change to use a cutom random generation func for PRNG
This commit is contained in:
Hideki Miyazaki
parent
210fff5569
commit
f8604da8e3
@ -151,24 +151,6 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
|
||||
return;
|
||||
}
|
||||
|
||||
/* set client private key data */
|
||||
#if defined(WOLFSSL_TLS13) && defined(SIMPLE_TLS_TSIP_CLIENT)
|
||||
if (tsip_set_clientPrivateKeyEnc(
|
||||
g_key_block_data.encrypted_user_ecc256_private_key,
|
||||
TSIP_ECCP256) != 0) {
|
||||
printf("ERROR: can't load client-private key\n");
|
||||
return;
|
||||
}
|
||||
#else
|
||||
if (wolfSSL_CTX_use_PrivateKey_buffer(client_ctx,
|
||||
ecc_clikey_der_256,
|
||||
sizeof_ecc_clikey_der_256,
|
||||
SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
|
||||
printf("ERROR: can't load private-key data.\n");
|
||||
return;
|
||||
}
|
||||
#endif /* WOLFSSL_TLS13 */
|
||||
|
||||
#else
|
||||
if (wolfSSL_CTX_use_certificate_chain_buffer_format(client_ctx,
|
||||
client_cert_der_2048,
|
||||
@ -252,6 +234,42 @@ void wolfSSL_TLS_client( )
|
||||
tsip_set_callback_ctx(ssl, &userContext);
|
||||
#endif
|
||||
|
||||
/* set client private key data */
|
||||
#if defined(WOLFSSL_TLS13) && defined(SIMPLE_TLS_TSIP_CLIENT)
|
||||
#if defined(USE_ECC_CERT)
|
||||
if (tsip_use_PrivateKey_buffer_TLS(ssl,
|
||||
(const char*)g_key_block_data.encrypted_user_ecc256_private_key,
|
||||
sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
|
||||
TSIP_ECCP256) != 0) {
|
||||
printf("ERROR: can't load client-private key\n");
|
||||
return;
|
||||
}
|
||||
#else
|
||||
if (tsip_use_PrivateKey_buffer_TLS(ssl,
|
||||
(const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
|
||||
sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
|
||||
TSIP_RSA2048) != 0) {
|
||||
printf("ERROR: can't load client-private key\n");
|
||||
return;
|
||||
}
|
||||
ret = tsip_use_PublicKey_buffer_TLS(ssl,
|
||||
(const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
|
||||
sizeof(g_key_block_data.encrypted_user_rsa2048_public_key), TSIP_RSA2048);
|
||||
if (ret != 0) {
|
||||
printf("ERROR tsip_use_PublicKey_buffer: %d\n", ret);
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
#else
|
||||
if (wolfSSL_use_PrivateKey_buffer(ssl,
|
||||
ecc_clikey_der_256,
|
||||
sizeof_ecc_clikey_der_256,
|
||||
SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
|
||||
printf("ERROR: can't load private-key data.\n");
|
||||
return;
|
||||
}
|
||||
#endif /* WOLFSSL_TLS13 */
|
||||
|
||||
/* set callback context */
|
||||
wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);
|
||||
wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid);
|
||||
|
||||
@ -276,3 +276,5 @@
|
||||
|
||||
/*-- strcasecmp */
|
||||
#define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
|
||||
|
||||
#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
|
||||
|
||||
12
src/tls.c
12
src/tls.c
@ -7434,12 +7434,6 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
||||
}
|
||||
|
||||
if (kse->key == NULL) {
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
|
||||
ret = tsip_Tls13GenEccKeyPair(ssl, kse);
|
||||
if (ret != CRYPTOCB_UNAVAILABLE) {
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
/* Allocate an ECC key to hold private key. */
|
||||
kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC);
|
||||
if (kse->key == NULL) {
|
||||
@ -7454,6 +7448,12 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
||||
kse->keyLen = keySize;
|
||||
kse->pubKeyLen = keySize * 2 + 1;
|
||||
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
|
||||
ret = tsip_Tls13GenEccKeyPair(ssl, kse);
|
||||
if (ret != CRYPTOCB_UNAVAILABLE) {
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
/* setting eccKey means okay to call wc_ecc_free */
|
||||
eccKey = (ecc_key*)kse->key;
|
||||
|
||||
|
||||
@ -2800,6 +2800,30 @@ WOLFSSL_LOCAL void tsip_Close(void)
|
||||
WOLFSSL_LEAVE("tsip_Close", 0);
|
||||
}
|
||||
|
||||
int wc_tsip_GenerateRandBlock(byte* output, word32 sz)
|
||||
{
|
||||
/* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */
|
||||
int ret = 0;
|
||||
word32 buffer[4];
|
||||
|
||||
while (sz > 0) {
|
||||
word32 len = sizeof(buffer);
|
||||
|
||||
if (sz < len) {
|
||||
len = sz;
|
||||
}
|
||||
/* return 4 words random number*/
|
||||
ret = R_TSIP_GenerateRandomNumber((uint32_t*)buffer);
|
||||
if(ret == TSIP_SUCCESS) {
|
||||
XMEMCPY(output, &buffer, len);
|
||||
output += len;
|
||||
sz -= len;
|
||||
} else
|
||||
return ret;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if (WOLFSSL_RENESAS_TSIP_VER>=109)
|
||||
void tsip_inform_user_keys_ex(
|
||||
byte* encrypted_provisioning_key,
|
||||
|
||||
@ -3445,35 +3445,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#elif defined(WOLFSSL_RENESAS_TSIP)
|
||||
#if defined(WOLFSSL_RENESA_TSIP_IAREWRX)
|
||||
#include "r_bsp/mcu/all/r_rx_compiler.h"
|
||||
#endif
|
||||
#include "r_bsp/platform.h"
|
||||
#include "r_tsip_rx_if.h"
|
||||
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int ret = 0;
|
||||
word32 buffer[4];
|
||||
|
||||
while (sz > 0) {
|
||||
word32 len = sizeof(buffer);
|
||||
|
||||
if (sz < len) {
|
||||
len = sz;
|
||||
}
|
||||
/* return 4 words random number*/
|
||||
ret = R_TSIP_GenerateRandomNumber((uint32_t*)buffer);
|
||||
if(ret == TSIP_SUCCESS) {
|
||||
XMEMCPY(output, &buffer, len);
|
||||
output += len;
|
||||
sz -= len;
|
||||
} else
|
||||
return ret;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
#elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
|
||||
#include "hal_data.h"
|
||||
|
||||
@ -639,6 +639,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx);
|
||||
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info,
|
||||
TsipUserCtx* tuc);
|
||||
|
||||
WOLFSSL_LOCAL int wc_tsip_GenerateRandBlock(byte* output, word32 size);
|
||||
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG)
|
||||
byte *ret2err(word32 ret);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user