wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6701 from miyazakh/fspsm

Browse Source 
generalize Renesas SCE Protected port
This commit is contained in:
Chris Conlon
2023-08-16 09:38:18 -06:00
committed by GitHub
parent ec818e5dbd 0d8f68ef03
commit ac90fa8d60
30 changed files with 1076 additions and 822 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
IDE/Renesas/e2studio/RA6M4/common/user_settings.h
View File

@ -18,6 +18,32 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
/* FSP SM stands for Flexible Software Package Security Module
* WOLFSSL_RENESAS_FSPSM enables fundamental code when it uses.
* e.g. Open/Close/Random generator
* WOLFSSL_RENESAS_FSPSPM_TLS enables TLS related code for FSP SM
* e.g. Certificate verification, Master Secret Generation
* WOLFSSL_RENESAS_SCEPROTECT enables specific code for SCE if needed
*/
#define WOLFSSL_RENESAS_FSPSM
#define WOLFSSL_RENESAS_FSPSM_TLS
#endif
/* XXX_CRYPTONLY definition enables FSP SM module for Crypto only use.
* Therefore, it disables TLS related API use
*/
/* # define WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#undef WOLFSSL_RENESAS_FSPSM_TLS
#define WOLFSSL_RENESAS_FSPSM_CRYPTONLY
#if !defined(WOLFSSL_RENESAS_SCEPROTECT)
#define WOLFSSL_RENESAS_SCEPROTECT
#endif
#endif
/* Operating Environment and Threading */
#define FREERTOS
#define FREERTOS_TCP
@ -61,6 +87,9 @@
#define printf myprintf
#endif
/* Enable the following definition to use TLS 1.3
* For TLS1.3 use "extended-master" needs to turn on
*/
/* #define WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)

2
IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
View File

@ -82,7 +82,7 @@ typedef struct tagTestInfo
void sce_test();
void TCPInit();
void wolfSSL_TLS_client_init();
void wolfSSL_TLS_client_do(void *pvParam);
int wolfSSL_TLS_client_do(void *pvParam);
void wolfSSL_TLS_cleanup();
extern WOLFSSL_CTX *client_ctx;

104
IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
View File

@ -72,32 +72,32 @@ const st_user_key_block_data_t g_key_block_data =
* This is used for Root Certificate verify by SCE */
const unsigned char ca_cert_der_sign[] =
{
0x19, 0xB4, 0xD1, 0x53, 0xBB, 0x87, 0x0B, 0xD8, 0xD8, 0xFC,
0x22, 0x21, 0xA6, 0xC1, 0xE5, 0xB2, 0x7A, 0xEF, 0xAF, 0x89,
0x8B, 0x92, 0xC9, 0x4E, 0x59, 0xF0, 0x0B, 0xAB, 0x24, 0x84,
0x60, 0x2D, 0x81, 0x42, 0x4A, 0x05, 0x2F, 0x2D, 0xAB, 0x20,
0x3F, 0x8D, 0xCA, 0x9F, 0x37, 0x4B, 0xDF, 0xE3, 0x2A, 0xA3,
0x3F, 0x4E, 0x09, 0x20, 0x08, 0xD4, 0x46, 0xD9, 0xF0, 0xD8,
0xA7, 0x43, 0x60, 0xE2, 0x1D, 0xF7, 0x25, 0x64, 0x38, 0xD2,
0xB1, 0x4E, 0x1F, 0x84, 0xFC, 0xC5, 0x55, 0x2C, 0x1A, 0xA2,
0xCE, 0x99, 0xD0, 0x21, 0x93, 0xA5, 0xDB, 0x6F, 0x14, 0x2C,
0xDF, 0x9A, 0x01, 0x6A, 0x9A, 0xCC, 0xB0, 0x08, 0xD8, 0xCF,
0xA8, 0x94, 0x41, 0x23, 0xBB, 0xC2, 0xA3, 0x8B, 0x77, 0x35,
0x27, 0x0D, 0x94, 0x16, 0xF3, 0xCA, 0x16, 0xA2, 0x4C, 0x2F,
0xB0, 0x8D, 0xE6, 0x38, 0xCC, 0x9C, 0x34, 0xE8, 0xDC, 0xDC,
0x1C, 0x5C, 0x88, 0x52, 0x97, 0x47, 0xC6, 0xB6, 0x66, 0xCF,
0xCE, 0xBF, 0xF0, 0x24, 0x19, 0x0F, 0x07, 0xA5, 0xC4, 0xC6,
0x37, 0x0D, 0x2A, 0x11, 0x6A, 0x66, 0x64, 0x62, 0x0E, 0xE6,
0xCB, 0xAF, 0xFB, 0x2E, 0x8E, 0x37, 0x1E, 0x6D, 0xD1, 0xAD,
0xE4, 0x16, 0x06, 0xFB, 0x43, 0x2E, 0x4D, 0x64, 0x18, 0xB2,
0x4C, 0xE7, 0xD3, 0xE9, 0x9B, 0x95, 0x13, 0x7D, 0x7D, 0x93,
0xC2, 0x34, 0x43, 0x0C, 0xFF, 0x58, 0xD3, 0xA7, 0x21, 0x8E,
0x2B, 0xB3, 0x36, 0x90, 0xF1, 0x1E, 0x0E, 0x87, 0x41, 0x48,
0xC9, 0x69, 0x57, 0x89, 0xD0, 0xF7, 0x86, 0x47, 0x8F, 0xF5,
0xA8, 0x13, 0x24, 0x0A, 0x7E, 0xE3, 0xBB, 0x9F, 0xF1, 0xDF,
0x30, 0xE7, 0x88, 0x70, 0x8A, 0x46, 0xD9, 0x1A, 0x50, 0x42,
0x4F, 0xCF, 0xC3, 0xCB, 0xCF, 0xE4, 0xA7, 0xA3, 0x74, 0x0A,
0xDE, 0x14, 0xAF, 0xA5, 0x7F, 0xE2
0x70, 0x4D, 0x6C, 0xCC, 0xAD, 0xD0, 0x74, 0x34, 0x10, 0xB3,
0x1F, 0x26, 0x49, 0x31, 0xD0, 0xD5, 0x0B, 0x4F, 0x50, 0xD4,
0x21, 0x7D, 0x3D, 0xE6, 0x9D, 0x5A, 0xF1, 0xE4, 0x48, 0xBD,
0x6D, 0xB3, 0x58, 0xB4, 0x07, 0xF1, 0x06, 0xA7, 0x3D, 0xB7,
0x24, 0x60, 0xBD, 0x72, 0xB2, 0x7B, 0xA8, 0x4F, 0xFC, 0x47,
0x64, 0xF0, 0x04, 0xBE, 0xC7, 0xAE, 0xB6, 0x6F, 0xA5, 0xD6,
0x65, 0xE9, 0xB5, 0x3D, 0x8A, 0xC8, 0x27, 0x9A, 0x3B, 0x4C,
0x98, 0xB0, 0x5F, 0x1E, 0x54, 0xA5, 0xEF, 0xBC, 0x61, 0xA7,
0x3F, 0xB7, 0x5D, 0x36, 0x5A, 0x27, 0x1C, 0x5A, 0xAF, 0x65,
0x7A, 0x89, 0x4F, 0x00, 0xB1, 0x75, 0xA7, 0xA9, 0x5C, 0xE8,
0xC8, 0x0E, 0x5C, 0x83, 0x12, 0x47, 0x11, 0xD1, 0xBD, 0xF4,
0x10, 0x7D, 0x7B, 0xD6, 0x05, 0xF7, 0xBE, 0xD2, 0x70, 0x05,
0x56, 0xD6, 0x84, 0x70, 0x11, 0x3D, 0x67, 0x93, 0x2E, 0xB0,
0x93, 0xBA, 0x34, 0xD0, 0xDE, 0xB8, 0x16, 0x7B, 0x0D, 0x67,
0x16, 0x92, 0x91, 0x79, 0xAC, 0x3C, 0xC9, 0x4D, 0x8A, 0xEE,
0x31, 0xCC, 0xFC, 0xF7, 0x78, 0xB3, 0x1B, 0x0F, 0x54, 0xCE,
0xF4, 0xBB, 0xE7, 0xF4, 0xAC, 0x80, 0xEF, 0xDD, 0xFF, 0x84,
0x7A, 0x37, 0xED, 0xC4, 0x45, 0x3D, 0x7C, 0x19, 0x81, 0x95,
0x2E, 0x71, 0xE7, 0x1B, 0x1C, 0x75, 0x67, 0xBC, 0x62, 0x0F,
0xAA, 0x90, 0x41, 0x01, 0x53, 0xD0, 0x3A, 0x6E, 0xE9, 0xC9,
0xAA, 0x2F, 0xD1, 0xD8, 0xB3, 0x3B, 0x80, 0xCA, 0xE5, 0xA1,
0x1B, 0x7F, 0xCF, 0xF5, 0xBF, 0x2C, 0x2B, 0xBE, 0x1F, 0x77,
0x89, 0x21, 0xD7, 0x76, 0x51, 0xA8, 0xD0, 0x31, 0xE1, 0x97,
0xD1, 0x63, 0x84, 0xA2, 0xAA, 0x6E, 0x9A, 0x33, 0x43, 0x65,
0x2A, 0x6B, 0x40, 0x03, 0x84, 0x6F, 0xC7, 0xB3, 0xE5, 0xD8,
0x64, 0x30, 0x12, 0x2A, 0x45, 0x1D
};
const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
@ -108,32 +108,32 @@ const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
*/
const unsigned char ca_ecc_cert_der_sign[] =
{
0x66, 0x96, 0xB4, 0x9F, 0x0B, 0x56, 0x60, 0x1F, 0x01, 0x7A,
0xDE, 0x65, 0xD6, 0x8C, 0x2A, 0xE2, 0x20, 0xA0, 0xE8, 0x19,
0x99, 0x70, 0x8B, 0x17, 0x1B, 0xDA, 0x8C, 0x3A, 0x87, 0x07,
0xE7, 0xF9, 0x1B, 0x7C, 0xC1, 0x32, 0x55, 0x38, 0x15, 0x9C,
0x7B, 0x89, 0xDA, 0x9D, 0x57, 0x80, 0x50, 0xCF, 0xA6, 0x4C,
0x51, 0x71, 0xBA, 0x52, 0xFA, 0x58, 0x4C, 0xE7, 0x33, 0x08,
0xB9, 0xE7, 0x5F, 0x7E, 0x8A, 0x1D, 0xCC, 0xA8, 0x4A, 0xA9,
0xAF, 0xE5, 0xA1, 0x87, 0x59, 0xD0, 0xF7, 0x23, 0xAE, 0xC5,
0x42, 0x99, 0xFA, 0x4A, 0xAB, 0xFA, 0x08, 0xF9, 0x7C, 0x8D,
0xD3, 0xB1, 0xF7, 0xD8, 0x01, 0x3C, 0x06, 0xD5, 0x2C, 0xBF,
0x18, 0xF1, 0x45, 0x47, 0x5D, 0xA4, 0x7F, 0x90, 0x4E, 0x0C,
0x86, 0x41, 0x5F, 0x26, 0x25, 0x8B, 0x8A, 0xD8, 0x3F, 0x4B,
0xAF, 0xD5, 0xBE, 0xD9, 0xC6, 0x46, 0x2A, 0x2B, 0xC3, 0x10,
0x93, 0xCB, 0x1E, 0xFB, 0x3D, 0x8A, 0x39, 0xB6, 0x03, 0x9D,
0xC2, 0x16, 0xA1, 0xB5, 0x9C, 0x0D, 0x05, 0x5E, 0x1B, 0x30,
0x9F, 0x53, 0xEE, 0xF2, 0x27, 0xE1, 0xE3, 0x2F, 0xD9, 0xEB,
0xF2, 0xFE, 0xD3, 0x6C, 0x71, 0xCE, 0x28, 0x56, 0x9F, 0x85,
0x34, 0xAD, 0x9D, 0x3D, 0x22, 0x3A, 0x33, 0x3B, 0x9F, 0x55,
0x4F, 0x10, 0xA9, 0xD2, 0xAB, 0xE0, 0x29, 0x7A, 0x09, 0xF3,
0x4E, 0xC1, 0x21, 0xA7, 0xF4, 0xE5, 0x34, 0x6D, 0x68, 0x36,
0xE9, 0x7B, 0xD4, 0x42, 0x0A, 0xBC, 0xC4, 0x1F, 0x6C, 0x58,
0xB6, 0x65, 0x3F, 0x9F, 0x92, 0x65, 0xF9, 0x83, 0x7A, 0x94,
0x66, 0x7C, 0xB2, 0x03, 0x16, 0x65, 0x9E, 0xBF, 0x8C, 0x77,
0xB8, 0xA4, 0x13, 0x8B, 0xD3, 0x82, 0x39, 0x94, 0xD1, 0x2A,
0xE3, 0x3E, 0x51, 0xEB, 0x56, 0xE2, 0x92, 0x5C, 0x6B, 0xD1,
0x30, 0xD1, 0x91, 0x77, 0x6E, 0x28
0xB9, 0x59, 0x94, 0xE6, 0xD1, 0x5B, 0xFD, 0x59, 0xBB, 0x4F,
0x14, 0x0B, 0x9E, 0x30, 0x61, 0xF9, 0xFA, 0x2C, 0xD8, 0xE2,
0x7F, 0xD0, 0x1F, 0x47, 0xDE, 0x14, 0x8E, 0xD1, 0x78, 0x86,
0xA4, 0x9B, 0xDC, 0x86, 0x64, 0x2A, 0xD9, 0xBC, 0xBE, 0x61,
0x60, 0xB8, 0x1C, 0x46, 0xCE, 0x66, 0x97, 0xC0, 0x32, 0x04,
0x38, 0x3B, 0xCB, 0xB7, 0x38, 0x89, 0x11, 0xCE, 0xBA, 0x64,
0xE1, 0xDD, 0x4E, 0x3C, 0x6F, 0xA0, 0x48, 0xFA, 0x9F, 0x8F,
0xEC, 0x6A, 0xCA, 0xAC, 0x29, 0x4B, 0xD9, 0xF7, 0xE3, 0x03,
0xF7, 0xBA, 0xB8, 0xCC, 0x2C, 0xD1, 0xC8, 0x84, 0xFA, 0xF6,
0xFA, 0xE4, 0x72, 0xAF, 0x8D, 0x07, 0xF0, 0x3D, 0xD7, 0x58,
0x95, 0x08, 0x6F, 0xD5, 0x77, 0x1B, 0x92, 0x81, 0x99, 0x69,
0x5C, 0x4D, 0x8F, 0x98, 0xC6, 0x09, 0xC1, 0xEB, 0xB5, 0x86,
0x87, 0x47, 0xD7, 0x68, 0x73, 0xE8, 0x1D, 0x1B, 0xFE, 0xA5,
0x9C, 0x7A, 0x4B, 0xAD, 0x1A, 0x54, 0x46, 0xA0, 0xC8, 0xF7,
0x6C, 0xDD, 0xA6, 0xEF, 0x16, 0x21, 0x18, 0xCE, 0xF8, 0xDE,
0x3D, 0xB4, 0x56, 0x0C, 0xBA, 0xB7, 0x95, 0xD1, 0x6D, 0x0D,
0x49, 0xE7, 0x78, 0x64, 0x65, 0xC7, 0x24, 0x26, 0x81, 0xCD,
0x56, 0xB7, 0xB2, 0x31, 0xF2, 0xD7, 0x64, 0x55, 0x89, 0xCC,
0xDB, 0x69, 0x56, 0xED, 0x9B, 0x07, 0x9E, 0xD4, 0x07, 0x5E,
0xAF, 0xF0, 0x98, 0x94, 0xD6, 0x87, 0x0C, 0x22, 0xE1, 0x3A,
0x88, 0xE1, 0xC4, 0xBC, 0x51, 0x4B, 0x07, 0x4D, 0x2A, 0xCE,
0xA8, 0xE8, 0x9F, 0xF7, 0xA2, 0x8A, 0xEA, 0x90, 0x32, 0x20,
0xFC, 0xB6, 0x32, 0xE6, 0x8A, 0x47, 0x2B, 0xF4, 0xB4, 0x0F,
0x96, 0x7A, 0xC9, 0x0B, 0xF6, 0xBF, 0x69, 0x51, 0x9B, 0x44,
0xC2, 0xE2, 0xD6, 0x2D, 0xB1, 0x17, 0xAC, 0x7B, 0x32, 0xF2,
0x0E, 0x7A, 0x28, 0x67, 0xAB, 0xA5
};
static const int sizeof_ca_ecc_cert_der_sign = sizeof(ca_ecc_cert_der_sign);
#endif /* USE_CERT_BUFFERS_256 */

79
IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
View File

@ -27,12 +27,12 @@
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#if defined(TLS_MULTITHREAD_TEST)
User_SCEPKCbInfo guser_PKCbInfo_taskA;
User_SCEPKCbInfo guser_PKCbInfo_taskB;
FSPSM_ST guser_PKCbInfo_taskA;
FSPSM_ST guser_PKCbInfo_taskB;
#else
User_SCEPKCbInfo guser_PKCbInfo;
FSPSM_ST guser_PKCbInfo;
#endif
#endif
@ -128,35 +128,39 @@ static void my_Logging_cb(const int logLevel, const char *const logMessage)
}
#endif
void Clr_CallbackCtx(User_SCEPKCbInfo *g)
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
void Clr_CallbackCtx(FSPSM_ST *g)
{
if (g->sce_wrapped_key_aes256 != NULL)
XFREE(g->sce_wrapped_key_aes256,
(void) g;
if (g->wrapped_key_aes256 != NULL)
XFREE(g->wrapped_key_aes256,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (g->sce_wrapped_key_aes128 != NULL)
XFREE(g->sce_wrapped_key_aes128,
if (g->wrapped_key_aes128 != NULL)
XFREE(g->wrapped_key_aes128,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
if (g->sce_wrapped_key_rsapri2048 != NULL)
XFREE(g->sce_wrapped_key_rsapri2048,
if (g->wrapped_key_rsapri2048 != NULL)
XFREE(g->wrapped_key_rsapri2048,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (g->sce_wrapped_key_rsapub2048 != NULL)
XFREE(g->sce_wrapped_key_rsapub2048,
if (g->wrapped_key_rsapub2048 != NULL)
XFREE(g->wrapped_key_rsapub2048,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (g->sce_wrapped_key_rsapri1024 != NULL)
XFREE(g->sce_wrapped_key_rsapri1024,
if (g->wrapped_key_rsapri1024 != NULL)
XFREE(g->wrapped_key_rsapri1024,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (g->sce_wrapped_key_rsapub2048 != NULL)
XFREE(g->sce_wrapped_key_rsapub1024,
if (g->wrapped_key_rsapub2048 != NULL)
XFREE(g->wrapped_key_rsapub1024,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XMEMSET(g, 0, sizeof(User_SCEPKCbInfo));
}
#endif
void sce_test(void)
{
@ -236,15 +240,15 @@ void sce_test(void)
sce_aes_wrapped_key_t *p1 = NULL;
sce_aes_wrapped_key_t *p2 = NULL;
guser_PKCbInfo.sce_wrapped_key_aes256 =
guser_PKCbInfo.wrapped_key_aes256 =
(sce_aes_wrapped_key_t*)XMALLOC(sizeof(sce_aes_wrapped_key_t),
NULL, DYNAMIC_TYPE_TMP_BUFFER);
p1 = (sce_aes_wrapped_key_t*)guser_PKCbInfo.sce_wrapped_key_aes256;
p1 = (sce_aes_wrapped_key_t*)guser_PKCbInfo.wrapped_key_aes256;
guser_PKCbInfo.sce_wrapped_key_aes128 =
guser_PKCbInfo.wrapped_key_aes128 =
(sce_aes_wrapped_key_t*)XMALLOC(sizeof(sce_aes_wrapped_key_t),
NULL, DYNAMIC_TYPE_TMP_BUFFER);
p2 = (sce_aes_wrapped_key_t*)guser_PKCbInfo.sce_wrapped_key_aes128;
p2 = (sce_aes_wrapped_key_t*)guser_PKCbInfo.wrapped_key_aes128;
if ( p1 == NULL || p2 == NULL) {
printf("failed to alloc memory!");
@ -276,6 +280,16 @@ void sce_test(void)
#include "hal_data.h"
#include "r_sce.h"
#if defined(WOLFSSL_TLS13)
/* TLS1.3 needs RSA_PSS enabled.
* SCE doesn't support RSA PSS Padding
*/
const char* cipherlist[] = {
NULL
};
const int cipherlist_sz = 1;
TestInfo info[cipherlist_sz];
#else
#if defined(USE_CERT_BUFFERS_256)
#if !defined(TLS_MULTITHREAD_TEST)
const char* cipherlist[] = {
@ -317,6 +331,7 @@ void sce_test(void)
TestInfo info[cipherlist_sz];
#endif
#endif
#endif
#ifdef TLS_MULTITHREAD_TEST
BaseType_t xReturned;
@ -381,22 +396,26 @@ void sce_test(void)
#else
int TCP_connect_retry = 0;
wolfSSL_TLS_client_init();
do {
info[i].port = DEFAULT_PORT;
info[i].cipher = cipherlist[i];
info[i].ctx = client_ctx;
info[i].id = i;
info[i].port = DEFAULT_PORT;
info[i].cipher = cipherlist[i];
info[i].ctx = client_ctx;
info[i].id = i;
memset(info[i].name, 0, sizeof(info[i].name));
sprintf(info[i].name, "wolfSSL_TLS_client_do(%02d)", i);
wolfSSL_TLS_client_do(&info[i]);
XMEMSET(info[i].name, 0, sizeof(info[i].name));
XSPRINTF(info[i].name, "wolfSSL_TLS_client_do(%02d)", i);
if(wolfSSL_TLS_client_do(&info[i]) == -116) {
TCP_connect_retry++;
continue;
}
TCP_connect_retry = 0;
i++;
} while (i < cipherlist_sz);
} while (i < cipherlist_sz && TCP_connect_retry < 5);
#endif /* SCE_MULTITHREAD_TEST */

22
IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
View File

@ -41,10 +41,14 @@ static const byte ucDNSServerAddress[4] = { 192, 168, 11, 1 };
#ifdef TLS_MULTITHREAD_TEST
xSemaphoreHandle exit_semaph;
extern User_SCEPKCbInfo guser_PKCbInfo_taskA;
extern User_SCEPKCbInfo guser_PKCbInfo_taskB;
# ifdef WOLFSSL_RENESAS_SCEPROTECT
extern FSPSM_ST guser_PKCbInfo_taskA;
extern FSPSM_ST guser_PKCbInfo_taskB;
# endif
#else
extern User_SCEPKCbInfo guser_PKCbInfo;
# ifdef WOLFSSL_RENESAS_SCEPROTECT
extern FSPSM_ST guser_PKCbInfo;
# endif
#endif
int SEGGER_RTT_vprintf(unsigned BufferIndex, const char * sFormat, va_list * pParamList);
@ -125,7 +129,7 @@ void wolfSSL_TLS_client_init()
#endif
}
void wolfSSL_TLS_client_do(void *pvParam)
int wolfSSL_TLS_client_do(void *pvParam)
{
int ret;
@ -192,17 +196,17 @@ void wolfSSL_TLS_client_do(void *pvParam)
/* Set callback CTX */
#if !defined(TLS_MULTITHREAD_TEST)
memset(&guser_PKCbInfo, 0, sizeof(User_SCEPKCbInfo));
XMEMSET(&guser_PKCbInfo, 0, sizeof(FSPSM_ST));
guser_PKCbInfo.devId = 0;
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
#else
if (p->port - DEFAULT_PORT == 0) {
memset(&guser_PKCbInfo_taskA, 0, sizeof(User_SCEPKCbInfo));
XMEMSET(&guser_PKCbInfo_taskA, 0, sizeof(FSPSM_ST));
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo_taskA);
}
else {
memset(&guser_PKCbInfo_taskB, 0, sizeof(User_SCEPKCbInfo));
XMEMSET(&guser_PKCbInfo_taskB, 0, sizeof(FSPSM_ST));
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo_taskB);
}
#endif
@ -257,7 +261,9 @@ void wolfSSL_TLS_client_do(void *pvParam)
wolfSSL_free(ssl);
ssl = NULL;
/* need to reset callback */
#ifdef WOLFSSL_RENESAS_SCEPROTECT
wc_sce_set_callbacks(client_ctx);
#endif
}
/* clean up socket */
if (xClientSocket) {
@ -270,7 +276,7 @@ void wolfSSL_TLS_client_do(void *pvParam)
xSemaphoreGive(exit_semaph);
vTaskDelete(NULL);
#endif
return ret;
}
void wolfSSL_TLS_cleanup()

45
IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
View File

@ -25,11 +25,14 @@
#include <stdlib.h>
#include <wolfssl/wolfcrypt/settings.h>
#ifdef WOLFSSL_RENESAS_SCEPROTECT
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#include "FreeRTOS.h"
@ -63,7 +66,7 @@ int sce_crypt_Sha_AesCbcGcm_multitest();
int sce_crypt_sha_multitest();
int sce_crypt_test();
extern User_SCEPKCbInfo guser_PKCbInfo;
extern FSPSM_ST guser_PKCbInfo;
#if defined(HAVE_AES_CBC)
@ -117,12 +120,12 @@ static int sce_aes_cbc_test(int prnt, sce_aes_wrapped_key_t* aes_key)
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
XMEMCPY(&aes->ctx.sce_wrapped_key, aes_key,
XMEMCPY(&aes->ctx.wrapped_key, aes_key,
sizeof(sce_aes_wrapped_key_t));
aes->ctx.keySize = (word32)aes->keylen;
if (ret == 0) {
ret = wc_sce_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE);
ret = wc_fspsm_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE);
}
wc_AesFree(aes);
@ -135,11 +138,11 @@ static int sce_aes_cbc_test(int prnt, sce_aes_wrapped_key_t* aes_key)
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
XMEMCPY(&aes->ctx.sce_wrapped_key, aes_key,
XMEMCPY(&aes->ctx.wrapped_key, aes_key,
sizeof(sce_aes_wrapped_key_t));
aes->ctx.keySize = (word32)aes->keylen;
if (ret == 0)
ret = wc_sce_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE);
ret = wc_fspsm_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE);
wc_AesFree(aes);
}
@ -224,7 +227,7 @@ static int sce_aes256_test(int prnt, sce_aes_wrapped_key_t* aes_key)
ret = -3;
goto out;
} else {
XMEMCPY(&enc->ctx.sce_wrapped_key, aes_key,
XMEMCPY(&enc->ctx.wrapped_key, aes_key,
sizeof(sce_aes_wrapped_key_t));
enc->ctx.keySize = (word32)enc->keylen;
}
@ -234,13 +237,13 @@ static int sce_aes256_test(int prnt, sce_aes_wrapped_key_t* aes_key)
ret = -4;
goto out;
} else {
XMEMCPY(&dec->ctx.sce_wrapped_key, aes_key,
XMEMCPY(&dec->ctx.wrapped_key, aes_key,
sizeof(sce_aes_wrapped_key_t));
dec->ctx.keySize = (word32)dec->keylen;
}
XMEMSET(cipher, 0, AES_BLOCK_SIZE);
ret = wc_sce_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
ret = wc_fspsm_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
if (ret != 0) {
ret = -5;
@ -248,7 +251,7 @@ static int sce_aes256_test(int prnt, sce_aes_wrapped_key_t* aes_key)
}
XMEMSET(plain, 0, AES_BLOCK_SIZE);
ret = wc_sce_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
ret = wc_fspsm_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
if (ret != 0){
ret = -6;
@ -295,7 +298,7 @@ static int sce_aesgcm256_test(int prnt, sce_aes_wrapped_key_t* aes256_key)
{
Aes enc[1];
Aes dec[1];
User_SCEPKCbInfo userContext;
FSPSM_ST userContext;
/*
@ -369,7 +372,7 @@ static int sce_aesgcm256_test(int prnt, sce_aes_wrapped_key_t* aes256_key)
XMEMSET(resultT, 0, sizeof(resultT));
XMEMSET(resultC, 0, sizeof(resultC));
XMEMSET(resultP, 0, sizeof(resultP));
XMEMSET(&userContext, 0, sizeof(User_SCEPKCbInfo));
XMEMSET(&userContext, 0, sizeof(FSPSM_ST));
if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) {
ret = -1;
@ -385,13 +388,13 @@ static int sce_aesgcm256_test(int prnt, sce_aes_wrapped_key_t* aes256_key)
ret = -3;
goto out;
} else {
userContext.sce_wrapped_key_aes256 = (void*)aes256_key;
userContext.wrapped_key_aes256 = (void*)aes256_key;
userContext.keyflgs_crypt.bits.aes256_installedkey_set = 1;
enc->ctx.keySize = (word32)enc->keylen;
}
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
result = wc_sce_AesGcmEncrypt(enc, resultC, p, sizeof(p),
result = wc_fspsm_AesGcmEncrypt(enc, resultC, p, sizeof(p),
(byte*)iv1, sizeof(iv1),
resultT, sizeof(resultT),
a, sizeof(a), &userContext);
@ -409,7 +412,7 @@ static int sce_aesgcm256_test(int prnt, sce_aes_wrapped_key_t* aes256_key)
dec->ctx.keySize = (word32)enc->keylen;
}
result = wc_sce_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
result = wc_fspsm_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
iv1, sizeof(iv1), resultT, sizeof(resultT),
a, sizeof(a), &userContext);
if (result != 0){
@ -427,7 +430,7 @@ static int sce_aesgcm256_test(int prnt, sce_aes_wrapped_key_t* aes256_key)
wc_AesGcmSetKey(enc, k1, sizeof(k1));
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
result = wc_sce_AesGcmEncrypt(enc, resultC, p, sizeof(p),
result = wc_fspsm_AesGcmEncrypt(enc, resultC, p, sizeof(p),
(byte*)iv1, sizeof(iv1),
resultT + 1, sizeof(resultT) - 1,
a, sizeof(a), &userContext);
@ -436,7 +439,7 @@ static int sce_aesgcm256_test(int prnt, sce_aes_wrapped_key_t* aes256_key)
goto out;
}
result = wc_sce_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
result = wc_fspsm_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
a, sizeof(a), &userContext);
@ -487,7 +490,7 @@ static int sce_aesgcm128_test(int prnt, sce_aes_wrapped_key_t* aes128_key)
{
Aes enc[1];
Aes dec[1];
User_SCEPKCbInfo userContext;
FSPSM_ST userContext;
/*
* This is Test Case 16 from the document Galois/
@ -564,7 +567,7 @@ static int sce_aesgcm128_test(int prnt, sce_aes_wrapped_key_t* aes128_key)
XMEMSET(resultT, 0, sizeof(resultT));
XMEMSET(resultC, 0, sizeof(resultC));
XMEMSET(resultP, 0, sizeof(resultP));
XMEMSET(&userContext, 0, sizeof(User_SCEPKCbInfo));
XMEMSET(&userContext, 0, sizeof(FSPSM_ST));
if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) {
ret = -1;
@ -581,7 +584,7 @@ static int sce_aesgcm128_test(int prnt, sce_aes_wrapped_key_t* aes128_key)
ret = -3;
goto out;
} else {
userContext.sce_wrapped_key_aes128 = aes128_key;
userContext.wrapped_key_aes128 = aes128_key;
userContext.keyflgs_crypt.bits.aes128_installedkey_set = 1;
enc->ctx.keySize = (word32)enc->keylen;
}
@ -1282,4 +1285,4 @@ int sce_crypt_Sha_AesCbcGcm_multitest()
return ret;
}
#endif /* WOLFSSL_RENESAS_SCEPROTECT */

16
IDE/Renesas/e2studio/RA6M4/wolfssl/.project
View File

@ -397,24 +397,24 @@
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_common.c</locationURI>
</link>
<link>
<name>wolfCrypt/port/renesas_sce_aes.c</name>
<name>wolfCrypt/port/renesas_fspsm_aes.c</name>
<type>1</type>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_sce_aes.c</locationURI>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c</locationURI>
</link>
<link>
<name>wolfCrypt/port/renesas_sce_rsa.c</name>
<name>wolfCrypt/port/renesas_fspsm_rsa.c</name>
<type>1</type>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_sce_rsa.c</locationURI>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c</locationURI>
</link>
<link>
<name>wolfCrypt/port/renesas_sce_sha.c</name>
<name>wolfCrypt/port/renesas_fspsm_sha.c</name>
<type>1</type>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_sce_sha.c</locationURI>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c</locationURI>
</link>
<link>
<name>wolfCrypt/port/renesas_sce_util.c</name>
<name>wolfCrypt/port/renesas_fspsm_util.c</name>
<type>1</type>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_sce_util.c</locationURI>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c</locationURI>
</link>
</linkedResources>
</projectDescription>

26
src/internal.c
View File

@ -259,7 +259,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
#endif /* !WOLFSSL_NO_TLS12 */
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
#endif
@ -1926,7 +1926,7 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf,
/* set hmac function to use when verifying */
if (ret == 0 && (ssl->options.tls == 1 || ssl->options.tls1_1 == 1 ||
ssl->options.dtls == 1)) {
#if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#if !defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_TLS)
ssl->hmac = TLS_hmac;
#else
@ -4850,7 +4850,7 @@ int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo,
void* ctx = wolfSSL_GetRsaVerifyCtx(ssl);
ret = ssl->ctx->RsaVerifyCb(ssl, in, inSz, out, keyBuf, keySz, ctx);
}
#if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#if !defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_TLS)
else
#else
@ -5109,7 +5109,7 @@ int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz,
void* ctx = wolfSSL_GetRsaEncCtx(ssl);
ret = ssl->ctx->RsaEncCb(ssl, in, inSz, out, outSz, keyBuf, keySz, ctx);
}
#if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#if !defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_TLS)
else
#else
@ -5237,7 +5237,7 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
ret = ssl->ctx->EccVerifyCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
&ssl->eccVerifyRes, ctx);
}
#if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#if !defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
!defined(WOLFSSL_MAXQ108X)
else
@ -7216,7 +7216,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#ifndef NO_OLD_TLS
ssl->hmac = SSL_hmac; /* default to SSLv3 */
#elif !defined(WOLFSSL_NO_TLS12) && !defined(NO_TLS)
#if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#if !defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_TLS)
ssl->hmac = TLS_hmac;
#else
@ -7974,7 +7974,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
ssl->peerRsaKeyPresent = 0;
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
XFREE(ssl->peerSceTsipEncRsaKeyIndex, ssl->heap, DYNAMIC_TYPE_RSA);
Renesas_cmn_Cleanup(ssl);
#endif
@ -12698,7 +12698,7 @@ int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx)
/* only setup the verify callback if a PK is set */
#ifdef HAVE_ECC
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
sigCtx->pkCbEcc = Renesas_cmn_SigPkCbEccVerify;
sigCtx->pkCtxEcc = (void*)&sigCtx->CertAtt;
(void)SigPkCbEccVerify;
@ -12712,7 +12712,7 @@ int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx)
#endif
#ifndef NO_RSA
/* only setup the verify callback if a PK is set */
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
sigCtx->pkCbRsa = Renesas_cmn_SigPkCbRsaVerify;
sigCtx->pkCtxRsa = (void*)&sigCtx->CertAtt;
(void)SigPkCbRsaVerify;
@ -14673,7 +14673,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
else {
ssl->peerRsaKeyPresent = 1;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_SCEPROTECT)
defined(WOLFSSL_RENESAS_FSPSM_TLS)
/* copy encrypted tsip key index into ssl object */
if (args->dCert->sce_tsip_encRsaKeyIdx) {
if (!ssl->peerSceTsipEncRsaKeyIndex) {
@ -14738,7 +14738,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
{
int keyRet = 0;
word32 idx = 0;
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_TLS)
/* copy encrypted tsip/sce key index into ssl object */
if (args->dCert->sce_tsip_encRsaKeyIdx) {
@ -29780,8 +29780,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
#endif
case rsa_sa_algo:
{
#if (defined(WOLFSSL_RENESAS_SCEPROTECT) && \
defined(WOLFSSL_RENESAS_SCEPROTECT_ECC)) || \
#if (defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
defined(WOLFSSL_RENESAS_FSPSM_ECC)) || \
defined(WOLFSSL_RENESAS_TSIP_TLS)
/* already checked signature result by SCE */
/* skip the sign checks below */

6
src/keys.c
View File

@ -38,7 +38,7 @@
#endif
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
#endif
@ -54,7 +54,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
#ifndef NO_TLS
ssl->options.tls = 1;
#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
#if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#if !defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_TLS)
ssl->hmac = TLS_hmac;
#else
@ -77,7 +77,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
#if defined(WOLFSSL_DTLS)
if (ssl->options.dtls && ssl->version.major == DTLS_MAJOR) {
#ifndef WOLFSSL_AEAD_ONLY
#if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#if !defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_TLS)
ssl->hmac = TLS_hmac;
#else

4
src/ssl.c
View File

@ -1057,7 +1057,7 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
#endif /* WOLFSSL_TLS13 && HAVE_ECH */
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
#endif
@ -5933,7 +5933,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
ret = BAD_MUTEX_E;
}
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
/* Verify CA by TSIP so that generated tsip key is going to be able to */
/* be used for peer's cert verification */
/* TSIP is only able to handle USER CA, and only one CA. */

32
wolfcrypt/src/asn.c
View File

@ -176,7 +176,7 @@ ASN Options:
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
#endif
@ -9225,7 +9225,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
#ifndef NO_RSA
#ifndef HAVE_USER_RSA
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
/* This function is to retrieve key position information in a cert.*
* The information will be used to call TSIP TLS-linked API for *
* certificate verification. */
@ -11285,7 +11285,7 @@ void FreeDecodedCert(DecodedCert* cert)
if (cert->subjectName != NULL)
wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->subjectName);
#endif /* WOLFSSL_X509_NAME_AVAILABLE */
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (cert->sce_tsip_encRsaKeyIdx != NULL)
XFREE(cert->sce_tsip_encRsaKeyIdx, cert->heap, DYNAMIC_TYPE_RSA);
#endif
@ -11940,7 +11940,7 @@ static int StoreRsaKey(DecodedCert* cert, const byte* source, word32* srcIdx,
if (GetSequence(source, srcIdx, &length, pubIdx + (word32)pubLen) < 0)
return ASN_PARSE_E;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
cert->sigCtx.CertAtt.pubkey_n_start =
cert->sigCtx.CertAtt.pubkey_e_start = pubIdx;
#endif
@ -11976,7 +11976,7 @@ static int StoreRsaKey(DecodedCert* cert, const byte* source, word32* srcIdx,
cert->publicKeyIndex = dataASN[RSACERTKEYASN_IDX_SEQ].offset;
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
/* Start of SEQUENCE. */
cert->sigCtx.CertAtt.pubkey_n_start =
cert->sigCtx.CertAtt.pubkey_e_start = dataASN[RSACERTKEYASN_IDX_SEQ].offset;
@ -12062,7 +12062,7 @@ static int StoreEccKey(DecodedCert* cert, const byte* source, word32* srcIdx,
if ((ret = CheckCurve(cert->pkCurveOID)) < 0)
return ECC_CURVE_OID_E;
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
cert->sigCtx.CertAtt.curve_id = ret;
#else
(void)ret;
@ -12071,7 +12071,7 @@ static int StoreEccKey(DecodedCert* cert, const byte* source, word32* srcIdx,
ret = CheckBitString(source, srcIdx, &length, maxIdx, 1, NULL);
if (ret != 0)
return ret;
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
cert->sigCtx.CertAtt.pubkey_n_start =
cert->sigCtx.CertAtt.pubkey_e_start = (*srcIdx + 1);
cert->sigCtx.CertAtt.pubkey_n_len = ((length - 1) >> 1);
@ -16013,7 +16013,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
byte* rsaKeyIdx)
{
int ret = 0;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
CertAttribute* certatt = NULL;
#endif
@ -16031,7 +16031,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
WOLFSSL_ENTER("ConfirmSignature");
#if !defined(WOLFSSL_RENESAS_TSIP_TLS) && !defined(WOLFSSL_RENESAS_SCEPROTECT)
#if !defined(WOLFSSL_RENESAS_TSIP_TLS) && !defined(WOLFSSL_RENESAS_FSPSM_TLS)
(void)rsaKeyIdx;
#else
#if !defined(NO_RSA) || defined(HAVE_ECC)
@ -16696,12 +16696,12 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
key, keySz,
sigCtx->pkCtxRsa);
}
#if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#if !defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_TLS)
else
#else
if (!sigCtx->pkCbRsa || ret == CRYPTOCB_UNAVAILABLE)
#endif /* WOLFSSL_RENESAS_SCEPROTECT */
#endif /* WOLFSSL_RENESAS_FSPSM_TLS */
#endif /* HAVE_PK_CALLBACKS */
{
ret = wc_RsaSSL_VerifyInline(sigCtx->sigCpy, sigSz,
@ -16770,12 +16770,12 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
key, keySz, &sigCtx->verify,
sigCtx->pkCtxEcc);
}
#if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
#if !defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_TLS)
else
#else
if (!sigCtx->pkCbEcc || ret == CRYPTOCB_UNAVAILABLE)
#endif /* WOLFSSL_RENESAS_SCEPROTECT */
#endif /* WOLFSSL_RENESAS_FSPSM_TLS */
#endif /* HAVE_PK_CALLBACKS */
{
ret = wc_ecc_verify_hash(sig, sigSz, sigCtx->digest,
@ -16896,7 +16896,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
{
int encodedSigSz, verifySz;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_SCEPROTECT)
defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (sigCtx->CertAtt.verifyByTSIP_SCE == 1) break;
#endif
#ifdef WOLFSSL_SMALL_STACK
@ -22507,7 +22507,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
int len = 0;
#endif
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
int idx = 0;
#endif
byte* sce_tsip_encRsaKeyIdx;
@ -22906,7 +22906,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
}
#endif /* HAVE_OCSP */
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
/* prepare for TSIP TLS cert verification API use */
if (cert->keyOID == RSAk) {
/* to call TSIP API, it needs keys position info in bytes */

8
wolfcrypt/src/include.am
View File

@ -124,10 +124,10 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
wolfcrypt/src/port/Renesas/renesas_tsip_sha.c \
wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c \
wolfcrypt/src/port/Renesas/renesas_tsip_util.c \
wolfcrypt/src/port/Renesas/renesas_sce_util.c \
wolfcrypt/src/port/Renesas/renesas_sce_aes.c \
wolfcrypt/src/port/Renesas/renesas_sce_sha.c \
wolfcrypt/src/port/Renesas/renesas_sce_rsa.c \
wolfcrypt/src/port/Renesas/renesas_fspsm_util.c \
wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c \
wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c \
wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c \
wolfcrypt/src/port/Renesas/renesas_common.c \
wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c \
wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \

202
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -21,16 +21,16 @@
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_RENESAS_SCEPROTECT) \
|| defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) \
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) \
|| defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) \
|| defined(WOLFSSL_RENESAS_TSIP_TLS) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#define cmn_hw_lock wc_sce_hw_lock
#define cmn_hw_unlock wc_sce_hw_unlock
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#define cmn_hw_lock wc_fspsm_hw_lock
#define cmn_hw_unlock wc_fspsm_hw_unlock
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
@ -45,6 +45,7 @@
#include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/port/renesas/renesas_cmn.h>
uint32_t g_CAscm_Idx = (uint32_t)-1; /* index of CM table */
static int gdevId = 7890; /* initial dev Id for Crypt Callback */
@ -53,12 +54,13 @@ static int gdevId = 7890; /* initial dev Id for Crypt Callback */
#include <wolfssl/wolfcrypt/cryptocb.h>
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl)
{
int ret = 0;
WOLFSSL_ENTER("Renesas_cmn_Cleanup");
(void) ssl;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_TlsCleanup(ssl);
#endif
@ -66,6 +68,8 @@ WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl)
WOLFSSL_LEAVE("Renesas_cmn_Cleanup", ret);
return ret;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, word32* outSz,
@ -137,9 +141,9 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
#endif
if (info == NULL || ctx == NULL)
@ -251,8 +255,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
#endif /* HAVE_ECC */
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) ||\
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
@ -270,9 +274,9 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 32) {
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.wrapped_key,
&cbInfo->wrapped_key_aes256,
sizeof(FSPSM_AES_WKEY));
info->cipher.aesgcm_enc.aes->ctx.keySize = 32;
}
@ -280,13 +284,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 16) {
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.wrapped_key,
&cbInfo->wrapped_key_aes128,
sizeof(FSPSM_AES_WKEY));
info->cipher.aesgcm_enc.aes->ctx.keySize = 16;
}
ret = wc_sce_AesGcmEncrypt(
ret = wc_fspsm_AesGcmEncrypt(
info->cipher.aesgcm_enc.aes,
(byte*)info->cipher.aesgcm_enc.out,
(byte*)info->cipher.aesgcm_enc.in,
@ -309,9 +313,9 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 32) {
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.wrapped_key,
&cbInfo->wrapped_key_aes256,
sizeof(FSPSM_AES_WKEY));
info->cipher.aesgcm_dec.aes->ctx.keySize = 32;
}
@ -319,13 +323,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 16) {
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.wrapped_key,
&cbInfo->wrapped_key_aes128,
sizeof(FSPSM_AES_WKEY));
info->cipher.aesgcm_dec.aes->ctx.keySize = 16;
}
ret = wc_sce_AesGcmDecrypt(
ret = wc_fspsm_AesGcmDecrypt(
info->cipher.aesgcm_dec.aes,
(byte*)info->cipher.aesgcm_dec.out,
(byte*)info->cipher.aesgcm_dec.in,
@ -352,22 +356,22 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (
cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
XMEMCPY(&info->cipher.aescbc.aes->ctx.wrapped_key,
&cbInfo->wrapped_key_aes256,
sizeof(FSPSM_AES_WKEY));
info->cipher.aescbc.aes->ctx.keySize = 32;
}
else if (
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1
&& info->cipher.aescbc.aes->keylen == 16) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
XMEMCPY(&info->cipher.aescbc.aes->ctx.wrapped_key,
&cbInfo->wrapped_key_aes128,
sizeof(FSPSM_AES_WKEY));
info->cipher.aescbc.aes->ctx.keySize = 16;
}
ret = wc_sce_AesCbcEncrypt(
ret = wc_fspsm_AesCbcEncrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
(byte*)info->cipher.aescbc.in,
@ -377,20 +381,20 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (
cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
XMEMCPY(&info->cipher.aescbc.aes->ctx.wrapped_key,
&cbInfo->wrapped_key_aes256,
sizeof(FSPSM_AES_WKEY));
info->cipher.aescbc.aes->ctx.keySize = 32;
} else if (
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1
&& info->cipher.aescbc.aes->keylen == 16) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
XMEMCPY(&info->cipher.aescbc.aes->ctx.wrapped_key,
&cbInfo->wrapped_key_aes128,
sizeof(FSPSM_AES_WKEY));
info->cipher.aescbc.aes->ctx.keySize = 16;
}
ret = wc_sce_AesCbcDecrypt(
ret = wc_fspsm_AesCbcDecrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
(byte*)info->cipher.aescbc.in,
@ -400,7 +404,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */
}
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA)
@ -408,7 +412,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 ||
info->pk.rsakg.size == 2048)) {
ret = wc_sce_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
}
#endif
if (info->pk.type == WC_PK_TYPE_RSA) {
@ -428,7 +432,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
info->pk.rsa.type == RSA_PUBLIC_ENCRYPT )
{
ret = wc_sce_RsaFunction(info->pk.rsa.in,
ret = wc_fspsm_RsaFunction(info->pk.rsa.in,
info->pk.rsa.inLen,
info->pk.rsa.out,
info->pk.rsa.outLen,
@ -438,7 +442,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
(void*)ctx);
}
else if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT /* sign */){
ret = wc_sce_RsaSign(info->pk.rsa.in,
ret = wc_fspsm_RsaSign(info->pk.rsa.in,
info->pk.rsa.inLen,
info->pk.rsa.out,
info->pk.rsa.outLen,
@ -446,7 +450,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
(void*)ctx);
}
else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) {
ret = wc_sce_RsaVerify(info->pk.rsa.in,
ret = wc_fspsm_RsaVerify(info->pk.rsa.in,
info->pk.rsa.inLen,
info->pk.rsa.out,
info->pk.rsa.outLen,
@ -462,7 +466,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
"RSA operation falls through to SW operation.");
}
}
#endif /* NO_RSA && WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
#endif /* NO_RSA && WOLFSSL_RENESAS_FSPSM_CRYPTONLY */
}
#endif /* NO_RSA */
#endif /* TSIP or SCE */
@ -486,9 +490,9 @@ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_usable(ssl, session_key_generated);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) ||\
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
ret = wc_sce_usable(ssl, session_key_generated);
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
ret = wc_fspsm_usable(ssl, session_key_generated);
#endif
return ret;
@ -511,13 +515,13 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
#endif
if (cbInfo == NULL
#if (!defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) &&\
#if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) &&\
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(HAVE_RENESAS_SYNC)
|| ssl == NULL) {
@ -544,7 +548,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
return INVALID_DEVID;
}
#if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \
#if !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) && \
!defined(HAVE_RENESAS_SYNC)
if (ssl)
@ -571,10 +575,10 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id)
}
#endif /* WOLF_CRYPTO_CB */
#endif /* WOLFSSL_RENESAS_SCEPROTECT || WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY
#endif /* WOLFSSL_RENESAS_FSPSM_TLS|| WOLFSSL_RENESAS_FSPSM_CRYPTONLY
WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
/* Renesas Security Library Common Method
* Check CA index if CA can be used for SCE/TSIP because
@ -592,9 +596,9 @@ WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx)
/* check if the root CA has been verified by TSIP/SCE,
* and it exists in the CM table.
*/
static byte sce_tsip_rootCAverified(void)
static byte fspsm_tsip_rootCAverified(void)
{
WOLFSSL_ENTER("sce_tsip_rootCAverified");
WOLFSSL_ENTER("fspsm_tsip_rootCAverified");
return (g_CAscm_Idx != (uint32_t)-1 ? 1:0);
}
/* Renesas Security Library Common Callback
@ -630,16 +634,16 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, unsigned char* sig,
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx);
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
ret = wc_fspsm_RsaVerifyTLS(ssl, sig, sigSz, out,key, keySz, ctx);
if (ret == 0) {
/* Set Callback for SharedSecret when successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, fspsm_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
}
else {
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
WOLFSSL_MSG("failed R_XXX_TLS_ServerKeyExchangeVerify");
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
@ -681,16 +685,16 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz,
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
ret = wc_fspsm_EccVerifyTLS(ssl, sig, sigSz, hash, hashSz, key, keySz,
result, ctx);
if (ret == 0 && *result == 1) {
/* Set callback for SharedSecret when being successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, fspsm_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
}
else {
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
WOLFSSL_MSG("failed R_XXXX_TLS_ServerKeyExchangeVerify");
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
@ -718,7 +722,7 @@ int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
WOLFSSL_ENTER("wc_Renesas_cmn_RootCertVerify");
if (sce_tsip_rootCAverified() == 0) {
if (fspsm_tsip_rootCAverified() == 0) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_tls_RootCertVerify(cert, cert_len, key_n_start,
@ -726,9 +730,9 @@ int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
if (ret != TSIP_SUCCESS) {
ret = WOLFSSL_FATAL_ERROR;
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
ret = wc_sce_tls_RootCertVerify(cert, cert_len, key_n_start,
ret = wc_fspsm_tls_RootCertVerify(cert, cert_len, key_n_start,
key_n_len, key_e_start, key_e_len, cm_row);
if (ret != FSP_SUCCESS) {
ret = WOLFSSL_FATAL_ERROR;
@ -768,8 +772,8 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateVerifyData(ssl->arrays->tsip_masterSecret,
side, handshake_hash, hashes);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret,
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
ret = wc_fspsm_generateVerifyData(ssl->arrays->fspsm_masterSecret,
side, handshake_hash, hashes);
#endif
}
@ -802,8 +806,8 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
if (cbInfo->session_key_set == 1) {
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
if (cbInfo->keyflgs_tls.bits.session_key_set == 1) {
@ -836,8 +840,8 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
int ret = -1;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
#endif
(void)ctx;
@ -845,8 +849,8 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
if (Renesas_cmn_usable(ssl, 0)) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, cbInfo->devId);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_sce_generateSessionKey(ssl, ctx, cbInfo->devId);
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId);
#endif
}
else {
@ -896,9 +900,9 @@ WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl,
else
ret = PROTOCOLCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (Renesas_cmn_usable(ssl, 0)) {
ret = wc_sce_generatePremasterSecret(premaster, preSz);
ret = wc_fspsm_generatePremasterSecret(premaster, preSz);
ssl->arrays->preMasterSz = preSz;
}
else
@ -962,17 +966,17 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx)
else
ret = PROTOCOLCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (Renesas_cmn_usable(ssl, 0)) {
ret = wc_sce_generateMasterSecret(
ret = wc_fspsm_generateMasterSecret(
ssl->options.cipherSuite0,
ssl->options.cipherSuite,
ssl->arrays->preMasterSecret,
ssl->arrays->clientRandom,
ssl->arrays->serverRandom,
ssl->arrays->sce_masterSecret);
ssl->arrays->fspsm_masterSecret);
if (ret == 0) {
wc_sce_storeKeyCtx(ssl, ctx);
wc_fspsm_storeKeyCtx(ssl, ctx);
/* set Session Key generation Callback for use */
wolfSSL_CTX_SetGenSessionKeyCb(ssl->ctx,
Renesas_cmn_generateSessionKey);
@ -1045,9 +1049,10 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in,
ret = CRYPTOCB_UNAVAILABLE;
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (wc_sce_usable(ssl, 0) && EncSz == 256) {
ret = wc_sce_generateEncryptPreMasterSecret(ssl, out, outSz);
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (wc_fspsm_usable(ssl, 0) && EncSz == 256) {
ret = wc_fspsm_generateEncryptPreMasterSecret(ssl, out,
(uint32_t*)outSz);
}
else {
if (EncSz != 256)
@ -1087,9 +1092,10 @@ WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message,
}
else
ret = PROTOCOLCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (wc_sce_usable(ssl, 1)) {
ret = wc_sce_Sha256VerifyHmac(ssl, message, messageSz, macSz, content);
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (wc_fspsm_usable(ssl, 1)) {
ret = wc_fspsm_Sha256VerifyHmac(ssl, message,
messageSz, macSz, content);
}
else
ret = PROTOCOLCB_UNAVAILABLE;
@ -1143,11 +1149,11 @@ WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest,
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (Renesas_cmn_usable(ssl, 1)) {
if (ssl->specs.hash_size == WC_SHA256_DIGEST_SIZE) {
wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
ret = wc_sce_Sha256GenerateHmac(ssl, myInner,
ret = wc_fspsm_Sha256GenerateHmac(ssl, myInner,
WOLFSSL_TLS_HMAC_INNER_SZ, in, sz, digest);
}
else
@ -1218,9 +1224,10 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig,
else
ret = CRYPTOCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (CertAtt->keyIndex != NULL) {
ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
ret = wc_fspsm_tls_CertVerify(CertAtt->cert, CertAtt->certSz,
sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1,
CertAtt->pubkey_e_start - CertAtt->certBegin,
@ -1302,9 +1309,10 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig,
}
else
ret = CRYPTOCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (CertAtt->keyIndex != NULL) {
ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
ret = wc_fspsm_tls_CertVerify(CertAtt->cert, CertAtt->certSz,
sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1,
CertAtt->pubkey_e_start - CertAtt->certBegin,

195
wolfcrypt/src/port/Renesas/renesas_sce_aes.c → wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
View File

@ -1,4 +1,4 @@
/* renesas_sce_aes.c
/* renesas_fspsm_aes.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
@ -26,15 +26,15 @@
#ifndef NO_AES
#if (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_SCEPROTECT_AES)
#if (defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_AES)
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/internal.h>
#include <wolfssl/wolfcrypt/aes.h>
#include "wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h"
#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
@ -48,20 +48,20 @@ struct Aes;
#define SCE_AES_GCM_AUTH_TAG_SIZE 16
typedef fsp_err_t (*aesGcmEncInitFn)
(sce_gcm_handle_t*, sce_aes_wrapped_key_t*, uint8_t*, uint32_t);
(FSPSM_AESGCM_HANDLE*, FSPSM_AES_WKEY*, uint8_t*, uint32_t);
typedef fsp_err_t (*aesGcmEncUpdateFn)
(sce_gcm_handle_t*,uint8_t*, uint8_t*, uint32_t, uint8_t*, uint32_t);
(FSPSM_AESGCM_HANDLE*,uint8_t*, uint8_t*, uint32_t, uint8_t*, uint32_t);
typedef fsp_err_t (*aesGcmEncFinalFn)
(sce_gcm_handle_t*, uint8_t*, uint32_t*, uint8_t*);
(FSPSM_AESGCM_HANDLE*, uint8_t*, uint32_t*, uint8_t*);
typedef fsp_err_t (*aesGcmDecInitFn)
(sce_gcm_handle_t*, sce_aes_wrapped_key_t*, uint8_t*, uint32_t);
(FSPSM_AESGCM_HANDLE*, FSPSM_AES_WKEY*, uint8_t*, uint32_t);
typedef fsp_err_t (*aesGcmDecUpdateFn)
(sce_gcm_handle_t*,uint8_t*, uint8_t*, uint32_t, uint8_t*, uint32_t);
(FSPSM_AESGCM_HANDLE*,uint8_t*, uint8_t*, uint32_t, uint8_t*, uint32_t);
typedef fsp_err_t (*aesGcmDecFinalFn)
(sce_gcm_handle_t*, uint8_t*, uint32_t*, uint8_t*, uint32_t);
(FSPSM_AESGCM_HANDLE*, uint8_t*, uint32_t*, uint8_t*, uint32_t);
/* Perform Aes Gcm encryption by SCE
/* Perform Aes Gcm encryption by FSP SM
*
* aes The AES object.
* out Buffer to hold cipher text
@ -74,7 +74,7 @@ typedef fsp_err_t (*aesGcmDecFinalFn)
* ctx The callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz,
byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
@ -82,9 +82,9 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
void* ctx)
{
int ret;
sce_gcm_handle_t _handle;
FSPSM_AESGCM_HANDLE _handle;
uint32_t dataLen = sz;
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
FSPSM_ST *info = (FSPSM_ST*)ctx;
aesGcmEncInitFn initFn;
aesGcmEncUpdateFn updateFn;
@ -97,10 +97,10 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
const uint8_t* iv_l = NULL;
uint32_t ivSz_l = 0;
sce_hmac_sha_wrapped_key_t key_client_mac;
sce_hmac_sha_wrapped_key_t key_server_mac;
sce_aes_wrapped_key_t key_client_aes;
sce_aes_wrapped_key_t key_server_aes;
FSPSM_HMAC_WKEY key_client_mac;
FSPSM_HMAC_WKEY key_server_mac;
FSPSM_AES_WKEY key_client_aes;
FSPSM_AES_WKEY key_server_aes;
/* sanity check */
if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
@ -118,19 +118,19 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
}
if (aes->ctx.keySize == 16) {
initFn = R_SCE_AES128GCM_EncryptInit;
updateFn = R_SCE_AES128GCM_EncryptUpdate;
finalFn = R_SCE_AES128GCM_EncryptFinal;
initFn = FSPSM_AES128GCMEnc_Init;
updateFn = FSPSM_AES128GCMEnc_Up;
finalFn = FSPSM_AES128GCMEnc_Final;
}
else {
initFn = R_SCE_AES256GCM_EncryptInit;
updateFn = R_SCE_AES256GCM_EncryptUpdate;
finalFn = R_SCE_AES256GCM_EncryptFinal;
initFn = FSPSM_AES256GCMEnc_Init;
updateFn = FSPSM_AES256GCMEnc_Up;
finalFn = FSPSM_AES256GCMEnc_Final;
}
/* check if AES GCM can be used by SCE */
if ((ret = wc_sce_hw_lock()) == 0) {
/* check if AES GCM can be used by FSP SM */
if ((ret = wc_fspsm_hw_lock()) == 0) {
/* allocate buffers for plaintext, ciphertext and authTag to make sure
* those buffers 32bit aligned as SCE requests.
@ -143,7 +143,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
DYNAMIC_TYPE_AES);
if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL) {
WOLFSSL_MSG("wc_sce_AesGcmEncrypt: buffer allocation failed");
WOLFSSL_MSG("wc_fspsm_AesGcmEncrypt: buffer allocation failed");
ret = -1;
}
@ -153,17 +153,17 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
XMEMSET((void*)authTag, 0, authTagSz);
}
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (ret == 0 &&
info->keyflgs_tls.bits.session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here.
*/
ret = R_SCE_TLS_SessionKeyGenerate(
info->sce_cipher,
(uint32_t*)info->sce_masterSecret,
(uint8_t*) info->sce_clientRandom,
(uint8_t*) info->sce_serverRandom,
ret = FSPSM_SESSIONKEY_GEN_FUNC(
info->cipher,
(uint32_t*)info->masterSecret,
(uint8_t*) info->clientRandom,
(uint8_t*) info->serverRandom,
&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
&key_client_mac,
&key_server_mac,
@ -171,7 +171,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
&key_server_aes,
NULL, NULL);
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("R_SCE_TLS_SessionKeyGenerate failed");
WOLFSSL_MSG("R_XXX_TLS_SessionKeyGenerate failed");
ret = -1;
}
@ -184,19 +184,19 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_client_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
(FSPSM_AES_WKEY*)info->wrapped_key_aes256,
sizeof(FSPSM_AES_WKEY));
}
else {
XMEMCPY(&key_client_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
(FSPSM_AES_WKEY*)info->wrapped_key_aes128,
sizeof(FSPSM_AES_WKEY));
}
iv_l = iv;
ivSz_l = ivSz;
}
else {
WOLFSSL_MSG("AES key for SCE is not set.");
WOLFSSL_MSG("AES key for FSP SM is not set.");
ret = -1;
}
}
@ -216,7 +216,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
ret = updateFn(&_handle, plainBuf, cipherBuf, sz, NULL, 0UL);
}
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("R_SCE_AesXXXGcmEncryptUpdate2: failed");
WOLFSSL_MSG("R_XXXX_AesXXXGcmEncryptUpdate2: failed");
ret = -1;
}
@ -255,13 +255,13 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES);
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
}
return ret;
}
/* Perform Aes Gcm decryption by SCE
/* Perform Aes Gcm decryption by FSP SM
*
* aes The AES object.
* out Buffer to hold plaintext
@ -274,7 +274,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
* ctx The Callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
@ -282,9 +282,9 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
void* ctx)
{
int ret;
sce_gcm_handle_t _handle;
FSPSM_AESGCM_HANDLE _handle;
uint32_t dataLen = sz;
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
FSPSM_ST *info = (FSPSM_ST*)ctx;
aesGcmDecInitFn initFn;
aesGcmDecUpdateFn updateFn;
@ -297,10 +297,10 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
const uint8_t* iv_l = NULL;
uint32_t ivSz_l = 0;
sce_hmac_sha_wrapped_key_t key_client_mac;
sce_hmac_sha_wrapped_key_t key_server_mac;
sce_aes_wrapped_key_t key_client_aes;
sce_aes_wrapped_key_t key_server_aes;
FSPSM_HMAC_WKEY key_client_mac;
FSPSM_HMAC_WKEY key_server_mac;
FSPSM_AES_WKEY key_client_aes;
FSPSM_AES_WKEY key_server_aes;
/* sanity check */
if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
@ -318,18 +318,18 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
}
if (aes->ctx.keySize == 16) {
initFn = R_SCE_AES128GCM_DecryptInit;
updateFn = R_SCE_AES128GCM_DecryptUpdate;
finalFn = R_SCE_AES128GCM_DecryptFinal;
initFn = FSPSM_AES128GCMDec_Init;
updateFn = FSPSM_AES128GCMDec_Up;
finalFn = FSPSM_AES128GCMDec_Final;
}
else {
initFn = R_SCE_AES256GCM_DecryptInit;
updateFn = R_SCE_AES256GCM_DecryptUpdate;
finalFn = R_SCE_AES256GCM_DecryptFinal;
initFn = FSPSM_AES256GCMDec_Init;
updateFn = FSPSM_AES256GCMDec_Up;
finalFn = FSPSM_AES256GCMDec_Final;
}
if ((ret = wc_sce_hw_lock()) == 0) {
if ((ret = wc_fspsm_hw_lock()) == 0) {
/* allocate buffers for plain-text, cipher-text, authTag and AAD.
* TSIP requests those buffers 32bit aligned.
*/
@ -349,17 +349,17 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
XMEMCPY(cipherBuf, in, sz);
XMEMCPY(aTagBuf, authTag, authTagSz);
}
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (ret == 0 &&
info->keyflgs_tls.bits.session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here.
*/
ret = R_SCE_TLS_SessionKeyGenerate(
info->sce_cipher,
(uint32_t*)info->sce_masterSecret,
(uint8_t*) info->sce_clientRandom,
(uint8_t*) info->sce_serverRandom,
ret = FSPSM_SESSIONKEY_GEN_FUNC(
info->cipher,
(uint32_t*)info->masterSecret,
(uint8_t*) info->clientRandom,
(uint8_t*) info->serverRandom,
(uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
&key_client_mac,
&key_server_mac,
@ -367,7 +367,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
&key_server_aes,
NULL, NULL);
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("R_SCE_TLS_SessionKeyGenerate failed");
WOLFSSL_MSG("R_XXXX_TLS_SessionKeyGenerate failed");
ret = -1;
}
}
@ -379,19 +379,19 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_server_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
(FSPSM_AES_WKEY*)info->wrapped_key_aes256,
sizeof(FSPSM_AES_WKEY));
}
else {
XMEMCPY(&key_server_aes,
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
(FSPSM_AES_WKEY*)info->wrapped_key_aes128,
sizeof(FSPSM_AES_WKEY));
}
iv_l = iv;
ivSz_l = ivSz;
}
else {
WOLFSSL_MSG("AES key for SCE is not set.");
WOLFSSL_MSG("AES key for FSP SM is not set.");
ret = -1;
}
}
@ -412,7 +412,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
ret = updateFn(&_handle, cipherBuf, plainBuf, sz, NULL, 0UL);
}
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("R_SCE_AesXXXGcmDecryptUpdate: failed in decrypt");
WOLFSSL_MSG("R_XXXX_AesXXXGcmDecryptUpdate: failed in decrypt");
ret = -1;
}
@ -435,7 +435,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
}
}
else {
WOLFSSL_MSG("R_SCE_AesXXXGcmDecryptFinal: failed");
WOLFSSL_MSG("R_XXXX_AesXXXGcmDecryptFinal: failed");
ret = -1;
}
}
@ -445,12 +445,12 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
XFREE(plainBuf, aes->heap, DYNAMIC_TYPE_AES);
XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
}
return ret;
}
/* Perform Aes Cbc encryption by SCE
/* Perform Aes Cbc encryption by FSP SM
*
* aes The AES object.
* out Buffer to hold cipher text
@ -458,11 +458,11 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
* sz Length of cipher text/plaintext in bytes
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out,
WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz)
{
sce_aes_handle_t _handle;
word32 ret;
FSPSM_AES_HANDLE _handle;
int ret;
word32 blocks = (sz / AES_BLOCK_SIZE);
uint32_t dataLength;
byte *iv;
@ -474,30 +474,30 @@ WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out,
* on the device. iv is dummy */
iv = (uint8_t*)aes->reg;
if ((ret = wc_sce_hw_lock()) != 0) {
if ((ret = wc_fspsm_hw_lock()) != 0) {
WOLFSSL_MSG("Failed to lock");
return ret;
}
if (aes->ctx.keySize == 16) {
ret = R_SCE_AES128CBC_EncryptInit(&_handle, &aes->ctx.sce_wrapped_key, iv);
ret = FSPSM_AES128CBCEnc_Init(&_handle, &aes->ctx.wrapped_key, iv);
}
else if (aes->ctx.keySize == 32) {
ret = R_SCE_AES256CBC_EncryptInit(&_handle, &aes->ctx.sce_wrapped_key, iv);
ret = FSPSM_AES256CBCEnc_Init(&_handle, &aes->ctx.wrapped_key, iv);
}
else {
WOLFSSL_MSG("invalid key Size for SCE. Key size is neither 16 or 32.");
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
return -1;
}
while (ret == FSP_SUCCESS && blocks--) {
if (aes->ctx.keySize == 16)
ret = R_SCE_AES128CBC_EncryptUpdate(&_handle, (uint8_t*)in,
ret = FSPSM_AES128CBCEnc_Up(&_handle, (uint8_t*)in,
(uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
else
ret = R_SCE_AES256CBC_EncryptUpdate(&_handle, (uint8_t*)in,
ret = FSPSM_AES256CBCEnc_Up(&_handle, (uint8_t*)in,
(uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
in += AES_BLOCK_SIZE;
@ -506,10 +506,10 @@ WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out,
if (ret == FSP_SUCCESS) {
if (aes->ctx.keySize == 16) {
ret = R_SCE_AES128CBC_EncryptFinal(&_handle, out, &dataLength);
ret = FSPSM_AES128CBCEnc_Final(&_handle, out, &dataLength);
}
else {
ret = R_SCE_AES256CBC_EncryptFinal(&_handle, out, &dataLength);
ret = FSPSM_AES256CBCEnc_Final(&_handle, out, &dataLength);
}
}
else {
@ -517,7 +517,7 @@ WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out,
ret = -1;
}
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
return ret;
}
/* Perform Aes Cbc decryption by SCE
@ -528,10 +528,11 @@ WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out,
* sz Length of cipher text/plaintext in bytes
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz)
{
sce_aes_handle_t _handle;
word32 ret;
FSPSM_AES_HANDLE _handle;
int ret;
word32 blocks = (sz / AES_BLOCK_SIZE);
uint32_t dataLength;
byte *iv;
@ -541,29 +542,29 @@ WOLFSSL_LOCAL int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* i
iv = (uint8_t*)aes->reg;
if ((ret = wc_sce_hw_lock()) != 0) {
if ((ret = wc_fspsm_hw_lock()) != 0) {
WOLFSSL_MSG("Failed to lock");
return ret;
}
if (aes->ctx.keySize == 16) {
ret = R_SCE_AES128CBC_DecryptInit(&_handle, &aes->ctx.sce_wrapped_key, iv);
ret = FSPSM_AES128CBCDec_Init(&_handle, &aes->ctx.wrapped_key, iv);
}
else if (aes->ctx.keySize == 32) {
ret = R_SCE_AES256CBC_DecryptInit(&_handle, &aes->ctx.sce_wrapped_key, iv);
ret = FSPSM_AES256CBCDec_Init(&_handle, &aes->ctx.wrapped_key, iv);
}
else {
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
return -1;
}
while (ret == FSP_SUCCESS && blocks--) {
if (aes->ctx.keySize == 16)
ret = R_SCE_AES128CBC_DecryptUpdate(&_handle, (uint8_t*)in,
ret = FSPSM_AES128CBCDec_Up(&_handle, (uint8_t*)in,
(uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
else
ret = R_SCE_AES256CBC_DecryptUpdate(&_handle, (uint8_t*)in,
ret = FSPSM_AES256CBCDec_Up(&_handle, (uint8_t*)in,
(uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
in += AES_BLOCK_SIZE;
@ -572,16 +573,16 @@ WOLFSSL_LOCAL int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* i
if (ret == FSP_SUCCESS) {
if (aes->ctx.keySize == 16)
ret = R_SCE_AES128CBC_DecryptFinal(&_handle, out, &dataLength);
ret = FSPSM_AES128CBCDec_Final(&_handle, out, &dataLength);
else
ret = R_SCE_AES256CBC_DecryptFinal(&_handle, out, &dataLength);
ret = FSPSM_AES256CBCDec_Final(&_handle, out, &dataLength);
}
else {
WOLFSSL_MSG("SCE AES CBC decryption failed");
ret = -1;
}
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
return ret;
}

191
wolfcrypt/src/port/Renesas/renesas_sce_rsa.c → wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
View File

@ -1,4 +1,4 @@
/* renesas_sce_rsa.c
/* renesas_fspsm_rsa.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
@ -18,9 +18,11 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/wolfcrypt/settings.h>
#if !defined(NO_RSA) && \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
#include <string.h>
#include <stdio.h>
@ -29,11 +31,10 @@
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
/* Make Rsa key for SCE and set it to callback ctx
* Assumes to be called by Crypt Callback
@ -42,123 +43,123 @@
* ctx Callback context including pointer to hold generated key
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(int size, void* ctx)
{
fsp_err_t ret;
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
fsp_err_t ret;
FSPSM_ST *info = (FSPSM_ST*)ctx;
sce_rsa1024_wrapped_pair_key_t *wrapped_pair1024_key = NULL;
sce_rsa2048_wrapped_pair_key_t *wrapped_pair2048_key = NULL;
FSPSM_RSA1024_WPA_KEY *wrapped_pair1024_key = NULL;
FSPSM_RSA2048_WPA_KEY *wrapped_pair2048_key = NULL;
/* sanity check */
if (ctx == NULL)
return BAD_FUNC_ARG;
if ((ret = wc_sce_hw_lock()) == 0) {
if ((ret = wc_fspsm_hw_lock()) == 0) {
if (size == 1024) {
wrapped_pair1024_key =
(sce_rsa1024_wrapped_pair_key_t*)XMALLOC(
sizeof(sce_rsa1024_wrapped_pair_key_t), NULL,
(FSPSM_RSA1024_WPA_KEY*)XMALLOC(
sizeof(FSPSM_RSA1024_WPA_KEY), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (wrapped_pair1024_key == NULL)
return MEMORY_E;
ret = R_SCE_RSA1024_WrappedKeyPairGenerate(wrapped_pair1024_key);
ret = FSPSM_RSA1024_KEYPA_GEN(wrapped_pair1024_key);
}
else if (size == 2048) {
wrapped_pair2048_key =
(sce_rsa1024_wrapped_pair_key_t*)XMALLOC(
sizeof(sce_rsa2048_wrapped_pair_key_t), NULL,
(FSPSM_RSA2048_WPA_KEY*)XMALLOC(
sizeof(FSPSM_RSA2048_WPA_KEY), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (wrapped_pair2048_key == NULL)
return MEMORY_E;
ret = R_SCE_RSA2048_WrappedKeyPairGenerate(wrapped_pair2048_key);
ret = FSPSM_RSA1024_KEYPA_GEN(wrapped_pair2048_key);
}
else
return CRYPTOCB_UNAVAILABLE;
if (ret == FSP_SUCCESS) {
if (size == 1024) {
if (info->sce_wrapped_key_rsapri1024 != NULL) {
XFREE(info->sce_wrapped_key_rsapri1024, NULL,
if (info->wrapped_key_rsapri1024 != NULL) {
XFREE(info->wrapped_key_rsapri1024, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
if (info->sce_wrapped_key_rsapub1024 != NULL) {
XFREE(info->sce_wrapped_key_rsapub1024, NULL,
if (info->wrapped_key_rsapub1024 != NULL) {
XFREE(info->wrapped_key_rsapub1024, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
info->sce_wrapped_key_rsapri1024 =
(sce_rsa1024_private_wrapped_key_t*)XMALLOC(
sizeof(sce_rsa1024_private_wrapped_key_t), NULL,
info->wrapped_key_rsapri1024 =
(FSPSM_RSA1024_WPI_KEY*)XMALLOC(
sizeof(FSPSM_RSA1024_WPI_KEY), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->sce_wrapped_key_rsapri1024 == NULL) {
if (info->wrapped_key_rsapri1024 == NULL) {
XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
info->sce_wrapped_key_rsapub1024 =
(sce_rsa1024_public_wrapped_key_t*)XMALLOC(
sizeof(sce_rsa1024_public_wrapped_key_t), NULL,
info->wrapped_key_rsapub1024 =
(FSPSM_RSA1024_WPB_KEY*)XMALLOC(
sizeof(FSPSM_RSA1024_WPB_KEY), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->sce_wrapped_key_rsapub1024 == NULL) {
if (info->wrapped_key_rsapub1024 == NULL) {
XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->sce_wrapped_key_rsapub1024, 0,
XFREE(info->wrapped_key_rsapub1024, 0,
DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
/* copy generated key pair and free malloced key */
XMEMCPY(info->sce_wrapped_key_rsapri1024,
XMEMCPY(info->wrapped_key_rsapri1024,
&wrapped_pair1024_key->priv_key,
sizeof(sce_rsa1024_private_wrapped_key_t));
XMEMCPY(info->sce_wrapped_key_rsapub1024,
sizeof(FSPSM_RSA1024_WPI_KEY));
XMEMCPY(info->wrapped_key_rsapub1024,
&wrapped_pair1024_key->pub_key,
sizeof(sce_rsa1024_public_wrapped_key_t));
sizeof(FSPSM_RSA1024_WPB_KEY));
XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
info->keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
info->keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
}
else if (size == 2048) {
if (info->sce_wrapped_key_rsapri2048 != NULL) {
XFREE(info->sce_wrapped_key_rsapri2048, NULL,
if (info->wrapped_key_rsapri2048 != NULL) {
XFREE(info->wrapped_key_rsapri2048, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
if (info->sce_wrapped_key_rsapub2048 != NULL) {
XFREE(info->sce_wrapped_key_rsapub2048, NULL,
if (info->wrapped_key_rsapub2048 != NULL) {
XFREE(info->wrapped_key_rsapub2048, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
info->sce_wrapped_key_rsapri2048 =
(sce_rsa2048_private_wrapped_key_t*)XMALLOC(
sizeof(sce_rsa2048_private_wrapped_key_t), NULL,
info->wrapped_key_rsapri2048 =
(FSPSM_RSA2048_WPI_KEY*)XMALLOC(
sizeof(FSPSM_RSA2048_WPI_KEY), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->sce_wrapped_key_rsapri2048 == NULL) {
if (info->wrapped_key_rsapri2048 == NULL) {
XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
info->sce_wrapped_key_rsapub2048 =
(sce_rsa2048_public_wrapped_key_t*)XMALLOC(
sizeof(sce_rsa2048_public_wrapped_key_t), NULL,
info->wrapped_key_rsapub2048 =
(FSPSM_RSA2048_WPB_KEY*)XMALLOC(
sizeof(FSPSM_RSA2048_WPB_KEY), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->sce_wrapped_key_rsapub2048 == NULL) {
if (info->wrapped_key_rsapub2048 == NULL) {
XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->sce_wrapped_key_rsapub1024, 0,
XFREE(info->wrapped_key_rsapub1024, 0,
DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
/* copy generated key pair and free malloced key */
XMEMCPY(info->sce_wrapped_key_rsapri2048,
XMEMCPY(info->wrapped_key_rsapri2048,
&wrapped_pair2048_key->priv_key,
sizeof(sce_rsa2048_private_wrapped_key_t));
XMEMCPY(info->sce_wrapped_key_rsapub2048,
sizeof(FSPSM_RSA2048_WPI_KEY));
XMEMCPY(info->wrapped_key_rsapub2048,
&wrapped_pair2048_key->pub_key,
sizeof(sce_rsa2048_public_wrapped_key_t));
sizeof(FSPSM_RSA2048_WPB_KEY));
XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
info->keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
@ -171,7 +172,7 @@ WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
return CRYPTOCB_UNAVAILABLE;
}
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
}
}
@ -187,15 +188,15 @@ WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
* ctx Callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
word32 outLen, int type, struct RsaKey* key,
struct WC_RNG* rng, void* ctx)
{
int ret;
sce_rsa_byte_data_t plain;
sce_rsa_byte_data_t cipher;
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
FSPSM_RSA_DATA plain;
FSPSM_RSA_DATA cipher;
FSPSM_ST *info = (FSPSM_ST*)ctx;
int keySize;
@ -222,7 +223,7 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
return BAD_FUNC_ARG;
}
if ((ret = wc_sce_hw_lock()) == 0) {
if ((ret = wc_fspsm_hw_lock()) == 0) {
if (type == RSA_PUBLIC_ENCRYPT) {
plain.pdata = (byte*)in;
@ -232,9 +233,9 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
if (keySize == 1024) {
if(info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1)
ret = R_SCE_RSAES_PKCS1024_Encrypt(&plain, &cipher,
(sce_rsa1024_public_wrapped_key_t*)
info->sce_wrapped_key_rsapub1024);
ret = FSPSM_RSA1024_PKCSENC_FUNC(&plain, &cipher,
(FSPSM_RSA1024_WPB_KEY*)
info->wrapped_key_rsapub1024);
else {
WOLFSSL_MSG("wrapped public 1024 bits key is not set.");
return BAD_FUNC_ARG;
@ -242,9 +243,9 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
}
else {
if(info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1)
ret = R_SCE_RSAES_PKCS2048_Encrypt(&plain, &cipher,
(sce_rsa2048_public_wrapped_key_t*)
info->sce_wrapped_key_rsapub2048);
ret = FSPSM_RSA2048_PKCSENC_FUNC(&plain, &cipher,
(FSPSM_RSA2048_WPB_KEY*)
info->wrapped_key_rsapub2048);
else {
WOLFSSL_MSG("wrapped public 2048 bits key is not set.");
return BAD_FUNC_ARG;
@ -259,9 +260,9 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
if (keySize == 1024) {
if(info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1)
ret = R_SCE_RSAES_PKCS1024_Decrypt(&cipher, &plain,
(sce_rsa1024_private_wrapped_key_t*)
info->sce_wrapped_key_rsapri1024);
ret = FSPSM_RSA1024_PKCSDEC_FUNC(&cipher, &plain,
(FSPSM_RSA1024_WPI_KEY*)
info->wrapped_key_rsapri1024);
else {
WOLFSSL_MSG("wrapped private 2048 bits key is not set.");
return BAD_FUNC_ARG;
@ -269,9 +270,9 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
}
else {
if(info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1)
ret = R_SCE_RSAES_PKCS2048_Decrypt(&cipher, &plain,
(sce_rsa2048_private_wrapped_key_t*)
info->sce_wrapped_key_rsapri2048);
ret = FSPSM_RSA2048_PKCSDEC_FUNC(&cipher, &plain,
(FSPSM_RSA2048_WPI_KEY*)
info->wrapped_key_rsapri2048);
else {
WOLFSSL_MSG("wrapped private 2048 bits key is not set.");
return BAD_FUNC_ARG;
@ -279,7 +280,7 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
}
}
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
}
return ret;
}
@ -296,14 +297,14 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
word32* outLen, struct RsaKey* key, void* ctx)
{
int ret;
sce_rsa_byte_data_t message_hash;
sce_rsa_byte_data_t signature;
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
FSPSM_RSA_DATA message_hash;
FSPSM_RSA_DATA signature;
FSPSM_ST *info = (FSPSM_ST*)ctx;
int keySize;
(void) key;
@ -334,25 +335,25 @@ WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
signature.pdata = out;
signature.data_length = outLen;
if ((ret = wc_sce_hw_lock()) == 0) {
if ((ret = wc_fspsm_hw_lock()) == 0) {
if (keySize == 1024) {
ret = R_SCE_RSASSA_PKCS1024_SignatureGenerate(&message_hash,
ret = FSPSM_RSA1024_SIGN_FUNC(&message_hash,
&signature,
(sce_rsa1024_private_wrapped_key_t *)
info->sce_wrapped_key_rsapri1024,
(FSPSM_RSA1024_WPI_KEY *)
info->wrapped_key_rsapri1024,
HW_SCE_RSA_HASH_SHA256);
}
else {
ret = R_SCE_RSASSA_PKCS2048_SignatureGenerate(&message_hash,
ret = FSPSM_RSA2048_SIGN_FUNC(&message_hash,
&signature,
(sce_rsa2048_private_wrapped_key_t *)
info->sce_wrapped_key_rsapri2048,
(FSPSM_RSA2048_WPI_KEY *)
info->wrapped_key_rsapri2048,
HW_SCE_RSA_HASH_SHA256);
}
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
}
return ret;
@ -370,14 +371,14 @@ WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
word32* outLen,struct RsaKey* key, void* ctx)
{
int ret;
sce_rsa_byte_data_t message_hash;
sce_rsa_byte_data_t signature;
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
FSPSM_RSA_DATA message_hash;
FSPSM_RSA_DATA signature;
FSPSM_ST *info = (FSPSM_ST*)ctx;
int keySize;
(void) key;
@ -410,28 +411,28 @@ WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
signature.pdata = out;
signature.data_length = outLen;
if ((ret = wc_sce_hw_lock()) == 0) {
if ((ret = wc_fspsm_hw_lock()) == 0) {
if (keySize == 1024) {
ret = R_SCE_RSASSA_PKCS1024_SignatureVerify(&signature,
ret = FSPSM_RSA1024_VRY_FUNC(&signature,
&message_hash,
(sce_rsa1024_public_wrapped_key_t *)
info->sce_wrapped_key_rsapub1024,
(FSPSM_RSA1024_WPB_KEY *)
info->wrapped_key_rsapub1024,
HW_SCE_RSA_HASH_SHA256);
}
else {
ret = R_SCE_RSASSA_PKCS2048_SignatureVerify(&signature,
ret = FSPSM_RSA2048_VRY_FUNC(&signature,
&message_hash,
(sce_rsa2048_public_wrapped_key_t *)
info->sce_wrapped_key_rsapub2048,
(FSPSM_RSA2048_WPB_KEY *)
info->wrapped_key_rsapub2048,
HW_SCE_RSA_HASH_SHA256 );
}
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
}
return ret;
}
#endif /* !NO_RSA && WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
#endif /* !NO_RSA && WOLFSSL_RENESAS_FSPSM_CRYPTONLY */

89
wolfcrypt/src/port/Renesas/renesas_sce_sha.c → wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
View File

@ -1,4 +1,4 @@
/* renesas_sce_sha.c
/* renesas_fspsm_sha.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
@ -30,18 +30,18 @@
#include <wolfssl/wolfcrypt/logging.h>
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
/* Free up allocation for msg
*
* hash The SCE Hash object.
* hash The FSPSM Hash object.
* no return value
*/
static void SCEHashFree(wolfssl_SCE_Hash* hash)
static void FSPSM_HashFree(wolfssl_FSPSM_Hash* hash)
{
if (hash == NULL)
return;
@ -53,12 +53,12 @@ static void SCEHashFree(wolfssl_SCE_Hash* hash)
}
/* Initialize Hash object
*
* hash The SCE Hash object.
* hash The FSPSM Hash object.
* heap Buffer to hold heap if available
* devId device Id
* return 0 on success, BAD_FUNC_ARG when has is NULL
*/
static int SCEHashInit(wolfssl_SCE_Hash* hash, void* heap, int devId,
static int FSPSM_HashInit(wolfssl_FSPSM_Hash* hash, void* heap, int devId,
word32 sha_type)
{
if (hash == NULL) {
@ -66,7 +66,7 @@ static int SCEHashInit(wolfssl_SCE_Hash* hash, void* heap, int devId,
}
(void)devId;
XMEMSET(hash, 0, sizeof(wolfssl_SCE_Hash));
XMEMSET(hash, 0, sizeof(wolfssl_FSPSM_Hash));
hash->heap = heap;
hash->len = 0;
@ -79,12 +79,13 @@ static int SCEHashInit(wolfssl_SCE_Hash* hash, void* heap, int devId,
/* Add data to msg(work buffer) for final hash operation
*
* hash The SCE Hash object.
* hash The FSPSM Hash object.
* data Buffer to hold plain text for hash
* sz Length of data
* return 0 on success, otherwise MEMORY_E or BAD_FUNC_ARG on failure
*/
static int SCEHashUpdate(wolfssl_SCE_Hash* hash, const byte* data, word32 sz)
static int FSPSM_HashUpdate(wolfssl_FSPSM_Hash* hash,
const byte* data, word32 sz)
{
if (hash == NULL || (sz > 0 && data == NULL)) {
return BAD_FUNC_ARG;
@ -128,38 +129,38 @@ static int SCEHashUpdate(wolfssl_SCE_Hash* hash, const byte* data, word32 sz)
/* Perform hash operation using accumulated msg
*
* hash The SCE Hash object.
* hash The FSPSM Hash object.
* out Buffer to hold hashed text
* outSz Length of out
* return FSP_SUCCESS(0) on success,
* otherwise BAD_FUNC_ARG or FSP Error code on failure
*/
static int SCEHashFinal(wolfssl_SCE_Hash* hash, byte* out, word32 outSz)
static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
{
int ret;
void* heap;
sce_sha_md5_handle_t handle;
FSPSM_SHA_HANDLE handle;
uint32_t sz;
fsp_err_t (*Init)(sce_sha_md5_handle_t*);
fsp_err_t (*Update)(sce_sha_md5_handle_t*, uint8_t*, uint32_t);
fsp_err_t (*Final )(sce_sha_md5_handle_t*, uint8_t*, uint32_t*);
fsp_err_t (*Init)(FSPSM_SHA_HANDLE*);
fsp_err_t (*Update)(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t);
fsp_err_t (*Final )(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t*);
if (hash == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
if (hash->sha_type == SCE_SHA256) {
Init = R_SCE_SHA256_Init;
Update = R_SCE_SHA256_Update;
Final = R_SCE_SHA256_Final;
if (hash->sha_type == FSPSM_SHA256) {
Init = FSPSM_SHA256_Init;
Update = FSPSM_SHA256_Up;
Final = FSPSM_SHA256_Final;
}
else
return BAD_FUNC_ARG;
heap = hash->heap;
wc_sce_hw_lock();
wc_fspsm_hw_lock();
if (Init(&handle) == FSP_SUCCESS) {
ret = Update(&handle, (uint8_t*)hash->msg, hash->used);
@ -170,35 +171,35 @@ static int SCEHashFinal(wolfssl_SCE_Hash* hash, byte* out, word32 outSz)
}
}
}
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
SCEHashFree(hash);
return SCEHashInit(hash, heap, 0, hash->sha_type);
FSPSM_HashFree(hash);
return FSPSM_HashInit(hash, heap, 0, hash->sha_type);
}
/* Hash operation to message and return a result */
static int SCEHashGet(wolfssl_SCE_Hash* hash, byte* out, word32 outSz)
static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
{
int ret;
sce_sha_md5_handle_t handle;
FSPSM_SHA_HANDLE handle;
uint32_t sz;
fsp_err_t (*Init)(sce_sha_md5_handle_t*);
fsp_err_t (*Update)(sce_sha_md5_handle_t*, uint8_t*, uint32_t);
fsp_err_t (*Final )(sce_sha_md5_handle_t*, uint8_t*, uint32_t*);
fsp_err_t (*Init)(FSPSM_SHA_HANDLE*);
fsp_err_t (*Update)(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t);
fsp_err_t (*Final )(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t*);
if (hash == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
if (hash->sha_type == SCE_SHA256) {
Init = R_SCE_SHA256_Init;
Update = R_SCE_SHA256_Update;
Final = R_SCE_SHA256_Final;
if (hash->sha_type == FSPSM_SHA256) {
Init = FSPSM_SHA256_Init;
Update = FSPSM_SHA256_Up;
Final = FSPSM_SHA256_Final;
}
else
return BAD_FUNC_ARG;
wc_sce_hw_lock();
wc_fspsm_hw_lock();
if (Init(&handle) == FSP_SUCCESS) {
ret = Update(&handle, (uint8_t*)hash->msg, hash->used);
@ -210,18 +211,18 @@ static int SCEHashGet(wolfssl_SCE_Hash* hash, byte* out, word32 outSz)
}
}
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
return 0;
}
/* copy hash result from src to dst */
static int SCEHashCopy(wolfssl_SCE_Hash* src, wolfssl_SCE_Hash* dst)
static int FSPSM_HashCopy(wolfssl_FSPSM_Hash* src, wolfssl_FSPSM_Hash* dst)
{
if (src == NULL || dst == NULL) {
return BAD_FUNC_ARG;
}
XMEMCPY(dst, src, sizeof(wolfssl_SCE_Hash));
XMEMCPY(dst, src, sizeof(wolfssl_FSPSM_Hash));
if (src->len > 0 && src->msg != NULL) {
dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -240,28 +241,28 @@ static int SCEHashCopy(wolfssl_SCE_Hash* src, wolfssl_SCE_Hash* dst)
/* wrapper for wc_InitSha256_ex */
int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId)
{
return SCEHashInit(sha, heap, devId, SCE_SHA256);
return FSPSM_HashInit(sha, heap, devId, FSPSM_SHA256);
}
/* wrapper for wc_Sha256Update */
int wc_Sha256Update(wc_Sha256* sha, const byte* in, word32 sz)
{
return SCEHashUpdate(sha, in, sz);
return FSPSM_HashUpdate(sha, in, sz);
}
/* wrapper for wc_Sha256Final */
int wc_Sha256Final(wc_Sha256* sha, byte* hash)
{
return SCEHashFinal(sha, hash, WC_SHA256_DIGEST_SIZE);
return FSPSM_HashFinal(sha, hash, WC_SHA256_DIGEST_SIZE);
}
/* wrapper for wc_Sha256GetHash */
int wc_Sha256GetHash(wc_Sha256* sha, byte* hash)
{
return SCEHashGet(sha, hash, WC_SHA256_DIGEST_SIZE);
return FSPSM_HashGet(sha, hash, WC_SHA256_DIGEST_SIZE);
}
/* wrapper for wc_Sha256Copy */
int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
{
return SCEHashCopy(src, dst);
return FSPSM_HashCopy(src, dst);
}
#endif /* !NO_SHA256 */
#endif /* WOLFSSL_RENESAS_SCEPROTECT */
#endif /* WOLFSSL_RENESAS_FSPSM_TLS */
#endif /* #if !defined(NO_SHA) || !defined(NO_SHA256) */

377
wolfcrypt/src/port/Renesas/renesas_sce_util.c → wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
View File

@ -1,4 +1,4 @@
/* renesas_sce_util.c
/* renesas_fspsm_util.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
@ -20,13 +20,14 @@
*/
#include <wolfssl/wolfcrypt/types.h>
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
#include <wolfssl/wolfcrypt/memory.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
@ -42,35 +43,38 @@
#define WOLFSSL_PKMSG(_f_, ...) WC_DO_NOTHING
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT_ECC)
WOLFSSL_GLOBAL SCE_PKCbInfo gSCE_PKCbInfo;
#if defined(WOLFSSL_RENESAS_FSPSM_ECC)
WOLFSSL_GLOBAL FSPSM_ST_PKC gPKCbInfo;
#endif
/* expect to have these variables defined at user application */
extern sce_instance_ctrl_t sce_ctrl;
extern sce_cfg_t sce_cfg;
extern FSPSM_INSTANCE gFSPSM_ctrl;
extern FSPSM_CONFIG gFSPSM_cfg;
#ifdef WOLFSSL_RENESAS_FSPSM_TLS
static const byte* ca_cert_sig;
static sce_key_data g_user_key_info;
static fspsm_key_data g_user_key_info;
static uint32_t g_encrypted_publicCA_key[HW_SCE_SINST_WORD_SIZE];
extern uint32_t g_CAscm_Idx; /* index of CM table */
wolfSSL_Mutex sce_mutex;
static int sce_CryptHwMutexInit_ = 0;
static uint32_t sce_sess_idx = 0;
#endif
wolfSSL_Mutex fspsm_mutex;
static int fspsm_CryptHwMutexInit_ = 0;
static uint32_t fspsm_sess_idx = 0;
/* Mutex Init */
static int sce_CryptHwMutexInit(wolfSSL_Mutex* mutex)
static int fspsm_CryptHwMutexInit(wolfSSL_Mutex* mutex)
{
return wc_InitMutex(mutex);
}
/* Mutex Lock */
static int sce_CryptHwMutexLock(wolfSSL_Mutex* mutex)
static int fspsm_CryptHwMutexLock(wolfSSL_Mutex* mutex)
{
return wc_LockMutex(mutex);
}
/* Mutex Unlock */
static int sce_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
static int fspsm_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
{
return wc_UnLockMutex(mutex);
}
@ -79,23 +83,23 @@ static int sce_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
* lock hw engine
* this should be called before using engine.
*/
WOLFSSL_LOCAL int wc_sce_hw_lock()
WOLFSSL_LOCAL int wc_fspsm_hw_lock()
{
int ret = 0;
if (sce_CryptHwMutexInit_ == 0) {
if (fspsm_CryptHwMutexInit_ == 0) {
ret = sce_CryptHwMutexInit(&sce_mutex);
ret = fspsm_CryptHwMutexInit(&fspsm_mutex);
if (ret == 0) {
sce_CryptHwMutexInit_ = 1;
fspsm_CryptHwMutexInit_ = 1;
}
else {
WOLFSSL_MSG(" mutex initialization failed.");
return -1;
}
}
if (sce_CryptHwMutexLock(&sce_mutex) != 0) {
if (fspsm_CryptHwMutexLock(&fspsm_mutex) != 0) {
/* this should not happens */
return -1;
}
@ -106,26 +110,28 @@ WOLFSSL_LOCAL int wc_sce_hw_lock()
/*
* release hw engine
*/
WOLFSSL_LOCAL void wc_sce_hw_unlock(void)
WOLFSSL_LOCAL void wc_fspsm_hw_unlock(void)
{
sce_CryptHwMutexUnLock(&sce_mutex);
fspsm_CryptHwMutexUnLock(&fspsm_mutex);
}
/* Open sce driver for use */
WOLFSSL_LOCAL int wc_sce_Open()
WOLFSSL_LOCAL int wc_fspsm_Open()
{
WOLFSSL_ENTER("wc_sce_Open");
WOLFSSL_ENTER("wc_fspsm_Open");
int ret;
if ((ret = wc_sce_hw_lock()) == 0) {
if ((ret = wc_fspsm_hw_lock()) == 0) {
ret = R_SCE_Open(&sce_ctrl, &sce_cfg);
ret = FSPSM_OPEN(&gFSPSM_ctrl, &gFSPSM_cfg);
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("RENESAS SCE Open failed");
}
#if defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (ret == FSP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
ret = R_SCE_TLS_RootCertificateRSA2048PublicKeyInstall(
ret = FSPSM_ROOTCA_RSA2048(
g_user_key_info.encrypted_provisioning_key,
g_user_key_info.iv,
g_user_key_info.encrypted_user_tls_key,
@ -138,28 +144,28 @@ WOLFSSL_LOCAL int wc_sce_Open()
else {
WOLFSSL_MSG("Failed to lock sce hw ");
}
#endif
}
/* unlock hw */
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
WOLFSSL_LEAVE("wc_sce_Open", ret);
WOLFSSL_LEAVE("wc_fspsm_Open", ret);
return ret;
}
/* close SCE driver */
WOLFSSL_LOCAL void wc_sce_Close()
WOLFSSL_LOCAL void wc_fspsm_Close()
{
WOLFSSL_ENTER("sce Close");
int ret;
if ((ret = wc_sce_hw_lock()) == 0) {
if ((ret = wc_fspsm_hw_lock()) == 0) {
/* close SCE */
ret = R_SCE_Close(&sce_ctrl);
ret = FSPSM_CLOSE(&gFSPSM_ctrl);
/* unlock hw */
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("RENESAS SCE Close failed");
}
@ -169,15 +175,16 @@ WOLFSSL_LOCAL void wc_sce_Close()
}
}
#ifndef WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY
#ifdef WOLFSSL_RENESAS_FSPSM_TLS
#if defined(WOLFSSL_RENESAS_SCEPROTECT_ECC)
#if defined(WOLFSSL_RENESAS_FSPSM_ECC)
/* Verify Server Key Exchange while doing ECDH key exchange */
static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig,
uint32_t sigSz, void* ctx)
static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
const uint8_t* sig,
uint32_t sigSz, void* ctx)
{
int ret = WOLFSSL_FAILURE;
User_SCEPKCbInfo* cbInfo;
FSPSM_ST* cbInfo;
byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
byte *peerkey = NULL;
@ -188,7 +195,7 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
if (ssl == NULL || sig == NULL || ctx == NULL)
return ret;
cbInfo = (User_SCEPKCbInfo*)ctx;
cbInfo = (FSPSM_ST*)ctx;
/* export public peer public key */
ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen);
@ -210,9 +217,9 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
XMEMCPY(&peerkey[4], qx, qxLen);
XMEMCPY(&peerkey[4+qxLen], qy, qyLen);
if ((ret = wc_sce_hw_lock()) == 0) {
if ((ret = wc_fspsm_hw_lock()) == 0) {
/* 0 : RSA 2048bit, 1 : Reserved, 2 : ECDSA P-256 */
ret = R_SCE_TLS_ServerKeyExchangeVerify(
ret = FSPSM_TLS_SVRKEYExVfy(
type,
(uint8_t*) ssl->arrays->clientRandom,
(uint8_t*) ssl->arrays->serverRandom,
@ -222,7 +229,7 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
(uint32_t*)cbInfo->encrypted_ephemeral_ecdh_public_key);
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
WOLFSSL_MSG("failed R_fspsm_TLS_ServerKeyExchangeVerify");
cbInfo->keyflgs_tls.bits.pk_key_set = 0;
}
else {
@ -235,13 +242,13 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
}
/* unlock hw */
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
/* Callback for Rsa Verify */
WOLFSSL_LOCAL int wc_SCE_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
uint8_t** out, const byte* key, uint32_t keySz, void* ctx)
{
int ret = WOLFSSL_FAILURE;
@ -251,8 +258,8 @@ WOLFSSL_LOCAL int wc_SCE_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
WOLFSSL_PKMSG("SCE RSA Verify: sigSz %d, keySz %d\n", sigSz, keySz);
if (wc_sce_usable(ssl, 0))
ret = SCE_ServerKeyExVerify(0, ssl, sig, sigSz, ctx);
if (wc_fspsm_usable(ssl, 0))
ret = fspsm_ServerKeyExVerify(0, ssl, sig, sigSz, ctx);
else
ret = CRYPTOCB_UNAVAILABLE;
@ -264,7 +271,7 @@ WOLFSSL_LOCAL int wc_SCE_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
return ret;
}
/* Callback for Ecc Verify */
WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
const uint8_t* key, uint32_t keySz, int* result, void* ctx)
{
@ -283,7 +290,7 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
WOLFSSL_PKMSG("SCE ECC Verify: ssl->options.serverState = %d sigSz %d, hashSz %d, keySz %d\n",
ssl->options.serverState, sigSz, hashSz, keySz);
if (!wc_sce_usable(ssl, 0)) {
if (!wc_fspsm_usable(ssl, 0)) {
WOLFSSL_PKMSG("Cannot handle cipher suite by SCE");
return CRYPTOCB_UNAVAILABLE;
}
@ -322,7 +329,7 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
}
}
ret = SCE_ServerKeyExVerify(2, ssl, sigforSCE, 64, ctx);
ret = fspsm_ServerKeyExVerify(2, ssl, sigforSCE, 64, ctx);
if (sigforSCE)
XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP);
@ -340,7 +347,7 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
}
/* Callback for ECC shared secret */
WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
uint8_t* pubKeyDer, unsigned int* pubKeySz,
uint8_t* out, unsigned int* outlen, int side, void* ctx)
{
@ -348,7 +355,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
(void) otherKey;
(void) side;
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
(void)ssl;
(void)cbInfo;
@ -362,9 +369,9 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
if (cbInfo->keyflgs_tls.bits.pk_key_set == 1) {
if ((ret = wc_sce_hw_lock()) == 0) {
if ((ret = wc_fspsm_hw_lock()) == 0) {
/* Generate ECC PUblic key pair */
ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate(
ret = FSPSM_TLS_ECCS256R1_KPG(
&cbInfo->ecc_p256_wrapped_key,
(uint8_t*)&cbInfo->ecc_ecdh_public_key/* Qx 32 bytes and Qy 32 bytes*/ );
if (ret != FSP_SUCCESS) {
@ -379,7 +386,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
sizeof(cbInfo->ecc_ecdh_public_key));
/* Generate Premaster Secret */
ret = R_SCE_TLS_PreMasterSecretGenerateForECC_secp256r1(
ret = FSPSM_TLS_PREMASTERGEN(
(uint32_t*)&cbInfo->encrypted_ephemeral_ecdh_public_key,
&cbInfo->ecc_p256_wrapped_key,
(uint32_t*)out/* pre-master secret 64 bytes */);
@ -398,7 +405,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
}
/* unlock hw */
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
*outlen = 64;
WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
@ -428,7 +435,7 @@ static uint32_t GetSceCipherSuite(
break;
default:
sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE;
sceCipher = (uint32_t)WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE;
break;
}
WOLFSSL_MSG("<< GetSceCipherSuite");
@ -436,7 +443,7 @@ static uint32_t GetSceCipherSuite(
}
else if (cipherSuiteFirst == ECC_BYTE)
{
sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE;
sceCipher = (uint32_t)WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE;
/* comment out until implementation completes */
switch(cipherSuite) {
@ -457,12 +464,12 @@ static uint32_t GetSceCipherSuite(
break;
default:
sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE;
sceCipher = (uint32_t)WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE;
break;
}
}
else{
sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE;
sceCipher = (uint32_t)WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE;
}
WOLFSSL_MSG("<< GetSceCipherSuite");
@ -474,10 +481,10 @@ static uint32_t GetSceCipherSuite(
/* ssl : a pointer to WOLFSSL object */
/* session_key_generated : if session key has been generated */
/* return 1 for usable, 0 for unusable */
WOLFSSL_LOCAL int wc_sce_usable(const WOLFSSL *ssl,
WOLFSSL_LOCAL int wc_fspsm_usable(const WOLFSSL *ssl,
uint8_t session_key_generated)
{
WOLFSSL_ENTER("sce_usable");
WOLFSSL_ENTER("fspsm_usable");
uint32_t sceCipher;
byte side;
const Ciphers *enc;
@ -518,7 +525,7 @@ WOLFSSL_LOCAL int wc_sce_usable(const WOLFSSL *ssl,
ssl->options.cipherSuite);
side = ssl->options.side;
if (sceCipher != (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE
if (sceCipher != (uint32_t)WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE
&& side == WOLFSSL_CLIENT_END)
return 1;
else
@ -526,44 +533,45 @@ WOLFSSL_LOCAL int wc_sce_usable(const WOLFSSL *ssl,
}
/* Generate Hmac by sha256*/
WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(const WOLFSSL *ssl,const uint8_t* myInner,
uint32_t innerSz,const uint8_t* in, uint32_t sz, byte* digest)
WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl,
const uint8_t* myInner, uint32_t innerSz,const uint8_t* in,
uint32_t sz, byte* digest)
{
WOLFSSL_ENTER("sce_Sha256HmacGenerate");
WOLFSSL_ENTER("fspsm_Sha256HmacGenerate");
sce_hmac_sha_handle_t _handle;
sce_hmac_sha_wrapped_key_t wrapped_key;
FSPSM_HMAC_HANDLE _handle;
FSPSM_HMAC_WKEY wrapped_key;
int ret;
if ((ssl == NULL) || (myInner == NULL) || (in == NULL) ||
(digest == NULL))
return BAD_FUNC_ARG;
wrapped_key = ssl->keys.sce_client_write_MAC_secret;
wrapped_key = ssl->keys.fspsm_client_write_MAC_secret;
if ((ret = wc_sce_hw_lock()) != 0) {
if ((ret = wc_fspsm_hw_lock()) != 0) {
WOLFSSL_MSG("hw lock failed");
return ret;
}
ret = R_SCE_SHA256HMAC_GenerateInit(
ret = FSPSM_S256HMAC_GInt(
&_handle,
&wrapped_key);
if (ret == FSP_SUCCESS)
ret = R_SCE_SHA256HMAC_GenerateUpdate(
ret = FSPSM_S256HMAC_GUp(
&_handle,
(uint8_t*)myInner,
innerSz);
if (ret == FSP_SUCCESS)
ret = R_SCE_SHA256HMAC_GenerateUpdate(
ret = FSPSM_S256HMAC_GUp(
&_handle,
(uint8_t*)in,
sz);
if (ret == FSP_SUCCESS)
ret = R_SCE_SHA256HMAC_GenerateFinal(
ret = FSPSM_S256HMAC_GFnl(
&_handle,
digest);
@ -571,29 +579,29 @@ WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(const WOLFSSL *ssl,const uint8_t* my
ret = WOLFSSL_FAILURE;
/* unlock hw */
wc_sce_hw_unlock();
WOLFSSL_LEAVE("sce_Sha256HmacGenerate", ret);
wc_fspsm_hw_unlock();
WOLFSSL_LEAVE("fspsm_Sha256HmacGenerate", ret);
return ret;
}
/* Verify hmac */
WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const WOLFSSL *ssl,
WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl,
const uint8_t* message, uint32_t messageSz,
uint32_t macSz, uint32_t content)
{
WOLFSSL_ENTER("sce_Sha256HmacVerify");
WOLFSSL_ENTER("fspsm_Sha256HmacVerify");
sce_hmac_sha_handle_t _handle;
sce_hmac_sha_wrapped_key_t wrapped_key;
FSPSM_HMAC_HANDLE _handle;
FSPSM_HMAC_WKEY wrapped_key;
byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
int ret;
if ((ssl == NULL) || (message == NULL))
return BAD_FUNC_ARG;
wrapped_key = ssl->keys.sce_server_write_MAC_secret;
wrapped_key = ssl->keys.fspsm_server_write_MAC_secret;
if ((ret = wc_sce_hw_lock()) != 0) {
if ((ret = wc_fspsm_hw_lock()) != 0) {
WOLFSSL_MSG("hw lock failed");
return ret;
}
@ -601,44 +609,45 @@ WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const WOLFSSL *ssl,
wolfSSL_SetTlsHmacInner((WOLFSSL*)ssl, myInner,
(word32)messageSz, (int)content, 1);
ret = R_SCE_SHA256HMAC_VerifyInit(
ret = FSPSM_S256HMAC_VInt(
&_handle,
&wrapped_key);
if (ret == FSP_SUCCESS)
ret = R_SCE_SHA256HMAC_VerifyUpdate(
ret = FSPSM_S256HMAC_VUp(
&_handle,
(uint8_t*)myInner,
WOLFSSL_TLS_HMAC_INNER_SZ);
if (ret == FSP_SUCCESS)
ret = R_SCE_SHA256HMAC_VerifyUpdate(
ret = FSPSM_S256HMAC_VUp(
&_handle,
(uint8_t*)message,
(uint32_t)messageSz);
if (ret == FSP_SUCCESS)
ret = R_SCE_SHA256HMAC_VerifyFinal(
ret = FSPSM_S256HMAC_VFnl(
&_handle,
(uint8_t*)(message+messageSz),
(uint32_t)macSz);
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("SCE Mac verification failed");
WOLFSSL_MSG("FSP SM Mac verification failed");
}
/* unlock hw */
wc_sce_hw_unlock();
WOLFSSL_LEAVE("sce_Sha256HmacVerify", ret);
wc_fspsm_hw_unlock();
WOLFSSL_LEAVE("fspsm_Sha256HmacVerify", ret);
return ret;
}
/* generate Verify Data based on master secret */
WOLFSSL_LOCAL int wc_sce_generateVerifyData(const uint8_t *ms, /* master secret */
const uint8_t *side, const uint8_t *handshake_hash,
uint8_t *hashes /* out */)
WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
const uint8_t *ms, /* master secret */
const uint8_t *side, const uint8_t *handshake_hash,
uint8_t *hashes /* out */)
{
WOLFSSL_ENTER("sce_generateVerifyData");
WOLFSSL_ENTER("fspsm_generateVerifyData");
int ret ;
uint32_t l_side = SCE_TLS_GENERATE_CLIENT_VERIFY;
@ -652,31 +661,32 @@ WOLFSSL_LOCAL int wc_sce_generateVerifyData(const uint8_t *ms, /* master secret
l_side = SCE_TLS_GENERATE_SERVER_VERIFY;
}
if ((ret = wc_sce_hw_lock()) == 0) {
ret = R_SCE_TLS_VerifyDataGenerate(l_side, (uint32_t*)ms,
if ((ret = wc_fspsm_hw_lock()) == 0) {
ret = FSPSM_VERIFY_DATA_FUNC(l_side, (uint32_t*)ms,
(uint8_t*)handshake_hash, hashes/* out */);
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("R_SCE_TLS_VerifyDataGenerate failed");
WOLFSSL_MSG("R_fspsm_TLS_VerifyDataGenerate failed");
}
}
/* unlock hw */
wc_sce_hw_unlock();
WOLFSSL_LEAVE("sce_generateVerifyData", ret);
wc_fspsm_hw_unlock();
WOLFSSL_LEAVE("fspsm_generateVerifyData", ret);
return ret;
}
/* generate keys for TLS communication */
WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
User_SCEPKCbInfo* cbInfo, int devId)
WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
FSPSM_ST* cbInfo, int devId)
{
WOLFSSL_MSG("sce_generateSessionKey()");
WOLFSSL_MSG("fspsm_generateSessionKey()");
int ret;
Ciphers *enc;
Ciphers *dec;
sce_hmac_sha_wrapped_key_t key_client_mac;
sce_hmac_sha_wrapped_key_t key_server_mac;
sce_aes_wrapped_key_t key_client_aes;
sce_aes_wrapped_key_t key_server_aes;
FSPSM_HMAC_WKEY key_client_mac;
FSPSM_HMAC_WKEY key_server_mac;
FSPSM_AES_WKEY key_client_aes;
FSPSM_AES_WKEY key_server_aes;
uint32_t sceCS = GetSceCipherSuite(ssl->options.cipherSuite0,
ssl->options.cipherSuite);
@ -684,7 +694,7 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
return BAD_FUNC_ARG;
if ((ret = wc_sce_hw_lock()) == 0) {
if ((ret = wc_fspsm_hw_lock()) == 0) {
if (sceCS == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ||
sceCS == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
{
@ -695,11 +705,11 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
}
else {
ret = R_SCE_TLS_SessionKeyGenerate(
ret = FSPSM_SESSIONKEY_GEN_FUNC(
GetSceCipherSuite(
ssl->options.cipherSuite0,
ssl->options.cipherSuite),
(uint32_t*)ssl->arrays->sce_masterSecret,
(uint32_t*)ssl->arrays->fspsm_masterSecret,
(uint8_t*) ssl->arrays->clientRandom,
(uint8_t*) ssl->arrays->serverRandom,
NULL,
@ -711,7 +721,7 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
}
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("R_SCE_TLS_SessionKeyGenerate failed");
WOLFSSL_MSG("R_fspsm_TLS_SessionKeyGenerate failed");
}
else {
/* succeeded creating session keys */
@ -745,20 +755,20 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
}
/* copy key index into aes */
if (ssl->options.side == PROVISION_CLIENT) {
XMEMCPY(&enc->aes->ctx.sce_wrapped_key, &key_client_aes,
XMEMCPY(&enc->aes->ctx.wrapped_key, &key_client_aes,
sizeof(key_client_aes));
XMEMCPY(&dec->aes->ctx.sce_wrapped_key, &key_server_aes,
XMEMCPY(&dec->aes->ctx.wrapped_key, &key_server_aes,
sizeof(key_server_aes));
}
else {
XMEMCPY(&enc->aes->ctx.sce_wrapped_key, &key_server_aes,
XMEMCPY(&enc->aes->ctx.wrapped_key, &key_server_aes,
sizeof(key_server_aes));
XMEMCPY(&dec->aes->ctx.sce_wrapped_key, &key_client_aes,
XMEMCPY(&dec->aes->ctx.wrapped_key, &key_client_aes,
sizeof(key_client_aes));
}
/* copy mac key index into keys */
ssl->keys.sce_client_write_MAC_secret = key_client_mac;
ssl->keys.sce_server_write_MAC_secret = key_server_mac;
ssl->keys.fspsm_client_write_MAC_secret = key_client_mac;
ssl->keys.fspsm_server_write_MAC_secret = key_server_mac;
/* set up key size and marked ready */
if (enc) {
@ -775,8 +785,8 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
dec->setup = 1;
}
if (cbInfo->sce_cipher == SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
cbInfo->sce_cipher == SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
if (cbInfo->cipher == SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
cbInfo->cipher == SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
enc->aes->nonceSz = AEAD_MAX_IMP_SZ;
dec->aes->nonceSz = AEAD_MAX_IMP_SZ;
}
@ -787,18 +797,18 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
cbInfo->keyflgs_tls.bits.session_key_set = 1;
}
/* unlock hw */
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
}
else {
WOLFSSL_LEAVE("hw lock failed", ret);
}
WOLFSSL_LEAVE("sce_generateSessionKey", ret);
WOLFSSL_LEAVE("fspsm_generateSessionKey", ret);
return ret;
}
/* generate master secret based on pre-master which is generated by SCE */
WOLFSSL_LOCAL int wc_sce_generateMasterSecret(
WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
uint8_t cipherSuiteFirst,
uint8_t cipherSuite,
const uint8_t *pr, /* pre-master */
@ -806,7 +816,7 @@ WOLFSSL_LOCAL int wc_sce_generateMasterSecret(
const uint8_t *sr, /* server random */
uint8_t *ms)
{
WOLFSSL_ENTER("sce_generateMasterSecretEx");
WOLFSSL_ENTER("fspsm_generateMasterSecretEx");
int ret;
if ((pr == NULL) || (cr == NULL) || (sr == NULL) ||
@ -817,49 +827,49 @@ WOLFSSL_LOCAL int wc_sce_generateMasterSecret(
if (sceCS == 0xffffffff)
return BAD_FUNC_ARG;
if ((ret = wc_sce_hw_lock()) == 0) {
ret = R_SCE_TLS_MasterSecretGenerate(
if ((ret = wc_fspsm_hw_lock()) == 0) {
ret = FSPSM_MASTERSECRET_GEN_FUNC(
sceCS,
(uint32_t*)pr,
(uint8_t*)cr, (uint8_t*)sr, (uint32_t*)ms);
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("R_SCE_TLS_MasterSecretGenerate failed");
WOLFSSL_MSG("R_fspsm_TLS_MasterSecretGenerate failed");
}
/* unlock hw */
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
}
else {
WOLFSSL_MSG(" hw lock failed ");
}
WOLFSSL_LEAVE("sce_generateMasterSecret", ret);
WOLFSSL_LEAVE("fspsm_generateMasterSecret", ret);
return ret;
}
/* generate pre-Master secrete by SCE */
WOLFSSL_LOCAL int wc_sce_generatePremasterSecret(uint8_t *premaster,
WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(uint8_t *premaster,
uint32_t preSz)
{
WOLFSSL_ENTER("sce_generatePremasterSecret");
WOLFSSL_ENTER("fspsm_generatePremasterSecret");
int ret;
if (premaster == NULL)
return BAD_FUNC_ARG;
if ((ret = wc_sce_hw_lock()) == 0 && preSz >=
if ((ret = wc_fspsm_hw_lock()) == 0 && preSz >=
(SCE_TLS_MASTER_SECRET_WORD_SIZE*4)) {
/* generate pre-master, 80 bytes */
ret = R_SCE_TLS_PreMasterSecretGenerateForRSA2048((uint32_t*)premaster);
ret = FSPSM_PREGEN_FUNC((uint32_t*)premaster);
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG(" R_SCE_TLS_GeneratePreMasterSecret failed");
WOLFSSL_MSG(" R_fspsm_TLS_GeneratePreMasterSecret failed");
}
/* unlock hw */
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
}
else {
WOLFSSL_MSG(" hw lock failed or preSz is smaller than 80");
}
WOLFSSL_LEAVE("sce_generatePremasterSecret", ret);
WOLFSSL_LEAVE("fspsm_generatePremasterSecret", ret);
return ret;
}
@ -867,20 +877,20 @@ WOLFSSL_LOCAL int wc_sce_generatePremasterSecret(uint8_t *premaster,
/*
* generate encrypted pre-Master secrete by SCE
*/
WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret(
WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret(
WOLFSSL* ssl,
uint8_t* out,
uint32_t* outSz)
{
WOLFSSL_MSG("sce_generateEncryptPreMasterSecret");
WOLFSSL_MSG("fspsm_generateEncryptPreMasterSecret");
int ret;
if ((ssl == NULL) || (out == NULL) || (outSz == NULL))
return BAD_FUNC_ARG;
if ((ret = wc_sce_hw_lock()) == 0) {
if ((ret = wc_fspsm_hw_lock()) == 0) {
if (*outSz >= 256)
ret = R_SCE_TLS_PreMasterSecretEncryptWithRSA2048(
ret = FSPSM_PREGENENC_FUNC(
(uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
(uint32_t*)ssl->arrays->preMasterSecret,
(uint8_t*)out);
@ -888,7 +898,7 @@ WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret(
ret = -1;
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("R_SCE_TLS_PreMasterSecretEncryptWithRSA2048 failed");
WOLFSSL_MSG("R_fspsm_TLS_PreMasterSecretEncryptWithRSA2048 failed");
}
else {
*outSz = 256; /* SCE can only handles 2048 RSA */
@ -898,26 +908,26 @@ WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret(
Renesas_cmn_genMasterSecret);
wolfSSL_SetGenMasterSecretCtx(ssl, ctx);
}
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
}
else {
WOLFSSL_MSG(" hw lock failed ");
}
WOLFSSL_LEAVE("sce_generateEncryptPreMasterSecret", ret);
WOLFSSL_LEAVE("fspsm_generateEncryptPreMasterSecret", ret);
return ret;
}
/* Certificate verification by SCE */
WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start,uint32_t key_n_len,
uint32_t key_e_start,uint32_t key_e_len,
uint8_t* sce_encPublickey)
uint8_t* fspsm_encPublickey)
{
WOLFSSL_ENTER("sce_tls_CertVerify");
WOLFSSL_ENTER("fspsm_tls_CertVerify");
int ret;
uint8_t *sigforSCE;
uint8_t *pSig;
@ -935,8 +945,8 @@ WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
WOLFSSL_MSG(" signature for ca verification is not set");
return -1;
}
if (!sce_encPublickey) {
WOLFSSL_MSG(" sce_encPublickey is NULL.");
if (!fspsm_encPublickey) {
WOLFSSL_MSG(" fspsm_encPublickey is NULL.");
return -1;
}
@ -980,36 +990,36 @@ WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
}
if ((ret = wc_sce_hw_lock()) == 0) {
ret = R_SCE_TLS_CertificateVerify(
if ((ret = wc_fspsm_hw_lock()) == 0) {
ret = FSPSM_TLSCERT_VRY(
g_user_key_info.encrypted_user_tls_key_type,
(uint32_t*)g_encrypted_publicCA_key,/* encrypted public key */
(uint8_t*)cert, /* certificate der */
certSz, /* length of der */
(uint8_t*)cert, /* certificate der */
certSz, /* length of der */
(uint8_t*)pSig, /* sign data by RSA PSS */
key_n_start, /* start position of public key n in bytes */
(key_n_start + key_n_len), /* length of the public key n */
key_e_start, /* start pos, key e in bytes */
(key_e_start + key_e_len), /* length of the public key e */
(uint32_t*)sce_encPublickey /* returned encrypted key */
(uint32_t*)fspsm_encPublickey /* returned encrypted key */
);
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification() failed");
WOLFSSL_MSG(" R_XXX_TlsCertificateVerification() failed");
}
if (sigforSCE) {
XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP);
}
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
}
else {
WOLFSSL_MSG(" hw lock failed ");
}
WOLFSSL_LEAVE("sce_tls_CertVerify", ret);
WOLFSSL_LEAVE("fspsm_tls_CertVerify", ret);
return ret;
}
/* Root Certificate verification */
WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify(
WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify(
const uint8_t* cert, uint32_t cert_len,
uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len,
@ -1019,7 +1029,7 @@ WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify(
/* call to generate encrypted public key for certificate verification */
uint8_t *signature = (uint8_t*)ca_cert_sig;
WOLFSSL_ENTER("wc_sce_tls_RootCertVerify");
WOLFSSL_ENTER("wc_fspsm_tls_RootCertVerify");
if (cert == NULL)
return BAD_FUNC_ARG;
@ -1029,8 +1039,8 @@ WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify(
return -1;
}
if ((ret = wc_sce_hw_lock()) == 0) {
ret = R_SCE_TLS_RootCertificateVerify(
if ((ret = wc_fspsm_hw_lock()) == 0) {
ret = FSPSM_TLSROOTCERT_VRY(
g_user_key_info.encrypted_user_tls_key_type,
(uint8_t*)cert, /* CA cert */
(uint32_t)cert_len, /* length of CA cert */
@ -1042,55 +1052,63 @@ WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify(
g_encrypted_publicCA_key); /* RSA-2048 public key 560 bytes */
/* ECDSA 96 bytes */
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG(" R_SCE_TLS_RootCertificateVerify() failed");
WOLFSSL_MSG(" R_fspsm_TLS_RootCertificateVerify() failed");
}
else {
g_CAscm_Idx = cm_row;
}
wc_sce_hw_unlock();
wc_fspsm_hw_unlock();
}
else {
WOLFSSL_MSG(" hw lock failed ");
}
WOLFSSL_LEAVE("wc_sce_tls_RootCertVerify", ret);
WOLFSSL_LEAVE("wc_fspsm_tls_RootCertVerify", ret);
return ret;
}
/* store elements for session key generation into ssl->keys.
* return 0 on success, negative value on failure
*/
WOLFSSL_LOCAL int wc_sce_storeKeyCtx(WOLFSSL* ssl, User_SCEPKCbInfo* info)
WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(WOLFSSL* ssl, FSPSM_ST* info)
{
int ret = 0;
WOLFSSL_ENTER("sce_storeKeyCtx");
WOLFSSL_ENTER("fspsm_storeKeyCtx");
if (ssl == NULL || info == NULL)
ret = BAD_FUNC_ARG;
if (ret == 0) {
XMEMCPY(info->sce_masterSecret, ssl->arrays->sce_masterSecret,
SCE_TLS_MASTERSECRET_SIZE);
XMEMCPY(info->sce_clientRandom, ssl->arrays->clientRandom, 32);
XMEMCPY(info->sce_serverRandom, ssl->arrays->serverRandom, 32);
XMEMCPY(info->masterSecret, ssl->arrays->fspsm_masterSecret,
FSPSM_TLS_MASTERSECRET_SIZE);
XMEMCPY(info->clientRandom, ssl->arrays->clientRandom, 32);
XMEMCPY(info->serverRandom, ssl->arrays->serverRandom, 32);
info->sce_cipher = (uint8_t)GetSceCipherSuite(ssl->options.cipherSuite0,
info->cipher = (uint8_t)GetSceCipherSuite(ssl->options.cipherSuite0,
ssl->options.cipherSuite);
}
WOLFSSL_LEAVE("sce_storeKeyCtx", ret);
WOLFSSL_LEAVE("fspsm_storeKeyCtx", ret);
return ret;
}
/* to inform ca certificate sign */
/* signature format expects RSA 2048 PSS with SHA256 */
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
WOLFSSL_API void wc_sce_inform_cert_sign(const uint8_t *sign)
#else
WOLFSSL_API void wc_fspsm_inform_cert_sign(const uint8_t *sign)
#endif
{
if (sign)
ca_cert_sig = sign;
}
/* let wolfSSL know user key information using TLS operation by SCE */
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
WOLFSSL_API void wc_sce_inform_user_keys(
#else
WOLFSSL_API void wc_fspsm_inform_user_keys(
#endif
uint8_t* encrypted_provisioning_key,
uint8_t* iv,
uint8_t* encrypted_user_tls_key,
@ -1119,7 +1137,11 @@ WOLFSSL_API void wc_sce_inform_user_keys(
/* Set callbacks needed for sce TLS api handling */
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
WOLFSSL_API void wc_sce_set_callbacks(WOLFSSL_CTX* ctx)
#else
WOLFSSL_API void wc_fspsm_set_callbacks(WOLFSSL_CTX* ctx)
#endif
{
wolfSSL_CTX_SetEccVerifyCb(ctx, Renesas_cmn_EccVerify);
wolfSSL_CTX_SetRsaVerifyCb(ctx, Renesas_cmn_RsaVerify);
@ -1131,15 +1153,20 @@ WOLFSSL_API void wc_sce_set_callbacks(WOLFSSL_CTX* ctx)
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
}
/* Set callback contexts needed for sce TLS api handling */
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
#else
WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
#endif
{
if (sce_sess_idx > MAX_SCE_CBINDEX) {
if (fspsm_sess_idx > MAX_FSPSM_CBINDEX) {
WOLFSSL_MSG("exceeds maximum session index");
return -1;
}
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx] = (User_SCEPKCbInfo*)user_ctx;
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.pk_key_set = 0;
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.session_key_set = 0;
gPKCbInfo.user_PKCbInfo[fspsm_sess_idx] = (FSPSM_ST*)user_ctx;
gPKCbInfo.user_PKCbInfo[fspsm_sess_idx]->keyflgs_tls.bits.pk_key_set = 0;
gPKCbInfo.user_PKCbInfo[fspsm_sess_idx]->keyflgs_tls.bits.session_key_set
= 0;
wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
wolfSSL_SetRsaEncCtx(ssl, user_ctx);
@ -1151,10 +1178,10 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
/* set up crypt callback */
wc_CryptoCb_CryptInitRenesasCmn(ssl, user_ctx);
gSCE_PKCbInfo.num_session = ++sce_sess_idx;
gPKCbInfo.num_session = ++fspsm_sess_idx;
return 0;
}
#endif /* !WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
#endif /* !WOLFSSL_RENESAS_FSPSM_CRYPTONLY */
#endif /* WOLFSSL_RENESAS_SCEPROTECT || WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
#endif /* WOLFSSL_RENESAS_FSPSM_TLS || WOLFSSL_RENESAS_FSPSM_CRYPTONLY */

4
wolfcrypt/src/random.c
View File

@ -3474,8 +3474,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
}
return ret;
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#elif defined(WOLFSSL_RENESAS_FSPSM) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
#include "r_sce.h"
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)

4
wolfcrypt/src/rsa.c
View File

@ -3263,7 +3263,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
pad_value, pad_type, hash, mgf, label,
labelSz, sz);
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \
#elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
(!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
/* SCE needs warpped key which is passed via
@ -3424,7 +3424,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
}
return ret;
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \
#elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
(!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
#ifdef WOLF_CRYPTO_CB

23
wolfcrypt/src/sha256.c
View File

@ -175,9 +175,9 @@ on the specific device platform.
defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \
!defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \
((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \
!defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) \
|| defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) && \
((!defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) \
|| defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) && \
(!defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)) && \
!defined(WOLFSSL_RENESAS_RX64_HASH)
@ -756,11 +756,10 @@ static int InitSha256(wc_Sha256* sha256)
/* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
/* implemented in wolfcrypt/src/port/Renesas/renesas_sce_sha.c */
/* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
#elif defined(WOLFSSL_PSOC6_CRYPTO)
@ -1766,9 +1765,8 @@ void wc_Sha256Free(wc_Sha256* sha256)
((defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) || \
((defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) || \
(defined(WOLFSSL_RENESAS_SCEPROTECT) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) || \
defined(WOLFSSL_RENESAS_RX64_HASH) || \
defined(WOLFSSL_HASH_KEEP)
@ -1962,9 +1960,8 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
/* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
/* implemented in wolfcrypt/src/port/Renesas/renesas_sce_sha.c */

15
wolfcrypt/src/wc_port.c
View File

@ -61,9 +61,8 @@
#if defined(WOLFSSL_RENESAS_TSIP)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#if defined(WOLFSSL_RENESAS_FSPSM)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#endif
#if defined(WOLFSSL_RENESAS_RX64_HASH)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h>
@ -194,9 +193,8 @@ int wolfCrypt_Init(void)
}
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
ret = wc_sce_Open( );
#if defined(WOLFSSL_RENESAS_FSPSM)
ret = wc_fspsm_Open( );
if( ret != FSP_SUCCESS ) {
WOLFSSL_MSG("RENESAS SCE Open failed");
/* not return 1 since WOLFSSL_SUCCESS=1*/
@ -450,9 +448,8 @@ int wolfCrypt_Cleanup(void)
rx64_hw_Close();
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
wc_sce_Close();
#if defined(WOLFSSL_RENESAS_FSPSM)
wc_fspsm_Close();
#endif
#ifdef WOLFSSL_SCE

13
wolfssl/internal.h
View File

@ -2759,10 +2759,9 @@ typedef struct Keys {
tsip_hmac_sha_key_index_t tsip_server_write_MAC_secret;
#endif
#ifdef WOLFSSL_RENESAS_SCEPROTECT
sce_hmac_sha_wrapped_key_t sce_client_write_MAC_secret;
sce_hmac_sha_wrapped_key_t sce_server_write_MAC_secret;
#ifdef WOLFSSL_RENESAS_FSPSM_TLS
FSPSM_HMAC_WKEY fspsm_client_write_MAC_secret;
FSPSM_HMAC_WKEY fspsm_server_write_MAC_secret;
#endif
} Keys;
@ -4767,8 +4766,8 @@ typedef struct Arrays {
!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
byte tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE];
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
byte sce_masterSecret[SCE_TLS_MASTERSECRET_SIZE];
#if defined(WOLFSSL_RENESAS_FSPSM_TLS)
byte fspsm_masterSecret[FSPSM_TLS_MASTERSECRET_SIZE];
#endif
#ifdef WOLFSSL_DTLS
byte cookie[MAX_COOKIE_LEN];
@ -5431,7 +5430,7 @@ struct WOLFSSL {
#endif /* OPENSSL_EXTRA */
#ifndef NO_RSA
RsaKey* peerRsaKey;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
void* RenesasUserCtx;
byte* peerSceTsipEncRsaKeyIndex;
#endif

5
wolfssl/wolfcrypt/aes.h
View File

@ -298,9 +298,8 @@ struct Aes {
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TSIP_AES_CTX ctx;
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT) ||\
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
SCE_AES_CTX ctx;
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
FSPSM_AES_CTX ctx;
#endif
#if defined(WOLFSSL_IMXRT_DCP)
dcp_handle_t handle;

8
wolfssl/wolfcrypt/asn.h
View File

@ -1417,7 +1417,7 @@ enum SignatureState {
#endif
#endif /* HAVE_PK_CALLBACKS */
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) ||\
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\
defined(HAVE_PK_CALLBACKS)
typedef struct tagCertAttribute {
byte verifyByTSIP_SCE;
@ -1490,7 +1490,7 @@ struct SignatureCtx {
#endif
#endif /* HAVE_PK_CALLBACKS */
#ifndef NO_RSA
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) ||\
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\
defined(HAVE_PK_CALLBACKS)
CertAttribute CertAtt;
#endif
@ -1864,7 +1864,7 @@ struct DecodedCert {
#ifndef NO_CERTS
SignatureCtx sigCtx;
#endif
#if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
byte* sce_tsip_encRsaKeyIdx;
#endif
#ifdef WOLFSSL_MAXQ10XX_TLS
@ -1975,7 +1975,7 @@ struct Signer {
#ifdef WOLFSSL_SIGNER_DER_CERT
DerBuffer* derCert;
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
word32 cm_idx;
#endif
Signer* next;

3
wolfssl/wolfcrypt/include.am
View File

@ -107,7 +107,8 @@ noinst_HEADERS+= \
wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \
wolfssl/wolfcrypt/port/arm/cryptoCell.h \
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h \
wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h \
wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h \
wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h \
wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \

217
wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h → wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
View File

@ -1,4 +1,4 @@
/* renesas-sce-crypt.h
/* renesas-fspsm-crypt.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
@ -18,32 +18,29 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef __RENESAS_SCE_CRYPT_H__
#define __RENESAS_SCE_CRYPT_H__
#ifndef __RENESAS_FSPSM_CRYPT_H__
#define __RENESAS_FSPSM_CRYPT_H__
#include "r_sce.h"
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SCE_SESSIONKEY_NONCE_SIZE 8
#define WOLFSSL_SCE_ILLEGAL_CIPHERSUITE -1
#define WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE -1
#define MAX_FSPSM_CBINDEX 5
#define MAX_SCE_CBINDEX 5
typedef void* renesas_sce_wrappedkey;
typedef void* FSP_W_KEYVAR;
/* flsgas related to TLS */
struct sce_keyflgs_tls {
struct FSPSM_tls_flg_ST {
uint8_t pk_key_set:1;
uint8_t session_key_set:1;
};
/* flags Crypt Only */
struct sce_keyflgs_cryt {
struct FSPSM_key_flg_ST {
uint8_t aes256_installedkey_set:1;
uint8_t aes128_installedkey_set:1;
uint8_t rsapri2048_installedkey_set:1;
@ -53,108 +50,109 @@ struct sce_keyflgs_cryt {
uint8_t message_type:1;/*message 0, hashed 1*/
};
typedef struct tagUser_SCEPKCbInfo {
typedef struct FSPSM_tag_ST {
/* unique number for each session */
int devId;
#if defined(WOLFSSL_RENESAS_SCEPROTECT) && \
!defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[SCE_TLS_ENCRYPTED_ECCPUBKEY_SZ];
uint32_t
encrypted_ephemeral_ecdh_public_key[FSPSM_TLS_ENCRYPTED_ECCPUBKEY_SZ];
/* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */
sce_tls_p256_ecc_wrapped_key_t ecc_p256_wrapped_key;
uint8_t ecc_ecdh_public_key[HW_SCE_ECC_PUBLIC_KEY_BYTE_SIZE];
uint32_t sce_masterSecret[SCE_TLS_MASTERSECRET_SIZE/4];
uint8_t sce_clientRandom[SCE_TLS_CLIENTRANDOM_SZ];
uint8_t sce_serverRandom[SCE_TLS_SERVERRANDOM_SZ];
uint8_t sce_cipher;
uint32_t masterSecret[FSPSM_TLS_MASTERSECRET_SIZE/4];
uint8_t clientRandom[FSPSM_TLS_CLIENTRANDOM_SZ];
uint8_t serverRandom[FSPSM_TLS_SERVERRANDOM_SZ];
uint8_t cipher;
#endif
/* installed key handling */
/* aes */
renesas_sce_wrappedkey sce_wrapped_key_aes256;
renesas_sce_wrappedkey sce_wrapped_key_aes128;
#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
FSP_W_KEYVAR wrapped_key_aes256;
FSP_W_KEYVAR wrapped_key_aes128;
#if defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
/* rsa */
renesas_sce_wrappedkey sce_wrapped_key_rsapri2048;
renesas_sce_wrappedkey sce_wrapped_key_rsapub2048;
renesas_sce_wrappedkey sce_wrapped_key_rsapri1024;
renesas_sce_wrappedkey sce_wrapped_key_rsapub1024;
FSP_W_KEYVAR wrapped_key_rsapri2048;
FSP_W_KEYVAR wrapped_key_rsapub2048;
FSP_W_KEYVAR wrapped_key_rsapri1024;
FSP_W_KEYVAR wrapped_key_rsapub1024;
#endif
/* key status flags */
/* flag whether encrypted ec key is set */
union {
uint8_t chr;
struct sce_keyflgs_tls bits;
struct FSPSM_tls_flg_ST bits;
} keyflgs_tls;
/* key status flags */
/* flags shows status if wrapped keys are installed */
union {
uint8_t chr;
struct sce_keyflgs_cryt bits;
struct FSPSM_key_flg_ST bits;
} keyflgs_crypt;
} User_SCEPKCbInfo;
typedef struct tagSCE_PKCbInfo {
User_SCEPKCbInfo *user_PKCbInfo[MAX_SCE_CBINDEX];
} FSPSM_ST;
typedef struct tagPKCbInfo {
FSPSM_ST *user_PKCbInfo[MAX_FSPSM_CBINDEX];
uint32_t num_session;
} SCE_PKCbInfo;
} FSPSM_ST_PKC;
typedef struct
{
uint8_t *encrypted_provisioning_key;
uint8_t *iv;
uint8_t *encrypted_user_tls_key;
uint32_t encrypted_user_tls_key_type;
sce_tls_ca_certification_public_wrapped_key_t user_rsa2048_tls_wrappedkey;
} sce_key_data;
uint32_t encrypted_user_tls_key_type;
FSPSM_CACERT_PUB_WKEY user_rsa2048_tls_wrappedkey;
} fspsm_key_data;
struct WOLFSSL;
struct WOLFSSL_CTX;
struct ecc_key;
WOLFSSL_LOCAL int wc_sce_Open();
WOLFSSL_LOCAL void wc_sce_Close();
WOLFSSL_LOCAL int wc_sce_hw_lock();
WOLFSSL_LOCAL void wc_sce_hw_unlock( void );
WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl,
WOLFSSL_LOCAL int wc_fspsm_Open();
WOLFSSL_LOCAL void wc_fspsm_Close();
WOLFSSL_LOCAL int wc_fspsm_hw_lock();
WOLFSSL_LOCAL void wc_fspsm_hw_unlock( void );
WOLFSSL_LOCAL int wc_fspsm_usable(const struct WOLFSSL *ssl,
uint8_t session_key_generated);
typedef struct {
sce_aes_wrapped_key_t sce_wrapped_key;
word32 keySize;
byte setup;
} SCE_AES_CTX;
FSPSM_AES_WKEY wrapped_key;
word32 keySize;
byte setup;
} FSPSM_AES_CTX;
struct Aes;
WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in,
word32 sz);
WOLFSSL_LOCAL int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in,
word32 sz);
WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz);
WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz);
WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
WOLFSSL_LOCAL int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz,
byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
WOLFSSL_LOCAL int wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
#if !defined(NO_SHA256) && !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
#if !defined(NO_SHA256) && !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
typedef enum {
SCE_SHA256 = 1,
} SCE_SHA_TYPE;
FSPSM_SHA256 = 1,
} FSPSM_SHA_TYPE;
typedef struct {
byte* msg;
@ -166,20 +164,20 @@ typedef struct {
word32 flags;
int devId;
#endif
} wolfssl_SCE_Hash;
} wolfssl_FSPSM_Hash;
/* RAW hash function APIs are not implemented with SCE */
#undef WOLFSSL_NO_HASH_RAW
#define WOLFSSL_NO_HASH_RAW
typedef wolfssl_SCE_Hash wc_Sha256;
typedef wolfssl_FSPSM_Hash wc_Sha256;
#endif /* NO_SHA */
#if defined(WOLFSSL_RENESAS_SCEPROTECT) && \
!defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPT_ONLY)
WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify(
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
!defined(WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY)
WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify(
const uint8_t* cert, uint32_t cert_len,
uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len,
@ -193,46 +191,46 @@ WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
uint8_t* sce_encRsaKeyIdx);
WOLFSSL_LOCAL int wc_sce_generatePremasterSecret(
WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(
uint8_t* premaster,
uint32_t preSz);
WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret(
struct WOLFSSL* ssl,
uint8_t* out,
WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret(
struct WOLFSSL* ssl,
uint8_t* out,
uint32_t* outSz);
WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(
WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(
const struct WOLFSSL *ssl,
const uint8_t* myInner,
const uint8_t* myInner,
uint32_t innerSz,
const uint8_t* in,
uint32_t sz,
uint8_t* digest);
WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(
WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(
const struct WOLFSSL *ssl,
const uint8_t* message,
const uint8_t* message,
uint32_t messageSz,
uint32_t macSz,
uint32_t content);
WOLFSSL_LOCAL int wc_sce_storeKeyCtx(
WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(
struct WOLFSSL* ssl,
User_SCEPKCbInfo* info);
FSPSM_ST* info);
WOLFSSL_LOCAL int wc_sce_generateVerifyData(
WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
const uint8_t* ms, /* master secret */
const uint8_t* side,
const uint8_t* handshake_hash,
uint8_t* hashes /* out */);
WOLFSSL_LOCAL int wc_sce_generateSessionKey(
WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(
struct WOLFSSL* ssl,
User_SCEPKCbInfo* cbInfo,
FSPSM_ST* cbInfo,
int devId);
WOLFSSL_LOCAL int wc_sce_generateMasterSecret(
WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
uint8_t cipherSuiteFirst,
uint8_t cipherSuite,
const uint8_t *pr, /* pre-master */
@ -240,39 +238,50 @@ WOLFSSL_LOCAL int wc_sce_generateMasterSecret(
const uint8_t *sr, /* server random */
uint8_t *ms);
WOLFSSL_LOCAL int wc_SCE_RsaVerify(struct WOLFSSL* ssl, byte* sig, uint32_t sigSz,
uint8_t** out, const byte* key, uint32_t keySz, void* ctx);
WOLFSSL_LOCAL int wc_SCE_EccVerify(struct WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz,
const uint8_t* hash, uint32_t hashSz, const uint8_t* key, uint32_t keySz,
int* result, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(struct WOLFSSL* ssl, byte* sig,
uint32_t sigSz, uint8_t** out,
const byte* key, uint32_t keySz, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(struct WOLFSSL* ssl,
const uint8_t* sig, uint32_t sigSz,
const uint8_t* hash, uint32_t hashSz,
const uint8_t* key, uint32_t keySz,
int* result, void* ctx);
WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start,uint32_t key_n_len,
uint32_t key_e_start,uint32_t key_e_len,
uint8_t* fspsm_encPublickey);
/* Callback for EccShareSecret */
WOLFSSL_LOCAL int SCE_EccSharedSecret(struct WOLFSSL* ssl, struct ecc_key* otherKey,
uint8_t* pubKeyDer, unsigned int* pubKeySz,
uint8_t* out, unsigned int* outlen, int side, void* ctx);
WOLFSSL_LOCAL int fspsm_EccSharedSecret(struct WOLFSSL* ssl,
struct ecc_key* otherKey,
uint8_t* pubKeyDer, unsigned int* pubKeySz,
uint8_t* out, unsigned int* outlen, int side, void* ctx);
/* user API */
WOLFSSL_API void wc_sce_inform_user_keys(
WOLFSSL_API void FSPSM_INFORM_FUNC(
uint8_t* encrypted_provisioning_key,
uint8_t* iv,
uint8_t* encrypted_user_tls_key,
uint32_t encrypted_user_tls_key_type);
WOLFSSL_API void wc_sce_set_callbacks(struct WOLFSSL_CTX* ctx);
WOLFSSL_API int wc_sce_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx);
WOLFSSL_API void wc_sce_inform_cert_sign(const uint8_t *sign);
WOLFSSL_API void FSPSM_CALLBACK_FUNC(struct WOLFSSL_CTX* ctx);
WOLFSSL_API int FSPSM_CALLBACK_CTX_FUNC(struct WOLFSSL* ssl, void* user_ctx);
WOLFSSL_API void FSPSM_INFORM_CERT_SIGN(const uint8_t *sign);
/* rsa */
struct RsaKey;
struct WC_RNG;
WOLFSSL_API int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
WOLFSSL_API int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
word32 outLen, int type, struct RsaKey* key, struct WC_RNG* rng, void* ctx);
WOLFSSL_API int wc_sce_MakeRsaKey(int size, void* ctx);
WOLFSSL_API int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
WOLFSSL_API int wc_fspsm_MakeRsaKey(int size, void* ctx);
WOLFSSL_API int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
word32* outLen, struct RsaKey* key, void* ctx);
WOLFSSL_API int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
WOLFSSL_API int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
word32* outLen,struct RsaKey* key, void* ctx);
#endif /* WOLFSSL_RENESAS_SCEPROTECT &&
* !WOLFSSL_RENESAS_SCEPROTECT_CRYPT_ONLY */
#endif /* WOLFSSL_RENESAS_FSPSM_TLS &&
* !WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY */
#endif /* __RENESAS_SCE_CRYPT_H__ */
#endif /* __RENESAS_FSPSM_CRYPT_H__ */

154
wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h Normal file
View File

@ -0,0 +1,154 @@
/* renesas-fsp-crypt.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef __RENESAS_FSP_CRYPT_H__
#define __RENESAS_FSP_CRYPT_H__
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/logging.h>
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
#include "r_sce.h"
#define FSPSM_W_KEYVAR renesas_sce_wrappedkey
#define FSPSM_tls_flg_ST sce_keyflgs_tls
#define FSPSM_key_flg_ST sce_keyflgs_cryt
#define FSPSM_tag_ST tagUser_SCEPKCbInfo
#define FSPSM_ST User_SCEPKCbInfo
#define FSPSM_ST_PKC SCE_PKCbInfo
/* map SCE API to macro */
#define FSPSM_INSTANCE sce_instance_ctrl_t
#define gFSPSM_ctrl sce_ctrl
#define FSPSM_CONFIG sce_cfg_t
#define gFSPSM_cfg sce_cfg
#define FSPSM_OPEN R_SCE_Open
#define FSPSM_CLOSE R_SCE_Close
#define FSPSM_ROOTCA_RSA2048 \
R_SCE_TLS_RootCertificateRSA2048PublicKeyInstall
#define FSPSM_TLS_SVRKEYExVfy R_SCE_TLS_ServerKeyExchangeVerify
#define FSPSM_TLS_ECCS256R1_KPG \
R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate
#define FSPSM_TLS_PREMASTERGEN \
R_SCE_TLS_PreMasterSecretGenerateForECC_secp256r1
/* hmac */
#define FSPSM_S256HMAC_GInt R_SCE_SHA256HMAC_GenerateInit
#define FSPSM_S256HMAC_GUp R_SCE_SHA256HMAC_GenerateUpdate
#define FSPSM_S256HMAC_GFnl R_SCE_SHA256HMAC_GenerateFinal
#define FSPSM_S256HMAC_VInt R_SCE_SHA256HMAC_VerifyInit
#define FSPSM_S256HMAC_VUp R_SCE_SHA256HMAC_VerifyUpdate
#define FSPSM_S256HMAC_VFnl R_SCE_SHA256HMAC_VerifyFinal
#define FSPSM_HMAC_HANDLE sce_hmac_sha_handle_t
#define FSPSM_HMAC_WKEY sce_hmac_sha_wrapped_key_t
/* TLS */
#define FSPSM_SESSIONKEY_GEN_FUNC R_SCE_TLS_SessionKeyGenerate
#define FSPSM_MASTERSECRET_GEN_FUNC R_SCE_TLS_MasterSecretGenerate
#define FSPSM_PREGEN_FUNC R_SCE_TLS_PreMasterSecretGenerateForRSA2048
#define FSPSM_PREGENENC_FUNC R_SCE_TLS_PreMasterSecretEncryptWithRSA2048
/* certificate */
#define FSPSM_TLSCERT_VRY R_SCE_TLS_CertificateVerify
#define FSPSM_TLSROOTCERT_VRY R_SCE_TLS_RootCertificateVerify
#define FSPSM_CACERT_PUB_WKEY \
sce_tls_ca_certification_public_wrapped_key_t
/* verify data */
#define FSPSM_VERIFY_DATA_FUNC R_SCE_TLS_VerifyDataGenerate
/* aes */
#define FSPSM_AES_WKEY sce_aes_wrapped_key_t
#define FSPSM_AESGCM_HANDLE sce_gcm_handle_t
#define FSPSM_AES_HANDLE sce_aes_handle_t
/* aes 128 cbc */
#define FSPSM_AES128CBCEnc_Init R_SCE_AES128CBC_EncryptInit
#define FSPSM_AES128CBCEnc_Up R_SCE_AES128CBC_EncryptUpdate
#define FSPSM_AES128CBCEnc_Final R_SCE_AES128CBC_EncryptFinal
#define FSPSM_AES128CBCDec_Init R_SCE_AES128CBC_DecryptInit
#define FSPSM_AES128CBCDec_Up R_SCE_AES128CBC_DecryptUpdate
#define FSPSM_AES128CBCDec_Final R_SCE_AES128CBC_DecryptFinal
/* aes 256 cbc */
#define FSPSM_AES256CBCEnc_Init R_SCE_AES256CBC_EncryptInit
#define FSPSM_AES256CBCEnc_Up R_SCE_AES256CBC_EncryptUpdate
#define FSPSM_AES256CBCEnc_Final R_SCE_AES256CBC_EncryptFinal
#define FSPSM_AES256CBCDec_Init R_SCE_AES256CBC_DecryptInit
#define FSPSM_AES256CBCDec_Up R_SCE_AES256CBC_DecryptUpdate
#define FSPSM_AES256CBCDec_Final R_SCE_AES256CBC_DecryptFinal
/* aes128 gcm */
#define FSPSM_AES128GCMEnc_Init R_SCE_AES128GCM_EncryptInit
#define FSPSM_AES128GCMEnc_Up R_SCE_AES128GCM_EncryptUpdate
#define FSPSM_AES128GCMEnc_Final R_SCE_AES128GCM_EncryptFinal
#define FSPSM_AES128GCMDec_Init R_SCE_AES128GCM_DecryptInit
#define FSPSM_AES128GCMDec_Up R_SCE_AES128GCM_DecryptUpdate
#define FSPSM_AES128GCMDec_Final R_SCE_AES128GCM_DecryptFinal
/* aes256 gcm */
#define FSPSM_AES256GCMEnc_Init R_SCE_AES256GCM_EncryptInit
#define FSPSM_AES256GCMEnc_Up R_SCE_AES256GCM_EncryptUpdate
#define FSPSM_AES256GCMEnc_Final R_SCE_AES256GCM_EncryptFinal
#define FSPSM_AES256GCMDec_Init R_SCE_AES256GCM_DecryptInit
#define FSPSM_AES256GCMDec_Up R_SCE_AES256GCM_DecryptUpdate
#define FSPSM_AES256GCMDec_Final R_SCE_AES256GCM_DecryptFinal
/* rsa */
/* rsa data */
#define FSPSM_RSA_DATA sce_rsa_byte_data_t
/* rsa 1024 key */
#define FSPSM_RSA1024_WPA_KEY sce_rsa1024_wrapped_pair_key_t
#define FSPSM_RSA1024_WPB_KEY sce_rsa1024_public_wrapped_key_t
#define FSPSM_RSA1024_WPI_KEY sce_rsa1024_private_wrapped_key_t
/* rsa 2048 key */
#define FSPSM_RSA2048_WPA_KEY sce_rsa2048_wrapped_pair_key_t
#define FSPSM_RSA2048_WPB_KEY sce_rsa2048_public_wrapped_key_t
#define FSPSM_RSA2048_WPI_KEY sce_rsa2048_private_wrapped_key_t
/* rsa key gen */
#define FSPSM_RSA1024_KEYPA_GEN R_SCE_RSA1024_WrappedKeyPairGenerate
#define FSPSM_RSA2048_KEYPA_GEN R_SCE_RSA2048_WrappedKeyPairGenerate
/* rsa function */
#define FSPSM_RSA1024_PKCSENC_FUNC R_SCE_RSAES_PKCS1024_Encrypt
#define FSPSM_RSA2048_PKCSENC_FUNC R_SCE_RSAES_PKCS2048_Encrypt
#define FSPSM_RSA1024_PKCSDEC_FUNC R_SCE_RSAES_PKCS1024_Decrypt
#define FSPSM_RSA2048_PKCSDEC_FUNC R_SCE_RSAES_PKCS2048_Decrypt
#define FSPSM_RSA1024_SIGN_FUNC R_SCE_RSASSA_PKCS1024_SignatureGenerate
#define FSPSM_RSA2048_SIGN_FUNC R_SCE_RSASSA_PKCS2048_SignatureGenerate
#define FSPSM_RSA1024_VRY_FUNC R_SCE_RSASSA_PKCS1024_SignatureVerify
#define FSPSM_RSA2048_VRY_FUNC R_SCE_RSASSA_PKCS2048_SignatureVerify
/* sha */
#define FSPSM_SHA_HANDLE sce_sha_md5_handle_t
#define FSPSM_SHA256_Init R_SCE_SHA256_Init
#define FSPSM_SHA256_Up R_SCE_SHA256_Update
#define FSPSM_SHA256_Final R_SCE_SHA256_Final
/* user API */
#define FSPSM_INFORM_FUNC wc_sce_inform_user_keys
#define FSPSM_CALLBACK_FUNC wc_sce_set_callbacks
#define FSPSM_CALLBACK_CTX_FUNC wc_sce_set_callback_ctx
#define FSPSM_INFORM_CERT_SIGN wc_sce_inform_cert_sign
#endif
#endif /* __RENESAS_FSP_CRYPT_H__ */

4
wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
View File

@ -75,4 +75,8 @@ int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
word32 key_e_len, word32 cm_row);
WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl);
WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx);
WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
const byte *handshake_hash, word32 hashSz,
byte *hashes, void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx);
#endif /* __RENESAS_CMN_H__ */

14
wolfssl/wolfcrypt/settings.h
View File

@ -417,15 +417,15 @@
#endif
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
#define SCE_TLS_MASTERSECRET_SIZE 80 /* 20 words */
#define FSPSM_TLS_MASTERSECRET_SIZE 80 /* 20 words */
#define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64
#define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in bytes */
#define SCE_TLS_CLIENTRANDOM_SZ 36 /* in bytes */
#define SCE_TLS_SERVERRANDOM_SZ 36 /* in bytes */
#define SCE_TLS_ENCRYPTED_ECCPUBKEY_SZ 96 /* in bytes */
#define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in bytes */
#define FSPSM_TLS_CLIENTRANDOM_SZ 36 /* in bytes */
#define FSPSM_TLS_SERVERRANDOM_SZ 36 /* in bytes */
#define FSPSM_TLS_ENCRYPTED_ECCPUBKEY_SZ 96 /* in bytes */
#define WOLFSSL_RENESAS_SCEPROTECT_ECC
#if defined(WOLFSSL_RENESAS_SCEPROTECT_ECC)
#define WOLFSSL_RENESAS_FSPSM_ECC
#if defined(WOLFSSL_RENESAS_FSPSM_ECC)
#define HAVE_PK_CALLBACKS
/* #define DEBUG_PK_CB */
#endif

7
wolfssl/wolfcrypt/sha256.h
View File

@ -134,10 +134,9 @@ enum {
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h"
#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
!defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h"
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
#elif defined(WOLFSSL_RENESAS_RX64_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h"
#else