mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

change to use a cutom random generation func for PRNG

Browse Source
This commit is contained in:
Hideki Miyazaki 2023-10-09 10:57:30 +09:00
parent 210fff5569
commit f8604da8e3
6 changed files with 101 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
View File

@ -103,7 +103,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
char *cert = "./certs/ca-cert.pem";
#endif
#else
#if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256)
#if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256)
const unsigned char *cert = ca_ecc_cert_der_256;
#define SIZEOF_CERT sizeof_ca_ecc_cert_der_256
#else
@ -118,7 +118,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
#endif
/* Create and initialize WOLFSSL_CTX */
if ((client_ctx =
if ((client_ctx =
wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
printf("ERROR: failed to create WOLFSSL_CTX\n");
return;
@ -134,7 +134,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
return;
}
#else
if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT,
if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT,
SSL_FILETYPE_ASN1) != SSL_SUCCESS){
printf("ERROR: can't load certificate data\n");
return;
@ -151,24 +151,6 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
return;
}
/* set client private key data */
#if defined(WOLFSSL_TLS13) && defined(SIMPLE_TLS_TSIP_CLIENT)
if (tsip_set_clientPrivateKeyEnc(
g_key_block_data.encrypted_user_ecc256_private_key,
TSIP_ECCP256) != 0) {
printf("ERROR: can't load client-private key\n");
return;
}
#else
if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx,
ecc_clikey_der_256,
sizeof_ecc_clikey_der_256,
SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: can't load private-key data.\n");
return;
}
#endif /* WOLFSSL_TLS13 */
#else
if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
client_cert_der_2048,
@ -195,15 +177,15 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
wolfSSL_SetIOSend(client_ctx, my_IOSend);
/* use specific cipher */
if (cipherlist != NULL &&
if (cipherlist != NULL &&
wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
printf("client can't set cipher list");
return;
}
#if defined(WOLFSSL_TLS13)
if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
printf("client can't set use supported curves\n");
@ -222,11 +204,11 @@ void wolfSSL_TLS_client( )
#define BUFF_SIZE 256
static const char sendBuff[]= "Hello Server\n" ;
char rcvBuff[BUFF_SIZE] = {0};
static T_IPV4EP my_addr = { 0, 0 };
T_IPV4EP dst_addr;
if((dst_addr.ipaddr = getIPaddr(SIMPLE_TLSSEVER_IP)) == 0){
@ -248,9 +230,45 @@ void wolfSSL_TLS_client( )
goto out;
}
#ifdef SIMPLE_TLS_TSIP_CLIENT
#ifdef SIMPLE_TLS_TSIP_CLIENT
tsip_set_callback_ctx(ssl, &userContext);
#endif
/* set client private key data */
#if defined(WOLFSSL_TLS13) && defined(SIMPLE_TLS_TSIP_CLIENT)
#if defined(USE_ECC_CERT)
if (tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_private_key,
sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
TSIP_ECCP256) != 0) {
printf("ERROR: can't load client-private key\n");
return;
}
#else
if (tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
TSIP_RSA2048) != 0) {
printf("ERROR: can't load client-private key\n");
return;
}
ret = tsip_use_PublicKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_public_key), TSIP_RSA2048);
if (ret != 0) {
printf("ERROR tsip_use_PublicKey_buffer: %d\n", ret);
return;
}
#endif
#else
if (wolfSSL_use_PrivateKey_buffer(ssl,
ecc_clikey_der_256,
sizeof_ecc_clikey_der_256,
SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: can't load private-key data.\n");
return;
}
#endif /* WOLFSSL_TLS13 */
/* set callback context */
wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);

46
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
View File

@ -31,7 +31,7 @@
/*-- Renesas TSIP usage and its version ---------------------------------------
*
* "WOLFSSL_RENESAS_TSIP" definition makes wolfSSL to use H/W acceleration
* for cipher operations.
* for cipher operations.
* TSIP definition asks to have its version number.
* "WOLFSSL_RENESAS_TSIP_VER" takes following value:
* 106: TSIPv1.06
@ -54,16 +54,16 @@
*
* wolfSSL supports TLSv1.2 by default. In case you want your system to support
* TLSv1.3, uncomment line below.
*
*
*----------------------------------------------------------------------------*/
#define WOLFSSL_TLS13
/*-- Operating System related definitions --------------------------------------
*
*
* In case any real-time OS is used, define its name(e.g. FREERTOS).
* Otherwise, define "SINGLE_THREADED". They are exclusive each other.
*
*
*----------------------------------------------------------------------------*/
#if !defined(RENESAS_T4_USE)
#define FREERTOS
@ -114,23 +114,23 @@
/* USE_ECC_CERT
* This macro is for selecting root CA certificate to load, it is valid only
* in example applications. wolfSSL does not refer this macro.
* If you want to use cipher suites including ECDSA authentication in
* in example applications. wolfSSL does not refer this macro.
* If you want to use cipher suites including ECDSA authentication in
* the example applications with TSIP, enable this macro.
* In TSIP 1.13 or later version, following cipher suites are
* In TSIP 1.13 or later version, following cipher suites are
* available:
* - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SAH256
*
*
* Note that, this macro disables cipher suites including RSA
* authentication such as:
* - TLS_RSA_WITH_AES_128_CBC_SHA
* - TLS_RSA_WITH_AES_256_CBC_SHA
* - TLS_RSA_WITH_AES_256_CBC_SHA
* - TLS_RSA_WITH_AES_128_CBC_SHA256
* - TLS_RSA_WITH_AES_256_CBC_SHA256
* - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
*
*
*/
#define USE_ECC_CERT
@ -139,14 +139,14 @@
*/
/*#define WOLFSSL_CHECK_SIG_FAULTS*/
/* In this example application, Root CA cert buffer named
* "ca_ecc_cert_der_256" is used under the following macro definition
/* In this example application, Root CA cert buffer named
* "ca_ecc_cert_der_256" is used under the following macro definition
* for ECDSA.
*/
#define USE_CERT_BUFFERS_256
/* In this example application, Root CA cert buffer named
* "ca_cert_der_2048" is used under the following macro definition
/* In this example application, Root CA cert buffer named
* "ca_cert_der_2048" is used under the following macro definition
* for RSA authentication.
*/
#define USE_CERT_BUFFERS_2048
@ -159,25 +159,25 @@
#define WOLFSSL_SMALL_STACK
/*
/*
* -- "NO_ASN_TIME" macro is to avoid certificate expiration validation --
*
* Note. In your actual products, do not forget to comment-out
*
* Note. In your actual products, do not forget to comment-out
* "NO_ASN_TIME" macro. And prepare time function to get calendar time,
* otherwise, certificate expiration validation will not work.
* otherwise, certificate expiration validation will not work.
*/
/*#define NO_ASN_TIME*/
#define NO_MAIN_DRIVER
#define BENCH_EMBEDDED
#define NO_WOLFSSL_DIR
#define NO_WOLFSSL_DIR
#define WOLFSSL_NO_CURRDIR
#define NO_FILESYSTEM
#define WOLFSSL_LOG_PRINTF
#define WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MAX
#define NO_WRITEV
#define WOLFSSL_USER_CURRTIME /* for benchmark */
#define TIME_OVERRIDES
@ -210,7 +210,7 @@
/*-- Definitions for functionality negation -----------------------------------
*
*
*
*----------------------------------------------------------------------------*/
/*#define NO_RENESAS_TSIP_CRYPT*/
@ -276,3 +276,5 @@
/*-- strcasecmp */
#define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock

12
src/tls.c
View File

@ -7434,12 +7434,6 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
}
if (kse->key == NULL) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13GenEccKeyPair(ssl, kse);
if (ret != CRYPTOCB_UNAVAILABLE) {
return ret;
}
#endif
/* Allocate an ECC key to hold private key. */
kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC);
if (kse->key == NULL) {
@ -7454,6 +7448,12 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
kse->keyLen = keySize;
kse->pubKeyLen = keySize * 2 + 1;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13GenEccKeyPair(ssl, kse);
if (ret != CRYPTOCB_UNAVAILABLE) {
return ret;
}
#endif
/* setting eccKey means okay to call wc_ecc_free */
eccKey = (ecc_key*)kse->key;

24
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@ -2800,6 +2800,30 @@ WOLFSSL_LOCAL void tsip_Close(void)
WOLFSSL_LEAVE("tsip_Close", 0);
}
int wc_tsip_GenerateRandBlock(byte* output, word32 sz)
{
/* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */
int ret = 0;
word32 buffer[4];
while (sz > 0) {
word32 len = sizeof(buffer);
if (sz < len) {
len = sz;
}
/* return 4 words random number*/
ret = R_TSIP_GenerateRandomNumber((uint32_t*)buffer);
if(ret == TSIP_SUCCESS) {
XMEMCPY(output, &buffer, len);
output += len;
sz -= len;
} else
return ret;
}
return ret;
}
#if (WOLFSSL_RENESAS_TSIP_VER>=109)
void tsip_inform_user_keys_ex(
byte* encrypted_provisioning_key,

29
wolfcrypt/src/random.c
View File

@ -3445,35 +3445,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif defined(WOLFSSL_RENESAS_TSIP)
#if defined(WOLFSSL_RENESA_TSIP_IAREWRX)
#include "r_bsp/mcu/all/r_rx_compiler.h"
#endif
#include "r_bsp/platform.h"
#include "r_tsip_rx_if.h"
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret = 0;
word32 buffer[4];
while (sz > 0) {
word32 len = sizeof(buffer);
if (sz < len) {
len = sz;
}
/* return 4 words random number*/
ret = R_TSIP_GenerateRandomNumber((uint32_t*)buffer);
if(ret == TSIP_SUCCESS) {
XMEMCPY(output, &buffer, len);
output += len;
sz -= len;
} else
return ret;
}
return ret;
}
#elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
#include "hal_data.h"

1
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -639,6 +639,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx);
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int wc_tsip_GenerateRandBlock(byte* output, word32 size);
#if defined(WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG)
byte *ret2err(word32 ret);