wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Changes to support Renesas RX TSIP AES CTR.

Browse Source
This commit is contained in:
David Garske
2025-06-09 14:11:48 -07:00
parent 978a29da0b
commit 78362bc346
2 changed files with 107 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@@ -36,7 +36,9 @@
#include <wolfssl/wolfcrypt/wc_port.h> #include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#include <wolfssl/internal.h> #include <wolfssl/internal.h>
#endif
#include <wolfssl/wolfcrypt/aes.h> #include <wolfssl/wolfcrypt/aes.h>
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#ifdef NO_INLINE #ifdef NO_INLINE
@@ -381,24 +383,25 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
#if (WOLFSSL_RENESAS_TSIP_VER >= 109) #if (WOLFSSL_RENESAS_TSIP_VER >= 109)
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
void* ctx)
{ {
int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
WOLFSSL_ENTER("wc_tsip_AesCipher"); WOLFSSL_ENTER("wc_tsip_AesCipher");
if (info == NULL || ctx == NULL) if (info == NULL || ctx == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
(void)devIdArg;
if (info->algo_type == WC_ALGO_TYPE_CIPHER) { if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES)
#if !defined(NO_AES) || !defined(NO_DES3)
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM if (info->cipher.type == WC_CIPHER_AES_GCM
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo->session_key_set == 1 && cbInfo != NULL && cbInfo->session_key_set == 1
#endif #endif
) { ) {
@@ -433,10 +436,26 @@ WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
} }
} }
#endif /* HAVE_AESGCM */ #endif /* HAVE_AESGCM */
#ifdef WOLFSSL_AES_COUNTER
if (info->cipher.type == WC_CIPHER_AES_CTR
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo != NULL && cbInfo->session_key_set == 1
#endif
) {
/* encrypt and decrypt use same routine */
ret = wc_tsip_AesCtr(
info->cipher.aesctr.aes,
(byte*)info->cipher.aesctr.out,
(byte*)info->cipher.aesctr.in,
info->cipher.aesctr.sz);
}
#endif /* WOLFSSL_AES_COUNTER */
#ifdef HAVE_AES_CBC #ifdef HAVE_AES_CBC
if (info->cipher.type == WC_CIPHER_AES_CBC if (info->cipher.type == WC_CIPHER_AES_CBC
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo->session_key_set == 1 && cbInfo != NULL && cbInfo->session_key_set == 1
#endif #endif
) { ) {
@@ -457,7 +476,7 @@ WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
} }
} }
#endif /* HAVE_AES_CBC */ #endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */ #endif /* !NO_AES */
} }
WOLFSSL_LEAVE("wc_tsip_AesCipher", ret); WOLFSSL_LEAVE("wc_tsip_AesCipher", ret);
@@ -466,8 +485,7 @@ WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
#endif /* WOLF_CRYPTO_CB */ #endif /* WOLF_CRYPTO_CB */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 109 */ #endif /* WOLFSSL_RENESAS_TSIP_VER >= 109 */
#ifdef HAVE_AES_CBC
int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
{ {
tsip_aes_handle_t _handle; tsip_aes_handle_t _handle;
@@ -584,6 +602,64 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
tsip_hw_unlock(); tsip_hw_unlock();
return ret; return ret;
} }
#endif /* HAVE_AES_CBC */
#ifdef WOLFSSL_AES_COUNTER
int wc_tsip_AesCtr(struct Aes* aes, byte* out, const byte* in, word32 sz)
{
tsip_aes_handle_t _handle;
int ret;
byte *iv;
if ((in == NULL) || (out == NULL) || (aes == NULL))
return BAD_FUNC_ARG;
/* while doing TLS handshake, TSIP driver keeps true-key and iv *
* on the device. iv is dummy */
iv = (uint8_t*)aes->reg;
if ((ret = tsip_hw_lock()) != 0) {
WOLFSSL_MSG("Failed to lock");
return ret;
}
if (aes->ctx.keySize == 16) {
ret = R_TSIP_Aes128CtrInit(&_handle, &aes->ctx.tsip_keyIdx, iv);
}
else if (aes->ctx.keySize == 32) {
ret = R_TSIP_Aes256CtrInit(&_handle, &aes->ctx.tsip_keyIdx, iv);
}
else {
tsip_hw_unlock();
return -1;
}
if (aes->ctx.keySize == 16)
ret = R_TSIP_Aes128CtrUpdate(&_handle, (uint8_t*)in,
(uint8_t*)out, sz);
else
ret = R_TSIP_Aes256CtrUpdate(&_handle, (uint8_t*)in,
(uint8_t*)out, sz);
if (ret == TSIP_SUCCESS) {
if (aes->ctx.keySize == 16) {
ret = R_TSIP_Aes128CtrFinal(&_handle);
}
else {
ret = R_TSIP_Aes256CtrFinal(&_handle);
}
}
else {
WOLFSSL_MSG("TSIP AES CTR failed");
ret = -1;
}
tsip_hw_unlock();
return ret;
}
#endif /* WOLFSSL_AES_COUNTER */
#ifdef HAVE_AESGCM
/* /*
* Encrypt plain data then output encrypted data and authentication tag data. * Encrypt plain data then output encrypted data and authentication tag data.
* The session key used for encryption is generated inside this function and * The session key used for encryption is generated inside this function and
@@ -975,6 +1051,7 @@ int wc_tsip_AesGcmDecrypt(
WOLFSSL_LEAVE("wc_tsip_AesGcmDecrypt", ret); WOLFSSL_LEAVE("wc_tsip_AesGcmDecrypt", ret);
return ret; return ret;
} }
#endif /* HAVE_AESGCM */
#endif /* WOLFSSL_RENESAS_TSIP_TLS) || WOLFSSL_RENESAS_TSIP_CRYPTONLY #endif /* WOLFSSL_RENESAS_TSIP_TLS) || WOLFSSL_RENESAS_TSIP_CRYPTONLY
&& NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES */ && NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES */
#endif /* NO_AES */ #endif /* NO_AES */

26
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@@ -39,7 +39,7 @@
#include <wolfssl/wolfcrypt/types.h> #include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/hash.h> #include <wolfssl/wolfcrypt/hash.h>
#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY #ifdef WOLFSSL_RENESAS_TSIP_TLS
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#endif #endif
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
@@ -573,21 +573,33 @@ WOLFSSL_API int wc_tsip_generateVerifyData(
const uint8_t* side, const uint8_t* side,
const uint8_t* handshake_hash, const uint8_t* handshake_hash,
uint8_t* hashes); uint8_t* hashes);
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC
WOLFSSL_API int wc_tsip_AesCbcEncrypt( WOLFSSL_API int wc_tsip_AesCbcEncrypt(
Aes* aes, struct Aes* aes,
byte* out, byte* out,
const byte* in, const byte* in,
word32 sz); word32 sz);
WOLFSSL_API int wc_tsip_AesCbcDecrypt( WOLFSSL_API int wc_tsip_AesCbcDecrypt(
Aes* aes, struct Aes* aes,
byte* out, byte* out,
const byte* in, const byte* in,
word32 sz); word32 sz);
#endif /* HAVE_AES_CBC */
#ifdef WOLFSSL_AES_COUNTER
WOLFSSL_API int wc_tsip_AesCtr(
struct Aes*,
byte* out,
const byte* in,
word32 sz);
#endif /* WOLFSSL_AES_COUNTER */
#ifdef HAVE_AESGCM
WOLFSSL_API int wc_tsip_AesGcmEncrypt( WOLFSSL_API int wc_tsip_AesGcmEncrypt(
Aes* aes, byte* out, struct Aes* aes, byte* out,
const byte* in, word32 sz, const byte* in, word32 sz,
byte* iv, word32 ivSz, byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz, byte* authTag, word32 authTagSz,
@@ -595,13 +607,15 @@ WOLFSSL_API int wc_tsip_AesGcmEncrypt(
void* ctx); void* ctx);
WOLFSSL_API int wc_tsip_AesGcmDecrypt( WOLFSSL_API int wc_tsip_AesGcmDecrypt(
Aes* aes, byte* out, struct Aes* aes, byte* out,
const byte* in, word32 sz, const byte* in, word32 sz,
const byte* iv, word32 ivSz, const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz, const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz, const byte* authIn, word32 authInSz,
void* ctx); void* ctx);
#endif /* NO_AES */ #endif /* HAVE_AESGCM */
#endif /* !NO_AES */
WOLFSSL_API int wc_tsip_ShaXHmacVerify( WOLFSSL_API int wc_tsip_ShaXHmacVerify(
const struct WOLFSSL *ssl, const struct WOLFSSL *ssl,
const byte* message, const byte* message,