From fb4e39f00ac43d3291ad436f1f575f560fed506e Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Wed, 24 Nov 2021 19:11:16 +0900 Subject: [PATCH] addressed review comments prt1 --- IDE/Renesas/e2studio/RA6M4/README.md | 86 +- .../e2studio/RA6M4/common/wolfssl_demo.h | 14 +- IDE/Renesas/e2studio/RA6M4/include.am | 4 - .../e2studio/RA6M4/test/key_data/key_data.h | 5 +- .../RA6M4/test/key_data/key_data_sce.c | 94 ++- .../e2studio/RA6M4/test/src/hal_entry.c | 59 -- .../RA6M4/test/src/sce_tst_thread_entry.c | 18 - .../e2studio/RA6M4/test/src/test_main.c | 49 +- .../e2studio/RA6M4/test/src/wolf_client.c | 27 +- .../RA6M4/wolfssl/R7FA6M4AF3CFB.pincfg | 36 - .../e2studio/RA6M4/wolfssl/configuration.xml | 799 ------------------ src/internal.c | 50 +- src/keys.c | 12 +- src/ssl.c | 62 +- src/tls.c | 2 +- wolfcrypt/benchmark/benchmark.c | 4 +- wolfcrypt/src/asn.c | 28 +- wolfcrypt/src/port/Renesas/renesas_common.c | 163 ++-- wolfcrypt/src/port/Renesas/renesas_sce_aes.c | 63 +- wolfcrypt/src/port/Renesas/renesas_sce_sha.c | 8 +- wolfcrypt/src/port/Renesas/renesas_sce_util.c | 235 +++--- wolfcrypt/src/wc_port.c | 4 +- wolfcrypt/test/test.c | 2 +- wolfssl/internal.h | 8 +- wolfssl/ssl.h | 30 +- wolfssl/test.h | 32 +- wolfssl/wolfcrypt/asn.h | 6 +- .../port/Renesas/renesas-sce-crypt.h | 91 +- wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h | 38 +- wolfssl/wolfcrypt/port/Renesas/renesas_sync.h | 6 +- wolfssl/wolfcrypt/settings.h | 2 +- 31 files changed, 600 insertions(+), 1437 deletions(-) delete mode 100644 IDE/Renesas/e2studio/RA6M4/test/src/hal_entry.c delete mode 100644 IDE/Renesas/e2studio/RA6M4/test/src/sce_tst_thread_entry.c delete mode 100644 IDE/Renesas/e2studio/RA6M4/wolfssl/R7FA6M4AF3CFB.pincfg delete mode 100644 IDE/Renesas/e2studio/RA6M4/wolfssl/configuration.xml diff --git a/IDE/Renesas/e2studio/RA6M4/README.md b/IDE/Renesas/e2studio/RA6M4/README.md index 9727af816..b9eebcb17 100644 --- a/IDE/Renesas/e2studio/RA6M4/README.md +++ b/IDE/Renesas/e2studio/RA6M4/README.md @@ -1,19 +1,21 @@ -wolfSSL for Renesas RA Evaluation Kit (EK-RA6M4) +wolfSSL for Renesas RA Evaluation Kit (EK-RA6M4) ================================================= ## Description -This directory contains e2studio projects targeted at the Renesas RA 32-bit MCUs.\ -The example projects include a wolfSSL TLS client.\ +This directory contains e2studio projects targeted at the Renesas RA 32-bit MCUs. +The example projects include a wolfSSL TLS client. They also include benchmark and cryptography tests for the wolfCrypt library. -The wolfssl project contains both the wolfSSL and wolfCrypt libraries.\ -It is built as a `Renesas RA C Library Project` and contains the Renesas RA\ -configuration. The wolfssl project uses `Secure Cryptography Engine on RA6 Protected Mode` \ + +The wolfssl project contains both the wolfSSL and wolfCrypt libraries. +It is built as a `Renesas RA C Library Project` and contains the Renesas RA +configuration. The wolfssl project uses `Secure Cryptography Engine on RA6 Protected Mode` as hardware acceleration for cypto and TLS operation. -The other projects (benchmark, client, and test) are built as a\ -`Renesas RA C Project Using RA Library`, where the RA library is the wolfssl project.\ + +The other projects (benchmark, client, and test) are built as a +`Renesas RA C Project Using RA Library`, where the RA library is the wolfssl project. The wolfssl Project Summary is listed below and is relevant for every project. ### Project Summary @@ -51,25 +53,66 @@ The wolfssl Project Summary is listed below and is relevant for every project. + Deselect the Non-Eclipse project, RA6M4, by clicking the checkbox\ Only the folders with 'Eclipse project' under 'Import as' need to be selected. -2.) Create project Content by Smart Configurator +2.) Create a `dummy_library` Static Library. -+ Open Smart Configurator by clicking configuration.xml in wolfSSL_RA6M4 project -+ Create project content by clicking `Generate Project Content` ++ Click File->New->`RA C/C++ Project`. ++ Select `EK-RA6M4` from Drop-down list. ++ Check `Static Library`. ++ Select FreeRTOS from RTOS selection. Click Next. ++ Check `FreeRTOS minimal - Static Allocation`. Click Finish. ++ Open Smart Configurator by clicking configuration.xml in the project ++ Go to `BSP` tab and increase Heap Size under `RA Common` on Properties page ++ Go to `Stacks` tab ++ Add `SCE Protected Mode` stack from `New Stack` -> `Driver` -> `Crypt` ++ Add New thead and set properties + +|Property|Value| +|:--|:--| +|Thread Symbol|sce_tst_thread| +|Thread Name|sce_tst_thread| +|Thread Stack size|increase depending on your environment| +|Thread MemoryAllocation|Dyamic| +|Common General Use Mutexes|Enabled| +|Common General Enable Backward Compatibility|Enabled| +|Common Memory Allocation Support Dynamic Allocation|Enabled| +|Common Memory Allocation Total Heap Size|increase depending on your environment| + ++ Add `Heap 4` stack to sce_tst_thread from `New Stack` -> `FreeRTOS` -> `Memory Management` ++ Add `FreeRTOS + TCP` stack to sce_tst_thread from `New Stack` -> `FreeRTOS` -> `Libraries` and set properties + +|Property|Value| +|:--|:--| +|Network Events call vApplicationIPNetworkEventHook|Disable| +|Use DHCP|Disable| + ++ Save `dummy_library` FSP configuration ++ Copy configuration.xml and pincfg under `dummy_library` to `wolfSSL_RA6M4` ++ Open Smart Configurator by clicking copied configuration.xml ++ Click `Generate Project Content` on Smart Configurator 3.) Build the wolfSSL project -4.) Create a 'dummy' Renesas RA C Project Using RA Library. +4.) Create a 'dummy_application' Renesas RA C Project Using RA Library. + Click File->New->`RA C/C++ Project`. + Select `EK-RA6M4` from Drop-down list. + Check `Executable Using an RA Static Library`. + Select FreeRTOS from RTOS selection. Click Finish. -+ Enter `dummy_app` as the project name. Click Next. ++ Enter `dummy_application` as the project name. Click Next. + Under `RA library project`, select `wolfSSL_RA6M4`. + Click Finish. + Copy the followng folder inside dummy_app to `test_RA6M4`\ script/ + src/sce_tst_thread_entry.c ++ Add `sce_test()` call under /* TODO: add your own code here */ line at sce_tst_thread_entry.c +``` +... + /* TODO: add your own code here */ + sce_test(); +... +``` + 5.) Prepare SEGGER_RTT to logging + Download J-Link software from [Segger](https://www.segger.com/downloads/jlink) @@ -111,14 +154,14 @@ static const byte ucIPAddress[4] = { 192, 168, 11, 241 }; + On Linux ``` - $ autogen.sh - $ ./configure --enable-extended-master=no CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVE_AES_CBC" +$ autogen.sh +$ ./configure --enable-extended-master=no CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVE_AES_CBC" ``` Run peer wolfSSL server RSA sign and verify use, launch server with the following option ``` - $./example/server/server -b -d -i +$./example/server/server -b -d -i ``` You will see the following message on J-LinK RTT Viewer @@ -136,9 +179,9 @@ cipher : ECDHE-RSA-AES128-GCM-SHA256 Received: I hear you fa shizzle! ``` -ECDSA sign and verifyuse, launch server with the following option +ECDSA sign and verify use, launch server with the following option ``` - $./examples/server/server -b -d -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +$./examples/server/server -b -d -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem ``` You will see the following message on J-LinK RTT Viewer @@ -175,8 +218,13 @@ In the example code for benchmark, it assumes that AES key is installed at DIREC #endif ``` -To install key, please refer [Installing and Updating Secure Keys](chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/https://www.renesas.com/us/en/document/apn/installing-and-updating-secure-keys-ra-family). +To install key, please refer [Installing and Updating Secure Keys](https://www.renesas.com/us/en/document/apn/installing-and-updating-secure-keys-ra-family). You can update code above to handle AES128 key when you install its key. 3.) Run Benchmark and Crypto Test + + +## Support + +For support inquiries and questions, please email support@wolfssl.com. Feel free to reach out to info@wolfssl.jp as well. diff --git a/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h b/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h index 59bd001c8..617dad959 100644 --- a/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h +++ b/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h @@ -32,10 +32,8 @@ #define FLASH_HP_DF_BLOCK_1 0x08000040U /* 64 B: 0x40100040 - 0x4010007F */ #define FLASH_HP_DF_BLOCK_2 0x08000080U /* 64 B: 0x40100080 - 0x401000BF */ #define FLASH_HP_DF_BLOCK_3 0x080000C0U /* 64 B: 0x401000C0 - 0x401000FF */ - #define DIRECT_KEY_ADDRESS FLASH_HP_DF_BLOCK_1 - /* Enable wolfcrypt test */ /* can be enabled with benchmark test */ /*#define CRYPT_TEST*/ @@ -45,13 +43,17 @@ /*#define BENCHMARK*/ /* Enable TLS client */ -/* cannot enable with other definition */ +/* cannot enable with CRYPT_TEST or BENCHMARK */ #define TLS_CLIENT +/* Specifiy cipher suites that are supported by SCE + * ClientHello specifies the cipher suite to communicate peer Server + * so that TLS handshake uses SCE protect mode + */ #define TEST_CIPHER_SPECIFIED -/* RSA certification use */ +/* Use RSA certificates */ #define USE_CERT_BUFFERS_2048 -/* ECC certification use */ +/* Use ECC certificates */ /*#define USE_CERT_BUFFERS_256*/ #if defined(USE_CERT_BUFFERS_2048) && defined(USE_CERT_BUFFERS_256) @@ -59,7 +61,7 @@ #endif void wolfSSL_TLS_client_init(); -uint32_t wolfSSL_TLS_client(); +void wolfSSL_TLS_client(); static void util_Cleanup(xSocket_t xSock, WOLFSSL_CTX *ctx, WOLFSSL *ssl) { printf("Cleaning up socket and wolfSSL objects.\n"); diff --git a/IDE/Renesas/e2studio/RA6M4/include.am b/IDE/Renesas/e2studio/RA6M4/include.am index e9066d832..b975dca4d 100644 --- a/IDE/Renesas/e2studio/RA6M4/include.am +++ b/IDE/Renesas/e2studio/RA6M4/include.am @@ -5,15 +5,11 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/README.md EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/wolfssl/.project -EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/wolfssl/configuration.xml -EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/wolfssl/R7FA6M4AF3CFB.pincfg EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/.cproject EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/.project EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/test_RA6M4Debug.launch EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/test_main.c EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c -EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/hal_entry.c -EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/sce_tst_thread_entry.c EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/common/.gitignore EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c diff --git a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data.h b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data.h index d4a3cd04d..78d660a74 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data.h +++ b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data.h @@ -6,13 +6,14 @@ /** Firmware update data and user key datas */ typedef struct user_key_block_data { + /* Provisioning key wapped by Renesas DLM */ uint8_t encrypted_provisioning_key[HW_SCE_AES_CBC_IV_BYTE_SIZE * 2]; + /* Initial vector to be used when creating encrypted key */ uint8_t iv[HW_SCE_AES_CBC_IV_BYTE_SIZE]; + /* RSA 2048 bit key, encrypted by AES128-ECB */ uint8_t encrypted_user_rsa2048_ne_key[HW_SCE_RSA2048_NE_KEY_BYTE_SIZE + 16]; - uint8_t encrypted_user_update_key[HW_SCE_AES256_KEY_BYTE_SIZE + 16]; } st_user_key_block_data_t; - extern const unsigned char ca_cert_der_sign[]; extern const unsigned char ca_ecc_cert_der_sign[]; diff --git a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c index ba53b1818..abc7fcb96 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c +++ b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c @@ -1,52 +1,75 @@ - +/* key_data.h + * + * Copyright (C) 2006-2021 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ #include "key_data.h" #include "wolfssl_demo.h" -/********************************************************************************************************************** - Exported global variables - *********************************************************************************************************************/ +/******************************************************************************* + * SCE Key Information + *******************************************************************************/ const st_user_key_block_data_t g_key_block_data = { /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */ { - 0xE7, 0x1C, 0xEB, 0xCA, 0x3A, 0x64, 0x0B, 0xD2, 0xC5, 0xB8, 0xF2, 0xD0, 0xF7, 0x1B, 0xA9, 0x4A, - 0x98, 0xFF, 0xF3, 0x48, 0x81, 0xAD, 0xAF, 0x63, 0x19, 0x24, 0x4B, 0x2B, 0xC0, 0x8B, 0x9C, 0x6B + 0xE7, 0x1C, 0xEB, 0xCA, 0x3A, 0x64, 0x0B, 0xD2, 0xC5, 0xB8, 0xF2, 0xD0, + 0xF7, 0x1B, 0xA9, 0x4A, 0x98, 0xFF, 0xF3, 0x48, 0x81, 0xAD, 0xAF, 0x63, + 0x19, 0x24, 0x4B, 0x2B, 0xC0, 0x8B, 0x9C, 0x6B }, /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */ { - 0xD7, 0x97, 0x56, 0x82, 0x5B, 0x4B, 0x7F, 0xB2, 0x1C, 0x1F, 0xEE, 0x85, 0x02, 0xC5, 0xD0, 0xBA + 0xD7, 0x97, 0x56, 0x82, 0x5B, 0x4B, 0x7F, 0xB2, 0x1C, 0x1F, 0xEE, 0x85, + 0x02, 0xC5, 0xD0, 0xBA }, /* uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]; */ { - 0x3F, 0xA5, 0xBE, 0xBF, 0x86, 0xEC, 0x23, 0x37, 0x82, 0x37, 0x71, 0x0C, 0x83, 0xA7, 0x8E, 0x86, - 0xF0, 0x16, 0xD3, 0x7B, 0xF1, 0x25, 0xA4, 0x37, 0x7A, 0x2D, 0x16, 0xF2, 0xFF, 0x3D, 0xEE, 0x46, - 0xE0, 0x05, 0x58, 0x56, 0xC2, 0xE7, 0x9D, 0x2C, 0x01, 0x84, 0x59, 0x8E, 0xA8, 0x9E, 0xEE, 0x3F, - 0x22, 0x83, 0x68, 0xDA, 0x9E, 0xCE, 0xEA, 0x99, 0xFD, 0xAF, 0xDF, 0x67, 0x1E, 0x73, 0x25, 0x68, - 0xBF, 0x0A, 0xDF, 0xAF, 0xC4, 0x3D, 0xF1, 0xBD, 0x41, 0xF5, 0xAC, 0xAC, 0xA4, 0x36, 0xF8, 0x96, - 0xC0, 0x8C, 0x2F, 0x1A, 0x79, 0x75, 0x28, 0xAE, 0x67, 0xC9, 0x5A, 0xDE, 0x2A, 0xB4, 0x99, 0xDB, - 0x8C, 0x25, 0x53, 0x58, 0x8C, 0xDC, 0xA8, 0x0D, 0xFE, 0xEE, 0x0F, 0x6C, 0x61, 0xE6, 0x43, 0x66, - 0xE8, 0x4A, 0xE3, 0xEB, 0xAB, 0xA2, 0x52, 0xE4, 0x67, 0xC2, 0x9A, 0x57, 0xA4, 0x1F, 0xE0, 0xFC, - 0x2B, 0xBE, 0x25, 0xBF, 0xF0, 0x70, 0x18, 0x88, 0x93, 0xB7, 0x2F, 0x74, 0xF8, 0xF3, 0x88, 0xB8, - 0xFA, 0x18, 0xBE, 0xC1, 0xB2, 0x24, 0x4B, 0xBC, 0x89, 0x2D, 0xC4, 0x02, 0xB3, 0x82, 0xEC, 0xDB, - 0xC9, 0xF0, 0xA9, 0xC3, 0x30, 0x7C, 0xF5, 0x15, 0xEB, 0x9B, 0x16, 0x8C, 0x9D, 0xEF, 0x42, 0x8A, - 0xCA, 0x5D, 0x28, 0xDF, 0x68, 0xEA, 0xE0, 0xB8, 0x76, 0x7C, 0xBB, 0x4A, 0x51, 0xDD, 0x55, 0x14, - 0xB7, 0xAB, 0xD2, 0xF1, 0xB9, 0x51, 0x19, 0x05, 0x26, 0x87, 0xF7, 0x5C, 0x69, 0x45, 0x3C, 0x82, - 0xE8, 0x82, 0x05, 0x5D, 0x33, 0x8E, 0xD1, 0x42, 0x71, 0xD6, 0x96, 0xDA, 0xAB, 0xB8, 0xC0, 0x0F, - 0xF7, 0x85, 0x8A, 0x12, 0xEF, 0xB9, 0x53, 0xFF, 0xD2, 0x95, 0x18, 0x2F, 0x0C, 0xA6, 0x72, 0x98, - 0xC3, 0xC6, 0x9B, 0x95, 0x70, 0x69, 0xC5, 0xB7, 0xD5, 0x24, 0x77, 0x05, 0xD0, 0x68, 0x85, 0x36, - 0xB8, 0x57, 0xE3, 0xED, 0x2E, 0x4D, 0x95, 0xD3, 0xFC, 0x24, 0x1B, 0x22, 0xFA, 0x43, 0xD8, 0x62, - 0x28, 0x57, 0x6B, 0x34, 0xBF, 0xD1, 0x63, 0x4B, 0xB5, 0xF5, 0x88, 0xBC, 0xB8, 0x69, 0xF3, 0xB5 - }, - /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */ - { - 0x96, 0x15, 0xD0, 0x32, 0x6C, 0x80, 0xDB, 0xF7, 0x5D, 0xD7, 0x28, 0xAF, 0xFD, 0x0F, 0xA5, 0xB0, - 0x44, 0x76, 0x19, 0x75, 0x13, 0x3A, 0x10, 0x92, 0xE2, 0x97, 0xE3, 0x83, 0x6C, 0x42, 0x69, 0xA3, - 0x7E, 0x30, 0x5D, 0xFE, 0x7B, 0x2A, 0x8F, 0x30, 0x92, 0x25, 0x8C, 0xC5, 0xDB, 0x3E, 0x68, 0x06 + 0x3F, 0xA5, 0xBE, 0xBF, 0x86, 0xEC, 0x23, 0x37, 0x82, 0x37, 0x71, 0x0C, + 0x83, 0xA7, 0x8E, 0x86, 0xF0, 0x16, 0xD3, 0x7B, 0xF1, 0x25, 0xA4, 0x37, + 0x7A, 0x2D, 0x16, 0xF2, 0xFF, 0x3D, 0xEE, 0x46, 0xE0, 0x05, 0x58, 0x56, + 0xC2, 0xE7, 0x9D, 0x2C, 0x01, 0x84, 0x59, 0x8E, 0xA8, 0x9E, 0xEE, 0x3F, + 0x22, 0x83, 0x68, 0xDA, 0x9E, 0xCE, 0xEA, 0x99, 0xFD, 0xAF, 0xDF, 0x67, + 0x1E, 0x73, 0x25, 0x68, 0xBF, 0x0A, 0xDF, 0xAF, 0xC4, 0x3D, 0xF1, 0xBD, + 0x41, 0xF5, 0xAC, 0xAC, 0xA4, 0x36, 0xF8, 0x96, 0xC0, 0x8C, 0x2F, 0x1A, + 0x79, 0x75, 0x28, 0xAE, 0x67, 0xC9, 0x5A, 0xDE, 0x2A, 0xB4, 0x99, 0xDB, + 0x8C, 0x25, 0x53, 0x58, 0x8C, 0xDC, 0xA8, 0x0D, 0xFE, 0xEE, 0x0F, 0x6C, + 0x61, 0xE6, 0x43, 0x66, 0xE8, 0x4A, 0xE3, 0xEB, 0xAB, 0xA2, 0x52, 0xE4, + 0x67, 0xC2, 0x9A, 0x57, 0xA4, 0x1F, 0xE0, 0xFC, 0x2B, 0xBE, 0x25, 0xBF, + 0xF0, 0x70, 0x18, 0x88, 0x93, 0xB7, 0x2F, 0x74, 0xF8, 0xF3, 0x88, 0xB8, + 0xFA, 0x18, 0xBE, 0xC1, 0xB2, 0x24, 0x4B, 0xBC, 0x89, 0x2D, 0xC4, 0x02, + 0xB3, 0x82, 0xEC, 0xDB, 0xC9, 0xF0, 0xA9, 0xC3, 0x30, 0x7C, 0xF5, 0x15, + 0xEB, 0x9B, 0x16, 0x8C, 0x9D, 0xEF, 0x42, 0x8A, 0xCA, 0x5D, 0x28, 0xDF, + 0x68, 0xEA, 0xE0, 0xB8, 0x76, 0x7C, 0xBB, 0x4A, 0x51, 0xDD, 0x55, 0x14, + 0xB7, 0xAB, 0xD2, 0xF1, 0xB9, 0x51, 0x19, 0x05, 0x26, 0x87, 0xF7, 0x5C, + 0x69, 0x45, 0x3C, 0x82, 0xE8, 0x82, 0x05, 0x5D, 0x33, 0x8E, 0xD1, 0x42, + 0x71, 0xD6, 0x96, 0xDA, 0xAB, 0xB8, 0xC0, 0x0F, 0xF7, 0x85, 0x8A, 0x12, + 0xEF, 0xB9, 0x53, 0xFF, 0xD2, 0x95, 0x18, 0x2F, 0x0C, 0xA6, 0x72, 0x98, + 0xC3, 0xC6, 0x9B, 0x95, 0x70, 0x69, 0xC5, 0xB7, 0xD5, 0x24, 0x77, 0x05, + 0xD0, 0x68, 0x85, 0x36, 0xB8, 0x57, 0xE3, 0xED, 0x2E, 0x4D, 0x95, 0xD3, + 0xFC, 0x24, 0x1B, 0x22, 0xFA, 0x43, 0xD8, 0x62, 0x28, 0x57, 0x6B, 0x34, + 0xBF, 0xD1, 0x63, 0x4B, 0xB5, 0xF5, 0x88, 0xBC, 0xB8, 0x69, 0xF3, 0xB5 }, }; #ifndef USE_CERT_BUFFERS_256 -/* ca-cert.der.sign, */ +/* ca-cert.der.sign, + * ca-cert.der signed by RSA2048 PSS with SHA256 + * This is used for Root Certificate verify by SCE */ const unsigned char ca_cert_der_sign[] = { 0x07, 0x1A, 0x68, 0xF4, 0x53, 0x2A, 0x9B, 0x1F, 0xF7, 0x7B, @@ -79,7 +102,10 @@ const unsigned char ca_cert_der_sign[] = const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign); #else -/* ca-ecc-cert.der.sign, */ +/* ca-ecc-cert.der.sign, + * ca-ecc-cert.der signed by RSA2048 PSS with SHA256 + * This is used for Root Certificate verify by SCE + */ const unsigned char ca_ecc_cert_der_sign[] = { 0x07, 0xCA, 0x3B, 0x8F, 0x49, 0x26, 0x33, 0x80, 0x46, 0xFE, @@ -110,4 +136,4 @@ const unsigned char ca_ecc_cert_der_sign[] = 0x5B, 0x52, 0xFB, 0x37, 0x4E, 0x23 }; static const int sizeof_ca_ecc_cert_der_sign = sizeof(ca_ecc_cert_der_sign); -#endif +#endif /* USE_CERT_BUFFERS_256 */ diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/hal_entry.c b/IDE/Renesas/e2studio/RA6M4/test/src/hal_entry.c deleted file mode 100644 index 4f769369c..000000000 --- a/IDE/Renesas/e2studio/RA6M4/test/src/hal_entry.c +++ /dev/null @@ -1,59 +0,0 @@ -#include "hal_data.h" - -FSP_CPP_HEADER -void R_BSP_WarmStart(bsp_warm_start_event_t event); -FSP_CPP_FOOTER - -/*******************************************************************************************************************//** - * main() is generated by the RA Configuration editor and is used to generate threads if an RTOS is used. This function - * is called by main() when no RTOS is used. - **********************************************************************************************************************/ -void hal_entry(void) -{ - /* TODO: add your own code here */ - -#if BSP_TZ_SECURE_BUILD - /* Enter non-secure code */ - R_BSP_NonSecureEnter(); -#endif -} - -/*******************************************************************************************************************//** - * This function is called at various points during the startup process. This implementation uses the event that is - * called right before main() to set up the pins. - * - * @param[in] event Where at in the start up process the code is currently at - **********************************************************************************************************************/ -void R_BSP_WarmStart (bsp_warm_start_event_t event) -{ - if (BSP_WARM_START_RESET == event) - { -#if BSP_FEATURE_FLASH_LP_VERSION != 0 - - /* Enable reading from data flash. */ - R_FACI_LP->DFLCTL = 1U; - - /* Would normally have to wait tDSTOP(6us) for data flash recovery. Placing the enable here, before clock and - * C runtime initialization, should negate the need for a delay since the initialization will typically take more than 6us. */ -#endif - } - - if (BSP_WARM_START_POST_C == event) - { - /* C runtime environment and system clocks are setup. */ - - /* Configure pins. */ - R_IOPORT_Open(&g_ioport_ctrl, g_ioport.p_cfg); - } -} - -#if BSP_TZ_SECURE_BUILD - -BSP_CMSE_NONSECURE_ENTRY void template_nonsecure_callable (); - -/* Trustzone Secure Projects require at least one nonsecure callable function in order to build (Remove this if it is not required to build). */ -BSP_CMSE_NONSECURE_ENTRY void template_nonsecure_callable () -{ - -} -#endif diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/sce_tst_thread_entry.c b/IDE/Renesas/e2studio/RA6M4/test/src/sce_tst_thread_entry.c deleted file mode 100644 index 7466a8106..000000000 --- a/IDE/Renesas/e2studio/RA6M4/test/src/sce_tst_thread_entry.c +++ /dev/null @@ -1,18 +0,0 @@ -#include "sce_tst_thread.h" -#include "user_settings.h" -/* sce_tst_thread entry function */ -/* pvParameters contains TaskHandle_t */ - -int sce_test(); - -void sce_tst_thread_entry(void *pvParameters) -{ - FSP_PARAMETER_NOT_USED (pvParameters); - - /* TODO: add your own code here */ - sce_test(); - while (1) - { - vTaskDelay (1); - } -} diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c index fea8333fb..96199642d 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c +++ b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c @@ -24,12 +24,15 @@ #include "stdint.h" #include #include + #if defined(WOLFSSL_RENESAS_SCEPROTECT) -#include -User_SCEPKCbInfo guser_PKCbInfo; + #include + User_SCEPKCbInfo guser_PKCbInfo; #endif + #include #include "key_data.h" +#include "hal_data.h" #ifdef __cplusplus extern "C" { @@ -37,7 +40,17 @@ void abort(void); } #endif +/* the function is called just before main() to set up pins */ +/* this needs to be called to setup IO Port */ +void R_BSP_WarmStart (bsp_warm_start_event_t event) +{ + if (BSP_WARM_START_POST_C == event) { + /* C runtime environment and system clocks are setup. */ + /* Configure pins. */ + R_IOPORT_Open(&g_ioport_ctrl, g_ioport.p_cfg); + } +} #if defined(TLS_CLIENT) || defined(TLS_SERVER) || defined(EXTRA_SCE_TSIP_TEST) @@ -53,12 +66,12 @@ static int SetScetlsKey() #if defined(TLS_CLIENT) || defined(EXTRA_SCE_TSIP_TEST) #if defined(USE_CERT_BUFFERS_256) - sce_inform_cert_sign((const byte *)ca_ecc_cert_der_sign); + wc_sce_inform_cert_sign((const byte *)ca_ecc_cert_der_sign); encrypted_user_key_type = 2; #else - sce_inform_cert_sign((const byte *)ca_cert_der_sign); + wc_sce_inform_cert_sign((const byte *)ca_cert_der_sign); #endif - sce_inform_user_keys( + wc_sce_inform_user_keys( (byte*)&g_key_block_data.encrypted_provisioning_key, (byte*)&g_key_block_data.iv, (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key, @@ -69,8 +82,8 @@ static int SetScetlsKey() #elif defined(TLS_SERVER) - sce_inform_cert_sign((const byte *)client_cert_der_sign); - sce_inform_user_keys( + wc_sce_inform_cert_sign((const byte *)client_cert_der_sign); + wc_sce_inform_user_keys( (byte*)&g_key_block_data.encrypted_provisioning_key, (byte*)&g_key_block_data.iv, (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key, @@ -96,7 +109,6 @@ int benchmark_test(void *args); void sce_test(void) { - /*(void)timeTick;*/ #if defined(CRYPT_TEST) || defined(BENCHMARK) #if defined(CRYPT_TEST) @@ -170,10 +182,6 @@ void sce_test(void) #endif int i = 0; - int j = 0; - uint32_t elapsed_time_total = 0; - uint32_t elapsed_time = 0.0; - const int benchmark_times = 1; SetScetlsKey(); @@ -181,20 +189,11 @@ void sce_test(void) do { if(cipherlist_sz > 0 && cipherlist[i] != NULL ) - printf("cipher : %s\n", cipherlist[i]); - - elapsed_time_total = 0; - for(j = 0; j < benchmark_times; j++){ - wolfSSL_TLS_client_init(cipherlist[i]); - elapsed_time = wolfSSL_TLS_client(); - elapsed_time_total += elapsed_time; - printf("elapsed_time(%d) %d mS\n", j, elapsed_time); - } - if(cipherlist_sz > 0 && i < cipherlist_sz && cipherlist[i] != NULL ) { - printf("cipher : %s took %d mS for TLS connection(%d times).\n\n", cipherlist[i], - elapsed_time_total, benchmark_times); - } + printf("cipher : %s\n", cipherlist[i]); + wolfSSL_TLS_client_init(cipherlist[i]); + wolfSSL_TLS_client(); + i++; } while (i < cipherlist_sz); #endif diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c index 7f763bf4f..4aa1463a3 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c +++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c @@ -45,13 +45,6 @@ static const byte ucDNSServerAddress[4] = { 192, 168, 11, 1 }; #define FR_SOCKET_SUCCESS 0 -static uint32_t TimeNowInMilliseconds(void) -{ - return (unsigned int)(((float)xTaskGetTickCount()) / - (configTICK_RATE_HZ / 1000)); -} - - void TCPInit( ) { BaseType_t fr_status; @@ -98,7 +91,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist) } #if defined(WOLFSSL_RENESAS_SCEPROTECT) /* set callback functions for ECC */ - sce_set_callbacks(client_ctx); + wc_sce_set_callbacks(client_ctx); #endif #if !defined(NO_FILESYSTEM) @@ -120,11 +113,10 @@ void wolfSSL_TLS_client_init(const char* cipherlist) } } -uint32_t wolfSSL_TLS_client( ) +void wolfSSL_TLS_client( ) { int ret; /* FreeRTOS+TCP Objects */ - uint32_t elipsed_time = 0; socklen_t xSize = sizeof(struct freertos_sockaddr); xSocket_t xClientSocket = NULL; struct freertos_sockaddr xRemoteAddress; @@ -159,11 +151,11 @@ uint32_t wolfSSL_TLS_client( ) if((ssl = wolfSSL_new(ctx)) == NULL) { printf("ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0)); - return elipsed_time; + return; } #if defined(WOLFSSL_RENESAS_SCEPROTECT) /* set callback ctx */ - sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo); + wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo); #endif /* Attach wolfSSL to the socket */ ret = wolfSSL_set_fd(ssl, (int) xClientSocket); @@ -172,21 +164,19 @@ uint32_t wolfSSL_TLS_client( ) util_inf_loop(xClientSocket, ctx, ssl); } - elipsed_time = TimeNowInMilliseconds( ); if(wolfSSL_connect(ssl) != SSL_SUCCESS) { printf("ERROR SSL connect: %d\n", wolfSSL_get_error(ssl, 0)); - return elipsed_time;; + return; } - elipsed_time = TimeNowInMilliseconds( ) - elipsed_time; if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) { printf("ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0)); - return elipsed_time;; + return; } if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE)) < 0) { printf("ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0)); - return elipsed_time;; + return; } rcvBuff[ret] = '\0' ; @@ -196,7 +186,4 @@ uint32_t wolfSSL_TLS_client( ) wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); - - - return elipsed_time; } diff --git a/IDE/Renesas/e2studio/RA6M4/wolfssl/R7FA6M4AF3CFB.pincfg b/IDE/Renesas/e2studio/RA6M4/wolfssl/R7FA6M4AF3CFB.pincfg deleted file mode 100644 index 94f220b8e..000000000 --- a/IDE/Renesas/e2studio/RA6M4/wolfssl/R7FA6M4AF3CFB.pincfg +++ /dev/null @@ -1,36 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/IDE/Renesas/e2studio/RA6M4/wolfssl/configuration.xml b/IDE/Renesas/e2studio/RA6M4/wolfssl/configuration.xml deleted file mode 100644 index 9b4ddeb9f..000000000 --- a/IDE/Renesas/e2studio/RA6M4/wolfssl/configuration.xml +++ /dev/null @@ -1,799 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Board Support Package Common Files - Renesas.RA.3.4.0-alpha0+20210926.81b96644.pack - - - Ethernet PHY - Renesas.RA.3.4.0-alpha0+20210926.81b96644.pack - - - Ethernet - Renesas.RA.3.4.0-alpha0+20210926.81b96644.pack - - - I/O Port - Renesas.RA.3.4.0-alpha0+20210926.81b96644.pack - - - Secure Cryptography Engine on RA6 Protected Mode - Renesas.RA.3.4.0-alpha0+20210926.81b96644.pack - - - r_ether to FreeRTOS+TCP Wrapper - Renesas.RA.3.4.0-alpha0+20210926.81b96644.pack - - - FreeRTOS Port - Renesas.RA.3.4.0-alpha0+20210926.81b96644.pack - - - FreeRTOS - Buffer Allocation 2 - Amazon.FreeRTOS-Plus-TCP.2.3.2+fsp.3.4.0.alpha0.20210926.81b96644.pack - - - FreeRTOS+TCP - Amazon.FreeRTOS-Plus-TCP.2.3.2+fsp.3.4.0.alpha0.20210926.81b96644.pack - - - Arm CMSIS Version 5 - Core (M) - Arm.CMSIS5.5.7.0+fsp.3.4.0.alpha0.20210926.81b96644.pack - - - Board support package for R7FA6M4AF3CFB - Renesas.RA_mcu_ra6m4.3.4.0-alpha0+20210926.81b96644.pack - - - Board support package for RA6M4 - Renesas.RA_mcu_ra6m4.3.4.0-alpha0+20210926.81b96644.pack - - - Board support package for RA6M4 - FSP Data - Renesas.RA_mcu_ra6m4.3.4.0-alpha0+20210926.81b96644.pack - - - FreeRTOS - Amazon.FreeRTOS-Kernel.10.4.3+fsp.3.4.0.alpha0.20210926.81b96644.pack - - - FreeRTOS - Memory Management - Heap 4 - Amazon.FreeRTOS-Kernel.10.4.3+fsp.3.4.0.alpha0.20210926.81b96644.pack - - - RA6M4-EK Board Support Files - Renesas.RA_board_ra6m4_ek.3.4.0-alpha0+20210926.81b96644.pack - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/internal.c b/src/internal.c index 91411de3c..51c81a1f8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -225,15 +225,8 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int tsip_generatePremasterSecret(); int tsip_generateEncryptPreMasterSecret(WOLFSSL *ssl, byte *out, word32 *outSz); #endif -#ifdef WOLFSSL_RENESAS_SCEPROTECT - int Renesas_cmn_useable(const WOLFSSL *ssl, byte seskey_gennerated); - int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz, - unsigned char** out, const unsigned char* keyDer, unsigned int keySz, - void* ctx); - int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz, - const unsigned char* hash, unsigned int hashSz, - const unsigned char* keyDer, unsigned int keySz, - int* result, void* ctx); +#if defined(WOLFSSL_RENESAS_SCEPROTECT) +#include #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) @@ -11071,29 +11064,29 @@ int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx) /* only setup the verify callback if a PK is set */ #ifdef HAVE_ECC - #if !defined(WOLFSSL_RENESAS_SCEPROTECT) + #if defined(WOLFSSL_RENESAS_SCEPROTECT) + sigCtx->pkCbEcc = Renesas_cmn_SigPkCbEccVerify; + sigCtx->pkCtxEcc = (void*)&sigCtx->CertAtt; + (void)SigPkCbEccVerify; + #else if (ssl->ctx->EccVerifyCb) { sigCtx->pkCbEcc = SigPkCbEccVerify; sigCtx->pkCtxEcc = ssl; } - #else - sigCtx->pkCbEcc = Renesas_cmn_SigPkCbEccVerify; - sigCtx->pkCtxEcc = (void*)&sigCtx->CertAtt; - (void)SigPkCbEccVerify; #endif #endif #ifndef NO_RSA /* only setup the verify callback if a PK is set */ - #if !defined(WOLFSSL_RENESAS_SCEPROTECT) + #if defined(WOLFSSL_RENESAS_SCEPROTECT) + sigCtx->pkCbRsa = Renesas_cmn_SigPkCbRsaVerify; + sigCtx->pkCtxRsa = (void*)&sigCtx->CertAtt; + (void)SigPkCbRsaVerify; + #else if (ssl->ctx->RsaVerifyCb) { sigCtx->pkCbRsa = SigPkCbRsaVerify; sigCtx->pkCtxRsa = ssl; } - #else - sigCtx->pkCbRsa = Renesas_cmn_SigPkCbRsaVerify; - sigCtx->pkCtxRsa = (void*)&sigCtx->CertAtt; - (void)SigPkCbRsaVerify; #endif #endif @@ -12824,7 +12817,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } else { ssl->peerRsaKeyPresent = 1; - #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) + #if defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT) /* copy encrypted tsip key index into ssl object */ if (args->dCert->sce_tsip_encRsaKeyIdx) { if (!ssl->peerSceTsipEncRsaKeyIndex) { @@ -12888,7 +12882,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, int keyRet = 0; word32 idx = 0; #if defined(WOLFSSL_RENESAS_SCEPROTECT) - /* copy encrypted tsip key index into ssl object */ + /* copy encrypted tsip/sce key index into ssl object */ if (args->dCert->sce_tsip_encRsaKeyIdx) { if (!ssl->peerSceTsipEncRsaKeyIndex) { ssl->peerSceTsipEncRsaKeyIndex = (byte*)XMALLOC( @@ -12896,7 +12890,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->heap, DYNAMIC_TYPE_RSA); if (!ssl->peerSceTsipEncRsaKeyIndex) { args->lastErr = MEMORY_E; - goto exit_ppc; + ERROR_OUT(MEMORY_ERROR, exit_ppc); } } @@ -16713,16 +16707,16 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, if (ssl->options.tls) { #if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS) ret = PROTOCOLCB_UNAVAILABLE; - if(ssl->ctx->VerifymacCb) { - void* ctx = wolfSSL_GetVerifymacCtx(ssl); - ret = ssl->ctx->VerifymacCb(ssl, input, + if(ssl->ctx->VerifyMacCb) { + void* ctx = wolfSSL_GetVerifyMacCtx(ssl); + ret = ssl->ctx->VerifyMacCb(ssl, input, (msgSz - ivExtra) - digestSz - pad - 1, digestSz, content, ctx); if (ret != 0 && ret != PROTOCOLCB_UNAVAILABLE) { return ret; } } - if (!ssl->ctx->VerifymacCb || ret == PROTOCOLCB_UNAVAILABLE) + if (!ssl->ctx->VerifyMacCb || ret == PROTOCOLCB_UNAVAILABLE) #endif ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra, content); @@ -24935,9 +24929,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, defined(WOLFSSL_RENESAS_SCEPROTECT_ECC) /* already checked signature result by SCE */ /* skip the sign checks below */ - if (Renesas_cmn_useable(ssl, 0)) { + if (Renesas_cmn_usable(ssl, 0)) { break; - } else + } #endif if (IsAtLeastTLSv1_2(ssl)) { #ifdef WOLFSSL_SMALL_STACK diff --git a/src/keys.c b/src/keys.c index 8a8a9cb73..f162af097 100644 --- a/src/keys.c +++ b/src/keys.c @@ -44,9 +44,7 @@ #endif #if defined(WOLFSSL_RENESAS_SCEPROTECT) -/* callback for TLS hmac in SCE use case */ -int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, - word32 sz, int padSz, int content, int verify, int epochOrder); +#include #endif int SetCipherSpecs(WOLFSSL* ssl) @@ -3121,11 +3119,11 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) #if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS) ret = PROTOCOLCB_UNAVAILABLE; - if (ssl->ctx->SetKeysCb) { - void* ctx = wolfSSL_GetSetKeysCtx(ssl); - ret = ssl->ctx->SetKeysCb(ssl, ctx); + if (ssl->ctx->EncryptKeysCb) { + void* ctx = wolfSSL_GetEncryptKeysCtx(ssl); + ret = ssl->ctx->EncryptKeysCb(ssl, ctx); } - if (!ssl->ctx->SetKeysCb || ret == PROTOCOLCB_UNAVAILABLE) + if (!ssl->ctx->EncryptKeysCb || ret == PROTOCOLCB_UNAVAILABLE) #endif ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side, ssl->heap, ssl->devId, ssl->rng, ssl->options.tls1_3); diff --git a/src/ssl.c b/src/ssl.c index ec495b95e..3e73f9e10 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -239,11 +239,7 @@ const WOLF_EC_NIST_NAME kNistCurves[] = { #endif #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) - /* for root ca verification */ -int Renesas_cmn_RootCertVerify(const byte *cert, word32 cert_len, - word32 key_n_start, word32 key_n_len, - word32 key_e_start, word32 key_e_len, - word32 cm_row); +#include #endif #ifdef WOLFSSL_SESSION_EXPORT @@ -5006,7 +5002,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) if ( ret == 0 && signer != NULL ) { signer->cm_idx = row; if (type == WOLFSSL_USER_CA) { - if ((ret = Renesas_cmn_RootCertVerify(cert->source, cert->maxIdx, + if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, cert->maxIdx, cert->sigCtx.CertAtt.pubkey_n_start, cert->sigCtx.CertAtt.pubkey_n_len - 1, cert->sigCtx.CertAtt.pubkey_e_start, @@ -41986,13 +41982,13 @@ void wolfSSL_CTX_SetGenPreMasterCb(WOLFSSL_CTX* ctx, CallbackGenPreMaster cb) if (ctx) ctx->GenPreMasterCb = cb; } -/* Set master secret generation callback context */ +/* Set premaster secret generation callback context */ void wolfSSL_SetGenPreMasterCtx(WOLFSSL* ssl, void *ctx) { if (ssl) ssl->GenPreMasterCtx = ctx; } -/* Get master secret generation callback context */ +/* Get premaster secret generation callback context */ void* wolfSSL_GetGenPreMasterCtx(WOLFSSL* ssl) { if (ssl) @@ -42001,19 +41997,19 @@ void* wolfSSL_GetGenPreMasterCtx(WOLFSSL* ssl) return NULL; } -/* callback for premaster secret generation */ +/* callback for master secret generation */ void wolfSSL_CTX_SetGenMasterSecretCb(WOLFSSL_CTX* ctx, CallbackGenMasterSecret cb) { if (ctx) ctx->GenMasterCb = cb; } -/* Set premaster secret generation callback context */ +/* Set master secret generation callback context */ void wolfSSL_SetGenMasterSecretCtx(WOLFSSL* ssl, void *ctx) { if (ssl) ssl->GenMasterCtx = ctx; } -/* Get premaster secret generation callback context */ +/* Get master secret generation callback context */ void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl) { if (ssl) @@ -42023,19 +42019,19 @@ void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl) } /* callback for session key generation */ -void wolfSSL_CTX_SetGenSesssionKeyCb(WOLFSSL_CTX* ctx, CallbackGenSessionKey cb) +void wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX* ctx, CallbackGenSessionKey cb) { if (ctx) ctx->GenSessionKeyCb = cb; } /* Set sesssion key generation callback context */ -void wolfSSL_SetGenSesssionKeyCtx(WOLFSSL* ssl, void *ctx) +void wolfSSL_SetGenSessionKeyCtx(WOLFSSL* ssl, void *ctx) { if (ssl) ssl->GenSessionKeyCtx = ctx; } /* Get sesssion key generation callback context */ -void* wolfSSL_GetGenSesssionKeyCtx(WOLFSSL* ssl) +void* wolfSSL_GetGenSessionKeyCtx(WOLFSSL* ssl) { if (ssl) return ssl->GenSessionKeyCtx; @@ -42043,40 +42039,41 @@ void* wolfSSL_GetGenSesssionKeyCtx(WOLFSSL* ssl) return NULL; } -/* callback for set keys */ -void wolfSSL_CTX_SetSetKeysCb(WOLFSSL_CTX* ctx, CallbackSetKeys cb) +/* callback for setting encryption keys */ +void wolfSSL_CTX_SetEncryptKeysCb(WOLFSSL_CTX* ctx, CallbackEncryptKeys cb) { if (ctx) - ctx->SetKeysCb = cb; + ctx->EncryptKeysCb = cb; } -/* Set set keys callback context */ -void wolfSSL_SetSetKeysCtx(WOLFSSL* ssl, void *ctx) +/* Set encryption keys callback context */ +void wolfSSL_SetEncryptKeysCtx(WOLFSSL* ssl, void *ctx) { if (ssl) - ssl->SetKeysCtx = ctx; + ssl->EncryptKeysCtx = ctx; } -/* Get set keys callback context */ -void* wolfSSL_GetSetKeysCtx(WOLFSSL* ssl) +/* Get encryption keys callback context */ +void* wolfSSL_GetEncryptKeysCtx(WOLFSSL* ssl) { if (ssl) - return ssl->SetKeysCtx; + return ssl->EncryptKeysCtx; return NULL; } -/* callback for verify data */ +/* callback for Tls finished */ +/* the callback can be used to build TLS Finished message if enabled */ void wolfSSL_CTX_SetTlsFinishedCb(WOLFSSL_CTX* ctx, CallbackTlsFinished cb) { if (ctx) ctx->TlsFinishedCb = cb; } -/* Set set keys callback context */ +/* Set Tls finished callback context */ void wolfSSL_SetTlsFinishedCtx(WOLFSSL* ssl, void *ctx) { if (ssl) ssl->TlsFinishedCtx = ctx; } -/* Get set keys callback context */ +/* Get Tls finished callback context */ void* wolfSSL_GetTlsFinishedCtx(WOLFSSL* ssl) { if (ssl) @@ -42086,22 +42083,23 @@ void* wolfSSL_GetTlsFinishedCtx(WOLFSSL* ssl) } #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) /* callback for verify data */ -void wolfSSL_CTX_SetVerifymacCb(WOLFSSL_CTX* ctx, CallbackVerifymac cb) +void wolfSSL_CTX_SetVerifyMacCb(WOLFSSL_CTX* ctx, CallbackVerifyMac cb) { if (ctx) - ctx->VerifymacCb = cb; + ctx->VerifyMacCb = cb; } + /* Set set keys callback context */ -void wolfSSL_SetVerifymacCtx(WOLFSSL* ssl, void *ctx) +void wolfSSL_SetVerifyMacCtx(WOLFSSL* ssl, void *ctx) { if (ssl) - ssl->VerifymacCtx = ctx; + ssl->VerifyMacCtx = ctx; } /* Get set keys callback context */ -void* wolfSSL_GetVerifymacCtx(WOLFSSL* ssl) +void* wolfSSL_GetVerifyMacCtx(WOLFSSL* ssl) { if (ssl) - return ssl->VerifymacCtx; + return ssl->VerifyMacCtx; return NULL; } diff --git a/src/tls.c b/src/tls.c index c59f7e82f..a9600568a 100644 --- a/src/tls.c +++ b/src/tls.c @@ -404,7 +404,7 @@ int DeriveTlsKeys(WOLFSSL* ssl) #if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS) ret = PROTOCOLCB_UNAVAILABLE; if (ssl->ctx->GenSessionKeyCb) { - void* ctx = wolfSSL_GetGenSesssionKeyCtx(ssl); + void* ctx = wolfSSL_GetGenSessionKeyCtx(ssl); ret = ssl->ctx->GenSessionKeyCb(ssl, ctx); } if (!ssl->ctx->GenSessionKeyCb || ret == PROTOCOLCB_UNAVAILABLE) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 85689a1d3..9ec37b768 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1441,7 +1441,7 @@ static void* benchmarks_do(void* args) } #endif #ifdef HAVE_RENESAS_SYNC - devId = wc_CryptoCb_CryptInitRenesascmn(NULL, &guser_PKCbInfo); + devId = wc_CryptoCb_CryptInitRenesasCmn(NULL, &guser_PKCbInfo); if (devId == INVALID_DEVID) { printf("Couldn't get the Renesas device ID\n"); } @@ -2119,7 +2119,7 @@ int benchmark_free(void) wc_CryptoCb_CleanupOcteon(&devId); #endif #ifdef HAVE_RENESAS_SYNC - wc_CryptoCb_CleanupRenesascmn(&devId); + wc_CryptoCb_CleanupRenesasCmn(&devId); #endif #endif diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 80107bf98..c3b44f176 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -139,6 +139,10 @@ ASN Options: #include #endif +#ifdef WOLFSSL_RENESAS_SCEPROTECT + #include +#endif + #ifndef NO_RSA #include #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_CRYPTOCELL) @@ -198,9 +202,7 @@ int tsip_tls_CertVerify(const byte *cert, word32 certSz, word32 key_e_start, word32 key_e_len, byte *tsip_encRsaKeyIdx); #endif -#ifdef WOLFSSL_RENESAS_SCEPROTECT -byte Rnesas_cmn_checkCA(word32 cmdIdx); -#endif + /* Calculates the minimum number of bytes required to encode the value. * @@ -13105,9 +13107,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, #else CertAttribute* certatt = NULL; - #if !defined(NO_RSA) - certatt = (CertAttribute*)&sigCtx->CertAtt; - #elif defined(HAVE_ECC) + #if !defined(NO_RSA) || defined(HAVE_ECC) certatt = (CertAttribute*)&sigCtx->CertAtt; #endif if(certatt) { @@ -13462,12 +13462,12 @@ static int ConfirmSignature(SignatureCtx* sigCtx, if (rsaKeyIdx != NULL) { ret = tsip_tls_CertVerify(buf, bufSz, sigCtx->sigCpy, - sigSz, - sigCtx->.CertAtt.pubkey_n_start - sigCtx->certBegin, - sigCtx->.CertAtt.pubkey_n_len - 1, - sigCtx->.CertAtt.pubkey_e_start - sigCtx->certBegin, - sigCtx->.CertAtt.pubkey_e_len - 1, - rsaKeyIdx); + sigSz, + sigCtx->.CertAtt.pubkey_n_start - sigCtx->certBegin, + sigCtx->.CertAtt.pubkey_n_len - 1, + sigCtx->.CertAtt.pubkey_e_start - sigCtx->certBegin, + sigCtx->.CertAtt.pubkey_e_len - 1, + rsaKeyIdx); if (ret == 0){ sigCtx->verifyByTSIP_SCE = 1; @@ -18209,7 +18209,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) /* check if we can use TSIP for cert verification */ /* if the ca is verified as tsip root ca. */ /* TSIP can only handle 2048 bits(256 byte) key. */ - if (cert->ca && Rnesas_cmn_checkCA(cert->ca->cm_idx) != 0 && + if (cert->ca && Renesas_cmn_checkCA(cert->ca->cm_idx) != 0 && (cert->sigCtx.CertAtt.pubkey_n_len == 256 || cert->sigCtx.CertAtt.curve_id == ECC_SECP256R1)) { @@ -18223,7 +18223,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } else { if (cert->ca) { /* TSIP isn't usable */ - if (Rnesas_cmn_checkCA(cert->ca->cm_idx) == 0) + if (Renesas_cmn_checkCA(cert->ca->cm_idx) == 0) WOLFSSL_MSG("SCE-TSIP isn't usable because the ca isn't verified " "by TSIP."); else if (cert->sigCtx.CertAtt.pubkey_n_len != 256) diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 87581fb28..e856af20b 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -35,10 +35,10 @@ #include #include #include +#include - -extern uint32_t g_CAscm_Idx; /* index of CM table */ -static int devId = 7890; /* dev Id for Crypt Callback */ +extern uint32_t g_CAscm_Idx = (uint32_t)-1; /* index of CM table */ +static int devId = 7890; /* dev Id for Crypt Callback */ #ifdef WOLF_CRYPTO_CB @@ -219,14 +219,14 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) * session_key_generated : if session key has been generated * return 1 for usable, 0 for unusable */ -int Renesas_cmn_useable(const WOLFSSL* ssl, byte session_key_generated) +int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated) { int ret; #if defined(WOLFSSL_RENESAS_TSIP) /* TODO call tsip api */ #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - ret = sce_useable(ssl, session_key_generated); + ret = wc_sce_usable(ssl, session_key_generated); #endif return ret; @@ -239,7 +239,7 @@ int Renesas_cmn_useable(const WOLFSSL* ssl, byte session_key_generated) * ctx : callback context * return valid device Id on success, otherwise INVALID_DEVIID */ -int wc_CryptoCb_CryptInitRenesascmn(WOLFSSL* ssl, void* ctx) +int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) { (void)ssl; (void)ctx; @@ -266,7 +266,7 @@ int wc_CryptoCb_CryptInitRenesascmn(WOLFSSL* ssl, void* ctx) * id : a pointer to device id to unregister * no return value */ -void wc_CryptoCb_CleanupRenesascmn(int* id) +void wc_CryptoCb_CleanupRenesasCmn(int* id) { wc_CryptoCb_UnRegisterDevice(*id); *id = INVALID_DEVID; @@ -281,7 +281,7 @@ void wc_CryptoCb_CleanupRenesascmn(int* id) * cmdIdx : ca index * return 1 can be used, otherwise 0 */ -byte Rnesas_cmn_checkCA(word32 cmIdx) +WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx) { return (cmIdx == g_CAscm_Idx? 1:0); } @@ -304,7 +304,7 @@ static byte sce_tsip_rootCAverified( ) * keySz Length of key in bytes * return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code */ -int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, +WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, byte** out, const byte* key, word32 keySz, void* ctx) { int ret; @@ -312,17 +312,17 @@ int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, #if defined(WOLFSSL_RENESAS_TSIP) /* TODO TSIP */ #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - ret = SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx); + ret = wc_SCE_RsaVerify(ssl, sig, sigSz, out,key, keySz, ctx); - if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) { - /* Set Call back for SharedScret when being successful */ - wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret); - wolfSSL_SetEccSharedSecretCtx(ssl, ctx); - } else { - WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify"); - wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); - wolfSSL_SetEccSharedSecretCtx(ssl, NULL); - } + if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) { + /* Set Call back for SharedScret when being successful */ + wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, SCE_EccSharedSecret); + wolfSSL_SetEccSharedSecretCtx(ssl, ctx); + } else { + WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify"); + wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); + wolfSSL_SetEccSharedSecretCtx(ssl, NULL); + } #endif return ret; @@ -340,16 +340,16 @@ int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, * result a pointer to int indicates if the verify is ok * return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code */ -int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz, - const uint8_t* hash, uint32_t hashSz, const uint8_t* key, uint32_t keySz, - int* result, void* ctx) +WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig, + uint32_t sigSz, const uint8_t* hash, uint32_t hashSz, + const uint8_t* key, uint32_t keySz, int* result, void* ctx) { int ret; #if defined(WOLFSSL_RENESAS_TSIP) /* TODO TSIP */ #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - ret = SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz, + ret = wc_SCE_EccVerify(ssl, sig, sigSz, hash, hashSz, key, keySz, result, ctx); if (ret == 0 && *result == 1 && ret != CRYPTOCB_UNAVAILABLE) { /* Set Call back for SharedScret when being successful */ @@ -376,7 +376,7 @@ int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz, * cm_row CA index * return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code */ -int Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start, +int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start, word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row) { int ret; @@ -389,7 +389,7 @@ int Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_s #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - ret = sce_tls_RootCertVerify(cert, cert_len, key_n_start, + ret = wc_sce_tls_RootCertVerify(cert, cert_len, key_n_start, key_n_len, key_e_start, key_e_len, cm_row); #endif } else { @@ -405,10 +405,10 @@ int Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_s * ssl the WOLFSSL object * side CLIENT or SERVER * handshake_hash hash while doing handshake - * hashes calculated data by SCE/TSIP pseduo reandom function + * hashes calculated data by SCE/TSIP pseduo random function * return FSP_SUCCESS(0) on sucess, otherwise FSP/TSIP error code */ -int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, +WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, const byte *handshake_hash, byte *hashes, void* ctx) { @@ -423,7 +423,7 @@ int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, #if defined(WOLFSSL_RENESAS_TSIP) /* TODO call tsip api */ #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - ret = sce_generateVerifyData(ssl->arrays->sce_masterSecret, /* master secret */ + ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret, /* master secret */ side, handshake_hash, hashes); #endif @@ -431,14 +431,14 @@ int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, } /* Renesas Security Library Common Callback - * Callback for Set Keys. - * Register callback for tls finished when keys are generated by SCE/TSIP + * Callback for setting Encrypt Keys. + * Register callback for setting Encrypt Keys when keys are generated by SCE/TSIP * * ssl the WOLFSSL object * ctx Callback context * return 0 on sucess, -1 when keys are not generated by SCE/TSIP */ -int Renesas_cmn_SetKeys(WOLFSSL* ssl, void* ctx) +static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx) { int ret; @@ -473,7 +473,7 @@ int Renesas_cmn_SetKeys(WOLFSSL* ssl, void* ctx) * ctx Callback context * return FSP_SUCCESS(0) on sucess, otherwise SCE/TSIP error code */ -int Renesas_cmn_generateSeesionKey(WOLFSSL* ssl, void* ctx) +WOLFSSL_LOCAL int Renesas_cmn_generateSeesionKey(WOLFSSL* ssl, void* ctx) { int ret = -1; @@ -485,13 +485,13 @@ int Renesas_cmn_generateSeesionKey(WOLFSSL* ssl, void* ctx) #if defined(WOLFSSL_RENESAS_TSIP) /* TODO call tsip api */ #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - ret = sce_generateSeesionKey(ssl, ctx, devId); + ret = wc_sce_generateSeesionKey(ssl, ctx, devId); if (ret == 0) { - wolfSSL_CTX_SetSetKeysCb(ssl->ctx, Renesas_cmn_SetKeys); - wolfSSL_SetSetKeysCtx(ssl, ctx); + wolfSSL_CTX_SetEncryptKeysCb(ssl->ctx, Renesas_cmn_EncryptKeys); + wolfSSL_SetEncryptKeysCtx(ssl, ctx); } else { - wolfSSL_CTX_SetSetKeysCb(ssl->ctx, NULL); - wolfSSL_SetSetKeysCtx(ssl, NULL); + wolfSSL_CTX_SetEncryptKeysCb(ssl->ctx, NULL); + wolfSSL_SetEncryptKeysCtx(ssl, NULL); } #endif return ret; @@ -510,8 +510,8 @@ int Renesas_cmn_generateSeesionKey(WOLFSSL* ssl, void* ctx) * otherwise PROTOCOLCB_UNAVAILABLE * so that caller could continue to process if want */ -int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, byte *premaster, - word32 preSz, void* ctx) +WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, + byte *premaster, word32 preSz, void* ctx) { int ret; @@ -521,8 +521,8 @@ int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, byte *premaster, #if defined(WOLFSSL_RENESAS_TSIP) /* TODO call tsip api */ #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - if (Renesas_cmn_useable(ssl, 0)) { - ret = sce_generatePremasterSecret(premaster, preSz); + if (Renesas_cmn_usable(ssl, 0)) { + ret = wc_sce_generatePremasterSecret(premaster, preSz); ssl->arrays->preMasterSz = preSz; } else ret = PROTOCOLCB_UNAVAILABLE; @@ -542,7 +542,7 @@ int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, byte *premaster, * otherwise PROTOCOLCB_UNAVAILABLE * so that caller could continue to process if want */ -int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx) +WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx) { int ret = WOLFSSL_NOT_IMPLEMENTED; @@ -552,8 +552,8 @@ int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx) #if defined(WOLFSSL_RENESAS_TSIP) /* TODO call tsip api */ #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - if (Renesas_cmn_useable(ssl, 0)) { - ret = sce_generateMasterSecret( + if (Renesas_cmn_usable(ssl, 0)) { + ret = wc_sce_generateMasterSecret( ssl->options.cipherSuite0, ssl->options.cipherSuite, ssl->arrays->preMasterSecret, @@ -561,13 +561,14 @@ int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx) ssl->arrays->serverRandom, ssl->arrays->sce_masterSecret); if (ret == 0) { - sce_storeKeyCtx(ssl, ctx); + wc_sce_storeKeyCtx(ssl, ctx); /* set Session Key generation Callback for use */ - wolfSSL_CTX_SetGenSesssionKeyCb(ssl->ctx, Renesas_cmn_generateSeesionKey); - wolfSSL_SetGenSesssionKeyCtx(ssl, ctx); + wolfSSL_CTX_SetGenSessionKeyCb(ssl->ctx, + Renesas_cmn_generateSeesionKey); + wolfSSL_SetGenSessionKeyCtx(ssl, ctx); } else { - wolfSSL_CTX_SetGenSesssionKeyCb(ssl->ctx, NULL); - wolfSSL_SetGenSesssionKeyCtx(ssl, NULL); + wolfSSL_CTX_SetGenSessionKeyCb(ssl->ctx, NULL); + wolfSSL_SetGenSessionKeyCtx(ssl, NULL); } } else ret = PROTOCOLCB_UNAVAILABLE; @@ -591,25 +592,40 @@ int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx) * otherwise CRYPTOCB_UNAVAILABLE * so that caller could continue to process if want */ -int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, +WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz, unsigned char* out, word32* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx) { int ret; - + int EncSz; + (void)ctx; (void)in; (void)inSz; (void)keyDer; (void)keySz; + (void)EncSz; + + /* sanity check */ + if (ssl == NULL || in == NULL || out == NULL || keyDer == NULL || + ctx == NULL) { + return BAD_FUNC_ARG; + } + + EncSz = wc_RsaEncryptSize(ssl->peerRsaKey); #if defined(WOLFSSL_RENESAS_TSIP) /* TODO call tsip api */ #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - if (sce_useable(ssl, 0) && wc_RsaEncryptSize(ssl->peerRsaKey) == 256) { - ret = sce_generateEncryptPreMasterSecret(ssl, out, outSz); - } else + if (wc_sce_usable(ssl, 0) && EncSz == 256) { + ret = wc_sce_generateEncryptPreMasterSecret(ssl, out, outSz); + } else { + if (EncSz != 256) + WOLFSSL_MSG("SCE cannot use" + "because Rsa Encrypt Size isn't 256 bytes(2048 bits)."); + ret = CRYPTOCB_UNAVAILABLE; + } #endif return ret; } @@ -627,7 +643,7 @@ int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, * otherwise PROTOCOLCB_UNAVAILABLE * so that caller could continue to process if want */ -int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, +WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, word32 messageSz, word32 macSz, word32 content, void* ctx) { int ret; @@ -636,8 +652,8 @@ int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, #if defined(WOLFSSL_RENESAS_TSIP) /* TODO call tsip api */ #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - if (sce_useable(ssl, 1)) { - ret = sce_Sha256VerifyHmac(ssl, message, messageSz, macSz, content); + if (wc_sce_usable(ssl, 1)) { + ret = wc_sce_Sha256VerifyHmac(ssl, message, messageSz, macSz, content); } else ret = PROTOCOLCB_UNAVAILABLE; #endif @@ -657,8 +673,8 @@ int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, * epocOrder * return FSP_SUCCESS(0) on sucess, otherwise error code */ -int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, - word32 sz, int padSz, int content, int verify, int epochOrder) +WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, + const byte* in, word32 sz, int padSz, int content, int verify, int epochOrder) { int ret; byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; @@ -666,11 +682,11 @@ int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, #if defined(WOLFSSL_RENESAS_TSIP) /* TODO call tsip api */ #elif defined(WOLFSSL_RENESAS_SCEPROTECT) - if (Renesas_cmn_useable(ssl, 1)) { + if (Renesas_cmn_usable(ssl, 1)) { if (ssl->specs.hash_size == WC_SHA256_DIGEST_SIZE) { wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); - ret = sce_Sha256GenerateHmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ, - in, sz, digest); + ret = wc_sce_Sha256GenerateHmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ, + in, sz, digest); } else ret = TSIP_MAC_DIGSZ_E; @@ -697,9 +713,9 @@ int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, * otherwise CRYPTOCB_UNAVAILABLE * so that caller could continue to process if want */ -int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz, - unsigned char** out, const unsigned char* keyDer, unsigned int keySz, - void* ctx) +WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig, + unsigned int sigSz, unsigned char** out, const unsigned char* keyDer, + unsigned int keySz, void* ctx) { int ret; CertAttribute* CertAtt; @@ -722,7 +738,7 @@ int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz, #elif defined(WOLFSSL_RENESAS_SCEPROTECT) if (CertAtt->keyIndex != NULL) { - ret = sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz, + ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz, CertAtt->pubkey_n_start - CertAtt->certBegin, CertAtt->pubkey_n_len - 1, CertAtt->pubkey_e_start - CertAtt->certBegin, @@ -731,7 +747,7 @@ int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz, if (ret == 0){ CertAtt->verifyByTSIP_SCE = 1; } else { - WOLFSSL_MSG("RSA Verify by tsip didn't match"); + WOLFSSL_MSG("RSA Verify by SCE didn't match"); ret = ASN_SIG_CONFIRM_E; } } else @@ -756,8 +772,8 @@ int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz, * otherwise CRYPTOCB_UNAVAILABLE * so that caller could continue to process if want */ -int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz, - const unsigned char* hash, unsigned int hashSz, +WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, + unsigned int sigSz, const unsigned char* hash, unsigned int hashSz, const unsigned char* keyDer, unsigned int keySz, int* result, void* ctx) { @@ -770,7 +786,7 @@ int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz, (void)hash; (void)hashSz; /* sanity check */ - if (sig == NULL || keyDer == NULL || hash == NULL || ctx == NULL|| + if (sig == NULL || keyDer == NULL || hash == NULL || ctx == NULL || result == NULL) return BAD_FUNC_ARG; @@ -785,17 +801,17 @@ int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz, #elif defined(WOLFSSL_RENESAS_SCEPROTECT) if (CertAtt->keyIndex != NULL) { - ret = sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz, + ret = wc_sce_tls_CertVerify(CertAtt->cert, CertAtt->certSz, sig, sigSz, CertAtt->pubkey_n_start - CertAtt->certBegin, CertAtt->pubkey_n_len - 1, CertAtt->pubkey_e_start - CertAtt->certBegin, CertAtt->pubkey_e_len -1, (uint8_t*)CertAtt->keyIndex); - if (ret == 0){ + if (ret == 0) { CertAtt->verifyByTSIP_SCE = 1; *result = 1; } else { - WOLFSSL_MSG("RSA Verify by tsip didn't match"); + WOLFSSL_MSG("RSA Verify by SCE didn't match"); ret = ASN_SIG_CONFIRM_E; } } else @@ -804,4 +820,5 @@ int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz, return ret; } + #endif /* SCEPROTECT || TSIP */ diff --git a/wolfcrypt/src/port/Renesas/renesas_sce_aes.c b/wolfcrypt/src/port/Renesas/renesas_sce_aes.c index 4294ff189..1ae2641ec 100644 --- a/wolfcrypt/src/port/Renesas/renesas_sce_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_sce_aes.c @@ -68,12 +68,12 @@ typedef fsp_err_t (*aesGcmDecFinalFn) * sz Length of cipher text/plaintext in bytes * iv Buffer holding IV/nonce * ivSz Length of IV/nonce in bytes - * authTag Buffer to hold authntication data + * authTag Buffer to hold authentication data * authTagSz Length of authentication data in bytes * ctx The callback context * return FSP_SUCCESS(0) on Success, otherwise negative value */ -int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, +WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz, byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, @@ -111,6 +111,11 @@ int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, return BAD_FUNC_ARG; } + if (aes->ctx.keySize != 16 && aes->ctx.keySize != 32) { + WOLFSSL_MSG("keySize is invalid, neither 16 or 32."); + return BAD_FUNC_ARG; + } + if (aes->ctx.keySize == 16) { initFn = R_SCE_AES128GCM_EncryptInit; updateFn = R_SCE_AES128GCM_EncryptUpdate; @@ -124,10 +129,10 @@ int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, /* check if AES GCM can be used by SCE */ - if ((ret = sce_hw_lock()) == 0) { + if ((ret = wc_sce_hw_lock()) == 0) { /* allocate buffers for plaintaxt, ciphertext and authTag to make sure - * those buffers 32bit aligned as TSIP requests. + * those buffers 32bit aligned as SCE requests. */ delta = sz % AES_BLOCK_SIZE; plainBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES); @@ -136,7 +141,7 @@ int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, DYNAMIC_TYPE_AES); if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL) { - WOLFSSL_MSG("wc_tsip_AesGcmEncrypt: buffer allocation faild"); + WOLFSSL_MSG("wc_sce_AesGcmEncrypt: buffer allocation faild"); ret = -1; } @@ -189,14 +194,14 @@ int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, ret = updateFn(&_handle, plainBuf, cipherBuf, sz, NULL, 0UL); } if (ret != FSP_SUCCESS) { - WOLFSSL_MSG("R_TSIP_AesXXXGcmEncryptUpdate: failed"); + WOLFSSL_MSG("R_SCE_AesXXXGcmEncryptUpdate: failed"); ret = -1; } if (ret == FSP_SUCCESS) { - /* Once R_TSIP_AesxxxGcmEncryptInit or R_TSIP_AesxxxEncryptUpdate is - * called, R_TSIP_AesxxxGcmEncryptFinal must be called regardless of - * the result of the previous call. Otherwise, TSIP can not come out + /* Once R_SCE_AesxxxGcmEncryptInit or R_SCE_AesxxxEncryptUpdate is + * called, R_SCE_AesxxxGcmEncryptFinal must be called regardless of + * the result of the previous call. Otherwise, SCE can not come out * from its error state and all the trailing APIs will fail. */ dataLen = 0; @@ -215,7 +220,7 @@ int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, } else { - WOLFSSL_MSG("R_TSIP_AesxxxGcmEncryptFinal: failed"); + WOLFSSL_MSG("R_SCE_AesxxxGcmEncryptFinal: failed"); ret = -1; } } @@ -225,7 +230,7 @@ int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES); - sce_hw_unlock(); + wc_sce_hw_unlock(); } @@ -244,7 +249,7 @@ int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, * ctx The Callback context * return FSP_SUCCESS(0) on Success, otherwise negative value */ -int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, +WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz, @@ -282,7 +287,11 @@ int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, return BAD_FUNC_ARG; } - + if (aes->ctx.keySize != 16 && aes->ctx.keySize != 32) { + WOLFSSL_MSG("keySize is invalid, neither 16 or 32."); + return BAD_FUNC_ARG; + } + if (aes->ctx.keySize == 16) { initFn = R_SCE_AES128GCM_DecryptInit; updateFn = R_SCE_AES128GCM_DecryptUpdate; @@ -295,7 +304,7 @@ int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, } - if ((ret = sce_hw_lock()) == 0) { + if ((ret = wc_sce_hw_lock()) == 0) { /* allocate buffers for plain-taxt, cipher-text, authTag and AAD. * TSIP requests those buffers 32bit aligned. */ @@ -332,7 +341,7 @@ int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, &key_server_aes, NULL, NULL); if (ret != FSP_SUCCESS) { - WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed"); + WOLFSSL_MSG("R_SCE_TLS_SessionKeyGenerate failed"); ret = -1; } } else if (info->aes256_installedkey_set == 1) { @@ -358,7 +367,7 @@ int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, ret = updateFn(&_handle, cipherBuf, plainBuf, sz, NULL, 0UL); } if (ret != FSP_SUCCESS) { - WOLFSSL_MSG("R_TSIP_AesXXXGcmDecryptUpdate: failed in decrypt"); + WOLFSSL_MSG("R_SCE_AesXXXGcmDecryptUpdate: failed in decrypt"); ret = -1; } @@ -375,7 +384,7 @@ int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, XMEMCPY(out, plainBuf, dataLen); } else { - WOLFSSL_MSG("R_TSIP_AesXXXGcmDecryptFinal: failed"); + WOLFSSL_MSG("R_SCE_AesXXXGcmDecryptFinal: failed"); ret = -1; } } @@ -385,7 +394,7 @@ int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, XFREE(plainBuf, aes->heap, DYNAMIC_TYPE_AES); XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES); - sce_hw_unlock(); + wc_sce_hw_unlock(); } return ret; @@ -398,7 +407,8 @@ int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, * sz Length of cipher text/plaintext in bytes * return FSP_SUCCESS(0) on Success, otherwise negative value */ -int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) +WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, + const byte* in, word32 sz) { sce_aes_handle_t _handle; word32 ret; @@ -413,7 +423,7 @@ int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) * on the device. iv is dummy */ iv = (uint8_t*)aes->reg; - if((ret = sce_hw_lock()) != 0){ + if((ret = wc_sce_hw_lock()) != 0){ WOLFSSL_MSG("Failed to lock"); return ret; } @@ -423,7 +433,8 @@ int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) } else if (aes->ctx.keySize == 32) { ret = R_SCE_AES256CBC_EncryptInit(&_handle, &aes->ctx.sce_wrapped_key, iv); } else { - sce_hw_unlock(); + WOLFSSL_MSG("invalid key Size for SCE. Key size is neither 16 or 32."); + wc_sce_hw_unlock(); return -1; } @@ -451,7 +462,7 @@ int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) ret = -1; } - sce_hw_unlock(); + wc_sce_hw_unlock(); return ret; } /* Perform Aes Cbc decryption by SCE @@ -462,7 +473,7 @@ int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) * sz Length of cipher text/plaintext in bytes * return FSP_SUCCESS(0) on Success, otherwise negative value */ -int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) +WOLFSSL_LOCAL int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) { sce_aes_handle_t _handle; word32 ret; @@ -475,7 +486,7 @@ int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) iv = (uint8_t*)aes->reg; - if((ret = sce_hw_lock()) != 0){ + if((ret = wc_sce_hw_lock()) != 0){ WOLFSSL_MSG("Failed to lock"); return ret; } @@ -485,7 +496,7 @@ int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) } else if (aes->ctx.keySize == 32) { ret = R_SCE_AES256CBC_DecryptInit(&_handle, &aes->ctx.sce_wrapped_key, iv); } else { - sce_hw_unlock(); + wc_sce_hw_unlock(); return -1; } @@ -512,7 +523,7 @@ int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz) ret = -1; } - sce_hw_unlock(); + wc_sce_hw_unlock(); return ret; } diff --git a/wolfcrypt/src/port/Renesas/renesas_sce_sha.c b/wolfcrypt/src/port/Renesas/renesas_sce_sha.c index 226354706..a705e81eb 100644 --- a/wolfcrypt/src/port/Renesas/renesas_sce_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_sce_sha.c @@ -156,7 +156,7 @@ static int SCEHashFinal(wolfssl_SCE_Hash* hash, byte* out, word32 outSz) heap = hash->heap; - sce_hw_lock(); + wc_sce_hw_lock(); if (Init(&handle) == FSP_SUCCESS) { ret = Update(&handle, (uint8_t*)hash->msg, hash->used); @@ -167,7 +167,7 @@ static int SCEHashFinal(wolfssl_SCE_Hash* hash, byte* out, word32 outSz) } } } - sce_hw_unlock(); + wc_sce_hw_unlock(); SCEHashFree(hash); return SCEHashInit(hash, heap, 0, hash->sha_type); @@ -194,7 +194,7 @@ static int SCEHashGet(wolfssl_SCE_Hash* hash, byte* out, word32 outSz) } else return BAD_FUNC_ARG; - sce_hw_lock(); + wc_sce_hw_lock(); if (Init(&handle) == FSP_SUCCESS) { ret = Update(&handle, (uint8_t*)hash->msg, hash->used); @@ -206,7 +206,7 @@ static int SCEHashGet(wolfssl_SCE_Hash* hash, byte* out, word32 outSz) } } - sce_hw_unlock(); + wc_sce_hw_unlock(); return 0; } diff --git a/wolfcrypt/src/port/Renesas/renesas_sce_util.c b/wolfcrypt/src/port/Renesas/renesas_sce_util.c index ec930bf7e..f494924a2 100644 --- a/wolfcrypt/src/port/Renesas/renesas_sce_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_sce_util.c @@ -78,7 +78,7 @@ static int sce_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) * lock hw engine * this should be called before using engine. */ -int sce_hw_lock() +WOLFSSL_LOCAL int wc_sce_hw_lock() { int ret = 0; @@ -104,17 +104,17 @@ int sce_hw_lock() /* * release hw engine */ -void sce_hw_unlock( void ) +WOLFSSL_LOCAL void wc_sce_hw_unlock( void ) { sce_CryptHwMutexUnLock(&sce_mutex); } /* Open sce driver for use */ -int sce_Open() +WOLFSSL_LOCAL int wc_sce_Open() { - WOLFSSL_ENTER("sce_Open"); + WOLFSSL_ENTER("wc_sce_Open"); int ret; - if ((ret = sce_hw_lock()) == 0) { + if ((ret = wc_sce_hw_lock()) == 0) { ret = R_SCE_Open(&sce_ctrl, &sce_cfg); @@ -139,24 +139,24 @@ int sce_Open() } /* unlock hw */ - sce_hw_unlock(); + wc_sce_hw_unlock(); - WOLFSSL_LEAVE("sce_Open", ret); + WOLFSSL_LEAVE("wc_sce_Open", ret); return ret; } /* close SCE driver */ -void sce_Close() +WOLFSSL_LOCAL void wc_sce_Close() { WOLFSSL_ENTER("sce Close"); int ret; - if ((ret = sce_hw_lock()) == 0) { + if ((ret = wc_sce_hw_lock()) == 0) { /* close SCE */ ret = R_SCE_Close(&sce_ctrl); /* unlock hw */ - sce_hw_unlock(); + wc_sce_hw_unlock(); if( ret != FSP_SUCCESS ) { WOLFSSL_MSG("RENESAS SCE Close failed"); } @@ -226,7 +226,7 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig return ret; } /* Callback for Rsa Verify */ -int SCE_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz, +WOLFSSL_LOCAL int wc_SCE_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz, uint8_t** out, const byte* key, uint32_t keySz, void* ctx) { int ret = WOLFSSL_FAILURE; @@ -236,7 +236,7 @@ int SCE_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz, WOLFSSL_PKMSG("SCE RSA Verify: sigSz %d, keySz %d\n", sigSz, keySz); - if (sce_useable(ssl, 0)) + if (wc_sce_usable(ssl, 0)) ret = SCE_ServerKeyExVerify(0, ssl, sig, sigSz, ctx); else ret = CRYPTOCB_UNAVAILABLE; @@ -249,9 +249,9 @@ int SCE_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz, return ret; } /* Callback for Ecc Verify */ -int SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz, - const uint8_t* hash, uint32_t hashSz, const uint8_t* key, uint32_t keySz, - int* result, void* ctx) +WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig, + uint32_t sigSz, const uint8_t* hash, uint32_t hashSz, + const uint8_t* key, uint32_t keySz, int* result, void* ctx) { int ret = WOLFSSL_FAILURE; uint8_t *sigforSCE; @@ -270,7 +270,7 @@ int SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz, WOLFSSL_PKMSG("SCE ECC Verify: ssl->options.serverState = %d sigSz %d, hashSz %d, keySz %d\n", ssl->options.serverState, sigSz, hashSz, keySz); - if (!sce_useable(ssl, 0)) { + if (!wc_sce_usable(ssl, 0)) { WOLFSSL_PKMSG("Cannot handle cipher suite by SCE"); return CRYPTOCB_UNAVAILABLE; } @@ -321,7 +321,7 @@ int SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz, return ret; } /* Callback for ECC shared secret */ -int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, +WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, uint8_t* pubKeyDer, unsigned int* pubKeySz, uint8_t* out, unsigned int* outlen, int side, void* ctx) { @@ -379,30 +379,21 @@ int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, return ret; } #endif -/* Return cipher suite enumuration used in SCE library */ -uint32_t GetSceCipherSuite( +/* Return tls cipher suite enumuration that is supported by SCE library */ +static uint32_t GetSceCipherSuite( uint8_t cipherSuiteFirst, uint8_t cipherSuite) { - WOLFSSL_ENTER("GetTsipCipherSuite"); + WOLFSSL_ENTER("GetSceCipherSuite"); uint32_t sceCipher; if(cipherSuiteFirst == CIPHER_BYTE ) { switch(cipherSuite){ - - case TLS_RSA_WITH_AES_128_CBC_SHA: /*2F*/ - sceCipher = SCE_TLS_RSA_WITH_AES_128_CBC_SHA; /*0*/ - break; - case TLS_RSA_WITH_AES_128_CBC_SHA256: sceCipher = SCE_TLS_RSA_WITH_AES_128_CBC_SHA256; break; - case TLS_RSA_WITH_AES_256_CBC_SHA: - sceCipher = SCE_TLS_RSA_WITH_AES_256_CBC_SHA; - break; - case TLS_RSA_WITH_AES_256_CBC_SHA256: sceCipher = SCE_TLS_RSA_WITH_AES_256_CBC_SHA256; break; @@ -411,7 +402,7 @@ uint32_t GetSceCipherSuite( sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE; break; } - WOLFSSL_MSG( "<< GetTsipCipherSuite"); + WOLFSSL_MSG( "<< GetSceCipherSuite"); return sceCipher; } else if( cipherSuiteFirst == ECC_BYTE ) @@ -454,10 +445,11 @@ uint32_t GetSceCipherSuite( /* ssl : a pointer to WOLFSSL object */ /* session_key_generated : if session key has been generated */ /* return 1 for usable, 0 for unusable */ -int sce_useable(const struct WOLFSSL *ssl, uint8_t session_key_generated) +WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl, + uint8_t session_key_generated) { WOLFSSL_ENTER("sce_usable"); - byte cipher; + byte Scecipher; byte side; const Ciphers *enc; const Ciphers *dec; @@ -492,25 +484,19 @@ int sce_useable(const struct WOLFSSL *ssl, uint8_t session_key_generated) return 0; } } - - cipher = ssl->options.cipherSuite; + /* retrieve cipher suite if SCE supports */ + Scecipher = GetSceCipherSuite(ssl->options.cipherSuite0, + ssl->options.cipherSuite); side = ssl->options.side; - if (((cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA256 || - cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA256) || - (cipher == l_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 || - cipher == l_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 || - cipher == l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 || - cipher == l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)) && - side == WOLFSSL_CLIENT_END) - + if (Scecipher != WOLFSSL_SCE_ILLEGAL_CIPHERSUITE && side == WOLFSSL_CLIENT_END) return 1; else return 0; } /* Generate Hmac by sha256*/ -int sce_Sha256GenerateHmac(const struct WOLFSSL *ssl,const uint8_t* myInner, +WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(const struct WOLFSSL *ssl,const uint8_t* myInner, uint32_t innerSz,const uint8_t* in, uint32_t sz, byte* digest) { WOLFSSL_ENTER("sce_Sha256HmacGenerate"); @@ -525,7 +511,7 @@ int sce_Sha256GenerateHmac(const struct WOLFSSL *ssl,const uint8_t* myInner, wrapped_key = ssl->keys.sce_client_write_MAC_secret; - if ((ret = sce_hw_lock()) != 0) { + if ((ret = wc_sce_hw_lock()) != 0) { WOLFSSL_MSG("hw lock failed\n"); return ret; } @@ -555,14 +541,15 @@ int sce_Sha256GenerateHmac(const struct WOLFSSL *ssl,const uint8_t* myInner, ret = WOLFSSL_FAILURE; /* unlock hw */ - sce_hw_unlock(); + wc_sce_hw_unlock(); WOLFSSL_LEAVE("sce_Sha256HmacGenerate", ret); return ret; } /* Verify hmac */ -int sce_Sha256VerifyHmac(const struct WOLFSSL *ssl,const uint8_t* message, - uint32_t messageSz,uint32_t macSz, uint32_t content) +WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const struct WOLFSSL *ssl, + const uint8_t* message, uint32_t messageSz, + uint32_t macSz, uint32_t content) { WOLFSSL_ENTER("sce_Sha256HmacVerify"); @@ -576,7 +563,7 @@ int sce_Sha256VerifyHmac(const struct WOLFSSL *ssl,const uint8_t* message, wrapped_key = ssl->keys.sce_server_write_MAC_secret; - if ((ret = sce_hw_lock()) != 0) { + if ((ret = wc_sce_hw_lock()) != 0) { WOLFSSL_MSG("hw lock failed\n"); return ret; } @@ -611,13 +598,13 @@ int sce_Sha256VerifyHmac(const struct WOLFSSL *ssl,const uint8_t* message, } /* unlock hw */ - sce_hw_unlock(); + wc_sce_hw_unlock(); WOLFSSL_LEAVE("sce_Sha256HmacVerify", ret); return ret; } /* generate Verify Data based on master secret */ -int sce_generateVerifyData(const uint8_t *ms, /* master secret */ +WOLFSSL_LOCAL int wc_sce_generateVerifyData(const uint8_t *ms, /* master secret */ const uint8_t *side, const uint8_t *handshake_hash, uint8_t *hashes /* out */) { @@ -635,7 +622,7 @@ int sce_generateVerifyData(const uint8_t *ms, /* master secret */ l_side = SCE_TLS_GENERATE_SERVER_VERIFY; } - if ((ret = sce_hw_lock()) == 0) { + if ((ret = wc_sce_hw_lock()) == 0) { ret = R_SCE_TLS_VerifyDataGenerate(l_side, (uint32_t*)ms, (uint8_t*)handshake_hash, hashes/* out */); if (ret != FSP_SUCCESS) { @@ -643,14 +630,14 @@ int sce_generateVerifyData(const uint8_t *ms, /* master secret */ } } /* unlock hw */ - sce_hw_unlock(); + wc_sce_hw_unlock(); WOLFSSL_LEAVE("sce_generateVerifyData", ret); return ret; } /* generate keys for TLS communication */ -int sce_generateSeesionKey(struct WOLFSSL *ssl, User_SCEPKCbInfo* cbInfo, - int devId) +WOLFSSL_LOCAL int wc_sce_generateSeesionKey(struct WOLFSSL *ssl, + User_SCEPKCbInfo* cbInfo, int devId) { WOLFSSL_MSG("sce_generateSeesionKey()"); int ret; @@ -667,9 +654,9 @@ int sce_generateSeesionKey(struct WOLFSSL *ssl, User_SCEPKCbInfo* cbInfo, return BAD_FUNC_ARG; - if ((ret = sce_hw_lock()) == 0) { - if (sceCS == l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 || - sceCS == l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) + if ((ret = wc_sce_hw_lock()) == 0) { + if (sceCS == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 || + sceCS == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) { WOLFSSL_MSG("Session key for AES-GCM generation skipped."); @@ -736,18 +723,18 @@ int sce_generateSeesionKey(struct WOLFSSL *ssl, User_SCEPKCbInfo* cbInfo, XMEMCPY(&dec->aes->ctx.sce_wrapped_key, &key_client_aes, sizeof(key_client_aes)); } - /* copy hac key index into keys */ + /* copy mac key index into keys */ ssl->keys.sce_client_write_MAC_secret = key_client_mac; ssl->keys.sce_server_write_MAC_secret = key_server_mac; - /* set up key size and marked readly */ + /* set up key size and marked ready */ if (enc){ enc->aes->ctx.keySize = ssl->specs.key_size; enc->aes->ctx.setup = 1; /* ready for use */ enc->setup = 1; } - /* set up key size and marked readly */ + /* set up key size and marked ready */ if (dec) { dec->aes->ctx.keySize = ssl->specs.key_size; dec->aes->ctx.setup = 1; @@ -767,7 +754,7 @@ int sce_generateSeesionKey(struct WOLFSSL *ssl, User_SCEPKCbInfo* cbInfo, cbInfo->session_key_set = 1; } /* unlock hw */ - sce_hw_unlock(); + wc_sce_hw_unlock(); } else WOLFSSL_LEAVE("hw lock failed\n", ret); @@ -776,7 +763,7 @@ int sce_generateSeesionKey(struct WOLFSSL *ssl, User_SCEPKCbInfo* cbInfo, } /* generate master secret based on pre-master which is generated by SCE */ -int sce_generateMasterSecret( +WOLFSSL_LOCAL int wc_sce_generateMasterSecret( uint8_t cipherSuiteFirst, uint8_t cipherSuite, const uint8_t *pr, /* pre-master */ @@ -795,7 +782,7 @@ int sce_generateMasterSecret( if( sceCS == 0xffffffff) return BAD_FUNC_ARG; - if ((ret = sce_hw_lock()) == 0) { + if ((ret = wc_sce_hw_lock()) == 0) { ret = R_SCE_TLS_MasterSecretGenerate( sceCS, (uint32_t*)pr, @@ -804,7 +791,7 @@ int sce_generateMasterSecret( WOLFSSL_MSG("R_SCE_TLS_MasterSecretGenerate failed\n"); } /* unlock hw */ - sce_hw_unlock(); + wc_sce_hw_unlock(); } else { WOLFSSL_MSG(" hw lock failed "); } @@ -813,7 +800,8 @@ int sce_generateMasterSecret( } /* generate pre-Master secrete by SCE */ -int sce_generatePremasterSecret(uint8_t *premaster, uint32_t preSz) +WOLFSSL_LOCAL int wc_sce_generatePremasterSecret(uint8_t *premaster, + uint32_t preSz) { WOLFSSL_ENTER("sce_generatePremasterSecret"); int ret; @@ -821,7 +809,7 @@ int sce_generatePremasterSecret(uint8_t *premaster, uint32_t preSz) if (premaster == NULL) return BAD_FUNC_ARG; - if ((ret = sce_hw_lock()) == 0 && preSz >= + if ((ret = wc_sce_hw_lock()) == 0 && preSz >= (SCE_TLS_MASTER_SECRET_WORD_SIZE*4)) { /* generate pre-master, 80 bytes */ ret = R_SCE_TLS_PreMasterSecretGenerateForRSA2048((uint32_t*)premaster); @@ -829,7 +817,7 @@ int sce_generatePremasterSecret(uint8_t *premaster, uint32_t preSz) WOLFSSL_MSG(" R_SCE_TLS_GeneratePreMasterSecret failed\n"); } /* unlock hw */ - sce_hw_unlock(); + wc_sce_hw_unlock(); } else { WOLFSSL_MSG(" hw lock failed or preSz is smaller than 80"); } @@ -842,7 +830,7 @@ int sce_generatePremasterSecret(uint8_t *premaster, uint32_t preSz) /* * generate encrypted pre-Master secrete by SCE */ -int sce_generateEncryptPreMasterSecret( +WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret( WOLFSSL* ssl, uint8_t* out, uint32_t* outSz) @@ -853,7 +841,7 @@ int sce_generateEncryptPreMasterSecret( if ((ssl == NULL) || (out == NULL) || (outSz == NULL)) return BAD_FUNC_ARG; - if ((ret = sce_hw_lock()) == 0) { + if ((ret = wc_sce_hw_lock()) == 0) { if (*outSz >= 256) ret = R_SCE_TLS_PreMasterSecretEncryptWithRSA2048( (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex, @@ -865,13 +853,14 @@ int sce_generateEncryptPreMasterSecret( if (ret != FSP_SUCCESS) { WOLFSSL_MSG("R_SCE_TLS_PreMasterSecretEncryptWithRSA2048 failed\n"); } else { - *outSz = 256; /* TSIP can only handles 2048 RSA */ - /* set GenMaster Callbackt for Master secret generation */ + *outSz = 256; /* SCE can only handles 2048 RSA */ + /* set GenMaster Callback for Master secret generation */ void* ctx = wolfSSL_GetRsaVerifyCtx(ssl); - wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret); + wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, + Renesas_cmn_genMasterSecret); wolfSSL_SetGenMasterSecretCtx(ssl, ctx); } - sce_hw_unlock(); + wc_sce_hw_unlock(); } else { WOLFSSL_MSG(" hw lock failed "); @@ -882,7 +871,7 @@ int sce_generateEncryptPreMasterSecret( /* Certificate verification by SCE */ -int sce_tls_CertVerify( +WOLFSSL_LOCAL int wc_sce_tls_CertVerify( const uint8_t* cert, uint32_t certSz, const uint8_t* signature, uint32_t sigSz, uint32_t key_n_start,uint32_t key_n_len, @@ -948,7 +937,7 @@ int sce_tls_CertVerify( } - if ((ret = sce_hw_lock()) == 0) { + if ((ret = wc_sce_hw_lock()) == 0) { ret = R_SCE_TLS_CertificateVerify( g_user_key_info.encrypted_user_tls_key_type, (uint32_t*)g_encrypted_publicCA_key,/* encrypted public key */ @@ -967,7 +956,7 @@ int sce_tls_CertVerify( if (sigforSCE) { XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP); } - sce_hw_unlock(); + wc_sce_hw_unlock(); } else { WOLFSSL_MSG(" hw lock failed "); } @@ -976,7 +965,7 @@ int sce_tls_CertVerify( } /* Root Certificate verification */ -int sce_tls_RootCertVerify( +WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify( const uint8_t* cert, uint32_t cert_len, uint32_t key_n_start, uint32_t key_n_len, uint32_t key_e_start, uint32_t key_e_len, @@ -986,7 +975,7 @@ int sce_tls_RootCertVerify( /* call to generate encrypted public key for certificate verification */ uint8_t *signature = (uint8_t*)ca_cert_sig; - WOLFSSL_ENTER("sce_tls_RootCertVerify"); + WOLFSSL_ENTER("wc_sce_tls_RootCertVerify"); if (cert == NULL) return BAD_FUNC_ARG; @@ -996,7 +985,7 @@ int sce_tls_RootCertVerify( return -1; } - if ((ret = sce_hw_lock()) == 0) { + if ((ret = wc_sce_hw_lock()) == 0) { ret = R_SCE_TLS_RootCertificateVerify( g_user_key_info.encrypted_user_tls_key_type, (uint8_t*)cert, /* CA cert */ @@ -1013,52 +1002,18 @@ int sce_tls_RootCertVerify( } else { g_CAscm_Idx = cm_row; } - sce_hw_unlock(); + wc_sce_hw_unlock(); } else { WOLFSSL_MSG(" hw lock failed "); } - WOLFSSL_LEAVE("sce_tls_RootCertVerify", ret); + WOLFSSL_LEAVE("wc_sce_tls_RootCertVerify", ret); return ret; } -/* to inform ca certificate sign */ -/* signature format expects RSA 2048 PSS with SHA256 */ -void sce_inform_cert_sign(const uint8_t *sign) -{ - if(sign) - ca_cert_sig = sign; -} - -void sce_inform_user_keys( - uint8_t* encrypted_provisioning_key, - uint8_t* iv, - uint8_t* encrypted_user_tls_key, - uint32_t encrypted_user_tls_key_type) -{ - WOLFSSL_ENTER("sce_inform_user_keys"); - g_user_key_info.encrypted_provisioning_key = NULL; - g_user_key_info.iv = NULL; - g_user_key_info.encrypted_user_tls_key = NULL; - - if ( encrypted_provisioning_key ) { - g_user_key_info.encrypted_provisioning_key = encrypted_provisioning_key; - } - if ( iv ) { - g_user_key_info.iv = iv; - } - if ( encrypted_user_tls_key ) { - g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key; - } - - g_user_key_info.encrypted_user_tls_key_type = encrypted_user_tls_key_type; - - /* set callback for ECC */ - WOLFSSL_MSG("sce_inform_user_keys_ex"); -} /* store elements for session key generation into ssl->keys. * return 0 on success, negative value on failure */ -int sce_storeKeyCtx(struct WOLFSSL* ssl, User_SCEPKCbInfo* info) +WOLFSSL_LOCAL int wc_sce_storeKeyCtx(struct WOLFSSL* ssl, User_SCEPKCbInfo* info) { int ret = 0; @@ -1080,19 +1035,56 @@ int sce_storeKeyCtx(struct WOLFSSL* ssl, User_SCEPKCbInfo* info) return ret; } +/* to inform ca certificate sign */ +/* signature format expects RSA 2048 PSS with SHA256 */ +WOLFSSL_API void wc_sce_inform_cert_sign(const uint8_t *sign) +{ + if(sign) + ca_cert_sig = sign; +} + +/* let wolfSSL know user key information using TLS operation by SCE */ +WOLFSSL_API void wc_sce_inform_user_keys( + uint8_t* encrypted_provisioning_key, + uint8_t* iv, + uint8_t* encrypted_user_tls_key, + uint32_t encrypted_user_tls_key_type) +{ + WOLFSSL_ENTER("sce_inform_user_keys"); + g_user_key_info.encrypted_provisioning_key = NULL; + g_user_key_info.iv = NULL; + g_user_key_info.encrypted_user_tls_key = NULL; + + if ( encrypted_provisioning_key ) { + g_user_key_info.encrypted_provisioning_key = encrypted_provisioning_key; + } + if ( iv ) { + g_user_key_info.iv = iv; + } + if ( encrypted_user_tls_key ) { + g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key; + } + + g_user_key_info.encrypted_user_tls_key_type = encrypted_user_tls_key_type; + + /* set callback for ECC */ + WOLFSSL_MSG("sce_inform_user_keys_ex"); +} + + /* Set callbacks needed for sce TLS api handling */ -void sce_set_callbacks(WOLFSSL_CTX* ctx) +WOLFSSL_API void wc_sce_set_callbacks(WOLFSSL_CTX* ctx) { wolfSSL_CTX_SetEccVerifyCb(ctx, Renesas_cmn_EccVerify); wolfSSL_CTX_SetRsaVerifyCb(ctx, Renesas_cmn_RsaVerify); wolfSSL_CTX_SetGenPreMasterCb(ctx, Renesas_cmn_generatePremasterSecret); wolfSSL_CTX_SetRsaEncCb(ctx, Renesas_cmn_RsaEnc); - wolfSSL_CTX_SetVerifymacCb(ctx, Renesas_cmn_VerifyHmac); + wolfSSL_CTX_SetVerifyMacCb(ctx, Renesas_cmn_VerifyHmac); wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL); } /* Set callback contexts needed for sce TLS api handling */ -int sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) +WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) { if (sce_sess_idx > MAX_SCE_CBINDEX) { WOLFSSL_MSG("exceeds maximum session index"); @@ -1103,13 +1095,14 @@ int sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx) gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->session_key_set = 0; wolfSSL_SetEccVerifyCtx(ssl, user_ctx); + wolfSSL_SetRsaEncCtx(ssl, user_ctx); wolfSSL_SetRsaVerifyCtx(ssl, user_ctx); wolfSSL_SetGenPreMasterCtx(ssl, user_ctx); wolfSSL_SetEccSharedSecretCtx(ssl, NULL); - wolfSSL_SetVerifymacCtx(ssl, user_ctx); + wolfSSL_SetVerifyMacCtx(ssl, user_ctx); /* set up crypt callback */ - wc_CryptoCb_CryptInitRenesascmn(ssl, user_ctx); + wc_CryptoCb_CryptInitRenesasCmn(ssl, user_ctx); gSCE_PKCbInfo.num_session = ++sce_sess_idx; diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 2b4c359f5..597b03e26 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -158,7 +158,7 @@ int wolfCrypt_Init(void) #endif #if defined(WOLFSSL_RENESAS_SCEPROTECT) - ret = sce_Open( ); + ret = wc_sce_Open( ); if( ret != FSP_SUCCESS ) { WOLFSSL_MSG("RENESAS SCE Open failed"); /* not return 1 since WOLFSSL_SUCCESS=1*/ @@ -368,7 +368,7 @@ int wolfCrypt_Cleanup(void) #endif #ifdef WOLFSSL_RENESAS_SCEPROTECT - sce_Close(); + wc_sce_Close(); #else #ifdef WOLFSSL_SCE diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 94defd0b2..018da31cc 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -22721,7 +22721,7 @@ static int ecc_exp_imp_test(ecc_key* key) #else ecc_key keyImp[1]; #endif - byte priv[32*4]; + byte priv[32]; word32 privLen; byte pub[65*2]; word32 pubLen, pubLenX, pubLenY; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 38cda0bb2..9036fb7d3 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3060,9 +3060,9 @@ struct WOLFSSL_CTX { CallbackGenPreMaster GenPreMasterCb; /* Use generate pre-master handler */ CallbackGenMasterSecret GenMasterCb; /* Use generate master secret handler */ CallbackGenSessionKey GenSessionKeyCb; /* Use generate session key handler */ - CallbackSetKeys SetKeysCb; /* Use set keys handler */ + CallbackEncryptKeys EncryptKeysCb;/* Use setting encrypt keys handler */ CallbackTlsFinished TlsFinishedCb; /* Use Tls finished handler */ - CallbackVerifymac VerifymacCb; /* Use Verify mac handler */ + CallbackVerifyMac VerifyMacCb; /* Use Verify mac handler */ #endif /* HAVE_PK_CALLBACKS */ #ifdef HAVE_WOLF_EVENT WOLF_EVENT_QUEUE event_queue; @@ -4485,9 +4485,9 @@ struct WOLFSSL { void* GenPreMasterCtx; /* Generate Premaster Callback Context */ void* GenMasterCtx; /* Generate Master Callback Context */ void* GenSessionKeyCtx; /* Generate Sesssion Key Callback Context */ - void* SetKeysCtx; /* Generate Sesssion Key Callback Context */ + void* EncryptKeysCtx; /* Set Encrypt keys Callback Context */ void* TlsFinishedCtx; /* Generate Tls Finished Callback Context */ - void* VerifymacCtx; /* Verify mac Callback Context */ + void* VerifyMacCtx; /* Verify mac Callback Context */ #endif /* HAVE_PK_CALLBACKS */ #ifdef HAVE_SECRET_CALLBACK SessionSecretCb sessionSecretCb; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c529dbe86..71c14ba78 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3209,25 +3209,29 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); /* Protocol Callback */ typedef int (*CallbackGenMasterSecret)(WOLFSSL* ssl, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetGenMasterSecretCb(WOLFSSL_CTX*, CallbackGenMasterSecret); +WOLFSSL_API void wolfSSL_CTX_SetGenMasterSecretCb(WOLFSSL_CTX*, + CallbackGenMasterSecret); WOLFSSL_API void wolfSSL_SetGenMasterSecretCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl); typedef int (*CallbackGenPreMaster)(WOLFSSL* ssl, byte *premaster, word32 preSz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetGenPreMasterCb(WOLFSSL_CTX*, CallbackGenPreMaster); +WOLFSSL_API void wolfSSL_CTX_SetGenPreMasterCb(WOLFSSL_CTX*, + CallbackGenPreMaster); WOLFSSL_API void wolfSSL_SetGenPreMasterCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetGenPreMasterCtx(WOLFSSL* ssl); typedef int (*CallbackGenSessionKey)(WOLFSSL* ssl, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetGenSesssionKeyCb(WOLFSSL_CTX*, CallbackGenSessionKey); -WOLFSSL_API void wolfSSL_SetGenSesssionKeyCtx(WOLFSSL* ssl, void *ctx); -WOLFSSL_API void* wolfSSL_GetGenSesssionKeyCtx(WOLFSSL* ssl); +WOLFSSL_API void wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX*, + CallbackGenSessionKey); +WOLFSSL_API void wolfSSL_SetGenSessionKeyCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetGenSessionKeyCtx(WOLFSSL* ssl); -typedef int (*CallbackSetKeys)(WOLFSSL* ssl, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetSetKeysCb(WOLFSSL_CTX*, CallbackSetKeys); -WOLFSSL_API void wolfSSL_SetSetKeysCtx(WOLFSSL* ssl, void *ctx); -WOLFSSL_API void* wolfSSL_GetSetKeysCtx(WOLFSSL* ssl); +typedef int (*CallbackEncryptKeys)(WOLFSSL* ssl, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetEncryptKeysCb(WOLFSSL_CTX*, + CallbackEncryptKeys); +WOLFSSL_API void wolfSSL_SetEncryptKeysCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetEncryptKeysCtx(WOLFSSL* ssl); typedef int (*CallbackTlsFinished)(WOLFSSL* ssl, const byte *side, @@ -3238,11 +3242,11 @@ WOLFSSL_API void wolfSSL_SetTlsFinishedCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetTlsFinishedCtx(WOLFSSL* ssl); #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) -typedef int (*CallbackVerifymac)(WOLFSSL *ssl, const byte* message, +typedef int (*CallbackVerifyMac)(WOLFSSL *ssl, const byte* message, word32 messageSz, word32 macSz, word32 content, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetVerifymacCb(WOLFSSL_CTX*, CallbackVerifymac); -WOLFSSL_API void wolfSSL_SetVerifymacCtx(WOLFSSL* ssl, void *ctx); -WOLFSSL_API void* wolfSSL_GetVerifymacCtx(WOLFSSL* ssl); +WOLFSSL_API void wolfSSL_CTX_SetVerifyMacCb(WOLFSSL_CTX*, CallbackVerifyMac); +WOLFSSL_API void wolfSSL_SetVerifyMacCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetVerifyMacCtx(WOLFSSL* ssl); #endif #endif /* HAVE_PK_CALLBACKS */ diff --git a/wolfssl/test.h b/wolfssl/test.h index 19a1eea5d..8f11dbc9e 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -4615,7 +4615,7 @@ static WC_INLINE int myGenMaster(WOLFSSL* ssl, void* ctx) (void)cbInfo; WOLFSSL_PKMSG("Gen Master"); - /* fall through original routine */ + /* fall through to original routine */ ret = PROTOCOLCB_UNAVAILABLE; WOLFSSL_PKMSG("Gen Master: ret %d\n", ret); @@ -4634,7 +4634,7 @@ static WC_INLINE int myGenPreMaster(WOLFSSL* ssl, byte *premaster, (void) preSz; WOLFSSL_PKMSG("Gen Pre-Master Cb"); - /* fall through original routine */ + /* fall through to original routine */ ret = PROTOCOLCB_UNAVAILABLE; WOLFSSL_PKMSG("Gen Pre-Master Cb: ret %d\n", ret); @@ -4650,14 +4650,14 @@ static WC_INLINE int myGenSessionKey(WOLFSSL* ssl, void* ctx) (void)cbInfo; WOLFSSL_PKMSG("Gen Master Cb"); - /* fall through original routine */ + /* fall through to original routine */ ret = PROTOCOLCB_UNAVAILABLE; WOLFSSL_PKMSG("Gen Master Cb: ret %d\n", ret); return ret; } -static WC_INLINE int mySetKeys(WOLFSSL* ssl, void* ctx) +static WC_INLINE int mySetEncryptKeys(WOLFSSL* ssl, void* ctx) { int ret; PkCbInfo* cbInfo = (PkCbInfo*)ctx; @@ -4665,16 +4665,16 @@ static WC_INLINE int mySetKeys(WOLFSSL* ssl, void* ctx) (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("Set Keys Cb"); - /* fall through original routine */ + WOLFSSL_PKMSG("Set Encrypt Keys Cb"); + /* fall through to original routine */ ret = PROTOCOLCB_UNAVAILABLE; - WOLFSSL_PKMSG("Set Keys Cb: ret %d\n", ret); + WOLFSSL_PKMSG("Set Encrypt Keys Cb: ret %d\n", ret); return ret; } #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) -static WC_INLINE int myVerifymac(WOLFSSL *ssl, const byte* message, +static WC_INLINE int myVerifyMac(WOLFSSL *ssl, const byte* message, word32 messageSz, word32 macSz, word32 content, void* ctx) { int ret; @@ -4688,7 +4688,7 @@ static WC_INLINE int myVerifymac(WOLFSSL *ssl, const byte* message, (void)cbInfo; WOLFSSL_PKMSG("Verify Mac Cb"); - /* fall through original routine */ + /* fall through to original routine */ ret = PROTOCOLCB_UNAVAILABLE; WOLFSSL_PKMSG("Verify Mac Cb: ret %d\n", ret); @@ -4711,7 +4711,7 @@ static WC_INLINE int myTlsFinished(WOLFSSL* ssl, (void)hashes; WOLFSSL_PKMSG("Tls Finished Cb"); - /* fall through original routine */ + /* fall through to original routine */ ret = PROTOCOLCB_UNAVAILABLE; WOLFSSL_PKMSG("Tls Finished Cb: ret %d\n", ret); @@ -4771,11 +4771,11 @@ static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx) #ifndef NO_CERTS wolfSSL_CTX_SetGenMasterSecretCb(ctx, myGenMaster); wolfSSL_CTX_SetGenPreMasterCb(ctx, myGenPreMaster); - wolfSSL_CTX_SetGenSesssionKeyCb(ctx, myGenSessionKey); - wolfSSL_CTX_SetSetKeysCb(ctx, mySetKeys); + wolfSSL_CTX_SetGenSessionKeyCb(ctx, myGenSessionKey); + wolfSSL_CTX_SetEncryptKeysCb(ctx, mySetEncryptKeys); #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) - wolfSSL_CTX_SetVerifymacCb(ctx, myVerifymac); + wolfSSL_CTX_SetVerifyMacCb(ctx, myVerifyMac); #endif wolfSSL_CTX_SetTlsFinishedCb(ctx, myTlsFinished); @@ -4823,11 +4823,11 @@ static WC_INLINE void SetupPkCallbackContexts(WOLFSSL* ssl, void* myCtx) #ifndef NO_CERTS wolfSSL_SetGenMasterSecretCtx(ssl, myCtx); wolfSSL_SetGenPreMasterCtx(ssl, myCtx); - wolfSSL_SetGenSesssionKeyCtx(ssl, myCtx); - wolfSSL_SetSetKeysCtx(ssl, myCtx); + wolfSSL_SetGenSessionKeyCtx(ssl, myCtx); + wolfSSL_SetEncryptKeysCtx(ssl, myCtx); #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) - wolfSSL_SetVerifymacCtx(ssl, myCtx); + wolfSSL_SetVerifyMacCtx(ssl, myCtx); #endif wolfSSL_SetTlsFinishedCtx(ssl, myCtx); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index dc077fe4a..06b2a4283 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1213,7 +1213,8 @@ enum SignatureState { #endif #endif /* HAVE_PK_CALLBACKS */ -#if defined(WOLFSSL_RENESAS_TSIP_TLS) ||defined(WOLFSSL_RENESAS_SCEPROTECT) +#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) ||\ + defined(HAVE_PK_CALLBACKS) typedef struct tagCertAttribute { byte verifyByTSIP_SCE; word32 certBegin; @@ -1283,7 +1284,8 @@ struct SignatureCtx { #endif #endif /* HAVE_PK_CALLBACKS */ #ifndef NO_RSA -#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) +#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) ||\ + defined(HAVE_PK_CALLBACKS) CertAttribute CertAtt; #endif #endif diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h index 023a01039..a05d62e5d 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h @@ -32,17 +32,6 @@ extern "C" { #define SCE_SESSIONKEY_NONCE_SIZE 8 #define WOLFSSL_SCE_ILLEGAL_CIPHERSUITE -1 - enum { - l_TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, - l_TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, - l_TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, - l_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, - l_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, - l_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, - l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, - l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, -}; - #define MAX_SCE_CBINDEX 5 typedef struct tagUser_SCEPKCbInfo { @@ -89,11 +78,12 @@ struct WOLFSSL; struct WOLFSSL_CTX; struct ecc_key; -int sce_Open(); -void sce_Close(); -int sce_hw_lock(); -void sce_hw_unlock( void ); -int sce_usable(const struct WOLFSSL *ssl); +WOLFSSL_LOCAL int wc_sce_Open(); +WOLFSSL_LOCAL void wc_sce_Close(); +WOLFSSL_LOCAL int wc_sce_hw_lock(); +WOLFSSL_LOCAL void wc_sce_hw_unlock( void ); +WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl, + uint8_t session_key_generated); typedef struct { sce_aes_wrapped_key_t sce_wrapped_key; @@ -102,19 +92,19 @@ typedef struct { } SCE_AES_CTX; struct Aes; -int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, +WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz); -int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, +WOLFSSL_LOCAL int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz); -int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, +WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz, byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz, void* ctx); - -int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, + +WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz, @@ -147,19 +137,14 @@ typedef wolfssl_SCE_Hash wc_Sha256; #endif /* NO_SHA */ -void sce_inform_cert_sign(const uint8_t *sign); -byte sce_rootCAverified(); - -byte sce_checkCA(uint32_t cmIdx); - -int sce_tls_RootCertVerify( +WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify( const uint8_t* cert, uint32_t cert_len, uint32_t key_n_start, uint32_t key_n_len, uint32_t key_e_start, uint32_t key_e_len, uint32_t cm_row); -int sce_tls_CertVerify( +WOLFSSL_LOCAL int wc_sce_tls_CertVerify( const uint8_t* cert, uint32_t certSz, const uint8_t* signature, uint32_t sigSz, uint32_t key_n_start, uint32_t key_n_len, @@ -167,16 +152,16 @@ int sce_tls_CertVerify( uint8_t* sce_encRsaKeyIdx); -int sce_generatePremasterSecret( +WOLFSSL_LOCAL int wc_sce_generatePremasterSecret( uint8_t* premaster, uint32_t preSz); -int sce_generateEncryptPreMasterSecret( +WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret( struct WOLFSSL* ssl, uint8_t* out, uint32_t* outSz); -int sce_Sha256GenerateHmac( +WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac( const struct WOLFSSL *ssl, const uint8_t* myInner, uint32_t innerSz, @@ -184,35 +169,20 @@ int sce_Sha256GenerateHmac( uint32_t sz, uint8_t* digest); -int sce_Sha256VerifyHmac( +WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac( const struct WOLFSSL *ssl, const uint8_t* message, uint32_t messageSz, uint32_t macSz, uint32_t content); - -void sce_inform_user_keys( - uint8_t* encrypted_provisioning_key, - uint8_t* iv, - uint8_t* encrypted_user_tls_key, - uint32_t encrypted_user_tls_key_type); -void sce_set_callbacks(struct WOLFSSL_CTX* ctx); -int sce_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx); - -uint32_t GetSceCipherSuite( - uint8_t cipherSuiteFirst, - uint8_t cipherSuite); - -int sce_useable(const struct WOLFSSL *ssl, - uint8_t session_key_generated); -int sce_storeKeyCtx(struct WOLFSSL* ssl, User_SCEPKCbInfo* info); -int sce_generateVerifyData(const uint8_t *ms, /* master secret */ +WOLFSSL_LOCAL int wc_sce_storeKeyCtx(struct WOLFSSL* ssl, User_SCEPKCbInfo* info); +WOLFSSL_LOCAL int wc_sce_generateVerifyData(const uint8_t *ms, /* master secret */ const uint8_t *side, const uint8_t *handshake_hash, uint8_t *hashes /* out */); -int sce_generateSeesionKey(struct WOLFSSL *ssl, User_SCEPKCbInfo* cbInfo, +WOLFSSL_LOCAL int wc_sce_generateSeesionKey(struct WOLFSSL *ssl, User_SCEPKCbInfo* cbInfo, int devId); -int sce_generateMasterSecret( +WOLFSSL_LOCAL int wc_sce_generateMasterSecret( uint8_t cipherSuiteFirst, uint8_t cipherSuite, const uint8_t *pr, /* pre-master */ @@ -220,12 +190,25 @@ int sce_generateMasterSecret( const uint8_t *sr, /* server random */ uint8_t *ms); -int SCE_RsaVerify(struct WOLFSSL* ssl, byte* sig, uint32_t sigSz, +WOLFSSL_LOCAL int wc_SCE_RsaVerify(struct WOLFSSL* ssl, byte* sig, uint32_t sigSz, uint8_t** out, const byte* key, uint32_t keySz, void* ctx); -int SCE_EccVerify(struct WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz, +WOLFSSL_LOCAL int wc_SCE_EccVerify(struct WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz, const uint8_t* hash, uint32_t hashSz, const uint8_t* key, uint32_t keySz, int* result, void* ctx); -int SCE_EccSharedSecret(struct WOLFSSL* ssl, struct ecc_key* otherKey, +/* Callback for EccShareSecret */ +WOLFSSL_LOCAL int SCE_EccSharedSecret(struct WOLFSSL* ssl, struct ecc_key* otherKey, uint8_t* pubKeyDer, unsigned int* pubKeySz, uint8_t* out, unsigned int* outlen, int side, void* ctx); + +/* user API */ +WOLFSSL_API void wc_sce_inform_user_keys( + uint8_t* encrypted_provisioning_key, + uint8_t* iv, + uint8_t* encrypted_user_tls_key, + uint32_t encrypted_user_tls_key_type); + +WOLFSSL_API void wc_sce_set_callbacks(struct WOLFSSL_CTX* ctx); +WOLFSSL_API int wc_sce_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx); +WOLFSSL_API void wc_sce_inform_cert_sign(const uint8_t *sign); + #endif /* __RENESAS_SCE_CRYPT_H__ */ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h index f3df9a2ba..c049c6345 100755 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h @@ -24,20 +24,36 @@ #include #include -/* Common Callback and Method */ -int Renesas_cmn_genMasterSecret(WOLFSSL* ssl, void* ctx); -int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, byte *premaster, - word32 preSz, void* ctx); -int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, +/* Common Callbacks */ +WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(WOLFSSL* ssl, void* ctx); +WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, + byte *premaster, word32 preSz, void* ctx); +WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz, unsigned char* out, word32* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx); -int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, +WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, word32 messageSz, word32 macSz, word32 content); -int wc_CryptoCb_CryptInitRenesascmn(WOLFSSL* ssl, void* ctx); -int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz, - const uint8_t* hash, uint32_t hashSz, const uint8_t* key, uint32_t keySz, - int* result, void* ctx); -int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz, +WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const uint8_t* sig, + uint32_t sigSz, const uint8_t* hash, uint32_t hashSz, + const uint8_t* key, uint32_t keySz, int* result, void* ctx); +WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz, uint8_t** out, const byte* key, uint32_t keySz, void* ctx); +WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, + word32 sz, int padSz, int content, int verify, int epochOrder); +WOLFSSL_LOCAL int Renesas_cmn_usable(const WOLFSSL *ssl, byte seskey_gennerated); +WOLFSSL_LOCAL int Renesas_cmn_SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz, + unsigned char** out, const unsigned char* keyDer, unsigned int keySz, + void* ctx); +WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz, + const unsigned char* hash, unsigned int hashSz, + const unsigned char* keyDer, unsigned int keySz, + int* result, void* ctx); +/* Common Methods */ +int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx); +void wc_CryptoCb_CleanupRenesasCmn(int* id); +int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, + word32 key_n_start, word32 key_n_len, word32 key_e_start, + word32 key_e_len, word32 cm_row); +WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx); #endif /* __RENESAS_CMN_H__ */ \ No newline at end of file diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h b/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h index ea18d4411..c97718eaf 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h @@ -1,4 +1,4 @@ -/* cavium_octeon_sync.h +/* renesas_sync.h * * Copyright (C) 2006-2021 wolfSSL Inc. * @@ -28,8 +28,8 @@ struct WOLFSSL; struct User_SCEPKCbInfo; extern User_SCEPKCbInfo guser_PKCbInfo; -WOLFSSL_API int wc_CryptoCb_CryptInitRenesascmn(struct WOLFSSL* ssl, void* ctx); -WOLFSSL_API void wc_CryptoCb_CleanupRenesascmn(int* id); +WOLFSSL_API int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx); +WOLFSSL_API void wc_CryptoCb_CleanupRenesasCmn(int* id); #endif /* HAVE_RENESAS_SYNC */ #endif /* _RENESAS_SYNC_H_ */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 1a8960d12..551270ffc 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -212,7 +212,7 @@ /* Uncomment next line if using RENESAS RX64N */ /* #define WOLFSSL_RENESAS_RX65N */ -/* Uncomment next line if using RENESAS SCE PROTECT MODE */ +/* Uncomment next line if using RENESAS SCE Protected Mode */ /* #define WOLFSSL_RENESAS_SCEPROTECT */ /* Uncomment next line if using RENESAS RA6M4 */