feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fixed RX TSIP RSA key creation to populate the RsaKey public material.

Browse Source 
Fixed issue with brace when using `WOLF_CRYPTO_CB_ONLY_RSA`.
Fixed mixed declaration in `wc_RsaFunction_ex`.
Fixed missing SetMyVersion with for RSA key gen with old ASN and no PKCS12.
Added gating on RSA 1024/2048 RX TSIP build macros.
This commit is contained in:
David Garske
2025-04-03 14:13:42 -07:00
parent 099eaf582c
commit e37dc29c1c
7 changed files with 160 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.wolfssl_known_macro_extras
View File

@ -485,6 +485,8 @@ THREADED_SNIFFTEST
TIME_T_NOT_LONG TIME_T_NOT_LONG
TI_DUMMY_BUILD TI_DUMMY_BUILD
TLS13_RSA_PSS_SIGN_CB_NO_PREHASH TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
TSIP_RSAES_1024
TSIP_RSAES_2048
UNICODE UNICODE
USER_CA_CB USER_CA_CB
USER_CUSTOM_SNIFFX USER_CUSTOM_SNIFFX

3
wolfcrypt/src/asn.c
View File

@ -25447,7 +25447,8 @@ int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
#endif /* !NO_CERTS */ #endif /* !NO_CERTS */
#if defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS12) || \ #if defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS12) || \
(defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)) (defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)) || \
(!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
int SetMyVersion(word32 version, byte* output, int header) int SetMyVersion(word32 version, byte* output, int header)
{ {
int i = 0; int i = 0;

28
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -255,6 +255,34 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
if (ret == 0) {
TsipUserCtx* tsipCtx = (TsipUserCtx*)ctx;
RsaKey* key = info->pk.rsakg.key;
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
if (info->pk.rsakg.size == 1024) {
/* export generated public key to the RsaKey structure */
ret = wc_RsaPublicKeyDecodeRaw(
tsipCtx->rsa1024pub_keyIdx->value.key_n,
R_TSIP_RSA_1024_KEY_N_LENGTH_BYTE_SIZE,
tsipCtx->rsa1024pub_keyIdx->value.key_e,
R_TSIP_RSA_1024_KEY_E_LENGTH_BYTE_SIZE,
key
);
}
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
if (info->pk.rsakg.size == 2048) {
/* export generated public key to the RsaKey structure */
ret = wc_RsaPublicKeyDecodeRaw(
tsipCtx->rsa2048pub_keyIdx->value.key_n,
R_TSIP_RSA_2048_KEY_N_LENGTH_BYTE_SIZE,
tsipCtx->rsa2048pub_keyIdx->value.key_e,
R_TSIP_RSA_2048_KEY_E_LENGTH_BYTE_SIZE,
key
);
}
#endif
}
} }
#endif #endif
/* tsip only supports PKCSV15 padding scheme */ /* tsip only supports PKCSV15 padding scheme */

148
wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
View File

@ -1,4 +1,4 @@
/* renesas_sce_rsa.c /* renesas_tsip_rsa.c
* *
* Copyright (C) 2006-2025 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
@ -38,7 +38,13 @@
#include <wolfssl/wolfcrypt/rsa.h> #include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY /* Make sure at least RSA 1024 or RSA 2048 is enabled */
#if (defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 0) && \
(defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 0)
#error Please enable TSIP RSA 1024 or 2048. \
This code assumes at least one is enabled
#endif
/* Make RSA key for TSIP and set it to callback ctx /* Make RSA key for TSIP and set it to callback ctx
* Assumes to be called by Crypt Callback * Assumes to be called by Crypt Callback
* *
@ -50,63 +56,84 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
{ {
e_tsip_err_t ret; e_tsip_err_t ret;
TsipUserCtx *info = (TsipUserCtx*)ctx; TsipUserCtx *info = (TsipUserCtx*)ctx;
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
tsip_rsa1024_key_pair_index_t *tsip_pair1024_key = NULL; tsip_rsa1024_key_pair_index_t *tsip_pair1024_key = NULL;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
tsip_rsa2048_key_pair_index_t *tsip_pair2048_key = NULL; tsip_rsa2048_key_pair_index_t *tsip_pair2048_key = NULL;
#endif
/* sanity check */ /* sanity check */
if (ctx == NULL) if (ctx == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (size != 1024 && size != 2048) { if (size != 1024 && size != 2048) {
WOLFSSL_MSG("Failed to generate key pair by TSIP"); WOLFSSL_MSG("TSIP RSA KeyGen bit size not supported");
return CRYPTOCB_UNAVAILABLE; return CRYPTOCB_UNAVAILABLE;
} }
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 0
if (size == 1024)
return CRYPTOCB_UNAVAILABLE;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 0
if (size == 2048)
return CRYPTOCB_UNAVAILABLE;
#endif
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
if (size == 1024) { if (size == 1024) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
tsip_pair1024_key = tsip_pair1024_key =
(tsip_rsa1024_key_pair_index_t*)XMALLOC( (tsip_rsa1024_key_pair_index_t*)XMALLOC(
sizeof(tsip_rsa1024_key_pair_index_t), NULL, sizeof(tsip_rsa1024_key_pair_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
if (tsip_pair1024_key == NULL) if (tsip_pair1024_key == NULL) {
tsip_hw_unlock();
return MEMORY_E; return MEMORY_E;
}
ret = R_TSIP_GenerateRsa1024RandomKeyIndex(tsip_pair1024_key); ret = R_TSIP_GenerateRsa1024RandomKeyIndex(tsip_pair1024_key);
#endif
} }
else if (size == 2048) { else if (size == 2048) {
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
tsip_pair2048_key = tsip_pair2048_key =
(tsip_rsa2048_key_pair_index_t*)XMALLOC( (tsip_rsa2048_key_pair_index_t*)XMALLOC(
sizeof(tsip_rsa2048_key_pair_index_t), NULL, sizeof(tsip_rsa2048_key_pair_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
if (tsip_pair2048_key == NULL) if (tsip_pair2048_key == NULL) {
tsip_hw_unlock();
return MEMORY_E; return MEMORY_E;
}
ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key); ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key);
#endif
} }
if (ret == TSIP_SUCCESS) { if (ret == TSIP_SUCCESS) {
if (size == 1024) { if (size == 1024) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
info->rsa1024pri_keyIdx = info->rsa1024pri_keyIdx =
(tsip_rsa1024_private_key_index_t*)XMALLOC( (tsip_rsa1024_private_key_index_t*)XMALLOC(
sizeof(tsip_rsa1024_private_key_index_t), NULL, sizeof(tsip_rsa1024_private_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa1024pri_keyIdx == NULL) { if (info->rsa1024pri_keyIdx == NULL) {
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
tsip_hw_unlock();
return MEMORY_E; return MEMORY_E;
} }
info->rsa1024pub_keyIdx = info->rsa1024pub_keyIdx =
(tsip_rsa1024_public_key_index_t*)XMALLOC( (tsip_rsa1024_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa1024_public_key_index_t), NULL, sizeof(tsip_rsa1024_public_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa1024pub_keyIdx == NULL) { if (info->rsa1024pub_keyIdx == NULL) {
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
tsip_hw_unlock();
return MEMORY_E; return MEMORY_E;
} }
/* copy generated key pair and free malloced key */ /* copy generated key pair and free malloced key */
@ -121,17 +148,21 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
info->keyflgs_crypt.bits.rsapri1024_key_set = 1; info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
info->keyflgs_crypt.bits.rsapub1024_key_set = 1; info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024; info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
#endif
} }
else if (size == 2048) { else if (size == 2048) {
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(info->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
info->rsa2048pri_keyIdx = info->rsa2048pri_keyIdx =
(tsip_rsa2048_private_key_index_t*)XMALLOC( (tsip_rsa2048_private_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_private_key_index_t), NULL, sizeof(tsip_rsa2048_private_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa2048pri_keyIdx == NULL) { if (info->rsa2048pri_keyIdx == NULL) {
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
tsip_hw_unlock();
return MEMORY_E; return MEMORY_E;
} }
@ -144,6 +175,7 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa2048pri_keyIdx, NULL, XFREE(info->rsa2048pri_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
tsip_hw_unlock();
return MEMORY_E; return MEMORY_E;
} }
@ -159,15 +191,15 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
info->keyflgs_crypt.bits.rsapri2048_key_set = 1; info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
info->keyflgs_crypt.bits.rsapub2048_key_set = 1; info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048; info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
#endif
} }
} }
tsip_hw_unlock(); tsip_hw_unlock();
} }
return 0; return 0;
} }
/* Generate TSIP key index if needed /* Generate TSIP key index if needed
* *
* tuc struct pointer of TsipUserCtx * tuc struct pointer of TsipUserCtx
@ -178,6 +210,7 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc)
int ret = 0; int ret = 0;
switch (tuc->wrappedKeyType) { switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024: case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) { if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType); ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
@ -188,6 +221,8 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc)
} }
break; break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) { if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType); ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
@ -197,6 +232,7 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc)
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
break; break;
#endif
default: default:
WOLFSSL_MSG("wrapped private key is not supported"); WOLFSSL_MSG("wrapped private key is not supported");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
@ -220,7 +256,6 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
int type; int type;
tsip_rsa_byte_data_t plain, cipher; tsip_rsa_byte_data_t plain, cipher;
if (info == NULL || tuc == NULL) { if (info == NULL || tuc == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@ -230,48 +265,57 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
keySize = (int)tuc->wrappedKeyType; keySize = (int)tuc->wrappedKeyType;
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) { if (type == RSA_PUBLIC_ENCRYPT ||
type == RSA_PUBLIC_DECRYPT)
{
plain.pdata = (uint8_t*)info->pk.rsa.in; plain.pdata = (uint8_t*)info->pk.rsa.in;
plain.data_length = info->pk.rsa.inLen; plain.data_length = info->pk.rsa.inLen;
cipher.pdata = (uint8_t*)info->pk.rsa.out; cipher.pdata = (uint8_t*)info->pk.rsa.out;
cipher.data_length = *(info->pk.rsa.outLen); cipher.data_length = *(info->pk.rsa.outLen);
if (keySize == TSIP_KEY_TYPE_RSA1024) { switch (keySize) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher, ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,
tuc->rsa1024pub_keyIdx); tuc->rsa1024pub_keyIdx);
} break;
else if (keySize == TSIP_KEY_TYPE_RSA2048) { #endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher, ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher,
tuc->rsa2048pub_keyIdx); tuc->rsa2048pub_keyIdx);
} break;
else { #endif
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, " default:
"1024 or 2048 bits."); ret = CRYPTOCB_UNAVAILABLE;
return BAD_FUNC_ARG;
} }
if (ret == 0) { if (ret == 0) {
*(info->pk.rsa.outLen) = cipher.data_length; *(info->pk.rsa.outLen) = cipher.data_length;
} }
} }
else if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) else if (type == RSA_PRIVATE_DECRYPT ||
type == RSA_PRIVATE_ENCRYPT)
{ {
plain.pdata = (uint8_t*)info->pk.rsa.out; plain.pdata = (uint8_t*)info->pk.rsa.out;
plain.data_length = *(info->pk.rsa.outLen); plain.data_length = *(info->pk.rsa.outLen);
cipher.pdata = (uint8_t*)info->pk.rsa.in; cipher.pdata = (uint8_t*)info->pk.rsa.in;
cipher.data_length = info->pk.rsa.inLen; cipher.data_length = info->pk.rsa.inLen;
if (keySize == TSIP_KEY_TYPE_RSA1024) { switch (keySize) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain, ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain,
tuc->rsa1024pri_keyIdx); tuc->rsa1024pri_keyIdx);
} break;
else if (keySize == TSIP_KEY_TYPE_RSA2048) { #endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain, ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain,
tuc->rsa2048pri_keyIdx); tuc->rsa2048pri_keyIdx);
} break;
else { #endif
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, " default:
"1024 or 2048 bits."); ret = CRYPTOCB_UNAVAILABLE;
return BAD_FUNC_ARG;
} }
if (ret == 0) { if (ret == 0) {
*(info->pk.rsa.outLen) = plain.data_length; *(info->pk.rsa.outLen) = plain.data_length;
@ -280,6 +324,10 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
tsip_hw_unlock(); tsip_hw_unlock();
} }
} }
if (ret != 0) {
WOLFSSL_MSG("RSA key size is not supported (only 1024 or 2048 bits)");
}
return ret; return ret;
} }
/* Perform Rsa verify by TSIP /* Perform Rsa verify by TSIP
@ -324,6 +372,7 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) { switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024: case TSIP_KEY_TYPE_RSA1024:
err = R_TSIP_RsassaPkcs1024SignatureVerification(&sigData, err = R_TSIP_RsassaPkcs1024SignatureVerification(&sigData,
&hashData, &hashData,
@ -340,6 +389,8 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = WC_HW_E; ret = WC_HW_E;
} }
break; break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureVerification(&sigData, err = R_TSIP_RsassaPkcs2048SignatureVerification(&sigData,
&hashData, &hashData,
@ -356,6 +407,9 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = WC_HW_E; ret = WC_HW_E;
} }
break; break;
#endif
default:
ret = CRYPTOCB_UNAVAILABLE;
} }
tsip_hw_unlock(); tsip_hw_unlock();
} }
@ -363,6 +417,4 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
return ret; return ret;
} }
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ #endif /* !NO_RSA && WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#endif /* WOLFSSL_RENESAS_TSIP_TLS || \
WOLFSSL_RENESAS_TSIP_CRYPTONLY */

19
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@ -2425,6 +2425,7 @@ WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
switch (keyType) { switch (keyType) {
#if !defined(NO_RSA) #if !defined(NO_RSA)
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientRsa2048PubKey_set = 0; tuc->ClientRsa2048PubKey_set = 0;
@ -2458,7 +2459,7 @@ WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
ret = WC_HW_E; ret = WC_HW_E;
} }
break; break;
#endif /* TSIP_RSAES_2048 */
case TSIP_KEY_TYPE_RSA4096: case TSIP_KEY_TYPE_RSA4096:
/* not supported as of TSIPv1.15 */ /* not supported as of TSIPv1.15 */
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
@ -3705,18 +3706,22 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
} }
switch (tuc->wrappedKeyType) { switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024: case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) { if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) {
WOLFSSL_MSG("tsip rsa private key 1024 not set"); WOLFSSL_MSG("tsip rsa private key 1024 not set");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
break; break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) { if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) {
WOLFSSL_MSG("tsip rsa private key 2048 not set"); WOLFSSL_MSG("tsip rsa private key 2048 not set");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
break; break;
#endif
default: default:
WOLFSSL_MSG("wrapped private key is not supported"); WOLFSSL_MSG("wrapped private key is not supported");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
@ -3739,7 +3744,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
#endif #endif
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) { switch (tuc->wrappedKeyType) {
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY #if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024: case TSIP_KEY_TYPE_RSA1024:
err = R_TSIP_RsassaPkcs1024SignatureGenerate( err = R_TSIP_RsassaPkcs1024SignatureGenerate(
&hashData, &sigData, &hashData, &sigData,
@ -3751,7 +3756,8 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = WC_HW_E; ret = WC_HW_E;
} }
break; break;
#endif #endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureGenerate( err = R_TSIP_RsassaPkcs2048SignatureGenerate(
&hashData, &sigData, &hashData, &sigData,
@ -3766,8 +3772,9 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
ret = WC_HW_E; ret = WC_HW_E;
} }
*(info->pk.rsa.outLen) = sigData.data_length;
break; break;
#endif
case TSIP_KEY_TYPE_RSA4096: case TSIP_KEY_TYPE_RSA4096:
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
break; break;
@ -3848,7 +3855,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) { switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
sigData.data_length = 256; sigData.data_length = 256;
err = R_TSIP_RsassaPkcs2048SignatureVerification( err = R_TSIP_RsassaPkcs2048SignatureVerification(
@ -3866,7 +3873,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
ret = WC_HW_E; ret = WC_HW_E;
} }
break; break;
#endif
case TSIP_KEY_TYPE_RSA4096: case TSIP_KEY_TYPE_RSA4096:
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
break; break;

21
wolfcrypt/src/rsa.c
View File

@ -3161,12 +3161,13 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
int checkSmallCt) int checkSmallCt)
{ {
int ret = 0; int ret = 0;
(void)rng;
(void)checkSmallCt;
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
RsaPadding padding; RsaPadding padding;
#endif #endif
(void)rng;
(void)checkSmallCt;
if (key == NULL || in == NULL || inLen == 0 || out == NULL || if (key == NULL || in == NULL || inLen == 0 || out == NULL ||
outLen == NULL || *outLen == 0 || type == RSA_TYPE_UNKNOWN) { outLen == NULL || *outLen == 0 || type == RSA_TYPE_UNKNOWN) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@ -4862,17 +4863,17 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
#endif #endif
{ {
err = wc_CryptoCb_MakeRsaKey(key, size, e, rng); err = wc_CryptoCb_MakeRsaKey(key, size, e, rng);
#ifndef WOLF_CRYPTO_CB_ONLY_RSA #ifdef WOLF_CRYPTO_CB_ONLY_RSA
if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) if (err == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
goto out;
/* fall-through when unavailable */
#endif
#ifdef WOLF_CRYPTO_CB_ONLY_RSA
if (err == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
err = NO_VALID_DEVID; err = NO_VALID_DEVID;
goto out; goto out;
} }
#endif #else
if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
goto out;
}
/* fall-through when unavailable */
#endif
} }
#endif #endif

4
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -301,10 +301,14 @@ typedef struct TsipUserCtx {
/* for tsip crypt only mode */ /* for tsip crypt only mode */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#ifndef NO_RSA #ifndef NO_RSA
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
tsip_rsa1024_private_key_index_t* rsa1024pri_keyIdx; tsip_rsa1024_private_key_index_t* rsa1024pri_keyIdx;
tsip_rsa1024_public_key_index_t* rsa1024pub_keyIdx; tsip_rsa1024_public_key_index_t* rsa1024pub_keyIdx;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
tsip_rsa2048_private_key_index_t* rsa2048pri_keyIdx; tsip_rsa2048_private_key_index_t* rsa2048pri_keyIdx;
tsip_rsa2048_public_key_index_t* rsa2048pub_keyIdx; tsip_rsa2048_public_key_index_t* rsa2048pub_keyIdx;
#endif
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
#ifdef HAVE_ECC_SIGN #ifdef HAVE_ECC_SIGN