wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5121 from miyazakh/sce_example_update2

Browse Source
This commit is contained in:
Chris Conlon
2022-05-09 14:15:13 -06:00
committed by GitHub
parent 59fdf05155 75d90aaf2f
commit 063e757f6b
9 changed files with 327 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
View File

@ -1,6 +1,6 @@
/* wolfssl_demo.h
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -35,34 +35,47 @@
#define DIRECT_KEY_ADDRESS_256 FLASH_HP_DF_BLOCK_1
#define DIRECT_KEY_ADDRESS_128 FLASH_HP_DF_BLOCK_2
/* Client connects to the server with these details. */
#define SERVER_IP "192.168.11.49"
#define DEFAULT_PORT 11111
/* Enable wolfcrypt test */
/* can be enabled with benchmark test */
/*#define CRYPT_TEST*/
/* #define CRYPT_TEST */
/* Enable benchmark */
/* can be enabled with cyrpt test */
/*#define BENCHMARK*/
/* #define BENCHMARK */
/* Enable TLS client */
/* cannot enable with CRYPT_TEST or BENCHMARK */
#define TLS_CLIENT
/* Specify cipher suites that are supported by SCE
* ClientHello specifies the cipher suite to communicate peer Server
* so that TLS handshake uses SCE protect mode
*/
#define TEST_CIPHER_SPECIFIED
/* Use RSA certificates */
#define USE_CERT_BUFFERS_2048
/* Use ECC certificates */
/*#define USE_CERT_BUFFERS_256*/
/*#define USE_CERT_BUFFERS_256 */
#if defined(USE_CERT_BUFFERS_2048) && defined(USE_CERT_BUFFERS_256)
#error please set either macro USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_256
#endif
typedef struct tagTestInfo
{
int id;
int port;
char name[32];
const char* cipher;
WOLFSSL_CTX* ctx;
wolfSSL_Logging_cb log_f;
} TestInfo;
void sce_test();
void TCPInit();
void wolfSSL_TLS_client_init();
void wolfSSL_TLS_client();
void wolfSSL_TLS_client_do(void *pvParam);
void wolfSSL_TLS_cleanup();
extern WOLFSSL_CTX *client_ctx;
static void util_Cleanup(xSocket_t xSock, WOLFSSL_CTX *ctx, WOLFSSL *ssl) {
printf("Cleaning up socket and wolfSSL objects.\n");

4
IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c
View File

@ -1,6 +1,6 @@
/* myprintf.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -22,6 +22,8 @@
#define SEGGER_INDEX (0)
int myprintf(const char * sFormat, ...);
int myprintf(const char * sFormat, ...)
{
int r;

93
IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
View File

@ -1,6 +1,6 @@
/* test_main.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -19,15 +19,16 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include "stdio.h"
#include "stdint.h"
#include "wolfssl_demo.h"
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
User_SCEPKCbInfo guser_PKCbInfo;
User_SCEPKCbInfo guser_PKCbInfo;
#endif
#include <wolfssl_demo.h>
@ -40,6 +41,8 @@ void abort(void);
}
#endif
void R_BSP_WarmStart(bsp_warm_start_event_t event);
/* the function is called just before main() to set up pins */
/* this needs to be called to setup IO Port */
void R_BSP_WarmStart (bsp_warm_start_event_t event)
@ -106,7 +109,7 @@ typedef struct func_args {
void wolfcrypt_test(func_args args);
int benchmark_test(void *args);
/* Entry function of SCE test */
void sce_test(void)
{
@ -154,51 +157,65 @@ void sce_test(void)
#include "r_sce.h"
#if defined(USE_CERT_BUFFERS_256)
#if defined(TEST_CIPHER_SPECIFIED)
const char* cipherlist[] = {
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256"
};
const int cipherlist_sz = 2;
#else
const char* cipherlist[] = {
NULL
};
const int cipherlist_sz = 1;
#endif /* TEST_CIPHER_SPECIFIED */
const char* cipherlist[] = {
NULL, /* not specify cipher suite */
#if defined(WOLFSSL_TLS13)
NULL, NULL, NULL,
#else
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-SHA", /* SW only */
"ECDHE-ECDSA-AES128-SHA256",
#endif
};
const int cipherlist_sz = 4;
TestInfo info[cipherlist_sz];
#else
#if defined(TEST_CIPHER_SPECIFIED)
const char* cipherlist[] = {
"AES128-SHA256",
"AES256-SHA256",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256"
};
const int cipherlist_sz = 4;
#else
const char* cipherlist[] = {
NULL
};
const int cipherlist_sz = 1;
#endif /* TEST_CIPHER_SPECIFIED */
const char* cipherlist[] = {
NULL, /* not specify cipher suite */
#if defined(WOLFSSL_TLS13)
NULL, NULL, NULL, NULL, NULL,
#else
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-SHA", /* SW only */
"ECDHE-RSA-AES128-SHA256",
"AES128-SHA256",
"AES256-SHA256",
#endif
};
const int cipherlist_sz = 6;
TestInfo info[cipherlist_sz];
#endif
int i = 0;
printf("\n Start Client Example, ");
printf("\n Connecting to %s\n\n", SERVER_IP);
SetScetlsKey();
TCPInit();
do {
if(cipherlist_sz > 0 && cipherlist[i] != NULL )
printf("cipher : %s\n", cipherlist[i]);
wolfSSL_TLS_client_init();
do {
info[i].port = DEFAULT_PORT;
info[i].cipher = cipherlist[i];
info[i].ctx = client_ctx;
info[i].id = i;
memset(info[i].name, 0, sizeof(info[i].name));
sprintf(info[i].name, "wolfSSL_TLS_client_do(%02d)", i);
wolfSSL_TLS_client_do(&info[i]);
wolfSSL_TLS_client_init(cipherlist[i]);
wolfSSL_TLS_client();
i++;
} while (i < cipherlist_sz);
printf("\n End of Client Example");
wolfSSL_TLS_cleanup();
#endif
}

196
IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
View File

@ -1,6 +1,6 @@
/* wolf_client.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -29,22 +29,36 @@
#include "wolfssl/certs_test.h"
uint32_t g_encrypted_root_public_key[140];
static WOLFSSL_CTX *client_ctx;
WOLFSSL_CTX *client_ctx = NULL;
extern uint8_t g_ether0_mac_address[6];
typedef struct user_EccPKCbInfo;
extern struct user_PKCbInfo guser_PKCbInfo;
static const byte ucIPAddress[4] = { 192, 168, 11, 241 };
static const byte ucNetMask[4] = { 255, 255, 255, 0 };
static const byte ucGatewayAddress[4] = { 192, 168, 11, 1 };
static const byte ucDNSServerAddress[4] = { 192, 168, 11, 1 };
/* Client connects to the server with these details. */
#define SERVER_IP "192.168.11.40"
#define DEFAULT_PORT 11111
#define FR_SOCKET_SUCCESS 0
extern struct User_PKCbInfo guser_PKCbInfo;
int SEGGER_RTT_vprintf(unsigned BufferIndex, const char * sFormat, va_list * pParamList);
static int msg(const char* pname, int l,
const char * sFormat, ...)
{
int r = 0;
va_list ParamList;
va_start(ParamList, sFormat);
printf("[%s][%02d] ", pname, l);
r = SEGGER_RTT_vprintf(0, sFormat, &ParamList);
va_end(ParamList);
return r;
}
void TCPInit( )
{
BaseType_t fr_status;
@ -60,7 +74,7 @@ void TCPInit( )
}
}
void wolfSSL_TLS_client_init(const char* cipherlist)
void wolfSSL_TLS_client_init()
{
#ifndef NO_FILESYSTEM
@ -80,9 +94,6 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
#endif
wolfSSL_Init();
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
/* Create and initialize WOLFSSL_CTX */
if ((client_ctx = wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
@ -90,8 +101,8 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
return;
}
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
/* set callback functions for ECC */
wc_sce_set_callbacks(client_ctx);
/* set callback functions for ECC */
wc_sce_set_callbacks(client_ctx);
#endif
#if !defined(NO_FILESYSTEM)
@ -105,85 +116,122 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
return;
}
#endif
/* use specific cipher */
if (cipherlist != NULL && wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
printf("client can't set cipher list 1");
}
}
void wolfSSL_TLS_client( )
void wolfSSL_TLS_client_do(void *pvParam)
{
int ret;
int i = 0;
TestInfo* p = (TestInfo*)pvParam;
/* FreeRTOS+TCP Objects */
socklen_t xSize = sizeof(struct freertos_sockaddr);
xSocket_t xClientSocket = NULL;
struct freertos_sockaddr xRemoteAddress;
WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)client_ctx;
WOLFSSL *ssl;
WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx;
WOLFSSL *ssl = NULL;
const char* pcName = p->name;
#define BUFF_SIZE 256
static const char sendBuff[]= "Hello Server\n" ;
char rcvBuff[BUFF_SIZE] = {0};
i = p->id;
/* Client Socket Setup */
xRemoteAddress.sin_port = FreeRTOS_htons(DEFAULT_PORT);
xRemoteAddress.sin_port = FreeRTOS_htons(p->port);
xRemoteAddress.sin_addr = FreeRTOS_inet_addr(SERVER_IP);
/* Create a FreeRTOS TCP Socket and connect */
xClientSocket = FreeRTOS_socket(FREERTOS_AF_INET,
FREERTOS_SOCK_STREAM,
FREERTOS_IPPROTO_TCP);
configASSERT(xClientSocket != FREERTOS_INVALID_SOCKET);
FreeRTOS_bind(xClientSocket, &xRemoteAddress, sizeof(xSize));
/* Create a FreeRTOS TCP Socket and connect */
xClientSocket = FreeRTOS_socket(FREERTOS_AF_INET,
FREERTOS_SOCK_STREAM,
FREERTOS_IPPROTO_TCP);
/* Client Socket Connect */
ret = FreeRTOS_connect(xClientSocket,
&xRemoteAddress,
sizeof(xRemoteAddress));
if (ret != FR_SOCKET_SUCCESS) {
printf("Error [%d]: FreeRTOS_connect.\n",ret);
util_inf_loop(xClientSocket, ctx, ssl);
}
if((ssl = wolfSSL_new(ctx)) == NULL) {
printf("ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
return;
}
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
/* set callback ctx */
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
#endif
/* Attach wolfSSL to the socket */
ret = wolfSSL_set_fd(ssl, (int) xClientSocket);
if (ret != WOLFSSL_SUCCESS) {
printf("Error [%d]: wolfSSL_set_fd.\n",ret);
util_inf_loop(xClientSocket, ctx, ssl);
}
configASSERT(xClientSocket != FREERTOS_INVALID_SOCKET);
if(wolfSSL_connect(ssl) != SSL_SUCCESS) {
printf("ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0));
return;
FreeRTOS_bind(xClientSocket, NULL, sizeof(xSize));
/* Client Socket Connect */
ret = FreeRTOS_connect(xClientSocket,
&xRemoteAddress,
sizeof(xRemoteAddress));
if (ret != FR_SOCKET_SUCCESS) {
msg(pcName, i, " Error [%d]: FreeRTOS_connect.\n", ret);
goto out;
}
msg(pcName, i, " Start to connect to the server.\n");
if((ssl = wolfSSL_new(ctx)) == NULL) {
msg(pcName, i, " ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
goto out;
}
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
/* set callback ctx */
memset(&guser_PKCbInfo, 0, sizeof(User_SCEPKCbInfo));
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
#endif
/* Attach wolfSSL to the socket */
ret = wolfSSL_set_fd(ssl, (int) xClientSocket);
if (ret != WOLFSSL_SUCCESS) {
msg(pcName, i, " Error [%d]: wolfSSL_set_fd.\n",ret);
}
if(p->cipher)
msg(pcName, i, " Cipher : %s\n", p->cipher);
/* use specific cipher */
if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher) != WOLFSSL_SUCCESS) {
msg(pcName, i, " client can't set cipher list 1");
goto out;
}
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
if (p->log_f != NULL)
wolfSSL_SetLoggingCb(p->log_f);
#endif
if(wolfSSL_connect(ssl) != SSL_SUCCESS) {
msg(pcName, i, " ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0));
goto out;
}
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_OFF();
#endif
if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff)) != (int)strlen(sendBuff)) {
msg(pcName, i, " ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
goto out;
}
if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE)) < 0) {
msg(pcName, i, " ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0));
goto out;
}
rcvBuff[ret] = '\0' ;
msg(pcName, i, " Received: %s\n\n", rcvBuff);
out:
if (ssl) {
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
ssl = NULL;
/* need to reset callback */
wc_sce_set_callbacks(client_ctx);
}
if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
printf("ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
return;
}
if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE)) < 0) {
printf("ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0));
return;
}
rcvBuff[ret] = '\0' ;
printf("Received: %s\n\n", rcvBuff);
/* frees all data before client termination */
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
/* clean up socket */
if (xClientSocket) {
FreeRTOS_shutdown(xClientSocket, FREERTOS_SHUT_RDWR);
FreeRTOS_closesocket(xClientSocket);
xClientSocket = NULL;
}
}
void wolfSSL_TLS_cleanup()
{
if (client_ctx) {
wolfSSL_CTX_free(client_ctx);
}
wolfSSL_Cleanup();
}

2
wolfcrypt/src/logging.c
View File

@ -357,6 +357,8 @@ static void wolfssl_log(const int logLevel, const char *const logMessage)
xil_printf("%s\r\n", logMessage);
#elif defined(WOLFSSL_LINUXKM)
printk("%s\n", logMessage);
#elif defined(WOLFSSL_RENESAS_RA6M4)
myprintf("%s\n", logMessage);
#else
fprintf(stderr, "%s\n", logMessage);
#endif

44
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -1,6 +1,6 @@
/* renesas_common.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -380,8 +380,9 @@ static byte sce_tsip_rootCAverified(void)
* keySz Length of key in bytes
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
byte** out, const byte* key, word32 keySz, void* ctx)
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, unsigned char* sig,
unsigned int sigSz, unsigned char** out,
const unsigned char* key, unsigned int keySz, void* ctx)
{
int ret = 0;
@ -404,7 +405,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx);
if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) {
if (ret == 0) {
/* Set Callback for SharedSecret when successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
@ -431,9 +432,9 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
* result a pointer to int indicates if the verify is ok
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
const uint8_t* key, uint32_t keySz, int* result, void* ctx)
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
unsigned int sigSz, const unsigned char* hash, unsigned int hashSz,
const unsigned char* key, unsigned int keySz, int* result, void* ctx)
{
int ret = 0;
@ -455,7 +456,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz,
result, ctx);
if (ret == 0 && *result == 1 && ret != CRYPTOCB_UNAVAILABLE) {
if (ret == 0 && *result == 1) {
/* Set callback for SharedSecret when being successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
@ -526,17 +527,17 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
WOLFSSL_ENTER("Renesas_cmn_TlsFinished");
/* sanity check */
if (ssl == NULL || ctx == NULL || side == NULL || handshake_hash == NULL ||
hashes == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateVerifyData(ssl->arrays->tsip_masterSecret,
side, handshake_hash, hashes);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret,
side, handshake_hash, hashes);
if (Renesas_cmn_usable(ssl, 1)) {
ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret,
side, handshake_hash, hashes);
}
else
ret = PROTOCOLCB_UNAVAILABLE;
#endif
return ret;
@ -598,14 +599,13 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
/* sanity check */
if (ssl == NULL || ctx == NULL)
return BAD_FUNC_ARG;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, devId);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_sce_generateSessionKey(ssl, ctx, devId);
if (Renesas_cmn_usable(ssl, 0)) {
ret = wc_sce_generateSessionKey(ssl, ctx, devId);
} else
ret = PROTOCOLCB_UNAVAILABLE;
#endif
if (ret == 0) {
wolfSSL_CTX_SetEncryptKeysCb(ssl->ctx, Renesas_cmn_EncryptKeys);
@ -737,8 +737,10 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx)
wolfSSL_SetGenSessionKeyCtx(ssl, NULL);
}
}
else
else {
WOLFSSL_MSG("PROTOCOLCB_UNAVAILABLE\n");
ret = PROTOCOLCB_UNAVAILABLE;
}
#endif
return ret;

37
wolfcrypt/src/port/Renesas/renesas_sce_aes.c
View File

@ -1,6 +1,6 @@
/* renesas_sce_aes.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -134,7 +134,8 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
/* allocate buffers for plaintext, ciphertext and authTag to make sure
* those buffers 32bit aligned as SCE requests.
*/
delta = sz % AES_BLOCK_SIZE;
delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 :
AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE);
plainBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
cipherBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
@ -205,7 +206,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
ret = updateFn(&_handle, plainBuf, cipherBuf, sz, NULL, 0UL);
}
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("R_SCE_AesXXXGcmEncryptUpdate: failed");
WOLFSSL_MSG("R_SCE_AesXXXGcmEncryptUpdate2: failed");
ret = -1;
}
@ -217,18 +218,21 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
*/
dataLen = 0;
ret = finalFn(&_handle,
cipherBuf + (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE,
cipherBuf + (sz + delta - AES_BLOCK_SIZE),
&dataLen,
aTagBuf);
if (ret == FSP_SUCCESS) {
/* copy encrypted data to out */
XMEMCPY(out, cipherBuf, dataLen);
/* copy auth tag to caller's buffer */
XMEMCPY((void*)authTag, (void*)aTagBuf,
/* copy encrypted data to out */
if (sz != dataLen) {
WOLFSSL_MSG("sz is not equal to dataLen!!!!");
ret = -1;
} else {
XMEMCPY(out, cipherBuf, dataLen);
/* copy auth tag to caller's buffer */
XMEMCPY((void*)authTag, (void*)aTagBuf,
min(authTagSz, SCE_AES_GCM_AUTH_TAG_SIZE ));
}
}
else {
WOLFSSL_MSG("R_SCE_AesxxxGcmEncryptFinal: failed");
@ -319,7 +323,8 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
/* allocate buffers for plain-text, cipher-text, authTag and AAD.
* TSIP requests those buffers 32bit aligned.
*/
delta = sz % AES_BLOCK_SIZE;
delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 :
AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE);
cipherBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
plainBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
@ -396,14 +401,20 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
if (ret == FSP_SUCCESS) {
dataLen = 0;
ret = finalFn(&_handle,
plainBuf + (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE,
plainBuf + (sz + delta - AES_BLOCK_SIZE),
&dataLen,
aTagBuf,
min(16, authTagSz));
if (ret == FSP_SUCCESS) {
/* copy plain data to out */
XMEMCPY(out, plainBuf, dataLen);
if (sz != dataLen) {
WOLFSSL_MSG("sz is not equal to dataLen!!!!");
ret = -1;
}
else {
XMEMCPY(out, plainBuf, dataLen);
}
}
else {
WOLFSSL_MSG("R_SCE_AesXXXGcmDecryptFinal: failed");

116
wolfcrypt/src/port/Renesas/renesas_sce_util.c
View File

@ -1,6 +1,6 @@
/* renesas_sce_util.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -207,25 +207,33 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
XMEMCPY(&peerkey[4], qx, qxLen);
XMEMCPY(&peerkey[4+qxLen], qy, qyLen);
/* 0 : RSA 2048bit, 1 : Reserved, 2 : ECDSA P-256 */
ret = R_SCE_TLS_ServerKeyExchangeVerify(
type,
(uint8_t*) ssl->arrays->clientRandom,
(uint8_t*) ssl->arrays->serverRandom,
(uint8_t*) peerkey,
(uint8_t*) sig,
(uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
(uint32_t*)cbInfo->encrypted_ephemeral_ecdh_public_key);
if ((ret = wc_sce_hw_lock()) == 0) {
/* 0 : RSA 2048bit, 1 : Reserved, 2 : ECDSA P-256 */
ret = R_SCE_TLS_ServerKeyExchangeVerify(
type,
(uint8_t*) ssl->arrays->clientRandom,
(uint8_t*) ssl->arrays->serverRandom,
(uint8_t*) peerkey,
(uint8_t*) sig,
(uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
(uint32_t*)cbInfo->encrypted_ephemeral_ecdh_public_key);
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
cbInfo->pk_key_set = 0;
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
cbInfo->pk_key_set = 0;
}
else {
ret = WOLFSSL_SUCCESS;
cbInfo->pk_key_set = 1;
}
}
else {
ret = WOLFSSL_SUCCESS;
cbInfo->pk_key_set = 1;
WOLFSSL_MSG("Failed to lock sce hw ");
}
/* unlock hw */
wc_sce_hw_unlock();
XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
@ -328,12 +336,13 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
return ret;
}
/* Callback for ECC shared secret */
WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
uint8_t* pubKeyDer, unsigned int* pubKeySz,
uint8_t* out, unsigned int* outlen, int side, void* ctx)
{
int ret;
int ret = WOLFSSL_SUCCESS;
(void) otherKey;
(void) side;
@ -351,36 +360,44 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
if (cbInfo->pk_key_set == 1) {
/* Generate ECC PUblic key pair */
ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate(
&cbInfo->ecc_p256_wrapped_key,
(uint8_t*)&cbInfo->ecc_ecdh_public_key/* Qx 32 bytes and Qy 32 bytes*/ );
if (ret != FSP_SUCCESS) {
WOLFSSL_PKMSG("Failed secp256r1_EphemeralWrappedKeyPairGenerate %d\n", ret);
return ret;
}
if ((ret = wc_sce_hw_lock()) == 0) {
/* Generate ECC PUblic key pair */
ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate(
&cbInfo->ecc_p256_wrapped_key,
(uint8_t*)&cbInfo->ecc_ecdh_public_key/* Qx 32 bytes and Qy 32 bytes*/ );
if (ret != FSP_SUCCESS) {
WOLFSSL_PKMSG("Failed secp256r1_EphemeralWrappedKeyPairGenerate %d\n", ret);
return ret;
}
/* copy generated ecdh public key inot buffer */
pubKeyDer[0] = ECC_POINT_UNCOMP;
*pubKeySz = 1 + sizeof(cbInfo->ecc_ecdh_public_key);
XMEMCPY(&pubKeyDer[1], &cbInfo->ecc_ecdh_public_key,
sizeof(cbInfo->ecc_ecdh_public_key));
/* copy generated ecdh public key inot buffer */
pubKeyDer[0] = ECC_POINT_UNCOMP;
*pubKeySz = 1 + sizeof(cbInfo->ecc_ecdh_public_key);
XMEMCPY(&pubKeyDer[1], &cbInfo->ecc_ecdh_public_key,
sizeof(cbInfo->ecc_ecdh_public_key));
/* Generate Premaster Secret */
ret = R_SCE_TLS_PreMasterSecretGenerateForECC_secp256r1(
(uint32_t*)&cbInfo->encrypted_ephemeral_ecdh_public_key,
&cbInfo->ecc_p256_wrapped_key,
(uint32_t*)out/* pre-master secret 64 bytes */);
if (ret != FSP_SUCCESS) {
WOLFSSL_PKMSG("Failed PreMasterSecretGenerateForECC_secp256r1 %d\n", ret);
return ret;
/* Generate Premaster Secret */
ret = R_SCE_TLS_PreMasterSecretGenerateForECC_secp256r1(
(uint32_t*)&cbInfo->encrypted_ephemeral_ecdh_public_key,
&cbInfo->ecc_p256_wrapped_key,
(uint32_t*)out/* pre-master secret 64 bytes */);
if (ret != FSP_SUCCESS) {
WOLFSSL_PKMSG("Failed PreMasterSecretGenerateForECC_secp256r1 %d\n", ret);
return ret;
}
else {
/* set master secret generation callback for use */
wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret);
wolfSSL_SetGenMasterSecretCtx(ssl, cbInfo);
}
}
else {
/* set master secret generation callback for use */
wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret);
wolfSSL_SetGenMasterSecretCtx(ssl, cbInfo);
WOLFSSL_MSG("Failed to lock sce hw ");
}
/* unlock hw */
wc_sce_hw_unlock();
*outlen = 64;
WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
}
@ -389,7 +406,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
}
#endif
/* Return tls cipher suite enumeration that is supported by SCE library */
static uint32_t GetSceCipherSuite(
static uint32_t GetSceCipherSuite(
uint8_t cipherSuiteFirst,
uint8_t cipherSuite)
{
@ -458,7 +475,7 @@ WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl,
uint8_t session_key_generated)
{
WOLFSSL_ENTER("sce_usable");
byte Scecipher;
uint32_t sceCipher;
byte side;
const Ciphers *enc;
const Ciphers *dec;
@ -494,11 +511,12 @@ WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl,
}
}
/* retrieve cipher suite if SCE supports */
Scecipher = GetSceCipherSuite(ssl->options.cipherSuite0,
sceCipher = GetSceCipherSuite(ssl->options.cipherSuite0,
ssl->options.cipherSuite);
side = ssl->options.side;
if (Scecipher != WOLFSSL_SCE_ILLEGAL_CIPHERSUITE && side == WOLFSSL_CLIENT_END)
if (sceCipher != (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE
&& side == WOLFSSL_CLIENT_END)
return 1;
else
return 0;
@ -578,7 +596,7 @@ WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const struct WOLFSSL *ssl,
}
wolfSSL_SetTlsHmacInner((struct WOLFSSL*)ssl, myInner,
messageSz, content, 1);
(word32)messageSz, (int)content, 1);
ret = R_SCE_SHA256HMAC_VerifyInit(
&_handle,
@ -768,8 +786,9 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(struct WOLFSSL *ssl,
/* unlock hw */
wc_sce_hw_unlock();
}
else
else {
WOLFSSL_LEAVE("hw lock failed", ret);
}
WOLFSSL_LEAVE("sce_generateSessionKey", ret);
return ret;
@ -1052,7 +1071,7 @@ WOLFSSL_LOCAL int wc_sce_storeKeyCtx(struct WOLFSSL* ssl, User_SCEPKCbInfo* info
XMEMCPY(info->sce_clientRandom, ssl->arrays->clientRandom, 32);
XMEMCPY(info->sce_serverRandom, ssl->arrays->serverRandom, 32);
info->sce_cipher = GetSceCipherSuite(ssl->options.cipherSuite0,
info->sce_cipher = (uint8_t)GetSceCipherSuite(ssl->options.cipherSuite0,
ssl->options.cipherSuite);
}
WOLFSSL_LEAVE("sce_storeKeyCtx", ret);
@ -1105,6 +1124,7 @@ WOLFSSL_API void wc_sce_set_callbacks(WOLFSSL_CTX* ctx)
wolfSSL_CTX_SetRsaEncCb(ctx, Renesas_cmn_RsaEnc);
wolfSSL_CTX_SetVerifyMacCb(ctx, Renesas_cmn_VerifyHmac);
/* reset callbacks */
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
}
/* Set callback contexts needed for sce TLS api handling */

14
wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
View File

@ -1,6 +1,6 @@
/* renesas_cmn.h
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -33,11 +33,11 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in,
const unsigned char* keyDer, unsigned int keySz, void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message,
word32 messageSz, word32 macSz, word32 content, void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
const uint8_t* key, uint32_t keySz, int* result, void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
uint8_t** out, const byte* key, uint32_t keySz, void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
unsigned int sigSz, const unsigned char* hash, unsigned int hashSz,
const unsigned char* key, unsigned int keySz, int* result, void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, unsigned char* sig, unsigned int sigSz,
unsigned char** out, const unsigned char* key, unsigned int keySz, void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
word32 sz, int padSz, int content, int verify, int epochOrder);
WOLFSSL_LOCAL int Renesas_cmn_usable(const WOLFSSL *ssl, byte seskey_gennerated);
@ -56,4 +56,4 @@ int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
word32 key_n_start, word32 key_n_len, word32 key_e_start,
word32 key_e_len, word32 cm_row);
WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx);
#endif /* __RENESAS_CMN_H__ */
#endif /* __RENESAS_CMN_H__ */