 0xD9, 0x3F, 0xA1, 0x6E, 0x8C, 0xAD, 0xFA,
0x50, 0x36, 0xFE, 0x89, 0x4E, 0xAC, 0x27, 0xDB, 0x59, 0x80,
0xE3, 0x77, 0x20, 0x4F, 0xC1, 0x03, 0xA4, 0x1D, 0xE5, 0x34,
0xCB, 0x8F, 0x88, 0xD6, 0x38, 0x2A, 0x31, 0xE0, 0xC2, 0xAA,
0x78, 0x34, 0x9C, 0xFE, 0x8F, 0x8D, 0x76, 0xDB, 0x24, 0x38,
0xE1, 0xAB, 0xAE, 0xBA, 0xD0, 0xA9, 0x1C, 0x59, 0x01, 0xE3,
0x49, 0x9B, 0x13, 0x7D, 0x25, 0x7C, 0x8D, 0x12, 0x36, 0xA1,
0xEF, 0x7B, 0xD4, 0x16, 0x58, 0x3A, 0x0E, 0xE7, 0x5A, 0x36,
0xDD, 0xD4, 0x31, 0x23, 0xBF, 0xC9, 0x49, 0x62, 0xA4, 0x01,
0xA3, 0xAC, 0x62, 0xAB, 0xA0, 0x48, 0xE3, 0xDA, 0x72, 0xD3,
0x6D, 0xF3, 0x57, 0x61, 0x9E, 0xEA, 0x31, 0xA7, 0x82, 0xDD,
0x79, 0x3C, 0x8E, 0x01, 0xE9, 0xE5, 0xB2, 0x49, 0x2F, 0x3F,
0x3F, 0x16, 0x2C, 0xCC, 0x3D, 0x78, 0x6E, 0xB6, 0x6D, 0x34,
0x38, 0x46, 0xCC, 0xFF, 0xEF, 0x26, 0x74, 0xD8, 0x68, 0x90,
0xF1, 0x2A, 0xAA, 0xF3, 0xF3, 0x5A, 0xFC, 0x75, 0x00, 0xE6,
0x11, 0xE7, 0x21, 0x05, 0x6B, 0xAA, 0x53, 0x25, 0x59, 0x33,
0xB0, 0xC0, 0x66, 0x14, 0x2F, 0x00, 0x59, 0xF3, 0xFF, 0x5E,
0xCC, 0x10, 0x84, 0x0E, 0xE6, 0x17
0x66, 0x96, 0xB4, 0x9F, 0x0B, 0x56, 0x60, 0x1F, 0x01, 0x7A,
0xDE, 0x65, 0xD6, 0x8C, 0x2A, 0xE2, 0x20, 0xA0, 0xE8, 0x19,
0x99, 0x70, 0x8B, 0x17, 0x1B, 0xDA, 0x8C, 0x3A, 0x87, 0x07,
0xE7, 0xF9, 0x1B, 0x7C, 0xC1, 0x32, 0x55, 0x38, 0x15, 0x9C,
0x7B, 0x89, 0xDA, 0x9D, 0x57, 0x80, 0x50, 0xCF, 0xA6, 0x4C,
0x51, 0x71, 0xBA, 0x52, 0xFA, 0x58, 0x4C, 0xE7, 0x33, 0x08,
0xB9, 0xE7, 0x5F, 0x7E, 0x8A, 0x1D, 0xCC, 0xA8, 0x4A, 0xA9,
0xAF, 0xE5, 0xA1, 0x87, 0x59, 0xD0, 0xF7, 0x23, 0xAE, 0xC5,
0x42, 0x99, 0xFA, 0x4A, 0xAB, 0xFA, 0x08, 0xF9, 0x7C, 0x8D,
0xD3, 0xB1, 0xF7, 0xD8, 0x01, 0x3C, 0x06, 0xD5, 0x2C, 0xBF,
0x18, 0xF1, 0x45, 0x47, 0x5D, 0xA4, 0x7F, 0x90, 0x4E, 0x0C,
0x86, 0x41, 0x5F, 0x26, 0x25, 0x8B, 0x8A, 0xD8, 0x3F, 0x4B,
0xAF, 0xD5, 0xBE, 0xD9, 0xC6, 0x46, 0x2A, 0x2B, 0xC3, 0x10,
0x93, 0xCB, 0x1E, 0xFB, 0x3D, 0x8A, 0x39, 0xB6, 0x03, 0x9D,
0xC2, 0x16, 0xA1, 0xB5, 0x9C, 0x0D, 0x05, 0x5E, 0x1B, 0x30,
0x9F, 0x53, 0xEE, 0xF2, 0x27, 0xE1, 0xE3, 0x2F, 0xD9, 0xEB,
0xF2, 0xFE, 0xD3, 0x6C, 0x71, 0xCE, 0x28, 0x56, 0x9F, 0x85,
0x34, 0xAD, 0x9D, 0x3D, 0x22, 0x3A, 0x33, 0x3B, 0x9F, 0x55,
0x4F, 0x10, 0xA9, 0xD2, 0xAB, 0xE0, 0x29, 0x7A, 0x09, 0xF3,
0x4E, 0xC1, 0x21, 0xA7, 0xF4, 0xE5, 0x34, 0x6D, 0x68, 0x36,
0xE9, 0x7B, 0xD4, 0x42, 0x0A, 0xBC, 0xC4, 0x1F, 0x6C, 0x58,
0xB6, 0x65, 0x3F, 0x9F, 0x92, 0x65, 0xF9, 0x83, 0x7A, 0x94,
0x66, 0x7C, 0xB2, 0x03, 0x16, 0x65, 0x9E, 0xBF, 0x8C, 0x77,
0xB8, 0xA4, 0x13, 0x8B, 0xD3, 0x82, 0x39, 0x94, 0xD1, 0x2A,
0xE3, 0x3E, 0x51, 0xEB, 0x56, 0xE2, 0x92, 0x5C, 0x6B, 0xD1,
0x30, 0xD1, 0x91, 0x77, 0x6E, 0x28
};
static const int sizeof_ca_ecc_cert_der_sign = sizeof(ca_ecc_cert_der_sign);
#endif /* USE_CERT_BUFFERS_256 */

90
IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
View File

@ -25,7 +25,8 @@
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#if defined(TLS_MULTITHREAD_TEST)
User_SCEPKCbInfo guser_PKCbInfo_taskA;
@ -127,10 +128,42 @@ static void my_Logging_cb(const int logLevel, const char *const logMessage)
}
#endif
void Clr_CallbackCtx(User_SCEPKCbInfo *g)
{
if (g->sce_wrapped_key_aes256 != NULL)
XFREE(g->sce_wrapped_key_aes256,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (g->sce_wrapped_key_aes128 != NULL)
XFREE(g->sce_wrapped_key_aes128,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
if (g->sce_wrapped_key_rsapri2048 != NULL)
XFREE(g->sce_wrapped_key_rsapri2048,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (g->sce_wrapped_key_rsapub2048 != NULL)
XFREE(g->sce_wrapped_key_rsapub2048,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (g->sce_wrapped_key_rsapri1024 != NULL)
XFREE(g->sce_wrapped_key_rsapri1024,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (g->sce_wrapped_key_rsapub2048 != NULL)
XFREE(g->sce_wrapped_key_rsapub1024,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XMEMSET(g, 0, sizeof(User_SCEPKCbInfo));
}
void sce_test(void)
{
#if defined(SCE_CRYPT_UNIT_TEST) && defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(SCE_CRYPT_UNIT_TEST) && \
(defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY))
int ret = 0;
BaseType_t xRet;
@ -169,7 +202,9 @@ void sce_test(void)
printf("wolfCrypt_Cleanup failed %d\n", ret);
}
#elif defined(CRYPT_TEST)
#elif defined(CRYPT_TEST) && \
(defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY))
int ret;
func_args args = { 0 };
@ -185,7 +220,11 @@ void sce_test(void)
printf("wolfCrypt_Cleanup failed %d\n", ret);
}
#elif defined(BENCHMARK)
Clr_CallbackCtx(&guser_PKCbInfo);
#elif defined(BENCHMARK) && \
(defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY))
#include "hal_data.h"
#include "r_sce.h"
@ -194,25 +233,46 @@ void sce_test(void)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) && defined(SCEKEY_INSTALLED)
/* aes 256 */
memcpy(guser_PKCbInfo.sce_wrapped_key_aes256.value,
(uint32_t *)DIRECT_KEY_ADDRESS_256,
HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4);
guser_PKCbInfo.sce_wrapped_key_aes256.type = SCE_KEY_INDEX_TYPE_AES256;
guser_PKCbInfo.aes256_installedkey_set = 1;
XMEMSET(&guser_PKCbInfo, 0, sizeof(guser_PKCbInfo));
sce_aes_wrapped_key_t *p1 = NULL;
sce_aes_wrapped_key_t *p2 = NULL;
/* aes 128 */
memcpy(guser_PKCbInfo.sce_wrapped_key_aes128.value,
(uint32_t *)DIRECT_KEY_ADDRESS_128,
HW_SCE_AES128_KEY_INDEX_WORD_SIZE*4);
guser_PKCbInfo.sce_wrapped_key_aes256 =
(sce_aes_wrapped_key_t*)XMALLOC(sizeof(sce_aes_wrapped_key_t),
NULL, DYNAMIC_TYPE_TMP_BUFFER);
p1 = (sce_aes_wrapped_key_t*)guser_PKCbInfo.sce_wrapped_key_aes256;
guser_PKCbInfo.sce_wrapped_key_aes128.type = SCE_KEY_INDEX_TYPE_AES128;
guser_PKCbInfo.aes128_installedkey_set = 1;
guser_PKCbInfo.sce_wrapped_key_aes128 =
(sce_aes_wrapped_key_t*)XMALLOC(sizeof(sce_aes_wrapped_key_t),
NULL, DYNAMIC_TYPE_TMP_BUFFER);
p2 = (sce_aes_wrapped_key_t*)guser_PKCbInfo.sce_wrapped_key_aes128;
if ( p1 == NULL || p2 == NULL) {
printf("failed to alloc memory!");
}
else {
memcpy(p1->value,
(uint32_t *)DIRECT_KEY_ADDRESS_256,
HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4);
p1->type = SCE_KEY_INDEX_TYPE_AES256;
guser_PKCbInfo.keyflgs_crypt.bits.aes256_installedkey_set = 1;
/* aes 128 */
memcpy(p2->value,
(uint32_t *)DIRECT_KEY_ADDRESS_128,
HW_SCE_AES128_KEY_INDEX_WORD_SIZE*4);
p2->type = SCE_KEY_INDEX_TYPE_AES128;
guser_PKCbInfo.keyflgs_crypt.bits.aes128_installedkey_set = 1;
}
#endif
printf("Start wolfCrypt Benchmark\n");
benchmark_test(NULL);
printf("End wolfCrypt Benchmark\n");
/* free */
Clr_CallbackCtx(&guser_PKCbInfo);
#elif defined(TLS_CLIENT)
#include "hal_data.h"
#include "r_sce.h"

258
IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
View File

@ -28,6 +28,7 @@
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#include "FreeRTOS.h"
@ -62,6 +63,8 @@ int sce_crypt_Sha_AesCbcGcm_multitest();
int sce_crypt_sha_multitest();
int sce_crypt_test();
extern User_SCEPKCbInfo guser_PKCbInfo;
#if defined(HAVE_AES_CBC)
#if defined(WOLFSSL_AES_128)
@ -76,6 +79,9 @@ int sce_crypt_test();
#endif
#if !defined(NO_RSA)
sce_rsa2048_wrapped_pair_key_t g_wrapped_pair_key;
#endif
typedef struct tagInfo
{
sce_aes_wrapped_key_t aes_key;
@ -379,9 +385,8 @@ static int sce_aesgcm256_test(int prnt, sce_aes_wrapped_key_t* aes256_key)
ret = -3;
goto out;
} else {
XMEMCPY(&userContext.sce_wrapped_key_aes256, aes256_key,
sizeof(sce_aes_wrapped_key_t));
userContext.aes256_installedkey_set = 1;
userContext.sce_wrapped_key_aes256 = (void*)aes256_key;
userContext.keyflgs_crypt.bits.aes256_installedkey_set = 1;
enc->ctx.keySize = (word32)enc->keylen;
}
@ -576,9 +581,8 @@ static int sce_aesgcm128_test(int prnt, sce_aes_wrapped_key_t* aes128_key)
ret = -3;
goto out;
} else {
XMEMCPY(&userContext.sce_wrapped_key_aes128, aes128_key,
sizeof(sce_aes_wrapped_key_t));
userContext.aes128_installedkey_set = 1;
userContext.sce_wrapped_key_aes128 = aes128_key;
userContext.keyflgs_crypt.bits.aes128_installedkey_set = 1;
enc->ctx.keySize = (word32)enc->keylen;
}
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
@ -634,6 +638,185 @@ static void tskAes128_Gcm_Test(void *pvParam)
#endif
#if !defined(NO_RSA)
/* testing rsa sign/verify w/ rsa 2048 bit key */
#define TEST_STRING "Everyone gets Friday off."
#define TEST_STRING2 "Everyone gets Friday ofv."
#define TEST_STRING_SZ 25
#define RSA_TEST_BYTES 256 /* up to 2048-bit key */
static int sce_rsa_test(int prnt, int keySize)
{
int ret = 0;
RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WC_RNG rng;
const char inStr [] = TEST_STRING;
const char inStr2[] = TEST_STRING2;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
byte *in = NULL;
byte *in2 = NULL;
byte *out= NULL;
byte *out2 = NULL;
in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL || in == NULL || out == NULL ||
in2 == NULL || out2 == NULL) {
ret = -1;
goto out;
}
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(key, 0, sizeof *key);
XMEMCPY(in, inStr, inLen);
XMEMCPY(in2, inStr2, inLen);
XMEMSET(out, 0, outSz);
XMEMSET(out2, 0, outSz);
ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
if (ret != 0) {
goto out;
}
if ((ret = wc_InitRng(&rng)) != 0)
goto out;
if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
goto out;
/* make rsa key by SCE */
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
goto out;
}
ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
if (ret < 0) {
goto out;
}
ret = wc_RsaPrivateDecrypt(out, keySize/8, out2, outSz, key);
if (ret < 0) {
ret = -1;
goto out;
}
if (XMEMCMP(in, out2, inLen) != 0) {
ret = -2;
goto out;
}
ret = 0;
out:
if (key != NULL) {
wc_FreeRsaKey(key);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (in != NULL) {
XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (in2 != NULL) {
XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (out != NULL) {
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (out2 != NULL) {
XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
}
static int sce_rsa_SignVerify_test(int prnt, int keySize)
{
int ret = 0;
RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WC_RNG rng;
const char inStr [] = TEST_STRING;
const char inStr2[] = TEST_STRING2;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
byte *in = NULL;
byte *in2 = NULL;
byte *out= NULL;
in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
(void) prnt;
if (key == NULL || in == NULL || out == NULL) {
ret = -1;
goto out;
}
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(key, 0, sizeof *key);
XMEMCPY(in, inStr, inLen);
XMEMCPY(in2, inStr2, inLen);
ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
if (ret != 0) {
goto out;
}
if ((ret = wc_InitRng(&rng)) != 0)
goto out;
if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
goto out;
/* make rsa key by SCE */
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
goto out;
}
guser_PKCbInfo.keyflgs_crypt.bits.message_type = 0;
ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
if (ret < 0) {
goto out;
}
/* this should fail */
ret = wc_RsaSSL_Verify(in2, inLen, out, keySize/8, key);
if (ret != FSP_ERR_CRYPTO_SCE_AUTHENTICATION) {
ret = -1;
goto out;
}
/* this should succeed */
ret = wc_RsaSSL_Verify(in, inLen, out, keySize/8, key);
if (ret < 0) {
ret = -1;
goto out;
}
ret = 0;
out:
if (key != NULL) {
wc_FreeRsaKey(key);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (in != NULL) {
XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (in2 != NULL) {
XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (out != NULL) {
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
}
#endif
int sce_crypt_test()
{
int ret = 0;
@ -641,20 +824,71 @@ int sce_crypt_test()
/* Generate AES sce Key */
sce_error_code = R_SCE_AES128_WrappedKeyGenerate(&g_user_aes128_key_index1);
if (sce_error_code == FSP_SUCCESS)
sce_error_code = R_SCE_AES128_WrappedKeyGenerate(
&g_user_aes128_key_index2);
if (sce_error_code == FSP_SUCCESS)
sce_error_code = R_SCE_AES256_WrappedKeyGenerate(
&g_user_aes256_key_index1);
if (sce_error_code == FSP_SUCCESS)
sce_error_code = R_SCE_AES256_WrappedKeyGenerate(
&g_user_aes256_key_index2);
if (sce_error_code == FSP_SUCCESS) {
if (sce_error_code == FSP_SUCCESS) {
#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
/* set up Crypt Call back */
Clr_CallbackCtx(&guser_PKCbInfo);
ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &guser_PKCbInfo);
if ( ret > 0)
ret = 0;
if (ret == 0) {
printf(" sce_rsa_test(512)(this will be done"
" by SW because SCE doesn't support 512 bits key size.)");
ret = sce_rsa_test(1, 512);
RESULT_STR(ret)
}
if (ret == 0) {
printf(" sce_rsa_test(1024)");
ret = sce_rsa_test(1, 1024);
RESULT_STR(ret)
}
if (ret == 0) {
printf(" sce_rsa_SignVerify_test(512)(this will be done"
" by SW because SCE doesn't support 512 bits key size.)");
ret = sce_rsa_SignVerify_test(1, 512);
RESULT_STR(ret)
}
if (ret == 0) {
printf(" sce_rsa_SignVerify_test(1024)");
ret = sce_rsa_SignVerify_test(1, 1024);
RESULT_STR(ret)
}
Clr_CallbackCtx(&guser_PKCbInfo);
if (ret == 0) {
printf(" sce_rsa_test(2048)");
ret = sce_rsa_test(1, 2048);
RESULT_STR(ret)
}
if (ret == 0 && sce_error_code == FSP_SUCCESS) {
printf(" sce_rsa_SignVerify_test(2048)");
ret = sce_rsa_SignVerify_test(1, 2048);
RESULT_STR(ret)
}
#endif /* WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
#ifndef NO_SHA256
printf(" sha256_test()");
@ -675,7 +909,7 @@ int sce_crypt_test()
ret = sce_aesgcm128_test(1, &g_user_aes128_key_index1);
}
if (ret == 0) {
ret = sce_aesgcm256_test(1, &g_user_aes256_key_index1);

5
IDE/Renesas/e2studio/RA6M4/wolfssl/.project
View File

@ -401,6 +401,11 @@
<type>1</type>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_sce_aes.c</locationURI>
</link>
<link>
<name>wolfCrypt/port/renesas_sce_rsa.c</name>
<type>1</type>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_sce_rsa.c</locationURI>
</link>
<link>
<name>wolfCrypt/port/renesas_sce_sha.c</name>
<type>1</type>

1
wolfcrypt/src/include.am
View File

@ -124,6 +124,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
wolfcrypt/src/port/Renesas/renesas_sce_util.c \
wolfcrypt/src/port/Renesas/renesas_sce_aes.c \
wolfcrypt/src/port/Renesas/renesas_sce_sha.c \
wolfcrypt/src/port/Renesas/renesas_sce_rsa.c \
wolfcrypt/src/port/Renesas/renesas_common.c \
wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c \
wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \

165
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -21,9 +21,12 @@
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) \
|| defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) \
|| defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#define cmn_hw_lock wc_sce_hw_lock
#define cmn_hw_unlock wc_sce_hw_unlock
@ -128,7 +131,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
#endif
@ -221,7 +225,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
#endif /* HAVE_ECC */
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) ||\
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
@ -230,13 +235,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info->cipher.type == WC_CIPHER_AES_GCM) {
if (info->cipher.enc &&
(cbInfo->session_key_set == 1 ||
(cbInfo->aes256_installedkey_set == 1 &&
(cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 32) ||
(cbInfo->aes128_installedkey_set == 1 &&
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 16))) {
if (cbInfo->aes256_installedkey_set == 1 &&
if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 32) {
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
@ -245,7 +250,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->cipher.aesgcm_enc.aes->ctx.keySize = 32;
}
else if (cbInfo->aes128_installedkey_set == 1 &&
else if (
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 16) {
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
@ -268,13 +274,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
(void*)ctx);
}
else if (cbInfo->session_key_set == 1 ||
(cbInfo->aes256_installedkey_set == 1 &&
else if (cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 32) ||
(cbInfo->aes128_installedkey_set == 1 &&
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 16)) {
if (cbInfo->aes256_installedkey_set == 1 &&
if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 32) {
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
@ -283,7 +289,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->cipher.aesgcm_dec.aes->ctx.keySize = 32;
}
else if (cbInfo->aes128_installedkey_set == 1 &&
else if (
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 16) {
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
@ -309,23 +316,25 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#endif /* HAVE_AESGCM */
#ifdef HAVE_AES_CBC
if ((info->cipher.type == WC_CIPHER_AES_CBC) &&
(cbInfo->session_key_set == 1 ||
(cbInfo->aes256_installedkey_set == 1 &&
(cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) ||
(cbInfo->aes128_installedkey_set == 1 &&
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 16))) {
if (info->cipher.enc) {
if (cbInfo->aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) {
if (
cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
info->cipher.aescbc.aes->ctx.keySize = 32;
}
else if (cbInfo->aes128_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 16) {
else if (
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1
&& info->cipher.aescbc.aes->keylen == 16) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
@ -339,15 +348,16 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->cipher.aescbc.sz);
}
else {
if (cbInfo->aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) {
if (
cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
info->cipher.aescbc.aes->ctx.keySize = 32;
} else if (cbInfo->aes128_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 16) {
} else if (
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1
&& info->cipher.aescbc.aes->keylen == 16) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
@ -364,6 +374,71 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */
}
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA)
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 ||
info->pk.rsakg.size == 2048)) {
ret = wc_sce_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
}
#endif
if (info->pk.type == WC_PK_TYPE_RSA) {
/* to perform RSA on SCE, wrapped keys should be installed
* in advance. SCE supports 1024 or 2048 bits key size.
* otherwise, falls-through happens.
*/
if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1
||
cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1
||
cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1
||
cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1
) {
if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
info->pk.rsa.type == RSA_PUBLIC_ENCRYPT )
{
ret = wc_sce_RsaFunction(info->pk.rsa.in,
info->pk.rsa.inLen,
info->pk.rsa.out,
info->pk.rsa.outLen,
info->pk.rsa.type,
info->pk.rsa.key,
info->pk.rsa.rng,
(void*)ctx);
}
else if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT /* sign */){
ret = wc_sce_RsaSign(info->pk.rsa.in,
info->pk.rsa.inLen,
info->pk.rsa.out,
info->pk.rsa.outLen,
info->pk.rsa.key,
(void*)ctx);
}
else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) {
ret = wc_sce_RsaVerify(info->pk.rsa.in,
info->pk.rsa.inLen,
info->pk.rsa.out,
info->pk.rsa.outLen,
info->pk.rsa.key,
(void*)ctx);
}
}
else {
WOLFSSL_MSG(
"SCE can handle 1024 or 2048 bit key size. "
"key size is not either 1024 or 2048. "
"Or wrapped key is not installed. "
"RSA operation falls through to SW operation.");
}
}
#endif /* NO_RSA && WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
}
#endif /* NO_RSA */
#endif /* TSIP or SCE */
(void)devIdArg;
@ -385,7 +460,8 @@ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_usable(ssl, session_key_generated);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) ||\
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
ret = wc_sce_usable(ssl, session_key_generated);
#endif
@ -408,11 +484,19 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
#endif
if (cbInfo == NULL || ssl == NULL) {
if (cbInfo == NULL
#if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \
!defined(HAVE_RENESAS_SYNC)
|| ssl == NULL) {
#else
) {
#endif
printf("Invalid devId\n");
return INVALID_DEVID;
}
/* need exclusive control because of static variable */
@ -432,9 +516,11 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
return INVALID_DEVID;
}
#if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \
!defined(HAVE_RENESAS_SYNC)
if (ssl)
wolfSSL_SetDevId(ssl, cbInfo->devId);
#endif
/* sanity check for overflow */
if (gdevId < 0) {
gdevId = 7890;
@ -456,6 +542,10 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id)
}
#endif /* WOLF_CRYPTO_CB */
#endif /* WOLFSSL_RENESAS_SCEPROTECT || WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY
/* WOLFSSL_RENESAS_TSIP_TLS*/
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
/* Renesas Security Library Common Method
* Check CA index if CA can be used for SCE/TSIP because
@ -591,8 +681,9 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
* cm_row CA index
* return FSP_SUCCESS(0) on success, otherwise WOLFSSL_FATAL_ERROR
*/
int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start,
word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row)
int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
word32 key_n_start, word32 key_n_len, word32 key_e_start,
word32 key_e_len, word32 cm_row)
{
int ret;
@ -661,7 +752,8 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
/* Renesas Security Library Common Callback
* Callback for setting Encrypt Keys.
* Register callback for setting Encrypt Keys when keys are generated by SCE/TSIP
* Register callback for setting Encrypt Keys when keys are generated
* by SCE/TSIP
*
* ssl the WOLFSSL object
* ctx Callback context
@ -679,11 +771,14 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
if (cbInfo->session_key_set == 1) {
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
#endif
if (cbInfo->session_key_set == 1) {
if (cbInfo->keyflgs_tls.bits.session_key_set == 1) {
#endif
ret = 0;
wolfSSL_CTX_SetTlsFinishedCb(ssl->ctx, Renesas_cmn_TlsFinished);

78
wolfcrypt/src/port/Renesas/renesas_sce_aes.c
View File

@ -26,7 +26,8 @@
#ifndef NO_AES
#if defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#if (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_SCEPROTECT_AES)
#include <wolfssl/wolfcrypt/wc_port.h>
@ -151,9 +152,10 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
XMEMSET((void*)cipherBuf, 0, sz + delta);
XMEMSET((void*)authTag, 0, authTagSz);
}
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
if (ret == 0 &&
info->session_key_set == 1) {
info->keyflgs_tls.bits.session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here.
*/
@ -174,21 +176,29 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
}
}
else if (info->aes256_installedkey_set == 1 || info->aes128_installedkey_set == 1) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
else {
#else
if (ret == 0) {
#endif
if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_client_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
}
else {
XMEMCPY(&key_client_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
}
iv_l = iv;
ivSz_l = ivSz;
}
else {
XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1;
}
iv_l = iv;
ivSz_l = ivSz;
}
else {
WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1;
}
if (ret == 0) {
@ -339,9 +349,9 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
XMEMCPY(cipherBuf, in, sz);
XMEMCPY(aTagBuf, authTag, authTagSz);
}
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
if (ret == 0 &&
info->session_key_set == 1) {
info->keyflgs_tls.bits.session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here.
*/
@ -361,23 +371,31 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
ret = -1;
}
}
else if (info->aes256_installedkey_set == 1 || info->aes128_installedkey_set == 1) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
else {
#else
if (ret == 0) {
#endif
if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_server_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
}
else {
XMEMCPY(&key_server_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
}
iv_l = iv;
ivSz_l = ivSz;
}
else {
XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1;
}
iv_l = iv;
ivSz_l = ivSz;
}
else {
WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1;
}
if (ret == 0) {
/* since key_index has iv and ivSz in it, no need to pass them init
* func. Pass NULL and 0 as 3rd and 4th parameter respectively.

437
wolfcrypt/src/port/Renesas/renesas_sce_rsa.c Normal file
View File

@ -0,0 +1,437 @@
/* renesas_sce_rsa.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#if !defined(NO_RSA) && \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#include <string.h>
#include <stdio.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
/* Make Rsa key for SCE and set it to callback ctx
* Assumes to be called by Crypt Callback
*
* size desired keylenth, in bits. supports 1024 or 2048 bits
* ctx Callback context including pointer to hold generated key
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
{
fsp_err_t ret;
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
sce_rsa1024_wrapped_pair_key_t *wrapped_pair1024_key = NULL;
sce_rsa2048_wrapped_pair_key_t *wrapped_pair2048_key = NULL;
/* sanity check */
if (ctx == NULL)
return BAD_FUNC_ARG;
if ((ret = wc_sce_hw_lock()) == 0) {
if (size == 1024) {
wrapped_pair1024_key =
(sce_rsa1024_wrapped_pair_key_t*)XMALLOC(
sizeof(sce_rsa1024_wrapped_pair_key_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (wrapped_pair1024_key == NULL)
return MEMORY_E;
ret = R_SCE_RSA1024_WrappedKeyPairGenerate(wrapped_pair1024_key);
}
else if (size == 2048) {
wrapped_pair2048_key =
(sce_rsa1024_wrapped_pair_key_t*)XMALLOC(
sizeof(sce_rsa2048_wrapped_pair_key_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (wrapped_pair2048_key == NULL)
return MEMORY_E;
ret = R_SCE_RSA2048_WrappedKeyPairGenerate(wrapped_pair2048_key);
}
else
return CRYPTOCB_UNAVAILABLE;
if (ret == FSP_SUCCESS) {
if (size == 1024) {
if (info->sce_wrapped_key_rsapri1024 != NULL) {
XFREE(info->sce_wrapped_key_rsapri1024, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
if (info->sce_wrapped_key_rsapub1024 != NULL) {
XFREE(info->sce_wrapped_key_rsapub1024, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
info->sce_wrapped_key_rsapri1024 =
(sce_rsa1024_private_wrapped_key_t*)XMALLOC(
sizeof(sce_rsa1024_private_wrapped_key_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->sce_wrapped_key_rsapri1024 == NULL) {
XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
info->sce_wrapped_key_rsapub1024 =
(sce_rsa1024_public_wrapped_key_t*)XMALLOC(
sizeof(sce_rsa1024_public_wrapped_key_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->sce_wrapped_key_rsapub1024 == NULL) {
XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->sce_wrapped_key_rsapub1024, 0,
DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
/* copy generated key pair and free malloced key */
XMEMCPY(info->sce_wrapped_key_rsapri1024,
&wrapped_pair1024_key->priv_key,
sizeof(sce_rsa1024_private_wrapped_key_t));
XMEMCPY(info->sce_wrapped_key_rsapub1024,
&wrapped_pair1024_key->pub_key,
sizeof(sce_rsa1024_public_wrapped_key_t));
XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
info->keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
info->keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
}
else if (size == 2048) {
if (info->sce_wrapped_key_rsapri2048 != NULL) {
XFREE(info->sce_wrapped_key_rsapri2048, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
if (info->sce_wrapped_key_rsapub2048 != NULL) {
XFREE(info->sce_wrapped_key_rsapub2048, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
info->sce_wrapped_key_rsapri2048 =
(sce_rsa2048_private_wrapped_key_t*)XMALLOC(
sizeof(sce_rsa2048_private_wrapped_key_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->sce_wrapped_key_rsapri2048 == NULL) {
XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
info->sce_wrapped_key_rsapub2048 =
(sce_rsa2048_public_wrapped_key_t*)XMALLOC(
sizeof(sce_rsa2048_public_wrapped_key_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->sce_wrapped_key_rsapub2048 == NULL) {
XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->sce_wrapped_key_rsapub1024, 0,
DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
/* copy generated key pair and free malloced key */
XMEMCPY(info->sce_wrapped_key_rsapri2048,
&wrapped_pair2048_key->priv_key,
sizeof(sce_rsa2048_private_wrapped_key_t));
XMEMCPY(info->sce_wrapped_key_rsapub2048,
&wrapped_pair2048_key->pub_key,
sizeof(sce_rsa2048_public_wrapped_key_t));
XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
info->keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
info->keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
}
}
else {
WOLFSSL_MSG("Failed to generate key pair by SCE");
return CRYPTOCB_UNAVAILABLE;
}
wc_sce_hw_unlock();
}
}
/* Perform rsa encryption/decryption by SCE
* Assumes to be called by Crypt Callback
*
* in Buffer to hold plain text
* inLen Length of plain text in bytes
* out Buffer to hold cipher text
* outLen Length of cipher in bytes
* key Rsa key object
* rng rng object
* ctx Callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
word32 outLen, int type, struct RsaKey* key,
struct WC_RNG* rng, void* ctx)
{
int ret;
sce_rsa_byte_data_t plain;
sce_rsa_byte_data_t cipher;
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
int keySize;
(void) key;
(void) rng;
/* sanity check */
if (in == NULL || out == NULL || outLen == NULL ||
ctx == NULL){
return BAD_FUNC_ARG;
}
keySize = 0;
if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
keySize = 2048;
else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
keySize = 1024;
if (keySize == 0) {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
if ((ret = wc_sce_hw_lock()) == 0) {
if (type == RSA_PUBLIC_ENCRYPT) {
plain.pdata = (byte*)in;
plain.data_length = inLen;
cipher.pdata = out;
cipher.data_length = outLen;
if (keySize == 1024) {
if(info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1)
ret = R_SCE_RSAES_PKCS1024_Encrypt(&plain, &cipher,
(sce_rsa1024_public_wrapped_key_t*)
info->sce_wrapped_key_rsapub1024);
else {
WOLFSSL_MSG("wrapped public 1024 bits key is not set.");
return BAD_FUNC_ARG;
}
}
else {
if(info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1)
ret = R_SCE_RSAES_PKCS2048_Encrypt(&plain, &cipher,
(sce_rsa2048_public_wrapped_key_t*)
info->sce_wrapped_key_rsapub2048);
else {
WOLFSSL_MSG("wrapped public 2048 bits key is not set.");
return BAD_FUNC_ARG;
}
}
}
else if (type == RSA_PRIVATE_DECRYPT) {
plain.pdata = out;
plain.data_length = outLen;
cipher.pdata = (byte*)in;
cipher.data_length = inLen;
if (keySize == 1024) {
if(info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1)
ret = R_SCE_RSAES_PKCS1024_Decrypt(&cipher, &plain,
(sce_rsa1024_private_wrapped_key_t*)
info->sce_wrapped_key_rsapri1024);
else {
WOLFSSL_MSG("wrapped private 2048 bits key is not set.");
return BAD_FUNC_ARG;
}
}
else {
if(info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1)
ret = R_SCE_RSAES_PKCS2048_Decrypt(&cipher, &plain,
(sce_rsa2048_private_wrapped_key_t*)
info->sce_wrapped_key_rsapri2048);
else {
WOLFSSL_MSG("wrapped private 2048 bits key is not set.");
return BAD_FUNC_ARG;
}
}
}
wc_sce_hw_unlock();
}
return ret;
}
/* Perform Rsa sign by SCE
* Assumes to be called by Crypt Callback
*
* in Buffer to hold plaintext
* inLen Length of plaintext in bytes
* out Buffer to hold generated signature
* outLen Length of signature in bytes
* key rsa key object
* ctx The callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
word32* outLen, struct RsaKey* key, void* ctx)
{
int ret;
sce_rsa_byte_data_t message_hash;
sce_rsa_byte_data_t signature;
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
int keySize;
(void) key;
/* sanity check */
if (in == NULL || out == NULL || outLen == NULL ||
key == NULL || ctx == NULL){
return BAD_FUNC_ARG;
}
keySize = 0;
if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
keySize = 2048;
else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
keySize = 1024;
if (keySize == 0) {
WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
message_hash.pdata = in;
message_hash.data_length = inLen;
message_hash.data_type =
info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
signature.pdata = out;
signature.data_length = outLen;
if ((ret = wc_sce_hw_lock()) == 0) {
if (keySize == 1024) {
ret = R_SCE_RSASSA_PKCS1024_SignatureGenerate(&message_hash,
&signature,
(sce_rsa1024_private_wrapped_key_t *)
info->sce_wrapped_key_rsapri1024,
HW_SCE_RSA_HASH_SHA256);
}
else {
ret = R_SCE_RSASSA_PKCS2048_SignatureGenerate(&message_hash,
&signature,
(sce_rsa2048_private_wrapped_key_t *)
info->sce_wrapped_key_rsapri2048,
HW_SCE_RSA_HASH_SHA256);
}
wc_sce_hw_unlock();
}
return ret;
}
/* Perform Rsa verify by SCE
* Assumes to be called by Crypt Callback
*
* in Buffer to hold plaintext
* inLen Length of plaintext in bytes
* out Buffer to hold generated signature
* outLen Length of signature in bytes
* key rsa key object
* ctx The callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
word32* outLen,struct RsaKey* key, void* ctx)
{
int ret;
sce_rsa_byte_data_t message_hash;
sce_rsa_byte_data_t signature;
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
int keySize;
(void) key;
/* sanity check */
if (in == NULL || out == NULL || outLen == NULL ||
key == NULL || ctx == NULL){
return BAD_FUNC_ARG;
}
keySize = 0;
if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
keySize = 2048;
else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
keySize = 1024;
if (keySize == 0) {
WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
message_hash.pdata = in;
message_hash.data_length = inLen;
message_hash.data_type =
info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
signature.pdata = out;
signature.data_length = outLen;
if ((ret = wc_sce_hw_lock()) == 0) {
if (keySize == 1024) {
ret = R_SCE_RSASSA_PKCS1024_SignatureVerify(&signature,
&message_hash,
(sce_rsa1024_public_wrapped_key_t *)
info->sce_wrapped_key_rsapub1024,
HW_SCE_RSA_HASH_SHA256);
}
else {
ret = R_SCE_RSASSA_PKCS2048_SignatureVerify(&signature,
&message_hash,
(sce_rsa2048_public_wrapped_key_t *)
info->sce_wrapped_key_rsapub2048,
HW_SCE_RSA_HASH_SHA256 );
}
wc_sce_hw_unlock();
}
return ret;
}
#endif /* !NO_RSA && WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */

3
wolfcrypt/src/port/Renesas/renesas_sce_sha.c
View File

@ -30,7 +30,8 @@
#include <wolfssl/wolfcrypt/logging.h>
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>

21
wolfcrypt/src/port/Renesas/renesas_sce_util.c
View File

@ -20,7 +20,8 @@
*/
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
@ -168,6 +169,8 @@ WOLFSSL_LOCAL void wc_sce_Close()
}
}
#ifndef WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY
#if defined(WOLFSSL_RENESAS_SCEPROTECT_ECC)
/* Verify Server Key Exchange while doing ECDH key exchange */
static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig,
@ -220,11 +223,11 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
cbInfo->pk_key_set = 0;
cbInfo->keyflgs_tls.bits.pk_key_set = 0;
}
else {
ret = WOLFSSL_SUCCESS;
cbInfo->pk_key_set = 1;
cbInfo->keyflgs_tls.bits.pk_key_set = 1;
}
}
else {
@ -358,7 +361,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
if (cbInfo->pk_key_set == 1) {
if (cbInfo->keyflgs_tls.bits.pk_key_set == 1) {
if ((ret = wc_sce_hw_lock()) == 0) {
/* Generate ECC PUblic key pair */
ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate(
@ -404,6 +407,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
return ret;
}
#endif
/* Return tls cipher suite enumeration that is supported by SCE library */
static uint32_t GetSceCipherSuite(
uint8_t cipherSuiteFirst,
@ -780,7 +784,7 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
dec->aes->devId = devId;
/* marked as session key is set */
cbInfo->session_key_set = 1;
cbInfo->keyflgs_tls.bits.session_key_set = 1;
}
/* unlock hw */
wc_sce_hw_unlock();
@ -1134,8 +1138,8 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
return -1;
}
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx] = (User_SCEPKCbInfo*)user_ctx;
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->pk_key_set = 0;
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->session_key_set = 0;
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.pk_key_set = 0;
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.session_key_set = 0;
wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
wolfSSL_SetRsaEncCtx(ssl, user_ctx);
@ -1151,5 +1155,6 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
return 0;
}
#endif /* !WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
#endif /* WOLFSSL_RENESAS_SCEPROTECT */
#endif /* WOLFSSL_RENESAS_SCEPROTECT || WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */

3
wolfcrypt/src/random.c
View File

@ -3488,7 +3488,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
}
return ret;
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#include "r_sce.h"
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)

29
wolfcrypt/src/rsa.c
View File

@ -3385,7 +3385,22 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
pad_value, pad_type, hash, mgf, label,
labelSz, sz);
}
#endif /* WOLFSSL_CRYPTOCELL */
#elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
/* SCE needs warpped key which is passed via
* user ctx object of crypt-call back.
*/
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
/* SCE supports 1024 and 2048 bits */
ret = wc_CryptoCb_Rsa(in, inLen, out,
outLen, rsa_type, key, rng);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code and try using software */
}
#endif
#endif /* WOLFSSL_SE050 */
key->state = RSA_STATE_ENCRYPT_PAD;
ret = wc_RsaPad_ex(in, inLen, out, (word32)sz, pad_value, rng, pad_type,
@ -3529,6 +3544,18 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
}
return ret;
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Rsa(in, inLen, out,
outLen, rsa_type, key, rng);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code and try using software */
}
#endif
#endif /* WOLFSSL_CRYPTOCELL */

13
wolfcrypt/src/sha256.c
View File

@ -222,7 +222,9 @@ on the specific device platform.
(!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \
!defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \
(!defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) && \
((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \
!defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) \
|| defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) && \
(!defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)) && \
!defined(WOLFSSL_RENESAS_RX64_HASH)
@ -796,7 +798,8 @@ static int InitSha256(wc_Sha256* sha256)
/* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
/* implemented in wolfcrypt/src/port/Renesas/renesas_sce_sha.c */
@ -1804,7 +1807,8 @@ void wc_Sha256Free(wc_Sha256* sha256)
(defined(WOLFSSL_DEVCRYPTO_HASH) && defined(WOLFSSL_DEVCRYPTO_HASH_KEEP)) || \
(defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) || \
(defined(WOLFSSL_RENESAS_SCEPROTECT) && \
((defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) || \
defined(WOLFSSL_RENESAS_RX64_HASH) || \
defined(WOLFSSL_HASH_KEEP)
@ -1992,7 +1996,8 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
/* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
/* implemented in wolfcrypt/src/port/Renesas/renesas_sce_sha.c */

9
wolfcrypt/src/wc_port.c
View File

@ -61,7 +61,8 @@
#if defined(WOLFSSL_RENESAS_TSIP)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#endif
#if defined(WOLFSSL_RENESAS_SCE)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#endif
#if defined(WOLFSSL_RENESAS_RX64_HASH)
@ -187,7 +188,8 @@ int wolfCrypt_Init(void)
}
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
ret = wc_sce_Open( );
if( ret != FSP_SUCCESS ) {
WOLFSSL_MSG("RENESAS SCE Open failed");
@ -436,7 +438,8 @@ int wolfCrypt_Cleanup(void)
rx64_hw_Close();
#endif
#ifdef WOLFSSL_RENESAS_SCEPROTECT
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
wc_sce_Close();
#endif

3
wolfcrypt/test/test.c
View File

@ -375,6 +375,7 @@
#endif
#if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \
defined(WOLFSSL_SECO_CAAM)
#define HASH_SIZE_LIMIT
#endif
@ -3006,7 +3007,7 @@ WOLFSSL_TEST_SUBROUTINE int sha256_test(void)
(word32)sizeof(large_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
}
ret = wc_Sha256Final(&sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);

3
wolfssl/wolfcrypt/aes.h
View File

@ -296,7 +296,8 @@ struct Aes {
defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
TSIP_AES_CTX ctx;
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) ||\
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
SCE_AES_CTX ctx;
#endif
#if defined(WOLFSSL_IMXRT_DCP)

74
wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h
View File

@ -34,10 +34,30 @@ extern "C" {
#define MAX_SCE_CBINDEX 5
typedef void* renesas_sce_wrappedkey;
/* flsgas related to TLS */
struct sce_keyflgs_tls {
uint8_t pk_key_set:1;
uint8_t session_key_set:1;
};
/* flags Crypt Only */
struct sce_keyflgs_cryt {
uint8_t aes256_installedkey_set:1;
uint8_t aes128_installedkey_set:1;
uint8_t rsapri2048_installedkey_set:1;
uint8_t rsapub2048_installedkey_set:1;
uint8_t rsapri1024_installedkey_set:1;
uint8_t rsapub1024_installedkey_set:1;
uint8_t message_type:1;/*message 0, hashed 1*/
};
typedef struct tagUser_SCEPKCbInfo {
/* unique number for each session */
int devId;
#if defined(WOLFSSL_RENESAS_SCEPROTECT) && \
!defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[SCE_TLS_ENCRYPTED_ECCPUBKEY_SZ];
/* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */
@ -48,17 +68,35 @@ typedef struct tagUser_SCEPKCbInfo {
uint8_t sce_clientRandom[SCE_TLS_CLIENTRANDOM_SZ];
uint8_t sce_serverRandom[SCE_TLS_SERVERRANDOM_SZ];
uint8_t sce_cipher;
#endif
/* installed key handling */
sce_aes_wrapped_key_t sce_wrapped_key_aes256;
uint8_t aes256_installedkey_set:1;
sce_aes_wrapped_key_t sce_wrapped_key_aes128;
uint8_t aes128_installedkey_set:1;
/* aes */
renesas_sce_wrappedkey sce_wrapped_key_aes256;
renesas_sce_wrappedkey sce_wrapped_key_aes128;
#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
/* rsa */
renesas_sce_wrappedkey sce_wrapped_key_rsapri2048;
renesas_sce_wrappedkey sce_wrapped_key_rsapub2048;
renesas_sce_wrappedkey sce_wrapped_key_rsapri1024;
renesas_sce_wrappedkey sce_wrapped_key_rsapub1024;
#endif
/* key status flags */
/* flag whether encrypted ec key is set */
uint8_t pk_key_set:1;
uint8_t session_key_set:1;
union {
uint8_t chr;
struct sce_keyflgs_tls bits;
} keyflgs_tls;
/* key status flags */
/* flags shows status if wrapped keys are installed */
union {
uint8_t chr;
struct sce_keyflgs_cryt bits;
} keyflgs_crypt;
} User_SCEPKCbInfo;
typedef struct tagSCE_PKCbInfo {
@ -138,7 +176,9 @@ typedef wolfssl_SCE_Hash wc_Sha256;
#endif /* NO_SHA */
#if defined(WOLFSSL_RENESAS_SCEPROTECT) && \
!defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPT_ONLY)
WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify(
const uint8_t* cert, uint32_t cert_len,
uint32_t key_n_start, uint32_t key_n_len,
@ -220,5 +260,19 @@ WOLFSSL_API void wc_sce_inform_user_keys(
WOLFSSL_API void wc_sce_set_callbacks(struct WOLFSSL_CTX* ctx);
WOLFSSL_API int wc_sce_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx);
WOLFSSL_API void wc_sce_inform_cert_sign(const uint8_t *sign);
/* rsa */
struct RsaKey;
struct WC_RNG;
WOLFSSL_API int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
word32 outLen, int type, struct RsaKey* key, struct WC_RNG* rng, void* ctx);
WOLFSSL_API int wc_sce_MakeRsaKey(int size, void* ctx);
WOLFSSL_API int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
word32* outLen, struct RsaKey* key, void* ctx);
WOLFSSL_API int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
word32* outLen,struct RsaKey* key, void* ctx);
#endif /* WOLFSSL_RENESAS_SCEPROTECT &&
* !WOLFSSL_RENESAS_SCEPROTECT_CRYPT_ONLY */
#endif /* __RENESAS_SCE_CRYPT_H__ */

3
wolfssl/wolfcrypt/sha256.h
View File

@ -153,7 +153,8 @@ enum {
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h"
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h"
#elif defined(WOLFSSL_RENESAS_RX64_HASH)