wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8993 from miyazakh/tsip_tlsproperties_uc

Browse Source 
Make properties related to TLS handshake hidden for TSIP TLS user-context structure
This commit is contained in:
Sean Parkinson
2025-07-22 17:05:44 +10:00
committed by GitHub
parent 6c847b1870 ba358b8fb8
commit 1f72866489
12 changed files with 436 additions and 362 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/keys.c
View File

@@ -3559,7 +3559,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
cbInfo->side = side; cbInfo->side = side;
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) #elif defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
cbInfo->key_side = side; cbInfo->internal->key_side = side;
#endif #endif
ret = ssl->ctx->EncryptKeysCb(ssl, ctx); ret = ssl->ctx->EncryptKeysCb(ssl, ctx);
} }

2
src/tls.c
View File

@@ -52,7 +52,7 @@
#endif #endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
#endif #endif
#include <wolfssl/wolfcrypt/hpke.h> #include <wolfssl/wolfcrypt/hpke.h>

19
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@@ -40,7 +40,7 @@
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \ #elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
#define cmn_hw_lock tsip_hw_lock #define cmn_hw_lock tsip_hw_lock
#define cmn_hw_unlock tsip_hw_unlock #define cmn_hw_unlock tsip_hw_unlock
@@ -494,7 +494,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
if (gdevId < 0) { if (gdevId < 0) {
gdevId = INITIAL_DEVID; gdevId = INITIAL_DEVID;
} }
cbInfo->devId = gdevId++; cbInfo->internal->devId = gdevId++;
cmn_hw_unlock(); cmn_hw_unlock();
} }
else { else {
@@ -502,7 +502,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
return INVALID_DEVID; return INVALID_DEVID;
} }
if (wc_CryptoCb_RegisterDevice(cbInfo->devId, if (wc_CryptoCb_RegisterDevice(cbInfo->internal->devId,
Renesas_cmn_CryptoDevCb, cbInfo) < 0) { Renesas_cmn_CryptoDevCb, cbInfo) < 0) {
/* undo devId number */ /* undo devId number */
gdevId--; gdevId--;
@@ -513,12 +513,12 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) && \ !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) && \
!defined(HAVE_RENESAS_SYNC) !defined(HAVE_RENESAS_SYNC)
if (ssl) if (ssl)
wolfSSL_SetDevId(ssl, cbInfo->devId); wolfSSL_SetDevId(ssl, cbInfo->internal->devId);
#endif #endif
gCbCtx[cbInfo->devId - INITIAL_DEVID] = (void*)cbInfo; gCbCtx[cbInfo->internal->devId - INITIAL_DEVID] = (void*)cbInfo;
return cbInfo->devId; return cbInfo->internal->devId;
} }
/* Renesas Security Library Common Method /* Renesas Security Library Common Method
@@ -764,8 +764,8 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
if (cbInfo->session_key_set == 1) { if (cbInfo->internal->session_key_set == 1) {
switch(cbInfo->key_side) { switch(cbInfo->internal->key_side) {
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
@@ -820,7 +820,8 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
WOLFSSL_ENTER("Renesas_cmn_generateSessionKey"); WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
if (Renesas_cmn_usable(ssl, 0)) { if (Renesas_cmn_usable(ssl, 0)) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateSessionKey(ssl, cbInfo, cbInfo->devId); ret = wc_tsip_generateSessionKey(ssl, cbInfo,
cbInfo->internal->devId);
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId); ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId);
#endif #endif

71
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@@ -40,7 +40,7 @@
#include <wolfssl/internal.h> #include <wolfssl/internal.h>
#endif #endif
#include <wolfssl/wolfcrypt/aes.h> #include <wolfssl/wolfcrypt/aes.h>
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h"
#ifdef NO_INLINE #ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h> #include <wolfssl/wolfcrypt/misc.h>
#else #else
@@ -100,7 +100,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
{ {
int ret = 0; int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS; e_tsip_err_t err = TSIP_SUCCESS;
TsipUserCtx* tuc = NULL; TsipUserCtx_Internal* tuc = NULL;
e_tsip_tls13_cipher_suite_t cs; e_tsip_tls13_cipher_suite_t cs;
word32 cipher[(WC_AES_BLOCK_SIZE + TSIP_AES_GCM_AUTH_TAG_SIZE) / word32 cipher[(WC_AES_BLOCK_SIZE + TSIP_AES_GCM_AUTH_TAG_SIZE) /
sizeof(word32)]; sizeof(word32)];
@@ -113,7 +113,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
WOLFSSL_ENTER("tsip_Tls13AesEncrypt"); WOLFSSL_ENTER("tsip_Tls13AesEncrypt");
if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) { if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0) ||
(ssl->RenesasUserCtx == NULL)) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -122,7 +123,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
} }
/* get user context for TSIP */ /* get user context for TSIP */
tuc = ssl->RenesasUserCtx; tuc = (TsipUserCtx_Internal*)((TsipUserCtx*)ssl->RenesasUserCtx)->internal;
if (tuc == NULL) { if (tuc == NULL) {
WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
return CRYPTOCB_UNAVAILABLE; return CRYPTOCB_UNAVAILABLE;
@@ -247,7 +248,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
{ {
int ret = 0; int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS; e_tsip_err_t err = TSIP_SUCCESS;
TsipUserCtx* tuc = NULL; TsipUserCtx_Internal* tuc = NULL;
e_tsip_tls13_cipher_suite_t cs; e_tsip_tls13_cipher_suite_t cs;
word32 cipher[WC_AES_BLOCK_SIZE / sizeof(word32)]; word32 cipher[WC_AES_BLOCK_SIZE / sizeof(word32)];
word32 plain[WC_AES_BLOCK_SIZE / sizeof(word32)]; word32 plain[WC_AES_BLOCK_SIZE / sizeof(word32)];
@@ -260,7 +261,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
WOLFSSL_ENTER("tsip_Tls13AesDecrypt"); WOLFSSL_ENTER("tsip_Tls13AesDecrypt");
if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) { if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0) ||
(ssl->RenesasUserCtx == NULL)) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -269,7 +271,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
} }
/* get user context for TSIP */ /* get user context for TSIP */
tuc = ssl->RenesasUserCtx; tuc = (TsipUserCtx_Internal*)
((TsipUserCtx*)(ssl->RenesasUserCtx))->internal;
if (tuc == NULL) { if (tuc == NULL) {
WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl."); WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
return CRYPTOCB_UNAVAILABLE; return CRYPTOCB_UNAVAILABLE;
@@ -439,16 +442,26 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
} }
(void)devIdArg; (void)devIdArg;
(void)_tsip_cpAesKeyIndex2AesCtx;
if (info->algo_type == WC_ALGO_TYPE_CIPHER) { if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES) #if !defined(NO_AES)
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM if (info->cipher.type == WC_CIPHER_AES_GCM
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo != NULL && cbInfo->session_key_set == 1 && cbInfo != NULL &&
cbInfo->internal->session_key_set == 1
#endif #endif
) { ) {
/* prioritize TLS Session Key than User TSIP Aes Key */
/* TODO : identify if Aes API is called through */
/* while doing TLS handshake or Crypt API */
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (cbInfo->internal->session_key_set == 1)
ret = 0;
else
#else
ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo); ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
#endif
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG("Failed to copy Aes Key Index from " WOLFSSL_MSG("Failed to copy Aes Key Index from "
"UserCtx to AES Ctx"); "UserCtx to AES Ctx");
@@ -489,12 +502,18 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
if (info->cipher.type == WC_CIPHER_AES_CTR if (info->cipher.type == WC_CIPHER_AES_CTR
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo != NULL && cbInfo->session_key_set == 1 && cbInfo != NULL && cbInfo->internal->session_key_set == 1
#endif #endif
) { ) {
int remain = (int)(info->cipher.aesctr.sz % WC_AES_BLOCK_SIZE); int remain = (int)(info->cipher.aesctr.sz % WC_AES_BLOCK_SIZE);
if (remain == 0) { if (remain == 0) {
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (cbInfo->internal->session_key_set == 1)
ret = 0;
else
#else
ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo); ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
#endif
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG("Failed to copy Aes Key Index from " WOLFSSL_MSG("Failed to copy Aes Key Index from "
"UserCtx to AES Ctx"); "UserCtx to AES Ctx");
@@ -513,10 +532,16 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
#ifdef HAVE_AES_CBC #ifdef HAVE_AES_CBC
if (info->cipher.type == WC_CIPHER_AES_CBC if (info->cipher.type == WC_CIPHER_AES_CBC
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo != NULL && cbInfo->session_key_set == 1 && cbInfo != NULL && cbInfo->internal->session_key_set == 1
#endif #endif
) { ) {
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (cbInfo->internal->session_key_set == 1)
ret = 0;
else
#else
ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo); ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
#endif
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG("Failed to copy Aes Key Index from " WOLFSSL_MSG("Failed to copy Aes Key Index from "
"UserCtx to AES Ctx"); "UserCtx to AES Ctx");
@@ -819,7 +844,7 @@ int wc_tsip_AesGcmEncrypt(
finalFn = R_TSIP_Aes256GcmEncryptFinal; finalFn = R_TSIP_Aes256GcmEncryptFinal;
} }
userCtx = (TsipUserCtx*)ctx; userCtx = ((TsipUserCtx*)ctx);
/* buffer for cipher data output must be multiple of WC_AES_BLOCK_SIZE */ /* buffer for cipher data output must be multiple of WC_AES_BLOCK_SIZE */
cipherBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE; cipherBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE;
@@ -850,15 +875,15 @@ int wc_tsip_AesGcmEncrypt(
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (ret == 0 && if (ret == 0 &&
userCtx->session_key_set == 1) { userCtx->internal->session_key_set == 1) {
/* generate AES-GCM session key. The key stored in /* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here. * Aes.ctx.tsip_keyIdx is not used here.
*/ */
err = R_TSIP_TlsGenerateSessionKey( err = R_TSIP_TlsGenerateSessionKey(
userCtx->tsip_cipher, userCtx->internal->tsip_cipher,
(uint32_t*)userCtx->tsip_masterSecret, (uint32_t*)userCtx->internal->tsip_masterSecret,
(uint8_t*) userCtx->tsip_clientRandom, (uint8_t*) userCtx->internal->tsip_clientRandom,
(uint8_t*) userCtx->tsip_serverRandom, (uint8_t*) userCtx->internal->tsip_serverRandom,
&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */ &iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
NULL, NULL,
NULL, NULL,
@@ -1018,7 +1043,7 @@ int wc_tsip_AesGcmDecrypt(
finalFn = R_TSIP_Aes256GcmDecryptFinal; finalFn = R_TSIP_Aes256GcmDecryptFinal;
} }
userCtx = (TsipUserCtx *)ctx; userCtx = ((TsipUserCtx *)ctx);
/* buffer for plain data output must be multiple of WC_AES_BLOCK_SIZE */ /* buffer for plain data output must be multiple of WC_AES_BLOCK_SIZE */
plainBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE; plainBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE;
@@ -1049,15 +1074,15 @@ int wc_tsip_AesGcmDecrypt(
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (ret == 0 && if (ret == 0 &&
userCtx->session_key_set == 1) { userCtx->internal->session_key_set == 1) {
/* generate AES-GCM session key. The key stored in /* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here. * Aes.ctx.tsip_keyIdx is not used here.
*/ */
err = R_TSIP_TlsGenerateSessionKey( err = R_TSIP_TlsGenerateSessionKey(
userCtx->tsip_cipher, userCtx->internal->tsip_cipher,
(uint32_t*)userCtx->tsip_masterSecret, (uint32_t*)userCtx->internal->tsip_masterSecret,
(uint8_t*) userCtx->tsip_clientRandom, (uint8_t*) userCtx->internal->tsip_clientRandom,
(uint8_t*) userCtx->tsip_serverRandom, (uint8_t*) userCtx->internal->tsip_serverRandom,
(uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */ (uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
NULL, NULL,
NULL, NULL,

19
wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
View File

@@ -43,7 +43,7 @@
#include <wolfssl/wolfcrypt/memory.h> #include <wolfssl/wolfcrypt/memory.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
extern struct WOLFSSL_HEAP_HINT* tsip_heap_hint; extern struct WOLFSSL_HEAP_HINT* tsip_heap_hint;
@@ -82,7 +82,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
if (tuc == NULL) { if (tuc == NULL) {
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
else if (!tuc->HandshakeClientTrafficKey_set) { else if (!tuc->internal->HandshakeClientTrafficKey_set) {
WOLFSSL_MSG("Client handshake traffic keys aren't created by TSIP"); WOLFSSL_MSG("Client handshake traffic keys aren't created by TSIP");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -97,8 +97,9 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
err = R_TSIP_Sha256HmacGenerateInit(&(tuc->hmacFinished13Handle), err = R_TSIP_Sha256HmacGenerateInit(
&(tuc->clientFinished13Idx)); &(tuc->internal->hmacFinished13Handle),
&(tuc->internal->clientFinished13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed"); WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed");
@@ -108,7 +109,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
if (ret == 0) { if (ret == 0) {
err = R_TSIP_Sha256HmacGenerateUpdate( err = R_TSIP_Sha256HmacGenerateUpdate(
&(tuc->hmacFinished13Handle), &(tuc->internal->hmacFinished13Handle),
(uint8_t*)hash, (uint8_t*)hash,
WC_SHA256_DIGEST_SIZE); WC_SHA256_DIGEST_SIZE);
@@ -120,7 +121,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
if (ret == 0) { if (ret == 0) {
err = R_TSIP_Sha256HmacGenerateFinal( err = R_TSIP_Sha256HmacGenerateFinal(
&(tuc->hmacFinished13Handle), mac); &(tuc->internal->hmacFinished13Handle), mac);
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed"); WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed");
ret = WC_HW_E; ret = WC_HW_E;
@@ -185,7 +186,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
/* check if TSIP is used for this session */ /* check if TSIP is used for this session */
if (ret == 0) { if (ret == 0) {
if (!tuc->Dhe_key_set) { if (!tuc->internal->Dhe_key_set) {
WOLFSSL_MSG("DH key not set."); WOLFSSL_MSG("DH key not set.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -195,7 +196,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
if (ret == 0) { if (ret == 0) {
c24to32(&data[1], &messageSz); c24to32(&data[1], &messageSz);
bag = &(tuc->messageBag); bag = &(tuc->internal->messageBag);
if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES || if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES ||
bag->buffIdx + sz > MSGBAG_SIZE) { bag->buffIdx + sz > MSGBAG_SIZE) {
@@ -246,7 +247,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
if (tuc == NULL) { if (tuc == NULL) {
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
bag = &(tuc->messageBag); bag = &(tuc->internal->messageBag);
} }
if (ret == 0) { if (ret == 0) {

304
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@@ -45,7 +45,7 @@
#include <wolfssl/internal.h> #include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h> #include <wolfssl/error-ssl.h>
#endif #endif
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
#include <stdio.h> #include <stdio.h>
@@ -132,13 +132,13 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl,
WOLFSSL_ENTER("tsip_use_PublicKey_buffer_TLS"); WOLFSSL_ENTER("tsip_use_PublicKey_buffer_TLS");
if (ssl == NULL if (ssl == NULL
|| keyBuf == NULL || keyBufLen == 0) { || keyBuf == NULL || keyBufLen == 0 || ssl->RenesasUserCtx == NULL) {
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
if (ret == 0){ if (ret == 0){
tuc = ssl->RenesasUserCtx; tuc = ssl->RenesasUserCtx;
tuc->wrappedPublicKey = (uint8_t*)keyBuf; tuc->internal->wrappedPublicKey = (uint8_t*)keyBuf;
tuc->wrappedKeyType = keyType; tuc->wrappedKeyType = keyType;
} }
@@ -161,18 +161,20 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_TLS"); WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_TLS");
if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 ) { if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 ||
ssl->RenesasUserCtx == NULL) {
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
if (ret == 0){ if (ret == 0){
tuc = ssl->RenesasUserCtx; tuc = ssl->RenesasUserCtx;
tuc->wrappedPrivateKey = (uint8_t*)keyBuf; tuc->internal->wrappedPrivateKey = (uint8_t*)keyBuf;
tuc->wrappedKeyType = keyType; tuc->wrappedKeyType = keyType;
/* store keyType as Id since Id capacity is 32 bytes */ /* store keyType as Id since Id capacity is 32 bytes */
ret = wolfSSL_use_PrivateKey_Id(ssl, ret = wolfSSL_use_PrivateKey_Id(ssl,
(const unsigned char*)keyBuf, 32, tuc->devId); (const unsigned char*)keyBuf, 32,
tuc->internal->devId);
if (ret == WOLFSSL_SUCCESS) { if (ret == WOLFSSL_SUCCESS) {
ret = 0; ret = 0;
} }
@@ -197,7 +199,6 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
const char* keyBuf, int keyBufLen, int keyType) const char* keyBuf, int keyBufLen, int keyType)
{ {
int ret = 0; int ret = 0;
TsipUserCtx* tuc = NULL;
WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt"); WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt");
@@ -206,9 +207,8 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
} }
if (ret == 0){ if (ret == 0){
tuc = uc; uc->internal->wrappedPublicKey = (uint8_t*)keyBuf;
tuc->wrappedPublicKey = (uint8_t*)keyBuf; uc->wrappedKeyType = keyType;
tuc->wrappedKeyType = keyType;
} }
WOLFSSL_LEAVE("tsip_use_PublicKey_buffer_crypt", ret); WOLFSSL_LEAVE("tsip_use_PublicKey_buffer_crypt", ret);
@@ -226,7 +226,6 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
const char* keyBuf, int keyBufLen, int keyType) const char* keyBuf, int keyBufLen, int keyType)
{ {
int ret = 0; int ret = 0;
TsipUserCtx* tuc = NULL;
WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_crypt"); WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_crypt");
@@ -234,10 +233,8 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
if (ret == 0){ if (ret == 0){
tuc = uc; uc->internal->wrappedPrivateKey = (uint8_t*)keyBuf;
uc->wrappedKeyType = keyType;
tuc->wrappedPrivateKey = (uint8_t*)keyBuf;
tuc->wrappedKeyType = keyType;
} }
WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer_crypt", ret); WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer_crypt", ret);
@@ -287,7 +284,7 @@ static void tsipFlushMessages(struct WOLFSSL* ssl)
return; return;
} }
bag = &(tuc->messageBag); bag = &(tuc->internal->messageBag);
ForceZero(bag, sizeof(MsgBag)); ForceZero(bag, sizeof(MsgBag));
@@ -310,6 +307,14 @@ int tsip_TlsCleanup(struct WOLFSSL* ssl)
/* free stored messages */ /* free stored messages */
tsipFlushMessages(ssl); tsipFlushMessages(ssl);
/* free internal structure */
if (tuc->internal) {
XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
tuc->internal = NULL;
}
/* zero clear */
ForceZero(tuc, sizeof(TsipUserCtx));
return ret; return ret;
} }
@@ -401,19 +406,19 @@ int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
tuc->Dhe_key_set =0; tuc->internal->Dhe_key_set =0;
err = R_TSIP_GenerateTls13P256EccKeyIndex( err = R_TSIP_GenerateTls13P256EccKeyIndex(
&(tuc->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->EcdhPrivKey13Idx), /* private key index */ &(tuc->internal->EcdhPrivKey13Idx),/* private key index */
&(kse->pubKey[1])); /* generated public key */ &(kse->pubKey[1])); /* generated public key */
if (err != TSIP_SUCCESS){ret = WC_HW_E;} if (err != TSIP_SUCCESS){ret = WC_HW_E;}
if (ret == 0) { if (ret == 0) {
WOLFSSL_MSG("ECDH private key-index is stored by TSIP"); WOLFSSL_MSG("ECDH private key-index is stored by TSIP");
tuc->Dhe_key_set =1; tuc->internal->Dhe_key_set =1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -483,7 +488,7 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
} }
if (ret == 0) { if (ret == 0) {
if (!tuc->Dhe_key_set) { if (!tuc->internal->Dhe_key_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -492,15 +497,15 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
tuc->SharedSecret_set = 0; tuc->internal->SharedSecret_set = 0;
pubkeyraw = kse->ke + 1; /* peer's raw public key data */ pubkeyraw = kse->ke + 1; /* peer's raw public key data */
/* derive shared secret */ /* derive shared secret */
err = R_TSIP_Tls13GenerateEcdheSharedSecret( err = R_TSIP_Tls13GenerateEcdheSharedSecret(
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
pubkeyraw, /* peer's ECDHE public key */ pubkeyraw, /* peer's ECDHE public key */
&(tuc->EcdhPrivKey13Idx), /*(out) own ECDHE priv key */ &(tuc->internal->EcdhPrivKey13Idx),/*(out) own ECDHE priv key */
&(tuc->sharedSecret13Idx)); /*(out) PreMasterSecret */ &(tuc->internal->sharedSecret13Idx)); /*(out) PreMasterSecret */
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13GenerateEcdheSharedSecret error"); WOLFSSL_MSG("R_TSIP_Tls13GenerateEcdheSharedSecret error");
@@ -508,7 +513,7 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
} }
if (ret == 0) { if (ret == 0) {
/* set flag for later tsip operations */ /* set flag for later tsip operations */
tuc->SharedSecret_set = 1; tuc->internal->SharedSecret_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -539,7 +544,7 @@ int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
else { else {
tuc->EarlySecret_set = 1; tuc->internal->EarlySecret_set = 1;
} }
} }
@@ -588,7 +593,7 @@ int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
/* check if pre-master secret is generated by tsip */ /* check if pre-master secret is generated by tsip */
if (!tuc->SharedSecret_set) { if (!tuc->internal->SharedSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -597,18 +602,18 @@ int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
tuc->HandshakeSecret_set = 0; tuc->internal->HandshakeSecret_set = 0;
err = R_TSIP_Tls13GenerateHandshakeSecret( err = R_TSIP_Tls13GenerateHandshakeSecret(
&(tuc->sharedSecret13Idx), &(tuc->internal->sharedSecret13Idx),
&(tuc->handshakeSecret13Idx)); &(tuc->internal->handshakeSecret13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13GenerateHandshakeSecret error"); WOLFSSL_MSG("R_TSIP_Tls13GenerateHandshakeSecret error");
ret = WC_HW_E; ret = WC_HW_E;
} }
if (ret == 0) { if (ret == 0) {
tuc->HandshakeSecret_set = 1; tuc->internal->HandshakeSecret_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
} }
@@ -655,7 +660,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
/* make sure client handshake secret is generated by tsip */ /* make sure client handshake secret is generated by tsip */
if (!tuc->HandshakeSecret_set) { if (!tuc->internal->HandshakeSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -669,15 +674,15 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
tuc->HandshakeClientTrafficKey_set = 0; tuc->internal->HandshakeClientTrafficKey_set = 0;
err = R_TSIP_Tls13GenerateClientHandshakeTrafficKey( err = R_TSIP_Tls13GenerateClientHandshakeTrafficKey(
&(tuc->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->handshakeSecret13Idx), &(tuc->internal->handshakeSecret13Idx),
hash, hash,
&(tuc->clientWriteKey13Idx), &(tuc->internal->clientWriteKey13Idx),
&(tuc->clientFinished13Idx)); &(tuc->internal->clientFinished13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG( WOLFSSL_MSG(
@@ -687,7 +692,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
/* key derivation succeeded */ /* key derivation succeeded */
if (ret == 0) { if (ret == 0) {
tuc->HandshakeClientTrafficKey_set = 1; tuc->internal->HandshakeClientTrafficKey_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -735,7 +740,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
/* make sure client handshake secret is generated by tsip */ /* make sure client handshake secret is generated by tsip */
if (!tuc->HandshakeSecret_set) { if (!tuc->internal->HandshakeSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -749,15 +754,15 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
tuc->HandshakeServerTrafficKey_set = 0; tuc->internal->HandshakeServerTrafficKey_set = 0;
err = R_TSIP_Tls13GenerateServerHandshakeTrafficKey( err = R_TSIP_Tls13GenerateServerHandshakeTrafficKey(
&(tuc->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->handshakeSecret13Idx), &(tuc->internal->handshakeSecret13Idx),
hash, hash,
&(tuc->serverWriteKey13Idx), &(tuc->internal->serverWriteKey13Idx),
&(tuc->serverFinished13Idx)); &(tuc->internal->serverFinished13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG( WOLFSSL_MSG(
@@ -767,7 +772,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
/* key derivation succeeded */ /* key derivation succeeded */
if (ret == 0) { if (ret == 0) {
tuc->HandshakeServerTrafficKey_set = 1; tuc->internal->HandshakeServerTrafficKey_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -815,7 +820,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
/* make sure master secret is generated by tsip */ /* make sure master secret is generated by tsip */
if (!tuc->MasterSecret_set) { if (!tuc->internal->MasterSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -829,20 +834,20 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
tuc->ServerTrafficSecret_set = 0; tuc->internal->ServerTrafficSecret_set = 0;
tuc->ClientTrafficSecret_set = 0; tuc->internal->ClientTrafficSecret_set = 0;
tuc->ServerWriteTrafficKey_set = 0; tuc->internal->ServerWriteTrafficKey_set = 0;
tuc->ClientWriteTrafficKey_set = 0; tuc->internal->ClientWriteTrafficKey_set = 0;
err = R_TSIP_Tls13GenerateApplicationTrafficKey( err = R_TSIP_Tls13GenerateApplicationTrafficKey(
&(tuc->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->masterSecret13Idx), &(tuc->internal->masterSecret13Idx),
(uint8_t*)hash, (uint8_t*)hash,
&(tuc->serverAppTraffic13Secret), &(tuc->internal->serverAppTraffic13Secret),
&(tuc->clientAppTraffic13Secret), &(tuc->internal->clientAppTraffic13Secret),
&(tuc->serverAppWriteKey13Idx), &(tuc->internal->serverAppWriteKey13Idx),
&(tuc->clientAppWriteKey13Idx)); &(tuc->internal->clientAppWriteKey13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG( WOLFSSL_MSG(
@@ -852,10 +857,10 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
/* key derivation succeeded */ /* key derivation succeeded */
if (ret == 0) { if (ret == 0) {
tuc->ServerTrafficSecret_set = 1; tuc->internal->ServerTrafficSecret_set = 1;
tuc->ClientTrafficSecret_set = 1; tuc->internal->ClientTrafficSecret_set = 1;
tuc->ServerWriteTrafficKey_set = 1; tuc->internal->ServerWriteTrafficKey_set = 1;
tuc->ClientWriteTrafficKey_set = 1; tuc->internal->ClientWriteTrafficKey_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -902,7 +907,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
/* make sure application secret is generated by tsip */ /* make sure application secret is generated by tsip */
if (!tuc->ClientTrafficSecret_set) { if (!tuc->internal->ClientTrafficSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -910,21 +915,21 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
tuc->ClientWriteTrafficKey_set = 0; tuc->internal->ClientWriteTrafficKey_set = 0;
err = R_TSIP_Tls13UpdateApplicationTrafficKey( err = R_TSIP_Tls13UpdateApplicationTrafficKey(
&(tuc->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
TSIP_TLS13_UPDATE_CLIENT_KEY, TSIP_TLS13_UPDATE_CLIENT_KEY,
&(tuc->clientAppTraffic13Secret), &(tuc->internal->clientAppTraffic13Secret),
&(tuc->clientAppTraffic13Secret), &(tuc->internal->clientAppTraffic13Secret),
&(tuc->clientAppWriteKey13Idx)); &(tuc->internal->clientAppWriteKey13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error"); WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error");
ret = WC_HW_E; ret = WC_HW_E;
} }
else { else {
tuc->ClientWriteTrafficKey_set = 1; tuc->internal->ClientWriteTrafficKey_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
} }
@@ -970,7 +975,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
/* make sure application secret is generated by tsip */ /* make sure application secret is generated by tsip */
if (!tuc->ServerTrafficSecret_set) { if (!tuc->internal->ServerTrafficSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -978,21 +983,21 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
tuc->ServerWriteTrafficKey_set = 0; tuc->internal->ServerWriteTrafficKey_set = 0;
err = R_TSIP_Tls13UpdateApplicationTrafficKey( err = R_TSIP_Tls13UpdateApplicationTrafficKey(
&(tuc->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
TSIP_TLS13_UPDATE_SERVER_KEY, TSIP_TLS13_UPDATE_SERVER_KEY,
&(tuc->serverAppTraffic13Secret), &(tuc->internal->serverAppTraffic13Secret),
&(tuc->serverAppTraffic13Secret), &(tuc->internal->serverAppTraffic13Secret),
&(tuc->serverAppWriteKey13Idx)); &(tuc->internal->serverAppWriteKey13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error"); WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error");
ret = WC_HW_E; ret = WC_HW_E;
} }
else { else {
tuc->ServerWriteTrafficKey_set = 1; tuc->internal->ServerWriteTrafficKey_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
} }
@@ -1131,8 +1136,8 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
} }
if (ret == 0) { if (ret == 0) {
/* make sure handshake secret and verify data has been set by TSIP */ /* make sure handshake secret and verify data has been set by TSIP */
if (!tuc->HandshakeSecret_set || if (!tuc->internal->HandshakeSecret_set ||
!tuc->HandshakeVerifiedData_set) { !tuc->internal->HandshakeVerifiedData_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -1140,14 +1145,14 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
tuc->MasterSecret_set = 0; tuc->internal->MasterSecret_set = 0;
err = R_TSIP_Tls13GenerateMasterSecret( err = R_TSIP_Tls13GenerateMasterSecret(
&(tuc->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->handshakeSecret13Idx), &(tuc->internal->handshakeSecret13Idx),
(uint32_t*)tuc->verifyData13Idx, (uint32_t*)tuc->internal->verifyData13Idx,
&(tuc->masterSecret13Idx)); &(tuc->internal->masterSecret13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG( WOLFSSL_MSG(
@@ -1156,7 +1161,7 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
} }
if (ret == 0) { if (ret == 0) {
tuc->MasterSecret_set = 1; tuc->internal->MasterSecret_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -1210,7 +1215,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
if (ret == 0) { if (ret == 0) {
/* make sure handshake secret is generated by tsip */ /* make sure handshake secret is generated by tsip */
if (!tuc->HandshakeServerTrafficKey_set) { if (!tuc->internal->HandshakeServerTrafficKey_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -1223,14 +1228,14 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
tuc->HandshakeVerifiedData_set = 0; tuc->internal->HandshakeVerifiedData_set = 0;
err = R_TSIP_Tls13ServerHandshakeVerification( err = R_TSIP_Tls13ServerHandshakeVerification(
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->serverFinished13Idx), &(tuc->internal->serverFinished13Idx),
(uint8_t*)msgHash, (uint8_t*)msgHash,
(uint8_t*)hash, (uint8_t*)hash,
(uint32_t*)(tuc->verifyData13Idx)); (uint32_t*)(tuc->internal->verifyData13Idx));
if (err == TSIP_ERR_VERIFICATION_FAIL) { if (err == TSIP_ERR_VERIFICATION_FAIL) {
WOLFSSL_MSG("Handshake verification error"); WOLFSSL_MSG("Handshake verification error");
@@ -1242,7 +1247,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
} }
if (ret == 0) { if (ret == 0) {
WOLFSSL_MSG("Verified handshake"); WOLFSSL_MSG("Verified handshake");
tuc->HandshakeVerifiedData_set = 1; tuc->internal->HandshakeVerifiedData_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -1545,10 +1550,10 @@ int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
if (ret == 0) { if (ret == 0) {
/* create sign data */ /* create sign data */
sigData = tuc->sigDataCertVerify; sigData = tuc->internal->sigDataCertVerify;
idx = 0; idx = 0;
ForceZero(sigData, sizeof(tuc->sigDataCertVerify)); ForceZero(sigData, sizeof(tuc->internal->sigDataCertVerify));
XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
TSIP_SIGNING_DATA_PREFIX_SZ); TSIP_SIGNING_DATA_PREFIX_SZ);
@@ -1686,12 +1691,12 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if (isRsa) { if (isRsa) {
if (!tuc->ClientRsa2048PrivKey_set) { if (!tuc->internal->ClientRsa2048PrivKey_set) {
ret = NO_PRIVATE_KEY; ret = NO_PRIVATE_KEY;
} }
} }
else { else {
if (!tuc->ClientEccPrivKey_set) { if (!tuc->internal->ClientEccPrivKey_set) {
ret = NO_PRIVATE_KEY; ret = NO_PRIVATE_KEY;
} }
} }
@@ -1724,7 +1729,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
if (isRsa) { if (isRsa) {
err = R_TSIP_Tls13CertificateVerifyGenerate( err = R_TSIP_Tls13CertificateVerifyGenerate(
(uint32_t*)&(tuc->Rsa2048PrivateKeyIdx), (uint32_t*)&(tuc->internal->Rsa2048PrivateKeyIdx),
TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256, TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256,
hash, hash,
message + HANDSHAKE_HEADER_SZ, message + HANDSHAKE_HEADER_SZ,
@@ -1732,7 +1737,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
} }
else { else {
err = R_TSIP_Tls13CertificateVerifyGenerate( err = R_TSIP_Tls13CertificateVerifyGenerate(
(uint32_t*)&(tuc->EcdsaPrivateKeyIdx), (uint32_t*)&(tuc->internal->EcdsaPrivateKeyIdx),
TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256, TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
hash, hash,
message + HANDSHAKE_HEADER_SZ, message + HANDSHAKE_HEADER_SZ,
@@ -1762,7 +1767,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if (isRsa) { if (isRsa) {
if (!tuc->ClientRsa2048PubKey_set) { if (!tuc->internal->ClientRsa2048PubKey_set) {
ret = NO_PRIVATE_KEY; ret = NO_PRIVATE_KEY;
} }
} }
@@ -1776,10 +1781,10 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
} }
if (ret == 0) { if (ret == 0) {
sigData = tuc->sigDataCertVerify; sigData = tuc->internal->sigDataCertVerify;
idx = 0; idx = 0;
ForceZero(sigData, sizeof(tuc->sigDataCertVerify)); ForceZero(sigData, sizeof(tuc->internal->sigDataCertVerify));
XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
TSIP_SIGNING_DATA_PREFIX_SZ); TSIP_SIGNING_DATA_PREFIX_SZ);
@@ -1822,7 +1827,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
err = R_TSIP_RsassaPss2048SignatureVerification( err = R_TSIP_RsassaPss2048SignatureVerification(
&rsa_sig, &rsa_hash, &rsa_sig, &rsa_hash,
&tuc->Rsa2048PublicKeyIdx, &(tuc->internal)->Rsa2048PublicKeyIdx,
R_TSIP_RSA_HASH_SHA256); R_TSIP_RSA_HASH_SHA256);
WOLFSSL_MSG("Perform self-verify for rsa signature"); WOLFSSL_MSG("Perform self-verify for rsa signature");
} }
@@ -2009,7 +2014,7 @@ static int tsip_ServerKeyExVerify(
(uint8_t*) peerkey, (uint8_t*) peerkey,
(uint8_t*) sig, (uint8_t*) sig,
(uint32_t*)ssl->peerSceTsipEncRsaKeyIndex, (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
(uint32_t*)userCtx->encrypted_ephemeral_ecdh_public_key); (uint32_t*)userCtx->internal->encrypted_ephemeral_ecdh_public_key);
if (ret !=TSIP_SUCCESS) { if (ret !=TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves failed"); WOLFSSL_MSG("R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves failed");
@@ -2166,21 +2171,21 @@ int wc_tsip_EccSharedSecret(
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
/* Generate ECC public key for key exchange */ /* Generate ECC public key for key exchange */
ret = R_TSIP_GenerateTlsP256EccKeyIndex( ret = R_TSIP_GenerateTlsP256EccKeyIndex(
&usrCtx->ecc_p256_wrapped_key, &(usrCtx->internal->ecc_p256_wrapped_key),
(uint8_t*)&usrCtx->ecc_ecdh_public_key); (uint8_t*)&(usrCtx->internal->ecc_ecdh_public_key));
if (ret == TSIP_SUCCESS) { if (ret == TSIP_SUCCESS) {
/* copy generated ecdh public key into buffer */ /* copy generated ecdh public key into buffer */
pubKeyDer[0] = ECC_POINT_UNCOMP; pubKeyDer[0] = ECC_POINT_UNCOMP;
*pubKeySz = 1 + sizeof(usrCtx->ecc_ecdh_public_key); *pubKeySz = 1 + sizeof(usrCtx->internal->ecc_ecdh_public_key);
XMEMCPY(&pubKeyDer[1], &usrCtx->ecc_ecdh_public_key, XMEMCPY(&pubKeyDer[1], &(usrCtx->internal->ecc_ecdh_public_key),
sizeof(usrCtx->ecc_ecdh_public_key)); sizeof(usrCtx->internal->ecc_ecdh_public_key));
/* Generate Premaster Secret */ /* Generate Premaster Secret */
ret = R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key( ret = R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key(
(uint32_t*)&usrCtx->encrypted_ephemeral_ecdh_public_key, (uint32_t*)&(usrCtx->internal->encrypted_ephemeral_ecdh_public_key),
&usrCtx->ecc_p256_wrapped_key, &(usrCtx->internal->ecc_p256_wrapped_key),
(uint32_t*)out/* pre-master secret 64 bytes */); (uint32_t*)out/* pre-master secret 64 bytes */);
} }
if (ret == TSIP_SUCCESS) { if (ret == TSIP_SUCCESS) {
@@ -2242,14 +2247,28 @@ WOLFSSL_API int tsip_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
TsipUserCtx* uCtx = (TsipUserCtx*)user_ctx; TsipUserCtx* uCtx = (TsipUserCtx*)user_ctx;
if (user_ctx == NULL) { if (user_ctx == NULL) {
WOLFSSL_LEAVE("tsip_set_callback_ctx", 0); WOLFSSL_MSG("user ctx is null");
return 0; return BAD_FUNC_ARG;
} }
ForceZero(uCtx, sizeof(TsipUserCtx)); ForceZero(uCtx, sizeof(TsipUserCtx));
uCtx->ssl = ssl;
uCtx->ctx = ssl->ctx; uCtx->internal =
uCtx->heap = ssl->heap; (TsipUserCtx_Internal*)XMALLOC(sizeof(TsipUserCtx_Internal),
uCtx->side = ssl->ctx->method->side; ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (!uCtx->internal) {
printf("Failed to allocate memory for user ctx internal");
return MEMORY_E;
}
ForceZero(uCtx->internal, sizeof(TsipUserCtx_Internal));
uCtx->internal->ssl = ssl;
uCtx->internal->ctx = ssl->ctx;
uCtx->internal->heap = ssl->heap;
uCtx->internal->side = ssl->ctx->method->side;
ssl->RenesasUserCtx = user_ctx; /* ssl doesn't own user_ctx */ ssl->RenesasUserCtx = user_ctx; /* ssl doesn't own user_ctx */
@@ -2316,7 +2335,7 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
if (tuc == NULL) if (tuc == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
encPrivKey = tuc->wrappedPrivateKey; encPrivKey = tuc->internal->wrappedPrivateKey;
if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) { if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) {
WOLFSSL_MSG("Missing some key materials used for import" ); WOLFSSL_MSG("Missing some key materials used for import" );
@@ -2336,12 +2355,12 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
#if !defined(NO_RSA) #if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
tuc->ClientRsa2048PrivKey_set = 0; tuc->internal->ClientRsa2048PrivKey_set = 0;
err = R_TSIP_GenerateRsa2048PrivateKeyIndex( err = R_TSIP_GenerateRsa2048PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey, provisioning_key, iv, (uint8_t*)encPrivKey,
&(tuc->Rsa2048PrivateKeyIdx)); &(tuc->internal->Rsa2048PrivateKeyIdx));
if (err == TSIP_SUCCESS) { if (err == TSIP_SUCCESS) {
tuc->ClientRsa2048PrivKey_set = 1; tuc->internal->ClientRsa2048PrivKey_set = 1;
} }
else { else {
ret = WC_HW_E; ret = WC_HW_E;
@@ -2357,12 +2376,12 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
#if defined(HAVE_ECC) #if defined(HAVE_ECC)
case TSIP_KEY_TYPE_ECDSAP256: case TSIP_KEY_TYPE_ECDSAP256:
tuc->ClientEccPrivKey_set = 0; tuc->internal->ClientEccPrivKey_set = 0;
err = R_TSIP_GenerateEccP256PrivateKeyIndex( err = R_TSIP_GenerateEccP256PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey, provisioning_key, iv, (uint8_t*)encPrivKey,
&(tuc->EcdsaPrivateKeyIdx)); &(tuc->internal->EcdsaPrivateKeyIdx));
if (err == TSIP_SUCCESS) { if (err == TSIP_SUCCESS) {
tuc->ClientEccPrivKey_set = 1; tuc->internal->ClientEccPrivKey_set = 1;
} }
else { else {
ret = WC_HW_E; ret = WC_HW_E;
@@ -2409,7 +2428,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
encPubKey = tuc->wrappedPublicKey; encPubKey = tuc->internal->wrappedPublicKey;
if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) { if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) {
WOLFSSL_MSG("Missing some key materials used for import" ); WOLFSSL_MSG("Missing some key materials used for import" );
@@ -2431,7 +2450,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
(defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1)) (defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1))
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientRsa2048PubKey_set = 0; tuc->internal->ClientRsa2048PubKey_set = 0;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0; tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0;
@@ -2446,14 +2465,14 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
err = R_TSIP_GenerateRsa2048PublicKeyIndex( err = R_TSIP_GenerateRsa2048PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey, provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->Rsa2048PublicKeyIdx) &(tuc->internal->Rsa2048PublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->rsa2048pub_keyIdx tuc->rsa2048pub_keyIdx
#endif #endif
); );
if (err == TSIP_SUCCESS) { if (err == TSIP_SUCCESS) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientRsa2048PubKey_set = 1; tuc->internal->ClientRsa2048PubKey_set = 1;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.rsapub2048_key_set = 1; tuc->keyflgs_crypt.bits.rsapub2048_key_set = 1;
#endif #endif
@@ -2473,7 +2492,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
case TSIP_KEY_TYPE_ECDSAP256: case TSIP_KEY_TYPE_ECDSAP256:
case TSIP_KEY_TYPE_ECDSAP384: case TSIP_KEY_TYPE_ECDSAP384:
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientEccPubKey_set = 0; tuc->internal->ClientEccPubKey_set = 0;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.eccpub_key_set = 0; tuc->keyflgs_crypt.bits.eccpub_key_set = 0;
#endif #endif
@@ -2482,7 +2501,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
err = R_TSIP_GenerateEccP256PublicKeyIndex( err = R_TSIP_GenerateEccP256PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey, provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->EcdsaPublicKeyIdx) &(tuc->internal->EcdsaPublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&tuc->eccpub_keyIdx &tuc->eccpub_keyIdx
#endif #endif
@@ -2496,7 +2515,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
err = R_TSIP_GenerateEccP384PublicKeyIndex( err = R_TSIP_GenerateEccP384PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey, provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->EcdsaPublicKeyIdx) &(tuc->internal->EcdsaPublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&tuc->eccpub_keyIdx &tuc->eccpub_keyIdx
#endif #endif
@@ -2507,7 +2526,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
} }
if (err == TSIP_SUCCESS) { if (err == TSIP_SUCCESS) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientEccPubKey_set = 1; tuc->internal->ClientEccPubKey_set = 1;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.eccpub_key_set = 1; tuc->keyflgs_crypt.bits.eccpub_key_set = 1;
#endif #endif
@@ -3253,9 +3272,9 @@ int wc_tsip_generateSessionKey(
/* ready-for-use flag will be set when SetKeySide() is called */ /* ready-for-use flag will be set when SetKeySide() is called */
} }
if (ctx->tsip_cipher == if (ctx->internal->tsip_cipher ==
R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
ctx->tsip_cipher == ctx->internal->tsip_cipher ==
R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
enc->aes->nonceSz = AEAD_MAX_IMP_SZ; enc->aes->nonceSz = AEAD_MAX_IMP_SZ;
dec->aes->nonceSz = AEAD_MAX_IMP_SZ; dec->aes->nonceSz = AEAD_MAX_IMP_SZ;
@@ -3264,7 +3283,7 @@ int wc_tsip_generateSessionKey(
enc->aes->devId = devId; enc->aes->devId = devId;
dec->aes->devId = devId; dec->aes->devId = devId;
ctx->session_key_set = 1; ctx->internal->session_key_set = 1;
} }
/* unlock hw */ /* unlock hw */
tsip_hw_unlock(); tsip_hw_unlock();
@@ -3367,13 +3386,14 @@ int wc_tsip_storeKeyCtx(WOLFSSL* ssl, TsipUserCtx* userCtx)
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
if (ret == 0) { if (ret == 0) {
XMEMCPY(userCtx->tsip_masterSecret, ssl->arrays->tsip_masterSecret, XMEMCPY(userCtx->internal->tsip_masterSecret,
TSIP_TLS_MASTERSECRET_SIZE); ssl->arrays->tsip_masterSecret, TSIP_TLS_MASTERSECRET_SIZE);
XMEMCPY(userCtx->tsip_clientRandom, ssl->arrays->clientRandom, XMEMCPY(userCtx->internal->tsip_clientRandom,
TSIP_TLS_CLIENTRANDOM_SZ); ssl->arrays->clientRandom, TSIP_TLS_CLIENTRANDOM_SZ);
XMEMCPY(userCtx->tsip_serverRandom, ssl->arrays->serverRandom, XMEMCPY(userCtx->internal->tsip_serverRandom,
TSIP_TLS_SERVERRANDOM_SZ); ssl->arrays->serverRandom, TSIP_TLS_SERVERRANDOM_SZ);
userCtx->tsip_cipher = GetTsipCipherSuite(ssl->options.cipherSuite0, userCtx->internal->tsip_cipher = GetTsipCipherSuite(
ssl->options.cipherSuite0,
ssl->options.cipherSuite); ssl->options.cipherSuite);
} }
@@ -3671,7 +3691,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (info == NULL || tuc == NULL if (info == NULL || tuc == NULL
#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY #ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
|| tuc->ssl == NULL || tuc->internal->ssl == NULL
#endif #endif
) { ) {
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
@@ -3679,7 +3699,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
if (ret == 0) { if (ret == 0) {
ssl = tuc->ssl; ssl = tuc->internal->ssl;
if (ssl->version.major == SSLv3_MAJOR && if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor == TLSv1_3_MINOR) { ssl->version.minor == TLSv1_3_MINOR) {
@@ -3776,7 +3796,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
err = R_TSIP_RsassaPkcs2048SignatureGenerate( err = R_TSIP_RsassaPkcs2048SignatureGenerate(
&hashData, &sigData, &hashData, &sigData,
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
&tuc->Rsa2048PrivateKeyIdx, &(tuc->internal->Rsa2048PrivateKeyIdx),
#else #else
(tsip_rsa2048_private_key_index_t*) (tsip_rsa2048_private_key_index_t*)
tuc->rsa2048pri_keyIdx, tuc->rsa2048pri_keyIdx,
@@ -3877,7 +3897,7 @@ int tsip_VerifyRsaPkcsCb(
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureVerification( err = R_TSIP_RsassaPkcs2048SignatureVerification(
&sigData, &hashData, &sigData, &hashData,
&tuc->Rsa2048PublicKeyIdx, &(tuc->internal->Rsa2048PublicKeyIdx),
tsip_hash_type); tsip_hash_type);
if (err == TSIP_ERR_AUTHENTICATION) { if (err == TSIP_ERR_AUTHENTICATION) {
@@ -3949,7 +3969,7 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
} }
if (ret == 0) { if (ret == 0) {
ssl = tuc->ssl; ssl = tuc->internal->ssl;
if (ssl->version.major == SSLv3_MAJOR && if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor == TLSv1_3_MINOR) { ssl->version.minor == TLSv1_3_MINOR) {
@@ -3984,7 +4004,7 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
offsetForWork; offsetForWork;
err = R_TSIP_EcdsaP256SignatureGenerate( err = R_TSIP_EcdsaP256SignatureGenerate(
&hashData, &sigData, &hashData, &sigData,
&tuc->EcdsaPrivateKeyIdx); &(tuc->internal->EcdsaPrivateKeyIdx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
ret = WC_HW_E; ret = WC_HW_E;
break; break;

2
wolfcrypt/src/random.c
View File

@@ -142,7 +142,7 @@ This library contains implementation for the random number generator.
#elif defined(WOLFSSL_TELIT_M2MB) #elif defined(WOLFSSL_TELIT_M2MB)
#elif defined(WOLFSSL_RENESAS_TSIP) #elif defined(WOLFSSL_RENESAS_TSIP)
/* for wc_tsip_GenerateRandBlock */ /* for wc_tsip_GenerateRandBlock */
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h"
#elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG) #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
#elif defined(WOLFSSL_IMXRT1170_CAAM) #elif defined(WOLFSSL_IMXRT1170_CAAM)
#elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL) #elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL)

2
wolfcrypt/src/wc_port.c
View File

@@ -60,7 +60,7 @@
#include <wolfssl/wolfcrypt/port/atmel/atmel.h> #include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#endif #endif
#if defined(WOLFSSL_RENESAS_TSIP) #if defined(WOLFSSL_RENESAS_TSIP)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
#endif #endif
#if defined(WOLFSSL_RENESAS_FSPSM) #if defined(WOLFSSL_RENESAS_FSPSM)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>

2
wolfssl/internal.h
View File

@@ -291,7 +291,7 @@
#endif #endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
#endif #endif
#include <wolfssl/wolfcrypt/hpke.h> #include <wolfssl/wolfcrypt/hpke.h>

1
wolfssl/wolfcrypt/include.am
View File

@@ -120,6 +120,7 @@ noinst_HEADERS+= \
wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \ wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \ wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \ wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h \
wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \ wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \
wolfssl/wolfcrypt/port/maxim/max3266x.h \ wolfssl/wolfcrypt/port/maxim/max3266x.h \
wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h \ wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h \

159
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@@ -148,157 +148,13 @@ struct tsip_keyflgs_crypt {
}; };
#endif #endif
typedef struct TsipUserCtx_Internal TsipUserCtx_Internal;
/* /*
* TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format. * TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format.
*/ */
typedef struct TsipUserCtx { typedef struct TsipUserCtx {
/* unique number for each session */
int devId;
/* client key pair wrapped by provisioning key */
byte* wrappedPrivateKey;
byte* wrappedPublicKey;
int wrappedKeyType; int wrappedKeyType;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* 0:working as a TLS client, 1: as a server */
byte side;
/* ENCRYPT_SIDE_ONLY:1 DECRYPT_SIDE_ONLY:2 ENCRYPT AND DECRYPT:3 */
byte key_side;
/* public key index for verification of RootCA cert */
uint32_t user_key_id;
/* WOLFSSL object associated with */
struct WOLFSSL* ssl;
struct WOLFSSL_CTX* ctx;
/* HEAP_HINT */
void* heap;
/* TLSv1.3 handshake related members, mainly keys */
/* handle is used as work area for Tls13 handshake */
tsip_tls13_handle_t handle13;
#if !defined(NO_RSA)
/* RSA-2048bit private and public key-index for client authentication */
tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx;
tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx;
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
/* ECC private and public key-index for client authentication */
tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx;
tsip_ecc_public_key_index_t EcdsaPublicKeyIdx;
#endif /* HAVE_ECC */
/* ECDHE private key index for Tls13 handshake */
tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx;
/* ECDHE pre-master secret */
tsip_tls13_ephemeral_shared_secret_key_index_t sharedSecret13Idx;
/* Handshake secret for Tls13 handshake */
tsip_tls13_ephemeral_handshake_secret_key_index_t handshakeSecret13Idx;
/* the key to decrypt server-finished message */
tsip_tls13_ephemeral_server_finished_key_index_t serverFinished13Idx;
/* key for Sha256-Hmac to gen "Client Finished" */
tsip_hmac_sha_key_index_t clientFinished13Idx;
/* AES decryption key for handshake */
tsip_aes_key_index_t serverWriteKey13Idx;
/* AES encryption key for handshake */
tsip_aes_key_index_t clientWriteKey13Idx;
/* Handshake verified data used for master secret */
word32 verifyData13Idx[TSIP_TLS_VERIFY_DATA_WD_SZ];
/* master secret for TLS1.3 */
tsip_tls13_ephemeral_master_secret_key_index_t masterSecret13Idx;
/* server app traffic secret */
tsip_tls13_ephemeral_app_secret_key_index_t serverAppTraffic13Secret;
/* client app traffic secret */
tsip_tls13_ephemeral_app_secret_key_index_t clientAppTraffic13Secret;
/* server write key */
tsip_aes_key_index_t serverAppWriteKey13Idx;
/* client write key */
tsip_aes_key_index_t clientAppWriteKey13Idx;
/* hash handle for transcript hash of handshake messages */
tsip_hmac_sha_handle_t hmacFinished13Handle;
/* storage for handshake messages */
MsgBag messageBag;
/* signature data area for TLS1.3 CertificateVerify message */
byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
/* ephemeral ECDH pubkey index
* got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key.
*/
tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key;
/* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit)
* got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Should be sent to peer(server) in Client Key Exchange msg.
*/
uint8_t ecc_ecdh_public_key[ECCP256_PUBKEY_SZ];
#endif /* WOLFSSL_RENESAS_TSIP_VER >=109 */
/* info to generate session key */
uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
/* TSIP defined cipher suite number */
uint32_t tsip_cipher;
/* flags */
#if !defined(NO_RSA)
uint8_t ClientRsa2048PrivKey_set:1;
uint8_t ClientRsa2048PubKey_set:1;
#endif
#if defined(HAVE_ECC)
uint8_t ClientEccPrivKey_set:1;
uint8_t ClientEccPubKey_set:1;
#endif
uint8_t HmacInitialized:1;
uint8_t RootCAverified:1;
uint8_t EcdsaPrivKey_set:1;
uint8_t Dhe_key_set:1;
uint8_t SharedSecret_set:1;
uint8_t EarlySecret_set:1;
uint8_t HandshakeSecret_set:1;
uint8_t HandshakeClientTrafficKey_set:1;
uint8_t HandshakeServerTrafficKey_set:1;
uint8_t HandshakeVerifiedData_set:1;
uint8_t MasterSecret_set:1;
uint8_t ServerTrafficSecret_set:1;
uint8_t ClientTrafficSecret_set:1;
uint8_t ServerWriteTrafficKey_set:1;
uint8_t ClientWriteTrafficKey_set:1;
uint8_t session_key_set:1;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* installed key handling */
tsip_aes_key_index_t user_aes256_key_index;
uint8_t user_aes256_key_set:1;
tsip_aes_key_index_t user_aes128_key_index;
uint8_t user_aes128_key_set:1;
/* for tsip crypt only mode */ /* for tsip crypt only mode */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#ifndef NO_RSA #ifndef NO_RSA
@@ -330,17 +186,18 @@ typedef struct TsipUserCtx {
} keyflgs_crypt; } keyflgs_crypt;
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ #endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
/* installed key handling */
tsip_aes_key_index_t user_aes256_key_index;
uint8_t user_aes256_key_set:1;
tsip_aes_key_index_t user_aes128_key_index;
uint8_t user_aes128_key_set:1;
TsipUserCtx_Internal* internal;
} TsipUserCtx; } TsipUserCtx;
typedef TsipUserCtx RenesasUserCtx; typedef TsipUserCtx RenesasUserCtx;
typedef TsipUserCtx user_PKCbInfo; typedef TsipUserCtx user_PKCbInfo;
typedef struct
{
TsipUserCtx* userCtx;
} TsipPKCbInfo;
typedef struct typedef struct
{ {
#if (WOLFSSL_RENESAS_TSIP_VER >=109) #if (WOLFSSL_RENESAS_TSIP_VER >=109)

169
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h Normal file
View File

@@ -0,0 +1,169 @@
/* renesas_tsip_internal.h
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _RENESAS_TSIP_INTERNAL_H_
#define _RENESAS_TSIP_INTERNAL_H_
#include "renesas-tsip-crypt.h"
struct TsipUserCtx_Internal {
/* unique number for each session */
int devId;
/* client key pair wrapped by provisioning key */
byte* wrappedPrivateKey;
byte* wrappedPublicKey;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* 0:working as a TLS client, 1: as a server */
byte side;
/* ENCRYPT_SIDE_ONLY:1 DECRYPT_SIDE_ONLY:2 ENCRYPT AND DECRYPT:3 */
byte key_side;
/* public key index for verification of RootCA cert */
uint32_t user_key_id;
/* WOLFSSL object associated with */
struct WOLFSSL* ssl;
struct WOLFSSL_CTX* ctx;
/* HEAP_HINT */
void* heap;
/* TLSv1.3 handshake related members, mainly keys */
/* handle is used as work area for Tls13 handshake */
tsip_tls13_handle_t handle13;
#if !defined(NO_RSA)
/* RSA-2048bit private and public key-index for client authentication */
tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx;
tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx;
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
/* ECC private and public key-index for client authentication */
tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx;
tsip_ecc_public_key_index_t EcdsaPublicKeyIdx;
#endif /* HAVE_ECC */
/* ECDHE private key index for Tls13 handshake */
tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx;
/* ECDHE pre-master secret */
tsip_tls13_ephemeral_shared_secret_key_index_t sharedSecret13Idx;
/* Handshake secret for Tls13 handshake */
tsip_tls13_ephemeral_handshake_secret_key_index_t handshakeSecret13Idx;
/* the key to decrypt server-finished message */
tsip_tls13_ephemeral_server_finished_key_index_t serverFinished13Idx;
/* key for Sha256-Hmac to gen "Client Finished" */
tsip_hmac_sha_key_index_t clientFinished13Idx;
/* AES decryption key for handshake */
tsip_aes_key_index_t serverWriteKey13Idx;
/* AES encryption key for handshake */
tsip_aes_key_index_t clientWriteKey13Idx;
/* Handshake verified data used for master secret */
word32 verifyData13Idx[TSIP_TLS_VERIFY_DATA_WD_SZ];
/* master secret for TLS1.3 */
tsip_tls13_ephemeral_master_secret_key_index_t masterSecret13Idx;
/* server app traffic secret */
tsip_tls13_ephemeral_app_secret_key_index_t serverAppTraffic13Secret;
/* client app traffic secret */
tsip_tls13_ephemeral_app_secret_key_index_t clientAppTraffic13Secret;
/* server write key */
tsip_aes_key_index_t serverAppWriteKey13Idx;
/* client write key */
tsip_aes_key_index_t clientAppWriteKey13Idx;
/* hash handle for transcript hash of handshake messages */
tsip_hmac_sha_handle_t hmacFinished13Handle;
/* storage for handshake messages */
MsgBag messageBag;
/* signature data area for TLS1.3 CertificateVerify message */
byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
/* ephemeral ECDH pubkey index
* got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key.
*/
tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key;
/* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit)
* got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Should be sent to peer(server) in Client Key Exchange msg.
*/
uint8_t ecc_ecdh_public_key[ECCP256_PUBKEY_SZ];
#endif /* WOLFSSL_RENESAS_TSIP_VER >=109 */
/* info to generate session key */
uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
/* TSIP defined cipher suite number */
uint32_t tsip_cipher;
/* flags */
#if !defined(NO_RSA)
uint8_t ClientRsa2048PrivKey_set:1;
uint8_t ClientRsa2048PubKey_set:1;
#endif
#if defined(HAVE_ECC)
uint8_t ClientEccPrivKey_set:1;
uint8_t ClientEccPubKey_set:1;
#endif
uint8_t HmacInitialized:1;
uint8_t RootCAverified:1;
uint8_t EcdsaPrivKey_set:1;
uint8_t Dhe_key_set:1;
uint8_t SharedSecret_set:1;
uint8_t EarlySecret_set:1;
uint8_t HandshakeSecret_set:1;
uint8_t HandshakeClientTrafficKey_set:1;
uint8_t HandshakeServerTrafficKey_set:1;
uint8_t HandshakeVerifiedData_set:1;
uint8_t MasterSecret_set:1;
uint8_t ServerTrafficSecret_set:1;
uint8_t ClientTrafficSecret_set:1;
uint8_t ServerWriteTrafficKey_set:1;
uint8_t ClientWriteTrafficKey_set:1;
uint8_t session_key_set:1;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
};
#endif