wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8993 from miyazakh/tsip_tlsproperties_uc

Browse Source 
Make properties related to TLS handshake hidden for TSIP TLS user-context structure
This commit is contained in:
Sean Parkinson
2025-07-22 17:05:44 +10:00
committed by GitHub
parent 6c847b1870 ba358b8fb8
commit 1f72866489
12 changed files with 436 additions and 362 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/keys.c
View File

@@ -3559,7 +3559,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
cbInfo->side = side;
#elif defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
cbInfo->key_side = side;
cbInfo->internal->key_side = side;
#endif
ret = ssl->ctx->EncryptKeysCb(ssl, ctx);
}

2
src/tls.c
View File

@@ -52,7 +52,7 @@
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
#endif
#include <wolfssl/wolfcrypt/hpke.h>

19
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@@ -40,7 +40,7 @@
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
#define cmn_hw_lock tsip_hw_lock
#define cmn_hw_unlock tsip_hw_unlock
@@ -494,7 +494,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
if (gdevId < 0) {
gdevId = INITIAL_DEVID;
}
cbInfo->devId = gdevId++;
cbInfo->internal->devId = gdevId++;
cmn_hw_unlock();
}
else {
@@ -502,7 +502,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
return INVALID_DEVID;
}
if (wc_CryptoCb_RegisterDevice(cbInfo->devId,
if (wc_CryptoCb_RegisterDevice(cbInfo->internal->devId,
Renesas_cmn_CryptoDevCb, cbInfo) < 0) {
/* undo devId number */
gdevId--;
@@ -513,12 +513,12 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) && \
!defined(HAVE_RENESAS_SYNC)
if (ssl)
wolfSSL_SetDevId(ssl, cbInfo->devId);
wolfSSL_SetDevId(ssl, cbInfo->internal->devId);
#endif
gCbCtx[cbInfo->devId - INITIAL_DEVID] = (void*)cbInfo;
gCbCtx[cbInfo->internal->devId - INITIAL_DEVID] = (void*)cbInfo;
return cbInfo->devId;
return cbInfo->internal->devId;
}
/* Renesas Security Library Common Method
@@ -764,8 +764,8 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
if (cbInfo->session_key_set == 1) {
switch(cbInfo->key_side) {
if (cbInfo->internal->session_key_set == 1) {
switch(cbInfo->internal->key_side) {
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
@@ -820,7 +820,8 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
if (Renesas_cmn_usable(ssl, 0)) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateSessionKey(ssl, cbInfo, cbInfo->devId);
ret = wc_tsip_generateSessionKey(ssl, cbInfo,
cbInfo->internal->devId);
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId);
#endif

85
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@@ -40,7 +40,7 @@
#include <wolfssl/internal.h>
#endif
#include <wolfssl/wolfcrypt/aes.h>
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h"
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
@@ -100,7 +100,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
TsipUserCtx* tuc = NULL;
TsipUserCtx_Internal* tuc = NULL;
e_tsip_tls13_cipher_suite_t cs;
word32 cipher[(WC_AES_BLOCK_SIZE + TSIP_AES_GCM_AUTH_TAG_SIZE) /
sizeof(word32)];
@@ -113,7 +113,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
WOLFSSL_ENTER("tsip_Tls13AesEncrypt");
if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) {
if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0) ||
(ssl->RenesasUserCtx == NULL)) {
return BAD_FUNC_ARG;
}
@@ -122,7 +123,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
}
/* get user context for TSIP */
tuc = ssl->RenesasUserCtx;
tuc = (TsipUserCtx_Internal*)((TsipUserCtx*)ssl->RenesasUserCtx)->internal;
if (tuc == NULL) {
WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
return CRYPTOCB_UNAVAILABLE;
@@ -247,7 +248,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
TsipUserCtx* tuc = NULL;
TsipUserCtx_Internal* tuc = NULL;
e_tsip_tls13_cipher_suite_t cs;
word32 cipher[WC_AES_BLOCK_SIZE / sizeof(word32)];
word32 plain[WC_AES_BLOCK_SIZE / sizeof(word32)];
@@ -260,7 +261,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
WOLFSSL_ENTER("tsip_Tls13AesDecrypt");
if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) {
if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0) ||
(ssl->RenesasUserCtx == NULL)) {
return BAD_FUNC_ARG;
}
@@ -269,7 +271,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
}
/* get user context for TSIP */
tuc = ssl->RenesasUserCtx;
tuc = (TsipUserCtx_Internal*)
((TsipUserCtx*)(ssl->RenesasUserCtx))->internal;
if (tuc == NULL) {
WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
return CRYPTOCB_UNAVAILABLE;
@@ -414,11 +417,11 @@ static int _tsip_cpAesKeyIndex2AesCtx(wc_CryptoInfo* info, TsipUserCtx* cb)
}
if (aes && cb->user_aes256_key_set == 1) {
XMEMCPY(&aes->ctx.tsip_keyIdx,&cb->user_aes256_key_index,
XMEMCPY(&aes->ctx.tsip_keyIdx, &cb->user_aes256_key_index,
sizeof(tsip_aes_key_index_t));
aes->ctx.keySize = 32;
}else if (aes && cb->user_aes128_key_set == 1) {
XMEMCPY(&aes->ctx.tsip_keyIdx,&cb->user_aes128_key_index,
XMEMCPY(&aes->ctx.tsip_keyIdx, &cb->user_aes128_key_index,
sizeof(tsip_aes_key_index_t));
aes->ctx.keySize = 16;
} else
@@ -439,16 +442,26 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
(void)devIdArg;
(void)_tsip_cpAesKeyIndex2AesCtx;
if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo != NULL && cbInfo->session_key_set == 1
&& cbInfo != NULL &&
cbInfo->internal->session_key_set == 1
#endif
) {
ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
/* prioritize TLS Session Key than User TSIP Aes Key */
/* TODO : identify if Aes API is called through */
/* while doing TLS handshake or Crypt API */
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (cbInfo->internal->session_key_set == 1)
ret = 0;
else
#else
ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
#endif
if (ret != 0) {
WOLFSSL_MSG("Failed to copy Aes Key Index from "
"UserCtx to AES Ctx");
@@ -489,12 +502,18 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
#ifdef WOLFSSL_AES_COUNTER
if (info->cipher.type == WC_CIPHER_AES_CTR
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo != NULL && cbInfo->session_key_set == 1
&& cbInfo != NULL && cbInfo->internal->session_key_set == 1
#endif
) {
int remain = (int)(info->cipher.aesctr.sz % WC_AES_BLOCK_SIZE);
if (remain == 0) {
ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (cbInfo->internal->session_key_set == 1)
ret = 0;
else
#else
ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
#endif
if (ret != 0) {
WOLFSSL_MSG("Failed to copy Aes Key Index from "
"UserCtx to AES Ctx");
@@ -513,10 +532,16 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
#ifdef HAVE_AES_CBC
if (info->cipher.type == WC_CIPHER_AES_CBC
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo != NULL && cbInfo->session_key_set == 1
&& cbInfo != NULL && cbInfo->internal->session_key_set == 1
#endif
) {
ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (cbInfo->internal->session_key_set == 1)
ret = 0;
else
#else
ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
#endif
if (ret != 0) {
WOLFSSL_MSG("Failed to copy Aes Key Index from "
"UserCtx to AES Ctx");
@@ -790,7 +815,7 @@ int wc_tsip_AesGcmEncrypt(
uint32_t ivSz_l = 0;
tsip_aes_key_index_t key_client_aes;
TsipUserCtx *userCtx;
TsipUserCtx* userCtx;
WOLFSSL_ENTER("wc_tsip_AesGcmEncrypt");
@@ -819,7 +844,7 @@ int wc_tsip_AesGcmEncrypt(
finalFn = R_TSIP_Aes256GcmEncryptFinal;
}
userCtx = (TsipUserCtx*)ctx;
userCtx = ((TsipUserCtx*)ctx);
/* buffer for cipher data output must be multiple of WC_AES_BLOCK_SIZE */
cipherBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE;
@@ -850,15 +875,15 @@ int wc_tsip_AesGcmEncrypt(
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (ret == 0 &&
userCtx->session_key_set == 1) {
userCtx->internal->session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here.
*/
err = R_TSIP_TlsGenerateSessionKey(
userCtx->tsip_cipher,
(uint32_t*)userCtx->tsip_masterSecret,
(uint8_t*) userCtx->tsip_clientRandom,
(uint8_t*) userCtx->tsip_serverRandom,
userCtx->internal->tsip_cipher,
(uint32_t*)userCtx->internal->tsip_masterSecret,
(uint8_t*) userCtx->internal->tsip_clientRandom,
(uint8_t*) userCtx->internal->tsip_serverRandom,
&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
NULL,
NULL,
@@ -988,7 +1013,7 @@ int wc_tsip_AesGcmDecrypt(
uint32_t ivSz_l = 0;
tsip_aes_key_index_t key_server_aes;
TsipUserCtx *userCtx;
TsipUserCtx* userCtx;
WOLFSSL_ENTER("wc_tsip_AesGcmDecrypt");
@@ -1018,7 +1043,7 @@ int wc_tsip_AesGcmDecrypt(
finalFn = R_TSIP_Aes256GcmDecryptFinal;
}
userCtx = (TsipUserCtx *)ctx;
userCtx = ((TsipUserCtx *)ctx);
/* buffer for plain data output must be multiple of WC_AES_BLOCK_SIZE */
plainBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE;
@@ -1049,15 +1074,15 @@ int wc_tsip_AesGcmDecrypt(
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (ret == 0 &&
userCtx->session_key_set == 1) {
userCtx->internal->session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here.
*/
err = R_TSIP_TlsGenerateSessionKey(
userCtx->tsip_cipher,
(uint32_t*)userCtx->tsip_masterSecret,
(uint8_t*) userCtx->tsip_clientRandom,
(uint8_t*) userCtx->tsip_serverRandom,
userCtx->internal->tsip_cipher,
(uint32_t*)userCtx->internal->tsip_masterSecret,
(uint8_t*) userCtx->internal->tsip_clientRandom,
(uint8_t*) userCtx->internal->tsip_serverRandom,
(uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
NULL,
NULL,

23
wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
View File

@@ -43,7 +43,7 @@
#include <wolfssl/wolfcrypt/memory.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
extern struct WOLFSSL_HEAP_HINT* tsip_heap_hint;
@@ -82,7 +82,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
if (tuc == NULL) {
ret = CRYPTOCB_UNAVAILABLE;
}
else if (!tuc->HandshakeClientTrafficKey_set) {
else if (!tuc->internal->HandshakeClientTrafficKey_set) {
WOLFSSL_MSG("Client handshake traffic keys aren't created by TSIP");
ret = CRYPTOCB_UNAVAILABLE;
}
@@ -97,8 +97,9 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
err = R_TSIP_Sha256HmacGenerateInit(&(tuc->hmacFinished13Handle),
&(tuc->clientFinished13Idx));
err = R_TSIP_Sha256HmacGenerateInit(
&(tuc->internal->hmacFinished13Handle),
&(tuc->internal->clientFinished13Idx));
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed");
@@ -108,9 +109,9 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
if (ret == 0) {
err = R_TSIP_Sha256HmacGenerateUpdate(
&(tuc->hmacFinished13Handle),
(uint8_t*)hash,
WC_SHA256_DIGEST_SIZE);
&(tuc->internal->hmacFinished13Handle),
(uint8_t*)hash,
WC_SHA256_DIGEST_SIZE);
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateUpdate failed");
@@ -120,7 +121,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
if (ret == 0) {
err = R_TSIP_Sha256HmacGenerateFinal(
&(tuc->hmacFinished13Handle), mac);
&(tuc->internal->hmacFinished13Handle), mac);
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed");
ret = WC_HW_E;
@@ -185,7 +186,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
/* check if TSIP is used for this session */
if (ret == 0) {
if (!tuc->Dhe_key_set) {
if (!tuc->internal->Dhe_key_set) {
WOLFSSL_MSG("DH key not set.");
ret = CRYPTOCB_UNAVAILABLE;
}
@@ -195,7 +196,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
if (ret == 0) {
c24to32(&data[1], &messageSz);
bag = &(tuc->messageBag);
bag = &(tuc->internal->messageBag);
if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES ||
bag->buffIdx + sz > MSGBAG_SIZE) {
@@ -246,7 +247,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
if (tuc == NULL) {
ret = CRYPTOCB_UNAVAILABLE;
}
bag = &(tuc->messageBag);
bag = &(tuc->internal->messageBag);
}
if (ret == 0) {

330
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@@ -45,7 +45,7 @@
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#endif
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
#include <stdio.h>
@@ -132,13 +132,13 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl,
WOLFSSL_ENTER("tsip_use_PublicKey_buffer_TLS");
if (ssl == NULL
|| keyBuf == NULL || keyBufLen == 0) {
|| keyBuf == NULL || keyBufLen == 0 || ssl->RenesasUserCtx == NULL) {
ret = BAD_FUNC_ARG;
}
if (ret == 0){
tuc = ssl->RenesasUserCtx;
tuc->wrappedPublicKey = (uint8_t*)keyBuf;
tuc->internal->wrappedPublicKey = (uint8_t*)keyBuf;
tuc->wrappedKeyType = keyType;
}
@@ -161,18 +161,20 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_TLS");
if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 ) {
if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 ||
ssl->RenesasUserCtx == NULL) {
ret = BAD_FUNC_ARG;
}
if (ret == 0){
tuc = ssl->RenesasUserCtx;
tuc->wrappedPrivateKey = (uint8_t*)keyBuf;
tuc->internal->wrappedPrivateKey = (uint8_t*)keyBuf;
tuc->wrappedKeyType = keyType;
/* store keyType as Id since Id capacity is 32 bytes */
ret = wolfSSL_use_PrivateKey_Id(ssl,
(const unsigned char*)keyBuf, 32, tuc->devId);
(const unsigned char*)keyBuf, 32,
tuc->internal->devId);
if (ret == WOLFSSL_SUCCESS) {
ret = 0;
}
@@ -197,7 +199,6 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
const char* keyBuf, int keyBufLen, int keyType)
{
int ret = 0;
TsipUserCtx* tuc = NULL;
WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt");
@@ -206,9 +207,8 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
}
if (ret == 0){
tuc = uc;
tuc->wrappedPublicKey = (uint8_t*)keyBuf;
tuc->wrappedKeyType = keyType;
uc->internal->wrappedPublicKey = (uint8_t*)keyBuf;
uc->wrappedKeyType = keyType;
}
WOLFSSL_LEAVE("tsip_use_PublicKey_buffer_crypt", ret);
@@ -226,7 +226,6 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
const char* keyBuf, int keyBufLen, int keyType)
{
int ret = 0;
TsipUserCtx* tuc = NULL;
WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_crypt");
@@ -234,10 +233,8 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
ret = BAD_FUNC_ARG;
}
if (ret == 0){
tuc = uc;
tuc->wrappedPrivateKey = (uint8_t*)keyBuf;
tuc->wrappedKeyType = keyType;
uc->internal->wrappedPrivateKey = (uint8_t*)keyBuf;
uc->wrappedKeyType = keyType;
}
WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer_crypt", ret);
@@ -287,7 +284,7 @@ static void tsipFlushMessages(struct WOLFSSL* ssl)
return;
}
bag = &(tuc->messageBag);
bag = &(tuc->internal->messageBag);
ForceZero(bag, sizeof(MsgBag));
@@ -310,6 +307,14 @@ int tsip_TlsCleanup(struct WOLFSSL* ssl)
/* free stored messages */
tsipFlushMessages(ssl);
/* free internal structure */
if (tuc->internal) {
XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
tuc->internal = NULL;
}
/* zero clear */
ForceZero(tuc, sizeof(TsipUserCtx));
return ret;
}
@@ -401,19 +406,19 @@ int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse)
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
tuc->Dhe_key_set =0;
tuc->internal->Dhe_key_set =0;
err = R_TSIP_GenerateTls13P256EccKeyIndex(
&(tuc->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->EcdhPrivKey13Idx), /* private key index */
&(kse->pubKey[1])); /* generated public key */
&(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->internal->EcdhPrivKey13Idx),/* private key index */
&(kse->pubKey[1])); /* generated public key */
if (err != TSIP_SUCCESS){ret = WC_HW_E;}
if (ret == 0) {
WOLFSSL_MSG("ECDH private key-index is stored by TSIP");
tuc->Dhe_key_set =1;
tuc->internal->Dhe_key_set =1;
}
tsip_hw_unlock();
@@ -483,7 +488,7 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
}
if (ret == 0) {
if (!tuc->Dhe_key_set) {
if (!tuc->internal->Dhe_key_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE;
}
@@ -492,15 +497,15 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
tuc->SharedSecret_set = 0;
tuc->internal->SharedSecret_set = 0;
pubkeyraw = kse->ke + 1; /* peer's raw public key data */
/* derive shared secret */
err = R_TSIP_Tls13GenerateEcdheSharedSecret(
TSIP_TLS13_MODE_FULL_HANDSHAKE,
pubkeyraw, /* peer's ECDHE public key */
&(tuc->EcdhPrivKey13Idx), /*(out) own ECDHE priv key */
&(tuc->sharedSecret13Idx)); /*(out) PreMasterSecret */
TSIP_TLS13_MODE_FULL_HANDSHAKE,
pubkeyraw, /* peer's ECDHE public key */
&(tuc->internal->EcdhPrivKey13Idx),/*(out) own ECDHE priv key */
&(tuc->internal->sharedSecret13Idx)); /*(out) PreMasterSecret */
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13GenerateEcdheSharedSecret error");
@@ -508,7 +513,7 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
}
if (ret == 0) {
/* set flag for later tsip operations */
tuc->SharedSecret_set = 1;
tuc->internal->SharedSecret_set = 1;
}
tsip_hw_unlock();
@@ -539,7 +544,7 @@ int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
ret = CRYPTOCB_UNAVAILABLE;
}
else {
tuc->EarlySecret_set = 1;
tuc->internal->EarlySecret_set = 1;
}
}
@@ -588,7 +593,7 @@ int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
if (ret == 0) {
/* check if pre-master secret is generated by tsip */
if (!tuc->SharedSecret_set) {
if (!tuc->internal->SharedSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE;
}
@@ -597,18 +602,18 @@ int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
tuc->HandshakeSecret_set = 0;
tuc->internal->HandshakeSecret_set = 0;
err = R_TSIP_Tls13GenerateHandshakeSecret(
&(tuc->sharedSecret13Idx),
&(tuc->handshakeSecret13Idx));
&(tuc->internal->sharedSecret13Idx),
&(tuc->internal->handshakeSecret13Idx));
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13GenerateHandshakeSecret error");
ret = WC_HW_E;
}
if (ret == 0) {
tuc->HandshakeSecret_set = 1;
tuc->internal->HandshakeSecret_set = 1;
}
tsip_hw_unlock();
}
@@ -655,7 +660,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
if (ret == 0) {
/* make sure client handshake secret is generated by tsip */
if (!tuc->HandshakeSecret_set) {
if (!tuc->internal->HandshakeSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE;
}
@@ -669,15 +674,15 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
tuc->HandshakeClientTrafficKey_set = 0;
tuc->internal->HandshakeClientTrafficKey_set = 0;
err = R_TSIP_Tls13GenerateClientHandshakeTrafficKey(
&(tuc->handle13),
&(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->handshakeSecret13Idx),
&(tuc->internal->handshakeSecret13Idx),
hash,
&(tuc->clientWriteKey13Idx),
&(tuc->clientFinished13Idx));
&(tuc->internal->clientWriteKey13Idx),
&(tuc->internal->clientFinished13Idx));
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG(
@@ -687,7 +692,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
/* key derivation succeeded */
if (ret == 0) {
tuc->HandshakeClientTrafficKey_set = 1;
tuc->internal->HandshakeClientTrafficKey_set = 1;
}
tsip_hw_unlock();
@@ -735,7 +740,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
if (ret == 0) {
/* make sure client handshake secret is generated by tsip */
if (!tuc->HandshakeSecret_set) {
if (!tuc->internal->HandshakeSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE;
}
@@ -749,15 +754,15 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
tuc->HandshakeServerTrafficKey_set = 0;
tuc->internal->HandshakeServerTrafficKey_set = 0;
err = R_TSIP_Tls13GenerateServerHandshakeTrafficKey(
&(tuc->handle13),
&(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->handshakeSecret13Idx),
&(tuc->internal->handshakeSecret13Idx),
hash,
&(tuc->serverWriteKey13Idx),
&(tuc->serverFinished13Idx));
&(tuc->internal->serverWriteKey13Idx),
&(tuc->internal->serverFinished13Idx));
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG(
@@ -767,7 +772,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
/* key derivation succeeded */
if (ret == 0) {
tuc->HandshakeServerTrafficKey_set = 1;
tuc->internal->HandshakeServerTrafficKey_set = 1;
}
tsip_hw_unlock();
@@ -815,7 +820,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) {
/* make sure master secret is generated by tsip */
if (!tuc->MasterSecret_set) {
if (!tuc->internal->MasterSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE;
}
@@ -829,20 +834,20 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
tuc->ServerTrafficSecret_set = 0;
tuc->ClientTrafficSecret_set = 0;
tuc->ServerWriteTrafficKey_set = 0;
tuc->ClientWriteTrafficKey_set = 0;
tuc->internal->ServerTrafficSecret_set = 0;
tuc->internal->ClientTrafficSecret_set = 0;
tuc->internal->ServerWriteTrafficKey_set = 0;
tuc->internal->ClientWriteTrafficKey_set = 0;
err = R_TSIP_Tls13GenerateApplicationTrafficKey(
&(tuc->handle13),
&(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->masterSecret13Idx),
&(tuc->internal->masterSecret13Idx),
(uint8_t*)hash,
&(tuc->serverAppTraffic13Secret),
&(tuc->clientAppTraffic13Secret),
&(tuc->serverAppWriteKey13Idx),
&(tuc->clientAppWriteKey13Idx));
&(tuc->internal->serverAppTraffic13Secret),
&(tuc->internal->clientAppTraffic13Secret),
&(tuc->internal->serverAppWriteKey13Idx),
&(tuc->internal->clientAppWriteKey13Idx));
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG(
@@ -852,10 +857,10 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
/* key derivation succeeded */
if (ret == 0) {
tuc->ServerTrafficSecret_set = 1;
tuc->ClientTrafficSecret_set = 1;
tuc->ServerWriteTrafficKey_set = 1;
tuc->ClientWriteTrafficKey_set = 1;
tuc->internal->ServerTrafficSecret_set = 1;
tuc->internal->ClientTrafficSecret_set = 1;
tuc->internal->ServerWriteTrafficKey_set = 1;
tuc->internal->ClientWriteTrafficKey_set = 1;
}
tsip_hw_unlock();
@@ -902,7 +907,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) {
/* make sure application secret is generated by tsip */
if (!tuc->ClientTrafficSecret_set) {
if (!tuc->internal->ClientTrafficSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE;
}
@@ -910,21 +915,21 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
tuc->ClientWriteTrafficKey_set = 0;
tuc->internal->ClientWriteTrafficKey_set = 0;
err = R_TSIP_Tls13UpdateApplicationTrafficKey(
&(tuc->handle13),
&(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE,
TSIP_TLS13_UPDATE_CLIENT_KEY,
&(tuc->clientAppTraffic13Secret),
&(tuc->clientAppTraffic13Secret),
&(tuc->clientAppWriteKey13Idx));
&(tuc->internal->clientAppTraffic13Secret),
&(tuc->internal->clientAppTraffic13Secret),
&(tuc->internal->clientAppWriteKey13Idx));
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error");
ret = WC_HW_E;
}
else {
tuc->ClientWriteTrafficKey_set = 1;
tuc->internal->ClientWriteTrafficKey_set = 1;
}
tsip_hw_unlock();
}
@@ -970,7 +975,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) {
/* make sure application secret is generated by tsip */
if (!tuc->ServerTrafficSecret_set) {
if (!tuc->internal->ServerTrafficSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE;
}
@@ -978,21 +983,21 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
tuc->ServerWriteTrafficKey_set = 0;
tuc->internal->ServerWriteTrafficKey_set = 0;
err = R_TSIP_Tls13UpdateApplicationTrafficKey(
&(tuc->handle13),
&(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE,
TSIP_TLS13_UPDATE_SERVER_KEY,
&(tuc->serverAppTraffic13Secret),
&(tuc->serverAppTraffic13Secret),
&(tuc->serverAppWriteKey13Idx));
&(tuc->internal->serverAppTraffic13Secret),
&(tuc->internal->serverAppTraffic13Secret),
&(tuc->internal->serverAppWriteKey13Idx));
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error");
ret = WC_HW_E;
}
else {
tuc->ServerWriteTrafficKey_set = 1;
tuc->internal->ServerWriteTrafficKey_set = 1;
}
tsip_hw_unlock();
}
@@ -1131,8 +1136,8 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
}
if (ret == 0) {
/* make sure handshake secret and verify data has been set by TSIP */
if (!tuc->HandshakeSecret_set ||
!tuc->HandshakeVerifiedData_set) {
if (!tuc->internal->HandshakeSecret_set ||
!tuc->internal->HandshakeVerifiedData_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE;
}
@@ -1140,14 +1145,14 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
tuc->MasterSecret_set = 0;
tuc->internal->MasterSecret_set = 0;
err = R_TSIP_Tls13GenerateMasterSecret(
&(tuc->handle13),
&(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->handshakeSecret13Idx),
(uint32_t*)tuc->verifyData13Idx,
&(tuc->masterSecret13Idx));
&(tuc->internal->handshakeSecret13Idx),
(uint32_t*)tuc->internal->verifyData13Idx,
&(tuc->internal->masterSecret13Idx));
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG(
@@ -1156,7 +1161,7 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
}
if (ret == 0) {
tuc->MasterSecret_set = 1;
tuc->internal->MasterSecret_set = 1;
}
tsip_hw_unlock();
@@ -1210,7 +1215,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
if (ret == 0) {
/* make sure handshake secret is generated by tsip */
if (!tuc->HandshakeServerTrafficKey_set) {
if (!tuc->internal->HandshakeServerTrafficKey_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE;
}
@@ -1223,14 +1228,14 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
tuc->HandshakeVerifiedData_set = 0;
tuc->internal->HandshakeVerifiedData_set = 0;
err = R_TSIP_Tls13ServerHandshakeVerification(
TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->serverFinished13Idx),
(uint8_t*)msgHash,
(uint8_t*)hash,
(uint32_t*)(tuc->verifyData13Idx));
TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(tuc->internal->serverFinished13Idx),
(uint8_t*)msgHash,
(uint8_t*)hash,
(uint32_t*)(tuc->internal->verifyData13Idx));
if (err == TSIP_ERR_VERIFICATION_FAIL) {
WOLFSSL_MSG("Handshake verification error");
@@ -1242,7 +1247,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
}
if (ret == 0) {
WOLFSSL_MSG("Verified handshake");
tuc->HandshakeVerifiedData_set = 1;
tuc->internal->HandshakeVerifiedData_set = 1;
}
tsip_hw_unlock();
@@ -1545,10 +1550,10 @@ int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
if (ret == 0) {
/* create sign data */
sigData = tuc->sigDataCertVerify;
sigData = tuc->internal->sigDataCertVerify;
idx = 0;
ForceZero(sigData, sizeof(tuc->sigDataCertVerify));
ForceZero(sigData, sizeof(tuc->internal->sigDataCertVerify));
XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
TSIP_SIGNING_DATA_PREFIX_SZ);
@@ -1686,12 +1691,12 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
if (ret == 0) {
if (isRsa) {
if (!tuc->ClientRsa2048PrivKey_set) {
if (!tuc->internal->ClientRsa2048PrivKey_set) {
ret = NO_PRIVATE_KEY;
}
}
else {
if (!tuc->ClientEccPrivKey_set) {
if (!tuc->internal->ClientEccPrivKey_set) {
ret = NO_PRIVATE_KEY;
}
}
@@ -1724,7 +1729,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
if ((ret = tsip_hw_lock()) == 0) {
if (isRsa) {
err = R_TSIP_Tls13CertificateVerifyGenerate(
(uint32_t*)&(tuc->Rsa2048PrivateKeyIdx),
(uint32_t*)&(tuc->internal->Rsa2048PrivateKeyIdx),
TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256,
hash,
message + HANDSHAKE_HEADER_SZ,
@@ -1732,7 +1737,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
}
else {
err = R_TSIP_Tls13CertificateVerifyGenerate(
(uint32_t*)&(tuc->EcdsaPrivateKeyIdx),
(uint32_t*)&(tuc->internal->EcdsaPrivateKeyIdx),
TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
hash,
message + HANDSHAKE_HEADER_SZ,
@@ -1762,7 +1767,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
if (ret == 0) {
if (isRsa) {
if (!tuc->ClientRsa2048PubKey_set) {
if (!tuc->internal->ClientRsa2048PubKey_set) {
ret = NO_PRIVATE_KEY;
}
}
@@ -1776,10 +1781,10 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
}
if (ret == 0) {
sigData = tuc->sigDataCertVerify;
sigData = tuc->internal->sigDataCertVerify;
idx = 0;
ForceZero(sigData, sizeof(tuc->sigDataCertVerify));
ForceZero(sigData, sizeof(tuc->internal->sigDataCertVerify));
XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
TSIP_SIGNING_DATA_PREFIX_SZ);
@@ -1822,7 +1827,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
err = R_TSIP_RsassaPss2048SignatureVerification(
&rsa_sig, &rsa_hash,
&tuc->Rsa2048PublicKeyIdx,
&(tuc->internal)->Rsa2048PublicKeyIdx,
R_TSIP_RSA_HASH_SHA256);
WOLFSSL_MSG("Perform self-verify for rsa signature");
}
@@ -2009,7 +2014,7 @@ static int tsip_ServerKeyExVerify(
(uint8_t*) peerkey,
(uint8_t*) sig,
(uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
(uint32_t*)userCtx->encrypted_ephemeral_ecdh_public_key);
(uint32_t*)userCtx->internal->encrypted_ephemeral_ecdh_public_key);
if (ret !=TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves failed");
@@ -2166,22 +2171,22 @@ int wc_tsip_EccSharedSecret(
if ((ret = tsip_hw_lock()) == 0) {
/* Generate ECC public key for key exchange */
ret = R_TSIP_GenerateTlsP256EccKeyIndex(
&usrCtx->ecc_p256_wrapped_key,
(uint8_t*)&usrCtx->ecc_ecdh_public_key);
&(usrCtx->internal->ecc_p256_wrapped_key),
(uint8_t*)&(usrCtx->internal->ecc_ecdh_public_key));
if (ret == TSIP_SUCCESS) {
/* copy generated ecdh public key into buffer */
pubKeyDer[0] = ECC_POINT_UNCOMP;
*pubKeySz = 1 + sizeof(usrCtx->ecc_ecdh_public_key);
XMEMCPY(&pubKeyDer[1], &usrCtx->ecc_ecdh_public_key,
sizeof(usrCtx->ecc_ecdh_public_key));
*pubKeySz = 1 + sizeof(usrCtx->internal->ecc_ecdh_public_key);
XMEMCPY(&pubKeyDer[1], &(usrCtx->internal->ecc_ecdh_public_key),
sizeof(usrCtx->internal->ecc_ecdh_public_key));
/* Generate Premaster Secret */
ret = R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key(
(uint32_t*)&usrCtx->encrypted_ephemeral_ecdh_public_key,
&usrCtx->ecc_p256_wrapped_key,
(uint32_t*)out/* pre-master secret 64 bytes */);
(uint32_t*)&(usrCtx->internal->encrypted_ephemeral_ecdh_public_key),
&(usrCtx->internal->ecc_p256_wrapped_key),
(uint32_t*)out/* pre-master secret 64 bytes */);
}
if (ret == TSIP_SUCCESS) {
*outlen = 64;
@@ -2242,14 +2247,28 @@ WOLFSSL_API int tsip_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
TsipUserCtx* uCtx = (TsipUserCtx*)user_ctx;
if (user_ctx == NULL) {
WOLFSSL_LEAVE("tsip_set_callback_ctx", 0);
return 0;
WOLFSSL_MSG("user ctx is null");
return BAD_FUNC_ARG;
}
ForceZero(uCtx, sizeof(TsipUserCtx));
uCtx->ssl = ssl;
uCtx->ctx = ssl->ctx;
uCtx->heap = ssl->heap;
uCtx->side = ssl->ctx->method->side;
uCtx->internal =
(TsipUserCtx_Internal*)XMALLOC(sizeof(TsipUserCtx_Internal),
ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (!uCtx->internal) {
printf("Failed to allocate memory for user ctx internal");
return MEMORY_E;
}
ForceZero(uCtx->internal, sizeof(TsipUserCtx_Internal));
uCtx->internal->ssl = ssl;
uCtx->internal->ctx = ssl->ctx;
uCtx->internal->heap = ssl->heap;
uCtx->internal->side = ssl->ctx->method->side;
ssl->RenesasUserCtx = user_ctx; /* ssl doesn't own user_ctx */
@@ -2316,7 +2335,7 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
if (tuc == NULL)
return BAD_FUNC_ARG;
encPrivKey = tuc->wrappedPrivateKey;
encPrivKey = tuc->internal->wrappedPrivateKey;
if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) {
WOLFSSL_MSG("Missing some key materials used for import" );
@@ -2336,12 +2355,12 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
#if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA2048:
tuc->ClientRsa2048PrivKey_set = 0;
tuc->internal->ClientRsa2048PrivKey_set = 0;
err = R_TSIP_GenerateRsa2048PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey,
&(tuc->Rsa2048PrivateKeyIdx));
&(tuc->internal->Rsa2048PrivateKeyIdx));
if (err == TSIP_SUCCESS) {
tuc->ClientRsa2048PrivKey_set = 1;
tuc->internal->ClientRsa2048PrivKey_set = 1;
}
else {
ret = WC_HW_E;
@@ -2357,12 +2376,12 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
#if defined(HAVE_ECC)
case TSIP_KEY_TYPE_ECDSAP256:
tuc->ClientEccPrivKey_set = 0;
tuc->internal->ClientEccPrivKey_set = 0;
err = R_TSIP_GenerateEccP256PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey,
&(tuc->EcdsaPrivateKeyIdx));
&(tuc->internal->EcdsaPrivateKeyIdx));
if (err == TSIP_SUCCESS) {
tuc->ClientEccPrivKey_set = 1;
tuc->internal->ClientEccPrivKey_set = 1;
}
else {
ret = WC_HW_E;
@@ -2409,7 +2428,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
return BAD_FUNC_ARG;
}
encPubKey = tuc->wrappedPublicKey;
encPubKey = tuc->internal->wrappedPublicKey;
if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) {
WOLFSSL_MSG("Missing some key materials used for import" );
@@ -2431,7 +2450,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
(defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1))
case TSIP_KEY_TYPE_RSA2048:
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientRsa2048PubKey_set = 0;
tuc->internal->ClientRsa2048PubKey_set = 0;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0;
@@ -2446,14 +2465,14 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
err = R_TSIP_GenerateRsa2048PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->Rsa2048PublicKeyIdx)
&(tuc->internal->Rsa2048PublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->rsa2048pub_keyIdx
#endif
);
if (err == TSIP_SUCCESS) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientRsa2048PubKey_set = 1;
tuc->internal->ClientRsa2048PubKey_set = 1;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.rsapub2048_key_set = 1;
#endif
@@ -2473,7 +2492,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
case TSIP_KEY_TYPE_ECDSAP256:
case TSIP_KEY_TYPE_ECDSAP384:
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientEccPubKey_set = 0;
tuc->internal->ClientEccPubKey_set = 0;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.eccpub_key_set = 0;
#endif
@@ -2482,7 +2501,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
err = R_TSIP_GenerateEccP256PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->EcdsaPublicKeyIdx)
&(tuc->internal->EcdsaPublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&tuc->eccpub_keyIdx
#endif
@@ -2496,7 +2515,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
err = R_TSIP_GenerateEccP384PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->EcdsaPublicKeyIdx)
&(tuc->internal->EcdsaPublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&tuc->eccpub_keyIdx
#endif
@@ -2507,7 +2526,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
}
if (err == TSIP_SUCCESS) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientEccPubKey_set = 1;
tuc->internal->ClientEccPubKey_set = 1;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.eccpub_key_set = 1;
#endif
@@ -3253,9 +3272,9 @@ int wc_tsip_generateSessionKey(
/* ready-for-use flag will be set when SetKeySide() is called */
}
if (ctx->tsip_cipher ==
if (ctx->internal->tsip_cipher ==
R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
ctx->tsip_cipher ==
ctx->internal->tsip_cipher ==
R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
enc->aes->nonceSz = AEAD_MAX_IMP_SZ;
dec->aes->nonceSz = AEAD_MAX_IMP_SZ;
@@ -3264,7 +3283,7 @@ int wc_tsip_generateSessionKey(
enc->aes->devId = devId;
dec->aes->devId = devId;
ctx->session_key_set = 1;
ctx->internal->session_key_set = 1;
}
/* unlock hw */
tsip_hw_unlock();
@@ -3367,14 +3386,15 @@ int wc_tsip_storeKeyCtx(WOLFSSL* ssl, TsipUserCtx* userCtx)
ret = BAD_FUNC_ARG;
if (ret == 0) {
XMEMCPY(userCtx->tsip_masterSecret, ssl->arrays->tsip_masterSecret,
TSIP_TLS_MASTERSECRET_SIZE);
XMEMCPY(userCtx->tsip_clientRandom, ssl->arrays->clientRandom,
TSIP_TLS_CLIENTRANDOM_SZ);
XMEMCPY(userCtx->tsip_serverRandom, ssl->arrays->serverRandom,
TSIP_TLS_SERVERRANDOM_SZ);
userCtx->tsip_cipher = GetTsipCipherSuite(ssl->options.cipherSuite0,
ssl->options.cipherSuite);
XMEMCPY(userCtx->internal->tsip_masterSecret,
ssl->arrays->tsip_masterSecret, TSIP_TLS_MASTERSECRET_SIZE);
XMEMCPY(userCtx->internal->tsip_clientRandom,
ssl->arrays->clientRandom, TSIP_TLS_CLIENTRANDOM_SZ);
XMEMCPY(userCtx->internal->tsip_serverRandom,
ssl->arrays->serverRandom, TSIP_TLS_SERVERRANDOM_SZ);
userCtx->internal->tsip_cipher = GetTsipCipherSuite(
ssl->options.cipherSuite0,
ssl->options.cipherSuite);
}
WOLFSSL_LEAVE("tsip_storeKeyCtx", ret);
@@ -3671,7 +3691,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (info == NULL || tuc == NULL
#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
|| tuc->ssl == NULL
|| tuc->internal->ssl == NULL
#endif
) {
ret = BAD_FUNC_ARG;
@@ -3679,7 +3699,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (ret == 0) {
ssl = tuc->ssl;
ssl = tuc->internal->ssl;
if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor == TLSv1_3_MINOR) {
@@ -3776,9 +3796,9 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
err = R_TSIP_RsassaPkcs2048SignatureGenerate(
&hashData, &sigData,
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&tuc->Rsa2048PrivateKeyIdx,
&(tuc->internal->Rsa2048PrivateKeyIdx),
#else
(tsip_rsa2048_private_key_index_t*)
(tsip_rsa2048_private_key_index_t*)
tuc->rsa2048pri_keyIdx,
#endif
tsip_hash_type);
@@ -3876,9 +3896,9 @@ int tsip_VerifyRsaPkcsCb(
#if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureVerification(
&sigData, &hashData,
&tuc->Rsa2048PublicKeyIdx,
tsip_hash_type);
&sigData, &hashData,
&(tuc->internal->Rsa2048PublicKeyIdx),
tsip_hash_type);
if (err == TSIP_ERR_AUTHENTICATION) {
ret = VERIFY_CERT_ERROR;
@@ -3949,7 +3969,7 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
}
if (ret == 0) {
ssl = tuc->ssl;
ssl = tuc->internal->ssl;
if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor == TLSv1_3_MINOR) {
@@ -3983,8 +4003,8 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
sigData.pdata = (uint8_t*)info->pk.eccsign.out +
offsetForWork;
err = R_TSIP_EcdsaP256SignatureGenerate(
&hashData, &sigData,
&tuc->EcdsaPrivateKeyIdx);
&hashData, &sigData,
&(tuc->internal->EcdsaPrivateKeyIdx));
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
break;

2
wolfcrypt/src/random.c
View File

@@ -142,7 +142,7 @@ This library contains implementation for the random number generator.
#elif defined(WOLFSSL_TELIT_M2MB)
#elif defined(WOLFSSL_RENESAS_TSIP)
/* for wc_tsip_GenerateRandBlock */
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h"
#elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
#elif defined(WOLFSSL_IMXRT1170_CAAM)
#elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL)

2
wolfcrypt/src/wc_port.c
View File

@@ -60,7 +60,7 @@
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#endif
#if defined(WOLFSSL_RENESAS_TSIP)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
#endif
#if defined(WOLFSSL_RENESAS_FSPSM)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>

2
wolfssl/internal.h
View File

@@ -291,7 +291,7 @@
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
#endif
#include <wolfssl/wolfcrypt/hpke.h>

1
wolfssl/wolfcrypt/include.am
View File

@@ -120,6 +120,7 @@ noinst_HEADERS+= \
wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h \
wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \
wolfssl/wolfcrypt/port/maxim/max3266x.h \
wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h \

161
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@@ -148,157 +148,13 @@ struct tsip_keyflgs_crypt {
};
#endif
typedef struct TsipUserCtx_Internal TsipUserCtx_Internal;
/*
* TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format.
*/
typedef struct TsipUserCtx {
/* unique number for each session */
int devId;
/* client key pair wrapped by provisioning key */
byte* wrappedPrivateKey;
byte* wrappedPublicKey;
int wrappedKeyType;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* 0:working as a TLS client, 1: as a server */
byte side;
/* ENCRYPT_SIDE_ONLY:1 DECRYPT_SIDE_ONLY:2 ENCRYPT AND DECRYPT:3 */
byte key_side;
/* public key index for verification of RootCA cert */
uint32_t user_key_id;
/* WOLFSSL object associated with */
struct WOLFSSL* ssl;
struct WOLFSSL_CTX* ctx;
/* HEAP_HINT */
void* heap;
/* TLSv1.3 handshake related members, mainly keys */
/* handle is used as work area for Tls13 handshake */
tsip_tls13_handle_t handle13;
#if !defined(NO_RSA)
/* RSA-2048bit private and public key-index for client authentication */
tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx;
tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx;
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
/* ECC private and public key-index for client authentication */
tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx;
tsip_ecc_public_key_index_t EcdsaPublicKeyIdx;
#endif /* HAVE_ECC */
/* ECDHE private key index for Tls13 handshake */
tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx;
/* ECDHE pre-master secret */
tsip_tls13_ephemeral_shared_secret_key_index_t sharedSecret13Idx;
/* Handshake secret for Tls13 handshake */
tsip_tls13_ephemeral_handshake_secret_key_index_t handshakeSecret13Idx;
/* the key to decrypt server-finished message */
tsip_tls13_ephemeral_server_finished_key_index_t serverFinished13Idx;
/* key for Sha256-Hmac to gen "Client Finished" */
tsip_hmac_sha_key_index_t clientFinished13Idx;
/* AES decryption key for handshake */
tsip_aes_key_index_t serverWriteKey13Idx;
/* AES encryption key for handshake */
tsip_aes_key_index_t clientWriteKey13Idx;
/* Handshake verified data used for master secret */
word32 verifyData13Idx[TSIP_TLS_VERIFY_DATA_WD_SZ];
/* master secret for TLS1.3 */
tsip_tls13_ephemeral_master_secret_key_index_t masterSecret13Idx;
/* server app traffic secret */
tsip_tls13_ephemeral_app_secret_key_index_t serverAppTraffic13Secret;
/* client app traffic secret */
tsip_tls13_ephemeral_app_secret_key_index_t clientAppTraffic13Secret;
/* server write key */
tsip_aes_key_index_t serverAppWriteKey13Idx;
/* client write key */
tsip_aes_key_index_t clientAppWriteKey13Idx;
/* hash handle for transcript hash of handshake messages */
tsip_hmac_sha_handle_t hmacFinished13Handle;
/* storage for handshake messages */
MsgBag messageBag;
/* signature data area for TLS1.3 CertificateVerify message */
byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
/* ephemeral ECDH pubkey index
* got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key.
*/
tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key;
/* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit)
* got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Should be sent to peer(server) in Client Key Exchange msg.
*/
uint8_t ecc_ecdh_public_key[ECCP256_PUBKEY_SZ];
#endif /* WOLFSSL_RENESAS_TSIP_VER >=109 */
/* info to generate session key */
uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
/* TSIP defined cipher suite number */
uint32_t tsip_cipher;
/* flags */
#if !defined(NO_RSA)
uint8_t ClientRsa2048PrivKey_set:1;
uint8_t ClientRsa2048PubKey_set:1;
#endif
#if defined(HAVE_ECC)
uint8_t ClientEccPrivKey_set:1;
uint8_t ClientEccPubKey_set:1;
#endif
uint8_t HmacInitialized:1;
uint8_t RootCAverified:1;
uint8_t EcdsaPrivKey_set:1;
uint8_t Dhe_key_set:1;
uint8_t SharedSecret_set:1;
uint8_t EarlySecret_set:1;
uint8_t HandshakeSecret_set:1;
uint8_t HandshakeClientTrafficKey_set:1;
uint8_t HandshakeServerTrafficKey_set:1;
uint8_t HandshakeVerifiedData_set:1;
uint8_t MasterSecret_set:1;
uint8_t ServerTrafficSecret_set:1;
uint8_t ClientTrafficSecret_set:1;
uint8_t ServerWriteTrafficKey_set:1;
uint8_t ClientWriteTrafficKey_set:1;
uint8_t session_key_set:1;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* installed key handling */
tsip_aes_key_index_t user_aes256_key_index;
uint8_t user_aes256_key_set:1;
tsip_aes_key_index_t user_aes128_key_index;
uint8_t user_aes128_key_set:1;
int wrappedKeyType;
/* for tsip crypt only mode */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#ifndef NO_RSA
@@ -330,17 +186,18 @@ typedef struct TsipUserCtx {
} keyflgs_crypt;
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
/* installed key handling */
tsip_aes_key_index_t user_aes256_key_index;
uint8_t user_aes256_key_set:1;
tsip_aes_key_index_t user_aes128_key_index;
uint8_t user_aes128_key_set:1;
TsipUserCtx_Internal* internal;
} TsipUserCtx;
typedef TsipUserCtx RenesasUserCtx;
typedef TsipUserCtx user_PKCbInfo;
typedef struct
{
TsipUserCtx* userCtx;
} TsipPKCbInfo;
typedef struct
{
#if (WOLFSSL_RENESAS_TSIP_VER >=109)

169
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h Normal file
View File

@@ -0,0 +1,169 @@
/* renesas_tsip_internal.h
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _RENESAS_TSIP_INTERNAL_H_
#define _RENESAS_TSIP_INTERNAL_H_
#include "renesas-tsip-crypt.h"
struct TsipUserCtx_Internal {
/* unique number for each session */
int devId;
/* client key pair wrapped by provisioning key */
byte* wrappedPrivateKey;
byte* wrappedPublicKey;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* 0:working as a TLS client, 1: as a server */
byte side;
/* ENCRYPT_SIDE_ONLY:1 DECRYPT_SIDE_ONLY:2 ENCRYPT AND DECRYPT:3 */
byte key_side;
/* public key index for verification of RootCA cert */
uint32_t user_key_id;
/* WOLFSSL object associated with */
struct WOLFSSL* ssl;
struct WOLFSSL_CTX* ctx;
/* HEAP_HINT */
void* heap;
/* TLSv1.3 handshake related members, mainly keys */
/* handle is used as work area for Tls13 handshake */
tsip_tls13_handle_t handle13;
#if !defined(NO_RSA)
/* RSA-2048bit private and public key-index for client authentication */
tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx;
tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx;
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
/* ECC private and public key-index for client authentication */
tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx;
tsip_ecc_public_key_index_t EcdsaPublicKeyIdx;
#endif /* HAVE_ECC */
/* ECDHE private key index for Tls13 handshake */
tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx;
/* ECDHE pre-master secret */
tsip_tls13_ephemeral_shared_secret_key_index_t sharedSecret13Idx;
/* Handshake secret for Tls13 handshake */
tsip_tls13_ephemeral_handshake_secret_key_index_t handshakeSecret13Idx;
/* the key to decrypt server-finished message */
tsip_tls13_ephemeral_server_finished_key_index_t serverFinished13Idx;
/* key for Sha256-Hmac to gen "Client Finished" */
tsip_hmac_sha_key_index_t clientFinished13Idx;
/* AES decryption key for handshake */
tsip_aes_key_index_t serverWriteKey13Idx;
/* AES encryption key for handshake */
tsip_aes_key_index_t clientWriteKey13Idx;
/* Handshake verified data used for master secret */
word32 verifyData13Idx[TSIP_TLS_VERIFY_DATA_WD_SZ];
/* master secret for TLS1.3 */
tsip_tls13_ephemeral_master_secret_key_index_t masterSecret13Idx;
/* server app traffic secret */
tsip_tls13_ephemeral_app_secret_key_index_t serverAppTraffic13Secret;
/* client app traffic secret */
tsip_tls13_ephemeral_app_secret_key_index_t clientAppTraffic13Secret;
/* server write key */
tsip_aes_key_index_t serverAppWriteKey13Idx;
/* client write key */
tsip_aes_key_index_t clientAppWriteKey13Idx;
/* hash handle for transcript hash of handshake messages */
tsip_hmac_sha_handle_t hmacFinished13Handle;
/* storage for handshake messages */
MsgBag messageBag;
/* signature data area for TLS1.3 CertificateVerify message */
byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
/* ephemeral ECDH pubkey index
* got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key.
*/
tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key;
/* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit)
* got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Should be sent to peer(server) in Client Key Exchange msg.
*/
uint8_t ecc_ecdh_public_key[ECCP256_PUBKEY_SZ];
#endif /* WOLFSSL_RENESAS_TSIP_VER >=109 */
/* info to generate session key */
uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
/* TSIP defined cipher suite number */
uint32_t tsip_cipher;
/* flags */
#if !defined(NO_RSA)
uint8_t ClientRsa2048PrivKey_set:1;
uint8_t ClientRsa2048PubKey_set:1;
#endif
#if defined(HAVE_ECC)
uint8_t ClientEccPrivKey_set:1;
uint8_t ClientEccPubKey_set:1;
#endif
uint8_t HmacInitialized:1;
uint8_t RootCAverified:1;
uint8_t EcdsaPrivKey_set:1;
uint8_t Dhe_key_set:1;
uint8_t SharedSecret_set:1;
uint8_t EarlySecret_set:1;
uint8_t HandshakeSecret_set:1;
uint8_t HandshakeClientTrafficKey_set:1;
uint8_t HandshakeServerTrafficKey_set:1;
uint8_t HandshakeVerifiedData_set:1;
uint8_t MasterSecret_set:1;
uint8_t ServerTrafficSecret_set:1;
uint8_t ClientTrafficSecret_set:1;
uint8_t ServerWriteTrafficKey_set:1;
uint8_t ClientWriteTrafficKey_set:1;
uint8_t session_key_set:1;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
};
#endif