wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9010 from miyazakh/sce_tlsproperties_uc

Browse Source 
Make properties related to Renesas FSP Security Module TLS hidden for FSP SM context
This commit is contained in:
David Garske
2025-07-24 12:35:56 -07:00
committed by GitHub
parent 2db1669713 5e77253577
commit a06268f705
16 changed files with 545 additions and 436 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
IDE/Renesas/e2studio/RA6M4/common/user_settings.h
View File

@@ -108,10 +108,10 @@
#define WC_USE_DEVID 7890
#define NO_AES_192
#define NO_SW_BENCH
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
/* Use SCE RSAES-PKCS1-V1_5 RSA Function */
#define WOLF_CRYPTO_CB_RSA_PAD
#define WOLFSSL_KEY_GEN
#define RSA_MIN_SIZE 512
#endif
#define CUSTOM_RAND_GENERATE_BLOCK wc_fspsm_GenerateRandBlock

2
IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
View File

@@ -28,6 +28,7 @@
#include "wolfssl/wolfcrypt/settings.h"
#include "wolfssl/ssl.h"
#include "wolfssl/certs_test.h"
#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
uint32_t g_encrypted_root_public_key[140];
WOLFSSL_CTX *client_ctx = NULL;
@@ -198,7 +199,6 @@ int wolfSSL_TLS_client_do(void *pvParam)
#if !defined(TLS_MULTITHREAD_TEST)
XMEMSET(&guser_PKCbInfo, 0, sizeof(FSPSM_ST));
guser_PKCbInfo.devId = 0;
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
#else

13
IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
View File

@@ -798,10 +798,8 @@ int sce_crypt_test()
/* sets wrapped rsa 1024 bits key */
gCbInfo.wrapped_key_rsapri1024 =
&g_wrapped_pair_1024key.priv_key;
gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
gCbInfo.wrapped_key_rsapub1024 =
&g_wrapped_pair_1024key.pub_key;
gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
}
err = R_SCE_RSA2048_WrappedKeyPairGenerate(&g_wrapped_pair_2048key);
@@ -809,11 +807,8 @@ int sce_crypt_test()
/* sets wrapped rsa 1024 bits key */
gCbInfo.wrapped_key_rsapri2048 =
&g_wrapped_pair_2048key.priv_key;
gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
gCbInfo.wrapped_key_rsapub2048 =
&g_wrapped_pair_2048key.pub_key;
gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
}
/* Key generation for multi testing */
@@ -834,6 +829,10 @@ int sce_crypt_test()
if (ret == 0) {
printf(" sce_rsa_test(1024)");
gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 0;
gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 0;
ret = sce_rsa_test(1, 1024);
RESULT_STR(ret)
}
@@ -846,6 +845,10 @@ int sce_crypt_test()
if (ret == 0) {
printf(" sce_rsa_test(2048)");
gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 0;
gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 0;
gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
ret = sce_rsa_test(1, 2048);
RESULT_STR(ret)
}

2
src/keys.c
View File

@@ -3556,7 +3556,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
void* ctx = wolfSSL_GetEncryptKeysCtx(ssl);
#if defined(WOLFSSL_RENESAS_FSPSM_TLS)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
cbInfo->side = side;
cbInfo->internal->side = side;
#elif defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
cbInfo->internal->key_side = side;

89
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@@ -33,7 +33,7 @@
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
#define cmn_hw_lock wc_fspsm_hw_lock
#define cmn_hw_unlock wc_fspsm_hw_unlock
@@ -87,6 +87,8 @@ WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_TlsCleanup(ssl);
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
ret = wc_fspsm_TlsCleanup(ssl);
#endif
WOLFSSL_LEAVE("Renesas_cmn_Cleanup", ret);
@@ -166,6 +168,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
(void)cbInfo;
#endif
if (info == NULL || ctx == NULL)
@@ -276,88 +279,19 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM) {
if (info->cipher.enc &&
(cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 32) ||
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 16))) {
ret = wc_fspsm_AesGcmEncrypt(
info->cipher.aesgcm_enc.aes,
(byte*)info->cipher.aesgcm_enc.out,
(byte*)info->cipher.aesgcm_enc.in,
info->cipher.aesgcm_enc.sz,
(byte*)info->cipher.aesgcm_enc.iv,
info->cipher.aesgcm_enc.ivSz,
(byte*)info->cipher.aesgcm_enc.authTag,
info->cipher.aesgcm_enc.authTagSz,
(byte*)info->cipher.aesgcm_enc.authIn,
info->cipher.aesgcm_enc.authInSz,
(void*)ctx);
}
else if (cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 32) ||
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 16)) {
ret = wc_fspsm_AesGcmDecrypt(
info->cipher.aesgcm_dec.aes,
(byte*)info->cipher.aesgcm_dec.out,
(byte*)info->cipher.aesgcm_dec.in,
info->cipher.aesgcm_dec.sz,
(byte*)info->cipher.aesgcm_dec.iv,
info->cipher.aesgcm_dec.ivSz,
(byte*)info->cipher.aesgcm_dec.authTag,
info->cipher.aesgcm_dec.authTagSz,
(byte*)info->cipher.aesgcm_dec.authIn,
info->cipher.aesgcm_dec.authInSz,
(void*)ctx);
}
}
#endif /* HAVE_AESGCM */
#ifdef HAVE_AES_CBC
if ((info->cipher.type == WC_CIPHER_AES_CBC) &&
(cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) ||
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 16))) {
if (info->cipher.enc) {
ret = wc_fspsm_AesCbcEncrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
(byte*)info->cipher.aescbc.in,
info->cipher.aescbc.sz);
}
else {
ret = wc_fspsm_AesCbcDecrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
(byte*)info->cipher.aescbc.in,
info->cipher.aescbc.sz);
}
}
#endif /* HAVE_AES_CBC */
ret = wc_fspsm_AesCipher(devIdArg, info, ctx);
#endif /* !NO_AES */
}
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 ||
info->pk.rsakg.size == 2048)) {
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key,
info->pk.rsakg.size, (void*)ctx);
}
#endif
if (info->pk.type == WC_PK_TYPE_RSA) {
if (info->pk.type == WC_PK_TYPE_RSA_PKCS) {
/* to perform RSA on SCE, wrapped keys should be installed
* in advance. SCE supports 1024 or 2048 bits key size.
* otherwise, falls-through happens.
@@ -367,10 +301,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set ||
cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set ) {
ret = wc_fspsm_MakeRsaKey(info->pk.rsa.key, 0, cbInfo);
if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret;
if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
info->pk.rsa.type == RSA_PUBLIC_ENCRYPT )
{
@@ -769,8 +699,9 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
if (cbInfo->keyflgs_tls.bits.session_key_set == 1) {
switch(cbInfo->side) {
if (cbInfo != NULL && cbInfo->internal != NULL &&
cbInfo->internal->keyflgs_tls.bits.session_key_set == 1) {
switch(cbInfo->internal->side) {
#endif
case 1:/* ENCRYPT_SIDE_ONLY */
ssl->encrypt.setup = 1;

125
wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
View File

@@ -30,6 +30,8 @@
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_AES)
#include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h"
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/internal.h>
@@ -37,7 +39,6 @@
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
@@ -243,7 +244,8 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
(void) key_server_aes;
/* sanity check */
if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 ||
info == NULL) {
return BAD_FUNC_ARG;
}
@@ -296,7 +298,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
#if defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (ret == 0 &&
info->keyflgs_tls.bits.session_key_set == 1) {
info->internal->keyflgs_tls.bits.session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here.
*/
@@ -312,10 +314,10 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
}
ret = FSPSM_SESSIONKEY_GEN_FUNC(
info->cipher,
(uint32_t*)info->masterSecret,
(uint8_t*) info->clientRandom,
(uint8_t*) info->serverRandom,
info->internal->cipher,
(uint32_t*)info->internal->masterSecret,
(uint8_t*) info->internal->clientRandom,
(uint8_t*) info->internal->serverRandom,
&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
&key_client_mac,
&key_server_mac,
@@ -397,10 +399,10 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
XFREE(plainBuf, aes->heap, DYNAMIC_TYPE_AES);
XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES);
if (info->keyflgs_tls.bits.session_key_set == 1 &&
if (info->internal->keyflgs_tls.bits.session_key_set == 1 &&
key_client_aes != NULL)
XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES);
if (info->keyflgs_tls.bits.session_key_set == 1 &&
if (info->internal->keyflgs_tls.bits.session_key_set == 1 &&
key_server_aes != NULL)
XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES);
wc_fspsm_hw_unlock();
@@ -452,7 +454,8 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
FSPSM_AES_PWKEY key_server_aes = NULL;
(void) key_client_aes;
/* sanity check */
if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 ||
info == NULL) {
return BAD_FUNC_ARG;
}
@@ -500,7 +503,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
}
#if defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (ret == 0 &&
info->keyflgs_tls.bits.session_key_set == 1) {
info->internal->keyflgs_tls.bits.session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here.
*/
@@ -516,10 +519,10 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
}
ret = FSPSM_SESSIONKEY_GEN_FUNC(
info->cipher,
(uint32_t*)info->masterSecret,
(uint8_t*) info->clientRandom,
(uint8_t*) info->serverRandom,
info->internal->cipher,
(uint32_t*)info->internal->masterSecret,
(uint8_t*) info->internal->clientRandom,
(uint8_t*) info->internal->serverRandom,
(uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
&key_client_mac,
&key_server_mac,
@@ -537,7 +540,6 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
#endif
if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
key_server_aes = aes->ctx.wrapped_key;
iv_l = iv;
ivSz_l = ivSz;
@@ -596,10 +598,10 @@ WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES);
XFREE(plainBuf, aes->heap, DYNAMIC_TYPE_AES);
XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
if (info->keyflgs_tls.bits.session_key_set == 1 &&
if (info->internal->keyflgs_tls.bits.session_key_set == 1 &&
key_client_aes != NULL)
XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES);
if (info->keyflgs_tls.bits.session_key_set == 1 &&
if (info->internal->keyflgs_tls.bits.session_key_set == 1 &&
key_server_aes != NULL)
XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES);
wc_fspsm_hw_unlock();
@@ -811,6 +813,93 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
return wc_AesSetIV(aes, iv);
}
#endif
WOLFSSL_LOCAL int wc_fspsm_AesCipher(int devIdArg, wc_CryptoInfo* info,
void* ctx)
{
int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
(void)devIdArg;
WOLFSSL_ENTER("wc_fspsm_AesCipher");
if (info == NULL || cbInfo == NULL || cbInfo->internal == NULL) {
return BAD_FUNC_ARG;
}
#if !defined(NO_AES)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM) {
if (info->cipher.enc &&
(cbInfo->internal->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 32) ||
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 16))) {
ret = wc_fspsm_AesGcmEncrypt(
info->cipher.aesgcm_enc.aes,
(byte*)info->cipher.aesgcm_enc.out,
(byte*)info->cipher.aesgcm_enc.in,
info->cipher.aesgcm_enc.sz,
(byte*)info->cipher.aesgcm_enc.iv,
info->cipher.aesgcm_enc.ivSz,
(byte*)info->cipher.aesgcm_enc.authTag,
info->cipher.aesgcm_enc.authTagSz,
(byte*)info->cipher.aesgcm_enc.authIn,
info->cipher.aesgcm_enc.authInSz,
(void*)ctx);
}
else if (cbInfo->internal->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 32) ||
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 16)) {
ret = wc_fspsm_AesGcmDecrypt(
info->cipher.aesgcm_dec.aes,
(byte*)info->cipher.aesgcm_dec.out,
(byte*)info->cipher.aesgcm_dec.in,
info->cipher.aesgcm_dec.sz,
(byte*)info->cipher.aesgcm_dec.iv,
info->cipher.aesgcm_dec.ivSz,
(byte*)info->cipher.aesgcm_dec.authTag,
info->cipher.aesgcm_dec.authTagSz,
(byte*)info->cipher.aesgcm_dec.authIn,
info->cipher.aesgcm_dec.authInSz,
(void*)ctx);
}
}
#endif /* HAVE_AESGCM */
#ifdef HAVE_AES_CBC
if ((info->cipher.type == WC_CIPHER_AES_CBC) &&
(cbInfo->internal->keyflgs_tls.bits.session_key_set == 1 ||
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) ||
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 16))) {
if (info->cipher.enc) {
ret = wc_fspsm_AesCbcEncrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
(byte*)info->cipher.aescbc.in,
info->cipher.aescbc.sz);
}
else {
ret = wc_fspsm_AesCbcDecrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
(byte*)info->cipher.aescbc.in,
info->cipher.aescbc.sz);
}
}
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES */
(void)cbInfo;
WOLFSSL_LEAVE("wc_fspsm_AesCipher", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_FSPSM_TLS
WOLFSSL_RENESAS_FSPSM_CRYPTONLY
NO_WOLFSSL_RENESAS_FSPSM_AES */

2
wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
View File

@@ -34,7 +34,7 @@
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
#if defined(WOLFSSL_RENESAS_RSIP)
extern FSPSM_INSTANCE gFSPSM_ctrl;

2
wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
View File

@@ -35,7 +35,7 @@
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
#if defined(WOLFSSL_RENESAS_RSIP)
extern FSPSM_INSTANCE gFSPSM_ctrl;

183
wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
View File

@@ -39,13 +39,19 @@ extern FSPSM_CONFIG gFSPSM_cfg;
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
#include <wolfssl/wolfcrypt/memory.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/ssl.h>
#include <wolfssl/internal.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#include <stdio.h>
@@ -55,18 +61,12 @@ extern FSPSM_CONFIG gFSPSM_cfg;
#define WOLFSSL_PKMSG(_f_, ...) WC_DO_NOTHING
#endif
#if defined(WOLFSSL_RENESAS_FSPSM_ECC)
WC_THREADSHARED FSPSM_ST_PKC gPKCbInfo;
#endif
#ifdef WOLFSSL_RENESAS_FSPSM_TLS
static const byte* ca_cert_sig;
static fspsm_key_data g_user_key_info;
static uint32_t g_encrypted_publicCA_key[HW_SCE_SINST_WORD_SIZE];
extern uint32_t g_CAscm_Idx; /* index of CM table */
static uint32_t fspsm_sess_idx = 0;
#endif
#endif /* WOLFSSL_RENESAS_FSPSM*/
@@ -95,7 +95,7 @@ static int fspsm_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
* lock hw engine
* this should be called before using engine.
*/
WOLFSSL_LOCAL int wc_fspsm_hw_lock()
int wc_fspsm_hw_lock()
{
int ret = 0;
@@ -122,13 +122,13 @@ WOLFSSL_LOCAL int wc_fspsm_hw_lock()
/*
* release hw engine
*/
WOLFSSL_LOCAL void wc_fspsm_hw_unlock(void)
void wc_fspsm_hw_unlock(void)
{
fspsm_CryptHwMutexUnLock(&fspsm_mutex);
}
/* Open sce driver for use */
WOLFSSL_LOCAL int wc_fspsm_Open()
int wc_fspsm_Open()
{
WOLFSSL_ENTER("wc_fspsm_Open");
int ret;
@@ -167,7 +167,7 @@ WOLFSSL_LOCAL int wc_fspsm_Open()
}
/* close SCE driver */
WOLFSSL_LOCAL void wc_fspsm_Close()
void wc_fspsm_Close()
{
WOLFSSL_ENTER("sce Close");
int ret;
@@ -188,11 +188,11 @@ WOLFSSL_LOCAL void wc_fspsm_Close()
}
#define RANDGEN_WORDS 4
WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz)
int wc_fspsm_GenerateRandBlock(byte* output, word32 sz)
{
/* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */
int ret = 0;
word32 fspbuf[RANDGEN_WORDS];
uint32_t fspbuf[RANDGEN_WORDS];
while (sz > 0) {
word32 len = sizeof(buffer);
@@ -201,8 +201,8 @@ WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz)
len = sz;
}
/* return 4 words random number*/
ret = R_RANDOM_GEN((uint8_t* const)fspbuf);
if(ret == FSP_SUCCESS) {
ret = R_RANDOM_GEN(fspbuf);
if (ret == FSP_SUCCESS) {
XMEMCPY(output, &fspbuf, len);
output += len;
sz -= len;
@@ -224,7 +224,7 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
uint32_t sigSz, void* ctx)
{
int ret = WOLFSSL_FAILURE;
FSPSM_ST* cbInfo;
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
byte *peerkey = NULL;
@@ -232,11 +232,10 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
(void) sigSz;
/* sanity check */
if (ssl == NULL || sig == NULL || ctx == NULL)
if (ssl == NULL || sig == NULL || cbInfo == NULL ||
cbInfo->internal == NULL)
return ret;
cbInfo = (FSPSM_ST*)ctx;
/* export public peer public key */
ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen);
WOLFSSL_PKMSG("qxLen %d qyLen %d\n", qxLen, qyLen);
@@ -246,7 +245,8 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
}
/* make peer ecc key data for SCE */
/* 0padding(24bit) || 04(8bit) || Qx(256bit) || Qy(256bit) */
peerkey = (byte*)XMALLOC((3 + 1 + qxLen + qyLen), NULL, DYNAMIC_TYPE_TMP_BUFFER);
peerkey = (byte*)XMALLOC((3 + 1 + qxLen + qyLen), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (peerkey == NULL) {
WOLFSSL_MSG("failed to malloc ecc key");
return WOLFSSL_FAILURE;
@@ -266,15 +266,15 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
(uint8_t*) peerkey,
(uint8_t*) sig,
(uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
(uint32_t*)cbInfo->encrypted_ephemeral_ecdh_public_key);
(uint32_t*)cbInfo->internal->encrypted_ephemeral_ecdh_public_key);
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("failed R_fspsm_TLS_ServerKeyExchangeVerify");
cbInfo->keyflgs_tls.bits.pk_key_set = 0;
cbInfo->internal->keyflgs_tls.bits.pk_key_set = 0;
}
else {
ret = WOLFSSL_SUCCESS;
cbInfo->keyflgs_tls.bits.pk_key_set = 1;
cbInfo->internal->keyflgs_tls.bits.pk_key_set = 1;
}
}
else {
@@ -288,7 +288,7 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
return ret;
}
/* Callback for Rsa Verify */
WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
uint8_t** out, const byte* key, uint32_t keySz, void* ctx)
{
int ret = WOLFSSL_FAILURE;
@@ -311,7 +311,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
return ret;
}
/* Callback for Ecc Verify */
WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
const uint8_t* key, uint32_t keySz, int* result, void* ctx)
{
@@ -389,7 +389,7 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
/* Callback for ECC shared secret */
WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
uint8_t* pubKeyDer, unsigned int* pubKeySz,
uint8_t* out, unsigned int* outlen, int side, void* ctx)
{
@@ -404,33 +404,37 @@ WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
/* sanity check */
if (ssl == NULL || pubKeyDer == NULL || pubKeySz == NULL ||
out == NULL || outlen == NULL || ctx == NULL)
out == NULL || outlen == NULL || cbInfo == NULL ||
cbInfo->internal == NULL)
return WOLFSSL_FAILURE;
WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
if (cbInfo->keyflgs_tls.bits.pk_key_set == 1) {
if (cbInfo->internal->keyflgs_tls.bits.pk_key_set == 1) {
if ((ret = wc_fspsm_hw_lock()) == 0) {
/* Generate ECC PUblic key pair */
ret = FSPSM_TLS_ECCS256R1_KPG(
&cbInfo->ecc_p256_wrapped_key,
(uint8_t*)&cbInfo->ecc_ecdh_public_key/* Qx 32 bytes and Qy 32 bytes*/ );
&cbInfo->internal->ecc_p256_wrapped_key,
/* Qx 32 bytes and Qy 32 bytes*/
(uint8_t*)&cbInfo->internal->ecc_ecdh_public_key );
if (ret != FSP_SUCCESS) {
WOLFSSL_PKMSG("Failed secp256r1_EphemeralWrappedKeyPairGenerate %d\n", ret);
WOLFSSL_PKMSG("Failed secp256r1_EphemeralWrappedKeyPairGenerate"
" %d\n", ret);
return ret;
}
/* copy generated ecdh public key into buffer */
pubKeyDer[0] = ECC_POINT_UNCOMP;
*pubKeySz = 1 + sizeof(cbInfo->ecc_ecdh_public_key);
XMEMCPY(&pubKeyDer[1], &cbInfo->ecc_ecdh_public_key,
sizeof(cbInfo->ecc_ecdh_public_key));
*pubKeySz = 1 + sizeof(cbInfo->internal->ecc_ecdh_public_key);
XMEMCPY(&pubKeyDer[1], &cbInfo->internal->ecc_ecdh_public_key,
sizeof(cbInfo->internal->ecc_ecdh_public_key));
/* Generate Premaster Secret */
ret = FSPSM_TLS_PREMASTERGEN(
(uint32_t*)&cbInfo->encrypted_ephemeral_ecdh_public_key,
&cbInfo->ecc_p256_wrapped_key,
(uint32_t*)
&cbInfo->internal->encrypted_ephemeral_ecdh_public_key,
&cbInfo->internal->ecc_p256_wrapped_key,
(uint32_t*)out/* pre-master secret 64 bytes */);
if (ret != FSP_SUCCESS) {
WOLFSSL_PKMSG("Failed PreMasterSecretGenerateForECC_secp256r1 %d\n", ret);
@@ -438,7 +442,8 @@ WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
}
else {
/* set master secret generation callback for use */
wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret);
wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx,
Renesas_cmn_genMasterSecret);
wolfSSL_SetGenMasterSecretCtx(ssl, cbInfo);
}
}
@@ -450,7 +455,8 @@ WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
wc_fspsm_hw_unlock();
*outlen = 64;
WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n",
ret, *pubKeySz, *outlen);
}
return ret;
@@ -523,7 +529,7 @@ static uint32_t GetSceCipherSuite(
/* ssl : a pointer to WOLFSSL object */
/* session_key_generated : if session key has been generated */
/* return 1 for usable, 0 for unusable */
WOLFSSL_LOCAL int wc_fspsm_usable(const WOLFSSL *ssl,
int wc_fspsm_usable(const WOLFSSL *ssl,
uint8_t session_key_generated)
{
WOLFSSL_ENTER("fspsm_usable");
@@ -575,7 +581,7 @@ WOLFSSL_LOCAL int wc_fspsm_usable(const WOLFSSL *ssl,
}
/* Generate Hmac by sha256*/
WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl,
int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl,
const uint8_t* myInner, uint32_t innerSz,const uint8_t* in,
uint32_t sz, byte* digest)
{
@@ -627,7 +633,7 @@ WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl,
}
/* Verify hmac */
WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl,
int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl,
const uint8_t* message, uint32_t messageSz,
uint32_t macSz, uint32_t content)
{
@@ -684,7 +690,7 @@ WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl,
}
/* generate Verify Data based on master secret */
WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
int wc_fspsm_generateVerifyData(
const uint8_t *ms, /* master secret */
const uint8_t *side, const uint8_t *handshake_hash,
uint8_t *hashes /* out */)
@@ -717,7 +723,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
}
/* generate keys for TLS communication */
WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
FSPSM_ST* cbInfo, int devId)
{
WOLFSSL_MSG("fspsm_generateSessionKey()");
@@ -733,7 +739,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
uint32_t sceCS = GetSceCipherSuite(ssl->options.cipherSuite0,
ssl->options.cipherSuite);
if (ssl== NULL || cbInfo == NULL)
if (ssl== NULL || cbInfo == NULL || cbInfo->internal == NULL)
return BAD_FUNC_ARG;
@@ -843,8 +849,10 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
/* ready-for-use flag will be set when SetKeySide() is called */
}
if (cbInfo->cipher == SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
cbInfo->cipher == SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
if (cbInfo->internal->cipher ==
SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
cbInfo->internal->cipher ==
SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
enc->aes->nonceSz = AEAD_MAX_IMP_SZ;
dec->aes->nonceSz = AEAD_MAX_IMP_SZ;
}
@@ -852,7 +860,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
dec->aes->devId = devId;
/* marked as session key is set */
cbInfo->keyflgs_tls.bits.session_key_set = 1;
cbInfo->internal->keyflgs_tls.bits.session_key_set = 1;
}
XFREE(key_client_aes, ssl->heap, DYNAMIC_TYPE_AES);
@@ -871,7 +879,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
}
/* generate master secret based on pre-master which is generated by SCE */
WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
int wc_fspsm_generateMasterSecret(
uint8_t cipherSuiteFirst,
uint8_t cipherSuite,
const uint8_t *pr, /* pre-master */
@@ -909,7 +917,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
}
/* generate pre-Master secrete by SCE */
WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(uint8_t *premaster,
int wc_fspsm_generatePremasterSecret(uint8_t *premaster,
uint32_t preSz)
{
WOLFSSL_ENTER("fspsm_generatePremasterSecret");
@@ -940,7 +948,7 @@ WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(uint8_t *premaster,
/*
* generate encrypted pre-Master secrete by SCE
*/
WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret(
int wc_fspsm_generateEncryptPreMasterSecret(
WOLFSSL* ssl,
uint8_t* out,
uint32_t* outSz)
@@ -983,7 +991,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret(
/* Certificate verification by SCE */
WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
int wc_fspsm_tls_CertVerify(
const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start,uint32_t key_n_len,
@@ -1080,7 +1088,7 @@ WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
}
/* Root Certificate verification */
WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify(
int wc_fspsm_tls_RootCertVerify(
const uint8_t* cert, uint32_t cert_len,
uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len,
@@ -1130,22 +1138,26 @@ WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify(
/* store elements for session key generation into ssl->keys.
* return 0 on success, negative value on failure
*/
WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(WOLFSSL* ssl, FSPSM_ST* info)
int wc_fspsm_storeKeyCtx(WOLFSSL* ssl, FSPSM_ST* info)
{
int ret = 0;
WOLFSSL_ENTER("fspsm_storeKeyCtx");
if (ssl == NULL || info == NULL)
if (ssl == NULL || info == NULL || info->internal == NULL)
ret = BAD_FUNC_ARG;
if (ret == 0) {
XMEMCPY(info->masterSecret, ssl->arrays->fspsm_masterSecret,
XMEMCPY(info->internal->masterSecret,
ssl->arrays->fspsm_masterSecret,
FSPSM_TLS_MASTERSECRET_SIZE);
XMEMCPY(info->clientRandom, ssl->arrays->clientRandom, 32);
XMEMCPY(info->serverRandom, ssl->arrays->serverRandom, 32);
XMEMCPY(info->internal->clientRandom,
ssl->arrays->clientRandom, 32);
XMEMCPY(info->internal->serverRandom,
ssl->arrays->serverRandom, 32);
info->cipher = (uint8_t)GetSceCipherSuite(ssl->options.cipherSuite0,
info->internal->cipher = (uint8_t)GetSceCipherSuite(
ssl->options.cipherSuite0,
ssl->options.cipherSuite);
}
WOLFSSL_LEAVE("fspsm_storeKeyCtx", ret);
@@ -1213,6 +1225,35 @@ WOLFSSL_API void wc_fspsm_set_callbacks(WOLFSSL_CTX* ctx)
/* reset callbacks */
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
}
/*
* Clean up Renesas Ctx
* ssl WOLFSSL object
* return 0 successful
*/
int wc_fspsm_TlsCleanup(WOLFSSL* ssl)
{
int ret = 0;
FSPSM_ST* tuc = NULL;
if (ssl == NULL)
return ret;
tuc = ssl->RenesasUserCtx;
if (tuc == NULL)
return ret;
/* free internal structure */
if (tuc->internal) {
XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
tuc->internal = NULL;
}
/* zero clear */
ForceZero(tuc, sizeof(FSPSM_ST));
ssl->RenesasUserCtx = NULL;
return ret;
}
/* Set callback contexts needed for sce TLS api handling */
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
@@ -1220,14 +1261,24 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
#endif
{
if (fspsm_sess_idx > MAX_FSPSM_CBINDEX) {
WOLFSSL_MSG("exceeds maximum session index");
return -1;
FSPSM_ST* uCtx = (FSPSM_ST*)user_ctx;
if (ssl == NULL || user_ctx == NULL) {
return BAD_FUNC_ARG;
}
gPKCbInfo.user_PKCbInfo[fspsm_sess_idx] = (FSPSM_ST*)user_ctx;
gPKCbInfo.user_PKCbInfo[fspsm_sess_idx]->keyflgs_tls.bits.pk_key_set = 0;
gPKCbInfo.user_PKCbInfo[fspsm_sess_idx]->keyflgs_tls.bits.session_key_set
= 0;
ForceZero(uCtx, sizeof(FSPSM_ST));
uCtx->internal = (FSPSM_ST_Internal*)XMALLOC(sizeof(FSPSM_ST_Internal),
ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (!uCtx->internal) {
WOLFSSL_MSG("Failed to allocate memory for user ctx internal");
return MEMORY_E;
}
ForceZero(uCtx->internal, sizeof(FSPSM_ST_Internal));
ssl->RenesasUserCtx = user_ctx; /* ssl doesn't own user_ctx */
wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
wolfSSL_SetRsaEncCtx(ssl, user_ctx);
@@ -1239,8 +1290,6 @@ WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
/* set up crypt callback */
wc_CryptoCb_CryptInitRenesasCmn(ssl, user_ctx);
gPKCbInfo.num_session = ++fspsm_sess_idx;
return 0;
}
#endif /* !WOLFSSL_RENESAS_FSPSM_CRYPTONLY */

2
wolfcrypt/src/wc_port.c
View File

@@ -63,7 +63,7 @@
#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
#endif
#if defined(WOLFSSL_RENESAS_FSPSM)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
#endif
#if defined(WOLFSSL_RENESAS_RX64_HASH)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h>

2
wolfssl/wolfcrypt/aes.h
View File

@@ -148,7 +148,7 @@ WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
#endif
#if defined(WOLFSSL_RENESAS_FSPSM)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
#endif
#ifdef WOLFSSL_MAXQ10XX_CRYPTO

258
wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
View File

@@ -21,9 +21,6 @@
#ifndef __RENESAS_FSPSM_CRYPT_H__
#define __RENESAS_FSPSM_CRYPT_H__
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h>
#ifdef __cplusplus
extern "C" {
#endif
@@ -33,12 +30,6 @@ extern "C" {
typedef void* FSPSM_W_KEYVAR;
/* flsgas related to TLS */
struct FSPSM_tls_flg_ST {
uint8_t pk_key_set:1;
uint8_t session_key_set:1;
};
/* flags Crypt Only */
struct FSPSM_key_flg_ST {
uint8_t aes256_installedkey_set:1;
@@ -50,24 +41,11 @@ struct FSPSM_key_flg_ST {
uint8_t message_type:1;/*message 0, hashed 1*/
};
typedef struct FSPSM_ST_Internal FSPSM_ST_Internal;
typedef struct FSPSM_tag_ST {
/* unique number for each session */
int devId;
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t
encrypted_ephemeral_ecdh_public_key[FSPSM_TLS_ENCRYPTED_ECCPUBKEY_SZ];
/* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */
sce_tls_p256_ecc_wrapped_key_t ecc_p256_wrapped_key;
uint8_t ecc_ecdh_public_key[HW_SCE_ECC_PUBLIC_KEY_BYTE_SIZE];
uint32_t masterSecret[FSPSM_TLS_MASTERSECRET_SIZE/4];
uint8_t clientRandom[FSPSM_TLS_CLIENTRANDOM_SZ];
uint8_t serverRandom[FSPSM_TLS_SERVERRANDOM_SZ];
uint8_t cipher;
uint8_t side; /* for key set side */
#endif
/* installed key handling */
/* aes */
@@ -85,228 +63,27 @@ typedef struct FSPSM_tag_ST {
#if defined(WOLFSSL_RENESAS_RSIP)
uint8_t hash_type;
#endif
/* key status flags */
/* flag whether encrypted ec key is set */
union {
uint8_t chr;
struct FSPSM_tls_flg_ST bits;
} keyflgs_tls;
/* key status flags */
/* flags shows status if wrapped keys are installed */
union {
uint8_t chr;
struct FSPSM_key_flg_ST bits;
} keyflgs_crypt;
FSPSM_ST_Internal* internal;
} FSPSM_ST;
typedef struct tagPKCbInfo {
FSPSM_ST *user_PKCbInfo[MAX_FSPSM_CBINDEX];
uint32_t num_session;
} FSPSM_ST_PKC;
#ifdef WOLFSSL_RENESAS_FSPSM_TLS
typedef struct
{
uint8_t *encrypted_provisioning_key;
uint8_t *iv;
uint8_t *encrypted_user_tls_key;
uint32_t encrypted_user_tls_key_type;
FSPSM_CACERT_PUB_WKEY user_rsa2048_tls_wrappedkey;
} fspsm_key_data;
#endif
struct WOLFSSL;
struct WOLFSSL_CTX;
struct ecc_key;
WOLFSSL_LOCAL int wc_fspsm_Open();
WOLFSSL_LOCAL void wc_fspsm_Close();
WOLFSSL_LOCAL int wc_fspsm_hw_lock();
WOLFSSL_LOCAL void wc_fspsm_hw_unlock( void );
WOLFSSL_LOCAL int wc_fspsm_usable(const struct WOLFSSL *ssl,
uint8_t session_key_generated);
typedef struct {
FSPSM_AES_PWKEY wrapped_key;
word32 keySize;
#ifdef WOLFSSL_RENESAS_FSPSM_TLS
byte setup;
#endif
} FSPSM_AES_CTX;
struct wc_CryptoInfo;
struct Aes;
WOLFSSL_LOCAL void wc_fspsm_Aesfree(struct Aes* aes);
WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz);
WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz);
WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz,
byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SH224) || \
defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
typedef enum {
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
FSPSM_SHA256 = 1,
#elif defined(WOLFSSL_RENESAS_RSIP)
FSPSM_SHA1 = RSIP_HASH_TYPE_SHA1,
FSPSM_SHA224 = RSIP_HASH_TYPE_SHA224,
FSPSM_SHA256 = RSIP_HASH_TYPE_SHA256,
FSPSM_SHA384 = RSIP_HASH_TYPE_SHA384,
FSPSM_SHA512 = RSIP_HASH_TYPE_SHA512,
FSPSM_SHA512_224 = RSIP_HASH_TYPE_SHA512_224,
FSPSM_SHA512_256 = RSIP_HASH_TYPE_SHA512_256,
#endif
} FSPSM_SHA_TYPE;
typedef struct {
void* heap;
word32 sha_type;
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
word32 used;
word32 len;
byte* msg;
#endif
#if defined(WOLFSSL_RENESAS_RSIP)
FSPSM_SHA_HANDLE handle;
#endif
#if defined(WOLF_CRYPTO_CB)
word32 flags;
int devId;
#endif
} wolfssl_FSPSM_Hash;
/* RAW hash function APIs are not implemented with SCE */
#undef WOLFSSL_NO_HASH_RAW
#define WOLFSSL_NO_HASH_RAW
#if !defined(NO_SHA) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha;
#endif
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha224;
#define WC_SHA224_TYPE_DEFINED
#endif
#if !defined(NO_SHA256) && \
(defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP))
typedef wolfssl_FSPSM_Hash wc_Sha256;
#endif
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha384;
#define WC_SHA384_TYPE_DEFINED
#endif
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha512;
typedef wolfssl_FSPSM_Hash wc_Sha512_224;
typedef wolfssl_FSPSM_Hash wc_Sha512_256;
#define WC_SHA512_TYPE_DEFINED
#endif
#endif /* NO_SHA */
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY)
WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify(
const uint8_t* cert, uint32_t cert_len,
uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len,
uint32_t cm_row);
WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len,
uint8_t* sce_encRsaKeyIdx);
WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(
uint8_t* premaster,
uint32_t preSz);
WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret(
struct WOLFSSL* ssl,
uint8_t* out,
uint32_t* outSz);
WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(
const struct WOLFSSL *ssl,
const uint8_t* myInner,
uint32_t innerSz,
const uint8_t* in,
uint32_t sz,
uint8_t* digest);
WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(
const struct WOLFSSL *ssl,
const uint8_t* message,
uint32_t messageSz,
uint32_t macSz,
uint32_t content);
WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(
struct WOLFSSL* ssl,
FSPSM_ST* info);
WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
const uint8_t* ms, /* master secret */
const uint8_t* side,
const uint8_t* handshake_hash,
uint8_t* hashes /* out */);
WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(
struct WOLFSSL* ssl,
FSPSM_ST* cbInfo,
int devId);
WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
uint8_t cipherSuiteFirst,
uint8_t cipherSuite,
const uint8_t *pr, /* pre-master */
const uint8_t *cr, /* client random */
const uint8_t *sr, /* server random */
uint8_t *ms);
WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(struct WOLFSSL* ssl, byte* sig,
uint32_t sigSz, uint8_t** out,
const byte* key, uint32_t keySz, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(struct WOLFSSL* ssl,
const uint8_t* sig, uint32_t sigSz,
const uint8_t* hash, uint32_t hashSz,
const uint8_t* key, uint32_t keySz,
int* result, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start,uint32_t key_n_len,
uint32_t key_e_start,uint32_t key_e_len,
uint8_t* fspsm_encPublickey);
/* Callback for EccShareSecret */
WOLFSSL_LOCAL int fspsm_EccSharedSecret(struct WOLFSSL* ssl,
struct ecc_key* otherKey,
uint8_t* pubKeyDer, unsigned int* pubKeySz,
uint8_t* out, unsigned int* outlen, int side, void* ctx);
/* user API */
WOLFSSL_API void FSPSM_INFORM_FUNC(
uint8_t* encrypted_provisioning_key,
@@ -318,28 +95,7 @@ WOLFSSL_API void FSPSM_CALLBACK_FUNC(struct WOLFSSL_CTX* ctx);
WOLFSSL_API int FSPSM_CALLBACK_CTX_FUNC(struct WOLFSSL* ssl, void* user_ctx);
WOLFSSL_API void FSPSM_INFORM_CERT_SIGN(const uint8_t *sign);
#endif /* WOLFSSL_RENESAS_FSPSM_TLS &&
* !WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY */
typedef struct FSPSM_RSA_CTX {
FSPSM_RSA1024_WPI_KEY *wrapped_pri1024_key;
FSPSM_RSA1024_WPB_KEY *wrapped_pub1024_key;
FSPSM_RSA2048_WPI_KEY *wrapped_pri2048_key;
FSPSM_RSA2048_WPB_KEY *wrapped_pub2048_key;
word32 keySz;
} FSPSM_RSA_CTX;
/* rsa */
struct RsaKey;
struct WC_RNG;
WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(struct RsaKey *key);
WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
word32 *outLen, int type, struct RsaKey* key, struct WC_RNG* rng);
WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(struct RsaKey* key, int size, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
word32* outLen, struct RsaKey* key, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
word32* outLen,struct RsaKey* key, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 size);
#endif /* __RENESAS_FSPSM_CRYPT_H__ */

281
wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h Normal file
View File

@@ -0,0 +1,281 @@
/* renesas_fspsm_internal.h
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _RENESAS_FSPSM_INTERNAL_H_
#define _RENESAS_FSPSM_INTERNAL_H_
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
/* Wrapped TLS FSP Key Set Flags */
struct FSPSM_tls_flg_ST {
uint8_t pk_key_set:1;
uint8_t session_key_set:1;
};
struct FSPSM_ST_Internal {
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t
encrypted_ephemeral_ecdh_public_key[FSPSM_TLS_ENCRYPTED_ECCPUBKEY_SZ];
/* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */
sce_tls_p256_ecc_wrapped_key_t ecc_p256_wrapped_key;
uint8_t ecc_ecdh_public_key[HW_SCE_ECC_PUBLIC_KEY_BYTE_SIZE];
uint32_t masterSecret[FSPSM_TLS_MASTERSECRET_SIZE/4];
uint8_t clientRandom[FSPSM_TLS_CLIENTRANDOM_SZ];
uint8_t serverRandom[FSPSM_TLS_SERVERRANDOM_SZ];
uint8_t cipher;
uint8_t side; /* for key set side */
#endif
/* key status flags */
/* flag whether encrypted ec key is set */
union {
uint8_t chr;
struct FSPSM_tls_flg_ST bits;
} keyflgs_tls;
};
#ifdef WOLFSSL_RENESAS_FSPSM_TLS
typedef struct
{
uint8_t *encrypted_provisioning_key;
uint8_t *iv;
uint8_t *encrypted_user_tls_key;
uint32_t encrypted_user_tls_key_type;
FSPSM_CACERT_PUB_WKEY user_rsa2048_tls_wrappedkey;
} fspsm_key_data;
#endif
typedef struct {
FSPSM_AES_PWKEY wrapped_key;
word32 keySize;
#ifdef WOLFSSL_RENESAS_FSPSM_TLS
byte setup;
#endif
} FSPSM_AES_CTX;
typedef struct FSPSM_RSA_CTX {
FSPSM_RSA1024_WPI_KEY *wrapped_pri1024_key;
FSPSM_RSA1024_WPB_KEY *wrapped_pub1024_key;
FSPSM_RSA2048_WPI_KEY *wrapped_pri2048_key;
FSPSM_RSA2048_WPB_KEY *wrapped_pub2048_key;
word32 keySz;
} FSPSM_RSA_CTX;
#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SH224) || \
defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
typedef struct {
void* heap;
word32 sha_type;
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
word32 used;
word32 len;
byte* msg;
#endif
#if defined(WOLFSSL_RENESAS_RSIP)
FSPSM_SHA_HANDLE handle;
#endif
#if defined(WOLF_CRYPTO_CB)
word32 flags;
int devId;
#endif
}wolfssl_FSPSM_Hash;
typedef enum {
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
FSPSM_SHA256 = 1,
#elif defined(WOLFSSL_RENESAS_RSIP)
FSPSM_SHA1 = RSIP_HASH_TYPE_SHA1,
FSPSM_SHA224 = RSIP_HASH_TYPE_SHA224,
FSPSM_SHA256 = RSIP_HASH_TYPE_SHA256,
FSPSM_SHA384 = RSIP_HASH_TYPE_SHA384,
FSPSM_SHA512 = RSIP_HASH_TYPE_SHA512,
FSPSM_SHA512_224 = RSIP_HASH_TYPE_SHA512_224,
FSPSM_SHA512_256 = RSIP_HASH_TYPE_SHA512_256,
#endif
} FSPSM_SHA_TYPE;
/* RAW hash function APIs are not implemented with SCE */
#undef WOLFSSL_NO_HASH_RAW
#define WOLFSSL_NO_HASH_RAW
#if !defined(NO_SHA) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha;
#endif
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha224;
#define WC_SHA224_TYPE_DEFINED
#endif
#if !defined(NO_SHA256) && \
(defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP))
typedef wolfssl_FSPSM_Hash wc_Sha256;
#endif
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha384;
#define WC_SHA384_TYPE_DEFINED
#endif
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_RENESAS_RSIP)
typedef wolfssl_FSPSM_Hash wc_Sha512;
typedef wolfssl_FSPSM_Hash wc_Sha512_224;
typedef wolfssl_FSPSM_Hash wc_Sha512_256;
#define WC_SHA512_TYPE_DEFINED
#endif
#endif /* NO_SHA */
struct WOLFSSL;
struct Aes;
WOLFSSL_LOCAL int wc_fspsm_TlsCleanup(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int wc_fspsm_Open();
WOLFSSL_LOCAL void wc_fspsm_Close();
WOLFSSL_LOCAL int wc_fspsm_hw_lock();
WOLFSSL_LOCAL void wc_fspsm_hw_unlock( void );
WOLFSSL_LOCAL int wc_fspsm_usable(const struct WOLFSSL *ssl,
uint8_t session_key_generated);
WOLFSSL_LOCAL void wc_fspsm_Aesfree(struct Aes* aes);
WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz);
WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz);
WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz,
byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
WOLFSSL_LOCAL int wc_fspsm_AesCipher(int devIdArg, struct wc_CryptoInfo* info,
void* ctx);
WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify(
const uint8_t* cert, uint32_t cert_len,
uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len,
uint32_t cm_row);
WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len,
uint8_t* sce_encRsaKeyIdx);
WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(
uint8_t* premaster,
uint32_t preSz);
WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret(
struct WOLFSSL* ssl,
uint8_t* out,
uint32_t* outSz);
WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(
const struct WOLFSSL *ssl,
const uint8_t* myInner,
uint32_t innerSz,
const uint8_t* in,
uint32_t sz,
uint8_t* digest);
WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(
const struct WOLFSSL *ssl,
const uint8_t* message,
uint32_t messageSz,
uint32_t macSz,
uint32_t content);
WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(
struct WOLFSSL* ssl,
FSPSM_ST* info);
WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
const uint8_t* ms, /* master secret */
const uint8_t* side,
const uint8_t* handshake_hash,
uint8_t* hashes /* out */);
WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(
struct WOLFSSL* ssl,
FSPSM_ST* cbInfo,
int devId);
WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
uint8_t cipherSuiteFirst,
uint8_t cipherSuite,
const uint8_t *pr, /* pre-master */
const uint8_t *cr, /* client random */
const uint8_t *sr, /* server random */
uint8_t *ms);
WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(struct WOLFSSL* ssl, byte* sig,
uint32_t sigSz, uint8_t** out,
const byte* key, uint32_t keySz, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(struct WOLFSSL* ssl,
const uint8_t* sig, uint32_t sigSz,
const uint8_t* hash, uint32_t hashSz,
const uint8_t* key, uint32_t keySz,
int* result, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start,uint32_t key_n_len,
uint32_t key_e_start,uint32_t key_e_len,
uint8_t* fspsm_encPublickey);
/* Callback for EccShareSecret */
WOLFSSL_LOCAL int fspsm_EccSharedSecret(struct WOLFSSL* ssl,
struct ecc_key* otherKey,
uint8_t* pubKeyDer, unsigned int* pubKeySz,
uint8_t* out, unsigned int* outlen, int side, void* ctx);
/* rsa */
struct RsaKey;
struct WC_RNG;
WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(struct RsaKey *key);
WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
word32 *outLen, int type, struct RsaKey* key, struct WC_RNG* rng);
WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(struct RsaKey* key, int size, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
word32* outLen, struct RsaKey* key, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
word32* outLen,struct RsaKey* key, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 size);
#endif /* RENESAS_FSPSM_INTERNAL_H */

2
wolfssl/wolfcrypt/rsa.h
View File

@@ -90,7 +90,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
#endif
#if defined(WOLFSSL_RENESAS_FSPSM)
#include <wolfssl/wolfcrypt/port/renesas/renesas-fspsm-crypt.h>
#include <wolfssl/wolfcrypt/port/renesas/renesas_fspsm_internal.h>
#endif
#ifdef __cplusplus

2
wolfssl/wolfcrypt/sha256.h
View File

@@ -141,7 +141,7 @@ enum {
#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_RSIP)) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
#include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h"
#elif defined(WOLFSSL_RENESAS_RX64_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h"
#else

2
wolfssl/wolfcrypt/sha512.h
View File

@@ -129,7 +129,7 @@ enum {
#include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
#elif defined(WOLFSSL_RENESAS_RSIP) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
#include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h"
#else
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)