wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-04 05:04:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6851 from miyazakh/rnd_gen_updates_rx

Browse Source 
Update random generation on RX TSIP
This commit is contained in:
Chris Conlon
2023-10-11 09:10:34 -06:00
committed by GitHub
parent a4f9ae90d0 f8604da8e3
commit 7f562f8259
6 changed files with 101 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
View File

@@ -103,7 +103,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
char *cert = "./certs/ca-cert.pem"; char *cert = "./certs/ca-cert.pem";
#endif #endif
#else #else
#if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256) #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256)
const unsigned char *cert = ca_ecc_cert_der_256; const unsigned char *cert = ca_ecc_cert_der_256;
#define SIZEOF_CERT sizeof_ca_ecc_cert_der_256 #define SIZEOF_CERT sizeof_ca_ecc_cert_der_256
#else #else
@@ -118,7 +118,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
#endif #endif
/* Create and initialize WOLFSSL_CTX */ /* Create and initialize WOLFSSL_CTX */
if ((client_ctx = if ((client_ctx =
wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) { wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n"); printf("ERROR: failed to create WOLFSSL_CTX\n");
return; return;
@@ -134,7 +134,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
return; return;
} }
#else #else
if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT,
SSL_FILETYPE_ASN1) != SSL_SUCCESS){ SSL_FILETYPE_ASN1) != SSL_SUCCESS){
printf("ERROR: can't load certificate data\n"); printf("ERROR: can't load certificate data\n");
return; return;
@@ -151,24 +151,6 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
return; return;
} }
/* set client private key data */
#if defined(WOLFSSL_TLS13) && defined(SIMPLE_TLS_TSIP_CLIENT)
if (tsip_set_clientPrivateKeyEnc(
g_key_block_data.encrypted_user_ecc256_private_key,
TSIP_ECCP256) != 0) {
printf("ERROR: can't load client-private key\n");
return;
}
#else
if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx,
ecc_clikey_der_256,
sizeof_ecc_clikey_der_256,
SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: can't load private-key data.\n");
return;
}
#endif /* WOLFSSL_TLS13 */
#else #else
if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx, if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
client_cert_der_2048, client_cert_der_2048,
@@ -195,15 +177,15 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
wolfSSL_SetIOSend(client_ctx, my_IOSend); wolfSSL_SetIOSend(client_ctx, my_IOSend);
/* use specific cipher */ /* use specific cipher */
if (cipherlist != NULL && if (cipherlist != NULL &&
wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != WOLFSSL_SUCCESS) { wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(client_ctx); client_ctx = NULL; wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
printf("client can't set cipher list"); printf("client can't set cipher list");
return; return;
} }
#if defined(WOLFSSL_TLS13) #if defined(WOLFSSL_TLS13)
if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1) if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) { != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(client_ctx); client_ctx = NULL; wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
printf("client can't set use supported curves\n"); printf("client can't set use supported curves\n");
@@ -222,11 +204,11 @@ void wolfSSL_TLS_client( )
#define BUFF_SIZE 256 #define BUFF_SIZE 256
static const char sendBuff[]= "Hello Server\n" ; static const char sendBuff[]= "Hello Server\n" ;
char rcvBuff[BUFF_SIZE] = {0}; char rcvBuff[BUFF_SIZE] = {0};
static T_IPV4EP my_addr = { 0, 0 }; static T_IPV4EP my_addr = { 0, 0 };
T_IPV4EP dst_addr; T_IPV4EP dst_addr;
if((dst_addr.ipaddr = getIPaddr(SIMPLE_TLSSEVER_IP)) == 0){ if((dst_addr.ipaddr = getIPaddr(SIMPLE_TLSSEVER_IP)) == 0){
@@ -248,9 +230,45 @@ void wolfSSL_TLS_client( )
goto out; goto out;
} }
#ifdef SIMPLE_TLS_TSIP_CLIENT #ifdef SIMPLE_TLS_TSIP_CLIENT
tsip_set_callback_ctx(ssl, &userContext); tsip_set_callback_ctx(ssl, &userContext);
#endif
/* set client private key data */
#if defined(WOLFSSL_TLS13) && defined(SIMPLE_TLS_TSIP_CLIENT)
#if defined(USE_ECC_CERT)
if (tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_private_key,
sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
TSIP_ECCP256) != 0) {
printf("ERROR: can't load client-private key\n");
return;
}
#else
if (tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
TSIP_RSA2048) != 0) {
printf("ERROR: can't load client-private key\n");
return;
}
ret = tsip_use_PublicKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_public_key), TSIP_RSA2048);
if (ret != 0) {
printf("ERROR tsip_use_PublicKey_buffer: %d\n", ret);
return;
}
#endif #endif
#else
if (wolfSSL_use_PrivateKey_buffer(ssl,
ecc_clikey_der_256,
sizeof_ecc_clikey_der_256,
SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: can't load private-key data.\n");
return;
}
#endif /* WOLFSSL_TLS13 */
/* set callback context */ /* set callback context */
wolfSSL_SetIOReadCtx(ssl, (void *)&cepid); wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);

46
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
View File

@@ -31,7 +31,7 @@
/*-- Renesas TSIP usage and its version --------------------------------------- /*-- Renesas TSIP usage and its version ---------------------------------------
* *
* "WOLFSSL_RENESAS_TSIP" definition makes wolfSSL to use H/W acceleration * "WOLFSSL_RENESAS_TSIP" definition makes wolfSSL to use H/W acceleration
* for cipher operations. * for cipher operations.
* TSIP definition asks to have its version number. * TSIP definition asks to have its version number.
* "WOLFSSL_RENESAS_TSIP_VER" takes following value: * "WOLFSSL_RENESAS_TSIP_VER" takes following value:
* 106: TSIPv1.06 * 106: TSIPv1.06
@@ -54,16 +54,16 @@
* *
* wolfSSL supports TLSv1.2 by default. In case you want your system to support * wolfSSL supports TLSv1.2 by default. In case you want your system to support
* TLSv1.3, uncomment line below. * TLSv1.3, uncomment line below.
* *
*----------------------------------------------------------------------------*/ *----------------------------------------------------------------------------*/
#define WOLFSSL_TLS13 #define WOLFSSL_TLS13
/*-- Operating System related definitions -------------------------------------- /*-- Operating System related definitions --------------------------------------
* *
* In case any real-time OS is used, define its name(e.g. FREERTOS). * In case any real-time OS is used, define its name(e.g. FREERTOS).
* Otherwise, define "SINGLE_THREADED". They are exclusive each other. * Otherwise, define "SINGLE_THREADED". They are exclusive each other.
* *
*----------------------------------------------------------------------------*/ *----------------------------------------------------------------------------*/
#if !defined(RENESAS_T4_USE) #if !defined(RENESAS_T4_USE)
#define FREERTOS #define FREERTOS
@@ -114,23 +114,23 @@
/* USE_ECC_CERT /* USE_ECC_CERT
* This macro is for selecting root CA certificate to load, it is valid only * This macro is for selecting root CA certificate to load, it is valid only
* in example applications. wolfSSL does not refer this macro. * in example applications. wolfSSL does not refer this macro.
* If you want to use cipher suites including ECDSA authentication in * If you want to use cipher suites including ECDSA authentication in
* the example applications with TSIP, enable this macro. * the example applications with TSIP, enable this macro.
* In TSIP 1.13 or later version, following cipher suites are * In TSIP 1.13 or later version, following cipher suites are
* available: * available:
* - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 * - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SAH256 * - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SAH256
* *
* Note that, this macro disables cipher suites including RSA * Note that, this macro disables cipher suites including RSA
* authentication such as: * authentication such as:
* - TLS_RSA_WITH_AES_128_CBC_SHA * - TLS_RSA_WITH_AES_128_CBC_SHA
* - TLS_RSA_WITH_AES_256_CBC_SHA * - TLS_RSA_WITH_AES_256_CBC_SHA
* - TLS_RSA_WITH_AES_128_CBC_SHA256 * - TLS_RSA_WITH_AES_128_CBC_SHA256
* - TLS_RSA_WITH_AES_256_CBC_SHA256 * - TLS_RSA_WITH_AES_256_CBC_SHA256
* - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256 * - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
* *
*/ */
#define USE_ECC_CERT #define USE_ECC_CERT
@@ -139,14 +139,14 @@
*/ */
/*#define WOLFSSL_CHECK_SIG_FAULTS*/ /*#define WOLFSSL_CHECK_SIG_FAULTS*/
/* In this example application, Root CA cert buffer named /* In this example application, Root CA cert buffer named
* "ca_ecc_cert_der_256" is used under the following macro definition * "ca_ecc_cert_der_256" is used under the following macro definition
* for ECDSA. * for ECDSA.
*/ */
#define USE_CERT_BUFFERS_256 #define USE_CERT_BUFFERS_256
/* In this example application, Root CA cert buffer named /* In this example application, Root CA cert buffer named
* "ca_cert_der_2048" is used under the following macro definition * "ca_cert_der_2048" is used under the following macro definition
* for RSA authentication. * for RSA authentication.
*/ */
#define USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048
@@ -159,25 +159,25 @@
#define WOLFSSL_SMALL_STACK #define WOLFSSL_SMALL_STACK
/* /*
* -- "NO_ASN_TIME" macro is to avoid certificate expiration validation -- * -- "NO_ASN_TIME" macro is to avoid certificate expiration validation --
* *
* Note. In your actual products, do not forget to comment-out * Note. In your actual products, do not forget to comment-out
* "NO_ASN_TIME" macro. And prepare time function to get calendar time, * "NO_ASN_TIME" macro. And prepare time function to get calendar time,
* otherwise, certificate expiration validation will not work. * otherwise, certificate expiration validation will not work.
*/ */
/*#define NO_ASN_TIME*/ /*#define NO_ASN_TIME*/
#define NO_MAIN_DRIVER #define NO_MAIN_DRIVER
#define BENCH_EMBEDDED #define BENCH_EMBEDDED
#define NO_WOLFSSL_DIR #define NO_WOLFSSL_DIR
#define WOLFSSL_NO_CURRDIR #define WOLFSSL_NO_CURRDIR
#define NO_FILESYSTEM #define NO_FILESYSTEM
#define WOLFSSL_LOG_PRINTF #define WOLFSSL_LOG_PRINTF
#define WOLFSSL_HAVE_MIN #define WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MAX #define WOLFSSL_HAVE_MAX
#define NO_WRITEV #define NO_WRITEV
#define WOLFSSL_USER_CURRTIME /* for benchmark */ #define WOLFSSL_USER_CURRTIME /* for benchmark */
#define TIME_OVERRIDES #define TIME_OVERRIDES
@@ -210,7 +210,7 @@
/*-- Definitions for functionality negation ----------------------------------- /*-- Definitions for functionality negation -----------------------------------
* *
* *
*----------------------------------------------------------------------------*/ *----------------------------------------------------------------------------*/
/*#define NO_RENESAS_TSIP_CRYPT*/ /*#define NO_RENESAS_TSIP_CRYPT*/
@@ -276,3 +276,5 @@
/*-- strcasecmp */ /*-- strcasecmp */
#define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock

12
src/tls.c
View File

@@ -7434,12 +7434,6 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
} }
if (kse->key == NULL) { if (kse->key == NULL) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13GenEccKeyPair(ssl, kse);
if (ret != CRYPTOCB_UNAVAILABLE) {
return ret;
}
#endif
/* Allocate an ECC key to hold private key. */ /* Allocate an ECC key to hold private key. */
kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC); kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC);
if (kse->key == NULL) { if (kse->key == NULL) {
@@ -7454,6 +7448,12 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
kse->keyLen = keySize; kse->keyLen = keySize;
kse->pubKeyLen = keySize * 2 + 1; kse->pubKeyLen = keySize * 2 + 1;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13GenEccKeyPair(ssl, kse);
if (ret != CRYPTOCB_UNAVAILABLE) {
return ret;
}
#endif
/* setting eccKey means okay to call wc_ecc_free */ /* setting eccKey means okay to call wc_ecc_free */
eccKey = (ecc_key*)kse->key; eccKey = (ecc_key*)kse->key;

24
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@@ -2800,6 +2800,30 @@ WOLFSSL_LOCAL void tsip_Close(void)
WOLFSSL_LEAVE("tsip_Close", 0); WOLFSSL_LEAVE("tsip_Close", 0);
} }
int wc_tsip_GenerateRandBlock(byte* output, word32 sz)
{
/* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */
int ret = 0;
word32 buffer[4];
while (sz > 0) {
word32 len = sizeof(buffer);
if (sz < len) {
len = sz;
}
/* return 4 words random number*/
ret = R_TSIP_GenerateRandomNumber((uint32_t*)buffer);
if(ret == TSIP_SUCCESS) {
XMEMCPY(output, &buffer, len);
output += len;
sz -= len;
} else
return ret;
}
return ret;
}
#if (WOLFSSL_RENESAS_TSIP_VER>=109) #if (WOLFSSL_RENESAS_TSIP_VER>=109)
void tsip_inform_user_keys_ex( void tsip_inform_user_keys_ex(
byte* encrypted_provisioning_key, byte* encrypted_provisioning_key,

29
wolfcrypt/src/random.c
View File

@@ -3445,35 +3445,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0; return 0;
} }
#elif defined(WOLFSSL_RENESAS_TSIP)
#if defined(WOLFSSL_RENESA_TSIP_IAREWRX)
#include "r_bsp/mcu/all/r_rx_compiler.h"
#endif
#include "r_bsp/platform.h"
#include "r_tsip_rx_if.h"
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret = 0;
word32 buffer[4];
while (sz > 0) {
word32 len = sizeof(buffer);
if (sz < len) {
len = sz;
}
/* return 4 words random number*/
ret = R_TSIP_GenerateRandomNumber((uint32_t*)buffer);
if(ret == TSIP_SUCCESS) {
XMEMCPY(output, &buffer, len);
output += len;
sz -= len;
} else
return ret;
}
return ret;
}
#elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG) #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
#include "hal_data.h" #include "hal_data.h"

1
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@@ -639,6 +639,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx);
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info,
TsipUserCtx* tuc); TsipUserCtx* tuc);
WOLFSSL_LOCAL int wc_tsip_GenerateRandBlock(byte* output, word32 size);
#if defined(WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG) #if defined(WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG)
byte *ret2err(word32 ret); byte *ret2err(word32 ret);