wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5229 from miyazakh/sce_example_update

Browse Source
This commit is contained in:
Chris Conlon
2022-06-21 16:33:54 -06:00
committed by GitHub
parent b8cff49044 fe8169c830
commit bd536d3c9d
12 changed files with 1517 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
IDE/Renesas/e2studio/RA6M4/README.md
View File

@ -76,7 +76,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
|Common General Use Mutexes|Enabled| |Common General Use Mutexes|Enabled|
|Common General Enable Backward Compatibility|Enabled| |Common General Enable Backward Compatibility|Enabled|
|Common Memory Allocation Support Dynamic Allocation|Enabled| |Common Memory Allocation Support Dynamic Allocation|Enabled|
|Common Memory Allocation Total Heap Size|increase depending on your environment<br> e.g. 0x20000| |Common Memory Allocation Total Heap Size|increase depending on your environment<br> e.g. 0x20000, <br> e.g. 0x30000 when using multi thread example|
+ Add `Heap 4` stack to sce_tst_thread from `New Stack` -> `RTOS` -> `FreeRTOS Heap 4` + Add `Heap 4` stack to sce_tst_thread from `New Stack` -> `RTOS` -> `FreeRTOS Heap 4`
+ Add `FreeRTOS + TCP` stack to sce_tst_thread from `New Stack` -> `Networking` -> `FreeRTOS+TCP` and set properties + Add `FreeRTOS + TCP` stack to sce_tst_thread from `New Stack` -> `Networking` -> `FreeRTOS+TCP` and set properties
@ -158,6 +158,7 @@ static const byte ucIPAddress[4] = { 192, 168, 11, 241 };
$ autogen.sh $ autogen.sh
$ ./configure --enable-extended-master=no CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVE_AES_CBC" $ ./configure --enable-extended-master=no CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVE_AES_CBC"
``` ```
Run peer wolfSSL server Run peer wolfSSL server
RSA sign and verify use, launch server with the following option RSA sign and verify use, launch server with the following option
@ -165,41 +166,154 @@ RSA sign and verify use, launch server with the following option
$./examples/server/server -b -d -i $./examples/server/server -b -d -i
``` ```
You will see the following message on J-LinK RTT Viewer
```
cipher : AES128-SHA256
Received: I hear you fa shizzle!
cipher : AES256-SHA256
Received: I hear you fa shizzle!
cipher : ECDHE-RSA-AES128-SHA256
Received: I hear you fa shizzle!
cipher : ECDHE-RSA-AES128-GCM-SHA256
Received: I hear you fa shizzle!
```
ECDSA sign and verify use, launch server with the following option ECDSA sign and verify use, launch server with the following option
``` ```
$./examples/server/server -b -d -c -i ./certs/server-ecc.pem -k ./certs/ecc-key.pem $./examples/server/server -b -d -c -i ./certs/server-ecc.pem -k ./certs/ecc-key.pem
``` ```
You will see the following message on J-LinK RTT Viewer
```
cipher : ECDHE-ECDSA-AES128-SHA256
Received: I hear you fa shizzle!
cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Received: I hear you fa shizzle!
```
5.) Run the example Client 5.) Run the example Client
You will see the following message on J-LinK RTT Viewer when using RSA sign and verify.
```
Start Client Example,
Connecting to 192.168.11.xx
[wolfSSL_TLS_client_do(00)][00] Start to connect to the server.
[wolfSSL_TLS_client_do(00)][00] Cipher : NULL
[wolfSSL_TLS_client_do(00)][00] Received: I hear you fa shizzle!
[wolfSSL_TLS_client_do(01)][01] Start to connect to the server.
[wolfSSL_TLS_client_do(01)][01] Cipher : ECDHE-RSA-AES128-GCM-SHA256
[wolfSSL_TLS_client_do(01)][01] Received: I hear you fa shizzle!
[wolfSSL_TLS_client_do(02)][02] Start to connect to the server.
[wolfSSL_TLS_client_do(02)][02] Cipher : ECDHE-RSA-AES256-SHA
[wolfSSL_TLS_client_do(02)][02] Received: I hear you fa shizzle!
[wolfSSL_TLS_client_do(03)][03] Start to connect to the server.
[wolfSSL_TLS_client_do(03)][03] Cipher : ECDHE-RSA-AES128-SHA256
[wolfSSL_TLS_client_do(03)][03] Received: I hear you fa shizzle!
[wolfSSL_TLS_client_do(04)][04] Start to connect to the server.
[wolfSSL_TLS_client_do(04)][04] Cipher : AES128-SHA256
[wolfSSL_TLS_client_do(04)][04] Received: I hear you fa shizzle!
End of Client Example
```
You will see the following message on J-LinK RTT Viewer when using ECDSA sign and verify.
```
Start Client Example,
Connecting to 192.168.11.xx
[wolfSSL_TLS_client_do(00)][00] Start to connect to the server.
[wolfSSL_TLS_client_do(00)][00] Cipher : NULL
[wolfSSL_TLS_client_do(00)][00] Received: I hear you fa shizzle!
[wolfSSL_TLS_client_do(01)][01] Start to connect to the server.
[wolfSSL_TLS_client_do(01)][01] Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
[wolfSSL_TLS_client_do(01)][01] Received: I hear you fa shizzle!
[wolfSSL_TLS_client_do(02)][02] Start to connect to the server.
[wolfSSL_TLS_client_do(02)][02] Cipher : ECDHE-ECDSA-AES256-SHA
[wolfSSL_TLS_client_do(02)][02] Received: I hear you fa shizzle!
[wolfSSL_TLS_client_do(03)][03] Start to connect to the server.
[wolfSSL_TLS_client_do(03)][03] Cipher : ECDHE-ECDSA-AES128-SHA256
[wolfSSL_TLS_client_do(03)][03] Received: I hear you fa shizzle!
End of Client Exampl
```
**Note**\ **Note**\
To run "RSA verify" client, enable "#define USE_CERT_BUFFERS_2048" in wolfssl_demo.h\ To run "RSA verify" client, enable "#define USE_CERT_BUFFERS_2048" in wolfssl_demo.h\
To run "ECDSA verify" client, enable "#define USE_CERT_BUFFERS_256" in wolfssl_demo.h To run "ECDSA verify" client, enable "#define USE_CERT_BUFFERS_256" in wolfssl_demo.h
### Run Multi Client Session example
1.) Enable TLS_CLIENT and TLS_MULTITHREAD_TEST definition in wolfssl_demo.h of test_RA6M4 projet
2.) Follow [Run Client](#run-client) instruction
3.) Prepare peer wolfssl server
RSA sign and verify use, launch server with the following option
```
$./examples/server/server -b -d -i -p 11111
Open another terminal and launch another server example
$./examples/server/server -b -d -i -p 11112
```
ECDSA sign and verify use, launch server with the following option
```
$./examples/server/server -b -d -c -i ./certs/server-ecc.pem -k ./certs/ecc-key.pem -p 11111
Open another terminal and launch another server example
$./examples/server/server -b -d -c -i ./certs/server-ecc.pem -k ./certs/ecc-key.pem -p 11112
```
4.) Run Multi Client Session Example
You will see similar following message on J-LinK RTT Viewer when using ECDSA sign and verify.
```
Start Client Example,
Connecting to 192.168.11.xx
clt_thd_taskA connecting to 11111 port
clt_thd_taskB connecting to 11112 port
[clt_thd_taskA][00] Ready to connect.
[clt_thd_taskA][00] Start to connect to the server.
[clt_thd_taskA][00] Cipher : ECDHE-RSA-AES128-GCM-SHA256
[clt_thd_taskB][00] Ready to connect.
[clt_thd_taskB][00] Start to connect to the server.
[clt_thd_taskB][00] Cipher : ECDHE-RSA-AES128-SHA256
[clt_thd_taskB][00] Received: I hear you fa shizzle!
[clt_thd_taskA][00] Received: I hear you fa shizzle!
clt_thd_taskA connecting to 11111 port
clt_thd_taskB connecting to 11112 port
[clt_thd_taskA][00] Ready to connect.
[clt_thd_taskA][00] Start to connect to the server.
[clt_thd_taskA][00] Cipher : AES128-SHA256
[clt_thd_taskB][00] Ready to connect.
[clt_thd_taskB][00] Start to connect to the server.
[clt_thd_taskB][00] Cipher : AES256-SHA256
[clt_thd_taskA][00] Received: I hear you fa shizzle!
[clt_thd_taskB][00] Received: I hear you fa shizzle!
End of Client Example
```
You will see similar following message on J-LinK RTT Viewer when using ECDSA sign and verify.
```
Start Client Example,
Connecting to 192.168.11.xx
clt_thd_taskA connecting to 11111 port
clt_thd_taskB connecting to 11112 port
[clt_thd_taskA][00] Ready to connect.
[clt_thd_taskA][00] Start to connect to the server.
[clt_thd_taskA][00] Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
[clt_thd_taskB][00] Ready to connect.
[clt_thd_taskB][00] Start to connect to the server.
[clt_thd_taskB][00] Cipher : ECDHE-ECDSA-AES128-SHA256
[clt_thd_taskB][00] Received: I hear you fa shizzle!
[clt_thd_taskA][00] Received: I hear you fa shizzle!
End of Client Example
```
**Note**\
Multi Client session use case is only able to run threads that all use either SCE cipher suite or SW cipher suite.
The example program runs two threads that use SCE cipher suite.
## Run Crypt test and Benchmark ## Run Crypt test and Benchmark
1.) Enable CRYPT_TEST and/or BENCHMARK definition in wolfssl_demo.h 1.) Enable CRYPT_TEST and/or BENCHMARK definition in wolfssl_demo.h

19
IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
View File

@ -41,20 +41,26 @@
/* Enable wolfcrypt test */ /* Enable wolfcrypt test */
/* can be enabled with benchmark test */ /* can be enabled with benchmark test */
/* #define CRYPT_TEST */ /*#define CRYPT_TEST*/
/* Enable benchmark */ /* Enable benchmark */
/* can be enabled with cyrpt test */ /* can be enabled with cyrpt test */
/* #define BENCHMARK */ /*#define BENCHMARK*/
/* Enable TLS client */ /* Enable TLS client */
/* cannot enable with CRYPT_TEST or BENCHMARK */ /* cannot enable with CRYPT_TEST or BENCHMARK */
#define TLS_CLIENT #define TLS_CLIENT
/* use multi-thread example */
/*#define TLS_MULTITHREAD_TEST*/
#if defined(TLS_MULTITHREAD_TEST)
#define THREAD_STACK_SIZE (5 * 1024)
#endif
/* Use RSA certificates */ /* Use RSA certificates */
#define USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048
/* Use ECC certificates */ /* Use ECC certificates */
/*#define USE_CERT_BUFFERS_256 */ /*#define USE_CERT_BUFFERS_256*/
#if defined(USE_CERT_BUFFERS_2048) && defined(USE_CERT_BUFFERS_256) #if defined(USE_CERT_BUFFERS_2048) && defined(USE_CERT_BUFFERS_256)
#error please set either macro USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_256 #error please set either macro USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_256
@ -68,6 +74,9 @@ typedef struct tagTestInfo
const char* cipher; const char* cipher;
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
wolfSSL_Logging_cb log_f; wolfSSL_Logging_cb log_f;
#if defined(TLS_MULTITHREAD_TEST)
SemaphoreHandle_t xBinarySemaphore;
#endif
} TestInfo; } TestInfo;
void sce_test(); void sce_test();
@ -77,6 +86,10 @@ void wolfSSL_TLS_client_do(void *pvParam);
void wolfSSL_TLS_cleanup(); void wolfSSL_TLS_cleanup();
extern WOLFSSL_CTX *client_ctx; extern WOLFSSL_CTX *client_ctx;
#ifdef TLS_MULTITHREAD_TEST
extern xSemaphoreHandle exit_semaph;
#endif
static void util_Cleanup(xSocket_t xSock, WOLFSSL_CTX *ctx, WOLFSSL *ssl) { static void util_Cleanup(xSocket_t xSock, WOLFSSL_CTX *ctx, WOLFSSL *ssl) {
printf("Cleaning up socket and wolfSSL objects.\n"); printf("Cleaning up socket and wolfSSL objects.\n");
if (xSock != NULL) if (xSock != NULL)

3
IDE/Renesas/e2studio/RA6M4/include.am
View File

@ -10,9 +10,10 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/.project
EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/test_RA6M4Debug.launch EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/test_RA6M4Debug.launch
EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/test_main.c EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c
EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/common/.gitignore EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/common/.gitignore
EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data.h EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data.h
EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/user_settings.h EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/user_settings.h

247
IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
View File

@ -27,9 +27,13 @@
#if defined(WOLFSSL_RENESAS_SCEPROTECT) #if defined(WOLFSSL_RENESAS_SCEPROTECT)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h> #include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
#if defined(TLS_MULTITHREAD_TEST)
User_SCEPKCbInfo guser_PKCbInfo_taskA;
User_SCEPKCbInfo guser_PKCbInfo_taskB;
#else
User_SCEPKCbInfo guser_PKCbInfo; User_SCEPKCbInfo guser_PKCbInfo;
#endif #endif
#endif
#include <wolfssl_demo.h> #include <wolfssl_demo.h>
#include "key_data.h" #include "key_data.h"
@ -41,6 +45,15 @@ void abort(void);
} }
#endif #endif
#if defined(SCE_CRYPT_UNIT_TEST)
int sce_crypt_test();
int sce_crypt_sha256_multitest();
int sce_crypt_AesCbc_multitest();
int sce_crypt_AesGcm_multitest();
int sce_crypt_Sha_AesCbcGcm_multitest();
void tskSha256_Test1(void *pvParam);
#endif
void R_BSP_WarmStart(bsp_warm_start_event_t event); void R_BSP_WarmStart(bsp_warm_start_event_t event);
/* the function is called just before main() to set up pins */ /* the function is called just before main() to set up pins */
@ -55,7 +68,7 @@ void R_BSP_WarmStart (bsp_warm_start_event_t event)
} }
} }
#if defined(TLS_CLIENT) || defined(TLS_SERVER) || defined(EXTRA_SCE_TSIP_TEST) #if defined(TLS_CLIENT)
extern const st_user_key_block_data_t g_key_block_data; extern const st_user_key_block_data_t g_key_block_data;
@ -66,7 +79,7 @@ static int SetScetlsKey()
{ {
#if defined(WOLFSSL_RENESAS_SCEPROTECT) #if defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(TLS_CLIENT) || defined(EXTRA_SCE_TSIP_TEST) #if defined(TLS_CLIENT)
#if defined(USE_CERT_BUFFERS_256) #if defined(USE_CERT_BUFFERS_256)
wc_sce_inform_cert_sign((const byte *)ca_ecc_cert_der_sign); wc_sce_inform_cert_sign((const byte *)ca_ecc_cert_der_sign);
@ -79,9 +92,6 @@ static int SetScetlsKey()
(byte*)&g_key_block_data.iv, (byte*)&g_key_block_data.iv,
(byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key, (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key,
encrypted_user_key_type); encrypted_user_key_type);
#if defined(WOLFSSL_RENESAS_SCEPROTECT_ECC)
guser_PKCbInfo.user_key_id = 0; /* not use user key id */
#endif
#elif defined(TLS_SERVER) #elif defined(TLS_SERVER)
@ -109,12 +119,57 @@ typedef struct func_args {
void wolfcrypt_test(func_args args); void wolfcrypt_test(func_args args);
int benchmark_test(void *args); int benchmark_test(void *args);
/* Entry function of SCE test */ #ifdef TLS_MULTITHREAD_TEST
static void my_Logging_cb(const int logLevel, const char *const logMessage)
{
(void)logLevel;
printf("custom-log: %s\n", logMessage);
}
#endif
void sce_test(void) void sce_test(void)
{ {
#if defined(CRYPT_TEST) || defined(BENCHMARK) #if defined(SCE_CRYPT_UNIT_TEST) && defined(WOLFSSL_RENESAS_SCEPROTECT)
#if defined(CRYPT_TEST) int ret = 0;
BaseType_t xRet;
if ((ret = wolfCrypt_Init()) != 0) {
printf("wolfCrypt_Init failed %d\n", ret);
}
printf("Start wolf sce crypt Test\n");
printf(" \n");
printf(" simple crypt test by using SCE\n");
sce_crypt_test();
printf(" \n");
printf(" multi sha thread test\n");
sce_crypt_sha256_multitest();
printf(" \n");
printf(" multi aes cbc thread test\n");
sce_crypt_AesCbc_multitest();
printf(" \n");
printf(" multi aes gcm thread test\n");
sce_crypt_AesGcm_multitest();
printf(" \n");
printf(" multi sha aescbc aesgcm thread test\n");
sce_crypt_Sha_AesCbcGcm_multitest();
printf(" \n");
printf("End wolf sce crypt Test\n");
if ((ret = wolfCrypt_Cleanup()) != 0) {
printf("wolfCrypt_Cleanup failed %d\n", ret);
}
#elif defined(CRYPT_TEST)
int ret; int ret;
func_args args = { 0 }; func_args args = { 0 };
@ -129,63 +184,87 @@ void sce_test(void)
if ((ret = wolfCrypt_Cleanup()) != 0) { if ((ret = wolfCrypt_Cleanup()) != 0) {
printf("wolfCrypt_Cleanup failed %d\n", ret); printf("wolfCrypt_Cleanup failed %d\n", ret);
} }
#endif
#if defined(BENCHMARK) #elif defined(BENCHMARK)
#include "hal_data.h" #include "hal_data.h"
#include "r_sce.h" #include "r_sce.h"
printf("Prepare Installed key\n"); printf("Prepare Installed key\n");
#if defined(WOLFSSL_RENESAS_SCEPROTECT) && defined(SCEKEY_INSTALLED)
/* aes 256 */ #if defined(WOLFSSL_RENESAS_SCEPROTECT) && defined(SCEKEY_INSTALLED)
memcpy(guser_PKCbInfo.sce_wrapped_key_aes256.value,
(uint32_t *)DIRECT_KEY_ADDRESS_256, HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4); /* aes 256 */
guser_PKCbInfo.sce_wrapped_key_aes256.type = SCE_KEY_INDEX_TYPE_AES256; memcpy(guser_PKCbInfo.sce_wrapped_key_aes256.value,
guser_PKCbInfo.aes256_installedkey_set = 1; (uint32_t *)DIRECT_KEY_ADDRESS_256,
/* aes 128 */ HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4);
memcpy(guser_PKCbInfo.sce_wrapped_key_aes128.value, guser_PKCbInfo.sce_wrapped_key_aes256.type = SCE_KEY_INDEX_TYPE_AES256;
(uint32_t *)DIRECT_KEY_ADDRESS_128, HW_SCE_AES128_KEY_INDEX_WORD_SIZE*4); guser_PKCbInfo.aes256_installedkey_set = 1;
/* aes 128 */
memcpy(guser_PKCbInfo.sce_wrapped_key_aes128.value,
(uint32_t *)DIRECT_KEY_ADDRESS_128,
HW_SCE_AES128_KEY_INDEX_WORD_SIZE*4);
guser_PKCbInfo.sce_wrapped_key_aes128.type = SCE_KEY_INDEX_TYPE_AES128; guser_PKCbInfo.sce_wrapped_key_aes128.type = SCE_KEY_INDEX_TYPE_AES128;
guser_PKCbInfo.aes128_installedkey_set = 1; guser_PKCbInfo.aes128_installedkey_set = 1;
#endif
#endif
printf("Start wolfCrypt Benchmark\n"); printf("Start wolfCrypt Benchmark\n");
benchmark_test(NULL); benchmark_test(NULL);
printf("End wolfCrypt Benchmark\n"); printf("End wolfCrypt Benchmark\n");
#endif
#elif defined(TLS_CLIENT) #elif defined(TLS_CLIENT)
#include "hal_data.h" #include "hal_data.h"
#include "r_sce.h" #include "r_sce.h"
#if defined(USE_CERT_BUFFERS_256) #if defined(USE_CERT_BUFFERS_256)
const char* cipherlist[] = { #if !defined(TLS_MULTITHREAD_TEST)
NULL, /* not specify cipher suite */ const char* cipherlist[] = {
#if defined(WOLFSSL_TLS13) NULL,
NULL, NULL, NULL, "ECDHE-ECDSA-AES128-GCM-SHA256",
#else "ECDHE-ECDSA-AES256-SHA", /* sw only */
"ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES128-SHA256"
"ECDHE-ECDSA-AES256-SHA", /* SW only */ };
"ECDHE-ECDSA-AES128-SHA256", const int cipherlist_sz = 3;
#endif TestInfo info[cipherlist_sz];
}; #else
const int cipherlist_sz = 4; const char* cipherlist[] = {
TestInfo info[cipherlist_sz]; "ECDHE-ECDSA-AES128-GCM-SHA256",
#else "ECDHE-ECDSA-AES128-SHA256"
const char* cipherlist[] = { };
NULL, /* not specify cipher suite */ const int cipherlist_sz = 2;
#if defined(WOLFSSL_TLS13) TestInfo info[cipherlist_sz];
NULL, NULL, NULL, NULL, NULL, #endif
#else #else
"ECDHE-RSA-AES128-GCM-SHA256", #if !defined(TLS_MULTITHREAD_TEST)
"ECDHE-RSA-AES256-SHA", /* SW only */ const char* cipherlist[] = {
"ECDHE-RSA-AES128-SHA256", NULL,
"AES128-SHA256", "ECDHE-RSA-AES128-GCM-SHA256",
"AES256-SHA256", "ECDHE-RSA-AES256-SHA", /* sw only */
#endif "ECDHE-RSA-AES128-SHA256",
}; "AES128-SHA256",
const int cipherlist_sz = 6; "AES256-SHA256",
TestInfo info[cipherlist_sz]; };
#endif const int cipherlist_sz = 6;
TestInfo info[cipherlist_sz];
#else
const char* cipherlist[] = {
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-SHA256",
"AES128-SHA256",
"AES256-SHA256",
};
const int cipherlist_sz = 4;
TestInfo info[cipherlist_sz];
#endif
#endif
#ifdef TLS_MULTITHREAD_TEST
BaseType_t xReturned;
BaseType_t xHigherPriorityTaskWoken;
xHigherPriorityTaskWoken = pdFALSE;
int j = 0;
#endif
int i = 0; int i = 0;
printf("\n Start Client Example, "); printf("\n Start Client Example, ");
@ -195,23 +274,73 @@ void sce_test(void)
TCPInit(); TCPInit();
#ifdef TLS_MULTITHREAD_TEST
wolfSSL_TLS_client_init();
exit_semaph = xSemaphoreCreateCounting(cipherlist_sz, 0);
do {
for(j = i; j < (i+2); j++) {
info[j].port = DEFAULT_PORT + (j%2);
info[j].cipher = cipherlist[j];
info[j].ctx = client_ctx;
info[j].xBinarySemaphore = xSemaphoreCreateBinary();
info[j].log_f = my_Logging_cb;
memset(info[j].name, 0, sizeof(info[j].name));
sprintf(info[j].name, "clt_thd_%s", ((j%2) == 0) ?
"taskA" : "taskB");
printf(" %s connecting to %d port\n", info[j].name, info[j].port);
xReturned = xTaskCreate(wolfSSL_TLS_client_do, info[j].name,
THREAD_STACK_SIZE, &info[j], 2, NULL);
if (xReturned != pdPASS) {
printf("Failed to create task\n");
}
}
for(j = i; j < (i+2); j++) {
xSemaphoreGiveFromISR(info[j].xBinarySemaphore,
&xHigherPriorityTaskWoken);
}
/* check if all tasks are completed */
for(j = i; j < (i+2); j++) {
if(!xSemaphoreTake(exit_semaph, portMAX_DELAY)) {
printf("exit semaphore not released by test task");
}
}
i+=2;
} while (i < cipherlist_sz);
vSemaphoreDelete(exit_semaph);
#else
wolfSSL_TLS_client_init(); wolfSSL_TLS_client_init();
do { do {
info[i].port = DEFAULT_PORT; info[i].port = DEFAULT_PORT;
info[i].cipher = cipherlist[i]; info[i].cipher = cipherlist[i];
info[i].ctx = client_ctx; info[i].ctx = client_ctx;
info[i].id = i; info[i].id = i;
memset(info[i].name, 0, sizeof(info[i].name)); memset(info[i].name, 0, sizeof(info[i].name));
sprintf(info[i].name, "wolfSSL_TLS_client_do(%02d)", i); sprintf(info[i].name, "wolfSSL_TLS_client_do(%02d)", i);
wolfSSL_TLS_client_do(&info[i]); wolfSSL_TLS_client_do(&info[i]);
i++; i++;
} while (i < cipherlist_sz); } while (i < cipherlist_sz);
#endif /* SCE_MULTITHREAD_TEST */
printf("\n End of Client Example"); printf("\n End of Client Example");
wolfSSL_TLS_cleanup(); wolfSSL_TLS_cleanup();

113
IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
View File

@ -39,7 +39,13 @@ static const byte ucDNSServerAddress[4] = { 192, 168, 11, 1 };
#define FR_SOCKET_SUCCESS 0 #define FR_SOCKET_SUCCESS 0
extern struct User_PKCbInfo guser_PKCbInfo; #ifdef TLS_MULTITHREAD_TEST
xSemaphoreHandle exit_semaph;
extern User_SCEPKCbInfo guser_PKCbInfo_taskA;
extern User_SCEPKCbInfo guser_PKCbInfo_taskB;
#else
extern User_SCEPKCbInfo guser_PKCbInfo;
#endif
int SEGGER_RTT_vprintf(unsigned BufferIndex, const char * sFormat, va_list * pParamList); int SEGGER_RTT_vprintf(unsigned BufferIndex, const char * sFormat, va_list * pParamList);
@ -76,7 +82,6 @@ void TCPInit( )
void wolfSSL_TLS_client_init() void wolfSSL_TLS_client_init()
{ {
#ifndef NO_FILESYSTEM #ifndef NO_FILESYSTEM
#ifdef USE_ECC_CERT #ifdef USE_ECC_CERT
char *cert = "./certs/ca-ecc-cert.pem"; char *cert = "./certs/ca-ecc-cert.pem";
@ -96,7 +101,8 @@ void wolfSSL_TLS_client_init()
wolfSSL_Init(); wolfSSL_Init();
/* Create and initialize WOLFSSL_CTX */ /* Create and initialize WOLFSSL_CTX */
if ((client_ctx = wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) { if ((client_ctx = wolfSSL_CTX_new(
wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n"); printf("ERROR: failed to create WOLFSSL_CTX\n");
return; return;
} }
@ -111,7 +117,8 @@ void wolfSSL_TLS_client_init()
return NULL; return NULL;
} }
#else #else
if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS){ if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT,
SSL_FILETYPE_ASN1) != SSL_SUCCESS){
printf("ERROR: can't load certificate data\n"); printf("ERROR: can't load certificate data\n");
return; return;
} }
@ -123,7 +130,9 @@ void wolfSSL_TLS_client_do(void *pvParam)
int ret; int ret;
int i = 0; int i = 0;
#if defined(TLS_MULTITHREAD_TEST)
BaseType_t xStatus;
#endif
TestInfo* p = (TestInfo*)pvParam; TestInfo* p = (TestInfo*)pvParam;
/* FreeRTOS+TCP Objects */ /* FreeRTOS+TCP Objects */
socklen_t xSize = sizeof(struct freertos_sockaddr); socklen_t xSize = sizeof(struct freertos_sockaddr);
@ -157,11 +166,21 @@ void wolfSSL_TLS_client_do(void *pvParam)
ret = FreeRTOS_connect(xClientSocket, ret = FreeRTOS_connect(xClientSocket,
&xRemoteAddress, &xRemoteAddress,
sizeof(xRemoteAddress)); sizeof(xRemoteAddress));
if (ret != FR_SOCKET_SUCCESS) { if (ret != FR_SOCKET_SUCCESS) {
msg(pcName, i, " Error [%d]: FreeRTOS_connect.\n", ret); msg(pcName, i, " Error [%d]: FreeRTOS_connect.\n", ret);
goto out; goto out;
} }
#if defined(TLS_MULTITHREAD_TEST)
msg(pcName, i, " Ready to connect.\n");
xStatus = xSemaphoreTake(p->xBinarySemaphore, portMAX_DELAY);
if (xStatus != pdTRUE) {
msg(pcName, i, " Error : Failed to xSemaphoreTake\n");
goto out;
}
#endif
msg(pcName, i, " Start to connect to the server.\n"); msg(pcName, i, " Start to connect to the server.\n");
if((ssl = wolfSSL_new(ctx)) == NULL) { if((ssl = wolfSSL_new(ctx)) == NULL) {
@ -169,44 +188,64 @@ void wolfSSL_TLS_client_do(void *pvParam)
goto out; goto out;
} }
#if defined(WOLFSSL_RENESAS_SCEPROTECT) #if defined(WOLFSSL_RENESAS_SCEPROTECT)
/* set callback ctx */
/* Set callback CTX */
#if !defined(TLS_MULTITHREAD_TEST)
memset(&guser_PKCbInfo, 0, sizeof(User_SCEPKCbInfo)); memset(&guser_PKCbInfo, 0, sizeof(User_SCEPKCbInfo));
guser_PKCbInfo.devId = 0;
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo); wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
#else
if (p->port - DEFAULT_PORT == 0) {
memset(&guser_PKCbInfo_taskA, 0, sizeof(User_SCEPKCbInfo));
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo_taskA);
}
else {
memset(&guser_PKCbInfo_taskB, 0, sizeof(User_SCEPKCbInfo));
wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo_taskB);
}
#endif
#endif #endif
/* Attach wolfSSL to the socket */ /* Attach wolfSSL to the socket */
ret = wolfSSL_set_fd(ssl, (int) xClientSocket); ret = wolfSSL_set_fd(ssl, (int) xClientSocket);
if (ret != WOLFSSL_SUCCESS) { if (ret != WOLFSSL_SUCCESS) {
msg(pcName, i, " Error [%d]: wolfSSL_set_fd.\n",ret); msg(pcName, i, " Error [%d]: wolfSSL_set_fd.\n",ret);
} }
if(p->cipher) msg(pcName, i, " Cipher : %s\n",
msg(pcName, i, " Cipher : %s\n", p->cipher); (p->cipher == NULL) ? "NULL" : p->cipher);
/* use specific cipher */ /* use specific cipher */
if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher) != WOLFSSL_SUCCESS) { if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher)
!= WOLFSSL_SUCCESS) {
msg(pcName, i, " client can't set cipher list 1"); msg(pcName, i, " client can't set cipher list 1");
goto out; goto out;
} }
#ifdef DEBUG_WOLFSSL #ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON(); wolfSSL_Debugging_ON();
if (p->log_f != NULL)
wolfSSL_SetLoggingCb(p->log_f);
#endif #endif
if(wolfSSL_connect(ssl) != SSL_SUCCESS) { if(wolfSSL_connect(ssl) != SSL_SUCCESS) {
msg(pcName, i, " ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0)); msg(pcName, i, " ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0));
goto out; goto out;
} }
#ifdef DEBUG_WOLFSSL #ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_OFF(); wolfSSL_Debugging_OFF();
#endif #endif
if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff)) != (int)strlen(sendBuff)) {
msg(pcName, i, " ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0)); if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff))
goto out; != (int)strlen(sendBuff)) {
msg(pcName, i, " ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
goto out;
} }
if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE)) < 0) { if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE)) < 0) {
msg(pcName, i, " ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0)); msg(pcName, i, " ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0));
goto out; goto out;
} }
rcvBuff[ret] = '\0' ; rcvBuff[ret] = '\0' ;
@ -214,18 +253,24 @@ void wolfSSL_TLS_client_do(void *pvParam)
out: out:
if (ssl) { if (ssl) {
wolfSSL_shutdown(ssl); wolfSSL_shutdown(ssl);
wolfSSL_free(ssl); wolfSSL_free(ssl);
ssl = NULL; ssl = NULL;
/* need to reset callback */ /* need to reset callback */
wc_sce_set_callbacks(client_ctx); wc_sce_set_callbacks(client_ctx);
} }
/* clean up socket */ /* clean up socket */
if (xClientSocket) { if (xClientSocket) {
FreeRTOS_shutdown(xClientSocket, FREERTOS_SHUT_RDWR); FreeRTOS_shutdown(xClientSocket, FREERTOS_SHUT_RDWR);
FreeRTOS_closesocket(xClientSocket); FreeRTOS_closesocket(xClientSocket);
xClientSocket = NULL; xClientSocket = NULL;
} }
#ifdef TLS_MULTITHREAD_TEST
xSemaphoreGive(exit_semaph);
vTaskDelete(NULL);
#endif
} }
void wolfSSL_TLS_cleanup() void wolfSSL_TLS_cleanup()
@ -233,5 +278,7 @@ void wolfSSL_TLS_cleanup()
if (client_ctx) { if (client_ctx) {
wolfSSL_CTX_free(client_ctx); wolfSSL_CTX_free(client_ctx);
} }
wolfSSL_Cleanup(); wolfSSL_Cleanup();
} }

1052
IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c Normal file
View File

File diff suppressed because it is too large Load Diff

3
IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c
View File

@ -96,9 +96,6 @@ int SetTsiptlsKey()
(byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key, (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key,
encrypted_user_key_type); encrypted_user_key_type);
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
guser_PKCbInfo.user_key_id = 0;
#endif
#elif defined(TLS_SERVER) #elif defined(TLS_SERVER)

1
IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
View File

@ -371,7 +371,6 @@ static void Tls_client_demo(void)
(byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key, (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key,
encrypted_user_key_type); encrypted_user_key_type);
guser_PKCbInfo.user_key_id = 0;
#endif /* WOLFSSL_RENESAS_TSIP_TLS && (WOLFSSL_RENESAS_TSIP_VER >=109) */ #endif /* WOLFSSL_RENESAS_TSIP_TLS && (WOLFSSL_RENESAS_TSIP_VER >=109) */

2
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
View File

@ -377,8 +377,6 @@ static void Tls_client_demo(void)
(byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key, (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key,
encrypted_user_key_type); encrypted_user_key_type);
guser_PKCbInfo.user_key_id = 0;
#endif /* WOLFSSL_RENESAS_TSIP_TLS && (WOLFSSL_RENESAS_TSIP_VER >=109) */ #endif /* WOLFSSL_RENESAS_TSIP_TLS && (WOLFSSL_RENESAS_TSIP_VER >=109) */
do { do {

47
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -37,8 +37,8 @@
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
uint32_t g_CAscm_Idx = (uint32_t)-1; /* index of CM table */ uint32_t g_CAscm_Idx = (uint32_t)-1; /* index of CM table */
static int devId = 7890; /* dev Id for Crypt Callback */ static int gdevId = 7890; /* initial dev Id for Crypt Callback */
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
@ -312,6 +312,8 @@ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated)
* ssl : a pointer to WOLFSSL object * ssl : a pointer to WOLFSSL object
* ctx : callback context * ctx : callback context
* return valid device Id on success, otherwise INVALID_DEVIID * return valid device Id on success, otherwise INVALID_DEVIID
* device Id starts from 7890, and increases + 1 its number
* when the method is successfully called.
*/ */
int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
{ {
@ -324,14 +326,28 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx; User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
#endif #endif
if (wc_CryptoCb_RegisterDevice(devId, Renesas_cmn_CryptoDevCb, cbInfo) < 0) { if (cbInfo == NULL || ssl == NULL) {
return INVALID_DEVID;
}
cbInfo->devId = gdevId++;
if (wc_CryptoCb_RegisterDevice(cbInfo->devId,
Renesas_cmn_CryptoDevCb, cbInfo) < 0) {
/* undo devId number */
gdevId--;
return INVALID_DEVID; return INVALID_DEVID;
} }
if (ssl) if (ssl)
wolfSSL_SetDevId(ssl, devId); wolfSSL_SetDevId(ssl, cbInfo->devId);
return devId; /* sanity check for overflow */
if (gdevId < 0) {
gdevId = 7890;
}
return cbInfo->devId;
} }
/* Renesas Security Library Common Method /* Renesas Security Library Common Method
@ -594,16 +610,19 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx) WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
{ {
int ret = -1; int ret = -1;
(void)ctx;
WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, devId); TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
#endif
(void)ctx;
WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, cbInfo->devId);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) #elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (Renesas_cmn_usable(ssl, 0)) { if (Renesas_cmn_usable(ssl, 0)) {
ret = wc_sce_generateSessionKey(ssl, ctx, devId); ret = wc_sce_generateSessionKey(ssl, ctx, cbInfo->devId);
} else } else
ret = PROTOCOLCB_UNAVAILABLE; ret = PROTOCOLCB_UNAVAILABLE;
#endif #endif
@ -901,8 +920,8 @@ WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest,
if (Renesas_cmn_usable(ssl, 1)) { if (Renesas_cmn_usable(ssl, 1)) {
if (ssl->specs.hash_size == WC_SHA256_DIGEST_SIZE) { if (ssl->specs.hash_size == WC_SHA256_DIGEST_SIZE) {
wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
ret = wc_sce_Sha256GenerateHmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ, ret = wc_sce_Sha256GenerateHmac(ssl, myInner,
in, sz, digest); WOLFSSL_TLS_HMAC_INNER_SZ, in, sz, digest);
} }
else else
ret = TSIP_MAC_DIGSZ_E; ret = TSIP_MAC_DIGSZ_E;

3
wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h
View File

@ -35,7 +35,8 @@ extern "C" {
#define MAX_SCE_CBINDEX 5 #define MAX_SCE_CBINDEX 5
typedef struct tagUser_SCEPKCbInfo { typedef struct tagUser_SCEPKCbInfo {
uint32_t user_key_id; /* unique number for each session */
int devId;
/* out from R_SCE_TLS_ServerKeyExchangeVerify */ /* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[SCE_TLS_ENCRYPTED_ECCPUBKEY_SZ]; uint32_t encrypted_ephemeral_ecdh_public_key[SCE_TLS_ENCRYPTED_ECCPUBKEY_SZ];

10
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -120,22 +120,22 @@ typedef wolfssl_TSIP_Hash wc_Sha;
* structure for ECDH key exchange * structure for ECDH key exchange
*/ */
typedef struct TsipUserCtx { typedef struct TsipUserCtx {
/* unique number for each session */
int devId;
uint32_t user_key_id; #if (WOLFSSL_RENESAS_TSIP_VER >=109)
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */ /* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ]; uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
/* ephemeral ECDH pubkey index /* ephemeral ECDH pubkey index
* got from R_TSIP_GenerateTlsP256EccKeyIndex. * got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key. * Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key.
*/ */
tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key; tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key;
/* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit) /* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit)
* got from R_TSIP_GenerateTlsP256EccKeyIndex. * got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Should be sent to peer(server) in Client Key Exchange msg. * Should be sent to peer(server) in Client Key Exchange msg.
*/ */
uint8_t ecc_ecdh_public_key[ECCP256_PUBKEY_SZ]; uint8_t ecc_ecdh_public_key[ECCP256_PUBKEY_SZ];
#endif /* WOLFSSL_RENESAS_TSIP_VER >=109 */ #endif /* WOLFSSL_RENESAS_TSIP_VER >=109 */