WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add support for TLS1.3

pull/5289/head
TakayukiMatsuo 2022-06-25 00:56:47 +09:00
parent acc9f3701a
commit ba19737627
32 changed files with 3657 additions and 281 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
View File

@ -31,7 +31,7 @@ This sample program uses the following hardware and software libraries. If a new
|Device|R5F565NEHxFP|
|IDE| Renesas e2Studio Version:2022-01 |
|Emulator| E1, E2 Emulator Lite |
|Toolchain|CCRX v3.03.00|
|Toolchain|CCRX v3.04.00|
|TSIP| TSIP v1.15|
<br>
@ -58,7 +58,7 @@ Note) As of April 2022, TIPS v1.15 does not seem to be able to be added as a FIT
There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below.
+ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/\<MCU>/\<borad-name-folder\>/)) where this README file exists.
+ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}) where this README file exists.
+ Four projects that can be imported are listed, but check only the three projects "smc", "test" and "wolfssl" and click the "Finish" button.
You should see the **smc**, **test**, and **wolfssl** 3 projects you imported into the project explorer.
@ -71,7 +71,7 @@ You will need to get the required FIT modules yourself. Follow the steps below t
1. Open the smc project in Project Explorer and double-click the **smc.scfg** file to open the Smart Configurator Perspective.
2. Select the "Components" tab on the software component settings pane. Then click the "Add Component" button at the top right of the pane. The software component selection dialog will pop up. Click "Download the latest version of FIT driver and middleware" at the bottom of the dialog to get the modules. You can check the dowmload destination folder by pressing "Basic settings...".
2. Select the "Components" tab on the software component settings pane. Then click the "Add Component" button at the top right of the pane. The software component selection dialog will pop up. Click "Download the latest version of FIT driver and middleware" at the bottom of the dialog to get the modules. You can check the download destination folder by pressing "Basic settings...".
3. The latest version of the TSIP component may not be automatically obtained due to the delay in Renesas' support by the method in step 2 above. In that case, you can download it manually from the Renesas website. Unzip the downloaded component and store the files contained in the FIT Modules folder in the download destination folder of step 2.
@ -135,11 +135,84 @@ Now that the test application is ready to build.
## 8. Running test application as TLS_Client
-----
<br>
### 8.1 Generate a server application
### 8.1 TLS version supported by the test application
<br>
If you use TSIP v1.15 or later, you can use the TLS1.3 protocol in addition to the existing TLS1.2. The following macro is defined to {board-name-folder}/common/user_settings.h.
<br><br>
```
#define WOLFSSL_TLS13
```
This definition sets it to use the TLS 1.3 protocol. If you use TLS1.2, comment out this macro definition and rebuild your test application.
<br>
### 8.2 Type of certificates to use
<br>
The test and server applications allow you to select the type of certificate (RootCA certificate, server certificate, client certificate) to use for TLS communication. You can select either an RSA certificate whose public key included in the certificate is an RSA public key or an ECDSA certificate containing an ECC public key. By default, the ECDSA certificate is used.
<br>
The following macro is defined to {board-name-folder}/common/user_settings.h by default. If you want to use the RSA certificates, comment out the above definition and rebuild the test application.
<br>
```
#define USE_ECC_CERT
```
<br>
### 8.3 Cipher suites
<br>
In the test application, the TLS version and certificate type determine the cipher suites used by the test application. The table below shows the cipher suites that can be used.
<br>
|Tls version |Certificate type|Cipher suites|
|:--|:--|:--|
|TLS1.3|RSA/ECDSA certificate| |
|||TLS_AES_128_GCM_SHA256|
|||TLS_AES_128_CCM_SHA256|
|TLS1.2|RSA certificate|
|||TLS_RSA_WITH_AES_128_CBC_SHA|
|||TLS_RSA_WITH_AES_256_CBC_SHA|
|||TLS_RSA_WITH_AES_128_CBC_SHA256|
|||TLS_RSA_WITH_AES_256_CBC_SHA256|
|||TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256|
|||TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|
||ECDSA certificate||
|||TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256|
|||TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256|
<br>
### 8.4 Build and run a server application
<br>
To operate as TLS_Client, an opposite application for TLS communication is required. A wolfSSL package provides a server sample application that you can use for this purpose. This program is generated by building wolfssl. You can build wolfSSL on Linux (including MacOS and WSL) with gcc installed or build using Visual Studio. The following introduces the build on WSL.
<br><br>
Configuration options need to be changed depending on the certificate type used.
#### 8.4.1 Configuration when using ECDSA certificates
<br>
```
$ cd {wolfssl-folder}
$ ./autogen.sh
$ ./configure --enable-ecc --enable-dsa --enable-aesccm CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVE_AES_CBC -DHAVE_DSA -DHAVE_ALL_CURVES -DHAVE_ECC -DNO_RSA"
$ make
```
Note: Do not forget to specify "-DNO_RSA"
```
$ cd <wolfssl-folder>
$ ./autogen.sh
@ -158,20 +231,45 @@ $ examples/server/server -b -d -i
```
<br>
For the test application, specify the IP address assigned to the server application.
#### 8.4.2 Configuration when using RSA certificates
Open wolf_client.c to specify ip address of the server in "#define SIMPLE_TLSSEVER_IP" like as:
<br>
```
-- <board-name-folder>/test/src/wolf_client.c --
$ cd {wolfssl-folder}
$ ./autogen.sh
$ ./configure --enable-ecc --enable-dsa --enable-aesccm CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVE_AES_CBC -DHAVE_DSA -DHAVE_ALL_CURVES -DHAVE_ECC"
$ make
```
<br>
#### 8.4.3 Run the server application
<br>
With the above build, {wolfssl-folder}/examples/server/server
is generated. This executable program acts as a server application. If you execute it with the following options, it will be in the standby state for connection from the test application. Specify "-v4" when using TLS1.3 as the TLS version to be used, and specify "-v3" when using TLS1.2.
<br> <br>
```
$ examples / server / server -b -v4 -i
```
<br>
For the test application, specify the IP address assigned to the server application.
Open {board-name-folder}/test/src/wolf_client.c to specify ip address of the server.
<br>
```
...
#define SIMPLE_TLSSEVER_IP 192.168.53.9
...
```
<br>
Save the file and rebuild the test application. When you run the test application, it makes a TLS connection with the opposite application, then exchanges a simple string and displays the following on the standard output.
Save the file and rebuild the test application. When you run the test application, it makes a TLS connection with the server application, then exchanges a simple string and displays the following on the standard output. The cipher suites displayed depends on the combination of TLS version and certificate type.
<br><br>
```
@ -195,41 +293,7 @@ Received: I hear you fa shizzle!
```
<br>
### 8.2 Change server certificate (change authentication method)
<br>
The above is an execution example when the server certificate presented by the server application contains the RSA public key (RSA authentication). TSIP can also handle cases where the server certificate contains an ECC public key (ECDSA authentication).
<br>
If you want to use a cipher suite that includes ECDSA, you will need to change the settings of the test application and rebuild. Open common/ user_settings.h, enable the USE_ECC_CERT definition and rebuild.
<br><br>
```
-- <board-name-folder>/common/user_settings.h --
#define USE_ECC_CERT
```
<br>
This definition causes the test application to use a RootCA certificate that can validate the server certificate containing the ECC public key presented by the server.
<br>
In addition, the opposite server application also needs to specify the server certificate and private key file containing the ECC public key as an option, and then execute it as shown below.
<br><br>
```
$ ./examples/server/server -b -d -i -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
```
<br>
The following is displayed as the execution result.
<br> <br>
```
cipher : ECDHE-ECDSA-AES128-SHA256
Received: I hear you fa shizzle!
cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Received: I hear you fa shizzle!
```
<br>
## 9. What you need to do to use the RootCA certificate prepared by the user
----
@ -241,3 +305,23 @@ If you want to use it for purposes beyond functional evaluation, you need to pre
3. The signature generated by the RootCA certificate with the private key in 2 above.
will become necessary. Please refer to the manual provided by Renesas for how to generate them.
<br>
## 10. Limitations
----
<br>
wolfSSL, which supports TSIPv1.15, has the following functional restrictions.
<br><br>
1. Handshake message packets exchanged with the server during the TLS handshake are stored in plaintext in memory. This is used to calculate the hash of handshake messages. The content will be deleted at the end of the session.
1. TLS1.2 does not support the client authentication function using TSIP.
Use wolfSSL_CTX_use_certificate_buffer or wolfSSL_CTX_use_certificate_chain_buffer_format to load the client certificate and wolfSSL_CTX_use_PrivateKey_buffer to load the private key. It is processed by software.
1. In TLS 1.3, the client authentication function using TSIP is supported only for ECDSA client certificates. In the case of RSA certificates, it will be processed by software.
1. In TLS1.3, among the server authentication functions using TSIP, "Certificate Verify" message is processed by software.
1. Session resumption and early data using TSIP are not supported.
The above limitations 1 through 4 are expected to be improved by TSIP from the next version onwards.

157
IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md
View File

@ -32,7 +32,7 @@ Renesas社製MCU RX65Nを搭載した評価ボードGR-ROSEをターゲットと
|Device|R5F565NEHxFP|
|IDE| Renesas e2Studio Version:2022-01 |
|エミュレーター| E1, E2エミュレーターLite |
|Toolchain|CCRX v3.03.00|
|Toolchain|CCRX v3.04.00|
|TSIP| TSIP v1.15|
<br>
@ -63,7 +63,7 @@ Renesas社製MCU RX65Nを搭載した評価ボードGR-ROSEをターゲットと
サンプルプログラムは新規作成する必要はありません。すでにプロジェクトファイルが用意されていますからIDEから以下の手順でプロジェクトをインポートしてください。
+ 1.e2studioの"ファイル"メニュー > "ファイル・システムからプロジェクトを開く..." > "ディレクトリ(R)..."インポート元ボタンを押して、プロジェクトのインポート元となるフォルダーを選択します。本READMEファイルが存在するフォルダ(Renesas/e2studio/\<MCU>/\<borad-name-folder\>/))を選択してください。
+ 1.e2studioの"ファイル"メニュー > "ファイル・システムからプロジェクトを開く..." > "ディレクトリ(R)..."インポート元ボタンを押して、プロジェクトのインポート元となるフォルダーを選択します。本READMEファイルが存在するフォルダ(Renesas/e2studio/{MCU}/{board-name-folder})を選択してください。
+ インポートできるプロジェクトが4つリストアップされますが、"smc", "test" と"wolfssl"の3プロジェクトにのみチェックを入れて”終了”ボタンを押してください。
@ -143,26 +143,110 @@ testアプリケーションのビルドの準備が整ったので、ビルド
-----
<br>
### 8.1 TLS対向アプリケーションの生成と実行
### 8.1 testアプリケーションのサポートするTLSバージョン
<br>
TSIPv1.15以降を使用する場合には、これまでのTLS1.2に加えてTLS1.3プロトコルが使用できます。{board-name-folder}/common/user_settings.hに既定で以下のマクロ定義が設定されています。
<br><br>
```
#define WOLFSSL_TLS13
```
この定義によりTLS1.3プロトコルを使用する設定となります。TLS1.2を使用する場合には、このマクロ定義をコメントアウトしてして、testアプリケーションを再ビルドしてください。
<br>
### 8.2 使用する証明書のタイプ
<br>
testアプリケーションとサーバーアプリケーションではTLS通信時に使用する証明書RootCA証明書、サーバー証明書、クライアント証明書のタイプが選択できます。証明書に含まれている公開鍵がRSA公開鍵であるRSA証明書とECC公開鍵を含むECDSA証明書が選択できます。既定ではECDSA証明書を使用するようになっています。
<br>
{board-name-folder}/common/user_settings.h に既定で以下のマクロ定義が設定されています。RSA証明書を使用する場合には上記定義をコメントアウトして、testアプリケーションを再ビルドしてください。
<br><br>
```
#define USE_ECC_CERT
```
<br>
この定義により、testアプリケーションはサーバーの提示するECC公開鍵を含んだサーバー証明書を検証できるRootCA証明書を使うようになります。また、クライアント認証に用いるクライアント証明書もECDSA証明書が使われます。
<br><br>
### 8.3 暗号化スイートの選択
<br>
testアプリケーションでは、TLSバージョンと証明書のタイプにより、testアプリケーションで使用する暗号化スイートを決定します。下表に使用できる暗号化スイートを示します。
<br>
|バージョン|証明書|暗号化スイート|
|:--|:--|:--|
|TLS1.3|RSA/ECDSA証明書| |
|||TLS_AES_128_GCM_SHA256|
|||TLS_AES_128_CCM_SHA256|
|TLS1.2|RSA証明書|
|||TLS_RSA_WITH_AES_128_CBC_SHA|
|||TLS_RSA_WITH_AES_256_CBC_SHA|
|||TLS_RSA_WITH_AES_128_CBC_SHA256|
|||TLS_RSA_WITH_AES_256_CBC_SHA256|
|||TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256|
|||TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|
||ECDSA証明書||
|||TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256|
|||TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256|
<br>
### 8.4 TLS対向アプリケーションのビルドと実行
<br>
testアプリケーションをTLS_Clientとしての動作を行わせる場合には、TLS通信の相手方となる対向アプリケーションが必要となります。wolfSSLパッケージにはこの用途に使用できるTLSserverサンプルアプリケーションが用意されています。このプログラムはwolfsslをビルドすることで生成されます。wolfSSLのビルドにはgccがインストールされているLinux(MacOS, WSLも含む)でのビルドとVisualStudioを使ってのビルドが可能です。以下ではWSL上でのビルドを紹介します。
<br><br>
コンフィギュレーションオプションは使用する証明書タイプによって変更する必要があります。
<br>
#### 8.4.1 ECDSA証明書を使用する場合のコンフィギュレーション
<br>
```
$ cd <wolfssl-folder>
$ cd {wolfssl-folder}
$ ./autogen.sh
$ ./configure CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVEAES_CBC"
$ ./configure --enable-ecc --enable-dsa --enable-aesccm CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVE_AES_CBC -DHAVE_DSA -DHAVE_ALL_CURVES -DHAVE_ECC -DNO_RSA"
$ make
```
(注意)"-DNO_RSA"の指定をわすれないこと
<br>
#### 8.4.2 RSA証明書を使用する場合のコンフィギュレーション
<br>
```
$ cd {wolfssl-folder}
$ ./autogen.sh
$ ./configure --enable-ecc --enable-dsa --enable-aesccm CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVE_AES_CBC -DHAVE_DSA -DHAVE_ALL_CURVES -DHAVE_ECC"
$ make
```
<br>
上記のビルドによって、<wolfssl-folder\>/examples/server/server
が生成されます。この実行プログラムがサーバーアプリケーションとして機能します。以下のオプションを与えて実行させるとTLS_Clientからの接続を待ち受け状態になります。
#### 8.4.3 サーバーアプリケーションの実行
<br>
上記のビルドによって、{wolfssl-folder}/examples/server/server
が生成されます。この実行プログラムがサーバーアプリケーションとして機能します。以下のオプションを与えて実行させるとtestアプリケーションからの接続を待ち受け状態になります。 使用するTLSバージョンとして TLS1.3を使用する場合には "-v4"を指定し、TLS1.2を使用する場合には"-v3"を指定してください。
<br><br>
```
$ examples/server/server -b -d -i
$ examples/server/server -b -v4 -i
```
<br>
testアプリケーションには、サーバーアプリケーションに割り当てられたIPアドレスを指定します。
@ -177,7 +261,8 @@ wolf_client.cを開き、#define SIMPLE_TLSSEVER_IPにアドレスを指定し
...
```
<br>
ファイルをセーブしてtestアプリケーションを再ビルドしてください。testアプリケーションを実行すると、対向アプリケーションとの間でTLS接続が行われ、その後簡単な文字列を交換して標準出力に以下のような表示を行います。
ファイルをセーブしてtestアプリケーションを再ビルドしてください。testアプリケーションを実行すると、対向アプリケーションとの間でTLS接続が行われ、その後簡単な文字列を交換して標準出力に以下のような表示を行います。表示される暗号化スイートはTLSバージョンと証明書タイプの組み合わせによって異なります。
<br><br>
```
@ -201,41 +286,6 @@ Received: I hear you fa shizzle!
```
<br>
### 8.2 サーバー証明書の変更(認証方式の変更)
<br>
上記はサーバーアプリケーションが提示すサーバー証明書にRSA公開鍵が含まれているRSA認証場合の実行例です。TSIPにはこのほかにサーバー証明書にECC公開鍵を含む場合ECDSA認証も扱えます。
<br>
ECDSAを含む暗号化スイートを使用したい場合には、testアプリケーションの設定を変更して再ビルドが必要となります。\<board-name-folder\>/common/user_settings.h を開き、USE_ECC_CERT定義を有効化して再ビルドしてください。
<br><br>
```
#define USE_ECC_CERT
```
<br>
この定義により、testアプリケーションはサーバーの提示するECC公開鍵を含んだサーバー証明書を検証できるRootCA証明書を使うようになります。
<br><br>
さらに対向するサーバーアプリケーションの方でも以下のようにECC公開鍵を含んだサーバー証明書と秘密鍵ファイルをオプションで指定して実行する必要があります。
<br><br>
```
$ ./examples/server/server -b -d -i -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
```
<br>
実行結果として以下が表示されます。
<br><br>
```
cipher : ECDHE-ECDSA-AES128-SHA256
Received: I hear you fa shizzle!
cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Received: I hear you fa shizzle!
```
<br>
## 9. ユーザーが用意したRootCA証明書を利用する際に必要なこと
-----
@ -247,3 +297,22 @@ Received: I hear you fa shizzle!
3. RootCA証明書を上記の秘密鍵で生成した署名
が必要になります。それらの生成方法はRenesas社提供のマニュアルを参照してください。
<br>
## 10. 制限事項
TSIPv1.15をサポートしたwolfSSLでは以下の機能制限があります。
1. TLSハンドシェーク中にサーバーと交換したメッセージパケットが平文でメモリ上に蓄積されています。これはハンドシェークメッセージのハッシュ計算に使用されます。内容はセッション終了時に削除されます。
1. TLS1.2ではTSIPを使ったクライアント認証機能をサポートしていません。
wolfSSL_CTX_use_certificate_buffer あるいはwolfSSL_CTX_use_certificate_chain_buffer_format を使ってクライアント証明書をロードし、wolfSSL_CTX_use_PrivateKey_bufferを使って秘密鍵をロードしてください。ソフトウエアで処理を行います。
1. TLS1.3ではTSIPを使ったクライアント認証機能はECDSAクライアント証明書の場合にのみサポートされます。RSA証明書の場合はソフトウエアでの処理となります。
1. TLS1.3ではTSIPを使ったサーバー認証機能のうち、CertificateVerifyメッセージの検証はソフトウエアでの処理となります。
1. TSIPを使ってのセッション再開およびearly dataはサポートされません。
上記制限1 ~ 4は次版以降のTSIPによって改善が見込まれています。

16
IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -49,7 +49,7 @@
* TLSv1.3, uncomment line below.
*
*----------------------------------------------------------------------------*/
/*#define WOLFSSL_TLS13*/
#define WOLFSSL_TLS13
/*-- Operating System related definitions --------------------------------------
@ -68,11 +68,12 @@
*----------------------------------------------------------------------------*/
#define NO_DEV_RANDOM
#define NO_MD4
#define WOLFSSL_DH_CONST
#define HAVE_TLS_EXTENSIONS
#define HAVE_AESGCM
#define HAVE_AESCCM
#define HAVE_AES_CBC
#define WOLFSSL_SHA512
@ -104,7 +105,7 @@
* - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
*
*/
/*#define USE_ECC_CERT*/
#define USE_ECC_CERT
/* In this example application, Root CA cert buffer named
* "ca_ecc_cert_der_256" is used under the following macro definition
@ -133,9 +134,6 @@
#endif /* WOLFSSL_STATIC_MEMORY */
#if !defined(min)
#define min(data1, data2) _builtin_min(data1, data2)
#endif
/*
* -- "NO_ASN_TIME" macro is to avoid certificate expiration validation --
@ -159,8 +157,10 @@
#define WOLFSSL_USER_IO
#define WOLFSSL_USER_CURRTIME /* for benchmark */
#define USER_TIME
#define TIME_OVERRIDES
#define XTIME time
#define WOLFSSL_GMTIME
#define XGMTIME(c,t) gmtime(c)
#define USE_WOLF_SUSECONDS_T
#define USE_WOLF_TIMEVAL_T

7
IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
View File

@ -1,6 +1,6 @@
/* wolfssl_dummy.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -19,15 +19,16 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
typedef unsigned long time_t;
#include <wolfssl/wolfcrypt/wc_port.h>
#define YEAR 2022
#define MON 5
#define MON 6
static int tick = 0;
time_t time(time_t *t)
{
(void)t;
return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
}

2
IDE/Renesas/e2studio/RX65N/GR-ROSE/test/.cproject
View File

@ -49,7 +49,6 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_config}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/src/targets/rx65n}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx}&quot;"/>
@ -62,7 +61,6 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
<listOptionValue builtIn="false" value="${ProjDirPath}/generate"/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.511269805" name="Macro definition (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>

66
IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c
View File

@ -1,6 +1,6 @@
/* key_data.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -71,12 +71,66 @@ const st_key_block_data_t g_key_block_data =
},
/* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
{
0x79, 0xB6, 0x8C, 0x48, 0x0A, 0xF2, 0x09, 0xF5, 0xD9, 0x66, 0xBE, 0x9F,
0xD1, 0x7A, 0x93, 0x52, 0x26, 0x76, 0x6B, 0xB8, 0xF6, 0xB3, 0x88, 0xA6,
0x4F, 0x6F, 0xB3, 0xF4, 0x8D, 0x83, 0x8F, 0xA0, 0x4A, 0x14, 0xAE, 0xF3,
0xCB, 0x00, 0x1A, 0x0B, 0xB5, 0xE6, 0x65, 0x83, 0x2A, 0x5A, 0x16, 0x8B
0
},
/* uint8_t
* encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
*/
{
0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
0x12, 0x60, 0xCB, 0x48, 0x27, 0xB6, 0x38, 0x0B, 0x54, 0x5A, 0x70, 0xCB,
0x6F, 0x05, 0x53, 0x46, 0x8B, 0x08, 0x86, 0x24, 0xCB, 0xA2, 0x36, 0x54,
0xCD, 0xC9, 0x61, 0x37, 0x43, 0xCB, 0xCC, 0x7C, 0x6B, 0x20, 0x07, 0xB6,
0x01, 0x96, 0x32, 0xF5, 0x30, 0x0E, 0x96, 0x05, 0xC4, 0xF5, 0xF0, 0xB0,
0xD3, 0x26, 0xAF, 0x6E, 0x39, 0x01, 0x2D, 0xAC, 0x7E, 0x39, 0xCF, 0x48,
0x74, 0x7D, 0x98, 0x00, 0xA6, 0x95, 0xDA, 0x4C, 0xAC, 0x81, 0xC7, 0x9A,
0x93, 0x69, 0x23, 0xD4, 0x39, 0xCD, 0xB3, 0x62, 0x4A, 0x4A, 0x26, 0x95,
0x51, 0xE1, 0x06, 0x8F, 0xB2, 0x3C, 0x8F, 0xDE, 0xF1, 0xC3, 0x69, 0xFC,
0xF5, 0xC3, 0xCE, 0x39, 0x3F, 0x7F, 0x2D, 0xA8, 0x8B, 0xB3, 0x2D, 0xE4,
0xB8, 0xA4, 0x19, 0x55, 0x29, 0xEC, 0x9C, 0x6A, 0xD7, 0xD7, 0x45, 0x3E,
0x1D, 0x18, 0x52, 0xB5, 0x8A, 0xB1, 0x26, 0x43, 0x8C, 0x7A, 0x65, 0xF1,
0x17, 0x5E, 0x75, 0x4A, 0x1A, 0x30, 0xD8, 0xEA, 0xC2, 0x19, 0x3C, 0x1E,
0x2E, 0xFB, 0xDB, 0xC9, 0x1F, 0x73, 0xC9, 0x95, 0x53, 0x8C, 0x99, 0x5D,
0x3B, 0x59, 0xFE, 0x8B, 0xA1, 0xD2, 0xBB, 0xBC, 0xBC, 0x4B, 0x78, 0x0A,
0x6B, 0xD8, 0xBE, 0x85, 0x60, 0x08, 0x1E, 0x2F, 0x38, 0x77, 0xA3, 0xC4,
0x46, 0xC1, 0x42, 0x39, 0xA6, 0x59, 0x98, 0x59, 0x21, 0x94, 0x1F, 0xDC,
0xB3, 0xAE, 0xA3, 0xB6, 0xCC, 0x35, 0x82, 0x6F, 0x87, 0x58, 0x91, 0x70,
0xEC, 0x3F, 0x05, 0x86, 0x3C, 0xD1, 0x83, 0xB0, 0xBA, 0xE8, 0xD7, 0xF6,
0xE5, 0x9E, 0x50, 0xA4, 0x04, 0xF3, 0x95, 0x9C, 0x41, 0xAF, 0xEB, 0x9D,
0xB6, 0xA2, 0xF7, 0x80, 0x5A, 0xC4, 0x67, 0xD4, 0xFD, 0x0C, 0x2A, 0x7C,
0x24, 0x03, 0xE5, 0x7F, 0x08, 0x69, 0x18, 0x4E, 0x33, 0x22, 0x7E, 0x03,
0x8E, 0x13, 0xFB, 0xC6, 0x9B, 0xA3, 0x44, 0x5B, 0xEC, 0xF9, 0x5C, 0x93,
0x3E, 0x9F, 0xBD, 0x72, 0x50, 0x52, 0xF3, 0xEA, 0x34, 0x2B, 0x8E, 0xEC,
0x17, 0x42, 0x1A, 0xDF, 0x57, 0xA2, 0x66, 0xA7, 0x0B, 0x3B, 0xE5, 0xF7,
0x64, 0x44, 0xA2, 0xA3, 0x5F, 0xB7, 0x5B, 0xF5, 0x99, 0x8C, 0xA0, 0x64,
0x04, 0x46, 0x7C, 0x60, 0x75, 0xE4, 0xD9, 0xD5, 0xED, 0x21, 0x1D, 0x65,
0x5D, 0x25, 0x21, 0x90, 0x7D, 0xA4, 0x95, 0x15, 0x54, 0x91, 0xD6, 0xB8,
0xF9, 0xB7, 0x30, 0xD9, 0x7D, 0x2C, 0x7E, 0x85, 0x6A, 0xCF, 0x31, 0x1C,
0xDC, 0x90, 0xA3, 0x75, 0xA4, 0xE4, 0x89, 0x5F, 0x2B, 0xED, 0x93, 0x4E,
0xA8, 0x35, 0xD3, 0x20, 0x36, 0x7A, 0x02, 0x23, 0x70, 0xB7, 0xC2, 0x39,
0xA4, 0x69, 0xB2, 0xBF, 0xA4, 0x3A, 0x6D, 0xB7, 0xB1, 0x32, 0x32, 0x9A,
0x95, 0xEA, 0x02, 0xD2, 0x35, 0xE7, 0x8C, 0xD8, 0x22, 0xA9, 0xC3, 0x4C,
0x68, 0x09, 0xA1, 0x2B, 0xB0, 0xE4, 0x55, 0x72, 0x7E, 0xE6, 0x00, 0xDD,
0xC6, 0xD1, 0x83, 0x56, 0x08, 0x35, 0xC7, 0x9A, 0x98, 0x0C, 0x79, 0xBD,
0x49, 0xBC, 0x3F, 0x45, 0x4A, 0x38, 0x1B, 0x55, 0x2D, 0x52, 0x57, 0x00,
0xFC, 0xDB, 0xE7, 0xA0, 0x53, 0xB4, 0x63, 0xE4, 0x37, 0xEC, 0x9F, 0xF0,
0xA4, 0x0F, 0xEF, 0x06, 0xF0, 0xC6, 0x5F, 0x0C, 0x4A, 0xB8, 0xC1, 0x96,
0x1D, 0x0D, 0x9A, 0x43, 0x89, 0xA4, 0xF6, 0x55, 0x4A, 0x83, 0x54, 0x3F,
0xCC, 0x09, 0x65, 0x34, 0xC0, 0x0F, 0x42, 0xF2, 0xE6, 0xDD, 0x2D, 0x8C,
0x93, 0x42, 0x09, 0xF6, 0xE4, 0xDF, 0xB2, 0x64, 0x2A, 0x12, 0x7A, 0x59
},
/* uint8_t
* encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
*/
{
0x25, 0x7A, 0x0C, 0x8C, 0x9B, 0xF9, 0x3C, 0xF5, 0x49, 0x08, 0x86, 0x92,
0x00, 0x7D, 0xAB, 0x21, 0x23, 0x38, 0xF8, 0xEA, 0xB0, 0x95, 0x59, 0x9B,
0x04, 0xC8, 0xAA, 0xEA, 0x8C, 0x2D, 0x68, 0xF4, 0xD5, 0xD7, 0xA9, 0x6F,
0x2C, 0x8C, 0x13, 0x93, 0xA3, 0x80, 0x11, 0xF9, 0x0F, 0x36, 0x14, 0xA8
},
};
/* Public key type of CA root cert: 0: RSA-2048 2: ECDSA-P256*/

2
IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h
View File

@ -38,6 +38,8 @@ typedef struct st_key_block_data
uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE];
uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16];
uint8_t encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16];
uint8_t encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
} st_key_block_data_t;

24
IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c
View File

@ -1,6 +1,6 @@
/* test_main.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -198,13 +198,26 @@ void main(void)
defined(TLS_CLIENT)
#ifdef USE_ECC_CERT
const char* cipherlist[] = {
#if defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256",
"TLS13-AES128-CCM-SHA256",
#endif
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA256"
};
const int cipherlist_sz = 2;
int cipherlist_sz;
#if defined(WOLFSSL_TLS13)
cipherlist_sz = 2;
#else
cipherlist_sz = 2;
#endif
#else
const char* cipherlist[] = {
#if defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256",
"TLS13-AES128-CCM-SHA256",
#endif
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-SHA256",
"AES128-SHA",
@ -212,7 +225,12 @@ void main(void)
"AES256-SHA",
"AES256-SHA256"
};
const int cipherlist_sz = 6;
int cipherlist_sz;
#if defined(WOLFSSL_TLS13)
cipherlist_sz = 2;
#else
cipherlist_sz = 6;
#endif /* WOLFSSL_TLS13 */
#endif
#endif

76
IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c
View File

@ -1,6 +1,6 @@
/* wolf_client.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -128,7 +128,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
#if defined(WOLFSSL_STATIC_MEMORY)
if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method_ex(heapHint),
if ((client_ctx = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heapHint),
heapHint)) == NULL) {
printf("ERROR: faild to create WOLFSSL_CTX\n");
return;
@ -144,7 +144,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
/* Create and initialize WOLFSSL_CTX */
if ((client_ctx =
wolfSSL_CTX_new(wolfTLSv1_2_client_method_ex((void *)NULL))) == NULL) {
wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
return;
}
@ -165,8 +165,68 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
printf("ERROR: can't load certificate data\n");
return;
}
/* load client certificate */
#ifdef USE_ECC_CERT
if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
cliecc_cert_der_256,
sizeof_cliecc_cert_der_256,
WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
printf("ERROR: can't load client-certificate\n");
return;
}
/* set client private key data */
#ifdef WOLFSSL_TLS13
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (tsip_set_clientPrivateKeyEnc(
g_key_block_data.encrypted_user_ecc256_private_key,
TSIP_ECCP256) != 0) {
printf("ERROR: can't load client-private key\n");
return;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#else
if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx,
ecc_clikey_der_256,
sizeof_ecc_clikey_der_256,
SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: can't load private-key data.\n");
return;
}
#endif /* WOLFSSL_TLS13 */
#else
if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
client_cert_der_2048,
sizeof_client_cert_der_2048,
WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
printf("ERROR: can't load client-certificate\n");
return;
}
/* set client private key data */
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (tsip_set_clientPrivateKeyEnc(
g_key_block_data.encrypted_user_rsa2048_private_key,
TSIP_RSA2048) != 0) {
printf("ERROR: can't load client-private key\n");
return;
}
#endif
if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx, client_key_der_2048,
sizeof_client_key_der_2048, SSL_FILETYPE_ASN1)
!= WOLFSSL_SUCCESS) {
printf("ERROR: can't load private-key data.\n");
return;
}
#endif /* USE_ECC_CERT */
#endif /* !NO_FILESYSTEM */
/* Register callbacks */
wolfSSL_SetIORecv(client_ctx, my_IORecv);
wolfSSL_SetIOSend(client_ctx, my_IOSend);
@ -176,7 +236,17 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
printf("client can't set cipher list");
return;
}
#if defined(WOLFSSL_TLS13) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
printf("client can't set use supported curves\n");
return;
}
#endif
}
void wolfSSL_TLS_client( )

179
IDE/Renesas/e2studio/RX65N/GR-ROSE/test/test.rcpc
View File

@ -7,19 +7,6 @@
</Placeholders>
<Project Name="test" Type="Application">
<Files>
<Category Name="generate">
<Path>generate\dbsct.c</Path>
<Path>generate\hwsetup.c</Path>
<Path>generate\intprg.c</Path>
<Path>generate\iodefine.h</Path>
<Path>generate\resetprg.c</Path>
<Path>generate\sbrk.c</Path>
<Path>generate\sbrk.h</Path>
<Path>generate\stacksct.h</Path>
<Path>generate\typedefine.h</Path>
<Path>generate\vect.h</Path>
<Path>generate\vecttbl.c</Path>
</Category>
<Category Name="src">
<Path>..\..\..\..\..\..\wolfcrypt\benchmark\benchmark.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\benchmark\benchmark.h</Path>
@ -275,23 +262,21 @@
<Option>-fpu</Option>
<Option>-include="${ProjDirPath}\..\common"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_bsp"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_config"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx65n"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx\src"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx\lib"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_ether_rx"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\Config_TMR0"</Option>
<Option>-include="${ProjDirPath}\generate"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_bsp"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_config"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx\src"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx\lib"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_ether_rx"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\general"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\Config_TMR0"</Option>
<Option>-define=DEBUG_CONSOLE,WOLFSSL_USER_SETTINGS</Option>
<Option>-utf8</Option>
<Option>-nomessage</Option>
@ -307,8 +292,8 @@
<AssembleOptions>
<Option>-isa=rxv2</Option>
<Option>-fpu</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\general"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"</Option>
<Option>-utf8</Option>
<Option>-debug</Option>
<Option>-nologo</Option>
@ -324,8 +309,8 @@
<Option>-rom=D=R,D_1=R_1,D_2=R_2</Option>
<Option>-cpu=RAM=00000000-0003ffff,FIX=00080000-00083fff,FIX=00086000-00087fff,FIX=00088000-0009ffff,FIX=000a0000-000a3fff,RAM=000a4000-000a5fff,FIX=000a6000-000bffff,FIX=000c0000-000dffff,FIX=000e0000-000fffff,ROM=00100000-00107fff,FIX=007fc000-007fcfff,FIX=007fe000-007fffff,RAM=00800000-0085ffff,RAM=fe7f5d00-fe7f5d7f,RAM=fe7f7d70-fe7f7d9f,ROM=ffe00000-ffffffff</Option>
<Option>-nologo</Option>
<Option>-library="${ProjDirPath}/../../../../../../../${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little_debug.lib"</Option>
<Option>-library="${ProjDirPath}/../../../../../../../${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx65n_little.lib"</Option>
<Option>-library="${ProjDirPath}/../${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little_debug.lib"</Option>
<Option>-library="${ProjDirPath}/../${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx65n_little.lib"</Option>
<Option>-library="${ProjDirPath}/../wolfssl/Debug/wolfssl.lib"</Option>
<Option>-start=SU,SI,B_1,R_1,B_2,R_2,B,R/04,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/03C000,C_1,C_2,C,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC</Option>
<PreLinker>Auto</PreLinker>
@ -385,34 +370,26 @@
<Path>HardwareDebug\wolfssl_dummy.obj</Path>
<Path>HardwareDebug\test.lib</Path>
</LinkOrder>
<NoTargetFile Target="generate\dbsct.c"/>
<NoTargetFile Target="generate\hwsetup.c"/>
<NoTargetFile Target="generate\intprg.c"/>
<NoTargetFile Target="generate\resetprg.c"/>
<NoTargetFile Target="generate\sbrk.c"/>
<NoTargetFile Target="generate\vecttbl.c"/>
<CommonOptions>
<IncludePathForC>"${ProjDirPath}\..\common"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_bsp"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_config"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx65n"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx\src"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx\lib"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_ether_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\Config_TMR0"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\generate"</IncludePathForC>
<IncludePathForAsm>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"</IncludePathForAsm>
<IncludePathForAsm>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"</IncludePathForAsm>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_bsp"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_config"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx\src"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx\lib"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_ether_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\general"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\Config_TMR0"</IncludePathForC>
<IncludePathForAsm>"${ProjDirPath}\..\${ProjName}\src\smc_gen\general"</IncludePathForAsm>
<IncludePathForAsm>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"</IncludePathForAsm>
<MacroForC>DEBUG_CONSOLE</MacroForC>
<MacroForC>WOLFSSL_USER_SETTINGS</MacroForC>
</CommonOptions>
@ -422,23 +399,23 @@
<CompileOptions>
<Option>-isa=rxv2</Option>
<Option>-fpu</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_bsp"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_config"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx231"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx66t"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx65n"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx\src"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx\lib"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_ether_rx"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_bsp"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_config"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx231"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx66t"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx65n"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx\src"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx\lib"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_ether_rx"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\general"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"</Option>
<Option>-include="${ProjDirPath}\generate"</Option>
<Option>-define=DEBUG_CONSOLE</Option>
<Option>-utf8</Option>
@ -454,8 +431,8 @@
<AssembleOptions>
<Option>-isa=rxv2</Option>
<Option>-fpu</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"</Option>
<Option>-include="${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\general"</Option>
<Option>-include="${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"</Option>
<Option>-utf8</Option>
<Option>-debug</Option>
<Option>-nologo</Option>
@ -471,7 +448,7 @@
<Option>-rom=D=R,D_1=R_1,D_2=R_2</Option>
<Option>-cpu=RAM=00000000-0003ffff,FIX=00080000-00083fff,FIX=00086000-00087fff,FIX=00088000-0009ffff,FIX=000a0000-000a3fff,RAM=000a4000-000a5fff,FIX=000a6000-000bffff,FIX=000c0000-000dffff,FIX=000e0000-000fffff,ROM=00100000-00107fff,FIX=007fc000-007fcfff,FIX=007fe000-007fffff,RAM=00800000-0085ffff,RAM=fe7f5d00-fe7f5d7f,RAM=fe7f7d70-fe7f7d9f,ROM=ffe00000-ffffffff</Option>
<Option>-nologo</Option>
<Option>-library="${ProjDirPath}/../../../../../../../${ProjName}/src/smc_gen/r_t4_rx/lib/T4_Library_rxv1_ether_little.lib"</Option>
<Option>-library="${ProjDirPath}/../${ProjName}/src/smc_gen/r_t4_rx/lib/T4_Library_rxv1_ether_little.lib"</Option>
<Option>-start=SU,SI,B_1,R_1,B_2,R_2,B,R/04,C_1,C_2,C,C$*,D*,W*,L,P*/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000</Option>
<PreLinker>Auto</PreLinker>
</LinkOptions>
@ -530,33 +507,27 @@
<Path>Debug\wolfssl_dummy.obj</Path>
<Path>Debug\test.lib</Path>
</LinkOrder>
<NoTargetFile Target="generate\dbsct.c"/>
<NoTargetFile Target="generate\hwsetup.c"/>
<NoTargetFile Target="generate\intprg.c"/>
<NoTargetFile Target="generate\resetprg.c"/>
<NoTargetFile Target="generate\sbrk.c"/>
<NoTargetFile Target="generate\vecttbl.c"/>
<CommonOptions>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_bsp"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_config"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx231"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx66t"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx65n"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_cmt_rx\src"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_t4_rx\lib"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_ether_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_bsp"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_config"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx231"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx66t"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_tsip_rx\src\targets\rx65n"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_cmt_rx\src"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_driver_rx\src"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_t4_rx\lib"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_ether_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_sys_time_rx\src"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\general"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"</IncludePathForC>
<IncludePathForC>"${ProjDirPath}\generate"</IncludePathForC>
<IncludePathForAsm>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\general"</IncludePathForAsm>
<IncludePathForAsm>"${ProjDirPath}\..\..\..\..\..\..\..\${ProjName}\src\smc_gen\r_pincfg"</IncludePathForAsm>
<IncludePathForAsm>"${ProjDirPath}\..\${ProjName}\src\smc_gen\general"</IncludePathForAsm>
<IncludePathForAsm>"${ProjDirPath}\..\${ProjName}\src\smc_gen\r_pincfg"</IncludePathForAsm>
<MacroForC>DEBUG_CONSOLE</MacroForC>
</CommonOptions>
</BuildMode>

BIN
IDE/Renesas/e2studio/RX65N/RSK/InstructionManualForExample_RSK+RX65N-2MB_EN.pdf
View File

Binary file not shown.

BIN
IDE/Renesas/e2studio/RX65N/RSK/InstructionManualForExample_RSK+RX65N-2MB_JP.pdf
View File

Binary file not shown.

65
IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
View File

@ -71,10 +71,65 @@ const st_key_block_data_t g_key_block_data =
},
/* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
{
0x79, 0xB6, 0x8C, 0x48, 0x0A, 0xF2, 0x09, 0xF5, 0xD9, 0x66, 0xBE, 0x9F,
0xD1, 0x7A, 0x93, 0x52, 0x26, 0x76, 0x6B, 0xB8, 0xF6, 0xB3, 0x88, 0xA6,
0x4F, 0x6F, 0xB3, 0xF4, 0x8D, 0x83, 0x8F, 0xA0, 0x4A, 0x14, 0xAE, 0xF3,
0xCB, 0x00, 0x1A, 0x0B, 0xB5, 0xE6, 0x65, 0x83, 0x2A, 0x5A, 0x16, 0x8B
0
},
/* uint8_t
* encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
*/
{
0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
0x12, 0x60, 0xCB, 0x48, 0x27, 0xB6, 0x38, 0x0B, 0x54, 0x5A, 0x70, 0xCB,
0x6F, 0x05, 0x53, 0x46, 0x8B, 0x08, 0x86, 0x24, 0xCB, 0xA2, 0x36, 0x54,
0xCD, 0xC9, 0x61, 0x37, 0x43, 0xCB, 0xCC, 0x7C, 0x6B, 0x20, 0x07, 0xB6,
0x01, 0x96, 0x32, 0xF5, 0x30, 0x0E, 0x96, 0x05, 0xC4, 0xF5, 0xF0, 0xB0,
0xD3, 0x26, 0xAF, 0x6E, 0x39, 0x01, 0x2D, 0xAC, 0x7E, 0x39, 0xCF, 0x48,
0x74, 0x7D, 0x98, 0x00, 0xA6, 0x95, 0xDA, 0x4C, 0xAC, 0x81, 0xC7, 0x9A,
0x93, 0x69, 0x23, 0xD4, 0x39, 0xCD, 0xB3, 0x62, 0x4A, 0x4A, 0x26, 0x95,
0x51, 0xE1, 0x06, 0x8F, 0xB2, 0x3C, 0x8F, 0xDE, 0xF1, 0xC3, 0x69, 0xFC,
0xF5, 0xC3, 0xCE, 0x39, 0x3F, 0x7F, 0x2D, 0xA8, 0x8B, 0xB3, 0x2D, 0xE4,
0xB8, 0xA4, 0x19, 0x55, 0x29, 0xEC, 0x9C, 0x6A, 0xD7, 0xD7, 0x45, 0x3E,
0x1D, 0x18, 0x52, 0xB5, 0x8A, 0xB1, 0x26, 0x43, 0x8C, 0x7A, 0x65, 0xF1,
0x17, 0x5E, 0x75, 0x4A, 0x1A, 0x30, 0xD8, 0xEA, 0xC2, 0x19, 0x3C, 0x1E,
0x2E, 0xFB, 0xDB, 0xC9, 0x1F, 0x73, 0xC9, 0x95, 0x53, 0x8C, 0x99, 0x5D,
0x3B, 0x59, 0xFE, 0x8B, 0xA1, 0xD2, 0xBB, 0xBC, 0xBC, 0x4B, 0x78, 0x0A,
0x6B, 0xD8, 0xBE, 0x85, 0x60, 0x08, 0x1E, 0x2F, 0x38, 0x77, 0xA3, 0xC4,
0x46, 0xC1, 0x42, 0x39, 0xA6, 0x59, 0x98, 0x59, 0x21, 0x94, 0x1F, 0xDC,
0xB3, 0xAE, 0xA3, 0xB6, 0xCC, 0x35, 0x82, 0x6F, 0x87, 0x58, 0x91, 0x70,
0xEC, 0x3F, 0x05, 0x86, 0x3C, 0xD1, 0x83, 0xB0, 0xBA, 0xE8, 0xD7, 0xF6,
0xE5, 0x9E, 0x50, 0xA4, 0x04, 0xF3, 0x95, 0x9C, 0x41, 0xAF, 0xEB, 0x9D,
0xB6, 0xA2, 0xF7, 0x80, 0x5A, 0xC4, 0x67, 0xD4, 0xFD, 0x0C, 0x2A, 0x7C,
0x24, 0x03, 0xE5, 0x7F, 0x08, 0x69, 0x18, 0x4E, 0x33, 0x22, 0x7E, 0x03,
0x8E, 0x13, 0xFB, 0xC6, 0x9B, 0xA3, 0x44, 0x5B, 0xEC, 0xF9, 0x5C, 0x93,
0x3E, 0x9F, 0xBD, 0x72, 0x50, 0x52, 0xF3, 0xEA, 0x34, 0x2B, 0x8E, 0xEC,
0x17, 0x42, 0x1A, 0xDF, 0x57, 0xA2, 0x66, 0xA7, 0x0B, 0x3B, 0xE5, 0xF7,
0x64, 0x44, 0xA2, 0xA3, 0x5F, 0xB7, 0x5B, 0xF5, 0x99, 0x8C, 0xA0, 0x64,
0x04, 0x46, 0x7C, 0x60, 0x75, 0xE4, 0xD9, 0xD5, 0xED, 0x21, 0x1D, 0x65,
0x5D, 0x25, 0x21, 0x90, 0x7D, 0xA4, 0x95, 0x15, 0x54, 0x91, 0xD6, 0xB8,
0xF9, 0xB7, 0x30, 0xD9, 0x7D, 0x2C, 0x7E, 0x85, 0x6A, 0xCF, 0x31, 0x1C,
0xDC, 0x90, 0xA3, 0x75, 0xA4, 0xE4, 0x89, 0x5F, 0x2B, 0xED, 0x93, 0x4E,
0xA8, 0x35, 0xD3, 0x20, 0x36, 0x7A, 0x02, 0x23, 0x70, 0xB7, 0xC2, 0x39,
0xA4, 0x69, 0xB2, 0xBF, 0xA4, 0x3A, 0x6D, 0xB7, 0xB1, 0x32, 0x32, 0x9A,
0x95, 0xEA, 0x02, 0xD2, 0x35, 0xE7, 0x8C, 0xD8, 0x22, 0xA9, 0xC3, 0x4C,
0x68, 0x09, 0xA1, 0x2B, 0xB0, 0xE4, 0x55, 0x72, 0x7E, 0xE6, 0x00, 0xDD,
0xC6, 0xD1, 0x83, 0x56, 0x08, 0x35, 0xC7, 0x9A, 0x98, 0x0C, 0x79, 0xBD,
0x49, 0xBC, 0x3F, 0x45, 0x4A, 0x38, 0x1B, 0x55, 0x2D, 0x52, 0x57, 0x00,
0xFC, 0xDB, 0xE7, 0xA0, 0x53, 0xB4, 0x63, 0xE4, 0x37, 0xEC, 0x9F, 0xF0,
0xA4, 0x0F, 0xEF, 0x06, 0xF0, 0xC6, 0x5F, 0x0C, 0x4A, 0xB8, 0xC1, 0x96,
0x1D, 0x0D, 0x9A, 0x43, 0x89, 0xA4, 0xF6, 0x55, 0x4A, 0x83, 0x54, 0x3F,
0xCC, 0x09, 0x65, 0x34, 0xC0, 0x0F, 0x42, 0xF2, 0xE6, 0xDD, 0x2D, 0x8C,
0x93, 0x42, 0x09, 0xF6, 0xE4, 0xDF, 0xB2, 0x64, 0x2A, 0x12, 0x7A, 0x59
},
/* uint8_t
* encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
*/
{
0x25, 0x7A, 0x0C, 0x8C, 0x9B, 0xF9, 0x3C, 0xF5, 0x49, 0x08, 0x86, 0x92,
0x00, 0x7D, 0xAB, 0x21, 0x23, 0x38, 0xF8, 0xEA, 0xB0, 0x95, 0x59, 0x9B,
0x04, 0xC8, 0xAA, 0xEA, 0x8C, 0x2D, 0x68, 0xF4, 0xD5, 0xD7, 0xA9, 0x6F,
0x2C, 0x8C, 0x13, 0x93, 0xA3, 0x80, 0x11, 0xF9, 0x0F, 0x36, 0x14, 0xA8
},
};
@ -170,4 +225,6 @@ const unsigned char client_cert_der_sign[] =
};
const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 };
uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
#endif

2
IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
View File

@ -38,6 +38,8 @@ typedef struct st_key_block_data
uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE];
uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16];
uint8_t encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16];
uint8_t encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
} st_key_block_data_t;

11
IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
View File

@ -48,7 +48,7 @@
* TLSv1.3, uncomment line below.
*
*----------------------------------------------------------------------------*/
/*#define WOLFSSL_TLS13*/
#define WOLFSSL_TLS13
/*-- Operating System related definitions --------------------------------------
@ -70,11 +70,12 @@
*----------------------------------------------------------------------------*/
#define NO_DEV_RANDOM
#define NO_MD4
#define WOLFSSL_DH_CONST
#define HAVE_TLS_EXTENSIONS
#define HAVE_AESGCM
#define HAVE_AESCCM
#define HAVE_AES_CBC
#define WOLFSSL_SHA512
@ -106,7 +107,7 @@
* - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
*
*/
/*#define USE_ECC_CERT*/
#define USE_ECC_CERT
/* In this example application, Root CA cert buffer named
* "ca_ecc_cert_der_256" is used under the following macro definition
@ -149,8 +150,10 @@
#define WOLFSSL_USER_CURRTIME /* for benchmark */
#define USER_TIME
#define TIME_OVERRIDES
#define XTIME time
#define WOLFSSL_GMTIME
#define XGMTIME(c,t) gmtime(c)
#define USE_WOLF_SUSECONDS_T
#define USE_WOLF_TIMEVAL_T

91
IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
View File

@ -165,7 +165,7 @@ static void Tls_client_init(const char* cipherlist)
/* Create and initialize WOLFSSL_CTX */
if ((client_ctx =
wolfSSL_CTX_new(wolfTLSv1_2_client_method_ex((void *)NULL))) == NULL) {
wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
return;
}
@ -174,23 +174,70 @@ static void Tls_client_init(const char* cipherlist)
tsip_set_callbacks(client_ctx);
#endif
/* load Root CA certificate */
#if defined(NO_FILESYSTEM)
if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert,
SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
printf("ERROR: can't load certificate data\n");
return;
}
#else
if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
printf("ERROR: can't load \"%s\"\n", cert);
return NULL;
}
#endif
/* load client certificate */
#ifdef USE_ECC_CERT
if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
cliecc_cert_der_256,
sizeof_cliecc_cert_der_256,
WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
printf("ERROR: can't load client-certificate\n");
return;
}
#else
if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
client_cert_der_2048,
sizeof_client_cert_der_2048,
WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
printf("ERROR: can't load client-certificate\n");
return;
}
#endif /* USE_ECC_CERT */
/* load client private key */
#ifdef USE_ECC_CERT
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS) &&
(WOLFSSL_RENESAS_TSIP_VER >= 115 )
if (tsip_set_clientPrivateKeyEnc(
g_key_block_data.encrypted_user_ecc256_private_key,
TSIP_ECCP256) != 0) {
printf("ERROR: can't load client-private key\n");
return;
}
#else
if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx,
ecc_clikey_der_256,
sizeof_ecc_clikey_der_256,
SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: can't load private-key data.\n");
return;
}
#endif /* WOLFSSL_TLS13 */
#else
if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx,
client_key_der_2048,
sizeof_client_key_der_2048,
SSL_FILETYPE_ASN1)
!= WOLFSSL_SUCCESS) {
printf("ERROR: can't load private-key data.\n");
return;
}
#endif /* USE_ECC_CERT */
/* use specific cipher */
if (cipherlist != NULL &&
@ -199,6 +246,18 @@ static void Tls_client_init(const char* cipherlist)
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
printf("client can't set cipher list");
}
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS) &&
(WOLFSSL_RENESAS_TSIP_VER >= 115)
if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
printf("client can't set use supported curves\n");
return;
}
#endif
}
static void Tls_client()
@ -314,13 +373,26 @@ static void Tls_client_demo(void)
#ifdef USE_ECC_CERT
const char* cipherlist[] = {
#if defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256",
"TLS13-AES128-CCM-SHA256",
#endif
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA256"
};
const int cipherlist_sz = 2;
int cipherlist_sz;
#if defined(WOLFSSL_TLS13)
cipherlist_sz = 2;
#else
cipherlist_sz = 2;
#endif
#else
const char* cipherlist[] = {
#if defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256",
"TLS13-AES128-CCM-SHA256",
#endif
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-SHA256",
"AES128-SHA",
@ -328,7 +400,12 @@ static void Tls_client_demo(void)
"AES256-SHA",
"AES256-SHA256"
};
const int cipherlist_sz = 6;
int cipherlist_sz;
#if defined(WOLFSSL_TLS13)
cipherlist_sz = 2;
#else
cipherlist_sz = 6;
#endif
#endif

BIN
IDE/Renesas/e2studio/RX72N/EnvisionKit/InstructionManualForExample_RX72N_EnvisonKit_EN.pdf
View File

Binary file not shown.

BIN
IDE/Renesas/e2studio/RX72N/EnvisionKit/InstructionManualForExample_RX72N_EnvisonKit_JP.pdf
View File

Binary file not shown.

63
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
View File

@ -70,10 +70,65 @@ const st_key_block_data_t g_key_block_data =
},
/* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
{
0xD6, 0xDB, 0x33, 0x0B, 0xC4, 0x72, 0x5A, 0xD3, 0x23, 0xDE, 0x1C, 0xAF,
0xA8, 0x33, 0xA6, 0x85, 0xA0, 0xAB, 0xBF, 0x51, 0x8B, 0xF4, 0x68, 0x45,
0xBD, 0x6D, 0xA5, 0x7A, 0x88, 0x82, 0x9C, 0x50, 0x43, 0xD7, 0x53, 0xC0,
0x9E, 0xA8, 0x4B, 0x7E, 0x8A, 0x8B, 0xF3, 0x1B, 0xA5, 0x50, 0x55, 0x5D
0
},
/* uint8_t
* encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
*/
{
0xAF, 0x8C, 0x78, 0xE3, 0x6C, 0x9E, 0xC6, 0x76, 0xE5, 0x86, 0x84, 0xBE,
0xF5, 0x6C, 0xD7, 0x2B, 0x46, 0x24, 0x35, 0x99, 0xA5, 0x64, 0xDD, 0xFA,
0x35, 0x22, 0x5A, 0xB8, 0x5F, 0xD8, 0x1E, 0xCF, 0xCC, 0x73, 0x10, 0xD6,
0x13, 0x69, 0x8F, 0x36, 0xA9, 0x8E, 0x09, 0xDF, 0x83, 0x20, 0x85, 0xBE,
0x81, 0x69, 0x51, 0x75, 0xCB, 0xA5, 0x90, 0x8C, 0xC1, 0x75, 0xBE, 0x0F,
0x8C, 0xB6, 0xFE, 0x73, 0x03, 0x37, 0x03, 0x41, 0xC0, 0x98, 0xC2, 0xEE,
0x2D, 0x1B, 0xDA, 0x10, 0x8B, 0xF6, 0xB6, 0x67, 0xE9, 0x29, 0xCD, 0xEC,
0x4C, 0x4D, 0x84, 0x28, 0x61, 0x3A, 0xF5, 0x6D, 0xEE, 0x78, 0x45, 0xF3,
0x17, 0xC9, 0x77, 0xAB, 0x56, 0x2C, 0x68, 0xCB, 0x14, 0x9F, 0x5A, 0xE7,
0x11, 0xC7, 0x13, 0x4B, 0xDC, 0x31, 0x60, 0x77, 0xDA, 0x56, 0x0C, 0x15,
0xB2, 0xA9, 0x73, 0x4C, 0xD3, 0x46, 0x29, 0x18, 0x1C, 0x8C, 0xFD, 0xCF,
0xAC, 0x4B, 0x55, 0x30, 0x96, 0xDC, 0xE9, 0xC0, 0x6A, 0x74, 0x68, 0x1D,
0x6B, 0x25, 0xB0, 0x8F, 0x0C, 0xD7, 0xDD, 0xFC, 0xA8, 0x15, 0x87, 0x3E,
0xA3, 0x91, 0x46, 0x25, 0x6C, 0x6F, 0xC4, 0xB2, 0xE1, 0xB8, 0x5F, 0xF3,
0x6A, 0x0D, 0x9C, 0x29, 0x08, 0x6F, 0x5E, 0xFF, 0xA0, 0x81, 0x34, 0xA5,
0x2B, 0x2B, 0x47, 0xE0, 0x6D, 0x56, 0xD2, 0x52, 0xC7, 0x19, 0x63, 0x72,
0x84, 0x96, 0x64, 0xA5, 0xF2, 0x92, 0x3C, 0x38, 0x37, 0x9F, 0x6A, 0x2D,
0x58, 0x33, 0x8C, 0x5C, 0x27, 0x05, 0xCB, 0x4F, 0x62, 0x2F, 0x40, 0xE9,
0x55, 0x2C, 0x75, 0x4B, 0x02, 0xB3, 0x61, 0xAD, 0x34, 0x14, 0x49, 0x26,
0x94, 0x45, 0x9B, 0xB8, 0xDB, 0x1F, 0xCE, 0xE9, 0xB1, 0xBF, 0x47, 0xF3,
0xD4, 0xAD, 0xEB, 0xBC, 0x4F, 0x61, 0xAD, 0x66, 0xAF, 0x10, 0x94, 0x5D,
0x25, 0x5B, 0x52, 0xF3, 0x44, 0xBA, 0x28, 0xF8, 0xF2, 0x01, 0x41, 0x61,
0xF3, 0xE5, 0x91, 0x44, 0xF9, 0xA3, 0x56, 0xD8, 0xE9, 0x43, 0x0F, 0x78,
0x7E, 0x1C, 0x01, 0xA6, 0xD7, 0x47, 0x87, 0x7C, 0xC5, 0xAF, 0x2A, 0xD3,
0x71, 0x3A, 0x3E, 0x96, 0xF5, 0x8E, 0xA8, 0x1A, 0x89, 0x17, 0xCD, 0x52,
0x7E, 0x98, 0x70, 0xB3, 0x57, 0x22, 0x59, 0x1C, 0xB7, 0x61, 0xD3, 0x32,
0xE5, 0x2E, 0x6B, 0x6F, 0x2B, 0xD2, 0xAB, 0x27, 0x62, 0x65, 0xBE, 0x0B,
0x8B, 0xFC, 0x9D, 0xB7, 0x3B, 0x4F, 0xA7, 0x35, 0xA6, 0xB3, 0x10, 0x98,
0x6D, 0x47, 0x12, 0x16, 0x89, 0x33, 0x9A, 0x87, 0x85, 0x50, 0x21, 0x2B,
0x03, 0xD0, 0x0C, 0x25, 0x52, 0xC1, 0xA4, 0xD9, 0x50, 0x57, 0x0A, 0x88,
0x67, 0xE9, 0x55, 0x78, 0xFF, 0x23, 0xC0, 0xD1, 0xB6, 0xF4, 0xBD, 0x64,
0x38, 0x9A, 0x59, 0xD8, 0x0C, 0xCA, 0x3C, 0x44, 0xBB, 0x31, 0x40, 0xF3,
0x3F, 0x84, 0x74, 0x1A, 0x1B, 0xFB, 0x81, 0x22, 0x20, 0x0E, 0x68, 0x48,
0x7F, 0xBF, 0xBB, 0xE2, 0xF7, 0xEA, 0x1C, 0xDD, 0x63, 0xAA, 0x3E, 0xFE,
0x7A, 0xBD, 0x6C, 0x2A, 0x2C, 0x6C, 0x8E, 0x3C, 0xB6, 0x42, 0x2F, 0x42,
0xF2, 0x17, 0x07, 0x2F, 0x4F, 0xAA, 0x4B, 0xA0, 0xE7, 0x98, 0xAE, 0x95,
0x21, 0x2A, 0xF8, 0x1C, 0x33, 0x81, 0xC2, 0x64, 0xEC, 0xF3, 0xD7, 0x75,
0x81, 0x61, 0x8C, 0xDF, 0x7F, 0x76, 0x6B, 0x44, 0x22, 0x36, 0xD3, 0x7F,
0x17, 0x40, 0x84, 0xF8, 0xA8, 0x4B, 0xD5, 0xD4, 0x4E, 0xA1, 0x86, 0xDB,
0x9B, 0xCD, 0xB6, 0x6C, 0xDF, 0x35, 0x0C, 0x0D, 0x7E, 0x0F, 0x01, 0x9C,
0xF7, 0x6E, 0x89, 0xE6, 0x2F, 0x0E, 0xC5, 0xF3, 0xEA, 0x69, 0x8C, 0xA5,
0xD5, 0x48, 0xEE, 0x5B, 0x77, 0x04, 0xFE, 0xC7, 0x56, 0x87, 0x27, 0xD4,
0xF9, 0xCC, 0xB4, 0xB4, 0xB7, 0x1A, 0x85, 0x38, 0x0B, 0x93, 0xD2, 0x1D,
0xD3, 0xDE, 0x7E, 0x45, 0xAF, 0x82, 0x46, 0x65, 0xFE, 0x59, 0x55, 0x83
},
/* uint8_t
* encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
*/
{
0xE6, 0x6C, 0xB8, 0x7C, 0xDB, 0x85, 0x50, 0x51, 0x4A, 0x75, 0x38, 0xA4,
0x74, 0x7A, 0x8C, 0x7C, 0x07, 0x71, 0x0E, 0x52, 0xC3, 0x19, 0xD1, 0xE6,
0xF8, 0x36, 0xD2, 0xD3, 0x53, 0xF8, 0xA7, 0xCE, 0xBC, 0xBE, 0xAE, 0x62,
0x7F, 0x00, 0x54, 0xB1, 0x01, 0x11, 0xCA, 0xE3, 0x77, 0x3E, 0x2E, 0x21
},
};

2
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
View File

@ -38,6 +38,8 @@ typedef struct st_key_block_data
uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE];
uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16];
uint8_t encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16];
uint8_t encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
} st_key_block_data_t;

11
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
View File

@ -48,7 +48,7 @@
* TLSv1.3, uncomment line below.
*
*----------------------------------------------------------------------------*/
/*#define WOLFSSL_TLS13*/
#define WOLFSSL_TLS13
/*-- Operating System related definitions --------------------------------------
@ -72,11 +72,12 @@
*----------------------------------------------------------------------------*/
#define NO_DEV_RANDOM
#define NO_MD4
#define WOLFSSL_DH_CONST
#define HAVE_TLS_EXTENSIONS
#define HAVE_AESGCM
#define HAVE_AESCCM
#define HAVE_AES_CBC
#define WOLFSSL_SHA512
@ -108,7 +109,7 @@
* - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
*
*/
/*#define USE_ECC_CERT*/
#define USE_ECC_CERT
/* In this example application, Root CA cert buffer named
* "ca_ecc_cert_der_256" is used under the following macro definition
@ -151,8 +152,10 @@
#define WOLFSSL_USER_CURRTIME /* for benchmark */
#define USER_TIME
#define TIME_OVERRIDES
#define XTIME time
#define WOLFSSL_GMTIME
#define XGMTIME(c,t) gmtime(c)
#define USE_WOLF_SUSECONDS_T
#define USE_WOLF_TIMEVAL_T

88
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
View File

@ -171,7 +171,7 @@ static void Tls_client_init(const char* cipherlist)
/* Create and initialize WOLFSSL_CTX */
if ((client_ctx =
wolfSSL_CTX_new(wolfTLSv1_2_client_method_ex((void *)NULL))) == NULL) {
wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
return;
}
@ -180,21 +180,79 @@ static void Tls_client_init(const char* cipherlist)
tsip_set_callbacks(client_ctx);
#endif
/* load root CA certificate */
#if defined(NO_FILESYSTEM)
if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert,
SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
printf("ERROR: can't load certificate data\n");
return;
}
#else
if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
printf("ERROR: can't load \"%s\"\n", cert);
return NULL;
}
#endif
/* load client certificate */
#ifdef USE_ECC_CERT
if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
cliecc_cert_der_256,
sizeof_cliecc_cert_der_256,
WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
printf("ERROR: can't load client-certificate\n");
return;
}
#else
if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
client_cert_der_2048,
sizeof_client_cert_der_2048,
WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
printf("ERROR: can't load client-certificate\n");
return;
}
#endif /* USE_ECC_CERT */
/* load client private key */
#ifdef USE_ECC_CERT
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS) && \
(WOLFSSL_RENESAS_TSIP_VER >= 115 )
if (tsip_set_clientPrivateKeyEnc(
g_key_block_data.encrypted_user_ecc256_private_key,
TSIP_ECCP256) != 0) {
printf("ERROR: can't load client-private key\n");
return;
}
#else
if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx,
ecc_clikey_der_256,
sizeof_ecc_clikey_der_256,
SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: can't load private-key data.\n");
return;
}
#endif /* WOLFSSL_TLS13 */
#else
if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx,
client_key_der_2048,
sizeof_client_key_der_2048,
SSL_FILETYPE_ASN1)
!= WOLFSSL_SUCCESS) {
printf("ERROR: can't load private-key data.\n");
return;
}
#endif /* USE_ECC_CERT */
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS) && \
(WOLFSSL_RENESAS_TSIP_VER >= 115)
if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
printf("client can't set use supported curves\n");
return;
}
#endif
@ -320,13 +378,26 @@ static void Tls_client_demo(void)
#ifdef USE_ECC_CERT
const char* cipherlist[] = {
#if defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256",
"TLS13-AES128-CCM-SHA256",
#endif
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA256"
};
const int cipherlist_sz = 2;
int cipherlist_sz;
#if defined(WOLFSSL_TLS13)
cipherlist_sz = 2;
#else
cipherlist_sz = 2;
#endif
#else
const char* cipherlist[] = {
#if defined(WOLFSSL_TLS13)
"TLS13-AES128-GCM-SHA256",
"TLS13-AES128-CCM-SHA256",
#endif
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-SHA256",
"AES128-SHA",
@ -334,7 +405,12 @@ static void Tls_client_demo(void)
"AES256-SHA",
"AES256-SHA256"
};
const int cipherlist_sz = 6;
int cipherlist_sz;
#if defined(WOLFSSL_TLS13)
cipherlist_sz = 2;
#else
cipherlist_sz = 6;
#endif
#endif

8
src/internal.c
View File

@ -7251,6 +7251,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
XFREE(ssl->peerSceTsipEncRsaKeyIndex, ssl->heap, DYNAMIC_TYPE_RSA);
Renesas_cmn_Cleanup(ssl);
#endif
if (ssl->buffers.inputBuffer.dynamicFlag)
ShrinkInputBuffer(ssl, FORCED_FREE);
@ -8791,6 +8792,13 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz)
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_StoreMessage(ssl, data, sz);
if (ret != 0 && ret != CRYPTOCB_UNAVAILABLE) {
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
#ifndef NO_OLD_TLS
#ifndef NO_SHA
wc_ShaUpdate(&ssl->hsHashes->hashSha, data, sz);

16
src/tls.c
View File

@ -60,6 +60,10 @@
#endif
#endif
#if defined(WOLFSSSL_RENESAS_TSIP_TLS)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#endif
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
static int TLSX_KeyShare_IsSupported(int namedGroup);
static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap);
@ -6881,6 +6885,12 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
kse->keyLen = keySize;
kse->pubKeyLen = keySize * 2 + 1;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_Tls13GenEccKeyPair(ssl, kse);
if (ret != CRYPTOCB_UNAVAILABLE) {
return ret;
}
#endif
/* Allocate an ECC key to hold private key. */
kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC);
if (kse->key == NULL) {
@ -7763,6 +7773,12 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
ssl->peerEccKeyPresent = 0;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_Tls13GenSharedSecret(ssl, keyShareEntry);
if (ret != CRYPTOCB_UNAVAILABLE) {
return ret;
}
#endif
ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap,
DYNAMIC_TYPE_ECC);

104
src/tls13.c
View File

@ -509,6 +509,13 @@ static int DeriveClientHandshakeSecret(WOLFSSL* ssl, byte* key)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_Ver >= 115)
(void)key;
ret = tsip_DeriveClientHandshakeSecret(ssl);
if (ret != CRYPTOCB_UNAVAILABLE) {
return ret;
}
#endif
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
clientHandshakeLabel, CLIENT_HANDSHAKE_LABEL_SZ,
ssl->specs.mac_algorithm, 1);
@ -911,6 +918,11 @@ int DeriveEarlySecret(WOLFSSL* ssl)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_Tls13DeriveEarlySecret(ssl);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
#endif
PRIVATE_KEY_UNLOCK();
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
ret = Tls13_HKDF_Extract(ssl, ssl->arrays->secret, NULL, 0,
@ -942,6 +954,12 @@ int DeriveHandshakeSecret(WOLFSSL* ssl)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_Tls13DeriveHandshakeSecret(ssl);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
#endif
ret = DeriveKeyMsg(ssl, key, -1, ssl->arrays->secret,
derivedLabel, DERIVED_LABEL_SZ,
NULL, 0, ssl->specs.mac_algorithm);
@ -970,6 +988,13 @@ int DeriveMasterSecret(WOLFSSL* ssl)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_Tls13DeriveMasterSecret(ssl);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
#endif
ret = DeriveKeyMsg(ssl, key, -1, ssl->arrays->preMasterSecret,
derivedLabel, DERIVED_LABEL_SZ,
NULL, 0, ssl->specs.mac_algorithm);
@ -1165,6 +1190,14 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
#endif
int provision;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_Tls13DeriveKeys(ssl, secret, side);
if (ret != CRYPTOCB_UNAVAILABLE) {
return ret;
}
ret = BAD_FUNC_ARG; /* Assume failure */
#endif
#ifdef WOLFSSL_SMALL_STACK
key_dig = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_DIGEST);
if (key_dig == NULL)
@ -1925,6 +1958,16 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
ssl->error = 0; /* clear async */
}
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_Tls13AesEncrypt(ssl, output, input, dataSz);
if (ret != CRYPTOCB_UNAVAILABLE) {
if (ret > 0) {
ret = 0; /* tsip_Tls13AesEncrypt returns output size */
}
return ret;
}
ret = 0;
#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
switch (ssl->encrypt.state) {
case CIPHER_STATE_BEGIN:
@ -2248,6 +2291,24 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
WOLFSSL_ENTER("DecryptTls13");
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_Tls13AesDecrypt(ssl, output, input, sz);
if (ret != CRYPTOCB_UNAVAILABLE) {
#ifndef WOLFSSL_EARLY_DATA
if (ret < 0) {
if (doAlert) {
SendAlert(ssl, alert_fatal, bad_record_mac);
}
ret = VERIFY_MAC_ERROR;
}
#else
(void)doAlert;
#endif
return ret;
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfSSL_AsyncPop(ssl, &ssl->decrypt.state);
if (ret != WC_NOT_PENDING_E) {
@ -6622,6 +6683,14 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_SEND);
WOLFSSL_ENTER("SendTls13CertificateVerify");
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_Tls13SendCertVerify(ssl);
if (ret != CRYPTOCB_UNAVAILABLE) {
goto exit_scv;
}
ret = 0;
#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
#ifdef WOLFSSL_DTLS13
/* can be negative */
if (ssl->options.dtls)
@ -7152,6 +7221,14 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_DO);
WOLFSSL_ENTER("DoTls13CertificateVerify");
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_Tls13CertificateVerify(ssl, input, inOutIdx, totalSz);
if (ret != CRYPTOCB_UNAVAILABLE) {
goto exit_dcv;
}
ret = 0;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
if (ssl->async == NULL) {
ssl->async = (struct WOLFSSL_ASYNC*)
@ -7596,6 +7673,23 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (*inOutIdx + size > totalSz)
return BUFFER_E;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_Tls13HandleFinished(ssl, input, inOutIdx, size, totalSz);
if (ret == 0) {
ssl->options.serverState = SERVER_FINISHED_COMPLETE;
return ret;
}
if (ret == VERIFY_FINISHED_ERROR) {
SendAlert(ssl, alert_fatal, decrypt_error);
return ret;
}
if (ret != CRYPTOCB_UNAVAILABLE) {
/* other errors */
return ret;
}
ret = 0;
#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
if (ssl->options.handShakeDone) {
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
ssl->keys.client_write_MAC_secret);
@ -7748,6 +7842,16 @@ static int SendTls13Finished(WOLFSSL* ssl)
AddTls13HandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
if (ssl->options.side == WOLFSSL_CLIENT_END) {
ret = tsip_Tls13SendFinished(ssl, output, outputSz, input, 1);
if (ret != CRYPTOCB_UNAVAILABLE) {
return ret;
}
ret = 0;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS && WOLFSSL_RENESAS_TSIP_VER >= 115 */
/* make finished hashes */
if (ssl->options.handShakeDone) {
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,

49
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -44,6 +44,47 @@ static int gdevId = 7890; /* initial dev Id for Crypt Callback */
#include <wolfssl/wolfcrypt/cryptocb.h>
WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl)
{
int ret = 0;
WOLFSSL_ENTER("Renesas_cmn_Cleanup");
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_TlsCleanup(ssl);
#endif
WOLFSSL_LEAVE("Renesas_cmn_Cleanup", ret);
return ret;
}
WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, word32* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx)
{
int ret = NOT_COMPILED_IN;
WOLFSSL_ENTER("Renesas_cmn_RsaSignCb");
/* This is just a stub function that provides no logic */
WOLFSSL_LEAVE("Renesas_cmn_RsaSignCb", ret);
return ret;
}
WOLFSSL_LOCAL int Renesas_cmn_EccSignCb(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, word32* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx)
{
int ret = NOT_COMPILED_IN;
WOLFSSL_ENTER("Renesas_cmn_EccSignCb");
/* This is just a stub function that provides no logic */
WOLFSSL_LEAVE("Renesas_cmn_EccSignCb", ret);
return ret;
}
/* Renesas Security Library Common Callback
* For Crypto Callbacks
*
@ -414,7 +455,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, unsigned char* sig,
}
else {
WOLFSSL_MSG("failed wc_tsip_RsaVerify");
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
@ -428,7 +469,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl, unsigned char* sig,
}
else {
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
#endif
@ -466,7 +507,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
}
else {
WOLFSSL_MSG("failed wc_tsip_EccVerify");
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
@ -479,7 +520,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
}
else {
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
wolfSSL_CTX_SetEccSharedSecretCb(ssl->ctx, NULL);
wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
}
#endif

416
wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
View File

@ -1,6 +1,6 @@
/* renesas_tsip_aes.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -38,7 +38,12 @@
#include <wolfssl/internal.h>
#include <wolfssl/wolfcrypt/aes.h>
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#define TSIP_AES_GCM_AUTH_TAG_SIZE 16
@ -55,6 +60,405 @@ typedef e_tsip_err_t (*aesGcmDecUpdateFn)
typedef e_tsip_err_t (*aesGcmDecFinalFn)
(tsip_gcm_handle_t*, uint8_t*, uint32_t*, uint8_t*, uint32_t);
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* function pointer type defs for TLSv13 handshake AES-GCM/CCM encryption */
typedef e_tsip_err_t (*Tls13AesEncInitFn)
(tsip_tls13_handle_t*, e_tsip_tls13_phase_t, e_tsip_tls13_mode_t,
e_tsip_tls13_cipher_suite_t, tsip_aes_key_index_t*, uint32_t);
typedef e_tsip_err_t (*Tls13AesEncUpdateFn)
(tsip_tls13_handle_t*, uint8_t*, uint8_t*, uint32_t);
typedef e_tsip_err_t (*Tls13AesEncFinalFn)
(tsip_tls13_handle_t*, uint8_t*, uint32_t*);
/* function pointer type defs for TLSv13 handshake AES-GCM/CCM decryption */
typedef e_tsip_err_t (*Tls13AesDecInitFn)
(tsip_tls13_handle_t*, e_tsip_tls13_phase_t, e_tsip_tls13_mode_t,
e_tsip_tls13_cipher_suite_t, tsip_aes_key_index_t*, uint32_t);
typedef e_tsip_err_t (*Tls13AesDecUpdateFn)
(tsip_tls13_handle_t*, uint8_t*, uint8_t*, uint32_t);
typedef e_tsip_err_t (*Tls13AesDecFinalFn)
(tsip_tls13_handle_t*, uint8_t*, uint32_t*);
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* encrypt plain data.
*
* return cipher data size on success, negative value on failure.
* CRYPTOCB_UNAVAILABLE may be returned.
*/
WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
struct WOLFSSL* ssl,
byte* output,
const byte* input,
word16 sz)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
TsipUserCtx* tuc = NULL;
e_tsip_tls13_cipher_suite_t cs;
word32 cipher[(AES_BLOCK_SIZE + TSIP_AES_GCM_AUTH_TAG_SIZE) /
sizeof(word32)];
word32 plain[AES_BLOCK_SIZE / sizeof(word32)];
int idxIn,idxOut;
uint32_t remain;
uint32_t dataSz, finalSz;
e_tsip_tls13_phase_t phase;
tsip_aes_key_index_t* key = NULL;
WOLFSSL_ENTER("tsip_Tls13AesEncrypt");
if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) {
return BAD_FUNC_ARG;
}
if (ssl->options.side != WOLFSSL_CLIENT_END) {
return CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
}
/* get user context for TSIP */
tuc = ssl->RenesasUserCtx;
if (tuc == NULL) {
WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
return CRYPTOCB_UNAVAILABLE;
}
/* select the appropriate encryption key and phase */
if (ssl->options.handShakeDone) {
if (!tuc->ClientWriteTrafficKey_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
return CRYPTOCB_UNAVAILABLE;
}
key = &(tuc->clientAppWriteKey13Idx);
phase = TSIP_TLS13_PHASE_APPLICATION;
}
else {
if (!tuc->HandshakeClientTrafficKey_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
return CRYPTOCB_UNAVAILABLE;
}
key = &(tuc->clientWriteKey13Idx);
phase = TSIP_TLS13_PHASE_HANDSHAKE;
}
/* select AES mode */
if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
cs = TSIP_TLS13_CIPHER_SUITE_AES_128_GCM_SHA256;
else if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm)
cs = TSIP_TLS13_CIPHER_SUITE_AES_128_CCM_SHA256;
else
return CRYPTOCB_UNAVAILABLE;
remain = sz;
finalSz = 0;
if ((ret = tsip_hw_lock()) == 0) {
err = R_TSIP_Tls13EncryptInit(
&(tuc->handle13),
phase,
TSIP_TLS13_MODE_FULL_HANDSHAKE,
cs,
key,
sz);
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13DecryptUpdate error");
ret = WC_HW_E;
}
idxIn = 0;
idxOut = 0;
while (err == TSIP_SUCCESS && remain > 0) {
dataSz = min(remain, AES_BLOCK_SIZE);
ForceZero(plain, sizeof(plain));
ForceZero(cipher, sizeof(cipher));
XMEMCPY(plain, input + idxIn, dataSz);
err = R_TSIP_Tls13EncryptUpdate(
&(tuc->handle13),
(uint8_t*)plain,
(uint8_t*)cipher,
dataSz);
if (err == TSIP_SUCCESS) {
if (dataSz >= AES_BLOCK_SIZE) {
XMEMCPY(output + idxOut, cipher, dataSz);
idxOut += dataSz;
}
idxIn += dataSz;
remain -= dataSz;
}
else {
WOLFSSL_MSG("R_TSIP_Tls13DecryptUpdate error");
ret = WC_HW_E;
}
}
if (err == TSIP_SUCCESS) {
ForceZero(cipher, sizeof(cipher));
/* R_TSIP_Tls13EncryptFinal outputs encrypted content and auth-data
* to the buffer.
*/
err = R_TSIP_Tls13EncryptFinal(
&(tuc->handle13),
(uint8_t*)cipher,
&finalSz); /* total output size */
if (err == TSIP_SUCCESS) {
XMEMCPY(output + idxOut, cipher, finalSz - idxOut);
ret = finalSz;
}
else {
WOLFSSL_MSG("R_TSIP_Tls13EncryptFinal error");
ret = WC_HW_E;
}
}
tsip_hw_unlock();
}
WOLFSSL_LEAVE("tsip_Tls13AesEncrypt", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* decrypt encrypted handshake data for TLSv1.3
* AES-GCM or AES-CCM can be used
* return 0 on success, otherwise on error.
*/
WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
struct WOLFSSL* ssl,
byte* output,
const byte* input,
word16 sz)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
TsipUserCtx* tuc = NULL;
e_tsip_tls13_cipher_suite_t cs;
word32 cipher[AES_BLOCK_SIZE / sizeof(word32)];
word32 plain[AES_BLOCK_SIZE / sizeof(word32)];
int idxIn,idxOut;
int blocks;
uint32_t remain,conRemain;
uint32_t dataSz, finalSz;
e_tsip_tls13_phase_t phase;
tsip_aes_key_index_t* key = NULL;
WOLFSSL_ENTER("tsip_Tls13AesDecrypt");
if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) {
return BAD_FUNC_ARG;
}
if (ssl->options.side != WOLFSSL_CLIENT_END) {
return CRYPTOCB_UNAVAILABLE; /* expecting to fallback to S/W */
}
/* get user context for TSIP */
tuc = ssl->RenesasUserCtx;
if (tuc == NULL) {
WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
return CRYPTOCB_UNAVAILABLE;
}
/* select the appropriate encryption key and phase */
if (ssl->options.handShakeDone) {
if (!tuc->ServerWriteTrafficKey_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
return CRYPTOCB_UNAVAILABLE;
}
key = &(tuc->serverAppWriteKey13Idx);
phase = TSIP_TLS13_PHASE_APPLICATION;
}
else {
if (!tuc->HandshakeServerTrafficKey_set) {
WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
return CRYPTOCB_UNAVAILABLE;
}
key = &(tuc->serverWriteKey13Idx);
phase = TSIP_TLS13_PHASE_HANDSHAKE;
}
/* select AES mode */
if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
cs = TSIP_TLS13_CIPHER_SUITE_AES_128_GCM_SHA256;
else if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm)
cs = TSIP_TLS13_CIPHER_SUITE_AES_128_CCM_SHA256;
else
return CRYPTOCB_UNAVAILABLE;
blocks = sz / AES_BLOCK_SIZE;
remain = sz;
conRemain = sz - TSIP_AES_GCM_AUTH_TAG_SIZE;
if ((ret = tsip_hw_lock()) == 0) {
err = R_TSIP_Tls13DecryptInit(
&(tuc->handle13),
phase,
TSIP_TLS13_MODE_FULL_HANDSHAKE,
cs,
key,
sz);
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Tls13DecryptInit error");
ret = WC_HW_E;
}
idxIn = 0;
idxOut = 0;
while (err == TSIP_SUCCESS && (blocks--) >= 0) {
dataSz = min(remain, AES_BLOCK_SIZE);
XMEMCPY(cipher, input + idxIn, dataSz);
ForceZero(plain, AES_BLOCK_SIZE);
err = R_TSIP_Tls13DecryptUpdate(
&(tuc->handle13),
(uint8_t*)cipher,
(uint8_t*)plain,
dataSz);
if (err == TSIP_SUCCESS) {
if (dataSz >= AES_BLOCK_SIZE && conRemain >= AES_BLOCK_SIZE) {
XMEMCPY(output + idxOut, plain, dataSz);
idxOut += dataSz;
conRemain -= min(conRemain, dataSz);
}
idxIn += dataSz;
remain -= dataSz;
}
else {
WOLFSSL_MSG("R_TSIP_Tls13DecryptUpdate error");
ret = WC_HW_E;
}
}
if (err == TSIP_SUCCESS) {
err = R_TSIP_Tls13DecryptFinal(
&(tuc->handle13),
(uint8_t*)plain,
&finalSz); /* total size will be returned */
if (err == TSIP_SUCCESS) {
XMEMCPY(output + idxOut, plain, conRemain);
}
else if (err== TSIP_ERR_AUTHENTICATION) {
WOLFSSL_MSG("tsip_Tls13AesDecrypt authentication error");
ret = AES_GCM_AUTH_E;
}
else {
WOLFSSL_MSG("R_TSIP_Tls13DecryptFinal error");
ret = WC_HW_E;
}
}
tsip_hw_unlock();
}
WOLFSSL_LEAVE("tsip_Tls13AesDecrypt", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 109)
#ifdef WOLF_CRYPTO_CB
WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
void* ctx)
{
int ret = NOT_COMPILED_IN;
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
WOLFSSL_ENTER("wc_tsip_AesCipher");
if (info == NULL || ctx == NULL)
return BAD_FUNC_ARG;
if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES) || !defined(NO_DES3)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM &&
cbInfo->session_key_set == 1) {
if (info->cipher.enc) {
ret = wc_tsip_AesGcmEncrypt(
info->cipher.aesgcm_enc.aes,
(byte*)info->cipher.aesgcm_enc.out,
(byte*)info->cipher.aesgcm_enc.in,
info->cipher.aesgcm_enc.sz,
(byte*)info->cipher.aesgcm_enc.iv,
info->cipher.aesgcm_enc.ivSz,
(byte*)info->cipher.aesgcm_enc.authTag,
info->cipher.aesgcm_enc.authTagSz,
(byte*)info->cipher.aesgcm_enc.authIn,
info->cipher.aesgcm_enc.authInSz,
(void*)ctx);
}
else {
ret = wc_tsip_AesGcmDecrypt(
info->cipher.aesgcm_dec.aes,
(byte*)info->cipher.aesgcm_dec.out,
(byte*)info->cipher.aesgcm_dec.in,
info->cipher.aesgcm_dec.sz,
(byte*)info->cipher.aesgcm_dec.iv,
info->cipher.aesgcm_dec.ivSz,
(byte*)info->cipher.aesgcm_dec.authTag,
info->cipher.aesgcm_dec.authTagSz,
(byte*)info->cipher.aesgcm_dec.authIn,
info->cipher.aesgcm_dec.authInSz,
(void*)ctx);
}
}
#endif /* HAVE_AESGCM */
#ifdef HAVE_AES_CBC
if (info->cipher.type == WC_CIPHER_AES_CBC &&
cbInfo->session_key_set == 1) {
if (info->cipher.enc) {
ret = wc_tsip_AesCbcEncrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
(byte*)info->cipher.aescbc.in,
info->cipher.aescbc.sz);
}
else {
ret = wc_tsip_AesCbcDecrypt(
info->cipher.aescbc.aes,
(byte*)info->cipher.aescbc.out,
(byte*)info->cipher.aescbc.in,
info->cipher.aescbc.sz);
}
}
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */
}
WOLFSSL_LEAVE("wc_tsip_AesCipher", ret);
return ret;
}
#endif /* WOLF_CRYPTO_CB */
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 109 */
int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
@ -271,8 +675,8 @@ int wc_tsip_AesGcmEncrypt(
if (ret == 0) {
XMEMCPY(plainBuf, in, sz);
XMEMSET(cipherBuf, 0, cipherBufSz);
XMEMSET(authTag, 0, authTagSz);
ForceZero(cipherBuf, cipherBufSz);
ForceZero(authTag, authTagSz);
XMEMCPY(aadBuf, authIn, min(authInSz, TSIP_AES_GCM_AUTH_TAG_SIZE));
}
@ -447,9 +851,9 @@ int wc_tsip_AesGcmDecrypt(
}
if (ret == 0) {
XMEMSET(plainBuf, 0, plainBufSz);
ForceZero(plainBuf, plainBufSz);
XMEMCPY(cipherBuf, in, sz);
XMEMSET(aTagBuf, 0, TSIP_AES_GCM_AUTH_TAG_SIZE);
ForceZero(aTagBuf, TSIP_AES_GCM_AUTH_TAG_SIZE);
XMEMCPY(aTagBuf,authTag,min(authTagSz, TSIP_AES_GCM_AUTH_TAG_SIZE));
XMEMCPY(aadBuf, authIn, authInSz);
}

250
wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
View File

@ -1,6 +1,6 @@
/* renesas_tsip_sha.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -25,7 +25,13 @@
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/internal.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#if !defined(NO_SHA) || !defined(NO_SHA256)
#include <wolfssl/wolfcrypt/logging.h>
@ -36,12 +42,248 @@
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#if !defined(NO_SHA) && !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include <wolfssl/wolfcrypt/sha.h>
extern struct WOLFSSL_HEAP_HINT* tsip_heap_hint;
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* get hmac from handshake messages exchanged with server.
*
*/
WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
{
int ret = 0;
int isTLS13 = 0;
TsipUserCtx* tuc = NULL;
e_tsip_err_t err = TSIP_SUCCESS;
byte hash[WC_SHA256_DIGEST_SIZE];
int hmacSz = 0;
WOLFSSL_ENTER("tsip_Tls13GetHmacMessages");
if (ssl == NULL)
ret = BAD_FUNC_ARG;
if (ret == 0) {
if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor == TLSv1_3_MINOR)
isTLS13 = 1;
/* TSIP works only in TLS13 client side */
if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
ret = CRYPTOCB_UNAVAILABLE;
}
}
/* get user context for TSIP */
if (ret == 0) {
tuc = ssl->RenesasUserCtx;
if (tuc == NULL) {
ret = CRYPTOCB_UNAVAILABLE;
}
else if (!tuc->HandshakeClientTrafficKey_set) {
WOLFSSL_MSG("Client handshake traffic keys aren't created by TSIP");
ret = CRYPTOCB_UNAVAILABLE;
}
}
/* get transcript hash */
if (ret == 0) {
ForceZero(hash, sizeof(hash));
ret = tsip_GetMessageSha256(ssl, hash, (int*)&hmacSz);
}
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
err = R_TSIP_Sha256HmacGenerateInit(&(tuc->hmacFinished13Handle),
&(tuc->clientFinished13Idx));
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed");
ret = WC_HW_E;
}
if (ret == 0) {
err = R_TSIP_Sha256HmacGenerateUpdate(
&(tuc->hmacFinished13Handle),
(uint8_t*)hash,
WC_SHA256_DIGEST_SIZE);
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateUpdate failed");
ret = WC_HW_E;
}
}
if (ret == 0) {
err = R_TSIP_Sha256HmacGenerateFinal(
&(tuc->hmacFinished13Handle), mac);
if (err != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed");
ret = WC_HW_E;
}
}
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("mutex locking error");
}
}
WOLFSSL_LEAVE("tsipTls13GetHmacMessages", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* store handshake message for later hash or hmac operation.
*
*/
WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
int sz)
{
int ret = 0;
int isTLS13 = 0;
word32 messageSz;
MsgBag* bag = NULL;
TsipUserCtx* tuc = NULL;
WOLFSSL_ENTER("tsip_StoreMessage");
if (ssl == NULL)
ret = BAD_FUNC_ARG;
if (ret == 0) {
if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor == TLSv1_3_MINOR)
isTLS13 = 1;
/* TSIP works only in TLS13 client side */
if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
WOLFSSL_MSG("Not in tls1.3 or not in client end");
ret = CRYPTOCB_UNAVAILABLE;
}
}
/* should work until handshake is done */
if (ret == 0) {
if (ssl->options.handShakeDone) {
WOLFSSL_MSG("handshake is done.");
ret = CRYPTOCB_UNAVAILABLE;
}
}
/* get user context for TSIP */
if (ret == 0) {
tuc = ssl->RenesasUserCtx;
if (tuc == NULL) {
WOLFSSL_MSG("RenesasUserCtx is not set in ssl.");
ret = CRYPTOCB_UNAVAILABLE;
}
}
/* check if TSIP is used for this session */
if (ret == 0) {
if (!tuc->Dhe_key_set) {
WOLFSSL_MSG("DH key not set.");
ret = CRYPTOCB_UNAVAILABLE;
}
}
/* copy raw handshake message into MsgBag for later sha256 operations. */
if (ret == 0) {
c24to32(&data[1], &messageSz);
bag = &(tuc->messageBag);
if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES ||
bag->buffIdx + sz > MSGBAG_SIZE) {
WOLFSSL_MSG("Capacity over error in tsip_StoreMessage");
ret = MEMORY_E;
}
XMEMCPY(bag->buff + bag->buffIdx, data, sz);
bag->msgTypes[bag->msgIdx++] = *data; /* store message type */
bag->buffIdx += sz;
}
WOLFSSL_LEAVE("tsip_StoreMessage", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
int* sz)
{
int ret = 0;
int isTLS13 = 0;
MsgBag* bag = NULL;
TsipUserCtx* tuc = NULL;
tsip_sha_md5_handle_t handle;
e_tsip_err_t err = TSIP_SUCCESS;
uint32_t hashSz = 0;
WOLFSSL_ENTER("tsip_GetMessageSha256");
if (ssl == NULL)
ret = BAD_FUNC_ARG;
if (ret == 0) {
if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor == TLSv1_3_MINOR)
isTLS13 = 1;
/* TSIP works only in TLS13 client side */
if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
ret = CRYPTOCB_UNAVAILABLE;
}
}
/* get user context for TSIP */
if (ret == 0) {
tuc = ssl->RenesasUserCtx;
if (tuc == NULL) {
ret = CRYPTOCB_UNAVAILABLE;
}
bag = &(tuc->messageBag);
}
if (ret == 0) {
if ((ret = tsip_hw_lock()) == 0) {
err = R_TSIP_Sha256Init(&handle);
if (err == TSIP_SUCCESS) {
err = R_TSIP_Sha256Update(&handle, (uint8_t*)bag->buff,
bag->buffIdx);
}
if (err == TSIP_SUCCESS) {
err = R_TSIP_Sha256Final(&handle, hash, &hashSz);
}
if (err == TSIP_SUCCESS) {
if (sz != NULL) {
*sz = hashSz;
}
}
else {
ret = WC_HW_E;
}
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("mutex locking error");
}
}
WOLFSSL_LEAVE("tsip_GetMessageSha256", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_VER >= 115 */
static void TSIPHashFree(wolfssl_TSIP_Hash* hash)
{
if (hash == NULL)
@ -61,7 +303,7 @@ static int TSIPHashInit(wolfssl_TSIP_Hash* hash, void* heap, int devId,
}
(void)devId;
XMEMSET(hash, 0, sizeof(wolfssl_TSIP_Hash));
ForceZero(hash, sizeof(wolfssl_TSIP_Hash));
if (heap == NULL && tsip_heap_hint != NULL) {
hash->heap = (struct wolfSSL_HEAP_HINT*)tsip_heap_hint;

1824
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

File diff suppressed because it is too large Load Diff

1
wolfssl/internal.h
View File

@ -4525,6 +4525,7 @@ struct WOLFSSL {
#ifndef NO_RSA
RsaKey* peerRsaKey;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
void* RenesasUserCtx;
byte* peerSceTsipEncRsaKeyIndex;
#endif
byte peerRsaKeyPresent;

225
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -1,6 +1,6 @@
/* renesas-tsip-crypt.h
*
* Copyright (C) 2006-2021 wolfSSL Inc.
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -66,13 +66,18 @@ enum {
l_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
l_TLS_AES_128_GCM_SHA256 = 0x01,
l_TLS_AES_128_CCM_SHA256 = 0x04,
};
enum {
ENCRYPTED_ECDHE_PUBKEY_SZ = 96,
ECCP256_PUBKEY_SZ = 64,
TSIP_TLS_CLIENTRANDOM_SZ = 32,
TSIP_TLS_SERVERRANDOM_SZ = 32,
ENCRYPTED_ECDHE_PUBKEY_SZ = 96,
ECCP256_PUBKEY_SZ = 64,
TSIP_TLS_CLIENTRANDOM_SZ = 32,
TSIP_TLS_SERVERRANDOM_SZ = 32,
TSIP_TLS_VERIFY_DATA_WD_SZ = 8,
TSIP_TLS_MAX_SIGDATA_SZ = 130,
TSIP_TEMP_WORK_SIZE = 128,
};
#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \
@ -83,6 +88,12 @@ typedef enum {
TSIP_SHA256 = 1,
} TSIP_SHA_TYPE;
typedef enum {
TSIP_RSA2048,
TSIP_RSA4096,
TSIP_ECCP256,
} TSIP_KEY_TYPE;
typedef struct {
byte* msg;
void* heap;
@ -114,15 +125,119 @@ typedef wolfssl_TSIP_Hash wc_Sha;
} TSIP_AES_CTX;
#endif
struct WOLFSSL;
struct KeyShareEntry;
/* MsgBag stands for message bag and acts as a buffer for holding plain text
* handshake messages exchanged between client and server.
* MsgBag was introduced as a workaround for the TSIP's limitation that TSIP
* can not process multiple hash algorithms at the same time. If the
* limitation is resolved in a future TSIP, MsgBag should be removed.
* The contents in this MsgBag is used for transcript hashing. The hash value
* is used for the key derivation and Finished-message.
* The capacity of the MsgBag is defined as MSGBAG_SIZE and the actual
* size is 8KB. The size should be large enough to hold all the handshake
* messages including the server and client certificate messages.
*/
#define MSGBAG_SIZE (1024 * 8)
#define MAX_MSGBAG_MESSAGES 10
typedef struct MsgBag
{
int msgIdx;
int buffIdx;
byte msgTypes[MAX_MSGBAG_MESSAGES];
byte buff[MSGBAG_SIZE];
} MsgBag;
/*
* structure for ECDH key exchange
* TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format.
*/
typedef struct TsipUserCtx {
/* unique number for each session */
int devId;
/* 0:working as a TLS client, 1: as a server */
byte side;
/* public key index for verification of RootCA cert */
uint32_t user_key_id;
/* WOLFSSL object associated with */
struct WOLFSSL* ssl;
struct WOLFSSL_CTX* ctx;
/* HEAP_HINT */
void* heap;
#if (WOLFSSL_RENESAS_TSIP_VER >= 115)
/* TLSv1.3 handshake related members, mainly keys */
/* handle is used as work area for Tls13 handshake */
tsip_tls13_handle_t handle13;
/* RSA-2048bit private key-index for client authentication */
tsip_rsa2048_private_key_index_t RsaPrivateKeyIdx;
/* ECC P256 private key-index for client authentication */
tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx;
/* ECDHE private key index for Tls13 handshake */
tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx;
/* ECDHE pre-master secret */
tsip_tls13_ephemeral_shared_secret_key_index_t sharedSecret13Idx;
/* Handshake secret for Tls13 handshake */
tsip_tls13_ephemeral_handshake_secret_key_index_t handshakeSecret13Idx;
/* the key to decrypt server-finished message */
tsip_tls13_ephemeral_server_finished_key_index_t serverFinished13Idx;
/* key for Sha256-Hmac to gen "Client Finished" */
tsip_hmac_sha_key_index_t clientFinished13Idx;
/* AES decryption key for handshake */
tsip_aes_key_index_t serverWriteKey13Idx;
/* AES encryption key for handshake */
tsip_aes_key_index_t clientWriteKey13Idx;
/* Handshake verified data used for master secret */
word32 verifyData13Idx[TSIP_TLS_VERIFY_DATA_WD_SZ];
/* master secret for TLS1.3 */
tsip_tls13_ephemeral_master_secret_key_index_t masterSecret13Idx;
/* server app traffic secret */
tsip_tls13_ephemeral_app_secret_key_index_t serverAppTraffic13Secret;
/* client app traffic secret */
tsip_tls13_ephemeral_app_secret_key_index_t clientAppTraffic13Secret;
/* server write key */
tsip_aes_key_index_t serverAppWriteKey13Idx;
/* client write key */
tsip_aes_key_index_t clientAppWriteKey13Idx;
/* hash handle for transcript hash of handshake messages */
tsip_hmac_sha_handle_t hmacFinished13Handle;
/* storage for handshake messages */
MsgBag messageBag;
/* signature data area for TLS1.3 CertificateVerify message */
byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
/* peer's Rsa 2046 bit public key index for CertificateVerify message */
tsip_rsa2048_public_key_index_t serverRsa2048PubKey13Idx;
/* peer's Ecc P256 public key index for CertificateVerify message */
tsip_ecc_public_key_index_t serverEccP256PubKey13Idx;
#endif /* WOLFSSL_RENESAS_TSIP_VER >=115 */
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
@ -149,12 +264,29 @@ typedef struct TsipUserCtx {
uint32_t tsip_cipher;
/* flags */
uint8_t pk_key_set:1;
uint8_t ClientRsaPrivKey_set:1;
uint8_t ClientEccPrivKey_set:1;
uint8_t HmacInitialized:1;
uint8_t RootCAverified:1;
uint8_t EcdsaPrivKey_set:1;
uint8_t Dhe_key_set:1;
uint8_t SharedSecret_set:1;
uint8_t EarlySecret_set:1;
uint8_t HandshakeSecret_set:1;
uint8_t HandshakeClientTrafficKey_set:1;
uint8_t HandshakeServerTrafficKey_set:1;
uint8_t HandshakeVerifiedData_set:1;
uint8_t MasterSecret_set:1;
uint8_t ServerTrafficSecret_set:1;
uint8_t ClientTrafficSecret_set:1;
uint8_t ServerWriteTrafficKey_set:1;
uint8_t ClientWriteTrafficKey_set:1;
uint8_t session_key_set:1;
} TsipUserCtx;
typedef TsipUserCtx RenesasUserCtx;
typedef TsipUserCtx user_PKCbInfo;
typedef struct
@ -171,6 +303,9 @@ typedef struct
uint8_t * iv;
uint8_t * encrypted_user_tls_key;
uint32_t encrypted_user_tls_key_type;
uint8_t * encrypted_user_private_key;
uint32_t encrypted_user_private_key_type;
tsip_ecc_private_key_index_t client_private_key_index;
tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex;
} tsip_key_data;
@ -188,6 +323,7 @@ typedef struct
struct Aes;
struct WOLFSSL;
struct WOLFSSL_CTX;
struct wc_CryptoInfo;
/*----------------------------------------------------*/
/* APIs */
/*----------------------------------------------------*/
@ -198,7 +334,7 @@ WOLFSSL_API void tsip_set_callbacks(struct WOLFSSL_CTX* ctx);
WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx);
WOLFSSL_API int tsip_set_clientPrivateKeyEnc(const byte* key, int keyType);
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
@ -222,10 +358,79 @@ WOLFSSL_API void tsip_inform_user_keys(
/*----------------------------------------------------*/
/* internal use functions */
/*----------------------------------------------------*/
#if (WOLFSSL_RENESAS_TSIP_VER >=115)
#ifdef WOLF_CRYPTO_CB
struct wc_CryptoInfo;
WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
int sz);
WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
int* sz);
WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac);
WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(struct WOLFSSL* ssl,
struct KeyShareEntry* kse);
WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
struct KeyShareEntry* kse);
WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl,
int keyType, int side);
WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeTrafficKeys(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_Tls13HandleFinished(struct WOLFSSL* ssl,
const byte* input,
word32* inOutIdx,
word32 size,
word32 totalSz);
WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl,
byte* output, int outSz,
const byte* input, int inSz,
int type,
int hashOutput);
WOLFSSL_LOCAL int tsip_Tls13SendFinished(struct WOLFSSL* ssl,
byte* output,
int outSz,
const byte* input,
int hashOutput);
WOLFSSL_LOCAL int tsip_Tls13VerifyHandshake(struct WOLFSSL* ssl,
const byte* input, byte* hash,
word32* pHashSz);
WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(struct WOLFSSL* ssl,
byte* output, const byte* input, word16 sz);
WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(struct WOLFSSL* ssl,
byte* output, const byte* input, word16 sz);
WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
const byte* input, word32* inOutIdx,
word32 totalSz);
WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(struct WOLFSSL*ssl);
#endif /* WOLF_CRYPTO_CB */
#endif /* WOLFSSL_RENESAS_TSIP_VER >=115 */
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, struct wc_CryptoInfo* info,
void* ctx);
WOLFSSL_LOCAL int wc_tsip_generateMasterSecretEx(
byte cipherSuiteFirst,
byte cipherSuite,
@ -242,7 +447,7 @@ WOLFSSL_LOCAL int wc_tsip_generateMasterSecret(
const byte *sr,
byte *ms);
#endif
#endif /* WOLFSSL_RENESAS_TSIP_VER */
WOLFSSL_LOCAL int wc_tsip_storeKeyCtx(

11
wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
View File

@ -25,6 +25,16 @@
#include <wolfssl/internal.h>
/* Common Callbacks */
WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, word32* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_EccSignCb(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, word32* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(WOLFSSL* ssl, void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl,
byte *premaster, word32 preSz, void* ctx);
@ -55,5 +65,6 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id);
int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
word32 key_n_start, word32 key_n_len, word32 key_e_start,
word32 key_e_len, word32 cm_row);
WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl);
WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx);
#endif /* __RENESAS_CMN_H__ */