diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
index e0694024b..143a41bad 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
@@ -31,7 +31,7 @@ This sample program uses the following hardware and software libraries. If a new
|Device|R5F565NEHxFP|
|IDE| Renesas e2Studio Version:2022-01 |
|Emulator| E1, E2 Emulator Lite |
-|Toolchain|CCRX v3.03.00|
+|Toolchain|CCRX v3.04.00|
|TSIP| TSIP v1.15|
/\/)) where this README file exists.
++ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}) where this README file exists.
+ Four projects that can be imported are listed, but check only the three projects "smc", "test" and "wolfssl" and click the "Finish" button.
You should see the **smc**, **test**, and **wolfssl** 3 projects you imported into the project explorer.
@@ -71,7 +71,7 @@ You will need to get the required FIT modules yourself. Follow the steps below t
1. Open the smc project in Project Explorer and double-click the **smc.scfg** file to open the Smart Configurator Perspective.
-2. Select the "Components" tab on the software component settings pane. Then click the "Add Component" button at the top right of the pane. The software component selection dialog will pop up. Click "Download the latest version of FIT driver and middleware" at the bottom of the dialog to get the modules. You can check the dowmload destination folder by pressing "Basic settings...".
+2. Select the "Components" tab on the software component settings pane. Then click the "Add Component" button at the top right of the pane. The software component selection dialog will pop up. Click "Download the latest version of FIT driver and middleware" at the bottom of the dialog to get the modules. You can check the download destination folder by pressing "Basic settings...".
3. The latest version of the TSIP component may not be automatically obtained due to the delay in Renesas' support by the method in step 2 above. In that case, you can download it manually from the Renesas website. Unzip the downloaded component and store the files contained in the FIT Modules folder in the download destination folder of step 2.
@@ -135,11 +135,84 @@ Now that the test application is ready to build.
## 8. Running test application as TLS_Client
-----
$ ./autogen.sh
@@ -158,20 +231,45 @@ $ examples/server/server -b -d -i
```
/test/src/wolf_client.c --
+$ cd {wolfssl-folder}
+$ ./autogen.sh
+$ ./configure --enable-ecc --enable-dsa --enable-aesccm CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVE_AES_CBC -DHAVE_DSA -DHAVE_ALL_CURVES -DHAVE_ECC"
+$ make
+```
+/common/user_settings.h --
-
-#define USE_ECC_CERT
-```
-/\/))を選択してください。
++ 1.e2studioの"ファイル"メニュー > "ファイル・システムからプロジェクトを開く..." > "ディレクトリ(R)..."インポート元ボタンを押して、プロジェクトのインポート元となるフォルダーを選択します。本READMEファイルが存在するフォルダ(Renesas/e2studio/{MCU}/{board-name-folder})を選択してください。
+ インポートできるプロジェクトが4つリストアップされますが、"smc", "test" と"wolfssl"の3プロジェクトにのみチェックを入れて”終了”ボタンを押してください。
@@ -143,26 +143,110 @@ testアプリケーションのビルドの準備が整ったので、ビルド
-----
+$ cd {wolfssl-folder}
$ ./autogen.sh
-$ ./configure CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVEAES_CBC"
+$ ./configure --enable-ecc --enable-dsa --enable-aesccm CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVE_AES_CBC -DHAVE_DSA -DHAVE_ALL_CURVES -DHAVE_ECC -DNO_RSA"
+$ make
+```
+(注意)"-DNO_RSA"の指定をわすれないこと
+
+/examples/server/server
-が生成されます。この実行プログラムがサーバーアプリケーションとして機能します。以下のオプションを与えて実行させるとTLS_Clientからの接続を待ち受け状態になります。
+
+#### 8.4.3 サーバーアプリケーションの実行
+/common/user_settings.h を開き、USE_ECC_CERT定義を有効化して再ビルドしてください。
-
#define YEAR 2022
-#define MON 5
+#define MON 6
static int tick = 0;
time_t time(time_t *t)
{
+ (void)t;
return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
}
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/.cproject b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/.cproject
index 9bff172de..000de19dc 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/.cproject
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/.cproject
@@ -49,7 +49,6 @@
-
- generate\dbsct.c
- generate\hwsetup.c
- generate\intprg.c
- generate\iodefine.h
- generate\resetprg.c
- generate\sbrk.c
- generate\sbrk.h
- generate\stacksct.h
- generate\typedefine.h
- generate\vect.h
- generate\vecttbl.c
-
..\..\..\..\..\..\wolfcrypt\benchmark\benchmark.c
..\..\..\..\..\..\wolfcrypt\benchmark\benchmark.h
@@ -275,23 +262,21 @@
-fpu
-include="${ProjDirPath}\..\common"
-include="${ProjDirPath}\..\..\..\..\..\..\"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_bsp"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_config"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx65n"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx\src"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx\lib"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_ether_rx"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\Config_TMR0"
- -include="${ProjDirPath}\generate"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_bsp"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_config"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx\src"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx\lib"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_ether_rx"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\general"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\Config_TMR0"
-define=DEBUG_CONSOLE,WOLFSSL_USER_SETTINGS
-utf8
-nomessage
@@ -307,8 +292,8 @@
-isa=rxv2
-fpu
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\general"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"
-utf8
-debug
-nologo
@@ -324,8 +309,8 @@
-rom=D=R,D_1=R_1,D_2=R_2
-cpu=RAM=00000000-0003ffff,FIX=00080000-00083fff,FIX=00086000-00087fff,FIX=00088000-0009ffff,FIX=000a0000-000a3fff,RAM=000a4000-000a5fff,FIX=000a6000-000bffff,FIX=000c0000-000dffff,FIX=000e0000-000fffff,ROM=00100000-00107fff,FIX=007fc000-007fcfff,FIX=007fe000-007fffff,RAM=00800000-0085ffff,RAM=fe7f5d00-fe7f5d7f,RAM=fe7f7d70-fe7f7d9f,ROM=ffe00000-ffffffff
-nologo
- -library="${ProjDirPath}/../../../../../../../${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little_debug.lib"
- -library="${ProjDirPath}/../../../../../../../${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx65n_little.lib"
+ -library="${ProjDirPath}/../${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little_debug.lib"
+ -library="${ProjDirPath}/../${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx65n_little.lib"
-library="${ProjDirPath}/../wolfssl/Debug/wolfssl.lib"
-start=SU,SI,B_1,R_1,B_2,R_2,B,R/04,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/03C000,C_1,C_2,C,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC
Auto
@@ -385,34 +370,26 @@
HardwareDebug\wolfssl_dummy.obj
HardwareDebug\test.lib
-
"${ProjDirPath}\..\common"
"${ProjDirPath}\..\..\..\..\..\..\"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_bsp"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_config"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx65n"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx\src"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx\lib"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_ether_rx"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\Config_TMR0"
- "${ProjDirPath}\generate"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_bsp"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_config"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx\src"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx\lib"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_ether_rx"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\general"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\Config_TMR0"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\general"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"
DEBUG_CONSOLE
WOLFSSL_USER_SETTINGS
@@ -422,23 +399,23 @@
-isa=rxv2
-fpu
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_bsp"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_config"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx231"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx66t"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx65n"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx\src"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx\lib"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_ether_rx"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_bsp"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_config"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx231"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx66t"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx65n"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx\src"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx\lib"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_ether_rx"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\general"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"
-include="${ProjDirPath}\generate"
-define=DEBUG_CONSOLE
-utf8
@@ -454,8 +431,8 @@
-isa=rxv2
-fpu
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"
- -include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\general"
+ -include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"
-utf8
-debug
-nologo
@@ -471,7 +448,7 @@
-rom=D=R,D_1=R_1,D_2=R_2
-cpu=RAM=00000000-0003ffff,FIX=00080000-00083fff,FIX=00086000-00087fff,FIX=00088000-0009ffff,FIX=000a0000-000a3fff,RAM=000a4000-000a5fff,FIX=000a6000-000bffff,FIX=000c0000-000dffff,FIX=000e0000-000fffff,ROM=00100000-00107fff,FIX=007fc000-007fcfff,FIX=007fe000-007fffff,RAM=00800000-0085ffff,RAM=fe7f5d00-fe7f5d7f,RAM=fe7f7d70-fe7f7d9f,ROM=ffe00000-ffffffff
-nologo
- -library="${ProjDirPath}/../../../../../../../${ProjName}/src/smc_gen/r_t4_rx/lib/T4_Library_rxv1_ether_little.lib"
+ -library="${ProjDirPath}/../${ProjName}/src/smc_gen/r_t4_rx/lib/T4_Library_rxv1_ether_little.lib"
-start=SU,SI,B_1,R_1,B_2,R_2,B,R/04,C_1,C_2,C,C$*,D*,W*,L,P*/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000
Auto
@@ -530,33 +507,27 @@
Debug\wolfssl_dummy.obj
Debug\test.lib
-
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_bsp"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_config"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx231"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx66t"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx65n"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx\src"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx\lib"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_ether_rx"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_bsp"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_config"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx231"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx66t"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx65n"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx\src"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx\lib"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_ether_rx"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\general"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"
"${ProjDirPath}\generate"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"
- "${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\general"
+ "${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"
DEBUG_CONSOLE
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/InstructionManualForExample_RSK+RX65N-2MB_EN.pdf b/IDE/Renesas/e2studio/RX65N/RSK/InstructionManualForExample_RSK+RX65N-2MB_EN.pdf
index c116932a1..da7763d10 100644
Binary files a/IDE/Renesas/e2studio/RX65N/RSK/InstructionManualForExample_RSK+RX65N-2MB_EN.pdf and b/IDE/Renesas/e2studio/RX65N/RSK/InstructionManualForExample_RSK+RX65N-2MB_EN.pdf differ
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/InstructionManualForExample_RSK+RX65N-2MB_JP.pdf b/IDE/Renesas/e2studio/RX65N/RSK/InstructionManualForExample_RSK+RX65N-2MB_JP.pdf
index d533648f4..124350f0b 100644
Binary files a/IDE/Renesas/e2studio/RX65N/RSK/InstructionManualForExample_RSK+RX65N-2MB_JP.pdf and b/IDE/Renesas/e2studio/RX65N/RSK/InstructionManualForExample_RSK+RX65N-2MB_JP.pdf differ
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
index 9b62fc995..051da9ae0 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
@@ -71,10 +71,65 @@ const st_key_block_data_t g_key_block_data =
},
/* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
{
- 0x79, 0xB6, 0x8C, 0x48, 0x0A, 0xF2, 0x09, 0xF5, 0xD9, 0x66, 0xBE, 0x9F,
- 0xD1, 0x7A, 0x93, 0x52, 0x26, 0x76, 0x6B, 0xB8, 0xF6, 0xB3, 0x88, 0xA6,
- 0x4F, 0x6F, 0xB3, 0xF4, 0x8D, 0x83, 0x8F, 0xA0, 0x4A, 0x14, 0xAE, 0xF3,
- 0xCB, 0x00, 0x1A, 0x0B, 0xB5, 0xE6, 0x65, 0x83, 0x2A, 0x5A, 0x16, 0x8B
+ 0
+ },
+ /* uint8_t
+ * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
+ */
+ {
+ 0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
+ 0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
+ 0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
+ 0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
+ 0x12, 0x60, 0xCB, 0x48, 0x27, 0xB6, 0x38, 0x0B, 0x54, 0x5A, 0x70, 0xCB,
+ 0x6F, 0x05, 0x53, 0x46, 0x8B, 0x08, 0x86, 0x24, 0xCB, 0xA2, 0x36, 0x54,
+ 0xCD, 0xC9, 0x61, 0x37, 0x43, 0xCB, 0xCC, 0x7C, 0x6B, 0x20, 0x07, 0xB6,
+ 0x01, 0x96, 0x32, 0xF5, 0x30, 0x0E, 0x96, 0x05, 0xC4, 0xF5, 0xF0, 0xB0,
+ 0xD3, 0x26, 0xAF, 0x6E, 0x39, 0x01, 0x2D, 0xAC, 0x7E, 0x39, 0xCF, 0x48,
+ 0x74, 0x7D, 0x98, 0x00, 0xA6, 0x95, 0xDA, 0x4C, 0xAC, 0x81, 0xC7, 0x9A,
+ 0x93, 0x69, 0x23, 0xD4, 0x39, 0xCD, 0xB3, 0x62, 0x4A, 0x4A, 0x26, 0x95,
+ 0x51, 0xE1, 0x06, 0x8F, 0xB2, 0x3C, 0x8F, 0xDE, 0xF1, 0xC3, 0x69, 0xFC,
+ 0xF5, 0xC3, 0xCE, 0x39, 0x3F, 0x7F, 0x2D, 0xA8, 0x8B, 0xB3, 0x2D, 0xE4,
+ 0xB8, 0xA4, 0x19, 0x55, 0x29, 0xEC, 0x9C, 0x6A, 0xD7, 0xD7, 0x45, 0x3E,
+ 0x1D, 0x18, 0x52, 0xB5, 0x8A, 0xB1, 0x26, 0x43, 0x8C, 0x7A, 0x65, 0xF1,
+ 0x17, 0x5E, 0x75, 0x4A, 0x1A, 0x30, 0xD8, 0xEA, 0xC2, 0x19, 0x3C, 0x1E,
+ 0x2E, 0xFB, 0xDB, 0xC9, 0x1F, 0x73, 0xC9, 0x95, 0x53, 0x8C, 0x99, 0x5D,
+ 0x3B, 0x59, 0xFE, 0x8B, 0xA1, 0xD2, 0xBB, 0xBC, 0xBC, 0x4B, 0x78, 0x0A,
+ 0x6B, 0xD8, 0xBE, 0x85, 0x60, 0x08, 0x1E, 0x2F, 0x38, 0x77, 0xA3, 0xC4,
+ 0x46, 0xC1, 0x42, 0x39, 0xA6, 0x59, 0x98, 0x59, 0x21, 0x94, 0x1F, 0xDC,
+ 0xB3, 0xAE, 0xA3, 0xB6, 0xCC, 0x35, 0x82, 0x6F, 0x87, 0x58, 0x91, 0x70,
+ 0xEC, 0x3F, 0x05, 0x86, 0x3C, 0xD1, 0x83, 0xB0, 0xBA, 0xE8, 0xD7, 0xF6,
+ 0xE5, 0x9E, 0x50, 0xA4, 0x04, 0xF3, 0x95, 0x9C, 0x41, 0xAF, 0xEB, 0x9D,
+ 0xB6, 0xA2, 0xF7, 0x80, 0x5A, 0xC4, 0x67, 0xD4, 0xFD, 0x0C, 0x2A, 0x7C,
+ 0x24, 0x03, 0xE5, 0x7F, 0x08, 0x69, 0x18, 0x4E, 0x33, 0x22, 0x7E, 0x03,
+ 0x8E, 0x13, 0xFB, 0xC6, 0x9B, 0xA3, 0x44, 0x5B, 0xEC, 0xF9, 0x5C, 0x93,
+ 0x3E, 0x9F, 0xBD, 0x72, 0x50, 0x52, 0xF3, 0xEA, 0x34, 0x2B, 0x8E, 0xEC,
+ 0x17, 0x42, 0x1A, 0xDF, 0x57, 0xA2, 0x66, 0xA7, 0x0B, 0x3B, 0xE5, 0xF7,
+ 0x64, 0x44, 0xA2, 0xA3, 0x5F, 0xB7, 0x5B, 0xF5, 0x99, 0x8C, 0xA0, 0x64,
+ 0x04, 0x46, 0x7C, 0x60, 0x75, 0xE4, 0xD9, 0xD5, 0xED, 0x21, 0x1D, 0x65,
+ 0x5D, 0x25, 0x21, 0x90, 0x7D, 0xA4, 0x95, 0x15, 0x54, 0x91, 0xD6, 0xB8,
+ 0xF9, 0xB7, 0x30, 0xD9, 0x7D, 0x2C, 0x7E, 0x85, 0x6A, 0xCF, 0x31, 0x1C,
+ 0xDC, 0x90, 0xA3, 0x75, 0xA4, 0xE4, 0x89, 0x5F, 0x2B, 0xED, 0x93, 0x4E,
+ 0xA8, 0x35, 0xD3, 0x20, 0x36, 0x7A, 0x02, 0x23, 0x70, 0xB7, 0xC2, 0x39,
+ 0xA4, 0x69, 0xB2, 0xBF, 0xA4, 0x3A, 0x6D, 0xB7, 0xB1, 0x32, 0x32, 0x9A,
+ 0x95, 0xEA, 0x02, 0xD2, 0x35, 0xE7, 0x8C, 0xD8, 0x22, 0xA9, 0xC3, 0x4C,
+ 0x68, 0x09, 0xA1, 0x2B, 0xB0, 0xE4, 0x55, 0x72, 0x7E, 0xE6, 0x00, 0xDD,
+ 0xC6, 0xD1, 0x83, 0x56, 0x08, 0x35, 0xC7, 0x9A, 0x98, 0x0C, 0x79, 0xBD,
+ 0x49, 0xBC, 0x3F, 0x45, 0x4A, 0x38, 0x1B, 0x55, 0x2D, 0x52, 0x57, 0x00,
+ 0xFC, 0xDB, 0xE7, 0xA0, 0x53, 0xB4, 0x63, 0xE4, 0x37, 0xEC, 0x9F, 0xF0,
+ 0xA4, 0x0F, 0xEF, 0x06, 0xF0, 0xC6, 0x5F, 0x0C, 0x4A, 0xB8, 0xC1, 0x96,
+ 0x1D, 0x0D, 0x9A, 0x43, 0x89, 0xA4, 0xF6, 0x55, 0x4A, 0x83, 0x54, 0x3F,
+ 0xCC, 0x09, 0x65, 0x34, 0xC0, 0x0F, 0x42, 0xF2, 0xE6, 0xDD, 0x2D, 0x8C,
+ 0x93, 0x42, 0x09, 0xF6, 0xE4, 0xDF, 0xB2, 0x64, 0x2A, 0x12, 0x7A, 0x59
+ },
+ /* uint8_t
+ * encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
+ */
+ {
+ 0x25, 0x7A, 0x0C, 0x8C, 0x9B, 0xF9, 0x3C, 0xF5, 0x49, 0x08, 0x86, 0x92,
+ 0x00, 0x7D, 0xAB, 0x21, 0x23, 0x38, 0xF8, 0xEA, 0xB0, 0x95, 0x59, 0x9B,
+ 0x04, 0xC8, 0xAA, 0xEA, 0x8C, 0x2D, 0x68, 0xF4, 0xD5, 0xD7, 0xA9, 0x6F,
+ 0x2C, 0x8C, 0x13, 0x93, 0xA3, 0x80, 0x11, 0xF9, 0x0F, 0x36, 0x14, 0xA8
},
};
@@ -170,4 +225,6 @@ const unsigned char client_cert_der_sign[] =
};
const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
+uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 };
+uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
#endif
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
index edb8183b9..1122c1185 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
@@ -38,6 +38,8 @@ typedef struct st_key_block_data
uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE];
uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16];
+ uint8_t encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16];
+ uint8_t encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
} st_key_block_data_t;
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
index 1785aa5c1..71e3ae167 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
@@ -48,7 +48,7 @@
* TLSv1.3, uncomment line below.
*
*----------------------------------------------------------------------------*/
-/*#define WOLFSSL_TLS13*/
+#define WOLFSSL_TLS13
/*-- Operating System related definitions --------------------------------------
@@ -70,11 +70,12 @@
*----------------------------------------------------------------------------*/
#define NO_DEV_RANDOM
-
+ #define NO_MD4
#define WOLFSSL_DH_CONST
#define HAVE_TLS_EXTENSIONS
#define HAVE_AESGCM
+ #define HAVE_AESCCM
#define HAVE_AES_CBC
#define WOLFSSL_SHA512
@@ -106,7 +107,7 @@
* - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
*
*/
- /*#define USE_ECC_CERT*/
+ #define USE_ECC_CERT
/* In this example application, Root CA cert buffer named
* "ca_ecc_cert_der_256" is used under the following macro definition
@@ -149,8 +150,10 @@
#define WOLFSSL_USER_CURRTIME /* for benchmark */
- #define USER_TIME
+ #define TIME_OVERRIDES
#define XTIME time
+ #define WOLFSSL_GMTIME
+ #define XGMTIME(c,t) gmtime(c)
#define USE_WOLF_SUSECONDS_T
#define USE_WOLF_TIMEVAL_T
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
index f6b9be4a2..920cb6e4e 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
@@ -165,7 +165,7 @@ static void Tls_client_init(const char* cipherlist)
/* Create and initialize WOLFSSL_CTX */
if ((client_ctx =
- wolfSSL_CTX_new(wolfTLSv1_2_client_method_ex((void *)NULL))) == NULL) {
+ wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
return;
}
@@ -174,24 +174,71 @@ static void Tls_client_init(const char* cipherlist)
tsip_set_callbacks(client_ctx);
#endif
+ /* load Root CA certificate */
#if defined(NO_FILESYSTEM)
-
if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert,
SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
printf("ERROR: can't load certificate data\n");
return;
}
-
#else
-
if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
printf("ERROR: can't load \"%s\"\n", cert);
return NULL;
}
-
#endif
+ /* load client certificate */
+#ifdef USE_ECC_CERT
+ if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
+ cliecc_cert_der_256,
+ sizeof_cliecc_cert_der_256,
+ WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
+ printf("ERROR: can't load client-certificate\n");
+ return;
+ }
+#else
+ if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
+ client_cert_der_2048,
+ sizeof_client_cert_der_2048,
+ WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
+ printf("ERROR: can't load client-certificate\n");
+ return;
+ }
+#endif /* USE_ECC_CERT */
+ /* load client private key */
+
+#ifdef USE_ECC_CERT
+ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS) &&
+ (WOLFSSL_RENESAS_TSIP_VER >= 115 )
+ if (tsip_set_clientPrivateKeyEnc(
+ g_key_block_data.encrypted_user_ecc256_private_key,
+ TSIP_ECCP256) != 0) {
+ printf("ERROR: can't load client-private key\n");
+ return;
+ }
+ #else
+ if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx,
+ ecc_clikey_der_256,
+ sizeof_ecc_clikey_der_256,
+ SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+ printf("ERROR: can't load private-key data.\n");
+ return;
+ }
+ #endif /* WOLFSSL_TLS13 */
+#else
+ if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx,
+ client_key_der_2048,
+ sizeof_client_key_der_2048,
+ SSL_FILETYPE_ASN1)
+ != WOLFSSL_SUCCESS) {
+ printf("ERROR: can't load private-key data.\n");
+ return;
+ }
+
+#endif /* USE_ECC_CERT */
+
/* use specific cipher */
if (cipherlist != NULL &&
wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) !=
@@ -199,6 +246,18 @@ static void Tls_client_init(const char* cipherlist)
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
printf("client can't set cipher list");
}
+
+ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS) &&
+ (WOLFSSL_RENESAS_TSIP_VER >= 115)
+
+ if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
+ printf("client can't set use supported curves\n");
+ return;
+ }
+ #endif
+
}
static void Tls_client()
@@ -314,13 +373,26 @@ static void Tls_client_demo(void)
#ifdef USE_ECC_CERT
const char* cipherlist[] = {
+ #if defined(WOLFSSL_TLS13)
+ "TLS13-AES128-GCM-SHA256",
+ "TLS13-AES128-CCM-SHA256",
+ #endif
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA256"
};
- const int cipherlist_sz = 2;
+ int cipherlist_sz;
+ #if defined(WOLFSSL_TLS13)
+ cipherlist_sz = 2;
+ #else
+ cipherlist_sz = 2;
+ #endif
#else
const char* cipherlist[] = {
+ #if defined(WOLFSSL_TLS13)
+ "TLS13-AES128-GCM-SHA256",
+ "TLS13-AES128-CCM-SHA256",
+ #endif
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-SHA256",
"AES128-SHA",
@@ -328,7 +400,12 @@ static void Tls_client_demo(void)
"AES256-SHA",
"AES256-SHA256"
};
- const int cipherlist_sz = 6;
+ int cipherlist_sz;
+ #if defined(WOLFSSL_TLS13)
+ cipherlist_sz = 2;
+ #else
+ cipherlist_sz = 6;
+ #endif
#endif
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/InstructionManualForExample_RX72N_EnvisonKit_EN.pdf b/IDE/Renesas/e2studio/RX72N/EnvisionKit/InstructionManualForExample_RX72N_EnvisonKit_EN.pdf
index 0e58266e0..f0afb049a 100644
Binary files a/IDE/Renesas/e2studio/RX72N/EnvisionKit/InstructionManualForExample_RX72N_EnvisonKit_EN.pdf and b/IDE/Renesas/e2studio/RX72N/EnvisionKit/InstructionManualForExample_RX72N_EnvisonKit_EN.pdf differ
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/InstructionManualForExample_RX72N_EnvisonKit_JP.pdf b/IDE/Renesas/e2studio/RX72N/EnvisionKit/InstructionManualForExample_RX72N_EnvisonKit_JP.pdf
index 49276d175..076340e47 100644
Binary files a/IDE/Renesas/e2studio/RX72N/EnvisionKit/InstructionManualForExample_RX72N_EnvisonKit_JP.pdf and b/IDE/Renesas/e2studio/RX72N/EnvisionKit/InstructionManualForExample_RX72N_EnvisonKit_JP.pdf differ
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
index 93958524c..a47d37183 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
@@ -70,10 +70,65 @@ const st_key_block_data_t g_key_block_data =
},
/* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
{
- 0xD6, 0xDB, 0x33, 0x0B, 0xC4, 0x72, 0x5A, 0xD3, 0x23, 0xDE, 0x1C, 0xAF,
- 0xA8, 0x33, 0xA6, 0x85, 0xA0, 0xAB, 0xBF, 0x51, 0x8B, 0xF4, 0x68, 0x45,
- 0xBD, 0x6D, 0xA5, 0x7A, 0x88, 0x82, 0x9C, 0x50, 0x43, 0xD7, 0x53, 0xC0,
- 0x9E, 0xA8, 0x4B, 0x7E, 0x8A, 0x8B, 0xF3, 0x1B, 0xA5, 0x50, 0x55, 0x5D
+ 0
+ },
+ /* uint8_t
+ * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
+ */
+ {
+ 0xAF, 0x8C, 0x78, 0xE3, 0x6C, 0x9E, 0xC6, 0x76, 0xE5, 0x86, 0x84, 0xBE,
+ 0xF5, 0x6C, 0xD7, 0x2B, 0x46, 0x24, 0x35, 0x99, 0xA5, 0x64, 0xDD, 0xFA,
+ 0x35, 0x22, 0x5A, 0xB8, 0x5F, 0xD8, 0x1E, 0xCF, 0xCC, 0x73, 0x10, 0xD6,
+ 0x13, 0x69, 0x8F, 0x36, 0xA9, 0x8E, 0x09, 0xDF, 0x83, 0x20, 0x85, 0xBE,
+ 0x81, 0x69, 0x51, 0x75, 0xCB, 0xA5, 0x90, 0x8C, 0xC1, 0x75, 0xBE, 0x0F,
+ 0x8C, 0xB6, 0xFE, 0x73, 0x03, 0x37, 0x03, 0x41, 0xC0, 0x98, 0xC2, 0xEE,
+ 0x2D, 0x1B, 0xDA, 0x10, 0x8B, 0xF6, 0xB6, 0x67, 0xE9, 0x29, 0xCD, 0xEC,
+ 0x4C, 0x4D, 0x84, 0x28, 0x61, 0x3A, 0xF5, 0x6D, 0xEE, 0x78, 0x45, 0xF3,
+ 0x17, 0xC9, 0x77, 0xAB, 0x56, 0x2C, 0x68, 0xCB, 0x14, 0x9F, 0x5A, 0xE7,
+ 0x11, 0xC7, 0x13, 0x4B, 0xDC, 0x31, 0x60, 0x77, 0xDA, 0x56, 0x0C, 0x15,
+ 0xB2, 0xA9, 0x73, 0x4C, 0xD3, 0x46, 0x29, 0x18, 0x1C, 0x8C, 0xFD, 0xCF,
+ 0xAC, 0x4B, 0x55, 0x30, 0x96, 0xDC, 0xE9, 0xC0, 0x6A, 0x74, 0x68, 0x1D,
+ 0x6B, 0x25, 0xB0, 0x8F, 0x0C, 0xD7, 0xDD, 0xFC, 0xA8, 0x15, 0x87, 0x3E,
+ 0xA3, 0x91, 0x46, 0x25, 0x6C, 0x6F, 0xC4, 0xB2, 0xE1, 0xB8, 0x5F, 0xF3,
+ 0x6A, 0x0D, 0x9C, 0x29, 0x08, 0x6F, 0x5E, 0xFF, 0xA0, 0x81, 0x34, 0xA5,
+ 0x2B, 0x2B, 0x47, 0xE0, 0x6D, 0x56, 0xD2, 0x52, 0xC7, 0x19, 0x63, 0x72,
+ 0x84, 0x96, 0x64, 0xA5, 0xF2, 0x92, 0x3C, 0x38, 0x37, 0x9F, 0x6A, 0x2D,
+ 0x58, 0x33, 0x8C, 0x5C, 0x27, 0x05, 0xCB, 0x4F, 0x62, 0x2F, 0x40, 0xE9,
+ 0x55, 0x2C, 0x75, 0x4B, 0x02, 0xB3, 0x61, 0xAD, 0x34, 0x14, 0x49, 0x26,
+ 0x94, 0x45, 0x9B, 0xB8, 0xDB, 0x1F, 0xCE, 0xE9, 0xB1, 0xBF, 0x47, 0xF3,
+ 0xD4, 0xAD, 0xEB, 0xBC, 0x4F, 0x61, 0xAD, 0x66, 0xAF, 0x10, 0x94, 0x5D,
+ 0x25, 0x5B, 0x52, 0xF3, 0x44, 0xBA, 0x28, 0xF8, 0xF2, 0x01, 0x41, 0x61,
+ 0xF3, 0xE5, 0x91, 0x44, 0xF9, 0xA3, 0x56, 0xD8, 0xE9, 0x43, 0x0F, 0x78,
+ 0x7E, 0x1C, 0x01, 0xA6, 0xD7, 0x47, 0x87, 0x7C, 0xC5, 0xAF, 0x2A, 0xD3,
+ 0x71, 0x3A, 0x3E, 0x96, 0xF5, 0x8E, 0xA8, 0x1A, 0x89, 0x17, 0xCD, 0x52,
+ 0x7E, 0x98, 0x70, 0xB3, 0x57, 0x22, 0x59, 0x1C, 0xB7, 0x61, 0xD3, 0x32,
+ 0xE5, 0x2E, 0x6B, 0x6F, 0x2B, 0xD2, 0xAB, 0x27, 0x62, 0x65, 0xBE, 0x0B,
+ 0x8B, 0xFC, 0x9D, 0xB7, 0x3B, 0x4F, 0xA7, 0x35, 0xA6, 0xB3, 0x10, 0x98,
+ 0x6D, 0x47, 0x12, 0x16, 0x89, 0x33, 0x9A, 0x87, 0x85, 0x50, 0x21, 0x2B,
+ 0x03, 0xD0, 0x0C, 0x25, 0x52, 0xC1, 0xA4, 0xD9, 0x50, 0x57, 0x0A, 0x88,
+ 0x67, 0xE9, 0x55, 0x78, 0xFF, 0x23, 0xC0, 0xD1, 0xB6, 0xF4, 0xBD, 0x64,
+ 0x38, 0x9A, 0x59, 0xD8, 0x0C, 0xCA, 0x3C, 0x44, 0xBB, 0x31, 0x40, 0xF3,
+ 0x3F, 0x84, 0x74, 0x1A, 0x1B, 0xFB, 0x81, 0x22, 0x20, 0x0E, 0x68, 0x48,
+ 0x7F, 0xBF, 0xBB, 0xE2, 0xF7, 0xEA, 0x1C, 0xDD, 0x63, 0xAA, 0x3E, 0xFE,
+ 0x7A, 0xBD, 0x6C, 0x2A, 0x2C, 0x6C, 0x8E, 0x3C, 0xB6, 0x42, 0x2F, 0x42,
+ 0xF2, 0x17, 0x07, 0x2F, 0x4F, 0xAA, 0x4B, 0xA0, 0xE7, 0x98, 0xAE, 0x95,
+ 0x21, 0x2A, 0xF8, 0x1C, 0x33, 0x81, 0xC2, 0x64, 0xEC, 0xF3, 0xD7, 0x75,
+ 0x81, 0x61, 0x8C, 0xDF, 0x7F, 0x76, 0x6B, 0x44, 0x22, 0x36, 0xD3, 0x7F,
+ 0x17, 0x40, 0x84, 0xF8, 0xA8, 0x4B, 0xD5, 0xD4, 0x4E, 0xA1, 0x86, 0xDB,
+ 0x9B, 0xCD, 0xB6, 0x6C, 0xDF, 0x35, 0x0C, 0x0D, 0x7E, 0x0F, 0x01, 0x9C,
+ 0xF7, 0x6E, 0x89, 0xE6, 0x2F, 0x0E, 0xC5, 0xF3, 0xEA, 0x69, 0x8C, 0xA5,
+ 0xD5, 0x48, 0xEE, 0x5B, 0x77, 0x04, 0xFE, 0xC7, 0x56, 0x87, 0x27, 0xD4,
+ 0xF9, 0xCC, 0xB4, 0xB4, 0xB7, 0x1A, 0x85, 0x38, 0x0B, 0x93, 0xD2, 0x1D,
+ 0xD3, 0xDE, 0x7E, 0x45, 0xAF, 0x82, 0x46, 0x65, 0xFE, 0x59, 0x55, 0x83
+ },
+ /* uint8_t
+ * encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
+ */
+ {
+ 0xE6, 0x6C, 0xB8, 0x7C, 0xDB, 0x85, 0x50, 0x51, 0x4A, 0x75, 0x38, 0xA4,
+ 0x74, 0x7A, 0x8C, 0x7C, 0x07, 0x71, 0x0E, 0x52, 0xC3, 0x19, 0xD1, 0xE6,
+ 0xF8, 0x36, 0xD2, 0xD3, 0x53, 0xF8, 0xA7, 0xCE, 0xBC, 0xBE, 0xAE, 0x62,
+ 0x7F, 0x00, 0x54, 0xB1, 0x01, 0x11, 0xCA, 0xE3, 0x77, 0x3E, 0x2E, 0x21
},
};
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
index edb8183b9..1122c1185 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
@@ -38,6 +38,8 @@ typedef struct st_key_block_data
uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE];
uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16];
+ uint8_t encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16];
+ uint8_t encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
} st_key_block_data_t;
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
index 1f622aaed..531428a0b 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
@@ -48,7 +48,7 @@
* TLSv1.3, uncomment line below.
*
*----------------------------------------------------------------------------*/
-/*#define WOLFSSL_TLS13*/
+#define WOLFSSL_TLS13
/*-- Operating System related definitions --------------------------------------
@@ -72,11 +72,12 @@
*----------------------------------------------------------------------------*/
#define NO_DEV_RANDOM
-
+ #define NO_MD4
#define WOLFSSL_DH_CONST
#define HAVE_TLS_EXTENSIONS
#define HAVE_AESGCM
+ #define HAVE_AESCCM
#define HAVE_AES_CBC
#define WOLFSSL_SHA512
@@ -108,7 +109,7 @@
* - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
*
*/
- /*#define USE_ECC_CERT*/
+ #define USE_ECC_CERT
/* In this example application, Root CA cert buffer named
* "ca_ecc_cert_der_256" is used under the following macro definition
@@ -151,8 +152,10 @@
#define WOLFSSL_USER_CURRTIME /* for benchmark */
- #define USER_TIME
+ #define TIME_OVERRIDES
#define XTIME time
+ #define WOLFSSL_GMTIME
+ #define XGMTIME(c,t) gmtime(c)
#define USE_WOLF_SUSECONDS_T
#define USE_WOLF_TIMEVAL_T
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
index 15456c5c1..e33cc0bbe 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
@@ -171,7 +171,7 @@ static void Tls_client_init(const char* cipherlist)
/* Create and initialize WOLFSSL_CTX */
if ((client_ctx =
- wolfSSL_CTX_new(wolfTLSv1_2_client_method_ex((void *)NULL))) == NULL) {
+ wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
return;
}
@@ -180,21 +180,79 @@ static void Tls_client_init(const char* cipherlist)
tsip_set_callbacks(client_ctx);
#endif
+ /* load root CA certificate */
#if defined(NO_FILESYSTEM)
-
if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert,
SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
printf("ERROR: can't load certificate data\n");
return;
}
-
#else
-
if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
printf("ERROR: can't load \"%s\"\n", cert);
return NULL;
}
-
+ #endif
+
+ /* load client certificate */
+#ifdef USE_ECC_CERT
+ if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
+ cliecc_cert_der_256,
+ sizeof_cliecc_cert_der_256,
+ WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
+ printf("ERROR: can't load client-certificate\n");
+ return;
+ }
+#else
+ if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
+ client_cert_der_2048,
+ sizeof_client_cert_der_2048,
+ WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
+ printf("ERROR: can't load client-certificate\n");
+ return;
+ }
+#endif /* USE_ECC_CERT */
+
+ /* load client private key */
+#ifdef USE_ECC_CERT
+ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS) && \
+ (WOLFSSL_RENESAS_TSIP_VER >= 115 )
+ if (tsip_set_clientPrivateKeyEnc(
+ g_key_block_data.encrypted_user_ecc256_private_key,
+ TSIP_ECCP256) != 0) {
+ printf("ERROR: can't load client-private key\n");
+ return;
+ }
+ #else
+ if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx,
+ ecc_clikey_der_256,
+ sizeof_ecc_clikey_der_256,
+ SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+ printf("ERROR: can't load private-key data.\n");
+ return;
+ }
+ #endif /* WOLFSSL_TLS13 */
+#else
+ if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx,
+ client_key_der_2048,
+ sizeof_client_key_der_2048,
+ SSL_FILETYPE_ASN1)
+ != WOLFSSL_SUCCESS) {
+ printf("ERROR: can't load private-key data.\n");
+ return;
+ }
+
+#endif /* USE_ECC_CERT */
+
+ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS) && \
+ (WOLFSSL_RENESAS_TSIP_VER >= 115)
+
+ if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
+ printf("client can't set use supported curves\n");
+ return;
+ }
#endif
@@ -320,13 +378,26 @@ static void Tls_client_demo(void)
#ifdef USE_ECC_CERT
const char* cipherlist[] = {
+ #if defined(WOLFSSL_TLS13)
+ "TLS13-AES128-GCM-SHA256",
+ "TLS13-AES128-CCM-SHA256",
+ #endif
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA256"
};
- const int cipherlist_sz = 2;
+ int cipherlist_sz;
+ #if defined(WOLFSSL_TLS13)
+ cipherlist_sz = 2;
+ #else
+ cipherlist_sz = 2;
+ #endif
#else
const char* cipherlist[] = {
+ #if defined(WOLFSSL_TLS13)
+ "TLS13-AES128-GCM-SHA256",
+ "TLS13-AES128-CCM-SHA256",
+ #endif
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-SHA256",
"AES128-SHA",
@@ -334,7 +405,12 @@ static void Tls_client_demo(void)
"AES256-SHA",
"AES256-SHA256"
};
- const int cipherlist_sz = 6;
+ int cipherlist_sz;
+ #if defined(WOLFSSL_TLS13)
+ cipherlist_sz = 2;
+ #else
+ cipherlist_sz = 6;
+ #endif
#endif
diff --git a/src/internal.c b/src/internal.c
index afc634272..c0457b876 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7251,6 +7251,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
XFREE(ssl->peerSceTsipEncRsaKeyIndex, ssl->heap, DYNAMIC_TYPE_RSA);
+ Renesas_cmn_Cleanup(ssl);
#endif
if (ssl->buffers.inputBuffer.dynamicFlag)
ShrinkInputBuffer(ssl, FORCED_FREE);
@@ -8791,6 +8792,13 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz)
return BAD_FUNC_ARG;
}
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_StoreMessage(ssl, data, sz);
+ if (ret != 0 && ret != CRYPTOCB_UNAVAILABLE) {
+ return ret;
+ }
+#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
#ifndef NO_OLD_TLS
#ifndef NO_SHA
wc_ShaUpdate(&ssl->hsHashes->hashSha, data, sz);
diff --git a/src/tls.c b/src/tls.c
index 3d1db0414..0a9077573 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -60,6 +60,10 @@
#endif
#endif
+#if defined(WOLFSSSL_RENESAS_TSIP_TLS)
+ #include
+#endif
+
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
static int TLSX_KeyShare_IsSupported(int namedGroup);
static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap);
@@ -6881,6 +6885,12 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
kse->keyLen = keySize;
kse->pubKeyLen = keySize * 2 + 1;
+ #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_Tls13GenEccKeyPair(ssl, kse);
+ if (ret != CRYPTOCB_UNAVAILABLE) {
+ return ret;
+ }
+ #endif
/* Allocate an ECC key to hold private key. */
kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC);
if (kse->key == NULL) {
@@ -7763,6 +7773,12 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
ssl->peerEccKeyPresent = 0;
}
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_Tls13GenSharedSecret(ssl, keyShareEntry);
+ if (ret != CRYPTOCB_UNAVAILABLE) {
+ return ret;
+ }
+#endif
ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap,
DYNAMIC_TYPE_ECC);
diff --git a/src/tls13.c b/src/tls13.c
index 15936fa3e..e893fa753 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -509,6 +509,13 @@ static int DeriveClientHandshakeSecret(WOLFSSL* ssl, byte* key)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_Ver >= 115)
+ (void)key;
+ ret = tsip_DeriveClientHandshakeSecret(ssl);
+ if (ret != CRYPTOCB_UNAVAILABLE) {
+ return ret;
+ }
+#endif
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
clientHandshakeLabel, CLIENT_HANDSHAKE_LABEL_SZ,
ssl->specs.mac_algorithm, 1);
@@ -911,6 +918,11 @@ int DeriveEarlySecret(WOLFSSL* ssl)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_Tls13DeriveEarlySecret(ssl);
+ if (ret != CRYPTOCB_UNAVAILABLE)
+ return ret;
+#endif
PRIVATE_KEY_UNLOCK();
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
ret = Tls13_HKDF_Extract(ssl, ssl->arrays->secret, NULL, 0,
@@ -942,6 +954,12 @@ int DeriveHandshakeSecret(WOLFSSL* ssl)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_Tls13DeriveHandshakeSecret(ssl);
+ if (ret != CRYPTOCB_UNAVAILABLE)
+ return ret;
+#endif
+
ret = DeriveKeyMsg(ssl, key, -1, ssl->arrays->secret,
derivedLabel, DERIVED_LABEL_SZ,
NULL, 0, ssl->specs.mac_algorithm);
@@ -970,6 +988,13 @@ int DeriveMasterSecret(WOLFSSL* ssl)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
+
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_Tls13DeriveMasterSecret(ssl);
+ if (ret != CRYPTOCB_UNAVAILABLE)
+ return ret;
+#endif
+
ret = DeriveKeyMsg(ssl, key, -1, ssl->arrays->preMasterSecret,
derivedLabel, DERIVED_LABEL_SZ,
NULL, 0, ssl->specs.mac_algorithm);
@@ -1165,6 +1190,14 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
#endif
int provision;
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_Tls13DeriveKeys(ssl, secret, side);
+ if (ret != CRYPTOCB_UNAVAILABLE) {
+ return ret;
+ }
+ ret = BAD_FUNC_ARG; /* Assume failure */
+#endif
+
#ifdef WOLFSSL_SMALL_STACK
key_dig = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_DIGEST);
if (key_dig == NULL)
@@ -1925,6 +1958,16 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
ssl->error = 0; /* clear async */
}
#endif
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_Tls13AesEncrypt(ssl, output, input, dataSz);
+ if (ret != CRYPTOCB_UNAVAILABLE) {
+ if (ret > 0) {
+ ret = 0; /* tsip_Tls13AesEncrypt returns output size */
+ }
+ return ret;
+ }
+ ret = 0;
+#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
switch (ssl->encrypt.state) {
case CIPHER_STATE_BEGIN:
@@ -2248,6 +2291,24 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
WOLFSSL_ENTER("DecryptTls13");
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_Tls13AesDecrypt(ssl, output, input, sz);
+
+ if (ret != CRYPTOCB_UNAVAILABLE) {
+ #ifndef WOLFSSL_EARLY_DATA
+ if (ret < 0) {
+ if (doAlert) {
+ SendAlert(ssl, alert_fatal, bad_record_mac);
+ }
+ ret = VERIFY_MAC_ERROR;
+ }
+ #else
+ (void)doAlert;
+ #endif
+ return ret;
+ }
+#endif
+
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfSSL_AsyncPop(ssl, &ssl->decrypt.state);
if (ret != WC_NOT_PENDING_E) {
@@ -6622,6 +6683,14 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_SEND);
WOLFSSL_ENTER("SendTls13CertificateVerify");
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_Tls13SendCertVerify(ssl);
+ if (ret != CRYPTOCB_UNAVAILABLE) {
+ goto exit_scv;
+ }
+ ret = 0;
+#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
#ifdef WOLFSSL_DTLS13
/* can be negative */
if (ssl->options.dtls)
@@ -7152,6 +7221,14 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_DO);
WOLFSSL_ENTER("DoTls13CertificateVerify");
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_Tls13CertificateVerify(ssl, input, inOutIdx, totalSz);
+ if (ret != CRYPTOCB_UNAVAILABLE) {
+ goto exit_dcv;
+ }
+ ret = 0;
+#endif
+
#ifdef WOLFSSL_ASYNC_CRYPT
if (ssl->async == NULL) {
ssl->async = (struct WOLFSSL_ASYNC*)
@@ -7596,6 +7673,23 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (*inOutIdx + size > totalSz)
return BUFFER_E;
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_Tls13HandleFinished(ssl, input, inOutIdx, size, totalSz);
+ if (ret == 0) {
+ ssl->options.serverState = SERVER_FINISHED_COMPLETE;
+ return ret;
+ }
+ if (ret == VERIFY_FINISHED_ERROR) {
+ SendAlert(ssl, alert_fatal, decrypt_error);
+ return ret;
+ }
+ if (ret != CRYPTOCB_UNAVAILABLE) {
+ /* other errors */
+ return ret;
+ }
+ ret = 0;
+#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
if (ssl->options.handShakeDone) {
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
ssl->keys.client_write_MAC_secret);
@@ -7748,6 +7842,16 @@ static int SendTls13Finished(WOLFSSL* ssl)
AddTls13HandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ if (ssl->options.side == WOLFSSL_CLIENT_END) {
+ ret = tsip_Tls13SendFinished(ssl, output, outputSz, input, 1);
+ if (ret != CRYPTOCB_UNAVAILABLE) {
+ return ret;
+ }
+ ret = 0;
+ }
+#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
/* make finished hashes */
if (ssl->options.handShakeDone) {
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c
index 6e7ce8db2..4950130e0 100644
--- a/wolfcrypt/src/port/Renesas/renesas_common.c
+++ b/wolfcrypt/src/port/Renesas/renesas_common.c
@@ -44,6 +44,47 @@ static int gdevId = 7890; /* initial dev Id for Crypt Callback */
#include
+WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl)
+{
+ int ret = 0;
+ WOLFSSL_ENTER("Renesas_cmn_Cleanup");
+
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ ret = tsip_TlsCleanup(ssl);
+#endif
+
+ WOLFSSL_LEAVE("Renesas_cmn_Cleanup", ret);
+ return ret;
+}
+WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl,
+ const unsigned char* in, unsigned int inSz,
+ unsigned char* out, word32* outSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx)
+{
+ int ret = NOT_COMPILED_IN;
+ WOLFSSL_ENTER("Renesas_cmn_RsaSignCb");
+
+ /* This is just a stub function that provides no logic */
+
+ WOLFSSL_LEAVE("Renesas_cmn_RsaSignCb", ret);
+ return ret;
+}
+
+WOLFSSL_LOCAL int Renesas_cmn_EccSignCb(WOLFSSL* ssl,
+ const unsigned char* in, unsigned int inSz,
+ unsigned char* out, word32* outSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx)
+{
+ int ret = NOT_COMPILED_IN;
+ WOLFSSL_ENTER("Renesas_cmn_EccSignCb");
+
+ /* This is just a stub function that provides no logic */
+
+ WOLFSSL_LEAVE("Renesas_cmn_EccSignCb", ret);
+ return ret;
+}
/* Renesas Security Library Common Callback
* For Crypto Callbacks
*
@@ -414,7 +455,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, unsigned char* sig,
}
else {
WOLFSSL_MSG("failed wc_tsip_RsaVerify");
- wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
+ wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
@@ -428,7 +469,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, unsigned char* sig,
}
else {
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
- wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
+ wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
#endif
@@ -466,7 +507,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
}
else {
WOLFSSL_MSG("failed wc_tsip_EccVerify");
- wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
+ wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
@@ -479,7 +520,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
}
else {
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
- wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
+ wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
#endif
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
index 1f900c849..2af7c2fa2 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
@@ -1,6 +1,6 @@
/* renesas_tsip_aes.c
*
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -38,7 +38,12 @@
#include
#include
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
-
+#ifdef NO_INLINE
+ #include
+#else
+ #define WOLFSSL_MISC_INCLUDED
+ #include
+#endif
#define TSIP_AES_GCM_AUTH_TAG_SIZE 16
@@ -55,6 +60,405 @@ typedef e_tsip_err_t (*aesGcmDecUpdateFn)
typedef e_tsip_err_t (*aesGcmDecFinalFn)
(tsip_gcm_handle_t*, uint8_t*, uint32_t*, uint8_t*, uint32_t);
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+
+/* function pointer type defs for TLSv13 handshake AES-GCM/CCM encryption */
+typedef e_tsip_err_t (*Tls13AesEncInitFn)
+ (tsip_tls13_handle_t*, e_tsip_tls13_phase_t, e_tsip_tls13_mode_t,
+ e_tsip_tls13_cipher_suite_t, tsip_aes_key_index_t*, uint32_t);
+typedef e_tsip_err_t (*Tls13AesEncUpdateFn)
+ (tsip_tls13_handle_t*, uint8_t*, uint8_t*, uint32_t);
+typedef e_tsip_err_t (*Tls13AesEncFinalFn)
+ (tsip_tls13_handle_t*, uint8_t*, uint32_t*);
+
+/* function pointer type defs for TLSv13 handshake AES-GCM/CCM decryption */
+typedef e_tsip_err_t (*Tls13AesDecInitFn)
+ (tsip_tls13_handle_t*, e_tsip_tls13_phase_t, e_tsip_tls13_mode_t,
+ e_tsip_tls13_cipher_suite_t, tsip_aes_key_index_t*, uint32_t);
+typedef e_tsip_err_t (*Tls13AesDecUpdateFn)
+ (tsip_tls13_handle_t*, uint8_t*, uint8_t*, uint32_t);
+typedef e_tsip_err_t (*Tls13AesDecFinalFn)
+ (tsip_tls13_handle_t*, uint8_t*, uint32_t*);
+
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+/* encrypt plain data.
+ *
+ * return cipher data size on success, negative value on failure.
+ * CRYPTOCB_UNAVAILABLE may be returned.
+ */
+WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
+ struct WOLFSSL* ssl,
+ byte* output,
+ const byte* input,
+ word16 sz)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ TsipUserCtx* tuc = NULL;
+ e_tsip_tls13_cipher_suite_t cs;
+ word32 cipher[(AES_BLOCK_SIZE + TSIP_AES_GCM_AUTH_TAG_SIZE) /
+ sizeof(word32)];
+ word32 plain[AES_BLOCK_SIZE / sizeof(word32)];
+ int idxIn,idxOut;
+ uint32_t remain;
+ uint32_t dataSz, finalSz;
+ e_tsip_tls13_phase_t phase;
+ tsip_aes_key_index_t* key = NULL;
+
+ WOLFSSL_ENTER("tsip_Tls13AesEncrypt");
+
+ if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) {
+ return BAD_FUNC_ARG;
+ }
+
+ if (ssl->options.side != WOLFSSL_CLIENT_END) {
+ return CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
+ }
+
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ return CRYPTOCB_UNAVAILABLE;
+ }
+
+ /* select the appropriate encryption key and phase */
+ if (ssl->options.handShakeDone) {
+ if (!tuc->ClientWriteTrafficKey_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ return CRYPTOCB_UNAVAILABLE;
+ }
+
+ key = &(tuc->clientAppWriteKey13Idx);
+ phase = TSIP_TLS13_PHASE_APPLICATION;
+ }
+ else {
+ if (!tuc->HandshakeClientTrafficKey_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ return CRYPTOCB_UNAVAILABLE;
+ }
+
+ key = &(tuc->clientWriteKey13Idx);
+ phase = TSIP_TLS13_PHASE_HANDSHAKE;
+ }
+
+ /* select AES mode */
+ if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
+ cs = TSIP_TLS13_CIPHER_SUITE_AES_128_GCM_SHA256;
+ else if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm)
+ cs = TSIP_TLS13_CIPHER_SUITE_AES_128_CCM_SHA256;
+ else
+ return CRYPTOCB_UNAVAILABLE;
+
+ remain = sz;
+ finalSz = 0;
+
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ err = R_TSIP_Tls13EncryptInit(
+ &(tuc->handle13),
+ phase,
+ TSIP_TLS13_MODE_FULL_HANDSHAKE,
+ cs,
+ key,
+ sz);
+
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG("R_TSIP_Tls13DecryptUpdate error");
+ ret = WC_HW_E;
+ }
+
+ idxIn = 0;
+ idxOut = 0;
+
+ while (err == TSIP_SUCCESS && remain > 0) {
+
+ dataSz = min(remain, AES_BLOCK_SIZE);
+ ForceZero(plain, sizeof(plain));
+ ForceZero(cipher, sizeof(cipher));
+ XMEMCPY(plain, input + idxIn, dataSz);
+
+
+ err = R_TSIP_Tls13EncryptUpdate(
+ &(tuc->handle13),
+ (uint8_t*)plain,
+ (uint8_t*)cipher,
+ dataSz);
+
+ if (err == TSIP_SUCCESS) {
+ if (dataSz >= AES_BLOCK_SIZE) {
+ XMEMCPY(output + idxOut, cipher, dataSz);
+ idxOut += dataSz;
+ }
+ idxIn += dataSz;
+ remain -= dataSz;
+ }
+ else {
+ WOLFSSL_MSG("R_TSIP_Tls13DecryptUpdate error");
+ ret = WC_HW_E;
+ }
+ }
+
+ if (err == TSIP_SUCCESS) {
+
+ ForceZero(cipher, sizeof(cipher));
+ /* R_TSIP_Tls13EncryptFinal outputs encrypted content and auth-data
+ * to the buffer.
+ */
+ err = R_TSIP_Tls13EncryptFinal(
+ &(tuc->handle13),
+ (uint8_t*)cipher,
+ &finalSz); /* total output size */
+
+ if (err == TSIP_SUCCESS) {
+ XMEMCPY(output + idxOut, cipher, finalSz - idxOut);
+ ret = finalSz;
+ }
+ else {
+ WOLFSSL_MSG("R_TSIP_Tls13EncryptFinal error");
+ ret = WC_HW_E;
+ }
+ }
+ tsip_hw_unlock();
+ }
+
+ WOLFSSL_LEAVE("tsip_Tls13AesEncrypt", ret);
+ return ret;
+}
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+/* decrypt encrypted handshake data for TLSv1.3
+ * AES-GCM or AES-CCM can be used
+ * return 0 on success, otherwise on error.
+ */
+WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
+ struct WOLFSSL* ssl,
+ byte* output,
+ const byte* input,
+ word16 sz)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ TsipUserCtx* tuc = NULL;
+ e_tsip_tls13_cipher_suite_t cs;
+ word32 cipher[AES_BLOCK_SIZE / sizeof(word32)];
+ word32 plain[AES_BLOCK_SIZE / sizeof(word32)];
+ int idxIn,idxOut;
+ int blocks;
+ uint32_t remain,conRemain;
+ uint32_t dataSz, finalSz;
+ e_tsip_tls13_phase_t phase;
+ tsip_aes_key_index_t* key = NULL;
+
+ WOLFSSL_ENTER("tsip_Tls13AesDecrypt");
+
+ if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) {
+ return BAD_FUNC_ARG;
+ }
+
+ if (ssl->options.side != WOLFSSL_CLIENT_END) {
+ return CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
+ }
+
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ return CRYPTOCB_UNAVAILABLE;
+ }
+
+ /* select the appropriate encryption key and phase */
+ if (ssl->options.handShakeDone) {
+ if (!tuc->ServerWriteTrafficKey_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ return CRYPTOCB_UNAVAILABLE;
+ }
+
+ key = &(tuc->serverAppWriteKey13Idx);
+ phase = TSIP_TLS13_PHASE_APPLICATION;
+ }
+ else {
+ if (!tuc->HandshakeServerTrafficKey_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ return CRYPTOCB_UNAVAILABLE;
+ }
+
+ key = &(tuc->serverWriteKey13Idx);
+ phase = TSIP_TLS13_PHASE_HANDSHAKE;
+ }
+
+ /* select AES mode */
+ if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
+ cs = TSIP_TLS13_CIPHER_SUITE_AES_128_GCM_SHA256;
+ else if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm)
+ cs = TSIP_TLS13_CIPHER_SUITE_AES_128_CCM_SHA256;
+ else
+ return CRYPTOCB_UNAVAILABLE;
+
+
+ blocks = sz / AES_BLOCK_SIZE;
+ remain = sz;
+ conRemain = sz - TSIP_AES_GCM_AUTH_TAG_SIZE;
+
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ err = R_TSIP_Tls13DecryptInit(
+ &(tuc->handle13),
+ phase,
+ TSIP_TLS13_MODE_FULL_HANDSHAKE,
+ cs,
+ key,
+ sz);
+
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG("R_TSIP_Tls13DecryptInit error");
+ ret = WC_HW_E;
+ }
+
+ idxIn = 0;
+ idxOut = 0;
+
+ while (err == TSIP_SUCCESS && (blocks--) >= 0) {
+
+ dataSz = min(remain, AES_BLOCK_SIZE);
+ XMEMCPY(cipher, input + idxIn, dataSz);
+ ForceZero(plain, AES_BLOCK_SIZE);
+
+ err = R_TSIP_Tls13DecryptUpdate(
+ &(tuc->handle13),
+ (uint8_t*)cipher,
+ (uint8_t*)plain,
+ dataSz);
+
+ if (err == TSIP_SUCCESS) {
+ if (dataSz >= AES_BLOCK_SIZE && conRemain >= AES_BLOCK_SIZE) {
+ XMEMCPY(output + idxOut, plain, dataSz);
+ idxOut += dataSz;
+ conRemain -= min(conRemain, dataSz);
+ }
+ idxIn += dataSz;
+ remain -= dataSz;
+ }
+ else {
+ WOLFSSL_MSG("R_TSIP_Tls13DecryptUpdate error");
+ ret = WC_HW_E;
+ }
+ }
+
+ if (err == TSIP_SUCCESS) {
+ err = R_TSIP_Tls13DecryptFinal(
+ &(tuc->handle13),
+ (uint8_t*)plain,
+ &finalSz); /* total size will be returned */
+
+ if (err == TSIP_SUCCESS) {
+ XMEMCPY(output + idxOut, plain, conRemain);
+ }
+ else if (err== TSIP_ERR_AUTHENTICATION) {
+ WOLFSSL_MSG("tsip_Tls13AesDecrypt authentication error");
+ ret = AES_GCM_AUTH_E;
+ }
+ else {
+ WOLFSSL_MSG("R_TSIP_Tls13DecryptFinal error");
+ ret = WC_HW_E;
+ }
+ }
+ tsip_hw_unlock();
+ }
+
+ WOLFSSL_LEAVE("tsip_Tls13AesDecrypt", ret);
+ return ret;
+}
+
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 109)
+#ifdef WOLF_CRYPTO_CB
+
+WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
+ void* ctx)
+{
+ int ret = NOT_COMPILED_IN;
+ TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
+
+ WOLFSSL_ENTER("wc_tsip_AesCipher");
+
+ if (info == NULL || ctx == NULL)
+ return BAD_FUNC_ARG;
+
+ if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
+
+#if !defined(NO_AES) || !defined(NO_DES3)
+#ifdef HAVE_AESGCM
+ if (info->cipher.type == WC_CIPHER_AES_GCM &&
+ cbInfo->session_key_set == 1) {
+
+ if (info->cipher.enc) {
+ ret = wc_tsip_AesGcmEncrypt(
+ info->cipher.aesgcm_enc.aes,
+ (byte*)info->cipher.aesgcm_enc.out,
+ (byte*)info->cipher.aesgcm_enc.in,
+ info->cipher.aesgcm_enc.sz,
+ (byte*)info->cipher.aesgcm_enc.iv,
+ info->cipher.aesgcm_enc.ivSz,
+ (byte*)info->cipher.aesgcm_enc.authTag,
+ info->cipher.aesgcm_enc.authTagSz,
+ (byte*)info->cipher.aesgcm_enc.authIn,
+ info->cipher.aesgcm_enc.authInSz,
+ (void*)ctx);
+
+ }
+ else {
+ ret = wc_tsip_AesGcmDecrypt(
+ info->cipher.aesgcm_dec.aes,
+ (byte*)info->cipher.aesgcm_dec.out,
+ (byte*)info->cipher.aesgcm_dec.in,
+ info->cipher.aesgcm_dec.sz,
+ (byte*)info->cipher.aesgcm_dec.iv,
+ info->cipher.aesgcm_dec.ivSz,
+ (byte*)info->cipher.aesgcm_dec.authTag,
+ info->cipher.aesgcm_dec.authTagSz,
+ (byte*)info->cipher.aesgcm_dec.authIn,
+ info->cipher.aesgcm_dec.authInSz,
+ (void*)ctx);
+ }
+ }
+ #endif /* HAVE_AESGCM */
+ #ifdef HAVE_AES_CBC
+ if (info->cipher.type == WC_CIPHER_AES_CBC &&
+ cbInfo->session_key_set == 1) {
+
+ if (info->cipher.enc) {
+ ret = wc_tsip_AesCbcEncrypt(
+ info->cipher.aescbc.aes,
+ (byte*)info->cipher.aescbc.out,
+ (byte*)info->cipher.aescbc.in,
+ info->cipher.aescbc.sz);
+
+ }
+ else {
+ ret = wc_tsip_AesCbcDecrypt(
+ info->cipher.aescbc.aes,
+ (byte*)info->cipher.aescbc.out,
+ (byte*)info->cipher.aescbc.in,
+ info->cipher.aescbc.sz);
+ }
+ }
+ #endif /* HAVE_AES_CBC */
+ #endif /* !NO_AES || !NO_DES3 */
+
+ }
+ WOLFSSL_LEAVE("wc_tsip_AesCipher", ret);
+ return ret;
+}
+#endif /* WOLF_CRYPTO_CB */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 109 */
+
int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
@@ -271,8 +675,8 @@ int wc_tsip_AesGcmEncrypt(
if (ret == 0) {
XMEMCPY(plainBuf, in, sz);
- XMEMSET(cipherBuf, 0, cipherBufSz);
- XMEMSET(authTag, 0, authTagSz);
+ ForceZero(cipherBuf, cipherBufSz);
+ ForceZero(authTag, authTagSz);
XMEMCPY(aadBuf, authIn, min(authInSz, TSIP_AES_GCM_AUTH_TAG_SIZE));
}
@@ -447,9 +851,9 @@ int wc_tsip_AesGcmDecrypt(
}
if (ret == 0) {
- XMEMSET(plainBuf, 0, plainBufSz);
+ ForceZero(plainBuf, plainBufSz);
XMEMCPY(cipherBuf, in, sz);
- XMEMSET(aTagBuf, 0, TSIP_AES_GCM_AUTH_TAG_SIZE);
+ ForceZero(aTagBuf, TSIP_AES_GCM_AUTH_TAG_SIZE);
XMEMCPY(aTagBuf,authTag,min(authTagSz, TSIP_AES_GCM_AUTH_TAG_SIZE));
XMEMCPY(aadBuf, authIn, authInSz);
}
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
index d6a58de6e..a87d481a9 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
@@ -1,6 +1,6 @@
/* renesas_tsip_sha.c
*
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -25,7 +25,13 @@
#include
#endif
#include
-
+#include
+#ifdef NO_INLINE
+ #include
+#else
+ #define WOLFSSL_MISC_INCLUDED
+ #include
+#endif
#if !defined(NO_SHA) || !defined(NO_SHA256)
#include
@@ -36,12 +42,248 @@
#include
#include
-
#if !defined(NO_SHA) && !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include
extern struct WOLFSSL_HEAP_HINT* tsip_heap_hint;
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+/* get hmac from handshake messages exchanged with server.
+ *
+ */
+WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
+{
+ int ret = 0;
+ int isTLS13 = 0;
+ TsipUserCtx* tuc = NULL;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ byte hash[WC_SHA256_DIGEST_SIZE];
+ int hmacSz = 0;
+
+ WOLFSSL_ENTER("tsip_Tls13GetHmacMessages");
+
+ if (ssl == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR)
+ isTLS13 = 1;
+
+ /* TSIP works only in TLS13 client side */
+ if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ /* get user context for TSIP */
+ if (ret == 0) {
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ else if (!tuc->HandshakeClientTrafficKey_set) {
+ WOLFSSL_MSG("Client handshake traffic keys aren't created by TSIP");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ /* get transcript hash */
+ if (ret == 0) {
+ ForceZero(hash, sizeof(hash));
+ ret = tsip_GetMessageSha256(ssl, hash, (int*)&hmacSz);
+ }
+
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ err = R_TSIP_Sha256HmacGenerateInit(&(tuc->hmacFinished13Handle),
+ &(tuc->clientFinished13Idx));
+
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed");
+ ret = WC_HW_E;
+ }
+
+ if (ret == 0) {
+
+ err = R_TSIP_Sha256HmacGenerateUpdate(
+ &(tuc->hmacFinished13Handle),
+ (uint8_t*)hash,
+ WC_SHA256_DIGEST_SIZE);
+
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateUpdate failed");
+ ret = WC_HW_E;
+ }
+ }
+
+ if (ret == 0) {
+ err = R_TSIP_Sha256HmacGenerateFinal(
+ &(tuc->hmacFinished13Handle), mac);
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed");
+ ret = WC_HW_E;
+ }
+ }
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+ WOLFSSL_LEAVE("tsipTls13GetHmacMessages", ret);
+ return ret;
+}
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+/* store handshake message for later hash or hmac operation.
+ *
+ */
+WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
+ int sz)
+{
+ int ret = 0;
+ int isTLS13 = 0;
+ word32 messageSz;
+ MsgBag* bag = NULL;
+ TsipUserCtx* tuc = NULL;
+
+ WOLFSSL_ENTER("tsip_StoreMessage");
+
+ if (ssl == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR)
+ isTLS13 = 1;
+
+ /* TSIP works only in TLS13 client side */
+ if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
+ WOLFSSL_MSG("Not in tls1.3 or not in client end");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+ /* should work until handshake is done */
+ if (ret == 0) {
+ if (ssl->options.handShakeDone) {
+ WOLFSSL_MSG("handshake is done.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ /* get user context for TSIP */
+ if (ret == 0) {
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("RenesasUserCtx is not set in ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ /* check if TSIP is used for this session */
+ if (ret == 0) {
+ if (!tuc->Dhe_key_set) {
+ WOLFSSL_MSG("DH key not set.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ /* copy raw handshake message into MsgBag for later sha256 operations. */
+ if (ret == 0) {
+ c24to32(&data[1], &messageSz);
+
+ bag = &(tuc->messageBag);
+
+ if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES ||
+ bag->buffIdx + sz > MSGBAG_SIZE) {
+ WOLFSSL_MSG("Capacity over error in tsip_StoreMessage");
+ ret = MEMORY_E;
+ }
+
+ XMEMCPY(bag->buff + bag->buffIdx, data, sz);
+ bag->msgTypes[bag->msgIdx++] = *data; /* store message type */
+ bag->buffIdx += sz;
+ }
+
+ WOLFSSL_LEAVE("tsip_StoreMessage", ret);
+ return ret;
+}
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
+ int* sz)
+{
+ int ret = 0;
+ int isTLS13 = 0;
+ MsgBag* bag = NULL;
+ TsipUserCtx* tuc = NULL;
+ tsip_sha_md5_handle_t handle;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ uint32_t hashSz = 0;
+
+ WOLFSSL_ENTER("tsip_GetMessageSha256");
+
+ if (ssl == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR)
+ isTLS13 = 1;
+
+ /* TSIP works only in TLS13 client side */
+ if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+ /* get user context for TSIP */
+ if (ret == 0) {
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ bag = &(tuc->messageBag);
+ }
+
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ err = R_TSIP_Sha256Init(&handle);
+
+ if (err == TSIP_SUCCESS) {
+ err = R_TSIP_Sha256Update(&handle, (uint8_t*)bag->buff,
+ bag->buffIdx);
+ }
+ if (err == TSIP_SUCCESS) {
+ err = R_TSIP_Sha256Final(&handle, hash, &hashSz);
+ }
+ if (err == TSIP_SUCCESS) {
+ if (sz != NULL) {
+ *sz = hashSz;
+ }
+ }
+ else {
+ ret = WC_HW_E;
+ }
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+ WOLFSSL_LEAVE("tsip_GetMessageSha256", ret);
+ return ret;
+}
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+
+
+
+
static void TSIPHashFree(wolfssl_TSIP_Hash* hash)
{
if (hash == NULL)
@@ -61,7 +303,7 @@ static int TSIPHashInit(wolfssl_TSIP_Hash* hash, void* heap, int devId,
}
(void)devId;
- XMEMSET(hash, 0, sizeof(wolfssl_TSIP_Hash));
+ ForceZero(hash, sizeof(wolfssl_TSIP_Hash));
if (heap == NULL && tsip_heap_hint != NULL) {
hash->heap = (struct wolfSSL_HEAP_HINT*)tsip_heap_hint;
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
index 2aab84f50..9fee94749 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
@@ -1,6 +1,6 @@
/* renesas_tsip_util.c
*
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -23,15 +23,28 @@
#if defined(WOLFSSL_RENESAS_TSIP)
#include
+#include
+#include
#include
#include
#include
+#ifdef NO_INLINE
+ #include
+#else
+ #define WOLFSSL_MISC_INCLUDED
+ #include
+#endif
#include
#include
+#include
#include
#include
#include
+#define TSIP_SIGNING_DATA_PREFIX_SZ 64
+#define TSIP_SIGNING_DATA_PREFIX_BYTE 0x20
+#define TSIP_MAX_SIG_DATA_SZ 130
+#define TSIP_CERT_VFY_LABEL_SZ 34
/* function pointer typedefs for TSIP SHAxx HMAC Verification */
typedef e_tsip_err_t (*shaHmacInitFn)
@@ -64,6 +77,12 @@ static uint32_t g_encrypted_publicCA_key[R_TSIP_SINST_WORD_SIZE];
/* index of CM table. must be global since renesas_common access it. */
extern uint32_t g_CAscm_Idx;
+#if defined(WOLFSSL_TLS13)
+/* The server certificate verification label. */
+static const byte serverCertVfyLabel[TSIP_CERT_VFY_LABEL_SZ] =
+ "TLS 1.3, server CertificateVerify";
+#endif /* WOLFSSL_TLS13 */
+
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
@@ -82,6 +101,1756 @@ static int tsip_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
{
return wc_UnLockMutex(mutex);
}
+/* Set client encrypted private key data.
+ * parameters:
+ * key Renesas Secure Flash Programmer generated key.
+ * keyType 0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256
+ * return 0 on success, others on failure.
+ */
+WOLFSSL_API int tsip_set_clientPrivateKeyEnc(const byte* encKey, int keyType)
+{
+ int ret = 0;
+
+ WOLFSSL_ENTER("tsip_set_clientPrivateKeyEnc");
+
+ if (ret == 0) {
+ g_user_key_info.encrypted_user_private_key = (uint8_t*)encKey;
+ g_user_key_info.encrypted_user_private_key_type = keyType;
+ }
+
+ WOLFSSL_LEAVE("tsip_set_clientPrivateKeyEnc", ret);
+ return ret;
+}
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+/* Flush raw handshake messages in MsgBag
+ *
+ */
+static void tsipFlushMessages(struct WOLFSSL* ssl)
+{
+ TsipUserCtx* tuc = NULL;
+ MsgBag* bag = NULL;
+
+ if (ssl == NULL)
+ return;
+
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ return;
+ }
+
+ bag = &(tuc->messageBag);
+
+ ForceZero(bag, sizeof(MsgBag));
+
+}
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl)
+{
+ int ret = 0;
+ TsipUserCtx* tuc = NULL;
+
+ if (ssl == NULL)
+ return BAD_FUNC_ARG;
+
+ tuc = ssl->RenesasUserCtx;
+
+ if (tuc == NULL)
+ return ret;
+
+ /* free stored messages */
+ tsipFlushMessages(ssl);
+
+ return ret;
+}
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+/* generate ECC P265 key pair for ECDHE.
+ * generated public key is stored in KeyShareEntry.pubkey and private key is
+ * stored in TsipUserCtx.EcdhPrivKey13Idx as tsip specific format.
+ * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is
+ * expecting to fallback to S/W, other negative values on error.
+ */
+WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ int isTLS13 = 0;
+ word16 curveId;
+ ecc_key* ecckey = NULL;
+ TsipUserCtx* tuc = NULL;
+
+ WOLFSSL_ENTER("tsip_Tls13GenEccKeyPair");
+
+ if (ssl == NULL || kse == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR) {
+ isTLS13 = 1;
+ }
+ /* TSIP works only in TLS13 client side */
+ if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* TSIP can handle SECP256R1 */
+ if (kse->group != WOLFSSL_ECC_SECP256R1) {
+ WOLFSSL_MSG("TSIP can't handle the specified ECC curve.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ curveId = ECC_SECP256R1;
+
+ /* Allocate space for the public key */
+ if (ret == 0) {
+ kse->pubKey = (byte*)XMALLOC(kse->pubKeyLen, ssl->heap,
+ DYNAMIC_TYPE_PUBLIC_KEY);
+ if (kse->pubKey == NULL) {
+ WOLFSSL_MSG("Key data Memory error");
+ ret = MEMORY_E;
+ }
+ else {
+ ForceZero(kse->pubKey, kse->pubKeyLen);
+ }
+ }
+
+ /* Allocate an ECC key to hold private key. */
+ if (ret == 0) {
+ kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC);
+ if (kse->key == NULL) {
+ WOLFSSL_MSG("EccTempKey Memory error");
+ ret = MEMORY_E;
+ }
+ else {
+ ret = wc_ecc_init_ex((ecc_key*)kse->key, ssl->heap, ssl->devId);
+ }
+ }
+ if (ret == 0) {
+ ecckey = (ecc_key*)kse->key;
+ ret = wc_ecc_set_curve(ecckey, kse->keyLen, curveId);
+ }
+
+ kse->pubKey[0] = ECC_POINT_UNCOMP;
+
+ /* generate ecc key pair with TSIP */
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ tuc->Dhe_key_set =0;
+
+ err = R_TSIP_GenerateTls13P256EccKeyIndex(
+ &(tuc->handle13),
+ TSIP_TLS13_MODE_FULL_HANDSHAKE,
+ &(tuc->EcdhPrivKey13Idx), /* private key index */
+ &(kse->pubKey[1])); /* genereted public key */
+
+ if (err != TSIP_SUCCESS){ret = WC_HW_E;}
+
+ if (ret == 0) {
+ WOLFSSL_MSG("ECDH private key-index is stored by TSIP");
+ tuc->Dhe_key_set =1;
+ }
+
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ if (ret != 0) {
+ if (kse->key != NULL)
+ XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+ if (kse->pubKey != NULL)
+ XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+ }
+ WOLFSSL_LEAVE("tsip_Tls13GenEccKeyPair", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+/* generate shared secret(pre-master secret)
+ * get peer's raw ECDHE public key from KeyShareEntry.
+ * The pre-master secret generated by TSIP is stored into
+ * TsipUserCtx.sharedSecret13Idx as TSIP specific format.
+ *
+ * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is
+ * expecting to fallback to S/W, other negative values on error.
+ */
+WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
+ struct KeyShareEntry* kse)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ int isTLS13 = 0;
+ uint8_t* pubkeyraw = NULL;
+ TsipUserCtx* tuc = NULL;
+
+ WOLFSSL_ENTER("tsip_Tls13GenSharedSecret");
+ if (ssl == NULL || kse == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR) {
+ isTLS13 = 1;
+ }
+ if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
+ WOLFSSL_MSG("Not in TLS1.3 or in client");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* make sure it is in TLS13 and in client side */
+ if (kse->group != WOLFSSL_ECC_SECP256R1) {
+ WOLFSSL_MSG("TSIP can't handle the specified group");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ if (!tuc->Dhe_key_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ tuc->SharedSecret_set = 0;
+ pubkeyraw = kse->ke + 1; /* peer's raw publick key data */
+
+ /* derive shared secret */
+ err = R_TSIP_Tls13GenerateEcdheSharedSecret(
+ TSIP_TLS13_MODE_FULL_HANDSHAKE,
+ pubkeyraw, /* peer's ECDHE public key */
+ &(tuc->EcdhPrivKey13Idx), /*(out) own ECDHE priv key */
+ &(tuc->sharedSecret13Idx)); /*(out) PreMasterSecret */
+
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG("R_TSIP_Tls13GenerateEcdheSharedSecret error");
+ ret = WC_HW_E;
+ }
+ if (ret == 0) {
+ /* set flag for later tsip operations */
+ tuc->SharedSecret_set = 1;
+ }
+
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ WOLFSSL_LEAVE("tsip_Tls13GenSharedSecret", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
+{
+ int ret = 0;
+ TsipUserCtx* tuc = NULL;
+
+ WOLFSSL_ENTER("tsip_Tls13DeriveEarlySecret");
+ if (ssl == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ else {
+ tuc->EarlySecret_set = 1;
+ }
+ }
+
+ WOLFSSL_LEAVE("tsip_Tls13DeriveEarlySecret", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+/* derive handshake secret.
+ * get pre-master secret stored in TsipUserCtx.sharedSecret13Idx.
+ * Derived handshake secret is stored into TsipUserCtx.handshakeSecret13Idx
+ * as tsip specific format.
+ *
+ * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is
+ * expecting to fallback to S/W, other negative values on error.
+ */
+WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ int isTLS13 = 0;
+ TsipUserCtx* tuc = NULL;
+
+ WOLFSSL_ENTER("tsip_Tls13DeriveHandshakeSecret");
+ if (ssl == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR) {
+ isTLS13 = 1;
+ }
+
+ if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
+ ret = CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
+ }
+ }
+
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* check if pre-master secret is generated by tsip */
+ if (!tuc->SharedSecret_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ tuc->HandshakeSecret_set = 0;
+
+ err = R_TSIP_Tls13GenerateHandshakeSecret(
+ &(tuc->sharedSecret13Idx),
+ &(tuc->handshakeSecret13Idx));
+
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG("R_TSIP_Tls13GenerateHandshakeSecret error");
+ ret = WC_HW_E;
+ }
+ if (ret == 0) {
+ tuc->HandshakeSecret_set = 1;
+ }
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ WOLFSSL_LEAVE("tsip_Tls13DeriveHandshakeSecret", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ int isTLS13 = 0;
+ TsipUserCtx* tuc = NULL;
+ byte hash[WC_SHA256_DIGEST_SIZE];
+
+
+ WOLFSSL_ENTER("tsipTls13DeriveClientHandshakeKeys");
+ if (ssl == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR) {
+ isTLS13 = 1;
+ }
+ if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
+ ret = CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
+ }
+ }
+
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* make sure client handshake secret is generated by tsip */
+ if (!tuc->HandshakeSecret_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* get digest of handshake messages */
+ ret = tsip_GetMessageSha256(ssl, hash, NULL);
+ }
+
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ tuc->HandshakeClientTrafficKey_set = 0;
+
+ err = R_TSIP_Tls13GenerateClientHandshakeTrafficKey(
+ &(tuc->handle13),
+ TSIP_TLS13_MODE_FULL_HANDSHAKE,
+ &(tuc->handshakeSecret13Idx),
+ hash,
+ &(tuc->clientWriteKey13Idx),
+ &(tuc->clientFinished13Idx));
+
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG(
+ "R_TSIP_Tls13GenerateClientHandshakeTrafficKey error");
+ ret = WC_HW_E;
+ }
+
+ /* key derivation succeeded */
+ if (ret == 0) {
+ tuc->HandshakeClientTrafficKey_set = 1;
+ }
+
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ WOLFSSL_LEAVE("tsipTls13DeriveClientHandshakeKeys", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ int isTLS13 = 0;
+ TsipUserCtx* tuc = NULL;
+ byte hash[WC_SHA256_DIGEST_SIZE];
+
+
+ WOLFSSL_ENTER("tsipTls13DeriveServerHandshakeKeys");
+ if (ssl == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR) {
+ isTLS13 = 1;
+ }
+ if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
+ ret = CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
+ }
+ }
+
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* make sure client handshake secret is generated by tsip */
+ if (!tuc->HandshakeSecret_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* get digest of handshake packets */
+ ret = tsip_GetMessageSha256(ssl, hash, NULL);
+ }
+
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ tuc->HandshakeServerTrafficKey_set = 0;
+
+ err = R_TSIP_Tls13GenerateServerHandshakeTrafficKey(
+ &(tuc->handle13),
+ TSIP_TLS13_MODE_FULL_HANDSHAKE,
+ &(tuc->handshakeSecret13Idx),
+ hash,
+ &(tuc->serverWriteKey13Idx),
+ &(tuc->serverFinished13Idx));
+
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG(
+ "R_TSIP_Tls13GenerateServerHandshakeTrafficKey error");
+ ret = WC_HW_E;
+ }
+
+ /* key derivation succeeded */
+ if (ret == 0) {
+ tuc->HandshakeServerTrafficKey_set = 1;
+ }
+
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ WOLFSSL_LEAVE("tsipTls13DeriveServerHandshakeKeys", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ int isTLS13 = 0;
+ TsipUserCtx* tuc = NULL;
+ byte hash[WC_SHA256_DIGEST_SIZE];
+
+
+ WOLFSSL_ENTER("tsipTls13DeriveTrafficKeys");
+ if (ssl == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR) {
+ isTLS13 = 1;
+ }
+ if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
+ ret = CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
+ }
+ }
+
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* make sure master secret is generated by tsip */
+ if (!tuc->MasterSecret_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* get digest of handshake messages */
+ ret = tsip_GetMessageSha256(ssl, hash, NULL);
+ }
+
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ tuc->ServerTrafficSecret_set = 0;
+ tuc->ClientTrafficSecret_set = 0;
+ tuc->ServerWriteTrafficKey_set = 0;
+ tuc->ClientWriteTrafficKey_set = 0;
+
+ err = R_TSIP_Tls13GenerateApplicationTrafficKey(
+ &(tuc->handle13),
+ TSIP_TLS13_MODE_FULL_HANDSHAKE,
+ &(tuc->masterSecret13Idx),
+ (uint8_t*)hash,
+ &(tuc->serverAppTraffic13Secret),
+ &(tuc->clientAppTraffic13Secret),
+ &(tuc->serverAppWriteKey13Idx),
+ &(tuc->clientAppWriteKey13Idx));
+
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG(
+ "R_TSIP_Tls13GenerateApplicationTrafficKey error");
+ ret = WC_HW_E;
+ }
+
+ /* key derivation succeeded */
+ if (ret == 0) {
+ tuc->ServerTrafficSecret_set = 1;
+ tuc->ClientTrafficSecret_set = 1;
+ tuc->ServerWriteTrafficKey_set = 1;
+ tuc->ClientWriteTrafficKey_set = 1;
+ }
+
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ WOLFSSL_LEAVE("tsipTls13DeriveTrafficKeys", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ int isTLS13 = 0;
+ TsipUserCtx* tuc = NULL;
+
+ WOLFSSL_ENTER("tsipTls13UpdateClientTrafficKeys");
+
+ if (ssl == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR) {
+ isTLS13 = 1;
+ }
+ if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
+ ret = CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
+ }
+ }
+
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* make sure application secret is generated by tsip */
+ if (!tuc->ClientTrafficSecret_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ tuc->ClientWriteTrafficKey_set = 0;
+
+ err = R_TSIP_Tls13UpdateApplicationTrafficKey(
+ &(tuc->handle13),
+ TSIP_TLS13_MODE_FULL_HANDSHAKE,
+ TSIP_TLS13_UPDATE_CLIENT_KEY,
+ &(tuc->clientAppTraffic13Secret),
+ &(tuc->clientAppTraffic13Secret),
+ &(tuc->clientAppWriteKey13Idx));
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error");
+ ret = WC_HW_E;
+ }
+ else {
+ tuc->ClientWriteTrafficKey_set = 1;
+ }
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ WOLFSSL_LEAVE("tsipTls13UpdateClientTrafficKeys", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ int isTLS13 = 0;
+ TsipUserCtx* tuc = NULL;
+
+ WOLFSSL_ENTER("tsipTls13UpdateServerTrafficKeys");
+
+ if (ssl == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR) {
+ isTLS13 = 1;
+ }
+ if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
+ ret = CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
+ }
+ }
+
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* make sure application secret is generated by tsip */
+ if (!tuc->ServerTrafficSecret_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ tuc->ServerWriteTrafficKey_set = 0;
+
+ err = R_TSIP_Tls13UpdateApplicationTrafficKey(
+ &(tuc->handle13),
+ TSIP_TLS13_MODE_FULL_HANDSHAKE,
+ TSIP_TLS13_UPDATE_SERVER_KEY,
+ &(tuc->serverAppTraffic13Secret),
+ &(tuc->serverAppTraffic13Secret),
+ &(tuc->serverAppWriteKey13Idx));
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error");
+ ret = WC_HW_E;
+ }
+ else {
+ tuc->ServerWriteTrafficKey_set = 1;
+ }
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ WOLFSSL_LEAVE("tsipTls13UpdateServerTrafficKeys", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+/* Derive the keys for TLS v1.3.
+ *
+ * ssl The WOLFSSL object.
+ * keyType kind of keys to derive.
+ * handshake_key: when deriving keys for encrypting handshake messages.
+ * traffic_key: when deriving first keys for encrypting traffic messages.
+ * update_traffic_key: when deriving next keys for encrypting
+ * traffic messages.
+ *
+ * side ENCRYPT_SIDE_ONLY: when only encryption secret needs to be derived.
+ * DECRYPT_SIDE_ONLY: when only decryption secret needs to be derived.
+ * ENCRYPT_AND_DECRYPT_SIDE: when both secret needs to be derived.
+ *
+ * returns 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is
+ * expecting to fallback to S/W, other negative values on error.
+ */
+WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl,
+ int keyType, int side)
+{
+ int ret = 0;
+ int provision;
+
+ WOLFSSL_ENTER("tsip_Tls13DeriveKeys");
+
+ if (side == ENCRYPT_AND_DECRYPT_SIDE) {
+ provision = PROVISION_CLIENT_SERVER;
+ }
+ else {
+ provision = ((ssl->options.side != WOLFSSL_CLIENT_END) ^
+ (side == ENCRYPT_SIDE_ONLY)) ? PROVISION_CLIENT :
+ PROVISION_SERVER;
+ }
+ /* derive client key */
+ switch (keyType) {
+ case early_data_key:
+ WOLFSSL_MSG("TSIP can't handle early data key");
+ ret = CRYPTOCB_UNAVAILABLE;
+ break;
+
+ case handshake_key:
+ if (provision & PROVISION_CLIENT) {
+ ret = tsipTls13DeriveClientHandshakeKeys(ssl);
+ }
+ break;
+
+ case traffic_key:
+ ret = tsipTls13DeriveTrafficKeys(ssl);
+ break;
+
+ case update_traffic_key:
+ if (provision & PROVISION_CLIENT) {
+ ret = tsipTls13UpdateClientTrafficKeys(ssl);
+ }
+ break;
+
+ default:
+ ret = CRYPTOCB_UNAVAILABLE;
+ break;
+ }
+
+ if (ret == 0) {
+ /* derive server key */
+ switch (keyType) {
+ case early_data_key:
+ WOLFSSL_MSG("TSIP can't handle early data key");
+ ret = CRYPTOCB_UNAVAILABLE;
+ break;
+
+ case handshake_key:
+ if (provision & PROVISION_SERVER) {
+ ret = tsipTls13DeriveServerHandshakeKeys(ssl);
+ }
+ break;
+
+ case traffic_key:
+ /* traffic key for server was derived in
+ * tsipTls13DeriveTrafficKeys
+ */
+ break;
+
+ case update_traffic_key:
+ if (provision & PROVISION_SERVER) {
+ ret = tsipTls13UpdateServerTrafficKeys(ssl);
+ }
+ break;
+
+ default:
+ ret = CRYPTOCB_UNAVAILABLE;
+ break;
+ }
+ }
+ WOLFSSL_LEAVE("tsip_Tls13DeriveKeys", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ int isTLS13 = 0;
+ TsipUserCtx* tuc = NULL;
+
+ WOLFSSL_ENTER("tsip_Tls13DeriveMasterSecret");
+
+ if (ssl == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR) {
+ isTLS13 = 1;
+ }
+ if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
+ ret = CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
+ }
+ }
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+ if (ret == 0) {
+ /* make sure handshake secret and verify data has been set by TSIP */
+ if (!tuc->HandshakeSecret_set ||
+ !tuc->HandshakeVerifiedData_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ tuc->MasterSecret_set = 0;
+
+ err = R_TSIP_Tls13GenerateMasterSecret(
+ &(tuc->handle13),
+ TSIP_TLS13_MODE_FULL_HANDSHAKE,
+ &(tuc->handshakeSecret13Idx),
+ (uint32_t*)tuc->verifyData13Idx,
+ &(tuc->masterSecret13Idx));
+
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG(
+ "R_TSIP_Tls13GenerateMasterSecret( error");
+ ret = WC_HW_E;
+ }
+
+ if (ret == 0) {
+ tuc->MasterSecret_set = 1;
+ }
+
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ WOLFSSL_LEAVE("tsip_Tls13DeriveMasterSecret", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+/* verify handshake
+ * ssl WOLFSSL object
+ * hash buffer holding decrypted finished message content from server.
+ *
+ */
+static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
+ const byte* hash)/*finished message*/
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ int isTLS13 = 0;
+ TsipUserCtx* tuc = NULL;
+ word32 msgHash[WC_SHA256_DIGEST_SIZE/sizeof(word32)];
+
+ WOLFSSL_ENTER("tsipTls13VerifyHandshake");
+
+ if (ssl == NULL)
+ ret = BAD_FUNC_ARG;
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR) {
+ isTLS13 = 1;
+ }
+ if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
+ ret = CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
+ }
+ }
+
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* make sure handshake secret is generated by tsip */
+ if (!tuc->HandshakeServerTrafficKey_set) {
+ WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+ /* get digest of handshake messages */
+ if (ret == 0) {
+ ret = tsip_GetMessageSha256(ssl, (byte*)msgHash, NULL);
+ }
+
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ tuc->HandshakeVerifiedData_set = 0;
+
+ err = R_TSIP_Tls13ServerHandshakeVerification(
+ TSIP_TLS13_MODE_FULL_HANDSHAKE,
+ &(tuc->serverFinished13Idx),
+ (uint8_t*)msgHash,
+ (uint8_t*)hash,
+ (uint32_t*)(tuc->verifyData13Idx));
+
+ if (err == TSIP_ERR_VERIFICATION_FAIL) {
+ WOLFSSL_MSG("Handshake verification error");
+ ret = VERIFY_FINISHED_ERROR;
+ }
+ else if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG("R_TSIP_Tls13ServerHandshakeVerification error");
+ ret = WC_HW_E;
+ }
+ if (ret == 0) {
+ WOLFSSL_MSG("Verified handshake");
+ tuc->HandshakeVerifiedData_set = 1;
+ }
+
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ WOLFSSL_LEAVE("tsipTls13VerifyHandshake", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+/* handles finished message from server.
+ * verify hmac in the message. Also output verify data to
+ * TsipUserCtx.verifyDataIdx, which is used for deriving master secret.
+ *
+ * ssl WOLFSSL object
+ * input the buffer holding decrypted finished message, type and padding
+ * inOutIdx On entry, the index into the message content of Finished.
+ * On exit, the index of byte after the Finished message and padding.
+ * size Length of message content(excluding type and padding)
+ * totalSz Length in the record header. means message + type + pad.
+ * return 0, on success, others on failure.
+ */
+WOLFSSL_LOCAL int tsip_Tls13HandleFinished(
+ struct WOLFSSL* ssl,
+ const byte* input,
+ word32* inOutIdx,
+ word32 size,
+ word32 totalSz)
+{
+ int ret = 0;
+
+ WOLFSSL_ENTER("tsip_Tls13HandleFinished");
+
+ if (ssl == NULL || input == NULL || inOutIdx == NULL) {
+ ret = BAD_FUNC_ARG;
+ }
+
+ if (ret == 0) {
+ ret = tsipTls13VerifyHandshake(ssl, input + *inOutIdx);
+ }
+
+ if (ret == 0) {
+ /* Force input exhaustion at ProcessReply by consuming padSz. */
+ *inOutIdx += size + ssl->keys.padSz;
+
+ ssl->options.serverState = SERVER_FINISHED_COMPLETE;
+ }
+
+ WOLFSSL_LEAVE("tsip_Tls13HandleFinished", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+/* Build TLS v1.3 Message and make it encrypted with AEAD algorithm.
+ * TSIP supports AES-GCM and AES-CCM.
+ * ssl The WOLFSSL object.
+ * output The buffer to write record message to.
+ * outSz Size of the buffer being written into.
+ * input The handshake message data to encrypt (excluding trailing type).
+ * inSz The size of the handshake message (including message header).
+ * type The real content type being put after the message data.
+ * hashOutput Whether to hash the unencrypted record data.
+ * returns the size of the record including header, CRYPTOCB_UNAVAILABLE
+ * when tsip can not handle and is expecting to fallback to S/W,
+ * other negative values on error.
+ */
+WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl,
+ byte* output,
+ int outSz,
+ const byte* input,
+ int inSz,
+ int type,
+ int hashOutput)
+{
+ int ret = 0;
+ int recSz;
+ int isTLS13 = 0;
+ RecordLayerHeader* rl = NULL;
+ (void)outSz;
+
+ WOLFSSL_ENTER("tsip_Tls13BuildMessage");
+
+ if (ssl == NULL || output == NULL || input == NULL) {
+ ret = BAD_FUNC_ARG;
+ }
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR) {
+ isTLS13 = 1;
+ }
+ if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
+ ret = CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
+ }
+ }
+
+ if (ret == 0) {
+ /* make sure hash algorithm is SHA256 */
+ if (ssl->specs.mac_algorithm != sha256_mac ) {
+ WOLFSSL_MSG("TSIP can't handle this hash algorithm.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ if ((ssl->specs.bulk_cipher_algorithm != wolfssl_aes_gcm) &&
+ (ssl->specs.bulk_cipher_algorithm != wolfssl_aes_ccm)) {
+ WOLFSSL_MSG("TSIP can't handle the specified algorithm");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* set size in record header */
+ recSz = inSz + 1 + ssl->specs.aead_mac_size;
+
+ /* update the record header with the new size. */
+ rl = (RecordLayerHeader*)output;
+ rl->type = application_data;
+ rl->pvMajor = ssl->version.major;
+ rl->pvMinor = TLSv1_2_MINOR;
+ c16toa((word16)recSz, rl->length);
+
+ if (input != output + RECORD_HEADER_SZ) {
+ XMEMCPY(output + RECORD_HEADER_SZ, input, inSz);
+ }
+
+ if (hashOutput) {
+ ret = HashOutput(ssl, output, RECORD_HEADER_SZ + inSz, 0);
+ }
+ }
+ if (ret == 0) {
+ /* The real record content type goes at the end of the data. */
+ output[RECORD_HEADER_SZ + inSz] = (byte)type;
+
+ ret = tsip_Tls13AesEncrypt(ssl,
+ output + RECORD_HEADER_SZ, /* output */
+ output + RECORD_HEADER_SZ, /* plain message */
+ inSz + 1); /* plain data size(= inSz + 1 for type) */
+
+ if (ret > 0) {
+ ret = recSz + RECORD_HEADER_SZ; /* return record size */
+ }
+ }
+
+ WOLFSSL_LEAVE("tsip_Tls13BuildMessage", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+/* Send finished message to the server.
+ *
+ * ssl WOLFSSL object
+ * output buffer to output packet, including packet header and finished message
+ * outSz buffer size of output
+ * input buffer holding finished message
+ * hashOut
+ * return 0 on success, CRYPTOCB_UNAVAILABLE when TSIP can not handle,
+ * other negative values on error.
+ */
+WOLFSSL_LOCAL int tsip_Tls13SendFinished(
+ struct WOLFSSL* ssl,
+ byte* output,
+ int outSz,
+ const byte* input,
+ int hashOut)
+{
+ int ret = 0;
+ int finishedSz;
+ int headerSz = HANDSHAKE_HEADER_SZ;
+ int recordSz;
+
+ WOLFSSL_ENTER("tsip_Tls13SendFinished");
+
+ if (ssl == NULL || output == NULL || input == NULL || outSz == 0) {
+ ret = BAD_FUNC_ARG;
+ }
+
+ if (ret == 0) {
+ finishedSz = ssl->specs.hash_size;
+
+ ret = tsip_Tls13GetHmacMessages(ssl, (byte*)&input[headerSz]);
+ }
+
+ if (ret == 0) {
+ recordSz = WC_MAX_DIGEST_SIZE + DTLS_HANDSHAKE_HEADER_SZ + MAX_MSG_EXTRA;
+ /* check for available size */
+ ret = CheckAvailableSize(ssl, recordSz);
+ recordSz = 0;
+ }
+
+ if (ret == 0) {
+ recordSz = tsip_Tls13BuildMessage(ssl,
+ output, outSz,
+ input, headerSz + finishedSz,
+ handshake, hashOut);
+
+ if (recordSz > 0) {
+ ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
+ ssl->options.handShakeState = HANDSHAKE_DONE;
+ ssl->options.handShakeDone = 1;
+ ssl->buffers.outputBuffer.length += recordSz; /* advance length */
+
+ ret = SendBuffered(ssl);
+ }
+ else {
+ ret = recordSz;
+ }
+ }
+ WOLFSSL_LEAVE("tsip_Tls13SendFinished", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+static int tsipTls13GetPeerRSAPublicKeyIndex(struct WOLFSSL* ssl, uint8_t* key)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ TsipUserCtx* tuc = NULL;
+
+ WOLFSSL_ENTER("tsipTls13GetPeerRSAPublicKeyIndex");
+
+ if (ret == 0) {
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ err = R_TSIP_GenerateRsa2048PublicKeyIndex(
+ g_user_key_info.encrypted_provisioning_key,
+ g_user_key_info.iv,
+ key,
+ &(tuc->serverRsa2048PubKey13Idx));
+
+ if (err != TSIP_SUCCESS) {
+ ret = WC_HW_E;
+ }
+
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ WOLFSSL_LEAVE("tsipTls13GetPeerRSAPublicKeyIndex", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+static int tsipTls13GetPeerECCPublicKeyIndex(struct WOLFSSL* ssl, uint8_t* key)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ TsipUserCtx* tuc = NULL;
+
+ WOLFSSL_ENTER("tsipTls13GetPeerECCPublicKeyIndex");
+
+ if (ret == 0) {
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+
+ err = R_TSIP_GenerateEccP256PublicKeyIndex(
+ g_user_key_info.encrypted_provisioning_key,
+ g_user_key_info.iv,
+ key,
+ &(tuc->serverEccP256PubKey13Idx));
+
+ if (err != TSIP_SUCCESS) {
+ ret = WC_HW_E;
+ }
+
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ WOLFSSL_LEAVE("tsipTls13GetPeerECCPublicKeyIndex", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+/* Parse and handle a TLS v1.3 CertificateVerify message sent from a server.
+ *
+ * ssl WOLFSSL object
+ * input buffer holding certificate verify message
+ * inOutIdx On entry, the index into the message buffer of
+ * CertificateVerify.
+ * On exit, the index of byte after the CertificateVerify message.
+ * totalSz The length of the current handshake message.
+ * return 0 on success, CRYPTOCB_UNAVAILABLE when TSIP can not handle,
+ * other negative values on error.
+ */
+WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
+ const byte* input, word32* inOutIdx,
+ word32 totalSz)
+{
+ /* As of TSIP v1.15, R_TSIP_Tls13CertificateVerifyVerification can not
+ * handle peer's RSA key and also not accept encrypted peer's public key
+ * output from R_TSIP_TlsCertificateVerification.
+ * need to wait for next TSIP release.
+ *
+ * To retain code below until the future TSIP resolve this limitation and
+ * to cheat compilers the code is not dead, set CRYPTOCB_UNAVAILABLE
+ * to variable ret at the beginning of this function.
+ */
+ int ret = 0;
+ byte* sigData = NULL;
+ byte hiAlgo,loAlgo;
+ int isRsa = -1;
+ int messageSz;
+ word16 signatureLen;
+ word16 idx;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ TsipUserCtx* tuc = NULL;
+ tsip_rsa_byte_data_t signature;
+ tsip_rsa_byte_data_t message;
+
+ WOLFSSL_ENTER("tsip_Tls13CertificateVerify");
+
+ ret = CRYPTOCB_UNAVAILABLE;
+
+ if (ssl == NULL || input == NULL || inOutIdx == NULL) {
+ ret = BAD_FUNC_ARG;
+ }
+
+ if (ret == 0) {
+ /* parse certificate verify message to get hash-algo */
+ hiAlgo = *(input + *inOutIdx);
+ loAlgo = *(input + *inOutIdx + 1);
+
+ /* get signature length */
+ ato16(input + *inOutIdx + 2, &signatureLen);
+
+ /* tsip accept ecc_dsa or rsa_pss */
+ if (hiAlgo == NEW_SA_MAJOR && loAlgo == sha256_mac) {
+ WOLFSSL_MSG("Peer sent RSA sig");
+ isRsa = 1;
+ }
+ if (hiAlgo == 0x04 && loAlgo == ecc_dsa_sa_algo) {
+ WOLFSSL_MSG("Peer sent ECC sig");
+ isRsa = 0;
+ }
+ if ( isRsa == -1 ) {
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ WOLFSSL_MSG("TsipUserCtx is not set to ssl.");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ /* check if peer public key is stored */
+ if (ret == 0) {
+ if (ssl->peerSceTsipEncRsaKeyIndex == NULL) {
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ /* get the public key type and size of the peer */
+ if (ret == 0) {
+ if (isRsa) {
+ ret = tsipTls13GetPeerRSAPublicKeyIndex(ssl,
+ ssl->peerSceTsipEncRsaKeyIndex);
+ }
+ else {
+ ret = tsipTls13GetPeerECCPublicKeyIndex(ssl,
+ ssl->peerSceTsipEncRsaKeyIndex);
+ }
+ if (ret != 0) {
+ WOLFSSL_MSG("Failed to convert peer's public key to TSIP Key-idx");
+ }
+ }
+
+ if (ret == 0) {
+ /* create sign data */
+ sigData = tuc->sigDataCertVerify;
+
+ idx = 0;
+ ForceZero(sigData, sizeof(tuc->sigDataCertVerify));
+ XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
+ TSIP_SIGNING_DATA_PREFIX_SZ);
+
+ idx += TSIP_SIGNING_DATA_PREFIX_SZ;
+ XMEMCPY(&sigData[idx], serverCertVfyLabel, TSIP_CERT_VFY_LABEL_SZ);
+
+ idx += TSIP_CERT_VFY_LABEL_SZ;
+ ret = tsip_GetMessageSha256(ssl, &sigData[idx], &messageSz);
+ }
+
+ if (ret == 0) {
+ messageSz += idx; /* get sigData size */
+ signature.pdata = (uint8_t*)(input + *inOutIdx + 2);
+ signature.data_length = signatureLen;
+
+ message.pdata = sigData;
+ message.data_length = messageSz;
+ message.data_type = 0;
+ }
+
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+ if (isRsa) { /* verify with peer's RSA 2048bit public key */
+ err = R_TSIP_RsassaPkcs2048SignatureVerification(
+ &signature,
+ &message,
+ &(tuc->serverRsa2048PubKey13Idx),
+ R_TSIP_RSA_HASH_SHA256);
+
+ if (err != TSIP_SUCCESS) {
+ ret = WC_HW_E;
+ if (err == TSIP_ERR_AUTHENTICATION) {
+ WOLFSSL_MSG("Certificate Verification failed.");
+ }
+ }
+ }
+ else { /* verify with peer's ECC P256 public key */
+ err = R_TSIP_Tls13CertificateVerifyVerification(
+ (uint32_t*)&(tuc->serverEccP256PubKey13Idx),
+ TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
+ &sigData[idx],
+ (uint8_t*)(input + *inOutIdx),
+ totalSz);
+
+ if (err != TSIP_SUCCESS) {
+ ret = WC_HW_E;
+ if (err == TSIP_ERR_AUTHENTICATION) {
+ WOLFSSL_MSG("Certificate Verification failed.");
+ }
+ }
+ }
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ WOLFSSL_LEAVE("tsip_Tls13CertificateVerify", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+static int tsipImportPrivateKey(TsipUserCtx* tuc, const byte* encPrivKey,
+ int keyType)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+
+ WOLFSSL_ENTER("tsipImportPrivateKey");
+
+ if (tuc == NULL || encPrivKey == NULL)
+ return BAD_FUNC_ARG;
+
+ if ((ret = tsip_hw_lock()) == 0) {
+ switch(keyType) {
+ case TSIP_RSA2048:
+
+ tuc->ClientRsaPrivKey_set = 0;
+ err = R_TSIP_GenerateRsa2048PrivateKeyIndex(
+ g_user_key_info.encrypted_provisioning_key,
+ g_user_key_info.iv,
+ (uint8_t*)encPrivKey,
+ &(tuc->RsaPrivateKeyIdx));
+ if (err == TSIP_SUCCESS) {
+ tuc->ClientRsaPrivKey_set = 1;
+ }
+ else {
+ ret = WC_HW_E;
+ }
+ break;
+
+ case TSIP_RSA4096:
+ /* not supported as of TSIPv1.15 */
+ ret = NOT_COMPILED_IN;
+ break;
+
+ case TSIP_ECCP256:
+
+ tuc->ClientEccPrivKey_set = 0;
+ err = R_TSIP_GenerateEccP256PrivateKeyIndex(
+ g_user_key_info.encrypted_provisioning_key,
+ g_user_key_info.iv,
+ (uint8_t*)encPrivKey,
+ &(tuc->EcdsaPrivateKeyIdx));
+ if (err == TSIP_SUCCESS) {
+ tuc->ClientEccPrivKey_set = 1;
+ }
+ else {
+ ret = WC_HW_E;
+ }
+ break;
+
+ default:
+ ret = BAD_FUNC_ARG;
+ break;
+ }
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ WOLFSSL_LEAVE("tsipImportPrivateKey", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+#if defined(WOLFSSL_TLS13)
+/* Send the TLS v1.3 CertificateVerify message.
+ *
+ * limitation:
+ * this function returns CRYPTOCB_UNAVAILABLE when the RSA private key is used.
+ * Since, R_TSIP_Tls13CertificateVerifyVerification does not accept RSA private
+ * key as of TSIP v1.15.
+ */
+WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
+{
+ int ret = 0;
+ e_tsip_err_t err = TSIP_SUCCESS;
+ int isTLS13 = 0;
+ TsipUserCtx* tuc = NULL;
+ byte* output = NULL;
+ byte* message = NULL;
+ int isRsa = -1;
+ uint32_t messageSz,recordSz,hashSz;
+ byte* sigData = NULL;
+
+
+ WOLFSSL_ENTER("tsip_Tls13SendCertVerify");
+
+ if (ssl == NULL) {
+ ret = BAD_FUNC_ARG;
+ }
+
+ if (ret == 0) {
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR)
+ isTLS13 = 1;
+
+ /* TSIP works only in TLS13 client side */
+ if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* get user context for TSIP */
+ tuc = ssl->RenesasUserCtx;
+ if (tuc == NULL) {
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ if (ret == 0) {
+ /* check if private key index has been set. if not, import from
+ * g_user_key_info.encrypted_user_private_key
+ */
+ if (!tuc->ClientRsaPrivKey_set && !tuc->ClientEccPrivKey_set) {
+ if (g_user_key_info.encrypted_user_private_key) {
+ ret = tsipImportPrivateKey(tuc,
+ g_user_key_info.encrypted_user_private_key,
+ g_user_key_info.encrypted_user_private_key_type);
+ }
+ else {
+ WOLFSSL_MSG("Private key is not set for client authentication");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+ }
+
+ if (ret == 0) {
+ if (tuc->ClientRsaPrivKey_set) {
+ isRsa = 1;
+ }
+ else if (tuc->ClientEccPrivKey_set) {
+ isRsa = 0;
+ }
+
+ if (isRsa == -1) {
+ WOLFSSL_MSG("Private key is not set for client authentication");
+ ret = CRYPTOCB_UNAVAILABLE;
+ }
+ }
+
+ /* create sign data */
+ if (ret == 0) {
+ sigData = tuc->sigDataCertVerify;
+
+ ForceZero(sigData, sizeof(tuc->sigDataCertVerify));
+
+ ret = tsip_GetMessageSha256(ssl, sigData, (int*)&hashSz);
+ }
+
+ if (ret == 0) {
+ recordSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA * 2;
+ /* check for available size */
+ ret = CheckAvailableSize(ssl, recordSz);
+ recordSz = 0;
+ }
+
+ /* perform signature */
+ if (ret == 0) {
+
+ /* get output buffer for record header */
+ output = ssl->buffers.outputBuffer.buffer +
+ ssl->buffers.outputBuffer.length;
+
+ /* buffer for message header */
+ message = output + RECORD_HEADER_SZ;
+
+ }
+
+ /* generate signature */
+ if (ret == 0) {
+ if ((ret = tsip_hw_lock()) == 0) {
+ if (isRsa) {
+
+ /* as of TSIP v1.15, RSA private key */
+ ret = CRYPTOCB_UNAVAILABLE;
+
+ }
+ else {
+ /* R_TSIP_Tls13CertificateVerifyGenerate outputs message body */
+ err = R_TSIP_Tls13CertificateVerifyGenerate(
+ (uint32_t*)&(tuc->EcdsaPrivateKeyIdx),
+ TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
+ sigData,
+ message + HANDSHAKE_HEADER_SZ,
+ &messageSz);
+ }
+ if (err != TSIP_SUCCESS) {
+ WOLFSSL_MSG("failed to make certificate verify message");
+ ret = WC_HW_E;
+ }
+ tsip_hw_unlock();
+ }
+ else {
+ WOLFSSL_MSG("mutex locking error");
+ }
+ }
+
+ /* create message header */
+ if (ret == 0) {
+
+ ((HandShakeHeader*)message)->type = certificate_verify;
+
+ c32to24(messageSz, ((HandShakeHeader*)message)->length);
+
+ recordSz = tsip_Tls13BuildMessage(ssl, output, 0, message,
+ messageSz + HANDSHAKE_HEADER_SZ,
+ handshake, 1);
+
+ if (recordSz > 0) {
+ ssl->buffers.outputBuffer.length += recordSz;
+ ret = SendBuffered(ssl);
+ }
+ else {
+ ret = recordSz;
+ }
+ }
+
+ WOLFSSL_LEAVE("tsip_Tls13SendCertVerify", ret);
+ return ret;
+}
+#endif /* WOLFSSL_TLS13 */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109)
@@ -171,7 +1940,7 @@ static int tsip_ServerKeyExVerify(
byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
byte* peerkey = NULL;
word32 qxLen = sizeof(qx), qyLen = sizeof(qy);
- TsipUserCtx* userCtx;
+ TsipUserCtx* userCtx = NULL;
WOLFSSL_ENTER("tsip_ServerKeyExVerify");
@@ -199,7 +1968,7 @@ static int tsip_ServerKeyExVerify(
return WOLFSSL_FAILURE;
}
- XMEMSET(peerkey, 0, (3 + 1 + qxLen + qyLen));
+ ForceZero(peerkey, (3 + 1 + qxLen + qyLen));
peerkey[3] = ECC_POINT_UNCOMP;
XMEMCPY(&peerkey[4], qx, qxLen);
XMEMCPY(&peerkey[4+qxLen], qy, qyLen);
@@ -271,7 +2040,7 @@ int wc_tsip_EccVerify(
{
int ret = WOLFSSL_FAILURE;
uint8_t* sigforSCE = NULL;
- uint8_t* pSig;
+ uint8_t* pSig = NULL;
const byte rs_size = R_TSIP_ECDSA_DATA_BYTE_SIZE/2;
byte offset = 0x3;
@@ -284,7 +2053,14 @@ int wc_tsip_EccVerify(
return CRYPTOCB_UNAVAILABLE;
}
- sigforSCE = (uint8_t*)XMALLOC(R_TSIP_ECDSA_DATA_BYTE_SIZE, NULL,
+ /* in TLS1.3 */
+ if (ssl->version.major == SSLv3_MAJOR &&
+ ssl->version.minor == TLSv1_3_MINOR) {
+ WOLFSSL_LEAVE("wc_tsip_EccVerify", CRYPTOCB_UNAVAILABLE);
+ return CRYPTOCB_UNAVAILABLE;
+ }
+
+ sigforSCE = (uint8_t*)XMALLOC(R_TSIP_ECDSA_DATA_BYTE_SIZE, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (sigforSCE == NULL) {
@@ -412,6 +2188,19 @@ WOLFSSL_API void tsip_set_callbacks(struct WOLFSSL_CTX* ctx)
wolfSSL_CTX_SetVerifyMacCb(ctx, (CallbackVerifyMac)Renesas_cmn_VerifyHmac);
#endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
+ /* Set ssl-> options.sendVerify to SEND_CERT by the following two
+ * registrations. This will allow the client certificate to be sent to
+ * the server even if the private key is empty. The two callbacks do
+ * virtually nothing.
+ */
+ #ifdef WOLFSSL_TLS13
+ #ifdef HAVE_ECC
+ wolfSSL_CTX_SetEccSignCb(ctx, Renesas_cmn_EccSignCb);
+ #endif
+ #ifndef NO_RSA
+ wolfSSL_CTX_SetRsaSignCb(ctx, Renesas_cmn_RsaSignCb);
+ #endif
+ #endif /* WOLFSSL_TLS13 */
/* set heap-hint to tsip_heap_hint so that tsip sha funcs can refer it */
if (ctx->heap != NULL) {
@@ -430,7 +2219,13 @@ WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx)
WOLFSSL_LEAVE("tsip_set_callback_ctx", 0);
return 0;
}
- XMEMSET(uCtx, 0, sizeof(TsipUserCtx));
+ ForceZero(uCtx, sizeof(TsipUserCtx));
+ uCtx->ssl = ssl;
+ uCtx->ctx = ssl->ctx;
+ uCtx->heap = ssl->heap;
+ uCtx->side = ssl->ctx->method->side;
+
+ ssl->RenesasUserCtx = user_ctx; /* ssl doesn't own user_ctx */
wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
wolfSSL_SetRsaEncCtx(ssl, user_ctx);
@@ -574,7 +2369,7 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated)
cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA256 ||
cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA ||
cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA256))
- #if (WOLFSSL_RENESAS_TSIP_VER >= TSIP109)
+ #if (WOLFSSL_RENESAS_TSIP_VER >= 109)
||
(cipher0 == ECC_BYTE &&
(cipher == l_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ||
@@ -582,6 +2377,12 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated)
cipher == l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ||
cipher == l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256))
#endif
+ #if (WOLFSSL_RENESAS_TSIP_VER >= 114)
+ ||
+ (cipher0 == TLS13_BYTE &&
+ (cipher == l_TLS_AES_128_GCM_SHA256 ||
+ cipher == l_TLS_AES_128_CCM_SHA256))
+ #endif
) {
WOLFSSL_MSG("supported cipher suite");
}
@@ -735,6 +2536,7 @@ void tsip_inform_user_keys_ex(
word32 encrypted_user_tls_key_type)
{
WOLFSSL_ENTER("tsip_inform_user_keys_ex");
+ ForceZero(&g_user_key_info, sizeof(g_user_key_info));
g_user_key_info.encrypted_provisioning_key = NULL;
g_user_key_info.iv = NULL;
@@ -1095,7 +2897,7 @@ int wc_tsip_generateSessionKey(
return MEMORY_E;
}
- XMEMSET(enc->aes, 0, sizeof(Aes));
+ ForceZero(enc->aes, sizeof(Aes));
}
if (dec) {
if (dec->aes == NULL) {
@@ -1109,7 +2911,7 @@ int wc_tsip_generateSessionKey(
}
}
- XMEMSET(dec->aes, 0, sizeof(Aes));
+ ForceZero(dec->aes, sizeof(Aes));
}
/* copy key index into aes */
@@ -1368,7 +3170,7 @@ int wc_tsip_tls_CertVerify(
{
int ret;
uint8_t *sigforSCE = NULL;
- uint8_t *pSig;
+ uint8_t *pSig = NULL;
const byte rs_size = 0x20;
byte offset = 0x3;
@@ -1396,7 +3198,7 @@ int wc_tsip_tls_CertVerify(
return MEMORY_E;
}
/* initialization */
- XMEMSET(sigforSCE, 0, R_TSIP_ECDSA_DATA_BYTE_SIZE);
+ ForceZero(sigforSCE, R_TSIP_ECDSA_DATA_BYTE_SIZE);
if (signature[offset] == 0x20) {
XMEMCPY(sigforSCE, &signature[offset+1], rs_size);
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 8103dbc04..941ea69ac 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -4525,6 +4525,7 @@ struct WOLFSSL {
#ifndef NO_RSA
RsaKey* peerRsaKey;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
+ void* RenesasUserCtx;
byte* peerSceTsipEncRsaKeyIndex;
#endif
byte peerRsaKeyPresent;
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
index 0ecc37b26..8577fd95e 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
@@ -1,6 +1,6 @@
/* renesas-tsip-crypt.h
*
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -66,13 +66,18 @@ enum {
l_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
+ l_TLS_AES_128_GCM_SHA256 = 0x01,
+ l_TLS_AES_128_CCM_SHA256 = 0x04,
};
enum {
- ENCRYPTED_ECDHE_PUBKEY_SZ = 96,
- ECCP256_PUBKEY_SZ = 64,
- TSIP_TLS_CLIENTRANDOM_SZ = 32,
- TSIP_TLS_SERVERRANDOM_SZ = 32,
+ ENCRYPTED_ECDHE_PUBKEY_SZ = 96,
+ ECCP256_PUBKEY_SZ = 64,
+ TSIP_TLS_CLIENTRANDOM_SZ = 32,
+ TSIP_TLS_SERVERRANDOM_SZ = 32,
+ TSIP_TLS_VERIFY_DATA_WD_SZ = 8,
+ TSIP_TLS_MAX_SIGDATA_SZ = 130,
+ TSIP_TEMP_WORK_SIZE = 128,
};
#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \
@@ -83,6 +88,12 @@ typedef enum {
TSIP_SHA256 = 1,
} TSIP_SHA_TYPE;
+typedef enum {
+ TSIP_RSA2048,
+ TSIP_RSA4096,
+ TSIP_ECCP256,
+} TSIP_KEY_TYPE;
+
typedef struct {
byte* msg;
void* heap;
@@ -114,14 +125,118 @@ typedef wolfssl_TSIP_Hash wc_Sha;
} TSIP_AES_CTX;
#endif
+struct WOLFSSL;
+struct KeyShareEntry;
+
+/* MsgBag stands for message bag and acts as a buffer for holding plain text
+ * handshake messages exchanged between client and server.
+ * MsgBag was introduced as a workaround for the TSIP's limitation that TSIP
+ * can not process multiple hash algorithms at the same time. If the
+ * limitation is resolved in a future TSIP, MsgBag should be removed.
+ * The contents in this MsgBag is used for transcript hashing. The hash value
+ * is used for the key derivation and Finished-message.
+ * The capacity of the MsgBag is defined as MSGBAG_SIZE and the actual
+ * size is 8KB. The size should be large enough to hold all the handshake
+ * messages including the server and client certificate messages.
+ */
+#define MSGBAG_SIZE (1024 * 8)
+#define MAX_MSGBAG_MESSAGES 10
+typedef struct MsgBag
+{
+ int msgIdx;
+ int buffIdx;
+ byte msgTypes[MAX_MSGBAG_MESSAGES];
+ byte buff[MSGBAG_SIZE];
+} MsgBag;
/*
- * structure for ECDH key exchange
+ * TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format.
*/
typedef struct TsipUserCtx {
/* unique number for each session */
int devId;
+
+ /* 0:working as a TLS client, 1: as a server */
+ byte side;
+
+ /* public key index for verification of RootCA cert */
+ uint32_t user_key_id;
+
+ /* WOLFSSL object associated with */
+ struct WOLFSSL* ssl;
+ struct WOLFSSL_CTX* ctx;
+
+ /* HEAP_HINT */
+ void* heap;
+
+#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
+ /* TLSv1.3 handshake related members, mainly keys */
+
+ /* handle is used as work area for Tls13 handshake */
+ tsip_tls13_handle_t handle13;
+
+ /* RSA-2048bit private key-index for client authentication */
+ tsip_rsa2048_private_key_index_t RsaPrivateKeyIdx;
+
+ /* ECC P256 private key-index for client authentication */
+ tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx;
+
+ /* ECDHE private key index for Tls13 handshake */
+ tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx;
+
+ /* ECDHE pre-master secret */
+ tsip_tls13_ephemeral_shared_secret_key_index_t sharedSecret13Idx;
+
+ /* Handshake secret for Tls13 handshake */
+ tsip_tls13_ephemeral_handshake_secret_key_index_t handshakeSecret13Idx;
+
+ /* the key to decrypt server-finished message */
+ tsip_tls13_ephemeral_server_finished_key_index_t serverFinished13Idx;
+
+ /* key for Sha256-Hmac to gen "Client Finished" */
+ tsip_hmac_sha_key_index_t clientFinished13Idx;
+
+ /* AES decryption key for handshake */
+ tsip_aes_key_index_t serverWriteKey13Idx;
+
+ /* AES encryption key for handshake */
+ tsip_aes_key_index_t clientWriteKey13Idx;
+
+ /* Handshake verified data used for master secret */
+ word32 verifyData13Idx[TSIP_TLS_VERIFY_DATA_WD_SZ];
+
+ /* master secret for TLS1.3 */
+ tsip_tls13_ephemeral_master_secret_key_index_t masterSecret13Idx;
+
+ /* server app traffic secret */
+ tsip_tls13_ephemeral_app_secret_key_index_t serverAppTraffic13Secret;
+
+ /* client app traffic secret */
+ tsip_tls13_ephemeral_app_secret_key_index_t clientAppTraffic13Secret;
+
+ /* server write key */
+ tsip_aes_key_index_t serverAppWriteKey13Idx;
+
+ /* client write key */
+ tsip_aes_key_index_t clientAppWriteKey13Idx;
+
+ /* hash handle for transcript hash of handshake messages */
+ tsip_hmac_sha_handle_t hmacFinished13Handle;
+
+ /* storage for handshake messages */
+ MsgBag messageBag;
+
+ /* signature data area for TLS1.3 CertificateVerify message */
+ byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
+
+ /* peer's Rsa 2046 bit public key index for CertificateVerify message */
+ tsip_rsa2048_public_key_index_t serverRsa2048PubKey13Idx;
+
+ /* peer's Ecc P256 public key index for CertificateVerify message */
+ tsip_ecc_public_key_index_t serverEccP256PubKey13Idx;
+
+#endif /* WOLFSSL_RENESAS_TSIP_VER >=115 */
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
@@ -149,12 +264,29 @@ typedef struct TsipUserCtx {
uint32_t tsip_cipher;
/* flags */
- uint8_t pk_key_set:1;
+ uint8_t ClientRsaPrivKey_set:1;
+ uint8_t ClientEccPrivKey_set:1;
+ uint8_t HmacInitialized:1;
+ uint8_t RootCAverified:1;
+ uint8_t EcdsaPrivKey_set:1;
+ uint8_t Dhe_key_set:1;
+ uint8_t SharedSecret_set:1;
+ uint8_t EarlySecret_set:1;
+ uint8_t HandshakeSecret_set:1;
+ uint8_t HandshakeClientTrafficKey_set:1;
+ uint8_t HandshakeServerTrafficKey_set:1;
+ uint8_t HandshakeVerifiedData_set:1;
+ uint8_t MasterSecret_set:1;
+ uint8_t ServerTrafficSecret_set:1;
+ uint8_t ClientTrafficSecret_set:1;
+ uint8_t ServerWriteTrafficKey_set:1;
+ uint8_t ClientWriteTrafficKey_set:1;
uint8_t session_key_set:1;
} TsipUserCtx;
+typedef TsipUserCtx RenesasUserCtx;
typedef TsipUserCtx user_PKCbInfo;
typedef struct
@@ -171,6 +303,9 @@ typedef struct
uint8_t * iv;
uint8_t * encrypted_user_tls_key;
uint32_t encrypted_user_tls_key_type;
+ uint8_t * encrypted_user_private_key;
+ uint32_t encrypted_user_private_key_type;
+ tsip_ecc_private_key_index_t client_private_key_index;
tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex;
} tsip_key_data;
@@ -188,6 +323,7 @@ typedef struct
struct Aes;
struct WOLFSSL;
struct WOLFSSL_CTX;
+struct wc_CryptoInfo;
/*----------------------------------------------------*/
/* APIs */
/*----------------------------------------------------*/
@@ -198,7 +334,7 @@ WOLFSSL_API void tsip_set_callbacks(struct WOLFSSL_CTX* ctx);
WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx);
-
+WOLFSSL_API int tsip_set_clientPrivateKeyEnc(const byte* key, int keyType);
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
@@ -222,10 +358,79 @@ WOLFSSL_API void tsip_inform_user_keys(
/*----------------------------------------------------*/
/* internal use functions */
/*----------------------------------------------------*/
+#if (WOLFSSL_RENESAS_TSIP_VER >=115)
+#ifdef WOLF_CRYPTO_CB
+
+struct wc_CryptoInfo;
+
+WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl);
+
+WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
+ int sz);
+
+WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
+ int* sz);
+
+WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac);
+
+WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(struct WOLFSSL* ssl,
+ struct KeyShareEntry* kse);
+
+WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
+ struct KeyShareEntry* kse);
+
+WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl);
+
+WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl);
+
+WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl,
+ int keyType, int side);
+
+WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl);
+
+WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeTrafficKeys(struct WOLFSSL* ssl);
+
+WOLFSSL_LOCAL int tsip_Tls13HandleFinished(struct WOLFSSL* ssl,
+ const byte* input,
+ word32* inOutIdx,
+ word32 size,
+ word32 totalSz);
+
+WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl,
+ byte* output, int outSz,
+ const byte* input, int inSz,
+ int type,
+ int hashOutput);
+
+WOLFSSL_LOCAL int tsip_Tls13SendFinished(struct WOLFSSL* ssl,
+ byte* output,
+ int outSz,
+ const byte* input,
+ int hashOutput);
+
+WOLFSSL_LOCAL int tsip_Tls13VerifyHandshake(struct WOLFSSL* ssl,
+ const byte* input, byte* hash,
+ word32* pHashSz);
+
+WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(struct WOLFSSL* ssl,
+ byte* output, const byte* input, word16 sz);
+
+WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(struct WOLFSSL* ssl,
+ byte* output, const byte* input, word16 sz);
+
+WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
+ const byte* input, word32* inOutIdx,
+ word32 totalSz);
+
+WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(struct WOLFSSL*ssl);
+
+#endif /* WOLF_CRYPTO_CB */
+#endif /* WOLFSSL_RENESAS_TSIP_VER >=115 */
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
-
+WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, struct wc_CryptoInfo* info,
+ void* ctx);
WOLFSSL_LOCAL int wc_tsip_generateMasterSecretEx(
byte cipherSuiteFirst,
byte cipherSuite,
@@ -242,7 +447,7 @@ WOLFSSL_LOCAL int wc_tsip_generateMasterSecret(
const byte *sr,
byte *ms);
-#endif
+#endif /* WOLFSSL_RENESAS_TSIP_VER */
WOLFSSL_LOCAL int wc_tsip_storeKeyCtx(
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
index e8de95ca6..aae34281f 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
@@ -25,6 +25,16 @@
#include
/* Common Callbacks */
+WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl,
+ const unsigned char* in, unsigned int inSz,
+ unsigned char* out, word32* outSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
+WOLFSSL_LOCAL int Renesas_cmn_EccSignCb(WOLFSSL* ssl,
+ const unsigned char* in, unsigned int inSz,
+ unsigned char* out, word32* outSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(WOLFSSL* ssl, void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl,
byte *premaster, word32 preSz, void* ctx);
@@ -55,5 +65,6 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id);
int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
word32 key_n_start, word32 key_n_len, word32 key_e_start,
word32 key_e_len, word32 cm_row);
+WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl);
WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx);
#endif /* __RENESAS_CMN_H__ */