From 3d4e89c2ca497d3f2710c138419f415b1a82dc4d Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 28 Apr 2025 09:27:59 -0700 Subject: [PATCH] Make wc_tsip_* API's public. --- .../src/port/Renesas/renesas_tsip_util.c | 42 ++++----- .../port/Renesas/renesas-tsip-crypt.h | 87 +++++++++---------- 2 files changed, 62 insertions(+), 67 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index c19a21556..9af6b7b1b 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -293,7 +293,7 @@ static void tsipFlushMessages(struct WOLFSSL* ssl) -WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl) +int tsip_TlsCleanup(struct WOLFSSL* ssl) { int ret = 0; TsipUserCtx* tuc = NULL; @@ -321,7 +321,7 @@ WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl) * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is * expecting to fallback to S/W, other negative values on error. */ -WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse) +int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse) { int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; @@ -439,7 +439,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse) * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is * expecting to fallback to S/W, other negative values on error. */ -WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, +int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, struct KeyShareEntry* kse) { int ret = 0; @@ -520,7 +520,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, return ret; } -WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl) +int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl) { int ret = 0; TsipUserCtx* tuc = NULL; @@ -553,7 +553,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl) * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is * expecting to fallback to S/W, other negative values on error. */ -WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl) +int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl) { int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; @@ -1019,7 +1019,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) * returns 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is * expecting to fallback to S/W, other negative values on error. */ -WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl, +int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl, int keyType, int side) { int ret = 0; @@ -1098,7 +1098,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl, return ret; } -WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) +int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) { int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; @@ -1266,7 +1266,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, * totalSz Length in the record header. means message + type + pad. * return 0, on success, others on failure. */ -WOLFSSL_LOCAL int tsip_Tls13HandleFinished( +int tsip_Tls13HandleFinished( struct WOLFSSL* ssl, const byte* input, word32* inOutIdx, @@ -1309,7 +1309,7 @@ WOLFSSL_LOCAL int tsip_Tls13HandleFinished( * when tsip can not handle and is expecting to fallback to S/W, * other negative values on error. */ -WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl, +int tsip_Tls13BuildMessage(struct WOLFSSL* ssl, byte* output, int outSz, const byte* input, @@ -1402,7 +1402,7 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl, * return 0 on success, CRYPTOCB_UNAVAILABLE when TSIP can not handle, * other negative values on error. */ -WOLFSSL_LOCAL int tsip_Tls13SendFinished( +int tsip_Tls13SendFinished( struct WOLFSSL* ssl, byte* output, int outSz, @@ -1466,7 +1466,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished( * return 0 on success, CRYPTOCB_UNAVAILABLE when TSIP can not handle, * other negative values on error. */ -WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, +int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 totalSz) { @@ -1611,7 +1611,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, * Returns 0 on success, CRYPTOCB_UNAVAILABLE when the required key is not * provided or unsupported algo is specified and otherwise failure. */ -WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) +int tsip_Tls13SendCertVerify(WOLFSSL* ssl) { int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; @@ -2393,7 +2393,7 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType) * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key * TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key */ -WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) +int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) { int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; @@ -2622,7 +2622,7 @@ int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated) * lock hw engine. * this should be called before using engine. */ -WOLFSSL_LOCAL int tsip_hw_lock(void) +int tsip_hw_lock(void) { int ret = 0; @@ -2649,7 +2649,7 @@ WOLFSSL_LOCAL int tsip_hw_lock(void) /* * release hw engine */ -WOLFSSL_LOCAL void tsip_hw_unlock(void) +void tsip_hw_unlock(void) { tsip_CryptHwMutexUnLock(&tsip_mutex); } @@ -2657,7 +2657,7 @@ WOLFSSL_LOCAL void tsip_hw_unlock(void) /* open TSIP driver * return 0 on success. */ -WOLFSSL_LOCAL int tsip_Open(void) +int tsip_Open(void) { int ret = TSIP_SUCCESS; @@ -2757,7 +2757,7 @@ WOLFSSL_LOCAL int tsip_Open(void) } /* close TSIP driver */ -WOLFSSL_LOCAL void tsip_Close(void) +void tsip_Close(void) { WOLFSSL_ENTER("tsip_Close"); int ret; @@ -3798,7 +3798,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) #endif /* !NO_RSA */ #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_TSIP_TLS) -WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( +int tsip_VerifyRsaPkcsCb( WOLFSSL* ssl, unsigned char* sig, unsigned int sigSz, unsigned char** out, @@ -3911,7 +3911,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( * signature will be DER encoded and stored into out buffer. * the private key must be imported as TSIP specific format. */ -WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) +int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) { int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; @@ -4049,7 +4049,7 @@ static int tsip_HashPad(int curveSz, uint8_t* hash, * returns * 0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified. */ -WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) +int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) { int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; @@ -4173,7 +4173,7 @@ static void hexdump(const uint8_t* in, uint32_t len) byte *ret2err(word32 ret) { switch(ret) { - case TSIP_SUCCESS: return "success"; + case TSIP_SUCCESS: return "success"; case TSIP_ERR_SELF_CHECK1: return "selfcheck1"; case TSIP_ERR_RESOURCE_CONFLICT: return "rsconflict"; case TSIP_ERR_SELF_CHECK2: return "selfcheck2"; diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index a642506b0..04f329471 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -35,7 +35,6 @@ #include "r_tsip_rx_if.h" #endif - #include #include #include @@ -47,6 +46,7 @@ #include #endif + #ifdef __cplusplus extern "C" { #endif @@ -340,37 +340,33 @@ typedef struct } TsipPKCbInfo; +typedef struct +{ #if (WOLFSSL_RENESAS_TSIP_VER >=109) - -typedef struct -{ - uint8_t * encrypted_provisioning_key; - uint8_t * iv; - uint8_t * encrypted_user_tls_key; - uint32_t encrypted_user_tls_key_type; - uint8_t * encrypted_user_private_key; - uint32_t encrypted_user_private_key_type; - uint8_t * encrypted_user_public_key; - uint32_t encrypted_user_public_key_type; + uint8_t * encrypted_provisioning_key; + uint8_t * iv; + uint8_t * encrypted_user_tls_key; + uint32_t encrypted_user_tls_key_type; + uint8_t * encrypted_user_private_key; + uint32_t encrypted_user_private_key_type; + uint8_t * encrypted_user_public_key; + uint32_t encrypted_user_public_key_type; tsip_ecc_private_key_index_t client_private_key_index; - tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex; -} tsip_key_data; - #else -typedef struct -{ - uint8_t* encrypted_session_key; - uint8_t* iv; - uint8_t* encrypted_user_tls_key; + uint8_t* encrypted_session_key; + uint8_t* iv; + uint8_t* encrypted_user_tls_key; +#endif tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex; } tsip_key_data; -#endif struct Aes; struct WOLFSSL; struct WOLFSSL_CTX; struct wc_CryptoInfo; + + /*----------------------------------------------------*/ /* APIs */ /*----------------------------------------------------*/ @@ -442,10 +438,10 @@ struct wc_CryptoInfo; WOLFSSL_LOCAL int tsip_SignRsaPkcs(struct wc_CryptoInfo* info, TsipUserCtx* tuc); -WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info, +WOLFSSL_API int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info, TsipUserCtx* tuc); -WOLFSSL_LOCAL int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc); +WOLFSSL_API int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc); WOLFSSL_LOCAL int tsip_SignEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc); @@ -518,9 +514,9 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(struct WOLFSSL*ssl); #if (WOLFSSL_RENESAS_TSIP_VER >=109) -WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, struct wc_CryptoInfo* info, +WOLFSSL_API int wc_tsip_AesCipher(int devIdArg, struct wc_CryptoInfo* info, void* ctx); -WOLFSSL_LOCAL int wc_tsip_generateMasterSecretEx( +WOLFSSL_API int wc_tsip_generateMasterSecretEx( byte cipherSuiteFirst, byte cipherSuite, const byte* pr, /* pre-master */ @@ -530,7 +526,7 @@ WOLFSSL_LOCAL int wc_tsip_generateMasterSecretEx( #else -WOLFSSL_LOCAL int wc_tsip_generateMasterSecret( +WOLFSSL_API int wc_tsip_generateMasterSecret( const byte *pre, const byte *cr, const byte *sr, @@ -539,23 +535,23 @@ WOLFSSL_LOCAL int wc_tsip_generateMasterSecret( #endif /* WOLFSSL_RENESAS_TSIP_VER */ -WOLFSSL_LOCAL int wc_tsip_storeKeyCtx( +WOLFSSL_API int wc_tsip_storeKeyCtx( struct WOLFSSL *ssl, TsipUserCtx *userCtx); -WOLFSSL_LOCAL int wc_tsip_generateEncryptPreMasterSecret( +WOLFSSL_API int wc_tsip_generateEncryptPreMasterSecret( struct WOLFSSL* ssl, byte* out, word32* outSz); -WOLFSSL_LOCAL int wc_tsip_EccSharedSecret( +WOLFSSL_API int wc_tsip_EccSharedSecret( struct WOLFSSL* ssl, struct ecc_key* otherKey, unsigned char* pubKeyDer, unsigned int* pubKeySz, unsigned char* out, unsigned int* outlen, int side, void* ctx); -WOLFSSL_LOCAL int wc_tsip_RsaVerify( +WOLFSSL_API int wc_tsip_RsaVerify( struct WOLFSSL* ssl, byte* sig, word32 sigSz, @@ -564,32 +560,32 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerify( word32 keySz, void* ctx); -WOLFSSL_LOCAL int wc_tsip_EccVerify( +WOLFSSL_API int wc_tsip_EccVerify( struct WOLFSSL* ssl, const byte* sig, word32 sigSz, const byte* hash, word32 hashSz, const byte* key, word32 keySz, int* result, void* ctx); -WOLFSSL_LOCAL int wc_tsip_generateVerifyData( +WOLFSSL_API int wc_tsip_generateVerifyData( const uint8_t* masterSecret, const uint8_t* side, const uint8_t* handshake_hash, uint8_t* hashes); #ifndef NO_AES -WOLFSSL_LOCAL int wc_tsip_AesCbcEncrypt( +WOLFSSL_API int wc_tsip_AesCbcEncrypt( Aes* aes, byte* out, const byte* in, word32 sz); -WOLFSSL_LOCAL int wc_tsip_AesCbcDecrypt( +WOLFSSL_API int wc_tsip_AesCbcDecrypt( Aes* aes, byte* out, const byte* in, word32 sz); -WOLFSSL_LOCAL int wc_tsip_AesGcmEncrypt( +WOLFSSL_API int wc_tsip_AesGcmEncrypt( Aes* aes, byte* out, const byte* in, word32 sz, byte* iv, word32 ivSz, @@ -597,7 +593,7 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmEncrypt( const byte* authIn, word32 authInSz, void* ctx); -WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt( +WOLFSSL_API int wc_tsip_AesGcmDecrypt( Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, @@ -605,14 +601,14 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt( const byte* authIn, word32 authInSz, void* ctx); #endif /* NO_AES */ -WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify( +WOLFSSL_API int wc_tsip_ShaXHmacVerify( const struct WOLFSSL *ssl, const byte* message, word32 messageSz, word32 macSz, word32 content); -WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate( +WOLFSSL_API int wc_tsip_Sha1HmacGenerate( const struct WOLFSSL *ssl, const byte* myInner, word32 innerSz, @@ -620,7 +616,7 @@ WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate( word32 sz, byte* digest); -WOLFSSL_LOCAL int wc_tsip_Sha256HmacGenerate( +WOLFSSL_API int wc_tsip_Sha256HmacGenerate( const struct WOLFSSL *ssl, const byte* myInner, word32 innerSz, @@ -648,35 +644,34 @@ WOLFSSL_LOCAL byte tsip_rootCAverified(); WOLFSSL_LOCAL byte tsip_checkCA(word32 cmIdx); -WOLFSSL_LOCAL int wc_tsip_tls_RootCertVerify( +WOLFSSL_API int wc_tsip_tls_RootCertVerify( const byte* cert, word32 cert_len, word32 key_n_start, word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row); -WOLFSSL_LOCAL int wc_tsip_tls_CertVerify( +WOLFSSL_API int wc_tsip_tls_CertVerify( const uint8_t* cert, uint32_t certSz, const uint8_t* signature, uint32_t sigSz, uint32_t key_n_start, uint32_t key_n_len, uint32_t key_e_start, uint32_t key_e_len, uint8_t* tsip_encRsaKeyIdx); -WOLFSSL_LOCAL int wc_tsip_generatePremasterSecret( +WOLFSSL_API int wc_tsip_generatePremasterSecret( byte* premaster, word32 preSz); -WOLFSSL_LOCAL int wc_tsip_generateSessionKey( +WOLFSSL_API int wc_tsip_generateSessionKey( struct WOLFSSL* ssl, TsipUserCtx* ctx, int devId); -WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx); +WOLFSSL_API int wc_tsip_MakeRsaKey(int size, void* ctx); -WOLFSSL_LOCAL int wc_tsip_GenerateRandBlock(byte* output, word32 size); +WOLFSSL_API int wc_tsip_GenerateRandBlock(byte* output, word32 size); #if defined(WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG) byte *ret2err(word32 ret); - #endif #ifdef __cplusplus