wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

addressed review comments

Browse Source
This commit is contained in:
Hideki Miyazaki
2019-09-18 15:54:21 +09:00
parent 63d61c490d
commit a37b604da9
13 changed files with 138 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
IDE/Renesas/e2studio/Projects/test/.cproject
View File

@@ -45,7 +45,6 @@
<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../common&quot;"/>
<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../../../../../&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_config}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx}&quot;"/>

4
IDE/Renesas/e2studio/Projects/test/src/test_main.c
View File

@@ -82,12 +82,12 @@ double current_time(int reset)
int SetTsiptlsKey()
{
#if defined(WOLFSSL_RENESAS_TSIP) && defined(TLS_CLIENT)
tsip_inform_cert_sing((const byte *)ca_cert_sig);
tsip_inform_cert_sign((const byte *)ca_cert_sig);
tsip_inform_user_keys((byte*)&g_key_block_data.encrypted_session_key,
(byte*)&g_key_block_data.iv,
(byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key);
#elif defined(WOLFSSL_RENESAS_TSIP) && defined(TLS_SERVER)
tsip_inform_cert_sing((const byte *)client_cert_der_sign);
tsip_inform_cert_sign((const byte *)client_cert_der_sign);
tsip_inform_user_keys((byte*)&g_key_block_data.encrypted_session_key,
(byte*)&g_key_block_data.iv,
(byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key);

6
IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh
View File

@@ -6,11 +6,11 @@ function usage(){
$0 [-g] [-]
Description:
Generate 2048 bit Rsa key pair and Display moduls and public exponet
Generate 2048 bit Rsa key pair and Display modulus and public exponent
Options:
-g generate rsa key pair, default on
-s only show moduls and public exponent
-s only show modulus and public exponent
_EOT_
exit 1
}
@@ -45,7 +45,7 @@ if [ $FLAG_G = "on" ]; then
fi
if [ $FLAG_S = "on" ]; then
# display moduls and exponent
# display modulus and exponent
openssl rsa -modulus < private-key.pem 2>/dev/null | grep Modulus=
openssl rsa -text < private-key.pem 2> /dev/null | grep publicExponent
fi

18
src/internal.c
View File

@@ -10467,7 +10467,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
/* copy encrypted tsip key index into ssl object */
if (args->dCert->tsip_encRsaKeyIdx) {
if (!ssl->peerTsipEncRsaKeyIndex) {
ssl->peerTsipEncRsaKeyIndex = (byte*)XMALLOC(560,
ssl->peerTsipEncRsaKeyIndex = (byte*)XMALLOC(
TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY,
ssl->heap, DYNAMIC_TYPE_RSA);
}
if (!ssl->peerTsipEncRsaKeyIndex) {
@@ -10476,7 +10477,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
}
XMEMCPY(ssl->peerTsipEncRsaKeyIndex,
args->dCert->tsip_encRsaKeyIdx, 560);
args->dCert->tsip_encRsaKeyIdx,
TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY);
}
#endif
#ifdef HAVE_PK_CALLBACKS
@@ -17052,6 +17054,10 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case TCA_ABSENT_ERROR:
return "TLS Extension Trusted CA ID response absent";
case TSIP_MAC_DIGSZ_E:
return "Invalid MAC size is specified. \
TSIP can only handle SHA1 and SHA256 digest size";
default :
return "unknown error number";
}
@@ -21022,14 +21028,18 @@ int SendClientKeyExchange(WOLFSSL* ssl)
if (tsip_useable(ssl->options.cipherSuite0,
ssl->options.cipherSuite,
ssl->options.side)) {
tsip_generatePremasterSecret(
ret = tsip_generatePremasterSecret(
&ssl->arrays->preMasterSecret[VERSION_SZ],
ENCRYPT_LEN - VERSION_SZ);
} else
} else {
#endif
ret = wc_RNG_GenerateBlock(ssl->rng,
&ssl->arrays->preMasterSecret[VERSION_SZ],
SECRET_LEN - VERSION_SZ);
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
}
#endif
if (ret != 0) {
goto exit_scke;
}

4
src/ssl.c
View File

@@ -109,11 +109,11 @@
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
/* for root ca verification */
int tsip_tls_RootCertVerify(const byte *cert , word32 cert_len,
int tsip_tls_RootCertVerify(const byte *cert , word32 cert_len,
word32 key_n_start, word32 key_n_len,
word32 key_e_start, word32 key_e_len,
word32 cm_row);
byte tsip_rootCAverified( );
byte tsip_rootCAverified( );
#endif
#ifdef WOLFSSL_SESSION_EXPORT

8
src/tls.c
View File

@@ -1202,9 +1202,13 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
ssl->options.cipherSuite,
ssl->options.side)) {
if (ssl->specs.hash_size == WC_SHA_DIGEST_SIZE)
ret = tsip_Sha1Hmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ, in, sz, digest, verify);
ret = tsip_Sha1Hmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ,
in, sz, digest, verify);
else if (ssl->specs.hash_size == WC_SHA256_DIGEST_SIZE)
ret = tsip_Sha256Hmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ,
in, sz, digest, verify);
else
ret = tsip_Sha256Hmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ, in, sz, digest, verify);
ret = TSIP_MAC_DIGSZ_E;
return ret;
}

123
wolfcrypt/src/asn.c
View File

@@ -115,10 +115,6 @@ extern int wc_InitRsaHw(RsaKey* key);
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
#ifdef WOLFSSL_RENESAS_TSIP
void tsip_inform_key_position(const word32 key_n_start, const word32 key_n_len,
const word32 key_e_start, const word32 key_e_len);
#endif
#ifdef WOLFSSL_DEBUG_ENCODING
#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
@@ -151,7 +147,10 @@ extern int wc_InitRsaHw(RsaKey* key);
#endif
#endif
#ifdef WOLFSSL_RENESAS_TSIP_TLS
int tsip_tls_CertVerify(const byte *cert, word32 certSz,
WOLFSSL_LOCAL void tsip_inform_key_position(const word32 key_n_start,
const word32 key_n_len, const word32 key_e_start,
const word32 key_e_len);
WOLFSSL_LOCAL int tsip_tls_CertVerify(const byte *cert, word32 certSz,
const byte *signature, word32 sigSz,
word32 key_n_start, word32 key_n_len,
word32 key_e_start, word32 key_e_len,
@@ -3889,9 +3888,13 @@ exit_dc:
#ifndef HAVE_USER_RSA
#ifdef WOLFSSL_RENESAS_TSIP
static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx, word32 inSz,
word32* key_n, word32* key_n_len,
word32* key_e, word32* key_e_len)
/* This function is to retrieve key position information in a cert.*
* The information will be used to call TSIP TLS-linked API for *
* certificate verification. */
static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx,
word32 inSz, word32* key_n,
word32* key_n_len, word32* key_e,
word32* key_e_len)
{
int ret = 0;
@@ -6256,15 +6259,12 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
static int ConfirmSignature(SignatureCtx* sigCtx,
const byte* buf, word32 bufSz,
const byte* key, word32 keySz, word32 keyOID,
const byte* sig, word32 sigSz, word32 sigOID
#ifdef WOLFSSL_RENESAS_TSIP_TLS
,
byte* tsip_encRsaKeyIdx
#endif
)
const byte* sig, word32 sigSz, word32 sigOID, byte* rsaKeyIdx)
{
int ret = 0;
#ifndef WOLFSSL_RENESAS_TSIP_TLS
(void)rsaKeyIdx;
#endif
if (sigCtx == NULL || buf == NULL || bufSz == 0 || key == NULL ||
keySz == 0 || sig == NULL || sigSz == 0) {
return BAD_FUNC_ARG;
@@ -6422,26 +6422,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
#ifndef NO_RSA
case RSAk:
{
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (tsip_encRsaKeyIdx != NULL)
{
ret = tsip_tls_CertVerify(buf, bufSz, sigCtx->plain,
sigSz,
sigCtx->pubkey_n_start - sigCtx->certBegin,
sigCtx->pubkey_n_len - 1,
sigCtx->pubkey_e_start - sigCtx->certBegin,
sigCtx->pubkey_e_len - 1,
tsip_encRsaKeyIdx);
if (ret == 0){
sigCtx->verifyByTSIP = 1;
ret = 0;
} else {
WOLFSSL_MSG("RSA Verify by tsip didn't match");
ret = ASN_SIG_CONFIRM_E;
}
} else
#endif
#ifdef HAVE_PK_CALLBACKS
if (sigCtx->pkCbRsa) {
ret = sigCtx->pkCbRsa(
@@ -6452,6 +6432,26 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
else
#endif /* HAVE_PK_CALLBACKS */
{
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (rsaKeyIdx != NULL)
{
ret = tsip_tls_CertVerify(buf, bufSz, sigCtx->plain,
sigSz,
sigCtx->pubkey_n_start - sigCtx->certBegin,
sigCtx->pubkey_n_len - 1,
sigCtx->pubkey_e_start - sigCtx->certBegin,
sigCtx->pubkey_e_len - 1,
rsaKeyIdx);
if (ret == 0){
sigCtx->verifyByTSIP = 1;
ret = 0;
} else {
WOLFSSL_MSG("RSA Verify by tsip didn't match");
ret = ASN_SIG_CONFIRM_E;
}
} else
#endif
ret = wc_RsaSSL_VerifyInline(sigCtx->plain, sigSz,
&sigCtx->out, sigCtx->key.rsa);
}
@@ -8237,23 +8237,13 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
ret = ConfirmSignature(sigCtx, cert + tbsCertIdx,
sigIndex - tbsCertIdx,
pubKey, pubKeySz, pubKeyOID,
cert + idx, len, signatureOID
#ifdef WOLFSSL_RENESAS_TSIP_TLS
,
NULL
#endif
);
cert + idx, len, signatureOID, NULL);
}
else {
ret = ConfirmSignature(sigCtx, cert + tbsCertIdx,
sigIndex - tbsCertIdx,
ca->publicKey, ca->pubKeySize, ca->keyOID,
cert + idx, len, signatureOID
#ifdef WOLFSSL_RENESAS_TSIP_TLS
,
NULL
#endif
);
cert + idx, len, signatureOID, NULL);
}
if (ret != 0) {
WOLFSSL_MSG("Confirm signature failed");
@@ -8434,12 +8424,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
/* prepare for TSIP TLS cert verification API use */
if (cert->keyOID == RSAk) {
/* to call TSIP API, it needs keys position info in bytes */
RsaPublicKeyDecodeRawIndex(cert->publicKey, (word32*)&idx,
if (ret = RsaPublicKeyDecodeRawIndex(cert->publicKey, (word32*)&idx,
cert->pubKeySize,
&cert->sigCtx.pubkey_n_start,
&cert->sigCtx.pubkey_n_len,
&cert->sigCtx.pubkey_e_start,
&cert->sigCtx.pubkey_e_len);
&cert->sigCtx.pubkey_e_len) != 0) {
WOLFSSL_MSG("Decoding index from cert failed.");
return ret;
}
cert->sigCtx.certBegin = cert->certBegin;
}
/* check if we can use TSIP for cert verification */
@@ -8450,12 +8443,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
/* assign memory to encrypted tsip Rsa key index */
if (!cert->tsip_encRsaKeyIdx)
cert->tsip_encRsaKeyIdx = (byte*)XMALLOC(560,
cert->tsip_encRsaKeyIdx =
(byte*)XMALLOC(TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY,
cert->heap, DYNAMIC_TYPE_RSA);
if (cert->tsip_encRsaKeyIdx == NULL)
return MEMORY_E;
}
} else
#endif
cert->tsip_encRsaKeyIdx = NULL;
if (verify != NO_VERIFY && type != CA_TYPE && type != TRUSTED_PEER_TYPE) {
if (cert->ca) {
if (verify == VERIFY || verify == VERIFY_OCSP ||
@@ -8466,12 +8462,8 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
cert->sigIndex - cert->certBegin,
cert->ca->publicKey, cert->ca->pubKeySize,
cert->ca->keyOID, cert->signature,
cert->sigLength, cert->signatureOID
#ifdef WOLFSSL_RENESAS_TSIP_TLS
,
cert->tsip_encRsaKeyIdx
#endif
)) != 0) {
cert->sigLength, cert->signatureOID,
cert->tsip_encRsaKeyIdx)) != 0) {
if (ret != 0 && ret != WC_PENDING_E) {
WOLFSSL_MSG("Confirm signature failed");
}
@@ -14838,12 +14830,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
ret = ConfirmSignature(&cert.sigCtx,
resp->response, resp->responseSz,
cert.publicKey, cert.pubKeySize, cert.keyOID,
resp->sig, resp->sigSz, resp->sigOID
#ifdef WOLFSSL_RENESAS_TSIP_TLS
,
NULL
#endif
);
resp->sig, resp->sigSz, resp->sigOID, NULL);
FreeDecodedCert(&cert);
if (ret != 0) {
@@ -14870,7 +14858,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
/* ConfirmSignature is blocking here */
sigValid = ConfirmSignature(&sigCtx, resp->response,
resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
resp->sig, resp->sigSz, resp->sigOID);
resp->sig, resp->sigSz, resp->sigOID, NULL);
}
if (ca == NULL || sigValid != 0) {
WOLFSSL_MSG("\tOCSP Confirm signature failed");
@@ -15381,12 +15369,7 @@ int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned,
InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
if (ConfirmSignature(sigCtx, toBeSigned, tbsSz, ca->publicKey,
ca->pubKeySize, ca->keyOID, signature, sigSz,
signatureOID
#ifdef WOLFSSL_RENESAS_TSIP_TLS
,
NULL
#endif
) != 0) {
signatureOID, NULL) != 0) {
WOLFSSL_MSG("CRL Confirm signature failed");
return ASN_CRL_CONFIRM_E;
}

12
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@@ -49,13 +49,13 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
uint32_t dataLength;
byte *iv;
/* while doing TLS handshake, TSIP driver keeps true-key and iv on the device */
/* iv is dummy */
iv = (uint8_t*)aes->reg;
if ((in == NULL) || (out == NULL) || (aes == NULL))
return BAD_FUNC_ARG;
/* while doing TLS handshake, TSIP driver keeps true-key and iv *
* on the device. iv is dummy */
iv = (uint8_t*)aes->reg;
if((ret = tsip_hw_lock()) != 0){
WOLFSSL_MSG("Failed to lock");
return ret;
@@ -103,11 +103,11 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
uint32_t dataLength;
byte *iv;
iv = (uint8_t*)aes->reg;
if ((in == NULL) || (out == NULL) || (aes == NULL))
return BAD_FUNC_ARG;
iv = (uint8_t*)aes->reg;
if((ret = tsip_hw_lock()) != 0){
WOLFSSL_MSG("Failed to lock");
return ret;

61
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@@ -38,7 +38,7 @@ wolfSSL_Mutex tsip_mutex;
static int tsip_CryptHwMutexInit_ = 0;
/* ./ca-cert.der.sign, */
/* expect to have these valiables defined at user application */
/* expect to have these variables defined at user application */
extern uint32_t s_flash[];
extern uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE];
extern uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE];
@@ -120,13 +120,15 @@ byte tsip_useable(byte cipher0, byte cipher, byte side)
return 0;
}
/* check if the g_alreadyVerified CA's key can be used for peer's certification */
/* check if the g_alreadyVerified CA's key can be used for *
* peer's certification */
byte tsip_checkCA(word32 cmIdx)
{
return (cmIdx == g_CAscm_Idx? 1:0);
}
/* check if tht root CA has been verified by TSIP, and it exists in the CM table.*/
/* check if tht root CA has been verified by TSIP, *
* and it exists in the CM table. */
byte tsip_rootCAverified( )
{
return (g_CAscm_Idx != (uint32_t)-1 ? 1:0);
@@ -159,8 +161,9 @@ int tsip_Open( ) {
/* close once */
tsip_Close( );
/* open again with s_inst[] */
XMEMCPY(s_inst1, g_user_key_info.user_rsa2048_tls_pubindex.value,
sizeof(s_inst1));
XMEMCPY(s_inst1,
g_user_key_info.user_rsa2048_tls_pubindex.value,
sizeof(s_inst1));
ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_(Re)Open failed");
@@ -202,7 +205,7 @@ void tsip_Close( ) {
/* to inform ca certificate sign */
/* signature format expects RSA 2048 PSS with SHA256 */
void tsip_inform_cert_sing(const byte *sign)
void tsip_inform_cert_sign(const byte *sign)
{
if(sign)
ca_cert_sig = sign;
@@ -260,14 +263,18 @@ int tsip_Sha1Hmac(const struct WOLFSSL *ssl, const byte *myInner,
word32 verify)
{
tsip_hmac_sha_handle_t _handle;
tsip_hmac_sha_key_index_t key_index;
int ret;
if ((ssl == NULL) || (myInner == NULL) || (in == NULL) ||
(digest == NULL))
return BAD_FUNC_ARG;
if ((ret = tsip_hw_lock()) != 0) {
WOLFSSL_MSG("hw lock failed\n");
return ret;
}
tsip_hmac_sha_key_index_t key_index;
if ( (ssl->options.side == WOLFSSL_CLIENT_END && !verify) ||
(ssl->options.side == WOLFSSL_SERVER_END && verify) )
XMEMCPY(key_index.value, ssl->keys.tsip_client_write_MAC_secret,
@@ -300,9 +307,13 @@ int tsip_Sha256Hmac(const struct WOLFSSL *ssl, const byte *myInner,
word32 verify)
{
tsip_hmac_sha_handle_t _handle;
int ret;
tsip_hmac_sha_key_index_t key_index;
int ret;
if ((ssl == NULL) || (myInner == NULL) || (in == NULL) ||
(digest == NULL))
return BAD_FUNC_ARG;
if ( (ssl->options.side == WOLFSSL_CLIENT_END && !verify) ||
(ssl->options.side == WOLFSSL_SERVER_END && verify) )
XMEMCPY(key_index.value, ssl->keys.tsip_client_write_MAC_secret,
@@ -342,6 +353,10 @@ int tsip_generateVerifyData(const byte *ms, /* master secret */
int ret ;
uint32_t l_side = R_TSIP_TLS_GENERATE_CLIENT_VERIFY;
if ((ms == NULL) || (side == NULL) || (handshake_hash == NULL) ||
(hashes == NULL))
return BAD_FUNC_ARG;
if (XSTRNCMP((const char*)side, (const char*)tls_server, FINISHED_LABEL_SZ)
== 0)
{
@@ -372,8 +387,12 @@ int tsip_generateSeesionKey(struct WOLFSSL *ssl)
tsip_aes_key_index_t key_client_aes;
tsip_aes_key_index_t key_server_aes;
if (ssl== NULL)
return BAD_FUNC_ARG;
if ((ret = tsip_hw_lock()) == 0) {
ret = R_TSIP_TlsGenerateSessionKey( _tls2tsipdef(ssl->options.cipherSuite),
ret = R_TSIP_TlsGenerateSessionKey(
_tls2tsipdef(ssl->options.cipherSuite),
(uint32_t*)ssl->arrays->tsip_masterSecret,
(uint8_t*)ssl->arrays->clientRandom,
(uint8_t*)ssl->arrays->serverRandom, &key_client_mac,
@@ -454,6 +473,10 @@ int tsip_generateMasterSecret(const byte *pr, /* pre-master */
{
int ret;
if ((pr == NULL) || (cr == NULL) || (sr == NULL) ||
(ms == NULL))
return BAD_FUNC_ARG;
if ((ret = tsip_hw_lock()) == 0) {
ret = R_TSIP_TlsGenerateMasterSecret( (uint32_t*)pr,
(uint8_t*)cr, (uint8_t*)sr, (uint32_t*)ms);
@@ -472,7 +495,10 @@ int tsip_generateMasterSecret(const byte *pr, /* pre-master */
int tsip_generatePremasterSecret(byte *premaster, word32 preSz )
{
int ret;
if (premaster == NULL)
return BAD_FUNC_ARG;
if ((ret = tsip_hw_lock()) == 0 && preSz >=
(R_TSIP_TLS_MASTER_SECRET_WORD_SIZE*4)) {
/* generate pre-master, 80 bytes */
@@ -493,6 +519,9 @@ int tsip_generateEncryptPreMasterSecret(WOLFSSL *ssl, byte *out, word32 *outSz)
{
int ret;
if ((ssl == NULL) || (out == NULL) || (outSz == NULL))
return BAD_FUNC_ARG;
if ((ret = tsip_hw_lock()) == 0) {
if (*outSz >= 256)
ret = R_TSIP_TlsEncryptPreMasterSecret(
@@ -525,7 +554,10 @@ int tsip_tls_CertVerify(const byte *cert, word32 certSz,
byte *tsip_encRsaKeyIndex)
{
int ret;
if (cert == NULL)
return BAD_FUNC_ARG;
if (!signature) {
WOLFSSL_MSG(" signature for ca verification is not set\n");
return -1;
@@ -568,6 +600,9 @@ int tsip_tls_RootCertVerify(const byte *cert, word32 cert_len,
/* call to generate encrypted public key for certificate verification */
uint8_t *signature = (uint8_t*)ca_cert_sig;
if (cert == NULL)
return BAD_FUNC_ARG;
if (!signature) {
WOLFSSL_MSG(" signature for ca verification is not set\n");
return -1;

1
wolfssl/error-ssl.h
View File

@@ -163,6 +163,7 @@ enum wolfSSL_ErrorCodes {
DH_PARAMS_NOT_FFDHE_E = -432, /* DH params from server not FFDHE */
TCA_INVALID_ID_TYPE = -433, /* TLSX TCA ID type invalid */
TCA_ABSENT_ERROR = -434, /* TLSX TCA ID no response */
TSIP_MAC_DIGSZ_E = -435, /* Invalid MAC size for TSIP */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
/* begin negotiation parameter errors */

2
wolfssl/wolfcrypt/asn.h
View File

@@ -841,9 +841,7 @@ struct DecodedCert {
#ifndef NO_CERTS
SignatureCtx sigCtx;
#endif
#ifdef WOLFSSL_RENESAS_TSIP_TLS
byte* tsip_encRsaKeyIdx;
#endif
/* Option Bits */
byte subjectCNStored : 1; /* have we saved a copy we own */

2
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@@ -68,7 +68,7 @@ void tsip_hw_unlock( void );
int tsip_usable(byte cipher0, byte cipher, byte side);
void tsip_inform_sflash_signedcacert(const byte *ps_flash,
const byte *psigned_ca_cert, word32 len);
void tsip_inform_cert_sing(const byte *sign);
void tsip_inform_cert_sign(const byte *sign);
/* set / get key */
void tsip_inform_user_keys(byte *encrypted_session_key, byte *iv,
byte *encrypted_user_tls_key);

3
wolfssl/wolfcrypt/settings.h
View File

@@ -273,7 +273,8 @@
#if defined(WOLFSSL_RENESAS_TSIP)
#define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64
#define TSIP_TLS_MASTERSECRET_SIZE 80 /* 20 words */
#define TSIP_TLS_MASTERSECRET_SIZE 80 /* 20 words */
#define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte */
#if !defined(NO_RENESAS_TSIP_CRYPT) && defined(WOLFSSL_RENESAS_RX65N)
#define WOLFSSL_RENESAS_TSIP_CRYPT
#define WOLFSSL_RENESAS_TSIP_TLS