From 1993851274cd7b069dc3647e150144a3b508ccd1 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 31 Mar 2022 08:02:00 -0700 Subject: [PATCH] Renesas spelling, code formatting and whitespace fixes. --- src/ssl.c | 4 +- wolfcrypt/src/port/Renesas/README.md | 181 ++++--- wolfcrypt/src/port/Renesas/renesas_common.c | 473 +++++++++-------- wolfcrypt/src/port/Renesas/renesas_sce_aes.c | 166 +++--- wolfcrypt/src/port/Renesas/renesas_sce_sha.c | 50 +- wolfcrypt/src/port/Renesas/renesas_sce_util.c | 338 ++++++------ wolfcrypt/src/port/Renesas/renesas_tsip_aes.c | 109 ++-- wolfcrypt/src/port/Renesas/renesas_tsip_sha.c | 50 +- .../src/port/Renesas/renesas_tsip_util.c | 493 +++++++++--------- wolfssl/internal.h | 2 +- 10 files changed, 939 insertions(+), 927 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 712848234..f72d4c972 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -44125,13 +44125,13 @@ void wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX* ctx, CallbackGenSessionKey cb) if (ctx) ctx->GenSessionKeyCb = cb; } -/* Set sesssion key generation callback context */ +/* Set session key generation callback context */ void wolfSSL_SetGenSessionKeyCtx(WOLFSSL* ssl, void *ctx) { if (ssl) ssl->GenSessionKeyCtx = ctx; } -/* Get sesssion key generation callback context */ +/* Get session key generation callback context */ void* wolfSSL_GetGenSessionKeyCtx(WOLFSSL* ssl) { if (ssl) diff --git a/wolfcrypt/src/port/Renesas/README.md b/wolfcrypt/src/port/Renesas/README.md index 4ab3bf81b..8646c8136 100644 --- a/wolfcrypt/src/port/Renesas/README.md +++ b/wolfcrypt/src/port/Renesas/README.md @@ -1,43 +1,60 @@ # TSIP FIT Module port -Support for TSIP FIT driver for symmetric AES, SHA1/SHA256 hardware acceleration and TLS-linked capability including Root CA, the server certificate or intermediate certificate verification. + +Support for TSIP FIT driver for symmetric AES, SHA1/SHA256 hardware acceleration +and TLS-linked capability including Root CA, the server certificate or +intermediate certificate verification. ## Overview Renesas TSIP FIT module with wolfSSL by setting *WOLFSSL_RENESAS_TSIP* definition. - + Including the following examples: * simple tls_client/tls_server * crypt test * crypt benchmark - The *user_settings.h* file enables some of the hardened settings. +The *user_settings.h* file enables some of the hardened settings. ## Requirements + ### 1. [Renesas TSIP FIT module](https://www.renesas.com/us/en/products/software-tools/software-os-middleware-driver/security-crypto/trusted-secure-ip-driver.html) -[FIT module](https://www.renesas.com/us/en/products/software-tools/software-os-middleware-driver/software-package/fit.html) +[FIT module](https://www.renesas.com/us/en/products/software-tools/software-os-middleware-driver/software-package/fit.html) Note : The included example program is tested with TSIP FIT version **1.06**. -### 2. [e2studio](https://www.renesas.com/us/en/products/software-tools/tools/ide/e2studio.html) +### 2. [e2studio](https://www.renesas.com/us/en/products/software-tools/tools/ide/e2studio.html) ### 3. Evaluation Board that supports TSIP Note : The included example program is tested with [GR-ROSE](http://gadget.renesas.com/en/product/rose.html), which is classified to RX65N. ## Setup and Build wolfSSL library - 1. Uncomment out #define WOLFSSL_RENESAS_TSIP in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h - Uncomment out #define WOLFSSL_RENESAS_RX65N in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h - 2. Open a project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/wolfssl/ by e2studio and build to create wolfssl library -Note : Generating FIT module source files in advance are required to compile wolfSSL when enabling WOLFSSL_RENESAS_TSIP and WOLFSSL_RENESAS_RX65N. Please see for creating FIT module files at "Setup and Build and example program" in this readme below. +1. Uncomment out `#define WOLFSSL_RENESAS_TSIP` in `/path/to/wolfssl/wolfssl/wolfcrypt/settings.h` +2. Uncomment out `#define WOLFSSL_RENESAS_RX65N` in `/path/to/wolfssl/wolfssl/wolfcrypt/settings.h` +3. Open a project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/wolfssl/ by e2studio and build to create wolfssl library -To disable portions of the hardware acceleration you can optionally define: +Note : Generating FIT module source files in advance are required to compile wolfSSL +when enabling `WOLFSSL_RENESAS_TSIP` and `WOLFSSL_RENESAS_RX65N`. Please see for +creating FIT module files at "Setup and Build and example program" in this readme below. -``` +To disable portions of the hardware acceleration you can optionally define: + +```c /* Disabled SHA acceleration */ #define NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH /* Disabled TLS-linked acceleration */ #define NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION ``` -### Benchmarks -**Software only implementation:** + +## Benchmarks + +Platform: +Renesas : e2Studio v7.4.0 +ToolChain : Renesas CCRX version 3.00.00 +TSIP FIT : version 1.0.6 +Board : [GR-ROSE](http://gadget.renesas.com/en/product/rose.html) +wolfSSL : 4.1.0 + +### Software only implementation: + *block cipher* ``` RNG 200 KB took 1.099 seconds, 182.000 KB/s @@ -50,35 +67,31 @@ SHA-256 425 KB took 1.038 seconds, 409.520 KB/s TLS_RSA_WITH_AES_128_CBC_SHA : 0.651 (s) TLS_RSA_WITH_AES_128_CBC_SHA256 : 0.651 (s) TLS_RSA_WITH_AES_256_CBC_SHA : 0.642 (s) -TLS_RSA_WITH_AES_256_CBAC_SHA256 : 0.662 (s) +TLS_RSA_WITH_AES_256_CBC_SHA256 : 0.662 (s) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 2.050 (s) ``` -**Hardware acceleration:** +### Hardware acceleration: + *block cipher* ``` RNG 1 MB took 1.011 seconds, 1.038 MB/s SHA 12 MB took 1.001 seconds, 11.515 MB/s SHA-256 13 MB took 1.001 seconds, 12.900 MB/s ``` -*TLS establishment time with TLS-linked capability* + +*TLS establishment time with TLS-linked capability* *Perform full TLS-linked capability* ``` TLS_RSA_WITH_AES_128_CBC_SHA : 0.141 (s) TLS_RSA_WITH_AES_128_CBC_SHA256 : 0.141 (s) TLS_RSA_WITH_AES_256_CBC_SHA : 0.141 (s) -TLS_RSA_WITH_AES_256_CBAC_SHA256 : 0.144 (s) +TLS_RSA_WITH_AES_256_CBC_SHA256 : 0.144 (s) ``` + *Perform certificate verification by TSIP TLS-linked API* ``` TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 1.721 (s) ``` -Condition: -Renesas : e2Studio v7.4.0 -ToolChain : Renesas CCRX version 3.00.00 -TSIP FIT : version 1.0.6 -Board : [GR-ROSE](http://gadget.renesas.com/en/product/rose.html) -wolfSSL : 4.1.0 - ## Setup and Build an example program An example program expects the following FIT modules: @@ -94,83 +107,89 @@ An example program expects the following FIT modules: These needed source files can be generated by creating a dummy project including Renesas Smart Configurator as steps below: - 1. Create a dummy project including Renesas Smart Configurator for your evaluation board type - 2. Open Smart Configurator and add FIT modules above - It would need to expand *User Stack Size* property and *Heap Size* of r_bsp. - Change IP ADDRESS and PORT NUMBER in r_t4_rx_config.h - `#define T4_CFG_FIXED_IP_ADDRESS_CH0 192,168,1,33` - `#define T4_CFG_TCP_REPID1_PORT_NUMBER 11111` - Note: It would need to modify other configuration base on evaluation board. - - When using GR-ROSE, you can choose "GR-ROSE" from "board" tab and "board" drop-down list and then is able to follow settings below: - - Go to component tab and open r_ether_rx properties: - Ethernet interface : RMII - The register bus of PHY0 for ETHER0/1: Use ETHER0 - Resource, ETHERC: Check ETHERC0_RMII - - Go to component tab and open r_t4_rx properties: - Enable/Disable DHCP function : 0 - IP address for ch0, when DHCP disable : 192,168,1,33 - TCP REPID1 prot number : 11111 - - Go to pins tab and select ethernet controller - Check to use pins - - 3. Generate source code -Now, it is able to copy these FIT modules into an example project. - 4. Make "smc_gen" folder under /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/src/ - 5. Copy the FIT modules into the folder that is created at step 4. - 6. Open an example project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/ by e2studio - 7. Enable a macro definition in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h for application type - `#define CRYPT_TEST // enable crypt test` - `#define BENCHMARK // enable benchmark application` - `#define TLS_CLIENT // enable simple tls client application` - `#define TLS_SERVER // enable simple tls server application` - `#define USE_TSIP_TLS // to inform user key and flash keying, when using TSIP` - Note: CRYPT_TEST and BENCHMARK can be enabled at the same time. TLS_CLIENT and TLS_SERVER cannot be enabled together other definitions. - 7. Setup debug configuration based on your debug hardware +1. Create a dummy project including Renesas Smart Configurator for your evaluation board type +2. Open Smart Configurator and add FIT modules above + It would need to expand *User Stack Size* property and *Heap Size* of r_bsp. + Change IP ADDRESS and PORT NUMBER in r_t4_rx_config.h + `#define T4_CFG_FIXED_IP_ADDRESS_CH0 192,168,1,33` + `#define T4_CFG_TCP_REPID1_PORT_NUMBER 11111` + Note: It would need to modify other configuration base on evaluation board. + + When using GR-ROSE, you can choose "GR-ROSE" from "board" tab and "board" drop-down list and then is able to follow settings below: + + Go to component tab and open r_ether_rx properties: + Ethernet interface : RMII + The register bus of PHY0 for ETHER0/1: Use ETHER0 + Resource, ETHERC: Check ETHERC0_RMII + + Go to component tab and open r_t4_rx properties: + Enable/Disable DHCP function : 0 + IP address for ch0, when DHCP disable : 192,168,1,33 + TCP REPID1 prot number : 11111 + + Go to pins tab and select ethernet controller + Check to use pins + +3. Generate source code +Now, it is able to copy these FIT modules into an example project. +4. Make "smc_gen" folder under /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/src/ +5. Copy the FIT modules into the folder that is created at step 4. +6. Open an example project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/ by e2studio +7. Enable a macro definition in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h for application type + +```c +#define CRYPT_TEST /* enable crypt test */ +#define BENCHMARK /* enable benchmark application */ +#define TLS_CLIENT /* enable simple tls client application */ +#define TLS_SERVER /* enable simple tls server application */ +#define USE_TSIP_TLS /* to inform user key and flash keying, when using TSIP */ +``` + + Note: CRYPT_TEST and BENCHMARK can be enabled at the same time. TLS_CLIENT and TLS_SERVER cannot be enabled together other definitions. +7. Setup debug configuration based on your debug hardware ## Run client/server program on the device -When testing the embedded client or server on the device, it is recommended to test against one of the standard wolfSSL example application running on a desktop machine. +When testing the embedded client or server on the device, it is recommended to test against one +of the standard wolfSSL example application running on a desktop machine. -For the embedded client, an example server commands for running on a desktop machine, IP address 192.168.1.45, is as follows: -`$./example/server/server -b -d -i` +For the embedded client, an example server commands for running on a desktop machine, IP address 192.168.1.45, is as follows: +`./example/server/server -b -d -i` -For the embedded server, an example client commands for running on a desktop machine is as follows: -`$./example/client/client -h 192.168.1.33 -p 11111` +For the embedded server, an example client commands for running on a desktop machine is as follows: +`./example/client/client -h 192.168.1.33 -p 11111` ## Modify an example program To use own TSIP keys for TSIP TLS-linked API use, it needs own flash keyring, PSS signed signature and RSA key. ### Create flash keyring and use it in an example program - 1. Please follow the instruction at TSIP manual, chapter 7. Key Data Operations. - 2. Copy and paste s_flash[] data to s_flash[] data in example-program/key_data.c +1. Please follow the instruction at TSIP manual, chapter 7. Key Data Operations. +2. Copy and paste s_flash[] data to s_flash[] data in example-program/key_data.c `const uint32_t s_flash[] =` ### Create RSA key pair for signing Root CA verification and use them in an example program - To use TSIP TLS-linked APIs, it needs RSA key pair and Root CA certificate bundle signature by RSA 2048 PSS with SHA256. - Shell and Perl script program in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/tools/ can be used for the purpose. - - * generate_rsa_keypair.sh : generate RSA 2048 bit key pair. Show modulus and public exponent when specifying "-s" option - * rsa_pss_sign.sh : sign the file by the specified private key - * genhexbuf.pl : generate C header file including a byte array generated from the specified file in the script - - Modulus and public exponent showed by `generate_rsa_keypair.sh` can be used for input date to Renesas Secure Flash Programmer to generate encrypted RSA keys for TSIP TLS-linked API use. Please follow the instruction about how to generate RSA keys in the TSIP manual. +To use TSIP TLS-linked APIs, it needs RSA key pair and Root CA certificate bundle signature by RSA 2048 PSS with SHA256. +Shell and Perl script program in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/tools/ can be used for the purpose. +* `generate_rsa_keypair.sh`: generate RSA 2048 bit key pair. Show modulus and public exponent when specifying "-s" option +* `rsa_pss_sign.sh`: sign the file by the specified private key +* `genhexbuf.pl`: generate C header file including a byte array generated from the specified file in the script - Generated byte array of signed signature by genhexbuf.pl can be replaced signature data in key_data.c of an example program. +Modulus and public exponent showed by `generate_rsa_keypair.sh` can be used for input date to +Renesas Secure Flash Programmer to generate encrypted RSA keys for TSIP TLS-linked API use. +Please follow the instruction about how to generate RSA keys in the TSIP manual. +Generated byte array of signed signature by `genhexbuf.pl` can be replaced signature data in key_data.c of an example program. - Encrypted RSA key and generated byte array of signed signature need to be informed wolfSSL library before loading CA certification. Please see SetTsipTlskey() function an example program about how to inform them. +Encrypted RSA key and generated byte array of signed signature need to be informed wolfSSL library before loading CA certification. +Please see `SetTsipTlskey()` function an example program about how to inform them. ### Coding -In your application you must include before any other wolfSSL headers. If building the sources directly we recommend defining `WOLFSSL_USER_SETTINGS` and adding your own `user_settings.h` file. You can find a good reference for this in `/path/to/Renesas/e2studio/Projects/common/user_settings.h`. +In your application you must include before any other wolfSSL headers. +If building the sources directly we recommend defining `WOLFSSL_USER_SETTINGS` and adding your own `user_settings.h` file. +You can find a good reference for this in `/path/to/Renesas/e2studio/Projects/common/user_settings.h`. ## Support - For question please email [support@wolfssl.com] - - +For question please email [support@wolfssl.com] diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 9b8ecfe8f..ad6050b4e 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -45,7 +45,7 @@ static int devId = 7890; /* dev Id for Crypt Callback */ #include /* Renesas Security Library Common Callback - * For Crypto Call back + * For Crypto Callbacks * * devIdArg device Id * info pointer to wc_CryptInfo @@ -61,7 +61,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #if defined(WOLFSSL_RENESAS_TSIP_TLS) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*) ctx; + User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx; #endif if (info == NULL || ctx == NULL) @@ -78,11 +78,10 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #if !defined(NO_AES) || !defined(NO_DES3) #ifdef HAVE_AESGCM - if (info->cipher.type == WC_CIPHER_AES_GCM && + if (info->cipher.type == WC_CIPHER_AES_GCM && cbInfo->session_key_set == 1) { - + if (info->cipher.enc) { - ret = wc_tsip_AesGcmEncrypt( info->cipher.aesgcm_enc.aes, (byte*)info->cipher.aesgcm_enc.out, @@ -95,10 +94,9 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) (byte*)info->cipher.aesgcm_enc.authIn, info->cipher.aesgcm_enc.authInSz, (void*)ctx); - - } + + } else { - ret = wc_tsip_AesGcmDecrypt( info->cipher.aesgcm_dec.aes, (byte*)info->cipher.aesgcm_dec.out, @@ -115,20 +113,18 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } #endif /* HAVE_AESGCM */ #ifdef HAVE_AES_CBC - if (info->cipher.type == WC_CIPHER_AES_CBC && + if (info->cipher.type == WC_CIPHER_AES_CBC && cbInfo->session_key_set == 1) { - + if (info->cipher.enc) { - ret = wc_tsip_AesCbcEncrypt( info->cipher.aescbc.aes, (byte*)info->cipher.aescbc.out, (byte*)info->cipher.aescbc.in, info->cipher.aescbc.sz); - + } else { - ret = wc_tsip_AesCbcDecrypt( info->cipher.aescbc.aes, (byte*)info->cipher.aescbc.out, @@ -146,32 +142,32 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #if !defined(NO_AES) || !defined(NO_DES3) #ifdef HAVE_AESGCM if (info->cipher.type == WC_CIPHER_AES_GCM) { - - if (info->cipher.enc && - ( cbInfo->session_key_set == 1 || - (cbInfo->aes256_installedkey_set == 1 && + + if (info->cipher.enc && + (cbInfo->session_key_set == 1 || + (cbInfo->aes256_installedkey_set == 1 && info->cipher.aesgcm_enc.aes->keylen == 32) || - (cbInfo->aes128_installedkey_set == 1 && + (cbInfo->aes128_installedkey_set == 1 && info->cipher.aesgcm_enc.aes->keylen == 16))) { - - if(cbInfo->aes256_installedkey_set == 1 && + + if (cbInfo->aes256_installedkey_set == 1 && info->cipher.aesgcm_enc.aes->keylen == 32) { - + XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key, - &cbInfo->sce_wrapped_key_aes256, + &cbInfo->sce_wrapped_key_aes256, sizeof(sce_aes_wrapped_key_t)); info->cipher.aesgcm_enc.aes->ctx.keySize = 32; - + } - else if (cbInfo->aes128_installedkey_set == 1 && + else if (cbInfo->aes128_installedkey_set == 1 && info->cipher.aesgcm_enc.aes->keylen == 16) { - + XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key, &cbInfo->sce_wrapped_key_aes128, sizeof(sce_aes_wrapped_key_t)); info->cipher.aesgcm_enc.aes->ctx.keySize = 16; } - + ret = wc_sce_AesGcmEncrypt( info->cipher.aesgcm_enc.aes, (byte*)info->cipher.aesgcm_enc.out, @@ -184,32 +180,32 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) (byte*)info->cipher.aesgcm_enc.authIn, info->cipher.aesgcm_enc.authInSz, (void*)ctx); - + } - else if (cbInfo->session_key_set == 1 || - (cbInfo->aes256_installedkey_set == 1 && + else if (cbInfo->session_key_set == 1 || + (cbInfo->aes256_installedkey_set == 1 && info->cipher.aesgcm_dec.aes->keylen == 32) || - (cbInfo->aes128_installedkey_set == 1 && + (cbInfo->aes128_installedkey_set == 1 && info->cipher.aesgcm_dec.aes->keylen == 16)) { - - if(cbInfo->aes256_installedkey_set == 1 && + + if (cbInfo->aes256_installedkey_set == 1 && info->cipher.aesgcm_dec.aes->keylen == 32) { - + XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key, &cbInfo->sce_wrapped_key_aes256, sizeof(sce_aes_wrapped_key_t)); info->cipher.aesgcm_dec.aes->ctx.keySize = 32; - + } - else if (cbInfo->aes128_installedkey_set == 1 && + else if (cbInfo->aes128_installedkey_set == 1 && info->cipher.aesgcm_dec.aes->keylen == 16) { - + XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key, &cbInfo->sce_wrapped_key_aes128, sizeof(sce_aes_wrapped_key_t)); info->cipher.aesgcm_dec.aes->ctx.keySize = 16; } - + ret = wc_sce_AesGcmDecrypt( info->cipher.aesgcm_dec.aes, (byte*)info->cipher.aesgcm_dec.out, @@ -226,30 +222,30 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } #endif /* HAVE_AESGCM */ #ifdef HAVE_AES_CBC - if ((info->cipher.type == WC_CIPHER_AES_CBC) && - (cbInfo->session_key_set == 1 || - (cbInfo->aes256_installedkey_set == 1 && + if ((info->cipher.type == WC_CIPHER_AES_CBC) && + (cbInfo->session_key_set == 1 || + (cbInfo->aes256_installedkey_set == 1 && info->cipher.aescbc.aes->keylen == 32) || - (cbInfo->aes128_installedkey_set == 1 && + (cbInfo->aes128_installedkey_set == 1 && info->cipher.aescbc.aes->keylen == 16))) { - + if (info->cipher.enc) { - if(cbInfo->aes256_installedkey_set == 1 && + if (cbInfo->aes256_installedkey_set == 1 && info->cipher.aescbc.aes->keylen == 32) { XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key, &cbInfo->sce_wrapped_key_aes256, sizeof(sce_aes_wrapped_key_t)); info->cipher.aescbc.aes->ctx.keySize = 32; - + } - else if (cbInfo->aes128_installedkey_set == 1 && + else if (cbInfo->aes128_installedkey_set == 1 && info->cipher.aescbc.aes->keylen == 16) { XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key, &cbInfo->sce_wrapped_key_aes128, sizeof(sce_aes_wrapped_key_t)); info->cipher.aescbc.aes->ctx.keySize = 16; } - + ret = wc_sce_AesCbcEncrypt( info->cipher.aescbc.aes, (byte*)info->cipher.aescbc.out, @@ -257,21 +253,21 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->cipher.aescbc.sz); } else { - if(cbInfo->aes256_installedkey_set == 1 && + if (cbInfo->aes256_installedkey_set == 1 && info->cipher.aescbc.aes->keylen == 32) { XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key, &cbInfo->sce_wrapped_key_aes256, sizeof(sce_aes_wrapped_key_t)); info->cipher.aescbc.aes->ctx.keySize = 32; - - } else if (cbInfo->aes128_installedkey_set == 1 && + + } else if (cbInfo->aes128_installedkey_set == 1 && info->cipher.aescbc.aes->keylen == 16) { XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key, &cbInfo->sce_wrapped_key_aes128, sizeof(sce_aes_wrapped_key_t)); info->cipher.aescbc.aes->ctx.keySize = 16; } - + ret = wc_sce_AesCbcDecrypt( info->cipher.aescbc.aes, (byte*)info->cipher.aescbc.out, @@ -292,7 +288,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) /* Renesas Security Library Common Entry Point * For usable method - * + * * ssl : a pointer to WOLFSSL object * session_key_generated : if session key has been generated * return 1 for usable, 0 for unusable @@ -300,19 +296,19 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated) { int ret; - + #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_usable(ssl, session_key_generated); #elif defined(WOLFSSL_RENESAS_SCEPROTECT) ret = wc_sce_usable(ssl, session_key_generated); #endif - + return ret; } /* Renesas Security Library Common Method * Crypt Callback initialization - * + * * ssl : a pointer to WOLFSSL object * ctx : callback context * return valid device Id on success, otherwise INVALID_DEVIID @@ -321,26 +317,26 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) { (void)ssl; (void)ctx; - + #if defined(WOLFSSL_RENESAS_TSIP_TLS) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; #elif defined(WOLFSSL_RENESAS_SCEPROTECT) User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx; #endif - + if (wc_CryptoCb_RegisterDevice(devId, Renesas_cmn_CryptoDevCb, cbInfo) < 0) { return INVALID_DEVID; } - - if(ssl) + + if (ssl) wolfSSL_SetDevId(ssl, devId); - + return devId; } /* Renesas Security Library Common Method * Clean up CryptCb - * + * * id : a pointer to device id to unregister * no return value */ @@ -355,7 +351,7 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id) /* Renesas Security Library Common Method * Check CA index if CA can be used for SCE/TSIP because * the CA has been verified by SCE/TSIP - * + * * cmdIdx : ca index * return 1 can be used, otherwise 0 */ @@ -366,65 +362,65 @@ WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx) } /* check if the root CA has been verified by TSIP/SCE, - * and it exists in the CM table. + * and it exists in the CM table. */ -static byte sce_tsip_rootCAverified( ) +static byte sce_tsip_rootCAverified(void) { WOLFSSL_ENTER("sce_tsip_rootCAverified"); return (g_CAscm_Idx != (uint32_t)-1 ? 1:0); } /* Renesas Security Library Common Callback * Callback for Rsa verify - * + * * ssl the WOLFSSL object * sig Buffer holding signature * sigSz Length of signature in bytes * out Buffer to hold hash * key Buffer to hold ecc key * keySz Length of key in bytes - * return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code + * return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code */ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, byte** out, const byte* key, word32 keySz, void* ctx) { int ret = 0; - + WOLFSSL_ENTER("Renesas_cmn_RsaVerify"); - #if defined(WOLFSSL_RENESAS_TSIP_TLS) - ret = wc_tsip_RsaVerify(ssl, sig, sigSz, out, key, keySz, ctx); +#if defined(WOLFSSL_RENESAS_TSIP_TLS) + ret = wc_tsip_RsaVerify(ssl, sig, sigSz, out, key, keySz, ctx); - if (ret == 0) { - /* Set Call back for SharedScret when being successful */ - wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, wc_tsip_EccSharedSecret); - wolfSSL_SetEccSharedSecretCtx(ssl, ctx); - } - else { - WOLFSSL_MSG("failed wc_tsip_RsaVerify"); - wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); - wolfSSL_SetEccSharedSecretCtx(ssl, NULL); - } + if (ret == 0) { + /* Set Callback for SharedSecret when successful */ + wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, wc_tsip_EccSharedSecret); + wolfSSL_SetEccSharedSecretCtx(ssl, ctx); + } + else { + WOLFSSL_MSG("failed wc_tsip_RsaVerify"); + wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); + wolfSSL_SetEccSharedSecretCtx(ssl, NULL); + } - #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - ret = wc_SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx); +#elif defined(WOLFSSL_RENESAS_SCEPROTECT) + ret = wc_SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx); + + if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) { + /* Set Callback for SharedSecret when successful */ + wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret); + wolfSSL_SetEccSharedSecretCtx(ssl, ctx); + } + else { + WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify"); + wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); + wolfSSL_SetEccSharedSecretCtx(ssl, NULL); + } +#endif - if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) { - /* Set Call back for SharedScret when being successful */ - wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret); - wolfSSL_SetEccSharedSecretCtx(ssl, ctx); - } - else { - WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify"); - wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); - wolfSSL_SetEccSharedSecretCtx(ssl, NULL); - } - #endif - return ret; } /* Renesas Security Library Common Callback * Callback for Ecc verify - * + * * ssl the WOLFSSL object * sig Buffer holding signature * sigSz Length of signature in bytes @@ -433,49 +429,49 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, * key Buffer to hold ecc key * keySz Length of key in bytes * result a pointer to int indicates if the verify is ok - * return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code + * return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code */ -WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig, - uint32_t sigSz, const uint8_t* hash, uint32_t hashSz, +WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig, + uint32_t sigSz, const uint8_t* hash, uint32_t hashSz, const uint8_t* key, uint32_t keySz, int* result, void* ctx) { int ret = 0; - + WOLFSSL_ENTER("Renesas_cmn_EccVerify"); - #if defined(WOLFSSL_RENESAS_TSIP) - ret = wc_tsip_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz, - result, ctx); - if (ret == 0 && *result == 1) { - /* Set callback for SharedScret when being successful */ - wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, wc_tsip_EccSharedSecret); - wolfSSL_SetEccSharedSecretCtx(ssl, ctx); - } - else { - WOLFSSL_MSG("failed wc_tsip_EccVerify"); - wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); - wolfSSL_SetEccSharedSecretCtx(ssl, NULL); - } - #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - ret = wc_SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz, - result, ctx); - if (ret == 0 && *result == 1 && ret != CRYPTOCB_UNAVAILABLE) { - /* Set callback for SharedScret when being successful */ - wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret); - wolfSSL_SetEccSharedSecretCtx(ssl, ctx); - } - else { - WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify"); - wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); - wolfSSL_SetEccSharedSecretCtx(ssl, NULL); - } - #endif - +#if defined(WOLFSSL_RENESAS_TSIP) + ret = wc_tsip_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz, + result, ctx); + if (ret == 0 && *result == 1) { + /* Set callback for SharedSecret when being successful */ + wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, wc_tsip_EccSharedSecret); + wolfSSL_SetEccSharedSecretCtx(ssl, ctx); + } + else { + WOLFSSL_MSG("failed wc_tsip_EccVerify"); + wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); + wolfSSL_SetEccSharedSecretCtx(ssl, NULL); + } +#elif defined(WOLFSSL_RENESAS_SCEPROTECT) + ret = wc_SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz, + result, ctx); + if (ret == 0 && *result == 1 && ret != CRYPTOCB_UNAVAILABLE) { + /* Set callback for SharedSecret when being successful */ + wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret); + wolfSSL_SetEccSharedSecretCtx(ssl, ctx); + } + else { + WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify"); + wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); + wolfSSL_SetEccSharedSecretCtx(ssl, NULL); + } +#endif + return ret; } /* Renesas Security Library Common Entry Point - * For ROOT CA verifycation - * + * For ROOT CA verifycation + * * cert Buffer to hold cert * cert_len Length of cert * key_n_start Byte position of public key in cert @@ -483,26 +479,26 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig, * key_e_start Byte position of public key exponent in cert * key_e_len Length of public key exponent * cm_row CA index - * return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code + * return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code */ int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start, word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row) { int ret; - + WOLFSSL_ENTER("wc_Renesas_cmn_RootCertVerify"); if (sce_tsip_rootCAverified() == 0) { - - #if defined(WOLFSSL_RENESAS_TSIP_TLS) - ret = wc_tsip_tls_RootCertVerify(cert, cert_len, key_n_start, - key_n_len, key_e_start, key_e_len, cm_row); - - #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - - ret = wc_sce_tls_RootCertVerify(cert, cert_len, key_n_start, - key_n_len, key_e_start, key_e_len, cm_row); - #endif + + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + ret = wc_tsip_tls_RootCertVerify(cert, cert_len, key_n_start, + key_n_len, key_e_start, key_e_len, cm_row); + + #elif defined(WOLFSSL_RENESAS_SCEPROTECT) + + ret = wc_sce_tls_RootCertVerify(cert, cert_len, key_n_start, + key_n_len, key_e_start, key_e_len, cm_row); + #endif } else { /* already verified. skipped */ @@ -512,36 +508,37 @@ int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_ } /* Renesas Security Library Common Callback - * Callback for tls finished - * + * Callback for tls finished + * * ssl the WOLFSSL object * side CLIENT or SERVER * handshake_hash hash while doing handshake - * hashes calculated data by SCE/TSIP pseduo random function - * return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code + * hashes calculated data by SCE/TSIP pseudo random function + * return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code */ -WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, +WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, const byte *handshake_hash, byte *hashes, void* ctx) { int ret = -1; - + (void)ctx; WOLFSSL_ENTER("Renesas_cmn_TlsFinished"); /* sanity check */ if (ssl == NULL || ctx == NULL || side == NULL || handshake_hash == NULL || - hashes == NULL ) + hashes == NULL) { return BAD_FUNC_ARG; + } #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = wc_tsip_generateVerifyData(ssl->arrays->tsip_masterSecret, side, handshake_hash, hashes); #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret, /* master secret */ + ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret, side, handshake_hash, hashes); #endif - + return ret; } @@ -551,7 +548,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, * * ssl the WOLFSSL object * ctx Callback context - * return 0 on sucess, -1 when keys are not generated by SCE/TSIP + * return 0 on success, -1 when keys are not generated by SCE/TSIP */ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) { @@ -562,7 +559,7 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) /* sanity check */ if (ssl == NULL || ctx == NULL) return BAD_FUNC_ARG; - + #if defined(WOLFSSL_RENESAS_TSIP_TLS) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; #elif defined(WOLFSSL_RENESAS_SCEPROTECT) @@ -571,7 +568,7 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) if (cbInfo->session_key_set == 1) { ret = 0; - + wolfSSL_CTX_SetTlsFinishedCb(ssl->ctx, Renesas_cmn_TlsFinished); wolfSSL_SetTlsFinishedCtx(ssl, cbInfo); } @@ -585,37 +582,38 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) } /* Renesas Security Library Common Callback - * Callback for Sesssion Key generation - * Register callback for Set Keys when keys are successfully + * Callback for Session Key generation + * Register callback for Set Keys when keys are successfully * generated by SCE/TSIP * * ssl the WOLFSSL object * ctx Callback context - * return FSP_SUCCESS(0) on sucess, otherwise SCE/TSIP error code + * return FSP_SUCCESS(0) on success, otherwise SCE/TSIP error code */ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx) { int ret = -1; - + (void)ctx; WOLFSSL_ENTER("Renesas_cmn_generateSessionKey"); - + /* sanity check */ if (ssl == NULL || ctx == NULL) return BAD_FUNC_ARG; - #if defined(WOLFSSL_RENESAS_TSIP_TLS) + +#if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, devId); #elif defined(WOLFSSL_RENESAS_SCEPROTECT) ret = wc_sce_generateSessionKey(ssl, ctx, devId); #endif if (ret == 0) { - wolfSSL_CTX_SetEncryptKeysCb(ssl->ctx, Renesas_cmn_EncryptKeys); - wolfSSL_SetEncryptKeysCtx(ssl, ctx); + wolfSSL_CTX_SetEncryptKeysCb(ssl->ctx, Renesas_cmn_EncryptKeys); + wolfSSL_SetEncryptKeysCtx(ssl, ctx); } else { - wolfSSL_CTX_SetEncryptKeysCb(ssl->ctx, NULL); - wolfSSL_SetEncryptKeysCtx(ssl, NULL); + wolfSSL_CTX_SetEncryptKeysCb(ssl->ctx, NULL); + wolfSSL_SetEncryptKeysCtx(ssl, NULL); } return ret; @@ -623,44 +621,44 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx) /* Renesas Security Library Common Callback * Callback for Premaster Secret generation - * Register callback for Set Keys when keys are successfully + * Register callback for Set Keys when keys are successfully * generated by SCE/TSIP * * ssl the WOLFSSL object * premaster Buffer to hold pre master * preSz Length of pre-master * ctx Callback context - * return FSP_SUCCESS(0) on sucess, - * otherwise PROTOCOLCB_UNAVAILABLE + * return FSP_SUCCESS(0) on success, + * otherwise PROTOCOLCB_UNAVAILABLE * so that caller could continue to process if want */ -WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, +WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, byte *premaster, word32 preSz, void* ctx) { int ret; - + (void) ctx; (void) ssl; WOLFSSL_ENTER("Renesas_cmn_generatePremasterSecret"); - #if defined(WOLFSSL_RENESAS_TSIP_TLS) - if (Renesas_cmn_usable(ssl, 0)) { +#if defined(WOLFSSL_RENESAS_TSIP_TLS) + if (Renesas_cmn_usable(ssl, 0)) { ret = wc_tsip_generatePremasterSecret(premaster, preSz); ssl->arrays->preMasterSz = preSz; } else ret = PROTOCOLCB_UNAVAILABLE; - #elif defined(WOLFSSL_RENESAS_SCEPROTECT) +#elif defined(WOLFSSL_RENESAS_SCEPROTECT) if (Renesas_cmn_usable(ssl, 0)) { ret = wc_sce_generatePremasterSecret(premaster, preSz); ssl->arrays->preMasterSz = preSz; } else ret = PROTOCOLCB_UNAVAILABLE; - #endif - +#endif + return ret; } @@ -671,14 +669,14 @@ WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, * * ssl the WOLFSSL object * ctx Callback context - * return FSP_SUCCESS(0) on sucess, - * otherwise PROTOCOLCB_UNAVAILABLE + * return FSP_SUCCESS(0) on success, + * otherwise PROTOCOLCB_UNAVAILABLE * so that caller could continue to process if want */ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx) { int ret = WOLFSSL_NOT_IMPLEMENTED; - + (void) ret; (void) ctx; @@ -687,7 +685,7 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx) #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (Renesas_cmn_usable(ssl, 0)) { - #if (WOLFSSL_RENESAS_TSIP_VER >= 109 ) + #if (WOLFSSL_RENESAS_TSIP_VER >= 109) ret = wc_tsip_generateMasterSecretEx( ssl->options.cipherSuite0, ssl->options.cipherSuite, @@ -695,18 +693,18 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx) ssl->arrays->clientRandom, ssl->arrays->serverRandom, ssl->arrays->tsip_masterSecret); - #else + #else ret = wc_tsip_generateMasterSecret( ssl->arrays->preMasterSecret, ssl->arrays->clientRandom, ssl->arrays->serverRandom, ssl->arrays->tsip_masterSecret); - #endif + #endif if (ret == 0) { wc_tsip_storeKeyCtx(ssl, (TsipUserCtx*)ctx); /* set Session Key generation Callback for use */ - wolfSSL_CTX_SetGenSessionKeyCb(ssl->ctx, + wolfSSL_CTX_SetGenSessionKeyCb(ssl->ctx, Renesas_cmn_generateSessionKey); wolfSSL_SetGenSessionKeyCtx(ssl, ctx); } @@ -730,7 +728,7 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx) if (ret == 0) { wc_sce_storeKeyCtx(ssl, ctx); /* set Session Key generation Callback for use */ - wolfSSL_CTX_SetGenSessionKeyCb(ssl->ctx, + wolfSSL_CTX_SetGenSessionKeyCb(ssl->ctx, Renesas_cmn_generateSessionKey); wolfSSL_SetGenSessionKeyCtx(ssl, ctx); } @@ -741,7 +739,7 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx) } else ret = PROTOCOLCB_UNAVAILABLE; - + #endif return ret; } @@ -757,11 +755,11 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx) * KeyDer Buffer holding Key in der format * KeySz Length of Key Der * ctx Callback context - * return FSP_SUCCESS(0) on sucess, - * otherwise CRYPTOCB_UNAVAILABLE + * return FSP_SUCCESS(0) on success, + * otherwise CRYPTOCB_UNAVAILABLE * so that caller could continue to process if want */ -WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, +WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz, unsigned char* out, word32* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx) { @@ -778,15 +776,14 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, WOLFSSL_ENTER("Renesas_cmn_RsaEnc"); /* sanity check */ - if (ssl == NULL || in == NULL || out == NULL || keyDer == NULL || + if (ssl == NULL || in == NULL || out == NULL || keyDer == NULL || ctx == NULL) { return BAD_FUNC_ARG; } - + EncSz = wc_RsaEncryptSize(ssl->peerRsaKey); #if defined(WOLFSSL_RENESAS_TSIP_TLS) - if (tsip_usable(ssl, 0)) { if (EncSz == 256) { ret = wc_tsip_generateEncryptPreMasterSecret(ssl, out, outSz); @@ -824,11 +821,11 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, * macSz Length of mac size * content content of inner data * ctx Callback context - * return FSP_SUCCESS(0) on sucess, - * otherwise PROTOCOLCB_UNAVAILABLE + * return FSP_SUCCESS(0) on success, + * otherwise PROTOCOLCB_UNAVAILABLE * so that caller could continue to process if want */ -WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, +WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, word32 messageSz, word32 macSz, word32 content, void* ctx) { int ret; @@ -836,20 +833,20 @@ WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, WOLFSSL_ENTER("Renesas_cmn_VerifyHmac"); - #if defined(WOLFSSL_RENESAS_TSIP_TLS) +#if defined(WOLFSSL_RENESAS_TSIP_TLS) if (tsip_usable(ssl, 1)) { ret = wc_tsip_ShaXHmacVerify(ssl, message, messageSz, macSz, content); } else - ret = PROTOCOLCB_UNAVAILABLE; - #elif defined(WOLFSSL_RENESAS_SCEPROTECT) + ret = PROTOCOLCB_UNAVAILABLE; +#elif defined(WOLFSSL_RENESAS_SCEPROTECT) if (wc_sce_usable(ssl, 1)) { ret = wc_sce_Sha256VerifyHmac(ssl, message, messageSz, macSz, content); } else ret = PROTOCOLCB_UNAVAILABLE; - #endif - +#endif + return ret; } @@ -862,28 +859,28 @@ WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, * sz Length of in data * padSz Length of padding * content content of inner data - * epocOrder - * return FSP_SUCCESS(0) on sucess, otherwise error code + * epochOrder + * return FSP_SUCCESS(0) on success, otherwise error code */ -WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, +WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, int content, int verify, int epochOrder) { int ret; byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; - + WOLFSSL_ENTER("Renesas_cmn_TLS_hmac"); - #if defined(WOLFSSL_RENESAS_TSIP_TLS) +#if defined(WOLFSSL_RENESAS_TSIP_TLS) if (Renesas_cmn_usable(ssl, 1)) { - + wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); if (ssl->specs.hash_size == WC_SHA_DIGEST_SIZE) { - ret = wc_tsip_Sha1HmacGenerate(ssl, myInner, + ret = wc_tsip_Sha1HmacGenerate(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ, in, sz, digest); } else if (ssl->specs.hash_size == WC_SHA256_DIGEST_SIZE) { - ret = wc_tsip_Sha256HmacGenerate(ssl, myInner, + ret = wc_tsip_Sha256HmacGenerate(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ, in, sz, digest); } else { @@ -897,11 +894,11 @@ WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, } - #elif defined(WOLFSSL_RENESAS_SCEPROTECT) +#elif defined(WOLFSSL_RENESAS_SCEPROTECT) if (Renesas_cmn_usable(ssl, 1)) { if (ssl->specs.hash_size == WC_SHA256_DIGEST_SIZE) { wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); - ret = wc_sce_Sha256GenerateHmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ, + ret = wc_sce_Sha256GenerateHmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ, in, sz, digest); } else @@ -911,9 +908,9 @@ WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, /* fall through to original TLS hmac method when SCE cannot be used */ ret = TLS_hmac(ssl, digest, in, sz, padSz, content, verify, epochOrder); } - - #endif - + +#endif + return ret; } @@ -926,42 +923,41 @@ WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, * keyDer Buffer to hold rsa key * keySz Length of key in bytes * ctx Callback context - * return FSP_SUCCESS(0) on sucess, - * otherwise CRYPTOCB_UNAVAILABLE + * return FSP_SUCCESS(0) on success, + * otherwise CRYPTOCB_UNAVAILABLE * so that caller could continue to process if want */ -WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig, - unsigned int sigSz, unsigned char** out, const unsigned char* keyDer, +WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig, + unsigned int sigSz, unsigned char** out, const unsigned char* keyDer, unsigned int keySz, void* ctx) { int ret; CertAttribute* CertAtt; - + (void)out; (void)keyDer; (void)keySz; - + WOLFSSL_ENTER("Renesas_cmn_SigPkCbRsaVerify"); /* sanity check */ if (sig == NULL || out == NULL || keyDer == NULL || ctx == NULL) return BAD_FUNC_ARG; - + CertAtt = (CertAttribute*)ctx; if (!CertAtt) { return CRYPTOCB_UNAVAILABLE; } - - #if defined(WOLFSSL_RENESAS_TSIP_TLS) - if (CertAtt->keyIndex != NULL) - { + +#if defined(WOLFSSL_RENESAS_TSIP_TLS) + if (CertAtt->keyIndex != NULL) { ret = wc_tsip_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz, CertAtt->pubkey_n_start - CertAtt->certBegin, CertAtt->pubkey_n_len - 1, CertAtt->pubkey_e_start - CertAtt->certBegin, CertAtt->pubkey_e_len -1, (uint8_t*)CertAtt->keyIndex); - if (ret == 0){ + if (ret == 0) { CertAtt->verifyByTSIP_SCE = 1; } else { @@ -972,16 +968,15 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig, else ret = CRYPTOCB_UNAVAILABLE; - #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - if (CertAtt->keyIndex != NULL) - { +#elif defined(WOLFSSL_RENESAS_SCEPROTECT) + if (CertAtt->keyIndex != NULL) { ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz, CertAtt->pubkey_n_start - CertAtt->certBegin, CertAtt->pubkey_n_len - 1, CertAtt->pubkey_e_start - CertAtt->certBegin, CertAtt->pubkey_e_len -1, (uint8_t*)CertAtt->keyIndex); - if (ret == 0){ + if (ret == 0) { CertAtt->verifyByTSIP_SCE = 1; } else { @@ -991,8 +986,8 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig, } else ret = CRYPTOCB_UNAVAILABLE; - #endif - +#endif + return ret; } @@ -1007,18 +1002,18 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig, * keySz Length of key in bytes * result A pointer to int indicates a result * ctx Callback context - * return FSP_SUCCESS(0) on sucess, - * otherwise CRYPTOCB_UNAVAILABLE + * return FSP_SUCCESS(0) on success, + * otherwise CRYPTOCB_UNAVAILABLE * so that caller could continue to process if want */ -WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, +WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz, const unsigned char* hash, unsigned int hashSz, const unsigned char* keyDer, unsigned int keySz, int* result, void* ctx) { int ret; CertAttribute* CertAtt; - + (void)result; (void)keyDer; (void)keySz; @@ -1031,16 +1026,15 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, if (sig == NULL || keyDer == NULL || hash == NULL || ctx == NULL || result == NULL) return BAD_FUNC_ARG; - - + + CertAtt = (CertAttribute*)ctx; if (!CertAtt) { return CRYPTOCB_UNAVAILABLE; } - - #if defined(WOLFSSL_RENESAS_TSIP_TLS) - if (CertAtt->keyIndex != NULL) - { + +#if defined(WOLFSSL_RENESAS_TSIP_TLS) + if (CertAtt->keyIndex != NULL) { ret = wc_tsip_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz, CertAtt->pubkey_n_start - CertAtt->certBegin, CertAtt->pubkey_n_len - 1, @@ -1058,9 +1052,8 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, } else ret = CRYPTOCB_UNAVAILABLE; - #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - if (CertAtt->keyIndex != NULL) - { +#elif defined(WOLFSSL_RENESAS_SCEPROTECT) + if (CertAtt->keyIndex != NULL) { ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz, CertAtt->pubkey_n_start - CertAtt->certBegin, CertAtt->pubkey_n_len - 1, @@ -1078,8 +1071,8 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, } else ret = CRYPTOCB_UNAVAILABLE; - #endif - +#endif + return ret; } diff --git a/wolfcrypt/src/port/Renesas/renesas_sce_aes.c b/wolfcrypt/src/port/Renesas/renesas_sce_aes.c index 840896dcb..82e9c0830 100644 --- a/wolfcrypt/src/port/Renesas/renesas_sce_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_sce_aes.c @@ -52,7 +52,7 @@ typedef fsp_err_t (*aesGcmEncUpdateFn) (sce_gcm_handle_t*,uint8_t*, uint8_t*, uint32_t, uint8_t*, uint32_t); typedef fsp_err_t (*aesGcmEncFinalFn) (sce_gcm_handle_t*, uint8_t*, uint32_t*, uint8_t*); - + typedef fsp_err_t (*aesGcmDecInitFn) (sce_gcm_handle_t*, sce_aes_wrapped_key_t*, uint8_t*, uint32_t); typedef fsp_err_t (*aesGcmDecUpdateFn) @@ -84,33 +84,33 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, sce_gcm_handle_t _handle; uint32_t dataLen = sz; User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx; - + aesGcmEncInitFn initFn; aesGcmEncUpdateFn updateFn; aesGcmEncFinalFn finalFn; - + uint8_t* plainBuf = NULL; uint8_t* cipherBuf = NULL; uint8_t* aTagBuf = NULL; uint8_t delta; const uint8_t* iv_l = NULL; uint32_t ivSz_l = 0; - + sce_hmac_sha_wrapped_key_t key_client_mac; sce_hmac_sha_wrapped_key_t key_server_mac; sce_aes_wrapped_key_t key_client_aes; sce_aes_wrapped_key_t key_server_aes; - + /* sanity check */ if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) { return BAD_FUNC_ARG; } - + if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) { WOLFSSL_MSG("GcmEncrypt authTagSz too small error"); return BAD_FUNC_ARG; } - + if (aes->ctx.keySize != 16 && aes->ctx.keySize != 32) { WOLFSSL_MSG("keySize is invalid, neither 16 or 32."); return BAD_FUNC_ARG; @@ -126,35 +126,35 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, updateFn = R_SCE_AES256GCM_EncryptUpdate; finalFn = R_SCE_AES256GCM_EncryptFinal; } - - + + /* check if AES GCM can be used by SCE */ if ((ret = wc_sce_hw_lock()) == 0) { - - /* allocate buffers for plaintaxt, ciphertext and authTag to make sure - * those buffers 32bit aligned as SCE requests. + + /* allocate buffers for plaintext, ciphertext and authTag to make sure + * those buffers 32bit aligned as SCE requests. */ delta = sz % AES_BLOCK_SIZE; plainBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES); cipherBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES); - aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap, + aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap, DYNAMIC_TYPE_AES); - + if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL) { - WOLFSSL_MSG("wc_sce_AesGcmEncrypt: buffer allocation faild"); + WOLFSSL_MSG("wc_sce_AesGcmEncrypt: buffer allocation failed"); ret = -1; } - + if (ret == 0) { XMEMCPY(plainBuf, in, sz); XMEMSET((void*)cipherBuf, 0, sz + delta); XMEMSET((void*)authTag, 0, authTagSz); } - - if (ret == 0 && + + if (ret == 0 && info->session_key_set == 1) { - /* generate AES-GCM session key. The key stored in - * Aes.ctx.tsip_keyIdx is not used here. + /* generate AES-GCM session key. The key stored in + * Aes.ctx.tsip_keyIdx is not used here. */ ret = R_SCE_TLS_SessionKeyGenerate( info->sce_cipher, @@ -171,32 +171,34 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, WOLFSSL_MSG("R_SCE_TLS_SessionKeyGenerate failed"); ret = -1; } - + } else if (info->aes256_installedkey_set == 1 || info->aes128_installedkey_set == 1) { - if(aes->ctx.keySize == 32) { + if (aes->ctx.keySize == 32) { XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes256, sizeof(sce_aes_wrapped_key_t)); - } else { + } + else { XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes128, sizeof(sce_aes_wrapped_key_t)); } iv_l = iv; ivSz_l = ivSz; - } else { + } + else { WOLFSSL_MSG("AES key for SCE is not set."); ret = -1; } - + if (ret == 0) { - - /* since generated session key is coupled to iv, no need to pass + + /* since generated session key is coupled to iv, no need to pass * them init func. */ ret = initFn(&_handle, &key_client_aes, (uint8_t*)iv_l, ivSz_l); if (ret == FSP_SUCCESS) { - ret = updateFn(&_handle, NULL, NULL, 0UL, (uint8_t*)authIn, + ret = updateFn(&_handle, NULL, NULL, 0UL, (uint8_t*)authIn, authInSz); } if (ret == FSP_SUCCESS) { @@ -206,7 +208,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, WOLFSSL_MSG("R_SCE_AesXXXGcmEncryptUpdate: failed"); ret = -1; } - + if (ret == FSP_SUCCESS) { /* Once R_SCE_AesxxxGcmEncryptInit or R_SCE_AesxxxEncryptUpdate is * called, R_SCE_AesxxxGcmEncryptFinal must be called regardless of @@ -214,7 +216,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, * from its error state and all the trailing APIs will fail. */ dataLen = 0; - ret = finalFn(&_handle, + ret = finalFn(&_handle, cipherBuf + (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE, &dataLen, aTagBuf); @@ -224,7 +226,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, XMEMCPY(out, cipherBuf, dataLen); /* copy auth tag to caller's buffer */ - XMEMCPY((void*)authTag, (void*)aTagBuf, + XMEMCPY((void*)authTag, (void*)aTagBuf, min(authTagSz, SCE_AES_GCM_AUTH_TAG_SIZE )); } @@ -238,11 +240,11 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, XFREE(plainBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES); - + wc_sce_hw_unlock(); - - } - + + } + return ret; } /* Perform Aes Gcm decryption by SCE @@ -253,7 +255,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, * sz Length of cipher text/plaintext in bytes * iv Buffer holding IV/nonce * ivSz Length of IV/nonce in bytes - * authTag Buffer to hold authntication data + * authTag Buffer to hold authentication data * authTagSz Length of authentication data in bytes * ctx The Callback context * return FSP_SUCCESS(0) on Success, otherwise negative value @@ -269,33 +271,33 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, sce_gcm_handle_t _handle; uint32_t dataLen = sz; User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx; - + aesGcmDecInitFn initFn; aesGcmDecUpdateFn updateFn; aesGcmDecFinalFn finalFn; - + uint8_t* cipherBuf = NULL; uint8_t* plainBuf = NULL; uint8_t* aTagBuf = NULL; uint8_t delta; const uint8_t* iv_l = NULL; uint32_t ivSz_l = 0; - + sce_hmac_sha_wrapped_key_t key_client_mac; sce_hmac_sha_wrapped_key_t key_server_mac; sce_aes_wrapped_key_t key_client_aes; sce_aes_wrapped_key_t key_server_aes; - + /* sanity check */ if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) { return BAD_FUNC_ARG; } - + if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) { WOLFSSL_MSG("GcmEncrypt authTagSz too small error"); return BAD_FUNC_ARG; } - + if (aes->ctx.keySize != 16 && aes->ctx.keySize != 32) { WOLFSSL_MSG("keySize is invalid, neither 16 or 32."); return BAD_FUNC_ARG; @@ -311,16 +313,16 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, updateFn = R_SCE_AES256GCM_DecryptUpdate; finalFn = R_SCE_AES256GCM_DecryptFinal; } - - + + if ((ret = wc_sce_hw_lock()) == 0) { - /* allocate buffers for plain-taxt, cipher-text, authTag and AAD. - * TSIP requests those buffers 32bit aligned. + /* allocate buffers for plain-text, cipher-text, authTag and AAD. + * TSIP requests those buffers 32bit aligned. */ delta = sz % AES_BLOCK_SIZE; cipherBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES); plainBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES); - aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap, + aTagBuf = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap, DYNAMIC_TYPE_AES); if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL) { @@ -333,10 +335,10 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, XMEMCPY(aTagBuf, authTag, authTagSz); } - if (ret == 0 && + if (ret == 0 && info->session_key_set == 1) { - /* generate AES-GCM session key. The key stored in - * Aes.ctx.tsip_keyIdx is not used here. + /* generate AES-GCM session key. The key stored in + * Aes.ctx.tsip_keyIdx is not used here. */ ret = R_SCE_TLS_SessionKeyGenerate( info->sce_cipher, @@ -355,30 +357,32 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, } } else if (info->aes256_installedkey_set == 1 || info->aes128_installedkey_set == 1) { - if(aes->ctx.keySize == 32) { + if (aes->ctx.keySize == 32) { XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes256, sizeof(sce_aes_wrapped_key_t)); - } else { + } + else { XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes128, sizeof(sce_aes_wrapped_key_t)); } iv_l = iv; ivSz_l = ivSz; - } else { + } + else { WOLFSSL_MSG("AES key for SCE is not set."); ret = -1; } if (ret == 0) { - /* since key_index has iv and ivSz in it, no need to pass them init + /* since key_index has iv and ivSz in it, no need to pass them init * func. Pass NULL and 0 as 3rd and 4th parameter respectively. */ ret = initFn(&_handle, &key_server_aes, (uint8_t*)iv_l, ivSz_l); - + if (ret == FSP_SUCCESS) { /* pass only AAD and it's size before passing cipher text */ - ret = updateFn(&_handle, NULL, NULL, 0UL, (uint8_t*)authIn, + ret = updateFn(&_handle, NULL, NULL, 0UL, (uint8_t*)authIn, authInSz); } if (ret == FSP_SUCCESS) { @@ -388,7 +392,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, WOLFSSL_MSG("R_SCE_AesXXXGcmDecryptUpdate: failed in decrypt"); ret = -1; } - + if (ret == FSP_SUCCESS) { dataLen = 0; ret = finalFn(&_handle, @@ -414,7 +418,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, wc_sce_hw_unlock(); } - + return ret; } /* Perform Aes Cbc encryption by SCE @@ -433,19 +437,19 @@ WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, word32 blocks = (sz / AES_BLOCK_SIZE); uint32_t dataLength; byte *iv; - + if ((in == NULL) || (out == NULL) || (aes == NULL)) return BAD_FUNC_ARG; - + /* while doing TLS handshake, SCE driver keeps true-key and iv * * on the device. iv is dummy */ iv = (uint8_t*)aes->reg; - - if((ret = wc_sce_hw_lock()) != 0){ + + if ((ret = wc_sce_hw_lock()) != 0) { WOLFSSL_MSG("Failed to lock"); return ret; } - + if (aes->ctx.keySize == 16) { ret = R_SCE_AES128CBC_EncryptInit(&_handle, &aes->ctx.sce_wrapped_key, iv); } @@ -457,20 +461,20 @@ WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, wc_sce_hw_unlock(); return -1; } - + while (ret == FSP_SUCCESS && blocks--) { - + if (aes->ctx.keySize == 16) - ret = R_SCE_AES128CBC_EncryptUpdate(&_handle, (uint8_t*)in, + ret = R_SCE_AES128CBC_EncryptUpdate(&_handle, (uint8_t*)in, (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE); else - ret = R_SCE_AES256CBC_EncryptUpdate(&_handle, (uint8_t*)in, + ret = R_SCE_AES256CBC_EncryptUpdate(&_handle, (uint8_t*)in, (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE); - + in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } - + if (ret == FSP_SUCCESS) { if (aes->ctx.keySize == 16) { ret = R_SCE_AES128CBC_EncryptFinal(&_handle, out, &dataLength); @@ -483,7 +487,7 @@ WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, WOLFSSL_MSG("SCE AES CBC encryption failed"); ret = -1; } - + wc_sce_hw_unlock(); return ret; } @@ -502,17 +506,17 @@ WOLFSSL_LOCAL int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* i word32 blocks = (sz / AES_BLOCK_SIZE); uint32_t dataLength; byte *iv; - + if ((in == NULL) || (out == NULL) || (aes == NULL)) return BAD_FUNC_ARG; - + iv = (uint8_t*)aes->reg; - if((ret = wc_sce_hw_lock()) != 0){ + if ((ret = wc_sce_hw_lock()) != 0) { WOLFSSL_MSG("Failed to lock"); return ret; } - + if (aes->ctx.keySize == 16) { ret = R_SCE_AES128CBC_DecryptInit(&_handle, &aes->ctx.sce_wrapped_key, iv); } @@ -523,20 +527,20 @@ WOLFSSL_LOCAL int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* i wc_sce_hw_unlock(); return -1; } - + while (ret == FSP_SUCCESS && blocks--) { - + if (aes->ctx.keySize == 16) - ret = R_SCE_AES128CBC_DecryptUpdate(&_handle, (uint8_t*)in, + ret = R_SCE_AES128CBC_DecryptUpdate(&_handle, (uint8_t*)in, (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE); else - ret = R_SCE_AES256CBC_DecryptUpdate(&_handle, (uint8_t*)in, + ret = R_SCE_AES256CBC_DecryptUpdate(&_handle, (uint8_t*)in, (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE); - + in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } - + if (ret == FSP_SUCCESS) { if (aes->ctx.keySize == 16) ret = R_SCE_AES128CBC_DecryptFinal(&_handle, out, &dataLength); @@ -547,7 +551,7 @@ WOLFSSL_LOCAL int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* i WOLFSSL_MSG("SCE AES CBC decryption failed"); ret = -1; } - + wc_sce_hw_unlock(); return ret; } diff --git a/wolfcrypt/src/port/Renesas/renesas_sce_sha.c b/wolfcrypt/src/port/Renesas/renesas_sce_sha.c index d695d6ff7..e34d6b397 100644 --- a/wolfcrypt/src/port/Renesas/renesas_sce_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_sce_sha.c @@ -44,7 +44,7 @@ static void SCEHashFree(wolfssl_SCE_Hash* hash) { if (hash == NULL) return; - + if (hash->msg != NULL) { XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); hash->msg = NULL; @@ -63,16 +63,16 @@ static int SCEHashInit(wolfssl_SCE_Hash* hash, void* heap, int devId, if (hash == NULL) { return BAD_FUNC_ARG; } - + (void)devId; XMEMSET(hash, 0, sizeof(wolfssl_SCE_Hash)); - + hash->heap = heap; hash->len = 0; hash->used = 0; hash->msg = NULL; hash->sha_type = sha_type; - + return 0; } @@ -88,7 +88,7 @@ static int SCEHashUpdate(wolfssl_SCE_Hash* hash, const byte* data, word32 sz) if (hash == NULL || (sz > 0 && data == NULL)) { return BAD_FUNC_ARG; } - + if (hash->len < hash->used + sz) { if (hash->msg == NULL) { hash->msg = (byte*)XMALLOC(hash->used + sz, hash->heap, @@ -121,7 +121,7 @@ static int SCEHashUpdate(wolfssl_SCE_Hash* hash, const byte* data, word32 sz) } XMEMCPY(hash->msg + hash->used, data , sz); hash->used += sz; - + return 0; } @@ -130,7 +130,7 @@ static int SCEHashUpdate(wolfssl_SCE_Hash* hash, const byte* data, word32 sz) * hash The SCE Hash object. * out Buffer to hold hashed text * outSz Length of out - * return FSP_SUCCESS(0) on success, + * return FSP_SUCCESS(0) on success, * otherwise BAD_FUNC_ARG or FSP Error code on failure */ static int SCEHashFinal(wolfssl_SCE_Hash* hash, byte* out, word32 outSz) @@ -143,23 +143,23 @@ static int SCEHashFinal(wolfssl_SCE_Hash* hash, byte* out, word32 outSz) fsp_err_t (*Init)(sce_sha_md5_handle_t*); fsp_err_t (*Update)(sce_sha_md5_handle_t*, uint8_t*, uint32_t); fsp_err_t (*Final )(sce_sha_md5_handle_t*, uint8_t*, uint32_t*); - + if (hash == NULL || out == NULL) { return BAD_FUNC_ARG; } - + if (hash->sha_type == SCE_SHA256) { Init = R_SCE_SHA256_Init; Update = R_SCE_SHA256_Update; Final = R_SCE_SHA256_Final; } - else + else return BAD_FUNC_ARG; - + heap = hash->heap; - + wc_sce_hw_lock(); - + if (Init(&handle) == FSP_SUCCESS) { ret = Update(&handle, (uint8_t*)hash->msg, hash->used); if (ret == FSP_SUCCESS) { @@ -170,7 +170,7 @@ static int SCEHashFinal(wolfssl_SCE_Hash* hash, byte* out, word32 outSz) } } wc_sce_hw_unlock(); - + SCEHashFree(hash); return SCEHashInit(hash, heap, 0, hash->sha_type); } @@ -180,25 +180,25 @@ static int SCEHashGet(wolfssl_SCE_Hash* hash, byte* out, word32 outSz) int ret; sce_sha_md5_handle_t handle; uint32_t sz; - + fsp_err_t (*Init)(sce_sha_md5_handle_t*); fsp_err_t (*Update)(sce_sha_md5_handle_t*, uint8_t*, uint32_t); fsp_err_t (*Final )(sce_sha_md5_handle_t*, uint8_t*, uint32_t*); - + if (hash == NULL || out == NULL) { return BAD_FUNC_ARG; } - + if (hash->sha_type == SCE_SHA256) { Init = R_SCE_SHA256_Init; Update = R_SCE_SHA256_Update; Final = R_SCE_SHA256_Final; } - else + else return BAD_FUNC_ARG; - + wc_sce_hw_lock(); - + if (Init(&handle) == FSP_SUCCESS) { ret = Update(&handle, (uint8_t*)hash->msg, hash->used); if (ret == FSP_SUCCESS) { @@ -208,9 +208,9 @@ static int SCEHashGet(wolfssl_SCE_Hash* hash, byte* out, word32 outSz) } } } - + wc_sce_hw_unlock(); - + return 0; } /* copy hash result from src to dst */ @@ -219,9 +219,9 @@ static int SCEHashCopy(wolfssl_SCE_Hash* src, wolfssl_SCE_Hash* dst) if (src == NULL || dst == NULL) { return BAD_FUNC_ARG; } - + XMEMCPY(dst, src, sizeof(wolfssl_SCE_Hash)); - + if (src->len > 0 && src->msg != NULL) { dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER); if (dst->msg == NULL) { @@ -229,7 +229,7 @@ static int SCEHashCopy(wolfssl_SCE_Hash* src, wolfssl_SCE_Hash* dst) } XMEMCPY(dst->msg, src->msg, src->len); } - + return 0; } diff --git a/wolfcrypt/src/port/Renesas/renesas_sce_util.c b/wolfcrypt/src/port/Renesas/renesas_sce_util.c index 00a70fa23..2bf63cedc 100644 --- a/wolfcrypt/src/port/Renesas/renesas_sce_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_sce_util.c @@ -59,12 +59,12 @@ static int sce_CryptHwMutexInit_ = 0; static uint32_t sce_sess_idx = 0; /* Mutex Init */ -static int sce_CryptHwMutexInit(wolfSSL_Mutex* mutex) +static int sce_CryptHwMutexInit(wolfSSL_Mutex* mutex) { return wc_InitMutex(mutex); } /* Mutex Lock */ -static int sce_CryptHwMutexLock(wolfSSL_Mutex* mutex) +static int sce_CryptHwMutexLock(wolfSSL_Mutex* mutex) { return wc_LockMutex(mutex); } @@ -82,11 +82,11 @@ WOLFSSL_LOCAL int wc_sce_hw_lock() { int ret = 0; - if(sce_CryptHwMutexInit_ == 0){ - + if (sce_CryptHwMutexInit_ == 0) { + ret = sce_CryptHwMutexInit(&sce_mutex); - - if(ret == 0) { + + if (ret == 0) { sce_CryptHwMutexInit_ = 1; } else { @@ -94,18 +94,18 @@ WOLFSSL_LOCAL int wc_sce_hw_lock() return -1; } } - if(sce_CryptHwMutexLock(&sce_mutex) != 0) { + if (sce_CryptHwMutexLock(&sce_mutex) != 0) { /* this should not happens */ return -1; } - + return ret; } /* * release hw engine */ -WOLFSSL_LOCAL void wc_sce_hw_unlock( void ) +WOLFSSL_LOCAL void wc_sce_hw_unlock(void) { sce_CryptHwMutexUnLock(&sce_mutex); } @@ -116,23 +116,23 @@ WOLFSSL_LOCAL int wc_sce_Open() WOLFSSL_ENTER("wc_sce_Open"); int ret; if ((ret = wc_sce_hw_lock()) == 0) { - + ret = R_SCE_Open(&sce_ctrl, &sce_cfg); - - if ( ret != FSP_SUCCESS ) { + + if (ret != FSP_SUCCESS) { WOLFSSL_MSG("RENESAS SCE Open failed"); } - if ( ret == FSP_SUCCESS && g_user_key_info.encrypted_user_tls_key ) { + if (ret == FSP_SUCCESS && g_user_key_info.encrypted_user_tls_key) { ret = R_SCE_TLS_RootCertificateRSA2048PublicKeyInstall( g_user_key_info.encrypted_provisioning_key, g_user_key_info.iv, g_user_key_info.encrypted_user_tls_key, &g_user_key_info.user_rsa2048_tls_wrappedkey); /* OUT */ - + /* init vars */ g_CAscm_Idx = (uint32_t)-1; - + } else { WOLFSSL_MSG("Failed to lock sce hw "); @@ -142,7 +142,7 @@ WOLFSSL_LOCAL int wc_sce_Open() /* unlock hw */ wc_sce_hw_unlock(); - + WOLFSSL_LEAVE("wc_sce_Open", ret); return ret; } @@ -152,14 +152,14 @@ WOLFSSL_LOCAL void wc_sce_Close() { WOLFSSL_ENTER("sce Close"); int ret; - + if ((ret = wc_sce_hw_lock()) == 0) { /* close SCE */ ret = R_SCE_Close(&sce_ctrl); - + /* unlock hw */ wc_sce_hw_unlock(); - if( ret != FSP_SUCCESS ) { + if (ret != FSP_SUCCESS) { WOLFSSL_MSG("RENESAS SCE Close failed"); } } @@ -170,27 +170,27 @@ WOLFSSL_LOCAL void wc_sce_Close() #if defined(WOLFSSL_RENESAS_SCEPROTECT_ECC) /* Verify Server Key Exchange while doing ECDH key exchange */ -static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig, +static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz, void* ctx) { int ret = WOLFSSL_FAILURE; User_SCEPKCbInfo* cbInfo; byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES]; byte *peerkey = NULL; - + word32 qxLen = sizeof(qx), qyLen = sizeof(qy); (void) sigSz; - + /* sanity check */ if (ssl == NULL || sig == NULL || ctx == NULL) return ret; - + cbInfo = (User_SCEPKCbInfo*)ctx; - + /* export public peer public key */ ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen); WOLFSSL_PKMSG("qxLen %d qyLen %d\n", qxLen, qyLen); - if (ret != 0){ + if (ret != 0) { WOLFSSL_MSG("failed to export peer ecc key"); return ret; } @@ -201,12 +201,12 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig WOLFSSL_MSG("failed to malloc ecc key"); return WOLFSSL_FAILURE; } - + XMEMSET(peerkey, 0, (3 + 1 + qxLen + qyLen)); peerkey[3] = ECC_POINT_UNCOMP; XMEMCPY(&peerkey[4], qx, qxLen); XMEMCPY(&peerkey[4+qxLen], qy, qyLen); - + /* 0 : RSA 2048bit, 1 : Reserved, 2 : ECDSA P-256 */ ret = R_SCE_TLS_ServerKeyExchangeVerify( type, @@ -216,7 +216,7 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig (uint8_t*) sig, (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex, (uint32_t*)cbInfo->encrypted_ephemeral_ecdh_public_key); - + if (ret != FSP_SUCCESS) { WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify"); cbInfo->pk_key_set = 0; @@ -225,7 +225,7 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig ret = WOLFSSL_SUCCESS; cbInfo->pk_key_set = 1; } - + XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -237,24 +237,24 @@ WOLFSSL_LOCAL int wc_SCE_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz, (void) out; (void) key; (void) keySz; - + WOLFSSL_PKMSG("SCE RSA Verify: sigSz %d, keySz %d\n", sigSz, keySz); - + if (wc_sce_usable(ssl, 0)) ret = SCE_ServerKeyExVerify(0, ssl, sig, sigSz, ctx); else ret = CRYPTOCB_UNAVAILABLE; - + if (ret == WOLFSSL_SUCCESS) ret = 0; /* 0 for success */ - + WOLFSSL_PKMSG("SCE RSA Verify: ret %d\n", ret); - + return ret; } /* Callback for Ecc Verify */ -WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig, - uint32_t sigSz, const uint8_t* hash, uint32_t hashSz, +WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig, + uint32_t sigSz, const uint8_t* hash, uint32_t hashSz, const uint8_t* key, uint32_t keySz, int* result, void* ctx) { int ret = WOLFSSL_FAILURE; @@ -267,30 +267,30 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig, (void) hashSz; (void) key; (void) keySz; - + sigforSCE = NULL; pSig = NULL; - WOLFSSL_PKMSG("SCE ECC Verify: ssl->options.serverState = %d sigSz %d, hashSz %d, keySz %d\n", + WOLFSSL_PKMSG("SCE ECC Verify: ssl->options.serverState = %d sigSz %d, hashSz %d, keySz %d\n", ssl->options.serverState, sigSz, hashSz, keySz); - + if (!wc_sce_usable(ssl, 0)) { WOLFSSL_PKMSG("Cannot handle cipher suite by SCE"); return CRYPTOCB_UNAVAILABLE; } - - if ((sigforSCE = (uint8_t*)XMALLOC(HW_SCE_ECDSA_DATA_BYTE_SIZE, NULL, - DYNAMIC_TYPE_TEMP)) == NULL){ + + if ((sigforSCE = (uint8_t*)XMALLOC(HW_SCE_ECDSA_DATA_BYTE_SIZE, NULL, + DYNAMIC_TYPE_TEMP)) == NULL) { WOLFSSL_MSG("failed to malloc memory"); return MEMORY_E; } /* initialization */ XMEMCPY(sigforSCE, 0, HW_SCE_ECDSA_DATA_BYTE_SIZE); - + /* r */ if (sig[offset] == 0x20) { XMEMCPY(sigforSCE, &sig[offset+1], rs_size); - + offset = 0x25; /* s */ if (sig[offset] == 0x20) { @@ -302,7 +302,7 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig, } else { XMEMCPY(sigforSCE, &sig[offset+2], rs_size); - + offset = 0x26; /* s */ if (sig[offset] == rs_size) { @@ -312,18 +312,18 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig, XMEMCPY(&sigforSCE[rs_size], &sig[offset+2], rs_size); } } - + pSig = sigforSCE; - + ret = SCE_ServerKeyExVerify(2, ssl, pSig, 64, ctx); - + if (ret == WOLFSSL_SUCCESS) { *result = 1; ret = 0; /* for success */ } else *result = 0; - + WOLFSSL_PKMSG("SCE ECC Verify: ret %d, result %d\n", ret, *result); return ret; @@ -338,18 +338,18 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, (void) side; User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx; - + (void)ssl; (void)cbInfo; - + /* sanity check */ if (ssl == NULL || pubKeyDer == NULL || pubKeySz == NULL || out == NULL || outlen == NULL || ctx == NULL) return WOLFSSL_FAILURE; - + WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n", side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id); - + if (cbInfo->pk_key_set == 1) { /* Generate ECC PUblic key pair */ ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate( @@ -379,16 +379,16 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, /* set master secret generation callback for use */ wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret); wolfSSL_SetGenMasterSecretCtx(ssl, cbInfo); - + } *outlen = 64; WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen); } - + return ret; } #endif -/* Return tls cipher suite enumuration that is supported by SCE library */ +/* Return tls cipher suite enumeration that is supported by SCE library */ static uint32_t GetSceCipherSuite( uint8_t cipherSuiteFirst, uint8_t cipherSuite) @@ -396,9 +396,9 @@ static uint32_t GetSceCipherSuite( WOLFSSL_ENTER("GetSceCipherSuite"); uint32_t sceCipher; - if(cipherSuiteFirst == CIPHER_BYTE ) + if (cipherSuiteFirst == CIPHER_BYTE) { - switch(cipherSuite){ + switch(cipherSuite) { case TLS_RSA_WITH_AES_128_CBC_SHA256: sceCipher = SCE_TLS_RSA_WITH_AES_128_CBC_SHA256; break; @@ -411,14 +411,14 @@ static uint32_t GetSceCipherSuite( sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE; break; } - WOLFSSL_MSG( "<< GetSceCipherSuite"); + WOLFSSL_MSG("<< GetSceCipherSuite"); return sceCipher; } - else if( cipherSuiteFirst == ECC_BYTE ) + else if (cipherSuiteFirst == ECC_BYTE) { sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE; /* comment out until implementation completes */ - switch(cipherSuite){ + switch(cipherSuite) { case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: sceCipher = SCE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256; @@ -445,7 +445,7 @@ static uint32_t GetSceCipherSuite( sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE; } - WOLFSSL_MSG( "<< GetSceCipherSuite" ); + WOLFSSL_MSG("<< GetSceCipherSuite"); return sceCipher; } @@ -454,28 +454,28 @@ static uint32_t GetSceCipherSuite( /* ssl : a pointer to WOLFSSL object */ /* session_key_generated : if session key has been generated */ /* return 1 for usable, 0 for unusable */ -WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl, +WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated) { - WOLFSSL_ENTER("sce_usable"); + WOLFSSL_ENTER("sce_usable"); byte Scecipher; byte side; const Ciphers *enc; const Ciphers *dec; - + /* sanity check */ if (ssl == NULL) return BAD_FUNC_ARG; - + /* when rsa key index == NULL, SCE isn't used for cert verification. */ /* in the case, we cannot use TSIP. */ if (!ssl->peerSceTsipEncRsaKeyIndex) return 0; - + /* when enabled Extended Master Secret, we cannot use SCE. */ if (ssl->options.haveEMS) return 0; - + /* when session_key_generated is set as 1, expects to be created */ /* session key already. */ if (session_key_generated) { @@ -497,7 +497,7 @@ WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl, Scecipher = GetSceCipherSuite(ssl->options.cipherSuite0, ssl->options.cipherSuite); side = ssl->options.side; - + if (Scecipher != WOLFSSL_SCE_ILLEGAL_CIPHERSUITE && side == WOLFSSL_CLIENT_END) return 1; else @@ -505,7 +505,7 @@ WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl, } /* Generate Hmac by sha256*/ -WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(const struct WOLFSSL *ssl,const uint8_t* myInner, +WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(const struct WOLFSSL *ssl,const uint8_t* myInner, uint32_t innerSz,const uint8_t* in, uint32_t sz, byte* digest) { WOLFSSL_ENTER("sce_Sha256HmacGenerate"); @@ -513,42 +513,42 @@ WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(const struct WOLFSSL *ssl,const uint sce_hmac_sha_handle_t _handle; sce_hmac_sha_wrapped_key_t wrapped_key; int ret; - + if ((ssl == NULL) || (myInner == NULL) || (in == NULL) || (digest == NULL)) return BAD_FUNC_ARG; - + wrapped_key = ssl->keys.sce_client_write_MAC_secret; - + if ((ret = wc_sce_hw_lock()) != 0) { WOLFSSL_MSG("hw lock failed"); return ret; } - + ret = R_SCE_SHA256HMAC_GenerateInit( &_handle, &wrapped_key); - + if (ret == FSP_SUCCESS) ret = R_SCE_SHA256HMAC_GenerateUpdate( &_handle, - (uint8_t*)myInner, + (uint8_t*)myInner, innerSz); - + if (ret == FSP_SUCCESS) ret = R_SCE_SHA256HMAC_GenerateUpdate( &_handle, (uint8_t*)in, sz); - - if (ret == FSP_SUCCESS) + + if (ret == FSP_SUCCESS) ret = R_SCE_SHA256HMAC_GenerateFinal( &_handle, digest); - + if (ret != FSP_SUCCESS) ret = WOLFSSL_FAILURE; - + /* unlock hw */ wc_sce_hw_unlock(); WOLFSSL_LEAVE("sce_Sha256HmacGenerate", ret); @@ -557,7 +557,7 @@ WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(const struct WOLFSSL *ssl,const uint /* Verify hmac */ WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const struct WOLFSSL *ssl, - const uint8_t* message, uint32_t messageSz, + const uint8_t* message, uint32_t messageSz, uint32_t macSz, uint32_t content) { WOLFSSL_ENTER("sce_Sha256HmacVerify"); @@ -569,43 +569,43 @@ WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const struct WOLFSSL *ssl, if ((ssl == NULL) || (message == NULL)) return BAD_FUNC_ARG; - + wrapped_key = ssl->keys.sce_server_write_MAC_secret; if ((ret = wc_sce_hw_lock()) != 0) { WOLFSSL_MSG("hw lock failed"); return ret; } - - wolfSSL_SetTlsHmacInner((struct WOLFSSL*)ssl, myInner, + + wolfSSL_SetTlsHmacInner((struct WOLFSSL*)ssl, myInner, messageSz, content, 1); - + ret = R_SCE_SHA256HMAC_VerifyInit( &_handle, &wrapped_key); - + if (ret == FSP_SUCCESS) ret = R_SCE_SHA256HMAC_VerifyUpdate( &_handle, - (uint8_t*)myInner, + (uint8_t*)myInner, WOLFSSL_TLS_HMAC_INNER_SZ); - + if (ret == FSP_SUCCESS) ret = R_SCE_SHA256HMAC_VerifyUpdate( &_handle, - (uint8_t*)message, + (uint8_t*)message, (uint32_t)messageSz); - - if (ret == FSP_SUCCESS) + + if (ret == FSP_SUCCESS) ret = R_SCE_SHA256HMAC_VerifyFinal( &_handle, (uint8_t*)(message+messageSz), (uint32_t)macSz); - + if (ret != FSP_SUCCESS) { WOLFSSL_MSG("SCE Mac verification failed"); } - + /* unlock hw */ wc_sce_hw_unlock(); WOLFSSL_LEAVE("sce_Sha256HmacVerify", ret); @@ -620,17 +620,17 @@ WOLFSSL_LOCAL int wc_sce_generateVerifyData(const uint8_t *ms, /* master secret WOLFSSL_ENTER("sce_generateVerifyData"); int ret ; uint32_t l_side = SCE_TLS_GENERATE_CLIENT_VERIFY; - + if ((ms == NULL) || (side == NULL) || (handshake_hash == NULL) || (hashes == NULL)) return BAD_FUNC_ARG; - + if (XSTRNCMP((const char*)side, (const char*)tls_server, FINISHED_LABEL_SZ) == 0) { l_side = SCE_TLS_GENERATE_SERVER_VERIFY; } - + if ((ret = wc_sce_hw_lock()) == 0) { ret = R_SCE_TLS_VerifyDataGenerate(l_side, (uint32_t*)ms, (uint8_t*)handshake_hash, hashes/* out */); @@ -645,7 +645,7 @@ WOLFSSL_LOCAL int wc_sce_generateVerifyData(const uint8_t *ms, /* master secret } /* generate keys for TLS communication */ -WOLFSSL_LOCAL int wc_sce_generateSessionKey(struct WOLFSSL *ssl, +WOLFSSL_LOCAL int wc_sce_generateSessionKey(struct WOLFSSL *ssl, User_SCEPKCbInfo* cbInfo, int devId) { WOLFSSL_MSG("sce_generateSessionKey()"); @@ -658,27 +658,27 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(struct WOLFSSL *ssl, sce_aes_wrapped_key_t key_server_aes; uint32_t sceCS = GetSceCipherSuite(ssl->options.cipherSuite0, ssl->options.cipherSuite); - + if (ssl== NULL || cbInfo == NULL) return BAD_FUNC_ARG; - - + + if ((ret = wc_sce_hw_lock()) == 0) { if (sceCS == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 || sceCS == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) { WOLFSSL_MSG("Session key for AES-GCM generation skipped."); - + wolfSSL_KeepArrays(ssl); ret = FSP_SUCCESS; - + } else { ret = R_SCE_TLS_SessionKeyGenerate( GetSceCipherSuite( ssl->options.cipherSuite0, ssl->options.cipherSuite), - (uint32_t*)ssl->arrays->sce_masterSecret, + (uint32_t*)ssl->arrays->sce_masterSecret, (uint8_t*) ssl->arrays->clientRandom, (uint8_t*) ssl->arrays->serverRandom, NULL, @@ -688,7 +688,7 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(struct WOLFSSL *ssl, &key_server_aes, NULL, NULL); } - + if (ret != FSP_SUCCESS) { WOLFSSL_MSG("R_SCE_TLS_SessionKeyGenerate failed"); } @@ -697,20 +697,20 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(struct WOLFSSL *ssl, /* alloc aes instance for both enc and dec */ enc = &ssl->encrypt; dec = &ssl->decrypt; - + if (enc) { if (enc->aes == NULL) { - enc->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap, + enc->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap, DYNAMIC_TYPE_CIPHER); if (enc->aes == NULL) return MEMORY_E; } - + XMEMSET(enc->aes, 0, sizeof(Aes)); } if (dec) { if (dec->aes == NULL) { - dec->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap, + dec->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap, DYNAMIC_TYPE_CIPHER); if (dec->aes == NULL) { if (enc) { @@ -719,26 +719,26 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(struct WOLFSSL *ssl, return MEMORY_E; } } - + XMEMSET(dec->aes, 0, sizeof(Aes)); } /* copy key index into aes */ if (ssl->options.side == PROVISION_CLIENT) { - XMEMCPY(&enc->aes->ctx.sce_wrapped_key, &key_client_aes, + XMEMCPY(&enc->aes->ctx.sce_wrapped_key, &key_client_aes, sizeof(key_client_aes)); - XMEMCPY(&dec->aes->ctx.sce_wrapped_key, &key_server_aes, + XMEMCPY(&dec->aes->ctx.sce_wrapped_key, &key_server_aes, sizeof(key_server_aes)); } else { - XMEMCPY(&enc->aes->ctx.sce_wrapped_key, &key_server_aes, + XMEMCPY(&enc->aes->ctx.sce_wrapped_key, &key_server_aes, sizeof(key_server_aes)); - XMEMCPY(&dec->aes->ctx.sce_wrapped_key, &key_client_aes, + XMEMCPY(&dec->aes->ctx.sce_wrapped_key, &key_client_aes, sizeof(key_client_aes)); } /* copy mac key index into keys */ ssl->keys.sce_client_write_MAC_secret = key_client_mac; ssl->keys.sce_server_write_MAC_secret = key_server_mac; - + /* set up key size and marked ready */ if (enc) { enc->aes->ctx.keySize = ssl->specs.key_size; @@ -753,7 +753,7 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(struct WOLFSSL *ssl, /* ready for use */ dec->setup = 1; } - + if (cbInfo->sce_cipher == SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || cbInfo->sce_cipher == SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { enc->aes->nonceSz = AEAD_MAX_IMP_SZ; @@ -761,16 +761,16 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(struct WOLFSSL *ssl, } enc->aes->devId = devId; dec->aes->devId = devId; - + /* marked as session key is set */ cbInfo->session_key_set = 1; } /* unlock hw */ wc_sce_hw_unlock(); } - else + else WOLFSSL_LEAVE("hw lock failed", ret); - + WOLFSSL_LEAVE("sce_generateSessionKey", ret); return ret; } @@ -786,23 +786,23 @@ WOLFSSL_LOCAL int wc_sce_generateMasterSecret( { WOLFSSL_ENTER("sce_generateMasterSecretEx"); int ret; - + if ((pr == NULL) || (cr == NULL) || (sr == NULL) || (ms == NULL)) return BAD_FUNC_ARG; - + uint32_t sceCS = GetSceCipherSuite(cipherSuiteFirst, cipherSuite); - if( sceCS == 0xffffffff) + if (sceCS == 0xffffffff) return BAD_FUNC_ARG; if ((ret = wc_sce_hw_lock()) == 0) { - ret = R_SCE_TLS_MasterSecretGenerate( + ret = R_SCE_TLS_MasterSecretGenerate( sceCS, (uint32_t*)pr, (uint8_t*)cr, (uint8_t*)sr, (uint32_t*)ms); if (ret != FSP_SUCCESS) { WOLFSSL_MSG("R_SCE_TLS_MasterSecretGenerate failed"); - } + } /* unlock hw */ wc_sce_hw_unlock(); } @@ -814,15 +814,15 @@ WOLFSSL_LOCAL int wc_sce_generateMasterSecret( } /* generate pre-Master secrete by SCE */ -WOLFSSL_LOCAL int wc_sce_generatePremasterSecret(uint8_t *premaster, +WOLFSSL_LOCAL int wc_sce_generatePremasterSecret(uint8_t *premaster, uint32_t preSz) { WOLFSSL_ENTER("sce_generatePremasterSecret"); int ret; - + if (premaster == NULL) return BAD_FUNC_ARG; - + if ((ret = wc_sce_hw_lock()) == 0 && preSz >= (SCE_TLS_MASTER_SECRET_WORD_SIZE*4)) { /* generate pre-master, 80 bytes */ @@ -836,13 +836,13 @@ WOLFSSL_LOCAL int wc_sce_generatePremasterSecret(uint8_t *premaster, else { WOLFSSL_MSG(" hw lock failed or preSz is smaller than 80"); } - + WOLFSSL_LEAVE("sce_generatePremasterSecret", ret); return ret; } -/* +/* * generate encrypted pre-Master secrete by SCE */ WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret( @@ -852,10 +852,10 @@ WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret( { WOLFSSL_MSG("sce_generateEncryptPreMasterSecret"); int ret; - + if ((ssl == NULL) || (out == NULL) || (outSz == NULL)) return BAD_FUNC_ARG; - + if ((ret = wc_sce_hw_lock()) == 0) { if (*outSz >= 256) ret = R_SCE_TLS_PreMasterSecretEncryptWithRSA2048( @@ -864,7 +864,7 @@ WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret( (uint8_t*)out); else ret = -1; - + if (ret != FSP_SUCCESS) { WOLFSSL_MSG("R_SCE_TLS_PreMasterSecretEncryptWithRSA2048 failed"); } @@ -872,7 +872,7 @@ WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret( *outSz = 256; /* SCE can only handles 2048 RSA */ /* set GenMaster Callback for Master secret generation */ void* ctx = wolfSSL_GetRsaVerifyCtx(ssl); - wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, + wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret); wolfSSL_SetGenMasterSecretCtx(ssl, ctx); } @@ -908,7 +908,7 @@ WOLFSSL_LOCAL int wc_sce_tls_CertVerify( if (cert == NULL) return BAD_FUNC_ARG; - + if (!signature) { WOLFSSL_MSG(" signature for ca verification is not set"); return -1; @@ -917,21 +917,21 @@ WOLFSSL_LOCAL int wc_sce_tls_CertVerify( WOLFSSL_MSG(" sce_encPublickey is NULL."); return -1; } - - if (g_user_key_info.encrypted_user_tls_key_type == + + if (g_user_key_info.encrypted_user_tls_key_type == SCE_TLS_PUBLIC_KEY_TYPE_ECDSA_P256/*ECDSA*/) { - - if ((sigforSCE = (uint8_t*)XMALLOC(HW_SCE_ECDSA_DATA_BYTE_SIZE, NULL, - DYNAMIC_TYPE_TEMP)) == NULL){ + + if ((sigforSCE = (uint8_t*)XMALLOC(HW_SCE_ECDSA_DATA_BYTE_SIZE, NULL, + DYNAMIC_TYPE_TEMP)) == NULL) { WOLFSSL_MSG("failed to malloc memory"); return MEMORY_E; } /* initialization */ XMEMCPY(sigforSCE, 0, HW_SCE_ECDSA_DATA_BYTE_SIZE); - + if (signature[offset] == 0x20) { XMEMCPY(sigforSCE, &signature[offset+1], rs_size); - + offset = 0x25; if (signature[offset] == 0x20) { XMEMCPY(&sigforSCE[rs_size], &signature[offset+1], rs_size); @@ -943,7 +943,7 @@ WOLFSSL_LOCAL int wc_sce_tls_CertVerify( else { XMEMCPY(sigforSCE, &signature[offset+2], rs_size); offset = 0x26; - + if (signature[offset] == rs_size) { XMEMCPY(&sigforSCE[rs_size], &signature[offset+1], rs_size); } @@ -956,8 +956,8 @@ WOLFSSL_LOCAL int wc_sce_tls_CertVerify( else { pSig = (uint8_t*)signature; } - - + + if ((ret = wc_sce_hw_lock()) == 0) { ret = R_SCE_TLS_CertificateVerify( g_user_key_info.encrypted_user_tls_key_type, @@ -998,20 +998,20 @@ WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify( uint8_t *signature = (uint8_t*)ca_cert_sig; WOLFSSL_ENTER("wc_sce_tls_RootCertVerify"); - + if (cert == NULL) return BAD_FUNC_ARG; - + if (!signature) { WOLFSSL_MSG(" signature for ca verification is not set"); return -1; } - + if ((ret = wc_sce_hw_lock()) == 0) { ret = R_SCE_TLS_RootCertificateVerify( - g_user_key_info.encrypted_user_tls_key_type, - (uint8_t*)cert, /* CA cert */ - (uint32_t)cert_len, /* length of CA cert */ + g_user_key_info.encrypted_user_tls_key_type, + (uint8_t*)cert, /* CA cert */ + (uint32_t)cert_len, /* length of CA cert */ key_n_start, /* Byte position of public key */ (key_n_start + key_n_len), key_e_start, @@ -1045,13 +1045,13 @@ WOLFSSL_LOCAL int wc_sce_storeKeyCtx(struct WOLFSSL* ssl, User_SCEPKCbInfo* info if (ssl == NULL || info == NULL) ret = BAD_FUNC_ARG; - + if (ret == 0) { - XMEMCPY(info->sce_masterSecret, ssl->arrays->sce_masterSecret, + XMEMCPY(info->sce_masterSecret, ssl->arrays->sce_masterSecret, SCE_TLS_MASTERSECRET_SIZE); XMEMCPY(info->sce_clientRandom, ssl->arrays->clientRandom, 32); XMEMCPY(info->sce_serverRandom, ssl->arrays->serverRandom, 32); - + info->sce_cipher = GetSceCipherSuite(ssl->options.cipherSuite0, ssl->options.cipherSuite); } @@ -1063,34 +1063,34 @@ WOLFSSL_LOCAL int wc_sce_storeKeyCtx(struct WOLFSSL* ssl, User_SCEPKCbInfo* info /* signature format expects RSA 2048 PSS with SHA256 */ WOLFSSL_API void wc_sce_inform_cert_sign(const uint8_t *sign) { - if(sign) + if (sign) ca_cert_sig = sign; } /* let wolfSSL know user key information using TLS operation by SCE */ WOLFSSL_API void wc_sce_inform_user_keys( - uint8_t* encrypted_provisioning_key, - uint8_t* iv, - uint8_t* encrypted_user_tls_key, - uint32_t encrypted_user_tls_key_type) + uint8_t* encrypted_provisioning_key, + uint8_t* iv, + uint8_t* encrypted_user_tls_key, + uint32_t encrypted_user_tls_key_type) { WOLFSSL_ENTER("sce_inform_user_keys"); g_user_key_info.encrypted_provisioning_key = NULL; g_user_key_info.iv = NULL; g_user_key_info.encrypted_user_tls_key = NULL; - - if ( encrypted_provisioning_key ) { + + if (encrypted_provisioning_key ) { g_user_key_info.encrypted_provisioning_key = encrypted_provisioning_key; } - if ( iv ) { + if (iv) { g_user_key_info.iv = iv; } - if ( encrypted_user_tls_key ) { + if (encrypted_user_tls_key) { g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key; } - + g_user_key_info.encrypted_user_tls_key_type = encrypted_user_tls_key_type; - + /* set callback for ECC */ WOLFSSL_MSG("sce_inform_user_keys_ex"); } @@ -1104,7 +1104,7 @@ WOLFSSL_API void wc_sce_set_callbacks(WOLFSSL_CTX* ctx) wolfSSL_CTX_SetGenPreMasterCb(ctx, Renesas_cmn_generatePremasterSecret); wolfSSL_CTX_SetRsaEncCb(ctx, Renesas_cmn_RsaEnc); wolfSSL_CTX_SetVerifyMacCb(ctx, Renesas_cmn_VerifyHmac); - + wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); } /* Set callback contexts needed for sce TLS api handling */ @@ -1117,19 +1117,19 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx] = (User_SCEPKCbInfo*)user_ctx; gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->pk_key_set = 0; gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->session_key_set = 0; - + wolfSSL_SetEccVerifyCtx(ssl, user_ctx); wolfSSL_SetRsaEncCtx(ssl, user_ctx); wolfSSL_SetRsaVerifyCtx(ssl, user_ctx); wolfSSL_SetGenPreMasterCtx(ssl, user_ctx); wolfSSL_SetEccSharedSecretCtx(ssl, NULL); wolfSSL_SetVerifyMacCtx(ssl, user_ctx); - + /* set up crypt callback */ wc_CryptoCb_CryptInitRenesasCmn(ssl, user_ctx); - + gSCE_PKCbInfo.num_session = ++sce_sess_idx; - + return 0; } diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c index 7a3e040da..1f900c849 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c @@ -64,19 +64,19 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) word32 blocks = (sz / AES_BLOCK_SIZE); uint32_t dataLength; byte *iv; - + if ((in == NULL) || (out == NULL) || (aes == NULL)) return BAD_FUNC_ARG; - + /* while doing TLS handshake, TSIP driver keeps true-key and iv * * on the device. iv is dummy */ iv = (uint8_t*)aes->reg; - - if((ret = tsip_hw_lock()) != 0){ + + if ((ret = tsip_hw_lock()) != 0) { WOLFSSL_MSG("Failed to lock"); return ret; } - + if (aes->ctx.keySize == 16) { ret = R_TSIP_Aes128CbcEncryptInit(&_handle, &aes->ctx.tsip_keyIdx, iv); } @@ -87,20 +87,19 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) tsip_hw_unlock(); return -1; } - + while (ret == TSIP_SUCCESS && blocks--) { - if (aes->ctx.keySize == 16) - ret = R_TSIP_Aes128CbcEncryptUpdate(&_handle, (uint8_t*)in, + ret = R_TSIP_Aes128CbcEncryptUpdate(&_handle, (uint8_t*)in, (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE); else - ret = R_TSIP_Aes256CbcEncryptUpdate(&_handle, (uint8_t*)in, + ret = R_TSIP_Aes256CbcEncryptUpdate(&_handle, (uint8_t*)in, (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE); - + in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } - + if (ret == TSIP_SUCCESS) { if (aes->ctx.keySize == 16) { ret = R_TSIP_Aes128CbcEncryptFinal(&_handle, out, &dataLength); @@ -113,7 +112,7 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) WOLFSSL_MSG("TSIP AES CBC encryption failed"); ret = -1; } - + tsip_hw_unlock(); return ret; } @@ -125,17 +124,17 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) word32 blocks = (sz / AES_BLOCK_SIZE); uint32_t dataLength; byte *iv; - + if ((in == NULL) || (out == NULL) || (aes == NULL)) return BAD_FUNC_ARG; - + iv = (uint8_t*)aes->reg; - if((ret = tsip_hw_lock()) != 0){ + if ((ret = tsip_hw_lock()) != 0) { WOLFSSL_MSG("Failed to lock"); return ret; } - + if (aes->ctx.keySize == 16) { ret = R_TSIP_Aes128CbcDecryptInit(&_handle, &aes->ctx.tsip_keyIdx, iv); } @@ -146,20 +145,20 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) tsip_hw_unlock(); return -1; } - + while (ret == TSIP_SUCCESS && blocks--) { - + if (aes->ctx.keySize == 16) - ret = R_TSIP_Aes128CbcDecryptUpdate(&_handle, (uint8_t*)in, + ret = R_TSIP_Aes128CbcDecryptUpdate(&_handle, (uint8_t*)in, (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE); else - ret = R_TSIP_Aes256CbcDecryptUpdate(&_handle, (uint8_t*)in, + ret = R_TSIP_Aes256CbcDecryptUpdate(&_handle, (uint8_t*)in, (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE); - + in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } - + if (ret == TSIP_SUCCESS) { if (aes->ctx.keySize == 16) ret = R_TSIP_Aes128CbcDecryptFinal(&_handle, out, &dataLength); @@ -170,13 +169,13 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) WOLFSSL_MSG("TSIP AES CBC decryption failed"); ret = -1; } - + tsip_hw_unlock(); return ret; } -/* +/* * Encrypt plain data then output encrypted data and authentication tag data. - * The session key used for encryption is generated inside this function and + * The session key used for encryption is generated inside this function and * the key which has been generated and stored in Aes is not used. * parameter * - aes: Aes structure @@ -186,12 +185,12 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) * - iv: iv should be consist of implicit-iv of 4 bytes and exp-iv of 8 bytes * - authTag: buffer where the authentication data is output. * - authTagSz: buffer size for authentication data. - * - authIn: buffer holding Additionnal Authentication Data(AAD) + * - authIn: buffer holding Additional Authentication Data(AAD) * - authInSz: AAD size * - ctx: TsipUserCtx - * return 0 on success, otherwise on error. - * Note: As of TSIPv1.13, only accept 128 and 256 bit of key size - * + * return 0 on success, otherwise on error. + * Note: As of TSIPv1.13, only accept 128 and 256 bit of key size + * */ int wc_tsip_AesGcmEncrypt( struct Aes* aes, byte* out, @@ -222,7 +221,7 @@ int wc_tsip_AesGcmEncrypt( WOLFSSL_ENTER("wc_tsip_AesGcmEncrypt"); if (aes == NULL || ctx == NULL || - (sz != 0 && (in == NULL || out == NULL)) || + (sz != 0 && (in == NULL || out == NULL)) || (ivSz != 0 && iv == NULL) || (ivSz < AESGCM_NONCE_SZ && iv != NULL) || /* Requires 12 bytes of iv */ (authInSz != 0 && authIn == NULL) || @@ -252,21 +251,21 @@ int wc_tsip_AesGcmEncrypt( /* buffer for cipher data output must be multiple of AES_BLOCK_SIZE */ cipherBufSz = ((sz / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE; - + if ((ret = tsip_hw_lock()) == 0) { /* allocate buffers for plaintext, ciphertext, authTag and aad to make - * sure those buffers 32bit aligned as TSIP requests. + * sure those buffers 32bit aligned as TSIP requests. */ plainBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES); cipherBuf = XMALLOC(cipherBufSz, aes->heap, DYNAMIC_TYPE_AES); - aTagBuf = XMALLOC(TSIP_AES_GCM_AUTH_TAG_SIZE, aes->heap, + aTagBuf = XMALLOC(TSIP_AES_GCM_AUTH_TAG_SIZE, aes->heap, DYNAMIC_TYPE_AES); aadBuf = XMALLOC(authTagSz, aes->heap, DYNAMIC_TYPE_AES); if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL || aadBuf == NULL ) { - WOLFSSL_MSG("wc_tsip_AesGcmEncrypt: buffer allocation faild"); + WOLFSSL_MSG("wc_tsip_AesGcmEncrypt: buffer allocation failed"); ret = -1; } @@ -278,8 +277,8 @@ int wc_tsip_AesGcmEncrypt( } if (ret == 0) { - /* generate AES-GCM session key. The key stored in - * Aes.ctx.tsip_keyIdx is not used here. + /* generate AES-GCM session key. The key stored in + * Aes.ctx.tsip_keyIdx is not used here. */ err = R_TSIP_TlsGenerateSessionKey( userCtx->tsip_cipher, @@ -300,14 +299,14 @@ int wc_tsip_AesGcmEncrypt( } if (ret == 0) { - - /* since generated session key is coupled to iv, no need to pass + + /* since generated session key is coupled to iv, no need to pass * iv init func. */ err = initFn(&hdl, &key_client_aes, NULL, 0UL); if (err == TSIP_SUCCESS) { - err = updateFn(&hdl, NULL, NULL, 0UL, (uint8_t*)aadBuf, + err = updateFn(&hdl, NULL, NULL, 0UL, (uint8_t*)aadBuf, min(authInSz, TSIP_AES_GCM_AUTH_TAG_SIZE)); } if (err == TSIP_SUCCESS) { @@ -317,14 +316,14 @@ int wc_tsip_AesGcmEncrypt( WOLFSSL_MSG("R_TSIP_AesXXXGcmEncryptUpdate: failed"); ret = -1; } - + /* Once R_TSIP_AesxxxGcmEncryptInit or R_TSIP_AesxxxEncryptUpdate is * called, R_TSIP_AesxxxGcmEncryptFinal must be called regardless of * the result of the previous call. Otherwise, TSIP can not come out * from its error state and all the trailing APIs will fail. */ dataLen = 0; - err = finalFn(&hdl, + err = finalFn(&hdl, cipherBuf + (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE, &dataLen, aTagBuf); /* aad of 16 bytes will be output */ @@ -334,7 +333,7 @@ int wc_tsip_AesGcmEncrypt( XMEMCPY(out, cipherBuf, sz); /* copy auth tag to caller's buffer */ - XMEMCPY((void*)authTag, (void*)aTagBuf, + XMEMCPY((void*)authTag, (void*)aTagBuf, min(authTagSz, TSIP_AES_GCM_AUTH_TAG_SIZE )); } @@ -348,14 +347,14 @@ int wc_tsip_AesGcmEncrypt( XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(aadBuf, aes->heap, DYNAMIC_TYPE_AES); - + tsip_hw_unlock(); } return ret; } -/* +/* * Decrypt cipher data into plaindata and output authentication tag data. - * The session key used for decryption is generated inside this function and + * The session key used for decryption is generated inside this function and * the key which has been generated and stored in Aes is not used. * parameter * - aes: Aes structure @@ -365,11 +364,11 @@ int wc_tsip_AesGcmEncrypt( * - iv: iv should be consist of implicit-iv of 4 bytes and exp-iv of 8 bytes * - authTag: buffer where the authentication data is stored. * - authTagSz: buffer size for authentication data. - * - authIn: buffer where Additionnal Authentication Data(AAD) is stored + * - authIn: buffer where Additional Authentication Data(AAD) is stored * - authInSz: AAD size - * return 0 on success, otherwise on error. - * Note: As of TSIPv1.13, only accept 128 and 256 bit of key size - * + * return 0 on success, otherwise on error. + * Note: As of TSIPv1.13, only accept 128 and 256 bit of key size + * */ int wc_tsip_AesGcmDecrypt( Aes* aes, byte* out, @@ -434,11 +433,11 @@ int wc_tsip_AesGcmDecrypt( if ((ret = tsip_hw_lock()) == 0) { /* allocate buffers for plaintext, cipher-text, authTag and AAD. - * TSIP requests those buffers 32bit aligned. + * TSIP requests those buffers 32bit aligned. */ cipherBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES); plainBuf = XMALLOC(plainBufSz, aes->heap, DYNAMIC_TYPE_AES); - aTagBuf = XMALLOC(TSIP_AES_GCM_AUTH_TAG_SIZE, aes->heap, + aTagBuf = XMALLOC(TSIP_AES_GCM_AUTH_TAG_SIZE, aes->heap, DYNAMIC_TYPE_AES); aadBuf = XMALLOC(authInSz, aes->heap, DYNAMIC_TYPE_AES); @@ -456,8 +455,8 @@ int wc_tsip_AesGcmDecrypt( } if (ret == 0) { - /* generate AES-GCM session key. The key stored in - * Aes.ctx.tsip_keyIdx is not used here. + /* generate AES-GCM session key. The key stored in + * Aes.ctx.tsip_keyIdx is not used here. */ err = R_TSIP_TlsGenerateSessionKey( userCtx->tsip_cipher, @@ -477,14 +476,14 @@ int wc_tsip_AesGcmDecrypt( } if (ret == 0) { - /* since key_index has iv and ivSz in it, no need to pass them init + /* since key_index has iv and ivSz in it, no need to pass them init * func. Pass NULL and 0 as 3rd and 4th parameter respectively. */ err = initFn(&hdl, &key_server_aes, NULL, 0UL); if (err == TSIP_SUCCESS) { /* pass only AAD and it's size before passing cipher text */ - err = updateFn(&hdl, NULL, NULL, 0UL, (uint8_t*)authIn, + err = updateFn(&hdl, NULL, NULL, 0UL, (uint8_t*)authIn, authInSz); } if (err == TSIP_SUCCESS) { diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c index 264f158c7..fad30640d 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c @@ -42,7 +42,7 @@ static void TSIPHashFree(wolfssl_TSIP_Hash* hash) { if (hash == NULL) return; - + if (hash->msg != NULL) { XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); hash->msg = NULL; @@ -55,16 +55,16 @@ static int TSIPHashInit(wolfssl_TSIP_Hash* hash, void* heap, int devId, if (hash == NULL) { return BAD_FUNC_ARG; } - + (void)devId; XMEMSET(hash, 0, sizeof(wolfssl_TSIP_Hash)); - + hash->heap = heap; hash->len = 0; hash->used = 0; hash->msg = NULL; hash->sha_type = sha_type; - + return 0; } @@ -73,7 +73,7 @@ static int TSIPHashUpdate(wolfssl_TSIP_Hash* hash, const byte* data, word32 sz) if (hash == NULL || (sz > 0 && data == NULL)) { return BAD_FUNC_ARG; } - + if (hash->len < hash->used + sz) { if (hash->msg == NULL) { hash->msg = (byte*)XMALLOC(hash->used + sz, hash->heap, @@ -106,7 +106,7 @@ static int TSIPHashUpdate(wolfssl_TSIP_Hash* hash, const byte* data, word32 sz) } XMEMCPY(hash->msg + hash->used, data , sz); hash->used += sz; - + return 0; } @@ -116,15 +116,15 @@ static int TSIPHashFinal(wolfssl_TSIP_Hash* hash, byte* out, word32 outSz) void* heap; tsip_sha_md5_handle_t handle; uint32_t sz; - + e_tsip_err_t (*Init)(tsip_sha_md5_handle_t*); e_tsip_err_t (*Update)(tsip_sha_md5_handle_t*, uint8_t*, uint32_t); e_tsip_err_t (*Final )(tsip_sha_md5_handle_t*, uint8_t*, uint32_t*); - + if (hash == NULL || out == NULL) { return BAD_FUNC_ARG; } - + if (hash->sha_type == TSIP_SHA1) { Init = R_TSIP_Sha1Init; Update = R_TSIP_Sha1Update; @@ -135,13 +135,13 @@ static int TSIPHashFinal(wolfssl_TSIP_Hash* hash, byte* out, word32 outSz) Update = R_TSIP_Sha256Update; Final = R_TSIP_Sha256Final; } - else + else return BAD_FUNC_ARG; - + heap = hash->heap; - + tsip_hw_lock(); - + if (Init(&handle) == TSIP_SUCCESS) { ret = Update(&handle, (uint8_t*)hash->msg, hash->used); if (ret == TSIP_SUCCESS) { @@ -152,7 +152,7 @@ static int TSIPHashFinal(wolfssl_TSIP_Hash* hash, byte* out, word32 outSz) } } tsip_hw_unlock(); - + TSIPHashFree(hash); return TSIPHashInit(hash, heap, 0, hash->sha_type); } @@ -162,15 +162,15 @@ static int TSIPHashGet(wolfssl_TSIP_Hash* hash, byte* out, word32 outSz) int ret; tsip_sha_md5_handle_t handle; uint32_t sz; - + e_tsip_err_t (*Init)(tsip_sha_md5_handle_t*); e_tsip_err_t (*Update)(tsip_sha_md5_handle_t*, uint8_t*, uint32_t); e_tsip_err_t (*Final )(tsip_sha_md5_handle_t*, uint8_t*, uint32_t*); - + if (hash == NULL || out == NULL) { return BAD_FUNC_ARG; } - + if (hash->sha_type == TSIP_SHA1) { Init = R_TSIP_Sha1Init; Update = R_TSIP_Sha1Update; @@ -181,11 +181,11 @@ static int TSIPHashGet(wolfssl_TSIP_Hash* hash, byte* out, word32 outSz) Update = R_TSIP_Sha256Update; Final = R_TSIP_Sha256Final; } - else + else return BAD_FUNC_ARG; - + tsip_hw_lock(); - + if (Init(&handle) == TSIP_SUCCESS) { ret = Update(&handle, (uint8_t*)hash->msg, hash->used); if (ret == TSIP_SUCCESS) { @@ -195,9 +195,9 @@ static int TSIPHashGet(wolfssl_TSIP_Hash* hash, byte* out, word32 outSz) } } } - + tsip_hw_unlock(); - + return 0; } @@ -206,9 +206,9 @@ static int TSIPHashCopy(wolfssl_TSIP_Hash* src, wolfssl_TSIP_Hash* dst) if (src == NULL || dst == NULL) { return BAD_FUNC_ARG; } - + XMEMCPY(dst, src, sizeof(wolfssl_TSIP_Hash)); - + if (src->len > 0 && src->msg != NULL) { dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER); if (dst->msg == NULL) { @@ -216,7 +216,7 @@ static int TSIPHashCopy(wolfssl_TSIP_Hash* src, wolfssl_TSIP_Hash* dst) } XMEMCPY(dst->msg, src->msg, src->len); } - + return 0; } /* */ diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index ef4dd61e5..f4a5536ca 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -65,12 +65,12 @@ extern uint32_t g_CAscm_Idx; -static int tsip_CryptHwMutexInit(wolfSSL_Mutex* mutex) +static int tsip_CryptHwMutexInit(wolfSSL_Mutex* mutex) { return wc_InitMutex(mutex); } -static int tsip_CryptHwMutexLock(wolfSSL_Mutex* mutex) +static int tsip_CryptHwMutexLock(wolfSSL_Mutex* mutex) { return wc_LockMutex(mutex); } @@ -82,16 +82,16 @@ static int tsip_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109) -static uint32_t GetTsipCipherSuite( +static uint32_t GetTsipCipherSuite( uint8_t cipherSuiteFirst, uint8_t cipherSuite) { WOLFSSL_ENTER("GetTsipCipherSuite"); uint32_t tsipCipher; - if(cipherSuiteFirst == CIPHER_BYTE ) + if (cipherSuiteFirst == CIPHER_BYTE) { - switch(cipherSuite){ + switch(cipherSuite) { case TLS_RSA_WITH_AES_128_CBC_SHA: /*2F*/ tsipCipher = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA; /*0*/ @@ -116,11 +116,11 @@ static uint32_t GetTsipCipherSuite( WOLFSSL_LEAVE("GetTsipCipherSuite", tsipCipher); return tsipCipher; } - else if( cipherSuiteFirst == ECC_BYTE ) + else if (cipherSuiteFirst == ECC_BYTE) { tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE; - - switch(cipherSuite){ + + switch(cipherSuite) { case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: tsipCipher = R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256; @@ -143,7 +143,7 @@ static uint32_t GetTsipCipherSuite( break; } } - else{ + else { tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE; } @@ -154,13 +154,13 @@ static uint32_t GetTsipCipherSuite( /* Attempt to get a public key exchaged with the peer in ECDHE. * the public key is verified by given signature then stored into ctx. - * + * * return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure. */ static int tsip_ServerKeyExVerify( word32 type, /* public key type 0:RSA2048 2:ECDSA P-256 */ WOLFSSL* ssl, - const byte* sig, + const byte* sig, word32 sigSz, void* ctx) { @@ -175,13 +175,13 @@ static int tsip_ServerKeyExVerify( /* sanity check */ if (ssl == NULL || sig == NULL || ctx == NULL) return ret; - + userCtx = (TsipUserCtx*)ctx; /* export public peer public key */ ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen); - if (ret != 0){ + if (ret != 0) { WOLFSSL_MSG("failed to export peer ecc key"); WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret); return ret; @@ -195,12 +195,12 @@ static int tsip_ServerKeyExVerify( WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret); return WOLFSSL_FAILURE; } - + XMEMSET(peerkey, 0, (3 + 1 + qxLen + qyLen)); peerkey[3] = ECC_POINT_UNCOMP; XMEMCPY(&peerkey[4], qx, qxLen); XMEMCPY(&peerkey[4+qxLen], qy, qyLen); - + /* 0 : RSA 2048bit, 1 : Reserved, 2 : ECDSA P-256 */ if ((ret = tsip_hw_lock()) == 0) { ret = R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves( @@ -211,14 +211,14 @@ static int tsip_ServerKeyExVerify( (uint8_t*) sig, (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex, (uint32_t*)userCtx->encrypted_ephemeral_ecdh_public_key); - + if (ret !=TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves failed"); } else { ret = WOLFSSL_SUCCESS; } - + tsip_hw_unlock(); } else { @@ -242,9 +242,9 @@ int wc_tsip_RsaVerify( void* ctx) { int ret; - + WOLFSSL_ENTER("tsip_RsaVerify"); - + if (tsip_usable(ssl, 0)) ret = tsip_ServerKeyExVerify(0, ssl, sig, sigSz, ctx); else @@ -260,43 +260,43 @@ int wc_tsip_RsaVerify( * return 0 on success */ int wc_tsip_EccVerify( - WOLFSSL* ssl, - const byte* sig, word32 sigSz, - const byte* hash, word32 hashSz, - const byte* key, word32 keySz, - int* result, void* ctx) + WOLFSSL* ssl, + const byte* sig, word32 sigSz, + const byte* hash, word32 hashSz, + const byte* key, word32 keySz, + int* result, void* ctx) { int ret = WOLFSSL_FAILURE; uint8_t* sigforSCE; uint8_t* pSig; const byte rs_size = R_TSIP_ECDSA_DATA_BYTE_SIZE/2; byte offset = 0x3; - + WOLFSSL_ENTER("wc_tsip_EccVerify"); - - /* check if TSIP can handle given cipher suite */ + + /* check if TSIP can handle given cipher suite */ if (!tsip_usable(ssl, 0)) { WOLFSSL_MSG("Cannot handle cipher suite by TSIP"); WOLFSSL_LEAVE("wc_tsip_EccVerify", CRYPTOCB_UNAVAILABLE); return CRYPTOCB_UNAVAILABLE; } - sigforSCE = (uint8_t*)XMALLOC(R_TSIP_ECDSA_DATA_BYTE_SIZE, NULL, + sigforSCE = (uint8_t*)XMALLOC(R_TSIP_ECDSA_DATA_BYTE_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (sigforSCE == NULL) { WOLFSSL_MSG("failed to malloc memory"); WOLFSSL_LEAVE("wc_tsip_EccVerify", MEMORY_E); - return MEMORY_E; + return MEMORY_E; } /* initialization */ XMEMCPY(sigforSCE, 0, R_TSIP_ECDSA_DATA_BYTE_SIZE); - + /* r */ if (sig[offset] == 0x20) { XMEMCPY(sigforSCE, &sig[offset+1], rs_size); - + offset = 0x25; /* s */ if (sig[offset] == 0x20) { @@ -308,7 +308,7 @@ int wc_tsip_EccVerify( } else { XMEMCPY(sigforSCE, &sig[offset+2], rs_size); - + offset = 0x26; /* s */ if (sig[offset] == rs_size) { @@ -318,18 +318,18 @@ int wc_tsip_EccVerify( XMEMCPY(&sigforSCE[rs_size], &sig[offset+2], rs_size); } } - + pSig = sigforSCE; - + ret = tsip_ServerKeyExVerify(2, ssl, pSig, 64, ctx); - + if (ret == WOLFSSL_SUCCESS) { *result = 1; ret = 0; /* for success */ } else *result = 0; - + WOLFSSL_LEAVE("wc_tsip_EccVerify", ret); return ret; } @@ -337,7 +337,7 @@ int wc_tsip_EccVerify( /* * generate premaster secret * 1. generate P256 ECC key pair for ECDHE key exchange - * 2. generate pre-master secret + * 2. generate pre-master secret * output 64 bytes premaster secret to "out" buffer. */ int wc_tsip_EccSharedSecret( @@ -349,7 +349,7 @@ int wc_tsip_EccSharedSecret( { int ret; TsipUserCtx* usrCtx = (TsipUserCtx*)ctx; - + (void)ssl; (void)otherKey; @@ -365,15 +365,15 @@ int wc_tsip_EccSharedSecret( ret = R_TSIP_GenerateTlsP256EccKeyIndex( &usrCtx->ecc_p256_wrapped_key, (uint8_t*)&usrCtx->ecc_ecdh_public_key); - + if (ret == TSIP_SUCCESS) { - + /* copy generated ecdh public key into buffer */ pubKeyDer[0] = ECC_POINT_UNCOMP; *pubKeySz = 1 + sizeof(usrCtx->ecc_ecdh_public_key); - XMEMCPY(&pubKeyDer[1], &usrCtx->ecc_ecdh_public_key, + XMEMCPY(&pubKeyDer[1], &usrCtx->ecc_ecdh_public_key, sizeof(usrCtx->ecc_ecdh_public_key)); - + /* Generate Premaster Secret */ ret = R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key( (uint32_t*)&usrCtx->encrypted_ephemeral_ecdh_public_key, @@ -382,10 +382,10 @@ int wc_tsip_EccSharedSecret( } if (ret == TSIP_SUCCESS) { *outlen = 64; - wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, + wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret); wolfSSL_SetGenMasterSecretCtx(ssl, usrCtx); - + } tsip_hw_unlock(); @@ -419,28 +419,28 @@ WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx) WOLFSSL_LEAVE("tsip_set_callback_ctx", 0); return 0; } - XMEMSET( uCtx, 0, sizeof(TsipUserCtx)); - + XMEMSET(uCtx, 0, sizeof(TsipUserCtx)); + wolfSSL_SetEccVerifyCtx(ssl, user_ctx); wolfSSL_SetRsaEncCtx(ssl, user_ctx); wolfSSL_SetRsaVerifyCtx(ssl, user_ctx); wolfSSL_SetGenPreMasterCtx(ssl, user_ctx); wolfSSL_SetEccSharedSecretCtx(ssl, NULL); wolfSSL_SetVerifyMacCtx(ssl, user_ctx); - + /* set up crypt callback */ wc_CryptoCb_CryptInitRenesasCmn(ssl, user_ctx); WOLFSSL_LEAVE("tsip_set_callback_ctx", 0); return 0; } -#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=106) +#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=106) /* convert def to tsip define */ static byte _tls2tsipdef(byte cipher) { byte def = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA; - switch(cipher){ + switch(cipher) { case l_TLS_RSA_WITH_AES_128_CBC_SHA: break; case l_TLS_RSA_WITH_AES_128_CBC_SHA256: @@ -461,14 +461,14 @@ static byte _tls2tsipdef(byte cipher) * lock hw engine. * this should be called before using engine. */ -WOLFSSL_LOCAL int tsip_hw_lock() +WOLFSSL_LOCAL int tsip_hw_lock(void) { int ret = 0; if (tsip_CryptHwMutexInit_ == 0) { - + ret = tsip_CryptHwMutexInit(&tsip_mutex); - + if (ret == 0) { tsip_CryptHwMutexInit_ = 1; } @@ -481,14 +481,14 @@ WOLFSSL_LOCAL int tsip_hw_lock() /* this should not happens */ return -1; } - + return ret; } /* * release hw engine */ -WOLFSSL_LOCAL void tsip_hw_unlock( void ) +WOLFSSL_LOCAL void tsip_hw_unlock(void) { tsip_CryptHwMutexUnLock(&tsip_mutex); } @@ -504,19 +504,19 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated) const Ciphers *enc; const Ciphers *dec; - WOLFSSL_ENTER("tsip_usable"); - + WOLFSSL_ENTER("tsip_usable"); + /* sanity check */ if (ssl == NULL) { - WOLFSSL_MSG( "ssl is NULL"); + WOLFSSL_MSG("ssl is NULL"); ret = BAD_FUNC_ARG; } - + /* when rsa key index == NULL, tsip isn't used for cert verification. */ /* in the case, we cannot use TSIP. */ if (ret == WOLFSSL_SUCCESS) { if (!ssl->peerSceTsipEncRsaKeyIndex) { - WOLFSSL_MSG( "ssl->peerSceTsipEncRsaKeyIndex is NULL"); + WOLFSSL_MSG("ssl->peerSceTsipEncRsaKeyIndex is NULL"); ret = WOLFSSL_FAILURE; } } @@ -539,18 +539,18 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated) } } - /* when enabled Extended Master Secret, we cannot use TSIP. */ - + /* when enabled Extended Master Secret, we cannot use TSIP. */ + if (ret == WOLFSSL_SUCCESS) { if (ssl->options.haveEMS) { - WOLFSSL_MSG( "ssl->options.haveEMS"); + WOLFSSL_MSG("ssl->options.haveEMS"); ret = WOLFSSL_FAILURE; } } /* TSIP works only for TLS client */ if (ret == WOLFSSL_SUCCESS) { if (side != WOLFSSL_CLIENT_END) { - WOLFSSL_MSG( "Not client side"); + WOLFSSL_MSG("Not client side"); ret = WOLFSSL_FAILURE; } } @@ -559,19 +559,19 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated) if ( cipher0 == CIPHER_BYTE && (cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA || - cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA256 || - cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA || - cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA256) - # if (WOLFSSL_RENESAS_TSIP_VER >= TSIP109) + cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA256 || + cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA || + cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA256) + #if (WOLFSSL_RENESAS_TSIP_VER >= TSIP109) || cipher0 == ECC_BYTE && (cipher == l_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 || - cipher == l_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 || - cipher == l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 || - cipher == l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) - #endif + cipher == l_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 || + cipher == l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 || + cipher == l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) + #endif ) { - WOLFSSL_MSG("supported cipher suite"); + WOLFSSL_MSG("supported cipher suite"); } else { WOLFSSL_MSG("unsupported cipher suite"); @@ -588,18 +588,18 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated) /* open TSIP driver * return 0 on success. */ -WOLFSSL_LOCAL int tsip_Open() +WOLFSSL_LOCAL int tsip_Open(void) { int ret = TSIP_SUCCESS; - WOLFSSL_ENTER("tsip_Open"); + WOLFSSL_ENTER("tsip_Open"); if ((ret = tsip_hw_lock()) == 0) { - + #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=109) ret = R_TSIP_Open(NULL,NULL); - if ( ret != TSIP_SUCCESS ) { + if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("RENESAS TSIP Open failed"); } @@ -613,13 +613,13 @@ WOLFSSL_LOCAL int tsip_Open() R_TSIP_Close(); /* close once */ - if (ret != TSIP_SUCCESS){ + if (ret != TSIP_SUCCESS) { - WOLFSSL_MSG("R_TSIP_GenerataeTlsRsa: NG" ); + WOLFSSL_MSG("R_TSIP_GenerateTlsRsa: NG"); } - else { - + else { + /* open again with newly created TLS public key index*/ ret = R_TSIP_Open( &g_user_key_info.user_rsa2048_tls_pubindex, @@ -639,7 +639,7 @@ WOLFSSL_LOCAL int tsip_Open() if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("RENESAS TSIP Open failed"); } - + /* generate TLS Rsa public key for Certificate verification */ if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) { ret = R_TSIP_GenerateTlsRsaPublicKeyIndex( @@ -647,15 +647,15 @@ WOLFSSL_LOCAL int tsip_Open() g_user_key_info.iv, g_user_key_info.encrypted_user_tls_key, &g_user_key_info.user_rsa2048_tls_pubindex); - + if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_GenerateTlsRsaPublicKeyIndex failed"); } else { /* close once */ - tsip_Close( ); + tsip_Close(); /* open again with s_inst[] */ - XMEMCPY(s_inst1, + XMEMCPY(s_inst1, g_user_key_info.user_rsa2048_tls_pubindex.value, sizeof(s_inst1)); ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2); @@ -675,19 +675,19 @@ WOLFSSL_LOCAL int tsip_Open() /* unlock hw */ tsip_hw_unlock(); } - else + else WOLFSSL_MSG("Failed to lock tsip hw "); - - WOLFSSL_LEAVE( "tsip_Open", ret); + + WOLFSSL_LEAVE("tsip_Open", ret); return ret; } /* close TSIP driver */ -WOLFSSL_LOCAL void tsip_Close() +WOLFSSL_LOCAL void tsip_Close(void) { WOLFSSL_ENTER("tsip_Close"); int ret; - + if ((ret = tsip_hw_lock()) == 0) { /* close TSIP */ ret = R_TSIP_Close(); @@ -699,9 +699,9 @@ WOLFSSL_LOCAL void tsip_Close() if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("RENESAS TSIP Close failed"); } - } + } else - WOLFSSL_MSG("Failed to unlock tsip hw "); + WOLFSSL_MSG("Failed to unlock tsip hw"); WOLFSSL_LEAVE("tsip_Close", 0); } @@ -712,7 +712,7 @@ WOLFSSL_LOCAL void tsip_Close() /* signature format expects RSA 2048 PSS with SHA256 */ void tsip_inform_cert_sign(const byte *sign) { - if(sign) + if (sign) ca_cert_sig = sign; } #if (WOLFSSL_RENESAS_TSIP_VER>=109) @@ -725,17 +725,17 @@ void tsip_inform_user_keys_ex( WOLFSSL_ENTER("tsip_inform_user_keys_ex"); g_user_key_info.encrypted_provisioning_key = NULL; g_user_key_info.iv = NULL; - - if ( encrypted_provisioning_key ) { + + if (encrypted_provisioning_key) { g_user_key_info.encrypted_provisioning_key = encrypted_provisioning_key; } - if ( iv ) { + if (iv) { g_user_key_info.iv = iv; } - if ( encrypted_user_tls_key ) { + if (encrypted_user_tls_key) { g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key; } - + g_user_key_info.encrypted_user_tls_key_type = encrypted_user_tls_key_type; WOLFSSL_LEAVE("tsip_inform_user_keys_ex", 0); } @@ -751,14 +751,14 @@ void tsip_inform_user_keys( g_user_key_info.encrypted_session_key = NULL; g_user_key_info.iv = NULL; g_user_key_info.encrypted_user_tls_key = NULL; - - if ( encrypted_session_key ) { + + if (encrypted_session_key) { g_user_key_info.encrypted_session_key = encrypted_session_key; } - if ( iv ) { + if (iv) { g_user_key_info.iv = iv; } - if ( encrypted_user_tls_key ) { + if (encrypted_user_tls_key) { g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key; } } @@ -769,53 +769,53 @@ void tsip_inform_user_keys( /* Sha1Hmac */ int wc_tsip_Sha1HmacGenerate( const struct WOLFSSL *ssl, - const byte* myInner, + const byte* myInner, word32 innerSz, const byte* in, - word32 sz, + word32 sz, byte* digest) { - WOLFSSL_ENTER("wc_tsip_Sha1HmacGenerate()"); + WOLFSSL_ENTER("wc_tsip_Sha1HmacGenerate"); tsip_hmac_sha_handle_t _handle; tsip_hmac_sha_key_index_t key_index; int ret; if ((ssl == NULL) || (myInner == NULL) || (in == NULL) || - (digest == NULL)){ + (digest == NULL)) { WOLFSSL_LEAVE("wc_tsip_Sha1HmacGenerate", BAD_FUNC_ARG); return BAD_FUNC_ARG; } - + if ((ret = tsip_hw_lock()) != 0) { WOLFSSL_MSG("hw lock failed"); WOLFSSL_LEAVE("wc_tsip_Sha1HmacGenerate", ret); return ret; } - + key_index = ssl->keys.tsip_client_write_MAC_secret; - + ret = R_TSIP_Sha1HmacGenerateInit( &_handle, &key_index); - + if (ret == TSIP_SUCCESS) ret = R_TSIP_Sha1HmacGenerateUpdate( &_handle, - (uint8_t*)myInner, + (uint8_t*)myInner, (uint32_t)innerSz); - + if (ret == TSIP_SUCCESS) ret = R_TSIP_Sha1HmacGenerateUpdate( &_handle, (uint8_t*)in, sz); - + if (ret == TSIP_SUCCESS) ret = R_TSIP_Sha1HmacGenerateFinal( &_handle, digest); - + tsip_hw_unlock(); WOLFSSL_LEAVE("wc_tsip_Sha1HmacGenerate", ret); @@ -826,7 +826,7 @@ int wc_tsip_Sha1HmacGenerate( /* Sha256Hmac */ int wc_tsip_Sha256HmacGenerate( const struct WOLFSSL *ssl, - const byte* myInner, + const byte* myInner, word32 innerSz, const byte* in, word32 sz, @@ -837,26 +837,26 @@ int wc_tsip_Sha256HmacGenerate( tsip_hmac_sha_handle_t _handle; tsip_hmac_sha_key_index_t key_index; int ret; - + if ((ssl == NULL) || (myInner == NULL) || (in == NULL) || (digest == NULL)) return BAD_FUNC_ARG; - + key_index = ssl->keys.tsip_client_write_MAC_secret; if ((ret = tsip_hw_lock()) != 0) { WOLFSSL_MSG("hw lock failed"); return ret; } - + ret = R_TSIP_Sha256HmacGenerateInit( &_handle, &key_index); - + if (ret == TSIP_SUCCESS) { ret = R_TSIP_Sha256HmacGenerateUpdate( &_handle, - (uint8_t*)myInner, + (uint8_t*)myInner, innerSz); } else { @@ -895,7 +895,7 @@ int wc_tsip_Sha256HmacGenerate( */ int wc_tsip_ShaXHmacVerify( const struct WOLFSSL *ssl, - const byte* message, + const byte* message, word32 messageSz, word32 macSz, word32 content) @@ -912,7 +912,7 @@ int wc_tsip_ShaXHmacVerify( byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; int ret; - if ((ssl == NULL) || (message == NULL)){ + if ((ssl == NULL) || (message == NULL)) { WOLFSSL_LEAVE("tsip_ShaXHmacVerify", BAD_FUNC_ARG); return BAD_FUNC_ARG; } @@ -941,12 +941,12 @@ int wc_tsip_ShaXHmacVerify( WOLFSSL_LEAVE("tsip_ShaXHmacVerify", ret); return ret; } - + wolfSSL_SetTlsHmacInner((struct WOLFSSL*)ssl, (byte*)myInner, messageSz, content, 1); - + ret = initFn(&handle, &wrapped_key); - + if (ret == TSIP_SUCCESS) { ret = updateFn(&handle, myInner, WOLFSSL_TLS_HMAC_INNER_SZ); } @@ -959,7 +959,7 @@ int wc_tsip_ShaXHmacVerify( if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("TSIP Mac verification failed"); } - + /* unlock hw */ tsip_hw_unlock(); WOLFSSL_LEAVE("tsip_ShaXHmacVerify", ret); @@ -976,8 +976,8 @@ int wc_tsip_generateVerifyData( int ret ; uint32_t l_side = R_TSIP_TLS_GENERATE_CLIENT_VERIFY; - WOLFSSL_ENTER("tsip_generateVerifyData"); - + WOLFSSL_ENTER("tsip_generateVerifyData"); + if ((ms == NULL) || (side == NULL) || (handshake_hash == NULL) || (hashes == NULL)) { WOLFSSL_LEAVE("tsip_generateVerifyData", BAD_FUNC_ARG); @@ -988,7 +988,7 @@ int wc_tsip_generateVerifyData( { l_side = R_TSIP_TLS_GENERATE_SERVER_VERIFY; } - + if ((ret = tsip_hw_lock()) == 0) { ret = R_TSIP_TlsGenerateVerifyData(l_side, (uint32_t*)ms, (uint8_t*)handshake_hash, hashes/* out */); @@ -1004,7 +1004,7 @@ int wc_tsip_generateVerifyData( /* generate keys for TLS communication */ int wc_tsip_generateSessionKey( - struct WOLFSSL *ssl, + struct WOLFSSL *ssl, TsipUserCtx* ctx, int devId) { @@ -1016,11 +1016,11 @@ int wc_tsip_generateSessionKey( tsip_aes_key_index_t key_client_aes; tsip_aes_key_index_t key_server_aes; - WOLFSSL_ENTER("wc_tsip_generateSessionKey()"); - + WOLFSSL_ENTER("wc_tsip_generateSessionKey"); + if (ssl== NULL) return BAD_FUNC_ARG; - + if ((ret = tsip_hw_lock()) == 0) { #if (WOLFSSL_RENESAS_TSIP_VER>=109) @@ -1032,9 +1032,9 @@ int wc_tsip_generateSessionKey( tsipCS == R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) { WOLFSSL_MSG("Session key for AES-GCM generation skipped."); - /* Do not release ssl-> arrays to reference the master secret and - * randoms, as the AES GCM session key will be generated in - * encryption or decription timing. + /* Do not release ssl-> arrays to reference the master secret and + * randoms, as the AES GCM session key will be generated in + * encryption or description timing. */ wolfSSL_KeepArrays(ssl); ret = TSIP_SUCCESS; @@ -1043,7 +1043,7 @@ int wc_tsip_generateSessionKey( ret = R_TSIP_TlsGenerateSessionKey( tsipCS, - (uint32_t*)ssl->arrays->tsip_masterSecret, + (uint32_t*)ssl->arrays->tsip_masterSecret, (uint8_t*) ssl->arrays->clientRandom, (uint8_t*) ssl->arrays->serverRandom, NULL, /* nonce is required only for AES-GCM key */ @@ -1051,13 +1051,13 @@ int wc_tsip_generateSessionKey( &key_server_mac, &key_client_aes, &key_server_aes, - NULL, NULL); + NULL, NULL); } -#else /* WOLFSSL_RENESAS_TSIP_VER < 109 */ +#else /* WOLFSSL_RENESAS_TSIP_VER < 109 */ ret = R_TSIP_TlsGenerateSessionKey( _tls2tsipdef(ssl->options.cipherSuite), - (uint32_t*)ssl->arrays->tsip_masterSecret, + (uint32_t*)ssl->arrays->tsip_masterSecret, (uint8_t*)ssl->arrays->clientRandom, (uint8_t*)ssl->arrays->serverRandom, &key_client_mac, @@ -1065,7 +1065,7 @@ int wc_tsip_generateSessionKey( &key_client_aes, &key_server_aes, NULL, NULL); -#endif +#endif if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed"); } @@ -1074,20 +1074,20 @@ int wc_tsip_generateSessionKey( /* alloc aes instance for both enc and dec */ enc = &ssl->encrypt; dec = &ssl->decrypt; - + if (enc) { if (enc->aes == NULL) { - enc->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap, + enc->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap, DYNAMIC_TYPE_CIPHER); if (enc->aes == NULL) return MEMORY_E; } - + XMEMSET(enc->aes, 0, sizeof(Aes)); } if (dec) { if (dec->aes == NULL) { - dec->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap, + dec->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap, DYNAMIC_TYPE_CIPHER); if (dec->aes == NULL) { if (enc) { @@ -1096,21 +1096,21 @@ int wc_tsip_generateSessionKey( return MEMORY_E; } } - + XMEMSET(dec->aes, 0, sizeof(Aes)); } /* copy key index into aes */ if (ssl->options.side == PROVISION_CLIENT) { - XMEMCPY(&enc->aes->ctx.tsip_keyIdx, &key_client_aes, + XMEMCPY(&enc->aes->ctx.tsip_keyIdx, &key_client_aes, sizeof(key_client_aes)); - XMEMCPY(&dec->aes->ctx.tsip_keyIdx, &key_server_aes, + XMEMCPY(&dec->aes->ctx.tsip_keyIdx, &key_server_aes, sizeof(key_server_aes)); } else { - XMEMCPY(&enc->aes->ctx.tsip_keyIdx, &key_server_aes, + XMEMCPY(&enc->aes->ctx.tsip_keyIdx, &key_server_aes, sizeof(key_server_aes)); - XMEMCPY(&dec->aes->ctx.tsip_keyIdx, &key_client_aes, + XMEMCPY(&dec->aes->ctx.tsip_keyIdx, &key_client_aes, sizeof(key_client_aes)); } @@ -1119,7 +1119,7 @@ int wc_tsip_generateSessionKey( ssl->keys.tsip_server_write_MAC_secret = key_server_mac; /* set up key size and marked ready */ - if (enc){ + if (enc) { enc->aes->ctx.keySize = ssl->specs.key_size; enc->aes->ctx.setup = 1; /* ready for use */ @@ -1133,14 +1133,14 @@ int wc_tsip_generateSessionKey( dec->setup = 1; } - if (ctx->tsip_cipher == + if (ctx->tsip_cipher == R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || - ctx->tsip_cipher == + ctx->tsip_cipher == R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { enc->aes->nonceSz = AEAD_MAX_IMP_SZ; dec->aes->nonceSz = AEAD_MAX_IMP_SZ; } - + enc->aes->devId = devId; dec->aes->devId = devId; @@ -1149,9 +1149,9 @@ int wc_tsip_generateSessionKey( /* unlock hw */ tsip_hw_unlock(); } - else + else WOLFSSL_MSG("hw lock failed"); - + WOLFSSL_LEAVE("wc_tsip_generateSessionKey", ret); return ret; } @@ -1172,17 +1172,17 @@ int wc_tsip_generateMasterSecretEx( int ret; WOLFSSL_ENTER("tsip_generateMasterSecretEx"); - + if ((pr == NULL) || (cr == NULL) || (sr == NULL) || (ms == NULL)) return BAD_FUNC_ARG; - - uint32_t tsipCS = GetTsipCipherSuite(cipherSuiteFirst,cipherSuite ); + + uint32_t tsipCS = GetTsipCipherSuite(cipherSuiteFirst,cipherSuite); if (tsipCS == 0xffffffff) return BAD_FUNC_ARG; if ((ret = tsip_hw_lock()) == 0) { - ret = R_TSIP_TlsGenerateMasterSecret( + ret = R_TSIP_TlsGenerateMasterSecret( tsipCS, (uint32_t*)pr, (uint8_t*)cr, (uint8_t*)sr, (uint32_t*)ms); @@ -1212,9 +1212,9 @@ int wc_tsip_generateMasterSecret( if ((pr == NULL) || (cr == NULL) || (sr == NULL) || (ms == NULL)) return BAD_FUNC_ARG; - + if ((ret = tsip_hw_lock()) == 0) { - ret = R_TSIP_TlsGenerateMasterSecret( + ret = R_TSIP_TlsGenerateMasterSecret( (uint32_t*)pr, (uint8_t*)cr, (uint8_t*)sr, @@ -1245,9 +1245,9 @@ int wc_tsip_storeKeyCtx(struct WOLFSSL* ssl, TsipUserCtx* userCtx) if (ssl == NULL || userCtx == NULL) ret = BAD_FUNC_ARG; - + if (ret == 0) { - XMEMCPY(userCtx->tsip_masterSecret, ssl->arrays->tsip_masterSecret, + XMEMCPY(userCtx->tsip_masterSecret, ssl->arrays->tsip_masterSecret, TSIP_TLS_MASTERSECRET_SIZE); XMEMCPY(userCtx->tsip_clientRandom, ssl->arrays->clientRandom, TSIP_TLS_CLIENTRANDOM_SZ); @@ -1262,22 +1262,22 @@ int wc_tsip_storeKeyCtx(struct WOLFSSL* ssl, TsipUserCtx* userCtx) } /* generate pre-Master secrete by TSIP */ -int wc_tsip_generatePremasterSecret(byte *premaster, word32 preSz ) +int wc_tsip_generatePremasterSecret(byte *premaster, word32 preSz) { WOLFSSL_ENTER("tsip_generatePremasterSecret"); int ret; - + if (premaster == NULL) return BAD_FUNC_ARG; - + if ((ret = tsip_hw_lock()) == 0 && preSz >= (R_TSIP_TLS_MASTER_SECRET_WORD_SIZE*4)) { /* generate pre-master, 80 bytes */ - ret = R_TSIP_TlsGeneratePreMasterSecret( (uint32_t*)premaster ); + ret = R_TSIP_TlsGeneratePreMasterSecret((uint32_t*)premaster); if (ret != TSIP_SUCCESS) { WOLFSSL_MSG(" R_TSIP_TlsGeneratePreMasterSecret failed"); } - + /* unlock hw */ tsip_hw_unlock(); } @@ -1288,7 +1288,7 @@ int wc_tsip_generatePremasterSecret(byte *premaster, word32 preSz ) return ret; } -/* +/* * generate encrypted pre-Master secrete by TSIP */ int wc_tsip_generateEncryptPreMasterSecret( @@ -1298,43 +1298,43 @@ int wc_tsip_generateEncryptPreMasterSecret( { int ret; - WOLFSSL_ENTER("tsip_generateEncryptPreMasterSecret"); - + WOLFSSL_ENTER("tsip_generateEncryptPreMasterSecret"); + if ((ssl == NULL) || (out == NULL) || (outSz == NULL)) return BAD_FUNC_ARG; - + if ((ret = tsip_hw_lock()) == 0) { if (*outSz >= 256) - + #if (WOLFSSL_RENESAS_TSIP_VER>=109) - + ret = R_TSIP_TlsEncryptPreMasterSecretWithRsa2048PublicKey( (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex, (uint32_t*)ssl->arrays->preMasterSecret, (uint8_t*)out); #else - + ret = R_TSIP_TlsEncryptPreMasterSecret( (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex, (uint32_t*)ssl->arrays->preMasterSecret, (uint8_t*)out); - + #endif else ret = -1; - + if (ret != TSIP_SUCCESS) { WOLFSSL_MSG(" R_TSIP_TlsEncryptPreMasterSecret failed"); } else { *outSz = 256; /* TSIP can only handles 2048 RSA */ void* ctx = wolfSSL_GetRsaVerifyCtx(ssl); - wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, + wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret); wolfSSL_SetGenMasterSecretCtx(ssl, ctx); } - + tsip_hw_unlock(); } @@ -1364,7 +1364,7 @@ int wc_tsip_tls_CertVerify( if (cert == NULL) return BAD_FUNC_ARG; - + if (!signature) { WOLFSSL_MSG(" signature for ca verification is not set"); return -1; @@ -1373,9 +1373,9 @@ int wc_tsip_tls_CertVerify( WOLFSSL_MSG(" tsip_encRsaKeyIndex is NULL."); return -1; } - + /* Public key type: Prime256r1 */ - if (g_user_key_info.encrypted_user_tls_key_type == + if (g_user_key_info.encrypted_user_tls_key_type == R_TSIP_TLS_PUBLIC_KEY_TYPE_ECDSA_P256) { if ((sigforSCE = (uint8_t*)XMALLOC(R_TSIP_ECDSA_DATA_BYTE_SIZE, @@ -1385,10 +1385,10 @@ int wc_tsip_tls_CertVerify( } /* initialization */ XMEMCPY(sigforSCE, 0, R_TSIP_ECDSA_DATA_BYTE_SIZE); - + if (signature[offset] == 0x20) { XMEMCPY(sigforSCE, &signature[offset+1], rs_size); - + offset = 0x25; if (signature[offset] == 0x20) { XMEMCPY(&sigforSCE[rs_size], &signature[offset+1], rs_size); @@ -1396,14 +1396,14 @@ int wc_tsip_tls_CertVerify( else { XMEMCPY(&sigforSCE[rs_size], &signature[offset+2], rs_size); } - } + } else { XMEMCPY(sigforSCE, &signature[offset+2], rs_size); offset = 0x26; - + if (signature[offset] == rs_size) { XMEMCPY(&sigforSCE[rs_size], &signature[offset+1], rs_size); - } + } else { XMEMCPY(&sigforSCE[rs_size], &signature[offset+2], rs_size); } @@ -1419,36 +1419,36 @@ int wc_tsip_tls_CertVerify( #if (WOLFSSL_RENESAS_TSIP_VER>=109) - ret = R_TSIP_TlsCertificateVerification( - g_user_key_info.encrypted_user_tls_key_type, - (uint32_t*)g_encrypted_publicCA_key,/* encrypted public key */ - (uint8_t*)cert, /* certificate der */ - certSz, /* length of der */ - (uint8_t*)pSig, /* sign data by RSA PSS */ - key_n_start, /* start position of public key n in bytes */ - (key_n_start + key_n_len), /* length of the public key n */ - key_e_start, /* start pos, key e in bytes */ - (key_e_start + key_e_len), /* length of the public key e */ - (uint32_t*)tsip_encRsaKeyIndex /* returned encrypted key */ - ); + ret = R_TSIP_TlsCertificateVerification( + g_user_key_info.encrypted_user_tls_key_type, + (uint32_t*)g_encrypted_publicCA_key,/* encrypted public key */ + (uint8_t*)cert, /* certificate der */ + certSz, /* length of der */ + (uint8_t*)pSig, /* sign data by RSA PSS */ + key_n_start, /* start position of public key n in bytes */ + (key_n_start + key_n_len), /* length of the public key n */ + key_e_start, /* start pos, key e in bytes */ + (key_e_start + key_e_len), /* length of the public key e */ + (uint32_t*)tsip_encRsaKeyIndex /* returned encrypted key */ + ); #elif (WOLFSSL_RENESAS_TSIP_VER>=106) ret = R_TSIP_TlsCertificateVerification( - (uint32_t*)g_encrypted_publicCA_key,/* encrypted public key */ - (uint8_t*)cert, /* certificate der */ - certSz, /* length of der */ - (uint8_t*)pSig, /* sign data by RSA PSS */ - key_n_start, /* start position of public key n in bytes */ - (key_n_start + key_n_len), /* length of the public key n */ - key_e_start, /* start pos, key e in bytes */ - (key_e_start + key_e_len), /* length of the public key e */ - (uint32_t*)tsip_encRsaKeyIndex /* returned encrypted key */ - ); + (uint32_t*)g_encrypted_publicCA_key,/* encrypted public key */ + (uint8_t*)cert, /* certificate der */ + certSz, /* length of der */ + (uint8_t*)pSig, /* sign data by RSA PSS */ + key_n_start, /* start position of public key n in bytes */ + (key_n_start + key_n_len), /* length of the public key n */ + key_e_start, /* start pos, key e in bytes */ + (key_e_start + key_e_len), /* length of the public key e */ + (uint32_t*)tsip_encRsaKeyIndex /* returned encrypted key */ + ); #endif if (ret != TSIP_SUCCESS) { - WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification() failed"); + WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification failed"); } if (sigforSCE) { XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC); @@ -1472,54 +1472,51 @@ int wc_tsip_tls_RootCertVerify( /* call to generate encrypted public key for certificate verification */ uint8_t *signature = (uint8_t*)ca_cert_sig; - WOLFSSL_ENTER("wc_tsip_tls_RootCertVerify"); - + WOLFSSL_ENTER("wc_tsip_tls_RootCertVerify"); + if (cert == NULL) return BAD_FUNC_ARG; - + if (!signature) { WOLFSSL_MSG(" signature for ca verification is not set"); return -1; } - + if ((ret = tsip_hw_lock()) == 0) { - #if (WOLFSSL_RENESAS_TSIP_VER>=109) - + #if (WOLFSSL_RENESAS_TSIP_VER>=109) ret = R_TSIP_TlsRootCertificateVerification( - g_user_key_info.encrypted_user_tls_key_type, - (uint8_t*)cert, /* CA cert */ - (uint32_t)cert_len, /* length of CA cert */ - key_n_start, /* Byte position of public key */ - (key_n_start + key_n_len), - key_e_start, - (key_e_start + key_e_len), - (uint8_t*)ca_cert_sig, /* "RSA 2048 PSS with SHA256" */ - g_encrypted_publicCA_key); /* RSA-2048 public key 560 bytes */ + g_user_key_info.encrypted_user_tls_key_type, + (uint8_t*)cert, /* CA cert */ + (uint32_t)cert_len, /* length of CA cert */ + key_n_start, /* Byte position of public key */ + (key_n_start + key_n_len), + key_e_start, + (key_e_start + key_e_len), + (uint8_t*)ca_cert_sig, /* RSA 2048 PSS with SHA256 */ + g_encrypted_publicCA_key /* RSA-2048 public key 560 bytes */ + ); + #else /* WOLFSSL_RENESAS_TSIP_VER < 109 */ + ret = R_TSIP_TlsRootCertificateVerification( + (uint8_t*)cert,/* CA cert */ + (uint32_t)cert_len,/* length of CA cert */ + key_n_start, /* Byte position of public key */ + (key_n_start + key_n_len), + key_e_start, + (key_e_start + key_e_len), + (uint8_t*)ca_cert_sig,/* "RSA 2048 PSS with SHA256" */ + /* RSA-2048 public key used by RSA-2048 PSS with SHA256. 560 Bytes */ + g_encrypted_publicCA_key + ); + #endif - #else /* WOLFSSL_RENESAS_TSIP_VER < 109 */ - - ret = R_TSIP_TlsRootCertificateVerification( - (uint8_t*)cert,/* CA cert */ - (uint32_t)cert_len,/* length of CA cert */ - key_n_start, /* Byte position of public key */ - (key_n_start + key_n_len), - key_e_start, - (key_e_start + key_e_len), - (uint8_t*)ca_cert_sig,/* "RSA 2048 PSS with SHA256" */ - /* RSA-2048 public key used by - RSA-2048 PSS with SHA256. 560 Bytes*/ - g_encrypted_publicCA_key ); - - #endif - if (ret != TSIP_SUCCESS) { - WOLFSSL_MSG(" R_TSIP_TlsRootCertificateVerification() failed"); + WOLFSSL_MSG(" R_TSIP_TlsRootCertificateVerification failed"); } else { g_CAscm_Idx = cm_row; } - + tsip_hw_unlock(); } else { @@ -1534,7 +1531,7 @@ int wc_tsip_tls_RootCertVerify( /* err * e_tsip_err - TSIP_SUCCESS = 0, + TSIP_SUCCESS = 0, TSIP_ERR_SELF_CHECK1, // Self-check 1 fail or TSIP function internal err. TSIP_ERR_RESOURCE_CONFLICT, // A resource conflict occurred. TSIP_ERR_SELF_CHECK2, // Self-check 2 fail. @@ -1543,7 +1540,7 @@ int wc_tsip_tls_RootCertVerify( TSIP_ERR_CALLBACK_UNREGIST, // Callback function is not registered. TSIP_ERR_PARAMETER, // Illegal Input data. TSIP_ERR_PROHIBIT_FUNCTION, // An invalid function call occurred. - * TSIP_RESUME_FIRMWARE_GENERATE_MAC, + * TSIP_RESUME_FIRMWARE_GENERATE_MAC, // There is a continuation of R_TSIP_GenerateFirmwareMAC. */ @@ -1554,9 +1551,9 @@ static void hexdump(const uint8_t* in, uint32_t len) if (in == NULL) return; - for (i = 0; i <= len;i++, in++){ + for (i = 0; i <= len;i++, in++) { printf("%02x:", *in); - if (((i+1)%16)==0){ + if (((i+1)%16)==0) { printf("\n"); } } @@ -1565,7 +1562,7 @@ static void hexdump(const uint8_t* in, uint32_t len) byte *ret2err(word32 ret) { - switch(ret){ + switch(ret) { case TSIP_SUCCESS: return "success"; case TSIP_ERR_SELF_CHECK1: return "selfcheck1"; case TSIP_ERR_RESOURCE_CONFLICT: return "rsconflict"; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 604c6a80c..a4c0973d1 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4575,7 +4575,7 @@ struct WOLFSSL { #endif /* NO_RSA */ void* GenPreMasterCtx; /* Generate Premaster Callback Context */ void* GenMasterCtx; /* Generate Master Callback Context */ - void* GenSessionKeyCtx; /* Generate Sesssion Key Callback Context */ + void* GenSessionKeyCtx; /* Generate Session Key Callback Context */ void* EncryptKeysCtx; /* Set Encrypt keys Callback Context */ void* TlsFinishedCtx; /* Generate Tls Finished Callback Context */ void* VerifyMacCtx; /* Verify mac Callback Context */