wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8122 from miyazakh/tsip_rsa_private_enc

Browse Source 
Implement TSIP RSA Public Enc/Private Dec
This commit is contained in:
Daniel Pouzzner
2024-11-16 16:12:51 -06:00
committed by GitHub
parent ff680994ba 2831eb3ca7
commit ae0d73d9fd
11 changed files with 332 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
View File

@@ -240,12 +240,17 @@
#if defined(WOLFSSL_RENESAS_TSIP) #if defined(WOLFSSL_RENESAS_TSIP)
/*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/ /*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/
/* Enable TSIP TLS (default) /* Enable TSIP TLS (default)
* TSIP CRYPTONLY is also enabled. * TSIP CRYPT is also enabled.
* Disable TSIP TLS * Disable TSIP TLS
* TSIP CRYPT is also disabled
* TSIP CRYPTONLY is only enabled. * TSIP CRYPTONLY is only enabled.
*/ */
#define WOLFSSL_RENESAS_TSIP_TLS #define WOLFSSL_RENESAS_TSIP_TLS
/* #define WOLFSSL_RENESAS_TSIP_CRYPTONLY */
/* #define WOLFSSL_KEY_GEN */
/* #define RSA_MIN_SIZE 1024 */
#if !defined(NO_RENESAS_TSIP_CRYPT) #if !defined(NO_RENESAS_TSIP_CRYPT)
#define HAVE_PK_CALLBACKS #define HAVE_PK_CALLBACKS
#define WOLF_CRYPTO_CB #define WOLF_CRYPTO_CB
@@ -267,13 +272,13 @@
* directly. Comment out the macro will generate random number by * directly. Comment out the macro will generate random number by
* wolfSSL Hash DRBG by using a seed which is generated by TSIP API. * wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
*-----------------------------------------------------------------------*/ *-----------------------------------------------------------------------*/
#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock #define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
#else #else
#define OPENSSL_EXTRA #define OPENSSL_EXTRA
#define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */ #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
#if !defined(min) #if !defined(min)
#define min(data1, data2) _builtin_min(data1, data2) #define min(data1, data2) _builtin_min(data1, data2)
#endif #endif
#endif #endif

153
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
View File

@@ -56,11 +56,11 @@
#endif #endif
#ifndef NO_SHA #ifndef NO_SHA
int sha_test(); int sha_test(void);
#endif #endif
#ifndef NO_SHA256 #ifndef NO_SHA256
int sha256_test(); int sha256_test(void);
#endif #endif
#define SMALL_STACK_SIZE (1 * 1024) #define SMALL_STACK_SIZE (1 * 1024)
@@ -711,41 +711,44 @@ static void tskSha256_Test(void *pvParam)
#define TEST_STRING_SZ 25 #define TEST_STRING_SZ 25
#define RSA_TEST_BYTES 256 /* up to 2048-bit key */ #define RSA_TEST_BYTES 256 /* up to 2048-bit key */
static int tsip_rsa_SignVerify_test(int prnt, int keySize) static int tsip_rsa_test(int prnt, int keySize)
{ {
int ret = 0; int ret = 0;
RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER); RsaKey *key = NULL;
WC_RNG rng; WC_RNG rng;
const char inStr [] = TEST_STRING; const char inStr [] = TEST_STRING;
const char inStr2[] = TEST_STRING2;
const word32 inLen = (word32)TEST_STRING_SZ; const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES; const word32 outSz = RSA_TEST_BYTES;
word32 out_actual_len = 0;
byte *in = NULL; byte *in = NULL;
byte *in2 = NULL;
byte *out= NULL; byte *out= NULL;
byte *outplain = NULL;
int initRsa = 0;
int devId = 7890; /* fixed devid for TSIP/SCE */
XMEMSET(&rng, 0, sizeof(rng));
key = (RsaKey *)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); out = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); outplain = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
(void) prnt; if (key == NULL || in == NULL || out == NULL || outplain == NULL) {
if (key == NULL || in == NULL || out == NULL) {
ret = -1; ret = -1;
goto out; goto out;
} }
XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(key, 0, sizeof(*key));
XMEMSET(key, 0, sizeof *key);
XMEMCPY(in, inStr, inLen); XMEMCPY(in, inStr, inLen);
XMEMCPY(in2, inStr2, inLen); XMEMSET(out, 0, outSz);
XMEMSET(outplain, 0, outSz);
ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/); ret = wc_InitRsaKey_ex(key, NULL, devId);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
initRsa = 1;
if ((ret = wc_InitRng(&rng)) != 0) if ((ret = wc_InitRng(&rng)) != 0)
goto out; goto out;
@@ -753,7 +756,90 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
if ((ret = wc_RsaSetRNG(key, &rng)) != 0) if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
goto out; goto out;
/* make rsa key by SCE */ /* Generate a new RSA key to use with TSIP/SCE */
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
goto out;
}
ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
if (ret < 0) {
goto out;
}
ret = wc_RsaPrivateDecrypt(out, (word32)(keySize/8), outplain, outSz, key);
if (ret < 0) {
ret = -1;
goto out;
}
if (XMEMCMP(in, outplain, inLen) != 0) {
ret = -2;
goto out;
}
ret = 0;
out:
wc_FreeRng(&rng);
if (key != NULL) {
if (initRsa)
wc_FreeRsaKey(key);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outplain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
(void)prnt;
return ret;
}
static int tsip_rsa_SignVerify_test(int prnt, int keySize)
{
int ret = 0;
RsaKey *key = NULL;
WC_RNG rng;
const char inStr [] = TEST_STRING;
const char inStr2[] = TEST_STRING2;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
byte *in = NULL;
byte *in2 = NULL;
byte *out= NULL;
int initRsa = 0;
int devId = 7890; /* fixed devid for TSIP/SCE */
XMEMSET(&rng, 0, sizeof(rng));
key = (RsaKey *)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL || in == NULL || out == NULL) {
ret = -1;
goto out;
}
XMEMSET(key, 0, sizeof(*key));
XMEMCPY(in, inStr, inLen);
XMEMCPY(in2, inStr2, inLen);
ret = wc_InitRsaKey_ex(key, NULL, devId);
if (ret != 0) {
goto out;
}
initRsa = 1;
if ((ret = wc_InitRng(&rng)) != 0)
goto out;
if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
goto out;
/* Generate a new RSA key to use with TSIP/SCE */
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) { if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
goto out; goto out;
} }
@@ -776,22 +862,27 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
goto out; goto out;
} }
ret = 0; ret = 0;
out: out:
wc_FreeRng(&rng);
if (key != NULL) { if (key != NULL) {
wc_FreeRsaKey(key); if (initRsa)
wc_FreeRsaKey(key);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
} }
XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
(void)prnt;
return ret; return ret;
} }
#endif /* NO_RSA */ #endif /* NO_RSA */
#ifdef TSIP_MULTIUNIT_TEST #ifdef TSIP_MULTIUNIT_TEST
int tsip_crypt_sha_multitest() int tsip_crypt_sha_multitest(void)
{ {
int ret = 0; int ret = 0;
int num = 0; int num = 0;
@@ -849,7 +940,7 @@ int tsip_crypt_sha_multitest()
} }
int tsip_crypt_AesCbc_multitest() int tsip_crypt_AesCbc_multitest(void)
{ {
int ret = 0; int ret = 0;
int num = 0; int num = 0;
@@ -930,7 +1021,7 @@ int tsip_crypt_AesCbc_multitest()
} }
int tsip_crypt_AesGcm_multitest() int tsip_crypt_AesGcm_multitest(void)
{ {
int ret = 0; int ret = 0;
int num = 0; int num = 0;
@@ -1009,7 +1100,7 @@ int tsip_crypt_AesGcm_multitest()
return ret; return ret;
} }
int tsip_crypt_Sha_AesCbcGcm_multitest() int tsip_crypt_Sha_AesCbcGcm_multitest(void)
{ {
int ret = 0; int ret = 0;
int num = 0; int num = 0;
@@ -1089,7 +1180,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
#endif #endif
int tsip_crypt_test() int tsip_crypt_test(void)
{ {
int ret = 0; int ret = 0;
e_tsip_err_t tsip_error_code; e_tsip_err_t tsip_error_code;
@@ -1155,6 +1246,22 @@ int tsip_crypt_test()
ret = 0; ret = 0;
} }
#if RSA_MIN_SIZE <= 1024
if (ret == 0) {
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
printf(" tsip_rsa_test(1024)");
ret = tsip_rsa_test(1, 1024);
RESULT_STR(ret)
}
#endif
if (ret == 0) {
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
printf(" tsip_rsa_test(2048)");
ret = tsip_rsa_test(1, 2048);
RESULT_STR(ret)
}
if (ret == 0) { if (ret == 0) {
printf(" tsip_rsa_SignVerify_test(1024)"); printf(" tsip_rsa_SignVerify_test(1024)");

12
wolfcrypt/src/cryptocb.c
View File

@@ -445,8 +445,8 @@ int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
#ifdef WOLF_CRYPTO_CB_RSA_PAD #ifdef WOLF_CRYPTO_CB_RSA_PAD
int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out, int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng, word32* outLen, int type, RsaKey* key, WC_RNG* rng,
RsaPadding *padding) RsaPadding *padding)
{ {
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
CryptoCb* dev; CryptoCb* dev;
@@ -458,9 +458,8 @@ int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
/* locate registered callback */ /* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK); dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (padding) { if (padding != NULL) {
switch(padding->pad_type) { switch (padding->pad_type) {
#ifndef NO_PKCS11_RSA_PKCS
case WC_RSA_PKCSV15_PAD: case WC_RSA_PKCSV15_PAD:
pk_type = WC_PK_TYPE_RSA_PKCS; pk_type = WC_PK_TYPE_RSA_PKCS;
break; break;
@@ -470,7 +469,6 @@ int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
case WC_RSA_OAEP_PAD: case WC_RSA_OAEP_PAD:
pk_type = WC_PK_TYPE_RSA_OAEP; pk_type = WC_PK_TYPE_RSA_OAEP;
break; break;
#endif /* NO_PKCS11_RSA_PKCS */
default: default:
pk_type = WC_PK_TYPE_RSA; pk_type = WC_PK_TYPE_RSA;
} }
@@ -497,7 +495,7 @@ int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
return wc_CryptoCb_TranslateErrorCode(ret); return wc_CryptoCb_TranslateErrorCode(ret);
} }
#endif #endif /* WOLF_CRYPTO_CB_RSA_PAD */
#ifdef WOLFSSL_KEY_GEN #ifdef WOLFSSL_KEY_GEN
int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)

41
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@@ -252,27 +252,34 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info->algo_type == WC_ALGO_TYPE_PK) { if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA) #if !defined(NO_RSA)
#if defined(WOLFSSL_KEY_GEN) #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
(info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
} }
#endif
/* tsip only supports PKCSV15 padding scheme */
if (info->pk.type == WC_PK_TYPE_RSA_PKCS) {
RsaPadding* pad = info->pk.rsa.padding;
if (pad && pad->pad_value == RSA_BLOCK_TYPE_1) {
/* sign / verify */
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT ||
info->pk.rsa.type == RSA_PRIVATE_DECRYPT) {
ret = tsip_SignRsaPkcs(info, cbInfo);
}
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
else {
ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
}
#endif
}
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
else if (pad && pad->pad_value == RSA_BLOCK_TYPE_2) {
/* encrypt/decrypt */
ret = wc_tsip_RsaFunction(info, cbInfo);
}
#endif #endif
/* RSA Signing
* Can handle only RSA PkCS#1v1.5 padding scheme here.
*/
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
ret = tsip_SignRsaPkcs(info, cbInfo);
} }
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
/* RSA Verify */
if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
}
#endif
#endif /* !NO_RSA */ #endif /* !NO_RSA */
#if defined(HAVE_ECC) #if defined(HAVE_ECC)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
@@ -461,7 +468,7 @@ int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated)
* Get Callback ctx by devId * Get Callback ctx by devId
* *
* devId : devId to get its CTX * devId : devId to get its CTX
* return asocciated CTX when the method is successfully called. * return associated CTX when the method is successfully called.
* otherwise, NULL * otherwise, NULL
*/ */
WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId) WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)

2
wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
View File

@@ -67,7 +67,7 @@ WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(RsaKey *key)
/* Set Rsa key by pre-created wrapped user key /* Set Rsa key by pre-created wrapped user key
* *
* key RsaKey object * key RsaKey object
* size desired keylenth, in bits. supports 1024 or 2048 bits * size desired key length, in bits. supports 1024 or 2048 bits
* ctx Callback context including pointer to hold generated key * ctx Callback context including pointer to hold generated key
* return FSP_SUCCESS(0) on Success, otherwise negative value * return FSP_SUCCESS(0) on Success, otherwise negative value
*/ */

159
wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
View File

@@ -22,8 +22,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#if !defined(NO_RSA) && \ #if !defined(NO_RSA) && \
(defined(WOLFSSL_RENESAS_TSIP_TLS) || \ defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
@@ -43,11 +42,11 @@
/* Make RSA key for TSIP and set it to callback ctx /* Make RSA key for TSIP and set it to callback ctx
* Assumes to be called by Crypt Callback * Assumes to be called by Crypt Callback
* *
* size desired keylenth, in bits. supports 1024 or 2048 bits * size desired key length, in bits. supports 1024 or 2048 bits
* ctx Callback context including pointer to hold generated key * ctx Callback context including pointer to hold generated key
* return TSIP_SUCCESS(0) on Success, otherwise negative value * return TSIP_SUCCESS(0) on Success, otherwise negative value
*/ */
WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) int wc_tsip_MakeRsaKey(int size, void* ctx)
{ {
e_tsip_err_t ret; e_tsip_err_t ret;
TsipUserCtx *info = (TsipUserCtx*)ctx; TsipUserCtx *info = (TsipUserCtx*)ctx;
@@ -121,6 +120,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
info->keyflgs_crypt.bits.rsapri1024_key_set = 1; info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
info->keyflgs_crypt.bits.rsapub1024_key_set = 1; info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
} }
else if (size == 2048) { else if (size == 2048) {
XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
@@ -158,6 +158,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
info->keyflgs_crypt.bits.rsapri2048_key_set = 1; info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
info->keyflgs_crypt.bits.rsapub2048_key_set = 1; info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
} }
} }
@@ -167,21 +168,129 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
return 0; return 0;
} }
/* Generate TSIP key index if needed
*
* tuc struct pointer of TsipUserCtx
* return FSP_SUCCESS(0) on Success, otherwise CRYPTOCB_UNAVAILABLE
*/
static int tsip_RsakeyImport(TsipUserCtx* tuc)
{
int ret = 0;
switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 1024 not set");
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
}
break;
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 2048 not set");
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
}
break;
default:
WOLFSSL_MSG("wrapped private key is not supported");
ret = CRYPTOCB_UNAVAILABLE;
break;
}
return ret;
}
/* Perform rsa encryption/decryption by TSIP
* Assumes to be called by Crypt Callback
*
* info struct pointer of wc_CryptoInfo including necessary info
* tuc struct pointer of TsipUserCtx including TSIP key info
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret;
int keySize;
int type;
tsip_rsa_byte_data_t plain, cipher;
if (info == NULL || tuc == NULL) {
return BAD_FUNC_ARG;
}
if (tsip_RsakeyImport(tuc) == 0) {
type = info->pk.rsa.type;
keySize = (int)tuc->wrappedKeyType;
if ((ret = tsip_hw_lock()) == 0) {
if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) {
plain.pdata = (uint8_t*)info->pk.rsa.in;
plain.data_length = info->pk.rsa.inLen;
cipher.pdata = (uint8_t*)info->pk.rsa.out;
cipher.data_length = info->pk.rsa.outLen;
if (keySize == TSIP_KEY_TYPE_RSA1024) {
ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,
tuc->rsa1024pub_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher,
tuc->rsa2048pub_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
if (ret == 0) {
info->pk.rsa.outLen = cipher.data_length;
}
}
else if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT)
{
plain.pdata = (uint8_t*)info->pk.rsa.out;
plain.data_length = info->pk.rsa.outLen;
cipher.pdata = (uint8_t*)info->pk.rsa.in;
cipher.data_length = info->pk.rsa.inLen;
if (keySize == TSIP_KEY_TYPE_RSA1024) {
ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain,
tuc->rsa1024pri_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain,
tuc->rsa2048pri_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
if (ret == 0) {
info->pk.rsa.outLen = plain.data_length;
}
}
tsip_hw_unlock();
}
}
return ret;
}
/* Perform Rsa verify by TSIP /* Perform Rsa verify by TSIP
* Assumes to be called by Crypt Callback * Assumes to be called by Crypt Callback
* *
* in Buffer to hold plaintext * info struct pointer of wc_CryptoInfo including necessary info
* inLen Length of plaintext in bytes * tuc struct pointer of TsipUserCtx including TSIP key info
* out Buffer to hold generated signature
* outLen Length of signature in bytes
* key rsa key object
* ctx The callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value * return FSP_SUCCESS(0) on Success, otherwise negative value
*/ */
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
{ {
int ret = 0; int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS; e_tsip_err_t err = TSIP_SUCCESS;
@@ -204,33 +313,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
switch (tuc->wrappedKeyType) { if (tsip_RsakeyImport(tuc) == 0) {
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 1024 not set");
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
}
break;
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 2048 not set");
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
}
break;
default:
WOLFSSL_MSG("wrapped private key is not supported");
ret = CRYPTOCB_UNAVAILABLE;
break;
}
if (ret == 0) {
hashData.pdata = (uint8_t*)info->pk.rsa.in; hashData.pdata = (uint8_t*)info->pk.rsa.in;
hashData.data_length = info->pk.rsa.inLen; hashData.data_length = info->pk.rsa.inLen;
hashData.data_type = hashData.data_type =

36
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@@ -1679,7 +1679,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
} }
if (ret == 0) { if (ret == 0) {
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType); ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
} }
if (ret == 0) { if (ret == 0) {
@@ -1749,11 +1749,11 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if (isRsa) { if (isRsa) {
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
} }
else { else {
#if defined(WOLFSSL_CHECK_SIG_FAULTS) #if defined(WOLFSSL_CHECK_SIG_FAULTS)
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
#endif #endif
} }
} }
@@ -2301,7 +2301,7 @@ static byte _tls2tsipdef(byte cipher)
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
* TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key * TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key
*/ */
static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType) int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
{ {
int ret = 0; int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS; e_tsip_err_t err = TSIP_SUCCESS;
@@ -2309,7 +2309,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
uint8_t* iv = g_user_key_info.iv; uint8_t* iv = g_user_key_info.iv;
uint8_t* encPrivKey; uint8_t* encPrivKey;
WOLFSSL_ENTER("tsipImportPrivateKey"); WOLFSSL_ENTER("tsip_ImportPrivateKey");
if (tuc == NULL) if (tuc == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -2377,7 +2377,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
else { else {
WOLFSSL_MSG("mutex locking error"); WOLFSSL_MSG("mutex locking error");
} }
WOLFSSL_LEAVE("tsipImportPrivateKey", ret); WOLFSSL_LEAVE("tsip_ImportPrivateKey", ret);
return ret; return ret;
} }
@@ -2393,7 +2393,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
* TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key * TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key
*/ */
WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
{ {
int ret = 0; int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS; e_tsip_err_t err = TSIP_SUCCESS;
@@ -2401,7 +2401,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
uint8_t* iv = g_user_key_info.iv; uint8_t* iv = g_user_key_info.iv;
uint8_t* encPubKey; uint8_t* encPubKey;
WOLFSSL_ENTER("tsipImportPublicKey"); WOLFSSL_ENTER("tsip_ImportPublicKey");
if (tuc == NULL ) { if (tuc == NULL ) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -2515,7 +2515,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
else { else {
WOLFSSL_MSG("mutex locking error"); WOLFSSL_MSG("mutex locking error");
} }
WOLFSSL_LEAVE("tsipImportPublicKey", ret); WOLFSSL_LEAVE("tsip_ImportPublicKey", ret);
return ret; return ret;
} }
@@ -3632,6 +3632,7 @@ int wc_tsip_tls_RootCertVerify(
return ret; return ret;
} }
#endif /* WOLFSSL_RENESAS_TSIP_TLS */ #endif /* WOLFSSL_RENESAS_TSIP_TLS */
#if !defined(NO_RSA) #if !defined(NO_RSA)
/* Perform signing with the client's RSA private key on hash value of messages /* Perform signing with the client's RSA private key on hash value of messages
* exchanged with server. * exchanged with server.
@@ -3646,7 +3647,7 @@ int wc_tsip_tls_RootCertVerify(
* 0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified. * 0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
* *
*/ */
WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
{ {
int ret = 0; int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS; e_tsip_err_t err = TSIP_SUCCESS;
@@ -3676,7 +3677,7 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (ret == 0) { if (ret == 0) {
/* import private key_index from wrapped key */ /* import private key_index from wrapped key */
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType); ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
} }
if (ret == 0) { if (ret == 0) {
@@ -3724,18 +3725,18 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
#endif #endif
if (ret == 0) { if (ret == 0) {
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
hashData.pdata = (uint8_t*)ssl->buffers.digest.buffer; hashData.pdata = (uint8_t*)ssl->buffers.digest.buffer;
hashData.data_type = 1; hashData.data_type = 1;
sigData.pdata = (uint8_t*)info->pk.rsa.in; sigData.pdata = (uint8_t*)info->pk.rsa.in;
sigData.data_length = 0; /* signature size will be returned here */ sigData.data_length = 0; /* signature size will be returned here */
#else #else
hashData.pdata = (uint8_t*)info->pk.rsa.in; hashData.pdata = (uint8_t*)info->pk.rsa.in;
hashData.data_length= info->pk.rsa.inLen; hashData.data_length= info->pk.rsa.inLen;
hashData.data_type = tuc->keyflgs_crypt.bits.message_type; hashData.data_type = tuc->keyflgs_crypt.bits.message_type;
sigData.pdata = (uint8_t*)info->pk.rsa.out; sigData.pdata = (uint8_t*)info->pk.rsa.out;
sigData.data_length = 0; sigData.data_length = 0;
#endif #endif
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) { switch (tuc->wrappedKeyType) {
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
@@ -3752,7 +3753,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
break; break;
#endif #endif
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureGenerate( err = R_TSIP_RsassaPkcs2048SignatureGenerate(
&hashData, &sigData, &hashData, &sigData,
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
@@ -3825,7 +3825,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
if (ret == 0) { if (ret == 0) {
/* import public key_index from wrapped key */ /* import public key_index from wrapped key */
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
} }
if (ret == 0) { if (ret == 0) {
@@ -3935,7 +3935,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (ret == 0) { if (ret == 0) {
/* import private key_index from wrapped key */ /* import private key_index from wrapped key */
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType); ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
} }
if (ret == 0) { if (ret == 0) {
@@ -4061,7 +4061,7 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (ret == 0) { if (ret == 0) {
/* import public key_index from wrapped key */ /* import public key_index from wrapped key */
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
} }
if (ret == 0) { if (ret == 0) {

44
wolfcrypt/src/rsa.c
View File

@@ -277,7 +277,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
key->handle = NULL; key->handle = NULL;
#endif #endif
#if defined(WOLFSSL_RENESAS_FSPSM) #if defined(WOLFSSL_RENESAS_FSPSM)
key->ctx.wrapped_pri1024_key = NULL; key->ctx.wrapped_pri1024_key = NULL;
key->ctx.wrapped_pub1024_key = NULL; key->ctx.wrapped_pub1024_key = NULL;
@@ -285,6 +284,7 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
key->ctx.wrapped_pub2048_key = NULL; key->ctx.wrapped_pub2048_key = NULL;
key->ctx.keySz = 0; key->ctx.keySz = 0;
#endif #endif
return ret; return ret;
} }
@@ -3376,24 +3376,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
pad_value, pad_type, hash, mgf, label, pad_value, pad_type, hash, mgf, label,
labelSz, sz); labelSz, sz);
} }
#elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \ #endif /* RSA CRYPTO HW */
(!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
/* SCE needs wrapped key which is passed via
* user ctx object of crypt-call back.
*/
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
/* SCE supports 1024 and 2048 bits */
ret = wc_CryptoCb_Rsa(in, inLen, out,
&outLen, rsa_type, key, rng);
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code and try using software */
}
#endif
#endif /* WOLFSSL_SE050 */
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
if (key->devId != INVALID_DEVID) { if (key->devId != INVALID_DEVID) {
@@ -3563,21 +3546,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
} }
return ret; return ret;
} }
#elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \ #endif /* RSA CRYPTO HW */
(!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Rsa(in, inLen, out,
&outLen, rsa_type, key, rng);
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code and try using software */
}
#endif
#endif /* WOLFSSL_CRYPTOCELL */
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
@@ -3611,7 +3580,12 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
case RSA_STATE_DECRYPT_EXPTMOD: case RSA_STATE_DECRYPT_EXPTMOD:
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
if ((key->devId != INVALID_DEVID) && (rsa_type != RSA_PUBLIC_DECRYPT)) { if ((key->devId != INVALID_DEVID)
#if !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&& (rsa_type != RSA_PUBLIC_DECRYPT)
#endif
) {
/* Everything except verify goes to crypto cb if /* Everything except verify goes to crypto cb if
* WOLF_CRYPTO_CB_RSA_PAD defined */ * WOLF_CRYPTO_CB_RSA_PAD defined */
XMEMSET(&padding, 0, sizeof(RsaPadding)); XMEMSET(&padding, 0, sizeof(RsaPadding));

2
wolfcrypt/src/wc_pkcs11.c
View File

@@ -2198,7 +2198,7 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
case WC_PK_TYPE_RSA_OAEP: case WC_PK_TYPE_RSA_OAEP:
mechanism = CKM_RSA_PKCS_OAEP; mechanism = CKM_RSA_PKCS_OAEP;
break; break;
#endif /* NO_PKCS11_RSA_PKCS */ #endif /* !NO_PKCS11_RSA_PKCS */
case WC_PK_TYPE_RSA: case WC_PK_TYPE_RSA:
mechanism = CKM_RSA_X_509; mechanism = CKM_RSA_X_509;
break; break;

9
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@@ -379,6 +379,10 @@ WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx);
WOLFSSL_API int tsip_set_clientPrivateKeyEnc(const byte* key, int keyType); WOLFSSL_API int tsip_set_clientPrivateKeyEnc(const byte* key, int keyType);
WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType);
WOLFSSL_LOCAL int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType);
#if defined(WOLF_PRIVATE_KEY_ID) #if defined(WOLF_PRIVATE_KEY_ID)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -437,9 +441,12 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(struct wc_CryptoInfo* info,
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info, WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info,
TsipUserCtx* tuc); TsipUserCtx* tuc);
WOLFSSL_LOCAL int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_SignEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc); WOLFSSL_LOCAL int tsip_SignEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc); WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl); WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl);

5
wolfssl/wolfcrypt/settings.h
View File

@@ -997,6 +997,11 @@
#define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64 #define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64
#define TSIP_TLS_MASTERSECRET_SIZE 80 /* 20 words */ #define TSIP_TLS_MASTERSECRET_SIZE 80 /* 20 words */
#define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte */ #define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte */
#ifdef WOLF_CRYPTO_CB
/* make sure RSA padding callbacks are enabled */
#define WOLF_CRYPTO_CB_RSA_PAD
#endif
#endif /* WOLFSSL_RENESAS_TSIP */ #endif /* WOLFSSL_RENESAS_TSIP */
#if !defined(WOLFSSL_NO_HASH_RAW) && defined(WOLFSSL_RENESAS_RX64_HASH) #if !defined(WOLFSSL_NO_HASH_RAW) && defined(WOLFSSL_RENESAS_RX64_HASH)