mirror of https://github.com/wolfSSL/wolfssl
parent
a37b604da9
commit
5c5aa45a5e
|
@ -47,8 +47,10 @@ static int my_IORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx)
|
|||
return WOLFSSL_CBIO_ERR_GENERAL;
|
||||
|
||||
ret = tcp_rcv_dat(cepid, buff, sz, TMO_FEVR);
|
||||
if(ret > 0)return ret;
|
||||
else return WOLFSSL_CBIO_ERR_GENERAL;
|
||||
if(ret > 0)
|
||||
return ret;
|
||||
else
|
||||
return WOLFSSL_CBIO_ERR_GENERAL;
|
||||
}
|
||||
|
||||
static int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
|
||||
|
@ -57,13 +59,15 @@ static int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
|
|||
ID cepid;
|
||||
|
||||
if(ctx != NULL)
|
||||
cepid = *(ID *)ctx;
|
||||
cepid = *(ID *)ctx;
|
||||
else
|
||||
return WOLFSSL_CBIO_ERR_GENERAL;
|
||||
return WOLFSSL_CBIO_ERR_GENERAL;
|
||||
|
||||
ret = tcp_snd_dat(cepid, buff, sz, TMO_FEVR);
|
||||
if(ret == sz)return ret;
|
||||
else return WOLFSSL_CBIO_ERR_GENERAL;
|
||||
if(ret == sz)
|
||||
return ret;
|
||||
else
|
||||
return WOLFSSL_CBIO_ERR_GENERAL;
|
||||
}
|
||||
|
||||
static int getIPaddr(char *arg)
|
||||
|
|
|
@ -172,7 +172,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
|
|||
#endif
|
||||
|
||||
#ifdef WOLFSSL_RENESAS_TSIP_TLS
|
||||
byte tsip_useable(byte cipher0, byte cipher, byte side);
|
||||
int tsip_useable(const WOLFSSL *ssl);
|
||||
int tsip_generatePremasterSecret();
|
||||
int tsip_generateEncryptPreMasterSecret(WOLFSSL *ssl, byte *out, word32 *outSz);
|
||||
#endif
|
||||
|
@ -12674,10 +12674,8 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
|
|||
#endif
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
|
||||
if (tsip_useable(ssl->options.cipherSuite0,
|
||||
ssl->options.cipherSuite,
|
||||
ssl->options.side)) {
|
||||
wc_tsip_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
|
||||
if (tsip_useable(ssl)) {
|
||||
ret = wc_tsip_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
|
||||
} else
|
||||
#endif
|
||||
ret = wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
|
||||
|
@ -12959,9 +12957,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
|
|||
#endif
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
|
||||
if (tsip_useable(ssl->options.cipherSuite0,
|
||||
ssl->options.cipherSuite,
|
||||
ssl->options.side)) {
|
||||
if (tsip_useable(ssl)) {
|
||||
ret = wc_tsip_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
|
||||
} else
|
||||
#endif
|
||||
|
@ -21025,9 +21021,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
|||
/* build PreMasterSecret with RNG data */
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
|
||||
if (tsip_useable(ssl->options.cipherSuite0,
|
||||
ssl->options.cipherSuite,
|
||||
ssl->options.side)) {
|
||||
if (tsip_useable(ssl)) {
|
||||
ret = tsip_generatePremasterSecret(
|
||||
&ssl->arrays->preMasterSecret[VERSION_SZ],
|
||||
ENCRYPT_LEN - VERSION_SZ);
|
||||
|
@ -21372,9 +21366,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
|||
{
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
|
||||
if (tsip_useable(ssl->options.cipherSuite0,
|
||||
ssl->options.cipherSuite,
|
||||
ssl->options.side) &&
|
||||
if (tsip_useable(ssl) &&
|
||||
wc_RsaEncryptSize(ssl->peerRsaKey) == 256) {
|
||||
ret = tsip_generateEncryptPreMasterSecret(ssl,
|
||||
args->encSecret,
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
|
||||
int tsip_useable(byte cipher0, byte ciphper1, byte side);
|
||||
int tsip_useable(const WOLFSSL *ssl);
|
||||
#endif
|
||||
int SetCipherSpecs(WOLFSSL* ssl)
|
||||
{
|
||||
|
@ -3179,8 +3179,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
|
|||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
|
||||
/* check if keys for TSIP has been created */
|
||||
if (tsip_useable(ssl->options.cipherSuite0, ssl->options.cipherSuite,
|
||||
ssl->options.side) == 1)
|
||||
if (tsip_useable(ssl) == 1)
|
||||
ret = 0;
|
||||
else
|
||||
#endif
|
||||
|
|
|
@ -109,7 +109,7 @@
|
|||
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
|
||||
/* for root ca verification */
|
||||
int tsip_tls_RootCertVerify(const byte *cert , word32 cert_len,
|
||||
int tsip_tls_RootCertVerify(const byte *cert, word32 cert_len,
|
||||
word32 key_n_start, word32 key_n_len,
|
||||
word32 key_e_start, word32 key_e_len,
|
||||
word32 cm_row);
|
||||
|
|
18
src/tls.c
18
src/tls.c
|
@ -132,7 +132,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions);
|
|||
#endif
|
||||
|
||||
#ifdef WOLFSSL_RENESAS_TSIP_TLS
|
||||
int tsip_useable(byte cipher0, byte cipher, byte side);
|
||||
int tsip_useable(const WOLFSSL *ssl);
|
||||
int tsip_generateMasterSecret(const byte *pre,
|
||||
const byte *cr,const byte *sr,
|
||||
byte *ms/* out */);
|
||||
|
@ -204,9 +204,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
|||
#ifdef WOLFSSL_HAVE_PRF
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
|
||||
if (tsip_useable(ssl->options.cipherSuite0,
|
||||
ssl->options.cipherSuite,
|
||||
ssl->options.side)) {
|
||||
if (tsip_useable(ssl)) {
|
||||
ret = tsip_generateVerifyData(ssl->arrays->tsip_masterSecret,
|
||||
side, handshake_hash, (byte*)hashes /* out */);
|
||||
} else
|
||||
|
@ -376,9 +374,7 @@ int DeriveTlsKeys(WOLFSSL* ssl)
|
|||
#endif
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
|
||||
if (tsip_useable(ssl->options.cipherSuite0,
|
||||
ssl->options.cipherSuite,
|
||||
ssl->options.side))
|
||||
if (tsip_useable(ssl))
|
||||
ret = tsip_generateSeesionKey(ssl);
|
||||
else {
|
||||
#endif
|
||||
|
@ -535,9 +531,7 @@ int MakeTlsMasterSecret(WOLFSSL* ssl)
|
|||
{
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
|
||||
if (tsip_useable(ssl->options.cipherSuite0,
|
||||
ssl->options.cipherSuite,
|
||||
ssl->options.side)) {
|
||||
if (tsip_useable(ssl)) {
|
||||
ret = tsip_generateMasterSecret(
|
||||
&ssl->arrays->preMasterSecret[VERSION_SZ],
|
||||
ssl->arrays->clientRandom,
|
||||
|
@ -1198,9 +1192,7 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
|
|||
wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
|
||||
if (tsip_useable(ssl->options.cipherSuite0,
|
||||
ssl->options.cipherSuite,
|
||||
ssl->options.side)) {
|
||||
if (tsip_useable(ssl)) {
|
||||
if (ssl->specs.hash_size == WC_SHA_DIGEST_SIZE)
|
||||
ret = tsip_Sha1Hmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ,
|
||||
in, sz, digest, verify);
|
||||
|
|
|
@ -8448,9 +8448,21 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
|||
cert->heap, DYNAMIC_TYPE_RSA);
|
||||
if (cert->tsip_encRsaKeyIdx == NULL)
|
||||
return MEMORY_E;
|
||||
} else
|
||||
} else {
|
||||
if (cert->ca) {
|
||||
/* TSIP isn't usable */
|
||||
if (tsip_checkCA(cert->ca->cm_idx) == 0)
|
||||
WOLFSSL_MSG("TSIP isn't usable because the ca isn't verified by TSIP.");
|
||||
else if (cert->sigCtx.pubkey_n_len != 256)
|
||||
WOLFSSL_MSG("TSIP isn't usable because the ca isn't signed by RSA 2048.");
|
||||
else
|
||||
WOLFSSL_MSG("TSIP isn't usable");
|
||||
}
|
||||
#endif
|
||||
cert->tsip_encRsaKeyIdx = NULL;
|
||||
#if defined(WOLFSSL_RENESAS_TSIP)
|
||||
}
|
||||
#endif
|
||||
|
||||
if (verify != NO_VERIFY && type != CA_TYPE && type != TRUSTED_PEER_TYPE) {
|
||||
if (cert->ca) {
|
||||
|
|
|
@ -89,6 +89,9 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
|
|||
} else {
|
||||
ret = R_TSIP_Aes256CbcEncryptFinal(&_handle, out, &dataLength);
|
||||
}
|
||||
} else {
|
||||
WOLFSSL_MSG("TSIP AES CBC encryption failed");
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
tsip_hw_unlock();
|
||||
|
@ -140,6 +143,9 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
|
|||
ret = R_TSIP_Aes128CbcDecryptFinal(&_handle, out, &dataLength);
|
||||
else
|
||||
ret = R_TSIP_Aes256CbcDecryptFinal(&_handle, out, &dataLength);
|
||||
} else {
|
||||
WOLFSSL_MSG("TSIP AES CBC decryption failed");
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
tsip_hw_unlock();
|
||||
|
|
|
@ -106,9 +106,31 @@ void tsip_hw_unlock( void )
|
|||
/* cipher0 : in the some cipher suite, */
|
||||
/* first byte becomes greater than 0, otherwise 0x00 */
|
||||
/* side : CLIENT END or SEVER END */
|
||||
byte tsip_useable(byte cipher0, byte cipher, byte side)
|
||||
int tsip_useable(const struct WOLFSSL *ssl)
|
||||
{
|
||||
if (cipher0 > 0x00) return 0;
|
||||
byte cipher0;
|
||||
byte cipher;
|
||||
byte side;
|
||||
|
||||
/* sanity check */
|
||||
if (ssl == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* when rsa key index == NULL, tsip isn't used for cert verification. */
|
||||
/* in the case, we cannot use TSIP. */
|
||||
if (!ssl->peerTsipEncRsaKeyIndex)
|
||||
return 0;
|
||||
|
||||
/* when enabled Extended Master Secret, we cannot use TSIP. */
|
||||
if (ssl->options.haveEMS)
|
||||
return 0;
|
||||
|
||||
cipher0 = ssl->options.cipherSuite0;
|
||||
cipher = ssl->options.cipherSuite;
|
||||
side = ssl->options.side;
|
||||
|
||||
if (cipher0 > 0x00)
|
||||
return 0;
|
||||
|
||||
if ((cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA ||
|
||||
cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA256 ||
|
||||
|
@ -267,7 +289,7 @@ int tsip_Sha1Hmac(const struct WOLFSSL *ssl, const byte *myInner,
|
|||
int ret;
|
||||
|
||||
if ((ssl == NULL) || (myInner == NULL) || (in == NULL) ||
|
||||
(digest == NULL))
|
||||
(digest == NULL))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if ((ret = tsip_hw_lock()) != 0) {
|
||||
|
|
|
@ -65,7 +65,7 @@ int tsip_Open( );
|
|||
void tsip_Close( );
|
||||
int tsip_hw_lock();
|
||||
void tsip_hw_unlock( void );
|
||||
int tsip_usable(byte cipher0, byte cipher, byte side);
|
||||
int tsip_usable(const struct WOLFSSL *ssl);
|
||||
void tsip_inform_sflash_signedcacert(const byte *ps_flash,
|
||||
const byte *psigned_ca_cert, word32 len);
|
||||
void tsip_inform_cert_sign(const byte *sign);
|
||||
|
|
Loading…
Reference in New Issue