wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added Renesas RX TSIP ECDSA Verify Crypto callback.

Browse Source
This commit is contained in:
David Garske
2024-06-26 16:01:18 -07:00
parent e81e18859b
commit 73a1938e89
7 changed files with 375 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
View File

@ -107,7 +107,6 @@ typedef struct tagInfo
void Clr_CallbackCtx(TsipUserCtx *g)
{
if (g->rsa1024pri_keyIdx != NULL)
XFREE(g->rsa1024pri_keyIdx,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -139,7 +138,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
byte plain[AES_BLOCK_SIZE];
int ret = 0;
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
/* "Now is the time for all " w/o trailing 0 */
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
@ -154,7 +153,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
if (prnt) {
printf(" tsip_aes_cbc_test() ");
}
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
@ -196,7 +195,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
if (prnt) {
RESULT_STR(ret)
}
return ret;
}
@ -205,7 +204,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
{
int ret = 0;
Info *p = (Info*)pvParam;
while (exit_loop == false) {
ret = tsip_aes_cbc_test(0, &p->aes_key);
vTaskDelay(10/portTICK_PERIOD_MS);
@ -257,7 +256,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
if (prnt)
printf(" tsip_aes256_test() ");
if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) {
ret = -1;
goto out;
@ -315,7 +314,7 @@ out:
if (prnt) {
RESULT_STR(ret)
}
return ret;
}
#ifdef FREERTOS
@ -323,7 +322,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
{
int ret = 0;
Info *p = (Info*)pvParam;
while (exit_loop == false) {
ret = tsip_aes256_test(0, &p->aes_key);
vTaskDelay(10/portTICK_PERIOD_MS);
@ -345,8 +344,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
Aes enc[1];
Aes dec[1];
TsipUserCtx userContext;
/*
* This is Test Case 16 from the document Galois/
* Counter Mode of Operation (GCM) by McGrew and
@ -416,7 +415,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
if (prnt) {
printf(" tsip_aes256_gcm_test() ");
}
ForceZero(resultT, sizeof(resultT));
ForceZero(resultC, sizeof(resultC));
ForceZero(resultP, sizeof(resultP));
@ -443,8 +442,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
}
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p),
(byte*)iv1, sizeof(iv1), resultT, sizeof(resultT),
result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p),
(byte*)iv1, sizeof(iv1), resultT, sizeof(resultT),
a, sizeof(a), &userContext);
if (result != 0) {
@ -461,7 +460,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
}
result = wc_tsip_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
iv1, sizeof(iv1), resultT, sizeof(resultT),
iv1, sizeof(iv1), resultT, sizeof(resultT),
a, sizeof(a), &userContext);
if (result != 0){
ret = -8;
@ -479,7 +478,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
wc_AesGcmSetKey(enc, k1, sizeof(k1));
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
resultT + 1, sizeof(resultT) - 1,
resultT + 1, sizeof(resultT) - 1,
a, sizeof(a), &userContext);
if (result != 0) {
ret = -10;
@ -487,7 +486,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
}
result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
a, sizeof(a), &userContext);
if (result != 0) {
@ -504,11 +503,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
out:
wc_AesFree(enc);
wc_AesFree(dec);
if (prnt) {
RESULT_STR(ret)
}
return ret;
}
#ifdef FREERTOS
@ -516,7 +515,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
{
int ret = 0;
Info *p = (Info*)pvParam;
while (exit_loop == false) {
ret = tsip_aesgcm256_test(0, &p->aes_key);
vTaskDelay(10/portTICK_PERIOD_MS);
@ -616,16 +615,16 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
enc->ctx.keySize = enc->keylen;
}
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3),
result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3),
iv3, sizeof(iv3),
resultT, sizeof(t3),
resultT, sizeof(t3),
a3, sizeof(a3), &userContext);
if (result != 0) {
ret = -4;
goto out;
}
result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
iv3, sizeof(iv3), resultT, sizeof(resultT),
iv3, sizeof(iv3), resultT, sizeof(resultT),
a3, sizeof(a3), &userContext);
if (result != 0) {
ret = -5;
@ -641,11 +640,11 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
out:
wc_AesFree(enc);
wc_AesFree(dec);
if (prnt) {
RESULT_STR(ret)
}
return ret;
}
#ifdef FREERTOS
@ -812,7 +811,7 @@ int tsip_crypt_sha_multitest()
int num = 0;
int i;
BaseType_t xRet;
#ifndef NO_SHA
num++;
#endif
@ -825,14 +824,14 @@ int tsip_crypt_sha_multitest()
exit_semaph = xSemaphoreCreateCounting(num, 0);
xRet = pdPASS;
#ifndef NO_SHA
xRet = xTaskCreate(tskSha_Test, "sha_test",
xRet = xTaskCreate(tskSha_Test, "sha_test",
SMALL_STACK_SIZE, NULL, 3, NULL);
#endif
#ifndef NO_SHA256
if (xRet == pdPASS)
xRet = xTaskCreate(tskSha256_Test, "sha256_test",
xRet = xTaskCreate(tskSha256_Test, "sha256_test",
SMALL_STACK_SIZE, NULL, 3, NULL);
#endif
@ -849,15 +848,15 @@ int tsip_crypt_sha_multitest()
}
}
}
vSemaphoreDelete(exit_semaph);
if ((xRet == pdPASS) &&
(sha_multTst_rslt == 0 && sha256_multTst_rslt == 0))
ret = 0;
else
ret = -1;
RESULT_STR(ret)
return ret;
@ -874,7 +873,7 @@ int tsip_crypt_AesCbc_multitest()
Info info_aes256_1;
Info info_aes256_2;
BaseType_t xRet;
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
num+=2;
#endif
@ -887,7 +886,7 @@ int tsip_crypt_AesCbc_multitest()
exit_semaph = xSemaphoreCreateCounting(num, 0);
xRet = pdPASS;
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
sizeof(tsip_aes_key_index_t));
@ -916,7 +915,7 @@ int tsip_crypt_AesCbc_multitest()
xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2",
SMALL_STACK_SIZE, &info_aes256_2, 3, NULL);
#endif
if (xRet == pdPASS) {
printf(" Waiting for completing tasks ...");
vTaskDelay(10000/portTICK_PERIOD_MS);
@ -930,7 +929,7 @@ int tsip_crypt_AesCbc_multitest()
}
}
}
vSemaphoreDelete(exit_semaph);
if ((xRet == pdPASS) &&
@ -955,7 +954,7 @@ int tsip_crypt_AesGcm_multitest()
Info info_aes256_1;
Info info_aes256_2;
BaseType_t xRet;
#if defined(WOLFSSL_AES_128)
num+=2;
#endif
@ -1010,7 +1009,7 @@ int tsip_crypt_AesGcm_multitest()
}
}
}
vSemaphoreDelete(exit_semaph);
if ((xRet == pdPASS) &&
@ -1032,7 +1031,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
Info info_aes256cbc;
Info info_aes256gcm;
BaseType_t xRet;
#ifndef NO_SHA
num++;
#endif
@ -1051,7 +1050,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
exit_semaph = xSemaphoreCreateCounting(num, 0);
xRet = pdPASS;
#ifndef NO_SHA
xRet = xTaskCreate(tskSha_Test, "sha_test",
SMALL_STACK_SIZE, NULL, 3, NULL);
@ -1069,7 +1068,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2,
sizeof(tsip_aes_key_index_t));
if (xRet == pdPASS)
xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2",
xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2",
STACK_SIZE, &info_aes256gcm, 3, NULL);
#endif
@ -1086,9 +1085,9 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
}
}
}
vSemaphoreDelete(exit_semaph);
if (xRet == pdPASS && sha_multTst_rslt == 0 &&
(Aes256_Cbc_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0)) {
ret = 0;
@ -1096,7 +1095,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
else {
ret = -1;
}
RESULT_STR(ret)
return ret;
@ -1158,11 +1157,10 @@ int tsip_crypt_test()
ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1);
}
#if defined(WOLFSSL_KEY_GEN)&& \
#if defined(WOLFSSL_KEY_GEN) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (ret == 0) {
Clr_CallbackCtx(&userContext);
ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &userContext);
@ -1172,11 +1170,10 @@ int tsip_crypt_test()
}
if (ret == 0) {
printf(" tsip_rsa_SignVerify_test(1024)");
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
userContext.sing_hash_type = sha256_mac;
userContext.sign_hash_type = sha256_mac;
userContext.keyflgs_crypt.bits.message_type = 0;
ret = tsip_rsa_SignVerify_test(1, 1024);
@ -1189,7 +1186,7 @@ int tsip_crypt_test()
printf(" tsip_rsa_SignVerify_test(2048)");
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
userContext.sing_hash_type = sha256_mac;
userContext.sign_hash_type = sha256_mac;
userContext.keyflgs_crypt.bits.message_type = 0;
ret = tsip_rsa_SignVerify_test(1, 2048);

122
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -73,7 +73,7 @@ TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX];
#include <wolfssl/wolfcrypt/cryptocb.h>
WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl)
WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl)
{
int ret = 0;
WOLFSSL_ENTER("Renesas_cmn_Cleanup");
@ -116,11 +116,9 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCheckCb(WOLFSSL* ssl,
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
WOLFSSL_ENTER("Renesas_cmn_RsaSignCheckCb");
#if defined(WOLFSSL_RENESAS_TSIP)
return tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx);
#endif /* WOLFSSL_RENESAS_TSIP */
#if defined(WOLFSSL_RENESAS_TSIP)
ret = tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx);
#endif /* WOLFSSL_RENESAS_TSIP */
WOLFSSL_LEAVE("Renesas_cmn_RsaSignCheckCb", ret);
return ret;
@ -156,29 +154,31 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
WOLFSSL_ENTER("Renesas_cmn_CryptoDevCb");
#if defined(WOLFSSL_RENESAS_TSIP_TLS) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
#endif
if (info == NULL || ctx == NULL)
return BAD_FUNC_ARG;
#ifdef DEBUG_WOLFSSL
#if defined(DEBUG_WOLFSSL)
printf("CryptoDevCb: Algo Type %d session key set: %d\n",
info->algo_type, cbInfo->session_key_set);
#endif
#if defined(DEBUG_CRYPTOCB)
wc_CryptoCb_InfoString(info);
#endif
#if defined(WOLFSSL_RENESAS_TSIP) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
ret = CRYPTOCB_UNAVAILABLE;
if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES) || !defined(NO_DES3)
#if !defined(NO_AES)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM
#ifdef WOLFSSL_RENESAS_TSIP_TLS
@ -241,44 +241,51 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
}
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */
#endif /* !NO_AES */
}
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 ||
info->pk.rsakg.size == 2048)) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
}
#endif
/* Is called for signing
* Can handle only RSA PkCS#1v1.5 padding scheme here.
*/
if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA)
if (info->pk.type == WC_PK_TYPE_RSA) {
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
ret = tsip_SignRsaPkcs(info, ctx);
}
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) {
ret = wc_tsip_RsaVerifyPkcs(info, ctx);
}
#endif
#if !defined(NO_RSA)
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
}
#endif /* NO_RSA */
#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS)
else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
#endif
/* RSA Signing
* Can handle only RSA PkCS#1v1.5 padding scheme here.
*/
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
ret = tsip_SignRsaPkcs(info, ctx);
}
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
/* RSA Verify */
if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
ret = wc_tsip_RsaVerifyPkcs(info, ctx);
}
#endif
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
ret = tsip_SignEcdsa(info, ctx);
}
#endif /* HAVE_ECC */
#endif
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
ret = tsip_VerifyEcdsa(info, ctx);
}
#endif
#endif /* HAVE_ECC */
}
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES) || !defined(NO_DES3)
#if !defined(NO_AES)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM) {
@ -347,20 +354,19 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
}
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */
#endif /* !NO_AES */
}
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA)
#if defined(WOLFSSL_KEY_GEN)
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 ||
info->pk.rsakg.size == 2048)) {
ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key,
info->pk.rsakg.size, (void*)ctx);
}
#endif
#endif
if (info->pk.type == WC_PK_TYPE_RSA) {
/* to perform RSA on SCE, wrapped keys should be installed
* in advance. SCE supports 1024 or 2048 bits key size.
@ -411,9 +417,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
"RSA operation falls through to SW operation.");
}
}
#endif /* NO_RSA && WOLFSSL_RENESAS_FSPSM_CRYPTONLY */
}
#endif /* NO_RSA */
#endif /* !NO_RSA */
#endif /* TSIP or SCE */
(void)devIdArg;
@ -429,7 +434,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
* session_key_generated : if session key has been generated
* return 1 for usable, 0 for unusable
*/
int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated)
int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated)
{
int ret = 0;
@ -467,13 +472,13 @@ WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)
* device Id starts from 7890, and increases + 1 its number
* when the method is successfully called.
*/
int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
{
(void)ssl;
(void)ctx;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
@ -481,13 +486,12 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
#endif
if (cbInfo == NULL
#if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) &&\
#if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(HAVE_RENESAS_SYNC)
|| ssl == NULL) {
#else
) {
!defined(HAVE_RENESAS_SYNC)
|| ssl == NULL
#endif
) {
printf("Invalid devId\n");
return INVALID_DEVID;
}
@ -537,8 +541,8 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id)
}
#endif /* WOLF_CRYPTO_CB */
#endif /* WOLFSSL_RENESAS_FSPSM_TLS|| WOLFSSL_RENESAS_FSPSM_CRYPTONLY
WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#endif /* WOLFSSL_RENESAS_FSPSM_TLS || WOLFSSL_RENESAS_FSPSM_CRYPTONLY
WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)

46
wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
View File

@ -40,7 +40,7 @@
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
/* Make Rsa key for TSIP and set it to callback ctx
/* Make RSA key for TSIP and set it to callback ctx
* Assumes to be called by Crypt Callback
*
* size desired keylenth, in bits. supports 1024 or 2048 bits
@ -59,6 +59,11 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
if (ctx == NULL)
return BAD_FUNC_ARG;
if (size != 1024 && size != 2048) {
WOLFSSL_MSG("Failed to generate key pair by TSIP");
return CRYPTOCB_UNAVAILABLE;
}
if ((ret = tsip_hw_lock()) == 0) {
if (size == 1024) {
tsip_pair1024_key =
@ -80,8 +85,6 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key);
}
else
return CRYPTOCB_UNAVAILABLE;
if (ret == TSIP_SUCCESS) {
if (size == 1024) {
@ -90,8 +93,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER);
}
if (info->rsa1024pub_keyIdx != NULL) {
XFREE(info->rsa1024pub_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
}
info->rsa1024pri_keyIdx =
(tsip_rsa1024_private_key_index_t*)XMALLOC(
@ -99,7 +101,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa1024pri_keyIdx == NULL) {
XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
@ -109,9 +111,8 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa1024pub_keyIdx == NULL) {
XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pri_keyIdx, 0,
DYNAMIC_TYPE_RSA_BUFFER);
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
/* copy generated key pair and free malloced key */
@ -121,7 +122,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
XMEMCPY(info->rsa1024pub_keyIdx,
&tsip_pair1024_key->public,
sizeof(tsip_rsa1024_public_key_index_t));
XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
@ -141,7 +142,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa2048pri_keyIdx == NULL) {
XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
@ -151,11 +152,12 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa2048pub_keyIdx == NULL) {
XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa2048pri_keyIdx, 0,
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa2048pri_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
/* copy generated key pair and free malloced key */
XMEMCPY(info->rsa2048pri_keyIdx,
&tsip_pair2048_key->private,
@ -163,21 +165,17 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
XMEMCPY(info->rsa2048pub_keyIdx,
&tsip_pair2048_key->public,
sizeof(tsip_rsa2048_public_key_index_t));
XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
}
}
else {
WOLFSSL_MSG("Failed to generate key pair by TSIP");
return CRYPTOCB_UNAVAILABLE;
}
tsip_hw_unlock();
}
return 0;
}
@ -199,10 +197,8 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData;
uint8_t tsip_hash_type;
/* sanity check */
if (info == NULL || tuc == NULL){
return BAD_FUNC_ARG;
@ -221,8 +217,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1)
{
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 1024 not set");
@ -232,11 +227,10 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
}
break;
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1)
{
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 1024 not set");
WOLFSSL_MSG("tsip rsa private key 2048 not set");
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
}

190
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@ -194,8 +194,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt");
if (uc == NULL
|| keyBuf == NULL || keyBufLen == 0) {
if (uc == NULL || keyBuf == NULL || keyBufLen == 0) {
ret = BAD_FUNC_ARG;
}
@ -1685,7 +1684,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
}
}
else {
if (!tuc->ClientEccP256PrivKey_set) {
if (!tuc->ClientEccPrivKey_set) {
ret = NO_PRIVATE_KEY;
}
}
@ -1726,7 +1725,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
}
else {
err = R_TSIP_Tls13CertificateVerifyGenerate(
(uint32_t*)&(tuc->EcdsaP256PrivateKeyIdx),
(uint32_t*)&(tuc->EcdsaPrivateKeyIdx),
TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
hash,
message + HANDSHAKE_HEADER_SZ,
@ -1762,7 +1761,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
}
else {
#if defined(WOLFSSL_CHECK_SIG_FAULTS)
if (!tuc->ClientEccP256PubKey_set) {
if (!tuc->ClientEccPubKey_set) {
ret = NO_PRIVATE_KEY;
}
#endif /* WOLFSSL_CHECK_SIG_FAULTS */
@ -1831,7 +1830,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
err = R_TSIP_EcdsaP256SignatureVerification(
&ecdsa_sig, &ecdsa_hash,
&tuc->EcdsaP256PublicKeyIdx);
&tuc->EcdsaPublicKeyIdx);
WOLFSSL_MSG("Perform self-verify for ecc signature");
#endif /* WOLFSSL_CHECK_SIG_FAULTS */
}
@ -2018,7 +2017,7 @@ static int tsip_ServerKeyExVerify(
WOLFSSL_MSG("Failed to lock tsip hw");
}
XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(peerkey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret);
return ret;
@ -2091,7 +2090,7 @@ int wc_tsip_EccVerify(
return CRYPTOCB_UNAVAILABLE;
}
/* concatenate r and s parts of the signature so that TSIP can handle it*/
/* concatenate r and s parts of the signature so that TSIP can handle it */
/* r */
if (sig[offset] == 0x20) {
XMEMCPY(sigforSCE, &sig[offset+1], rs_size);
@ -2292,8 +2291,10 @@ static byte _tls2tsipdef(byte cipher)
* The target key should be set with tsip_use_PrivateKey_buffer in advance.
* Acceptable key types are:
* TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now)
* TSIP_KEY_TYPE_RSA3072 rsa 3072 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
* TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key
*/
static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
{
@ -2349,12 +2350,12 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
#if defined(HAVE_ECC)
case TSIP_KEY_TYPE_ECDSAP256:
tuc->ClientEccP256PrivKey_set = 0;
tuc->ClientEccPrivKey_set = 0;
err = R_TSIP_GenerateEccP256PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey,
&(tuc->EcdsaP256PrivateKeyIdx));
&(tuc->EcdsaPrivateKeyIdx));
if (err == TSIP_SUCCESS) {
tuc->ClientEccP256PrivKey_set = 1;
tuc->ClientEccPrivKey_set = 1;
}
else {
ret = WC_HW_E;
@ -2382,8 +2383,10 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
* The target key should be set with tsip_use_PublicKey_buffer in advance.
* Acceptable key types are:
* TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now)
* TSIP_KEY_TYPE_RSA3072 rsa 3072 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
* TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key
*/
WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
{
@ -2414,7 +2417,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
}
if ((ret = tsip_hw_lock()) == 0) {
switch(keyType) {
switch (keyType) {
#if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA2048:
@ -2425,11 +2428,11 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
XFREE(tuc->rsa2048pub_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0;
tuc->rsa2048pub_keyIdx =
(tsip_rsa2048_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_public_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
(tsip_rsa2048_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_public_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tuc->rsa2048pub_keyIdx == NULL) {
return MEMORY_E;
}
@ -2453,25 +2456,47 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
ret = WC_HW_E;
}
break;
#endif
#if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA4096:
/* not supported as of TSIPv1.15 */
ret = CRYPTOCB_UNAVAILABLE;
break;
#endif
#endif /* !NO_RSA */
#if defined(HAVE_ECC) && \
defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(HAVE_ECC)
case TSIP_KEY_TYPE_ECDSAP256:
tuc->ClientEccP256PubKey_set = 0;
err = R_TSIP_GenerateEccP256PublicKeyIndex(
case TSIP_KEY_TYPE_ECDSAP384:
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientEccPubKey_set = 0;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.eccpub_key_set = 0;
#endif
if (keyType == TSIP_KEY_TYPE_ECDSAP256) {
err = R_TSIP_GenerateEccP256PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
&(tuc->EcdsaP256PublicKeyIdx));
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->EcdsaPublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&tuc->eccpub_keyIdx
#endif
);
}
else if (keyType == TSIP_KEY_TYPE_ECDSAP384) {
err = R_TSIP_GenerateEccP384PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->EcdsaPublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&tuc->eccpub_keyIdx
#endif
);
}
if (err == TSIP_SUCCESS) {
tuc->ClientEccP256PubKey_set = 1;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientEccPubKey_set = 1;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.eccpub_key_set = 1;
#endif
}
else {
ret = WC_HW_E;
@ -2779,7 +2804,8 @@ void tsip_inform_user_keys_ex(
word32 encrypted_user_tls_key_type)
{
WOLFSSL_ENTER("tsip_inform_user_keys_ex");
ForceZero(&g_user_key_info, sizeof(g_user_key_info));
XMEMSET(&g_user_key_info, 0, sizeof(g_user_key_info));
g_user_key_info.encrypted_provisioning_key = NULL;
g_user_key_info.iv = NULL;
@ -3637,7 +3663,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
if (ssl->options.hashAlgo == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
@ -3664,15 +3689,13 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1)
{
WOLFSSL_MSG("tsip rsa private key 2048 not set");
if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) {
WOLFSSL_MSG("tsip rsa private key 1024 not set");
ret = CRYPTOCB_UNAVAILABLE;
}
break;
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1)
{
if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) {
WOLFSSL_MSG("tsip rsa private key 2048 not set");
ret = CRYPTOCB_UNAVAILABLE;
}
@ -3682,7 +3705,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = CRYPTOCB_UNAVAILABLE;
break;
}
#endif
if (ret == 0) {
@ -3849,7 +3871,8 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
}
#endif /* !NO_RSA && TSIP_TLS */
#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(HAVE_ECC)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
/* Perform signing with the client's ECC private key on hash value of messages
* exchanged with server.
*
@ -3869,7 +3892,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData;
tsip_ecdsa_byte_data_t hashData, sigData;
byte offsetForWork;
byte* out = NULL;
byte* sig = NULL;
@ -3908,7 +3931,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#if defined(HAVE_ECC)
#if !defined(NO_ECC256)
case TSIP_KEY_TYPE_ECDSAP256:
offsetForWork = R_TSIP_ECDSA_DATA_BYTE_SIZE + 32;
if (*(info->pk.eccsign.outlen) <
@ -3921,7 +3944,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
offsetForWork;
err = R_TSIP_EcdsaP256SignatureGenerate(
&hashData, &sigData,
&tuc->EcdsaP256PrivateKeyIdx);
&tuc->EcdsaPrivateKeyIdx);
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
break;
@ -3959,16 +3982,6 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
break;
#endif
#if defined(HAVE_ECC192)
case TSIP_KEY_TYPE_ECDSAP192:
ret = CRYPTOCB_UNAVAILABLE;
break;
#endif
#if defined(HAVE_ECC224)
case TSIP_KEY_TYPE_ECDSAP224:
ret = CRYPTOCB_UNAVAILABLE;
break;
#endif
#if defined(HAVE_ECC384)
case TSIP_KEY_TYPE_ECDSAP384:
ret = CRYPTOCB_UNAVAILABLE;
@ -3989,7 +4002,82 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
WOLFSSL_LEAVE("tsip_SignEcdsa", ret);
return ret;
}
#endif /* HAVE_ECC && TSIP_TLS */
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
/* Perform verify with the wrapped public key, provided hash and signature r+s
*
* parameters
* info->pk.eccverify.in : the buffer holding hash value of messages
* info->pk.eccverify.inlen : hash data size
* info->pk.eccverify.out : the buffer where the signature data is output to
* info->pk.eccverify.outlen: the length of the buffer pk.eccsign.out
* tuc: the pointer to the TsipUserCtx structure
* returns
* 0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
*/
WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_ecdsa_byte_data_t hashData, sigData;
WOLFSSL_ENTER("tsip_VerifyEcdsa");
if (info == NULL || tuc == NULL) {
ret = CRYPTOCB_UNAVAILABLE;
}
if (ret == 0) {
/* import public key_index from wrapped key */
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
hashData.pdata = (uint8_t*)info->pk.eccverify.hash;
hashData.data_length = info->pk.eccverify.hashlen;
hashData.data_type = tuc->keyflgs_crypt.bits.message_type;
sigData.pdata = (uint8_t*)info->pk.eccverify.sig;
sigData.data_length = info->pk.eccverify.siglen;
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#if !defined(NO_ECC256)
case TSIP_KEY_TYPE_ECDSAP256:
err = R_TSIP_EcdsaP256SignatureVerification(&sigData,
&hashData, &tuc->eccpub_keyIdx);
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
}
break;
#endif
#if defined(HAVE_ECC384)
case TSIP_KEY_TYPE_ECDSAP384:
err = R_TSIP_EcdsaP384SignatureVerification(&sigData,
&hashData, &tuc->eccpub_keyIdx);
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
}
break;
#endif
default:
WOLFSSL_MSG("ECDSA public key size not available");
ret = CRYPTOCB_UNAVAILABLE;
break;
}
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("mutex locking error");
}
}
WOLFSSL_LEAVE("tsip_VerifyEcdsa", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#endif /* HAVE_ECC */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG

178
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -36,8 +36,16 @@
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/hash.h>
#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#include <wolfssl/ssl.h>
#endif
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
#ifdef __cplusplus
extern "C" {
@ -87,16 +95,19 @@ enum {
};
typedef enum {
TSIP_KEY_TYPE_RSA2048 = 0,
TSIP_KEY_TYPE_RSA4096 = 1,
TSIP_KEY_TYPE_ECDSAP256 = 2,
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
TSIP_KEY_TYPE_RSA1024 = 3,
TSIP_KEY_TYPE_RSA1024 = 1, /* TSIP_RSA1024 */
#endif
TSIP_KEY_TYPE_RSA2048 = 2, /* TSIP_RSA2048 */
TSIP_KEY_TYPE_RSA3072 = 3, /* TSIP_RSA3072 */
TSIP_KEY_TYPE_RSA4096 = 4, /* TSIP_RSA4096 */
TSIP_KEY_TYPE_ECDSAP256 = 5, /* TSIP_ECCP256 */
TSIP_KEY_TYPE_ECDSAP384 = 6, /* TSIP_ECCP384 */
} wolfssl_TSIP_KEY_TYPE;
struct WOLFSSL;
struct ecc_key;
struct KeyShareEntry;
/* MsgBag stands for message bag and acts as a buffer for holding plain text
@ -121,26 +132,33 @@ typedef struct MsgBag
} MsgBag;
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
typedef void* renesas_tsip_key;
/* flags Crypt Only */
struct tsip_keyflgs_cryt {
uint8_t aes256_key_set:1;
uint8_t aes128_key_set:1;
uint8_t rsapri2048_key_set:1;
uint8_t rsapub2048_key_set:1;
uint8_t rsapri1024_key_set:1;
uint8_t rsapub1024_key_set:1;
uint8_t message_type:1;/*message 0, hashed 1*/
};
/* flags Crypt Only */
struct tsip_keyflgs_cryt {
uint32_t aes256_key_set:1;
uint32_t aes128_key_set:1;
uint32_t rsapri2048_key_set:1;
uint32_t rsapub2048_key_set:1;
uint32_t rsapri1024_key_set:1;
uint32_t rsapub1024_key_set:1;
uint32_t eccpri_key_set:1;
uint32_t eccpub_key_set:1;
uint32_t message_type:1; /*message 0, hashed 1*/
};
#endif
/*
* TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format.
*/
typedef struct TsipUserCtx {
/* unique number for each session */
int devId;
/* client key pair wrapped by provisioning key */
byte* wrappedPrivateKey;
byte* wrappedPublicKey;
int wrappedKeyType;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* 0:working as a TLS client, 1: as a server */
byte side;
@ -159,24 +177,17 @@ typedef struct TsipUserCtx {
/* handle is used as work area for Tls13 handshake */
tsip_tls13_handle_t handle13;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* client key pair wrapped by provisioning key */
byte* wrappedPrivateKey;
byte* wrappedPublicKey;
int wrappedKeyType;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#if !defined(NO_RSA)
#if !defined(NO_RSA)
/* RSA-2048bit private and public key-index for client authentication */
tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx;
tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx;
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
/* ECC P256 private and public key-index for client authentication */
tsip_ecc_private_key_index_t EcdsaP256PrivateKeyIdx;
tsip_ecc_public_key_index_t EcdsaP256PublicKeyIdx;
#endif /* HAVE_ECC */
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
/* ECC private and public key-index for client authentication */
tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx;
tsip_ecc_public_key_index_t EcdsaPublicKeyIdx;
#endif /* HAVE_ECC */
/* ECDHE private key index for Tls13 handshake */
tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx;
@ -226,7 +237,6 @@ typedef struct TsipUserCtx {
/* signature data area for TLS1.3 CertificateVerify message */
byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
@ -248,27 +258,7 @@ typedef struct TsipUserCtx {
uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* for tsip crypt only mode */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
renesas_tsip_key rsa1024pri_keyIdx;
renesas_tsip_key rsa1024pub_keyIdx;
renesas_tsip_key rsa2048pri_keyIdx;
renesas_tsip_key rsa2048pub_keyIdx;
/* sign/verify hash type :
* md5, sha1 or sha256
*/
int sign_hash_type;
/* flags shows status if tsip keys are installed */
union {
uint8_t chr;
struct tsip_keyflgs_cryt bits;
} keyflgs_crypt;
#endif
/* installed key handling */
tsip_aes_key_index_t user_aes256_key_index;
uint8_t user_aes256_key_set:1;
@ -279,16 +269,14 @@ typedef struct TsipUserCtx {
uint32_t tsip_cipher;
/* flags */
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#if !defined(NO_RSA)
#if !defined(NO_RSA)
uint8_t ClientRsa2048PrivKey_set:1;
uint8_t ClientRsa2048PubKey_set:1;
#endif
#if defined(HAVE_ECC)
uint8_t ClientEccP256PrivKey_set:1;
uint8_t ClientEccP256PubKey_set:1;
#endif
#endif
#if defined(HAVE_ECC)
uint8_t ClientEccPrivKey_set:1;
uint8_t ClientEccPubKey_set:1;
#endif
uint8_t HmacInitialized:1;
uint8_t RootCAverified:1;
@ -308,6 +296,35 @@ typedef struct TsipUserCtx {
uint8_t session_key_set:1;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* for tsip crypt only mode */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
union {
#ifndef NO_RSA
tsip_rsa1024_private_key_index_t rsa1024pri_keyIdx;
tsip_rsa1024_public_key_index_t rsa1024pub_keyIdx;
tsip_rsa2048_private_key_index_t rsa2048pri_keyIdx;
tsip_rsa2048_public_key_index_t rsa2048pub_keyIdx;
#endif
#ifdef HAVE_ECC
#ifdef HAVE_ECC_SIGN
tsip_ecc_private_key_index_t eccpri_keyIdx;
#endif
tsip_ecc_public_key_index_t eccpub_keyIdx;
#endif
};
/* sign/verify hash type :
* md5, sha1 or sha256
*/
int sign_hash_type;
/* flags shows status if tsip keys are installed */
union {
uint32_t chr;
struct tsip_keyflgs_cryt bits;
} keyflgs_crypt;
#endif
} TsipUserCtx;
typedef TsipUserCtx RenesasUserCtx;
@ -401,8 +418,7 @@ WOLFSSL_API void tsip_inform_user_keys(
/*----------------------------------------------------*/
/* internal use functions */
/*----------------------------------------------------*/
WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc);
#ifdef HAVE_PK_CALLBACKS
WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
WOLFSSL* ssl,
unsigned char* sig, unsigned int sigSz,
@ -410,13 +426,21 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc);
#endif
#ifdef WOLF_CRYPTO_CB
struct wc_CryptoInfo;
WOLFSSL_LOCAL int tsip_SignRsaPkcs(struct wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_SignEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
@ -505,23 +529,23 @@ WOLFSSL_LOCAL int wc_tsip_generateMasterSecret(
WOLFSSL_LOCAL int wc_tsip_storeKeyCtx(
WOLFSSL *ssl,
struct WOLFSSL *ssl,
TsipUserCtx *userCtx);
WOLFSSL_LOCAL int wc_tsip_generateEncryptPreMasterSecret(
WOLFSSL* ssl,
struct WOLFSSL* ssl,
byte* out,
word32* outSz);
WOLFSSL_LOCAL int wc_tsip_EccSharedSecret(
WOLFSSL* ssl,
struct WOLFSSL* ssl,
struct ecc_key* otherKey,
unsigned char* pubKeyDer, unsigned int* pubKeySz,
unsigned char* out, unsigned int* outlen,
int side, void* ctx);
WOLFSSL_LOCAL int wc_tsip_RsaVerify(
WOLFSSL* ssl,
struct WOLFSSL* ssl,
byte* sig,
word32 sigSz,
byte** out,
@ -530,7 +554,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerify(
void* ctx);
WOLFSSL_LOCAL int wc_tsip_EccVerify(
WOLFSSL* ssl,
struct WOLFSSL* ssl,
const byte* sig, word32 sigSz,
const byte* hash, word32 hashSz,
const byte* key, word32 keySz,
@ -571,14 +595,14 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt(
void* ctx);
#endif /* NO_AES */
WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify(
const WOLFSSL *ssl,
const struct WOLFSSL *ssl,
const byte* message,
word32 messageSz,
word32 macSz,
word32 content);
WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate(
const WOLFSSL *ssl,
const struct WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
@ -586,7 +610,7 @@ WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate(
byte* digest);
WOLFSSL_LOCAL int wc_tsip_Sha256HmacGenerate(
const WOLFSSL *ssl,
const struct WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
@ -601,7 +625,7 @@ WOLFSSL_LOCAL int tsip_hw_lock();
WOLFSSL_LOCAL void tsip_hw_unlock( void );
WOLFSSL_LOCAL int tsip_usable(const WOLFSSL *ssl,
WOLFSSL_LOCAL int tsip_usable(const struct WOLFSSL *ssl,
uint8_t session_key_generated);
WOLFSSL_LOCAL void tsip_inform_sflash_signedcacert(
@ -631,13 +655,11 @@ WOLFSSL_LOCAL int wc_tsip_generatePremasterSecret(
word32 preSz);
WOLFSSL_LOCAL int wc_tsip_generateSessionKey(
WOLFSSL* ssl,
struct WOLFSSL* ssl,
TsipUserCtx* ctx,
int devId);
WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx);
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int wc_tsip_GenerateRandBlock(byte* output, word32 size);

2
wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
View File

@ -82,7 +82,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx);
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx);
int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx);
void wc_CryptoCb_CleanupRenesasCmn(int* id);
#endif /* __RENESAS_CMN_H__ */

12
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
View File

@ -25,6 +25,7 @@
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
@ -59,11 +60,12 @@ typedef wolfssl_TSIP_Hash wc_Sha256;
typedef enum {
TSIP_RSA2048,
TSIP_RSA3072,
TSIP_RSA4096,
TSIP_ECCP256,
TSIP_ECCP384,
TSIP_RSA1024 = 1,
TSIP_RSA2048 = 2,
TSIP_RSA3072 = 3,
TSIP_RSA4096 = 4,
TSIP_ECCP256 = 5,
TSIP_ECCP384 = 6,
} TSIP_KEY_TYPE;