diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 4ccc075b1..c2fd6262e 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -21,34 +21,39 @@ #include -#if defined(WOLFSSL_RENESAS_FSPSM_TLS) \ - || defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) \ - || defined(WOLFSSL_RENESAS_TSIP_TLS) \ - || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) +#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \ + defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) - #include - #define cmn_hw_lock wc_fspsm_hw_lock - #define cmn_hw_unlock wc_fspsm_hw_unlock -#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \ - defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) - #include - #define cmn_hw_lock tsip_hw_lock - #define cmn_hw_unlock tsip_hw_unlock - #define FSPSM_ST TsipUserCtx; - #define MAX_FSPSM_CBINDEX 5 + #include + #define cmn_hw_lock wc_fspsm_hw_lock + #define cmn_hw_unlock wc_fspsm_hw_unlock + +#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + + #include + #define cmn_hw_lock tsip_hw_lock + #define cmn_hw_unlock tsip_hw_unlock + + #define FSPSM_ST TsipUserCtx; + #define MAX_FSPSM_CBINDEX 5 #endif #include #include #include +#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY #include +#endif #include #include #include -#include +#include uint32_t g_CAscm_Idx = (uint32_t)-1; /* index of CM table */ static int gdevId = 7890; /* initial dev Id for Crypt Callback */ @@ -59,7 +64,7 @@ static int gdevId = 7890; /* initial dev Id for Crypt Callback */ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) FSPSM_ST *gCbCtx[MAX_FSPSM_CBINDEX]; #elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \ - defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #define FSPSM_ST TsipUserCtx; #define MAX_FSPSM_CBINDEX 5 TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX]; @@ -426,7 +431,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) */ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated) { - int ret; + int ret = 0; #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_usable(ssl, session_key_generated); diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index 842ffb2bd..477f8e8ae 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -34,11 +34,15 @@ #define WOLFSSL_MISC_INCLUDED #include #endif -#include -#include -#include + +#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY + #include + #include + #include +#endif #include #include + #include #define TSIP_SIGNING_DATA_PREFIX_SZ 64 @@ -171,6 +175,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl, return ret; } #endif /* WOLFSSL_RENESAS_TSIP_TLS */ + #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) /* Set client encrypted public key data. @@ -421,11 +426,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse) WOLFSSL_LEAVE("tsip_Tls13GenEccKeyPair", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* generate shared secret(pre-master secret) * get peer's raw ECDHE public key from KeyShareEntry. * The pre-master secret generated by TSIP is stored into @@ -514,11 +515,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_Tls13GenSharedSecret", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl) { int ret = 0; @@ -543,11 +540,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsip_Tls13DeriveEarlySecret", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* derive handshake secret. * get pre-master secret stored in TsipUserCtx.sharedSecret13Idx. * Derived handshake secret is stored into TsipUserCtx.handshakeSecret13Idx @@ -621,11 +614,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsip_Tls13DeriveHandshakeSecret", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -705,11 +694,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13DeriveClientHandshakeKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -789,11 +774,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13DeriveServerHandshakeKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -881,11 +862,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13DeriveTrafficKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -953,11 +930,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13UpdateClientTrafficKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -1025,11 +998,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13UpdateServerTrafficKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* Derive the keys for TLS v1.3. * * ssl The WOLFSSL object. @@ -1124,11 +1093,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_Tls13DeriveKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) { int ret = 0; @@ -1198,11 +1163,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsip_Tls13DeriveMasterSecret", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* verify handshake * ssl WOLFSSL object * hash buffer holding decrypted finished message content from server. @@ -1288,11 +1249,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsipTls13VerifyHandshake", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* handles finished message from server. * verify hmac in the message. Also output verify data to * TsipUserCtx.verifyDataIdx, which is used for deriving master secret. @@ -1334,11 +1291,7 @@ WOLFSSL_LOCAL int tsip_Tls13HandleFinished( WOLFSSL_LEAVE("tsip_Tls13HandleFinished", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* Build TLS v1.3 Message and make it encrypted with AEAD algorithm. * TSIP supports AES-GCM and AES-CCM. * ssl The WOLFSSL object. @@ -1434,11 +1387,7 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_Tls13BuildMessage", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* Send finished message to the server. * * ssl WOLFSSL object @@ -1501,9 +1450,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished( WOLFSSL_LEAVE("tsip_Tls13SendFinished", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ -#if defined(WOLFSSL_TLS13) /* Parse and handle a TLS v1.3 CertificateVerify message sent from a server. * * ssl WOLFSSL object @@ -1644,9 +1591,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_Tls13CertificateVerify", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ -#if defined(WOLFSSL_TLS13) /* Send the TLS v1.3 CertificateVerify message. A part of the message is * processed by TSIP for acceleration. * @@ -1927,6 +1872,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) #endif /* WOLFSSL_TLS13 */ #endif /* WOLFSSL_RENESAS_TSIP_TLS */ + #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109) static uint32_t GetTsipCipherSuite( @@ -2545,41 +2491,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) WOLFSSL_LEAVE("tsipImportPublicKey", ret); return ret; } -/* -* lock hw engine. -* this should be called before using engine. -*/ -WOLFSSL_LOCAL int tsip_hw_lock(void) -{ - int ret = 0; - if (tsip_CryptHwMutexInit_ == 0) { - - ret = tsip_CryptHwMutexInit(&tsip_mutex); - - if (ret == 0) { - tsip_CryptHwMutexInit_ = 1; - } - else { - WOLFSSL_MSG(" mutex initialization failed."); - return -1; - } - } - if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) { - /* this should not happens */ - return -1; - } - - return ret; -} - -/* -* release hw engine -*/ -WOLFSSL_LOCAL void tsip_hw_unlock(void) -{ - tsip_CryptHwMutexUnLock(&tsip_mutex); -} #if defined(WOLFSSL_RENESAS_TSIP_TLS) /* check if tsip tls functions can be used for the cipher */ /* return :1 when tsip can be used , 0 not be used. */ @@ -2678,6 +2590,41 @@ int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated) } #endif /* WOLFSSL_RENESAS_TSIP_TLS */ +/* +* lock hw engine. +* this should be called before using engine. +*/ +WOLFSSL_LOCAL int tsip_hw_lock(void) +{ + int ret = 0; + + if (tsip_CryptHwMutexInit_ == 0) { + + ret = tsip_CryptHwMutexInit(&tsip_mutex); + + if (ret == 0) { + tsip_CryptHwMutexInit_ = 1; + } + else { + WOLFSSL_MSG(" mutex initialization failed."); + return -1; + } + } + if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) { + /* this should not happens */ + return -1; + } + + return ret; +} + +/* +* release hw engine +*/ +WOLFSSL_LOCAL void tsip_hw_unlock(void) +{ + tsip_CryptHwMutexUnLock(&tsip_mutex); +} /* open TSIP driver * return 0 on success. diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index 43030a2cb..a4a25cf08 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -372,7 +372,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl, #endif #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) -WOLFSSL_API int tsip_use_PubicKey_buffer_crypt(TsipUserCtx *uc, +WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc, const char* keyBuf, int keyBufLen, int keyType); WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc, const char* keyBuf, int keyBufLen, int keyType); diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h index e26911557..6efcb4a4a 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h @@ -21,6 +21,8 @@ #ifndef __RENESAS_CMN_H__ #define __RENESAS_CMN_H__ +#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY + #include #include @@ -69,8 +71,6 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigne /* Common Methods */ WOLFSSL_LOCAL void* Renesas_cmn_GetCbCtxBydevId(int devId); -int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx); -void wc_CryptoCb_CleanupRenesasCmn(int* id); int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start, word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row); @@ -80,4 +80,9 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, const byte *handshake_hash, word32 hashSz, byte *hashes, void* ctx); WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx); +#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ + +int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx); +void wc_CryptoCb_CleanupRenesasCmn(int* id); + #endif /* __RENESAS_CMN_H__ */ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h index d340a1d3f..b1a1c76e7 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h @@ -33,12 +33,6 @@ typedef enum { TSIP_SHA256 = 1, } TSIP_SHA_TYPE; -typedef enum { - TSIP_RSA2048, - TSIP_RSA4096, - TSIP_ECCP256, -} TSIP_KEY_TYPE; - typedef struct { byte* msg; void* heap; @@ -54,16 +48,24 @@ typedef struct { /* RAW hash function APIs are not implemented with TSIP */ #define WOLFSSL_NO_HASH_RAW +#ifndef NO_SHA typedef wolfssl_TSIP_Hash wc_Sha; - -#if !defined(NO_SHA256) +#endif +#ifndef NO_SHA256 typedef wolfssl_TSIP_Hash wc_Sha256; #endif -#endif /* NO_SHA */ +#endif /* !NO_SHA || !NO_SHA256 */ -#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) ||\ +typedef enum { + TSIP_RSA2048, + TSIP_RSA4096, + TSIP_ECCP256, +} TSIP_KEY_TYPE; + + +#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) || \ defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #include "r_tsip_rx_if.h"