From 7b029d3447e719c772e072dcb4d211b046471399 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 24 Jun 2024 16:26:27 -0700 Subject: [PATCH 01/12] Fixes for building `WOLFSSL_RENESAS_TSIP_CRYPTONLY` and `NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH`. --- wolfcrypt/src/port/Renesas/renesas_common.c | 37 +++-- .../src/port/Renesas/renesas_tsip_util.c | 141 ++++++------------ .../port/Renesas/renesas-tsip-crypt.h | 2 +- wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h | 9 +- .../port/Renesas/renesas_tsip_types.h | 22 +-- 5 files changed, 85 insertions(+), 126 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 4ccc075b15..c2fd6262e3 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -21,34 +21,39 @@ #include -#if defined(WOLFSSL_RENESAS_FSPSM_TLS) \ - || defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) \ - || defined(WOLFSSL_RENESAS_TSIP_TLS) \ - || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) +#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \ + defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) - #include - #define cmn_hw_lock wc_fspsm_hw_lock - #define cmn_hw_unlock wc_fspsm_hw_unlock + + #include + #define cmn_hw_lock wc_fspsm_hw_lock + #define cmn_hw_unlock wc_fspsm_hw_unlock + #elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \ - defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) - #include - #define cmn_hw_lock tsip_hw_lock - #define cmn_hw_unlock tsip_hw_unlock + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + + #include + #define cmn_hw_lock tsip_hw_lock + #define cmn_hw_unlock tsip_hw_unlock - #define FSPSM_ST TsipUserCtx; - #define MAX_FSPSM_CBINDEX 5 + #define FSPSM_ST TsipUserCtx; + #define MAX_FSPSM_CBINDEX 5 #endif #include #include #include +#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY #include +#endif #include #include #include -#include +#include uint32_t g_CAscm_Idx = (uint32_t)-1; /* index of CM table */ static int gdevId = 7890; /* initial dev Id for Crypt Callback */ @@ -59,7 +64,7 @@ static int gdevId = 7890; /* initial dev Id for Crypt Callback */ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) FSPSM_ST *gCbCtx[MAX_FSPSM_CBINDEX]; #elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \ - defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #define FSPSM_ST TsipUserCtx; #define MAX_FSPSM_CBINDEX 5 TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX]; @@ -426,7 +431,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) */ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated) { - int ret; + int ret = 0; #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_usable(ssl, session_key_generated); diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index 842ffb2bda..477f8e8aeb 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -34,11 +34,15 @@ #define WOLFSSL_MISC_INCLUDED #include #endif -#include -#include -#include + +#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY + #include + #include + #include +#endif #include #include + #include #define TSIP_SIGNING_DATA_PREFIX_SZ 64 @@ -171,6 +175,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl, return ret; } #endif /* WOLFSSL_RENESAS_TSIP_TLS */ + #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) /* Set client encrypted public key data. @@ -421,11 +426,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse) WOLFSSL_LEAVE("tsip_Tls13GenEccKeyPair", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* generate shared secret(pre-master secret) * get peer's raw ECDHE public key from KeyShareEntry. * The pre-master secret generated by TSIP is stored into @@ -514,11 +515,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_Tls13GenSharedSecret", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl) { int ret = 0; @@ -543,11 +540,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsip_Tls13DeriveEarlySecret", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* derive handshake secret. * get pre-master secret stored in TsipUserCtx.sharedSecret13Idx. * Derived handshake secret is stored into TsipUserCtx.handshakeSecret13Idx @@ -621,11 +614,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsip_Tls13DeriveHandshakeSecret", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -705,11 +694,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13DeriveClientHandshakeKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -789,11 +774,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13DeriveServerHandshakeKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -881,11 +862,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13DeriveTrafficKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -953,11 +930,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13UpdateClientTrafficKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) { int ret = 0; @@ -1025,11 +998,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsipTls13UpdateServerTrafficKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* Derive the keys for TLS v1.3. * * ssl The WOLFSSL object. @@ -1124,11 +1093,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_Tls13DeriveKeys", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) { int ret = 0; @@ -1198,11 +1163,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl) WOLFSSL_LEAVE("tsip_Tls13DeriveMasterSecret", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* verify handshake * ssl WOLFSSL object * hash buffer holding decrypted finished message content from server. @@ -1288,11 +1249,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsipTls13VerifyHandshake", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* handles finished message from server. * verify hmac in the message. Also output verify data to * TsipUserCtx.verifyDataIdx, which is used for deriving master secret. @@ -1334,11 +1291,7 @@ WOLFSSL_LOCAL int tsip_Tls13HandleFinished( WOLFSSL_LEAVE("tsip_Tls13HandleFinished", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* Build TLS v1.3 Message and make it encrypted with AEAD algorithm. * TSIP supports AES-GCM and AES-CCM. * ssl The WOLFSSL object. @@ -1434,11 +1387,7 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_Tls13BuildMessage", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ - - -#if defined(WOLFSSL_TLS13) /* Send finished message to the server. * * ssl WOLFSSL object @@ -1501,9 +1450,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished( WOLFSSL_LEAVE("tsip_Tls13SendFinished", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ -#if defined(WOLFSSL_TLS13) /* Parse and handle a TLS v1.3 CertificateVerify message sent from a server. * * ssl WOLFSSL object @@ -1644,9 +1591,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, WOLFSSL_LEAVE("tsip_Tls13CertificateVerify", ret); return ret; } -#endif /* WOLFSSL_TLS13 */ -#if defined(WOLFSSL_TLS13) /* Send the TLS v1.3 CertificateVerify message. A part of the message is * processed by TSIP for acceleration. * @@ -1927,6 +1872,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) #endif /* WOLFSSL_TLS13 */ #endif /* WOLFSSL_RENESAS_TSIP_TLS */ + #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109) static uint32_t GetTsipCipherSuite( @@ -2545,41 +2491,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) WOLFSSL_LEAVE("tsipImportPublicKey", ret); return ret; } -/* -* lock hw engine. -* this should be called before using engine. -*/ -WOLFSSL_LOCAL int tsip_hw_lock(void) -{ - int ret = 0; - - if (tsip_CryptHwMutexInit_ == 0) { - - ret = tsip_CryptHwMutexInit(&tsip_mutex); - - if (ret == 0) { - tsip_CryptHwMutexInit_ = 1; - } - else { - WOLFSSL_MSG(" mutex initialization failed."); - return -1; - } - } - if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) { - /* this should not happens */ - return -1; - } - - return ret; -} -/* -* release hw engine -*/ -WOLFSSL_LOCAL void tsip_hw_unlock(void) -{ - tsip_CryptHwMutexUnLock(&tsip_mutex); -} #if defined(WOLFSSL_RENESAS_TSIP_TLS) /* check if tsip tls functions can be used for the cipher */ /* return :1 when tsip can be used , 0 not be used. */ @@ -2678,6 +2590,41 @@ int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated) } #endif /* WOLFSSL_RENESAS_TSIP_TLS */ +/* +* lock hw engine. +* this should be called before using engine. +*/ +WOLFSSL_LOCAL int tsip_hw_lock(void) +{ + int ret = 0; + + if (tsip_CryptHwMutexInit_ == 0) { + + ret = tsip_CryptHwMutexInit(&tsip_mutex); + + if (ret == 0) { + tsip_CryptHwMutexInit_ = 1; + } + else { + WOLFSSL_MSG(" mutex initialization failed."); + return -1; + } + } + if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) { + /* this should not happens */ + return -1; + } + + return ret; +} + +/* +* release hw engine +*/ +WOLFSSL_LOCAL void tsip_hw_unlock(void) +{ + tsip_CryptHwMutexUnLock(&tsip_mutex); +} /* open TSIP driver * return 0 on success. diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index 43030a2cb3..a4a25cf080 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -372,7 +372,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl, #endif #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) -WOLFSSL_API int tsip_use_PubicKey_buffer_crypt(TsipUserCtx *uc, +WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc, const char* keyBuf, int keyBufLen, int keyType); WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc, const char* keyBuf, int keyBufLen, int keyType); diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h index e269115572..6efcb4a4a9 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h @@ -21,6 +21,8 @@ #ifndef __RENESAS_CMN_H__ #define __RENESAS_CMN_H__ +#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY + #include #include @@ -69,8 +71,6 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigne /* Common Methods */ WOLFSSL_LOCAL void* Renesas_cmn_GetCbCtxBydevId(int devId); -int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx); -void wc_CryptoCb_CleanupRenesasCmn(int* id); int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start, word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row); @@ -80,4 +80,9 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, const byte *handshake_hash, word32 hashSz, byte *hashes, void* ctx); WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx); +#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ + +int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx); +void wc_CryptoCb_CleanupRenesasCmn(int* id); + #endif /* __RENESAS_CMN_H__ */ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h index d340a1d3f7..b1a1c76e7b 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h @@ -33,12 +33,6 @@ typedef enum { TSIP_SHA256 = 1, } TSIP_SHA_TYPE; -typedef enum { - TSIP_RSA2048, - TSIP_RSA4096, - TSIP_ECCP256, -} TSIP_KEY_TYPE; - typedef struct { byte* msg; void* heap; @@ -54,16 +48,24 @@ typedef struct { /* RAW hash function APIs are not implemented with TSIP */ #define WOLFSSL_NO_HASH_RAW +#ifndef NO_SHA typedef wolfssl_TSIP_Hash wc_Sha; - -#if !defined(NO_SHA256) +#endif +#ifndef NO_SHA256 typedef wolfssl_TSIP_Hash wc_Sha256; #endif -#endif /* NO_SHA */ +#endif /* !NO_SHA || !NO_SHA256 */ + + +typedef enum { + TSIP_RSA2048, + TSIP_RSA4096, + TSIP_ECCP256, +} TSIP_KEY_TYPE; -#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) ||\ +#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) || \ defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #include "r_tsip_rx_if.h" From e81e18859b5e805a774c514814635b2f85e33ed1 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 25 Jun 2024 16:16:05 -0700 Subject: [PATCH 02/12] Support for Renesas RX TSIP with ECDSA and Crypto Callbacks. Fix building ECC with NO_ASN (`./configure --enable-cryptonly --disable-rsa --disable-asn --disable-examples`). --- configure.ac | 5 -- wolfcrypt/benchmark/benchmark.c | 6 +- wolfcrypt/src/ecc.c | 73 ++++++++++++++----- wolfcrypt/src/port/Renesas/renesas_common.c | 8 +- wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c | 6 +- .../src/port/Renesas/renesas_tsip_util.c | 6 +- wolfcrypt/test/test.c | 47 +++++++----- .../port/Renesas/renesas-tsip-crypt.h | 2 +- .../port/Renesas/renesas_tsip_types.h | 2 + 9 files changed, 104 insertions(+), 51 deletions(-) diff --git a/configure.ac b/configure.ac index 8f1f085910..49ffb9cbc0 100644 --- a/configure.ac +++ b/configure.ac @@ -4742,11 +4742,6 @@ then AC_MSG_ERROR([please disable dsa if disabling asn.]) fi -if test "x$ENABLED_ECC" != "xno" && test "x$ENABLED_ASN" = "xno" -then - AC_MSG_ERROR([please disable ecc if disabling asn.]) -fi - # No Big Int (ASN, DSA, RSA, DH, ECC and compatibility layer need bigint) if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = "no" && \ test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && \ diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 48effdaf09..4bff13a23c 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -10617,11 +10617,15 @@ void bench_ecc(int useDeviceID, int curveId) BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT); #endif +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) /* old scan-build misfires -Wmaybe-uninitialized on these. */ XMEMSET(sig, 0, sizeof(sig)); XMEMSET(digest, 0, sizeof(digest)); - XMEMSET(shared, 0, sizeof(shared)); +#endif +#ifdef HAVE_ECC_DHE + XMEMSET(shared, 0, sizeof(shared)); +#endif WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, sizeof(ecc_key), HEAP_HINT); diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ee1e7b7dbb..834e69cfd2 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -6395,9 +6395,6 @@ static int wc_ecc_get_curve_order_bit_count(const ecc_set_type* dp) #ifdef HAVE_ECC_SIGN -#ifndef NO_ASN - - #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) || \ defined(WOLFSSL_SILABS_SE_ACCEL) || defined(WOLFSSL_KCAPI_ECC) || \ @@ -6722,6 +6719,9 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, DECL_MP_INT_SIZE_DYN(r, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); DECL_MP_INT_SIZE_DYN(s, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); #endif +#ifdef NO_ASN + word32 keySz; +#endif if (in == NULL || out == NULL || outlen == NULL || key == NULL) { return ECC_BAD_ARG_E; @@ -6758,17 +6758,17 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, #else NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); -#ifdef MP_INT_SIZE_CHECK_NULL + #ifdef MP_INT_SIZE_CHECK_NULL if (r == NULL) return MEMORY_E; -#endif + #endif NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); -#ifdef MP_INT_SIZE_CHECK_NULL + #ifdef MP_INT_SIZE_CHECK_NULL if (s == NULL) { FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); return MEMORY_E; } -#endif + #endif err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key)); if (err != 0) { @@ -6800,8 +6800,26 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, return err; } +#ifndef NO_ASN /* encoded with DSA header */ err = StoreECC_DSA_Sig(out, outlen, r, s); +#else + /* No support for DSA ASN.1 header. + * Signature will be r+s directly. */ + keySz = 0; + if (key->dp != NULL) { + keySz = (word32)key->dp->size; + } + if (keySz <= 0) { + WOLFSSL_MSG("Error: ECDSA sign raw signature size"); + return WC_NO_ERR_TRACE(ECC_BAD_ARG_E); + } + *outlen = keySz * 2; + + /* Export signature into r,s */ + mp_to_unsigned_bin_len(r, out, keySz); + mp_to_unsigned_bin_len(s, out + keySz, keySz); +#endif /* !NO_ASN */ /* cleanup */ mp_clear(r); @@ -6813,7 +6831,6 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, return err; #endif /* !WOLF_CRYPTO_CB_ONLY_ECC */ } -#endif /* !NO_ASN */ #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) @@ -8423,7 +8440,6 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, #ifdef HAVE_ECC_VERIFY -#ifndef NO_ASN /* verify * * w = s^-1 mod n @@ -8461,6 +8477,9 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, #ifdef WOLFSSL_ASYNC_CRYPT int isPrivateKeyOnly = 0; #endif +#ifdef NO_ASN + word32 keySz; +#endif if (sig == NULL || hash == NULL || res == NULL || key == NULL) { return ECC_BAD_ARG_E; @@ -8493,18 +8512,20 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, r = key->r; s = key->s; #else - NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); -#ifdef MP_INT_SIZE_CHECK_NULL + NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, + DYNAMIC_TYPE_ECC); + #ifdef MP_INT_SIZE_CHECK_NULL if (r == NULL) return MEMORY_E; -#endif - NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); -#ifdef MP_INT_SIZE_CHECK_NULL + #endif + NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, + DYNAMIC_TYPE_ECC); + #ifdef MP_INT_SIZE_CHECK_NULL if (s == NULL) { FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); return MEMORY_E; } -#endif + #endif err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key)); if (err != 0) { FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC); @@ -8527,6 +8548,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, /* default to invalid signature */ *res = 0; + #ifndef NO_ASN /* Decode ASN.1 ECDSA signature. */ #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s. @@ -8541,6 +8563,24 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, if (err < 0) { break; } + #else + /* No support for DSA ASN.1 header. + * Signature must be r+s directly. */ + keySz = 0; + if (key->dp != NULL) { + keySz = (word32)key->dp->size; + } + if (siglen != keySz * 2) { + WOLFSSL_MSG("Error: ECDSA Verify raw signature size"); + return WC_NO_ERR_TRACE(ECC_BAD_ARG_E); + } + + /* Import signature into r,s */ + mp_init(r); + mp_init(s); + mp_read_unsigned_bin(r, sig, keySz); + mp_read_unsigned_bin(s, sig + keySz, keySz); + #endif /* !NO_ASN */ FALL_THROUGH; case ECC_STATE_VERIFY_DO: @@ -8600,7 +8640,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, return err; #endif /* !WOLF_CRYPTO_CB_ONLY_ECC */ } -#endif /* !NO_ASN */ #ifndef WOLF_CRYPTO_CB_ONLY_ECC @@ -9089,7 +9128,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, keySz = (word32)key->dp->size; #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ - defined(WOLFSSL_ASYNC_CRYPT_SW) + defined(WOLFSSL_ASYNC_CRYPT_SW) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_ECC_VERIFY)) { WC_ASYNC_SW* sw = &key->asyncDev.sw; diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index c2fd6262e3..159aa33ef5 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -172,8 +172,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->algo_type, cbInfo->session_key_set); #endif -#if defined(WOLFSSL_RENESAS_TSIP) \ - || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) +#if defined(WOLFSSL_RENESAS_TSIP) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) ret = CRYPTOCB_UNAVAILABLE; if (info->algo_type == WC_ALGO_TYPE_CIPHER) { @@ -273,8 +273,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } #endif /* HAVE_ECC */ } -#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\ - defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) +#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) if (info->algo_type == WC_ALGO_TYPE_CIPHER) { diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c index 1da7869ebc..c4e5883a53 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c @@ -209,11 +209,11 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) } if (ret == 0) { - if (tuc->sing_hash_type == md5_mac) + if (tuc->sign_hash_type == md5_mac) tsip_hash_type = R_TSIP_RSA_HASH_MD5; - else if (tuc->sing_hash_type == sha_mac) + else if (tuc->sign_hash_type == sha_mac) tsip_hash_type = R_TSIP_RSA_HASH_SHA1; - else if (tuc->sing_hash_type == sha256_mac) + else if (tuc->sign_hash_type == sha256_mac) tsip_hash_type = R_TSIP_RSA_HASH_SHA256; else ret = CRYPTOCB_UNAVAILABLE; diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index 477f8e8aeb..f2658ab56d 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -3652,11 +3652,11 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) (void)ssl; if (ret == 0) { - if (tuc->sing_hash_type == md5_mac) + if (tuc->sign_hash_type == md5_mac) tsip_hash_type = R_TSIP_RSA_HASH_MD5; - else if (tuc->sing_hash_type == sha_mac) + else if (tuc->sign_hash_type == sha_mac) tsip_hash_type = R_TSIP_RSA_HASH_SHA1; - else if (tuc->sing_hash_type == sha256_mac) + else if (tuc->sign_hash_type == sha256_mac) tsip_hash_type = R_TSIP_RSA_HASH_SHA256; else ret = CRYPTOCB_UNAVAILABLE; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 68a5538623..692c846603 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -28679,12 +28679,10 @@ typedef struct eccVector { const char* curveName; word32 msgLen; word32 keySize; -#ifndef NO_ASN const byte* r; word32 rSz; const byte* s; word32 sSz; -#endif } eccVector; #if !defined(WOLF_CRYPTO_CB_ONLY_ECC) @@ -28736,13 +28734,14 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector) if (ret != 0) goto done; +#if !defined(NO_ASN) XMEMSET(sig, 0, ECC_SIG_SIZE); sigSz = ECC_SIG_SIZE; ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz); if (ret != 0) goto done; -#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_SELFTEST) XMEMSET(sigRaw, 0, ECC_SIG_SIZE); sigRawSz = ECC_SIG_SIZE; ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz, @@ -28762,7 +28761,17 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector) ret = WC_TEST_RET_ENC_NC; goto done; } -#endif +#endif /* !HAVE_SELFTEST */ +#else + /* Signature will be R+S directly */ + /* Make sure and zero pad if r or s is less than key size */ + XMEMSET(sig, 0, ECC_SIG_SIZE); + sigSz = vector->keySize * 2; + XMEMCPY(sig + (vector->keySize - vector->rSz), + vector->r, vector->rSz); + XMEMCPY(sig + vector->keySize + (vector->keySize - vector->sSz), + vector->s, vector->sSz); +#endif /* !NO_ASN */ #ifdef HAVE_ECC_VERIFY do { @@ -28850,14 +28859,12 @@ static wc_test_ret_t ecc_test_vector(int keySize) vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; vec.curveName = "SECP192R1"; - #ifndef NO_ASN vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55" "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e"; vec.rSz = 24; vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc" "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41"; vec.sSz = 24; - #endif break; #endif /* HAVE_ECC192 */ @@ -28886,7 +28893,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7"; vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b"; vec.curveName = "SECP224R1"; - #ifndef NO_ASN vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47" "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe" "\xbc\x16\x71\xa7"; @@ -28895,7 +28901,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe" "\x6a\xf3\xad\x5b"; vec.sSz = 28; - #endif break; #endif /* HAVE_ECC224 */ @@ -28928,7 +28933,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c"; vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248"; - #ifndef NO_ASN vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9" "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89" "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c"; @@ -28937,7 +28941,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03" "\x5a\x21\x48\xae\x32\xe3\xa2\x48"; vec.sSz = 32; - #endif vec.curveName = "SECP256R1"; break; #endif /* !NO_ECC256 */ @@ -28972,7 +28975,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7"; vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907"; vec.curveName = "SECP384R1"; - #ifndef NO_ASN vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff" "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d" "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda" @@ -28983,7 +28985,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21" "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07"; vec.sSz = 48; - #endif break; #endif /* HAVE_ECC384 */ @@ -29017,7 +29018,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be"; vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c"; vec.curveName = "SECP521R1"; - #ifndef NO_ASN vec.r = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78" "\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b" "\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f" @@ -29032,7 +29032,6 @@ static wc_test_ret_t ecc_test_vector(int keySize) "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c" "\x3d\x22\xf2\x48\x0c"; vec.sSz = 65; - #endif break; #endif /* HAVE_ECC521 */ default: @@ -29625,6 +29624,15 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) #ifdef HAVE_ECC_VERIFY int verify = 0; #endif +#ifdef NO_ASN + /* private d for eccKeyDerFile / ecc_key_der_256 */ + const byte keyPriv[] = { + 0x45, 0xB6, 0x69, 0x02, 0x73, 0x9C, 0x6C, 0x85, + 0xA1, 0x38, 0x5B, 0x72, 0xE8, 0xE8, 0xC7, 0xAC, + 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04, 0xFA, 0x6C, + 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C + }; +#endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if ((key == NULL) || @@ -29679,6 +29687,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) ERROR_OUT(WC_TEST_RET_ENC_NC, done); } +#ifndef NO_ASN x = 0; ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz); if (ret != 0) @@ -29704,6 +29713,10 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) } #endif /* HAVE_ECC_KEY_EXPORT */ +#else + /* Load raw private d directly */ + ret = wc_ecc_import_private_key(keyPriv, sizeof(keyPriv), NULL, 0, key); +#endif /* !NO_ASN */ ret = wc_ecc_make_pub(NULL, NULL); if (ret == 0) { @@ -29723,7 +29736,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); -#endif +#endif /* !WOLFSSL_CRYPTOCELL */ TEST_SLEEP(); #ifdef HAVE_ECC_KEY_EXPORT @@ -31183,7 +31196,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng) #else ecc_key key[1]; #endif -#if !defined(NO_ECC_SECP) && \ +#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \ ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \ (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT))) word32 idx = 0; @@ -31236,7 +31249,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng) (void)rng; #endif /* !WC_NO_RNG */ -#if !defined(NO_ECC_SECP) && \ +#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \ ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \ (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT))) /* Use test ECC key - ensure real private "d" exists */ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index a4a25cf080..0524e97fd5 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -260,7 +260,7 @@ typedef struct TsipUserCtx { /* sign/verify hash type : * md5, sha1 or sha256 */ - int sing_hash_type; + int sign_hash_type; /* flags shows status if tsip keys are installed */ union { diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h index b1a1c76e7b..e513fcd768 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h @@ -60,8 +60,10 @@ typedef wolfssl_TSIP_Hash wc_Sha256; typedef enum { TSIP_RSA2048, + TSIP_RSA3072, TSIP_RSA4096, TSIP_ECCP256, + TSIP_ECCP384, } TSIP_KEY_TYPE; From 73a1938e899e45db6c0d8f1e5ef7c2ee5ce66387 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 26 Jun 2024 16:01:18 -0700 Subject: [PATCH 03/12] Added Renesas RX TSIP ECDSA Verify Crypto callback. --- .../wolfssl_demo/wolfssl_tsip_unit_test.c | 93 +++++---- wolfcrypt/src/port/Renesas/renesas_common.c | 122 ++++++------ wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c | 46 ++--- .../src/port/Renesas/renesas_tsip_util.c | 184 +++++++++++++----- .../port/Renesas/renesas-tsip-crypt.h | 178 +++++++++-------- wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h | 2 +- .../port/Renesas/renesas_tsip_types.h | 12 +- 7 files changed, 372 insertions(+), 265 deletions(-) diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c index f89b48cf15..3630fceb83 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c @@ -107,7 +107,6 @@ typedef struct tagInfo void Clr_CallbackCtx(TsipUserCtx *g) { - if (g->rsa1024pri_keyIdx != NULL) XFREE(g->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -139,7 +138,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key) byte plain[AES_BLOCK_SIZE]; int ret = 0; - WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, @@ -154,7 +153,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key) if (prnt) { printf(" tsip_aes_cbc_test() "); } - + ret = wc_AesInit(aes, NULL, INVALID_DEVID); if (ret == 0) { ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); @@ -196,7 +195,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key) if (prnt) { RESULT_STR(ret) } - + return ret; } @@ -205,7 +204,7 @@ static void tskAes128_Cbc_Test(void *pvParam) { int ret = 0; Info *p = (Info*)pvParam; - + while (exit_loop == false) { ret = tsip_aes_cbc_test(0, &p->aes_key); vTaskDelay(10/portTICK_PERIOD_MS); @@ -257,7 +256,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key) if (prnt) printf(" tsip_aes256_test() "); - + if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) { ret = -1; goto out; @@ -315,7 +314,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key) if (prnt) { RESULT_STR(ret) } - + return ret; } #ifdef FREERTOS @@ -323,7 +322,7 @@ static void tskAes256_Cbc_Test(void *pvParam) { int ret = 0; Info *p = (Info*)pvParam; - + while (exit_loop == false) { ret = tsip_aes256_test(0, &p->aes_key); vTaskDelay(10/portTICK_PERIOD_MS); @@ -345,8 +344,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) Aes enc[1]; Aes dec[1]; TsipUserCtx userContext; - - + + /* * This is Test Case 16 from the document Galois/ * Counter Mode of Operation (GCM) by McGrew and @@ -416,7 +415,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) if (prnt) { printf(" tsip_aes256_gcm_test() "); } - + ForceZero(resultT, sizeof(resultT)); ForceZero(resultC, sizeof(resultC)); ForceZero(resultP, sizeof(resultP)); @@ -443,8 +442,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) } /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), - (byte*)iv1, sizeof(iv1), resultT, sizeof(resultT), + result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), + (byte*)iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a), &userContext); if (result != 0) { @@ -461,7 +460,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) } result = wc_tsip_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), - iv1, sizeof(iv1), resultT, sizeof(resultT), + iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a), &userContext); if (result != 0){ ret = -8; @@ -479,7 +478,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) wc_AesGcmSetKey(enc, k1, sizeof(k1)); /* AES-GCM encrypt and decrypt both use AES encrypt internally */ result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1), - resultT + 1, sizeof(resultT) - 1, + resultT + 1, sizeof(resultT) - 1, a, sizeof(a), &userContext); if (result != 0) { ret = -10; @@ -487,7 +486,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) } result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(p), - iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, + iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, a, sizeof(a), &userContext); if (result != 0) { @@ -504,11 +503,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key) out: wc_AesFree(enc); wc_AesFree(dec); - + if (prnt) { RESULT_STR(ret) } - + return ret; } #ifdef FREERTOS @@ -516,7 +515,7 @@ static void tskAes256_Gcm_Test(void *pvParam) { int ret = 0; Info *p = (Info*)pvParam; - + while (exit_loop == false) { ret = tsip_aesgcm256_test(0, &p->aes_key); vTaskDelay(10/portTICK_PERIOD_MS); @@ -616,16 +615,16 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key) enc->ctx.keySize = enc->keylen; } /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), + result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3), - resultT, sizeof(t3), + resultT, sizeof(t3), a3, sizeof(a3), &userContext); if (result != 0) { ret = -4; goto out; } result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3), - iv3, sizeof(iv3), resultT, sizeof(resultT), + iv3, sizeof(iv3), resultT, sizeof(resultT), a3, sizeof(a3), &userContext); if (result != 0) { ret = -5; @@ -641,11 +640,11 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key) out: wc_AesFree(enc); wc_AesFree(dec); - + if (prnt) { RESULT_STR(ret) } - + return ret; } #ifdef FREERTOS @@ -812,7 +811,7 @@ int tsip_crypt_sha_multitest() int num = 0; int i; BaseType_t xRet; - + #ifndef NO_SHA num++; #endif @@ -825,14 +824,14 @@ int tsip_crypt_sha_multitest() exit_semaph = xSemaphoreCreateCounting(num, 0); xRet = pdPASS; - + #ifndef NO_SHA - xRet = xTaskCreate(tskSha_Test, "sha_test", + xRet = xTaskCreate(tskSha_Test, "sha_test", SMALL_STACK_SIZE, NULL, 3, NULL); #endif #ifndef NO_SHA256 if (xRet == pdPASS) - xRet = xTaskCreate(tskSha256_Test, "sha256_test", + xRet = xTaskCreate(tskSha256_Test, "sha256_test", SMALL_STACK_SIZE, NULL, 3, NULL); #endif @@ -849,15 +848,15 @@ int tsip_crypt_sha_multitest() } } } - + vSemaphoreDelete(exit_semaph); - + if ((xRet == pdPASS) && (sha_multTst_rslt == 0 && sha256_multTst_rslt == 0)) ret = 0; else ret = -1; - + RESULT_STR(ret) return ret; @@ -874,7 +873,7 @@ int tsip_crypt_AesCbc_multitest() Info info_aes256_1; Info info_aes256_2; BaseType_t xRet; - + #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) num+=2; #endif @@ -887,7 +886,7 @@ int tsip_crypt_AesCbc_multitest() exit_semaph = xSemaphoreCreateCounting(num, 0); xRet = pdPASS; - + #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1, sizeof(tsip_aes_key_index_t)); @@ -916,7 +915,7 @@ int tsip_crypt_AesCbc_multitest() xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2", SMALL_STACK_SIZE, &info_aes256_2, 3, NULL); #endif - + if (xRet == pdPASS) { printf(" Waiting for completing tasks ..."); vTaskDelay(10000/portTICK_PERIOD_MS); @@ -930,7 +929,7 @@ int tsip_crypt_AesCbc_multitest() } } } - + vSemaphoreDelete(exit_semaph); if ((xRet == pdPASS) && @@ -955,7 +954,7 @@ int tsip_crypt_AesGcm_multitest() Info info_aes256_1; Info info_aes256_2; BaseType_t xRet; - + #if defined(WOLFSSL_AES_128) num+=2; #endif @@ -1010,7 +1009,7 @@ int tsip_crypt_AesGcm_multitest() } } } - + vSemaphoreDelete(exit_semaph); if ((xRet == pdPASS) && @@ -1032,7 +1031,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest() Info info_aes256cbc; Info info_aes256gcm; BaseType_t xRet; - + #ifndef NO_SHA num++; #endif @@ -1051,7 +1050,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest() exit_semaph = xSemaphoreCreateCounting(num, 0); xRet = pdPASS; - + #ifndef NO_SHA xRet = xTaskCreate(tskSha_Test, "sha_test", SMALL_STACK_SIZE, NULL, 3, NULL); @@ -1069,7 +1068,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest() XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2, sizeof(tsip_aes_key_index_t)); if (xRet == pdPASS) - xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", + xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", STACK_SIZE, &info_aes256gcm, 3, NULL); #endif @@ -1086,9 +1085,9 @@ int tsip_crypt_Sha_AesCbcGcm_multitest() } } } - + vSemaphoreDelete(exit_semaph); - + if (xRet == pdPASS && sha_multTst_rslt == 0 && (Aes256_Cbc_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0)) { ret = 0; @@ -1096,7 +1095,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest() else { ret = -1; } - + RESULT_STR(ret) return ret; @@ -1158,11 +1157,10 @@ int tsip_crypt_test() ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1); } - #if defined(WOLFSSL_KEY_GEN)&& \ + #if defined(WOLFSSL_KEY_GEN) && \ defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) if (ret == 0) { - Clr_CallbackCtx(&userContext); ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &userContext); @@ -1172,11 +1170,10 @@ int tsip_crypt_test() } if (ret == 0) { - printf(" tsip_rsa_SignVerify_test(1024)"); userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024; - userContext.sing_hash_type = sha256_mac; + userContext.sign_hash_type = sha256_mac; userContext.keyflgs_crypt.bits.message_type = 0; ret = tsip_rsa_SignVerify_test(1, 1024); @@ -1189,7 +1186,7 @@ int tsip_crypt_test() printf(" tsip_rsa_SignVerify_test(2048)"); userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048; - userContext.sing_hash_type = sha256_mac; + userContext.sign_hash_type = sha256_mac; userContext.keyflgs_crypt.bits.message_type = 0; ret = tsip_rsa_SignVerify_test(1, 2048); diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 159aa33ef5..f6f00357cf 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -73,7 +73,7 @@ TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX]; #include -WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl) +WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl) { int ret = 0; WOLFSSL_ENTER("Renesas_cmn_Cleanup"); @@ -116,11 +116,9 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCheckCb(WOLFSSL* ssl, int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); WOLFSSL_ENTER("Renesas_cmn_RsaSignCheckCb"); - #if defined(WOLFSSL_RENESAS_TSIP) - - return tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx); - - #endif /* WOLFSSL_RENESAS_TSIP */ +#if defined(WOLFSSL_RENESAS_TSIP) + ret = tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx); +#endif /* WOLFSSL_RENESAS_TSIP */ WOLFSSL_LEAVE("Renesas_cmn_RsaSignCheckCb", ret); return ret; @@ -156,29 +154,31 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) WOLFSSL_ENTER("Renesas_cmn_CryptoDevCb"); -#if defined(WOLFSSL_RENESAS_TSIP_TLS) \ - || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) - TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; +#if defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ - defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; #endif if (info == NULL || ctx == NULL) return BAD_FUNC_ARG; -#ifdef DEBUG_WOLFSSL +#if defined(DEBUG_WOLFSSL) printf("CryptoDevCb: Algo Type %d session key set: %d\n", info->algo_type, cbInfo->session_key_set); #endif +#if defined(DEBUG_CRYPTOCB) + wc_CryptoCb_InfoString(info); +#endif #if defined(WOLFSSL_RENESAS_TSIP) || \ defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) ret = CRYPTOCB_UNAVAILABLE; if (info->algo_type == WC_ALGO_TYPE_CIPHER) { - - #if !defined(NO_AES) || !defined(NO_DES3) + #if !defined(NO_AES) #ifdef HAVE_AESGCM if (info->cipher.type == WC_CIPHER_AES_GCM #ifdef WOLFSSL_RENESAS_TSIP_TLS @@ -241,44 +241,51 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } } #endif /* HAVE_AES_CBC */ - #endif /* !NO_AES || !NO_DES3 */ - } - #if defined(WOLFSSL_KEY_GEN) - if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && - (info->pk.rsakg.size == 1024 || - info->pk.rsakg.size == 2048)) { - ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); + #endif /* !NO_AES */ } - #endif - /* Is called for signing - * Can handle only RSA PkCS#1v1.5 padding scheme here. - */ if (info->algo_type == WC_ALGO_TYPE_PK) { - #if !defined(NO_RSA) - if (info->pk.type == WC_PK_TYPE_RSA) { - if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) { - ret = tsip_SignRsaPkcs(info, ctx); - } - #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) - else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) { - ret = wc_tsip_RsaVerifyPkcs(info, ctx); - } - #endif + #if !defined(NO_RSA) + #if defined(WOLFSSL_KEY_GEN) + if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && + (info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) { + ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); } - #endif /* NO_RSA */ - #if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS) - else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { + #endif + + /* RSA Signing + * Can handle only RSA PkCS#1v1.5 padding scheme here. + */ + if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) { + ret = tsip_SignRsaPkcs(info, ctx); + } + #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + /* RSA Verify */ + if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) { + ret = wc_tsip_RsaVerifyPkcs(info, ctx); + } + #endif + #endif /* !NO_RSA */ + + #if defined(HAVE_ECC) + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { ret = tsip_SignEcdsa(info, ctx); } - #endif /* HAVE_ECC */ + #endif + #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { + ret = tsip_VerifyEcdsa(info, ctx); + } + #endif + #endif /* HAVE_ECC */ } + #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) if (info->algo_type == WC_ALGO_TYPE_CIPHER) { - - #if !defined(NO_AES) || !defined(NO_DES3) + #if !defined(NO_AES) #ifdef HAVE_AESGCM if (info->cipher.type == WC_CIPHER_AES_GCM) { @@ -347,20 +354,19 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } } #endif /* HAVE_AES_CBC */ - #endif /* !NO_AES || !NO_DES3 */ + #endif /* !NO_AES */ } - #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) - else if (info->algo_type == WC_ALGO_TYPE_PK) { - #if !defined(NO_RSA) - #if defined(WOLFSSL_KEY_GEN) +#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + else if (info->algo_type == WC_ALGO_TYPE_PK) { + #if defined(WOLFSSL_KEY_GEN) if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && (info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) { ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size, (void*)ctx); } - #endif + #endif if (info->pk.type == WC_PK_TYPE_RSA) { /* to perform RSA on SCE, wrapped keys should be installed * in advance. SCE supports 1024 or 2048 bits key size. @@ -411,9 +417,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) "RSA operation falls through to SW operation."); } } - #endif /* NO_RSA && WOLFSSL_RENESAS_FSPSM_CRYPTONLY */ } - #endif /* NO_RSA */ + #endif /* !NO_RSA */ #endif /* TSIP or SCE */ (void)devIdArg; @@ -429,7 +434,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) * session_key_generated : if session key has been generated * return 1 for usable, 0 for unusable */ -int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated) +int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated) { int ret = 0; @@ -467,13 +472,13 @@ WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId) * device Id starts from 7890, and increases + 1 its number * when the method is successfully called. */ -int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) +int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx) { (void)ssl; (void)ctx; - #if defined(WOLFSSL_RENESAS_TSIP_TLS) \ - || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + #if defined(WOLFSSL_RENESAS_TSIP_TLS) || \ + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) @@ -481,13 +486,12 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx) #endif if (cbInfo == NULL - #if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) &&\ + #if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \ !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ - !defined(HAVE_RENESAS_SYNC) - || ssl == NULL) { - #else - ) { + !defined(HAVE_RENESAS_SYNC) + || ssl == NULL #endif + ) { printf("Invalid devId\n"); return INVALID_DEVID; } @@ -537,8 +541,8 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id) } #endif /* WOLF_CRYPTO_CB */ -#endif /* WOLFSSL_RENESAS_FSPSM_TLS|| WOLFSSL_RENESAS_FSPSM_CRYPTONLY - WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */ +#endif /* WOLFSSL_RENESAS_FSPSM_TLS || WOLFSSL_RENESAS_FSPSM_CRYPTONLY + WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */ #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS) diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c index c4e5883a53..5470431ab6 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c @@ -40,7 +40,7 @@ #include #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY -/* Make Rsa key for TSIP and set it to callback ctx +/* Make RSA key for TSIP and set it to callback ctx * Assumes to be called by Crypt Callback * * size desired keylenth, in bits. supports 1024 or 2048 bits @@ -59,6 +59,11 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) if (ctx == NULL) return BAD_FUNC_ARG; + if (size != 1024 && size != 2048) { + WOLFSSL_MSG("Failed to generate key pair by TSIP"); + return CRYPTOCB_UNAVAILABLE; + } + if ((ret = tsip_hw_lock()) == 0) { if (size == 1024) { tsip_pair1024_key = @@ -80,8 +85,6 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key); } - else - return CRYPTOCB_UNAVAILABLE; if (ret == TSIP_SUCCESS) { if (size == 1024) { @@ -90,8 +93,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) DYNAMIC_TYPE_RSA_BUFFER); } if (info->rsa1024pub_keyIdx != NULL) { - XFREE(info->rsa1024pub_keyIdx, NULL, - DYNAMIC_TYPE_RSA_BUFFER); + XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); } info->rsa1024pri_keyIdx = (tsip_rsa1024_private_key_index_t*)XMALLOC( @@ -99,7 +101,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) DYNAMIC_TYPE_RSA_BUFFER); if (info->rsa1024pri_keyIdx == NULL) { - XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); return MEMORY_E; } @@ -109,9 +111,8 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) DYNAMIC_TYPE_RSA_BUFFER); if (info->rsa1024pub_keyIdx == NULL) { - XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); - XFREE(info->rsa1024pri_keyIdx, 0, - DYNAMIC_TYPE_RSA_BUFFER); + XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); return MEMORY_E; } /* copy generated key pair and free malloced key */ @@ -121,7 +122,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) XMEMCPY(info->rsa1024pub_keyIdx, &tsip_pair1024_key->public, sizeof(tsip_rsa1024_public_key_index_t)); - XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); info->keyflgs_crypt.bits.rsapri1024_key_set = 1; info->keyflgs_crypt.bits.rsapub1024_key_set = 1; @@ -141,7 +142,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) DYNAMIC_TYPE_RSA_BUFFER); if (info->rsa2048pri_keyIdx == NULL) { - XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); return MEMORY_E; } @@ -151,11 +152,12 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) DYNAMIC_TYPE_RSA_BUFFER); if (info->rsa2048pub_keyIdx == NULL) { - XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); - XFREE(info->rsa2048pri_keyIdx, 0, + XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); return MEMORY_E; } + /* copy generated key pair and free malloced key */ XMEMCPY(info->rsa2048pri_keyIdx, &tsip_pair2048_key->private, @@ -163,21 +165,17 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) XMEMCPY(info->rsa2048pub_keyIdx, &tsip_pair2048_key->public, sizeof(tsip_rsa2048_public_key_index_t)); - XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); info->keyflgs_crypt.bits.rsapri2048_key_set = 1; info->keyflgs_crypt.bits.rsapub2048_key_set = 1; - } } - else { - WOLFSSL_MSG("Failed to generate key pair by TSIP"); - return CRYPTOCB_UNAVAILABLE; - } tsip_hw_unlock(); } + return 0; } @@ -199,10 +197,8 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; tsip_rsa_byte_data_t hashData, sigData; - uint8_t tsip_hash_type; - /* sanity check */ if (info == NULL || tuc == NULL){ return BAD_FUNC_ARG; @@ -221,8 +217,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) switch (tuc->wrappedKeyType) { case TSIP_KEY_TYPE_RSA1024: - if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) - { + if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) { ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); WOLFSSL_MSG("tsip rsa private key 1024 not set"); @@ -232,11 +227,10 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) } break; case TSIP_KEY_TYPE_RSA2048: - if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) - { + if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) { ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); - WOLFSSL_MSG("tsip rsa private key 1024 not set"); + WOLFSSL_MSG("tsip rsa private key 2048 not set"); if (ret != 0) ret = CRYPTOCB_UNAVAILABLE; } diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index f2658ab56d..ada6d88b6e 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -194,8 +194,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc, WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt"); - if (uc == NULL - || keyBuf == NULL || keyBufLen == 0) { + if (uc == NULL || keyBuf == NULL || keyBufLen == 0) { ret = BAD_FUNC_ARG; } @@ -1685,7 +1684,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) } } else { - if (!tuc->ClientEccP256PrivKey_set) { + if (!tuc->ClientEccPrivKey_set) { ret = NO_PRIVATE_KEY; } } @@ -1726,7 +1725,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) } else { err = R_TSIP_Tls13CertificateVerifyGenerate( - (uint32_t*)&(tuc->EcdsaP256PrivateKeyIdx), + (uint32_t*)&(tuc->EcdsaPrivateKeyIdx), TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256, hash, message + HANDSHAKE_HEADER_SZ, @@ -1762,7 +1761,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) } else { #if defined(WOLFSSL_CHECK_SIG_FAULTS) - if (!tuc->ClientEccP256PubKey_set) { + if (!tuc->ClientEccPubKey_set) { ret = NO_PRIVATE_KEY; } #endif /* WOLFSSL_CHECK_SIG_FAULTS */ @@ -1831,7 +1830,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl) err = R_TSIP_EcdsaP256SignatureVerification( &ecdsa_sig, &ecdsa_hash, - &tuc->EcdsaP256PublicKeyIdx); + &tuc->EcdsaPublicKeyIdx); WOLFSSL_MSG("Perform self-verify for ecc signature"); #endif /* WOLFSSL_CHECK_SIG_FAULTS */ } @@ -2018,7 +2017,7 @@ static int tsip_ServerKeyExVerify( WOLFSSL_MSG("Failed to lock tsip hw"); } - XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(peerkey, NULL, DYNAMIC_TYPE_TMP_BUFFER); WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret); return ret; @@ -2091,7 +2090,7 @@ int wc_tsip_EccVerify( return CRYPTOCB_UNAVAILABLE; } - /* concatenate r and s parts of the signature so that TSIP can handle it*/ + /* concatenate r and s parts of the signature so that TSIP can handle it */ /* r */ if (sig[offset] == 0x20) { XMEMCPY(sigforSCE, &sig[offset+1], rs_size); @@ -2292,8 +2291,10 @@ static byte _tls2tsipdef(byte cipher) * The target key should be set with tsip_use_PrivateKey_buffer in advance. * Acceptable key types are: * TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key - * TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now) + * TSIP_KEY_TYPE_RSA3072 rsa 3072 bit key + * TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key + * TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key */ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType) { @@ -2349,12 +2350,12 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType) #if defined(HAVE_ECC) case TSIP_KEY_TYPE_ECDSAP256: - tuc->ClientEccP256PrivKey_set = 0; + tuc->ClientEccPrivKey_set = 0; err = R_TSIP_GenerateEccP256PrivateKeyIndex( provisioning_key, iv, (uint8_t*)encPrivKey, - &(tuc->EcdsaP256PrivateKeyIdx)); + &(tuc->EcdsaPrivateKeyIdx)); if (err == TSIP_SUCCESS) { - tuc->ClientEccP256PrivKey_set = 1; + tuc->ClientEccPrivKey_set = 1; } else { ret = WC_HW_E; @@ -2382,8 +2383,10 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType) * The target key should be set with tsip_use_PublicKey_buffer in advance. * Acceptable key types are: * TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key - * TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now) + * TSIP_KEY_TYPE_RSA3072 rsa 3072 bit key + * TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key * TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key + * TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key */ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) { @@ -2414,7 +2417,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) } if ((ret = tsip_hw_lock()) == 0) { - switch(keyType) { + switch (keyType) { #if !defined(NO_RSA) case TSIP_KEY_TYPE_RSA2048: @@ -2425,11 +2428,11 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); } - + tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0; tuc->rsa2048pub_keyIdx = - (tsip_rsa2048_public_key_index_t*)XMALLOC( - sizeof(tsip_rsa2048_public_key_index_t), NULL, - DYNAMIC_TYPE_RSA_BUFFER); + (tsip_rsa2048_public_key_index_t*)XMALLOC( + sizeof(tsip_rsa2048_public_key_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); if (tuc->rsa2048pub_keyIdx == NULL) { return MEMORY_E; } @@ -2453,25 +2456,47 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType) ret = WC_HW_E; } break; - #endif - #if !defined(NO_RSA) case TSIP_KEY_TYPE_RSA4096: /* not supported as of TSIPv1.15 */ ret = CRYPTOCB_UNAVAILABLE; break; - #endif + #endif /* !NO_RSA */ - #if defined(HAVE_ECC) && \ - defined(WOLFSSL_RENESAS_TSIP_TLS) + #if defined(HAVE_ECC) case TSIP_KEY_TYPE_ECDSAP256: - - tuc->ClientEccP256PubKey_set = 0; - err = R_TSIP_GenerateEccP256PublicKeyIndex( + case TSIP_KEY_TYPE_ECDSAP384: + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + tuc->ClientEccPubKey_set = 0; + #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + tuc->keyflgs_crypt.bits.eccpub_key_set = 0; + #endif + if (keyType == TSIP_KEY_TYPE_ECDSAP256) { + err = R_TSIP_GenerateEccP256PublicKeyIndex( + provisioning_key, iv, (uint8_t*)encPubKey, + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + &(tuc->EcdsaPublicKeyIdx) + #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + &tuc->eccpub_keyIdx + #endif + ); + } + else if (keyType == TSIP_KEY_TYPE_ECDSAP384) { + err = R_TSIP_GenerateEccP384PublicKeyIndex( provisioning_key, iv, (uint8_t*)encPubKey, - &(tuc->EcdsaP256PublicKeyIdx)); + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + &(tuc->EcdsaPublicKeyIdx) + #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + &tuc->eccpub_keyIdx + #endif + ); + } if (err == TSIP_SUCCESS) { - tuc->ClientEccP256PubKey_set = 1; + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + tuc->ClientEccPubKey_set = 1; + #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + tuc->keyflgs_crypt.bits.eccpub_key_set = 1; + #endif } else { ret = WC_HW_E; @@ -2779,7 +2804,8 @@ void tsip_inform_user_keys_ex( word32 encrypted_user_tls_key_type) { WOLFSSL_ENTER("tsip_inform_user_keys_ex"); - ForceZero(&g_user_key_info, sizeof(g_user_key_info)); + + XMEMSET(&g_user_key_info, 0, sizeof(g_user_key_info)); g_user_key_info.encrypted_provisioning_key = NULL; g_user_key_info.iv = NULL; @@ -3637,7 +3663,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType); } - if (ret == 0) { if (ssl->options.hashAlgo == md5_mac) tsip_hash_type = R_TSIP_RSA_HASH_MD5; @@ -3664,15 +3689,13 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) switch (tuc->wrappedKeyType) { case TSIP_KEY_TYPE_RSA1024: - if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) - { - WOLFSSL_MSG("tsip rsa private key 2048 not set"); + if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) { + WOLFSSL_MSG("tsip rsa private key 1024 not set"); ret = CRYPTOCB_UNAVAILABLE; } break; case TSIP_KEY_TYPE_RSA2048: - if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) - { + if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) { WOLFSSL_MSG("tsip rsa private key 2048 not set"); ret = CRYPTOCB_UNAVAILABLE; } @@ -3682,7 +3705,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) ret = CRYPTOCB_UNAVAILABLE; break; } - #endif if (ret == 0) { @@ -3849,7 +3871,8 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( } #endif /* !NO_RSA && TSIP_TLS */ -#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS) +#if defined(HAVE_ECC) +#if defined(WOLFSSL_RENESAS_TSIP_TLS) /* Perform signing with the client's ECC private key on hash value of messages * exchanged with server. * @@ -3869,7 +3892,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) { int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; - tsip_rsa_byte_data_t hashData, sigData; + tsip_ecdsa_byte_data_t hashData, sigData; byte offsetForWork; byte* out = NULL; byte* sig = NULL; @@ -3908,7 +3931,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) if ((ret = tsip_hw_lock()) == 0) { switch (tuc->wrappedKeyType) { - #if defined(HAVE_ECC) + #if !defined(NO_ECC256) case TSIP_KEY_TYPE_ECDSAP256: offsetForWork = R_TSIP_ECDSA_DATA_BYTE_SIZE + 32; if (*(info->pk.eccsign.outlen) < @@ -3921,7 +3944,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) offsetForWork; err = R_TSIP_EcdsaP256SignatureGenerate( &hashData, &sigData, - &tuc->EcdsaP256PrivateKeyIdx); + &tuc->EcdsaPrivateKeyIdx); if (err != TSIP_SUCCESS) { ret = WC_HW_E; break; @@ -3959,24 +3982,88 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) break; #endif - #if defined(HAVE_ECC192) - case TSIP_KEY_TYPE_ECDSAP192: + #if defined(HAVE_ECC384) + case TSIP_KEY_TYPE_ECDSAP384: ret = CRYPTOCB_UNAVAILABLE; break; #endif - #if defined(HAVE_ECC224) - case TSIP_KEY_TYPE_ECDSAP224: + + default: + WOLFSSL_MSG("wrapped private key is not supported"); ret = CRYPTOCB_UNAVAILABLE; break; + } + tsip_hw_unlock(); + } + else { + WOLFSSL_MSG("mutex locking error"); + } + } + WOLFSSL_LEAVE("tsip_SignEcdsa", ret); + return ret; +} +#endif /* WOLFSSL_RENESAS_TSIP_TLS */ + +#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) +/* Perform verify with the wrapped public key, provided hash and signature r+s + * + * parameters + * info->pk.eccverify.in : the buffer holding hash value of messages + * info->pk.eccverify.inlen : hash data size + * info->pk.eccverify.out : the buffer where the signature data is output to + * info->pk.eccverify.outlen: the length of the buffer pk.eccsign.out + * tuc: the pointer to the TsipUserCtx structure + * returns + * 0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified. + */ +WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) +{ + int ret = 0; + e_tsip_err_t err = TSIP_SUCCESS; + tsip_ecdsa_byte_data_t hashData, sigData; + + WOLFSSL_ENTER("tsip_VerifyEcdsa"); + + if (info == NULL || tuc == NULL) { + ret = CRYPTOCB_UNAVAILABLE; + } + + if (ret == 0) { + /* import public key_index from wrapped key */ + ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); + } + + if (ret == 0) { + hashData.pdata = (uint8_t*)info->pk.eccverify.hash; + hashData.data_length = info->pk.eccverify.hashlen; + hashData.data_type = tuc->keyflgs_crypt.bits.message_type; + sigData.pdata = (uint8_t*)info->pk.eccverify.sig; + sigData.data_length = info->pk.eccverify.siglen; + + if ((ret = tsip_hw_lock()) == 0) { + switch (tuc->wrappedKeyType) { + #if !defined(NO_ECC256) + case TSIP_KEY_TYPE_ECDSAP256: + err = R_TSIP_EcdsaP256SignatureVerification(&sigData, + &hashData, &tuc->eccpub_keyIdx); + if (err != TSIP_SUCCESS) { + ret = WC_HW_E; + } + break; #endif + #if defined(HAVE_ECC384) case TSIP_KEY_TYPE_ECDSAP384: - ret = CRYPTOCB_UNAVAILABLE; + err = R_TSIP_EcdsaP384SignatureVerification(&sigData, + &hashData, &tuc->eccpub_keyIdx); + if (err != TSIP_SUCCESS) { + ret = WC_HW_E; + } break; #endif default: - WOLFSSL_MSG("wrapped private key is not supported"); + WOLFSSL_MSG("ECDSA public key size not available"); ret = CRYPTOCB_UNAVAILABLE; break; } @@ -3986,10 +4073,11 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) WOLFSSL_MSG("mutex locking error"); } } - WOLFSSL_LEAVE("tsip_SignEcdsa", ret); + WOLFSSL_LEAVE("tsip_VerifyEcdsa", ret); return ret; } -#endif /* HAVE_ECC && TSIP_TLS */ +#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ +#endif /* HAVE_ECC */ #ifdef WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index 0524e97fd5..50f54473ba 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -36,8 +36,16 @@ #endif +#include +#include #include +#include +#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY #include +#endif +#ifdef WOLF_CRYPTO_CB +#include +#endif #ifdef __cplusplus extern "C" { @@ -87,16 +95,19 @@ enum { }; typedef enum { - TSIP_KEY_TYPE_RSA2048 = 0, - TSIP_KEY_TYPE_RSA4096 = 1, - TSIP_KEY_TYPE_ECDSAP256 = 2, #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY - TSIP_KEY_TYPE_RSA1024 = 3, + TSIP_KEY_TYPE_RSA1024 = 1, /* TSIP_RSA1024 */ #endif - + TSIP_KEY_TYPE_RSA2048 = 2, /* TSIP_RSA2048 */ + TSIP_KEY_TYPE_RSA3072 = 3, /* TSIP_RSA3072 */ + TSIP_KEY_TYPE_RSA4096 = 4, /* TSIP_RSA4096 */ + TSIP_KEY_TYPE_ECDSAP256 = 5, /* TSIP_ECCP256 */ + TSIP_KEY_TYPE_ECDSAP384 = 6, /* TSIP_ECCP384 */ } wolfssl_TSIP_KEY_TYPE; + struct WOLFSSL; +struct ecc_key; struct KeyShareEntry; /* MsgBag stands for message bag and acts as a buffer for holding plain text @@ -121,26 +132,33 @@ typedef struct MsgBag } MsgBag; #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY - - typedef void* renesas_tsip_key; - - /* flags Crypt Only */ - struct tsip_keyflgs_cryt { - uint8_t aes256_key_set:1; - uint8_t aes128_key_set:1; - uint8_t rsapri2048_key_set:1; - uint8_t rsapub2048_key_set:1; - uint8_t rsapri1024_key_set:1; - uint8_t rsapub1024_key_set:1; - uint8_t message_type:1;/*message 0, hashed 1*/ - }; +/* flags Crypt Only */ +struct tsip_keyflgs_cryt { + uint32_t aes256_key_set:1; + uint32_t aes128_key_set:1; + uint32_t rsapri2048_key_set:1; + uint32_t rsapub2048_key_set:1; + uint32_t rsapri1024_key_set:1; + uint32_t rsapub1024_key_set:1; + uint32_t eccpri_key_set:1; + uint32_t eccpub_key_set:1; + uint32_t message_type:1; /*message 0, hashed 1*/ +}; #endif + /* * TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format. */ typedef struct TsipUserCtx { /* unique number for each session */ int devId; + + /* client key pair wrapped by provisioning key */ + byte* wrappedPrivateKey; + byte* wrappedPublicKey; + + int wrappedKeyType; + #ifdef WOLFSSL_RENESAS_TSIP_TLS /* 0:working as a TLS client, 1: as a server */ byte side; @@ -159,24 +177,17 @@ typedef struct TsipUserCtx { /* handle is used as work area for Tls13 handshake */ tsip_tls13_handle_t handle13; -#endif /* WOLFSSL_RENESAS_TSIP_TLS */ - /* client key pair wrapped by provisioning key */ - byte* wrappedPrivateKey; - byte* wrappedPublicKey; - int wrappedKeyType; -#ifdef WOLFSSL_RENESAS_TSIP_TLS - #if !defined(NO_RSA) +#if !defined(NO_RSA) /* RSA-2048bit private and public key-index for client authentication */ tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx; tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx; - #endif /* !NO_RSA */ - - #if defined(HAVE_ECC) - /* ECC P256 private and public key-index for client authentication */ - tsip_ecc_private_key_index_t EcdsaP256PrivateKeyIdx; - tsip_ecc_public_key_index_t EcdsaP256PublicKeyIdx; - #endif /* HAVE_ECC */ +#endif /* !NO_RSA */ +#if defined(HAVE_ECC) + /* ECC private and public key-index for client authentication */ + tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx; + tsip_ecc_public_key_index_t EcdsaPublicKeyIdx; +#endif /* HAVE_ECC */ /* ECDHE private key index for Tls13 handshake */ tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx; @@ -226,7 +237,6 @@ typedef struct TsipUserCtx { /* signature data area for TLS1.3 CertificateVerify message */ byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ]; - #if (WOLFSSL_RENESAS_TSIP_VER >=109) /* out from R_SCE_TLS_ServerKeyExchangeVerify */ uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ]; @@ -248,27 +258,7 @@ typedef struct TsipUserCtx { uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4]; uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ]; uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ]; -#endif /* WOLFSSL_RENESAS_TSIP_TLS */ -/* for tsip crypt only mode */ -#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY - - renesas_tsip_key rsa1024pri_keyIdx; - renesas_tsip_key rsa1024pub_keyIdx; - renesas_tsip_key rsa2048pri_keyIdx; - renesas_tsip_key rsa2048pub_keyIdx; - /* sign/verify hash type : - * md5, sha1 or sha256 - */ - int sign_hash_type; - - /* flags shows status if tsip keys are installed */ - union { - uint8_t chr; - struct tsip_keyflgs_cryt bits; - } keyflgs_crypt; - -#endif /* installed key handling */ tsip_aes_key_index_t user_aes256_key_index; uint8_t user_aes256_key_set:1; @@ -279,16 +269,14 @@ typedef struct TsipUserCtx { uint32_t tsip_cipher; /* flags */ -#ifdef WOLFSSL_RENESAS_TSIP_TLS - #if !defined(NO_RSA) +#if !defined(NO_RSA) uint8_t ClientRsa2048PrivKey_set:1; uint8_t ClientRsa2048PubKey_set:1; - #endif - - #if defined(HAVE_ECC) - uint8_t ClientEccP256PrivKey_set:1; - uint8_t ClientEccP256PubKey_set:1; - #endif +#endif +#if defined(HAVE_ECC) + uint8_t ClientEccPrivKey_set:1; + uint8_t ClientEccPubKey_set:1; +#endif uint8_t HmacInitialized:1; uint8_t RootCAverified:1; @@ -308,6 +296,35 @@ typedef struct TsipUserCtx { uint8_t session_key_set:1; #endif /* WOLFSSL_RENESAS_TSIP_TLS */ +/* for tsip crypt only mode */ +#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY + union { + #ifndef NO_RSA + tsip_rsa1024_private_key_index_t rsa1024pri_keyIdx; + tsip_rsa1024_public_key_index_t rsa1024pub_keyIdx; + tsip_rsa2048_private_key_index_t rsa2048pri_keyIdx; + tsip_rsa2048_public_key_index_t rsa2048pub_keyIdx; + #endif + #ifdef HAVE_ECC + #ifdef HAVE_ECC_SIGN + tsip_ecc_private_key_index_t eccpri_keyIdx; + #endif + tsip_ecc_public_key_index_t eccpub_keyIdx; + #endif + }; + + /* sign/verify hash type : + * md5, sha1 or sha256 + */ + int sign_hash_type; + + /* flags shows status if tsip keys are installed */ + union { + uint32_t chr; + struct tsip_keyflgs_cryt bits; + } keyflgs_crypt; +#endif + } TsipUserCtx; typedef TsipUserCtx RenesasUserCtx; @@ -401,8 +418,7 @@ WOLFSSL_API void tsip_inform_user_keys( /*----------------------------------------------------*/ /* internal use functions */ /*----------------------------------------------------*/ -WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc); - +#ifdef HAVE_PK_CALLBACKS WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( WOLFSSL* ssl, unsigned char* sig, unsigned int sigSz, @@ -410,13 +426,21 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc); - +#endif #ifdef WOLF_CRYPTO_CB - struct wc_CryptoInfo; +WOLFSSL_LOCAL int tsip_SignRsaPkcs(struct wc_CryptoInfo* info, + TsipUserCtx* tuc); + +WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info, + TsipUserCtx* tuc); + +WOLFSSL_LOCAL int tsip_SignEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc); + +WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc); + WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl); WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data, @@ -505,23 +529,23 @@ WOLFSSL_LOCAL int wc_tsip_generateMasterSecret( WOLFSSL_LOCAL int wc_tsip_storeKeyCtx( - WOLFSSL *ssl, + struct WOLFSSL *ssl, TsipUserCtx *userCtx); WOLFSSL_LOCAL int wc_tsip_generateEncryptPreMasterSecret( - WOLFSSL* ssl, + struct WOLFSSL* ssl, byte* out, word32* outSz); WOLFSSL_LOCAL int wc_tsip_EccSharedSecret( - WOLFSSL* ssl, + struct WOLFSSL* ssl, struct ecc_key* otherKey, unsigned char* pubKeyDer, unsigned int* pubKeySz, unsigned char* out, unsigned int* outlen, int side, void* ctx); WOLFSSL_LOCAL int wc_tsip_RsaVerify( - WOLFSSL* ssl, + struct WOLFSSL* ssl, byte* sig, word32 sigSz, byte** out, @@ -530,7 +554,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerify( void* ctx); WOLFSSL_LOCAL int wc_tsip_EccVerify( - WOLFSSL* ssl, + struct WOLFSSL* ssl, const byte* sig, word32 sigSz, const byte* hash, word32 hashSz, const byte* key, word32 keySz, @@ -571,14 +595,14 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt( void* ctx); #endif /* NO_AES */ WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify( - const WOLFSSL *ssl, + const struct WOLFSSL *ssl, const byte* message, word32 messageSz, word32 macSz, word32 content); WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate( - const WOLFSSL *ssl, + const struct WOLFSSL *ssl, const byte* myInner, word32 innerSz, const byte* in, @@ -586,7 +610,7 @@ WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate( byte* digest); WOLFSSL_LOCAL int wc_tsip_Sha256HmacGenerate( - const WOLFSSL *ssl, + const struct WOLFSSL *ssl, const byte* myInner, word32 innerSz, const byte* in, @@ -601,7 +625,7 @@ WOLFSSL_LOCAL int tsip_hw_lock(); WOLFSSL_LOCAL void tsip_hw_unlock( void ); -WOLFSSL_LOCAL int tsip_usable(const WOLFSSL *ssl, +WOLFSSL_LOCAL int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated); WOLFSSL_LOCAL void tsip_inform_sflash_signedcacert( @@ -631,13 +655,11 @@ WOLFSSL_LOCAL int wc_tsip_generatePremasterSecret( word32 preSz); WOLFSSL_LOCAL int wc_tsip_generateSessionKey( - WOLFSSL* ssl, + struct WOLFSSL* ssl, TsipUserCtx* ctx, int devId); WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx); -WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, - TsipUserCtx* tuc); WOLFSSL_LOCAL int wc_tsip_GenerateRandBlock(byte* output, word32 size); diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h index 6efcb4a4a9..fd15c02af4 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h @@ -82,7 +82,7 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side, WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx); #endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ -int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx); +int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx); void wc_CryptoCb_CleanupRenesasCmn(int* id); #endif /* __RENESAS_CMN_H__ */ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h index e513fcd768..ddc49d9550 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h @@ -25,6 +25,7 @@ #include +#include #if (!defined(NO_SHA) || !defined(NO_SHA256)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) @@ -59,11 +60,12 @@ typedef wolfssl_TSIP_Hash wc_Sha256; typedef enum { - TSIP_RSA2048, - TSIP_RSA3072, - TSIP_RSA4096, - TSIP_ECCP256, - TSIP_ECCP384, + TSIP_RSA1024 = 1, + TSIP_RSA2048 = 2, + TSIP_RSA3072 = 3, + TSIP_RSA4096 = 4, + TSIP_ECCP256 = 5, + TSIP_ECCP384 = 6, } TSIP_KEY_TYPE; From 7ad024855815a287ecaec3fb3301dd6044b7ff17 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 1 Jul 2024 13:43:26 -0700 Subject: [PATCH 04/12] Fix for RX TSIP ECDSA Verify hash padding/truncation. Fix to set ECDSA crypto callback "res" on success. --- wolfcrypt/src/port/Renesas/renesas_common.c | 10 ++--- .../src/port/Renesas/renesas_tsip_util.c | 45 +++++++++++++++---- 2 files changed, 42 insertions(+), 13 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index f6f00357cf..ff5947a9a5 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -257,12 +257,12 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) * Can handle only RSA PkCS#1v1.5 padding scheme here. */ if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) { - ret = tsip_SignRsaPkcs(info, ctx); + ret = tsip_SignRsaPkcs(info, cbInfo); } #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) /* RSA Verify */ if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) { - ret = wc_tsip_RsaVerifyPkcs(info, ctx); + ret = wc_tsip_RsaVerifyPkcs(info, cbInfo); } #endif #endif /* !NO_RSA */ @@ -270,12 +270,12 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #if defined(HAVE_ECC) #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { - ret = tsip_SignEcdsa(info, ctx); + ret = tsip_SignEcdsa(info, cbInfo); } #endif #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { - ret = tsip_VerifyEcdsa(info, ctx); + ret = tsip_VerifyEcdsa(info, cbInfo); } #endif #endif /* HAVE_ECC */ @@ -814,7 +814,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx) WOLFSSL_ENTER("Renesas_cmn_generateSessionKey"); if (Renesas_cmn_usable(ssl, 0)) { #if defined(WOLFSSL_RENESAS_TSIP_TLS) - ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, cbInfo->devId); + ret = wc_tsip_generateSessionKey(ssl, cbInfo, cbInfo->devId); #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId); #endif diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index ada6d88b6e..fdeb696016 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -4005,7 +4005,17 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) #endif /* WOLFSSL_RENESAS_TSIP_TLS */ #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) -/* Perform verify with the wrapped public key, provided hash and signature r+s +/* zero pad or truncate hash */ +static int tsip_HashPad(int curveSz, uint8_t* hash, + const uint8_t* hashIn, int hashSz) +{ + if (hashSz > curveSz) + hashSz = curveSz; + XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz); + return curveSz; +} + +/* Perform verify with the wrapped public key, provided hash and signature r+s * * parameters * info->pk.eccverify.in : the buffer holding hash value of messages @@ -4021,6 +4031,9 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) int ret = 0; e_tsip_err_t err = TSIP_SUCCESS; tsip_ecdsa_byte_data_t hashData, sigData; + /* hard coding largest digest size, since WC_MAX_DIGEST_SZ could be 32 + * if using SHA2-256 with ECDSA SECP384R1 */ + uint8_t hash[48]; WOLFSSL_ENTER("tsip_VerifyEcdsa"); @@ -4028,14 +4041,15 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) ret = CRYPTOCB_UNAVAILABLE; } + XMEMSET(hash, 0, sizeof(hash)); + if (ret == 0) { /* import public key_index from wrapped key */ ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType); } if (ret == 0) { - hashData.pdata = (uint8_t*)info->pk.eccverify.hash; - hashData.data_length = info->pk.eccverify.hashlen; + hashData.pdata = (uint8_t*)hash; hashData.data_type = tuc->keyflgs_crypt.bits.message_type; sigData.pdata = (uint8_t*)info->pk.eccverify.sig; sigData.data_length = info->pk.eccverify.siglen; @@ -4044,23 +4058,38 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) switch (tuc->wrappedKeyType) { #if !defined(NO_ECC256) case TSIP_KEY_TYPE_ECDSAP256: + /* zero pad or truncate */ + hashData.data_length = tsip_HashPad(32, hash, + info->pk.eccverify.hash, info->pk.eccverify.hashlen); + err = R_TSIP_EcdsaP256SignatureVerification(&sigData, &hashData, &tuc->eccpub_keyIdx); - if (err != TSIP_SUCCESS) { + if (err == TSIP_SUCCESS) { + *info->pk.eccverify.res = 1; /* success */ + } + else { ret = WC_HW_E; } break; - #endif + break; + #endif - #if defined(HAVE_ECC384) + #if defined(HAVE_ECC384) case TSIP_KEY_TYPE_ECDSAP384: + /* zero pad or truncate */ + hashData.data_length = tsip_HashPad(48, hash, + info->pk.eccverify.hash, info->pk.eccverify.hashlen); + err = R_TSIP_EcdsaP384SignatureVerification(&sigData, &hashData, &tuc->eccpub_keyIdx); - if (err != TSIP_SUCCESS) { + if (err == TSIP_SUCCESS) { + *info->pk.eccverify.res = 1; /* success */ + } + else { ret = WC_HW_E; } break; - #endif + #endif default: WOLFSSL_MSG("ECDSA public key size not available"); From 4ae277d21ef84045f28e23dde6fbe861c7383f43 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 5 Jul 2024 07:44:00 -0700 Subject: [PATCH 05/12] Fixes for building RX TSIP with e2Studio project. Fixed tsip_Tls13GenEccKeyPair incorrect free of key if TSIP not used (ZD18222). --- .../EnvisionKit/Simple/common/wolfssl_dummy.c | 4 +- .../RX72N/EnvisionKit/wolfssl_demo/key_data.c | 248 +++++++++--------- .../EnvisionKit/wolfssl_demo/user_settings.h | 3 +- .../src/port/Renesas/renesas_tsip_util.c | 10 +- .../port/Renesas/renesas-tsip-crypt.h | 40 ++- wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h | 5 +- 6 files changed, 159 insertions(+), 151 deletions(-) diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c index 2c48ed510c..02d3e191e4 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c @@ -21,8 +21,8 @@ #include -#define YEAR 2023 -#define MON 5 +#define YEAR 2024 +#define MON 7 static int tick = 0; diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c index fe3aaaaf01..d74c4a08be 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c @@ -31,43 +31,43 @@ const st_key_block_data_t g_key_block_data = { /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */ { - 0xDF, 0x78, 0x49, 0x28, 0xA9, 0x4C, 0x36, 0xD6, 0xC9, 0x89, 0x98, 0xDF, - 0xFF, 0xB1, 0xCB, 0xBC, 0x9F, 0xF4, 0x34, 0xCD, 0x81, 0x53, 0x67, 0xB3, - 0xFC, 0x85, 0xC6, 0x0B, 0xA2, 0xC8, 0xF4, 0x83 + 0x68, 0x03, 0xA1, 0x95, 0x3B, 0x93, 0x12, 0xCC, 0x86, 0x5A, 0x3E, 0x24, + 0xF7, 0xDD, 0x22, 0x31, 0xEC, 0xAB, 0x42, 0x8B, 0x90, 0xC2, 0x8E, 0xDF, + 0x56, 0xB3, 0xAE, 0x3A, 0x99, 0x05, 0x34, 0xCD }, /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */ { - 0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, - 0x34, 0xB2, 0x4D, 0x92 + 0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23, + 0x45, 0x67, 0x89, 0x01 }, - /* uint8_t + /* uint8_t * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]; */ { - 0xC8, 0x12, 0x94, 0x44, 0x43, 0x35, 0x82, 0x09, 0xF2, 0x54, 0x69, 0xB6, - 0x9B, 0x8E, 0x6F, 0x92, 0xE3, 0x3A, 0xB2, 0x55, 0x63, 0x8D, 0xDB, 0x47, - 0x75, 0x8D, 0x9D, 0x56, 0xD7, 0x7F, 0x42, 0x3A, 0x04, 0x4C, 0xAA, 0xF1, - 0x94, 0x9C, 0x8C, 0x97, 0xAF, 0x5C, 0xBA, 0x0E, 0xBD, 0x8A, 0xE3, 0x67, - 0x3E, 0xF8, 0x4C, 0x8E, 0xB7, 0x71, 0xB0, 0xCE, 0x09, 0x3C, 0xEC, 0x9C, - 0xCC, 0x81, 0x9D, 0x37, 0x9E, 0x34, 0x39, 0x6D, 0xF0, 0x7D, 0x1A, 0x4A, - 0xEB, 0xF5, 0x99, 0x91, 0xE1, 0xB0, 0x99, 0x72, 0xB3, 0xF3, 0x2B, 0xE1, - 0x6F, 0x5B, 0xD4, 0xA3, 0xB9, 0x9C, 0xEB, 0x95, 0xC3, 0xB2, 0x8F, 0x5C, - 0x58, 0xD5, 0x0A, 0xAA, 0x02, 0x01, 0xBF, 0xE1, 0xE9, 0x23, 0xFB, 0x03, - 0xCF, 0x54, 0x6D, 0x29, 0xE7, 0x5E, 0x96, 0x51, 0x68, 0x6B, 0xDD, 0x06, - 0x67, 0x5E, 0x84, 0x50, 0x21, 0x50, 0x78, 0x89, 0x80, 0xF8, 0x61, 0x9C, - 0xBE, 0xDA, 0x75, 0x55, 0x1A, 0xE6, 0x3C, 0xA5, 0x1C, 0xE4, 0x5A, 0x5C, - 0x68, 0x7C, 0x48, 0xC7, 0x6A, 0xC9, 0x80, 0x54, 0x31, 0xE7, 0x65, 0x8A, - 0x13, 0xF3, 0x6D, 0x0F, 0xB3, 0x62, 0x8D, 0x1B, 0xEA, 0x71, 0x12, 0x86, - 0x50, 0x98, 0xA3, 0x8E, 0x64, 0x1D, 0x3E, 0xA4, 0x5A, 0x99, 0xB3, 0xBD, - 0x3E, 0x3D, 0xF5, 0x0F, 0x41, 0x09, 0xFB, 0x04, 0x7B, 0x8D, 0xA1, 0xCF, - 0xBA, 0x71, 0x85, 0x86, 0x3C, 0x04, 0xDD, 0x74, 0x8D, 0xE3, 0x3C, 0x8E, - 0x52, 0x3C, 0x05, 0x7A, 0xBE, 0xCC, 0xEA, 0x9D, 0x57, 0x2C, 0x40, 0x05, - 0xEE, 0x49, 0x1D, 0xD2, 0xA3, 0x5A, 0xFA, 0x25, 0x1D, 0x1F, 0xDD, 0xB5, - 0x36, 0x7D, 0x25, 0xD3, 0x34, 0x39, 0xC2, 0x59, 0x57, 0xAD, 0x3C, 0x9D, - 0xC9, 0xBF, 0x09, 0x8D, 0xA0, 0x40, 0x5A, 0x14, 0x7B, 0xCF, 0xFE, 0x05, - 0x3E, 0xF3, 0xD1, 0x7D, 0xBB, 0x33, 0x96, 0x40, 0x79, 0xC2, 0x7B, 0x15, - 0x2E, 0xEE, 0xE3, 0x5B, 0x9C, 0x06, 0x72, 0x95, 0xFF, 0xCB, 0xC9, 0xE4, - 0x96, 0x97, 0x18, 0x0D, 0xE7, 0x78, 0xCD, 0xE9, 0xA7, 0xEA, 0xE9, 0xDF + 0x8F, 0xCE, 0xBA, 0x0C, 0xF6, 0x6F, 0x65, 0x7F, 0xF7, 0xB7, 0x31, 0x11, + 0x20, 0x17, 0x7D, 0x8F, 0x5B, 0xA4, 0x43, 0x4F, 0x0A, 0x7C, 0x64, 0x24, + 0x57, 0x03, 0xEB, 0xBB, 0xDD, 0xF4, 0x60, 0x1E, 0x30, 0x97, 0xB1, 0xC7, + 0xFA, 0xEF, 0x5D, 0x16, 0x93, 0x16, 0xD6, 0x24, 0xA8, 0xC3, 0xCA, 0x7C, + 0xF4, 0x00, 0x77, 0x0E, 0x62, 0xB1, 0x7E, 0x8E, 0x57, 0x19, 0x91, 0xEC, + 0x47, 0xE1, 0x81, 0x6F, 0x79, 0x43, 0x51, 0xB9, 0x0A, 0x3F, 0x6B, 0x38, + 0x9A, 0xB6, 0x2F, 0x97, 0x59, 0xA2, 0x7C, 0x6B, 0xBD, 0x8A, 0xCC, 0x52, + 0x37, 0x2A, 0x22, 0xC9, 0x60, 0xB8, 0x99, 0x17, 0x2D, 0x94, 0x8B, 0x02, + 0x51, 0xAB, 0xD2, 0x09, 0xEE, 0x08, 0x92, 0x19, 0x68, 0x0F, 0xBB, 0xEE, + 0x0F, 0xFF, 0xAF, 0x7F, 0x08, 0x55, 0x81, 0xE6, 0x12, 0x34, 0x12, 0xBD, + 0x2C, 0x8E, 0x8E, 0x9D, 0xC3, 0x34, 0x47, 0xF0, 0xF6, 0x01, 0x24, 0x05, + 0x3D, 0x2E, 0x2E, 0x3E, 0x9C, 0x19, 0x8C, 0x99, 0x19, 0x06, 0x93, 0xD0, + 0x14, 0x78, 0x89, 0x37, 0x2B, 0xA2, 0xD0, 0xBE, 0x67, 0x7C, 0xC6, 0xB3, + 0x61, 0x85, 0xF9, 0x4E, 0xC7, 0x33, 0x00, 0x45, 0x34, 0x1B, 0x3F, 0xD9, + 0xF1, 0xA4, 0x4B, 0x82, 0x34, 0x69, 0xF0, 0xE5, 0x4D, 0xCF, 0xC7, 0xAD, + 0xD9, 0xF7, 0x86, 0x84, 0x1A, 0x5B, 0x7D, 0xBA, 0x7B, 0xC1, 0xF8, 0xB0, + 0xE4, 0xAB, 0xA3, 0x05, 0xE0, 0xF0, 0x14, 0xDE, 0x8D, 0x7A, 0x98, 0xCA, + 0x02, 0xDE, 0x02, 0xB6, 0xCC, 0xE4, 0xF9, 0x84, 0x1A, 0x1D, 0x5E, 0x00, + 0x64, 0x80, 0x4F, 0x65, 0xDE, 0x48, 0x5D, 0x5C, 0x5C, 0x4B, 0x00, 0xD3, + 0x03, 0xF0, 0x77, 0xB2, 0x8F, 0x2A, 0xFE, 0x38, 0x73, 0x2D, 0xFE, 0xDC, + 0x18, 0xE0, 0x9A, 0xAC, 0x1D, 0x09, 0x41, 0x38, 0x99, 0x4C, 0xA6, 0x0E, + 0x0F, 0xB4, 0xC0, 0x59, 0x38, 0x31, 0xC7, 0x69, 0x8A, 0x6A, 0x94, 0x8E, + 0xEE, 0x38, 0x63, 0x2C, 0x4C, 0x0C, 0x65, 0x3F, 0xC6, 0xA2, 0x91, 0x48, + 0x0A, 0xE2, 0x09, 0x50, 0x8F, 0x9E, 0x91, 0xF8, 0xAC, 0x3B, 0xDA, 0xBA }, /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */ { @@ -77,79 +77,79 @@ const st_key_block_data_t g_key_block_data = * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16] */ { - 0xAF, 0x8C, 0x78, 0xE3, 0x6C, 0x9E, 0xC6, 0x76, 0xE5, 0x86, 0x84, 0xBE, - 0xF5, 0x6C, 0xD7, 0x2B, 0x46, 0x24, 0x35, 0x99, 0xA5, 0x64, 0xDD, 0xFA, - 0x35, 0x22, 0x5A, 0xB8, 0x5F, 0xD8, 0x1E, 0xCF, 0xCC, 0x73, 0x10, 0xD6, - 0x13, 0x69, 0x8F, 0x36, 0xA9, 0x8E, 0x09, 0xDF, 0x83, 0x20, 0x85, 0xBE, - 0x81, 0x69, 0x51, 0x75, 0xCB, 0xA5, 0x90, 0x8C, 0xC1, 0x75, 0xBE, 0x0F, - 0x8C, 0xB6, 0xFE, 0x73, 0x03, 0x37, 0x03, 0x41, 0xC0, 0x98, 0xC2, 0xEE, - 0x2D, 0x1B, 0xDA, 0x10, 0x8B, 0xF6, 0xB6, 0x67, 0xE9, 0x29, 0xCD, 0xEC, - 0x4C, 0x4D, 0x84, 0x28, 0x61, 0x3A, 0xF5, 0x6D, 0xEE, 0x78, 0x45, 0xF3, - 0x17, 0xC9, 0x77, 0xAB, 0x56, 0x2C, 0x68, 0xCB, 0x14, 0x9F, 0x5A, 0xE7, - 0x11, 0xC7, 0x13, 0x4B, 0xDC, 0x31, 0x60, 0x77, 0xDA, 0x56, 0x0C, 0x15, - 0xB2, 0xA9, 0x73, 0x4C, 0xD3, 0x46, 0x29, 0x18, 0x1C, 0x8C, 0xFD, 0xCF, - 0xAC, 0x4B, 0x55, 0x30, 0x96, 0xDC, 0xE9, 0xC0, 0x6A, 0x74, 0x68, 0x1D, - 0x6B, 0x25, 0xB0, 0x8F, 0x0C, 0xD7, 0xDD, 0xFC, 0xA8, 0x15, 0x87, 0x3E, - 0xA3, 0x91, 0x46, 0x25, 0x6C, 0x6F, 0xC4, 0xB2, 0xE1, 0xB8, 0x5F, 0xF3, - 0x6A, 0x0D, 0x9C, 0x29, 0x08, 0x6F, 0x5E, 0xFF, 0xA0, 0x81, 0x34, 0xA5, - 0x2B, 0x2B, 0x47, 0xE0, 0x6D, 0x56, 0xD2, 0x52, 0xC7, 0x19, 0x63, 0x72, - 0x84, 0x96, 0x64, 0xA5, 0xF2, 0x92, 0x3C, 0x38, 0x37, 0x9F, 0x6A, 0x2D, - 0x58, 0x33, 0x8C, 0x5C, 0x27, 0x05, 0xCB, 0x4F, 0x62, 0x2F, 0x40, 0xE9, - 0x55, 0x2C, 0x75, 0x4B, 0x02, 0xB3, 0x61, 0xAD, 0x34, 0x14, 0x49, 0x26, - 0x94, 0x45, 0x9B, 0xB8, 0xDB, 0x1F, 0xCE, 0xE9, 0xB1, 0xBF, 0x47, 0xF3, - 0xD4, 0xAD, 0xEB, 0xBC, 0x4F, 0x61, 0xAD, 0x66, 0xAF, 0x10, 0x94, 0x5D, - 0x25, 0x5B, 0x52, 0xF3, 0xBC, 0xCE, 0x10, 0x77, 0x76, 0xE4, 0x5C, 0xCF, - 0xC3, 0xA4, 0xCC, 0x11, 0xD3, 0x1E, 0x02, 0x98, 0x33, 0xA5, 0xF7, 0xD9, - 0x43, 0xAB, 0x45, 0x9A, 0x97, 0x0D, 0x08, 0x03, 0xBD, 0xB2, 0xAB, 0x50 - }, - /* uint8_t + 0x98, 0x56, 0x6B, 0x74, 0x7E, 0x42, 0xEA, 0x98, 0x9E, 0x78, 0x4F, 0x65, + 0xBD, 0x09, 0x1A, 0xD4, 0x1D, 0xFE, 0xEF, 0x0D, 0x5A, 0xFB, 0x5E, 0x83, + 0x9B, 0x0A, 0xFC, 0xBB, 0x4F, 0x25, 0xFA, 0x89, 0x5D, 0x9A, 0x0C, 0x84, + 0xBB, 0xED, 0x6B, 0x87, 0xDA, 0x20, 0x73, 0x6D, 0x1C, 0x5C, 0x81, 0x66, + 0x8A, 0x18, 0xAC, 0x4F, 0xC0, 0x15, 0x5C, 0x93, 0x10, 0x5D, 0xA3, 0xAE, + 0x2B, 0x2B, 0x82, 0xCE, 0x6E, 0x90, 0xC8, 0x48, 0xFB, 0xAC, 0xCC, 0xBE, + 0x70, 0xE7, 0x6C, 0x31, 0x50, 0x55, 0x78, 0xBB, 0x4F, 0xAF, 0xE0, 0x57, + 0x3D, 0x91, 0xCC, 0xB3, 0x80, 0x21, 0xA7, 0x4A, 0xEE, 0x5F, 0x9E, 0xB7, + 0x72, 0x11, 0x90, 0x6D, 0x46, 0x7A, 0xE8, 0xF1, 0xB1, 0xCA, 0xFA, 0x4A, + 0xA1, 0xBA, 0x1B, 0xEA, 0xD5, 0x8E, 0x02, 0xBF, 0x36, 0x65, 0xFC, 0x43, + 0x94, 0x19, 0x49, 0xF3, 0x76, 0xD7, 0x84, 0xE5, 0x48, 0x98, 0xD3, 0x74, + 0x3A, 0xB4, 0x93, 0xB6, 0x54, 0xB2, 0x4E, 0x60, 0x8F, 0x9A, 0xA3, 0x1C, + 0x13, 0x37, 0x90, 0x63, 0x31, 0x9A, 0x44, 0xA1, 0xA6, 0x78, 0x13, 0x61, + 0x6C, 0x3B, 0x7A, 0xB5, 0x49, 0xEF, 0xD7, 0x26, 0x04, 0xA5, 0x27, 0x73, + 0x0E, 0x1D, 0x35, 0x65, 0x4C, 0xD4, 0xC9, 0x43, 0x9F, 0x2B, 0x98, 0x0F, + 0xCA, 0x94, 0x72, 0xE5, 0x41, 0xCC, 0x5F, 0x69, 0xCD, 0x09, 0x27, 0xDF, + 0xDC, 0xA3, 0x33, 0x30, 0xFD, 0x9E, 0x66, 0xAE, 0xDA, 0x95, 0xFC, 0xC1, + 0x73, 0xCA, 0x5E, 0xB4, 0x18, 0xDF, 0xA3, 0xDD, 0xF5, 0x73, 0xA5, 0x9E, + 0x5C, 0x2E, 0x72, 0x85, 0xCE, 0x19, 0xCC, 0xF4, 0x7A, 0x02, 0x79, 0x7B, + 0x1F, 0xDF, 0xBE, 0x77, 0xA4, 0x94, 0x3E, 0x7D, 0x88, 0x2F, 0xF8, 0x2E, + 0xE9, 0x5D, 0x34, 0xEA, 0x57, 0x8F, 0xF9, 0xB1, 0x22, 0xC6, 0x55, 0xEA, + 0x60, 0xF8, 0xFE, 0xD6, 0x95, 0x72, 0x32, 0x39, 0xBC, 0x54, 0x7C, 0xC4, + 0x37, 0xD3, 0x82, 0x8B, 0xBF, 0x52, 0x6F, 0x5B, 0x0A, 0x1F, 0xF2, 0xF3, + 0x99, 0x84, 0x5E, 0x2B, 0xB9, 0x52, 0x7F, 0xF2, 0xF6, 0x30, 0x4D, 0x47 + }, + /* uint8_t * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16] */ { - 0xAF, 0x8C, 0x78, 0xE3, 0x6C, 0x9E, 0xC6, 0x76, 0xE5, 0x86, 0x84, 0xBE, - 0xF5, 0x6C, 0xD7, 0x2B, 0x46, 0x24, 0x35, 0x99, 0xA5, 0x64, 0xDD, 0xFA, - 0x35, 0x22, 0x5A, 0xB8, 0x5F, 0xD8, 0x1E, 0xCF, 0xCC, 0x73, 0x10, 0xD6, - 0x13, 0x69, 0x8F, 0x36, 0xA9, 0x8E, 0x09, 0xDF, 0x83, 0x20, 0x85, 0xBE, - 0x81, 0x69, 0x51, 0x75, 0xCB, 0xA5, 0x90, 0x8C, 0xC1, 0x75, 0xBE, 0x0F, - 0x8C, 0xB6, 0xFE, 0x73, 0x03, 0x37, 0x03, 0x41, 0xC0, 0x98, 0xC2, 0xEE, - 0x2D, 0x1B, 0xDA, 0x10, 0x8B, 0xF6, 0xB6, 0x67, 0xE9, 0x29, 0xCD, 0xEC, - 0x4C, 0x4D, 0x84, 0x28, 0x61, 0x3A, 0xF5, 0x6D, 0xEE, 0x78, 0x45, 0xF3, - 0x17, 0xC9, 0x77, 0xAB, 0x56, 0x2C, 0x68, 0xCB, 0x14, 0x9F, 0x5A, 0xE7, - 0x11, 0xC7, 0x13, 0x4B, 0xDC, 0x31, 0x60, 0x77, 0xDA, 0x56, 0x0C, 0x15, - 0xB2, 0xA9, 0x73, 0x4C, 0xD3, 0x46, 0x29, 0x18, 0x1C, 0x8C, 0xFD, 0xCF, - 0xAC, 0x4B, 0x55, 0x30, 0x96, 0xDC, 0xE9, 0xC0, 0x6A, 0x74, 0x68, 0x1D, - 0x6B, 0x25, 0xB0, 0x8F, 0x0C, 0xD7, 0xDD, 0xFC, 0xA8, 0x15, 0x87, 0x3E, - 0xA3, 0x91, 0x46, 0x25, 0x6C, 0x6F, 0xC4, 0xB2, 0xE1, 0xB8, 0x5F, 0xF3, - 0x6A, 0x0D, 0x9C, 0x29, 0x08, 0x6F, 0x5E, 0xFF, 0xA0, 0x81, 0x34, 0xA5, - 0x2B, 0x2B, 0x47, 0xE0, 0x6D, 0x56, 0xD2, 0x52, 0xC7, 0x19, 0x63, 0x72, - 0x84, 0x96, 0x64, 0xA5, 0xF2, 0x92, 0x3C, 0x38, 0x37, 0x9F, 0x6A, 0x2D, - 0x58, 0x33, 0x8C, 0x5C, 0x27, 0x05, 0xCB, 0x4F, 0x62, 0x2F, 0x40, 0xE9, - 0x55, 0x2C, 0x75, 0x4B, 0x02, 0xB3, 0x61, 0xAD, 0x34, 0x14, 0x49, 0x26, - 0x94, 0x45, 0x9B, 0xB8, 0xDB, 0x1F, 0xCE, 0xE9, 0xB1, 0xBF, 0x47, 0xF3, - 0xD4, 0xAD, 0xEB, 0xBC, 0x4F, 0x61, 0xAD, 0x66, 0xAF, 0x10, 0x94, 0x5D, - 0x25, 0x5B, 0x52, 0xF3, 0x44, 0xBA, 0x28, 0xF8, 0xF2, 0x01, 0x41, 0x61, - 0xF3, 0xE5, 0x91, 0x44, 0xF9, 0xA3, 0x56, 0xD8, 0xE9, 0x43, 0x0F, 0x78, - 0x7E, 0x1C, 0x01, 0xA6, 0xD7, 0x47, 0x87, 0x7C, 0xC5, 0xAF, 0x2A, 0xD3, - 0x71, 0x3A, 0x3E, 0x96, 0xF5, 0x8E, 0xA8, 0x1A, 0x89, 0x17, 0xCD, 0x52, - 0x7E, 0x98, 0x70, 0xB3, 0x57, 0x22, 0x59, 0x1C, 0xB7, 0x61, 0xD3, 0x32, - 0xE5, 0x2E, 0x6B, 0x6F, 0x2B, 0xD2, 0xAB, 0x27, 0x62, 0x65, 0xBE, 0x0B, - 0x8B, 0xFC, 0x9D, 0xB7, 0x3B, 0x4F, 0xA7, 0x35, 0xA6, 0xB3, 0x10, 0x98, - 0x6D, 0x47, 0x12, 0x16, 0x89, 0x33, 0x9A, 0x87, 0x85, 0x50, 0x21, 0x2B, - 0x03, 0xD0, 0x0C, 0x25, 0x52, 0xC1, 0xA4, 0xD9, 0x50, 0x57, 0x0A, 0x88, - 0x67, 0xE9, 0x55, 0x78, 0xFF, 0x23, 0xC0, 0xD1, 0xB6, 0xF4, 0xBD, 0x64, - 0x38, 0x9A, 0x59, 0xD8, 0x0C, 0xCA, 0x3C, 0x44, 0xBB, 0x31, 0x40, 0xF3, - 0x3F, 0x84, 0x74, 0x1A, 0x1B, 0xFB, 0x81, 0x22, 0x20, 0x0E, 0x68, 0x48, - 0x7F, 0xBF, 0xBB, 0xE2, 0xF7, 0xEA, 0x1C, 0xDD, 0x63, 0xAA, 0x3E, 0xFE, - 0x7A, 0xBD, 0x6C, 0x2A, 0x2C, 0x6C, 0x8E, 0x3C, 0xB6, 0x42, 0x2F, 0x42, - 0xF2, 0x17, 0x07, 0x2F, 0x4F, 0xAA, 0x4B, 0xA0, 0xE7, 0x98, 0xAE, 0x95, - 0x21, 0x2A, 0xF8, 0x1C, 0x33, 0x81, 0xC2, 0x64, 0xEC, 0xF3, 0xD7, 0x75, - 0x81, 0x61, 0x8C, 0xDF, 0x7F, 0x76, 0x6B, 0x44, 0x22, 0x36, 0xD3, 0x7F, - 0x17, 0x40, 0x84, 0xF8, 0xA8, 0x4B, 0xD5, 0xD4, 0x4E, 0xA1, 0x86, 0xDB, - 0x9B, 0xCD, 0xB6, 0x6C, 0xDF, 0x35, 0x0C, 0x0D, 0x7E, 0x0F, 0x01, 0x9C, - 0xF7, 0x6E, 0x89, 0xE6, 0x2F, 0x0E, 0xC5, 0xF3, 0xEA, 0x69, 0x8C, 0xA5, - 0xD5, 0x48, 0xEE, 0x5B, 0x77, 0x04, 0xFE, 0xC7, 0x56, 0x87, 0x27, 0xD4, - 0xF9, 0xCC, 0xB4, 0xB4, 0xB7, 0x1A, 0x85, 0x38, 0x0B, 0x93, 0xD2, 0x1D, - 0xD3, 0xDE, 0x7E, 0x45, 0xAF, 0x82, 0x46, 0x65, 0xFE, 0x59, 0x55, 0x83 + 0x98, 0x56, 0x6B, 0x74, 0x7E, 0x42, 0xEA, 0x98, 0x9E, 0x78, 0x4F, 0x65, + 0xBD, 0x09, 0x1A, 0xD4, 0x1D, 0xFE, 0xEF, 0x0D, 0x5A, 0xFB, 0x5E, 0x83, + 0x9B, 0x0A, 0xFC, 0xBB, 0x4F, 0x25, 0xFA, 0x89, 0x5D, 0x9A, 0x0C, 0x84, + 0xBB, 0xED, 0x6B, 0x87, 0xDA, 0x20, 0x73, 0x6D, 0x1C, 0x5C, 0x81, 0x66, + 0x8A, 0x18, 0xAC, 0x4F, 0xC0, 0x15, 0x5C, 0x93, 0x10, 0x5D, 0xA3, 0xAE, + 0x2B, 0x2B, 0x82, 0xCE, 0x6E, 0x90, 0xC8, 0x48, 0xFB, 0xAC, 0xCC, 0xBE, + 0x70, 0xE7, 0x6C, 0x31, 0x50, 0x55, 0x78, 0xBB, 0x4F, 0xAF, 0xE0, 0x57, + 0x3D, 0x91, 0xCC, 0xB3, 0x80, 0x21, 0xA7, 0x4A, 0xEE, 0x5F, 0x9E, 0xB7, + 0x72, 0x11, 0x90, 0x6D, 0x46, 0x7A, 0xE8, 0xF1, 0xB1, 0xCA, 0xFA, 0x4A, + 0xA1, 0xBA, 0x1B, 0xEA, 0xD5, 0x8E, 0x02, 0xBF, 0x36, 0x65, 0xFC, 0x43, + 0x94, 0x19, 0x49, 0xF3, 0x76, 0xD7, 0x84, 0xE5, 0x48, 0x98, 0xD3, 0x74, + 0x3A, 0xB4, 0x93, 0xB6, 0x54, 0xB2, 0x4E, 0x60, 0x8F, 0x9A, 0xA3, 0x1C, + 0x13, 0x37, 0x90, 0x63, 0x31, 0x9A, 0x44, 0xA1, 0xA6, 0x78, 0x13, 0x61, + 0x6C, 0x3B, 0x7A, 0xB5, 0x49, 0xEF, 0xD7, 0x26, 0x04, 0xA5, 0x27, 0x73, + 0x0E, 0x1D, 0x35, 0x65, 0x4C, 0xD4, 0xC9, 0x43, 0x9F, 0x2B, 0x98, 0x0F, + 0xCA, 0x94, 0x72, 0xE5, 0x41, 0xCC, 0x5F, 0x69, 0xCD, 0x09, 0x27, 0xDF, + 0xDC, 0xA3, 0x33, 0x30, 0xFD, 0x9E, 0x66, 0xAE, 0xDA, 0x95, 0xFC, 0xC1, + 0x73, 0xCA, 0x5E, 0xB4, 0x18, 0xDF, 0xA3, 0xDD, 0xF5, 0x73, 0xA5, 0x9E, + 0x5C, 0x2E, 0x72, 0x85, 0xCE, 0x19, 0xCC, 0xF4, 0x7A, 0x02, 0x79, 0x7B, + 0x1F, 0xDF, 0xBE, 0x77, 0xA4, 0x94, 0x3E, 0x7D, 0x88, 0x2F, 0xF8, 0x2E, + 0xE9, 0x5D, 0x34, 0xEA, 0x57, 0x8F, 0xF9, 0xB1, 0x22, 0xC6, 0x55, 0xEA, + 0x60, 0xF8, 0xFE, 0xD6, 0x2C, 0x66, 0x49, 0xC1, 0x30, 0x3B, 0xA0, 0xD2, + 0x75, 0x26, 0x72, 0x26, 0x63, 0x90, 0x7B, 0x4A, 0x1D, 0x5A, 0x0F, 0xC5, + 0xC5, 0xA1, 0x41, 0x85, 0x46, 0x30, 0x89, 0xC9, 0x59, 0x47, 0x3A, 0xED, + 0x7A, 0xC8, 0x8A, 0x80, 0x78, 0x77, 0x1D, 0x01, 0xDA, 0x25, 0x2F, 0x9F, + 0x24, 0x75, 0x8D, 0x11, 0xE2, 0x71, 0xAE, 0xD6, 0xBB, 0x87, 0xFC, 0x8F, + 0x9F, 0x2C, 0xE4, 0xD7, 0xF0, 0x34, 0xA9, 0xC5, 0x38, 0xAF, 0xD4, 0xC7, + 0x2E, 0xE3, 0x67, 0x19, 0x81, 0xE0, 0x07, 0x22, 0x34, 0x63, 0x9D, 0xEE, + 0x1E, 0x25, 0xCD, 0x18, 0x94, 0xB4, 0x61, 0x99, 0x52, 0x9E, 0x72, 0x9A, + 0xF8, 0x39, 0x4C, 0xBD, 0x9C, 0xD5, 0x1B, 0x81, 0xFE, 0xC5, 0x32, 0x56, + 0x1F, 0x1F, 0x33, 0x11, 0x38, 0xE3, 0x1D, 0x44, 0x84, 0x0C, 0x45, 0x52, + 0x0C, 0xB3, 0x4E, 0x54, 0xDD, 0xB0, 0x43, 0x2C, 0xA2, 0x19, 0xFE, 0xE3, + 0x5F, 0x70, 0x72, 0x36, 0x35, 0x09, 0x8C, 0x34, 0x1A, 0xA0, 0x6B, 0xE8, + 0xEC, 0x10, 0x4F, 0x46, 0x4F, 0x40, 0xD2, 0x0A, 0xCC, 0xC5, 0xDD, 0xAC, + 0x64, 0xBC, 0x3D, 0x44, 0x91, 0x5D, 0x5C, 0x65, 0xF2, 0xFC, 0x12, 0xF2, + 0x15, 0xA9, 0x4F, 0x71, 0xEB, 0x41, 0x59, 0x49, 0x3B, 0xA1, 0x2C, 0x6A, + 0xAD, 0xA6, 0x88, 0x37, 0xB5, 0xE5, 0x0B, 0xF2, 0x74, 0x09, 0x5D, 0xBF, + 0x8A, 0x04, 0x9E, 0x74, 0x0C, 0xB4, 0xC8, 0xE1, 0xA4, 0xD9, 0x4B, 0x52, + 0xC8, 0xDB, 0x9D, 0xD0, 0xC5, 0x5A, 0xEE, 0x8F, 0xFE, 0xC3, 0x64, 0x55, + 0x68, 0x95, 0xFA, 0x0B, 0x8B, 0x7C, 0x01, 0x08, 0x3C, 0xEB, 0xA1, 0x32, + 0x15, 0xB4, 0x67, 0xBA, 0x52, 0x0F, 0xEA, 0x29, 0x57, 0xB5, 0xA0, 0x9D, + 0x58, 0xEE, 0xAB, 0xAF, 0xD6, 0xF1, 0x57, 0x25, 0x49, 0x21, 0x41, 0x56, + 0xFB, 0xAC, 0xD1, 0x00, 0xBD, 0xBD, 0x54, 0x85, 0x03, 0xF4, 0x98, 0x7E, + 0xE3, 0x73, 0x63, 0xE2, 0xC6, 0x43, 0xAD, 0xDD, 0xF6, 0xF0, 0x75, 0x2B }, /* uint8_t * encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16]; @@ -214,28 +214,32 @@ const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig); /* ./ca-cert.der.sign, */ const unsigned char ca_cert_der_sig[] = { - 0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba, - 0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89, - 0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18, - 0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1, - 0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74, - 0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a, - 0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7, - 0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed, - 0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2, - 0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7, - 0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34, - 0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47, - 0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52, - 0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84, - 0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e, - 0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa, - 0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89, - 0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4, - 0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0, - 0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8, - 0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae, - 0x1d, 0xdb, 0x57, 0xb8 + 0x3C, 0x99, 0x92, 0x6F, 0x0A, 0xE7, 0xC1, 0x31, 0x1F, 0xC2, + 0x60, 0xFD, 0x26, 0x54, 0x2F, 0xEA, 0xA4, 0xB6, 0x99, 0x8F, + 0xCF, 0x01, 0x6F, 0x37, 0x7A, 0xF5, 0xB7, 0xD1, 0xCC, 0x51, + 0x0B, 0x34, 0xF1, 0xF4, 0xF0, 0x48, 0xCF, 0x53, 0xD3, 0xE1, + 0xF1, 0x08, 0xD1, 0x3F, 0x2B, 0x9A, 0x0E, 0x5A, 0x15, 0xB7, + 0xAD, 0x14, 0x27, 0x24, 0x70, 0xE8, 0x02, 0x68, 0x21, 0xA2, + 0xA2, 0x9D, 0x63, 0x41, 0x6A, 0xE3, 0xD2, 0xC9, 0x48, 0x7B, + 0xF2, 0x6E, 0x7A, 0x80, 0xB8, 0xA9, 0x28, 0x61, 0x7B, 0x93, + 0x93, 0x18, 0x68, 0x19, 0x6A, 0x6F, 0x78, 0x53, 0x32, 0xBF, + 0xAB, 0x28, 0x10, 0x44, 0xAC, 0xB9, 0x15, 0xFD, 0x51, 0xFE, + 0x5E, 0x47, 0x07, 0xCD, 0xAF, 0x94, 0x69, 0x7A, 0x66, 0x31, + 0x3E, 0xED, 0x1B, 0x93, 0x97, 0x1A, 0x83, 0xA2, 0xC7, 0x5B, + 0xD3, 0x34, 0xAE, 0x24, 0xC8, 0xE9, 0xA9, 0x9E, 0x64, 0xEA, + 0x57, 0xA8, 0xA8, 0xD8, 0xA2, 0x74, 0x5F, 0xDB, 0x70, 0xCC, + 0x07, 0x1D, 0xD0, 0xA7, 0x91, 0x61, 0xD6, 0x9F, 0x6F, 0x77, + 0x80, 0xE9, 0x6C, 0x2F, 0x90, 0xF1, 0xBE, 0x25, 0x3F, 0x1C, + 0x76, 0xB6, 0xAC, 0xD7, 0xD1, 0x1E, 0x97, 0x15, 0x94, 0x96, + 0xD6, 0xF6, 0xBF, 0x39, 0x6D, 0xC7, 0xF5, 0x13, 0xE0, 0xBB, + 0xC4, 0xDC, 0x18, 0x13, 0x65, 0x2B, 0x80, 0x23, 0x9A, 0x6A, + 0x70, 0x30, 0x9A, 0xB3, 0xE5, 0x2D, 0xC1, 0xCB, 0xBF, 0x5A, + 0xC2, 0xEE, 0xF6, 0x65, 0x50, 0xD4, 0xF2, 0xA3, 0xD5, 0xF9, + 0xF8, 0x16, 0xD3, 0x05, 0xAC, 0xE9, 0x8B, 0x5A, 0x75, 0xD7, + 0xF9, 0xB9, 0x05, 0xF3, 0x9C, 0xD0, 0xCE, 0x39, 0xA5, 0x7D, + 0xB6, 0xC6, 0x78, 0x6A, 0x31, 0x6C, 0xD2, 0xBB, 0x6F, 0x8E, + 0x11, 0xD4, 0x84, 0x8B, 0x21, 0x65, 0xFC, 0x2D, 0xD3, 0x51, + 0xC6, 0x31, 0x80, 0xCD, 0xE9, 0x5F }; const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig); /* ./client-cert.der.sign, */ diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h index 6e8d165b3e..d066db1c31 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h @@ -245,8 +245,7 @@ */ #define WOLFSSL_RENESAS_TSIP_TLS - #if !defined(NO_RENESAS_TSIP_CRYPT) - #define WOLFSSL_RENESAS_TSIP_CRYPTONLY + #if !defined(NO_RENESAS_TSIP_CRYPT) #define HAVE_PK_CALLBACKS #define WOLF_CRYPTO_CB #if defined(WOLFSSL_RENESAS_TSIP_TLS) diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index fdeb696016..7286f6cb05 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -416,11 +416,15 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse) } } - if (ret != 0) { - if (kse->key != NULL) + if ((ret != 0) && (ret != CRYPTOCB_UNAVAILABLE)) { + if (kse->key != NULL) { XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - if (kse->pubKey != NULL) + kse->key = NULL; + } + if (kse->pubKey != NULL) { XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + kse->pubKey = NULL; + } } WOLFSSL_LEAVE("tsip_Tls13GenEccKeyPair", ret); return ret; diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index 50f54473ba..c5584cb8bc 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -259,12 +259,6 @@ typedef struct TsipUserCtx { uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ]; uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ]; - /* installed key handling */ - tsip_aes_key_index_t user_aes256_key_index; - uint8_t user_aes256_key_set:1; - tsip_aes_key_index_t user_aes128_key_index; - uint8_t user_aes128_key_set:1; - /* TSIP defined cipher suite number */ uint32_t tsip_cipher; @@ -296,22 +290,26 @@ typedef struct TsipUserCtx { uint8_t session_key_set:1; #endif /* WOLFSSL_RENESAS_TSIP_TLS */ + /* installed key handling */ + tsip_aes_key_index_t user_aes256_key_index; + uint8_t user_aes256_key_set:1; + tsip_aes_key_index_t user_aes128_key_index; + uint8_t user_aes128_key_set:1; + /* for tsip crypt only mode */ #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY - union { - #ifndef NO_RSA - tsip_rsa1024_private_key_index_t rsa1024pri_keyIdx; - tsip_rsa1024_public_key_index_t rsa1024pub_keyIdx; - tsip_rsa2048_private_key_index_t rsa2048pri_keyIdx; - tsip_rsa2048_public_key_index_t rsa2048pub_keyIdx; - #endif - #ifdef HAVE_ECC - #ifdef HAVE_ECC_SIGN - tsip_ecc_private_key_index_t eccpri_keyIdx; - #endif - tsip_ecc_public_key_index_t eccpub_keyIdx; +#ifndef NO_RSA + tsip_rsa1024_private_key_index_t* rsa1024pri_keyIdx; + tsip_rsa1024_public_key_index_t* rsa1024pub_keyIdx; + tsip_rsa2048_private_key_index_t* rsa2048pri_keyIdx; + tsip_rsa2048_public_key_index_t* rsa2048pub_keyIdx; +#endif +#ifdef HAVE_ECC + #ifdef HAVE_ECC_SIGN + tsip_ecc_private_key_index_t eccpri_keyIdx; #endif - }; + tsip_ecc_public_key_index_t eccpub_keyIdx; +#endif /* sign/verify hash type : * md5, sha1 or sha256 @@ -323,7 +321,7 @@ typedef struct TsipUserCtx { uint32_t chr; struct tsip_keyflgs_cryt bits; } keyflgs_crypt; -#endif +#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ } TsipUserCtx; @@ -420,7 +418,7 @@ WOLFSSL_API void tsip_inform_user_keys( /*----------------------------------------------------*/ #ifdef HAVE_PK_CALLBACKS WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( - WOLFSSL* ssl, + struct WOLFSSL* ssl, unsigned char* sig, unsigned int sigSz, unsigned char** out, const unsigned char* keyDer, unsigned int keySz, diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h index fd15c02af4..66e94e02e2 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h @@ -21,11 +21,14 @@ #ifndef __RENESAS_CMN_H__ #define __RENESAS_CMN_H__ -#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY + #include + +#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY #include + /* Common Callbacks */ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz, From 2d0353bcb16a22c044430f1edf9e87f0b661e4d5 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Tue, 9 Jul 2024 20:40:34 +0900 Subject: [PATCH 06/12] updae ecc key and signed cert --- .../RX72N/EnvisionKit/wolfssl_demo/key_data.c | 108 +++++++++--------- 1 file changed, 56 insertions(+), 52 deletions(-) diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c index d74c4a08be..fd2d40bd4d 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c @@ -167,10 +167,10 @@ const st_key_block_data_t g_key_block_data = * encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16]; */ { - 0xE6, 0x6C, 0xB8, 0x7C, 0xDB, 0x85, 0x50, 0x51, 0x4A, 0x75, 0x38, 0xA4, - 0x74, 0x7A, 0x8C, 0x7C, 0x07, 0x71, 0x0E, 0x52, 0xC3, 0x19, 0xD1, 0xE6, - 0xF8, 0x36, 0xD2, 0xD3, 0x53, 0xF8, 0xA7, 0xCE, 0xBC, 0xBE, 0xAE, 0x62, - 0x7F, 0x00, 0x54, 0xB1, 0x01, 0x11, 0xCA, 0xE3, 0x77, 0x3E, 0x2E, 0x21 + 0x8D, 0xC9, 0x32, 0xEB, 0x73, 0xE6, 0xA3, 0x3C, 0x9E, 0x43, 0x02, 0x3C, + 0x7E, 0x17, 0x69, 0x93, 0xAA, 0x66, 0xF1, 0x4A, 0x38, 0x28, 0x01, 0x11, + 0xDD, 0x07, 0xFA, 0x58, 0x1F, 0xA5, 0x69, 0xD2, 0x9F, 0x18, 0x2A, 0x79, + 0x5F, 0xAF, 0x10, 0xB7, 0x06, 0x74, 0x54, 0x0A, 0xBC, 0x6E, 0xFD, 0x67 }, }; @@ -186,28 +186,32 @@ const uint32_t encrypted_user_key_type = const unsigned char ca_ecc_cert_der_sig[] = { - 0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa, - 0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c, - 0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6, - 0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a, - 0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd, - 0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba, - 0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44, - 0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc, - 0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61, - 0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35, - 0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a, - 0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6, - 0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e, - 0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b, - 0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18, - 0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5, - 0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f, - 0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c, - 0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b, - 0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8, - 0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99, - 0xc0, 0x73, 0x11, 0x1e + 0x85, 0x76, 0x96, 0x7D, 0xB5, 0x14, 0xD9, 0x4F, 0x3E, 0xCF, + 0xF3, 0xD3, 0xAB, 0x76, 0x77, 0xBA, 0xDB, 0xB8, 0x87, 0xD2, + 0x2E, 0xB5, 0x87, 0x69, 0x79, 0x8C, 0x34, 0x1A, 0x06, 0xB9, + 0xD5, 0x0D, 0xA8, 0x4B, 0x05, 0x6A, 0xF4, 0x26, 0x86, 0xB6, + 0x91, 0x0F, 0x27, 0x6F, 0xA7, 0xF1, 0x3C, 0xEC, 0x3D, 0x34, + 0xE7, 0x82, 0xEB, 0x10, 0xE6, 0xFA, 0x04, 0x11, 0x78, 0xCD, + 0xEB, 0xA0, 0xB4, 0x6C, 0xBC, 0x7C, 0x8C, 0x83, 0xD3, 0x68, + 0xC2, 0x72, 0x17, 0xE0, 0x41, 0xA3, 0xE3, 0x5A, 0xB6, 0x2D, + 0x52, 0xA4, 0x4A, 0x4E, 0x9B, 0x3E, 0x98, 0xD7, 0xBB, 0x17, + 0xF5, 0x19, 0xAB, 0x30, 0xBF, 0xE2, 0x8B, 0xD7, 0x47, 0x7B, + 0x99, 0x7B, 0x97, 0x46, 0x53, 0x34, 0xCA, 0x74, 0x00, 0x39, + 0x04, 0x6F, 0x0B, 0xC0, 0x42, 0x73, 0x65, 0xCA, 0x3F, 0xE2, + 0x58, 0x1E, 0x26, 0xE5, 0xA2, 0x86, 0x63, 0xF3, 0x41, 0x89, + 0x0E, 0x6B, 0x74, 0xF4, 0x73, 0x4D, 0x8E, 0x04, 0x1E, 0x64, + 0x7E, 0x9C, 0x37, 0x3A, 0xF2, 0x4E, 0x5B, 0xF2, 0x67, 0x9A, + 0x48, 0xFB, 0x70, 0xDD, 0x70, 0x8C, 0xC0, 0x8F, 0xE9, 0x77, + 0x7B, 0xC0, 0x1F, 0xB7, 0xE2, 0xB8, 0xC2, 0x67, 0xF0, 0x1D, + 0x13, 0xFB, 0x8D, 0xEB, 0x69, 0xE8, 0xC0, 0x31, 0xAC, 0xB9, + 0x0C, 0x2D, 0x89, 0x77, 0x81, 0xC5, 0x87, 0xDD, 0x28, 0x7C, + 0x03, 0x34, 0xFA, 0xD8, 0xE5, 0x20, 0x4A, 0x88, 0x42, 0x6B, + 0x16, 0x55, 0x33, 0x16, 0x57, 0x19, 0x6B, 0x5A, 0x0C, 0xAC, + 0x12, 0xF4, 0x72, 0x7B, 0x1C, 0x8E, 0x85, 0xCE, 0x2D, 0xE7, + 0x94, 0xAD, 0xFC, 0xA8, 0x92, 0x70, 0xE0, 0xFA, 0x19, 0xB3, + 0xB4, 0x97, 0x25, 0x10, 0xCB, 0x27, 0x74, 0x57, 0x5D, 0x22, + 0xDB, 0x1D, 0x2F, 0xB4, 0x27, 0x52, 0xDE, 0x56, 0x77, 0xFB, + 0xBA, 0x75, 0x5F, 0xC3, 0x84, 0xA6 }; const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig); @@ -245,32 +249,32 @@ const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig); /* ./client-cert.der.sign, */ const unsigned char client_cert_der_sign[] = { - 0x5D, 0x1F, 0x89, 0x41, 0xEC, 0x47, 0xC8, 0x90, 0x61, 0x79, - 0x8A, 0x16, 0x1F, 0x31, 0x96, 0x67, 0xD9, 0x3C, 0xEC, 0x6B, - 0x58, 0xC6, 0x5A, 0xED, 0x99, 0xB3, 0xEF, 0x27, 0x6F, 0x04, - 0x8C, 0xD9, 0x68, 0xB1, 0xD6, 0x23, 0x15, 0x84, 0x00, 0xE1, - 0x27, 0xD1, 0x1F, 0x68, 0xB7, 0x3F, 0x13, 0x53, 0x8A, 0x95, - 0x5A, 0x20, 0x7C, 0xB2, 0x76, 0x5B, 0xDC, 0xE0, 0xA6, 0x21, - 0x7C, 0x49, 0xCF, 0x93, 0xBA, 0xD5, 0x12, 0x9F, 0xEE, 0x90, - 0x5B, 0x3F, 0xA3, 0x9D, 0x13, 0x72, 0xAC, 0x72, 0x16, 0xFE, - 0x1D, 0xBE, 0xEB, 0x8E, 0xC7, 0xDC, 0xC4, 0xF8, 0x1A, 0xD8, - 0xA0, 0xA4, 0xF6, 0x04, 0x30, 0xF6, 0x7E, 0xB6, 0xC8, 0xE1, - 0xAB, 0x88, 0x37, 0x08, 0x63, 0x72, 0xAA, 0x46, 0xCC, 0xCA, - 0xF0, 0x9E, 0x02, 0x1E, 0x65, 0x67, 0xFF, 0x2C, 0x9D, 0x81, - 0x6C, 0x1E, 0xF1, 0x54, 0x05, 0x68, 0x68, 0x18, 0x72, 0x26, - 0x55, 0xB6, 0x2C, 0x95, 0xC0, 0xC9, 0xB2, 0xA7, 0x0B, 0x60, - 0xD7, 0xEB, 0x1D, 0x08, 0x1A, 0xA2, 0x54, 0x15, 0x89, 0xCB, - 0x83, 0x21, 0x5D, 0x15, 0x9B, 0x38, 0xAC, 0x89, 0x63, 0xD5, - 0x4B, 0xF4, 0x8B, 0x47, 0x93, 0x78, 0x43, 0xCB, 0x9B, 0x71, - 0xBF, 0x94, 0x76, 0xB5, 0xCE, 0x35, 0xA9, 0x1A, 0xD5, 0xA5, - 0xD8, 0x19, 0xA6, 0x04, 0x39, 0xB1, 0x09, 0x8C, 0x65, 0x02, - 0x58, 0x3A, 0x95, 0xEF, 0xA2, 0xC3, 0x85, 0x18, 0x61, 0x23, - 0x2D, 0xC5, 0xCD, 0x62, 0xC1, 0x19, 0x31, 0xE5, 0x36, 0x95, - 0x22, 0xDB, 0x3E, 0x1A, 0x3C, 0xE8, 0xC6, 0x2E, 0xDF, 0xD9, - 0x2F, 0x84, 0xC1, 0xF0, 0x38, 0x2B, 0xE5, 0x73, 0x35, 0x4F, - 0x05, 0xE2, 0xA5, 0x60, 0x79, 0xB0, 0x23, 0xDC, 0x56, 0x4C, - 0xE7, 0xD9, 0x1F, 0xCF, 0x6A, 0xFC, 0x55, 0xEB, 0xAA, 0x48, - 0x3E, 0x95, 0x2A, 0x10, 0x01, 0x05 + 0x58, 0x04, 0xD2, 0xCA, 0x82, 0x7F, 0x7C, 0xB3, 0x93, 0x8A, + 0x81, 0x5F, 0x48, 0x91, 0xA4, 0x04, 0x13, 0x55, 0x20, 0x02, + 0x1A, 0xCC, 0xD6, 0x09, 0x56, 0x89, 0x37, 0xBD, 0x3F, 0x88, + 0x10, 0x3E, 0x8D, 0x2E, 0x30, 0x0E, 0x97, 0xA8, 0x68, 0xE1, + 0xAE, 0x00, 0x9A, 0x42, 0xA0, 0xAF, 0x3E, 0xAE, 0xFF, 0xFF, + 0xA7, 0xF3, 0x9C, 0xA7, 0x59, 0xB1, 0xA9, 0x67, 0x2D, 0xCE, + 0xAE, 0x27, 0x0D, 0x9F, 0x22, 0x99, 0x43, 0x49, 0xC3, 0xC7, + 0x50, 0x11, 0xDB, 0xD4, 0xE8, 0xA4, 0x6B, 0x30, 0x95, 0x6C, + 0x66, 0x69, 0xF2, 0x2D, 0xE4, 0x41, 0x7D, 0x45, 0x73, 0xD5, + 0xE7, 0x3D, 0x15, 0x34, 0x99, 0xB7, 0x27, 0xAC, 0xFB, 0x6D, + 0xDC, 0xFF, 0x1F, 0x17, 0xF3, 0x37, 0x92, 0x44, 0x58, 0x57, + 0x50, 0xA6, 0x3A, 0xB4, 0xB2, 0xB9, 0xAE, 0x8E, 0x4E, 0x63, + 0x42, 0xBD, 0xDD, 0xAA, 0xC8, 0x26, 0x0D, 0xE8, 0x57, 0xCF, + 0xBD, 0x75, 0xAB, 0xDD, 0x92, 0x53, 0x1F, 0x7A, 0x9F, 0x4D, + 0x0E, 0xB0, 0xF5, 0x7F, 0xCE, 0x92, 0xD4, 0xEC, 0x3E, 0x44, + 0x99, 0x27, 0x32, 0x42, 0xFA, 0x68, 0xCE, 0x2E, 0x75, 0x31, + 0xEE, 0x74, 0xDA, 0xB4, 0x42, 0x8C, 0x30, 0xF8, 0xB7, 0xB6, + 0xF4, 0x29, 0x5C, 0x18, 0x59, 0xE8, 0x39, 0x06, 0xF2, 0xDB, + 0x50, 0xC4, 0x75, 0x3A, 0xD2, 0xDA, 0x9B, 0xEA, 0xBF, 0x80, + 0x42, 0x97, 0x01, 0x7B, 0xBA, 0x5D, 0xA0, 0x29, 0x40, 0xAE, + 0x3C, 0x4D, 0x75, 0x98, 0xEB, 0xCE, 0x5E, 0x67, 0xDC, 0xE3, + 0xC5, 0x70, 0x8F, 0x22, 0x15, 0xCB, 0x31, 0x39, 0x8F, 0x6E, + 0x8B, 0xA9, 0x22, 0x09, 0x18, 0xDC, 0x19, 0xD5, 0x65, 0x5E, + 0xD5, 0x59, 0xAE, 0xD9, 0xAD, 0xF7, 0x9C, 0x2C, 0xD5, 0x79, + 0x15, 0x62, 0xF8, 0xAE, 0xBA, 0x11, 0x24, 0x98, 0xC8, 0xB6, + 0xF5, 0xDE, 0x32, 0x10, 0x03, 0x07 }; const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign); From a5c2290e40325eef6b4a57c9af7167336037327a Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Wed, 10 Jul 2024 17:13:09 +0900 Subject: [PATCH 07/12] Update key data and set private key for client authentification --- .../test/src/client/simple_tls_tsip_client.c | 105 ++++++++--- .../RX72N/EnvisionKit/wolfssl_demo/key_data.c | 166 +++++++++--------- 2 files changed, 161 insertions(+), 110 deletions(-) diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c index 452d0ac747..560c05a483 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c @@ -1,6 +1,6 @@ /* simpel_tls_tsip_client.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,7 +31,7 @@ #include #endif -#define SIMPLE_TLSSEVER_IP "192.168.11.9" +#define SIMPLE_TLSSEVER_IP "192.168.11.5" #define SIMPLE_TLSSERVER_PORT "11111" ER t4_tcp_callback(ID cepid, FN fncd , VP p_parblk); @@ -198,7 +198,7 @@ void wolfSSL_TLS_client( ) { ID cepid = 1; ER ercd; - int ret; + int ret = 0; WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)client_ctx; WOLFSSL *ssl = NULL; @@ -231,44 +231,95 @@ void wolfSSL_TLS_client( ) } #ifdef SIMPLE_TLS_TSIP_CLIENT - tsip_set_callback_ctx(ssl, &userContext); + ret = tsip_set_callback_ctx(ssl, &userContext); #endif /* set client private key data */ -#if defined(WOLFSSL_TLS13) && defined(SIMPLE_TLS_TSIP_CLIENT) - #if defined(USE_ECC_CERT) - if (tsip_use_PrivateKey_buffer_TLS(ssl, - (const char*)g_key_block_data.encrypted_user_ecc256_private_key, +#ifdef USE_ECC_CERT + + #ifdef WOLFSSL_RENESAS_TSIP_TLS + + /* TSIP specific ECC private key */ + if (ret == 0){ + ret = tsip_use_PrivateKey_buffer_TLS(ssl, + (const char*)g_key_block_data.encrypted_user_ecc256_private_key, sizeof(g_key_block_data.encrypted_user_ecc256_private_key), - TSIP_ECCP256) != 0) { - printf("ERROR: can't load client-private key\n"); - return; + TSIP_ECCP256); + if (ret != 0) { + printf("ERROR tsip_use_PrivateKey_buffer_TLS\n"); + } + } + # if defined(WOLFSSL_CHECK_SIG_FAULTS) + if (ret == 0){ + ret = tsip_use_PublicKey_buffer_TLS(ssl, + (const char*)g_key_block_data.encrypted_user_ecc256_public_key, + sizeof(g_key_block_data.encrypted_user_ecc256_public_key), + TSIP_ECCP256); + if (ret != 0) { + printf("ERROR tsip_use_PublicKey_buffer_TLS\n"); } + } + #endif /* WOLFSSL_CHECK_SIG_FAULTS */ + #else - if (tsip_use_PrivateKey_buffer_TLS(ssl, + + /* DER format ECC private key */ + if (ret == 0) { + err = wolfSSL_use_PrivateKey_buffer(ssl, + ecc_clikey_der_256, + sizeof_ecc_clikey_der_256, + WOLFSSL_FILETYPE_ASN1); + if (err != SSL_SUCCESS) { + printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n", + wolfSSL_get_error(ssl, 0)); + ret = -1; + } + } + + #endif /* WOLFSSL_RENESAS_TSIP_TLS */ + +#else + + #if defined(WOLFSSL_RENESAS_TSIP_TLS) + + /* Note: TSIP asks RSA client key pair for client authentication. */ + + /* TSIP specific RSA private key */ + if (ret == 0) { + ret = tsip_use_PrivateKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_rsa2048_private_key, sizeof(g_key_block_data.encrypted_user_rsa2048_private_key), - TSIP_RSA2048) != 0) { - printf("ERROR: can't load client-private key\n"); - return; + TSIP_RSA2048); + if (ret != 0) { + printf("ERROR tsip_use_PrivateKey_buffer_TLS :%d\n", ret); } + } + if (ret == 0) { ret = tsip_use_PublicKey_buffer_TLS(ssl, (const char*)g_key_block_data.encrypted_user_rsa2048_public_key, - sizeof(g_key_block_data.encrypted_user_rsa2048_public_key), TSIP_RSA2048); + sizeof(g_key_block_data.encrypted_user_rsa2048_public_key), + TSIP_RSA2048); if (ret != 0) { - printf("ERROR tsip_use_PublicKey_buffer: %d\n", ret); - return; + printf("ERROR tsip_use_PublicKey_buffer_TLS: %d\n", ret); } - #endif -#else - if (wolfSSL_use_PrivateKey_buffer(ssl, - ecc_clikey_der_256, - sizeof_ecc_clikey_der_256, - SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { - printf("ERROR: can't load private-key data.\n"); - return; } -#endif /* WOLFSSL_TLS13 */ + + #else + + if (ret == 0) { + err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048, + sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1); + + if (err != SSL_SUCCESS) { + printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n", + wolfSSL_get_error(ssl, 0)); + ret = -1; + } + } + + #endif /* WOLFSSL_RENESAS_TSIP_TLS */ + +#endif /* USE_ECC_CERT */ /* set callback context */ wolfSSL_SetIOReadCtx(ssl, (void *)&cepid); diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c index fd2d40bd4d..8ee29ee301 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c @@ -1,6 +1,6 @@ /* key_data.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,9 +31,9 @@ const st_key_block_data_t g_key_block_data = { /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */ { - 0x68, 0x03, 0xA1, 0x95, 0x3B, 0x93, 0x12, 0xCC, 0x86, 0x5A, 0x3E, 0x24, - 0xF7, 0xDD, 0x22, 0x31, 0xEC, 0xAB, 0x42, 0x8B, 0x90, 0xC2, 0x8E, 0xDF, - 0x56, 0xB3, 0xAE, 0x3A, 0x99, 0x05, 0x34, 0xCD + 0x68, 0x03, 0xA1, 0x95, 0x3B, 0x93, 0x12, 0xCC, 0x86, 0x5A, 0x3E, 0x24, + 0xF7, 0xDD, 0x22, 0x31, 0xEC, 0xAB, 0x42, 0x8B, 0x90, 0xC2, 0x8E, 0xDF, + 0x56, 0xB3, 0xAE, 0x3A, 0x99, 0x05, 0x34, 0xCD }, /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */ { @@ -77,100 +77,100 @@ const st_key_block_data_t g_key_block_data = * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16] */ { - 0x98, 0x56, 0x6B, 0x74, 0x7E, 0x42, 0xEA, 0x98, 0x9E, 0x78, 0x4F, 0x65, - 0xBD, 0x09, 0x1A, 0xD4, 0x1D, 0xFE, 0xEF, 0x0D, 0x5A, 0xFB, 0x5E, 0x83, - 0x9B, 0x0A, 0xFC, 0xBB, 0x4F, 0x25, 0xFA, 0x89, 0x5D, 0x9A, 0x0C, 0x84, - 0xBB, 0xED, 0x6B, 0x87, 0xDA, 0x20, 0x73, 0x6D, 0x1C, 0x5C, 0x81, 0x66, - 0x8A, 0x18, 0xAC, 0x4F, 0xC0, 0x15, 0x5C, 0x93, 0x10, 0x5D, 0xA3, 0xAE, - 0x2B, 0x2B, 0x82, 0xCE, 0x6E, 0x90, 0xC8, 0x48, 0xFB, 0xAC, 0xCC, 0xBE, - 0x70, 0xE7, 0x6C, 0x31, 0x50, 0x55, 0x78, 0xBB, 0x4F, 0xAF, 0xE0, 0x57, - 0x3D, 0x91, 0xCC, 0xB3, 0x80, 0x21, 0xA7, 0x4A, 0xEE, 0x5F, 0x9E, 0xB7, - 0x72, 0x11, 0x90, 0x6D, 0x46, 0x7A, 0xE8, 0xF1, 0xB1, 0xCA, 0xFA, 0x4A, - 0xA1, 0xBA, 0x1B, 0xEA, 0xD5, 0x8E, 0x02, 0xBF, 0x36, 0x65, 0xFC, 0x43, - 0x94, 0x19, 0x49, 0xF3, 0x76, 0xD7, 0x84, 0xE5, 0x48, 0x98, 0xD3, 0x74, - 0x3A, 0xB4, 0x93, 0xB6, 0x54, 0xB2, 0x4E, 0x60, 0x8F, 0x9A, 0xA3, 0x1C, - 0x13, 0x37, 0x90, 0x63, 0x31, 0x9A, 0x44, 0xA1, 0xA6, 0x78, 0x13, 0x61, - 0x6C, 0x3B, 0x7A, 0xB5, 0x49, 0xEF, 0xD7, 0x26, 0x04, 0xA5, 0x27, 0x73, - 0x0E, 0x1D, 0x35, 0x65, 0x4C, 0xD4, 0xC9, 0x43, 0x9F, 0x2B, 0x98, 0x0F, - 0xCA, 0x94, 0x72, 0xE5, 0x41, 0xCC, 0x5F, 0x69, 0xCD, 0x09, 0x27, 0xDF, - 0xDC, 0xA3, 0x33, 0x30, 0xFD, 0x9E, 0x66, 0xAE, 0xDA, 0x95, 0xFC, 0xC1, - 0x73, 0xCA, 0x5E, 0xB4, 0x18, 0xDF, 0xA3, 0xDD, 0xF5, 0x73, 0xA5, 0x9E, - 0x5C, 0x2E, 0x72, 0x85, 0xCE, 0x19, 0xCC, 0xF4, 0x7A, 0x02, 0x79, 0x7B, - 0x1F, 0xDF, 0xBE, 0x77, 0xA4, 0x94, 0x3E, 0x7D, 0x88, 0x2F, 0xF8, 0x2E, - 0xE9, 0x5D, 0x34, 0xEA, 0x57, 0x8F, 0xF9, 0xB1, 0x22, 0xC6, 0x55, 0xEA, - 0x60, 0xF8, 0xFE, 0xD6, 0x95, 0x72, 0x32, 0x39, 0xBC, 0x54, 0x7C, 0xC4, - 0x37, 0xD3, 0x82, 0x8B, 0xBF, 0x52, 0x6F, 0x5B, 0x0A, 0x1F, 0xF2, 0xF3, - 0x99, 0x84, 0x5E, 0x2B, 0xB9, 0x52, 0x7F, 0xF2, 0xF6, 0x30, 0x4D, 0x47 + 0x7B, 0x9E, 0xC9, 0x21, 0x70, 0xDF, 0xC0, 0x9E, 0x06, 0x57, 0xB8, 0x44, + 0xD0, 0x95, 0x21, 0xD0, 0x37, 0xDC, 0xAE, 0x3A, 0xAF, 0xCD, 0x56, 0x51, + 0x3C, 0xEC, 0x82, 0xB1, 0xFE, 0xBF, 0x6E, 0x12, 0xE7, 0x79, 0x92, 0xF0, + 0x3F, 0x56, 0x8A, 0x46, 0x0E, 0x4D, 0x9D, 0xC9, 0x7D, 0xC9, 0x2D, 0xE9, + 0x07, 0x1C, 0x9A, 0x11, 0x2F, 0x92, 0x26, 0x40, 0xD7, 0x73, 0xC8, 0xB9, + 0xD0, 0xB8, 0x46, 0x42, 0x53, 0x23, 0x79, 0xBB, 0x3B, 0x97, 0x91, 0x11, + 0x70, 0x66, 0xB6, 0xF4, 0x7B, 0x2F, 0x65, 0x3C, 0xA0, 0xD0, 0x70, 0x58, + 0x3C, 0xA8, 0xD9, 0x79, 0x79, 0x14, 0x55, 0xA4, 0x73, 0xE3, 0x40, 0xBB, + 0xC7, 0x57, 0x5C, 0x30, 0x9C, 0xC5, 0xB5, 0x9D, 0x87, 0xFB, 0x6E, 0x66, + 0x9C, 0x77, 0xF8, 0x41, 0x75, 0x80, 0x30, 0x62, 0xD5, 0x20, 0xBA, 0xB4, + 0x5D, 0x33, 0x8F, 0xC1, 0x5F, 0x22, 0xF1, 0xD8, 0x09, 0x62, 0xA6, 0xE1, + 0x73, 0x50, 0x5B, 0x9B, 0xD7, 0x21, 0x8F, 0x38, 0x31, 0x5B, 0x79, 0x1D, + 0xF8, 0x50, 0xE0, 0x87, 0xC1, 0x6B, 0xC4, 0x4D, 0x25, 0x6C, 0xB2, 0x0B, + 0x88, 0x51, 0xB9, 0xB0, 0xDF, 0xC2, 0x6C, 0xC6, 0x52, 0xB8, 0x88, 0xC0, + 0x25, 0x31, 0x99, 0x61, 0xCA, 0x0F, 0xCB, 0x63, 0x9A, 0x90, 0xE3, 0xB3, + 0x11, 0xFD, 0xAB, 0x1F, 0x4C, 0x6B, 0xC5, 0x5C, 0x86, 0x29, 0x4C, 0x84, + 0xC8, 0xE9, 0x5A, 0xCE, 0xE6, 0x3F, 0x79, 0xD2, 0xDC, 0x6A, 0xDD, 0x5F, + 0x42, 0x45, 0x62, 0xB9, 0xE7, 0x64, 0x88, 0x2F, 0x70, 0x45, 0x1E, 0x9E, + 0xCF, 0x9A, 0x4C, 0x2A, 0x3D, 0x1C, 0x6C, 0x2F, 0x94, 0x27, 0xD4, 0x2A, + 0xE5, 0x55, 0xA5, 0x73, 0xB8, 0x74, 0x29, 0x74, 0xD6, 0xF4, 0x6C, 0xB7, + 0x6C, 0x9D, 0x26, 0x6D, 0x2E, 0xBF, 0x99, 0xCA, 0xDD, 0xEB, 0x48, 0xAD, + 0x71, 0xB1, 0x1B, 0x1E, 0xFB, 0xDE, 0x19, 0xB8, 0x11, 0x61, 0x09, 0xA2, + 0x89, 0x66, 0xE3, 0xA6, 0x3D, 0x7F, 0xFE, 0xFF, 0xE8, 0x1B, 0xD3, 0x2D, + 0xEA, 0xA5, 0x86, 0xCF, 0x96, 0xDE, 0xDE, 0xC1, 0x17, 0x96, 0x77, 0x41 }, /* uint8_t * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16] */ { - 0x98, 0x56, 0x6B, 0x74, 0x7E, 0x42, 0xEA, 0x98, 0x9E, 0x78, 0x4F, 0x65, - 0xBD, 0x09, 0x1A, 0xD4, 0x1D, 0xFE, 0xEF, 0x0D, 0x5A, 0xFB, 0x5E, 0x83, - 0x9B, 0x0A, 0xFC, 0xBB, 0x4F, 0x25, 0xFA, 0x89, 0x5D, 0x9A, 0x0C, 0x84, - 0xBB, 0xED, 0x6B, 0x87, 0xDA, 0x20, 0x73, 0x6D, 0x1C, 0x5C, 0x81, 0x66, - 0x8A, 0x18, 0xAC, 0x4F, 0xC0, 0x15, 0x5C, 0x93, 0x10, 0x5D, 0xA3, 0xAE, - 0x2B, 0x2B, 0x82, 0xCE, 0x6E, 0x90, 0xC8, 0x48, 0xFB, 0xAC, 0xCC, 0xBE, - 0x70, 0xE7, 0x6C, 0x31, 0x50, 0x55, 0x78, 0xBB, 0x4F, 0xAF, 0xE0, 0x57, - 0x3D, 0x91, 0xCC, 0xB3, 0x80, 0x21, 0xA7, 0x4A, 0xEE, 0x5F, 0x9E, 0xB7, - 0x72, 0x11, 0x90, 0x6D, 0x46, 0x7A, 0xE8, 0xF1, 0xB1, 0xCA, 0xFA, 0x4A, - 0xA1, 0xBA, 0x1B, 0xEA, 0xD5, 0x8E, 0x02, 0xBF, 0x36, 0x65, 0xFC, 0x43, - 0x94, 0x19, 0x49, 0xF3, 0x76, 0xD7, 0x84, 0xE5, 0x48, 0x98, 0xD3, 0x74, - 0x3A, 0xB4, 0x93, 0xB6, 0x54, 0xB2, 0x4E, 0x60, 0x8F, 0x9A, 0xA3, 0x1C, - 0x13, 0x37, 0x90, 0x63, 0x31, 0x9A, 0x44, 0xA1, 0xA6, 0x78, 0x13, 0x61, - 0x6C, 0x3B, 0x7A, 0xB5, 0x49, 0xEF, 0xD7, 0x26, 0x04, 0xA5, 0x27, 0x73, - 0x0E, 0x1D, 0x35, 0x65, 0x4C, 0xD4, 0xC9, 0x43, 0x9F, 0x2B, 0x98, 0x0F, - 0xCA, 0x94, 0x72, 0xE5, 0x41, 0xCC, 0x5F, 0x69, 0xCD, 0x09, 0x27, 0xDF, - 0xDC, 0xA3, 0x33, 0x30, 0xFD, 0x9E, 0x66, 0xAE, 0xDA, 0x95, 0xFC, 0xC1, - 0x73, 0xCA, 0x5E, 0xB4, 0x18, 0xDF, 0xA3, 0xDD, 0xF5, 0x73, 0xA5, 0x9E, - 0x5C, 0x2E, 0x72, 0x85, 0xCE, 0x19, 0xCC, 0xF4, 0x7A, 0x02, 0x79, 0x7B, - 0x1F, 0xDF, 0xBE, 0x77, 0xA4, 0x94, 0x3E, 0x7D, 0x88, 0x2F, 0xF8, 0x2E, - 0xE9, 0x5D, 0x34, 0xEA, 0x57, 0x8F, 0xF9, 0xB1, 0x22, 0xC6, 0x55, 0xEA, - 0x60, 0xF8, 0xFE, 0xD6, 0x2C, 0x66, 0x49, 0xC1, 0x30, 0x3B, 0xA0, 0xD2, - 0x75, 0x26, 0x72, 0x26, 0x63, 0x90, 0x7B, 0x4A, 0x1D, 0x5A, 0x0F, 0xC5, - 0xC5, 0xA1, 0x41, 0x85, 0x46, 0x30, 0x89, 0xC9, 0x59, 0x47, 0x3A, 0xED, - 0x7A, 0xC8, 0x8A, 0x80, 0x78, 0x77, 0x1D, 0x01, 0xDA, 0x25, 0x2F, 0x9F, - 0x24, 0x75, 0x8D, 0x11, 0xE2, 0x71, 0xAE, 0xD6, 0xBB, 0x87, 0xFC, 0x8F, - 0x9F, 0x2C, 0xE4, 0xD7, 0xF0, 0x34, 0xA9, 0xC5, 0x38, 0xAF, 0xD4, 0xC7, - 0x2E, 0xE3, 0x67, 0x19, 0x81, 0xE0, 0x07, 0x22, 0x34, 0x63, 0x9D, 0xEE, - 0x1E, 0x25, 0xCD, 0x18, 0x94, 0xB4, 0x61, 0x99, 0x52, 0x9E, 0x72, 0x9A, - 0xF8, 0x39, 0x4C, 0xBD, 0x9C, 0xD5, 0x1B, 0x81, 0xFE, 0xC5, 0x32, 0x56, - 0x1F, 0x1F, 0x33, 0x11, 0x38, 0xE3, 0x1D, 0x44, 0x84, 0x0C, 0x45, 0x52, - 0x0C, 0xB3, 0x4E, 0x54, 0xDD, 0xB0, 0x43, 0x2C, 0xA2, 0x19, 0xFE, 0xE3, - 0x5F, 0x70, 0x72, 0x36, 0x35, 0x09, 0x8C, 0x34, 0x1A, 0xA0, 0x6B, 0xE8, - 0xEC, 0x10, 0x4F, 0x46, 0x4F, 0x40, 0xD2, 0x0A, 0xCC, 0xC5, 0xDD, 0xAC, - 0x64, 0xBC, 0x3D, 0x44, 0x91, 0x5D, 0x5C, 0x65, 0xF2, 0xFC, 0x12, 0xF2, - 0x15, 0xA9, 0x4F, 0x71, 0xEB, 0x41, 0x59, 0x49, 0x3B, 0xA1, 0x2C, 0x6A, - 0xAD, 0xA6, 0x88, 0x37, 0xB5, 0xE5, 0x0B, 0xF2, 0x74, 0x09, 0x5D, 0xBF, - 0x8A, 0x04, 0x9E, 0x74, 0x0C, 0xB4, 0xC8, 0xE1, 0xA4, 0xD9, 0x4B, 0x52, - 0xC8, 0xDB, 0x9D, 0xD0, 0xC5, 0x5A, 0xEE, 0x8F, 0xFE, 0xC3, 0x64, 0x55, - 0x68, 0x95, 0xFA, 0x0B, 0x8B, 0x7C, 0x01, 0x08, 0x3C, 0xEB, 0xA1, 0x32, - 0x15, 0xB4, 0x67, 0xBA, 0x52, 0x0F, 0xEA, 0x29, 0x57, 0xB5, 0xA0, 0x9D, - 0x58, 0xEE, 0xAB, 0xAF, 0xD6, 0xF1, 0x57, 0x25, 0x49, 0x21, 0x41, 0x56, - 0xFB, 0xAC, 0xD1, 0x00, 0xBD, 0xBD, 0x54, 0x85, 0x03, 0xF4, 0x98, 0x7E, - 0xE3, 0x73, 0x63, 0xE2, 0xC6, 0x43, 0xAD, 0xDD, 0xF6, 0xF0, 0x75, 0x2B + 0x7B, 0x9E, 0xC9, 0x21, 0x70, 0xDF, 0xC0, 0x9E, 0x06, 0x57, 0xB8, 0x44, + 0xD0, 0x95, 0x21, 0xD0, 0x37, 0xDC, 0xAE, 0x3A, 0xAF, 0xCD, 0x56, 0x51, + 0x3C, 0xEC, 0x82, 0xB1, 0xFE, 0xBF, 0x6E, 0x12, 0xE7, 0x79, 0x92, 0xF0, + 0x3F, 0x56, 0x8A, 0x46, 0x0E, 0x4D, 0x9D, 0xC9, 0x7D, 0xC9, 0x2D, 0xE9, + 0x07, 0x1C, 0x9A, 0x11, 0x2F, 0x92, 0x26, 0x40, 0xD7, 0x73, 0xC8, 0xB9, + 0xD0, 0xB8, 0x46, 0x42, 0x53, 0x23, 0x79, 0xBB, 0x3B, 0x97, 0x91, 0x11, + 0x70, 0x66, 0xB6, 0xF4, 0x7B, 0x2F, 0x65, 0x3C, 0xA0, 0xD0, 0x70, 0x58, + 0x3C, 0xA8, 0xD9, 0x79, 0x79, 0x14, 0x55, 0xA4, 0x73, 0xE3, 0x40, 0xBB, + 0xC7, 0x57, 0x5C, 0x30, 0x9C, 0xC5, 0xB5, 0x9D, 0x87, 0xFB, 0x6E, 0x66, + 0x9C, 0x77, 0xF8, 0x41, 0x75, 0x80, 0x30, 0x62, 0xD5, 0x20, 0xBA, 0xB4, + 0x5D, 0x33, 0x8F, 0xC1, 0x5F, 0x22, 0xF1, 0xD8, 0x09, 0x62, 0xA6, 0xE1, + 0x73, 0x50, 0x5B, 0x9B, 0xD7, 0x21, 0x8F, 0x38, 0x31, 0x5B, 0x79, 0x1D, + 0xF8, 0x50, 0xE0, 0x87, 0xC1, 0x6B, 0xC4, 0x4D, 0x25, 0x6C, 0xB2, 0x0B, + 0x88, 0x51, 0xB9, 0xB0, 0xDF, 0xC2, 0x6C, 0xC6, 0x52, 0xB8, 0x88, 0xC0, + 0x25, 0x31, 0x99, 0x61, 0xCA, 0x0F, 0xCB, 0x63, 0x9A, 0x90, 0xE3, 0xB3, + 0x11, 0xFD, 0xAB, 0x1F, 0x4C, 0x6B, 0xC5, 0x5C, 0x86, 0x29, 0x4C, 0x84, + 0xC8, 0xE9, 0x5A, 0xCE, 0xE6, 0x3F, 0x79, 0xD2, 0xDC, 0x6A, 0xDD, 0x5F, + 0x42, 0x45, 0x62, 0xB9, 0xE7, 0x64, 0x88, 0x2F, 0x70, 0x45, 0x1E, 0x9E, + 0xCF, 0x9A, 0x4C, 0x2A, 0x3D, 0x1C, 0x6C, 0x2F, 0x94, 0x27, 0xD4, 0x2A, + 0xE5, 0x55, 0xA5, 0x73, 0xB8, 0x74, 0x29, 0x74, 0xD6, 0xF4, 0x6C, 0xB7, + 0x6C, 0x9D, 0x26, 0x6D, 0x2E, 0xBF, 0x99, 0xCA, 0xDD, 0xEB, 0x48, 0xAD, + 0x71, 0xB1, 0x1B, 0x1E, 0x45, 0xE8, 0xE9, 0xF1, 0x1F, 0x8D, 0x7B, 0x7B, + 0xD5, 0xDE, 0xE0, 0x8B, 0x67, 0x64, 0x4D, 0x9F, 0x6E, 0xC5, 0xB3, 0x03, + 0xC6, 0x35, 0x93, 0xE9, 0xE1, 0xA5, 0xC4, 0x6B, 0xD9, 0x29, 0xA6, 0x86, + 0xBB, 0x4B, 0xD9, 0xA4, 0x82, 0x68, 0xAF, 0x1E, 0x57, 0x30, 0x8C, 0xC6, + 0x94, 0xCA, 0xE5, 0xAB, 0x9E, 0x11, 0x51, 0x22, 0xEC, 0x28, 0x63, 0xBD, + 0xAA, 0xE8, 0xE5, 0x27, 0x7B, 0x68, 0x6C, 0x94, 0x42, 0xBA, 0x05, 0xEA, + 0x68, 0x5F, 0x18, 0xE9, 0x64, 0x23, 0x07, 0x11, 0xE4, 0x7B, 0x37, 0x77, + 0xFC, 0x35, 0xBC, 0xFC, 0x06, 0x2E, 0x7F, 0x15, 0xB8, 0xE1, 0x07, 0x42, + 0x04, 0xD2, 0x4A, 0xD5, 0x43, 0xE1, 0x49, 0x7C, 0x43, 0x49, 0x80, 0x3A, + 0x86, 0xE0, 0x10, 0x98, 0x77, 0xF2, 0x55, 0xC9, 0x21, 0x24, 0x6D, 0x01, + 0x36, 0xC5, 0x1F, 0xB8, 0x2D, 0x5B, 0x62, 0x99, 0x15, 0x74, 0x19, 0x44, + 0x82, 0xC1, 0x09, 0x16, 0x1B, 0xF1, 0x7E, 0xFD, 0xC5, 0xFD, 0x6C, 0x20, + 0xC3, 0x35, 0x8D, 0x46, 0xE3, 0x98, 0xCF, 0xE7, 0x6F, 0xC7, 0xD7, 0x71, + 0xCC, 0x95, 0x23, 0x60, 0xE7, 0x9E, 0x19, 0xD1, 0xA1, 0x0F, 0xDD, 0xFF, + 0x6B, 0x79, 0x12, 0x06, 0xB6, 0x12, 0x28, 0x42, 0x20, 0x16, 0x1C, 0xA4, + 0x0B, 0x94, 0x7D, 0xF5, 0xE3, 0x73, 0x62, 0x7B, 0x3B, 0x6B, 0xB7, 0xEC, + 0xCF, 0xAF, 0xF9, 0x8E, 0x09, 0x84, 0x50, 0x25, 0xF6, 0x2C, 0x1F, 0x7E, + 0x58, 0xE2, 0x5F, 0x06, 0x6D, 0xBB, 0x49, 0x9F, 0x29, 0x0A, 0x77, 0x95, + 0xF2, 0x02, 0xA6, 0x10, 0xC6, 0x3C, 0x12, 0xC5, 0xD3, 0xA2, 0x73, 0x0A, + 0x88, 0x86, 0x1D, 0xD7, 0x12, 0xF7, 0x49, 0x25, 0xFC, 0x81, 0x9F, 0xF6, + 0x2D, 0xF8, 0xB4, 0xE9, 0xE7, 0xC5, 0x3D, 0x40, 0x73, 0x6C, 0xFD, 0xE7, + 0xDA, 0x42, 0x34, 0xDB, 0x88, 0x72, 0x9E, 0xAE, 0x22, 0x68, 0x5B, 0xB1, + 0x68, 0xF7, 0xF7, 0x2A, 0xD6, 0x6A, 0x02, 0x07, 0x5F, 0x8F, 0xD7, 0xE9 }, /* uint8_t * encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16]; */ { - 0xAD, 0x59, 0x2A, 0x12, 0xAA, 0xA8, 0x34, 0x30, 0xD4, 0xC9, 0xA1, 0x5A, - 0xD2, 0xD8, 0xF8, 0x99, 0xA0, 0x26, 0x87, 0x27, 0x90, 0x39, 0x00, 0xEA, - 0x64, 0x8F, 0x70, 0xF8, 0x1A, 0xA7, 0x44, 0xC8, 0xE6, 0x66, 0xCB, 0xF6, - 0x8B, 0x00, 0xC7, 0x86, 0x2B, 0x14, 0x98, 0xDB, 0x03, 0xE8, 0xD5, 0x02, - 0xB8, 0x02, 0x6D, 0x73, 0x66, 0x19, 0x94, 0x83, 0xC4, 0xB9, 0x57, 0x3D, - 0xFE, 0xA7, 0x19, 0xAC, 0xBC, 0xE3, 0x75, 0x40, 0xC2, 0x48, 0x5E, 0xEF, - 0x1E, 0x9E, 0xCC, 0xE2, 0xAC, 0xE6, 0xC8, 0x08 + 0xF2, 0x01, 0x30, 0xFE, 0x9F, 0xC6, 0x8F, 0x18, 0x81, 0xD9, 0xFF, 0xB9, + 0x8F, 0xF3, 0x93, 0x7E, 0xBA, 0x5C, 0x12, 0xA1, 0x7F, 0x39, 0x85, 0x3E, + 0xB0, 0xE7, 0x3E, 0xC7, 0xEF, 0x48, 0xA7, 0x75, 0x7B, 0x24, 0x16, 0x63, + 0x7B, 0x8D, 0x13, 0x5B, 0xCA, 0xC9, 0xF7, 0xB1, 0xC7, 0x46, 0xCE, 0xBB, + 0xB9, 0xEE, 0x89, 0xAE, 0x90, 0xDF, 0x74, 0xF1, 0x2B, 0x61, 0x41, 0x2B, + 0xF9, 0x5D, 0x41, 0x14, 0x92, 0x9E, 0xBC, 0x9D, 0xFE, 0x0D, 0x9A, 0x72, + 0x5A, 0x52, 0x3F, 0xE1, 0xFA, 0xED, 0x40, 0x47 }, /* uint8_t * encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16]; */ { - 0x8D, 0xC9, 0x32, 0xEB, 0x73, 0xE6, 0xA3, 0x3C, 0x9E, 0x43, 0x02, 0x3C, - 0x7E, 0x17, 0x69, 0x93, 0xAA, 0x66, 0xF1, 0x4A, 0x38, 0x28, 0x01, 0x11, - 0xDD, 0x07, 0xFA, 0x58, 0x1F, 0xA5, 0x69, 0xD2, 0x9F, 0x18, 0x2A, 0x79, - 0x5F, 0xAF, 0x10, 0xB7, 0x06, 0x74, 0x54, 0x0A, 0xBC, 0x6E, 0xFD, 0x67 + 0x49, 0x3E, 0xC8, 0x9B, 0xB0, 0x04, 0xAE, 0x16, 0x98, 0xB2, 0x57, 0x70, + 0x8D, 0x40, 0x6B, 0xAC, 0x59, 0xDD, 0x09, 0xB8, 0xCC, 0x10, 0xDE, 0xBE, + 0x4F, 0xD4, 0x9E, 0x6B, 0xB4, 0x03, 0x85, 0x95, 0x73, 0xA7, 0x48, 0x6D, + 0x08, 0xD8, 0x71, 0xD7, 0xDA, 0x50, 0x2F, 0x18, 0x48, 0x3D, 0xBF, 0x02 }, }; From 41cf8c090bb3bad71f6e6ba5ec17cc89c5143130 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 10 Jul 2024 16:07:43 -0700 Subject: [PATCH 08/12] Fix compiler issues with unused variable and printf. --- wolfcrypt/src/port/Renesas/renesas_common.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index ff5947a9a5..cecb4797d9 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -441,10 +441,13 @@ int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated) #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_usable(ssl, session_key_generated); #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\ - defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) ret = wc_fspsm_usable(ssl, session_key_generated); #endif + (void)ssl; + (void)session_key_generated; + return ret; } @@ -492,7 +495,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx) || ssl == NULL #endif ) { - printf("Invalid devId\n"); + WOLFSSL_MSG("Invalid devId\n"); return INVALID_DEVID; } /* need exclusive control because of static variable */ From 2b4acf5027a165e93e53858035e62c017011c706 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 15 Jul 2024 10:10:38 -0700 Subject: [PATCH 09/12] Revert built-in `wc_GenerateSeed` support for RX TSIP removed in #6851. --- wolfcrypt/src/random.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 89c7411c9e..76bfabea59 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -110,7 +110,7 @@ This library contains implementation for the random number generator. #include #include #elif defined(WOLFSSL_XILINX_CRYPT_VERSAL) -#include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h" + #include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h" #elif defined(NO_DEV_RANDOM) #elif defined(CUSTOM_RAND_GENERATE) #elif defined(CUSTOM_RAND_GENERATE_BLOCK) @@ -126,6 +126,9 @@ This library contains implementation for the random number generator. #elif defined(WOLFSSL_PB) #elif defined(WOLFSSL_ZEPHYR) #elif defined(WOLFSSL_TELIT_M2MB) +#elif defined(WOLFSSL_RENESAS_TSIP) + /* for wc_tsip_GenerateRandBlock */ + #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG) #elif defined(WOLFSSL_IMXRT1170_CAAM) #elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL) @@ -3652,6 +3655,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } +#elif defined(WOLFSSL_RENESAS_TSIP) + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + (void)os; + return wc_tsip_GenerateRandBlock(output, sz); + } + #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG) #include "hal_data.h" From bbd8fdfc389c78de7b7fd5620fe0ff7f2fdaa4e4 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 16 Jul 2024 17:47:05 -0700 Subject: [PATCH 10/12] Cleanup Renesas RX default devId and improve logic for overflow check. --- wolfcrypt/src/port/Renesas/renesas_common.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index cecb4797d9..621af470f9 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -55,8 +55,10 @@ #include #include +#define INITIAL_DEVID 7890 + uint32_t g_CAscm_Idx = (uint32_t)-1; /* index of CM table */ -static int gdevId = 7890; /* initial dev Id for Crypt Callback */ +static int gdevId = INITIAL_DEVID; /* initial dev Id for Crypt Callback */ #ifdef WOLF_CRYPTO_CB /* store callback ctx by devId */ @@ -460,8 +462,8 @@ int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated) */ WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId) { - if (devId >= 7890 && devId <= (MAX_FSPSM_CBINDEX + 7890)) - return gCbCtx[devId - 7890]; + if (devId >= INITIAL_DEVID && devId <= (MAX_FSPSM_CBINDEX + INITIAL_DEVID)) + return gCbCtx[devId - INITIAL_DEVID]; else return NULL; } @@ -500,6 +502,10 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx) } /* need exclusive control because of static variable */ if ((cmn_hw_lock()) == 0) { + /* sanity check for overflow */ + if (gdevId < 0) { + gdevId = INITIAL_DEVID; + } cbInfo->devId = gdevId++; cmn_hw_unlock(); } @@ -521,12 +527,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx) if (ssl) wolfSSL_SetDevId(ssl, cbInfo->devId); #endif - /* sanity check for overflow */ - if (gdevId < 0) { - gdevId = 7890; - } - gCbCtx[cbInfo->devId - 7890] = (void*)cbInfo; + gCbCtx[cbInfo->devId - INITIAL_DEVID] = (void*)cbInfo; return cbInfo->devId; } From 945a24e5b461252ca0e58057a91638e313936bb0 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 19 Jul 2024 06:41:17 +0900 Subject: [PATCH 11/12] fix compile error --- .../Simple/test/src/client/simple_tls_tsip_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c index 560c05a483..62c426ca08 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c @@ -265,11 +265,11 @@ void wolfSSL_TLS_client( ) /* DER format ECC private key */ if (ret == 0) { - err = wolfSSL_use_PrivateKey_buffer(ssl, + ret = wolfSSL_use_PrivateKey_buffer(ssl, ecc_clikey_der_256, sizeof_ecc_clikey_der_256, WOLFSSL_FILETYPE_ASN1); - if (err != SSL_SUCCESS) { + if (ret != SSL_SUCCESS) { printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n", wolfSSL_get_error(ssl, 0)); ret = -1; From 4eab0f1231365b264dfab819bcbba814552f3606 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 18 Jul 2024 16:45:27 -0700 Subject: [PATCH 12/12] Fix hard coded values in TSIP ECC verify. Fix issues with tab indentation and spelling. --- .../wolfssl/include/user_settings.h | 4 +-- .../wolfssl/include/user_settings.h | 4 +-- .../wolfssl/include/user_settings.h | 4 +-- .../wolfssl/include/user_settings.h | 4 +-- IDE/GCC-ARM/Header/user_settings.h | 6 ++--- IDE/HEXAGON/user_settings.h | 26 +++++++++---------- IDE/M68K/README.md | 2 +- IDE/MCUEXPRESSO/RT1170/user_settings.h | 22 ++++++++-------- IDE/MCUEXPRESSO/user_settings.h | 26 +++++++++---------- IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h | 2 +- IDE/MSVS-2019-AZSPHERE/user_settings.h | 12 ++++----- .../EnvisionKit/wolfssl_demo/user_settings.h | 2 +- IDE/STM32Cube/wolfssl_example.h | 2 +- IDE/VS-AZURE-SPHERE/user_settings.h | 12 ++++----- IDE/iotsafe/devices.h | 10 +++---- mqx/wolfssl_client/Sources/main.h | 8 +++--- .../src/port/Renesas/renesas_tsip_util.c | 21 ++++++++++----- .../port/Renesas/renesas-fspsm-types.h | 4 +-- .../port/Renesas/renesas-tsip-crypt.h | 8 +++--- 19 files changed, 94 insertions(+), 85 deletions(-) diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h index e0e0d61495..1a13d10fe8 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h @@ -584,7 +584,7 @@ Turn on timer debugging (used when CPU cycles not available) #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) - /* Be sure to include in app when using example certs: */ + /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_2048 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 @@ -605,7 +605,7 @@ Turn on timer debugging (used when CPU cycles not available) #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) - /* Be sure to include in app when using example certs: */ + /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_1024 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h index 5862894ee4..1c30597da9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h @@ -705,7 +705,7 @@ Turn on timer debugging (used when CPU cycles not available) #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) - /* Be sure to include in app when using example certs: */ + /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_2048 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 @@ -726,7 +726,7 @@ Turn on timer debugging (used when CPU cycles not available) #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) - /* Be sure to include in app when using example certs: */ + /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_1024 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h index 9109e6f706..380da3e691 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h @@ -132,7 +132,7 @@ #define WOLFSSL_SHA384 #if defined(CONFIG_IDF_TARGET_ESP8266) - /* Some known low-memory devices have features not enabled by default. */ + /* Some known low-memory devices have features not enabled by default. */ #else /* when you want to use SHA512 */ #define WOLFSSL_SHA512 @@ -140,7 +140,7 @@ /* when you want to use SHA3 */ #define WOLFSSL_SHA3 - /* ED25519 requires SHA512 */ + /* ED25519 requires SHA512 */ #define HAVE_ED25519 #define HAVE_ECC diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h index 59709233f2..9cf87e8fdb 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h @@ -705,7 +705,7 @@ Turn on timer debugging (used when CPU cycles not available) #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) - /* Be sure to include in app when using example certs: */ + /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_2048 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 @@ -726,7 +726,7 @@ Turn on timer debugging (used when CPU cycles not available) #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) - /* Be sure to include in app when using example certs: */ + /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_1024 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 diff --git a/IDE/GCC-ARM/Header/user_settings.h b/IDE/GCC-ARM/Header/user_settings.h index f1f8fd6d11..111b040bba 100644 --- a/IDE/GCC-ARM/Header/user_settings.h +++ b/IDE/GCC-ARM/Header/user_settings.h @@ -250,10 +250,10 @@ extern "C" { /* AES */ #undef NO_AES #if 1 - #undef HAVE_AES_CBC - #define HAVE_AES_CBC + #undef HAVE_AES_CBC + #define HAVE_AES_CBC - #undef HAVE_AESGCM + #undef HAVE_AESGCM #define HAVE_AESGCM /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ diff --git a/IDE/HEXAGON/user_settings.h b/IDE/HEXAGON/user_settings.h index 1897e883c4..5643e759db 100644 --- a/IDE/HEXAGON/user_settings.h +++ b/IDE/HEXAGON/user_settings.h @@ -13,25 +13,25 @@ #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #ifdef HAVE_ECC - #define ECC_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT #endif #ifndef NO_RSA - #define WC_RSA_BLINDING + #define WC_RSA_BLINDING #endif #if 1 - #define WOLFSSL_HAVE_SP_RSA - #define WOLFSSL_HAVE_SP_ECC - #define WOLFSSL_SP_MATH + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH - #if 1 - /* ARM NEON instructions */ - #define WOLFSSL_SP_ARM64_ASM - #endif - #if 1 - /* Use DSP */ - #define WOLFSSL_DSP - #endif + #if 1 + /* ARM NEON instructions */ + #define WOLFSSL_SP_ARM64_ASM + #endif + #if 1 + /* Use DSP */ + #define WOLFSSL_DSP + #endif #endif #endif diff --git a/IDE/M68K/README.md b/IDE/M68K/README.md index 2fe43b67ac..64eaad8b5d 100644 --- a/IDE/M68K/README.md +++ b/IDE/M68K/README.md @@ -34,7 +34,7 @@ BUILD_C RSA 2048 public 7.619 ops/sec RSA 2048 private 0.276 ops/sec -###Building testwolfcryt/benchmark +###Building testwolfcrypt/benchmark To build either testwolfcrypt or benchmark first build wolfssl.a, place it in $(NBROOT)/lib and then cd into the respective directory. Running "make" will then create a .s19 application that can be ran on the board. diff --git a/IDE/MCUEXPRESSO/RT1170/user_settings.h b/IDE/MCUEXPRESSO/RT1170/user_settings.h index f620b1cc9f..f89e398664 100644 --- a/IDE/MCUEXPRESSO/RT1170/user_settings.h +++ b/IDE/MCUEXPRESSO/RT1170/user_settings.h @@ -53,7 +53,7 @@ /* using the RTC */ //#define NO_ASN_TIME #ifndef NO_ASN_TIME - #define FREESCALE_SNVS_RTC + #define FREESCALE_SNVS_RTC #endif #define NO_CRYPT_TEST @@ -64,19 +64,19 @@ #include static void myPrintf(const char* fmt, ...) { - int ret; - char line[150]; - va_list ap; + int ret; + char line[150]; + va_list ap; - va_start(ap, fmt); - ret = vsnprintf(line, sizeof(line), fmt, ap); - line[sizeof(line)-1] = '\0'; + va_start(ap, fmt); + ret = vsnprintf(line, sizeof(line), fmt, ap); + line[sizeof(line)-1] = '\0'; - DbgConsole_Printf("%s", line); + DbgConsole_Printf("%s", line); - /* add CR on newlines */ - if (ret > 0 && line[ret-1] == '\n') { - DbgConsole_Printf("\r"); + /* add CR on newlines */ + if (ret > 0 && line[ret-1] == '\n') { + DbgConsole_Printf("\r"); } } #define XPRINTF myPrintf diff --git a/IDE/MCUEXPRESSO/user_settings.h b/IDE/MCUEXPRESSO/user_settings.h index 77e137852f..2317a5c13c 100644 --- a/IDE/MCUEXPRESSO/user_settings.h +++ b/IDE/MCUEXPRESSO/user_settings.h @@ -40,19 +40,19 @@ #include static void myPrintf(const char* fmt, ...) { - int ret; - char line[150]; - va_list ap; + int ret; + char line[150]; + va_list ap; - va_start(ap, fmt); - ret = vsnprintf(line, sizeof(line), fmt, ap); - line[sizeof(line)-1] = '\0'; + va_start(ap, fmt); + ret = vsnprintf(line, sizeof(line), fmt, ap); + line[sizeof(line)-1] = '\0'; - DbgConsole_Printf("%s", line); + DbgConsole_Printf("%s", line); - /* add CR on newlines */ - if (ret > 0 && line[ret-1] == '\n') { - DbgConsole_Printf("\r"); + /* add CR on newlines */ + if (ret > 0 && line[ret-1] == '\n') { + DbgConsole_Printf("\r"); } } #define XPRINTF myPrintf @@ -70,9 +70,9 @@ #define USE_FAST_MATH #ifdef USE_FAST_MATH /* big enough for even 4096 bit RSA key */ - #define FP_MAX_BITS 8192 - #define TFM_TIMING_RESISTANT - #define ECC_TIMING_RESISTANT + #define FP_MAX_BITS 8192 + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT #define ALT_ECC_SIZE #endif diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h index 6e3464ba6e..0d726bd9df 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h @@ -78,7 +78,7 @@ typedef int socklen_t ; #define tcp_listen wolfssl_tcp_listen #define tcp_select wolfssl_tcp_select -extern int wolfssl_connect(int sd, const struct sockaddr* sa, int sz) ; +extern int wolfssl_connect(int sd, const struct sockaddr* sa, int sz) ; extern int wolfssl_accept(int sd, struct sockaddr*addr, socklen_t *addrlen); extern int wolfssl_recv(int sd, void *buf, size_t len, int flags); extern int wolfssl_send(int sd, const void *buf, size_t len, int flags); diff --git a/IDE/MSVS-2019-AZSPHERE/user_settings.h b/IDE/MSVS-2019-AZSPHERE/user_settings.h index 0dc2354b50..17050c212e 100644 --- a/IDE/MSVS-2019-AZSPHERE/user_settings.h +++ b/IDE/MSVS-2019-AZSPHERE/user_settings.h @@ -31,9 +31,9 @@ #ifndef SERVER_IP #define SERVER_IP "192.168.1.200" /* Local Test Server IP */ #endif - #ifndef DEFAULT_PORT - #define DEFAULT_PORT 11111 - #endif + #ifndef DEFAULT_PORT + #define DEFAULT_PORT 11111 + #endif #define CERT ca_cert_der_2048 #define SIZEOF_CERT sizeof_ca_cert_der_2048 static const char msg[] = "Are you listening wolfSSL Server?"; @@ -41,9 +41,9 @@ #ifndef SERVER_IP #define SERVER_IP "www.wolfssl.com" #endif - #ifndef DEFAULT_PORT - #define DEFAULT_PORT 443 - #endif + #ifndef DEFAULT_PORT + #define DEFAULT_PORT 443 + #endif #define CERT wolfssl_website_root_ca #define SIZEOF_CERT sizeof_wolfssl_website_root_ca static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n"; diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h index d066db1c31..c99a05a2c7 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h @@ -245,7 +245,7 @@ */ #define WOLFSSL_RENESAS_TSIP_TLS - #if !defined(NO_RENESAS_TSIP_CRYPT) + #if !defined(NO_RENESAS_TSIP_CRYPT) #define HAVE_PK_CALLBACKS #define WOLF_CRYPTO_CB #if defined(WOLFSSL_RENESAS_TSIP_TLS) diff --git a/IDE/STM32Cube/wolfssl_example.h b/IDE/STM32Cube/wolfssl_example.h index 5720511f30..1de06404a5 100644 --- a/IDE/STM32Cube/wolfssl_example.h +++ b/IDE/STM32Cube/wolfssl_example.h @@ -27,7 +27,7 @@ #endif #ifndef WOLFSSL_USER_SETTINGS - #include + #include #endif #include #include diff --git a/IDE/VS-AZURE-SPHERE/user_settings.h b/IDE/VS-AZURE-SPHERE/user_settings.h index 91de4d2513..a55c0b0915 100644 --- a/IDE/VS-AZURE-SPHERE/user_settings.h +++ b/IDE/VS-AZURE-SPHERE/user_settings.h @@ -7,9 +7,9 @@ #ifndef SERVER_IP #define SERVER_IP "192.168.1.200" /* Local Test Server IP */ #endif - #ifndef DEFAULT_PORT - #define DEFAULT_PORT 11111 - #endif + #ifndef DEFAULT_PORT + #define DEFAULT_PORT 11111 + #endif #define CERT ca_cert_der_2048 #define SIZEOF_CERT sizeof_ca_cert_der_2048 static const char msg[] = "Are you listening wolfSSL Server?"; @@ -17,9 +17,9 @@ #ifndef SERVER_IP #define SERVER_IP "www.wolfssl.com" #endif - #ifndef DEFAULT_PORT - #define DEFAULT_PORT 443 - #endif + #ifndef DEFAULT_PORT + #define DEFAULT_PORT 443 + #endif #define CERT wolfssl_website_root_ca #define SIZEOF_CERT sizeof_wolfssl_website_root_ca static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n"; diff --git a/IDE/iotsafe/devices.h b/IDE/iotsafe/devices.h index f19ae3b8ad..a4eefcf238 100644 --- a/IDE/iotsafe/devices.h +++ b/IDE/iotsafe/devices.h @@ -95,8 +95,8 @@ #define FLASH_ACR_LATENCY_MASK (0x03) /* RCC: Periph enable flags */ -#define USART1_APB2_CLOCK_ER_VAL (1 << 14) -#define USART2_APB1_CLOCK_ER_VAL (1 << 17) +#define USART1_APB2_CLOCK_ER_VAL (1 << 14) +#define USART2_APB1_CLOCK_ER_VAL (1 << 17) #define PWR_APB1_CLOCK_ER_VAL (1 << 28) #define GPIOA_AHB2_CLOCK_ER_VAL (1 << 0) #define GPIOB_AHB2_CLOCK_ER_VAL (1 << 1) @@ -208,11 +208,11 @@ #define SYSTICK_CALIB (*(volatile uint32_t *)(SYSTICK_BASE + 0x0C)) -/* STMod+ connector pinout +/* STMod+ connector pinout * * Connector STM32L4 * pins pins - * + * * 1 11 PG11 PH2 * 2 12 PB6 PB2 * 3 13 PG10 PA4 @@ -243,7 +243,7 @@ void stmod_modem_disable(void); /* inline functions for GPIO */ static inline void gpio_set(uint32_t port, uint32_t pin) { - GPIO_BSSR(port) |= (1 << pin); + GPIO_BSSR(port) |= (1 << pin); } static inline void gpio_clear(uint32_t port, uint32_t pin) diff --git a/mqx/wolfssl_client/Sources/main.h b/mqx/wolfssl_client/Sources/main.h index 1740ddcb49..beb1fdfa9e 100644 --- a/mqx/wolfssl_client/Sources/main.h +++ b/mqx/wolfssl_client/Sources/main.h @@ -15,7 +15,7 @@ #include -#define MAIN_TASK 1 +#define MAIN_TASK 1 extern void Main_task(uint32_t); extern void setup_ethernet(void); @@ -34,10 +34,10 @@ static inline void err_sys(const char* msg) _mqx_exit(1); } -/* PPP device must be set manually and +/* PPP device must be set manually and * must be different from the default IO channel (BSP_DEFAULT_IO_CHANNEL) */ -#define PPP_DEVICE "ittyb:" +#define PPP_DEVICE "ittyb:" /* * Define PPP_DEVICE_DUN only when using PPP to communicate @@ -54,7 +54,7 @@ static inline void err_sys(const char* msg) #define ENET_IPMASK IPADDR(255,255,255,0) #endif -#define GATE_IPADDR IPADDR(192,168,1,1) +#define GATE_IPADDR IPADDR(192,168,1,1) #endif /* __main_h_ */ diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index 7286f6cb05..ec09164b99 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -2672,6 +2672,7 @@ WOLFSSL_LOCAL int tsip_Open(void) if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("RENESAS TSIP Open failed"); } + #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) { @@ -2698,11 +2699,13 @@ WOLFSSL_LOCAL int tsip_Open(void) if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_(Re)Open: NG"); } - /* init vars */ + + /* init vars */ g_CAscm_Idx = (uint32_t)-1; } } #endif + #elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106) ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2); @@ -2732,7 +2735,8 @@ WOLFSSL_LOCAL int tsip_Open(void) if (ret != TSIP_SUCCESS) { WOLFSSL_MSG("R_TSIP_(Re)Open failed"); } - /* init vars */ + + /* init vars */ g_CAscm_Idx = (uint32_t)-1; } } @@ -4037,7 +4041,7 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) tsip_ecdsa_byte_data_t hashData, sigData; /* hard coding largest digest size, since WC_MAX_DIGEST_SZ could be 32 * if using SHA2-256 with ECDSA SECP384R1 */ - uint8_t hash[48]; + uint8_t hash[TSIP_MAX_ECC_BYTES]; WOLFSSL_ENTER("tsip_VerifyEcdsa"); @@ -4053,6 +4057,7 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) } if (ret == 0) { + int curveSz = info->pk.eccverify.key->dp->size; hashData.pdata = (uint8_t*)hash; hashData.data_type = tuc->keyflgs_crypt.bits.message_type; sigData.pdata = (uint8_t*)info->pk.eccverify.sig; @@ -4063,8 +4068,9 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) #if !defined(NO_ECC256) case TSIP_KEY_TYPE_ECDSAP256: /* zero pad or truncate */ - hashData.data_length = tsip_HashPad(32, hash, - info->pk.eccverify.hash, info->pk.eccverify.hashlen); + hashData.data_length = tsip_HashPad(curveSz, + hash, info->pk.eccverify.hash, + info->pk.eccverify.hashlen); err = R_TSIP_EcdsaP256SignatureVerification(&sigData, &hashData, &tuc->eccpub_keyIdx); @@ -4081,8 +4087,9 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc) #if defined(HAVE_ECC384) case TSIP_KEY_TYPE_ECDSAP384: /* zero pad or truncate */ - hashData.data_length = tsip_HashPad(48, hash, - info->pk.eccverify.hash, info->pk.eccverify.hashlen); + hashData.data_length = tsip_HashPad(curveSz, + hash, info->pk.eccverify.hash, + info->pk.eccverify.hashlen); err = R_TSIP_EcdsaP384SignatureVerification(&sigData, &hashData, &tuc->eccpub_keyIdx); diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h index b110343f1b..8172d1beb8 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h @@ -31,7 +31,7 @@ #define FSPSM_W_KEYVAR renesas_sce_wrappedkey #define FSPSM_tls_flg_ST sce_keyflgs_tls - #define FSPSM_key_flg_ST sce_keyflgs_cryt + #define FSPSM_key_flg_ST sce_keyflgs_crypt #define FSPSM_tag_ST tagUser_SCEPKCbInfo #define FSPSM_ST User_SCEPKCbInfo #define FSPSM_ST_PKC SCE_PKCbInfo @@ -171,7 +171,7 @@ /* structure, type so on */ #define FSPSM_W_KEYVAR renesas_rsip_wrappedkey #define FSPSM_tls_flg_ST rsip_keyflgs_tls - #define FSPSM_key_flg_ST rsip_keyflgs_cryt + #define FSPSM_key_flg_ST rsip_keyflgs_crypt #define FSPSM_tag_ST tagUser_RSIPPKCbInfo #define FSPSM_ST User_RSIPPKCbInfo #define FSPSM_ST_PKC RSIP_PKCbInfo diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index c5584cb8bc..24addc7851 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -59,7 +59,7 @@ extern "C" { typedef enum { WOLFSSL_TSIP_NOERROR = 0, WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff, -}wolfssl_tsip_error_number; +} wolfssl_tsip_error_number; typedef enum { tsip_Key_SESSION = 1, @@ -92,6 +92,8 @@ enum { TSIP_TLS_VERIFY_DATA_WD_SZ = 8, TSIP_TLS_MAX_SIGDATA_SZ = 130, TSIP_TEMP_WORK_SIZE = 128, + + TSIP_MAX_ECC_BYTES = 48, }; typedef enum { @@ -133,7 +135,7 @@ typedef struct MsgBag #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY /* flags Crypt Only */ -struct tsip_keyflgs_cryt { +struct tsip_keyflgs_crypt { uint32_t aes256_key_set:1; uint32_t aes128_key_set:1; uint32_t rsapri2048_key_set:1; @@ -319,7 +321,7 @@ typedef struct TsipUserCtx { /* flags shows status if tsip keys are installed */ union { uint32_t chr; - struct tsip_keyflgs_cryt bits; + struct tsip_keyflgs_crypt bits; } keyflgs_crypt; #endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */