wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9010 from miyazakh/sce_tlsproperties_uc

Browse Source 
Make properties related to Renesas FSP Security Module TLS hidden for FSP SM context
This commit is contained in:
David Garske
2025-07-24 12:35:56 -07:00
committed by GitHub
parent 2db1669713 5e77253577
commit a06268f705
16 changed files with 545 additions and 436 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
IDE/Renesas/e2studio/RA6M4/common/user_settings.h
View File

@@ -108,10 +108,10 @@
#define WC_USE_DEVID 7890 #define WC_USE_DEVID 7890
#define NO_AES_192 #define NO_AES_192
#define NO_SW_BENCH #define NO_SW_BENCH
#endif /* Use SCE RSAES-PKCS1-V1_5 RSA Function */
#define WOLF_CRYPTO_CB_RSA_PAD
#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#define WOLFSSL_KEY_GEN #define WOLFSSL_KEY_GEN
#define RSA_MIN_SIZE 512
#endif #endif
#define CUSTOM_RAND_GENERATE_BLOCK wc_fspsm_GenerateRandBlock #define CUSTOM_RAND_GENERATE_BLOCK wc_fspsm_GenerateRandBlock

2
IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
View File

@@ -28,6 +28,7 @@
#include "wolfssl/wolfcrypt/settings.h" #include "wolfssl/wolfcrypt/settings.h"
#include "wolfssl/ssl.h" #include "wolfssl/ssl.h"
#include "wolfssl/certs_test.h" #include "wolfssl/certs_test.h"
#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
uint32_t g_encrypted_root_public_key[140]; uint32_t g_encrypted_root_public_key[140];
WOLFSSL_CTX *client_ctx = NULL; WOLFSSL_CTX *client_ctx = NULL;
@@ -198,7 +199,6 @@ int wolfSSL_TLS_client_do(void *pvParam)
#if !defined(TLS_MULTITHREAD_TEST) #if !defined(TLS_MULTITHREAD_TEST)
XMEMSET(&guser_PKCbInfo, 0, sizeof(FSPSM_ST)); XMEMSET(&guser_PKCbInfo, 0, sizeof(FSPSM_ST));
guser_PKCbInfo.devId = 0;
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo); wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
#else #else

13
IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
View File

@@ -798,10 +798,8 @@ int sce_crypt_test()
/* sets wrapped rsa 1024 bits key */ /* sets wrapped rsa 1024 bits key */
gCbInfo.wrapped_key_rsapri1024 = gCbInfo.wrapped_key_rsapri1024 =
&g_wrapped_pair_1024key.priv_key; &g_wrapped_pair_1024key.priv_key;
gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
gCbInfo.wrapped_key_rsapub1024 = gCbInfo.wrapped_key_rsapub1024 =
&g_wrapped_pair_1024key.pub_key; &g_wrapped_pair_1024key.pub_key;
gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
} }
err = R_SCE_RSA2048_WrappedKeyPairGenerate(&g_wrapped_pair_2048key); err = R_SCE_RSA2048_WrappedKeyPairGenerate(&g_wrapped_pair_2048key);
@@ -809,11 +807,8 @@ int sce_crypt_test()
/* sets wrapped rsa 1024 bits key */ /* sets wrapped rsa 1024 bits key */
gCbInfo.wrapped_key_rsapri2048 = gCbInfo.wrapped_key_rsapri2048 =
&g_wrapped_pair_2048key.priv_key; &g_wrapped_pair_2048key.priv_key;
gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
gCbInfo.wrapped_key_rsapub2048 = gCbInfo.wrapped_key_rsapub2048 =
&g_wrapped_pair_2048key.pub_key; &g_wrapped_pair_2048key.pub_key;
gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
} }
/* Key generation for multi testing */ /* Key generation for multi testing */
@@ -834,6 +829,10 @@ int sce_crypt_test()
if (ret == 0) { if (ret == 0) {
printf(" sce_rsa_test(1024)"); printf(" sce_rsa_test(1024)");
gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 0;
gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 0;
ret = sce_rsa_test(1, 1024); ret = sce_rsa_test(1, 1024);
RESULT_STR(ret) RESULT_STR(ret)
} }
@@ -846,6 +845,10 @@ int sce_crypt_test()
if (ret == 0) { if (ret == 0) {
printf(" sce_rsa_test(2048)"); printf(" sce_rsa_test(2048)");
gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 0;
gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 0;
gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
ret = sce_rsa_test(1, 2048); ret = sce_rsa_test(1, 2048);
RESULT_STR(ret) RESULT_STR(ret)
} }

2
src/keys.c
View File

@@ -3556,7 +3556,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
void* ctx = wolfSSL_GetEncryptKeysCtx(ssl); void* ctx = wolfSSL_GetEncryptKeysCtx(ssl);
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) #if defined(WOLFSSL_RENESAS_FSPSM_TLS)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
cbInfo->side = side; cbInfo->internal->side = side;
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) #elif defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
cbInfo->internal->key_side = side; cbInfo->internal->key_side = side;

89
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@@ -33,7 +33,7 @@
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
#define cmn_hw_lock wc_fspsm_hw_lock #define cmn_hw_lock wc_fspsm_hw_lock
#define cmn_hw_unlock wc_fspsm_hw_unlock #define cmn_hw_unlock wc_fspsm_hw_unlock
@@ -87,6 +87,8 @@ WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_TlsCleanup(ssl); ret = tsip_TlsCleanup(ssl);
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
ret = wc_fspsm_TlsCleanup(ssl);
#endif #endif
WOLFSSL_LEAVE("Renesas_cmn_Cleanup", ret); WOLFSSL_LEAVE("Renesas_cmn_Cleanup", ret);
@@ -166,6 +168,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
(void)cbInfo;
#endif #endif
if (info == NULL || ctx == NULL) if (info == NULL || ctx == NULL)
@@ -276,88 +279,19 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info->algo_type == WC_ALGO_TYPE_CIPHER) { if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES) #if !defined(NO_AES)
#ifdef HAVE_AESGCM ret = wc_fspsm_AesCipher(devIdArg, info, ctx);
if (info->cipher.type == WC_CIPHER_AES_GCM) {
if (info->cipher.enc &&
(cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 32) ||
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 16))) {
ret = wc_fspsm_AesGcmEncrypt(
info->cipher.aesgcm_enc.aes,
(byte*)info->cipher.aesgcm_enc.out,
(byte*)info->cipher.aesgcm_enc.in,
info->cipher.aesgcm_enc.sz,
(byte*)info->cipher.aesgcm_enc.iv,
info->cipher.aesgcm_enc.ivSz,
(byte*)info->cipher.aesgcm_enc.authTag,
info->cipher.aesgcm_enc.authTagSz,
(byte*)info->cipher.aesgcm_enc.authIn,
info->cipher.aesgcm_enc.authInSz,
(void*)ctx);
}
else if (cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 32) ||
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 16)) {
ret = wc_fspsm_AesGcmDecrypt(
info->cipher.aesgcm_dec.aes,
(byte*)info->cipher.aesgcm_dec.out,
(byte*)info->cipher.aesgcm_dec.in,
info->cipher.aesgcm_dec.sz,
(byte*)info->cipher.aesgcm_dec.iv,
info->cipher.aesgcm_dec.ivSz,
(byte*)info->cipher.aesgcm_dec.authTag,
info->cipher.aesgcm_dec.authTagSz,
(byte*)info->cipher.aesgcm_dec.authIn,
info->cipher.aesgcm_dec.authInSz,
(void*)ctx);
}
}
#endif /* HAVE_AESGCM */
#ifdef HAVE_AES_CBC
if ((info->cipher.type == WC_CIPHER_AES_CBC) &&
(cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) ||
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 16))) {
if (info->cipher.enc) {
ret = wc_fspsm_AesCbcEncrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
(byte*)info->cipher.aescbc.in,
info->cipher.aescbc.sz);
}
else {
ret = wc_fspsm_AesCbcDecrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
(byte*)info->cipher.aescbc.in,
info->cipher.aescbc.sz);
}
}
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES */ #endif /* !NO_AES */
} }
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
else if (info->algo_type == WC_ALGO_TYPE_PK) { else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if defined(WOLFSSL_KEY_GEN) #if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
(info->pk.rsakg.size == 1024 ||
info->pk.rsakg.size == 2048)) {
ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key, ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key,
info->pk.rsakg.size, (void*)ctx); info->pk.rsakg.size, (void*)ctx);
} }
#endif #endif
if (info->pk.type == WC_PK_TYPE_RSA) { if (info->pk.type == WC_PK_TYPE_RSA_PKCS) {
/* to perform RSA on SCE, wrapped keys should be installed /* to perform RSA on SCE, wrapped keys should be installed
* in advance. SCE supports 1024 or 2048 bits key size. * in advance. SCE supports 1024 or 2048 bits key size.
* otherwise, falls-through happens. * otherwise, falls-through happens.
@@ -367,10 +301,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set || cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set ||
cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set ) { cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set ) {
ret = wc_fspsm_MakeRsaKey(info->pk.rsa.key, 0, cbInfo);
if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret;
if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT || if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
info->pk.rsa.type == RSA_PUBLIC_ENCRYPT ) info->pk.rsa.type == RSA_PUBLIC_ENCRYPT )
{ {
@@ -769,8 +699,9 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
if (cbInfo->keyflgs_tls.bits.session_key_set == 1) { if (cbInfo != NULL && cbInfo->internal != NULL &&
switch(cbInfo->side) { cbInfo->internal->keyflgs_tls.bits.session_key_set == 1) {
switch(cbInfo->internal->side) {
#endif #endif
case 1:/* ENCRYPT_SIDE_ONLY */ case 1:/* ENCRYPT_SIDE_ONLY */
ssl->encrypt.setup = 1; ssl->encrypt.setup = 1;

125
wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
View File

@@ -30,6 +30,8 @@
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) && \ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_AES) !defined(NO_WOLFSSL_RENESAS_FSPSM_AES)
#include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h"
#include <wolfssl/wolfcrypt/wc_port.h> #include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/internal.h> #include <wolfssl/internal.h>
@@ -37,7 +39,6 @@
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h> #include <wolfssl/wolfcrypt/cryptocb.h>
#endif #endif
#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
#ifdef NO_INLINE #ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h> #include <wolfssl/wolfcrypt/misc.h>
@@ -243,7 +244,8 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
(void) key_server_aes; (void) key_server_aes;
/* sanity check */ /* sanity check */
if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) { if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 ||
info == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -296,7 +298,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) #if defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (ret == 0 && if (ret == 0 &&
info->keyflgs_tls.bits.session_key_set == 1) { info->internal->keyflgs_tls.bits.session_key_set == 1) {
/* generate AES-GCM session key. The key stored in /* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here. * Aes.ctx.tsip_keyIdx is not used here.
*/ */
@@ -312,10 +314,10 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
} }
ret = FSPSM_SESSIONKEY_GEN_FUNC( ret = FSPSM_SESSIONKEY_GEN_FUNC(
info->cipher, info->internal->cipher,
(uint32_t*)info->masterSecret, (uint32_t*)info->internal->masterSecret,
(uint8_t*) info->clientRandom, (uint8_t*) info->internal->clientRandom,
(uint8_t*) info->serverRandom, (uint8_t*) info->internal->serverRandom,
&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */ &iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
&key_client_mac, &key_client_mac,
&key_server_mac, &key_server_mac,
@@ -397,10 +399,10 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
XFREE(plainBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(plainBuf, aes->heap, DYNAMIC_TYPE_AES);
XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES);
if (info->keyflgs_tls.bits.session_key_set == 1 && if (info->internal->keyflgs_tls.bits.session_key_set == 1 &&
key_client_aes != NULL) key_client_aes != NULL)
XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES); XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES);
if (info->keyflgs_tls.bits.session_key_set == 1 && if (info->internal->keyflgs_tls.bits.session_key_set == 1 &&
key_server_aes != NULL) key_server_aes != NULL)
XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES); XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES);
wc_fspsm_hw_unlock(); wc_fspsm_hw_unlock();
@@ -452,7 +454,8 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
FSPSM_AES_PWKEY key_server_aes = NULL; FSPSM_AES_PWKEY key_server_aes = NULL;
(void) key_client_aes; (void) key_client_aes;
/* sanity check */ /* sanity check */
if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) { if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 ||
info == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -500,7 +503,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
} }
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) #if defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (ret == 0 && if (ret == 0 &&
info->keyflgs_tls.bits.session_key_set == 1) { info->internal->keyflgs_tls.bits.session_key_set == 1) {
/* generate AES-GCM session key. The key stored in /* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here. * Aes.ctx.tsip_keyIdx is not used here.
*/ */
@@ -516,10 +519,10 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
} }
ret = FSPSM_SESSIONKEY_GEN_FUNC( ret = FSPSM_SESSIONKEY_GEN_FUNC(
info->cipher, info->internal->cipher,
(uint32_t*)info->masterSecret, (uint32_t*)info->internal->masterSecret,
(uint8_t*) info->clientRandom, (uint8_t*) info->internal->clientRandom,
(uint8_t*) info->serverRandom, (uint8_t*) info->internal->serverRandom,
(uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */ (uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
&key_client_mac, &key_client_mac,
&key_server_mac, &key_server_mac,
@@ -537,7 +540,6 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
#endif #endif
if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 || if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
info->keyflgs_crypt.bits.aes128_installedkey_set == 1) { info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
key_server_aes = aes->ctx.wrapped_key; key_server_aes = aes->ctx.wrapped_key;
iv_l = iv; iv_l = iv;
ivSz_l = ivSz; ivSz_l = ivSz;
@@ -596,10 +598,10 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES);
XFREE(plainBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(plainBuf, aes->heap, DYNAMIC_TYPE_AES);
XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
if (info->keyflgs_tls.bits.session_key_set == 1 && if (info->internal->keyflgs_tls.bits.session_key_set == 1 &&
key_client_aes != NULL) key_client_aes != NULL)
XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES); XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES);
if (info->keyflgs_tls.bits.session_key_set == 1 && if (info->internal->keyflgs_tls.bits.session_key_set == 1 &&
key_server_aes != NULL) key_server_aes != NULL)
XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES); XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES);
wc_fspsm_hw_unlock(); wc_fspsm_hw_unlock();
@@ -811,6 +813,93 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
return wc_AesSetIV(aes, iv); return wc_AesSetIV(aes, iv);
} }
#endif #endif
WOLFSSL_LOCAL int wc_fspsm_AesCipher(int devIdArg, wc_CryptoInfo* info,
void* ctx)
{
int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
(void)devIdArg;
WOLFSSL_ENTER("wc_fspsm_AesCipher");
if (info == NULL || cbInfo == NULL || cbInfo->internal == NULL) {
return BAD_FUNC_ARG;
}
#if !defined(NO_AES)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM) {
if (info->cipher.enc &&
(cbInfo->internal->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 32) ||
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 16))) {
ret = wc_fspsm_AesGcmEncrypt(
info->cipher.aesgcm_enc.aes,
(byte*)info->cipher.aesgcm_enc.out,
(byte*)info->cipher.aesgcm_enc.in,
info->cipher.aesgcm_enc.sz,
(byte*)info->cipher.aesgcm_enc.iv,
info->cipher.aesgcm_enc.ivSz,
(byte*)info->cipher.aesgcm_enc.authTag,
info->cipher.aesgcm_enc.authTagSz,
(byte*)info->cipher.aesgcm_enc.authIn,
info->cipher.aesgcm_enc.authInSz,
(void*)ctx);
}
else if (cbInfo->internal->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 32) ||
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 16)) {
ret = wc_fspsm_AesGcmDecrypt(
info->cipher.aesgcm_dec.aes,
(byte*)info->cipher.aesgcm_dec.out,
(byte*)info->cipher.aesgcm_dec.in,
info->cipher.aesgcm_dec.sz,
(byte*)info->cipher.aesgcm_dec.iv,
info->cipher.aesgcm_dec.ivSz,
(byte*)info->cipher.aesgcm_dec.authTag,
info->cipher.aesgcm_dec.authTagSz,
(byte*)info->cipher.aesgcm_dec.authIn,
info->cipher.aesgcm_dec.authInSz,
(void*)ctx);
}
}
#endif /* HAVE_AESGCM */
#ifdef HAVE_AES_CBC
if ((info->cipher.type == WC_CIPHER_AES_CBC) &&
(cbInfo->internal->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) ||
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 16))) {
if (info->cipher.enc) {
ret = wc_fspsm_AesCbcEncrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
(byte*)info->cipher.aescbc.in,
info->cipher.aescbc.sz);
}
else {
ret = wc_fspsm_AesCbcDecrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
(byte*)info->cipher.aescbc.in,
info->cipher.aescbc.sz);
}
}
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES */
(void)cbInfo;
WOLFSSL_LEAVE("wc_fspsm_AesCipher", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_FSPSM_TLS #endif /* WOLFSSL_RENESAS_FSPSM_TLS
WOLFSSL_RENESAS_FSPSM_CRYPTONLY WOLFSSL_RENESAS_FSPSM_CRYPTONLY
NO_WOLFSSL_RENESAS_FSPSM_AES */ NO_WOLFSSL_RENESAS_FSPSM_AES */

2
wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
View File

@@ -34,7 +34,7 @@
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/rsa.h> #include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
#if defined(WOLFSSL_RENESAS_RSIP) #if defined(WOLFSSL_RENESAS_RSIP)
extern FSPSM_INSTANCE gFSPSM_ctrl; extern FSPSM_INSTANCE gFSPSM_ctrl;

2
wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
View File

@@ -35,7 +35,7 @@
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
#if defined(WOLFSSL_RENESAS_RSIP) #if defined(WOLFSSL_RENESAS_RSIP)
extern FSPSM_INSTANCE gFSPSM_ctrl; extern FSPSM_INSTANCE gFSPSM_ctrl;

191
wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
View File

@@ -39,13 +39,19 @@ extern FSPSM_CONFIG gFSPSM_cfg;
#include <wolfssl/wolfcrypt/wc_port.h> #include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
#include <wolfssl/wolfcrypt/memory.h> #include <wolfssl/wolfcrypt/memory.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/aes.h> #include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#include <wolfssl/internal.h> #include <wolfssl/internal.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#include <stdio.h> #include <stdio.h>
@@ -55,18 +61,12 @@ extern FSPSM_CONFIG gFSPSM_cfg;
#define WOLFSSL_PKMSG(_f_, ...) WC_DO_NOTHING #define WOLFSSL_PKMSG(_f_, ...) WC_DO_NOTHING
#endif #endif
#if defined(WOLFSSL_RENESAS_FSPSM_ECC)
WC_THREADSHARED FSPSM_ST_PKC gPKCbInfo;
#endif
#ifdef WOLFSSL_RENESAS_FSPSM_TLS #ifdef WOLFSSL_RENESAS_FSPSM_TLS
static const byte* ca_cert_sig; static const byte* ca_cert_sig;
static fspsm_key_data g_user_key_info; static fspsm_key_data g_user_key_info;
static uint32_t g_encrypted_publicCA_key[HW_SCE_SINST_WORD_SIZE]; static uint32_t g_encrypted_publicCA_key[HW_SCE_SINST_WORD_SIZE];
extern uint32_t g_CAscm_Idx; /* index of CM table */ extern uint32_t g_CAscm_Idx; /* index of CM table */
static uint32_t fspsm_sess_idx = 0;
#endif #endif
#endif /* WOLFSSL_RENESAS_FSPSM*/ #endif /* WOLFSSL_RENESAS_FSPSM*/
@@ -95,7 +95,7 @@ static int fspsm_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
* lock hw engine * lock hw engine
* this should be called before using engine. * this should be called before using engine.
*/ */
WOLFSSL_LOCAL int wc_fspsm_hw_lock() int wc_fspsm_hw_lock()
{ {
int ret = 0; int ret = 0;
@@ -122,13 +122,13 @@ WOLFSSL_LOCAL int wc_fspsm_hw_lock()
/* /*
* release hw engine * release hw engine
*/ */
WOLFSSL_LOCAL void wc_fspsm_hw_unlock(void) void wc_fspsm_hw_unlock(void)
{ {
fspsm_CryptHwMutexUnLock(&fspsm_mutex); fspsm_CryptHwMutexUnLock(&fspsm_mutex);
} }
/* Open sce driver for use */ /* Open sce driver for use */
WOLFSSL_LOCAL int wc_fspsm_Open() int wc_fspsm_Open()
{ {
WOLFSSL_ENTER("wc_fspsm_Open"); WOLFSSL_ENTER("wc_fspsm_Open");
int ret; int ret;
@@ -167,7 +167,7 @@ WOLFSSL_LOCAL int wc_fspsm_Open()
} }
/* close SCE driver */ /* close SCE driver */
WOLFSSL_LOCAL void wc_fspsm_Close() void wc_fspsm_Close()
{ {
WOLFSSL_ENTER("sce Close"); WOLFSSL_ENTER("sce Close");
int ret; int ret;
@@ -188,11 +188,11 @@ WOLFSSL_LOCAL void wc_fspsm_Close()
} }
#define RANDGEN_WORDS 4 #define RANDGEN_WORDS 4
WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz) int wc_fspsm_GenerateRandBlock(byte* output, word32 sz)
{ {
/* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */ /* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */
int ret = 0; int ret = 0;
word32 fspbuf[RANDGEN_WORDS]; uint32_t fspbuf[RANDGEN_WORDS];
while (sz > 0) { while (sz > 0) {
word32 len = sizeof(buffer); word32 len = sizeof(buffer);
@@ -201,8 +201,8 @@ WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz)
len = sz; len = sz;
} }
/* return 4 words random number*/ /* return 4 words random number*/
ret = R_RANDOM_GEN((uint8_t* const)fspbuf); ret = R_RANDOM_GEN(fspbuf);
if(ret == FSP_SUCCESS) { if (ret == FSP_SUCCESS) {
XMEMCPY(output, &fspbuf, len); XMEMCPY(output, &fspbuf, len);
output += len; output += len;
sz -= len; sz -= len;
@@ -224,7 +224,7 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
uint32_t sigSz, void* ctx) uint32_t sigSz, void* ctx)
{ {
int ret = WOLFSSL_FAILURE; int ret = WOLFSSL_FAILURE;
FSPSM_ST* cbInfo; FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES]; byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
byte *peerkey = NULL; byte *peerkey = NULL;
@@ -232,11 +232,10 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
(void) sigSz; (void) sigSz;
/* sanity check */ /* sanity check */
if (ssl == NULL || sig == NULL || ctx == NULL) if (ssl == NULL || sig == NULL || cbInfo == NULL ||
cbInfo->internal == NULL)
return ret; return ret;
cbInfo = (FSPSM_ST*)ctx;
/* export public peer public key */ /* export public peer public key */
ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen); ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen);
WOLFSSL_PKMSG("qxLen %d qyLen %d\n", qxLen, qyLen); WOLFSSL_PKMSG("qxLen %d qyLen %d\n", qxLen, qyLen);
@@ -246,7 +245,8 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
} }
/* make peer ecc key data for SCE */ /* make peer ecc key data for SCE */
/* 0padding(24bit) || 04(8bit) || Qx(256bit) || Qy(256bit) */ /* 0padding(24bit) || 04(8bit) || Qx(256bit) || Qy(256bit) */
peerkey = (byte*)XMALLOC((3 + 1 + qxLen + qyLen), NULL, DYNAMIC_TYPE_TMP_BUFFER); peerkey = (byte*)XMALLOC((3 + 1 + qxLen + qyLen), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (peerkey == NULL) { if (peerkey == NULL) {
WOLFSSL_MSG("failed to malloc ecc key"); WOLFSSL_MSG("failed to malloc ecc key");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@@ -266,15 +266,15 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
(uint8_t*) peerkey, (uint8_t*) peerkey,
(uint8_t*) sig, (uint8_t*) sig,
(uint32_t*)ssl->peerSceTsipEncRsaKeyIndex, (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
(uint32_t*)cbInfo->encrypted_ephemeral_ecdh_public_key); (uint32_t*)cbInfo->internal->encrypted_ephemeral_ecdh_public_key);
if (ret != FSP_SUCCESS) { if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("failed R_fspsm_TLS_ServerKeyExchangeVerify"); WOLFSSL_MSG("failed R_fspsm_TLS_ServerKeyExchangeVerify");
cbInfo->keyflgs_tls.bits.pk_key_set = 0; cbInfo->internal->keyflgs_tls.bits.pk_key_set = 0;
} }
else { else {
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
cbInfo->keyflgs_tls.bits.pk_key_set = 1; cbInfo->internal->keyflgs_tls.bits.pk_key_set = 1;
} }
} }
else { else {
@@ -288,7 +288,7 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
return ret; return ret;
} }
/* Callback for Rsa Verify */ /* Callback for Rsa Verify */
WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz, int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
uint8_t** out, const byte* key, uint32_t keySz, void* ctx) uint8_t** out, const byte* key, uint32_t keySz, void* ctx)
{ {
int ret = WOLFSSL_FAILURE; int ret = WOLFSSL_FAILURE;
@@ -311,7 +311,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
return ret; return ret;
} }
/* Callback for Ecc Verify */ /* Callback for Ecc Verify */
WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig, int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz, uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
const uint8_t* key, uint32_t keySz, int* result, void* ctx) const uint8_t* key, uint32_t keySz, int* result, void* ctx)
{ {
@@ -389,7 +389,7 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
/* Callback for ECC shared secret */ /* Callback for ECC shared secret */
WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
uint8_t* pubKeyDer, unsigned int* pubKeySz, uint8_t* pubKeyDer, unsigned int* pubKeySz,
uint8_t* out, unsigned int* outlen, int side, void* ctx) uint8_t* out, unsigned int* outlen, int side, void* ctx)
{ {
@@ -404,41 +404,46 @@ WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
/* sanity check */ /* sanity check */
if (ssl == NULL || pubKeyDer == NULL || pubKeySz == NULL || if (ssl == NULL || pubKeyDer == NULL || pubKeySz == NULL ||
out == NULL || outlen == NULL || ctx == NULL) out == NULL || outlen == NULL || cbInfo == NULL ||
cbInfo->internal == NULL)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n", WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id); side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
if (cbInfo->keyflgs_tls.bits.pk_key_set == 1) { if (cbInfo->internal->keyflgs_tls.bits.pk_key_set == 1) {
if ((ret = wc_fspsm_hw_lock()) == 0) { if ((ret = wc_fspsm_hw_lock()) == 0) {
/* Generate ECC PUblic key pair */ /* Generate ECC PUblic key pair */
ret = FSPSM_TLS_ECCS256R1_KPG( ret = FSPSM_TLS_ECCS256R1_KPG(
&cbInfo->ecc_p256_wrapped_key, &cbInfo->internal->ecc_p256_wrapped_key,
(uint8_t*)&cbInfo->ecc_ecdh_public_key/* Qx 32 bytes and Qy 32 bytes*/ ); /* Qx 32 bytes and Qy 32 bytes*/
(uint8_t*)&cbInfo->internal->ecc_ecdh_public_key );
if (ret != FSP_SUCCESS) { if (ret != FSP_SUCCESS) {
WOLFSSL_PKMSG("Failed secp256r1_EphemeralWrappedKeyPairGenerate %d\n", ret); WOLFSSL_PKMSG("Failed secp256r1_EphemeralWrappedKeyPairGenerate"
" %d\n", ret);
return ret; return ret;
} }
/* copy generated ecdh public key into buffer */ /* copy generated ecdh public key into buffer */
pubKeyDer[0] = ECC_POINT_UNCOMP; pubKeyDer[0] = ECC_POINT_UNCOMP;
*pubKeySz = 1 + sizeof(cbInfo->ecc_ecdh_public_key); *pubKeySz = 1 + sizeof(cbInfo->internal->ecc_ecdh_public_key);
XMEMCPY(&pubKeyDer[1], &cbInfo->ecc_ecdh_public_key, XMEMCPY(&pubKeyDer[1], &cbInfo->internal->ecc_ecdh_public_key,
sizeof(cbInfo->ecc_ecdh_public_key)); sizeof(cbInfo->internal->ecc_ecdh_public_key));
/* Generate Premaster Secret */ /* Generate Premaster Secret */
ret = FSPSM_TLS_PREMASTERGEN( ret = FSPSM_TLS_PREMASTERGEN(
(uint32_t*)&cbInfo->encrypted_ephemeral_ecdh_public_key, (uint32_t*)
&cbInfo->ecc_p256_wrapped_key, &cbInfo->internal->encrypted_ephemeral_ecdh_public_key,
(uint32_t*)out/* pre-master secret 64 bytes */); &cbInfo->internal->ecc_p256_wrapped_key,
(uint32_t*)out/* pre-master secret 64 bytes */);
if (ret != FSP_SUCCESS) { if (ret != FSP_SUCCESS) {
WOLFSSL_PKMSG("Failed PreMasterSecretGenerateForECC_secp256r1 %d\n", ret); WOLFSSL_PKMSG("Failed PreMasterSecretGenerateForECC_secp256r1 %d\n", ret);
return ret; return ret;
} }
else { else {
/* set master secret generation callback for use */ /* set master secret generation callback for use */
wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret); wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx,
Renesas_cmn_genMasterSecret);
wolfSSL_SetGenMasterSecretCtx(ssl, cbInfo); wolfSSL_SetGenMasterSecretCtx(ssl, cbInfo);
} }
} }
@@ -450,7 +455,8 @@ WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
wc_fspsm_hw_unlock(); wc_fspsm_hw_unlock();
*outlen = 64; *outlen = 64;
WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen); WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n",
ret, *pubKeySz, *outlen);
} }
return ret; return ret;
@@ -523,7 +529,7 @@ static uint32_t GetSceCipherSuite(
/* ssl : a pointer to WOLFSSL object */ /* ssl : a pointer to WOLFSSL object */
/* session_key_generated : if session key has been generated */ /* session_key_generated : if session key has been generated */
/* return 1 for usable, 0 for unusable */ /* return 1 for usable, 0 for unusable */
WOLFSSL_LOCAL int wc_fspsm_usable(const WOLFSSL *ssl, int wc_fspsm_usable(const WOLFSSL *ssl,
uint8_t session_key_generated) uint8_t session_key_generated)
{ {
WOLFSSL_ENTER("fspsm_usable"); WOLFSSL_ENTER("fspsm_usable");
@@ -575,7 +581,7 @@ WOLFSSL_LOCAL int wc_fspsm_usable(const WOLFSSL *ssl,
} }
/* Generate Hmac by sha256*/ /* Generate Hmac by sha256*/
WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl, int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl,
const uint8_t* myInner, uint32_t innerSz,const uint8_t* in, const uint8_t* myInner, uint32_t innerSz,const uint8_t* in,
uint32_t sz, byte* digest) uint32_t sz, byte* digest)
{ {
@@ -627,7 +633,7 @@ WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl,
} }
/* Verify hmac */ /* Verify hmac */
WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl, int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl,
const uint8_t* message, uint32_t messageSz, const uint8_t* message, uint32_t messageSz,
uint32_t macSz, uint32_t content) uint32_t macSz, uint32_t content)
{ {
@@ -649,7 +655,7 @@ WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl,
} }
wolfSSL_SetTlsHmacInner((WOLFSSL*)ssl, myInner, wolfSSL_SetTlsHmacInner((WOLFSSL*)ssl, myInner,
(word32)messageSz, (int)content, 1); (word32)messageSz, (int)content, 1);
ret = FSPSM_S256HMAC_VInt( ret = FSPSM_S256HMAC_VInt(
&_handle, &_handle,
@@ -684,7 +690,7 @@ WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl,
} }
/* generate Verify Data based on master secret */ /* generate Verify Data based on master secret */
WOLFSSL_LOCAL int wc_fspsm_generateVerifyData( int wc_fspsm_generateVerifyData(
const uint8_t *ms, /* master secret */ const uint8_t *ms, /* master secret */
const uint8_t *side, const uint8_t *handshake_hash, const uint8_t *side, const uint8_t *handshake_hash,
uint8_t *hashes /* out */) uint8_t *hashes /* out */)
@@ -717,7 +723,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
} }
/* generate keys for TLS communication */ /* generate keys for TLS communication */
WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl, int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
FSPSM_ST* cbInfo, int devId) FSPSM_ST* cbInfo, int devId)
{ {
WOLFSSL_MSG("fspsm_generateSessionKey()"); WOLFSSL_MSG("fspsm_generateSessionKey()");
@@ -733,7 +739,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
uint32_t sceCS = GetSceCipherSuite(ssl->options.cipherSuite0, uint32_t sceCS = GetSceCipherSuite(ssl->options.cipherSuite0,
ssl->options.cipherSuite); ssl->options.cipherSuite);
if (ssl== NULL || cbInfo == NULL) if (ssl== NULL || cbInfo == NULL || cbInfo->internal == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -843,8 +849,10 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
/* ready-for-use flag will be set when SetKeySide() is called */ /* ready-for-use flag will be set when SetKeySide() is called */
} }
if (cbInfo->cipher == SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || if (cbInfo->internal->cipher ==
cbInfo->cipher == SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
cbInfo->internal->cipher ==
SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
enc->aes->nonceSz = AEAD_MAX_IMP_SZ; enc->aes->nonceSz = AEAD_MAX_IMP_SZ;
dec->aes->nonceSz = AEAD_MAX_IMP_SZ; dec->aes->nonceSz = AEAD_MAX_IMP_SZ;
} }
@@ -852,7 +860,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
dec->aes->devId = devId; dec->aes->devId = devId;
/* marked as session key is set */ /* marked as session key is set */
cbInfo->keyflgs_tls.bits.session_key_set = 1; cbInfo->internal->keyflgs_tls.bits.session_key_set = 1;
} }
XFREE(key_client_aes, ssl->heap, DYNAMIC_TYPE_AES); XFREE(key_client_aes, ssl->heap, DYNAMIC_TYPE_AES);
@@ -871,7 +879,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
} }
/* generate master secret based on pre-master which is generated by SCE */ /* generate master secret based on pre-master which is generated by SCE */
WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret( int wc_fspsm_generateMasterSecret(
uint8_t cipherSuiteFirst, uint8_t cipherSuiteFirst,
uint8_t cipherSuite, uint8_t cipherSuite,
const uint8_t *pr, /* pre-master */ const uint8_t *pr, /* pre-master */
@@ -909,7 +917,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
} }
/* generate pre-Master secrete by SCE */ /* generate pre-Master secrete by SCE */
WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(uint8_t *premaster, int wc_fspsm_generatePremasterSecret(uint8_t *premaster,
uint32_t preSz) uint32_t preSz)
{ {
WOLFSSL_ENTER("fspsm_generatePremasterSecret"); WOLFSSL_ENTER("fspsm_generatePremasterSecret");
@@ -940,7 +948,7 @@ WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(uint8_t *premaster,
/* /*
* generate encrypted pre-Master secrete by SCE * generate encrypted pre-Master secrete by SCE
*/ */
WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret( int wc_fspsm_generateEncryptPreMasterSecret(
WOLFSSL* ssl, WOLFSSL* ssl,
uint8_t* out, uint8_t* out,
uint32_t* outSz) uint32_t* outSz)
@@ -983,7 +991,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret(
/* Certificate verification by SCE */ /* Certificate verification by SCE */
WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify( int wc_fspsm_tls_CertVerify(
const uint8_t* cert, uint32_t certSz, const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz, const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start,uint32_t key_n_len, uint32_t key_n_start,uint32_t key_n_len,
@@ -1080,7 +1088,7 @@ WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
} }
/* Root Certificate verification */ /* Root Certificate verification */
WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify( int wc_fspsm_tls_RootCertVerify(
const uint8_t* cert, uint32_t cert_len, const uint8_t* cert, uint32_t cert_len,
uint32_t key_n_start, uint32_t key_n_len, uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len, uint32_t key_e_start, uint32_t key_e_len,
@@ -1130,23 +1138,27 @@ WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify(
/* store elements for session key generation into ssl->keys. /* store elements for session key generation into ssl->keys.
* return 0 on success, negative value on failure * return 0 on success, negative value on failure
*/ */
WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(WOLFSSL* ssl, FSPSM_ST* info) int wc_fspsm_storeKeyCtx(WOLFSSL* ssl, FSPSM_ST* info)
{ {
int ret = 0; int ret = 0;
WOLFSSL_ENTER("fspsm_storeKeyCtx"); WOLFSSL_ENTER("fspsm_storeKeyCtx");
if (ssl == NULL || info == NULL) if (ssl == NULL || info == NULL || info->internal == NULL)
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
if (ret == 0) { if (ret == 0) {
XMEMCPY(info->masterSecret, ssl->arrays->fspsm_masterSecret, XMEMCPY(info->internal->masterSecret,
FSPSM_TLS_MASTERSECRET_SIZE); ssl->arrays->fspsm_masterSecret,
XMEMCPY(info->clientRandom, ssl->arrays->clientRandom, 32); FSPSM_TLS_MASTERSECRET_SIZE);
XMEMCPY(info->serverRandom, ssl->arrays->serverRandom, 32); XMEMCPY(info->internal->clientRandom,
ssl->arrays->clientRandom, 32);
XMEMCPY(info->internal->serverRandom,
ssl->arrays->serverRandom, 32);
info->cipher = (uint8_t)GetSceCipherSuite(ssl->options.cipherSuite0, info->internal->cipher = (uint8_t)GetSceCipherSuite(
ssl->options.cipherSuite); ssl->options.cipherSuite0,
ssl->options.cipherSuite);
} }
WOLFSSL_LEAVE("fspsm_storeKeyCtx", ret); WOLFSSL_LEAVE("fspsm_storeKeyCtx", ret);
return ret; return ret;
@@ -1213,6 +1225,35 @@ WOLFSSL_API void wc_fspsm_set_callbacks(WOLFSSL_CTX* ctx)
/* reset callbacks */ /* reset callbacks */
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
} }
/*
* Clean up Renesas Ctx
* ssl WOLFSSL object
* return 0 successful
*/
int wc_fspsm_TlsCleanup(WOLFSSL* ssl)
{
int ret = 0;
FSPSM_ST* tuc = NULL;
if (ssl == NULL)
return ret;
tuc = ssl->RenesasUserCtx;
if (tuc == NULL)
return ret;
/* free internal structure */
if (tuc->internal) {
XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
tuc->internal = NULL;
}
/* zero clear */
ForceZero(tuc, sizeof(FSPSM_ST));
ssl->RenesasUserCtx = NULL;
return ret;
}
/* Set callback contexts needed for sce TLS api handling */ /* Set callback contexts needed for sce TLS api handling */
#if defined(WOLFSSL_RENESAS_SCEPROTECT) #if defined(WOLFSSL_RENESAS_SCEPROTECT)
WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
@@ -1220,14 +1261,24 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
#endif #endif
{ {
if (fspsm_sess_idx > MAX_FSPSM_CBINDEX) { FSPSM_ST* uCtx = (FSPSM_ST*)user_ctx;
WOLFSSL_MSG("exceeds maximum session index");
return -1; if (ssl == NULL || user_ctx == NULL) {
return BAD_FUNC_ARG;
} }
gPKCbInfo.user_PKCbInfo[fspsm_sess_idx] = (FSPSM_ST*)user_ctx;
gPKCbInfo.user_PKCbInfo[fspsm_sess_idx]->keyflgs_tls.bits.pk_key_set = 0; ForceZero(uCtx, sizeof(FSPSM_ST));
gPKCbInfo.user_PKCbInfo[fspsm_sess_idx]->keyflgs_tls.bits.session_key_set uCtx->internal = (FSPSM_ST_Internal*)XMALLOC(sizeof(FSPSM_ST_Internal),
= 0; ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (!uCtx->internal) {
WOLFSSL_MSG("Failed to allocate memory for user ctx internal");
return MEMORY_E;
}
ForceZero(uCtx->internal, sizeof(FSPSM_ST_Internal));
ssl->RenesasUserCtx = user_ctx; /* ssl doesn't own user_ctx */
wolfSSL_SetEccVerifyCtx(ssl, user_ctx); wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
wolfSSL_SetRsaEncCtx(ssl, user_ctx); wolfSSL_SetRsaEncCtx(ssl, user_ctx);
@@ -1239,8 +1290,6 @@ WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
/* set up crypt callback */ /* set up crypt callback */
wc_CryptoCb_CryptInitRenesasCmn(ssl, user_ctx); wc_CryptoCb_CryptInitRenesasCmn(ssl, user_ctx);
gPKCbInfo.num_session = ++fspsm_sess_idx;
return 0; return 0;
} }
#endif /* !WOLFSSL_RENESAS_FSPSM_CRYPTONLY */ #endif /* !WOLFSSL_RENESAS_FSPSM_CRYPTONLY */

2
wolfcrypt/src/wc_port.c
View File

@@ -63,7 +63,7 @@
#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
#endif #endif
#if defined(WOLFSSL_RENESAS_FSPSM) #if defined(WOLFSSL_RENESAS_FSPSM)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
#endif #endif
#if defined(WOLFSSL_RENESAS_RX64_HASH) #if defined(WOLFSSL_RENESAS_RX64_HASH)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h>

2
wolfssl/wolfcrypt/aes.h
View File

@@ -148,7 +148,7 @@ WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
#endif #endif
#if defined(WOLFSSL_RENESAS_FSPSM) #if defined(WOLFSSL_RENESAS_FSPSM)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
#endif #endif
#ifdef WOLFSSL_MAXQ10XX_CRYPTO #ifdef WOLFSSL_MAXQ10XX_CRYPTO

258
wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
View File

@@ -21,9 +21,6 @@
#ifndef __RENESAS_FSPSM_CRYPT_H__ #ifndef __RENESAS_FSPSM_CRYPT_H__
#define __RENESAS_FSPSM_CRYPT_H__ #define __RENESAS_FSPSM_CRYPT_H__
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@@ -33,12 +30,6 @@ extern "C" {
typedef void* FSPSM_W_KEYVAR; typedef void* FSPSM_W_KEYVAR;
/* flsgas related to TLS */
struct FSPSM_tls_flg_ST {
uint8_t pk_key_set:1;
uint8_t session_key_set:1;
};
/* flags Crypt Only */ /* flags Crypt Only */
struct FSPSM_key_flg_ST { struct FSPSM_key_flg_ST {
uint8_t aes256_installedkey_set:1; uint8_t aes256_installedkey_set:1;
@@ -50,24 +41,11 @@ struct FSPSM_key_flg_ST {
uint8_t message_type:1;/*message 0, hashed 1*/ uint8_t message_type:1;/*message 0, hashed 1*/
}; };
typedef struct FSPSM_ST_Internal FSPSM_ST_Internal;
typedef struct FSPSM_tag_ST { typedef struct FSPSM_tag_ST {
/* unique number for each session */ /* unique number for each session */
int devId; int devId;
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t
encrypted_ephemeral_ecdh_public_key[FSPSM_TLS_ENCRYPTED_ECCPUBKEY_SZ];
/* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */
sce_tls_p256_ecc_wrapped_key_t ecc_p256_wrapped_key;
uint8_t ecc_ecdh_public_key[HW_SCE_ECC_PUBLIC_KEY_BYTE_SIZE];
uint32_t masterSecret[FSPSM_TLS_MASTERSECRET_SIZE/4];
uint8_t clientRandom[FSPSM_TLS_CLIENTRANDOM_SZ];
uint8_t serverRandom[FSPSM_TLS_SERVERRANDOM_SZ];
uint8_t cipher;
uint8_t side; /* for key set side */
#endif
/* installed key handling */ /* installed key handling */
/* aes */ /* aes */
@@ -85,228 +63,27 @@ typedef struct FSPSM_tag_ST {
#if defined(WOLFSSL_RENESAS_RSIP) #if defined(WOLFSSL_RENESAS_RSIP)
uint8_t hash_type; uint8_t hash_type;
#endif #endif
/* key status flags */
/* flag whether encrypted ec key is set */
union {
uint8_t chr;
struct FSPSM_tls_flg_ST bits;
} keyflgs_tls;
/* key status flags */ /* key status flags */
/* flags shows status if wrapped keys are installed */ /* flags shows status if wrapped keys are installed */
union { union {
uint8_t chr; uint8_t chr;
struct FSPSM_key_flg_ST bits; struct FSPSM_key_flg_ST bits;
} keyflgs_crypt; } keyflgs_crypt;
FSPSM_ST_Internal* internal;
} FSPSM_ST; } FSPSM_ST;
typedef struct tagPKCbInfo {
FSPSM_ST *user_PKCbInfo[MAX_FSPSM_CBINDEX];
uint32_t num_session;
} FSPSM_ST_PKC;
#ifdef WOLFSSL_RENESAS_FSPSM_TLS
typedef struct
{
uint8_t *encrypted_provisioning_key;
uint8_t *iv;
uint8_t *encrypted_user_tls_key;
uint32_t encrypted_user_tls_key_type;
FSPSM_CACERT_PUB_WKEY user_rsa2048_tls_wrappedkey;
} fspsm_key_data;
#endif
struct WOLFSSL; struct WOLFSSL;
struct WOLFSSL_CTX; struct WOLFSSL_CTX;
struct ecc_key; struct ecc_key;
struct wc_CryptoInfo;
WOLFSSL_LOCAL int wc_fspsm_Open();
WOLFSSL_LOCAL void wc_fspsm_Close();
WOLFSSL_LOCAL int wc_fspsm_hw_lock();
WOLFSSL_LOCAL void wc_fspsm_hw_unlock( void );
WOLFSSL_LOCAL int wc_fspsm_usable(const struct WOLFSSL *ssl,
uint8_t session_key_generated);
typedef struct {
FSPSM_AES_PWKEY wrapped_key;
word32 keySize;
#ifdef WOLFSSL_RENESAS_FSPSM_TLS
byte setup;
#endif
} FSPSM_AES_CTX;
struct Aes; struct Aes;
WOLFSSL_LOCAL void wc_fspsm_Aesfree(struct Aes* aes);
WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz);
WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz);
WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz,
byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SH224) || \
defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
typedef enum {
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
FSPSM_SHA256 = 1,
#elif defined(WOLFSSL_RENESAS_RSIP)
FSPSM_SHA1 = RSIP_HASH_TYPE_SHA1,
FSPSM_SHA224 = RSIP_HASH_TYPE_SHA224,
FSPSM_SHA256 = RSIP_HASH_TYPE_SHA256,
FSPSM_SHA384 = RSIP_HASH_TYPE_SHA384,
FSPSM_SHA512 = RSIP_HASH_TYPE_SHA512,
FSPSM_SHA512_224 = RSIP_HASH_TYPE_SHA512_224,
FSPSM_SHA512_256 = RSIP_HASH_TYPE_SHA512_256,
#endif
} FSPSM_SHA_TYPE;
typedef struct {
void* heap;
word32 sha_type;
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
word32 used;
word32 len;
byte* msg;
#endif
#if defined(WOLFSSL_RENESAS_RSIP)
FSPSM_SHA_HANDLE handle;
#endif
#if defined(WOLF_CRYPTO_CB)
word32 flags;
int devId;
#endif
} wolfssl_FSPSM_Hash;
/* RAW hash function APIs are not implemented with SCE */
#undef WOLFSSL_NO_HASH_RAW
#define WOLFSSL_NO_HASH_RAW
#if !defined(NO_SHA) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha;
#endif
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha224;
#define WC_SHA224_TYPE_DEFINED
#endif
#if !defined(NO_SHA256) && \
(defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP))
typedef wolfssl_FSPSM_Hash wc_Sha256;
#endif
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha384;
#define WC_SHA384_TYPE_DEFINED
#endif
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha512;
typedef wolfssl_FSPSM_Hash wc_Sha512_224;
typedef wolfssl_FSPSM_Hash wc_Sha512_256;
#define WC_SHA512_TYPE_DEFINED
#endif
#endif /* NO_SHA */
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \ #if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY) !defined(WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY)
WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify(
const uint8_t* cert, uint32_t cert_len,
uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len,
uint32_t cm_row);
WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len,
uint8_t* sce_encRsaKeyIdx);
WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(
uint8_t* premaster,
uint32_t preSz);
WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret(
struct WOLFSSL* ssl,
uint8_t* out,
uint32_t* outSz);
WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(
const struct WOLFSSL *ssl,
const uint8_t* myInner,
uint32_t innerSz,
const uint8_t* in,
uint32_t sz,
uint8_t* digest);
WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(
const struct WOLFSSL *ssl,
const uint8_t* message,
uint32_t messageSz,
uint32_t macSz,
uint32_t content);
WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(
struct WOLFSSL* ssl,
FSPSM_ST* info);
WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
const uint8_t* ms, /* master secret */
const uint8_t* side,
const uint8_t* handshake_hash,
uint8_t* hashes /* out */);
WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(
struct WOLFSSL* ssl,
FSPSM_ST* cbInfo,
int devId);
WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
uint8_t cipherSuiteFirst,
uint8_t cipherSuite,
const uint8_t *pr, /* pre-master */
const uint8_t *cr, /* client random */
const uint8_t *sr, /* server random */
uint8_t *ms);
WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(struct WOLFSSL* ssl, byte* sig,
uint32_t sigSz, uint8_t** out,
const byte* key, uint32_t keySz, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(struct WOLFSSL* ssl,
const uint8_t* sig, uint32_t sigSz,
const uint8_t* hash, uint32_t hashSz,
const uint8_t* key, uint32_t keySz,
int* result, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start,uint32_t key_n_len,
uint32_t key_e_start,uint32_t key_e_len,
uint8_t* fspsm_encPublickey);
/* Callback for EccShareSecret */
WOLFSSL_LOCAL int fspsm_EccSharedSecret(struct WOLFSSL* ssl,
struct ecc_key* otherKey,
uint8_t* pubKeyDer, unsigned int* pubKeySz,
uint8_t* out, unsigned int* outlen, int side, void* ctx);
/* user API */ /* user API */
WOLFSSL_API void FSPSM_INFORM_FUNC( WOLFSSL_API void FSPSM_INFORM_FUNC(
uint8_t* encrypted_provisioning_key, uint8_t* encrypted_provisioning_key,
@@ -318,28 +95,7 @@ WOLFSSL_API void FSPSM_CALLBACK_FUNC(struct WOLFSSL_CTX* ctx);
WOLFSSL_API int FSPSM_CALLBACK_CTX_FUNC(struct WOLFSSL* ssl, void* user_ctx); WOLFSSL_API int FSPSM_CALLBACK_CTX_FUNC(struct WOLFSSL* ssl, void* user_ctx);
WOLFSSL_API void FSPSM_INFORM_CERT_SIGN(const uint8_t *sign); WOLFSSL_API void FSPSM_INFORM_CERT_SIGN(const uint8_t *sign);
#endif /* WOLFSSL_RENESAS_FSPSM_TLS && #endif /* WOLFSSL_RENESAS_FSPSM_TLS &&
* !WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY */ * !WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY */
typedef struct FSPSM_RSA_CTX {
FSPSM_RSA1024_WPI_KEY *wrapped_pri1024_key;
FSPSM_RSA1024_WPB_KEY *wrapped_pub1024_key;
FSPSM_RSA2048_WPI_KEY *wrapped_pri2048_key;
FSPSM_RSA2048_WPB_KEY *wrapped_pub2048_key;
word32 keySz;
} FSPSM_RSA_CTX;
/* rsa */
struct RsaKey;
struct WC_RNG;
WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(struct RsaKey *key);
WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
word32 *outLen, int type, struct RsaKey* key, struct WC_RNG* rng);
WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(struct RsaKey* key, int size, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
word32* outLen, struct RsaKey* key, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
word32* outLen,struct RsaKey* key, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 size);
#endif /* __RENESAS_FSPSM_CRYPT_H__ */ #endif /* __RENESAS_FSPSM_CRYPT_H__ */

281
wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h Normal file
View File

@@ -0,0 +1,281 @@
/* renesas_fspsm_internal.h
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _RENESAS_FSPSM_INTERNAL_H_
#define _RENESAS_FSPSM_INTERNAL_H_
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
/* Wrapped TLS FSP Key Set Flags */
struct FSPSM_tls_flg_ST {
uint8_t pk_key_set:1;
uint8_t session_key_set:1;
};
struct FSPSM_ST_Internal {
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t
encrypted_ephemeral_ecdh_public_key[FSPSM_TLS_ENCRYPTED_ECCPUBKEY_SZ];
/* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */
sce_tls_p256_ecc_wrapped_key_t ecc_p256_wrapped_key;
uint8_t ecc_ecdh_public_key[HW_SCE_ECC_PUBLIC_KEY_BYTE_SIZE];
uint32_t masterSecret[FSPSM_TLS_MASTERSECRET_SIZE/4];
uint8_t clientRandom[FSPSM_TLS_CLIENTRANDOM_SZ];
uint8_t serverRandom[FSPSM_TLS_SERVERRANDOM_SZ];
uint8_t cipher;
uint8_t side; /* for key set side */
#endif
/* key status flags */
/* flag whether encrypted ec key is set */
union {
uint8_t chr;
struct FSPSM_tls_flg_ST bits;
} keyflgs_tls;
};
#ifdef WOLFSSL_RENESAS_FSPSM_TLS
typedef struct
{
uint8_t *encrypted_provisioning_key;
uint8_t *iv;
uint8_t *encrypted_user_tls_key;
uint32_t encrypted_user_tls_key_type;
FSPSM_CACERT_PUB_WKEY user_rsa2048_tls_wrappedkey;
} fspsm_key_data;
#endif
typedef struct {
FSPSM_AES_PWKEY wrapped_key;
word32 keySize;
#ifdef WOLFSSL_RENESAS_FSPSM_TLS
byte setup;
#endif
} FSPSM_AES_CTX;
typedef struct FSPSM_RSA_CTX {
FSPSM_RSA1024_WPI_KEY *wrapped_pri1024_key;
FSPSM_RSA1024_WPB_KEY *wrapped_pub1024_key;
FSPSM_RSA2048_WPI_KEY *wrapped_pri2048_key;
FSPSM_RSA2048_WPB_KEY *wrapped_pub2048_key;
word32 keySz;
} FSPSM_RSA_CTX;
#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SH224) || \
defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
typedef struct {
void* heap;
word32 sha_type;
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
word32 used;
word32 len;
byte* msg;
#endif
#if defined(WOLFSSL_RENESAS_RSIP)
FSPSM_SHA_HANDLE handle;
#endif
#if defined(WOLF_CRYPTO_CB)
word32 flags;
int devId;
#endif
}wolfssl_FSPSM_Hash;
typedef enum {
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
FSPSM_SHA256 = 1,
#elif defined(WOLFSSL_RENESAS_RSIP)
FSPSM_SHA1 = RSIP_HASH_TYPE_SHA1,
FSPSM_SHA224 = RSIP_HASH_TYPE_SHA224,
FSPSM_SHA256 = RSIP_HASH_TYPE_SHA256,
FSPSM_SHA384 = RSIP_HASH_TYPE_SHA384,
FSPSM_SHA512 = RSIP_HASH_TYPE_SHA512,
FSPSM_SHA512_224 = RSIP_HASH_TYPE_SHA512_224,
FSPSM_SHA512_256 = RSIP_HASH_TYPE_SHA512_256,
#endif
} FSPSM_SHA_TYPE;
/* RAW hash function APIs are not implemented with SCE */
#undef WOLFSSL_NO_HASH_RAW
#define WOLFSSL_NO_HASH_RAW
#if !defined(NO_SHA) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha;
#endif
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha224;
#define WC_SHA224_TYPE_DEFINED
#endif
#if !defined(NO_SHA256) && \
(defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP))
typedef wolfssl_FSPSM_Hash wc_Sha256;
#endif
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha384;
#define WC_SHA384_TYPE_DEFINED
#endif
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha512;
typedef wolfssl_FSPSM_Hash wc_Sha512_224;
typedef wolfssl_FSPSM_Hash wc_Sha512_256;
#define WC_SHA512_TYPE_DEFINED
#endif
#endif /* NO_SHA */
struct WOLFSSL;
struct Aes;
WOLFSSL_LOCAL int wc_fspsm_TlsCleanup(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int wc_fspsm_Open();
WOLFSSL_LOCAL void wc_fspsm_Close();
WOLFSSL_LOCAL int wc_fspsm_hw_lock();
WOLFSSL_LOCAL void wc_fspsm_hw_unlock( void );
WOLFSSL_LOCAL int wc_fspsm_usable(const struct WOLFSSL *ssl,
uint8_t session_key_generated);
WOLFSSL_LOCAL void wc_fspsm_Aesfree(struct Aes* aes);
WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz);
WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz);
WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz,
byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
WOLFSSL_LOCAL int wc_fspsm_AesCipher(int devIdArg, struct wc_CryptoInfo* info,
void* ctx);
WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify(
const uint8_t* cert, uint32_t cert_len,
uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len,
uint32_t cm_row);
WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len,
uint8_t* sce_encRsaKeyIdx);
WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(
uint8_t* premaster,
uint32_t preSz);
WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret(
struct WOLFSSL* ssl,
uint8_t* out,
uint32_t* outSz);
WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(
const struct WOLFSSL *ssl,
const uint8_t* myInner,
uint32_t innerSz,
const uint8_t* in,
uint32_t sz,
uint8_t* digest);
WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(
const struct WOLFSSL *ssl,
const uint8_t* message,
uint32_t messageSz,
uint32_t macSz,
uint32_t content);
WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(
struct WOLFSSL* ssl,
FSPSM_ST* info);
WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
const uint8_t* ms, /* master secret */
const uint8_t* side,
const uint8_t* handshake_hash,
uint8_t* hashes /* out */);
WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(
struct WOLFSSL* ssl,
FSPSM_ST* cbInfo,
int devId);
WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
uint8_t cipherSuiteFirst,
uint8_t cipherSuite,
const uint8_t *pr, /* pre-master */
const uint8_t *cr, /* client random */
const uint8_t *sr, /* server random */
uint8_t *ms);
WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(struct WOLFSSL* ssl, byte* sig,
uint32_t sigSz, uint8_t** out,
const byte* key, uint32_t keySz, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(struct WOLFSSL* ssl,
const uint8_t* sig, uint32_t sigSz,
const uint8_t* hash, uint32_t hashSz,
const uint8_t* key, uint32_t keySz,
int* result, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start,uint32_t key_n_len,
uint32_t key_e_start,uint32_t key_e_len,
uint8_t* fspsm_encPublickey);
/* Callback for EccShareSecret */
WOLFSSL_LOCAL int fspsm_EccSharedSecret(struct WOLFSSL* ssl,
struct ecc_key* otherKey,
uint8_t* pubKeyDer, unsigned int* pubKeySz,
uint8_t* out, unsigned int* outlen, int side, void* ctx);
/* rsa */
struct RsaKey;
struct WC_RNG;
WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(struct RsaKey *key);
WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
word32 *outLen, int type, struct RsaKey* key, struct WC_RNG* rng);
WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(struct RsaKey* key, int size, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
word32* outLen, struct RsaKey* key, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
word32* outLen,struct RsaKey* key, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 size);
#endif /* RENESAS_FSPSM_INTERNAL_H */

2
wolfssl/wolfcrypt/rsa.h
View File

@@ -90,7 +90,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
#endif #endif
#if defined(WOLFSSL_RENESAS_FSPSM) #if defined(WOLFSSL_RENESAS_FSPSM)
#include <wolfssl/wolfcrypt/port/renesas/renesas-fspsm-crypt.h> #include <wolfssl/wolfcrypt/port/renesas/renesas_fspsm_internal.h>
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus

2
wolfssl/wolfcrypt/sha256.h
View File

@@ -141,7 +141,7 @@ enum {
#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \ #elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_RSIP)) && \ defined(WOLFSSL_RENESAS_RSIP)) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h"
#elif defined(WOLFSSL_RENESAS_RX64_HASH) #elif defined(WOLFSSL_RENESAS_RX64_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h"
#else #else

2
wolfssl/wolfcrypt/sha512.h
View File

@@ -129,7 +129,7 @@ enum {
#include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
#elif defined(WOLFSSL_RENESAS_RSIP) && \ #elif defined(WOLFSSL_RENESAS_RSIP) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h"
#else #else
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)