From 07de40e4bda0f98e45e0eac879e20472ca65f2d7 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 26 Apr 2024 06:50:09 +0900 Subject: [PATCH 1/3] fix warnings fix encrypted key use case Update README --- IDE/Renesas/e2studio/RZN2L/README.md | 28 +++++++------ wolfcrypt/src/port/Renesas/renesas_common.c | 16 ++++--- .../src/port/Renesas/renesas_fspsm_rsa.c | 42 +++++++++++++++---- .../src/port/Renesas/renesas_fspsm_sha.c | 2 +- .../src/port/Renesas/renesas_fspsm_util.c | 6 +-- 5 files changed, 65 insertions(+), 29 deletions(-) diff --git a/IDE/Renesas/e2studio/RZN2L/README.md b/IDE/Renesas/e2studio/RZN2L/README.md index 55df4f2c1..5d9544914 100644 --- a/IDE/Renesas/e2studio/RZN2L/README.md +++ b/IDE/Renesas/e2studio/RZN2L/README.md @@ -22,7 +22,7 @@ The example project summary is listed below and is relevant for every project. |Item|Name/Version| |:--|:--| |Board|RZN2L| -|Device|R9A07G084M04GBG| +|Device|R9A07G084M08GBG| |Toolchain|GCC for Renesas RZ| |Toolchain Version|10.3.1.20210824| |FSP Version|1.2.0| @@ -34,7 +34,7 @@ The example project summary is listed below and is relevant for every project. |Board Support Package Common Files|v1.20|| |I/O Port|v1.2.0|| |Arm CMSIS Version 5 - Core (M)|v5.7.0+renesas.1|| -|Board support package for R9A07G084M04GBG|v1.2.0|| +|Board support package for R9A07G084M04GBG|v1.2.0|Note1| |Board support package for RZN2L|v1.2.0|| |Board support package for RZN2L - FSP Data|v1.2.0|| |RSK+RZN2L Board Support Files (RAM execution without flash memory)|v1.2.0|| @@ -50,6 +50,8 @@ The example project summary is listed below and is relevant for every project. |Renesas Secure IP Driver|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module| |RSIP Engine for RZ/N2L|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module| +Note1:\ + To use RSIP drive, a devvice type should be `R9A07G084M04GBG`. However, choosing `R9A07G084M04GBG` won't allow to select `RSK+RZN2L` board. This example uses LED and external flash memory on `RSK + RZN2L` board. Therefore, the example temporary `R9A07G084M04GBG` for the device type. Updating e2studio or fsp could resolve the issue. ## Setup Steps and Build wolfSSL Library @@ -93,16 +95,18 @@ The example project summary is listed below and is relevant for every project. 3.) Prepare UART to logging + Download Sample package from [BACnet Start-Up](https://www.renesas.com/us/en/products/microcontrollers-microprocessors/rz-mpus/bacnet-start-rzn2l-rsk) -+ Copy the following C source files from the project to src/serial_io folder of `test_RZN2L` - + um_serial_io_uart.c - + um_serial_io_task_writer.c - + um_serial_io_cfg.h - + um_common_api.h - + um_common_cfg.h - + um_serial_io.c - + um_serial_io.h - + um_serial_io_api.h - + um_serial_io_internal.h ++ Copy the following C source files from the project to src/serial_io folder of `test_RZN2L`\ +um_serial_io_uart.c\ +um_serial_io_task_writer.c\ +um_serial_io_cfg.h\ +um_common_api.h\ +um_common_cfg.h\ +um_serial_io.c\ +um_serial_io.h\ +um_serial_io_api.h\ +um_serial_io_internal.h + + + Open um_serial_io_task_writer.c and re-name printf to uart_printf 3.) Build `test_RZN2L` project diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index deff62529..ab389408f 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -361,8 +361,14 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) * in advance. SCE supports 1024 or 2048 bits key size. * otherwise, falls-through happens. */ - if (info->pk.rsa.key->ctx.keySz == 1024 || - info->pk.rsa.key->ctx.keySz == 2048) { + if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set || + cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set || + cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set || + cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set ) { + + ret = wc_fspsm_MakeRsaKey(info->pk.rsa.key, 0, cbInfo); + if (ret == CRYPTOCB_UNAVAILABLE) + return ret; if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT || info->pk.rsa.type == RSA_PUBLIC_ENCRYPT ) @@ -370,7 +376,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) ret = wc_fspsm_RsaFunction(info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, - &info->pk.rsa.outLen, + (word32*)&info->pk.rsa.outLen, info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); @@ -379,7 +385,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) ret = wc_fspsm_RsaSign(info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, - info->pk.rsa.outLen, + (word32*)&info->pk.rsa.outLen, info->pk.rsa.key, (void*)ctx); } @@ -387,7 +393,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) ret = wc_fspsm_RsaVerify(info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, - info->pk.rsa.outLen, + (word32*)&info->pk.rsa.outLen, info->pk.rsa.key, (void*)ctx); } diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c index 78b9381e2..778e5fff6 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c @@ -1,6 +1,6 @@ /* renesas_fspsm_rsa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -99,6 +99,33 @@ WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(RsaKey *key, int size, void* ctx) key->ctx.wrapped_pri2048_key = info->wrapped_key_rsapri2048; key->ctx.wrapped_pub2048_key = info->wrapped_key_rsapub2048; key->ctx.keySz = 2048; + } else if (size == 0) { + if((info->keyflgs_crypt.bits.rsapri2048_installedkey_set != 1) && + (info->keyflgs_crypt.bits.rsapub2048_installedkey_set != 1) && + (info->keyflgs_crypt.bits.rsapri1024_installedkey_set != 1) && + (info->keyflgs_crypt.bits.rsapub1024_installedkey_set != 1)) { + WOLFSSL_MSG("Caller should create user key in advance."); + WOLFSSL_MSG("Caller also need to installedkey to 1."); + return BAD_FUNC_ARG; + } + + if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1) { + key->ctx.wrapped_pri1024_key = info->wrapped_key_rsapri1024; + key->ctx.keySz = 1024; + } + if (info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1) { + key->ctx.wrapped_pub1024_key = info->wrapped_key_rsapub1024; + key->ctx.keySz = 1024; + } + + if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1) { + key->ctx.wrapped_pri2048_key = info->wrapped_key_rsapri2048; + key->ctx.keySz = 2048; + } + if (info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1) { + key->ctx.wrapped_pub2048_key = info->wrapped_key_rsapub2048; + key->ctx.keySz = 2048; + } } else return CRYPTOCB_UNAVAILABLE; @@ -132,8 +159,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out, (void) rng; /* sanity check */ - if (in == NULL || out == NULL || - ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){ + if (in == NULL || out == NULL || key == NULL){ return BAD_FUNC_ARG; } @@ -210,8 +236,8 @@ WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out, int keySize; /* sanity check */ - if (in == NULL || out == NULL || (word32*)outLen <= 0 || info == NULL || - ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){ + if (in == NULL || out == NULL || *outLen <= 0 || info == NULL || + key == NULL){ return BAD_FUNC_ARG; } @@ -278,8 +304,8 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out, (void) key; /* sanity check */ - if (in == NULL || out == NULL || (word32*)outLen <= 0 || info == NULL || - ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){ + if (in == NULL || out == NULL || *outLen <= 0 || info == NULL || + key == NULL){ return BAD_FUNC_ARG; } @@ -292,7 +318,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out, info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */ signature.pdata = out; - signature.data_length = (word32*)outLen; + signature.data_length = (word32)*outLen; #if defined(WOLFSSL_RENESAS_RSIP) message_hash.hash_type = signature.hash_type = info->hash_type; /* hash type */ diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c index 0d7676348..bba843ed0 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c @@ -271,7 +271,7 @@ static int FSPSM_HashUpdate(wolfssl_FSPSM_Hash* hash, return BAD_FUNC_ARG; } wc_fspsm_hw_lock(); - ret = Update(&hash->handle, data, sz); + ret = Update(&hash->handle, (byte*)data, sz); wc_fspsm_hw_unlock(); return ret; #endif diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c index ba217a739..f0d19e758 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c @@ -188,7 +188,7 @@ WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz) { /* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */ int ret = 0; - word32 buffer[RANDGEN_WORDS]; + word32 fspbuf[RANDGEN_WORDS]; while (sz > 0) { word32 len = sizeof(buffer); @@ -197,9 +197,9 @@ WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz) len = sz; } /* return 4 words random number*/ - ret = R_RANDOM_GEN(buffer); + ret = R_RANDOM_GEN((uint8_t* const)fspbuf); if(ret == FSP_SUCCESS) { - XMEMCPY(output, &buffer, len); + XMEMCPY(output, &fspbuf, len); output += len; sz -= len; } else { From 6b1e6e3ef900c578a75a70365a4b9633783a57b6 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 26 Apr 2024 10:20:50 -0700 Subject: [PATCH 2/3] Spelling fixes. --- IDE/Renesas/e2studio/RZN2L/README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/IDE/Renesas/e2studio/RZN2L/README.md b/IDE/Renesas/e2studio/RZN2L/README.md index 5d9544914..c53605b79 100644 --- a/IDE/Renesas/e2studio/RZN2L/README.md +++ b/IDE/Renesas/e2studio/RZN2L/README.md @@ -10,7 +10,7 @@ They also include benchmark and cryptography tests for the wolfCrypt library. The example project contains both the wolfSSL and wolfCrypt libraries. It is built as a `Renesas RZ/N C/C++ FSP Project` and contains the Renesas RZ configuration. The wolfssl project uses `Renesas Secure IP on RZ` -as hardware acceleration for cyptography. +as hardware acceleration for cryptography. **Limitation** @@ -51,7 +51,7 @@ The example project summary is listed below and is relevant for every project. |RSIP Engine for RZ/N2L|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module| Note1:\ - To use RSIP drive, a devvice type should be `R9A07G084M04GBG`. However, choosing `R9A07G084M04GBG` won't allow to select `RSK+RZN2L` board. This example uses LED and external flash memory on `RSK + RZN2L` board. Therefore, the example temporary `R9A07G084M04GBG` for the device type. Updating e2studio or fsp could resolve the issue. + To use RSIP driver, a device type should be `R9A07G084M04GBG`. However, choosing `R9A07G084M04GBG` won't allow to select `RSK+RZN2L` board. This example uses LED and external flash memory on `RSK + RZN2L` board. Therefore, the example temporary `R9A07G084M04GBG` for the device type. Updating e2studio or fsp could resolve the issue. ## Setup Steps and Build wolfSSL Library @@ -77,7 +77,7 @@ Note1:\ |Thread Symbol|rzn2l_tst_thread| |Thread Name|rzn2l_tst_thread| |Thread Stack size|increase depending on your environment
e.g. 0xA000| -|Thread MemoryAllocation|Dyamic| +|Thread MemoryAllocation|Dynamic| |Common General Use Mutexes|Enabled| |Common General Enable Backward Compatibility|Enabled| |Common Memory Allocation Support Dynamic Allocation|Enabled| @@ -117,7 +117,7 @@ um_serial_io_internal.h 2). Select J-Link ARM and R9A07G084M04 -3). Break at Entory point. Change `cpsr` register value from 0xXXXXX1yy to 0xXXXXX1da +3). Break at Entry point. Change `cpsr` register value from 0xXXXXX1yy to 0xXXXXX1da ## Run TLS 1.3 Client 1.) Enable `WOLFSSL_TLS13` macro in `user_settings.h` @@ -476,7 +476,7 @@ Test complete ``` **Note** -`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sampele output above while running wolfCrypt test. +`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sample output above while running wolfCrypt test. ## Run Benchmark @@ -536,7 +536,8 @@ Benchmark complete End wolfCrypt Benchmark ``` **Note** -`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sampele output above. +`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sample output above. + ## Support For support inquiries and questions, please email support@wolfssl.com. Feel free to reach out to info@wolfssl.jp as well. From d4b265e84c637da08a324e04d526deecc33392bc Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Tue, 30 Apr 2024 16:47:26 +0900 Subject: [PATCH 3/3] convert outLen type correctly --- wolfcrypt/src/port/Renesas/renesas_common.c | 6 +++--- wolfcrypt/src/rsa.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index ab389408f..72210bea5 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -376,7 +376,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) ret = wc_fspsm_RsaFunction(info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, - (word32*)&info->pk.rsa.outLen, + info->pk.rsa.outLen, info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); @@ -385,7 +385,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) ret = wc_fspsm_RsaSign(info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, - (word32*)&info->pk.rsa.outLen, + info->pk.rsa.outLen, info->pk.rsa.key, (void*)ctx); } @@ -393,7 +393,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) ret = wc_fspsm_RsaVerify(info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, - (word32*)&info->pk.rsa.outLen, + info->pk.rsa.outLen, info->pk.rsa.key, (void*)ctx); } diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 3c4071c91..717d4cca0 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3318,7 +3318,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, if (key->devId != INVALID_DEVID) { /* SCE supports 1024 and 2048 bits */ ret = wc_CryptoCb_Rsa(in, inLen, out, - outLen, rsa_type, key, rng); + &outLen, rsa_type, key, rng); if (ret != CRYPTOCB_UNAVAILABLE) return ret; /* fall-through when unavailable */ @@ -3475,7 +3475,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { ret = wc_CryptoCb_Rsa(in, inLen, out, - outLen, rsa_type, key, rng); + &outLen, rsa_type, key, rng); if (ret != CRYPTOCB_UNAVAILABLE) return ret; /* fall-through when unavailable */