feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5005 from dgarske/renesas_spell

Browse Source
This commit is contained in:
Chris Conlon
2022-03-31 17:44:04 -06:00
committed by GitHub
parent 7b21cd8cf0 1993851274
commit b45cd921b6
10 changed files with 939 additions and 927 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl.c
View File

@@ -44142,13 +44142,13 @@ void wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX* ctx, CallbackGenSessionKey cb)
if (ctx)
ctx->GenSessionKeyCb = cb;
}
/* Set sesssion key generation callback context */
/* Set session key generation callback context */
void wolfSSL_SetGenSessionKeyCtx(WOLFSSL* ssl, void *ctx)
{
if (ssl)
ssl->GenSessionKeyCtx = ctx;
}
/* Get sesssion key generation callback context */
/* Get session key generation callback context */
void* wolfSSL_GetGenSessionKeyCtx(WOLFSSL* ssl)
{
if (ssl)

93
wolfcrypt/src/port/Renesas/README.md
View File

@@ -1,5 +1,8 @@
# TSIP FIT Module port
Support for TSIP FIT driver for symmetric AES, SHA1/SHA256 hardware acceleration and TLS-linked capability including Root CA, the server certificate or intermediate certificate verification.
Support for TSIP FIT driver for symmetric AES, SHA1/SHA256 hardware acceleration
and TLS-linked capability including Root CA, the server certificate or
intermediate certificate verification.
## Overview
Renesas TSIP FIT module with wolfSSL by setting *WOLFSSL_RENESAS_TSIP* definition.
@@ -13,6 +16,7 @@ Including the following examples:
The *user_settings.h* file enables some of the hardened settings.
## Requirements
### 1. [Renesas TSIP FIT module](https://www.renesas.com/us/en/products/software-tools/software-os-middleware-driver/security-crypto/trusted-secure-ip-driver.html)
[FIT module](https://www.renesas.com/us/en/products/software-tools/software-os-middleware-driver/software-package/fit.html)
Note : The included example program is tested with <u>TSIP FIT version **1.06**</u>.
@@ -23,21 +27,34 @@ Note : The included example program is tested with <u>TSIP FIT version **1.06**<
Note : The included example program is tested with [GR-ROSE](http://gadget.renesas.com/en/product/rose.html), which is classified to RX65N.
## Setup and Build wolfSSL library
1. Uncomment out #define WOLFSSL_RENESAS_TSIP in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
Uncomment out #define WOLFSSL_RENESAS_RX65N in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
2. Open a project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/wolfssl/ by e2studio and build to create wolfssl library
Note : Generating FIT module source files in advance are required to compile wolfSSL when enabling WOLFSSL_RENESAS_TSIP and WOLFSSL_RENESAS_RX65N. Please see for creating FIT module files at "Setup and Build and example program" in this readme below.
1. Uncomment out `#define WOLFSSL_RENESAS_TSIP` in `/path/to/wolfssl/wolfssl/wolfcrypt/settings.h`
2. Uncomment out `#define WOLFSSL_RENESAS_RX65N` in `/path/to/wolfssl/wolfssl/wolfcrypt/settings.h`
3. Open a project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/wolfssl/ by e2studio and build to create wolfssl library
Note : Generating FIT module source files in advance are required to compile wolfSSL
when enabling `WOLFSSL_RENESAS_TSIP` and `WOLFSSL_RENESAS_RX65N`. Please see for
creating FIT module files at "Setup and Build and example program" in this readme below.
To disable portions of the hardware acceleration you can optionally define:
```
```c
/* Disabled SHA acceleration */
#define NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH
/* Disabled TLS-linked acceleration */
#define NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION
```
### Benchmarks
**Software only implementation:**
## Benchmarks
Platform:
Renesas : e2Studio v7.4.0
ToolChain : Renesas CCRX version 3.00.00
TSIP FIT : version 1.0.6
Board : [GR-ROSE](http://gadget.renesas.com/en/product/rose.html)
wolfSSL : 4.1.0
### Software only implementation:
*block cipher*
```
RNG 200 KB took 1.099 seconds, 182.000 KB/s
@@ -50,35 +67,31 @@ SHA-256 425 KB took 1.038 seconds, 409.520 KB/s
TLS_RSA_WITH_AES_128_CBC_SHA : 0.651 (s)
TLS_RSA_WITH_AES_128_CBC_SHA256 : 0.651 (s)
TLS_RSA_WITH_AES_256_CBC_SHA : 0.642 (s)
TLS_RSA_WITH_AES_256_CBAC_SHA256 : 0.662 (s)
TLS_RSA_WITH_AES_256_CBC_SHA256 : 0.662 (s)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 2.050 (s)
```
**Hardware acceleration:**
### Hardware acceleration:
*block cipher*
```
RNG 1 MB took 1.011 seconds, 1.038 MB/s
SHA 12 MB took 1.001 seconds, 11.515 MB/s
SHA-256 13 MB took 1.001 seconds, 12.900 MB/s
```
*TLS establishment time with TLS-linked capability*
*Perform full TLS-linked capability*
```
TLS_RSA_WITH_AES_128_CBC_SHA : 0.141 (s)
TLS_RSA_WITH_AES_128_CBC_SHA256 : 0.141 (s)
TLS_RSA_WITH_AES_256_CBC_SHA : 0.141 (s)
TLS_RSA_WITH_AES_256_CBAC_SHA256 : 0.144 (s)
TLS_RSA_WITH_AES_256_CBC_SHA256 : 0.144 (s)
```
*Perform certificate verification by TSIP TLS-linked API*
```
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 1.721 (s)
```
Condition:
Renesas : e2Studio v7.4.0
ToolChain : Renesas CCRX version 3.00.00
TSIP FIT : version 1.0.6
Board : [GR-ROSE](http://gadget.renesas.com/en/product/rose.html)
wolfSSL : 4.1.0
## Setup and Build an example program
An example program expects the following FIT modules:
@@ -123,24 +136,29 @@ Now, it is able to copy these FIT modules into an example project.
5. Copy the FIT modules into the folder that is created at step 4.
6. Open an example project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/ by e2studio
7. Enable a macro definition in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h for application type
`#define CRYPT_TEST // enable crypt test`
`#define BENCHMARK // enable benchmark application`
`#define TLS_CLIENT // enable simple tls client application`
`#define TLS_SERVER // enable simple tls server application`
`#define USE_TSIP_TLS // to inform user key and flash keying, when using TSIP`
```c
#define CRYPT_TEST /* enable crypt test */
#define BENCHMARK /* enable benchmark application */
#define TLS_CLIENT /* enable simple tls client application */
#define TLS_SERVER /* enable simple tls server application */
#define USE_TSIP_TLS /* to inform user key and flash keying, when using TSIP */
```
Note: CRYPT_TEST and BENCHMARK can be enabled at the same time. TLS_CLIENT and TLS_SERVER cannot be enabled together other definitions.
7. Setup debug configuration based on your debug hardware
## Run client/server program on the device
When testing the embedded client or server on the device, it is recommended to test against one of the standard wolfSSL example application running on a desktop machine.
When testing the embedded client or server on the device, it is recommended to test against one
of the standard wolfSSL example application running on a desktop machine.
For the embedded client, an example server commands for running on a desktop machine, IP address 192.168.1.45, is as follows:
`$./example/server/server -b -d -i`
`./example/server/server -b -d -i`
For the embedded server, an example client commands for running on a desktop machine is as follows:
`$./example/client/client -h 192.168.1.33 -p 11111`
`./example/client/client -h 192.168.1.33 -p 11111`
## Modify an example program
To use own TSIP keys for TSIP TLS-linked API use, it needs own flash keyring, PSS signed signature and RSA key.
@@ -154,23 +172,24 @@ To use own TSIP keys for TSIP TLS-linked API use, it needs own flash keyring, PS
To use TSIP TLS-linked APIs, it needs RSA key pair and Root CA certificate bundle signature by RSA 2048 PSS with SHA256.
Shell and Perl script program in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/tools/ can be used for the purpose.
* generate_rsa_keypair.sh : generate RSA 2048 bit key pair. Show modulus and public exponent when specifying "-s" option
* rsa_pss_sign.sh : sign the file by the specified private key
* genhexbuf.pl : generate C header file including a byte array generated from the specified file in the script
* `generate_rsa_keypair.sh`: generate RSA 2048 bit key pair. Show modulus and public exponent when specifying "-s" option
* `rsa_pss_sign.sh`: sign the file by the specified private key
* `genhexbuf.pl`: generate C header file including a byte array generated from the specified file in the script
Modulus and public exponent showed by `generate_rsa_keypair.sh` can be used for input date to Renesas Secure Flash Programmer to generate encrypted RSA keys for TSIP TLS-linked API use. Please follow the instruction about how to generate RSA keys in the TSIP manual.
Modulus and public exponent showed by `generate_rsa_keypair.sh` can be used for input date to
Renesas Secure Flash Programmer to generate encrypted RSA keys for TSIP TLS-linked API use.
Please follow the instruction about how to generate RSA keys in the TSIP manual.
Generated byte array of signed signature by `genhexbuf.pl` can be replaced signature data in key_data.c of an example program.
Generated byte array of signed signature by genhexbuf.pl can be replaced signature data in key_data.c of an example program.
Encrypted RSA key and generated byte array of signed signature need to be informed wolfSSL library before loading CA certification. Please see SetTsipTlskey() function an example program about how to inform them.
Encrypted RSA key and generated byte array of signed signature need to be informed wolfSSL library before loading CA certification.
Please see `SetTsipTlskey()` function an example program about how to inform them.
### Coding
In your application you must include <wolfssl/wolfcrypt/settings.h> before any other wolfSSL headers. If building the sources directly we recommend defining `WOLFSSL_USER_SETTINGS` and adding your own `user_settings.h` file. You can find a good reference for this in `/path/to/Renesas/e2studio/Projects/common/user_settings.h`.
In your application you must include <wolfssl/wolfcrypt/settings.h> before any other wolfSSL headers.
If building the sources directly we recommend defining `WOLFSSL_USER_SETTINGS` and adding your own `user_settings.h` file.
You can find a good reference for this in `/path/to/Renesas/e2studio/Projects/common/user_settings.h`.
## Support
For question please email [support@wolfssl.com]

67
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@@ -45,7 +45,7 @@ static int devId = 7890; /* dev Id for Crypt Callback */
#include <wolfssl/wolfcrypt/cryptocb.h>
/* Renesas Security Library Common Callback
* For Crypto Call back
* For Crypto Callbacks
*
* devIdArg device Id
* info pointer to wc_CryptInfo
@@ -82,7 +82,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
cbInfo->session_key_set == 1) {
if (info->cipher.enc) {
ret = wc_tsip_AesGcmEncrypt(
info->cipher.aesgcm_enc.aes,
(byte*)info->cipher.aesgcm_enc.out,
@@ -98,7 +97,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
else {
ret = wc_tsip_AesGcmDecrypt(
info->cipher.aesgcm_dec.aes,
(byte*)info->cipher.aesgcm_dec.out,
@@ -119,7 +117,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
cbInfo->session_key_set == 1) {
if (info->cipher.enc) {
ret = wc_tsip_AesCbcEncrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
@@ -128,7 +125,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
else {
ret = wc_tsip_AesCbcDecrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
@@ -368,7 +364,7 @@ WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx)
/* check if the root CA has been verified by TSIP/SCE,
* and it exists in the CM table.
*/
static byte sce_tsip_rootCAverified( )
static byte sce_tsip_rootCAverified(void)
{
WOLFSSL_ENTER("sce_tsip_rootCAverified");
return (g_CAscm_Idx != (uint32_t)-1 ? 1:0);
@@ -382,7 +378,7 @@ static byte sce_tsip_rootCAverified( )
* out Buffer to hold hash
* key Buffer to hold ecc key
* keySz Length of key in bytes
* return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
byte** out, const byte* key, word32 keySz, void* ctx)
@@ -395,7 +391,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
ret = wc_tsip_RsaVerify(ssl, sig, sigSz, out, key, keySz, ctx);
if (ret == 0) {
/* Set Call back for SharedScret when being successful */
/* Set Callback for SharedSecret when successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, wc_tsip_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
}
@@ -409,7 +405,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
ret = wc_SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx);
if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) {
/* Set Call back for SharedScret when being successful */
/* Set Callback for SharedSecret when successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
}
@@ -433,7 +429,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
* key Buffer to hold ecc key
* keySz Length of key in bytes
* result a pointer to int indicates if the verify is ok
* return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
@@ -447,7 +443,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
ret = wc_tsip_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz,
result, ctx);
if (ret == 0 && *result == 1) {
/* Set callback for SharedScret when being successful */
/* Set callback for SharedSecret when being successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, wc_tsip_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
}
@@ -460,7 +456,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
ret = wc_SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz,
result, ctx);
if (ret == 0 && *result == 1 && ret != CRYPTOCB_UNAVAILABLE) {
/* Set callback for SharedScret when being successful */
/* Set callback for SharedSecret when being successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
}
@@ -483,7 +479,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
* key_e_start Byte position of public key exponent in cert
* key_e_len Length of public key exponent
* cm_row CA index
* return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/
int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start,
word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row)
@@ -517,8 +513,8 @@ int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_
* ssl the WOLFSSL object
* side CLIENT or SERVER
* handshake_hash hash while doing handshake
* hashes calculated data by SCE/TSIP pseduo random function
* return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code
* hashes calculated data by SCE/TSIP pseudo random function
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/
WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
const byte *handshake_hash,
@@ -532,13 +528,14 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
/* sanity check */
if (ssl == NULL || ctx == NULL || side == NULL || handshake_hash == NULL ||
hashes == NULL )
hashes == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateVerifyData(ssl->arrays->tsip_masterSecret,
side, handshake_hash, hashes);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret, /* master secret */
ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret,
side, handshake_hash, hashes);
#endif
@@ -551,7 +548,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
*
* ssl the WOLFSSL object
* ctx Callback context
* return 0 on sucess, -1 when keys are not generated by SCE/TSIP
* return 0 on success, -1 when keys are not generated by SCE/TSIP
*/
static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
{
@@ -585,13 +582,13 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
}
/* Renesas Security Library Common Callback
* Callback for Sesssion Key generation
* Callback for Session Key generation
* Register callback for Set Keys when keys are successfully
* generated by SCE/TSIP
*
* ssl the WOLFSSL object
* ctx Callback context
* return FSP_SUCCESS(0) on sucess, otherwise SCE/TSIP error code
* return FSP_SUCCESS(0) on success, otherwise SCE/TSIP error code
*/
WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
{
@@ -604,6 +601,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
/* sanity check */
if (ssl == NULL || ctx == NULL)
return BAD_FUNC_ARG;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, devId);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
@@ -630,7 +628,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
* premaster Buffer to hold pre master
* preSz Length of pre-master
* ctx Callback context
* return FSP_SUCCESS(0) on sucess,
* return FSP_SUCCESS(0) on success,
* otherwise PROTOCOLCB_UNAVAILABLE
* so that caller could continue to process if want
*/
@@ -671,7 +669,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl,
*
* ssl the WOLFSSL object
* ctx Callback context
* return FSP_SUCCESS(0) on sucess,
* return FSP_SUCCESS(0) on success,
* otherwise PROTOCOLCB_UNAVAILABLE
* so that caller could continue to process if want
*/
@@ -757,7 +755,7 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx)
* KeyDer Buffer holding Key in der format
* KeySz Length of Key Der
* ctx Callback context
* return FSP_SUCCESS(0) on sucess,
* return FSP_SUCCESS(0) on success,
* otherwise CRYPTOCB_UNAVAILABLE
* so that caller could continue to process if want
*/
@@ -786,7 +784,6 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in,
EncSz = wc_RsaEncryptSize(ssl->peerRsaKey);
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (tsip_usable(ssl, 0)) {
if (EncSz == 256) {
ret = wc_tsip_generateEncryptPreMasterSecret(ssl, out, outSz);
@@ -824,7 +821,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in,
* macSz Length of mac size
* content content of inner data
* ctx Callback context
* return FSP_SUCCESS(0) on sucess,
* return FSP_SUCCESS(0) on success,
* otherwise PROTOCOLCB_UNAVAILABLE
* so that caller could continue to process if want
*/
@@ -862,8 +859,8 @@ WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message,
* sz Length of in data
* padSz Length of padding
* content content of inner data
* epocOrder
* return FSP_SUCCESS(0) on sucess, otherwise error code
* epochOrder
* return FSP_SUCCESS(0) on success, otherwise error code
*/
WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest,
const byte* in, word32 sz, int padSz, int content, int verify, int epochOrder)
@@ -926,7 +923,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest,
* keyDer Buffer to hold rsa key
* keySz Length of key in bytes
* ctx Callback context
* return FSP_SUCCESS(0) on sucess,
* return FSP_SUCCESS(0) on success,
* otherwise CRYPTOCB_UNAVAILABLE
* so that caller could continue to process if want
*/
@@ -953,8 +950,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig,
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (CertAtt->keyIndex != NULL)
{
if (CertAtt->keyIndex != NULL) {
ret = wc_tsip_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1,
@@ -973,8 +969,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig,
ret = CRYPTOCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (CertAtt->keyIndex != NULL)
{
if (CertAtt->keyIndex != NULL) {
ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1,
@@ -1007,7 +1002,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig,
* keySz Length of key in bytes
* result A pointer to int indicates a result
* ctx Callback context
* return FSP_SUCCESS(0) on sucess,
* return FSP_SUCCESS(0) on success,
* otherwise CRYPTOCB_UNAVAILABLE
* so that caller could continue to process if want
*/
@@ -1039,8 +1034,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig,
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (CertAtt->keyIndex != NULL)
{
if (CertAtt->keyIndex != NULL) {
ret = wc_tsip_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1,
@@ -1059,8 +1053,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig,
else
ret = CRYPTOCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (CertAtt->keyIndex != NULL)
{
if (CertAtt->keyIndex != NULL) {
ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1,

20
wolfcrypt/src/port/Renesas/renesas_sce_aes.c
View File

@@ -131,7 +131,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
/* check if AES GCM can be used by SCE */
if ((ret = wc_sce_hw_lock()) == 0) {
/* allocate buffers for plaintaxt, ciphertext and authTag to make sure
/* allocate buffers for plaintext, ciphertext and authTag to make sure
* those buffers 32bit aligned as SCE requests.
*/
delta = sz % AES_BLOCK_SIZE;
@@ -141,7 +141,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
DYNAMIC_TYPE_AES);
if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL) {
WOLFSSL_MSG("wc_sce_AesGcmEncrypt: buffer allocation faild");
WOLFSSL_MSG("wc_sce_AesGcmEncrypt: buffer allocation failed");
ret = -1;
}
@@ -177,13 +177,15 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
} else {
}
else {
XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
}
iv_l = iv;
ivSz_l = ivSz;
} else {
}
else {
WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1;
}
@@ -253,7 +255,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
* sz Length of cipher text/plaintext in bytes
* iv Buffer holding IV/nonce
* ivSz Length of IV/nonce in bytes
* authTag Buffer to hold authntication data
* authTag Buffer to hold authentication data
* authTagSz Length of authentication data in bytes
* ctx The Callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
@@ -314,7 +316,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
if ((ret = wc_sce_hw_lock()) == 0) {
/* allocate buffers for plain-taxt, cipher-text, authTag and AAD.
/* allocate buffers for plain-text, cipher-text, authTag and AAD.
* TSIP requests those buffers 32bit aligned.
*/
delta = sz % AES_BLOCK_SIZE;
@@ -358,13 +360,15 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
} else {
}
else {
XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
}
iv_l = iv;
ivSz_l = ivSz;
} else {
}
else {
WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1;
}

2
wolfcrypt/src/port/Renesas/renesas_sce_util.c
View File

@@ -388,7 +388,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
return ret;
}
#endif
/* Return tls cipher suite enumuration that is supported by SCE library */
/* Return tls cipher suite enumeration that is supported by SCE library */
static uint32_t GetSceCipherSuite(
uint8_t cipherSuiteFirst,
uint8_t cipherSuite)

7
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@@ -89,7 +89,6 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
}
while (ret == TSIP_SUCCESS && blocks--) {
if (aes->ctx.keySize == 16)
ret = R_TSIP_Aes128CbcEncryptUpdate(&_handle, (uint8_t*)in,
(uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
@@ -186,7 +185,7 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
* - iv: iv should be consist of implicit-iv of 4 bytes and exp-iv of 8 bytes
* - authTag: buffer where the authentication data is output.
* - authTagSz: buffer size for authentication data.
* - authIn: buffer holding Additionnal Authentication Data(AAD)
* - authIn: buffer holding Additional Authentication Data(AAD)
* - authInSz: AAD size
* - ctx: TsipUserCtx
* return 0 on success, otherwise on error.
@@ -266,7 +265,7 @@ int wc_tsip_AesGcmEncrypt(
if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL ||
aadBuf == NULL ) {
WOLFSSL_MSG("wc_tsip_AesGcmEncrypt: buffer allocation faild");
WOLFSSL_MSG("wc_tsip_AesGcmEncrypt: buffer allocation failed");
ret = -1;
}
@@ -365,7 +364,7 @@ int wc_tsip_AesGcmEncrypt(
* - iv: iv should be consist of implicit-iv of 4 bytes and exp-iv of 8 bytes
* - authTag: buffer where the authentication data is stored.
* - authTagSz: buffer size for authentication data.
* - authIn: buffer where Additionnal Authentication Data(AAD) is stored
* - authIn: buffer where Additional Authentication Data(AAD) is stored
* - authInSz: AAD size
* return 0 on success, otherwise on error.
* Note: As of TSIPv1.13, only accept 128 and 256 bit of key size

33
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@@ -461,7 +461,7 @@ static byte _tls2tsipdef(byte cipher)
* lock hw engine.
* this should be called before using engine.
*/
WOLFSSL_LOCAL int tsip_hw_lock()
WOLFSSL_LOCAL int tsip_hw_lock(void)
{
int ret = 0;
@@ -588,7 +588,7 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated)
/* open TSIP driver
* return 0 on success.
*/
WOLFSSL_LOCAL int tsip_Open()
WOLFSSL_LOCAL int tsip_Open(void)
{
int ret = TSIP_SUCCESS;
@@ -615,7 +615,7 @@ WOLFSSL_LOCAL int tsip_Open()
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_GenerataeTlsRsa: NG" );
WOLFSSL_MSG("R_TSIP_GenerateTlsRsa: NG");
}
else {
@@ -683,7 +683,7 @@ WOLFSSL_LOCAL int tsip_Open()
}
/* close TSIP driver */
WOLFSSL_LOCAL void tsip_Close()
WOLFSSL_LOCAL void tsip_Close(void)
{
WOLFSSL_ENTER("tsip_Close");
int ret;
@@ -775,7 +775,7 @@ int wc_tsip_Sha1HmacGenerate(
word32 sz,
byte* digest)
{
WOLFSSL_ENTER("wc_tsip_Sha1HmacGenerate()");
WOLFSSL_ENTER("wc_tsip_Sha1HmacGenerate");
tsip_hmac_sha_handle_t _handle;
tsip_hmac_sha_key_index_t key_index;
@@ -1016,7 +1016,7 @@ int wc_tsip_generateSessionKey(
tsip_aes_key_index_t key_client_aes;
tsip_aes_key_index_t key_server_aes;
WOLFSSL_ENTER("wc_tsip_generateSessionKey()");
WOLFSSL_ENTER("wc_tsip_generateSessionKey");
if (ssl== NULL)
return BAD_FUNC_ARG;
@@ -1034,7 +1034,7 @@ int wc_tsip_generateSessionKey(
/* Do not release ssl-> arrays to reference the master secret and
* randoms, as the AES GCM session key will be generated in
* encryption or decription timing.
* encryption or description timing.
*/
wolfSSL_KeepArrays(ssl);
ret = TSIP_SUCCESS;
@@ -1448,7 +1448,7 @@ int wc_tsip_tls_CertVerify(
#endif
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification() failed");
WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification failed");
}
if (sigforSCE) {
XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC);
@@ -1485,7 +1485,6 @@ int wc_tsip_tls_RootCertVerify(
if ((ret = tsip_hw_lock()) == 0) {
#if (WOLFSSL_RENESAS_TSIP_VER>=109)
ret = R_TSIP_TlsRootCertificateVerification(
g_user_key_info.encrypted_user_tls_key_type,
(uint8_t*)cert, /* CA cert */
@@ -1494,11 +1493,10 @@ int wc_tsip_tls_RootCertVerify(
(key_n_start + key_n_len),
key_e_start,
(key_e_start + key_e_len),
(uint8_t*)ca_cert_sig, /* "RSA 2048 PSS with SHA256" */
g_encrypted_publicCA_key); /* RSA-2048 public key 560 bytes */
(uint8_t*)ca_cert_sig, /* RSA 2048 PSS with SHA256 */
g_encrypted_publicCA_key /* RSA-2048 public key 560 bytes */
);
#else /* WOLFSSL_RENESAS_TSIP_VER < 109 */
ret = R_TSIP_TlsRootCertificateVerification(
(uint8_t*)cert,/* CA cert */
(uint32_t)cert_len,/* length of CA cert */
@@ -1507,14 +1505,13 @@ int wc_tsip_tls_RootCertVerify(
key_e_start,
(key_e_start + key_e_len),
(uint8_t*)ca_cert_sig,/* "RSA 2048 PSS with SHA256" */
/* RSA-2048 public key used by
RSA-2048 PSS with SHA256. 560 Bytes*/
g_encrypted_publicCA_key );
/* RSA-2048 public key used by RSA-2048 PSS with SHA256. 560 Bytes */
g_encrypted_publicCA_key
);
#endif
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG(" R_TSIP_TlsRootCertificateVerification() failed");
WOLFSSL_MSG(" R_TSIP_TlsRootCertificateVerification failed");
}
else {
g_CAscm_Idx = cm_row;

2
wolfssl/internal.h
View File

@@ -4576,7 +4576,7 @@ struct WOLFSSL {
#endif /* NO_RSA */
void* GenPreMasterCtx; /* Generate Premaster Callback Context */
void* GenMasterCtx; /* Generate Master Callback Context */
void* GenSessionKeyCtx; /* Generate Sesssion Key Callback Context */
void* GenSessionKeyCtx; /* Generate Session Key Callback Context */
void* EncryptKeysCtx; /* Set Encrypt keys Callback Context */
void* TlsFinishedCtx; /* Generate Tls Finished Callback Context */
void* VerifyMacCtx; /* Verify mac Callback Context */