wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added Renesas RX TSIP ECDSA Verify Crypto callback.

Browse Source
This commit is contained in:
David Garske
2024-06-26 16:01:18 -07:00
parent e81e18859b
commit 73a1938e89
7 changed files with 375 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
View File

@ -107,7 +107,6 @@ typedef struct tagInfo
void Clr_CallbackCtx(TsipUserCtx *g) void Clr_CallbackCtx(TsipUserCtx *g)
{ {
if (g->rsa1024pri_keyIdx != NULL) if (g->rsa1024pri_keyIdx != NULL)
XFREE(g->rsa1024pri_keyIdx, XFREE(g->rsa1024pri_keyIdx,
NULL, DYNAMIC_TYPE_TMP_BUFFER); NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -1158,11 +1157,10 @@ int tsip_crypt_test()
ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1); ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1);
} }
#if defined(WOLFSSL_KEY_GEN)&& \ #if defined(WOLFSSL_KEY_GEN) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (ret == 0) { if (ret == 0) {
Clr_CallbackCtx(&userContext); Clr_CallbackCtx(&userContext);
ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &userContext); ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &userContext);
@ -1172,11 +1170,10 @@ int tsip_crypt_test()
} }
if (ret == 0) { if (ret == 0) {
printf(" tsip_rsa_SignVerify_test(1024)"); printf(" tsip_rsa_SignVerify_test(1024)");
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024; userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
userContext.sing_hash_type = sha256_mac; userContext.sign_hash_type = sha256_mac;
userContext.keyflgs_crypt.bits.message_type = 0; userContext.keyflgs_crypt.bits.message_type = 0;
ret = tsip_rsa_SignVerify_test(1, 1024); ret = tsip_rsa_SignVerify_test(1, 1024);
@ -1189,7 +1186,7 @@ int tsip_crypt_test()
printf(" tsip_rsa_SignVerify_test(2048)"); printf(" tsip_rsa_SignVerify_test(2048)");
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048; userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
userContext.sing_hash_type = sha256_mac; userContext.sign_hash_type = sha256_mac;
userContext.keyflgs_crypt.bits.message_type = 0; userContext.keyflgs_crypt.bits.message_type = 0;
ret = tsip_rsa_SignVerify_test(1, 2048); ret = tsip_rsa_SignVerify_test(1, 2048);

84
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -73,7 +73,7 @@ TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX];
#include <wolfssl/wolfcrypt/cryptocb.h> #include <wolfssl/wolfcrypt/cryptocb.h>
WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl) WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl)
{ {
int ret = 0; int ret = 0;
WOLFSSL_ENTER("Renesas_cmn_Cleanup"); WOLFSSL_ENTER("Renesas_cmn_Cleanup");
@ -116,11 +116,9 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCheckCb(WOLFSSL* ssl,
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
WOLFSSL_ENTER("Renesas_cmn_RsaSignCheckCb"); WOLFSSL_ENTER("Renesas_cmn_RsaSignCheckCb");
#if defined(WOLFSSL_RENESAS_TSIP) #if defined(WOLFSSL_RENESAS_TSIP)
ret = tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx);
return tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx); #endif /* WOLFSSL_RENESAS_TSIP */
#endif /* WOLFSSL_RENESAS_TSIP */
WOLFSSL_LEAVE("Renesas_cmn_RsaSignCheckCb", ret); WOLFSSL_LEAVE("Renesas_cmn_RsaSignCheckCb", ret);
return ret; return ret;
@ -156,8 +154,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
WOLFSSL_ENTER("Renesas_cmn_CryptoDevCb"); WOLFSSL_ENTER("Renesas_cmn_CryptoDevCb");
#if defined(WOLFSSL_RENESAS_TSIP_TLS) \ #if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
@ -167,18 +165,20 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info == NULL || ctx == NULL) if (info == NULL || ctx == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#ifdef DEBUG_WOLFSSL #if defined(DEBUG_WOLFSSL)
printf("CryptoDevCb: Algo Type %d session key set: %d\n", printf("CryptoDevCb: Algo Type %d session key set: %d\n",
info->algo_type, cbInfo->session_key_set); info->algo_type, cbInfo->session_key_set);
#endif #endif
#if defined(DEBUG_CRYPTOCB)
wc_CryptoCb_InfoString(info);
#endif
#if defined(WOLFSSL_RENESAS_TSIP) || \ #if defined(WOLFSSL_RENESAS_TSIP) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
if (info->algo_type == WC_ALGO_TYPE_CIPHER) { if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES)
#if !defined(NO_AES) || !defined(NO_DES3)
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM if (info->cipher.type == WC_CIPHER_AES_GCM
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
@ -241,44 +241,51 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
} }
} }
#endif /* HAVE_AES_CBC */ #endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */ #endif /* !NO_AES */
} }
if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA)
#if defined(WOLFSSL_KEY_GEN) #if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 || (info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) {
info->pk.rsakg.size == 2048)) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
} }
#endif #endif
/* Is called for signing /* RSA Signing
* Can handle only RSA PkCS#1v1.5 padding scheme here. * Can handle only RSA PkCS#1v1.5 padding scheme here.
*/ */
if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA)
if (info->pk.type == WC_PK_TYPE_RSA) {
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) { if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
ret = tsip_SignRsaPkcs(info, ctx); ret = tsip_SignRsaPkcs(info, ctx);
} }
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) { /* RSA Verify */
if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
ret = wc_tsip_RsaVerifyPkcs(info, ctx); ret = wc_tsip_RsaVerifyPkcs(info, ctx);
} }
#endif #endif
} #endif /* !NO_RSA */
#endif /* NO_RSA */
#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(HAVE_ECC)
else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { #if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
ret = tsip_SignEcdsa(info, ctx); ret = tsip_SignEcdsa(info, ctx);
} }
#endif
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
ret = tsip_VerifyEcdsa(info, ctx);
}
#endif
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
} }
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
if (info->algo_type == WC_ALGO_TYPE_CIPHER) { if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES)
#if !defined(NO_AES) || !defined(NO_DES3)
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM) { if (info->cipher.type == WC_CIPHER_AES_GCM) {
@ -347,12 +354,11 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
} }
} }
#endif /* HAVE_AES_CBC */ #endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */ #endif /* !NO_AES */
} }
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA) #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if defined(WOLFSSL_KEY_GEN) #if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 || (info->pk.rsakg.size == 1024 ||
@ -411,9 +417,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
"RSA operation falls through to SW operation."); "RSA operation falls through to SW operation.");
} }
} }
#endif /* NO_RSA && WOLFSSL_RENESAS_FSPSM_CRYPTONLY */
} }
#endif /* NO_RSA */ #endif /* !NO_RSA */
#endif /* TSIP or SCE */ #endif /* TSIP or SCE */
(void)devIdArg; (void)devIdArg;
@ -429,7 +434,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
* session_key_generated : if session key has been generated * session_key_generated : if session key has been generated
* return 1 for usable, 0 for unusable * return 1 for usable, 0 for unusable
*/ */
int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated) int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated)
{ {
int ret = 0; int ret = 0;
@ -467,13 +472,13 @@ WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)
* device Id starts from 7890, and increases + 1 its number * device Id starts from 7890, and increases + 1 its number
* when the method is successfully called. * when the method is successfully called.
*/ */
int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
{ {
(void)ssl; (void)ssl;
(void)ctx; (void)ctx;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) \ #if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
@ -481,13 +486,12 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
#endif #endif
if (cbInfo == NULL if (cbInfo == NULL
#if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) &&\ #if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(HAVE_RENESAS_SYNC) !defined(HAVE_RENESAS_SYNC)
|| ssl == NULL) { || ssl == NULL
#else
) {
#endif #endif
) {
printf("Invalid devId\n"); printf("Invalid devId\n");
return INVALID_DEVID; return INVALID_DEVID;
} }
@ -537,7 +541,7 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id)
} }
#endif /* WOLF_CRYPTO_CB */ #endif /* WOLF_CRYPTO_CB */
#endif /* WOLFSSL_RENESAS_FSPSM_TLS|| WOLFSSL_RENESAS_FSPSM_CRYPTONLY #endif /* WOLFSSL_RENESAS_FSPSM_TLS || WOLFSSL_RENESAS_FSPSM_CRYPTONLY
WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */ WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)

46
wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
View File

@ -40,7 +40,7 @@
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
/* Make Rsa key for TSIP and set it to callback ctx /* Make RSA key for TSIP and set it to callback ctx
* Assumes to be called by Crypt Callback * Assumes to be called by Crypt Callback
* *
* size desired keylenth, in bits. supports 1024 or 2048 bits * size desired keylenth, in bits. supports 1024 or 2048 bits
@ -59,6 +59,11 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
if (ctx == NULL) if (ctx == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (size != 1024 && size != 2048) {
WOLFSSL_MSG("Failed to generate key pair by TSIP");
return CRYPTOCB_UNAVAILABLE;
}
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
if (size == 1024) { if (size == 1024) {
tsip_pair1024_key = tsip_pair1024_key =
@ -80,8 +85,6 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key); ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key);
} }
else
return CRYPTOCB_UNAVAILABLE;
if (ret == TSIP_SUCCESS) { if (ret == TSIP_SUCCESS) {
if (size == 1024) { if (size == 1024) {
@ -90,8 +93,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
} }
if (info->rsa1024pub_keyIdx != NULL) { if (info->rsa1024pub_keyIdx != NULL) {
XFREE(info->rsa1024pub_keyIdx, NULL, XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
DYNAMIC_TYPE_RSA_BUFFER);
} }
info->rsa1024pri_keyIdx = info->rsa1024pri_keyIdx =
(tsip_rsa1024_private_key_index_t*)XMALLOC( (tsip_rsa1024_private_key_index_t*)XMALLOC(
@ -99,7 +101,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa1024pri_keyIdx == NULL) { if (info->rsa1024pri_keyIdx == NULL) {
XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E; return MEMORY_E;
} }
@ -109,9 +111,8 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa1024pub_keyIdx == NULL) { if (info->rsa1024pub_keyIdx == NULL) {
XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pri_keyIdx, 0, XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E; return MEMORY_E;
} }
/* copy generated key pair and free malloced key */ /* copy generated key pair and free malloced key */
@ -121,7 +122,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
XMEMCPY(info->rsa1024pub_keyIdx, XMEMCPY(info->rsa1024pub_keyIdx,
&tsip_pair1024_key->public, &tsip_pair1024_key->public,
sizeof(tsip_rsa1024_public_key_index_t)); sizeof(tsip_rsa1024_public_key_index_t));
XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
info->keyflgs_crypt.bits.rsapri1024_key_set = 1; info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
info->keyflgs_crypt.bits.rsapub1024_key_set = 1; info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
@ -141,7 +142,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa2048pri_keyIdx == NULL) { if (info->rsa2048pri_keyIdx == NULL) {
XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E; return MEMORY_E;
} }
@ -151,11 +152,12 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa2048pub_keyIdx == NULL) { if (info->rsa2048pub_keyIdx == NULL) {
XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa2048pri_keyIdx, 0, XFREE(info->rsa2048pri_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E; return MEMORY_E;
} }
/* copy generated key pair and free malloced key */ /* copy generated key pair and free malloced key */
XMEMCPY(info->rsa2048pri_keyIdx, XMEMCPY(info->rsa2048pri_keyIdx,
&tsip_pair2048_key->private, &tsip_pair2048_key->private,
@ -163,21 +165,17 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
XMEMCPY(info->rsa2048pub_keyIdx, XMEMCPY(info->rsa2048pub_keyIdx,
&tsip_pair2048_key->public, &tsip_pair2048_key->public,
sizeof(tsip_rsa2048_public_key_index_t)); sizeof(tsip_rsa2048_public_key_index_t));
XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
info->keyflgs_crypt.bits.rsapri2048_key_set = 1; info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
info->keyflgs_crypt.bits.rsapub2048_key_set = 1; info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
} }
} }
else {
WOLFSSL_MSG("Failed to generate key pair by TSIP");
return CRYPTOCB_UNAVAILABLE;
}
tsip_hw_unlock(); tsip_hw_unlock();
} }
return 0; return 0;
} }
@ -199,10 +197,8 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
int ret = 0; int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS; e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData; tsip_rsa_byte_data_t hashData, sigData;
uint8_t tsip_hash_type; uint8_t tsip_hash_type;
/* sanity check */ /* sanity check */
if (info == NULL || tuc == NULL){ if (info == NULL || tuc == NULL){
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@ -221,8 +217,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
switch (tuc->wrappedKeyType) { switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024: case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
{
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 1024 not set"); WOLFSSL_MSG("tsip rsa private key 1024 not set");
@ -232,11 +227,10 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
} }
break; break;
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
{
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 1024 not set"); WOLFSSL_MSG("tsip rsa private key 2048 not set");
if (ret != 0) if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }

182
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@ -194,8 +194,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt"); WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt");
if (uc == NULL if (uc == NULL || keyBuf == NULL || keyBufLen == 0) {
|| keyBuf == NULL || keyBufLen == 0) {
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
@ -1685,7 +1684,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
} }
} }
else { else {
if (!tuc->ClientEccP256PrivKey_set) { if (!tuc->ClientEccPrivKey_set) {
ret = NO_PRIVATE_KEY; ret = NO_PRIVATE_KEY;
} }
} }
@ -1726,7 +1725,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
} }
else { else {
err = R_TSIP_Tls13CertificateVerifyGenerate( err = R_TSIP_Tls13CertificateVerifyGenerate(
(uint32_t*)&(tuc->EcdsaP256PrivateKeyIdx), (uint32_t*)&(tuc->EcdsaPrivateKeyIdx),
TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256, TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
hash, hash,
message + HANDSHAKE_HEADER_SZ, message + HANDSHAKE_HEADER_SZ,
@ -1762,7 +1761,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
} }
else { else {
#if defined(WOLFSSL_CHECK_SIG_FAULTS) #if defined(WOLFSSL_CHECK_SIG_FAULTS)
if (!tuc->ClientEccP256PubKey_set) { if (!tuc->ClientEccPubKey_set) {
ret = NO_PRIVATE_KEY; ret = NO_PRIVATE_KEY;
} }
#endif /* WOLFSSL_CHECK_SIG_FAULTS */ #endif /* WOLFSSL_CHECK_SIG_FAULTS */
@ -1831,7 +1830,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
err = R_TSIP_EcdsaP256SignatureVerification( err = R_TSIP_EcdsaP256SignatureVerification(
&ecdsa_sig, &ecdsa_hash, &ecdsa_sig, &ecdsa_hash,
&tuc->EcdsaP256PublicKeyIdx); &tuc->EcdsaPublicKeyIdx);
WOLFSSL_MSG("Perform self-verify for ecc signature"); WOLFSSL_MSG("Perform self-verify for ecc signature");
#endif /* WOLFSSL_CHECK_SIG_FAULTS */ #endif /* WOLFSSL_CHECK_SIG_FAULTS */
} }
@ -2018,7 +2017,7 @@ static int tsip_ServerKeyExVerify(
WOLFSSL_MSG("Failed to lock tsip hw"); WOLFSSL_MSG("Failed to lock tsip hw");
} }
XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER); XFREE(peerkey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret); WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret);
return ret; return ret;
@ -2091,7 +2090,7 @@ int wc_tsip_EccVerify(
return CRYPTOCB_UNAVAILABLE; return CRYPTOCB_UNAVAILABLE;
} }
/* concatenate r and s parts of the signature so that TSIP can handle it*/ /* concatenate r and s parts of the signature so that TSIP can handle it */
/* r */ /* r */
if (sig[offset] == 0x20) { if (sig[offset] == 0x20) {
XMEMCPY(sigforSCE, &sig[offset+1], rs_size); XMEMCPY(sigforSCE, &sig[offset+1], rs_size);
@ -2292,8 +2291,10 @@ static byte _tls2tsipdef(byte cipher)
* The target key should be set with tsip_use_PrivateKey_buffer in advance. * The target key should be set with tsip_use_PrivateKey_buffer in advance.
* Acceptable key types are: * Acceptable key types are:
* TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key * TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now) * TSIP_KEY_TYPE_RSA3072 rsa 3072 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
* TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key
*/ */
static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType) static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
{ {
@ -2349,12 +2350,12 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
#if defined(HAVE_ECC) #if defined(HAVE_ECC)
case TSIP_KEY_TYPE_ECDSAP256: case TSIP_KEY_TYPE_ECDSAP256:
tuc->ClientEccP256PrivKey_set = 0; tuc->ClientEccPrivKey_set = 0;
err = R_TSIP_GenerateEccP256PrivateKeyIndex( err = R_TSIP_GenerateEccP256PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey, provisioning_key, iv, (uint8_t*)encPrivKey,
&(tuc->EcdsaP256PrivateKeyIdx)); &(tuc->EcdsaPrivateKeyIdx));
if (err == TSIP_SUCCESS) { if (err == TSIP_SUCCESS) {
tuc->ClientEccP256PrivKey_set = 1; tuc->ClientEccPrivKey_set = 1;
} }
else { else {
ret = WC_HW_E; ret = WC_HW_E;
@ -2382,8 +2383,10 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
* The target key should be set with tsip_use_PublicKey_buffer in advance. * The target key should be set with tsip_use_PublicKey_buffer in advance.
* Acceptable key types are: * Acceptable key types are:
* TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key * TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now) * TSIP_KEY_TYPE_RSA3072 rsa 3072 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
* TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key
*/ */
WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
{ {
@ -2414,7 +2417,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
} }
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
switch(keyType) { switch (keyType) {
#if !defined(NO_RSA) #if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
@ -2425,7 +2428,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
XFREE(tuc->rsa2048pub_keyIdx, NULL, XFREE(tuc->rsa2048pub_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER); DYNAMIC_TYPE_RSA_BUFFER);
} }
tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0;
tuc->rsa2048pub_keyIdx = tuc->rsa2048pub_keyIdx =
(tsip_rsa2048_public_key_index_t*)XMALLOC( (tsip_rsa2048_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_public_key_index_t), NULL, sizeof(tsip_rsa2048_public_key_index_t), NULL,
@ -2453,25 +2456,47 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
ret = WC_HW_E; ret = WC_HW_E;
} }
break; break;
#endif
#if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA4096: case TSIP_KEY_TYPE_RSA4096:
/* not supported as of TSIPv1.15 */ /* not supported as of TSIPv1.15 */
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
break; break;
#endif #endif /* !NO_RSA */
#if defined(HAVE_ECC) && \ #if defined(HAVE_ECC)
defined(WOLFSSL_RENESAS_TSIP_TLS)
case TSIP_KEY_TYPE_ECDSAP256: case TSIP_KEY_TYPE_ECDSAP256:
case TSIP_KEY_TYPE_ECDSAP384:
tuc->ClientEccP256PubKey_set = 0; #if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientEccPubKey_set = 0;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.eccpub_key_set = 0;
#endif
if (keyType == TSIP_KEY_TYPE_ECDSAP256) {
err = R_TSIP_GenerateEccP256PublicKeyIndex( err = R_TSIP_GenerateEccP256PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey, provisioning_key, iv, (uint8_t*)encPubKey,
&(tuc->EcdsaP256PublicKeyIdx)); #if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->EcdsaPublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&tuc->eccpub_keyIdx
#endif
);
}
else if (keyType == TSIP_KEY_TYPE_ECDSAP384) {
err = R_TSIP_GenerateEccP384PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->EcdsaPublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&tuc->eccpub_keyIdx
#endif
);
}
if (err == TSIP_SUCCESS) { if (err == TSIP_SUCCESS) {
tuc->ClientEccP256PubKey_set = 1; #if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientEccPubKey_set = 1;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.eccpub_key_set = 1;
#endif
} }
else { else {
ret = WC_HW_E; ret = WC_HW_E;
@ -2779,7 +2804,8 @@ void tsip_inform_user_keys_ex(
word32 encrypted_user_tls_key_type) word32 encrypted_user_tls_key_type)
{ {
WOLFSSL_ENTER("tsip_inform_user_keys_ex"); WOLFSSL_ENTER("tsip_inform_user_keys_ex");
ForceZero(&g_user_key_info, sizeof(g_user_key_info));
XMEMSET(&g_user_key_info, 0, sizeof(g_user_key_info));
g_user_key_info.encrypted_provisioning_key = NULL; g_user_key_info.encrypted_provisioning_key = NULL;
g_user_key_info.iv = NULL; g_user_key_info.iv = NULL;
@ -3637,7 +3663,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType); ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
} }
if (ret == 0) { if (ret == 0) {
if (ssl->options.hashAlgo == md5_mac) if (ssl->options.hashAlgo == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5; tsip_hash_type = R_TSIP_RSA_HASH_MD5;
@ -3664,15 +3689,13 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
switch (tuc->wrappedKeyType) { switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024: case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) {
{ WOLFSSL_MSG("tsip rsa private key 1024 not set");
WOLFSSL_MSG("tsip rsa private key 2048 not set");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
break; break;
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) {
{
WOLFSSL_MSG("tsip rsa private key 2048 not set"); WOLFSSL_MSG("tsip rsa private key 2048 not set");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@ -3682,7 +3705,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
break; break;
} }
#endif #endif
if (ret == 0) { if (ret == 0) {
@ -3849,7 +3871,8 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
} }
#endif /* !NO_RSA && TSIP_TLS */ #endif /* !NO_RSA && TSIP_TLS */
#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(HAVE_ECC)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
/* Perform signing with the client's ECC private key on hash value of messages /* Perform signing with the client's ECC private key on hash value of messages
* exchanged with server. * exchanged with server.
* *
@ -3869,7 +3892,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
{ {
int ret = 0; int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS; e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData; tsip_ecdsa_byte_data_t hashData, sigData;
byte offsetForWork; byte offsetForWork;
byte* out = NULL; byte* out = NULL;
byte* sig = NULL; byte* sig = NULL;
@ -3908,7 +3931,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) { switch (tuc->wrappedKeyType) {
#if defined(HAVE_ECC) #if !defined(NO_ECC256)
case TSIP_KEY_TYPE_ECDSAP256: case TSIP_KEY_TYPE_ECDSAP256:
offsetForWork = R_TSIP_ECDSA_DATA_BYTE_SIZE + 32; offsetForWork = R_TSIP_ECDSA_DATA_BYTE_SIZE + 32;
if (*(info->pk.eccsign.outlen) < if (*(info->pk.eccsign.outlen) <
@ -3921,7 +3944,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
offsetForWork; offsetForWork;
err = R_TSIP_EcdsaP256SignatureGenerate( err = R_TSIP_EcdsaP256SignatureGenerate(
&hashData, &sigData, &hashData, &sigData,
&tuc->EcdsaP256PrivateKeyIdx); &tuc->EcdsaPrivateKeyIdx);
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
ret = WC_HW_E; ret = WC_HW_E;
break; break;
@ -3959,16 +3982,6 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
break; break;
#endif #endif
#if defined(HAVE_ECC192)
case TSIP_KEY_TYPE_ECDSAP192:
ret = CRYPTOCB_UNAVAILABLE;
break;
#endif
#if defined(HAVE_ECC224)
case TSIP_KEY_TYPE_ECDSAP224:
ret = CRYPTOCB_UNAVAILABLE;
break;
#endif
#if defined(HAVE_ECC384) #if defined(HAVE_ECC384)
case TSIP_KEY_TYPE_ECDSAP384: case TSIP_KEY_TYPE_ECDSAP384:
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
@ -3989,7 +4002,82 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
WOLFSSL_LEAVE("tsip_SignEcdsa", ret); WOLFSSL_LEAVE("tsip_SignEcdsa", ret);
return ret; return ret;
} }
#endif /* HAVE_ECC && TSIP_TLS */ #endif /* WOLFSSL_RENESAS_TSIP_TLS */
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
/* Perform verify with the wrapped public key, provided hash and signature r+s
*
* parameters
* info->pk.eccverify.in : the buffer holding hash value of messages
* info->pk.eccverify.inlen : hash data size
* info->pk.eccverify.out : the buffer where the signature data is output to
* info->pk.eccverify.outlen: the length of the buffer pk.eccsign.out
* tuc: the pointer to the TsipUserCtx structure
* returns
* 0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
*/
WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_ecdsa_byte_data_t hashData, sigData;
WOLFSSL_ENTER("tsip_VerifyEcdsa");
if (info == NULL || tuc == NULL) {
ret = CRYPTOCB_UNAVAILABLE;
}
if (ret == 0) {
/* import public key_index from wrapped key */
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
hashData.pdata = (uint8_t*)info->pk.eccverify.hash;
hashData.data_length = info->pk.eccverify.hashlen;
hashData.data_type = tuc->keyflgs_crypt.bits.message_type;
sigData.pdata = (uint8_t*)info->pk.eccverify.sig;
sigData.data_length = info->pk.eccverify.siglen;
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#if !defined(NO_ECC256)
case TSIP_KEY_TYPE_ECDSAP256:
err = R_TSIP_EcdsaP256SignatureVerification(&sigData,
&hashData, &tuc->eccpub_keyIdx);
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
}
break;
#endif
#if defined(HAVE_ECC384)
case TSIP_KEY_TYPE_ECDSAP384:
err = R_TSIP_EcdsaP384SignatureVerification(&sigData,
&hashData, &tuc->eccpub_keyIdx);
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
}
break;
#endif
default:
WOLFSSL_MSG("ECDSA public key size not available");
ret = CRYPTOCB_UNAVAILABLE;
break;
}
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("mutex locking error");
}
}
WOLFSSL_LEAVE("tsip_VerifyEcdsa", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#endif /* HAVE_ECC */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG #ifdef WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG

178
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -36,8 +36,16 @@
#endif #endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/hash.h>
#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#endif
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@ -87,16 +95,19 @@ enum {
}; };
typedef enum { typedef enum {
TSIP_KEY_TYPE_RSA2048 = 0,
TSIP_KEY_TYPE_RSA4096 = 1,
TSIP_KEY_TYPE_ECDSAP256 = 2,
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
TSIP_KEY_TYPE_RSA1024 = 3, TSIP_KEY_TYPE_RSA1024 = 1, /* TSIP_RSA1024 */
#endif #endif
TSIP_KEY_TYPE_RSA2048 = 2, /* TSIP_RSA2048 */
TSIP_KEY_TYPE_RSA3072 = 3, /* TSIP_RSA3072 */
TSIP_KEY_TYPE_RSA4096 = 4, /* TSIP_RSA4096 */
TSIP_KEY_TYPE_ECDSAP256 = 5, /* TSIP_ECCP256 */
TSIP_KEY_TYPE_ECDSAP384 = 6, /* TSIP_ECCP384 */
} wolfssl_TSIP_KEY_TYPE; } wolfssl_TSIP_KEY_TYPE;
struct WOLFSSL; struct WOLFSSL;
struct ecc_key;
struct KeyShareEntry; struct KeyShareEntry;
/* MsgBag stands for message bag and acts as a buffer for holding plain text /* MsgBag stands for message bag and acts as a buffer for holding plain text
@ -121,26 +132,33 @@ typedef struct MsgBag
} MsgBag; } MsgBag;
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
/* flags Crypt Only */
typedef void* renesas_tsip_key; struct tsip_keyflgs_cryt {
uint32_t aes256_key_set:1;
/* flags Crypt Only */ uint32_t aes128_key_set:1;
struct tsip_keyflgs_cryt { uint32_t rsapri2048_key_set:1;
uint8_t aes256_key_set:1; uint32_t rsapub2048_key_set:1;
uint8_t aes128_key_set:1; uint32_t rsapri1024_key_set:1;
uint8_t rsapri2048_key_set:1; uint32_t rsapub1024_key_set:1;
uint8_t rsapub2048_key_set:1; uint32_t eccpri_key_set:1;
uint8_t rsapri1024_key_set:1; uint32_t eccpub_key_set:1;
uint8_t rsapub1024_key_set:1; uint32_t message_type:1; /*message 0, hashed 1*/
uint8_t message_type:1;/*message 0, hashed 1*/ };
};
#endif #endif
/* /*
* TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format. * TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format.
*/ */
typedef struct TsipUserCtx { typedef struct TsipUserCtx {
/* unique number for each session */ /* unique number for each session */
int devId; int devId;
/* client key pair wrapped by provisioning key */
byte* wrappedPrivateKey;
byte* wrappedPublicKey;
int wrappedKeyType;
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
/* 0:working as a TLS client, 1: as a server */ /* 0:working as a TLS client, 1: as a server */
byte side; byte side;
@ -159,24 +177,17 @@ typedef struct TsipUserCtx {
/* handle is used as work area for Tls13 handshake */ /* handle is used as work area for Tls13 handshake */
tsip_tls13_handle_t handle13; tsip_tls13_handle_t handle13;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* client key pair wrapped by provisioning key */
byte* wrappedPrivateKey;
byte* wrappedPublicKey;
int wrappedKeyType; #if !defined(NO_RSA)
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#if !defined(NO_RSA)
/* RSA-2048bit private and public key-index for client authentication */ /* RSA-2048bit private and public key-index for client authentication */
tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx; tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx;
tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx; tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx;
#endif /* !NO_RSA */ #endif /* !NO_RSA */
#if defined(HAVE_ECC)
#if defined(HAVE_ECC) /* ECC private and public key-index for client authentication */
/* ECC P256 private and public key-index for client authentication */ tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx;
tsip_ecc_private_key_index_t EcdsaP256PrivateKeyIdx; tsip_ecc_public_key_index_t EcdsaPublicKeyIdx;
tsip_ecc_public_key_index_t EcdsaP256PublicKeyIdx; #endif /* HAVE_ECC */
#endif /* HAVE_ECC */
/* ECDHE private key index for Tls13 handshake */ /* ECDHE private key index for Tls13 handshake */
tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx; tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx;
@ -226,7 +237,6 @@ typedef struct TsipUserCtx {
/* signature data area for TLS1.3 CertificateVerify message */ /* signature data area for TLS1.3 CertificateVerify message */
byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ]; byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
#if (WOLFSSL_RENESAS_TSIP_VER >=109) #if (WOLFSSL_RENESAS_TSIP_VER >=109)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */ /* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ]; uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
@ -248,27 +258,7 @@ typedef struct TsipUserCtx {
uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4]; uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ]; uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ]; uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* for tsip crypt only mode */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
renesas_tsip_key rsa1024pri_keyIdx;
renesas_tsip_key rsa1024pub_keyIdx;
renesas_tsip_key rsa2048pri_keyIdx;
renesas_tsip_key rsa2048pub_keyIdx;
/* sign/verify hash type :
* md5, sha1 or sha256
*/
int sign_hash_type;
/* flags shows status if tsip keys are installed */
union {
uint8_t chr;
struct tsip_keyflgs_cryt bits;
} keyflgs_crypt;
#endif
/* installed key handling */ /* installed key handling */
tsip_aes_key_index_t user_aes256_key_index; tsip_aes_key_index_t user_aes256_key_index;
uint8_t user_aes256_key_set:1; uint8_t user_aes256_key_set:1;
@ -279,16 +269,14 @@ typedef struct TsipUserCtx {
uint32_t tsip_cipher; uint32_t tsip_cipher;
/* flags */ /* flags */
#ifdef WOLFSSL_RENESAS_TSIP_TLS #if !defined(NO_RSA)
#if !defined(NO_RSA)
uint8_t ClientRsa2048PrivKey_set:1; uint8_t ClientRsa2048PrivKey_set:1;
uint8_t ClientRsa2048PubKey_set:1; uint8_t ClientRsa2048PubKey_set:1;
#endif #endif
#if defined(HAVE_ECC)
#if defined(HAVE_ECC) uint8_t ClientEccPrivKey_set:1;
uint8_t ClientEccP256PrivKey_set:1; uint8_t ClientEccPubKey_set:1;
uint8_t ClientEccP256PubKey_set:1; #endif
#endif
uint8_t HmacInitialized:1; uint8_t HmacInitialized:1;
uint8_t RootCAverified:1; uint8_t RootCAverified:1;
@ -308,6 +296,35 @@ typedef struct TsipUserCtx {
uint8_t session_key_set:1; uint8_t session_key_set:1;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */ #endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* for tsip crypt only mode */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
union {
#ifndef NO_RSA
tsip_rsa1024_private_key_index_t rsa1024pri_keyIdx;
tsip_rsa1024_public_key_index_t rsa1024pub_keyIdx;
tsip_rsa2048_private_key_index_t rsa2048pri_keyIdx;
tsip_rsa2048_public_key_index_t rsa2048pub_keyIdx;
#endif
#ifdef HAVE_ECC
#ifdef HAVE_ECC_SIGN
tsip_ecc_private_key_index_t eccpri_keyIdx;
#endif
tsip_ecc_public_key_index_t eccpub_keyIdx;
#endif
};
/* sign/verify hash type :
* md5, sha1 or sha256
*/
int sign_hash_type;
/* flags shows status if tsip keys are installed */
union {
uint32_t chr;
struct tsip_keyflgs_cryt bits;
} keyflgs_crypt;
#endif
} TsipUserCtx; } TsipUserCtx;
typedef TsipUserCtx RenesasUserCtx; typedef TsipUserCtx RenesasUserCtx;
@ -401,8 +418,7 @@ WOLFSSL_API void tsip_inform_user_keys(
/*----------------------------------------------------*/ /*----------------------------------------------------*/
/* internal use functions */ /* internal use functions */
/*----------------------------------------------------*/ /*----------------------------------------------------*/
WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc); #ifdef HAVE_PK_CALLBACKS
WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
WOLFSSL* ssl, WOLFSSL* ssl,
unsigned char* sig, unsigned int sigSz, unsigned char* sig, unsigned int sigSz,
@ -410,13 +426,21 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
const unsigned char* keyDer, unsigned int keySz, const unsigned char* keyDer, unsigned int keySz,
void* ctx); void* ctx);
WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc); #endif
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
struct wc_CryptoInfo; struct wc_CryptoInfo;
WOLFSSL_LOCAL int tsip_SignRsaPkcs(struct wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_SignEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl); WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data, WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
@ -505,23 +529,23 @@ WOLFSSL_LOCAL int wc_tsip_generateMasterSecret(
WOLFSSL_LOCAL int wc_tsip_storeKeyCtx( WOLFSSL_LOCAL int wc_tsip_storeKeyCtx(
WOLFSSL *ssl, struct WOLFSSL *ssl,
TsipUserCtx *userCtx); TsipUserCtx *userCtx);
WOLFSSL_LOCAL int wc_tsip_generateEncryptPreMasterSecret( WOLFSSL_LOCAL int wc_tsip_generateEncryptPreMasterSecret(
WOLFSSL* ssl, struct WOLFSSL* ssl,
byte* out, byte* out,
word32* outSz); word32* outSz);
WOLFSSL_LOCAL int wc_tsip_EccSharedSecret( WOLFSSL_LOCAL int wc_tsip_EccSharedSecret(
WOLFSSL* ssl, struct WOLFSSL* ssl,
struct ecc_key* otherKey, struct ecc_key* otherKey,
unsigned char* pubKeyDer, unsigned int* pubKeySz, unsigned char* pubKeyDer, unsigned int* pubKeySz,
unsigned char* out, unsigned int* outlen, unsigned char* out, unsigned int* outlen,
int side, void* ctx); int side, void* ctx);
WOLFSSL_LOCAL int wc_tsip_RsaVerify( WOLFSSL_LOCAL int wc_tsip_RsaVerify(
WOLFSSL* ssl, struct WOLFSSL* ssl,
byte* sig, byte* sig,
word32 sigSz, word32 sigSz,
byte** out, byte** out,
@ -530,7 +554,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerify(
void* ctx); void* ctx);
WOLFSSL_LOCAL int wc_tsip_EccVerify( WOLFSSL_LOCAL int wc_tsip_EccVerify(
WOLFSSL* ssl, struct WOLFSSL* ssl,
const byte* sig, word32 sigSz, const byte* sig, word32 sigSz,
const byte* hash, word32 hashSz, const byte* hash, word32 hashSz,
const byte* key, word32 keySz, const byte* key, word32 keySz,
@ -571,14 +595,14 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt(
void* ctx); void* ctx);
#endif /* NO_AES */ #endif /* NO_AES */
WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify( WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify(
const WOLFSSL *ssl, const struct WOLFSSL *ssl,
const byte* message, const byte* message,
word32 messageSz, word32 messageSz,
word32 macSz, word32 macSz,
word32 content); word32 content);
WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate( WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate(
const WOLFSSL *ssl, const struct WOLFSSL *ssl,
const byte* myInner, const byte* myInner,
word32 innerSz, word32 innerSz,
const byte* in, const byte* in,
@ -586,7 +610,7 @@ WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate(
byte* digest); byte* digest);
WOLFSSL_LOCAL int wc_tsip_Sha256HmacGenerate( WOLFSSL_LOCAL int wc_tsip_Sha256HmacGenerate(
const WOLFSSL *ssl, const struct WOLFSSL *ssl,
const byte* myInner, const byte* myInner,
word32 innerSz, word32 innerSz,
const byte* in, const byte* in,
@ -601,7 +625,7 @@ WOLFSSL_LOCAL int tsip_hw_lock();
WOLFSSL_LOCAL void tsip_hw_unlock( void ); WOLFSSL_LOCAL void tsip_hw_unlock( void );
WOLFSSL_LOCAL int tsip_usable(const WOLFSSL *ssl, WOLFSSL_LOCAL int tsip_usable(const struct WOLFSSL *ssl,
uint8_t session_key_generated); uint8_t session_key_generated);
WOLFSSL_LOCAL void tsip_inform_sflash_signedcacert( WOLFSSL_LOCAL void tsip_inform_sflash_signedcacert(
@ -631,13 +655,11 @@ WOLFSSL_LOCAL int wc_tsip_generatePremasterSecret(
word32 preSz); word32 preSz);
WOLFSSL_LOCAL int wc_tsip_generateSessionKey( WOLFSSL_LOCAL int wc_tsip_generateSessionKey(
WOLFSSL* ssl, struct WOLFSSL* ssl,
TsipUserCtx* ctx, TsipUserCtx* ctx,
int devId); int devId);
WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx); WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx);
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int wc_tsip_GenerateRandBlock(byte* output, word32 size); WOLFSSL_LOCAL int wc_tsip_GenerateRandBlock(byte* output, word32 size);

2
wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
View File

@ -82,7 +82,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx); WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx);
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ #endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx); int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx);
void wc_CryptoCb_CleanupRenesasCmn(int* id); void wc_CryptoCb_CleanupRenesasCmn(int* id);
#endif /* __RENESAS_CMN_H__ */ #endif /* __RENESAS_CMN_H__ */

12
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
View File

@ -25,6 +25,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \ #if (!defined(NO_SHA) || !defined(NO_SHA256)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
@ -59,11 +60,12 @@ typedef wolfssl_TSIP_Hash wc_Sha256;
typedef enum { typedef enum {
TSIP_RSA2048, TSIP_RSA1024 = 1,
TSIP_RSA3072, TSIP_RSA2048 = 2,
TSIP_RSA4096, TSIP_RSA3072 = 3,
TSIP_ECCP256, TSIP_RSA4096 = 4,
TSIP_ECCP384, TSIP_ECCP256 = 5,
TSIP_ECCP384 = 6,
} TSIP_KEY_TYPE; } TSIP_KEY_TYPE;