wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 04:34:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8206 from dgarske/rx_tsip

Browse Source 
Fixes for RSA TSIP RSA Sign/Verify
This commit is contained in:
JacobBarthelmeh
2024-11-21 09:30:48 -07:00
committed by GitHub
parent 2710b57df8 c5e43280b9
commit 04932dd97d
4 changed files with 83 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
View File

@@ -408,10 +408,10 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
printf(" tsip_aes256_gcm_test() "); printf(" tsip_aes256_gcm_test() ");
} }
ForceZero(resultT, sizeof(resultT)); XMEMSET(resultT, 0, sizeof(resultT));
ForceZero(resultC, sizeof(resultC)); XMEMSET(resultC, 0, sizeof(resultC));
ForceZero(resultP, sizeof(resultP)); XMEMSET(resultP, 0, sizeof(resultP));
ForceZero(&userContext, sizeof(TsipUserCtx)); XMEMSET(&userContext, 0, sizeof(TsipUserCtx));
if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) { if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) {
ret = -1; ret = -1;
@@ -434,10 +434,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
} }
/* AES-GCM encrypt and decrypt both use AES encrypt internally */ /* AES-GCM encrypt and decrypt both use AES encrypt internally */
result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), result = wc_tsip_AesGcmEncrypt(enc,
resultC, p, sizeof(p),
(byte*)iv1, sizeof(iv1), resultT, sizeof(resultT), (byte*)iv1, sizeof(iv1), resultT, sizeof(resultT),
a, sizeof(a), &userContext); a, sizeof(a), &userContext
);
if (result != 0) { if (result != 0) {
ret = -4; ret = -4;
goto out; goto out;
@@ -451,9 +452,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
dec->ctx.keySize = enc->keylen; dec->ctx.keySize = enc->keylen;
} }
result = wc_tsip_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), result = wc_tsip_AesGcmDecrypt(dec,
resultP, resultC, sizeof(c1),
iv1, sizeof(iv1), resultT, sizeof(resultT), iv1, sizeof(iv1), resultT, sizeof(resultT),
a, sizeof(a), &userContext); a, sizeof(a), &userContext
);
if (result != 0){ if (result != 0){
ret = -8; ret = -8;
goto out; goto out;
@@ -469,18 +472,21 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
wc_AesGcmSetKey(enc, k1, sizeof(k1)); wc_AesGcmSetKey(enc, k1, sizeof(k1));
/* AES-GCM encrypt and decrypt both use AES encrypt internally */ /* AES-GCM encrypt and decrypt both use AES encrypt internally */
result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1), result = wc_tsip_AesGcmEncrypt(enc,
resultC, p, sizeof(p), iv1, sizeof(iv1),
resultT + 1, sizeof(resultT) - 1, resultT + 1, sizeof(resultT) - 1,
a, sizeof(a), &userContext); a, sizeof(a), &userContext
);
if (result != 0) { if (result != 0) {
ret = -10; ret = -10;
goto out; goto out;
} }
result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(p), result = wc_tsip_AesGcmDecrypt(enc,
resultP, resultC, sizeof(p),
iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
a, sizeof(a), &userContext); a, sizeof(a), &userContext
);
if (result != 0) { if (result != 0) {
ret = -11; ret = -11;
goto out; goto out;
@@ -523,7 +529,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
#endif /* FREERTOS */ #endif /* FREERTOS */
#endif #endif
#if defined(WOLFSSL_AES_128) #if defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM)
static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key) static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
{ {
@@ -568,9 +574,9 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6
}; };
byte resultT[16]; byte resultT[sizeof(t3)];
byte resultP[60 + AES_BLOCK_SIZE]; byte resultP[sizeof(p3) + AES_BLOCK_SIZE];
byte resultC[60 + AES_BLOCK_SIZE]; byte resultC[sizeof(p3) + AES_BLOCK_SIZE];
int result = 0; int result = 0;
int ret; int ret;
@@ -581,10 +587,10 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
printf(" tsip_aes128_gcm_test() "); printf(" tsip_aes128_gcm_test() ");
} }
ForceZero(resultT, sizeof(resultT)); XMEMSET(resultT, 0, sizeof(resultT));
ForceZero(resultC, sizeof(resultC)); XMEMSET(resultC, 0, sizeof(resultC));
ForceZero(resultP, sizeof(resultP)); XMEMSET(resultP, 0, sizeof(resultP));
ForceZero(&userContext, sizeof(TsipUserCtx)); XMEMSET(&userContext, 0, sizeof(TsipUserCtx));
if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) { if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) {
ret = -1; ret = -1;
@@ -607,21 +613,27 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
enc->ctx.keySize = enc->keylen; enc->ctx.keySize = enc->keylen;
} }
/* AES-GCM encrypt and decrypt both use AES encrypt internally */ /* AES-GCM encrypt and decrypt both use AES encrypt internally */
result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), result = wc_tsip_AesGcmEncrypt(enc,
resultC, p3, sizeof(p3),
iv3, sizeof(iv3), iv3, sizeof(iv3),
resultT, sizeof(t3), resultT, sizeof(t3),
a3, sizeof(a3), &userContext); a3, sizeof(a3), &userContext
);
if (result != 0) { if (result != 0) {
ret = -4; ret = -4;
goto out; goto out;
} }
result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
result = wc_tsip_AesGcmDecrypt(enc,
resultP, resultC, sizeof(c3),
iv3, sizeof(iv3), resultT, sizeof(resultT), iv3, sizeof(iv3), resultT, sizeof(resultT),
a3, sizeof(a3), &userContext); a3, sizeof(a3), &userContext
);
if (result != 0) { if (result != 0) {
ret = -5; ret = -5;
goto out; goto out;
} }
if (XMEMCMP(p3, resultP, sizeof(p3))) { if (XMEMCMP(p3, resultP, sizeof(p3))) {
ret = -6; ret = -6;
goto out; goto out;
@@ -805,6 +817,7 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
const char inStr2[] = TEST_STRING2; const char inStr2[] = TEST_STRING2;
const word32 inLen = (word32)TEST_STRING_SZ; const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES; const word32 outSz = RSA_TEST_BYTES;
word32 signSz = 0;
byte *in = NULL; byte *in = NULL;
byte *in2 = NULL; byte *in2 = NULL;
byte *out= NULL; byte *out= NULL;
@@ -848,15 +861,16 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
if (ret < 0) { if (ret < 0) {
goto out; goto out;
} }
signSz = ret;
/* this should fail */ /* this should fail */
ret = wc_RsaSSL_Verify(in2, inLen, out, keySize/8, key); ret = wc_RsaSSL_Verify(out, signSz, in2, inLen, key);
if (ret != SIG_VERIFY_E) { if (ret != SIG_VERIFY_E) {
ret = -1; ret = -1;
goto out; goto out;
} }
/* this should succeed */ /* this should succeed */
ret = wc_RsaSSL_Verify(in, inLen, out, keySize/8, key); ret = wc_RsaSSL_Verify(out, signSz, in, inLen, key);
if (ret < 0) { if (ret < 0) {
ret = -1; ret = -1;
goto out; goto out;
@@ -1223,6 +1237,7 @@ int tsip_crypt_test(void)
} }
#ifdef HAVE_AESGCM
if (ret == 0) { if (ret == 0) {
ret = tsip_aesgcm128_test(1, &g_user_aes128_key_index1); ret = tsip_aesgcm128_test(1, &g_user_aes128_key_index1);
@@ -1234,6 +1249,8 @@ int tsip_crypt_test(void)
ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1); ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1);
} }
#endif
#if defined(WOLFSSL_KEY_GEN) && \ #if defined(WOLFSSL_KEY_GEN) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
@@ -1262,6 +1279,7 @@ int tsip_crypt_test(void)
} }
#if RSA_MIN_SIZE <= 1024
if (ret == 0) { if (ret == 0) {
printf(" tsip_rsa_SignVerify_test(1024)"); printf(" tsip_rsa_SignVerify_test(1024)");
@@ -1274,6 +1292,7 @@ int tsip_crypt_test(void)
} }
Clr_CallbackCtx(&userContext); Clr_CallbackCtx(&userContext);
#endif
if (ret == 0) { if (ret == 0) {
printf(" tsip_rsa_SignVerify_test(2048)"); printf(" tsip_rsa_SignVerify_test(2048)");
@@ -1287,12 +1306,11 @@ int tsip_crypt_test(void)
} }
Clr_CallbackCtx(&userContext); Clr_CallbackCtx(&userContext);
#endif #endif /* WOLFSSL_KEY_GEN && WOLFSSL_RENESAS_TSIP_CRYPTONLY */
} }
else else {
ret = -1; ret = -1;
}
return ret; return ret;
} }

10
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@@ -279,6 +279,16 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
} }
#endif #endif
} }
if (info->pk.type == WC_PK_TYPE_RSA_GET_SIZE) {
if (cbInfo->wrappedKeyType == TSIP_KEY_TYPE_RSA2048) {
*info->pk.rsa_get_size.keySize = 256;
ret = 0;
}
else if (cbInfo->wrappedKeyType == TSIP_KEY_TYPE_RSA1024) {
*info->pk.rsa_get_size.keySize = 128;
ret = 0;
}
}
#endif /* !NO_RSA */ #endif /* !NO_RSA */
#if defined(HAVE_ECC) #if defined(HAVE_ECC)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)

16
wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
View File

@@ -234,7 +234,7 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
plain.pdata = (uint8_t*)info->pk.rsa.in; plain.pdata = (uint8_t*)info->pk.rsa.in;
plain.data_length = info->pk.rsa.inLen; plain.data_length = info->pk.rsa.inLen;
cipher.pdata = (uint8_t*)info->pk.rsa.out; cipher.pdata = (uint8_t*)info->pk.rsa.out;
cipher.data_length = info->pk.rsa.outLen; cipher.data_length = *(info->pk.rsa.outLen);
if (keySize == TSIP_KEY_TYPE_RSA1024) { if (keySize == TSIP_KEY_TYPE_RSA1024) {
ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher, ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,
@@ -250,13 +250,13 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
if (ret == 0) { if (ret == 0) {
info->pk.rsa.outLen = cipher.data_length; *(info->pk.rsa.outLen) = cipher.data_length;
} }
} }
else if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) else if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT)
{ {
plain.pdata = (uint8_t*)info->pk.rsa.out; plain.pdata = (uint8_t*)info->pk.rsa.out;
plain.data_length = info->pk.rsa.outLen; plain.data_length = *(info->pk.rsa.outLen);
cipher.pdata = (uint8_t*)info->pk.rsa.in; cipher.pdata = (uint8_t*)info->pk.rsa.in;
cipher.data_length = info->pk.rsa.inLen; cipher.data_length = info->pk.rsa.inLen;
@@ -274,7 +274,7 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
if (ret == 0) { if (ret == 0) {
info->pk.rsa.outLen = plain.data_length; *(info->pk.rsa.outLen) = plain.data_length;
} }
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -314,13 +314,13 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
} }
if (tsip_RsakeyImport(tuc) == 0) { if (tsip_RsakeyImport(tuc) == 0) {
hashData.pdata = (uint8_t*)info->pk.rsa.in; hashData.pdata = (uint8_t*)info->pk.rsa.out;
hashData.data_length = info->pk.rsa.inLen; hashData.data_length = *(info->pk.rsa.outLen);
hashData.data_type = hashData.data_type =
tuc->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */ tuc->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
sigData.pdata = (uint8_t*)info->pk.rsa.out; sigData.pdata = (uint8_t*)info->pk.rsa.in;
sigData.data_length = info->pk.rsa.outLen; sigData.data_length = info->pk.rsa.inLen;
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) { switch (tuc->wrappedKeyType) {

4
wolfssl/wolfcrypt/types.h
View File

@@ -1497,6 +1497,10 @@ typedef struct w64wrapper {
#if !defined(__MINGW32__) #if !defined(__MINGW32__)
#define WOLFSSL_THREAD_NO_JOIN __cdecl #define WOLFSSL_THREAD_NO_JOIN __cdecl
#endif #endif
#elif defined(THREADX)
typedef unsigned int THREAD_RETURN;
typedef TX_THREAD THREAD_TYPE;
#define WOLFSSL_THREAD
#else #else
typedef unsigned int THREAD_RETURN; typedef unsigned int THREAD_RETURN;
typedef size_t THREAD_TYPE; typedef size_t THREAD_TYPE;