wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5005 from dgarske/renesas_spell

Browse Source
This commit is contained in:
Chris Conlon
2022-03-31 17:44:04 -06:00
committed by GitHub
parent 7b21cd8cf0 1993851274
commit b45cd921b6
10 changed files with 939 additions and 927 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl.c
View File

@ -44142,13 +44142,13 @@ void wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX* ctx, CallbackGenSessionKey cb)
if (ctx)
ctx->GenSessionKeyCb = cb;
}
/* Set sesssion key generation callback context */
/* Set session key generation callback context */
void wolfSSL_SetGenSessionKeyCtx(WOLFSSL* ssl, void *ctx)
{
if (ssl)
ssl->GenSessionKeyCtx = ctx;
}
/* Get sesssion key generation callback context */
/* Get session key generation callback context */
void* wolfSSL_GetGenSessionKeyCtx(WOLFSSL* ssl)
{
if (ssl)

121
wolfcrypt/src/port/Renesas/README.md
View File

@ -1,5 +1,8 @@
# TSIP FIT Module port
Support for TSIP FIT driver for symmetric AES, SHA1/SHA256 hardware acceleration and TLS-linked capability including Root CA, the server certificate or intermediate certificate verification.
Support for TSIP FIT driver for symmetric AES, SHA1/SHA256 hardware acceleration
and TLS-linked capability including Root CA, the server certificate or
intermediate certificate verification.
## Overview
Renesas TSIP FIT module with wolfSSL by setting *WOLFSSL_RENESAS_TSIP* definition.
@ -10,9 +13,10 @@ Including the following examples:
* crypt test
* crypt benchmark
The *user_settings.h* file enables some of the hardened settings.
The *user_settings.h* file enables some of the hardened settings.
## Requirements
### 1. [Renesas TSIP FIT module](https://www.renesas.com/us/en/products/software-tools/software-os-middleware-driver/security-crypto/trusted-secure-ip-driver.html)
[FIT module](https://www.renesas.com/us/en/products/software-tools/software-os-middleware-driver/software-package/fit.html)
Note : The included example program is tested with <u>TSIP FIT version **1.06**</u>.
@ -23,21 +27,34 @@ Note : The included example program is tested with <u>TSIP FIT version **1.06**<
Note : The included example program is tested with [GR-ROSE](http://gadget.renesas.com/en/product/rose.html), which is classified to RX65N.
## Setup and Build wolfSSL library
1. Uncomment out #define WOLFSSL_RENESAS_TSIP in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
Uncomment out #define WOLFSSL_RENESAS_RX65N in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
2. Open a project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/wolfssl/ by e2studio and build to create wolfssl library
Note : Generating FIT module source files in advance are required to compile wolfSSL when enabling WOLFSSL_RENESAS_TSIP and WOLFSSL_RENESAS_RX65N. Please see for creating FIT module files at "Setup and Build and example program" in this readme below.
1. Uncomment out `#define WOLFSSL_RENESAS_TSIP` in `/path/to/wolfssl/wolfssl/wolfcrypt/settings.h`
2. Uncomment out `#define WOLFSSL_RENESAS_RX65N` in `/path/to/wolfssl/wolfssl/wolfcrypt/settings.h`
3. Open a project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/wolfssl/ by e2studio and build to create wolfssl library
Note : Generating FIT module source files in advance are required to compile wolfSSL
when enabling `WOLFSSL_RENESAS_TSIP` and `WOLFSSL_RENESAS_RX65N`. Please see for
creating FIT module files at "Setup and Build and example program" in this readme below.
To disable portions of the hardware acceleration you can optionally define:
```
```c
/* Disabled SHA acceleration */
#define NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH
/* Disabled TLS-linked acceleration */
#define NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION
```
### Benchmarks
**Software only implementation:**
## Benchmarks
Platform:
Renesas : e2Studio v7.4.0
ToolChain : Renesas CCRX version 3.00.00
TSIP FIT : version 1.0.6
Board : [GR-ROSE](http://gadget.renesas.com/en/product/rose.html)
wolfSSL : 4.1.0
### Software only implementation:
*block cipher*
```
RNG 200 KB took 1.099 seconds, 182.000 KB/s
@ -50,35 +67,31 @@ SHA-256 425 KB took 1.038 seconds, 409.520 KB/s
TLS_RSA_WITH_AES_128_CBC_SHA : 0.651 (s)
TLS_RSA_WITH_AES_128_CBC_SHA256 : 0.651 (s)
TLS_RSA_WITH_AES_256_CBC_SHA : 0.642 (s)
TLS_RSA_WITH_AES_256_CBAC_SHA256 : 0.662 (s)
TLS_RSA_WITH_AES_256_CBC_SHA256 : 0.662 (s)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 2.050 (s)
```
**Hardware acceleration:**
### Hardware acceleration:
*block cipher*
```
RNG 1 MB took 1.011 seconds, 1.038 MB/s
SHA 12 MB took 1.001 seconds, 11.515 MB/s
SHA-256 13 MB took 1.001 seconds, 12.900 MB/s
```
*TLS establishment time with TLS-linked capability*
*Perform full TLS-linked capability*
```
TLS_RSA_WITH_AES_128_CBC_SHA : 0.141 (s)
TLS_RSA_WITH_AES_128_CBC_SHA256 : 0.141 (s)
TLS_RSA_WITH_AES_256_CBC_SHA : 0.141 (s)
TLS_RSA_WITH_AES_256_CBAC_SHA256 : 0.144 (s)
TLS_RSA_WITH_AES_256_CBC_SHA256 : 0.144 (s)
```
*Perform certificate verification by TSIP TLS-linked API*
```
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 1.721 (s)
```
Condition:
Renesas : e2Studio v7.4.0
ToolChain : Renesas CCRX version 3.00.00
TSIP FIT : version 1.0.6
Board : [GR-ROSE](http://gadget.renesas.com/en/product/rose.html)
wolfSSL : 4.1.0
## Setup and Build an example program
An example program expects the following FIT modules:
@ -94,8 +107,8 @@ An example program expects the following FIT modules:
These needed source files can be generated by creating a dummy project including Renesas Smart Configurator as steps below:
1. Create a dummy project including Renesas Smart Configurator for your evaluation board type
2. Open Smart Configurator and add FIT modules above
1. Create a dummy project including Renesas Smart Configurator for your evaluation board type
2. Open Smart Configurator and add FIT modules above
It would need to expand *User Stack Size* property and *Heap Size* of r_bsp.
Change IP ADDRESS and PORT NUMBER in r_t4_rx_config.h
`#define T4_CFG_FIXED_IP_ADDRESS_CH0 192,168,1,33`
@ -117,60 +130,66 @@ These needed source files can be generated by creating a dummy project including
Go to pins tab and select ethernet controller
Check to use pins
3. Generate source code
3. Generate source code
Now, it is able to copy these FIT modules into an example project.
4. Make "smc_gen" folder under /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/src/
5. Copy the FIT modules into the folder that is created at step 4.
6. Open an example project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/ by e2studio
7. Enable a macro definition in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h for application type
`#define CRYPT_TEST // enable crypt test`
`#define BENCHMARK // enable benchmark application`
`#define TLS_CLIENT // enable simple tls client application`
`#define TLS_SERVER // enable simple tls server application`
`#define USE_TSIP_TLS // to inform user key and flash keying, when using TSIP`
4. Make "smc_gen" folder under /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/src/
5. Copy the FIT modules into the folder that is created at step 4.
6. Open an example project file at /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/ by e2studio
7. Enable a macro definition in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h for application type
```c
#define CRYPT_TEST /* enable crypt test */
#define BENCHMARK /* enable benchmark application */
#define TLS_CLIENT /* enable simple tls client application */
#define TLS_SERVER /* enable simple tls server application */
#define USE_TSIP_TLS /* to inform user key and flash keying, when using TSIP */
```
Note: CRYPT_TEST and BENCHMARK can be enabled at the same time. TLS_CLIENT and TLS_SERVER cannot be enabled together other definitions.
7. Setup debug configuration based on your debug hardware
7. Setup debug configuration based on your debug hardware
## Run client/server program on the device
When testing the embedded client or server on the device, it is recommended to test against one of the standard wolfSSL example application running on a desktop machine.
When testing the embedded client or server on the device, it is recommended to test against one
of the standard wolfSSL example application running on a desktop machine.
For the embedded client, an example server commands for running on a desktop machine, IP address 192.168.1.45, is as follows:
`$./example/server/server -b -d -i`
`./example/server/server -b -d -i`
For the embedded server, an example client commands for running on a desktop machine is as follows:
`$./example/client/client -h 192.168.1.33 -p 11111`
`./example/client/client -h 192.168.1.33 -p 11111`
## Modify an example program
To use own TSIP keys for TSIP TLS-linked API use, it needs own flash keyring, PSS signed signature and RSA key.
### Create flash keyring and use it in an example program
1. Please follow the instruction at TSIP manual, chapter 7. Key Data Operations.
2. Copy and paste s_flash[] data to s_flash[] data in example-program/key_data.c
1. Please follow the instruction at TSIP manual, chapter 7. Key Data Operations.
2. Copy and paste s_flash[] data to s_flash[] data in example-program/key_data.c
`const uint32_t s_flash[] =`
### Create RSA key pair for signing Root CA verification and use them in an example program
To use TSIP TLS-linked APIs, it needs RSA key pair and Root CA certificate bundle signature by RSA 2048 PSS with SHA256.
Shell and Perl script program in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/tools/ can be used for the purpose.
To use TSIP TLS-linked APIs, it needs RSA key pair and Root CA certificate bundle signature by RSA 2048 PSS with SHA256.
Shell and Perl script program in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/tools/ can be used for the purpose.
* generate_rsa_keypair.sh : generate RSA 2048 bit key pair. Show modulus and public exponent when specifying "-s" option
* rsa_pss_sign.sh : sign the file by the specified private key
* genhexbuf.pl : generate C header file including a byte array generated from the specified file in the script
* `generate_rsa_keypair.sh`: generate RSA 2048 bit key pair. Show modulus and public exponent when specifying "-s" option
* `rsa_pss_sign.sh`: sign the file by the specified private key
* `genhexbuf.pl`: generate C header file including a byte array generated from the specified file in the script
Modulus and public exponent showed by `generate_rsa_keypair.sh` can be used for input date to Renesas Secure Flash Programmer to generate encrypted RSA keys for TSIP TLS-linked API use. Please follow the instruction about how to generate RSA keys in the TSIP manual.
Modulus and public exponent showed by `generate_rsa_keypair.sh` can be used for input date to
Renesas Secure Flash Programmer to generate encrypted RSA keys for TSIP TLS-linked API use.
Please follow the instruction about how to generate RSA keys in the TSIP manual.
Generated byte array of signed signature by `genhexbuf.pl` can be replaced signature data in key_data.c of an example program.
Generated byte array of signed signature by genhexbuf.pl can be replaced signature data in key_data.c of an example program.
Encrypted RSA key and generated byte array of signed signature need to be informed wolfSSL library before loading CA certification. Please see SetTsipTlskey() function an example program about how to inform them.
Encrypted RSA key and generated byte array of signed signature need to be informed wolfSSL library before loading CA certification.
Please see `SetTsipTlskey()` function an example program about how to inform them.
### Coding
In your application you must include <wolfssl/wolfcrypt/settings.h> before any other wolfSSL headers. If building the sources directly we recommend defining `WOLFSSL_USER_SETTINGS` and adding your own `user_settings.h` file. You can find a good reference for this in `/path/to/Renesas/e2studio/Projects/common/user_settings.h`.
In your application you must include <wolfssl/wolfcrypt/settings.h> before any other wolfSSL headers.
If building the sources directly we recommend defining `WOLFSSL_USER_SETTINGS` and adding your own `user_settings.h` file.
You can find a good reference for this in `/path/to/Renesas/e2studio/Projects/common/user_settings.h`.
## Support
For question please email [support@wolfssl.com]
For question please email [support@wolfssl.com]

131
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -45,7 +45,7 @@ static int devId = 7890; /* dev Id for Crypt Callback */
#include <wolfssl/wolfcrypt/cryptocb.h>
/* Renesas Security Library Common Callback
* For Crypto Call back
* For Crypto Callbacks
*
* devIdArg device Id
* info pointer to wc_CryptInfo
@ -61,7 +61,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*) ctx;
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
#endif
if (info == NULL || ctx == NULL)
@ -82,7 +82,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
cbInfo->session_key_set == 1) {
if (info->cipher.enc) {
ret = wc_tsip_AesGcmEncrypt(
info->cipher.aesgcm_enc.aes,
(byte*)info->cipher.aesgcm_enc.out,
@ -98,7 +97,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
else {
ret = wc_tsip_AesGcmDecrypt(
info->cipher.aesgcm_dec.aes,
(byte*)info->cipher.aesgcm_dec.out,
@ -119,7 +117,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
cbInfo->session_key_set == 1) {
if (info->cipher.enc) {
ret = wc_tsip_AesCbcEncrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
@ -128,7 +125,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
else {
ret = wc_tsip_AesCbcDecrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
@ -148,13 +144,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info->cipher.type == WC_CIPHER_AES_GCM) {
if (info->cipher.enc &&
( cbInfo->session_key_set == 1 ||
(cbInfo->session_key_set == 1 ||
(cbInfo->aes256_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 32) ||
(cbInfo->aes128_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 16))) {
if(cbInfo->aes256_installedkey_set == 1 &&
if (cbInfo->aes256_installedkey_set == 1 &&
info->cipher.aesgcm_enc.aes->keylen == 32) {
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
@ -192,7 +188,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
(cbInfo->aes128_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 16)) {
if(cbInfo->aes256_installedkey_set == 1 &&
if (cbInfo->aes256_installedkey_set == 1 &&
info->cipher.aesgcm_dec.aes->keylen == 32) {
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
@ -234,7 +230,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->cipher.aescbc.aes->keylen == 16))) {
if (info->cipher.enc) {
if(cbInfo->aes256_installedkey_set == 1 &&
if (cbInfo->aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes256,
@ -257,7 +253,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->cipher.aescbc.sz);
}
else {
if(cbInfo->aes256_installedkey_set == 1 &&
if (cbInfo->aes256_installedkey_set == 1 &&
info->cipher.aescbc.aes->keylen == 32) {
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
&cbInfo->sce_wrapped_key_aes256,
@ -332,7 +328,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
return INVALID_DEVID;
}
if(ssl)
if (ssl)
wolfSSL_SetDevId(ssl, devId);
return devId;
@ -368,7 +364,7 @@ WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx)
/* check if the root CA has been verified by TSIP/SCE,
* and it exists in the CM table.
*/
static byte sce_tsip_rootCAverified( )
static byte sce_tsip_rootCAverified(void)
{
WOLFSSL_ENTER("sce_tsip_rootCAverified");
return (g_CAscm_Idx != (uint32_t)-1 ? 1:0);
@ -382,7 +378,7 @@ static byte sce_tsip_rootCAverified( )
* out Buffer to hold hash
* key Buffer to hold ecc key
* keySz Length of key in bytes
* return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/
WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
byte** out, const byte* key, word32 keySz, void* ctx)
@ -391,11 +387,11 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
WOLFSSL_ENTER("Renesas_cmn_RsaVerify");
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_RsaVerify(ssl, sig, sigSz, out, key, keySz, ctx);
if (ret == 0) {
/* Set Call back for SharedScret when being successful */
/* Set Callback for SharedSecret when successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, wc_tsip_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
}
@ -405,11 +401,11 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx);
if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) {
/* Set Call back for SharedScret when being successful */
/* Set Callback for SharedSecret when successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
}
@ -418,7 +414,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
#endif
#endif
return ret;
}
@ -433,7 +429,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
* key Buffer to hold ecc key
* keySz Length of key in bytes
* result a pointer to int indicates if the verify is ok
* return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/
WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
@ -443,11 +439,11 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
WOLFSSL_ENTER("Renesas_cmn_EccVerify");
#if defined(WOLFSSL_RENESAS_TSIP)
#if defined(WOLFSSL_RENESAS_TSIP)
ret = wc_tsip_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz,
result, ctx);
if (ret == 0 && *result == 1) {
/* Set callback for SharedScret when being successful */
/* Set callback for SharedSecret when being successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, wc_tsip_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
}
@ -456,11 +452,11 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz,
result, ctx);
if (ret == 0 && *result == 1 && ret != CRYPTOCB_UNAVAILABLE) {
/* Set callback for SharedScret when being successful */
/* Set callback for SharedSecret when being successful */
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret);
wolfSSL_SetEccSharedSecretCtx(ssl, ctx);
}
@ -469,7 +465,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
#endif
#endif
return ret;
}
@ -483,7 +479,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
* key_e_start Byte position of public key exponent in cert
* key_e_len Length of public key exponent
* cm_row CA index
* return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/
int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start,
word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row)
@ -517,8 +513,8 @@ int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_
* ssl the WOLFSSL object
* side CLIENT or SERVER
* handshake_hash hash while doing handshake
* hashes calculated data by SCE/TSIP pseduo random function
* return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code
* hashes calculated data by SCE/TSIP pseudo random function
* return FSP_SUCCESS(0) on success, otherwise FSP/TSIP error code
*/
WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
const byte *handshake_hash,
@ -532,13 +528,14 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
/* sanity check */
if (ssl == NULL || ctx == NULL || side == NULL || handshake_hash == NULL ||
hashes == NULL )
hashes == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateVerifyData(ssl->arrays->tsip_masterSecret,
side, handshake_hash, hashes);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret, /* master secret */
ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret,
side, handshake_hash, hashes);
#endif
@ -551,7 +548,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
*
* ssl the WOLFSSL object
* ctx Callback context
* return 0 on sucess, -1 when keys are not generated by SCE/TSIP
* return 0 on success, -1 when keys are not generated by SCE/TSIP
*/
static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
{
@ -585,13 +582,13 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
}
/* Renesas Security Library Common Callback
* Callback for Sesssion Key generation
* Callback for Session Key generation
* Register callback for Set Keys when keys are successfully
* generated by SCE/TSIP
*
* ssl the WOLFSSL object
* ctx Callback context
* return FSP_SUCCESS(0) on sucess, otherwise SCE/TSIP error code
* return FSP_SUCCESS(0) on success, otherwise SCE/TSIP error code
*/
WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
{
@ -604,7 +601,8 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
/* sanity check */
if (ssl == NULL || ctx == NULL)
return BAD_FUNC_ARG;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, devId);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
ret = wc_sce_generateSessionKey(ssl, ctx, devId);
@ -630,7 +628,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
* premaster Buffer to hold pre master
* preSz Length of pre-master
* ctx Callback context
* return FSP_SUCCESS(0) on sucess,
* return FSP_SUCCESS(0) on success,
* otherwise PROTOCOLCB_UNAVAILABLE
* so that caller could continue to process if want
*/
@ -644,7 +642,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl,
WOLFSSL_ENTER("Renesas_cmn_generatePremasterSecret");
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (Renesas_cmn_usable(ssl, 0)) {
ret = wc_tsip_generatePremasterSecret(premaster, preSz);
ssl->arrays->preMasterSz = preSz;
@ -652,14 +650,14 @@ WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl,
else
ret = PROTOCOLCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (Renesas_cmn_usable(ssl, 0)) {
ret = wc_sce_generatePremasterSecret(premaster, preSz);
ssl->arrays->preMasterSz = preSz;
}
else
ret = PROTOCOLCB_UNAVAILABLE;
#endif
#endif
return ret;
}
@ -671,7 +669,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl,
*
* ssl the WOLFSSL object
* ctx Callback context
* return FSP_SUCCESS(0) on sucess,
* return FSP_SUCCESS(0) on success,
* otherwise PROTOCOLCB_UNAVAILABLE
* so that caller could continue to process if want
*/
@ -687,7 +685,7 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (Renesas_cmn_usable(ssl, 0)) {
#if (WOLFSSL_RENESAS_TSIP_VER >= 109 )
#if (WOLFSSL_RENESAS_TSIP_VER >= 109)
ret = wc_tsip_generateMasterSecretEx(
ssl->options.cipherSuite0,
ssl->options.cipherSuite,
@ -757,7 +755,7 @@ WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx)
* KeyDer Buffer holding Key in der format
* KeySz Length of Key Der
* ctx Callback context
* return FSP_SUCCESS(0) on sucess,
* return FSP_SUCCESS(0) on success,
* otherwise CRYPTOCB_UNAVAILABLE
* so that caller could continue to process if want
*/
@ -786,7 +784,6 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in,
EncSz = wc_RsaEncryptSize(ssl->peerRsaKey);
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (tsip_usable(ssl, 0)) {
if (EncSz == 256) {
ret = wc_tsip_generateEncryptPreMasterSecret(ssl, out, outSz);
@ -824,7 +821,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in,
* macSz Length of mac size
* content content of inner data
* ctx Callback context
* return FSP_SUCCESS(0) on sucess,
* return FSP_SUCCESS(0) on success,
* otherwise PROTOCOLCB_UNAVAILABLE
* so that caller could continue to process if want
*/
@ -836,19 +833,19 @@ WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message,
WOLFSSL_ENTER("Renesas_cmn_VerifyHmac");
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (tsip_usable(ssl, 1)) {
ret = wc_tsip_ShaXHmacVerify(ssl, message, messageSz, macSz, content);
}
else
ret = PROTOCOLCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (wc_sce_usable(ssl, 1)) {
ret = wc_sce_Sha256VerifyHmac(ssl, message, messageSz, macSz, content);
}
else
ret = PROTOCOLCB_UNAVAILABLE;
#endif
#endif
return ret;
}
@ -862,8 +859,8 @@ WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message,
* sz Length of in data
* padSz Length of padding
* content content of inner data
* epocOrder
* return FSP_SUCCESS(0) on sucess, otherwise error code
* epochOrder
* return FSP_SUCCESS(0) on success, otherwise error code
*/
WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest,
const byte* in, word32 sz, int padSz, int content, int verify, int epochOrder)
@ -873,7 +870,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest,
WOLFSSL_ENTER("Renesas_cmn_TLS_hmac");
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (Renesas_cmn_usable(ssl, 1)) {
wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
@ -897,7 +894,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest,
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (Renesas_cmn_usable(ssl, 1)) {
if (ssl->specs.hash_size == WC_SHA256_DIGEST_SIZE) {
wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
@ -912,7 +909,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest,
ret = TLS_hmac(ssl, digest, in, sz, padSz, content, verify, epochOrder);
}
#endif
#endif
return ret;
}
@ -926,7 +923,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest,
* keyDer Buffer to hold rsa key
* keySz Length of key in bytes
* ctx Callback context
* return FSP_SUCCESS(0) on sucess,
* return FSP_SUCCESS(0) on success,
* otherwise CRYPTOCB_UNAVAILABLE
* so that caller could continue to process if want
*/
@ -952,16 +949,15 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig,
return CRYPTOCB_UNAVAILABLE;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (CertAtt->keyIndex != NULL)
{
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (CertAtt->keyIndex != NULL) {
ret = wc_tsip_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1,
CertAtt->pubkey_e_start - CertAtt->certBegin,
CertAtt->pubkey_e_len -1,
(uint8_t*)CertAtt->keyIndex);
if (ret == 0){
if (ret == 0) {
CertAtt->verifyByTSIP_SCE = 1;
}
else {
@ -972,16 +968,15 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig,
else
ret = CRYPTOCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (CertAtt->keyIndex != NULL)
{
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (CertAtt->keyIndex != NULL) {
ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1,
CertAtt->pubkey_e_start - CertAtt->certBegin,
CertAtt->pubkey_e_len -1,
(uint8_t*)CertAtt->keyIndex);
if (ret == 0){
if (ret == 0) {
CertAtt->verifyByTSIP_SCE = 1;
}
else {
@ -991,7 +986,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig,
}
else
ret = CRYPTOCB_UNAVAILABLE;
#endif
#endif
return ret;
}
@ -1007,7 +1002,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig,
* keySz Length of key in bytes
* result A pointer to int indicates a result
* ctx Callback context
* return FSP_SUCCESS(0) on sucess,
* return FSP_SUCCESS(0) on success,
* otherwise CRYPTOCB_UNAVAILABLE
* so that caller could continue to process if want
*/
@ -1038,9 +1033,8 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig,
return CRYPTOCB_UNAVAILABLE;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (CertAtt->keyIndex != NULL)
{
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (CertAtt->keyIndex != NULL) {
ret = wc_tsip_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1,
@ -1058,9 +1052,8 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig,
}
else
ret = CRYPTOCB_UNAVAILABLE;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (CertAtt->keyIndex != NULL)
{
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (CertAtt->keyIndex != NULL) {
ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz,
CertAtt->pubkey_n_start - CertAtt->certBegin,
CertAtt->pubkey_n_len - 1,
@ -1078,7 +1071,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig,
}
else
ret = CRYPTOCB_UNAVAILABLE;
#endif
#endif
return ret;
}

28
wolfcrypt/src/port/Renesas/renesas_sce_aes.c
View File

@ -131,7 +131,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
/* check if AES GCM can be used by SCE */
if ((ret = wc_sce_hw_lock()) == 0) {
/* allocate buffers for plaintaxt, ciphertext and authTag to make sure
/* allocate buffers for plaintext, ciphertext and authTag to make sure
* those buffers 32bit aligned as SCE requests.
*/
delta = sz % AES_BLOCK_SIZE;
@ -141,7 +141,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
DYNAMIC_TYPE_AES);
if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL) {
WOLFSSL_MSG("wc_sce_AesGcmEncrypt: buffer allocation faild");
WOLFSSL_MSG("wc_sce_AesGcmEncrypt: buffer allocation failed");
ret = -1;
}
@ -174,16 +174,18 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
}
else if (info->aes256_installedkey_set == 1 || info->aes128_installedkey_set == 1) {
if(aes->ctx.keySize == 32) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
} else {
}
else {
XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
}
iv_l = iv;
ivSz_l = ivSz;
} else {
}
else {
WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1;
}
@ -253,7 +255,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
* sz Length of cipher text/plaintext in bytes
* iv Buffer holding IV/nonce
* ivSz Length of IV/nonce in bytes
* authTag Buffer to hold authntication data
* authTag Buffer to hold authentication data
* authTagSz Length of authentication data in bytes
* ctx The Callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
@ -314,7 +316,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
if ((ret = wc_sce_hw_lock()) == 0) {
/* allocate buffers for plain-taxt, cipher-text, authTag and AAD.
/* allocate buffers for plain-text, cipher-text, authTag and AAD.
* TSIP requests those buffers 32bit aligned.
*/
delta = sz % AES_BLOCK_SIZE;
@ -355,16 +357,18 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
}
}
else if (info->aes256_installedkey_set == 1 || info->aes128_installedkey_set == 1) {
if(aes->ctx.keySize == 32) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes256,
sizeof(sce_aes_wrapped_key_t));
} else {
}
else {
XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes128,
sizeof(sce_aes_wrapped_key_t));
}
iv_l = iv;
ivSz_l = ivSz;
} else {
}
else {
WOLFSSL_MSG("AES key for SCE is not set.");
ret = -1;
}
@ -441,7 +445,7 @@ WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out,
* on the device. iv is dummy */
iv = (uint8_t*)aes->reg;
if((ret = wc_sce_hw_lock()) != 0){
if ((ret = wc_sce_hw_lock()) != 0) {
WOLFSSL_MSG("Failed to lock");
return ret;
}
@ -508,7 +512,7 @@ WOLFSSL_LOCAL int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* i
iv = (uint8_t*)aes->reg;
if((ret = wc_sce_hw_lock()) != 0){
if ((ret = wc_sce_hw_lock()) != 0) {
WOLFSSL_MSG("Failed to lock");
return ret;
}

44
wolfcrypt/src/port/Renesas/renesas_sce_util.c
View File

@ -82,11 +82,11 @@ WOLFSSL_LOCAL int wc_sce_hw_lock()
{
int ret = 0;
if(sce_CryptHwMutexInit_ == 0){
if (sce_CryptHwMutexInit_ == 0) {
ret = sce_CryptHwMutexInit(&sce_mutex);
if(ret == 0) {
if (ret == 0) {
sce_CryptHwMutexInit_ = 1;
}
else {
@ -94,7 +94,7 @@ WOLFSSL_LOCAL int wc_sce_hw_lock()
return -1;
}
}
if(sce_CryptHwMutexLock(&sce_mutex) != 0) {
if (sce_CryptHwMutexLock(&sce_mutex) != 0) {
/* this should not happens */
return -1;
}
@ -105,7 +105,7 @@ WOLFSSL_LOCAL int wc_sce_hw_lock()
/*
* release hw engine
*/
WOLFSSL_LOCAL void wc_sce_hw_unlock( void )
WOLFSSL_LOCAL void wc_sce_hw_unlock(void)
{
sce_CryptHwMutexUnLock(&sce_mutex);
}
@ -119,10 +119,10 @@ WOLFSSL_LOCAL int wc_sce_Open()
ret = R_SCE_Open(&sce_ctrl, &sce_cfg);
if ( ret != FSP_SUCCESS ) {
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("RENESAS SCE Open failed");
}
if ( ret == FSP_SUCCESS && g_user_key_info.encrypted_user_tls_key ) {
if (ret == FSP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
ret = R_SCE_TLS_RootCertificateRSA2048PublicKeyInstall(
g_user_key_info.encrypted_provisioning_key,
@ -159,7 +159,7 @@ WOLFSSL_LOCAL void wc_sce_Close()
/* unlock hw */
wc_sce_hw_unlock();
if( ret != FSP_SUCCESS ) {
if (ret != FSP_SUCCESS) {
WOLFSSL_MSG("RENESAS SCE Close failed");
}
}
@ -190,7 +190,7 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
/* export public peer public key */
ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen);
WOLFSSL_PKMSG("qxLen %d qyLen %d\n", qxLen, qyLen);
if (ret != 0){
if (ret != 0) {
WOLFSSL_MSG("failed to export peer ecc key");
return ret;
}
@ -280,7 +280,7 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
}
if ((sigforSCE = (uint8_t*)XMALLOC(HW_SCE_ECDSA_DATA_BYTE_SIZE, NULL,
DYNAMIC_TYPE_TEMP)) == NULL){
DYNAMIC_TYPE_TEMP)) == NULL) {
WOLFSSL_MSG("failed to malloc memory");
return MEMORY_E;
}
@ -388,7 +388,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
return ret;
}
#endif
/* Return tls cipher suite enumuration that is supported by SCE library */
/* Return tls cipher suite enumeration that is supported by SCE library */
static uint32_t GetSceCipherSuite(
uint8_t cipherSuiteFirst,
uint8_t cipherSuite)
@ -396,9 +396,9 @@ static uint32_t GetSceCipherSuite(
WOLFSSL_ENTER("GetSceCipherSuite");
uint32_t sceCipher;
if(cipherSuiteFirst == CIPHER_BYTE )
if (cipherSuiteFirst == CIPHER_BYTE)
{
switch(cipherSuite){
switch(cipherSuite) {
case TLS_RSA_WITH_AES_128_CBC_SHA256:
sceCipher = SCE_TLS_RSA_WITH_AES_128_CBC_SHA256;
break;
@ -411,14 +411,14 @@ static uint32_t GetSceCipherSuite(
sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE;
break;
}
WOLFSSL_MSG( "<< GetSceCipherSuite");
WOLFSSL_MSG("<< GetSceCipherSuite");
return sceCipher;
}
else if( cipherSuiteFirst == ECC_BYTE )
else if (cipherSuiteFirst == ECC_BYTE)
{
sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE;
/* comment out until implementation completes */
switch(cipherSuite){
switch(cipherSuite) {
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
sceCipher = SCE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
@ -445,7 +445,7 @@ static uint32_t GetSceCipherSuite(
sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE;
}
WOLFSSL_MSG( "<< GetSceCipherSuite" );
WOLFSSL_MSG("<< GetSceCipherSuite");
return sceCipher;
}
@ -792,7 +792,7 @@ WOLFSSL_LOCAL int wc_sce_generateMasterSecret(
return BAD_FUNC_ARG;
uint32_t sceCS = GetSceCipherSuite(cipherSuiteFirst, cipherSuite);
if( sceCS == 0xffffffff)
if (sceCS == 0xffffffff)
return BAD_FUNC_ARG;
if ((ret = wc_sce_hw_lock()) == 0) {
@ -922,7 +922,7 @@ WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
SCE_TLS_PUBLIC_KEY_TYPE_ECDSA_P256/*ECDSA*/) {
if ((sigforSCE = (uint8_t*)XMALLOC(HW_SCE_ECDSA_DATA_BYTE_SIZE, NULL,
DYNAMIC_TYPE_TEMP)) == NULL){
DYNAMIC_TYPE_TEMP)) == NULL) {
WOLFSSL_MSG("failed to malloc memory");
return MEMORY_E;
}
@ -1063,7 +1063,7 @@ WOLFSSL_LOCAL int wc_sce_storeKeyCtx(struct WOLFSSL* ssl, User_SCEPKCbInfo* info
/* signature format expects RSA 2048 PSS with SHA256 */
WOLFSSL_API void wc_sce_inform_cert_sign(const uint8_t *sign)
{
if(sign)
if (sign)
ca_cert_sig = sign;
}
@ -1079,13 +1079,13 @@ WOLFSSL_API void wc_sce_inform_user_keys(
g_user_key_info.iv = NULL;
g_user_key_info.encrypted_user_tls_key = NULL;
if ( encrypted_provisioning_key ) {
if (encrypted_provisioning_key ) {
g_user_key_info.encrypted_provisioning_key = encrypted_provisioning_key;
}
if ( iv ) {
if (iv) {
g_user_key_info.iv = iv;
}
if ( encrypted_user_tls_key ) {
if (encrypted_user_tls_key) {
g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key;
}

11
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@ -72,7 +72,7 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
* on the device. iv is dummy */
iv = (uint8_t*)aes->reg;
if((ret = tsip_hw_lock()) != 0){
if ((ret = tsip_hw_lock()) != 0) {
WOLFSSL_MSG("Failed to lock");
return ret;
}
@ -89,7 +89,6 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
}
while (ret == TSIP_SUCCESS && blocks--) {
if (aes->ctx.keySize == 16)
ret = R_TSIP_Aes128CbcEncryptUpdate(&_handle, (uint8_t*)in,
(uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
@ -131,7 +130,7 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
iv = (uint8_t*)aes->reg;
if((ret = tsip_hw_lock()) != 0){
if ((ret = tsip_hw_lock()) != 0) {
WOLFSSL_MSG("Failed to lock");
return ret;
}
@ -186,7 +185,7 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
* - iv: iv should be consist of implicit-iv of 4 bytes and exp-iv of 8 bytes
* - authTag: buffer where the authentication data is output.
* - authTagSz: buffer size for authentication data.
* - authIn: buffer holding Additionnal Authentication Data(AAD)
* - authIn: buffer holding Additional Authentication Data(AAD)
* - authInSz: AAD size
* - ctx: TsipUserCtx
* return 0 on success, otherwise on error.
@ -266,7 +265,7 @@ int wc_tsip_AesGcmEncrypt(
if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL ||
aadBuf == NULL ) {
WOLFSSL_MSG("wc_tsip_AesGcmEncrypt: buffer allocation faild");
WOLFSSL_MSG("wc_tsip_AesGcmEncrypt: buffer allocation failed");
ret = -1;
}
@ -365,7 +364,7 @@ int wc_tsip_AesGcmEncrypt(
* - iv: iv should be consist of implicit-iv of 4 bytes and exp-iv of 8 bytes
* - authTag: buffer where the authentication data is stored.
* - authTagSz: buffer size for authentication data.
* - authIn: buffer where Additionnal Authentication Data(AAD) is stored
* - authIn: buffer where Additional Authentication Data(AAD) is stored
* - authInSz: AAD size
* return 0 on success, otherwise on error.
* Note: As of TSIPv1.13, only accept 128 and 256 bit of key size

103
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@ -89,9 +89,9 @@ static uint32_t GetTsipCipherSuite(
WOLFSSL_ENTER("GetTsipCipherSuite");
uint32_t tsipCipher;
if(cipherSuiteFirst == CIPHER_BYTE )
if (cipherSuiteFirst == CIPHER_BYTE)
{
switch(cipherSuite){
switch(cipherSuite) {
case TLS_RSA_WITH_AES_128_CBC_SHA: /*2F*/
tsipCipher = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA; /*0*/
@ -116,11 +116,11 @@ static uint32_t GetTsipCipherSuite(
WOLFSSL_LEAVE("GetTsipCipherSuite", tsipCipher);
return tsipCipher;
}
else if( cipherSuiteFirst == ECC_BYTE )
else if (cipherSuiteFirst == ECC_BYTE)
{
tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE;
switch(cipherSuite){
switch(cipherSuite) {
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
tsipCipher = R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
@ -143,7 +143,7 @@ static uint32_t GetTsipCipherSuite(
break;
}
}
else{
else {
tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE;
}
@ -181,7 +181,7 @@ static int tsip_ServerKeyExVerify(
/* export public peer public key */
ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen);
if (ret != 0){
if (ret != 0) {
WOLFSSL_MSG("failed to export peer ecc key");
WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret);
return ret;
@ -419,7 +419,7 @@ WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx)
WOLFSSL_LEAVE("tsip_set_callback_ctx", 0);
return 0;
}
XMEMSET( uCtx, 0, sizeof(TsipUserCtx));
XMEMSET(uCtx, 0, sizeof(TsipUserCtx));
wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
wolfSSL_SetRsaEncCtx(ssl, user_ctx);
@ -440,7 +440,7 @@ WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx)
static byte _tls2tsipdef(byte cipher)
{
byte def = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA;
switch(cipher){
switch(cipher) {
case l_TLS_RSA_WITH_AES_128_CBC_SHA:
break;
case l_TLS_RSA_WITH_AES_128_CBC_SHA256:
@ -461,7 +461,7 @@ static byte _tls2tsipdef(byte cipher)
* lock hw engine.
* this should be called before using engine.
*/
WOLFSSL_LOCAL int tsip_hw_lock()
WOLFSSL_LOCAL int tsip_hw_lock(void)
{
int ret = 0;
@ -488,7 +488,7 @@ WOLFSSL_LOCAL int tsip_hw_lock()
/*
* release hw engine
*/
WOLFSSL_LOCAL void tsip_hw_unlock( void )
WOLFSSL_LOCAL void tsip_hw_unlock(void)
{
tsip_CryptHwMutexUnLock(&tsip_mutex);
}
@ -508,7 +508,7 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated)
/* sanity check */
if (ssl == NULL) {
WOLFSSL_MSG( "ssl is NULL");
WOLFSSL_MSG("ssl is NULL");
ret = BAD_FUNC_ARG;
}
@ -516,7 +516,7 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated)
/* in the case, we cannot use TSIP. */
if (ret == WOLFSSL_SUCCESS) {
if (!ssl->peerSceTsipEncRsaKeyIndex) {
WOLFSSL_MSG( "ssl->peerSceTsipEncRsaKeyIndex is NULL");
WOLFSSL_MSG("ssl->peerSceTsipEncRsaKeyIndex is NULL");
ret = WOLFSSL_FAILURE;
}
}
@ -543,14 +543,14 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated)
if (ret == WOLFSSL_SUCCESS) {
if (ssl->options.haveEMS) {
WOLFSSL_MSG( "ssl->options.haveEMS");
WOLFSSL_MSG("ssl->options.haveEMS");
ret = WOLFSSL_FAILURE;
}
}
/* TSIP works only for TLS client */
if (ret == WOLFSSL_SUCCESS) {
if (side != WOLFSSL_CLIENT_END) {
WOLFSSL_MSG( "Not client side");
WOLFSSL_MSG("Not client side");
ret = WOLFSSL_FAILURE;
}
}
@ -562,7 +562,7 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated)
cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA256 ||
cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA ||
cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA256)
# if (WOLFSSL_RENESAS_TSIP_VER >= TSIP109)
#if (WOLFSSL_RENESAS_TSIP_VER >= TSIP109)
||
cipher0 == ECC_BYTE &&
(cipher == l_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ||
@ -588,7 +588,7 @@ int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated)
/* open TSIP driver
* return 0 on success.
*/
WOLFSSL_LOCAL int tsip_Open()
WOLFSSL_LOCAL int tsip_Open(void)
{
int ret = TSIP_SUCCESS;
@ -599,7 +599,7 @@ WOLFSSL_LOCAL int tsip_Open()
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=109)
ret = R_TSIP_Open(NULL,NULL);
if ( ret != TSIP_SUCCESS ) {
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("RENESAS TSIP Open failed");
}
@ -613,9 +613,9 @@ WOLFSSL_LOCAL int tsip_Open()
R_TSIP_Close(); /* close once */
if (ret != TSIP_SUCCESS){
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_GenerataeTlsRsa: NG" );
WOLFSSL_MSG("R_TSIP_GenerateTlsRsa: NG");
}
else {
@ -653,7 +653,7 @@ WOLFSSL_LOCAL int tsip_Open()
}
else {
/* close once */
tsip_Close( );
tsip_Close();
/* open again with s_inst[] */
XMEMCPY(s_inst1,
g_user_key_info.user_rsa2048_tls_pubindex.value,
@ -678,12 +678,12 @@ WOLFSSL_LOCAL int tsip_Open()
else
WOLFSSL_MSG("Failed to lock tsip hw ");
WOLFSSL_LEAVE( "tsip_Open", ret);
WOLFSSL_LEAVE("tsip_Open", ret);
return ret;
}
/* close TSIP driver */
WOLFSSL_LOCAL void tsip_Close()
WOLFSSL_LOCAL void tsip_Close(void)
{
WOLFSSL_ENTER("tsip_Close");
int ret;
@ -701,7 +701,7 @@ WOLFSSL_LOCAL void tsip_Close()
}
}
else
WOLFSSL_MSG("Failed to unlock tsip hw ");
WOLFSSL_MSG("Failed to unlock tsip hw");
WOLFSSL_LEAVE("tsip_Close", 0);
}
@ -712,7 +712,7 @@ WOLFSSL_LOCAL void tsip_Close()
/* signature format expects RSA 2048 PSS with SHA256 */
void tsip_inform_cert_sign(const byte *sign)
{
if(sign)
if (sign)
ca_cert_sig = sign;
}
#if (WOLFSSL_RENESAS_TSIP_VER>=109)
@ -726,13 +726,13 @@ void tsip_inform_user_keys_ex(
g_user_key_info.encrypted_provisioning_key = NULL;
g_user_key_info.iv = NULL;
if ( encrypted_provisioning_key ) {
if (encrypted_provisioning_key) {
g_user_key_info.encrypted_provisioning_key = encrypted_provisioning_key;
}
if ( iv ) {
if (iv) {
g_user_key_info.iv = iv;
}
if ( encrypted_user_tls_key ) {
if (encrypted_user_tls_key) {
g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key;
}
@ -752,13 +752,13 @@ void tsip_inform_user_keys(
g_user_key_info.iv = NULL;
g_user_key_info.encrypted_user_tls_key = NULL;
if ( encrypted_session_key ) {
if (encrypted_session_key) {
g_user_key_info.encrypted_session_key = encrypted_session_key;
}
if ( iv ) {
if (iv) {
g_user_key_info.iv = iv;
}
if ( encrypted_user_tls_key ) {
if (encrypted_user_tls_key) {
g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key;
}
}
@ -775,14 +775,14 @@ int wc_tsip_Sha1HmacGenerate(
word32 sz,
byte* digest)
{
WOLFSSL_ENTER("wc_tsip_Sha1HmacGenerate()");
WOLFSSL_ENTER("wc_tsip_Sha1HmacGenerate");
tsip_hmac_sha_handle_t _handle;
tsip_hmac_sha_key_index_t key_index;
int ret;
if ((ssl == NULL) || (myInner == NULL) || (in == NULL) ||
(digest == NULL)){
(digest == NULL)) {
WOLFSSL_LEAVE("wc_tsip_Sha1HmacGenerate", BAD_FUNC_ARG);
return BAD_FUNC_ARG;
}
@ -912,7 +912,7 @@ int wc_tsip_ShaXHmacVerify(
byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
int ret;
if ((ssl == NULL) || (message == NULL)){
if ((ssl == NULL) || (message == NULL)) {
WOLFSSL_LEAVE("tsip_ShaXHmacVerify", BAD_FUNC_ARG);
return BAD_FUNC_ARG;
}
@ -1016,7 +1016,7 @@ int wc_tsip_generateSessionKey(
tsip_aes_key_index_t key_client_aes;
tsip_aes_key_index_t key_server_aes;
WOLFSSL_ENTER("wc_tsip_generateSessionKey()");
WOLFSSL_ENTER("wc_tsip_generateSessionKey");
if (ssl== NULL)
return BAD_FUNC_ARG;
@ -1034,7 +1034,7 @@ int wc_tsip_generateSessionKey(
/* Do not release ssl-> arrays to reference the master secret and
* randoms, as the AES GCM session key will be generated in
* encryption or decription timing.
* encryption or description timing.
*/
wolfSSL_KeepArrays(ssl);
ret = TSIP_SUCCESS;
@ -1119,7 +1119,7 @@ int wc_tsip_generateSessionKey(
ssl->keys.tsip_server_write_MAC_secret = key_server_mac;
/* set up key size and marked ready */
if (enc){
if (enc) {
enc->aes->ctx.keySize = ssl->specs.key_size;
enc->aes->ctx.setup = 1;
/* ready for use */
@ -1177,7 +1177,7 @@ int wc_tsip_generateMasterSecretEx(
(ms == NULL))
return BAD_FUNC_ARG;
uint32_t tsipCS = GetTsipCipherSuite(cipherSuiteFirst,cipherSuite );
uint32_t tsipCS = GetTsipCipherSuite(cipherSuiteFirst,cipherSuite);
if (tsipCS == 0xffffffff)
return BAD_FUNC_ARG;
@ -1262,7 +1262,7 @@ int wc_tsip_storeKeyCtx(struct WOLFSSL* ssl, TsipUserCtx* userCtx)
}
/* generate pre-Master secrete by TSIP */
int wc_tsip_generatePremasterSecret(byte *premaster, word32 preSz )
int wc_tsip_generatePremasterSecret(byte *premaster, word32 preSz)
{
WOLFSSL_ENTER("tsip_generatePremasterSecret");
int ret;
@ -1273,7 +1273,7 @@ int wc_tsip_generatePremasterSecret(byte *premaster, word32 preSz )
if ((ret = tsip_hw_lock()) == 0 && preSz >=
(R_TSIP_TLS_MASTER_SECRET_WORD_SIZE*4)) {
/* generate pre-master, 80 bytes */
ret = R_TSIP_TlsGeneratePreMasterSecret( (uint32_t*)premaster );
ret = R_TSIP_TlsGeneratePreMasterSecret((uint32_t*)premaster);
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG(" R_TSIP_TlsGeneratePreMasterSecret failed");
}
@ -1448,7 +1448,7 @@ int wc_tsip_tls_CertVerify(
#endif
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification() failed");
WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification failed");
}
if (sigforSCE) {
XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC);
@ -1485,7 +1485,6 @@ int wc_tsip_tls_RootCertVerify(
if ((ret = tsip_hw_lock()) == 0) {
#if (WOLFSSL_RENESAS_TSIP_VER>=109)
ret = R_TSIP_TlsRootCertificateVerification(
g_user_key_info.encrypted_user_tls_key_type,
(uint8_t*)cert, /* CA cert */
@ -1494,11 +1493,10 @@ int wc_tsip_tls_RootCertVerify(
(key_n_start + key_n_len),
key_e_start,
(key_e_start + key_e_len),
(uint8_t*)ca_cert_sig, /* "RSA 2048 PSS with SHA256" */
g_encrypted_publicCA_key); /* RSA-2048 public key 560 bytes */
(uint8_t*)ca_cert_sig, /* RSA 2048 PSS with SHA256 */
g_encrypted_publicCA_key /* RSA-2048 public key 560 bytes */
);
#else /* WOLFSSL_RENESAS_TSIP_VER < 109 */
ret = R_TSIP_TlsRootCertificateVerification(
(uint8_t*)cert,/* CA cert */
(uint32_t)cert_len,/* length of CA cert */
@ -1507,14 +1505,13 @@ int wc_tsip_tls_RootCertVerify(
key_e_start,
(key_e_start + key_e_len),
(uint8_t*)ca_cert_sig,/* "RSA 2048 PSS with SHA256" */
/* RSA-2048 public key used by
RSA-2048 PSS with SHA256. 560 Bytes*/
g_encrypted_publicCA_key );
/* RSA-2048 public key used by RSA-2048 PSS with SHA256. 560 Bytes */
g_encrypted_publicCA_key
);
#endif
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG(" R_TSIP_TlsRootCertificateVerification() failed");
WOLFSSL_MSG(" R_TSIP_TlsRootCertificateVerification failed");
}
else {
g_CAscm_Idx = cm_row;
@ -1554,9 +1551,9 @@ static void hexdump(const uint8_t* in, uint32_t len)
if (in == NULL)
return;
for (i = 0; i <= len;i++, in++){
for (i = 0; i <= len;i++, in++) {
printf("%02x:", *in);
if (((i+1)%16)==0){
if (((i+1)%16)==0) {
printf("\n");
}
}
@ -1565,7 +1562,7 @@ static void hexdump(const uint8_t* in, uint32_t len)
byte *ret2err(word32 ret)
{
switch(ret){
switch(ret) {
case TSIP_SUCCESS: return "success";
case TSIP_ERR_SELF_CHECK1: return "selfcheck1";
case TSIP_ERR_RESOURCE_CONFLICT: return "rsconflict";

2
wolfssl/internal.h
View File

@ -4576,7 +4576,7 @@ struct WOLFSSL {
#endif /* NO_RSA */
void* GenPreMasterCtx; /* Generate Premaster Callback Context */
void* GenMasterCtx; /* Generate Master Callback Context */
void* GenSessionKeyCtx; /* Generate Sesssion Key Callback Context */
void* GenSessionKeyCtx; /* Generate Session Key Callback Context */
void* EncryptKeysCtx; /* Set Encrypt keys Callback Context */
void* TlsFinishedCtx; /* Generate Tls Finished Callback Context */
void* VerifyMacCtx; /* Verify mac Callback Context */