WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix hard coded values in TSIP ECC verify. Fix issues with tab indentation and spelling.

pull/7685/head
David Garske 2024-07-18 16:45:27 -07:00
parent 945a24e5b4
commit 4eab0f1231
19 changed files with 94 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
IDE/M68K/README.md
View File

@ -34,7 +34,7 @@ BUILD_C
RSA 2048 public 7.619 ops/sec RSA 2048 public 7.619 ops/sec
RSA 2048 private 0.276 ops/sec RSA 2048 private 0.276 ops/sec
###Building testwolfcryt/benchmark ###Building testwolfcrypt/benchmark
To build either testwolfcrypt or benchmark first build wolfssl.a, place it in To build either testwolfcrypt or benchmark first build wolfssl.a, place it in
$(NBROOT)/lib and then cd into the respective directory. Running "make" will $(NBROOT)/lib and then cd into the respective directory. Running "make" will
then create a .s19 application that can be ran on the board. then create a .s19 application that can be ran on the board.

17
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@ -2672,6 +2672,7 @@ WOLFSSL_LOCAL int tsip_Open(void)
if (ret != TSIP_SUCCESS) { if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("RENESAS TSIP Open failed"); WOLFSSL_MSG("RENESAS TSIP Open failed");
} }
#if defined(WOLFSSL_RENESAS_TSIP_TLS) #if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) { if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
@ -2698,11 +2699,13 @@ WOLFSSL_LOCAL int tsip_Open(void)
if (ret != TSIP_SUCCESS) { if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_(Re)Open: NG"); WOLFSSL_MSG("R_TSIP_(Re)Open: NG");
} }
/* init vars */ /* init vars */
g_CAscm_Idx = (uint32_t)-1; g_CAscm_Idx = (uint32_t)-1;
} }
} }
#endif #endif
#elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106) #elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106)
ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2); ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
@ -2732,6 +2735,7 @@ WOLFSSL_LOCAL int tsip_Open(void)
if (ret != TSIP_SUCCESS) { if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_(Re)Open failed"); WOLFSSL_MSG("R_TSIP_(Re)Open failed");
} }
/* init vars */ /* init vars */
g_CAscm_Idx = (uint32_t)-1; g_CAscm_Idx = (uint32_t)-1;
} }
@ -4037,7 +4041,7 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
tsip_ecdsa_byte_data_t hashData, sigData; tsip_ecdsa_byte_data_t hashData, sigData;
/* hard coding largest digest size, since WC_MAX_DIGEST_SZ could be 32 /* hard coding largest digest size, since WC_MAX_DIGEST_SZ could be 32
* if using SHA2-256 with ECDSA SECP384R1 */ * if using SHA2-256 with ECDSA SECP384R1 */
uint8_t hash[48]; uint8_t hash[TSIP_MAX_ECC_BYTES];
WOLFSSL_ENTER("tsip_VerifyEcdsa"); WOLFSSL_ENTER("tsip_VerifyEcdsa");
@ -4053,6 +4057,7 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
} }
if (ret == 0) { if (ret == 0) {
int curveSz = info->pk.eccverify.key->dp->size;
hashData.pdata = (uint8_t*)hash; hashData.pdata = (uint8_t*)hash;
hashData.data_type = tuc->keyflgs_crypt.bits.message_type; hashData.data_type = tuc->keyflgs_crypt.bits.message_type;
sigData.pdata = (uint8_t*)info->pk.eccverify.sig; sigData.pdata = (uint8_t*)info->pk.eccverify.sig;
@ -4063,8 +4068,9 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
#if !defined(NO_ECC256) #if !defined(NO_ECC256)
case TSIP_KEY_TYPE_ECDSAP256: case TSIP_KEY_TYPE_ECDSAP256:
/* zero pad or truncate */ /* zero pad or truncate */
hashData.data_length = tsip_HashPad(32, hash, hashData.data_length = tsip_HashPad(curveSz,
info->pk.eccverify.hash, info->pk.eccverify.hashlen); hash, info->pk.eccverify.hash,
info->pk.eccverify.hashlen);
err = R_TSIP_EcdsaP256SignatureVerification(&sigData, err = R_TSIP_EcdsaP256SignatureVerification(&sigData,
&hashData, &tuc->eccpub_keyIdx); &hashData, &tuc->eccpub_keyIdx);
@ -4081,8 +4087,9 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
#if defined(HAVE_ECC384) #if defined(HAVE_ECC384)
case TSIP_KEY_TYPE_ECDSAP384: case TSIP_KEY_TYPE_ECDSAP384:
/* zero pad or truncate */ /* zero pad or truncate */
hashData.data_length = tsip_HashPad(48, hash, hashData.data_length = tsip_HashPad(curveSz,
info->pk.eccverify.hash, info->pk.eccverify.hashlen); hash, info->pk.eccverify.hash,
info->pk.eccverify.hashlen);
err = R_TSIP_EcdsaP384SignatureVerification(&sigData, err = R_TSIP_EcdsaP384SignatureVerification(&sigData,
&hashData, &tuc->eccpub_keyIdx); &hashData, &tuc->eccpub_keyIdx);

4
wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
View File

@ -31,7 +31,7 @@
#define FSPSM_W_KEYVAR renesas_sce_wrappedkey #define FSPSM_W_KEYVAR renesas_sce_wrappedkey
#define FSPSM_tls_flg_ST sce_keyflgs_tls #define FSPSM_tls_flg_ST sce_keyflgs_tls
#define FSPSM_key_flg_ST sce_keyflgs_cryt #define FSPSM_key_flg_ST sce_keyflgs_crypt
#define FSPSM_tag_ST tagUser_SCEPKCbInfo #define FSPSM_tag_ST tagUser_SCEPKCbInfo
#define FSPSM_ST User_SCEPKCbInfo #define FSPSM_ST User_SCEPKCbInfo
#define FSPSM_ST_PKC SCE_PKCbInfo #define FSPSM_ST_PKC SCE_PKCbInfo
@ -171,7 +171,7 @@
/* structure, type so on */ /* structure, type so on */
#define FSPSM_W_KEYVAR renesas_rsip_wrappedkey #define FSPSM_W_KEYVAR renesas_rsip_wrappedkey
#define FSPSM_tls_flg_ST rsip_keyflgs_tls #define FSPSM_tls_flg_ST rsip_keyflgs_tls
#define FSPSM_key_flg_ST rsip_keyflgs_cryt #define FSPSM_key_flg_ST rsip_keyflgs_crypt
#define FSPSM_tag_ST tagUser_RSIPPKCbInfo #define FSPSM_tag_ST tagUser_RSIPPKCbInfo
#define FSPSM_ST User_RSIPPKCbInfo #define FSPSM_ST User_RSIPPKCbInfo
#define FSPSM_ST_PKC RSIP_PKCbInfo #define FSPSM_ST_PKC RSIP_PKCbInfo

8
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -59,7 +59,7 @@ extern "C" {
typedef enum { typedef enum {
WOLFSSL_TSIP_NOERROR = 0, WOLFSSL_TSIP_NOERROR = 0,
WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff, WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff,
}wolfssl_tsip_error_number; } wolfssl_tsip_error_number;
typedef enum { typedef enum {
tsip_Key_SESSION = 1, tsip_Key_SESSION = 1,
@ -92,6 +92,8 @@ enum {
TSIP_TLS_VERIFY_DATA_WD_SZ = 8, TSIP_TLS_VERIFY_DATA_WD_SZ = 8,
TSIP_TLS_MAX_SIGDATA_SZ = 130, TSIP_TLS_MAX_SIGDATA_SZ = 130,
TSIP_TEMP_WORK_SIZE = 128, TSIP_TEMP_WORK_SIZE = 128,
TSIP_MAX_ECC_BYTES = 48,
}; };
typedef enum { typedef enum {
@ -133,7 +135,7 @@ typedef struct MsgBag
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
/* flags Crypt Only */ /* flags Crypt Only */
struct tsip_keyflgs_cryt { struct tsip_keyflgs_crypt {
uint32_t aes256_key_set:1; uint32_t aes256_key_set:1;
uint32_t aes128_key_set:1; uint32_t aes128_key_set:1;
uint32_t rsapri2048_key_set:1; uint32_t rsapri2048_key_set:1;
@ -319,7 +321,7 @@ typedef struct TsipUserCtx {
/* flags shows status if tsip keys are installed */ /* flags shows status if tsip keys are installed */
union { union {
uint32_t chr; uint32_t chr;
struct tsip_keyflgs_cryt bits; struct tsip_keyflgs_crypt bits;
} keyflgs_crypt; } keyflgs_crypt;
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ #endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */