feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5005 from dgarske/renesas_spell

Browse Source
This commit is contained in:
Chris Conlon
2022-03-31 17:44:04 -06:00
committed by GitHub
parent 7b21cd8cf0 1993851274
commit b45cd921b6
10 changed files with 939 additions and 927 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl.c
View File

@@ -44142,13 +44142,13 @@ void wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX* ctx, CallbackGenSessionKey cb)
if (ctx) if (ctx)
ctx->GenSessionKeyCb = cb; ctx->GenSessionKeyCb = cb;
} }
/* Set sesssion key generation callback context */ /* Set session key generation callback context */
void wolfSSL_SetGenSessionKeyCtx(WOLFSSL* ssl, void *ctx) void wolfSSL_SetGenSessionKeyCtx(WOLFSSL* ssl, void *ctx)
{ {
if (ssl) if (ssl)
ssl->GenSessionKeyCtx = ctx; ssl->GenSessionKeyCtx = ctx;
} }
/* Get sesssion key generation callback context */ /* Get session key generation callback context */
void* wolfSSL_GetGenSessionKeyCtx(WOLFSSL* ssl) void* wolfSSL_GetGenSessionKeyCtx(WOLFSSL* ssl)
{ {
if (ssl) if (ssl)

93
wolfcrypt/src/port/Renesas/README.md
View File

@@ -1,5 +1,8 @@
# TSIP FIT Module port # TSIP FIT Module port
Support for TSIP FIT driver for symmetric AES, SHA1/SHA256 hardware acceleration and TLS-linked capability including Root CA, the server certificate or intermediate certificate verification.
Support for TSIP FIT driver for symmetric AES, SHA1/SHA256 hardware acceleration
and TLS-linked capability including Root CA, the server certificate or
intermediate certificate verification.
## Overview ## Overview
Renesas TSIP FIT module with wolfSSL by setting *WOLFSSL_RENESAS_TSIP* definition. Renesas TSIP FIT module with wolfSSL by setting *WOLFSSL_RENESAS_TSIP* definition.
@@ -13,6 +16,7 @@ Including the following examples:
The *user_settings.h* file enables some of the hardened settings. The *user_settings.h* file enables some of the hardened settings.
## Requirements ## Requirements
### 1. [Renesas TSIP FIT module](https://www.renesas.com/us/en/products/software-tools/software-os-middleware-driver/security-crypto/trusted-secure-ip-driver.html) ### 1. [Renesas TSIP FIT module](https://www.renesas.com/us/en/products/software-tools/software-os-middleware-driver/security-crypto/trusted-secure-ip-driver.html)
[FIT module](https://www.renesas.com/us/en/products/software-tools/software-os-middleware-driver/software-package/fit.html) [FIT module](https://www.renesas.com/us/en/products/software-tools/software-os-middleware-driver/software-package/fit.html)
Note : The included example program is tested with <u>TSIP FIT version **1.06**</u>. Note : The included example program is tested with <u>TSIP FIT version **1.06**</u>.
@@ -23,21 +27,34 @@ Note : The included example program is tested with <u>TSIP FIT version **1.06**<
Note : The included example program is tested with [GR-ROSE](http://gadget.renesas.com/en/product/rose.html), which is classified to RX65N. Note : The included example program is tested with [GR-ROSE](http://gadget.renesas.com/en/product/rose.html), which is classified to RX65N.
## Setup and Build wolfSSL library ## Setup and Build wolfSSL library
1. Uncomment out #define WOLFSSL_RENESAS_TSIP in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h 1. Uncomment out `#define WOLFSSL_RENESAS_TSIP` in `/path/to/wolfssl/wolfssl/wolfcrypt/settings.h`
Uncomment out #define WOLFSSL_RENESAS_RX65N in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h 2. Uncomment out `#define WOLFSSL_RENESAS_RX65N` in `/path/to/wolfssl/wolfssl/wolfcrypt/settings.h`
2. Open a project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/wolfssl/ by e2studio and build to create wolfssl library 3. Open a project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/wolfssl/ by e2studio and build to create wolfssl library
Note : Generating FIT module source files in advance are required to compile wolfSSL when enabling WOLFSSL_RENESAS_TSIP and WOLFSSL_RENESAS_RX65N. Please see for creating FIT module files at "Setup and Build and example program" in this readme below.
Note : Generating FIT module source files in advance are required to compile wolfSSL
when enabling `WOLFSSL_RENESAS_TSIP` and `WOLFSSL_RENESAS_RX65N`. Please see for
creating FIT module files at "Setup and Build and example program" in this readme below.
To disable portions of the hardware acceleration you can optionally define: To disable portions of the hardware acceleration you can optionally define:
``` ```c
/* Disabled SHA acceleration */ /* Disabled SHA acceleration */
#define NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH #define NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH
/* Disabled TLS-linked acceleration */ /* Disabled TLS-linked acceleration */
#define NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION #define NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION
``` ```
### Benchmarks
**Software only implementation:** ## Benchmarks
Platform:
Renesas : e2Studio v7.4.0
ToolChain : Renesas CCRX version 3.00.00
TSIP FIT : version 1.0.6
Board : [GR-ROSE](http://gadget.renesas.com/en/product/rose.html)
wolfSSL : 4.1.0
### Software only implementation:
*block cipher* *block cipher*
``` ```
RNG 200 KB took 1.099 seconds, 182.000 KB/s RNG 200 KB took 1.099 seconds, 182.000 KB/s
@@ -50,35 +67,31 @@ SHA-256 425 KB took 1.038 seconds, 409.520 KB/s
TLS_RSA_WITH_AES_128_CBC_SHA : 0.651 (s) TLS_RSA_WITH_AES_128_CBC_SHA : 0.651 (s)
TLS_RSA_WITH_AES_128_CBC_SHA256 : 0.651 (s) TLS_RSA_WITH_AES_128_CBC_SHA256 : 0.651 (s)
TLS_RSA_WITH_AES_256_CBC_SHA : 0.642 (s) TLS_RSA_WITH_AES_256_CBC_SHA : 0.642 (s)
TLS_RSA_WITH_AES_256_CBAC_SHA256 : 0.662 (s) TLS_RSA_WITH_AES_256_CBC_SHA256 : 0.662 (s)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 2.050 (s) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 2.050 (s)
``` ```
**Hardware acceleration:** ### Hardware acceleration:
*block cipher* *block cipher*
``` ```
RNG 1 MB took 1.011 seconds, 1.038 MB/s RNG 1 MB took 1.011 seconds, 1.038 MB/s
SHA 12 MB took 1.001 seconds, 11.515 MB/s SHA 12 MB took 1.001 seconds, 11.515 MB/s
SHA-256 13 MB took 1.001 seconds, 12.900 MB/s SHA-256 13 MB took 1.001 seconds, 12.900 MB/s
``` ```
*TLS establishment time with TLS-linked capability* *TLS establishment time with TLS-linked capability*
*Perform full TLS-linked capability* *Perform full TLS-linked capability*
``` ```
TLS_RSA_WITH_AES_128_CBC_SHA : 0.141 (s) TLS_RSA_WITH_AES_128_CBC_SHA : 0.141 (s)
TLS_RSA_WITH_AES_128_CBC_SHA256 : 0.141 (s) TLS_RSA_WITH_AES_128_CBC_SHA256 : 0.141 (s)
TLS_RSA_WITH_AES_256_CBC_SHA : 0.141 (s) TLS_RSA_WITH_AES_256_CBC_SHA : 0.141 (s)
TLS_RSA_WITH_AES_256_CBAC_SHA256 : 0.144 (s) TLS_RSA_WITH_AES_256_CBC_SHA256 : 0.144 (s)
``` ```
*Perform certificate verification by TSIP TLS-linked API* *Perform certificate verification by TSIP TLS-linked API*
``` ```
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 1.721 (s) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 1.721 (s)
``` ```
Condition:
Renesas : e2Studio v7.4.0
ToolChain : Renesas CCRX version 3.00.00
TSIP FIT : version 1.0.6
Board : [GR-ROSE](http://gadget.renesas.com/en/product/rose.html)
wolfSSL : 4.1.0
## Setup and Build an example program ## Setup and Build an example program
An example program expects the following FIT modules: An example program expects the following FIT modules:
@@ -123,24 +136,29 @@ Now, it is able to copy these FIT modules into an example project.
5. Copy the FIT modules into the folder that is created at step 4. 5. Copy the FIT modules into the folder that is created at step 4.
6. Open an example project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/ by e2studio 6. Open an example project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/ by e2studio
7. Enable a macro definition in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h for application type 7. Enable a macro definition in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h for application type
`#define CRYPT_TEST // enable crypt test`
`#define BENCHMARK // enable benchmark application` ```c
`#define TLS_CLIENT // enable simple tls client application` #define CRYPT_TEST /* enable crypt test */
`#define TLS_SERVER // enable simple tls server application` #define BENCHMARK /* enable benchmark application */
`#define USE_TSIP_TLS // to inform user key and flash keying, when using TSIP` #define TLS_CLIENT /* enable simple tls client application */
#define TLS_SERVER /* enable simple tls server application */
#define USE_TSIP_TLS /* to inform user key and flash keying, when using TSIP */
```
Note: CRYPT_TEST and BENCHMARK can be enabled at the same time. TLS_CLIENT and TLS_SERVER cannot be enabled together other definitions. Note: CRYPT_TEST and BENCHMARK can be enabled at the same time. TLS_CLIENT and TLS_SERVER cannot be enabled together other definitions.
7. Setup debug configuration based on your debug hardware 7. Setup debug configuration based on your debug hardware
## Run client/server program on the device ## Run client/server program on the device
When testing the embedded client or server on the device, it is recommended to test against one of the standard wolfSSL example application running on a desktop machine. When testing the embedded client or server on the device, it is recommended to test against one
of the standard wolfSSL example application running on a desktop machine.
For the embedded client, an example server commands for running on a desktop machine, IP address 192.168.1.45, is as follows: For the embedded client, an example server commands for running on a desktop machine, IP address 192.168.1.45, is as follows:
`$./example/server/server -b -d -i` `./example/server/server -b -d -i`
For the embedded server, an example client commands for running on a desktop machine is as follows: For the embedded server, an example client commands for running on a desktop machine is as follows:
`$./example/client/client -h 192.168.1.33 -p 11111` `./example/client/client -h 192.168.1.33 -p 11111`
## Modify an example program ## Modify an example program
To use own TSIP keys for TSIP TLS-linked API use, it needs own flash keyring, PSS signed signature and RSA key. To use own TSIP keys for TSIP TLS-linked API use, it needs own flash keyring, PSS signed signature and RSA key.
@@ -154,23 +172,24 @@ To use own TSIP keys for TSIP TLS-linked API use, it needs own flash keyring, PS
To use TSIP TLS-linked APIs, it needs RSA key pair and Root CA certificate bundle signature by RSA 2048 PSS with SHA256. To use TSIP TLS-linked APIs, it needs RSA key pair and Root CA certificate bundle signature by RSA 2048 PSS with SHA256.
Shell and Perl script program in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/tools/ can be used for the purpose. Shell and Perl script program in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/tools/ can be used for the purpose.
* generate_rsa_keypair.sh : generate RSA 2048 bit key pair. Show modulus and public exponent when specifying "-s" option * `generate_rsa_keypair.sh`: generate RSA 2048 bit key pair. Show modulus and public exponent when specifying "-s" option
* rsa_pss_sign.sh : sign the file by the specified private key * `rsa_pss_sign.sh`: sign the file by the specified private key
* genhexbuf.pl : generate C header file including a byte array generated from the specified file in the script * `genhexbuf.pl`: generate C header file including a byte array generated from the specified file in the script
Modulus and public exponent showed by `generate_rsa_keypair.sh` can be used for input date to Renesas Secure Flash Programmer to generate encrypted RSA keys for TSIP TLS-linked API use. Please follow the instruction about how to generate RSA keys in the TSIP manual. Modulus and public exponent showed by `generate_rsa_keypair.sh` can be used for input date to
Renesas Secure Flash Programmer to generate encrypted RSA keys for TSIP TLS-linked API use.
Please follow the instruction about how to generate RSA keys in the TSIP manual.
Generated byte array of signed signature by `genhexbuf.pl` can be replaced signature data in key_data.c of an example program.
Generated byte array of signed signature by genhexbuf.pl can be replaced signature data in key_data.c of an example program. Encrypted RSA key and generated byte array of signed signature need to be informed wolfSSL library before loading CA certification.
Please see `SetTsipTlskey()` function an example program about how to inform them.
Encrypted RSA key and generated byte array of signed signature need to be informed wolfSSL library before loading CA certification. Please see SetTsipTlskey() function an example program about how to inform them.
### Coding ### Coding
In your application you must include <wolfssl/wolfcrypt/settings.h> before any other wolfSSL headers. If building the sources directly we recommend defining `WOLFSSL_USER_SETTINGS` and adding your own `user_settings.h` file. You can find a good reference for this in `/path/to/Renesas/e2studio/Projects/common/user_settings.h`. In your application you must include <wolfssl/wolfcrypt/settings.h> before any other wolfSSL headers.
If building the sources directly we recommend defining `WOLFSSL_USER_SETTINGS` and adding your own `user_settings.h` file.
You can find a good reference for this in `/path/to/Renesas/e2studio/Projects/common/user_settings.h`.
## Support ## Support
For question please email [support@wolfssl.com] For question please email [support@wolfssl.com]

67
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@@ -45,7 +45,7 @@ static int devId = 7890; /* dev Id for Crypt Callback */
#include <wolfssl/wolfcrypt/cryptocb.h> #include <wolfssl/wolfcrypt/cryptocb.h>
/* Renesas Security Library Common Callback /* Renesas Security Library Common Callback
* For Crypto Call back * For Crypto Callbacks
* *
* devIdArg device Id * devIdArg device Id
* info pointer to wc_CryptInfo * info pointer to wc_CryptInfo
@@ -82,7 +82,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
cbInfo->session_key_set == 1) { cbInfo->session_key_set == 1) {
if (info->cipher.enc) { if (info->cipher.enc) {
ret = wc_tsip_AesGcmEncrypt( ret = wc_tsip_AesGcmEncrypt(
info->cipher.aesgcm_enc.aes, info->cipher.aesgcm_enc.aes,
(byte*)info->cipher.aesgcm_enc.out, (byte*)info->cipher.aesgcm_enc.out,
@@ -98,7 +97,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
} }
else { else {
ret = wc_tsip_AesGcmDecrypt( ret = wc_tsip_AesGcmDecrypt(
info->cipher.aesgcm_dec.aes, info->cipher.aesgcm_dec.aes,
(byte*)info->cipher.aesgcm_dec.out, (byte*)info->cipher.aesgcm_dec.out,
@@ -119,7 +117,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
cbInfo->session_key_set == 1) { cbInfo->session_key_set == 1) {
if (info->cipher.enc) { if (info->cipher.enc) {
ret = wc_tsip_AesCbcEncrypt( ret = wc_tsip_AesCbcEncrypt(
info->cipher.aescbc.aes, info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out, (byte*)info->cipher.aescbc.out,
@@ -128,7 +125,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
} }
else { else {
ret = wc_tsip_AesCbcDecrypt( ret = wc_tsip_AesCbcDecrypt(
info->cipher.aescbc.aes, info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out, (byte*)info->cipher.aescbc.out,
@@ -368,7 +364,7 @@ WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx)
/* check if the root CA has been verified by TSIP/SCE, /* check if the root CA has been verified by TSIP/SCE,
* and it exists in the CM table. * and it exists in the CM table.
*/ */
static byte sce_tsip_rootCAverified( ) static byte sce_tsip_rootCAverified(void)
{ {
WOLFSSL_ENTER("sce_tsip_rootCAverified"); WOLFSSL_ENTER("sce_tsip_rootCAverified");
return (g_CAscm_Idx != (uint32_t)-1 ? 1:0); return (g_CAscm_Idx != (uint32_t)-1 ? 1:0);
@@ -382,7 +378,7 @@ static byte sce_tsip_rootCAverified( )
* out Buffer to hold hash * out Buffer to hold hash
* key Buffer to hold ecc key * key Buffer to hold ecc key
* keySz Length of key in bytes * keySz Length of key in bytes
* return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code * return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/ */
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
byte** out, const byte* key, word32 keySz, void* ctx) byte** out, const byte* key, word32 keySz, void* ctx)
@@ -395,7 +391,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
ret = wc_tsip_RsaVerify(ssl, sig, sigSz, out, key, keySz, ctx); ret = wc_tsip_RsaVerify(ssl, sig, sigSz, out, key, keySz, ctx);
if (ret == 0) { if (ret == 0) {
/* Set Call back for SharedScret when being successful */ /* Set Callback for SharedSecret when successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, wc_tsip_EccSharedSecret); wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, wc_tsip_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx); wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
} }
@@ -409,7 +405,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
ret = wc_SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx); ret = wc_SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx);
if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) { if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) {
/* Set Call back for SharedScret when being successful */ /* Set Callback for SharedSecret when successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret); wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx); wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
} }
@@ -433,7 +429,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
* key Buffer to hold ecc key * key Buffer to hold ecc key
* keySz Length of key in bytes * keySz Length of key in bytes
* result a pointer to int indicates if the verify is ok * result a pointer to int indicates if the verify is ok
* return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code * return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/ */
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig, WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz, uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
@@ -447,7 +443,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
ret = wc_tsip_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz, ret = wc_tsip_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz,
result, ctx); result, ctx);
if (ret == 0 && *result == 1) { if (ret == 0 && *result == 1) {
/* Set callback for SharedScret when being successful */ /* Set callback for SharedSecret when being successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, wc_tsip_EccSharedSecret); wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, wc_tsip_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx); wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
} }
@@ -460,7 +456,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
ret = wc_SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz, ret = wc_SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz,
result, ctx); result, ctx);
if (ret == 0 && *result == 1 && ret != CRYPTOCB_UNAVAILABLE) { if (ret == 0 && *result == 1 && ret != CRYPTOCB_UNAVAILABLE) {
/* Set callback for SharedScret when being successful */ /* Set callback for SharedSecret when being successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret); wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx); wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
} }
@@ -483,7 +479,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
* key_e_start Byte position of public key exponent in cert * key_e_start Byte position of public key exponent in cert
* key_e_len Length of public key exponent * key_e_len Length of public key exponent
* cm_row CA index * cm_row CA index
* return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code * return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/ */
int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start, int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start,
word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row) word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row)
@@ -517,8 +513,8 @@ int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_
* ssl the WOLFSSL object * ssl the WOLFSSL object
* side CLIENT or SERVER * side CLIENT or SERVER
* handshake_hash hash while doing handshake * handshake_hash hash while doing handshake
* hashes calculated data by SCE/TSIP pseduo random function * hashes calculated data by SCE/TSIP pseudo random function
* return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code * return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/ */
WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
const byte *handshake_hash, const byte *handshake_hash,
@@ -532,13 +528,14 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
/* sanity check */ /* sanity check */
if (ssl == NULL || ctx == NULL || side == NULL || handshake_hash == NULL || if (ssl == NULL || ctx == NULL || side == NULL || handshake_hash == NULL ||
hashes == NULL ) hashes == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateVerifyData(ssl->arrays->tsip_masterSecret, ret = wc_tsip_generateVerifyData(ssl->arrays->tsip_masterSecret,
side, handshake_hash, hashes); side, handshake_hash, hashes);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) #elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret, /* master secret */ ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret,
side, handshake_hash, hashes); side, handshake_hash, hashes);
#endif #endif
@@ -551,7 +548,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
* *
* ssl the WOLFSSL object * ssl the WOLFSSL object
* ctx Callback context * ctx Callback context
* return 0 on sucess, -1 when keys are not generated by SCE/TSIP * return 0 on success, -1 when keys are not generated by SCE/TSIP
*/ */
static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
{ {
@@ -585,13 +582,13 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
} }
/* Renesas Security Library Common Callback /* Renesas Security Library Common Callback
* Callback for Sesssion Key generation * Callback for Session Key generation
* Register callback for Set Keys when keys are successfully * Register callback for Set Keys when keys are successfully
* generated by SCE/TSIP * generated by SCE/TSIP
* *
* ssl the WOLFSSL object * ssl the WOLFSSL object
* ctx Callback context * ctx Callback context
* return FSP_SUCCESS(0) on sucess, otherwise SCE/TSIP error code * return FSP_SUCCESS(0) on success, otherwise SCE/TSIP error code
*/ */
WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx) WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
{ {
@@ -604,6 +601,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
/* sanity check */ /* sanity check */
if (ssl == NULL || ctx == NULL) if (ssl == NULL || ctx == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, devId); ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, devId);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) #elif defined(WOLFSSL_RENESAS_SCEPROTECT)
@@ -630,7 +628,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
* premaster Buffer to hold pre master * premaster Buffer to hold pre master
* preSz Length of pre-master * preSz Length of pre-master
* ctx Callback context * ctx Callback context
* return FSP_SUCCESS(0) on sucess, * return FSP_SUCCESS(0) on success,
* otherwise PROTOCOLCB_UNAVAILABLE * otherwise PROTOCOLCB_UNAVAILABLE
* so that caller could continue to process if want * so that caller could continue to process if want
*/ */
@@ -671,7 +669,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl,
* *
* ssl the WOLFSSL object * ssl the WOLFSSL object
* ctx Callback context * ctx Callback context
* return FSP_SUCCESS(0) on sucess, * return FSP_SUCCESS(0) on success,
* otherwise PROTOCOLCB_UNAVAILABLE * otherwise PROTOCOLCB_UNAVAILABLE
* so that caller could continue to process if want * so that caller could continue to process if want
*/ */
@@ -757,7 +755,7 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx)
* KeyDer Buffer holding Key in der format * KeyDer Buffer holding Key in der format
* KeySz Length of Key Der * KeySz Length of Key Der
* ctx Callback context * ctx Callback context
* return FSP_SUCCESS(0) on sucess, * return FSP_SUCCESS(0) on success,
* otherwise CRYPTOCB_UNAVAILABLE * otherwise CRYPTOCB_UNAVAILABLE
* so that caller could continue to process if want * so that caller could continue to process if want
*/ */
@@ -786,7 +784,6 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in,
EncSz = wc_RsaEncryptSize(ssl->peerRsaKey); EncSz = wc_RsaEncryptSize(ssl->peerRsaKey);
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (tsip_usable(ssl, 0)) { if (tsip_usable(ssl, 0)) {
if (EncSz == 256) { if (EncSz == 256) {
ret = wc_tsip_generateEncryptPreMasterSecret(ssl, out, outSz); ret = wc_tsip_generateEncryptPreMasterSecret(ssl, out, outSz);
@@ -824,7 +821,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in,
* macSz Length of mac size * macSz Length of mac size
* content content of inner data * content content of inner data
* ctx Callback context * ctx Callback context
* return FSP_SUCCESS(0) on sucess, * return FSP_SUCCESS(0) on success,
* otherwise PROTOCOLCB_UNAVAILABLE * otherwise PROTOCOLCB_UNAVAILABLE
* so that caller could continue to process if want * so that caller could continue to process if want
*/ */
@@ -862,8 +859,8 @@ WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message,
* sz Length of in data * sz Length of in data
* padSz Length of padding * padSz Length of padding
* content content of inner data * content content of inner data
* epocOrder * epochOrder
* return FSP_SUCCESS(0) on sucess, otherwise error code * return FSP_SUCCESS(0) on success, otherwise error code
*/ */
WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest,
const byte* in, word32 sz, int padSz, int content, int verify, int epochOrder) const byte* in, word32 sz, int padSz, int content, int verify, int epochOrder)
@@ -926,7 +923,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest,
* keyDer Buffer to hold rsa key * keyDer Buffer to hold rsa key
* keySz Length of key in bytes * keySz Length of key in bytes
* ctx Callback context * ctx Callback context
* return FSP_SUCCESS(0) on sucess, * return FSP_SUCCESS(0) on success,
* otherwise CRYPTOCB_UNAVAILABLE * otherwise CRYPTOCB_UNAVAILABLE
* so that caller could continue to process if want * so that caller could continue to process if want
*/ */
@@ -953,8 +950,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig,
} }
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (CertAtt->keyIndex != NULL) if (CertAtt->keyIndex != NULL) {
{
ret = wc_tsip_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz, ret = wc_tsip_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin, CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1, CertAtt->pubkey_n_len - 1,
@@ -973,8 +969,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig,
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) #elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (CertAtt->keyIndex != NULL) if (CertAtt->keyIndex != NULL) {
{
ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz, ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin, CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1, CertAtt->pubkey_n_len - 1,
@@ -1007,7 +1002,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig,
* keySz Length of key in bytes * keySz Length of key in bytes
* result A pointer to int indicates a result * result A pointer to int indicates a result
* ctx Callback context * ctx Callback context
* return FSP_SUCCESS(0) on sucess, * return FSP_SUCCESS(0) on success,
* otherwise CRYPTOCB_UNAVAILABLE * otherwise CRYPTOCB_UNAVAILABLE
* so that caller could continue to process if want * so that caller could continue to process if want
*/ */
@@ -1039,8 +1034,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig,
} }
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (CertAtt->keyIndex != NULL) if (CertAtt->keyIndex != NULL) {
{
ret = wc_tsip_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz, ret = wc_tsip_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin, CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1, CertAtt->pubkey_n_len - 1,
@@ -1059,8 +1053,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig,
else else
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) #elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (CertAtt->keyIndex != NULL) if (CertAtt->keyIndex != NULL) {
{
ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz, ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin, CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1, CertAtt->pubkey_n_len - 1,

20
wolfcrypt/src/port/Renesas/renesas_sce_aes.c
View File

@@ -131,7 +131,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
/* check if AES GCM can be used by SCE */ /* check if AES GCM can be used by SCE */
if ((ret = wc_sce_hw_lock()) == 0) { if ((ret = wc_sce_hw_lock()) == 0) {
/* allocate buffers for plaintaxt, ciphertext and authTag to make sure /* allocate buffers for plaintext, ciphertext and authTag to make sure
* those buffers 32bit aligned as SCE requests. * those buffers 32bit aligned as SCE requests.
*/ */
delta = sz % AES_BLOCK_SIZE; delta = sz % AES_BLOCK_SIZE;
@@ -141,7 +141,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
DYNAMIC_TYPE_AES); DYNAMIC_TYPE_AES);
if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL) { if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL) {
WOLFSSL_MSG("wc_sce_AesGcmEncrypt: buffer allocation faild"); WOLFSSL_MSG("wc_sce_AesGcmEncrypt: buffer allocation failed");
ret = -1; ret = -1;
} }
@@ -177,13 +177,15 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
if (aes->ctx.keySize == 32) { if (aes->ctx.keySize == 32) {
XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes256, XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t)); sizeof(sce_aes_wrapped_key_t));
} else { }
else {
XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes128, XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t)); sizeof(sce_aes_wrapped_key_t));
} }
iv_l = iv; iv_l = iv;
ivSz_l = ivSz; ivSz_l = ivSz;
} else { }
else {
WOLFSSL_MSG("AES key for SCE is not set."); WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1; ret = -1;
} }
@@ -253,7 +255,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
* sz Length of cipher text/plaintext in bytes * sz Length of cipher text/plaintext in bytes
* iv Buffer holding IV/nonce * iv Buffer holding IV/nonce
* ivSz Length of IV/nonce in bytes * ivSz Length of IV/nonce in bytes
* authTag Buffer to hold authntication data * authTag Buffer to hold authentication data
* authTagSz Length of authentication data in bytes * authTagSz Length of authentication data in bytes
* ctx The Callback context * ctx The Callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value * return FSP_SUCCESS(0) on Success, otherwise negative value
@@ -314,7 +316,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
if ((ret = wc_sce_hw_lock()) == 0) { if ((ret = wc_sce_hw_lock()) == 0) {
/* allocate buffers for plain-taxt, cipher-text, authTag and AAD. /* allocate buffers for plain-text, cipher-text, authTag and AAD.
* TSIP requests those buffers 32bit aligned. * TSIP requests those buffers 32bit aligned.
*/ */
delta = sz % AES_BLOCK_SIZE; delta = sz % AES_BLOCK_SIZE;
@@ -358,13 +360,15 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
if (aes->ctx.keySize == 32) { if (aes->ctx.keySize == 32) {
XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes256, XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t)); sizeof(sce_aes_wrapped_key_t));
} else { }
else {
XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes128, XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t)); sizeof(sce_aes_wrapped_key_t));
} }
iv_l = iv; iv_l = iv;
ivSz_l = ivSz; ivSz_l = ivSz;
} else { }
else {
WOLFSSL_MSG("AES key for SCE is not set."); WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1; ret = -1;
} }

2
wolfcrypt/src/port/Renesas/renesas_sce_util.c
View File

@@ -388,7 +388,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
return ret; return ret;
} }
#endif #endif
/* Return tls cipher suite enumuration that is supported by SCE library */ /* Return tls cipher suite enumeration that is supported by SCE library */
static uint32_t GetSceCipherSuite( static uint32_t GetSceCipherSuite(
uint8_t cipherSuiteFirst, uint8_t cipherSuiteFirst,
uint8_t cipherSuite) uint8_t cipherSuite)

7
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@@ -89,7 +89,6 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
} }
while (ret == TSIP_SUCCESS && blocks--) { while (ret == TSIP_SUCCESS && blocks--) {
if (aes->ctx.keySize == 16) if (aes->ctx.keySize == 16)
ret = R_TSIP_Aes128CbcEncryptUpdate(&_handle, (uint8_t*)in, ret = R_TSIP_Aes128CbcEncryptUpdate(&_handle, (uint8_t*)in,
(uint8_t*)out, (uint32_t)AES_BLOCK_SIZE); (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
@@ -186,7 +185,7 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
* - iv: iv should be consist of implicit-iv of 4 bytes and exp-iv of 8 bytes * - iv: iv should be consist of implicit-iv of 4 bytes and exp-iv of 8 bytes
* - authTag: buffer where the authentication data is output. * - authTag: buffer where the authentication data is output.
* - authTagSz: buffer size for authentication data. * - authTagSz: buffer size for authentication data.
* - authIn: buffer holding Additionnal Authentication Data(AAD) * - authIn: buffer holding Additional Authentication Data(AAD)
* - authInSz: AAD size * - authInSz: AAD size
* - ctx: TsipUserCtx * - ctx: TsipUserCtx
* return 0 on success, otherwise on error. * return 0 on success, otherwise on error.
@@ -266,7 +265,7 @@ int wc_tsip_AesGcmEncrypt(
if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL || if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL ||
aadBuf == NULL ) { aadBuf == NULL ) {
WOLFSSL_MSG("wc_tsip_AesGcmEncrypt: buffer allocation faild"); WOLFSSL_MSG("wc_tsip_AesGcmEncrypt: buffer allocation failed");
ret = -1; ret = -1;
} }
@@ -365,7 +364,7 @@ int wc_tsip_AesGcmEncrypt(
* - iv: iv should be consist of implicit-iv of 4 bytes and exp-iv of 8 bytes * - iv: iv should be consist of implicit-iv of 4 bytes and exp-iv of 8 bytes
* - authTag: buffer where the authentication data is stored. * - authTag: buffer where the authentication data is stored.
* - authTagSz: buffer size for authentication data. * - authTagSz: buffer size for authentication data.
* - authIn: buffer where Additionnal Authentication Data(AAD) is stored * - authIn: buffer where Additional Authentication Data(AAD) is stored
* - authInSz: AAD size * - authInSz: AAD size
* return 0 on success, otherwise on error. * return 0 on success, otherwise on error.
* Note: As of TSIPv1.13, only accept 128 and 256 bit of key size * Note: As of TSIPv1.13, only accept 128 and 256 bit of key size

33
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@@ -461,7 +461,7 @@ static byte _tls2tsipdef(byte cipher)
* lock hw engine. * lock hw engine.
* this should be called before using engine. * this should be called before using engine.
*/ */
WOLFSSL_LOCAL int tsip_hw_lock() WOLFSSL_LOCAL int tsip_hw_lock(void)
{ {
int ret = 0; int ret = 0;
@@ -588,7 +588,7 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated)
/* open TSIP driver /* open TSIP driver
* return 0 on success. * return 0 on success.
*/ */
WOLFSSL_LOCAL int tsip_Open() WOLFSSL_LOCAL int tsip_Open(void)
{ {
int ret = TSIP_SUCCESS; int ret = TSIP_SUCCESS;
@@ -615,7 +615,7 @@ WOLFSSL_LOCAL int tsip_Open()
if (ret != TSIP_SUCCESS) { if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_GenerataeTlsRsa: NG" ); WOLFSSL_MSG("R_TSIP_GenerateTlsRsa: NG");
} }
else { else {
@@ -683,7 +683,7 @@ WOLFSSL_LOCAL int tsip_Open()
} }
/* close TSIP driver */ /* close TSIP driver */
WOLFSSL_LOCAL void tsip_Close() WOLFSSL_LOCAL void tsip_Close(void)
{ {
WOLFSSL_ENTER("tsip_Close"); WOLFSSL_ENTER("tsip_Close");
int ret; int ret;
@@ -775,7 +775,7 @@ int wc_tsip_Sha1HmacGenerate(
word32 sz, word32 sz,
byte* digest) byte* digest)
{ {
WOLFSSL_ENTER("wc_tsip_Sha1HmacGenerate()"); WOLFSSL_ENTER("wc_tsip_Sha1HmacGenerate");
tsip_hmac_sha_handle_t _handle; tsip_hmac_sha_handle_t _handle;
tsip_hmac_sha_key_index_t key_index; tsip_hmac_sha_key_index_t key_index;
@@ -1016,7 +1016,7 @@ int wc_tsip_generateSessionKey(
tsip_aes_key_index_t key_client_aes; tsip_aes_key_index_t key_client_aes;
tsip_aes_key_index_t key_server_aes; tsip_aes_key_index_t key_server_aes;
WOLFSSL_ENTER("wc_tsip_generateSessionKey()"); WOLFSSL_ENTER("wc_tsip_generateSessionKey");
if (ssl== NULL) if (ssl== NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -1034,7 +1034,7 @@ int wc_tsip_generateSessionKey(
/* Do not release ssl-> arrays to reference the master secret and /* Do not release ssl-> arrays to reference the master secret and
* randoms, as the AES GCM session key will be generated in * randoms, as the AES GCM session key will be generated in
* encryption or decription timing. * encryption or description timing.
*/ */
wolfSSL_KeepArrays(ssl); wolfSSL_KeepArrays(ssl);
ret = TSIP_SUCCESS; ret = TSIP_SUCCESS;
@@ -1448,7 +1448,7 @@ int wc_tsip_tls_CertVerify(
#endif #endif
if (ret != TSIP_SUCCESS) { if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification() failed"); WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification failed");
} }
if (sigforSCE) { if (sigforSCE) {
XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC); XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC);
@@ -1485,7 +1485,6 @@ int wc_tsip_tls_RootCertVerify(
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
#if (WOLFSSL_RENESAS_TSIP_VER>=109) #if (WOLFSSL_RENESAS_TSIP_VER>=109)
ret = R_TSIP_TlsRootCertificateVerification( ret = R_TSIP_TlsRootCertificateVerification(
g_user_key_info.encrypted_user_tls_key_type, g_user_key_info.encrypted_user_tls_key_type,
(uint8_t*)cert, /* CA cert */ (uint8_t*)cert, /* CA cert */
@@ -1494,11 +1493,10 @@ int wc_tsip_tls_RootCertVerify(
(key_n_start + key_n_len), (key_n_start + key_n_len),
key_e_start, key_e_start,
(key_e_start + key_e_len), (key_e_start + key_e_len),
(uint8_t*)ca_cert_sig, /* "RSA 2048 PSS with SHA256" */ (uint8_t*)ca_cert_sig, /* RSA 2048 PSS with SHA256 */
g_encrypted_publicCA_key); /* RSA-2048 public key 560 bytes */ g_encrypted_publicCA_key /* RSA-2048 public key 560 bytes */
);
#else /* WOLFSSL_RENESAS_TSIP_VER < 109 */ #else /* WOLFSSL_RENESAS_TSIP_VER < 109 */
ret = R_TSIP_TlsRootCertificateVerification( ret = R_TSIP_TlsRootCertificateVerification(
(uint8_t*)cert,/* CA cert */ (uint8_t*)cert,/* CA cert */
(uint32_t)cert_len,/* length of CA cert */ (uint32_t)cert_len,/* length of CA cert */
@@ -1507,14 +1505,13 @@ int wc_tsip_tls_RootCertVerify(
key_e_start, key_e_start,
(key_e_start + key_e_len), (key_e_start + key_e_len),
(uint8_t*)ca_cert_sig,/* "RSA 2048 PSS with SHA256" */ (uint8_t*)ca_cert_sig,/* "RSA 2048 PSS with SHA256" */
/* RSA-2048 public key used by /* RSA-2048 public key used by RSA-2048 PSS with SHA256. 560 Bytes */
RSA-2048 PSS with SHA256. 560 Bytes*/ g_encrypted_publicCA_key
g_encrypted_publicCA_key ); );
#endif #endif
if (ret != TSIP_SUCCESS) { if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG(" R_TSIP_TlsRootCertificateVerification() failed"); WOLFSSL_MSG(" R_TSIP_TlsRootCertificateVerification failed");
} }
else { else {
g_CAscm_Idx = cm_row; g_CAscm_Idx = cm_row;

2
wolfssl/internal.h
View File

@@ -4576,7 +4576,7 @@ struct WOLFSSL {
#endif /* NO_RSA */ #endif /* NO_RSA */
void* GenPreMasterCtx; /* Generate Premaster Callback Context */ void* GenPreMasterCtx; /* Generate Premaster Callback Context */
void* GenMasterCtx; /* Generate Master Callback Context */ void* GenMasterCtx; /* Generate Master Callback Context */
void* GenSessionKeyCtx; /* Generate Sesssion Key Callback Context */ void* GenSessionKeyCtx; /* Generate Session Key Callback Context */
void* EncryptKeysCtx; /* Set Encrypt keys Callback Context */ void* EncryptKeysCtx; /* Set Encrypt keys Callback Context */
void* TlsFinishedCtx; /* Generate Tls Finished Callback Context */ void* TlsFinishedCtx; /* Generate Tls Finished Callback Context */
void* VerifyMacCtx; /* Verify mac Callback Context */ void* VerifyMacCtx; /* Verify mac Callback Context */