wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added multi thread use case

Browse Source 
Improve not to use forward declaration struct definition

 - include ssl.h rather than forward declaration struct to resolve struct name
 - to include ssl.h, it needs to avoid cyclic reference for crypt structure. therefore, Sha and Aes definitions are moved to another header file
This commit is contained in:
Hideki Miyazaki
2022-05-27 13:53:25 +09:00
parent 9a256ca002
commit fd885d89eb
14 changed files with 1515 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
View File

@ -14,4 +14,5 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c

344
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
View File

@ -55,10 +55,13 @@
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
extern const st_key_block_data_t g_key_block_data;
user_PKCbInfo guser_PKCbInfo;
uint32_t g_encrypted_root_public_key[140];
static TsipUserCtx userContext;
#if defined(TLS_MULTITHREAD_TEST)
static TsipUserCtx userContext_taskA;
static TsipUserCtx userContext_taskB;
#else
static TsipUserCtx userContext;
#endif
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
static WOLFSSL_CTX* client_ctx;
@ -69,9 +72,60 @@
#define YEAR 2022
#define MON 3
#define FREQ 10000 /* Hz */
#define MAX_MSGSTR 80
static long tick;
static int tmTick;
#if defined(TSIP_CRYPT_UNIT_TEST)
int tsip_crypt_test();
int tsip_crypt_sha_multitest();
int tsip_crypt_AesCbc_multitest();
int tsip_crypt_AesGcm_multitest();
int tsip_crypt_Sha_AesCbcGcm_multitest();
#endif
#if defined(TLS_MULTITHREAD_TEST)
xSemaphoreHandle exit_semaph;
static xSemaphoreHandle Mutex;
#endif
static int msg(const char* pname, int l,
const char * sFormat, ...)
{
int ret = 0;
char buf[MAX_MSGSTR] = {0};
va_list ParamList;
#if defined(TLS_MULTITHREAD_TEST)
xSemaphoreTake(Mutex, portMAX_DELAY);
#endif
va_start(ParamList, sFormat);
printf("[%s][%02d] ", pname, l);
ret = vsnprintf(buf, sizeof(buf), sFormat, ParamList);
printf(buf);
va_end(ParamList);
#if defined(TLS_MULTITHREAD_TEST)
xSemaphoreGive(Mutex);
#endif
return ret;
}
#if defined(TLS_MULTITHREAD_TEST)
static void my_Logging_cb(const int logLevel, const char *const logMessage)
{
(void)logLevel;
msg("custom-log", logLevel, "%s\n", logMessage);
}
#endif
/* time
* returns seconds from EPOCH
*/
@ -98,10 +152,6 @@ double current_time(int reset)
return ((double)tick/FREQ) ;
}
/* --------------------------------------------------------*/
/* Benchmark_demo */
/* --------------------------------------------------------*/
@ -141,7 +191,7 @@ static void CryptTest_demo(void)
/* Tls_client_demo */
/* --------------------------------------------------------*/
#if defined(TLS_CLIENT)
static void Tls_client_init(const char* cipherlist)
static void Tls_client_init()
{
#ifndef NO_FILESYSTEM
@ -165,10 +215,6 @@ static void Tls_client_init(const char* cipherlist)
wolfSSL_Init();
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
/* Create and initialize WOLFSSL_CTX */
if ((client_ctx =
wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
@ -254,33 +300,32 @@ static void Tls_client_init(const char* cipherlist)
return;
}
#endif
/* use specific cipher */
if (cipherlist != NULL &&
wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) !=
WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
printf("client can't set cipher list");
}
}
static void Tls_client()
static void Tls_client(void *pvParam)
{
#define BUFF_SIZE 256
#define ADDR_SIZE 16
int ret;
#if defined(TLS_MULTITHREAD_TEST)
BaseType_t xStatus;
#endif
TestInfo* p = (TestInfo*)pvParam;
WOLFSSL_CTX* ctx = (WOLFSSL_CTX *)client_ctx;
WOLFSSL* ssl;
WOLFSSL* ssl = NULL;
Socket_t socket;
socklen_t socksize = sizeof(struct freertos_sockaddr);
struct freertos_sockaddr PeerAddr;
char addrBuff[ADDR_SIZE] = {0};
static const char sendBuff[]= "Hello Server\n" ;
const char* pcName = p->name;
static const char sendBuff[]= "Hello Server\n" ;
char rcvBuff[BUFF_SIZE] = {0};
if (!p) {
printf("Unexpected error. Thread parameter is null\n");
return;
}
/* create TCP socket */
socket = FreeRTOS_socket(FREERTOS_AF_INET,
@ -294,78 +339,126 @@ static void Tls_client()
/* attempt to connect TLS server */
PeerAddr.sin_addr = FreeRTOS_inet_addr(TLSSERVER_IP);
PeerAddr.sin_port = FreeRTOS_htons(TLSSERVER_PORT);
PeerAddr.sin_port = FreeRTOS_htons(p->port);
ret = FreeRTOS_connect(socket, &PeerAddr, sizeof(PeerAddr));
if (ret != 0) {
printf("ERROR FreeRTOS_connect: %d\n",ret);
msg(pcName, p->id, "ERROR FreeRTOS_connect: %d\n",ret);
ret = -1;
}
#if defined(TLS_MULTITHREAD_TEST)
msg(pcName, p->id, " Ready to connect.\n");
xStatus = xSemaphoreTake(p->xBinarySemaphore, portMAX_DELAY);
if (xStatus != pdTRUE) {
msg(pcName, p->id, " Error : Failed to xSemaphoreTake\n");
goto out;
}
#endif
/* create WOLFSSL object */
if (ret == 0) {
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
printf("ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
msg(pcName, p->id, "ERROR wolfSSL_new: %d\n",
wolfSSL_get_error(ssl, 0));
ret = -1;
}
}
if (ret == 0) {
#ifdef WOLFSSL_RENESAS_TSIP_TLS
tsip_set_callback_ctx(ssl, &userContext);
#if !defined(TLS_MULTITHREAD_TEST)
memset(&userContext, 0, sizeof(TsipUserCtx));
tsip_set_callback_ctx(ssl, &userContext);
#else
if (p->port - TLSSERVER_PORT == 0) {
memset(&userContext_taskA, 0, sizeof(TsipUserCtx));
tsip_set_callback_ctx(ssl, (void*)&userContext_taskA);
}
else {
memset(&userContext_taskB, 0, sizeof(TsipUserCtx));
tsip_set_callback_ctx(ssl, (void*)&userContext_taskB);
}
#endif
#endif
}
msg(pcName, p->id, " Cipher : %s\n", p->cipher);
/* use specific cipher */
if (p->cipher != NULL &&
wolfSSL_set_cipher_list(ssl, p->cipher) != WOLFSSL_SUCCESS) {
ret = -1;
}
if (ret == 0) {
/* associate socket with ssl object */
if (wolfSSL_set_fd(ssl, (int)socket) != WOLFSSL_SUCCESS) {
printf("ERROR wolfSSL_set_fd: %d\n", wolfSSL_get_error(ssl, 0));
msg(pcName, p->id, "ERROR wolfSSL_set_fd: %d\n",
wolfSSL_get_error(ssl, 0));
ret = -1;
}
}
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
if (ret == 0) {
if (wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
printf("ERROR wolfSSL_connect: %d\n", wolfSSL_get_error(ssl, 0));
msg(pcName, p->id, "ERROR wolfSSL_connect: %d\n",
wolfSSL_get_error(ssl, 0));
ret = -1;
}
}
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_OFF();
#endif
if (ret == 0) {
if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) !=
strlen(sendBuff)) {
printf("ERROR wolfSSL_write: %d\n", wolfSSL_get_error(ssl, 0));
msg(pcName, p->id, "ERROR wolfSSL_write: %d\n",
wolfSSL_get_error(ssl, 0));
ret = -1;
}
}
if (ret == 0) {
if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE -1)) < 0) {
printf("ERROR wolfSSL_read: %d\n", wolfSSL_get_error(ssl, 0));
msg(pcName, p->id, "ERROR wolfSSL_read: %d\n",
wolfSSL_get_error(ssl, 0));
ret = -1;
}
else {
rcvBuff[ret] = '\0';
printf("Received: %s\n\n", rcvBuff);
msg(pcName, p->id, "Received: %s\n\n", rcvBuff);
ret = 0;
}
}
wolfSSL_shutdown(ssl);
FreeRTOS_shutdown(socket, FREERTOS_SHUT_RDWR);
while(FreeRTOS_recv(socket, rcvBuff, BUFF_SIZE -1, 0) >=0) {
vTaskDelay(250);
out:
if (ssl) {
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
ssl = NULL;
/* reset call backs */
#ifdef WOLFSSL_RENESAS_TSIP_TLS
tsip_set_callbacks(client_ctx);
#endif
}
FreeRTOS_closesocket(socket);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
if (socket) {
FreeRTOS_shutdown(socket, FREERTOS_SHUT_RDWR);
while (FreeRTOS_recv(socket, rcvBuff, BUFF_SIZE -1, 0) >=0) {
vTaskDelay(250);
}
FreeRTOS_closesocket(socket);
socket = NULL;
}
#ifdef TLS_MULTITHREAD_TEST
xSemaphoreGive(exit_semaph);
vTaskDelete(NULL);
#endif
return;
}
@ -376,24 +469,23 @@ static void Tls_client_demo(void)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
#ifdef USE_ECC_CERT
#ifdef USE_ECC_CERT
const char* cipherlist[] = {
#if defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256",
"TLS13-AES128-CCM-SHA256",
#endif
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA256"
};
int cipherlist_sz;
#if defined(WOLFSSL_TLS13)
cipherlist_sz = 2;
#define cipherlist_sz 2
#else
cipherlist_sz = 2;
#define cipherlist_sz 2
#endif
#else
const char* cipherlist[] = {
TestInfo info[cipherlist_sz];
#else
const char* cipherlist[] = {
#if defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256",
"TLS13-AES128-CCM-SHA256",
@ -404,23 +496,29 @@ static void Tls_client_demo(void)
"AES128-SHA256",
"AES256-SHA",
"AES256-SHA256"
};
int cipherlist_sz;
#if defined(WOLFSSL_TLS13)
cipherlist_sz = 2;
#else
cipherlist_sz = 6;
};
#if defined(WOLFSSL_TLS13)
#define cipherlist_sz 2
#else
#define cipherlist_sz 6
#endif
TestInfo info[cipherlist_sz];
#endif
#endif
#else
const char* cipherlist[] = { NULL };
const int cipherlist_sz = 0;
#define cipherlist_sz 1
TestInfo info[cipherlist_sz];
#endif
int i = 0;
#ifdef TLS_MULTITHREAD_TEST
int j = 0;
BaseType_t xReturned;
BaseType_t xHigherPriorityTaskWoken;
xHigherPriorityTaskWoken = pdFALSE;
Mutex = xSemaphoreCreateMutex();
#endif
printf("/*------------------------------------------------*/\n");
printf(" TLS_Client demo\n");
@ -455,16 +553,82 @@ static void Tls_client_demo(void)
#endif /* WOLFSSL_RENESAS_TSIP_TLS && (WOLFSSL_RENESAS_TSIP_VER >=109) */
Tls_client_init();
#ifdef TLS_MULTITHREAD_TEST
exit_semaph = xSemaphoreCreateCounting(cipherlist_sz, 0);
#ifdef DEBUG_WOLFSSL
wolfSSL_SetLoggingCb(my_Logging_cb);
#endif
do {
if(cipherlist_sz > 0 ) printf("cipher : %s\n", cipherlist[i]);
for (j = i; j < (i+2); j++) {
info[j].id = j;
info[j].port = TLSSERVER_PORT + (j%2);
info[j].cipher = cipherlist[j];
info[j].ctx = client_ctx;
info[j].xBinarySemaphore = xSemaphoreCreateBinary();
info[j].log_f = my_Logging_cb;
Tls_client_init(cipherlist[i]);
memset(info[j].name, 0, sizeof(info[j].name));
sprintf(info[j].name, "clt_thd_%s", ((j%2) == 0) ?
"taskA" : "taskB");
Tls_client();
printf(" %s connecting to %d port\n", info[j].name, info[j].port);
xReturned = xTaskCreate(Tls_client, info[j].name,
THREAD_STACK_SIZE, &info[j], 3, NULL);
if (xReturned != pdPASS) {
printf("Failed to create task\n");
}
}
for (j = i; j < (i+2); j++) {
xSemaphoreGiveFromISR(info[j].xBinarySemaphore,
&xHigherPriorityTaskWoken);
}
/* check if all tasks are completed */
for (j = i; j < (i+2); j++) {
if(!xSemaphoreTake(exit_semaph, portMAX_DELAY)) {
printf("a semaphore was not given by a test task.");
}
}
i += 2;
} while (i < cipherlist_sz);
vSemaphoreDelete(exit_semaph);
vSemaphoreDelete(Mutex);
#else
do {
info[i].port = TLSSERVER_PORT;
info[i].cipher = cipherlist[i];
info[i].ctx = client_ctx;
info[i].id = i;
memset(info[i].name, 0, sizeof(info[i].name));
sprintf(info[i].name, "wolfSSL_TLS_client_do(%02d)", i);
Tls_client(&info[i]);
i++;
} while (i < cipherlist_sz);
if (client_ctx) {
wolfSSL_CTX_free(client_ctx);
}
#endif
wolfSSL_Cleanup();
printf("End of TLS_Client demo.\n");
}
#endif /* TLS_CLIENT */
@ -495,6 +659,44 @@ void wolfSSL_demo_task(bool awsIotMqttMode,
Benchmark_demo();
#elif defined(TSIP_CRYPT_UNIT_TEST)
int ret = 0;
if ((ret = wolfCrypt_Init()) != 0) {
printf("wolfCrypt_Init failed %d\n", ret);
}
printf("Start wolf tsip crypt Test\n");
printf(" \n");
printf(" simple crypt test by using TSIP\n");
tsip_crypt_test();
printf(" \n");
printf(" multi sha thread test\n");
tsip_crypt_sha_multitest();
printf(" \n");
printf(" multi aes cbc thread test\n");
tsip_crypt_AesCbc_multitest();
printf(" \n");
printf(" multi aes gcm thread test\n");
tsip_crypt_AesGcm_multitest();
printf(" \n");
printf(" multi sha aescbc aesgcm thread test\n");
tsip_crypt_Sha_AesCbcGcm_multitest();
printf(" \n");
printf("End wolf tsip crypt Test\n");
if ((ret = wolfCrypt_Cleanup()) != 0) {
printf("wolfCrypt_Cleanup failed %d\n", ret);
}
#elif defined(TLS_CLIENT)
Tls_client_demo();

27
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
View File

@ -47,10 +47,8 @@
#include "logging_stack.h"
/* Enable wolfcrypt test demo */
/*#define CRYPT_TEST*/
/*#define CRYPT_TEST */
/* Enable benchmark demo */
/*#define BENCHMARK*/
@ -59,5 +57,28 @@
/* cannot enable with other definition */
#define TLS_CLIENT
/* use multi-thread example */
/* #define TLS_MULTITHREAD_TEST */
#if defined(TLS_MULTITHREAD_TEST) && defined(WOLFSSL_TLS13)
#error "MULTITHREAD_TEST is only available when not set WOLFSSL_TLS13"
#endif
#if defined(TLS_MULTITHREAD_TEST)
#define THREAD_STACK_SIZE (5 * 1024)
#endif
typedef struct tagTestInfo
{
int id;
int port;
char name[32];
const char* cipher;
WOLFSSL_CTX* ctx;
wolfSSL_Logging_cb log_f;
#if defined(TLS_MULTITHREAD_TEST)
SemaphoreHandle_t xBinarySemaphore;
#endif
} TestInfo;
#endif /* WOLFSSL_DEMO_H_ */

1026
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c Normal file
View File

File diff suppressed because it is too large Load Diff

33
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -360,7 +360,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
{
(void)ssl;
(void)ctx;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
@ -370,9 +370,16 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
if (cbInfo == NULL || ssl == NULL) {
return INVALID_DEVID;
}
cbInfo->devId = gdevId++;
/* need exclusive control because of static variable */
if ((tsip_hw_lock()) == 0) {
cbInfo->devId = gdevId++;
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("Failed to lock tsip hw");
return INVALID_DEVID;
}
if (wc_CryptoCb_RegisterDevice(cbInfo->devId,
Renesas_cmn_CryptoDevCb, cbInfo) < 0) {
/* undo devId number */
@ -584,18 +591,17 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
WOLFSSL_ENTER("Renesas_cmn_TlsFinished");
if (Renesas_cmn_usable(ssl, 1)) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateVerifyData(ssl->arrays->tsip_masterSecret,
ret = wc_tsip_generateVerifyData(ssl->arrays->tsip_masterSecret,
side, handshake_hash, hashes);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (Renesas_cmn_usable(ssl, 1)) {
ret = wc_sce_generateVerifyData(ssl->arrays->sce_masterSecret,
side, handshake_hash, hashes);
#endif
}
else
ret = PROTOCOLCB_UNAVAILABLE;
#endif
return ret;
}
@ -659,14 +665,17 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
(void)ctx;
WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
if (Renesas_cmn_usable(ssl, 0)) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, cbInfo->devId);
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
if (Renesas_cmn_usable(ssl, 0)) {
ret = wc_sce_generateSessionKey(ssl, ctx, cbInfo->devId);
} else
ret = PROTOCOLCB_UNAVAILABLE;
ret = wc_sce_generateSessionKey(ssl, ctx, devId);
#endif
}
else {
ret = PROTOCOLCB_UNAVAILABLE;
}
if (ret == 0) {
wolfSSL_CTX_SetEncryptKeysCb(ssl->ctx, Renesas_cmn_EncryptKeys);
wolfSSL_SetEncryptKeysCtx(ssl, ctx);

12
wolfcrypt/src/port/Renesas/renesas_sce_util.c
View File

@ -471,7 +471,7 @@ static uint32_t GetSceCipherSuite(
/* ssl : a pointer to WOLFSSL object */
/* session_key_generated : if session key has been generated */
/* return 1 for usable, 0 for unusable */
WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl,
WOLFSSL_LOCAL int wc_sce_usable(const WOLFSSL *ssl,
uint8_t session_key_generated)
{
WOLFSSL_ENTER("sce_usable");
@ -523,7 +523,7 @@ WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl,
}
/* Generate Hmac by sha256*/
WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(const struct WOLFSSL *ssl,const uint8_t* myInner,
WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(const WOLFSSL *ssl,const uint8_t* myInner,
uint32_t innerSz,const uint8_t* in, uint32_t sz, byte* digest)
{
WOLFSSL_ENTER("sce_Sha256HmacGenerate");
@ -574,7 +574,7 @@ WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(const struct WOLFSSL *ssl,const uint
}
/* Verify hmac */
WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const struct WOLFSSL *ssl,
WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const WOLFSSL *ssl,
const uint8_t* message, uint32_t messageSz,
uint32_t macSz, uint32_t content)
{
@ -595,7 +595,7 @@ WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const struct WOLFSSL *ssl,
return ret;
}
wolfSSL_SetTlsHmacInner((struct WOLFSSL*)ssl, myInner,
wolfSSL_SetTlsHmacInner((WOLFSSL*)ssl, myInner,
(word32)messageSz, (int)content, 1);
ret = R_SCE_SHA256HMAC_VerifyInit(
@ -663,7 +663,7 @@ WOLFSSL_LOCAL int wc_sce_generateVerifyData(const uint8_t *ms, /* master secret
}
/* generate keys for TLS communication */
WOLFSSL_LOCAL int wc_sce_generateSessionKey(struct WOLFSSL *ssl,
WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
User_SCEPKCbInfo* cbInfo, int devId)
{
WOLFSSL_MSG("sce_generateSessionKey()");
@ -1056,7 +1056,7 @@ WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify(
/* store elements for session key generation into ssl->keys.
* return 0 on success, negative value on failure
*/
WOLFSSL_LOCAL int wc_sce_storeKeyCtx(struct WOLFSSL* ssl, User_SCEPKCbInfo* info)
WOLFSSL_LOCAL int wc_sce_storeKeyCtx(WOLFSSL* ssl, User_SCEPKCbInfo* info)
{
int ret = 0;

65
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@ -618,18 +618,18 @@ int wc_tsip_AesGcmEncrypt(
uint8_t* cipherBuf = NULL;
uint8_t* aTagBuf = NULL;
uint8_t* aadBuf = NULL;
const uint8_t* iv_l = NULL;
uint32_t ivSz_l = 0;
tsip_aes_key_index_t key_client_aes;
TsipUserCtx *userCtx;
WOLFSSL_ENTER("wc_tsip_AesGcmEncrypt");
if (aes == NULL || ctx == NULL ||
(sz != 0 && (in == NULL || out == NULL)) ||
if (aes == NULL || ctx == NULL || (ivSz == 0) ||
(sz != 0 && (in == NULL || out == NULL)) ||
(ivSz != 0 && iv == NULL) ||
(ivSz < AESGCM_NONCE_SZ && iv != NULL) || /* Requires 12 bytes of iv */
(authInSz != 0 && authIn == NULL) ||
(authTagSz < AES_BLOCK_SIZE)) {
(authInSz != 0 && authIn == NULL)) {
WOLFSSL_LEAVE("wc_tsip_AesGcmEncrypt", BAD_FUNC_ARG);
return BAD_FUNC_ARG;
}
@ -665,7 +665,7 @@ int wc_tsip_AesGcmEncrypt(
cipherBuf = XMALLOC(cipherBufSz, aes->heap, DYNAMIC_TYPE_AES);
aTagBuf = XMALLOC(TSIP_AES_GCM_AUTH_TAG_SIZE, aes->heap,
DYNAMIC_TYPE_AES);
aadBuf = XMALLOC(authTagSz, aes->heap, DYNAMIC_TYPE_AES);
aadBuf = XMALLOC(authInSz, aes->heap, DYNAMIC_TYPE_AES);
if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL ||
aadBuf == NULL ) {
@ -677,10 +677,11 @@ int wc_tsip_AesGcmEncrypt(
XMEMCPY(plainBuf, in, sz);
ForceZero(cipherBuf, cipherBufSz);
ForceZero(authTag, authTagSz);
XMEMCPY(aadBuf, authIn, min(authInSz, TSIP_AES_GCM_AUTH_TAG_SIZE));
XMEMCPY(aadBuf, authIn, authInSz);
}
if (ret == 0) {
if (ret == 0 &&
userCtx->session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here.
*/
@ -700,6 +701,20 @@ int wc_tsip_AesGcmEncrypt(
WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed");
ret = -1;
}
} else if (userCtx->user_aes128_key_set == 1 ||
userCtx->user_aes256_key_set == 1) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_client_aes, &userCtx->user_aes256_key_index,
sizeof(tsip_aes_key_index_t));
}
else {
XMEMCPY(&key_client_aes, &userCtx->user_aes128_key_index,
sizeof(tsip_aes_key_index_t));
}
iv_l = iv;
ivSz_l = ivSz;
}
if (ret == 0) {
@ -707,11 +722,10 @@ int wc_tsip_AesGcmEncrypt(
/* since generated session key is coupled to iv, no need to pass
* iv init func.
*/
err = initFn(&hdl, &key_client_aes, NULL, 0UL);
err = initFn(&hdl, &key_client_aes, iv_l, ivSz_l);
if (err == TSIP_SUCCESS) {
err = updateFn(&hdl, NULL, NULL, 0UL, (uint8_t*)aadBuf,
min(authInSz, TSIP_AES_GCM_AUTH_TAG_SIZE));
err = updateFn(&hdl, NULL, NULL, 0UL, (uint8_t*)aadBuf, authInSz);
}
if (err == TSIP_SUCCESS) {
err = updateFn(&hdl, plainBuf, cipherBuf, sz, NULL, 0UL);
@ -786,7 +800,7 @@ int wc_tsip_AesGcmDecrypt(
e_tsip_err_t err;
tsip_gcm_handle_t hdl;
uint32_t dataLen = sz;
uint32_t dataLen;
uint32_t plainBufSz;
aesGcmDecInitFn initFn;
@ -797,14 +811,16 @@ int wc_tsip_AesGcmDecrypt(
uint8_t* plainBuf = NULL;
uint8_t* aTagBuf = NULL;
uint8_t* aadBuf = NULL;
const uint8_t* iv_l = NULL;
uint32_t ivSz_l = 0;
tsip_aes_key_index_t key_server_aes;
TsipUserCtx *userCtx;
WOLFSSL_ENTER("wc_tsip_AesGcmDecrypt");
if (aes == NULL || in == NULL || out == NULL || sz == 0 || ctx == NULL ||
(ivSz < AESGCM_NONCE_SZ && iv != NULL) || /* Requires 12 bytes of iv */
iv == 0 ||
(authInSz != 0 && authIn == NULL) ||
(authInSz == 0 && authIn != NULL) ||
(authTagSz != 0 && authTag == NULL) ||
@ -858,7 +874,8 @@ int wc_tsip_AesGcmDecrypt(
XMEMCPY(aadBuf, authIn, authInSz);
}
if (ret == 0) {
if (ret == 0 &&
userCtx->session_key_set == 1) {
/* generate AES-GCM session key. The key stored in
* Aes.ctx.tsip_keyIdx is not used here.
*/
@ -877,13 +894,27 @@ int wc_tsip_AesGcmDecrypt(
WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed");
ret = -1;
}
} else if (userCtx->user_aes128_key_set == 1 ||
userCtx->user_aes256_key_set == 1) {
if (aes->ctx.keySize == 32) {
XMEMCPY(&key_server_aes, &userCtx->user_aes256_key_index,
sizeof(tsip_aes_key_index_t));
}
else {
XMEMCPY(&key_server_aes, &userCtx->user_aes128_key_index,
sizeof(tsip_aes_key_index_t));
}
iv_l = iv;
ivSz_l = ivSz;
}
if (ret == 0) {
/* since key_index has iv and ivSz in it, no need to pass them init
* func. Pass NULL and 0 as 3rd and 4th parameter respectively.
*/
err = initFn(&hdl, &key_server_aes, NULL, 0UL);
err = initFn(&hdl, &key_server_aes, iv_l, ivSz_l);
if (err == TSIP_SUCCESS) {
/* pass only AAD and it's size before passing cipher text */

20
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@ -2120,7 +2120,7 @@ int wc_tsip_EccVerify(
* output 64 bytes premaster secret to "out" buffer.
*/
int wc_tsip_EccSharedSecret(
struct WOLFSSL* ssl,
WOLFSSL* ssl,
ecc_key* otherKey,
unsigned char* pubKeyDer, unsigned int* pubKeySz,
unsigned char* out, unsigned int* outlen,
@ -2177,7 +2177,7 @@ int wc_tsip_EccSharedSecret(
}
WOLFSSL_API void tsip_set_callbacks(struct WOLFSSL_CTX* ctx)
WOLFSSL_API void tsip_set_callbacks(WOLFSSL_CTX* ctx)
{
WOLFSSL_ENTER("tsip_set_callbacks");
wolfSSL_CTX_SetEccVerifyCb(ctx, (CallbackEccVerify)Renesas_cmn_EccVerify);
@ -2210,7 +2210,7 @@ WOLFSSL_API void tsip_set_callbacks(struct WOLFSSL_CTX* ctx)
WOLFSSL_LEAVE("tsip_set_callbacks", 0);
}
WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx)
WOLFSSL_API int tsip_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
{
WOLFSSL_ENTER("tsip_set_callback_ctx");
@ -2302,7 +2302,7 @@ WOLFSSL_LOCAL void tsip_hw_unlock(void)
/* check if tsip tls functions can be used for the cipher */
/* return :1 when tsip can be used , 0 not be used. */
int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated)
int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated)
{
byte cipher0 = ssl->options.cipherSuite0;
byte cipher = ssl->options.cipherSuite;
@ -2582,7 +2582,7 @@ void tsip_inform_user_keys(
/* Sha1Hmac */
int wc_tsip_Sha1HmacGenerate(
const struct WOLFSSL *ssl,
const WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
@ -2639,7 +2639,7 @@ int wc_tsip_Sha1HmacGenerate(
/* Sha256Hmac */
int wc_tsip_Sha256HmacGenerate(
const struct WOLFSSL *ssl,
const WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
@ -2708,7 +2708,7 @@ int wc_tsip_Sha256HmacGenerate(
* Perform SHA1 and SHA256 Hmac verification
*/
int wc_tsip_ShaXHmacVerify(
const struct WOLFSSL *ssl,
const WOLFSSL *ssl,
const byte* message,
word32 messageSz,
word32 macSz,
@ -2756,7 +2756,7 @@ int wc_tsip_ShaXHmacVerify(
return ret;
}
wolfSSL_SetTlsHmacInner((struct WOLFSSL*)ssl, (byte*)myInner,
wolfSSL_SetTlsHmacInner((WOLFSSL*)ssl, (byte*)myInner,
messageSz, content, 1);
ret = initFn(&handle, &wrapped_key);
@ -2818,7 +2818,7 @@ int wc_tsip_generateVerifyData(
/* generate keys for TLS communication */
int wc_tsip_generateSessionKey(
struct WOLFSSL *ssl,
WOLFSSL *ssl,
TsipUserCtx* ctx,
int devId)
{
@ -3051,7 +3051,7 @@ int wc_tsip_generateMasterSecret(
/* store elements for session key generation into ssl->keys.
* return 0 on success, negative value on failure
*/
int wc_tsip_storeKeyCtx(struct WOLFSSL* ssl, TsipUserCtx* userCtx)
int wc_tsip_storeKeyCtx(WOLFSSL* ssl, TsipUserCtx* userCtx)
{
int ret = 0;

2
wolfssl/wolfcrypt/aes.h
View File

@ -106,7 +106,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h>
#endif
#ifdef __cplusplus

1
wolfssl/wolfcrypt/include.am
View File

@ -95,6 +95,7 @@ noinst_HEADERS+= \
wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h \
wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \
wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
if BUILD_CRYPTOAUTHLIB

100
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -26,24 +26,11 @@
#if defined(WOLFSSL_RENESAS_TSIP_IAREWRX)
#include "r_bsp/mcu/all/r_rx_compiler.h"
#include "r_bsp/platform.h"
#else
#include "platform.h"
#include "r_tsip_rx_if.h"
#endif
#include "r_tsip_rx_if.h"
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/visibility.h>
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/ssl.h>
#ifdef __cplusplus
extern "C" {
@ -92,51 +79,6 @@ enum {
TSIP_TEMP_WORK_SIZE = 128,
};
#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
typedef enum {
TSIP_SHA1 = 0,
TSIP_SHA256 = 1,
} TSIP_SHA_TYPE;
typedef enum {
TSIP_RSA2048,
TSIP_RSA4096,
TSIP_ECCP256,
} TSIP_KEY_TYPE;
typedef struct {
byte* msg;
void* heap;
word32 used;
word32 len;
word32 sha_type;
#if defined(WOLF_CRYPTO_CB)
word32 flags;
int devId;
#endif
} wolfssl_TSIP_Hash;
/* RAW hash function APIs are not implemented with TSIP */
#define WOLFSSL_NO_HASH_RAW
typedef wolfssl_TSIP_Hash wc_Sha;
#if !defined(NO_SHA256)
typedef wolfssl_TSIP_Hash wc_Sha256;
#endif
#endif /* NO_SHA */
#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
typedef struct {
tsip_aes_key_index_t tsip_keyIdx;
word32 keySize;
byte setup;
} TSIP_AES_CTX;
#endif
struct WOLFSSL;
struct KeyShareEntry;
@ -260,7 +202,7 @@ typedef struct TsipUserCtx {
*/
tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key;
/* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit)
/* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit)
* got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Should be sent to peer(server) in Client Key Exchange msg.
*/
@ -272,8 +214,14 @@ typedef struct TsipUserCtx {
uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
/* installed key handling */
tsip_aes_key_index_t user_aes256_key_index;
uint8_t user_aes256_key_set:1;
tsip_aes_key_index_t user_aes128_key_index;
uint8_t user_aes128_key_set:1;
/* TSIP defined cipher suite number */
uint32_t tsip_cipher;
uint32_t tsip_cipher;
/* flags */
uint8_t ClientRsaPrivKey_set:1;
@ -463,23 +411,23 @@ WOLFSSL_LOCAL int wc_tsip_generateMasterSecret(
WOLFSSL_LOCAL int wc_tsip_storeKeyCtx(
struct WOLFSSL *ssl,
WOLFSSL *ssl,
TsipUserCtx *userCtx);
WOLFSSL_LOCAL int wc_tsip_generateEncryptPreMasterSecret(
struct WOLFSSL* ssl,
WOLFSSL* ssl,
byte* out,
word32* outSz);
WOLFSSL_LOCAL int wc_tsip_EccSharedSecret(
struct WOLFSSL* ssl,
WOLFSSL* ssl,
struct ecc_key* otherKey,
unsigned char* pubKeyDer, unsigned int* pubKeySz,
unsigned char* out, unsigned int* outlen,
int side, void* ctx);
WOLFSSL_LOCAL int wc_tsip_RsaVerify(
struct WOLFSSL* ssl,
WOLFSSL* ssl,
byte* sig,
word32 sigSz,
byte** out,
@ -488,7 +436,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerify(
void* ctx);
WOLFSSL_LOCAL int wc_tsip_EccVerify(
struct WOLFSSL* ssl,
WOLFSSL* ssl,
const byte* sig, word32 sigSz,
const byte* hash, word32 hashSz,
const byte* key, word32 keySz,
@ -501,19 +449,19 @@ WOLFSSL_LOCAL int wc_tsip_generateVerifyData(
uint8_t* hashes);
WOLFSSL_LOCAL int wc_tsip_AesCbcEncrypt(
struct Aes* aes,
Aes* aes,
byte* out,
const byte* in,
word32 sz);
WOLFSSL_LOCAL int wc_tsip_AesCbcDecrypt(
struct Aes* aes,
Aes* aes,
byte* out,
const byte* in,
word32 sz);
WOLFSSL_LOCAL int wc_tsip_AesGcmEncrypt(
struct Aes* aes, byte* out,
Aes* aes, byte* out,
const byte* in, word32 sz,
byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
@ -521,7 +469,7 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmEncrypt(
void* ctx);
WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt(
struct Aes* aes, byte* out,
Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
@ -529,14 +477,14 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt(
void* ctx);
WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify(
const struct WOLFSSL *ssl,
const WOLFSSL *ssl,
const byte* message,
word32 messageSz,
word32 macSz,
word32 content);
WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate(
const struct WOLFSSL *ssl,
const WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
@ -544,7 +492,7 @@ WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate(
byte* digest);
WOLFSSL_LOCAL int wc_tsip_Sha256HmacGenerate(
const struct WOLFSSL *ssl,
const WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
@ -559,7 +507,7 @@ WOLFSSL_LOCAL int tsip_hw_lock();
WOLFSSL_LOCAL void tsip_hw_unlock( void );
WOLFSSL_LOCAL int tsip_usable(const struct WOLFSSL *ssl,
WOLFSSL_LOCAL int tsip_usable(const WOLFSSL *ssl,
uint8_t session_key_generated);
WOLFSSL_LOCAL void tsip_inform_sflash_signedcacert(
@ -589,7 +537,7 @@ WOLFSSL_LOCAL int wc_tsip_generatePremasterSecret(
word32 preSz);
WOLFSSL_LOCAL int wc_tsip_generateSessionKey(
struct WOLFSSL* ssl,
WOLFSSL* ssl,
TsipUserCtx* ctx,
int devId);

77
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h Normal file
View File

@ -0,0 +1,77 @@
/* renesas-tsip-crypt-types.h
*
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef __RENESAS_TSIP_CRYPT_TYPES_H__
#define __RENESAS_TSIP_CRYPT_TYPES_H__
#include <wolfssl/wolfcrypt/settings.h>
#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
typedef enum {
TSIP_SHA1 = 0,
TSIP_SHA256 = 1,
} TSIP_SHA_TYPE;
typedef enum {
TSIP_RSA2048,
TSIP_RSA4096,
TSIP_ECCP256,
} TSIP_KEY_TYPE;
typedef struct {
byte* msg;
void* heap;
word32 used;
word32 len;
word32 sha_type;
#if defined(WOLF_CRYPTO_CB)
word32 flags;
int devId;
#endif
} wolfssl_TSIP_Hash;
/* RAW hash function APIs are not implemented with TSIP */
#define WOLFSSL_NO_HASH_RAW
typedef wolfssl_TSIP_Hash wc_Sha;
#if !defined(NO_SHA256)
typedef wolfssl_TSIP_Hash wc_Sha256;
#endif
#endif /* NO_SHA */
#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
#include "r_tsip_rx_if.h"
typedef struct {
tsip_aes_key_index_t tsip_keyIdx;
word32 keySize;
byte setup;
} TSIP_AES_CTX;
#endif
#endif /* __RENESAS_TSIP_CRYPT_TYPES_H__ */

2
wolfssl/wolfcrypt/sha.h
View File

@ -107,7 +107,7 @@ enum {
#include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h"
#else
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)

2
wolfssl/wolfcrypt/sha256.h
View File

@ -147,7 +147,7 @@ enum {
#include "wolfssl/wolfcrypt/port/af_alg/afalg_hash.h"
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h"
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
!defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h"