WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #8854 from dgarske/renesas_rx_tsip_aesctr 

Added Renesas RX TSIP AES CTR support
pull/8927/merge
Daniel Pouzzner 2025-06-25 22:20:03 -05:00 committed by GitHub
parent 6bfd2632db 41591e7eb9
commit 6fb1c54c29
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
13 changed files with 553 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.wolfssl_known_macro_extras
View File

@ -519,6 +519,10 @@ TIF_NEED_FPU_LOAD
TIME_T_NOT_LONG
TI_DUMMY_BUILD
TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
TSIP_AES_128_CTR
TSIP_AES_256_CTR
TSIP_ECDSA_P256
TSIP_ECDSA_P384
TSIP_RSAES_1024
TSIP_RSAES_2048
TSIP_RSASSA_1024

4
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
View File

@ -31,7 +31,8 @@
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#endif
#define SIMPLE_TLSSEVER_IP "192.168.11.5"
#if defined(SIMPLE_TLS_TSIP_CLIENT) || defined(SIMPLE_TLS_CLIENT)
#define SIMPLE_TLSSEVER_IP "192.168.11.11"
#define SIMPLE_TLSSERVER_PORT "11111"
ER t4_tcp_callback(ID cepid, FN fncd , VP p_parblk);
@ -360,3 +361,4 @@ void wolfSSL_TLS_client( )
return;
}
#endif /* SIMPLE_TSIP TLS_CLIENT || SIMPLE_TLS_CLIENT */

3
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c
View File

@ -27,6 +27,8 @@
#include "wolfssl/certs_test.h"
#include <wolfssl_simple_demo.h>
#if defined(SIMPLE_TLS_SERVER)
static WOLFSSL_CTX *server_ctx;
static int my_IORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx)
@ -192,3 +194,4 @@ out:
tcp_sht_cep(cepid);
tcp_cls_cep(cepid, TMO_FEVR);
}
#endif

6
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
View File

@ -11,7 +11,7 @@
</toolchain>
</configuration>
<platform id="R5F572NNHxFB"/>
<option id="board" value="EnvisionKitRX72N (V1.12)"/>
<option id="board" value="EnvisionKitRX72N (V1.14)"/>
</general>
<tool id="Clock">
<option enabled="true" id="vccinput" selection="textinputitem">
@ -1166,8 +1166,8 @@
<gridItem id="TSIP_MD5" selectedIndex="1"/>
<gridItem id="TSIP_SHA_1_HMAC" selectedIndex="1"/>
<gridItem id="TSIP_SHA_256_HMAC" selectedIndex="1"/>
<gridItem id="TSIP_RSAES_1024" selectedIndex="0"/>
<gridItem id="TSIP_RSAES_2048" selectedIndex="0"/>
<gridItem id="TSIP_RSAES_1024" selectedIndex="1"/>
<gridItem id="TSIP_RSAES_2048" selectedIndex="1"/>
<gridItem id="TSIP_RSAES_3072" selectedIndex="0"/>
<gridItem id="TSIP_RSAES_4096" selectedIndex="0"/>
<gridItem id="TSIP_RSASSA_1024" selectedIndex="1"/>

2
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
View File

@ -103,6 +103,8 @@
#define HAVE_AESGCM
#define HAVE_AESCCM
#define HAVE_AES_CBC
#define WOLFSSL_AES_DIRECT
#define WOLFSSL_AES_COUNTER
#define WOLFSSL_SHA512
#define HAVE_SUPPORTED_CURVES

326
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
View File

@ -191,6 +191,322 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
return ret;
}
#if defined(WOLFSSL_AES_COUNTER)
#if (defined(TSIP_AES_128_CTR) && TSIP_AES_128_CTR == 1) &&\
(defined(WOLFSSL_AES_128))
static int tsip_aes128_ctr_test(int prnt, tsip_aes_key_index_t* aes_key)
{
int ret;
Aes *enc = NULL;
Aes *dec = NULL;
byte cipher[WC_AES_BLOCK_SIZE * 4];
byte plain [WC_AES_BLOCK_SIZE * 4];
/* test vectors from "Recommendation for Block Cipher Modes of
* Operation" NIST Special Publication 800-38A */
WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
{
0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128[] =
{
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] =
{
0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] =
{
0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128CipherLong[] =
{
0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f,
0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e
};
int i;
struct {
const byte* key;
int keySz;
const byte* iv;
const byte* plain;
int len;
const byte* cipher;
} testVec[] = {
{ ctr128Key, (int)sizeof(ctr128Key), ctrIv,
ctrPlain, (int)sizeof(ctrPlain), ctr128Cipher },
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
ctrPlain, (int)sizeof(ctr128Wrap128CipherLong),
ctr128Wrap128CipherLong },
};
int AES_CTR_TEST_LEN = (int)(sizeof(testVec) / sizeof(*testVec));
if (prnt)
printf(" tsip_aes128_ctr_test() ");
enc = wc_AesNew(NULL, INVALID_DEVID, &ret);
if (enc == NULL){
ret = -1;
goto out;
}
dec = wc_AesNew(NULL, INVALID_DEVID, &ret);
if (dec == NULL){
ret = -2;
goto out;
}
/* test failure cases - null */
ret = wc_tsip_AesCtr(NULL, NULL, NULL, 1);
if (ret != BAD_FUNC_ARG) {
ret = -8; goto out;
}
/* test failure cases - size, but no buffer */
ret = wc_tsip_AesCtr(enc, NULL, NULL, 1);
if (ret != BAD_FUNC_ARG) {
ret = -9; goto out;
}
/* test failure cases - non block aligned */
ret = wc_tsip_AesCtr(enc, plain, cipher, 15);
if (ret != BAD_FUNC_ARG) {
ret = -10; goto out;
}
for (i = 0; i < AES_CTR_TEST_LEN; i++) {
if (testVec[i].key != NULL) {
ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz,
testVec[i].iv, AES_ENCRYPTION);
if (ret != 0) {
ret = -3;
goto out;
} else {
/* set TSIP Aes key */
XMEMCPY(&enc->ctx.tsip_keyIdx, aes_key,
sizeof(tsip_aes_key_index_t));
enc->ctx.keySize = enc->keylen;
}
/* Ctr only uses encrypt, even on key setup */
ret = wc_AesSetKeyDirect(dec, testVec[i].key, (word32)testVec[i].keySz,
testVec[i].iv, AES_ENCRYPTION);
if (ret != 0) {
ret = -4;
goto out;
} else {
XMEMCPY(&dec->ctx.tsip_keyIdx, aes_key,
sizeof(tsip_aes_key_index_t));
dec->ctx.keySize = dec->keylen;
}
}
ret = wc_tsip_AesCtr(enc, cipher, testVec[i].plain, (word32)testVec[i].len);
if (ret != 0) {
ret = -5;
goto out;
}
ret = wc_tsip_AesCtr(dec, plain, cipher, (word32)testVec[i].len);
if (ret != 0) {
ret = -6;
goto out;
}
if (XMEMCMP(plain, ctrPlain, (size_t)testVec[i].len)) {
ret = -7;
goto out;
}
}
out:
wc_AesDelete(enc, &enc);
wc_AesDelete(dec, &dec);
return ret;
}
#endif /* WOLFSSL_AES_128 */
#if (defined(TSIP_AES_256_CTR) && TSIP_AES_256_CTR == 1) &&\
(defined(WOLFSSL_AES_256))
static int tsip_aes256_ctr_test(int prnt, tsip_aes_key_index_t* aes_key)
{
int ret;
Aes *enc = NULL;
Aes *dec = NULL;
byte cipher[WC_AES_BLOCK_SIZE * 4];
byte plain [WC_AES_BLOCK_SIZE * 4];
/* test vectors from "Recommendation for Block Cipher Modes of
* Operation" NIST Special Publication 800-38A */
WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
{
0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128[] =
{
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
{
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
{
0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28,
0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a,
0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5,
0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c,
0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d,
0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,
0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128CipherLong[] =
{
0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a,
0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05
};
int i;
struct {
const byte* key;
int keySz;
const byte* iv;
const byte* plain;
int len;
const byte* cipher;
} testVec[] = {
{ ctr256Key, (int)sizeof(ctr256Key), ctrIv,
ctrPlain, (int)sizeof(ctrPlain), ctr256Cipher },
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
ctrPlain, (int)sizeof(ctr256Wrap128CipherLong),
ctr256Wrap128CipherLong },
};
int AES_CTR_TEST_LEN = (int)(sizeof(testVec) / sizeof(*testVec));
if (prnt)
printf(" tsip_aes256_ctr_test() ");
enc = wc_AesNew(NULL, INVALID_DEVID, &ret);
if (enc == NULL){
ret = -1;
goto out;
}
dec = wc_AesNew(NULL, INVALID_DEVID, &ret);
if (dec == NULL){
ret = -2;
goto out;
}
/* test failure cases - null */
ret = wc_tsip_AesCtr(NULL, NULL, NULL, 1);
if (ret != BAD_FUNC_ARG) {
ret = -8; goto out;
}
/* test failure cases - size, but no buffer */
ret = wc_tsip_AesCtr(enc, NULL, NULL, 1);
if (ret != BAD_FUNC_ARG) {
ret = -9; goto out;
}
/* test failure cases - non block aligned */
ret = wc_tsip_AesCtr(enc, plain, cipher, 15);
if (ret != BAD_FUNC_ARG) {
ret = -10; goto out;
}
for (i = 0; i < AES_CTR_TEST_LEN; i++) {
if (testVec[i].key != NULL) {
ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz,
testVec[i].iv, AES_ENCRYPTION);
if (ret != 0) {
ret = -3;
goto out;
} else {
/* set TSIP Aes key */
XMEMCPY(&enc->ctx.tsip_keyIdx, aes_key,
sizeof(tsip_aes_key_index_t));
enc->ctx.keySize = enc->keylen;
}
/* Ctr only uses encrypt, even on key setup */
ret = wc_AesSetKeyDirect(dec, testVec[i].key, (word32)testVec[i].keySz,
testVec[i].iv, AES_ENCRYPTION);
if (ret != 0) {
ret = -4;
goto out;
} else {
/* set TSIP Aes key */
XMEMCPY(&dec->ctx.tsip_keyIdx, aes_key,
sizeof(tsip_aes_key_index_t));
dec->ctx.keySize = enc->keylen;
}
}
ret = wc_tsip_AesCtr(enc, cipher, testVec[i].plain, (word32)testVec[i].len);
if (ret != 0) {
ret = -5;
goto out;
}
ret = wc_tsip_AesCtr(dec, plain, cipher, (word32)testVec[i].len);
if (ret != 0) {
ret = -6;
goto out;
}
if (XMEMCMP(plain, ctrPlain, (size_t)testVec[i].len)) {
ret = -7;
goto out;
}
}
out:
wc_AesDelete(enc, &enc);
wc_AesDelete(dec, &dec);
return ret;
}
#endif /* WOLFSSL_AES_256 */
#endif /* TSIP_AES_256_CTR && WOLFSSL_AES_COUNTER */
#ifdef FREERTOS
static void tskAes128_Cbc_Test(void *pvParam)
{
@ -1250,7 +1566,17 @@ int tsip_crypt_test(void)
}
#endif
#ifdef WOLFSSL_AES_COUNTER
if (ret == 0) {
ret = tsip_aes128_ctr_test(1, &g_user_aes128_key_index1);
RESULT_STR(ret)
}
if (ret == 0) {
ret = tsip_aes256_ctr_test(1, &g_user_aes256_key_index1);
RESULT_STR(ret)
}
#endif
#if defined(WOLFSSL_KEY_GEN) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)

8
wolfcrypt/src/cryptocb.c
View File

@ -577,6 +577,7 @@ int wc_CryptoCb_RsaGetSize(const RsaKey* key, int* keySize)
#endif /* !NO_RSA */
#ifdef HAVE_ECC
#ifdef HAVE_ECC_DHE
int wc_CryptoCb_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId)
{
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
@ -629,7 +630,9 @@ int wc_CryptoCb_Ecdh(ecc_key* private_key, ecc_key* public_key,
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif
#ifdef HAVE_ECC_SIGN
int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out,
word32 *outlen, WC_RNG* rng, ecc_key* key)
{
@ -658,7 +661,9 @@ int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out,
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif
#ifdef HAVE_ECC_VERIFY
int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen,
const byte* hash, word32 hashlen, int* res, ecc_key* key)
{
@ -687,7 +692,9 @@ int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen,
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif
#ifdef HAVE_ECC_CHECK_KEY
int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey,
word32 pubKeySz)
{
@ -713,6 +720,7 @@ int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey,
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif
#endif /* HAVE_ECC */
#ifdef HAVE_CURVE25519

7
wolfcrypt/src/ecc.c
View File

@ -5395,6 +5395,7 @@ static WC_INLINE void wc_ecc_reset(ecc_key* key)
key->state = ECC_STATE_NONE;
}
/* create the public ECC key from a private key
*
* key an initialized private key to generate public part from
@ -5680,7 +5681,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
#endif
key->flags = (byte)flags;
#ifdef WOLF_CRYPTO_CB
#if defined(WOLF_CRYPTO_CB) && defined(HAVE_ECC_DHE)
#ifndef WOLF_CRYPTO_CB_FIND
if (key->devId != INVALID_DEVID)
#endif
@ -10263,7 +10264,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
* (!WOLFSSL_SP_MATH && WOLFSSL_VALIDATE_ECC_IMPORT) */
#if (FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_ECC_KEYGEN)) && \
!defined(WOLFSSL_KCAPI_ECC)
!defined(WOLFSSL_KCAPI_ECC) && defined(HAVE_ECC_DHE)
/* check privkey generator helper, creates prime needed */
static int ecc_check_privkey_gen_helper(ecc_key* key)
@ -10378,7 +10379,7 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
return err;
}
#endif /* (FIPS v5 or later || WOLFSSL_VALIDATE_ECC_KEYGEN) && \
!WOLFSSL_KCAPI_ECC */
!WOLFSSL_KCAPI_ECC && HAVE_ECC_DHE */
#ifndef WOLFSSL_SP_MATH
/* validate order * pubkey = point at infinity, 0 on success */

121
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@ -36,7 +36,9 @@
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#include <wolfssl/internal.h>
#endif
#include <wolfssl/wolfcrypt/aes.h>
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#ifdef NO_INLINE
@ -381,24 +383,25 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
#if (WOLFSSL_RENESAS_TSIP_VER >= 109)
#ifdef WOLF_CRYPTO_CB
WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
void* ctx)
int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
{
int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
WOLFSSL_ENTER("wc_tsip_AesCipher");
if (info == NULL || ctx == NULL)
if (info == NULL) {
return BAD_FUNC_ARG;
}
(void)devIdArg;
if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES) || !defined(NO_DES3)
#if !defined(NO_AES)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo->session_key_set == 1
&& cbInfo != NULL && cbInfo->session_key_set == 1
#endif
) {
@ -433,10 +436,26 @@ WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
}
}
#endif /* HAVE_AESGCM */
#ifdef WOLFSSL_AES_COUNTER
if (info->cipher.type == WC_CIPHER_AES_CTR
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo != NULL && cbInfo->session_key_set == 1
#endif
) {
/* encrypt and decrypt use same routine */
ret = wc_tsip_AesCtr(
info->cipher.aesctr.aes,
(byte*)info->cipher.aesctr.out,
(byte*)info->cipher.aesctr.in,
info->cipher.aesctr.sz);
}
#endif /* WOLFSSL_AES_COUNTER */
#ifdef HAVE_AES_CBC
if (info->cipher.type == WC_CIPHER_AES_CBC
#ifdef WOLFSSL_RENESAS_TSIP_TLS
&& cbInfo->session_key_set == 1
&& cbInfo != NULL && cbInfo->session_key_set == 1
#endif
) {
@ -457,17 +476,17 @@ WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
}
}
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */
#endif /* !NO_AES */
}
(void)cbInfo;
WOLFSSL_LEAVE("wc_tsip_AesCipher", ret);
return ret;
}
#endif /* WOLF_CRYPTO_CB */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 109 */
#ifdef HAVE_AES_CBC
int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
{
tsip_aes_handle_t _handle;
@ -584,6 +603,85 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
tsip_hw_unlock();
return ret;
}
#endif /* HAVE_AES_CBC */
#ifdef WOLFSSL_AES_COUNTER
/* API only supports even blocks (16 byte) */
/* Use the public wc_AesCtrEncrypt with crypto callbacks to handle odd remain */
int wc_tsip_AesCtr(struct Aes* aes, byte* out, const byte* in, word32 sz)
{
tsip_aes_handle_t _handle;
int ret;
int blocks = (int)(sz / WC_AES_BLOCK_SIZE);
int remain = (int)(sz % WC_AES_BLOCK_SIZE);
byte *iv;
if (aes == NULL || in == NULL || out == NULL || sz == 0 || remain != 0) {
return BAD_FUNC_ARG;
}
if ((ret = tsip_hw_lock()) != 0) {
WOLFSSL_MSG("Failed to lock");
return ret;
}
/* while doing TLS handshake, TSIP driver keeps true-key and iv *
* on the device. iv is dummy */
iv = (uint8_t*)aes->reg;
if (aes->ctx.keySize == 16) {
#if defined(TSIP_AES_128_CTR) && TSIP_AES_128_CTR == 1
ret = R_TSIP_Aes128CtrInit(&_handle, &aes->ctx.tsip_keyIdx, iv);
if (ret == TSIP_SUCCESS) {
ret = R_TSIP_Aes128CtrUpdate(&_handle, (uint8_t*)in,
(uint8_t*)out, blocks * WC_AES_BLOCK_SIZE);
if (ret == TSIP_SUCCESS) {
ret = R_TSIP_Aes128CtrFinal(&_handle);
}
}
#else
ret = NOT_COMPILED_IN;
#endif
}
if (aes->ctx.keySize == 32) {
#if defined(TSIP_AES_256_CTR) && TSIP_AES_256_CTR == 1
ret = R_TSIP_Aes256CtrInit(&_handle, &aes->ctx.tsip_keyIdx, iv);
if (ret == TSIP_SUCCESS) {
ret = R_TSIP_Aes256CtrUpdate(&_handle, (uint8_t*)in,
(uint8_t*)out, blocks * WC_AES_BLOCK_SIZE);
if (ret == TSIP_SUCCESS) {
ret = R_TSIP_Aes256CtrFinal(&_handle);
}
}
#else
ret = NOT_COMPILED_IN;
#endif
}
if (ret == TSIP_SUCCESS) {
/* increment IV counter */
while (blocks--) {
/* in network byte order so start at end and work back */
int i;
for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
if (++iv[i]) /* we're done unless we overflow */
break;
}
}
}
else {
WOLFSSL_ERROR(ret);
WOLFSSL_MSG("TSIP AES CTR failed");
ret = -1;
}
tsip_hw_unlock();
return ret;
}
#endif /* WOLFSSL_AES_COUNTER */
#ifdef HAVE_AESGCM
/*
* Encrypt plain data then output encrypted data and authentication tag data.
* The session key used for encryption is generated inside this function and
@ -644,7 +742,7 @@ int wc_tsip_AesGcmEncrypt(
if (aes->ctx.keySize != 16 && aes->ctx.keySize != 32) {
WOLFSSL_MSG("illegal key size");
WOLFSSL_LEAVE("wc_tsip_AesGcmEncrypt", BAD_FUNC_ARG);
return BAD_FUNC_ARG;
return BAD_FUNC_ARG;
}
if (aes->ctx.keySize == 16) {
@ -975,6 +1073,7 @@ int wc_tsip_AesGcmDecrypt(
WOLFSSL_LEAVE("wc_tsip_AesGcmDecrypt", ret);
return ret;
}
#endif /* HAVE_AESGCM */
#endif /* WOLFSSL_RENESAS_TSIP_TLS) || WOLFSSL_RENESAS_TSIP_CRYPTONLY
&& NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES */
#endif /* NO_AES */

12
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@ -72,8 +72,10 @@ extern uint32_t s_flash[];
extern uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE];
#endif
#ifndef SINGLE_THREADED
wolfSSL_Mutex tsip_mutex;
static int tsip_CryptHwMutexInit_ = 0;
#endif
static tsip_key_data g_user_key_info;
struct WOLFSSL_HEAP_HINT* tsip_heap_hint = NULL;
@ -2476,6 +2478,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
tuc->keyflgs_crypt.bits.eccpub_key_set = 0;
#endif
if (keyType == TSIP_KEY_TYPE_ECDSAP256) {
#if defined(TSIP_ECDSA_P256) && TSIP_ECDSA_P256 == 1
err = R_TSIP_GenerateEccP256PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
@ -2484,8 +2487,12 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
&tuc->eccpub_keyIdx
#endif
);
#else
err = NOT_COMPILED_IN;
#endif
}
else if (keyType == TSIP_KEY_TYPE_ECDSAP384) {
#if defined(TSIP_ECDSA_P384) && TSIP_ECDSA_P384 == 1
err = R_TSIP_GenerateEccP384PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
@ -2494,6 +2501,9 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
&tuc->eccpub_keyIdx
#endif
);
#else
err = NOT_COMPILED_IN;
#endif
}
if (err == TSIP_SUCCESS) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
@ -2619,6 +2629,7 @@ int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated)
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#ifndef SINGLE_THREADED
/*
* lock hw engine.
* this should be called before using engine.
@ -2654,6 +2665,7 @@ void tsip_hw_unlock(void)
{
tsip_CryptHwMutexUnLock(&tsip_mutex);
}
#endif
/* open TSIP driver
* return 0 on success.

76
wolfcrypt/test/test.c
View File

@ -59474,7 +59474,6 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
{
wc_test_ret_t ret = 0;
#if defined(HAVE_ECC)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key* key = (ecc_key *)XMALLOC(sizeof *key,
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@ -59482,21 +59481,19 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte* out = (byte*)XMALLOC(sizeof(byte),
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef OPENSSL_EXTRA
byte* check = (byte*)XMALLOC(sizeof(byte)*(256), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
byte* check = (byte*)XMALLOC(256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#else
ecc_key key[1];
#ifdef HAVE_ECC_DHE
ecc_key pub[1];
byte out[256];
#ifdef OPENSSL_EXTRA
unsigned char check[256];
#endif
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
byte check[256];
#endif
#endif
#ifdef OPENSSL_EXTRA
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
WOLFSSL_EVP_PKEY* privKey = NULL;
WOLFSSL_EVP_PKEY* pubKey = NULL;
#ifdef USE_CERT_BUFFERS_256
@ -59535,17 +59532,22 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
0x94,0x1d,0x7a,0x66,0xf8,0xd1,0x1d,0xcf,0xb0,0x48,
0xef,0x8c,0x94,0x6f,0xdd,0x62,
};
#endif
#endif
#ifdef HAVE_ECC_DHE
WC_RNG rng;
#endif
EncryptedInfo encInfo;
int keyFormat = 0;
#ifdef USE_CERT_BUFFERS_256
word32 keyIdx = 0;
#endif
#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
byte in[] = "Everyone gets Friday off. ecc p";
word32 inLen = (word32)XSTRLEN((char*)in);
byte out[256];
word32 outLen;
int verify;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key == NULL || pub == NULL) {
@ -59556,7 +59558,8 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
/* wc_CryptoCb_MakeEccKey cb test, , no actual testing */
/* wc_CryptoCb_MakeEccKey cb test, no actual testing */
#ifdef HAVE_ECC_DHE
ctx->exampleVar = 99;
ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
if (ret != 0)
@ -59568,7 +59571,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
} else
/* reset return code */
ret = 0;
#endif
#ifdef USE_CERT_BUFFERS_256
if (ret == 0) {
/* load ECC private key and perform private transform */
@ -59577,6 +59580,9 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
}
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
#endif
#ifdef HAVE_ECC_SIGN
/* wc_CryptoCb_EccSign cb test, no actual testing */
ctx->exampleVar = 99;
if (ret == 0) {
@ -59594,6 +59600,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
else
ret = 0;
#ifdef HAVE_ECC_VERIFY
/* wc_CryptoCb_EccVerify cb test, no actual testing */
ctx->exampleVar = 99;
if (ret == 0) {
@ -59611,7 +59618,10 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
}
else
ret = 0;
#endif /* HAVE_ECC_VERIFY */
#endif /* HAVE_ECC_SIGN */
#ifdef HAVE_ECC_DHE
/* wc_CryptoCb_Ecdh cb test, no actual testing */
/* make public key for shared secret */
@ -59633,9 +59643,9 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
else
ret = 0;
#endif /* HAVE_ECC_DHE */
#ifdef OPENSSL_EXTRA
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
(void)pkey;
cp = ecc_clikey_der_256;
privKey = d2i_PrivateKey(WC_EVP_PKEY_EC, NULL, &cp,
@ -59696,7 +59706,6 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
}
/* verify */
wolfSSL_EVP_MD_CTX_init(&mdCtx);
if (ret == WOLFSSL_SUCCESS) {
@ -59732,24 +59741,11 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
} else
ret = 0;
#endif
#else
(void)verify;
(void)outLen;
(void)inLen;
(void)out;
(void)pub;
#ifdef OPENSSL_EXTRA
(void)privKey;
(void)pubKey;
(void)mdCtx;
(void)check;
(void)checkSz;
(void)p;
#endif
#endif
#endif /* !WOLFCRYPT_ONLY && OPENSSL_EXTRA */
(void)keyFormat;
(void)encInfo;
(void)ctx;
exit_onlycb:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@ -59759,14 +59755,14 @@ exit_onlycb:
}
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef OPENSSL_EXTRA
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
if (check) {
FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
#else
wc_ecc_free(key);
#ifdef OPENSSL_EXTRA
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
if (privKey)
wolfSSL_EVP_PKEY_free(privKey);
if (pubKey)
@ -59901,6 +59897,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#endif /* !NO_RSA */
#ifdef HAVE_ECC
if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
#ifdef HAVE_ECC_DHE
/* set devId to invalid, so software is used */
info->pk.eckg.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
@ -59917,8 +59914,10 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
/* reset devId */
info->pk.eckg.key->devId = devIdArg;
#endif
}
else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
#ifdef HAVE_ECC_SIGN
/* set devId to invalid, so software is used */
info->pk.eccsign.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
@ -59937,8 +59936,10 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
/* reset devId */
info->pk.eccsign.key->devId = devIdArg;
#endif
}
else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
#ifdef HAVE_ECC_VERIFY
/* set devId to invalid, so software is used */
info->pk.eccverify.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
@ -59957,8 +59958,10 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
/* reset devId */
info->pk.eccverify.key->devId = devIdArg;
#endif
}
else if (info->pk.type == WC_PK_TYPE_ECDH) {
#ifdef HAVE_ECC_DHE
/* set devId to invalid, so software is used */
info->pk.ecdh.private_key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
@ -59976,6 +59979,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
/* reset devId */
info->pk.ecdh.private_key->devId = devIdArg;
#endif
}
#endif /* HAVE_ECC */
#ifdef HAVE_CURVE25519

10
wolfssl/wolfcrypt/cryptocb.h
View File

@ -176,6 +176,7 @@ typedef struct wc_CryptoInfo {
} rsa_get_size;
#endif
#ifdef HAVE_ECC
#ifdef HAVE_ECC_DHE
struct {
WC_RNG* rng;
int size;
@ -188,6 +189,8 @@ typedef struct wc_CryptoInfo {
byte* out;
word32* outlen;
} ecdh;
#endif
#ifdef HAVE_ECC_SIGN
struct {
const byte* in;
word32 inlen;
@ -196,6 +199,8 @@ typedef struct wc_CryptoInfo {
WC_RNG* rng;
ecc_key* key;
} eccsign;
#endif
#ifdef HAVE_ECC_VERIFY
struct {
const byte* sig;
word32 siglen;
@ -204,12 +209,15 @@ typedef struct wc_CryptoInfo {
int* res;
ecc_key* key;
} eccverify;
#endif
#ifdef HAVE_ECC_CHECK_KEY
struct {
ecc_key* key;
const byte* pubKey;
word32 pubKeySz;
} ecc_check;
#endif
#endif
#endif /* HAVE_ECC */
#ifdef HAVE_CURVE25519
struct {
WC_RNG* rng;

40
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -39,7 +39,7 @@
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/hash.h>
#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#include <wolfssl/ssl.h>
#endif
#ifdef WOLF_CRYPTO_CB
@ -573,21 +573,33 @@ WOLFSSL_API int wc_tsip_generateVerifyData(
const uint8_t* side,
const uint8_t* handshake_hash,
uint8_t* hashes);
#ifndef NO_AES
#ifdef HAVE_AES_CBC
WOLFSSL_API int wc_tsip_AesCbcEncrypt(
Aes* aes,
struct Aes* aes,
byte* out,
const byte* in,
word32 sz);
WOLFSSL_API int wc_tsip_AesCbcDecrypt(
Aes* aes,
struct Aes* aes,
byte* out,
const byte* in,
word32 sz);
#endif /* HAVE_AES_CBC */
#ifdef WOLFSSL_AES_COUNTER
WOLFSSL_API int wc_tsip_AesCtr(
struct Aes*,
byte* out,
const byte* in,
word32 sz);
#endif /* WOLFSSL_AES_COUNTER */
#ifdef HAVE_AESGCM
WOLFSSL_API int wc_tsip_AesGcmEncrypt(
Aes* aes, byte* out,
struct Aes* aes, byte* out,
const byte* in, word32 sz,
byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
@ -595,13 +607,15 @@ WOLFSSL_API int wc_tsip_AesGcmEncrypt(
void* ctx);
WOLFSSL_API int wc_tsip_AesGcmDecrypt(
Aes* aes, byte* out,
struct Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
#endif /* NO_AES */
#endif /* HAVE_AESGCM */
#endif /* !NO_AES */
WOLFSSL_API int wc_tsip_ShaXHmacVerify(
const struct WOLFSSL *ssl,
const byte* message,
@ -625,13 +639,17 @@ WOLFSSL_API int wc_tsip_Sha256HmacGenerate(
word32 sz,
byte* digest);
WOLFSSL_LOCAL int tsip_Open();
WOLFSSL_LOCAL int tsip_Open(void);
WOLFSSL_LOCAL void tsip_Close();
WOLFSSL_LOCAL void tsip_Close(void);
WOLFSSL_LOCAL int tsip_hw_lock();
WOLFSSL_LOCAL void tsip_hw_unlock( void );
#ifdef SINGLE_THREADED
#define tsip_hw_lock() 0
#define tsip_hw_unlock()
#else
WOLFSSL_LOCAL int tsip_hw_lock(void);
WOLFSSL_LOCAL void tsip_hw_unlock(void);
#endif
WOLFSSL_LOCAL int tsip_usable(const struct WOLFSSL *ssl,
uint8_t session_key_generated);