diff --git a/IDE/Renesas/e2studio/RA6M4/README.md b/IDE/Renesas/e2studio/RA6M4/README.md index c9658ad9d..629d72cf0 100644 --- a/IDE/Renesas/e2studio/RA6M4/README.md +++ b/IDE/Renesas/e2studio/RA6M4/README.md @@ -30,21 +30,21 @@ The wolfssl Project Summary is listed below and is relevant for every project. |Components|Version| |:--|:--| -|Board Support Package Common Files|v3.5.0| -|Secure Cryptography Engine on RA6 Protected Mode|v3.5.0| -|I/O Port|v3.5.0| -|Arm CMSIS Version 5 - Core (M)|v5.8.0+fsp.3.5.0| +|Board Support Package Common Files|v3.6.0| +|Secure Cryptography Engine on RA6 Protected Mode|v3.6.0| +|I/O Port|v3.6.0| +|Arm CMSIS Version 5 - Core (M)|v5.8.0+fsp.3.6.0| |RA6M4-EK Board Support Files|v3.5.0| -|Board support package for R7FA6M4AF3CFB|v3.5.0| -|Board support package for RA6M4|v3.5.0| -|Board support package for RA6M4 - FSP Data|v3.5.0| -|FreeRTOS|v10.4.3-LTS.Patch.2+fsp.3.5.0| -|FreeRTOS - Memory Management - Heap 4|v10.4.3-LTS.Patch.2+fsp.3.5.0| -|r_ether to FreeRTOS+TCP Wrapper|v3.5.0| -|Ethernet|v3.5.0| -|Ethernet PHY|v3.5.0| -|FreeRTOS+TCP|v2.3.2-LTS.Patch.1+fsp.3.5.0| -|FreeRTOS - Buffer Allocation 2|v2.3.2-LTS.Patch.1+fsp.3.5.0| +|Board support package for R7FA6M4AF3CFB|v3.6.0| +|Board support package for RA6M4|v3.6.0| +|Board support package for RA6M4 - FSP Data|v3.6.0| +|FreeRTOS|v10.4.3-LTS.Patch.2+fsp.3.6.0| +|FreeRTOS - Memory Management - Heap 4|v10.4.3-LTS.Patch.2+fsp.3.6.0| +|r_ether to FreeRTOS+TCP Wrapper|v3.6.0| +|Ethernet|v3.6.0| +|Ethernet PHY|v3.6.0| +|FreeRTOS+TCP|v2.3.2-LTS.Patch.1+fsp.3.6.0| +|FreeRTOS - Buffer Allocation 2|v2.3.2-LTS.Patch.1+fsp.3.6.0| ## Setup Steps and Build wolfSSL Library @@ -168,7 +168,7 @@ $./examples/server/server -b -d -i ECDSA sign and verify use, launch server with the following option ``` -$./examples/server/server -b -d -c -i ./certs/server-ecc.pem -k ./certs/ecc-key.pem +$./examples/server/server -b -d -i -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem ``` 5.) Run the example Client diff --git a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h index 258ca4292..38345055a 100644 --- a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h +++ b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h @@ -78,3 +78,7 @@ #if defined(WOLFSSL_RENESAS_SCEPROTECT) && defined(SCEKEY_INSTALLED) #define HAVE_RENESAS_SYNC #endif + +#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) + #define WOLFSSL_KEY_GEN +#endif diff --git a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c index af95a854a..45e9de195 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c +++ b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c @@ -72,32 +72,32 @@ const st_user_key_block_data_t g_key_block_data = * This is used for Root Certificate verify by SCE */ const unsigned char ca_cert_der_sign[] = { - 0x0E, 0x7F, 0xB2, 0x0B, 0x4E, 0x8C, 0x11, 0x5E, 0xAC, 0xD7, - 0x77, 0x3D, 0x9E, 0xA0, 0x4B, 0xA5, 0xE2, 0x9F, 0x97, 0xEB, - 0xD0, 0x1B, 0x65, 0x08, 0x7D, 0x39, 0x2E, 0xD0, 0x97, 0x19, - 0xB6, 0x47, 0xF4, 0xCC, 0xA0, 0x24, 0xFA, 0xA6, 0x08, 0x11, - 0xF4, 0xDC, 0x82, 0xCC, 0xB6, 0x14, 0xF1, 0x4A, 0x63, 0x67, - 0xF2, 0x87, 0x0C, 0xA9, 0x31, 0x03, 0xAF, 0xD5, 0x4B, 0x1B, - 0xD9, 0x99, 0x6E, 0xB4, 0xBD, 0xAB, 0x7F, 0x64, 0xB8, 0x8B, - 0xFF, 0x45, 0xFC, 0xE5, 0x86, 0xE8, 0x95, 0x4E, 0xBD, 0x7F, - 0x21, 0xB5, 0xCD, 0x25, 0x85, 0x16, 0x32, 0x6C, 0x8A, 0xC5, - 0xE7, 0xEB, 0x58, 0xA8, 0xCC, 0xD2, 0x33, 0xFC, 0xBB, 0x88, - 0xBC, 0x15, 0xDB, 0xDD, 0x6B, 0x15, 0xE3, 0x43, 0x31, 0xA9, - 0xA2, 0x2E, 0x9C, 0x8C, 0x44, 0x69, 0x1A, 0x72, 0x49, 0xAD, - 0x94, 0x8B, 0xD9, 0xA7, 0x47, 0x91, 0xA1, 0xF0, 0xAA, 0xA4, - 0xAB, 0x5B, 0xC9, 0x8F, 0x48, 0xFE, 0x6B, 0x06, 0x7A, 0xF0, - 0xC0, 0x39, 0xEF, 0xF1, 0x38, 0x96, 0x03, 0xC8, 0xDC, 0xBE, - 0xF7, 0xDB, 0xBA, 0x09, 0xA4, 0x62, 0xD1, 0x39, 0xAD, 0x1D, - 0xEB, 0x28, 0x85, 0x53, 0x76, 0xF2, 0x52, 0x3B, 0x26, 0xF2, - 0x16, 0x01, 0xB0, 0xEF, 0x2B, 0x09, 0x2F, 0x30, 0x17, 0x6F, - 0x04, 0x5C, 0x75, 0xE5, 0x7D, 0xD0, 0xCB, 0x84, 0xDE, 0xEB, - 0x24, 0x45, 0x3D, 0x3A, 0x56, 0xC4, 0x64, 0x63, 0xD9, 0x00, - 0x23, 0x5F, 0xEE, 0xD9, 0x2E, 0xA9, 0xDC, 0x94, 0xA7, 0x8D, - 0xB6, 0xD9, 0xDF, 0x96, 0x8F, 0x8B, 0x81, 0x83, 0x8A, 0x8E, - 0x36, 0x45, 0xC7, 0xB7, 0x59, 0xA0, 0x9D, 0xE8, 0xFE, 0x62, - 0x5C, 0x7A, 0xF2, 0x9E, 0xF9, 0xB6, 0x75, 0x46, 0x44, 0x6D, - 0x96, 0xFC, 0x3E, 0xE2, 0x17, 0x52, 0x0D, 0x70, 0x37, 0xD9, - 0xAE, 0x1D, 0x25, 0x30, 0xF7, 0xD9 + 0x19, 0xB4, 0xD1, 0x53, 0xBB, 0x87, 0x0B, 0xD8, 0xD8, 0xFC, + 0x22, 0x21, 0xA6, 0xC1, 0xE5, 0xB2, 0x7A, 0xEF, 0xAF, 0x89, + 0x8B, 0x92, 0xC9, 0x4E, 0x59, 0xF0, 0x0B, 0xAB, 0x24, 0x84, + 0x60, 0x2D, 0x81, 0x42, 0x4A, 0x05, 0x2F, 0x2D, 0xAB, 0x20, + 0x3F, 0x8D, 0xCA, 0x9F, 0x37, 0x4B, 0xDF, 0xE3, 0x2A, 0xA3, + 0x3F, 0x4E, 0x09, 0x20, 0x08, 0xD4, 0x46, 0xD9, 0xF0, 0xD8, + 0xA7, 0x43, 0x60, 0xE2, 0x1D, 0xF7, 0x25, 0x64, 0x38, 0xD2, + 0xB1, 0x4E, 0x1F, 0x84, 0xFC, 0xC5, 0x55, 0x2C, 0x1A, 0xA2, + 0xCE, 0x99, 0xD0, 0x21, 0x93, 0xA5, 0xDB, 0x6F, 0x14, 0x2C, + 0xDF, 0x9A, 0x01, 0x6A, 0x9A, 0xCC, 0xB0, 0x08, 0xD8, 0xCF, + 0xA8, 0x94, 0x41, 0x23, 0xBB, 0xC2, 0xA3, 0x8B, 0x77, 0x35, + 0x27, 0x0D, 0x94, 0x16, 0xF3, 0xCA, 0x16, 0xA2, 0x4C, 0x2F, + 0xB0, 0x8D, 0xE6, 0x38, 0xCC, 0x9C, 0x34, 0xE8, 0xDC, 0xDC, + 0x1C, 0x5C, 0x88, 0x52, 0x97, 0x47, 0xC6, 0xB6, 0x66, 0xCF, + 0xCE, 0xBF, 0xF0, 0x24, 0x19, 0x0F, 0x07, 0xA5, 0xC4, 0xC6, + 0x37, 0x0D, 0x2A, 0x11, 0x6A, 0x66, 0x64, 0x62, 0x0E, 0xE6, + 0xCB, 0xAF, 0xFB, 0x2E, 0x8E, 0x37, 0x1E, 0x6D, 0xD1, 0xAD, + 0xE4, 0x16, 0x06, 0xFB, 0x43, 0x2E, 0x4D, 0x64, 0x18, 0xB2, + 0x4C, 0xE7, 0xD3, 0xE9, 0x9B, 0x95, 0x13, 0x7D, 0x7D, 0x93, + 0xC2, 0x34, 0x43, 0x0C, 0xFF, 0x58, 0xD3, 0xA7, 0x21, 0x8E, + 0x2B, 0xB3, 0x36, 0x90, 0xF1, 0x1E, 0x0E, 0x87, 0x41, 0x48, + 0xC9, 0x69, 0x57, 0x89, 0xD0, 0xF7, 0x86, 0x47, 0x8F, 0xF5, + 0xA8, 0x13, 0x24, 0x0A, 0x7E, 0xE3, 0xBB, 0x9F, 0xF1, 0xDF, + 0x30, 0xE7, 0x88, 0x70, 0x8A, 0x46, 0xD9, 0x1A, 0x50, 0x42, + 0x4F, 0xCF, 0xC3, 0xCB, 0xCF, 0xE4, 0xA7, 0xA3, 0x74, 0x0A, + 0xDE, 0x14, 0xAF, 0xA5, 0x7F, 0xE2 }; const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign); @@ -108,32 +108,32 @@ const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign); */ const unsigned char ca_ecc_cert_der_sign[] = { - 0x41, 0xFC, 0x2C, 0xFD, 0x21, 0xFB, 0xF2, 0x98, 0xF3, 0x25, - 0x06, 0x8C, 0x2C, 0x4A, 0x12, 0xDB, 0xDD, 0x38, 0x39, 0x83, - 0xD5, 0x80, 0xB4, 0x52, 0xA5, 0x35, 0xA6, 0x5C, 0x38, 0x41, - 0xDA, 0xBE, 0x64, 0x84, 0x7C, 0x63, 0x7D, 0x2A, 0xBB, 0xB9, - 0x93, 0xED, 0x27, 0xE3, 0x2B, 0xAB, 0xC4, 0xBC, 0x08, 0xBE, - 0xA6, 0xF7, 0x40, 0xA3, 0x1E, 0xB1, 0x8C, 0xF8, 0x4B, 0x78, - 0x9F, 0xFE, 0xAA, 0x86, 0x15, 0xF5, 0xDD, 0xB3, 0xCD, 0xF5, - 0x3A, 0x81, 0x26, 0x3E, 0x04, 0x05, 0x65, 0xF9, 0x53, 0x8E, - 0x10, 0x1F, 0xE8, 0xD9, 0x3F, 0xA1, 0x6E, 0x8C, 0xAD, 0xFA, - 0x50, 0x36, 0xFE, 0x89, 0x4E, 0xAC, 0x27, 0xDB, 0x59, 0x80, - 0xE3, 0x77, 0x20, 0x4F, 0xC1, 0x03, 0xA4, 0x1D, 0xE5, 0x34, - 0xCB, 0x8F, 0x88, 0xD6, 0x38, 0x2A, 0x31, 0xE0, 0xC2, 0xAA, - 0x78, 0x34, 0x9C, 0xFE, 0x8F, 0x8D, 0x76, 0xDB, 0x24, 0x38, - 0xE1, 0xAB, 0xAE, 0xBA, 0xD0, 0xA9, 0x1C, 0x59, 0x01, 0xE3, - 0x49, 0x9B, 0x13, 0x7D, 0x25, 0x7C, 0x8D, 0x12, 0x36, 0xA1, - 0xEF, 0x7B, 0xD4, 0x16, 0x58, 0x3A, 0x0E, 0xE7, 0x5A, 0x36, - 0xDD, 0xD4, 0x31, 0x23, 0xBF, 0xC9, 0x49, 0x62, 0xA4, 0x01, - 0xA3, 0xAC, 0x62, 0xAB, 0xA0, 0x48, 0xE3, 0xDA, 0x72, 0xD3, - 0x6D, 0xF3, 0x57, 0x61, 0x9E, 0xEA, 0x31, 0xA7, 0x82, 0xDD, - 0x79, 0x3C, 0x8E, 0x01, 0xE9, 0xE5, 0xB2, 0x49, 0x2F, 0x3F, - 0x3F, 0x16, 0x2C, 0xCC, 0x3D, 0x78, 0x6E, 0xB6, 0x6D, 0x34, - 0x38, 0x46, 0xCC, 0xFF, 0xEF, 0x26, 0x74, 0xD8, 0x68, 0x90, - 0xF1, 0x2A, 0xAA, 0xF3, 0xF3, 0x5A, 0xFC, 0x75, 0x00, 0xE6, - 0x11, 0xE7, 0x21, 0x05, 0x6B, 0xAA, 0x53, 0x25, 0x59, 0x33, - 0xB0, 0xC0, 0x66, 0x14, 0x2F, 0x00, 0x59, 0xF3, 0xFF, 0x5E, - 0xCC, 0x10, 0x84, 0x0E, 0xE6, 0x17 + 0x66, 0x96, 0xB4, 0x9F, 0x0B, 0x56, 0x60, 0x1F, 0x01, 0x7A, + 0xDE, 0x65, 0xD6, 0x8C, 0x2A, 0xE2, 0x20, 0xA0, 0xE8, 0x19, + 0x99, 0x70, 0x8B, 0x17, 0x1B, 0xDA, 0x8C, 0x3A, 0x87, 0x07, + 0xE7, 0xF9, 0x1B, 0x7C, 0xC1, 0x32, 0x55, 0x38, 0x15, 0x9C, + 0x7B, 0x89, 0xDA, 0x9D, 0x57, 0x80, 0x50, 0xCF, 0xA6, 0x4C, + 0x51, 0x71, 0xBA, 0x52, 0xFA, 0x58, 0x4C, 0xE7, 0x33, 0x08, + 0xB9, 0xE7, 0x5F, 0x7E, 0x8A, 0x1D, 0xCC, 0xA8, 0x4A, 0xA9, + 0xAF, 0xE5, 0xA1, 0x87, 0x59, 0xD0, 0xF7, 0x23, 0xAE, 0xC5, + 0x42, 0x99, 0xFA, 0x4A, 0xAB, 0xFA, 0x08, 0xF9, 0x7C, 0x8D, + 0xD3, 0xB1, 0xF7, 0xD8, 0x01, 0x3C, 0x06, 0xD5, 0x2C, 0xBF, + 0x18, 0xF1, 0x45, 0x47, 0x5D, 0xA4, 0x7F, 0x90, 0x4E, 0x0C, + 0x86, 0x41, 0x5F, 0x26, 0x25, 0x8B, 0x8A, 0xD8, 0x3F, 0x4B, + 0xAF, 0xD5, 0xBE, 0xD9, 0xC6, 0x46, 0x2A, 0x2B, 0xC3, 0x10, + 0x93, 0xCB, 0x1E, 0xFB, 0x3D, 0x8A, 0x39, 0xB6, 0x03, 0x9D, + 0xC2, 0x16, 0xA1, 0xB5, 0x9C, 0x0D, 0x05, 0x5E, 0x1B, 0x30, + 0x9F, 0x53, 0xEE, 0xF2, 0x27, 0xE1, 0xE3, 0x2F, 0xD9, 0xEB, + 0xF2, 0xFE, 0xD3, 0x6C, 0x71, 0xCE, 0x28, 0x56, 0x9F, 0x85, + 0x34, 0xAD, 0x9D, 0x3D, 0x22, 0x3A, 0x33, 0x3B, 0x9F, 0x55, + 0x4F, 0x10, 0xA9, 0xD2, 0xAB, 0xE0, 0x29, 0x7A, 0x09, 0xF3, + 0x4E, 0xC1, 0x21, 0xA7, 0xF4, 0xE5, 0x34, 0x6D, 0x68, 0x36, + 0xE9, 0x7B, 0xD4, 0x42, 0x0A, 0xBC, 0xC4, 0x1F, 0x6C, 0x58, + 0xB6, 0x65, 0x3F, 0x9F, 0x92, 0x65, 0xF9, 0x83, 0x7A, 0x94, + 0x66, 0x7C, 0xB2, 0x03, 0x16, 0x65, 0x9E, 0xBF, 0x8C, 0x77, + 0xB8, 0xA4, 0x13, 0x8B, 0xD3, 0x82, 0x39, 0x94, 0xD1, 0x2A, + 0xE3, 0x3E, 0x51, 0xEB, 0x56, 0xE2, 0x92, 0x5C, 0x6B, 0xD1, + 0x30, 0xD1, 0x91, 0x77, 0x6E, 0x28 }; static const int sizeof_ca_ecc_cert_der_sign = sizeof(ca_ecc_cert_der_sign); #endif /* USE_CERT_BUFFERS_256 */ diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c index 68d2b8590..d6d9394d8 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c +++ b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c @@ -25,7 +25,8 @@ #include #include -#if defined(WOLFSSL_RENESAS_SCEPROTECT) +#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \ +defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) #include #if defined(TLS_MULTITHREAD_TEST) User_SCEPKCbInfo guser_PKCbInfo_taskA; @@ -127,10 +128,42 @@ static void my_Logging_cb(const int logLevel, const char *const logMessage) } #endif +void Clr_CallbackCtx(User_SCEPKCbInfo *g) +{ + if (g->sce_wrapped_key_aes256 != NULL) + XFREE(g->sce_wrapped_key_aes256, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (g->sce_wrapped_key_aes128 != NULL) + XFREE(g->sce_wrapped_key_aes128, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + + #if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) + if (g->sce_wrapped_key_rsapri2048 != NULL) + XFREE(g->sce_wrapped_key_rsapri2048, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (g->sce_wrapped_key_rsapub2048 != NULL) + XFREE(g->sce_wrapped_key_rsapub2048, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (g->sce_wrapped_key_rsapri1024 != NULL) + XFREE(g->sce_wrapped_key_rsapri1024, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (g->sce_wrapped_key_rsapub2048 != NULL) + XFREE(g->sce_wrapped_key_rsapub1024, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + XMEMSET(g, 0, sizeof(User_SCEPKCbInfo)); +} + void sce_test(void) { -#if defined(SCE_CRYPT_UNIT_TEST) && defined(WOLFSSL_RENESAS_SCEPROTECT) +#if defined(SCE_CRYPT_UNIT_TEST) && \ + (defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) int ret = 0; BaseType_t xRet; @@ -169,7 +202,9 @@ void sce_test(void) printf("wolfCrypt_Cleanup failed %d\n", ret); } -#elif defined(CRYPT_TEST) +#elif defined(CRYPT_TEST) && \ + (defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) int ret; func_args args = { 0 }; @@ -185,7 +220,11 @@ void sce_test(void) printf("wolfCrypt_Cleanup failed %d\n", ret); } -#elif defined(BENCHMARK) + Clr_CallbackCtx(&guser_PKCbInfo); + +#elif defined(BENCHMARK) && \ + (defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) #include "hal_data.h" #include "r_sce.h" @@ -194,25 +233,46 @@ void sce_test(void) #if defined(WOLFSSL_RENESAS_SCEPROTECT) && defined(SCEKEY_INSTALLED) /* aes 256 */ - memcpy(guser_PKCbInfo.sce_wrapped_key_aes256.value, - (uint32_t *)DIRECT_KEY_ADDRESS_256, - HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4); - guser_PKCbInfo.sce_wrapped_key_aes256.type = SCE_KEY_INDEX_TYPE_AES256; - guser_PKCbInfo.aes256_installedkey_set = 1; + XMEMSET(&guser_PKCbInfo, 0, sizeof(guser_PKCbInfo)); + sce_aes_wrapped_key_t *p1 = NULL; + sce_aes_wrapped_key_t *p2 = NULL; - /* aes 128 */ - memcpy(guser_PKCbInfo.sce_wrapped_key_aes128.value, - (uint32_t *)DIRECT_KEY_ADDRESS_128, - HW_SCE_AES128_KEY_INDEX_WORD_SIZE*4); + guser_PKCbInfo.sce_wrapped_key_aes256 = + (sce_aes_wrapped_key_t*)XMALLOC(sizeof(sce_aes_wrapped_key_t), + NULL, DYNAMIC_TYPE_TMP_BUFFER); + p1 = (sce_aes_wrapped_key_t*)guser_PKCbInfo.sce_wrapped_key_aes256; - guser_PKCbInfo.sce_wrapped_key_aes128.type = SCE_KEY_INDEX_TYPE_AES128; - guser_PKCbInfo.aes128_installedkey_set = 1; + guser_PKCbInfo.sce_wrapped_key_aes128 = + (sce_aes_wrapped_key_t*)XMALLOC(sizeof(sce_aes_wrapped_key_t), + NULL, DYNAMIC_TYPE_TMP_BUFFER); + p2 = (sce_aes_wrapped_key_t*)guser_PKCbInfo.sce_wrapped_key_aes128; + if ( p1 == NULL || p2 == NULL) { + printf("failed to alloc memory!"); + } + else { + memcpy(p1->value, + (uint32_t *)DIRECT_KEY_ADDRESS_256, + HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4); + p1->type = SCE_KEY_INDEX_TYPE_AES256; + guser_PKCbInfo.keyflgs_crypt.bits.aes256_installedkey_set = 1; + + /* aes 128 */ + memcpy(p2->value, + (uint32_t *)DIRECT_KEY_ADDRESS_128, + HW_SCE_AES128_KEY_INDEX_WORD_SIZE*4); + + p2->type = SCE_KEY_INDEX_TYPE_AES128; + guser_PKCbInfo.keyflgs_crypt.bits.aes128_installedkey_set = 1; + } #endif printf("Start wolfCrypt Benchmark\n"); benchmark_test(NULL); printf("End wolfCrypt Benchmark\n"); + /* free */ + Clr_CallbackCtx(&guser_PKCbInfo); + #elif defined(TLS_CLIENT) #include "hal_data.h" #include "r_sce.h" diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c index b840645b7..04509629c 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c +++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include "FreeRTOS.h" @@ -62,6 +63,8 @@ int sce_crypt_Sha_AesCbcGcm_multitest(); int sce_crypt_sha_multitest(); int sce_crypt_test(); +extern User_SCEPKCbInfo guser_PKCbInfo; + #if defined(HAVE_AES_CBC) #if defined(WOLFSSL_AES_128) @@ -76,6 +79,9 @@ int sce_crypt_test(); #endif +#if !defined(NO_RSA) + sce_rsa2048_wrapped_pair_key_t g_wrapped_pair_key; +#endif typedef struct tagInfo { sce_aes_wrapped_key_t aes_key; @@ -379,9 +385,8 @@ static int sce_aesgcm256_test(int prnt, sce_aes_wrapped_key_t* aes256_key) ret = -3; goto out; } else { - XMEMCPY(&userContext.sce_wrapped_key_aes256, aes256_key, - sizeof(sce_aes_wrapped_key_t)); - userContext.aes256_installedkey_set = 1; + userContext.sce_wrapped_key_aes256 = (void*)aes256_key; + userContext.keyflgs_crypt.bits.aes256_installedkey_set = 1; enc->ctx.keySize = (word32)enc->keylen; } @@ -576,9 +581,8 @@ static int sce_aesgcm128_test(int prnt, sce_aes_wrapped_key_t* aes128_key) ret = -3; goto out; } else { - XMEMCPY(&userContext.sce_wrapped_key_aes128, aes128_key, - sizeof(sce_aes_wrapped_key_t)); - userContext.aes128_installedkey_set = 1; + userContext.sce_wrapped_key_aes128 = aes128_key; + userContext.keyflgs_crypt.bits.aes128_installedkey_set = 1; enc->ctx.keySize = (word32)enc->keylen; } /* AES-GCM encrypt and decrypt both use AES encrypt internally */ @@ -634,6 +638,185 @@ static void tskAes128_Gcm_Test(void *pvParam) #endif +#if !defined(NO_RSA) + +/* testing rsa sign/verify w/ rsa 2048 bit key */ +#define TEST_STRING "Everyone gets Friday off." +#define TEST_STRING2 "Everyone gets Friday ofv." +#define TEST_STRING_SZ 25 +#define RSA_TEST_BYTES 256 /* up to 2048-bit key */ + +static int sce_rsa_test(int prnt, int keySize) +{ + int ret = 0; + + RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WC_RNG rng; + const char inStr [] = TEST_STRING; + const char inStr2[] = TEST_STRING2; + const word32 inLen = (word32)TEST_STRING_SZ; + const word32 outSz = RSA_TEST_BYTES; + byte *in = NULL; + byte *in2 = NULL; + byte *out= NULL; + byte *out2 = NULL; + + in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (key == NULL || in == NULL || out == NULL || + in2 == NULL || out2 == NULL) { + ret = -1; + goto out; + } + + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(key, 0, sizeof *key); + XMEMCPY(in, inStr, inLen); + XMEMCPY(in2, inStr2, inLen); + XMEMSET(out, 0, outSz); + XMEMSET(out2, 0, outSz); + + ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/); + if (ret != 0) { + goto out; + } + + if ((ret = wc_InitRng(&rng)) != 0) + goto out; + + if ((ret = wc_RsaSetRNG(key, &rng)) != 0) + goto out; + + /* make rsa key by SCE */ + if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) { + goto out; + } + + ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng); + if (ret < 0) { + goto out; + } + + ret = wc_RsaPrivateDecrypt(out, keySize/8, out2, outSz, key); + if (ret < 0) { + ret = -1; + goto out; + } + if (XMEMCMP(in, out2, inLen) != 0) { + ret = -2; + goto out; + } + + ret = 0; +out: + if (key != NULL) { + wc_FreeRsaKey(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (in != NULL) { + XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (in2 != NULL) { + XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (out != NULL) { + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (out2 != NULL) { + XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + return ret; +} + +static int sce_rsa_SignVerify_test(int prnt, int keySize) +{ + int ret = 0; + + RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WC_RNG rng; + const char inStr [] = TEST_STRING; + const char inStr2[] = TEST_STRING2; + const word32 inLen = (word32)TEST_STRING_SZ; + const word32 outSz = RSA_TEST_BYTES; + + byte *in = NULL; + byte *in2 = NULL; + byte *out= NULL; + + in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + (void) prnt; + + if (key == NULL || in == NULL || out == NULL) { + ret = -1; + goto out; + } + + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(key, 0, sizeof *key); + XMEMCPY(in, inStr, inLen); + XMEMCPY(in2, inStr2, inLen); + + ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/); + if (ret != 0) { + goto out; + } + + if ((ret = wc_InitRng(&rng)) != 0) + goto out; + + if ((ret = wc_RsaSetRNG(key, &rng)) != 0) + goto out; + + /* make rsa key by SCE */ + if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) { + goto out; + } + + guser_PKCbInfo.keyflgs_crypt.bits.message_type = 0; + ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng); + if (ret < 0) { + goto out; + } + + /* this should fail */ + ret = wc_RsaSSL_Verify(in2, inLen, out, keySize/8, key); + if (ret != FSP_ERR_CRYPTO_SCE_AUTHENTICATION) { + ret = -1; + goto out; + } + /* this should succeed */ + ret = wc_RsaSSL_Verify(in, inLen, out, keySize/8, key); + if (ret < 0) { + ret = -1; + goto out; + } + ret = 0; + out: + if (key != NULL) { + wc_FreeRsaKey(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (in != NULL) { + XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (in2 != NULL) { + XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (out != NULL) { + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + return ret; +} +#endif + int sce_crypt_test() { int ret = 0; @@ -641,20 +824,71 @@ int sce_crypt_test() /* Generate AES sce Key */ sce_error_code = R_SCE_AES128_WrappedKeyGenerate(&g_user_aes128_key_index1); - + if (sce_error_code == FSP_SUCCESS) sce_error_code = R_SCE_AES128_WrappedKeyGenerate( &g_user_aes128_key_index2); - + if (sce_error_code == FSP_SUCCESS) sce_error_code = R_SCE_AES256_WrappedKeyGenerate( &g_user_aes256_key_index1); - + if (sce_error_code == FSP_SUCCESS) sce_error_code = R_SCE_AES256_WrappedKeyGenerate( &g_user_aes256_key_index2); - - if (sce_error_code == FSP_SUCCESS) { + + if (sce_error_code == FSP_SUCCESS) { + #if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) + /* set up Crypt Call back */ + + Clr_CallbackCtx(&guser_PKCbInfo); + + ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &guser_PKCbInfo); + + if ( ret > 0) + ret = 0; + + if (ret == 0) { + printf(" sce_rsa_test(512)(this will be done" + " by SW because SCE doesn't support 512 bits key size.)"); + ret = sce_rsa_test(1, 512); + RESULT_STR(ret) + } + + if (ret == 0) { + printf(" sce_rsa_test(1024)"); + ret = sce_rsa_test(1, 1024); + RESULT_STR(ret) + } + + if (ret == 0) { + printf(" sce_rsa_SignVerify_test(512)(this will be done" + " by SW because SCE doesn't support 512 bits key size.)"); + ret = sce_rsa_SignVerify_test(1, 512); + RESULT_STR(ret) + } + + if (ret == 0) { + printf(" sce_rsa_SignVerify_test(1024)"); + ret = sce_rsa_SignVerify_test(1, 1024); + RESULT_STR(ret) + } + + Clr_CallbackCtx(&guser_PKCbInfo); + + if (ret == 0) { + printf(" sce_rsa_test(2048)"); + ret = sce_rsa_test(1, 2048); + RESULT_STR(ret) + } + + if (ret == 0 && sce_error_code == FSP_SUCCESS) { + printf(" sce_rsa_SignVerify_test(2048)"); + ret = sce_rsa_SignVerify_test(1, 2048); + RESULT_STR(ret) + } + + #endif /* WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */ #ifndef NO_SHA256 printf(" sha256_test()"); @@ -675,7 +909,7 @@ int sce_crypt_test() ret = sce_aesgcm128_test(1, &g_user_aes128_key_index1); } - + if (ret == 0) { ret = sce_aesgcm256_test(1, &g_user_aes256_key_index1); diff --git a/IDE/Renesas/e2studio/RA6M4/wolfssl/.project b/IDE/Renesas/e2studio/RA6M4/wolfssl/.project index 86682c556..5c2024822 100644 --- a/IDE/Renesas/e2studio/RA6M4/wolfssl/.project +++ b/IDE/Renesas/e2studio/RA6M4/wolfssl/.project @@ -401,6 +401,11 @@ 1 PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_sce_aes.c + + wolfCrypt/port/renesas_sce_rsa.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_sce_rsa.c + wolfCrypt/port/renesas_sce_sha.c 1 diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index dc693883a..608b93568 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -124,6 +124,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/Renesas/renesas_sce_util.c \ wolfcrypt/src/port/Renesas/renesas_sce_aes.c \ wolfcrypt/src/port/Renesas/renesas_sce_sha.c \ + wolfcrypt/src/port/Renesas/renesas_sce_rsa.c \ wolfcrypt/src/port/Renesas/renesas_common.c \ wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c \ wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \ diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 9246e726b..92401bd04 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -21,9 +21,12 @@ #include -#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS) +#if defined(WOLFSSL_RENESAS_SCEPROTECT) \ + || defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) \ + || defined(WOLFSSL_RENESAS_TSIP_TLS) -#if defined(WOLFSSL_RENESAS_SCEPROTECT) +#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) #include #define cmn_hw_lock wc_sce_hw_lock #define cmn_hw_unlock wc_sce_hw_unlock @@ -128,7 +131,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #if defined(WOLFSSL_RENESAS_TSIP_TLS) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; -#elif defined(WOLFSSL_RENESAS_SCEPROTECT) +#elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx; #endif @@ -221,7 +225,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } #endif /* HAVE_ECC */ } -#elif defined(WOLFSSL_RENESAS_SCEPROTECT) +#elif defined(WOLFSSL_RENESAS_SCEPROTECT) ||\ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) if (info->algo_type == WC_ALGO_TYPE_CIPHER) { @@ -230,13 +235,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) if (info->cipher.type == WC_CIPHER_AES_GCM) { if (info->cipher.enc && - (cbInfo->session_key_set == 1 || - (cbInfo->aes256_installedkey_set == 1 && + (cbInfo->keyflgs_tls.bits.session_key_set == 1 || + (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && info->cipher.aesgcm_enc.aes->keylen == 32) || - (cbInfo->aes128_installedkey_set == 1 && + (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && info->cipher.aesgcm_enc.aes->keylen == 16))) { - if (cbInfo->aes256_installedkey_set == 1 && + if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && info->cipher.aesgcm_enc.aes->keylen == 32) { XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key, @@ -245,7 +250,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->cipher.aesgcm_enc.aes->ctx.keySize = 32; } - else if (cbInfo->aes128_installedkey_set == 1 && + else if ( + cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && info->cipher.aesgcm_enc.aes->keylen == 16) { XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key, @@ -268,13 +274,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) (void*)ctx); } - else if (cbInfo->session_key_set == 1 || - (cbInfo->aes256_installedkey_set == 1 && + else if (cbInfo->keyflgs_tls.bits.session_key_set == 1 || + (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && info->cipher.aesgcm_dec.aes->keylen == 32) || - (cbInfo->aes128_installedkey_set == 1 && + (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && info->cipher.aesgcm_dec.aes->keylen == 16)) { - if (cbInfo->aes256_installedkey_set == 1 && + if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && info->cipher.aesgcm_dec.aes->keylen == 32) { XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key, @@ -283,7 +289,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->cipher.aesgcm_dec.aes->ctx.keySize = 32; } - else if (cbInfo->aes128_installedkey_set == 1 && + else if ( + cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && info->cipher.aesgcm_dec.aes->keylen == 16) { XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key, @@ -309,23 +316,25 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #endif /* HAVE_AESGCM */ #ifdef HAVE_AES_CBC if ((info->cipher.type == WC_CIPHER_AES_CBC) && - (cbInfo->session_key_set == 1 || - (cbInfo->aes256_installedkey_set == 1 && + (cbInfo->keyflgs_tls.bits.session_key_set == 1 || + (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && info->cipher.aescbc.aes->keylen == 32) || - (cbInfo->aes128_installedkey_set == 1 && + (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 && info->cipher.aescbc.aes->keylen == 16))) { if (info->cipher.enc) { - if (cbInfo->aes256_installedkey_set == 1 && - info->cipher.aescbc.aes->keylen == 32) { + if ( + cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && + info->cipher.aescbc.aes->keylen == 32) { XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key, &cbInfo->sce_wrapped_key_aes256, sizeof(sce_aes_wrapped_key_t)); info->cipher.aescbc.aes->ctx.keySize = 32; } - else if (cbInfo->aes128_installedkey_set == 1 && - info->cipher.aescbc.aes->keylen == 16) { + else if ( + cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 + && info->cipher.aescbc.aes->keylen == 16) { XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key, &cbInfo->sce_wrapped_key_aes128, sizeof(sce_aes_wrapped_key_t)); @@ -339,15 +348,16 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->cipher.aescbc.sz); } else { - if (cbInfo->aes256_installedkey_set == 1 && - info->cipher.aescbc.aes->keylen == 32) { + if ( + cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 && + info->cipher.aescbc.aes->keylen == 32) { XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key, &cbInfo->sce_wrapped_key_aes256, sizeof(sce_aes_wrapped_key_t)); info->cipher.aescbc.aes->ctx.keySize = 32; - - } else if (cbInfo->aes128_installedkey_set == 1 && - info->cipher.aescbc.aes->keylen == 16) { + } else if ( + cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 + && info->cipher.aescbc.aes->keylen == 16) { XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key, &cbInfo->sce_wrapped_key_aes128, sizeof(sce_aes_wrapped_key_t)); @@ -364,6 +374,71 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #endif /* HAVE_AES_CBC */ #endif /* !NO_AES || !NO_DES3 */ } + #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) + else if (info->algo_type == WC_ALGO_TYPE_PK) { + + #if !defined(NO_RSA) + #if defined(WOLFSSL_KEY_GEN) + if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && + (info->pk.rsakg.size == 1024 || + info->pk.rsakg.size == 2048)) { + ret = wc_sce_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); + } + #endif + if (info->pk.type == WC_PK_TYPE_RSA) { + /* to perform RSA on SCE, wrapped keys should be installed + * in advance. SCE supports 1024 or 2048 bits key size. + * otherwise, falls-through happens. + */ + if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 + || + cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 + || + cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 + || + cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 + ) { + + if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT || + info->pk.rsa.type == RSA_PUBLIC_ENCRYPT ) + { + ret = wc_sce_RsaFunction(info->pk.rsa.in, + info->pk.rsa.inLen, + info->pk.rsa.out, + info->pk.rsa.outLen, + info->pk.rsa.type, + info->pk.rsa.key, + info->pk.rsa.rng, + (void*)ctx); + } + else if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT /* sign */){ + ret = wc_sce_RsaSign(info->pk.rsa.in, + info->pk.rsa.inLen, + info->pk.rsa.out, + info->pk.rsa.outLen, + info->pk.rsa.key, + (void*)ctx); + } + else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) { + ret = wc_sce_RsaVerify(info->pk.rsa.in, + info->pk.rsa.inLen, + info->pk.rsa.out, + info->pk.rsa.outLen, + info->pk.rsa.key, + (void*)ctx); + } + } + else { + WOLFSSL_MSG( + "SCE can handle 1024 or 2048 bit key size. " + "key size is not either 1024 or 2048. " + "Or wrapped key is not installed. " + "RSA operation falls through to SW operation."); + } + } + #endif /* NO_RSA && WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */ + } + #endif /* NO_RSA */ #endif /* TSIP or SCE */ (void)devIdArg; @@ -385,7 +460,8 @@ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated) #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_usable(ssl, session_key_generated); - #elif defined(WOLFSSL_RENESAS_SCEPROTECT) + #elif defined(WOLFSSL_RENESAS_SCEPROTECT) ||\ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) ret = wc_sce_usable(ssl, session_key_generated); #endif @@ -408,11 +484,19 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) #if defined(WOLFSSL_RENESAS_TSIP_TLS) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; - #elif defined(WOLFSSL_RENESAS_SCEPROTECT) + #elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx; #endif - if (cbInfo == NULL || ssl == NULL) { + if (cbInfo == NULL + #if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \ + !defined(HAVE_RENESAS_SYNC) + || ssl == NULL) { + #else + ) { + #endif + printf("Invalid devId\n"); return INVALID_DEVID; } /* need exclusive control because of static variable */ @@ -432,9 +516,11 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) return INVALID_DEVID; } + #if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \ + !defined(HAVE_RENESAS_SYNC) if (ssl) wolfSSL_SetDevId(ssl, cbInfo->devId); - + #endif /* sanity check for overflow */ if (gdevId < 0) { gdevId = 7890; @@ -456,6 +542,10 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id) } #endif /* WOLF_CRYPTO_CB */ +#endif /* WOLFSSL_RENESAS_SCEPROTECT || WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY + /* WOLFSSL_RENESAS_TSIP_TLS*/ + +#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS) /* Renesas Security Library Common Method * Check CA index if CA can be used for SCE/TSIP because @@ -591,8 +681,9 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig, * cm_row CA index * return FSP_SUCCESS(0) on success, otherwise WOLFSSL_FATAL_ERROR */ -int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start, - word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row) +int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, + word32 key_n_start, word32 key_n_len, word32 key_e_start, + word32 key_e_len, word32 cm_row) { int ret; @@ -661,7 +752,8 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, /* Renesas Security Library Common Callback * Callback for setting Encrypt Keys. - * Register callback for setting Encrypt Keys when keys are generated by SCE/TSIP + * Register callback for setting Encrypt Keys when keys are generated + * by SCE/TSIP * * ssl the WOLFSSL object * ctx Callback context @@ -679,11 +771,14 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) #if defined(WOLFSSL_RENESAS_TSIP_TLS) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; + + if (cbInfo->session_key_set == 1) { #elif defined(WOLFSSL_RENESAS_SCEPROTECT) User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx; - #endif - if (cbInfo->session_key_set == 1) { + + if (cbInfo->keyflgs_tls.bits.session_key_set == 1) { + #endif ret = 0; wolfSSL_CTX_SetTlsFinishedCb(ssl->ctx, Renesas_cmn_TlsFinished); diff --git a/wolfcrypt/src/port/Renesas/renesas_sce_aes.c b/wolfcrypt/src/port/Renesas/renesas_sce_aes.c index 9f73a55a3..adad4d5df 100644 --- a/wolfcrypt/src/port/Renesas/renesas_sce_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_sce_aes.c @@ -26,7 +26,8 @@ #ifndef NO_AES -#if defined(WOLFSSL_RENESAS_SCEPROTECT) && \ +#if (defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_AES) #include @@ -151,9 +152,10 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, XMEMSET((void*)cipherBuf, 0, sz + delta); XMEMSET((void*)authTag, 0, authTagSz); } - + + #if defined(WOLFSSL_RENESAS_SCEPROTECT) if (ret == 0 && - info->session_key_set == 1) { + info->keyflgs_tls.bits.session_key_set == 1) { /* generate AES-GCM session key. The key stored in * Aes.ctx.tsip_keyIdx is not used here. */ @@ -174,21 +176,29 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, } } - else if (info->aes256_installedkey_set == 1 || info->aes128_installedkey_set == 1) { - if (aes->ctx.keySize == 32) { - XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes256, - sizeof(sce_aes_wrapped_key_t)); + else { + #else + if (ret == 0) { + #endif + if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 || + info->keyflgs_crypt.bits.aes128_installedkey_set == 1) { + if (aes->ctx.keySize == 32) { + XMEMCPY(&key_client_aes, + (sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256, + sizeof(sce_aes_wrapped_key_t)); + } + else { + XMEMCPY(&key_client_aes, + (sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128, + sizeof(sce_aes_wrapped_key_t)); + } + iv_l = iv; + ivSz_l = ivSz; } else { - XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes128, - sizeof(sce_aes_wrapped_key_t)); + WOLFSSL_MSG("AES key for SCE is not set."); + ret = -1; } - iv_l = iv; - ivSz_l = ivSz; - } - else { - WOLFSSL_MSG("AES key for SCE is not set."); - ret = -1; } if (ret == 0) { @@ -339,9 +349,9 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, XMEMCPY(cipherBuf, in, sz); XMEMCPY(aTagBuf, authTag, authTagSz); } - + #if defined(WOLFSSL_RENESAS_SCEPROTECT) if (ret == 0 && - info->session_key_set == 1) { + info->keyflgs_tls.bits.session_key_set == 1) { /* generate AES-GCM session key. The key stored in * Aes.ctx.tsip_keyIdx is not used here. */ @@ -361,23 +371,31 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, ret = -1; } } - else if (info->aes256_installedkey_set == 1 || info->aes128_installedkey_set == 1) { - if (aes->ctx.keySize == 32) { - XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes256, - sizeof(sce_aes_wrapped_key_t)); + else { + #else + if (ret == 0) { + #endif + if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 || + info->keyflgs_crypt.bits.aes128_installedkey_set == 1) { + if (aes->ctx.keySize == 32) { + XMEMCPY(&key_server_aes, + (sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256, + sizeof(sce_aes_wrapped_key_t)); + } + else { + XMEMCPY(&key_server_aes, + (sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128, + sizeof(sce_aes_wrapped_key_t)); + } + iv_l = iv; + ivSz_l = ivSz; } else { - XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes128, - sizeof(sce_aes_wrapped_key_t)); + WOLFSSL_MSG("AES key for SCE is not set."); + ret = -1; } - iv_l = iv; - ivSz_l = ivSz; } - else { - WOLFSSL_MSG("AES key for SCE is not set."); - ret = -1; - } - + if (ret == 0) { /* since key_index has iv and ivSz in it, no need to pass them init * func. Pass NULL and 0 as 3rd and 4th parameter respectively. diff --git a/wolfcrypt/src/port/Renesas/renesas_sce_rsa.c b/wolfcrypt/src/port/Renesas/renesas_sce_rsa.c new file mode 100644 index 000000000..e866556af --- /dev/null +++ b/wolfcrypt/src/port/Renesas/renesas_sce_rsa.c @@ -0,0 +1,437 @@ +/* renesas_sce_rsa.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#if !defined(NO_RSA) && \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) + +#include +#include + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include +#include +#include +#include + +/* Make Rsa key for SCE and set it to callback ctx + * Assumes to be called by Crypt Callback + * + * size desired keylenth, in bits. supports 1024 or 2048 bits + * ctx Callback context including pointer to hold generated key + * return FSP_SUCCESS(0) on Success, otherwise negative value + */ +WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx) +{ + fsp_err_t ret; + User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx; + + sce_rsa1024_wrapped_pair_key_t *wrapped_pair1024_key = NULL; + sce_rsa2048_wrapped_pair_key_t *wrapped_pair2048_key = NULL; + + /* sanity check */ + if (ctx == NULL) + return BAD_FUNC_ARG; + + + if ((ret = wc_sce_hw_lock()) == 0) { + if (size == 1024) { + wrapped_pair1024_key = + (sce_rsa1024_wrapped_pair_key_t*)XMALLOC( + sizeof(sce_rsa1024_wrapped_pair_key_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + if (wrapped_pair1024_key == NULL) + return MEMORY_E; + + ret = R_SCE_RSA1024_WrappedKeyPairGenerate(wrapped_pair1024_key); + } + else if (size == 2048) { + wrapped_pair2048_key = + (sce_rsa1024_wrapped_pair_key_t*)XMALLOC( + sizeof(sce_rsa2048_wrapped_pair_key_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + if (wrapped_pair2048_key == NULL) + return MEMORY_E; + + ret = R_SCE_RSA2048_WrappedKeyPairGenerate(wrapped_pair2048_key); + } + else + return CRYPTOCB_UNAVAILABLE; + + if (ret == FSP_SUCCESS) { + if (size == 1024) { + if (info->sce_wrapped_key_rsapri1024 != NULL) { + XFREE(info->sce_wrapped_key_rsapri1024, NULL, + DYNAMIC_TYPE_RSA_BUFFER); + } + if (info->sce_wrapped_key_rsapub1024 != NULL) { + XFREE(info->sce_wrapped_key_rsapub1024, NULL, + DYNAMIC_TYPE_RSA_BUFFER); + } + info->sce_wrapped_key_rsapri1024 = + (sce_rsa1024_private_wrapped_key_t*)XMALLOC( + sizeof(sce_rsa1024_private_wrapped_key_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + + if (info->sce_wrapped_key_rsapri1024 == NULL) { + XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + return MEMORY_E; + } + + info->sce_wrapped_key_rsapub1024 = + (sce_rsa1024_public_wrapped_key_t*)XMALLOC( + sizeof(sce_rsa1024_public_wrapped_key_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + + if (info->sce_wrapped_key_rsapub1024 == NULL) { + XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(info->sce_wrapped_key_rsapub1024, 0, + DYNAMIC_TYPE_RSA_BUFFER); + return MEMORY_E; + } + /* copy generated key pair and free malloced key */ + XMEMCPY(info->sce_wrapped_key_rsapri1024, + &wrapped_pair1024_key->priv_key, + sizeof(sce_rsa1024_private_wrapped_key_t)); + XMEMCPY(info->sce_wrapped_key_rsapub1024, + &wrapped_pair1024_key->pub_key, + sizeof(sce_rsa1024_public_wrapped_key_t)); + XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + + info->keyflgs_crypt.bits.rsapri1024_installedkey_set = 1; + info->keyflgs_crypt.bits.rsapub1024_installedkey_set = 1; + } + else if (size == 2048) { + if (info->sce_wrapped_key_rsapri2048 != NULL) { + XFREE(info->sce_wrapped_key_rsapri2048, NULL, + DYNAMIC_TYPE_RSA_BUFFER); + } + if (info->sce_wrapped_key_rsapub2048 != NULL) { + XFREE(info->sce_wrapped_key_rsapub2048, NULL, + DYNAMIC_TYPE_RSA_BUFFER); + } + info->sce_wrapped_key_rsapri2048 = + (sce_rsa2048_private_wrapped_key_t*)XMALLOC( + sizeof(sce_rsa2048_private_wrapped_key_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + + if (info->sce_wrapped_key_rsapri2048 == NULL) { + XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + return MEMORY_E; + } + + info->sce_wrapped_key_rsapub2048 = + (sce_rsa2048_public_wrapped_key_t*)XMALLOC( + sizeof(sce_rsa2048_public_wrapped_key_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + + if (info->sce_wrapped_key_rsapub2048 == NULL) { + XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(info->sce_wrapped_key_rsapub1024, 0, + DYNAMIC_TYPE_RSA_BUFFER); + return MEMORY_E; + } + /* copy generated key pair and free malloced key */ + XMEMCPY(info->sce_wrapped_key_rsapri2048, + &wrapped_pair2048_key->priv_key, + sizeof(sce_rsa2048_private_wrapped_key_t)); + XMEMCPY(info->sce_wrapped_key_rsapub2048, + &wrapped_pair2048_key->pub_key, + sizeof(sce_rsa2048_public_wrapped_key_t)); + XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + + info->keyflgs_crypt.bits.rsapri2048_installedkey_set = 1; + info->keyflgs_crypt.bits.rsapub2048_installedkey_set = 1; + + } + } + else { + WOLFSSL_MSG("Failed to generate key pair by SCE"); + return CRYPTOCB_UNAVAILABLE; + } + + wc_sce_hw_unlock(); + } +} + +/* Perform rsa encryption/decryption by SCE + * Assumes to be called by Crypt Callback + * + * in Buffer to hold plain text + * inLen Length of plain text in bytes + * out Buffer to hold cipher text + * outLen Length of cipher in bytes + * key Rsa key object + * rng rng object + * ctx Callback context + * return FSP_SUCCESS(0) on Success, otherwise negative value + */ +WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out, + word32 outLen, int type, struct RsaKey* key, + struct WC_RNG* rng, void* ctx) +{ + int ret; + + sce_rsa_byte_data_t plain; + sce_rsa_byte_data_t cipher; + User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx; + + int keySize; + + (void) key; + (void) rng; + + /* sanity check */ + if (in == NULL || out == NULL || outLen == NULL || + ctx == NULL){ + return BAD_FUNC_ARG; + } + + keySize = 0; + if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 || + info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 ) + keySize = 2048; + else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 || + info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 ) + keySize = 1024; + + if (keySize == 0) { + WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, " + "1024 or 2048 bits."); + return BAD_FUNC_ARG; + } + + if ((ret = wc_sce_hw_lock()) == 0) { + if (type == RSA_PUBLIC_ENCRYPT) { + + plain.pdata = (byte*)in; + plain.data_length = inLen; + cipher.pdata = out; + cipher.data_length = outLen; + + if (keySize == 1024) { + if(info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1) + ret = R_SCE_RSAES_PKCS1024_Encrypt(&plain, &cipher, + (sce_rsa1024_public_wrapped_key_t*) + info->sce_wrapped_key_rsapub1024); + else { + WOLFSSL_MSG("wrapped public 1024 bits key is not set."); + return BAD_FUNC_ARG; + } + } + else { + if(info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1) + ret = R_SCE_RSAES_PKCS2048_Encrypt(&plain, &cipher, + (sce_rsa2048_public_wrapped_key_t*) + info->sce_wrapped_key_rsapub2048); + else { + WOLFSSL_MSG("wrapped public 2048 bits key is not set."); + return BAD_FUNC_ARG; + } + } + } + else if (type == RSA_PRIVATE_DECRYPT) { + plain.pdata = out; + plain.data_length = outLen; + cipher.pdata = (byte*)in; + cipher.data_length = inLen; + + if (keySize == 1024) { + if(info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1) + ret = R_SCE_RSAES_PKCS1024_Decrypt(&cipher, &plain, + (sce_rsa1024_private_wrapped_key_t*) + info->sce_wrapped_key_rsapri1024); + else { + WOLFSSL_MSG("wrapped private 2048 bits key is not set."); + return BAD_FUNC_ARG; + } + } + else { + if(info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1) + ret = R_SCE_RSAES_PKCS2048_Decrypt(&cipher, &plain, + (sce_rsa2048_private_wrapped_key_t*) + info->sce_wrapped_key_rsapri2048); + else { + WOLFSSL_MSG("wrapped private 2048 bits key is not set."); + return BAD_FUNC_ARG; + } + } + } + + wc_sce_hw_unlock(); + } + return ret; +} + +/* Perform Rsa sign by SCE + * Assumes to be called by Crypt Callback + * + * in Buffer to hold plaintext + * inLen Length of plaintext in bytes + * out Buffer to hold generated signature + * outLen Length of signature in bytes + * key rsa key object + * ctx The callback context + * return FSP_SUCCESS(0) on Success, otherwise negative value + */ + +WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out, + word32* outLen, struct RsaKey* key, void* ctx) +{ + int ret; + + sce_rsa_byte_data_t message_hash; + sce_rsa_byte_data_t signature; + User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx; + int keySize; + + (void) key; + + /* sanity check */ + if (in == NULL || out == NULL || outLen == NULL || + key == NULL || ctx == NULL){ + return BAD_FUNC_ARG; + } + + keySize = 0; + if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 || + info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 ) + keySize = 2048; + else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 || + info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 ) + keySize = 1024; + + if (keySize == 0) { + WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits."); + return BAD_FUNC_ARG; + } + + message_hash.pdata = in; + message_hash.data_length = inLen; + message_hash.data_type = + info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */ + signature.pdata = out; + signature.data_length = outLen; + + if ((ret = wc_sce_hw_lock()) == 0) { + if (keySize == 1024) { + + ret = R_SCE_RSASSA_PKCS1024_SignatureGenerate(&message_hash, + &signature, + (sce_rsa1024_private_wrapped_key_t *) + info->sce_wrapped_key_rsapri1024, + HW_SCE_RSA_HASH_SHA256); + } + else { + + ret = R_SCE_RSASSA_PKCS2048_SignatureGenerate(&message_hash, + &signature, + (sce_rsa2048_private_wrapped_key_t *) + info->sce_wrapped_key_rsapri2048, + HW_SCE_RSA_HASH_SHA256); + } + + wc_sce_hw_unlock(); + } + + return ret; +} + +/* Perform Rsa verify by SCE + * Assumes to be called by Crypt Callback + * + * in Buffer to hold plaintext + * inLen Length of plaintext in bytes + * out Buffer to hold generated signature + * outLen Length of signature in bytes + * key rsa key object + * ctx The callback context + * return FSP_SUCCESS(0) on Success, otherwise negative value + */ + +WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out, + word32* outLen,struct RsaKey* key, void* ctx) +{ + int ret; + + sce_rsa_byte_data_t message_hash; + sce_rsa_byte_data_t signature; + User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx; + int keySize; + + (void) key; + + /* sanity check */ + if (in == NULL || out == NULL || outLen == NULL || + key == NULL || ctx == NULL){ + return BAD_FUNC_ARG; + } + + keySize = 0; + if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 || + info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 ) + keySize = 2048; + else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 || + info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 ) + keySize = 1024; + + if (keySize == 0) { + WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits."); + return BAD_FUNC_ARG; + } + + + message_hash.pdata = in; + message_hash.data_length = inLen; + message_hash.data_type = + info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */ + + signature.pdata = out; + signature.data_length = outLen; + + if ((ret = wc_sce_hw_lock()) == 0) { + if (keySize == 1024) { + + ret = R_SCE_RSASSA_PKCS1024_SignatureVerify(&signature, + &message_hash, + (sce_rsa1024_public_wrapped_key_t *) + info->sce_wrapped_key_rsapub1024, + HW_SCE_RSA_HASH_SHA256); + } + else { + + ret = R_SCE_RSASSA_PKCS2048_SignatureVerify(&signature, + &message_hash, + (sce_rsa2048_public_wrapped_key_t *) + info->sce_wrapped_key_rsapub2048, + HW_SCE_RSA_HASH_SHA256 ); + } + + wc_sce_hw_unlock(); + } + + return ret; +} + +#endif /* !NO_RSA && WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */ diff --git a/wolfcrypt/src/port/Renesas/renesas_sce_sha.c b/wolfcrypt/src/port/Renesas/renesas_sce_sha.c index 37f9adb0e..959ea9565 100644 --- a/wolfcrypt/src/port/Renesas/renesas_sce_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_sce_sha.c @@ -30,7 +30,8 @@ #include -#if defined(WOLFSSL_RENESAS_SCEPROTECT) +#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) #include #include diff --git a/wolfcrypt/src/port/Renesas/renesas_sce_util.c b/wolfcrypt/src/port/Renesas/renesas_sce_util.c index f6bd06f56..6d791700a 100644 --- a/wolfcrypt/src/port/Renesas/renesas_sce_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_sce_util.c @@ -20,7 +20,8 @@ */ #include -#if defined(WOLFSSL_RENESAS_SCEPROTECT) +#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) #include #include @@ -168,6 +169,8 @@ WOLFSSL_LOCAL void wc_sce_Close() } } +#ifndef WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY + #if defined(WOLFSSL_RENESAS_SCEPROTECT_ECC) /* Verify Server Key Exchange while doing ECDH key exchange */ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig, @@ -220,11 +223,11 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig if (ret != FSP_SUCCESS) { WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify"); - cbInfo->pk_key_set = 0; + cbInfo->keyflgs_tls.bits.pk_key_set = 0; } else { ret = WOLFSSL_SUCCESS; - cbInfo->pk_key_set = 1; + cbInfo->keyflgs_tls.bits.pk_key_set = 1; } } else { @@ -358,7 +361,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n", side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id); - if (cbInfo->pk_key_set == 1) { + if (cbInfo->keyflgs_tls.bits.pk_key_set == 1) { if ((ret = wc_sce_hw_lock()) == 0) { /* Generate ECC PUblic key pair */ ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate( @@ -404,6 +407,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, return ret; } #endif + /* Return tls cipher suite enumeration that is supported by SCE library */ static uint32_t GetSceCipherSuite( uint8_t cipherSuiteFirst, @@ -780,7 +784,7 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl, dec->aes->devId = devId; /* marked as session key is set */ - cbInfo->session_key_set = 1; + cbInfo->keyflgs_tls.bits.session_key_set = 1; } /* unlock hw */ wc_sce_hw_unlock(); @@ -1134,8 +1138,8 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) return -1; } gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx] = (User_SCEPKCbInfo*)user_ctx; - gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->pk_key_set = 0; - gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->session_key_set = 0; + gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.pk_key_set = 0; + gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.session_key_set = 0; wolfSSL_SetEccVerifyCtx(ssl, user_ctx); wolfSSL_SetRsaEncCtx(ssl, user_ctx); @@ -1151,5 +1155,6 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) return 0; } +#endif /* !WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */ -#endif /* WOLFSSL_RENESAS_SCEPROTECT */ +#endif /* WOLFSSL_RENESAS_SCEPROTECT || WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */ diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 259dc5a68..4d37a4395 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3488,7 +3488,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } return ret; } -#elif defined(WOLFSSL_RENESAS_SCEPROTECT) +#elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) #include "r_sce.h" int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index c756d8ee2..61288aa4f 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3385,7 +3385,22 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, pad_value, pad_type, hash, mgf, label, labelSz, sz); } - #endif /* WOLFSSL_CRYPTOCELL */ + #elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) + /* SCE needs warpped key which is passed via + * user ctx object of crypt-call back. + */ + #ifdef WOLF_CRYPTO_CB + if (key->devId != INVALID_DEVID) { + /* SCE supports 1024 and 2048 bits */ + ret = wc_CryptoCb_Rsa(in, inLen, out, + outLen, rsa_type, key, rng); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + ret = 0; /* reset error code and try using software */ + } + #endif + #endif /* WOLFSSL_SE050 */ key->state = RSA_STATE_ENCRYPT_PAD; ret = wc_RsaPad_ex(in, inLen, out, (word32)sz, pad_value, rng, pad_type, @@ -3529,6 +3544,18 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, } return ret; } + #elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) + #ifdef WOLF_CRYPTO_CB + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Rsa(in, inLen, out, + outLen, rsa_type, key, rng); + if (ret != CRYPTOCB_UNAVAILABLE) + return ret; + /* fall-through when unavailable */ + ret = 0; /* reset error code and try using software */ + } + #endif + #endif /* WOLFSSL_CRYPTOCELL */ diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 75b975eb8..ffdd4019a 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -222,7 +222,9 @@ on the specific device platform. (!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \ !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \ - (!defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) && \ + ((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \ + !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) \ + || defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) && \ (!defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)) && \ !defined(WOLFSSL_RENESAS_RX64_HASH) @@ -796,7 +798,8 @@ static int InitSha256(wc_Sha256* sha256) /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */ -#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \ +#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH) /* implemented in wolfcrypt/src/port/Renesas/renesas_sce_sha.c */ @@ -1804,7 +1807,8 @@ void wc_Sha256Free(wc_Sha256* sha256) (defined(WOLFSSL_DEVCRYPTO_HASH) && defined(WOLFSSL_DEVCRYPTO_HASH_KEEP)) || \ (defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) || \ - (defined(WOLFSSL_RENESAS_SCEPROTECT) && \ + ((defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) || \ defined(WOLFSSL_RENESAS_RX64_HASH) || \ defined(WOLFSSL_HASH_KEEP) @@ -1992,7 +1996,8 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz) /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */ -#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \ +#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH) /* implemented in wolfcrypt/src/port/Renesas/renesas_sce_sha.c */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index f8629df2d..b6736e501 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -61,7 +61,8 @@ #if defined(WOLFSSL_RENESAS_TSIP) #include #endif -#if defined(WOLFSSL_RENESAS_SCE) +#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) #include #endif #if defined(WOLFSSL_RENESAS_RX64_HASH) @@ -187,7 +188,8 @@ int wolfCrypt_Init(void) } #endif - #if defined(WOLFSSL_RENESAS_SCEPROTECT) + #if defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) ret = wc_sce_Open( ); if( ret != FSP_SUCCESS ) { WOLFSSL_MSG("RENESAS SCE Open failed"); @@ -436,7 +438,8 @@ int wolfCrypt_Cleanup(void) rx64_hw_Close(); #endif - #ifdef WOLFSSL_RENESAS_SCEPROTECT + #if defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) wc_sce_Close(); #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 2455c977a..29e3577a5 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -375,6 +375,7 @@ #endif #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \ defined(WOLFSSL_SECO_CAAM) #define HASH_SIZE_LIMIT #endif @@ -3006,7 +3007,7 @@ WOLFSSL_TEST_SUBROUTINE int sha256_test(void) (word32)sizeof(large_input)); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); - } + } ret = wc_Sha256Final(&sha, hash); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 719512cc5..90cb8a86c 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -296,7 +296,8 @@ struct Aes { defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) TSIP_AES_CTX ctx; #endif -#if defined(WOLFSSL_RENESAS_SCEPROTECT) +#if defined(WOLFSSL_RENESAS_SCEPROTECT) ||\ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) SCE_AES_CTX ctx; #endif #if defined(WOLFSSL_IMXRT_DCP) diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h index 1a02c6b01..35847131c 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h @@ -34,10 +34,30 @@ extern "C" { #define MAX_SCE_CBINDEX 5 +typedef void* renesas_sce_wrappedkey; + +/* flsgas related to TLS */ +struct sce_keyflgs_tls { + uint8_t pk_key_set:1; + uint8_t session_key_set:1; +}; + +/* flags Crypt Only */ +struct sce_keyflgs_cryt { + uint8_t aes256_installedkey_set:1; + uint8_t aes128_installedkey_set:1; + uint8_t rsapri2048_installedkey_set:1; + uint8_t rsapub2048_installedkey_set:1; + uint8_t rsapri1024_installedkey_set:1; + uint8_t rsapub1024_installedkey_set:1; + uint8_t message_type:1;/*message 0, hashed 1*/ +}; + typedef struct tagUser_SCEPKCbInfo { /* unique number for each session */ int devId; - + #if defined(WOLFSSL_RENESAS_SCEPROTECT) && \ + !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) /* out from R_SCE_TLS_ServerKeyExchangeVerify */ uint32_t encrypted_ephemeral_ecdh_public_key[SCE_TLS_ENCRYPTED_ECCPUBKEY_SZ]; /* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */ @@ -48,17 +68,35 @@ typedef struct tagUser_SCEPKCbInfo { uint8_t sce_clientRandom[SCE_TLS_CLIENTRANDOM_SZ]; uint8_t sce_serverRandom[SCE_TLS_SERVERRANDOM_SZ]; uint8_t sce_cipher; + + #endif /* installed key handling */ - sce_aes_wrapped_key_t sce_wrapped_key_aes256; - uint8_t aes256_installedkey_set:1; - sce_aes_wrapped_key_t sce_wrapped_key_aes128; - uint8_t aes128_installedkey_set:1; + /* aes */ + renesas_sce_wrappedkey sce_wrapped_key_aes256; + renesas_sce_wrappedkey sce_wrapped_key_aes128; + #if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) + /* rsa */ + renesas_sce_wrappedkey sce_wrapped_key_rsapri2048; + renesas_sce_wrappedkey sce_wrapped_key_rsapub2048; + renesas_sce_wrappedkey sce_wrapped_key_rsapri1024; + renesas_sce_wrappedkey sce_wrapped_key_rsapub1024; + #endif + + /* key status flags */ /* flag whether encrypted ec key is set */ - uint8_t pk_key_set:1; - uint8_t session_key_set:1; - + union { + uint8_t chr; + struct sce_keyflgs_tls bits; + } keyflgs_tls; + /* key status flags */ + /* flags shows status if wrapped keys are installed */ + union { + uint8_t chr; + struct sce_keyflgs_cryt bits; + } keyflgs_crypt; + } User_SCEPKCbInfo; typedef struct tagSCE_PKCbInfo { @@ -138,7 +176,9 @@ typedef wolfssl_SCE_Hash wc_Sha256; #endif /* NO_SHA */ - +#if defined(WOLFSSL_RENESAS_SCEPROTECT) && \ + !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPT_ONLY) + WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify( const uint8_t* cert, uint32_t cert_len, uint32_t key_n_start, uint32_t key_n_len, @@ -220,5 +260,19 @@ WOLFSSL_API void wc_sce_inform_user_keys( WOLFSSL_API void wc_sce_set_callbacks(struct WOLFSSL_CTX* ctx); WOLFSSL_API int wc_sce_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx); WOLFSSL_API void wc_sce_inform_cert_sign(const uint8_t *sign); - + +/* rsa */ +struct RsaKey; +struct WC_RNG; +WOLFSSL_API int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out, + word32 outLen, int type, struct RsaKey* key, struct WC_RNG* rng, void* ctx); +WOLFSSL_API int wc_sce_MakeRsaKey(int size, void* ctx); +WOLFSSL_API int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out, + word32* outLen, struct RsaKey* key, void* ctx); +WOLFSSL_API int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out, + word32* outLen,struct RsaKey* key, void* ctx); + +#endif /* WOLFSSL_RENESAS_SCEPROTECT && + * !WOLFSSL_RENESAS_SCEPROTECT_CRYPT_ONLY */ + #endif /* __RENESAS_SCE_CRYPT_H__ */ diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index c6665c90b..51a91a052 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -153,7 +153,8 @@ enum { #elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h" -#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \ +#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH) #include "wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h" #elif defined(WOLFSSL_RENESAS_RX64_HASH)