Merge pull request #8122 from miyazakh/tsip_rsa_private_enc

Implement TSIP RSA Public Enc/Private Dec
This commit is contained in:
Daniel Pouzzner 2024-11-16 16:12:51 -06:00 committed by GitHub
commit ae0d73d9fd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
11 changed files with 332 additions and 146 deletions

View File

@ -240,12 +240,17 @@
#if defined(WOLFSSL_RENESAS_TSIP)
/*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/
/* Enable TSIP TLS (default)
* TSIP CRYPTONLY is also enabled.
* TSIP CRYPT is also enabled.
* Disable TSIP TLS
* TSIP CRYPT is also disabled
* TSIP CRYPTONLY is only enabled.
*/
#define WOLFSSL_RENESAS_TSIP_TLS
/* #define WOLFSSL_RENESAS_TSIP_CRYPTONLY */
/* #define WOLFSSL_KEY_GEN */
/* #define RSA_MIN_SIZE 1024 */
#if !defined(NO_RENESAS_TSIP_CRYPT)
#define HAVE_PK_CALLBACKS
#define WOLF_CRYPTO_CB
@ -267,13 +272,13 @@
* directly. Comment out the macro will generate random number by
* wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
*-----------------------------------------------------------------------*/
#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
#else
#define OPENSSL_EXTRA
#define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
#if !defined(min)
#define min(data1, data2) _builtin_min(data1, data2)
#endif
#if !defined(min)
#define min(data1, data2) _builtin_min(data1, data2)
#endif
#endif

View File

@ -56,11 +56,11 @@
#endif
#ifndef NO_SHA
int sha_test();
int sha_test(void);
#endif
#ifndef NO_SHA256
int sha256_test();
int sha256_test(void);
#endif
#define SMALL_STACK_SIZE (1 * 1024)
@ -711,41 +711,44 @@ static void tskSha256_Test(void *pvParam)
#define TEST_STRING_SZ 25
#define RSA_TEST_BYTES 256 /* up to 2048-bit key */
static int tsip_rsa_SignVerify_test(int prnt, int keySize)
static int tsip_rsa_test(int prnt, int keySize)
{
int ret = 0;
RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
RsaKey *key = NULL;
WC_RNG rng;
const char inStr [] = TEST_STRING;
const char inStr2[] = TEST_STRING2;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
word32 out_actual_len = 0;
byte *in = NULL;
byte *in2 = NULL;
byte *out= NULL;
byte *outplain = NULL;
int initRsa = 0;
int devId = 7890; /* fixed devid for TSIP/SCE */
XMEMSET(&rng, 0, sizeof(rng));
key = (RsaKey *)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
outplain = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
(void) prnt;
if (key == NULL || in == NULL || out == NULL) {
if (key == NULL || in == NULL || out == NULL || outplain == NULL) {
ret = -1;
goto out;
}
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(key, 0, sizeof *key);
XMEMSET(key, 0, sizeof(*key));
XMEMCPY(in, inStr, inLen);
XMEMCPY(in2, inStr2, inLen);
XMEMSET(out, 0, outSz);
XMEMSET(outplain, 0, outSz);
ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
ret = wc_InitRsaKey_ex(key, NULL, devId);
if (ret != 0) {
goto out;
}
initRsa = 1;
if ((ret = wc_InitRng(&rng)) != 0)
goto out;
@ -753,7 +756,90 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
goto out;
/* make rsa key by SCE */
/* Generate a new RSA key to use with TSIP/SCE */
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
goto out;
}
ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
if (ret < 0) {
goto out;
}
ret = wc_RsaPrivateDecrypt(out, (word32)(keySize/8), outplain, outSz, key);
if (ret < 0) {
ret = -1;
goto out;
}
if (XMEMCMP(in, outplain, inLen) != 0) {
ret = -2;
goto out;
}
ret = 0;
out:
wc_FreeRng(&rng);
if (key != NULL) {
if (initRsa)
wc_FreeRsaKey(key);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outplain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
(void)prnt;
return ret;
}
static int tsip_rsa_SignVerify_test(int prnt, int keySize)
{
int ret = 0;
RsaKey *key = NULL;
WC_RNG rng;
const char inStr [] = TEST_STRING;
const char inStr2[] = TEST_STRING2;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
byte *in = NULL;
byte *in2 = NULL;
byte *out= NULL;
int initRsa = 0;
int devId = 7890; /* fixed devid for TSIP/SCE */
XMEMSET(&rng, 0, sizeof(rng));
key = (RsaKey *)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL || in == NULL || out == NULL) {
ret = -1;
goto out;
}
XMEMSET(key, 0, sizeof(*key));
XMEMCPY(in, inStr, inLen);
XMEMCPY(in2, inStr2, inLen);
ret = wc_InitRsaKey_ex(key, NULL, devId);
if (ret != 0) {
goto out;
}
initRsa = 1;
if ((ret = wc_InitRng(&rng)) != 0)
goto out;
if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
goto out;
/* Generate a new RSA key to use with TSIP/SCE */
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
goto out;
}
@ -776,22 +862,27 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
goto out;
}
ret = 0;
out:
wc_FreeRng(&rng);
if (key != NULL) {
wc_FreeRsaKey(key);
if (initRsa)
wc_FreeRsaKey(key);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
(void)prnt;
return ret;
}
#endif /* NO_RSA */
#ifdef TSIP_MULTIUNIT_TEST
int tsip_crypt_sha_multitest()
int tsip_crypt_sha_multitest(void)
{
int ret = 0;
int num = 0;
@ -849,7 +940,7 @@ int tsip_crypt_sha_multitest()
}
int tsip_crypt_AesCbc_multitest()
int tsip_crypt_AesCbc_multitest(void)
{
int ret = 0;
int num = 0;
@ -930,7 +1021,7 @@ int tsip_crypt_AesCbc_multitest()
}
int tsip_crypt_AesGcm_multitest()
int tsip_crypt_AesGcm_multitest(void)
{
int ret = 0;
int num = 0;
@ -1009,7 +1100,7 @@ int tsip_crypt_AesGcm_multitest()
return ret;
}
int tsip_crypt_Sha_AesCbcGcm_multitest()
int tsip_crypt_Sha_AesCbcGcm_multitest(void)
{
int ret = 0;
int num = 0;
@ -1089,7 +1180,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
#endif
int tsip_crypt_test()
int tsip_crypt_test(void)
{
int ret = 0;
e_tsip_err_t tsip_error_code;
@ -1155,6 +1246,22 @@ int tsip_crypt_test()
ret = 0;
}
#if RSA_MIN_SIZE <= 1024
if (ret == 0) {
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
printf(" tsip_rsa_test(1024)");
ret = tsip_rsa_test(1, 1024);
RESULT_STR(ret)
}
#endif
if (ret == 0) {
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
printf(" tsip_rsa_test(2048)");
ret = tsip_rsa_test(1, 2048);
RESULT_STR(ret)
}
if (ret == 0) {
printf(" tsip_rsa_SignVerify_test(1024)");

View File

@ -445,8 +445,8 @@ int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
#ifdef WOLF_CRYPTO_CB_RSA_PAD
int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng,
RsaPadding *padding)
word32* outLen, int type, RsaKey* key, WC_RNG* rng,
RsaPadding *padding)
{
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
CryptoCb* dev;
@ -458,9 +458,8 @@ int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
/* locate registered callback */
dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
if (padding) {
switch(padding->pad_type) {
#ifndef NO_PKCS11_RSA_PKCS
if (padding != NULL) {
switch (padding->pad_type) {
case WC_RSA_PKCSV15_PAD:
pk_type = WC_PK_TYPE_RSA_PKCS;
break;
@ -470,7 +469,6 @@ int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
case WC_RSA_OAEP_PAD:
pk_type = WC_PK_TYPE_RSA_OAEP;
break;
#endif /* NO_PKCS11_RSA_PKCS */
default:
pk_type = WC_PK_TYPE_RSA;
}
@ -497,7 +495,7 @@ int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif
#endif /* WOLF_CRYPTO_CB_RSA_PAD */
#ifdef WOLFSSL_KEY_GEN
int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)

View File

@ -252,27 +252,34 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA)
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) {
#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
}
#endif
/* tsip only supports PKCSV15 padding scheme */
if (info->pk.type == WC_PK_TYPE_RSA_PKCS) {
RsaPadding* pad = info->pk.rsa.padding;
if (pad && pad->pad_value == RSA_BLOCK_TYPE_1) {
/* sign / verify */
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT ||
info->pk.rsa.type == RSA_PRIVATE_DECRYPT) {
ret = tsip_SignRsaPkcs(info, cbInfo);
}
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
else {
ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
}
#endif
}
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
else if (pad && pad->pad_value == RSA_BLOCK_TYPE_2) {
/* encrypt/decrypt */
ret = wc_tsip_RsaFunction(info, cbInfo);
}
#endif
/* RSA Signing
* Can handle only RSA PkCS#1v1.5 padding scheme here.
*/
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
ret = tsip_SignRsaPkcs(info, cbInfo);
}
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
/* RSA Verify */
if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
}
#endif
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
@ -461,7 +468,7 @@ int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated)
* Get Callback ctx by devId
*
* devId : devId to get its CTX
* return asocciated CTX when the method is successfully called.
* return associated CTX when the method is successfully called.
* otherwise, NULL
*/
WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)

View File

@ -67,7 +67,7 @@ WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(RsaKey *key)
/* Set Rsa key by pre-created wrapped user key
*
* key RsaKey object
* size desired keylenth, in bits. supports 1024 or 2048 bits
* size desired key length, in bits. supports 1024 or 2048 bits
* ctx Callback context including pointer to hold generated key
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/

View File

@ -22,8 +22,7 @@
#include <wolfssl/wolfcrypt/settings.h>
#if !defined(NO_RSA) && \
(defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#include <string.h>
#include <stdio.h>
@ -43,11 +42,11 @@
/* Make RSA key for TSIP and set it to callback ctx
* Assumes to be called by Crypt Callback
*
* size desired keylenth, in bits. supports 1024 or 2048 bits
* size desired key length, in bits. supports 1024 or 2048 bits
* ctx Callback context including pointer to hold generated key
* return TSIP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
int wc_tsip_MakeRsaKey(int size, void* ctx)
{
e_tsip_err_t ret;
TsipUserCtx *info = (TsipUserCtx*)ctx;
@ -121,6 +120,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
}
else if (size == 2048) {
XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
@ -158,6 +158,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
}
}
@ -167,21 +168,129 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
return 0;
}
/* Generate TSIP key index if needed
*
* tuc struct pointer of TsipUserCtx
* return FSP_SUCCESS(0) on Success, otherwise CRYPTOCB_UNAVAILABLE
*/
static int tsip_RsakeyImport(TsipUserCtx* tuc)
{
int ret = 0;
switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 1024 not set");
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
}
break;
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 2048 not set");
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
}
break;
default:
WOLFSSL_MSG("wrapped private key is not supported");
ret = CRYPTOCB_UNAVAILABLE;
break;
}
return ret;
}
/* Perform rsa encryption/decryption by TSIP
* Assumes to be called by Crypt Callback
*
* info struct pointer of wc_CryptoInfo including necessary info
* tuc struct pointer of TsipUserCtx including TSIP key info
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret;
int keySize;
int type;
tsip_rsa_byte_data_t plain, cipher;
if (info == NULL || tuc == NULL) {
return BAD_FUNC_ARG;
}
if (tsip_RsakeyImport(tuc) == 0) {
type = info->pk.rsa.type;
keySize = (int)tuc->wrappedKeyType;
if ((ret = tsip_hw_lock()) == 0) {
if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) {
plain.pdata = (uint8_t*)info->pk.rsa.in;
plain.data_length = info->pk.rsa.inLen;
cipher.pdata = (uint8_t*)info->pk.rsa.out;
cipher.data_length = info->pk.rsa.outLen;
if (keySize == TSIP_KEY_TYPE_RSA1024) {
ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,
tuc->rsa1024pub_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher,
tuc->rsa2048pub_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
if (ret == 0) {
info->pk.rsa.outLen = cipher.data_length;
}
}
else if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT)
{
plain.pdata = (uint8_t*)info->pk.rsa.out;
plain.data_length = info->pk.rsa.outLen;
cipher.pdata = (uint8_t*)info->pk.rsa.in;
cipher.data_length = info->pk.rsa.inLen;
if (keySize == TSIP_KEY_TYPE_RSA1024) {
ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain,
tuc->rsa1024pri_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain,
tuc->rsa2048pri_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
if (ret == 0) {
info->pk.rsa.outLen = plain.data_length;
}
}
tsip_hw_unlock();
}
}
return ret;
}
/* Perform Rsa verify by TSIP
* Assumes to be called by Crypt Callback
*
* in Buffer to hold plaintext
* inLen Length of plaintext in bytes
* out Buffer to hold generated signature
* outLen Length of signature in bytes
* key rsa key object
* ctx The callback context
* info struct pointer of wc_CryptoInfo including necessary info
* tuc struct pointer of TsipUserCtx including TSIP key info
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
@ -204,33 +313,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = CRYPTOCB_UNAVAILABLE;
}
switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 1024 not set");
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
}
break;
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 2048 not set");
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
}
break;
default:
WOLFSSL_MSG("wrapped private key is not supported");
ret = CRYPTOCB_UNAVAILABLE;
break;
}
if (ret == 0) {
if (tsip_RsakeyImport(tuc) == 0) {
hashData.pdata = (uint8_t*)info->pk.rsa.in;
hashData.data_length = info->pk.rsa.inLen;
hashData.data_type =

View File

@ -1679,7 +1679,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
}
if (ret == 0) {
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
@ -1749,11 +1749,11 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
if (ret == 0) {
if (isRsa) {
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
}
else {
#if defined(WOLFSSL_CHECK_SIG_FAULTS)
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
#endif
}
}
@ -2301,7 +2301,7 @@ static byte _tls2tsipdef(byte cipher)
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
* TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key
*/
static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
@ -2309,7 +2309,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
uint8_t* iv = g_user_key_info.iv;
uint8_t* encPrivKey;
WOLFSSL_ENTER("tsipImportPrivateKey");
WOLFSSL_ENTER("tsip_ImportPrivateKey");
if (tuc == NULL)
return BAD_FUNC_ARG;
@ -2377,7 +2377,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
else {
WOLFSSL_MSG("mutex locking error");
}
WOLFSSL_LEAVE("tsipImportPrivateKey", ret);
WOLFSSL_LEAVE("tsip_ImportPrivateKey", ret);
return ret;
}
@ -2393,7 +2393,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
* TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key
*/
WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
@ -2401,7 +2401,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
uint8_t* iv = g_user_key_info.iv;
uint8_t* encPubKey;
WOLFSSL_ENTER("tsipImportPublicKey");
WOLFSSL_ENTER("tsip_ImportPublicKey");
if (tuc == NULL ) {
return BAD_FUNC_ARG;
@ -2515,7 +2515,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
else {
WOLFSSL_MSG("mutex locking error");
}
WOLFSSL_LEAVE("tsipImportPublicKey", ret);
WOLFSSL_LEAVE("tsip_ImportPublicKey", ret);
return ret;
}
@ -3632,6 +3632,7 @@ int wc_tsip_tls_RootCertVerify(
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#if !defined(NO_RSA)
/* Perform signing with the client's RSA private key on hash value of messages
* exchanged with server.
@ -3646,7 +3647,7 @@ int wc_tsip_tls_RootCertVerify(
* 0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
*
*/
WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
@ -3676,7 +3677,7 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (ret == 0) {
/* import private key_index from wrapped key */
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
@ -3724,18 +3725,18 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
#endif
if (ret == 0) {
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#ifdef WOLFSSL_RENESAS_TSIP_TLS
hashData.pdata = (uint8_t*)ssl->buffers.digest.buffer;
hashData.data_type = 1;
sigData.pdata = (uint8_t*)info->pk.rsa.in;
sigData.data_length = 0; /* signature size will be returned here */
#else
#else
hashData.pdata = (uint8_t*)info->pk.rsa.in;
hashData.data_length= info->pk.rsa.inLen;
hashData.data_type = tuc->keyflgs_crypt.bits.message_type;
sigData.pdata = (uint8_t*)info->pk.rsa.out;
sigData.data_length = 0;
#endif
#endif
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
@ -3752,7 +3753,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
break;
#endif
case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureGenerate(
&hashData, &sigData,
#ifdef WOLFSSL_RENESAS_TSIP_TLS
@ -3825,7 +3825,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
if (ret == 0) {
/* import public key_index from wrapped key */
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
@ -3935,7 +3935,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (ret == 0) {
/* import private key_index from wrapped key */
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
@ -4061,7 +4061,7 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (ret == 0) {
/* import public key_index from wrapped key */
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {

View File

@ -277,7 +277,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
key->handle = NULL;
#endif
#if defined(WOLFSSL_RENESAS_FSPSM)
key->ctx.wrapped_pri1024_key = NULL;
key->ctx.wrapped_pub1024_key = NULL;
@ -285,6 +284,7 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
key->ctx.wrapped_pub2048_key = NULL;
key->ctx.keySz = 0;
#endif
return ret;
}
@ -3376,24 +3376,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
pad_value, pad_type, hash, mgf, label,
labelSz, sz);
}
#elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
(!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
/* SCE needs wrapped key which is passed via
* user ctx object of crypt-call back.
*/
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
/* SCE supports 1024 and 2048 bits */
ret = wc_CryptoCb_Rsa(in, inLen, out,
&outLen, rsa_type, key, rng);
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code and try using software */
}
#endif
#endif /* WOLFSSL_SE050 */
#endif /* RSA CRYPTO HW */
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
if (key->devId != INVALID_DEVID) {
@ -3563,21 +3546,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
}
return ret;
}
#elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
(!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
ret = wc_CryptoCb_Rsa(in, inLen, out,
&outLen, rsa_type, key, rng);
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code and try using software */
}
#endif
#endif /* WOLFSSL_CRYPTOCELL */
#endif /* RSA CRYPTO HW */
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
@ -3611,7 +3580,12 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
case RSA_STATE_DECRYPT_EXPTMOD:
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
if ((key->devId != INVALID_DEVID) && (rsa_type != RSA_PUBLIC_DECRYPT)) {
if ((key->devId != INVALID_DEVID)
#if !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&& (rsa_type != RSA_PUBLIC_DECRYPT)
#endif
) {
/* Everything except verify goes to crypto cb if
* WOLF_CRYPTO_CB_RSA_PAD defined */
XMEMSET(&padding, 0, sizeof(RsaPadding));

View File

@ -2198,7 +2198,7 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
case WC_PK_TYPE_RSA_OAEP:
mechanism = CKM_RSA_PKCS_OAEP;
break;
#endif /* NO_PKCS11_RSA_PKCS */
#endif /* !NO_PKCS11_RSA_PKCS */
case WC_PK_TYPE_RSA:
mechanism = CKM_RSA_X_509;
break;

View File

@ -379,6 +379,10 @@ WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx);
WOLFSSL_API int tsip_set_clientPrivateKeyEnc(const byte* key, int keyType);
WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType);
WOLFSSL_LOCAL int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType);
#if defined(WOLF_PRIVATE_KEY_ID)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
@ -437,9 +441,12 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(struct wc_CryptoInfo* info,
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_SignEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl);

View File

@ -997,6 +997,11 @@
#define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64
#define TSIP_TLS_MASTERSECRET_SIZE 80 /* 20 words */
#define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte */
#ifdef WOLF_CRYPTO_CB
/* make sure RSA padding callbacks are enabled */
#define WOLF_CRYPTO_CB_RSA_PAD
#endif
#endif /* WOLFSSL_RENESAS_TSIP */
#if !defined(WOLFSSL_NO_HASH_RAW) && defined(WOLFSSL_RENESAS_RX64_HASH)