Merge pull request #7474 from miyazakh/renesas_rz_rsip_update

Improve Renesas RZ support

IDE/Renesas/e2studio/RZN2L/README.md

@@ -10,7 +10,7 @@ They also include benchmark and cryptography tests for the wolfCrypt library.
 The example project contains both the wolfSSL and wolfCrypt libraries.
 It is built as a `Renesas RZ/N C/C++ FSP Project` and contains the Renesas RZ
 configuration. The wolfssl project uses `Renesas Secure IP on RZ`
-as hardware acceleration for cyptography.
+as hardware acceleration for cryptography.
 
 **Limitation**
 
@@ -22,7 +22,7 @@ The example project summary is listed below and is relevant for every project.
 |Item|Name/Version|
 |:--|:--|
 |Board|RZN2L|
-|Device|R9A07G084M04GBG|
+|Device|R9A07G084M08GBG|
 |Toolchain|GCC for Renesas RZ|
 |Toolchain Version|10.3.1.20210824|
 |FSP Version|1.2.0|
@@ -34,7 +34,7 @@ The example project summary is listed below and is relevant for every project.
 |Board Support Package Common Files|v1.20||
 |I/O Port|v1.2.0||
 |Arm CMSIS Version 5 - Core (M)|v5.7.0+renesas.1||
-|Board support package for R9A07G084M04GBG|v1.2.0||
+|Board support package for R9A07G084M04GBG|v1.2.0|Note1|
 |Board support package for RZN2L|v1.2.0||
 |Board support package for RZN2L - FSP Data|v1.2.0||
 |RSK+RZN2L Board Support Files (RAM execution without flash memory)|v1.2.0||
@@ -50,6 +50,8 @@ The example project summary is listed below and is relevant for every project.
 |Renesas Secure IP Driver|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module|
 |RSIP Engine for RZ/N2L|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module|
 
+Note1:\
+ To use RSIP driver, a device type should be `R9A07G084M04GBG`. However, choosing `R9A07G084M04GBG` won't allow to select `RSK+RZN2L` board. This example uses LED and external flash memory on `RSK + RZN2L` board. Therefore, the example temporary `R9A07G084M04GBG` for the device type. Updating e2studio or fsp could resolve the issue.
 
 ## Setup Steps and Build wolfSSL Library
 
@@ -75,7 +77,7 @@ The example project summary is listed below and is relevant for every project.
 |Thread Symbol|rzn2l_tst_thread|
 |Thread Name|rzn2l_tst_thread|
 |Thread Stack size|increase depending on your environment<br> e.g. 0xA000|
-|Thread MemoryAllocation|Dyamic|
+|Thread MemoryAllocation|Dynamic|
 |Common General Use Mutexes|Enabled|
 |Common General Enable Backward Compatibility|Enabled|
 |Common Memory Allocation Support Dynamic Allocation|Enabled|
@@ -93,16 +95,18 @@ The example project summary is listed below and is relevant for every project.
 3.) Prepare UART to logging
 
 + Download Sample package from [BACnet Start-Up](https://www.renesas.com/us/en/products/microcontrollers-microprocessors/rz-mpus/bacnet-start-rzn2l-rsk)
-+ Copy the following C source files from the project to src/serial_io folder of `test_RZN2L`
-      + um_serial_io_uart.c
-      + um_serial_io_task_writer.c
-      + um_serial_io_cfg.h
-      + um_common_api.h
-      + um_common_cfg.h
-      + um_serial_io.c
-      + um_serial_io.h
-      + um_serial_io_api.h
-      + um_serial_io_internal.h
++ Copy the following C source files from the project to src/serial_io folder of `test_RZN2L`\
+um_serial_io_uart.c\
+um_serial_io_task_writer.c\
+um_serial_io_cfg.h\
+um_common_api.h\
+um_common_cfg.h\
+um_serial_io.c\
+um_serial_io.h\
+um_serial_io_api.h\
+um_serial_io_internal.h
+
+
 + Open um_serial_io_task_writer.c and re-name printf to uart_printf
 
 3.) Build `test_RZN2L` project
@@ -113,7 +117,7 @@ The example project summary is listed below and is relevant for every project.
 
 2). Select J-Link ARM and R9A07G084M04
 
-3). Break at Entory point. Change `cpsr` register value from 0xXXXXX1yy to 0xXXXXX1da
+3). Break at Entry point. Change `cpsr` register value from 0xXXXXX1yy to 0xXXXXX1da
 
 ## Run TLS 1.3 Client
 1.) Enable `WOLFSSL_TLS13` macro in `user_settings.h`
@@ -472,7 +476,7 @@ Test complete
 ```
 
 **Note**
-`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sampele output above while running wolfCrypt test.
+`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sample output above while running wolfCrypt test.
 
 ## Run Benchmark
 
@@ -532,7 +536,8 @@ Benchmark complete
  End wolfCrypt Benchmark
 ```
 **Note**
-`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sampele output above.
+`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sample output above.
+
 ## Support
 
 For support inquiries and questions, please email support@wolfssl.com. Feel free to reach out to info@wolfssl.jp as well.

wolfcrypt/src/port/Renesas/renesas_common.c

@@ -361,8 +361,14 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
              * in advance. SCE supports 1024 or 2048 bits key size.
              * otherwise, falls-through happens.
              */
-            if (info->pk.rsa.key->ctx.keySz == 1024 ||
-                info->pk.rsa.key->ctx.keySz == 2048) {
+            if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set ||
+                cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set ||
+                cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set ||
+                cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set ) {
+
+                ret = wc_fspsm_MakeRsaKey(info->pk.rsa.key, 0, cbInfo);
+                if (ret == CRYPTOCB_UNAVAILABLE)
+                    return ret;
 
                 if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
                     info->pk.rsa.type == RSA_PUBLIC_ENCRYPT  )
@@ -370,7 +376,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                         ret = wc_fspsm_RsaFunction(info->pk.rsa.in,
                                         info->pk.rsa.inLen,
                                         info->pk.rsa.out,
-                                        &info->pk.rsa.outLen,
+                                        info->pk.rsa.outLen,
                                         info->pk.rsa.type,
                                         info->pk.rsa.key,
                                         info->pk.rsa.rng);

wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c

@@ -1,6 +1,6 @@
 /* renesas_fspsm_rsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -99,6 +99,33 @@ WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(RsaKey *key, int size, void* ctx)
         key->ctx.wrapped_pri2048_key = info->wrapped_key_rsapri2048;
         key->ctx.wrapped_pub2048_key = info->wrapped_key_rsapub2048;
         key->ctx.keySz = 2048;
+    } else if (size == 0) {
+        if((info->keyflgs_crypt.bits.rsapri2048_installedkey_set != 1) &&
+           (info->keyflgs_crypt.bits.rsapub2048_installedkey_set != 1) &&
+           (info->keyflgs_crypt.bits.rsapri1024_installedkey_set != 1) &&
+           (info->keyflgs_crypt.bits.rsapub1024_installedkey_set != 1)) {
+                WOLFSSL_MSG("Caller should create user key in advance.");
+                WOLFSSL_MSG("Caller also need to installedkey to 1.");
+                return BAD_FUNC_ARG;
+        }
+
+        if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1) {
+            key->ctx.wrapped_pri1024_key = info->wrapped_key_rsapri1024;
+            key->ctx.keySz = 1024;
+        }
+        if (info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1) {
+            key->ctx.wrapped_pub1024_key = info->wrapped_key_rsapub1024;
+            key->ctx.keySz = 1024;
+        }
+
+        if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1) {
+            key->ctx.wrapped_pri2048_key = info->wrapped_key_rsapri2048;
+            key->ctx.keySz = 2048;
+        }
+        if (info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1) {
+            key->ctx.wrapped_pub2048_key = info->wrapped_key_rsapub2048;
+            key->ctx.keySz = 2048;
+        }
     } else
         return CRYPTOCB_UNAVAILABLE;
 
@@ -132,8 +159,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
     (void) rng;
 
     /* sanity check */
-    if (in == NULL || out == NULL ||
-      ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){
+    if (in == NULL || out == NULL || key == NULL){
         return BAD_FUNC_ARG;
     }
 
@@ -210,8 +236,8 @@ WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
     int keySize;
 
     /* sanity check */
-    if (in == NULL || out == NULL || (word32*)outLen <= 0 || info == NULL ||
-      ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){
+    if (in == NULL || out == NULL || *outLen <= 0 || info == NULL ||
+       key == NULL){
         return BAD_FUNC_ARG;
     }
 
@@ -278,8 +304,8 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
     (void) key;
 
     /* sanity check */
-    if (in == NULL || out == NULL || (word32*)outLen <= 0 || info == NULL ||
-      ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){
+    if (in == NULL || out == NULL || *outLen <= 0 || info == NULL ||
+       key == NULL){
         return BAD_FUNC_ARG;
     }
 
@@ -292,7 +318,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
             info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
 
     signature.pdata = out;
-    signature.data_length = (word32*)outLen;
+    signature.data_length = (word32)*outLen;
     #if defined(WOLFSSL_RENESAS_RSIP)
     message_hash.hash_type = signature.hash_type =
                 info->hash_type;   /* hash type */

wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c

@@ -271,7 +271,7 @@ static int FSPSM_HashUpdate(wolfssl_FSPSM_Hash* hash,
         return BAD_FUNC_ARG;
     }
     wc_fspsm_hw_lock();
-    ret = Update(&hash->handle, data, sz);
+    ret = Update(&hash->handle, (byte*)data, sz);
     wc_fspsm_hw_unlock();
     return ret;
 #endif

wolfcrypt/src/port/Renesas/renesas_fspsm_util.c

@@ -188,7 +188,7 @@ WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz)
 {
     /* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */
     int ret = 0;
-    word32 buffer[RANDGEN_WORDS];
+    word32 fspbuf[RANDGEN_WORDS];
 
     while (sz > 0) {
         word32 len = sizeof(buffer);
@@ -197,9 +197,9 @@ WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz)
             len = sz;
         }
         /* return 4 words random number*/
-        ret = R_RANDOM_GEN(buffer);
+        ret = R_RANDOM_GEN((uint8_t* const)fspbuf);
         if(ret == FSP_SUCCESS) {
-            XMEMCPY(output, &buffer, len);
+            XMEMCPY(output, &fspbuf, len);
             output += len;
             sz -= len;
          } else {

wolfcrypt/src/rsa.c

@@ -3318,7 +3318,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
             if (key->devId != INVALID_DEVID) {
                 /* SCE supports 1024 and 2048 bits */
                 ret = wc_CryptoCb_Rsa(in, inLen, out,
-                                    outLen, rsa_type, key, rng);
+                                    &outLen, rsa_type, key, rng);
                 if (ret != CRYPTOCB_UNAVAILABLE)
                     return ret;
                 /* fall-through when unavailable */
@@ -3475,7 +3475,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
            #ifdef WOLF_CRYPTO_CB
                 if (key->devId != INVALID_DEVID) {
                     ret = wc_CryptoCb_Rsa(in, inLen, out,
-                                        outLen, rsa_type, key, rng);
+                                        &outLen, rsa_type, key, rng);
                     if (ret != CRYPTOCB_UNAVAILABLE)
                       return ret;
                     /* fall-through when unavailable */