mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 18:57:27 +02:00
Merge pull request #5121 from miyazakh/sce_example_update2
This commit is contained in:
Chris Conlon
GitHub
@ -1,6 +1,6 @@
|
||||
/* wolfssl_demo.h
|
||||
*
|
||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
||||
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
@ -35,34 +35,47 @@
|
||||
#define DIRECT_KEY_ADDRESS_256 FLASH_HP_DF_BLOCK_1
|
||||
#define DIRECT_KEY_ADDRESS_128 FLASH_HP_DF_BLOCK_2
|
||||
|
||||
/* Client connects to the server with these details. */
|
||||
#define SERVER_IP "192.168.11.49"
|
||||
#define DEFAULT_PORT 11111
|
||||
|
||||
/* Enable wolfcrypt test */
|
||||
/* can be enabled with benchmark test */
|
||||
/*#define CRYPT_TEST*/
|
||||
/* #define CRYPT_TEST */
|
||||
|
||||
/* Enable benchmark */
|
||||
/* can be enabled with cyrpt test */
|
||||
/*#define BENCHMARK*/
|
||||
/* #define BENCHMARK */
|
||||
|
||||
/* Enable TLS client */
|
||||
/* cannot enable with CRYPT_TEST or BENCHMARK */
|
||||
#define TLS_CLIENT
|
||||
/* Specify cipher suites that are supported by SCE
|
||||
* ClientHello specifies the cipher suite to communicate peer Server
|
||||
* so that TLS handshake uses SCE protect mode
|
||||
*/
|
||||
#define TEST_CIPHER_SPECIFIED
|
||||
|
||||
/* Use RSA certificates */
|
||||
#define USE_CERT_BUFFERS_2048
|
||||
/* Use ECC certificates */
|
||||
/*#define USE_CERT_BUFFERS_256*/
|
||||
/*#define USE_CERT_BUFFERS_256 */
|
||||
|
||||
#if defined(USE_CERT_BUFFERS_2048) && defined(USE_CERT_BUFFERS_256)
|
||||
#error please set either macro USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_256
|
||||
#endif
|
||||
|
||||
typedef struct tagTestInfo
|
||||
{
|
||||
int id;
|
||||
int port;
|
||||
char name[32];
|
||||
const char* cipher;
|
||||
WOLFSSL_CTX* ctx;
|
||||
wolfSSL_Logging_cb log_f;
|
||||
} TestInfo;
|
||||
|
||||
void sce_test();
|
||||
void TCPInit();
|
||||
void wolfSSL_TLS_client_init();
|
||||
void wolfSSL_TLS_client();
|
||||
void wolfSSL_TLS_client_do(void *pvParam);
|
||||
void wolfSSL_TLS_cleanup();
|
||||
extern WOLFSSL_CTX *client_ctx;
|
||||
|
||||
static void util_Cleanup(xSocket_t xSock, WOLFSSL_CTX *ctx, WOLFSSL *ssl) {
|
||||
printf("Cleaning up socket and wolfSSL objects.\n");
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/* myprintf.c
|
||||
*
|
||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
||||
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
@ -22,6 +22,8 @@
|
||||
|
||||
#define SEGGER_INDEX (0)
|
||||
|
||||
int myprintf(const char * sFormat, ...);
|
||||
|
||||
int myprintf(const char * sFormat, ...)
|
||||
{
|
||||
int r;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/* test_main.c
|
||||
*
|
||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
||||
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
@ -19,14 +19,15 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
|
||||
#include "stdio.h"
|
||||
#include "stdint.h"
|
||||
#include "wolfssl_demo.h"
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
|
||||
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
|
||||
|
||||
User_SCEPKCbInfo guser_PKCbInfo;
|
||||
#endif
|
||||
|
||||
@ -40,6 +41,8 @@ void abort(void);
|
||||
}
|
||||
#endif
|
||||
|
||||
void R_BSP_WarmStart(bsp_warm_start_event_t event);
|
||||
|
||||
/* the function is called just before main() to set up pins */
|
||||
/* this needs to be called to setup IO Port */
|
||||
void R_BSP_WarmStart (bsp_warm_start_event_t event)
|
||||
@ -106,7 +109,7 @@ typedef struct func_args {
|
||||
void wolfcrypt_test(func_args args);
|
||||
int benchmark_test(void *args);
|
||||
|
||||
|
||||
/* Entry function of SCE test */
|
||||
void sce_test(void)
|
||||
{
|
||||
|
||||
@ -154,51 +157,65 @@ void sce_test(void)
|
||||
#include "r_sce.h"
|
||||
|
||||
#if defined(USE_CERT_BUFFERS_256)
|
||||
#if defined(TEST_CIPHER_SPECIFIED)
|
||||
const char* cipherlist[] = {
|
||||
NULL, /* not specify cipher suite */
|
||||
#if defined(WOLFSSL_TLS13)
|
||||
NULL, NULL, NULL,
|
||||
#else
|
||||
"ECDHE-ECDSA-AES128-GCM-SHA256",
|
||||
"ECDHE-ECDSA-AES256-SHA", /* SW only */
|
||||
"ECDHE-ECDSA-AES128-SHA256",
|
||||
"ECDHE-ECDSA-AES128-GCM-SHA256"
|
||||
};
|
||||
const int cipherlist_sz = 2;
|
||||
#else
|
||||
const char* cipherlist[] = {
|
||||
NULL
|
||||
};
|
||||
const int cipherlist_sz = 1;
|
||||
#endif /* TEST_CIPHER_SPECIFIED */
|
||||
|
||||
#else
|
||||
#if defined(TEST_CIPHER_SPECIFIED)
|
||||
const char* cipherlist[] = {
|
||||
"AES128-SHA256",
|
||||
"AES256-SHA256",
|
||||
"ECDHE-RSA-AES128-SHA256",
|
||||
"ECDHE-RSA-AES128-GCM-SHA256"
|
||||
#endif
|
||||
};
|
||||
const int cipherlist_sz = 4;
|
||||
TestInfo info[cipherlist_sz];
|
||||
#else
|
||||
const char* cipherlist[] = {
|
||||
NULL
|
||||
NULL, /* not specify cipher suite */
|
||||
#if defined(WOLFSSL_TLS13)
|
||||
NULL, NULL, NULL, NULL, NULL,
|
||||
#else
|
||||
"ECDHE-RSA-AES128-GCM-SHA256",
|
||||
"ECDHE-RSA-AES256-SHA", /* SW only */
|
||||
"ECDHE-RSA-AES128-SHA256",
|
||||
"AES128-SHA256",
|
||||
"AES256-SHA256",
|
||||
#endif
|
||||
};
|
||||
const int cipherlist_sz = 1;
|
||||
#endif /* TEST_CIPHER_SPECIFIED */
|
||||
const int cipherlist_sz = 6;
|
||||
TestInfo info[cipherlist_sz];
|
||||
#endif
|
||||
|
||||
int i = 0;
|
||||
|
||||
printf("\n Start Client Example, ");
|
||||
printf("\n Connecting to %s\n\n", SERVER_IP);
|
||||
|
||||
SetScetlsKey();
|
||||
|
||||
TCPInit();
|
||||
|
||||
do {
|
||||
if(cipherlist_sz > 0 && cipherlist[i] != NULL )
|
||||
printf("cipher : %s\n", cipherlist[i]);
|
||||
wolfSSL_TLS_client_init();
|
||||
|
||||
wolfSSL_TLS_client_init(cipherlist[i]);
|
||||
wolfSSL_TLS_client();
|
||||
do {
|
||||
|
||||
info[i].port = DEFAULT_PORT;
|
||||
info[i].cipher = cipherlist[i];
|
||||
info[i].ctx = client_ctx;
|
||||
info[i].id = i;
|
||||
|
||||
memset(info[i].name, 0, sizeof(info[i].name));
|
||||
sprintf(info[i].name, "wolfSSL_TLS_client_do(%02d)", i);
|
||||
|
||||
wolfSSL_TLS_client_do(&info[i]);
|
||||
|
||||
i++;
|
||||
} while (i < cipherlist_sz);
|
||||
|
||||
printf("\n End of Client Example");
|
||||
|
||||
wolfSSL_TLS_cleanup();
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/* wolf_client.c
|
||||
*
|
||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
||||
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
@ -29,22 +29,36 @@
|
||||
#include "wolfssl/certs_test.h"
|
||||
|
||||
uint32_t g_encrypted_root_public_key[140];
|
||||
static WOLFSSL_CTX *client_ctx;
|
||||
WOLFSSL_CTX *client_ctx = NULL;
|
||||
|
||||
extern uint8_t g_ether0_mac_address[6];
|
||||
typedef struct user_EccPKCbInfo;
|
||||
extern struct user_PKCbInfo guser_PKCbInfo;
|
||||
static const byte ucIPAddress[4] = { 192, 168, 11, 241 };
|
||||
static const byte ucNetMask[4] = { 255, 255, 255, 0 };
|
||||
static const byte ucGatewayAddress[4] = { 192, 168, 11, 1 };
|
||||
static const byte ucDNSServerAddress[4] = { 192, 168, 11, 1 };
|
||||
|
||||
/* Client connects to the server with these details. */
|
||||
#define SERVER_IP "192.168.11.40"
|
||||
#define DEFAULT_PORT 11111
|
||||
|
||||
#define FR_SOCKET_SUCCESS 0
|
||||
|
||||
extern struct User_PKCbInfo guser_PKCbInfo;
|
||||
|
||||
int SEGGER_RTT_vprintf(unsigned BufferIndex, const char * sFormat, va_list * pParamList);
|
||||
|
||||
static int msg(const char* pname, int l,
|
||||
const char * sFormat, ...)
|
||||
{
|
||||
int r = 0;
|
||||
va_list ParamList;
|
||||
|
||||
va_start(ParamList, sFormat);
|
||||
|
||||
printf("[%s][%02d] ", pname, l);
|
||||
r = SEGGER_RTT_vprintf(0, sFormat, &ParamList);
|
||||
|
||||
va_end(ParamList);
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
void TCPInit( )
|
||||
{
|
||||
BaseType_t fr_status;
|
||||
@ -60,7 +74,7 @@ void TCPInit( )
|
||||
}
|
||||
}
|
||||
|
||||
void wolfSSL_TLS_client_init(const char* cipherlist)
|
||||
void wolfSSL_TLS_client_init()
|
||||
{
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
@ -80,9 +94,6 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
|
||||
#endif
|
||||
|
||||
wolfSSL_Init();
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
wolfSSL_Debugging_ON();
|
||||
#endif
|
||||
|
||||
/* Create and initialize WOLFSSL_CTX */
|
||||
if ((client_ctx = wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
|
||||
@ -105,85 +116,122 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* use specific cipher */
|
||||
if (cipherlist != NULL && wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
|
||||
printf("client can't set cipher list 1");
|
||||
}
|
||||
}
|
||||
|
||||
void wolfSSL_TLS_client( )
|
||||
void wolfSSL_TLS_client_do(void *pvParam)
|
||||
{
|
||||
|
||||
int ret;
|
||||
int i = 0;
|
||||
|
||||
TestInfo* p = (TestInfo*)pvParam;
|
||||
/* FreeRTOS+TCP Objects */
|
||||
socklen_t xSize = sizeof(struct freertos_sockaddr);
|
||||
xSocket_t xClientSocket = NULL;
|
||||
struct freertos_sockaddr xRemoteAddress;
|
||||
|
||||
WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)client_ctx;
|
||||
WOLFSSL *ssl;
|
||||
WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx;
|
||||
WOLFSSL *ssl = NULL;
|
||||
const char* pcName = p->name;
|
||||
|
||||
#define BUFF_SIZE 256
|
||||
static const char sendBuff[]= "Hello Server\n" ;
|
||||
|
||||
char rcvBuff[BUFF_SIZE] = {0};
|
||||
|
||||
i = p->id;
|
||||
/* Client Socket Setup */
|
||||
xRemoteAddress.sin_port = FreeRTOS_htons(DEFAULT_PORT);
|
||||
xRemoteAddress.sin_port = FreeRTOS_htons(p->port);
|
||||
xRemoteAddress.sin_addr = FreeRTOS_inet_addr(SERVER_IP);
|
||||
|
||||
/* Create a FreeRTOS TCP Socket and connect */
|
||||
xClientSocket = FreeRTOS_socket(FREERTOS_AF_INET,
|
||||
FREERTOS_SOCK_STREAM,
|
||||
FREERTOS_IPPROTO_TCP);
|
||||
|
||||
configASSERT(xClientSocket != FREERTOS_INVALID_SOCKET);
|
||||
FreeRTOS_bind(xClientSocket, &xRemoteAddress, sizeof(xSize));
|
||||
|
||||
FreeRTOS_bind(xClientSocket, NULL, sizeof(xSize));
|
||||
|
||||
/* Client Socket Connect */
|
||||
ret = FreeRTOS_connect(xClientSocket,
|
||||
&xRemoteAddress,
|
||||
sizeof(xRemoteAddress));
|
||||
if (ret != FR_SOCKET_SUCCESS) {
|
||||
printf("Error [%d]: FreeRTOS_connect.\n",ret);
|
||||
util_inf_loop(xClientSocket, ctx, ssl);
|
||||
msg(pcName, i, " Error [%d]: FreeRTOS_connect.\n", ret);
|
||||
goto out;
|
||||
}
|
||||
|
||||
msg(pcName, i, " Start to connect to the server.\n");
|
||||
|
||||
if((ssl = wolfSSL_new(ctx)) == NULL) {
|
||||
printf("ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
|
||||
return;
|
||||
msg(pcName, i, " ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
|
||||
goto out;
|
||||
}
|
||||
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||
/* set callback ctx */
|
||||
memset(&guser_PKCbInfo, 0, sizeof(User_SCEPKCbInfo));
|
||||
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
|
||||
#endif
|
||||
|
||||
/* Attach wolfSSL to the socket */
|
||||
ret = wolfSSL_set_fd(ssl, (int) xClientSocket);
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
printf("Error [%d]: wolfSSL_set_fd.\n",ret);
|
||||
util_inf_loop(xClientSocket, ctx, ssl);
|
||||
msg(pcName, i, " Error [%d]: wolfSSL_set_fd.\n",ret);
|
||||
}
|
||||
|
||||
if(p->cipher)
|
||||
msg(pcName, i, " Cipher : %s\n", p->cipher);
|
||||
/* use specific cipher */
|
||||
if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher) != WOLFSSL_SUCCESS) {
|
||||
msg(pcName, i, " client can't set cipher list 1");
|
||||
goto out;
|
||||
}
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
wolfSSL_Debugging_ON();
|
||||
if (p->log_f != NULL)
|
||||
wolfSSL_SetLoggingCb(p->log_f);
|
||||
#endif
|
||||
if(wolfSSL_connect(ssl) != SSL_SUCCESS) {
|
||||
printf("ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0));
|
||||
return;
|
||||
msg(pcName, i, " ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0));
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
|
||||
printf("ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
|
||||
return;
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
wolfSSL_Debugging_OFF();
|
||||
#endif
|
||||
if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff)) != (int)strlen(sendBuff)) {
|
||||
msg(pcName, i, " ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE)) < 0) {
|
||||
printf("ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0));
|
||||
return;
|
||||
msg(pcName, i, " ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0));
|
||||
goto out;
|
||||
}
|
||||
|
||||
rcvBuff[ret] = '\0' ;
|
||||
printf("Received: %s\n\n", rcvBuff);
|
||||
msg(pcName, i, " Received: %s\n\n", rcvBuff);
|
||||
|
||||
/* frees all data before client termination */
|
||||
out:
|
||||
if (ssl) {
|
||||
wolfSSL_shutdown(ssl);
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
ssl = NULL;
|
||||
/* need to reset callback */
|
||||
wc_sce_set_callbacks(client_ctx);
|
||||
}
|
||||
/* clean up socket */
|
||||
if (xClientSocket) {
|
||||
FreeRTOS_shutdown(xClientSocket, FREERTOS_SHUT_RDWR);
|
||||
FreeRTOS_closesocket(xClientSocket);
|
||||
xClientSocket = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
void wolfSSL_TLS_cleanup()
|
||||
{
|
||||
if (client_ctx) {
|
||||
wolfSSL_CTX_free(client_ctx);
|
||||
}
|
||||
wolfSSL_Cleanup();
|
||||
}
|
||||
|
||||
@ -357,6 +357,8 @@ static void wolfssl_log(const int logLevel, const char *const logMessage)
|
||||
xil_printf("%s\r\n", logMessage);
|
||||
#elif defined(WOLFSSL_LINUXKM)
|
||||
printk("%s\n", logMessage);
|
||||
#elif defined(WOLFSSL_RENESAS_RA6M4)
|
||||
myprintf("%s\n", logMessage);
|
||||
#else
|
||||
fprintf(stderr, "%s\n", logMessage);
|
||||
#endif
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/* renesas_common.c
|
||||
*
|
||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
||||
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
@ -380,8 +380,9 @@ static byte sce_tsip_rootCAverified(void)
|
||||
* keySz Length of key in bytes
|
||||
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
|
||||
*/
|
||||
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
|
||||
byte** out, const byte* key, word32 keySz, void* ctx)
|
||||
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, unsigned char* sig,
|
||||
unsigned int sigSz, unsigned char** out,
|
||||
const unsigned char* key, unsigned int keySz, void* ctx)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
@ -404,7 +405,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
|
||||
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||
ret = wc_SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx);
|
||||
|
||||
if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) {
|
||||
if (ret == 0) {
|
||||
/* Set Callback for SharedSecret when successful */
|
||||
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
|
||||
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
|
||||
@ -431,9 +432,9 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
|
||||
* result a pointer to int indicates if the verify is ok
|
||||
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
|
||||
*/
|
||||
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
|
||||
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
|
||||
const uint8_t* key, uint32_t keySz, int* result, void* ctx)
|
||||
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
|
||||
unsigned int sigSz, const unsigned char* hash, unsigned int hashSz,
|
||||
const unsigned char* key, unsigned int keySz, int* result, void* ctx)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
@ -455,7 +456,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
|
||||
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||
ret = wc_SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz,
|
||||
result, ctx);
|
||||
if (ret == 0 && *result == 1 && ret != CRYPTOCB_UNAVAILABLE) {
|
||||
if (ret == 0 && *result == 1) {
|
||||
/* Set callback for SharedSecret when being successful */
|
||||
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
|
||||
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
|
||||
@ -526,17 +527,17 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
|
||||
|
||||
WOLFSSL_ENTER("Renesas_cmn_TlsFinished");
|
||||
|
||||
/* sanity check */
|
||||
if (ssl == NULL || ctx == NULL || side == NULL || handshake_hash == NULL ||
|
||||
hashes == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
|
||||
ret = wc_tsip_generateVerifyData(ssl->arrays->tsip_masterSecret,
|
||||
side, handshake_hash, hashes);
|
||||
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||
if (Renesas_cmn_usable(ssl, 1)) {
|
||||
ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret,
|
||||
side, handshake_hash, hashes);
|
||||
}
|
||||
else
|
||||
ret = PROTOCOLCB_UNAVAILABLE;
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@ -598,14 +599,13 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
|
||||
|
||||
WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
|
||||
|
||||
/* sanity check */
|
||||
if (ssl == NULL || ctx == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
|
||||
ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, devId);
|
||||
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||
if (Renesas_cmn_usable(ssl, 0)) {
|
||||
ret = wc_sce_generateSessionKey(ssl, ctx, devId);
|
||||
} else
|
||||
ret = PROTOCOLCB_UNAVAILABLE;
|
||||
#endif
|
||||
if (ret == 0) {
|
||||
wolfSSL_CTX_SetEncryptKeysCb(ssl->ctx, Renesas_cmn_EncryptKeys);
|
||||
@ -737,8 +737,10 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx)
|
||||
wolfSSL_SetGenSessionKeyCtx(ssl, NULL);
|
||||
}
|
||||
}
|
||||
else
|
||||
else {
|
||||
WOLFSSL_MSG("PROTOCOLCB_UNAVAILABLE\n");
|
||||
ret = PROTOCOLCB_UNAVAILABLE;
|
||||
}
|
||||
|
||||
#endif
|
||||
return ret;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/* renesas_sce_aes.c
|
||||
*
|
||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
||||
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
@ -134,7 +134,8 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
|
||||
/* allocate buffers for plaintext, ciphertext and authTag to make sure
|
||||
* those buffers 32bit aligned as SCE requests.
|
||||
*/
|
||||
delta = sz % AES_BLOCK_SIZE;
|
||||
delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 :
|
||||
AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE);
|
||||
plainBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
|
||||
cipherBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
|
||||
aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
|
||||
@ -205,7 +206,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
|
||||
ret = updateFn(&_handle, plainBuf, cipherBuf, sz, NULL, 0UL);
|
||||
}
|
||||
if (ret != FSP_SUCCESS) {
|
||||
WOLFSSL_MSG("R_SCE_AesXXXGcmEncryptUpdate: failed");
|
||||
WOLFSSL_MSG("R_SCE_AesXXXGcmEncryptUpdate2: failed");
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
@ -217,18 +218,21 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
|
||||
*/
|
||||
dataLen = 0;
|
||||
ret = finalFn(&_handle,
|
||||
cipherBuf + (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE,
|
||||
cipherBuf + (sz + delta - AES_BLOCK_SIZE),
|
||||
&dataLen,
|
||||
aTagBuf);
|
||||
|
||||
if (ret == FSP_SUCCESS) {
|
||||
/* copy encrypted data to out */
|
||||
if (sz != dataLen) {
|
||||
WOLFSSL_MSG("sz is not equal to dataLen!!!!");
|
||||
ret = -1;
|
||||
} else {
|
||||
XMEMCPY(out, cipherBuf, dataLen);
|
||||
|
||||
/* copy auth tag to caller's buffer */
|
||||
XMEMCPY((void*)authTag, (void*)aTagBuf,
|
||||
min(authTagSz, SCE_AES_GCM_AUTH_TAG_SIZE ));
|
||||
|
||||
}
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("R_SCE_AesxxxGcmEncryptFinal: failed");
|
||||
@ -319,7 +323,8 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
|
||||
/* allocate buffers for plain-text, cipher-text, authTag and AAD.
|
||||
* TSIP requests those buffers 32bit aligned.
|
||||
*/
|
||||
delta = sz % AES_BLOCK_SIZE;
|
||||
delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 :
|
||||
AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE);
|
||||
cipherBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
|
||||
plainBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
|
||||
aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
|
||||
@ -396,15 +401,21 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
|
||||
if (ret == FSP_SUCCESS) {
|
||||
dataLen = 0;
|
||||
ret = finalFn(&_handle,
|
||||
plainBuf + (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE,
|
||||
plainBuf + (sz + delta - AES_BLOCK_SIZE),
|
||||
&dataLen,
|
||||
aTagBuf,
|
||||
min(16, authTagSz));
|
||||
|
||||
if (ret == FSP_SUCCESS) {
|
||||
/* copy plain data to out */
|
||||
if (sz != dataLen) {
|
||||
WOLFSSL_MSG("sz is not equal to dataLen!!!!");
|
||||
ret = -1;
|
||||
}
|
||||
else {
|
||||
XMEMCPY(out, plainBuf, dataLen);
|
||||
}
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("R_SCE_AesXXXGcmDecryptFinal: failed");
|
||||
ret = -1;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/* renesas_sce_util.c
|
||||
*
|
||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
||||
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
@ -207,6 +207,7 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
|
||||
XMEMCPY(&peerkey[4], qx, qxLen);
|
||||
XMEMCPY(&peerkey[4+qxLen], qy, qyLen);
|
||||
|
||||
if ((ret = wc_sce_hw_lock()) == 0) {
|
||||
/* 0 : RSA 2048bit, 1 : Reserved, 2 : ECDSA P-256 */
|
||||
ret = R_SCE_TLS_ServerKeyExchangeVerify(
|
||||
type,
|
||||
@ -225,6 +226,13 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
|
||||
ret = WOLFSSL_SUCCESS;
|
||||
cbInfo->pk_key_set = 1;
|
||||
}
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Failed to lock sce hw ");
|
||||
}
|
||||
|
||||
/* unlock hw */
|
||||
wc_sce_hw_unlock();
|
||||
|
||||
XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return ret;
|
||||
@ -328,12 +336,13 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Callback for ECC shared secret */
|
||||
WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
||||
uint8_t* pubKeyDer, unsigned int* pubKeySz,
|
||||
uint8_t* out, unsigned int* outlen, int side, void* ctx)
|
||||
{
|
||||
int ret;
|
||||
int ret = WOLFSSL_SUCCESS;
|
||||
(void) otherKey;
|
||||
(void) side;
|
||||
|
||||
@ -351,6 +360,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
||||
side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
|
||||
|
||||
if (cbInfo->pk_key_set == 1) {
|
||||
if ((ret = wc_sce_hw_lock()) == 0) {
|
||||
/* Generate ECC PUblic key pair */
|
||||
ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate(
|
||||
&cbInfo->ecc_p256_wrapped_key,
|
||||
@ -379,8 +389,15 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
||||
/* set master secret generation callback for use */
|
||||
wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret);
|
||||
wolfSSL_SetGenMasterSecretCtx(ssl, cbInfo);
|
||||
|
||||
}
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Failed to lock sce hw ");
|
||||
}
|
||||
|
||||
/* unlock hw */
|
||||
wc_sce_hw_unlock();
|
||||
|
||||
*outlen = 64;
|
||||
WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
|
||||
}
|
||||
@ -458,7 +475,7 @@ WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl,
|
||||
uint8_t session_key_generated)
|
||||
{
|
||||
WOLFSSL_ENTER("sce_usable");
|
||||
byte Scecipher;
|
||||
uint32_t sceCipher;
|
||||
byte side;
|
||||
const Ciphers *enc;
|
||||
const Ciphers *dec;
|
||||
@ -494,11 +511,12 @@ WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl,
|
||||
}
|
||||
}
|
||||
/* retrieve cipher suite if SCE supports */
|
||||
Scecipher = GetSceCipherSuite(ssl->options.cipherSuite0,
|
||||
sceCipher = GetSceCipherSuite(ssl->options.cipherSuite0,
|
||||
ssl->options.cipherSuite);
|
||||
side = ssl->options.side;
|
||||
|
||||
if (Scecipher != WOLFSSL_SCE_ILLEGAL_CIPHERSUITE && side == WOLFSSL_CLIENT_END)
|
||||
if (sceCipher != (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE
|
||||
&& side == WOLFSSL_CLIENT_END)
|
||||
return 1;
|
||||
else
|
||||
return 0;
|
||||
@ -578,7 +596,7 @@ WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const struct WOLFSSL *ssl,
|
||||
}
|
||||
|
||||
wolfSSL_SetTlsHmacInner((struct WOLFSSL*)ssl, myInner,
|
||||
messageSz, content, 1);
|
||||
(word32)messageSz, (int)content, 1);
|
||||
|
||||
ret = R_SCE_SHA256HMAC_VerifyInit(
|
||||
&_handle,
|
||||
@ -768,8 +786,9 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(struct WOLFSSL *ssl,
|
||||
/* unlock hw */
|
||||
wc_sce_hw_unlock();
|
||||
}
|
||||
else
|
||||
else {
|
||||
WOLFSSL_LEAVE("hw lock failed", ret);
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("sce_generateSessionKey", ret);
|
||||
return ret;
|
||||
@ -1052,7 +1071,7 @@ WOLFSSL_LOCAL int wc_sce_storeKeyCtx(struct WOLFSSL* ssl, User_SCEPKCbInfo* info
|
||||
XMEMCPY(info->sce_clientRandom, ssl->arrays->clientRandom, 32);
|
||||
XMEMCPY(info->sce_serverRandom, ssl->arrays->serverRandom, 32);
|
||||
|
||||
info->sce_cipher = GetSceCipherSuite(ssl->options.cipherSuite0,
|
||||
info->sce_cipher = (uint8_t)GetSceCipherSuite(ssl->options.cipherSuite0,
|
||||
ssl->options.cipherSuite);
|
||||
}
|
||||
WOLFSSL_LEAVE("sce_storeKeyCtx", ret);
|
||||
@ -1105,6 +1124,7 @@ WOLFSSL_API void wc_sce_set_callbacks(WOLFSSL_CTX* ctx)
|
||||
wolfSSL_CTX_SetRsaEncCb(ctx, Renesas_cmn_RsaEnc);
|
||||
wolfSSL_CTX_SetVerifyMacCb(ctx, Renesas_cmn_VerifyHmac);
|
||||
|
||||
/* reset callbacks */
|
||||
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
|
||||
}
|
||||
/* Set callback contexts needed for sce TLS api handling */
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/* renesas_cmn.h
|
||||
*
|
||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
||||
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
@ -33,11 +33,11 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in,
|
||||
const unsigned char* keyDer, unsigned int keySz, void* ctx);
|
||||
WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message,
|
||||
word32 messageSz, word32 macSz, word32 content, void* ctx);
|
||||
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
|
||||
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
|
||||
const uint8_t* key, uint32_t keySz, int* result, void* ctx);
|
||||
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
|
||||
uint8_t** out, const byte* key, uint32_t keySz, void* ctx);
|
||||
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
|
||||
unsigned int sigSz, const unsigned char* hash, unsigned int hashSz,
|
||||
const unsigned char* key, unsigned int keySz, int* result, void* ctx);
|
||||
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, unsigned char* sig, unsigned int sigSz,
|
||||
unsigned char** out, const unsigned char* key, unsigned int keySz, void* ctx);
|
||||
WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
|
||||
word32 sz, int padSz, int content, int verify, int epochOrder);
|
||||
WOLFSSL_LOCAL int Renesas_cmn_usable(const WOLFSSL *ssl, byte seskey_gennerated);
|
||||
|
||||
Reference in New Issue
Block a user