wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Addressed code review comments

Browse Source
This commit is contained in:
Hideki Miyazaki
2025-07-12 09:49:09 +09:00
parent c4a178f029
commit eb8a3afe38
7 changed files with 163 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/keys.c
View File

@@ -3559,7 +3559,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
cbInfo->side = side; cbInfo->side = side;
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) #elif defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
_ACCESSOR(cbInfo)->key_side = side; cbInfo->internal->key_side = side;
#endif #endif
ret = ssl->ctx->EncryptKeysCb(ssl, ctx); ret = ssl->ctx->EncryptKeysCb(ssl, ctx);
} }

17
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@@ -494,7 +494,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
if (gdevId < 0) { if (gdevId < 0) {
gdevId = INITIAL_DEVID; gdevId = INITIAL_DEVID;
} }
_ACCESSOR(cbInfo)->devId = gdevId++; cbInfo->internal->devId = gdevId++;
cmn_hw_unlock(); cmn_hw_unlock();
} }
else { else {
@@ -502,7 +502,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
return INVALID_DEVID; return INVALID_DEVID;
} }
if (wc_CryptoCb_RegisterDevice(_ACCESSOR(cbInfo)->devId, if (wc_CryptoCb_RegisterDevice(cbInfo->internal->devId,
Renesas_cmn_CryptoDevCb, cbInfo) < 0) { Renesas_cmn_CryptoDevCb, cbInfo) < 0) {
/* undo devId number */ /* undo devId number */
gdevId--; gdevId--;
@@ -513,12 +513,12 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) && \ !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) && \
!defined(HAVE_RENESAS_SYNC) !defined(HAVE_RENESAS_SYNC)
if (ssl) if (ssl)
wolfSSL_SetDevId(ssl, _ACCESSOR(cbInfo)->devId); wolfSSL_SetDevId(ssl, cbInfo->internal->devId);
#endif #endif
gCbCtx[_ACCESSOR(cbInfo)->devId - INITIAL_DEVID] = (void*)cbInfo; gCbCtx[cbInfo->internal->devId - INITIAL_DEVID] = (void*)cbInfo;
return _ACCESSOR(cbInfo)->devId; return cbInfo->internal->devId;
} }
/* Renesas Security Library Common Method /* Renesas Security Library Common Method
@@ -764,8 +764,8 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
if (_ACCESSOR(cbInfo)->session_key_set == 1) { if (cbInfo->internal->session_key_set == 1) {
switch(_ACCESSOR(cbInfo)->key_side) { switch(cbInfo->internal->key_side) {
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
@@ -820,7 +820,8 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
WOLFSSL_ENTER("Renesas_cmn_generateSessionKey"); WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
if (Renesas_cmn_usable(ssl, 0)) { if (Renesas_cmn_usable(ssl, 0)) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateSessionKey(ssl, cbInfo, _ACCESSOR(cbInfo)->devId); ret = wc_tsip_generateSessionKey(ssl, cbInfo,
cbInfo->internal->devId);
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId); ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId);
#endif #endif

33
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@@ -447,14 +447,15 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM if (info->cipher.type == WC_CIPHER_AES_GCM
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo != NULL && _ACCESSOR(cbInfo)->session_key_set == 1 && cbInfo != NULL &&
cbInfo->internal->session_key_set == 1
#endif #endif
) { ) {
/* prioritize TLS Session Key than User TSIP Aes Key */ /* prioritize TLS Session Key than User TSIP Aes Key */
/* TODO : identify if Aes API is called through */ /* TODO : identify if Aes API is called through */
/* while doing TLS handshake or Crypt API */ /* while doing TLS handshake or Crypt API */
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
if (_ACCESSOR(cbInfo)->session_key_set == 1) if (cbInfo->internal->session_key_set == 1)
ret = 0; ret = 0;
else else
#else #else
@@ -500,13 +501,13 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
if (info->cipher.type == WC_CIPHER_AES_CTR if (info->cipher.type == WC_CIPHER_AES_CTR
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo != NULL && _ACCESSOR(cbInfo)->session_key_set == 1 && cbInfo != NULL && cbInfo->internal->session_key_set == 1
#endif #endif
) { ) {
int remain = (int)(info->cipher.aesctr.sz % WC_AES_BLOCK_SIZE); int remain = (int)(info->cipher.aesctr.sz % WC_AES_BLOCK_SIZE);
if (remain == 0) { if (remain == 0) {
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
if (_ACCESSOR(cbInfo)->session_key_set == 1) if (cbInfo->internal->session_key_set == 1)
ret = 0; ret = 0;
else else
#else #else
@@ -530,11 +531,11 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
#ifdef HAVE_AES_CBC #ifdef HAVE_AES_CBC
if (info->cipher.type == WC_CIPHER_AES_CBC if (info->cipher.type == WC_CIPHER_AES_CBC
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo != NULL && _ACCESSOR(cbInfo)->session_key_set == 1 && cbInfo != NULL && cbInfo->internal->session_key_set == 1
#endif #endif
) { ) {
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
if (_ACCESSOR(cbInfo)->session_key_set == 1) if (cbInfo->internal->session_key_set == 1)
ret = 0; ret = 0;
else else
#else #else
@@ -873,15 +874,15 @@ int wc_tsip_AesGcmEncrypt(
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (ret == 0 && if (ret == 0 &&
_ACCESSOR(userCtx)->session_key_set == 1) { userCtx->internal->session_key_set == 1) {
/* generate AES-GCM session key. The key stored in /* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here. * Aes.ctx.tsip_keyIdx is not used here.
*/ */
err = R_TSIP_TlsGenerateSessionKey( err = R_TSIP_TlsGenerateSessionKey(
_ACCESSOR(userCtx)->tsip_cipher, userCtx->internal->tsip_cipher,
(uint32_t*)_ACCESSOR(userCtx)->tsip_masterSecret, (uint32_t*)userCtx->internal->tsip_masterSecret,
(uint8_t*) _ACCESSOR(userCtx)->tsip_clientRandom, (uint8_t*) userCtx->internal->tsip_clientRandom,
(uint8_t*) _ACCESSOR(userCtx)->tsip_serverRandom, (uint8_t*) userCtx->internal->tsip_serverRandom,
&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */ &iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
NULL, NULL,
NULL, NULL,
@@ -1072,15 +1073,15 @@ int wc_tsip_AesGcmDecrypt(
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (ret == 0 && if (ret == 0 &&
_ACCESSOR(userCtx)->session_key_set == 1) { userCtx->internal->session_key_set == 1) {
/* generate AES-GCM session key. The key stored in /* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here. * Aes.ctx.tsip_keyIdx is not used here.
*/ */
err = R_TSIP_TlsGenerateSessionKey( err = R_TSIP_TlsGenerateSessionKey(
_ACCESSOR(userCtx)->tsip_cipher, userCtx->internal->tsip_cipher,
(uint32_t*)_ACCESSOR(userCtx)->tsip_masterSecret, (uint32_t*)userCtx->internal->tsip_masterSecret,
(uint8_t*) _ACCESSOR(userCtx)->tsip_clientRandom, (uint8_t*) userCtx->internal->tsip_clientRandom,
(uint8_t*) _ACCESSOR(userCtx)->tsip_serverRandom, (uint8_t*) userCtx->internal->tsip_serverRandom,
(uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */ (uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
NULL, NULL,
NULL, NULL,

16
wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
View File

@@ -82,7 +82,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
if (tuc == NULL) { if (tuc == NULL) {
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
else if (!_ACCESSOR(tuc)->HandshakeClientTrafficKey_set) { else if (!tuc->internal->HandshakeClientTrafficKey_set) {
WOLFSSL_MSG("Client handshake traffic keys aren't created by TSIP"); WOLFSSL_MSG("Client handshake traffic keys aren't created by TSIP");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -97,8 +97,8 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
err = R_TSIP_Sha256HmacGenerateInit(&(_ACCESSOR(tuc)->hmacFinished13Handle), err = R_TSIP_Sha256HmacGenerateInit(&(tuc->internal->hmacFinished13Handle),
&(_ACCESSOR(tuc)->clientFinished13Idx)); &(tuc->internal->clientFinished13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed"); WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed");
@@ -108,7 +108,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
if (ret == 0) { if (ret == 0) {
err = R_TSIP_Sha256HmacGenerateUpdate( err = R_TSIP_Sha256HmacGenerateUpdate(
&(_ACCESSOR(tuc)->hmacFinished13Handle), &(tuc->internal->hmacFinished13Handle),
(uint8_t*)hash, (uint8_t*)hash,
WC_SHA256_DIGEST_SIZE); WC_SHA256_DIGEST_SIZE);
@@ -120,7 +120,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
if (ret == 0) { if (ret == 0) {
err = R_TSIP_Sha256HmacGenerateFinal( err = R_TSIP_Sha256HmacGenerateFinal(
&(_ACCESSOR(tuc)->hmacFinished13Handle), mac); &(tuc->internal->hmacFinished13Handle), mac);
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed"); WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed");
ret = WC_HW_E; ret = WC_HW_E;
@@ -185,7 +185,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
/* check if TSIP is used for this session */ /* check if TSIP is used for this session */
if (ret == 0) { if (ret == 0) {
if (!_ACCESSOR(tuc)->Dhe_key_set) { if (!tuc->internal->Dhe_key_set) {
WOLFSSL_MSG("DH key not set."); WOLFSSL_MSG("DH key not set.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -195,7 +195,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
if (ret == 0) { if (ret == 0) {
c24to32(&data[1], &messageSz); c24to32(&data[1], &messageSz);
bag = &(_ACCESSOR(tuc)->messageBag); bag = &(tuc->internal->messageBag);
if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES || if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES ||
bag->buffIdx + sz > MSGBAG_SIZE) { bag->buffIdx + sz > MSGBAG_SIZE) {
@@ -246,7 +246,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
if (tuc == NULL) { if (tuc == NULL) {
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
bag = &(_ACCESSOR(tuc)->messageBag); bag = &(tuc->internal->messageBag);
} }
if (ret == 0) { if (ret == 0) {

253
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@@ -138,7 +138,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl,
if (ret == 0){ if (ret == 0){
tuc = ssl->RenesasUserCtx; tuc = ssl->RenesasUserCtx;
_ACCESSOR(tuc)->wrappedPublicKey = (uint8_t*)keyBuf; tuc->internal->wrappedPublicKey = (uint8_t*)keyBuf;
tuc->wrappedKeyType = keyType; tuc->wrappedKeyType = keyType;
} }
@@ -168,12 +168,13 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
if (ret == 0){ if (ret == 0){
tuc = ssl->RenesasUserCtx; tuc = ssl->RenesasUserCtx;
_ACCESSOR(tuc)->wrappedPrivateKey = (uint8_t*)keyBuf; tuc->internal->wrappedPrivateKey = (uint8_t*)keyBuf;
tuc->wrappedKeyType = keyType; tuc->wrappedKeyType = keyType;
/* store keyType as Id since Id capacity is 32 bytes */ /* store keyType as Id since Id capacity is 32 bytes */
ret = wolfSSL_use_PrivateKey_Id(ssl, ret = wolfSSL_use_PrivateKey_Id(ssl,
(const unsigned char*)keyBuf, 32, _ACCESSOR(tuc)->devId); (const unsigned char*)keyBuf, 32,
tuc->internal->devId);
if (ret == WOLFSSL_SUCCESS) { if (ret == WOLFSSL_SUCCESS) {
ret = 0; ret = 0;
} }
@@ -206,7 +207,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
} }
if (ret == 0){ if (ret == 0){
_ACCESSOR(uc)->wrappedPublicKey = (uint8_t*)keyBuf; uc->internal->wrappedPublicKey = (uint8_t*)keyBuf;
uc->wrappedKeyType = keyType; uc->wrappedKeyType = keyType;
} }
@@ -232,7 +233,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
if (ret == 0){ if (ret == 0){
_ACCESSOR(uc)->wrappedPrivateKey = (uint8_t*)keyBuf; uc->internal->wrappedPrivateKey = (uint8_t*)keyBuf;
uc->wrappedKeyType = keyType; uc->wrappedKeyType = keyType;
} }
@@ -283,7 +284,7 @@ static void tsipFlushMessages(struct WOLFSSL* ssl)
return; return;
} }
bag = &(_ACCESSOR(tuc)->messageBag); bag = &(tuc->internal->messageBag);
ForceZero(bag, sizeof(MsgBag)); ForceZero(bag, sizeof(MsgBag));
@@ -403,19 +404,19 @@ int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
_ACCESSOR(tuc)->Dhe_key_set =0; tuc->internal->Dhe_key_set =0;
err = R_TSIP_GenerateTls13P256EccKeyIndex( err = R_TSIP_GenerateTls13P256EccKeyIndex(
&(_ACCESSOR(tuc)->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(_ACCESSOR(tuc)->EcdhPrivKey13Idx), /* private key index */ &(tuc->internal->EcdhPrivKey13Idx), /* private key index */
&(kse->pubKey[1])); /* generated public key */ &(kse->pubKey[1])); /* generated public key */
if (err != TSIP_SUCCESS){ret = WC_HW_E;} if (err != TSIP_SUCCESS){ret = WC_HW_E;}
if (ret == 0) { if (ret == 0) {
WOLFSSL_MSG("ECDH private key-index is stored by TSIP"); WOLFSSL_MSG("ECDH private key-index is stored by TSIP");
_ACCESSOR(tuc)->Dhe_key_set =1; tuc->internal->Dhe_key_set =1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -485,7 +486,7 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
} }
if (ret == 0) { if (ret == 0) {
if (!_ACCESSOR(tuc)->Dhe_key_set) { if (!tuc->internal->Dhe_key_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -494,15 +495,15 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
_ACCESSOR(tuc)->SharedSecret_set = 0; tuc->internal->SharedSecret_set = 0;
pubkeyraw = kse->ke + 1; /* peer's raw public key data */ pubkeyraw = kse->ke + 1; /* peer's raw public key data */
/* derive shared secret */ /* derive shared secret */
err = R_TSIP_Tls13GenerateEcdheSharedSecret( err = R_TSIP_Tls13GenerateEcdheSharedSecret(
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
pubkeyraw, /* peer's ECDHE public key */ pubkeyraw, /* peer's ECDHE public key */
&(_ACCESSOR(tuc)->EcdhPrivKey13Idx), /*(out) own ECDHE priv key */ &(tuc->internal->EcdhPrivKey13Idx),/*(out) own ECDHE priv key */
&(_ACCESSOR(tuc)->sharedSecret13Idx)); /*(out) PreMasterSecret */ &(tuc->internal->sharedSecret13Idx)); /*(out) PreMasterSecret */
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13GenerateEcdheSharedSecret error"); WOLFSSL_MSG("R_TSIP_Tls13GenerateEcdheSharedSecret error");
@@ -510,7 +511,7 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
} }
if (ret == 0) { if (ret == 0) {
/* set flag for later tsip operations */ /* set flag for later tsip operations */
_ACCESSOR(tuc)->SharedSecret_set = 1; tuc->internal->SharedSecret_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -541,7 +542,7 @@ int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
else { else {
_ACCESSOR(tuc)->EarlySecret_set = 1; tuc->internal->EarlySecret_set = 1;
} }
} }
@@ -590,7 +591,7 @@ int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
/* check if pre-master secret is generated by tsip */ /* check if pre-master secret is generated by tsip */
if (!_ACCESSOR(tuc)->SharedSecret_set) { if (!tuc->internal->SharedSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -599,18 +600,18 @@ int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
_ACCESSOR(tuc)->HandshakeSecret_set = 0; tuc->internal->HandshakeSecret_set = 0;
err = R_TSIP_Tls13GenerateHandshakeSecret( err = R_TSIP_Tls13GenerateHandshakeSecret(
&(_ACCESSOR(tuc)->sharedSecret13Idx), &(tuc->internal->sharedSecret13Idx),
&(_ACCESSOR(tuc)->handshakeSecret13Idx)); &(tuc->internal->handshakeSecret13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13GenerateHandshakeSecret error"); WOLFSSL_MSG("R_TSIP_Tls13GenerateHandshakeSecret error");
ret = WC_HW_E; ret = WC_HW_E;
} }
if (ret == 0) { if (ret == 0) {
_ACCESSOR(tuc)->HandshakeSecret_set = 1; tuc->internal->HandshakeSecret_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
} }
@@ -657,7 +658,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
/* make sure client handshake secret is generated by tsip */ /* make sure client handshake secret is generated by tsip */
if (!_ACCESSOR(tuc)->HandshakeSecret_set) { if (!tuc->internal->HandshakeSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -671,15 +672,15 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
_ACCESSOR(tuc)->HandshakeClientTrafficKey_set = 0; tuc->internal->HandshakeClientTrafficKey_set = 0;
err = R_TSIP_Tls13GenerateClientHandshakeTrafficKey( err = R_TSIP_Tls13GenerateClientHandshakeTrafficKey(
&(_ACCESSOR(tuc)->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(_ACCESSOR(tuc)->handshakeSecret13Idx), &(tuc->internal->handshakeSecret13Idx),
hash, hash,
&(_ACCESSOR(tuc)->clientWriteKey13Idx), &(tuc->internal->clientWriteKey13Idx),
&(_ACCESSOR(tuc)->clientFinished13Idx)); &(tuc->internal->clientFinished13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG( WOLFSSL_MSG(
@@ -689,7 +690,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
/* key derivation succeeded */ /* key derivation succeeded */
if (ret == 0) { if (ret == 0) {
_ACCESSOR(tuc)->HandshakeClientTrafficKey_set = 1; tuc->internal->HandshakeClientTrafficKey_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -737,7 +738,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
/* make sure client handshake secret is generated by tsip */ /* make sure client handshake secret is generated by tsip */
if (!_ACCESSOR(tuc)->HandshakeSecret_set) { if (!tuc->internal->HandshakeSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -751,15 +752,15 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
_ACCESSOR(tuc)->HandshakeServerTrafficKey_set = 0; tuc->internal->HandshakeServerTrafficKey_set = 0;
err = R_TSIP_Tls13GenerateServerHandshakeTrafficKey( err = R_TSIP_Tls13GenerateServerHandshakeTrafficKey(
&(_ACCESSOR(tuc)->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(_ACCESSOR(tuc)->handshakeSecret13Idx), &(tuc->internal->handshakeSecret13Idx),
hash, hash,
&(_ACCESSOR(tuc)->serverWriteKey13Idx), &(tuc->internal->serverWriteKey13Idx),
&(_ACCESSOR(tuc)->serverFinished13Idx)); &(tuc->internal->serverFinished13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG( WOLFSSL_MSG(
@@ -769,7 +770,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
/* key derivation succeeded */ /* key derivation succeeded */
if (ret == 0) { if (ret == 0) {
_ACCESSOR(tuc)->HandshakeServerTrafficKey_set = 1; tuc->internal->HandshakeServerTrafficKey_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -817,7 +818,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
/* make sure master secret is generated by tsip */ /* make sure master secret is generated by tsip */
if (!_ACCESSOR(tuc)->MasterSecret_set) { if (!tuc->internal->MasterSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -831,20 +832,20 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
_ACCESSOR(tuc)->ServerTrafficSecret_set = 0; tuc->internal->ServerTrafficSecret_set = 0;
_ACCESSOR(tuc)->ClientTrafficSecret_set = 0; tuc->internal->ClientTrafficSecret_set = 0;
_ACCESSOR(tuc)->ServerWriteTrafficKey_set = 0; tuc->internal->ServerWriteTrafficKey_set = 0;
_ACCESSOR(tuc)->ClientWriteTrafficKey_set = 0; tuc->internal->ClientWriteTrafficKey_set = 0;
err = R_TSIP_Tls13GenerateApplicationTrafficKey( err = R_TSIP_Tls13GenerateApplicationTrafficKey(
&(_ACCESSOR(tuc)->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(_ACCESSOR(tuc)->masterSecret13Idx), &(tuc->internal->masterSecret13Idx),
(uint8_t*)hash, (uint8_t*)hash,
&(_ACCESSOR(tuc)->serverAppTraffic13Secret), &(tuc->internal->serverAppTraffic13Secret),
&(_ACCESSOR(tuc)->clientAppTraffic13Secret), &(tuc->internal->clientAppTraffic13Secret),
&(_ACCESSOR(tuc)->serverAppWriteKey13Idx), &(tuc->internal->serverAppWriteKey13Idx),
&(_ACCESSOR(tuc)->clientAppWriteKey13Idx)); &(tuc->internal->clientAppWriteKey13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG( WOLFSSL_MSG(
@@ -854,10 +855,10 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
/* key derivation succeeded */ /* key derivation succeeded */
if (ret == 0) { if (ret == 0) {
_ACCESSOR(tuc)->ServerTrafficSecret_set = 1; tuc->internal->ServerTrafficSecret_set = 1;
_ACCESSOR(tuc)->ClientTrafficSecret_set = 1; tuc->internal->ClientTrafficSecret_set = 1;
_ACCESSOR(tuc)->ServerWriteTrafficKey_set = 1; tuc->internal->ServerWriteTrafficKey_set = 1;
_ACCESSOR(tuc)->ClientWriteTrafficKey_set = 1; tuc->internal->ClientWriteTrafficKey_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -904,7 +905,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
/* make sure application secret is generated by tsip */ /* make sure application secret is generated by tsip */
if (!_ACCESSOR(tuc)->ClientTrafficSecret_set) { if (!tuc->internal->ClientTrafficSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -912,21 +913,21 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
_ACCESSOR(tuc)->ClientWriteTrafficKey_set = 0; tuc->internal->ClientWriteTrafficKey_set = 0;
err = R_TSIP_Tls13UpdateApplicationTrafficKey( err = R_TSIP_Tls13UpdateApplicationTrafficKey(
&(_ACCESSOR(tuc)->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
TSIP_TLS13_UPDATE_CLIENT_KEY, TSIP_TLS13_UPDATE_CLIENT_KEY,
&(_ACCESSOR(tuc)->clientAppTraffic13Secret), &(tuc->internal->clientAppTraffic13Secret),
&(_ACCESSOR(tuc)->clientAppTraffic13Secret), &(tuc->internal->clientAppTraffic13Secret),
&(_ACCESSOR(tuc)->clientAppWriteKey13Idx)); &(tuc->internal->clientAppWriteKey13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error"); WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error");
ret = WC_HW_E; ret = WC_HW_E;
} }
else { else {
_ACCESSOR(tuc)->ClientWriteTrafficKey_set = 1; tuc->internal->ClientWriteTrafficKey_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
} }
@@ -972,7 +973,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
/* make sure application secret is generated by tsip */ /* make sure application secret is generated by tsip */
if (!_ACCESSOR(tuc)->ServerTrafficSecret_set) { if (!tuc->internal->ServerTrafficSecret_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -980,21 +981,21 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
_ACCESSOR(tuc)->ServerWriteTrafficKey_set = 0; tuc->internal->ServerWriteTrafficKey_set = 0;
err = R_TSIP_Tls13UpdateApplicationTrafficKey( err = R_TSIP_Tls13UpdateApplicationTrafficKey(
&(_ACCESSOR(tuc)->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
TSIP_TLS13_UPDATE_SERVER_KEY, TSIP_TLS13_UPDATE_SERVER_KEY,
&(_ACCESSOR(tuc)->serverAppTraffic13Secret), &(tuc->internal->serverAppTraffic13Secret),
&(_ACCESSOR(tuc)->serverAppTraffic13Secret), &(tuc->internal->serverAppTraffic13Secret),
&(_ACCESSOR(tuc)->serverAppWriteKey13Idx)); &(tuc->internal->serverAppWriteKey13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error"); WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error");
ret = WC_HW_E; ret = WC_HW_E;
} }
else { else {
_ACCESSOR(tuc)->ServerWriteTrafficKey_set = 1; tuc->internal->ServerWriteTrafficKey_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
} }
@@ -1133,8 +1134,8 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
} }
if (ret == 0) { if (ret == 0) {
/* make sure handshake secret and verify data has been set by TSIP */ /* make sure handshake secret and verify data has been set by TSIP */
if (!_ACCESSOR(tuc)->HandshakeSecret_set || if (!tuc->internal->HandshakeSecret_set ||
!_ACCESSOR(tuc)->HandshakeVerifiedData_set) { !tuc->internal->HandshakeVerifiedData_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -1142,14 +1143,14 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
_ACCESSOR(tuc)->MasterSecret_set = 0; tuc->internal->MasterSecret_set = 0;
err = R_TSIP_Tls13GenerateMasterSecret( err = R_TSIP_Tls13GenerateMasterSecret(
&(_ACCESSOR(tuc)->handle13), &(tuc->internal->handle13),
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(_ACCESSOR(tuc)->handshakeSecret13Idx), &(tuc->internal->handshakeSecret13Idx),
(uint32_t*)_ACCESSOR(tuc)->verifyData13Idx, (uint32_t*)tuc->internal->verifyData13Idx,
&(_ACCESSOR(tuc)->masterSecret13Idx)); &(tuc->internal->masterSecret13Idx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
WOLFSSL_MSG( WOLFSSL_MSG(
@@ -1158,7 +1159,7 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
} }
if (ret == 0) { if (ret == 0) {
_ACCESSOR(tuc)->MasterSecret_set = 1; tuc->internal->MasterSecret_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -1212,7 +1213,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
if (ret == 0) { if (ret == 0) {
/* make sure handshake secret is generated by tsip */ /* make sure handshake secret is generated by tsip */
if (!_ACCESSOR(tuc)->HandshakeServerTrafficKey_set) { if (!tuc->internal->HandshakeServerTrafficKey_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange."); WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
ret = CRYPTOCB_UNAVAILABLE; ret = CRYPTOCB_UNAVAILABLE;
} }
@@ -1225,14 +1226,14 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
if (ret == 0) { if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
_ACCESSOR(tuc)->HandshakeVerifiedData_set = 0; tuc->internal->HandshakeVerifiedData_set = 0;
err = R_TSIP_Tls13ServerHandshakeVerification( err = R_TSIP_Tls13ServerHandshakeVerification(
TSIP_TLS13_MODE_FULL_HANDSHAKE, TSIP_TLS13_MODE_FULL_HANDSHAKE,
&(_ACCESSOR(tuc)->serverFinished13Idx), &(tuc->internal->serverFinished13Idx),
(uint8_t*)msgHash, (uint8_t*)msgHash,
(uint8_t*)hash, (uint8_t*)hash,
(uint32_t*)(_ACCESSOR(tuc)->verifyData13Idx)); (uint32_t*)(tuc->internal->verifyData13Idx));
if (err == TSIP_ERR_VERIFICATION_FAIL) { if (err == TSIP_ERR_VERIFICATION_FAIL) {
WOLFSSL_MSG("Handshake verification error"); WOLFSSL_MSG("Handshake verification error");
@@ -1244,7 +1245,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
} }
if (ret == 0) { if (ret == 0) {
WOLFSSL_MSG("Verified handshake"); WOLFSSL_MSG("Verified handshake");
_ACCESSOR(tuc)->HandshakeVerifiedData_set = 1; tuc->internal->HandshakeVerifiedData_set = 1;
} }
tsip_hw_unlock(); tsip_hw_unlock();
@@ -1547,10 +1548,10 @@ int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
if (ret == 0) { if (ret == 0) {
/* create sign data */ /* create sign data */
sigData = _ACCESSOR(tuc)->sigDataCertVerify; sigData = tuc->internal->sigDataCertVerify;
idx = 0; idx = 0;
ForceZero(sigData, sizeof(_ACCESSOR(tuc)->sigDataCertVerify)); ForceZero(sigData, sizeof(tuc->internal->sigDataCertVerify));
XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
TSIP_SIGNING_DATA_PREFIX_SZ); TSIP_SIGNING_DATA_PREFIX_SZ);
@@ -1688,12 +1689,12 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if (isRsa) { if (isRsa) {
if (!_ACCESSOR(tuc)->ClientRsa2048PrivKey_set) { if (!tuc->internal->ClientRsa2048PrivKey_set) {
ret = NO_PRIVATE_KEY; ret = NO_PRIVATE_KEY;
} }
} }
else { else {
if (!_ACCESSOR(tuc)->ClientEccPrivKey_set) { if (!tuc->internal->ClientEccPrivKey_set) {
ret = NO_PRIVATE_KEY; ret = NO_PRIVATE_KEY;
} }
} }
@@ -1726,7 +1727,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
if (isRsa) { if (isRsa) {
err = R_TSIP_Tls13CertificateVerifyGenerate( err = R_TSIP_Tls13CertificateVerifyGenerate(
(uint32_t*)&(_ACCESSOR(tuc)->Rsa2048PrivateKeyIdx), (uint32_t*)&(tuc->internal->Rsa2048PrivateKeyIdx),
TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256, TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256,
hash, hash,
message + HANDSHAKE_HEADER_SZ, message + HANDSHAKE_HEADER_SZ,
@@ -1734,7 +1735,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
} }
else { else {
err = R_TSIP_Tls13CertificateVerifyGenerate( err = R_TSIP_Tls13CertificateVerifyGenerate(
(uint32_t*)&(_ACCESSOR(tuc)->EcdsaPrivateKeyIdx), (uint32_t*)&(tuc->internal->EcdsaPrivateKeyIdx),
TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256, TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
hash, hash,
message + HANDSHAKE_HEADER_SZ, message + HANDSHAKE_HEADER_SZ,
@@ -1764,7 +1765,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
if (ret == 0) { if (ret == 0) {
if (isRsa) { if (isRsa) {
if (!_ACCESSOR(tuc)->ClientRsa2048PubKey_set) { if (!tuc->internal->ClientRsa2048PubKey_set) {
ret = NO_PRIVATE_KEY; ret = NO_PRIVATE_KEY;
} }
} }
@@ -1778,10 +1779,10 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
} }
if (ret == 0) { if (ret == 0) {
sigData = _ACCESSOR(tuc)->sigDataCertVerify; sigData = tuc->internal->sigDataCertVerify;
idx = 0; idx = 0;
ForceZero(sigData, sizeof(_ACCESSOR(tuc)->sigDataCertVerify)); ForceZero(sigData, sizeof(tuc->internal->sigDataCertVerify));
XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
TSIP_SIGNING_DATA_PREFIX_SZ); TSIP_SIGNING_DATA_PREFIX_SZ);
@@ -1824,7 +1825,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
err = R_TSIP_RsassaPss2048SignatureVerification( err = R_TSIP_RsassaPss2048SignatureVerification(
&rsa_sig, &rsa_hash, &rsa_sig, &rsa_hash,
&(_ACCESSOR(tuc))->Rsa2048PublicKeyIdx, &(tuc->internal)->Rsa2048PublicKeyIdx,
R_TSIP_RSA_HASH_SHA256); R_TSIP_RSA_HASH_SHA256);
WOLFSSL_MSG("Perform self-verify for rsa signature"); WOLFSSL_MSG("Perform self-verify for rsa signature");
} }
@@ -2011,7 +2012,7 @@ static int tsip_ServerKeyExVerify(
(uint8_t*) peerkey, (uint8_t*) peerkey,
(uint8_t*) sig, (uint8_t*) sig,
(uint32_t*)ssl->peerSceTsipEncRsaKeyIndex, (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
(uint32_t*)_ACCESSOR(userCtx)->encrypted_ephemeral_ecdh_public_key); (uint32_t*)userCtx->internal->encrypted_ephemeral_ecdh_public_key);
if (ret !=TSIP_SUCCESS) { if (ret !=TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves failed"); WOLFSSL_MSG("R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves failed");
@@ -2168,21 +2169,21 @@ int wc_tsip_EccSharedSecret(
if ((ret = tsip_hw_lock()) == 0) { if ((ret = tsip_hw_lock()) == 0) {
/* Generate ECC public key for key exchange */ /* Generate ECC public key for key exchange */
ret = R_TSIP_GenerateTlsP256EccKeyIndex( ret = R_TSIP_GenerateTlsP256EccKeyIndex(
&(_ACCESSOR(usrCtx))->ecc_p256_wrapped_key, &(usrCtx->internal->ecc_p256_wrapped_key),
(uint8_t*)&(_ACCESSOR(usrCtx))->ecc_ecdh_public_key); (uint8_t*)&(usrCtx->internal->ecc_ecdh_public_key));
if (ret == TSIP_SUCCESS) { if (ret == TSIP_SUCCESS) {
/* copy generated ecdh public key into buffer */ /* copy generated ecdh public key into buffer */
pubKeyDer[0] = ECC_POINT_UNCOMP; pubKeyDer[0] = ECC_POINT_UNCOMP;
*pubKeySz = 1 + sizeof((_ACCESSOR(usrCtx))->ecc_ecdh_public_key); *pubKeySz = 1 + sizeof(usrCtx->internal->ecc_ecdh_public_key);
XMEMCPY(&pubKeyDer[1], &(_ACCESSOR(usrCtx))->ecc_ecdh_public_key, XMEMCPY(&pubKeyDer[1], &(usrCtx->internal->ecc_ecdh_public_key),
sizeof(_ACCESSOR(usrCtx)->ecc_ecdh_public_key)); sizeof(usrCtx->internal->ecc_ecdh_public_key));
/* Generate Premaster Secret */ /* Generate Premaster Secret */
ret = R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key( ret = R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key(
(uint32_t*)&(_ACCESSOR(usrCtx))->encrypted_ephemeral_ecdh_public_key, (uint32_t*)&(usrCtx->internal->encrypted_ephemeral_ecdh_public_key),
&(_ACCESSOR(usrCtx))->ecc_p256_wrapped_key, &(usrCtx->internal->ecc_p256_wrapped_key),
(uint32_t*)out/* pre-master secret 64 bytes */); (uint32_t*)out/* pre-master secret 64 bytes */);
} }
if (ret == TSIP_SUCCESS) { if (ret == TSIP_SUCCESS) {
@@ -2261,10 +2262,10 @@ WOLFSSL_API int tsip_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
ForceZero(uCtx->internal, sizeof(TsipUserCtx_Internal)); ForceZero(uCtx->internal, sizeof(TsipUserCtx_Internal));
_ACCESSOR(uCtx)->ssl = ssl; uCtx->internal->ssl = ssl;
_ACCESSOR(uCtx)->ctx = ssl->ctx; uCtx->internal->ctx = ssl->ctx;
_ACCESSOR(uCtx)->heap = ssl->heap; uCtx->internal->heap = ssl->heap;
_ACCESSOR(uCtx)->side = ssl->ctx->method->side; uCtx->internal->side = ssl->ctx->method->side;
ssl->RenesasUserCtx = user_ctx; /* ssl doesn't own user_ctx */ ssl->RenesasUserCtx = user_ctx; /* ssl doesn't own user_ctx */
@@ -2331,7 +2332,7 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
if (tuc == NULL) if (tuc == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
encPrivKey = _ACCESSOR(tuc)->wrappedPrivateKey; encPrivKey = tuc->internal->wrappedPrivateKey;
if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) { if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) {
WOLFSSL_MSG("Missing some key materials used for import" ); WOLFSSL_MSG("Missing some key materials used for import" );
@@ -2351,12 +2352,12 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
#if !defined(NO_RSA) #if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
_ACCESSOR(tuc)->ClientRsa2048PrivKey_set = 0; tuc->internal->ClientRsa2048PrivKey_set = 0;
err = R_TSIP_GenerateRsa2048PrivateKeyIndex( err = R_TSIP_GenerateRsa2048PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey, provisioning_key, iv, (uint8_t*)encPrivKey,
&(_ACCESSOR(tuc)->Rsa2048PrivateKeyIdx)); &(tuc->internal->Rsa2048PrivateKeyIdx));
if (err == TSIP_SUCCESS) { if (err == TSIP_SUCCESS) {
_ACCESSOR(tuc)->ClientRsa2048PrivKey_set = 1; tuc->internal->ClientRsa2048PrivKey_set = 1;
} }
else { else {
ret = WC_HW_E; ret = WC_HW_E;
@@ -2372,12 +2373,12 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
#if defined(HAVE_ECC) #if defined(HAVE_ECC)
case TSIP_KEY_TYPE_ECDSAP256: case TSIP_KEY_TYPE_ECDSAP256:
_ACCESSOR(tuc)->ClientEccPrivKey_set = 0; tuc->internal->ClientEccPrivKey_set = 0;
err = R_TSIP_GenerateEccP256PrivateKeyIndex( err = R_TSIP_GenerateEccP256PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey, provisioning_key, iv, (uint8_t*)encPrivKey,
&(_ACCESSOR(tuc)->EcdsaPrivateKeyIdx)); &(tuc->internal->EcdsaPrivateKeyIdx));
if (err == TSIP_SUCCESS) { if (err == TSIP_SUCCESS) {
_ACCESSOR(tuc)->ClientEccPrivKey_set = 1; tuc->internal->ClientEccPrivKey_set = 1;
} }
else { else {
ret = WC_HW_E; ret = WC_HW_E;
@@ -2446,7 +2447,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
(defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1)) (defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1))
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
_ACCESSOR(tuc)->ClientRsa2048PubKey_set = 0; tuc->internal->ClientRsa2048PubKey_set = 0;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0; tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0;
@@ -2461,14 +2462,14 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
err = R_TSIP_GenerateRsa2048PublicKeyIndex( err = R_TSIP_GenerateRsa2048PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey, provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(_ACCESSOR(tuc)->Rsa2048PublicKeyIdx) &(tuc->internal->Rsa2048PublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->rsa2048pub_keyIdx tuc->rsa2048pub_keyIdx
#endif #endif
); );
if (err == TSIP_SUCCESS) { if (err == TSIP_SUCCESS) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
_ACCESSOR(tuc)->ClientRsa2048PubKey_set = 1; tuc->internal->ClientRsa2048PubKey_set = 1;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.rsapub2048_key_set = 1; tuc->keyflgs_crypt.bits.rsapub2048_key_set = 1;
#endif #endif
@@ -2488,7 +2489,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
case TSIP_KEY_TYPE_ECDSAP256: case TSIP_KEY_TYPE_ECDSAP256:
case TSIP_KEY_TYPE_ECDSAP384: case TSIP_KEY_TYPE_ECDSAP384:
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
_ACCESSOR(tuc)->ClientEccPubKey_set = 0; tuc->internal->ClientEccPubKey_set = 0;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.eccpub_key_set = 0; tuc->keyflgs_crypt.bits.eccpub_key_set = 0;
#endif #endif
@@ -2497,7 +2498,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
err = R_TSIP_GenerateEccP256PublicKeyIndex( err = R_TSIP_GenerateEccP256PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey, provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(_ACCESSOR(tuc)->EcdsaPublicKeyIdx) &(tuc->internal->EcdsaPublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&tuc->eccpub_keyIdx &tuc->eccpub_keyIdx
#endif #endif
@@ -2511,7 +2512,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
err = R_TSIP_GenerateEccP384PublicKeyIndex( err = R_TSIP_GenerateEccP384PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey, provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(_ACCESSOR(tuc)->EcdsaPublicKeyIdx) &(tuc->internal->EcdsaPublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&tuc->eccpub_keyIdx &tuc->eccpub_keyIdx
#endif #endif
@@ -2522,7 +2523,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
} }
if (err == TSIP_SUCCESS) { if (err == TSIP_SUCCESS) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
_ACCESSOR(tuc)->ClientEccPubKey_set = 1; tuc->internal->ClientEccPubKey_set = 1;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.eccpub_key_set = 1; tuc->keyflgs_crypt.bits.eccpub_key_set = 1;
#endif #endif
@@ -3268,9 +3269,9 @@ int wc_tsip_generateSessionKey(
/* ready-for-use flag will be set when SetKeySide() is called */ /* ready-for-use flag will be set when SetKeySide() is called */
} }
if (_ACCESSOR(ctx)->tsip_cipher == if (ctx->internal->tsip_cipher ==
R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
_ACCESSOR(ctx)->tsip_cipher == ctx->internal->tsip_cipher ==
R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
enc->aes->nonceSz = AEAD_MAX_IMP_SZ; enc->aes->nonceSz = AEAD_MAX_IMP_SZ;
dec->aes->nonceSz = AEAD_MAX_IMP_SZ; dec->aes->nonceSz = AEAD_MAX_IMP_SZ;
@@ -3279,7 +3280,7 @@ int wc_tsip_generateSessionKey(
enc->aes->devId = devId; enc->aes->devId = devId;
dec->aes->devId = devId; dec->aes->devId = devId;
_ACCESSOR(ctx)->session_key_set = 1; ctx->internal->session_key_set = 1;
} }
/* unlock hw */ /* unlock hw */
tsip_hw_unlock(); tsip_hw_unlock();
@@ -3382,13 +3383,13 @@ int wc_tsip_storeKeyCtx(WOLFSSL* ssl, TsipUserCtx* userCtx)
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
if (ret == 0) { if (ret == 0) {
XMEMCPY(_ACCESSOR(userCtx)->tsip_masterSecret, XMEMCPY(userCtx->internal->tsip_masterSecret,
ssl->arrays->tsip_masterSecret, TSIP_TLS_MASTERSECRET_SIZE); ssl->arrays->tsip_masterSecret, TSIP_TLS_MASTERSECRET_SIZE);
XMEMCPY(_ACCESSOR(userCtx)->tsip_clientRandom, XMEMCPY(userCtx->internal->tsip_clientRandom,
ssl->arrays->clientRandom, TSIP_TLS_CLIENTRANDOM_SZ); ssl->arrays->clientRandom, TSIP_TLS_CLIENTRANDOM_SZ);
XMEMCPY(_ACCESSOR(userCtx)->tsip_serverRandom, XMEMCPY(userCtx->internal->tsip_serverRandom,
ssl->arrays->serverRandom, TSIP_TLS_SERVERRANDOM_SZ); ssl->arrays->serverRandom, TSIP_TLS_SERVERRANDOM_SZ);
_ACCESSOR(userCtx)->tsip_cipher = GetTsipCipherSuite(ssl->options.cipherSuite0, userCtx->internal->tsip_cipher = GetTsipCipherSuite(ssl->options.cipherSuite0,
ssl->options.cipherSuite); ssl->options.cipherSuite);
} }
@@ -3686,7 +3687,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (info == NULL || tuc == NULL if (info == NULL || tuc == NULL
#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY #ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
|| _ACCESSOR(tuc)->ssl == NULL || tuc->internal->ssl == NULL
#endif #endif
) { ) {
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
@@ -3694,7 +3695,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
if (ret == 0) { if (ret == 0) {
ssl = _ACCESSOR(tuc)->ssl; ssl = tuc->internal->ssl;
if (ssl->version.major == SSLv3_MAJOR && if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor == TLSv1_3_MINOR) { ssl->version.minor == TLSv1_3_MINOR) {
@@ -3791,7 +3792,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
err = R_TSIP_RsassaPkcs2048SignatureGenerate( err = R_TSIP_RsassaPkcs2048SignatureGenerate(
&hashData, &sigData, &hashData, &sigData,
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
&(_ACCESSOR(tuc))->Rsa2048PrivateKeyIdx, &(tuc->internal->Rsa2048PrivateKeyIdx),
#else #else
(tsip_rsa2048_private_key_index_t*) (tsip_rsa2048_private_key_index_t*)
tuc->rsa2048pri_keyIdx, tuc->rsa2048pri_keyIdx,
@@ -3892,7 +3893,7 @@ int tsip_VerifyRsaPkcsCb(
case TSIP_KEY_TYPE_RSA2048: case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureVerification( err = R_TSIP_RsassaPkcs2048SignatureVerification(
&sigData, &hashData, &sigData, &hashData,
&(_ACCESSOR(tuc))->Rsa2048PublicKeyIdx, &(tuc->internal->Rsa2048PublicKeyIdx),
tsip_hash_type); tsip_hash_type);
if (err == TSIP_ERR_AUTHENTICATION) { if (err == TSIP_ERR_AUTHENTICATION) {
@@ -3964,7 +3965,7 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
} }
if (ret == 0) { if (ret == 0) {
ssl = _ACCESSOR(tuc)->ssl; ssl = tuc->internal->ssl;
if (ssl->version.major == SSLv3_MAJOR && if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor == TLSv1_3_MINOR) { ssl->version.minor == TLSv1_3_MINOR) {
@@ -3999,7 +4000,7 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
offsetForWork; offsetForWork;
err = R_TSIP_EcdsaP256SignatureGenerate( err = R_TSIP_EcdsaP256SignatureGenerate(
&hashData, &sigData, &hashData, &sigData,
&(_ACCESSOR(tuc))->EcdsaPrivateKeyIdx); &(tuc->internal->EcdsaPrivateKeyIdx));
if (err != TSIP_SUCCESS) { if (err != TSIP_SUCCESS) {
ret = WC_HW_E; ret = WC_HW_E;
break; break;

1
wolfssl/wolfcrypt/include.am
View File

@@ -120,6 +120,7 @@ noinst_HEADERS+= \
wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \ wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \ wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \ wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h \
wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \ wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \
wolfssl/wolfcrypt/port/maxim/max3266x.h \ wolfssl/wolfcrypt/port/maxim/max3266x.h \
wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h \ wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h \

2
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h
View File

@@ -23,8 +23,6 @@
#include "renesas-tsip-crypt.h" #include "renesas-tsip-crypt.h"
#define _ACCESSOR(p) (p->internal)
struct TsipUserCtx_Internal { struct TsipUserCtx_Internal {
/* unique number for each session */ /* unique number for each session */