1 /* renesas_tsip_util.c
2 *
3 * Copyright (C) 2006-2021 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21 #include <wolfssl/wolfcrypt/settings.h>
22
23 #if defined(WOLFSSL_RENESAS_TSIP)
24
25 #include <wolfssl/wolfcrypt/wc_port.h>
26 #include <wolfssl/wolfcrypt/memory.h>
27 #include <wolfssl/wolfcrypt/error-crypt.h>
28 #include <wolfssl/wolfcrypt/aes.h>
29 #include <wolfssl/ssl.h>
30 #include <wolfssl/internal.h>
31 #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
32 #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
33 #include <stdio.h>
34
35
36 /* function pointer typedefs for TSIP SHAxx HMAC Verification */
37 typedef e_tsip_err_t (*shaHmacInitFn)
38 (tsip_hmac_sha_handle_t*, tsip_hmac_sha_key_index_t*);
39 typedef e_tsip_err_t (*shaHmacUpdateFn)
40 (tsip_hmac_sha_handle_t*, uint8_t*, uint32_t);
41 typedef e_tsip_err_t (*shaHmacFinalFn)
42 (tsip_hmac_sha_handle_t*, uint8_t*, uint32_t);
43
44 /* ./ca-cert.der.sign, */
45 /* expect to have these variables defined at user application */
46 extern uint32_t s_flash[];
47 extern uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE];
48 extern uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE];
49
50
51 wolfSSL_Mutex tsip_mutex;
52 static int tsip_CryptHwMutexInit_ = 0;
53 static const byte* ca_cert_sig;
54 static tsip_key_data g_user_key_info;
55
56
57 /* tsip only keep one encrypted ca public key */
58 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
59 static uint32_t g_encrypted_publicCA_key[R_TSIP_SINST_WORD_SIZE];
60
61 /* index of CM table. must be global since renesas_common access it. */
62 extern uint32_t g_CAscm_Idx;
63
64 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
65
66
67
tsip_CryptHwMutexInit(wolfSSL_Mutex * mutex)68 static int tsip_CryptHwMutexInit(wolfSSL_Mutex* mutex)
69 {
70 return wc_InitMutex(mutex);
71 }
72
tsip_CryptHwMutexLock(wolfSSL_Mutex * mutex)73 static int tsip_CryptHwMutexLock(wolfSSL_Mutex* mutex)
74 {
75 return wc_LockMutex(mutex);
76 }
77
tsip_CryptHwMutexUnLock(wolfSSL_Mutex * mutex)78 static int tsip_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
79 {
80 return wc_UnLockMutex(mutex);
81 }
82
83 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109)
84
GetTsipCipherSuite(uint8_t cipherSuiteFirst,uint8_t cipherSuite)85 static uint32_t GetTsipCipherSuite(
86 uint8_t cipherSuiteFirst,
87 uint8_t cipherSuite)
88 {
89 WOLFSSL_ENTER("GetTsipCipherSuite");
90 uint32_t tsipCipher;
91
92 if(cipherSuiteFirst == CIPHER_BYTE )
93 {
94 switch(cipherSuite){
95
96 case TLS_RSA_WITH_AES_128_CBC_SHA: /*2F*/
97 tsipCipher = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA; /*0*/
98 break;
99
100 case TLS_RSA_WITH_AES_128_CBC_SHA256:
101 tsipCipher = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA256;
102 break;
103
104 case TLS_RSA_WITH_AES_256_CBC_SHA:
105 tsipCipher = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA;
106 break;
107
108 case TLS_RSA_WITH_AES_256_CBC_SHA256:
109 tsipCipher = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA256;
110 break;
111
112 default:
113 tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE;
114 break;
115 }
116 WOLFSSL_LEAVE("GetTsipCipherSuite", tsipCipher);
117 return tsipCipher;
118 }
119 else if( cipherSuiteFirst == ECC_BYTE )
120 {
121 tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE;
122
123 switch(cipherSuite){
124
125 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
126 tsipCipher = R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
127 break;
128
129 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
130 tsipCipher = R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
131 break;
132
133 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
134 tsipCipher = R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
135 break;
136
137 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
138 tsipCipher = R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
139 break;
140
141 default:
142 tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE;
143 break;
144 }
145 }
146 else{
147 tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE;
148 }
149
150 WOLFSSL_LEAVE("GetTsipCipherSuite", tsipCipher);
151
152 return tsipCipher;
153 }
154
155 /* Attempt to get a public key exchaged with the peer in ECDHE.
156 * the public key is verified by given signature then stored into ctx.
157 *
158 * return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure.
159 */
tsip_ServerKeyExVerify(word32 type,WOLFSSL * ssl,const byte * sig,word32 sigSz,void * ctx)160 static int tsip_ServerKeyExVerify(
161 word32 type, /* public key type 0:RSA2048 2:ECDSA P-256 */
162 WOLFSSL* ssl,
163 const byte* sig,
164 word32 sigSz,
165 void* ctx)
166 {
167 int ret = WOLFSSL_FAILURE;
168 byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
169 byte* peerkey = NULL;
170 word32 qxLen = sizeof(qx), qyLen = sizeof(qy);
171 TsipUserCtx* userCtx;
172
173 WOLFSSL_ENTER("tsip_ServerKeyExVerify");
174
175 /* sanity check */
176 if (ssl == NULL || sig == NULL || ctx == NULL)
177 return ret;
178
179 userCtx = (TsipUserCtx*)ctx;
180
181 /* export public peer public key */
182 ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen);
183
184 if (ret != 0){
185 WOLFSSL_MSG("failed to export peer ecc key");
186 WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret);
187 return ret;
188 }
189 /* make peer ecc key data for SCE */
190 /* 0padding(24bit) || 04(8bit) || Qx(256bit) || Qy(256bit) */
191 peerkey = (byte*)XMALLOC((3 + 1 + qxLen + qyLen), NULL,
192 DYNAMIC_TYPE_TMP_BUFFER);
193 if (peerkey == NULL) {
194 WOLFSSL_MSG("failed to malloc ecc key");
195 WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret);
196 return WOLFSSL_FAILURE;
197 }
198
199 XMEMSET(peerkey, 0, (3 + 1 + qxLen + qyLen));
200 peerkey[3] = ECC_POINT_UNCOMP;
201 XMEMCPY(&peerkey[4], qx, qxLen);
202 XMEMCPY(&peerkey[4+qxLen], qy, qyLen);
203
204 /* 0 : RSA 2048bit, 1 : Reserved, 2 : ECDSA P-256 */
205 if ((ret = tsip_hw_lock()) == 0) {
206 ret = R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves(
207 type,
208 (uint8_t*) ssl->arrays->clientRandom,
209 (uint8_t*) ssl->arrays->serverRandom,
210 (uint8_t*) peerkey,
211 (uint8_t*) sig,
212 (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
213 (uint32_t*)userCtx->encrypted_ephemeral_ecdh_public_key);
214
215 if (ret !=TSIP_SUCCESS) {
216 WOLFSSL_MSG("R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves failed");
217 }
218 else {
219 ret = WOLFSSL_SUCCESS;
220 }
221
222 tsip_hw_unlock();
223 }
224 else {
225 WOLFSSL_MSG("Failed to lock tsip hw");
226 }
227
228 XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER);
229
230 WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret);
231 return ret;
232 }
233 /*
234 * return 0 on success
235 */
wc_tsip_RsaVerify(WOLFSSL * ssl,byte * sig,word32 sigSz,byte ** out,const byte * key,word32 keySz,void * ctx)236 int wc_tsip_RsaVerify(
237 WOLFSSL* ssl,
238 byte* sig, word32 sigSz,
239 byte** out,
240 const byte* key,
241 word32 keySz,
242 void* ctx)
243 {
244 int ret;
245
246 WOLFSSL_ENTER("tsip_RsaVerify");
247
248 if (tsip_usable(ssl, 0))
249 ret = tsip_ServerKeyExVerify(0, ssl, sig, sigSz, ctx);
250 else
251 ret = CRYPTOCB_UNAVAILABLE;
252
253 if (ret == WOLFSSL_SUCCESS)
254 ret = 0;
255
256 WOLFSSL_LEAVE("tsip_RsaVerify", ret);
257 return ret;
258 }
259 /*
260 * return 0 on success
261 */
wc_tsip_EccVerify(WOLFSSL * ssl,const byte * sig,word32 sigSz,const byte * hash,word32 hashSz,const byte * key,word32 keySz,int * result,void * ctx)262 int wc_tsip_EccVerify(
263 WOLFSSL* ssl,
264 const byte* sig, word32 sigSz,
265 const byte* hash, word32 hashSz,
266 const byte* key, word32 keySz,
267 int* result, void* ctx)
268 {
269 int ret = WOLFSSL_FAILURE;
270 uint8_t* sigforSCE;
271 uint8_t* pSig;
272 const byte rs_size = R_TSIP_ECDSA_DATA_BYTE_SIZE/2;
273 byte offset = 0x3;
274
275 WOLFSSL_ENTER("wc_tsip_EccVerify");
276
277 /* check if TSIP can handle given cipher suite */
278 if (!tsip_usable(ssl, 0)) {
279 WOLFSSL_MSG("Cannot handle cipher suite by TSIP");
280 WOLFSSL_LEAVE("wc_tsip_EccVerify", CRYPTOCB_UNAVAILABLE);
281 return CRYPTOCB_UNAVAILABLE;
282 }
283
284 sigforSCE = (uint8_t*)XMALLOC(R_TSIP_ECDSA_DATA_BYTE_SIZE, NULL,
285 DYNAMIC_TYPE_TMP_BUFFER);
286
287 if (sigforSCE == NULL) {
288 WOLFSSL_MSG("failed to malloc memory");
289 WOLFSSL_LEAVE("wc_tsip_EccVerify", MEMORY_E);
290 return MEMORY_E;
291 }
292
293 /* initialization */
294 XMEMCPY(sigforSCE, 0, R_TSIP_ECDSA_DATA_BYTE_SIZE);
295
296 /* r */
297 if (sig[offset] == 0x20) {
298 XMEMCPY(sigforSCE, &sig[offset+1], rs_size);
299
300 offset = 0x25;
301 /* s */
302 if (sig[offset] == 0x20) {
303 XMEMCPY(&sigforSCE[rs_size], &sig[offset+1], rs_size);
304 }
305 else {
306 XMEMCPY(&sigforSCE[rs_size], &sig[offset+2], rs_size);
307 }
308 }
309 else {
310 XMEMCPY(sigforSCE, &sig[offset+2], rs_size);
311
312 offset = 0x26;
313 /* s */
314 if (sig[offset] == rs_size) {
315 XMEMCPY(&sigforSCE[rs_size], &sig[offset+1], rs_size);
316 }
317 else {
318 XMEMCPY(&sigforSCE[rs_size], &sig[offset+2], rs_size);
319 }
320 }
321
322 pSig = sigforSCE;
323
324 ret = tsip_ServerKeyExVerify(2, ssl, pSig, 64, ctx);
325
326 if (ret == WOLFSSL_SUCCESS) {
327 *result = 1;
328 ret = 0; /* for success */
329 }
330 else
331 *result = 0;
332
333 WOLFSSL_LEAVE("wc_tsip_EccVerify", ret);
334 return ret;
335 }
336
337 /*
338 * generate premaster secret
339 * 1. generate P256 ECC key pair for ECDHE key exchange
340 * 2. generate pre-master secret
341 * output 64 bytes premaster secret to "out" buffer.
342 */
wc_tsip_EccSharedSecret(struct WOLFSSL * ssl,ecc_key * otherKey,unsigned char * pubKeyDer,unsigned int * pubKeySz,unsigned char * out,unsigned int * outlen,int side,void * ctx)343 int wc_tsip_EccSharedSecret(
344 struct WOLFSSL* ssl,
345 ecc_key* otherKey,
346 unsigned char* pubKeyDer, unsigned int* pubKeySz,
347 unsigned char* out, unsigned int* outlen,
348 int side, void* ctx)
349 {
350 int ret;
351 TsipUserCtx* usrCtx = (TsipUserCtx*)ctx;
352
353 (void)ssl;
354 (void)otherKey;
355
356 WOLFSSL_ENTER("wc_tsip_EccSharedSecret");
357 /* sanity check */
358 if (ssl == NULL || pubKeyDer == NULL || pubKeySz == NULL ||
359 out == NULL || outlen == NULL || ctx == NULL) {
360 WOLFSSL_LEAVE("wc_tsip_EccSharedSecret", WOLFSSL_FAILURE);
361 return WOLFSSL_FAILURE;
362 }
363 if ((ret = tsip_hw_lock()) == 0) {
364 /* Generate ECC public key for key exchange */
365 ret = R_TSIP_GenerateTlsP256EccKeyIndex(
366 &usrCtx->ecc_p256_wrapped_key,
367 (uint8_t*)&usrCtx->ecc_ecdh_public_key);
368
369 if (ret == TSIP_SUCCESS) {
370
371 /* copy generated ecdh public key into buffer */
372 pubKeyDer[0] = ECC_POINT_UNCOMP;
373 *pubKeySz = 1 + sizeof(usrCtx->ecc_ecdh_public_key);
374 XMEMCPY(&pubKeyDer[1], &usrCtx->ecc_ecdh_public_key,
375 sizeof(usrCtx->ecc_ecdh_public_key));
376
377 /* Generate Premaster Secret */
378 ret = R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key(
379 (uint32_t*)&usrCtx->encrypted_ephemeral_ecdh_public_key,
380 &usrCtx->ecc_p256_wrapped_key,
381 (uint32_t*)out/* pre-master secret 64 bytes */);
382 }
383 if (ret == TSIP_SUCCESS) {
384 *outlen = 64;
385 wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx,
386 Renesas_cmn_genMasterSecret);
387 wolfSSL_SetGenMasterSecretCtx(ssl, usrCtx);
388
389 }
390
391 tsip_hw_unlock();
392 }
393 else {
394 WOLFSSL_MSG("Failed to lock tsip hw");
395 }
396 WOLFSSL_LEAVE("wc_tsip_EccSharedSecret", ret);
397 return ret;
398 }
399
400
tsip_set_callbacks(struct WOLFSSL_CTX * ctx)401 WOLFSSL_API void tsip_set_callbacks(struct WOLFSSL_CTX* ctx)
402 {
403 WOLFSSL_ENTER("tsip_set_callbacks");
404 wolfSSL_CTX_SetEccVerifyCb(ctx, (CallbackEccVerify)Renesas_cmn_EccVerify);
405 wolfSSL_CTX_SetRsaVerifyCb(ctx, (CallbackRsaVerify)Renesas_cmn_RsaVerify);
406 wolfSSL_CTX_SetGenPreMasterCb(ctx, Renesas_cmn_generatePremasterSecret);
407 wolfSSL_CTX_SetRsaEncCb(ctx, Renesas_cmn_RsaEnc);
408 wolfSSL_CTX_SetVerifyMacCb(ctx, (CallbackVerifyMac)Renesas_cmn_VerifyHmac);
409 wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
410 WOLFSSL_LEAVE("tsip_set_callbacks", 0);
411 }
412
tsip_set_callback_ctx(struct WOLFSSL * ssl,void * user_ctx)413 WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx)
414 {
415 WOLFSSL_ENTER("tsip_set_callback_ctx");
416
417 TsipUserCtx* uCtx = (TsipUserCtx*)user_ctx;
418 if (user_ctx == NULL) {
419 WOLFSSL_LEAVE("tsip_set_callback_ctx", 0);
420 return 0;
421 }
422 XMEMSET( uCtx, 0, sizeof(TsipUserCtx));
423
424 wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
425 wolfSSL_SetRsaEncCtx(ssl, user_ctx);
426 wolfSSL_SetRsaVerifyCtx(ssl, user_ctx);
427 wolfSSL_SetGenPreMasterCtx(ssl, user_ctx);
428 wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
429 wolfSSL_SetVerifyMacCtx(ssl, user_ctx);
430
431 /* set up crypt callback */
432 wc_CryptoCb_CryptInitRenesasCmn(ssl, user_ctx);
433 WOLFSSL_LEAVE("tsip_set_callback_ctx", 0);
434 return 0;
435 }
436
437 #elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=106)
438
439 /* convert def to tsip define */
_tls2tsipdef(byte cipher)440 static byte _tls2tsipdef(byte cipher)
441 {
442 byte def = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA;
443 switch(cipher){
444 case l_TLS_RSA_WITH_AES_128_CBC_SHA:
445 break;
446 case l_TLS_RSA_WITH_AES_128_CBC_SHA256:
447 def = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA256;
448 break;
449 case l_TLS_RSA_WITH_AES_256_CBC_SHA:
450 def = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA;
451 break;
452 case l_TLS_RSA_WITH_AES_256_CBC_SHA256:
453 def = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA256;
454 break;
455 default:break;
456 }
457 return def;
458 }
459 #endif
460 /*
461 * lock hw engine.
462 * this should be called before using engine.
463 */
tsip_hw_lock()464 WOLFSSL_LOCAL int tsip_hw_lock()
465 {
466 int ret = 0;
467
468 if (tsip_CryptHwMutexInit_ == 0) {
469
470 ret = tsip_CryptHwMutexInit(&tsip_mutex);
471
472 if (ret == 0) {
473 tsip_CryptHwMutexInit_ = 1;
474 }
475 else {
476 WOLFSSL_MSG(" mutex initialization failed.");
477 return -1;
478 }
479 }
480 if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) {
481 /* this should not happens */
482 return -1;
483 }
484
485 return ret;
486 }
487
488 /*
489 * release hw engine
490 */
tsip_hw_unlock(void)491 WOLFSSL_LOCAL void tsip_hw_unlock( void )
492 {
493 tsip_CryptHwMutexUnLock(&tsip_mutex);
494 }
495
496 /* check if tsip tls functions can be used for the cipher */
497 /* return :1 when tsip can be used , 0 not be used. */
tsip_usable(const struct WOLFSSL * ssl,uint8_t session_key_generated)498 int tsip_usable(const struct WOLFSSL *ssl, uint8_t session_key_generated)
499 {
500 byte cipher0 = ssl->options.cipherSuite0;
501 byte cipher = ssl->options.cipherSuite;
502 byte side = ssl->options.side;
503 int ret = WOLFSSL_SUCCESS;
504 const Ciphers *enc;
505 const Ciphers *dec;
506
507 WOLFSSL_ENTER("tsip_usable");
508
509 /* sanity check */
510 if (ssl == NULL) {
511 WOLFSSL_MSG( "ssl is NULL");
512 ret = BAD_FUNC_ARG;
513 }
514
515 /* when rsa key index == NULL, tsip isn't used for cert verification. */
516 /* in the case, we cannot use TSIP. */
517 if (ret == WOLFSSL_SUCCESS) {
518 if (!ssl->peerSceTsipEncRsaKeyIndex) {
519 WOLFSSL_MSG( "ssl->peerSceTsipEncRsaKeyIndex is NULL");
520 ret = WOLFSSL_FAILURE;
521 }
522 }
523
524 if (ret == WOLFSSL_SUCCESS) {
525 if (session_key_generated) {
526 enc = &ssl->encrypt;
527 dec = &ssl->decrypt;
528 if (enc == NULL || dec == NULL) {
529 /* something wrong */
530 ret = WOLFSSL_FAILURE;
531 }
532 if (enc->aes == NULL || dec->aes == NULL) {
533 ret = WOLFSSL_FAILURE;
534 }
535 if (enc->aes->ctx.setup == 0) {
536 /* session key for SCE is not created */
537 ret = WOLFSSL_FAILURE;
538 }
539 }
540 }
541
542 /* when enabled Extended Master Secret, we cannot use TSIP. */
543
544 if (ret == WOLFSSL_SUCCESS) {
545 if (ssl->options.haveEMS) {
546 WOLFSSL_MSG( "ssl->options.haveEMS");
547 ret = WOLFSSL_FAILURE;
548 }
549 }
550 /* TSIP works only for TLS client */
551 if (ret == WOLFSSL_SUCCESS) {
552 if (side != WOLFSSL_CLIENT_END) {
553 WOLFSSL_MSG( "Not client side");
554 ret = WOLFSSL_FAILURE;
555 }
556 }
557 /* Check if TSIP can handle cipher suite */
558 if (ret == WOLFSSL_SUCCESS) {
559 if (
560 cipher0 == CIPHER_BYTE &&
561 (cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA ||
562 cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA256 ||
563 cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA ||
564 cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA256)
565 # if (WOLFSSL_RENESAS_TSIP_VER >= TSIP109)
566 ||
567 cipher0 == ECC_BYTE &&
568 (cipher == l_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ||
569 cipher == l_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ||
570 cipher == l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ||
571 cipher == l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
572 #endif
573 ) {
574 WOLFSSL_MSG("supported cipher suite");
575 }
576 else {
577 WOLFSSL_MSG("unsupported cipher suite");
578 ret = WOLFSSL_FAILURE;;
579 }
580 }
581
582 WOLFSSL_LEAVE("tsip_usable", ret);
583 return ret;
584 }
585
586
587
588 /* open TSIP driver
589 * return 0 on success.
590 */
tsip_Open()591 WOLFSSL_LOCAL int tsip_Open()
592 {
593 int ret = TSIP_SUCCESS;
594
595 WOLFSSL_ENTER("tsip_Open");
596
597 if ((ret = tsip_hw_lock()) == 0) {
598
599 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=109)
600
601 ret = R_TSIP_Open(NULL,NULL);
602 if ( ret != TSIP_SUCCESS ) {
603 WOLFSSL_MSG("RENESAS TSIP Open failed");
604 }
605
606 if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
607
608 ret = R_TSIP_GenerateTlsRsaPublicKeyIndex(
609 g_user_key_info.encrypted_provisioning_key,
610 g_user_key_info.iv,
611 g_user_key_info.encrypted_user_tls_key,
612 &g_user_key_info.user_rsa2048_tls_pubindex); /* OUT */
613
614 R_TSIP_Close(); /* close once */
615
616 if (ret != TSIP_SUCCESS){
617
618 WOLFSSL_MSG("R_TSIP_GenerataeTlsRsa: NG" );
619
620 }
621 else {
622
623 /* open again with newly created TLS public key index*/
624 ret = R_TSIP_Open(
625 &g_user_key_info.user_rsa2048_tls_pubindex,
626 (tsip_update_key_ring_t*)s_inst2);
627
628 if (ret != TSIP_SUCCESS) {
629 WOLFSSL_MSG("R_TSIP_(Re)Open: NG");
630 }
631 /* init vars */
632 g_CAscm_Idx = (uint32_t)-1;
633 }
634 }
635
636 #elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER>=106)
637
638 ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
639 if (ret != TSIP_SUCCESS) {
640 WOLFSSL_MSG("RENESAS TSIP Open failed");
641 }
642
643 /* generate TLS Rsa public key for Certificate verification */
644 if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
645 ret = R_TSIP_GenerateTlsRsaPublicKeyIndex(
646 g_user_key_info.encrypted_session_key,
647 g_user_key_info.iv,
648 g_user_key_info.encrypted_user_tls_key,
649 &g_user_key_info.user_rsa2048_tls_pubindex);
650
651 if (ret != TSIP_SUCCESS) {
652 WOLFSSL_MSG("R_TSIP_GenerateTlsRsaPublicKeyIndex failed");
653 }
654 else {
655 /* close once */
656 tsip_Close( );
657 /* open again with s_inst[] */
658 XMEMCPY(s_inst1,
659 g_user_key_info.user_rsa2048_tls_pubindex.value,
660 sizeof(s_inst1));
661 ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
662 if (ret != TSIP_SUCCESS) {
663 WOLFSSL_MSG("R_TSIP_(Re)Open failed");
664 }
665 /* init vars */
666 g_CAscm_Idx = (uint32_t)-1;
667 }
668 }
669 #else
670 ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
671 if (ret != TSIP_SUCCESS) {
672 WOLFSSL_MSG("RENESAS TSIP Open failed");
673 }
674 #endif
675 /* unlock hw */
676 tsip_hw_unlock();
677 }
678 else
679 WOLFSSL_MSG("Failed to lock tsip hw ");
680
681 WOLFSSL_LEAVE( "tsip_Open", ret);
682 return ret;
683 }
684
685 /* close TSIP driver */
tsip_Close()686 WOLFSSL_LOCAL void tsip_Close()
687 {
688 WOLFSSL_ENTER("tsip_Close");
689 int ret;
690
691 if ((ret = tsip_hw_lock()) == 0) {
692 /* close TSIP */
693 ret = R_TSIP_Close();
694 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
695 g_CAscm_Idx = (uint32_t)-1;
696 #endif
697 /* unlock hw */
698 tsip_hw_unlock();
699 if (ret != TSIP_SUCCESS) {
700 WOLFSSL_MSG("RENESAS TSIP Close failed");
701 }
702 }
703 else
704 WOLFSSL_MSG("Failed to unlock tsip hw ");
705 WOLFSSL_LEAVE("tsip_Close", 0);
706 }
707
708 /* Support functions for TSIP TLS Capability */
709 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
710
711 /* to inform ca certificate sign */
712 /* signature format expects RSA 2048 PSS with SHA256 */
tsip_inform_cert_sign(const byte * sign)713 void tsip_inform_cert_sign(const byte *sign)
714 {
715 if(sign)
716 ca_cert_sig = sign;
717 }
718 #if (WOLFSSL_RENESAS_TSIP_VER>=109)
tsip_inform_user_keys_ex(byte * encrypted_provisioning_key,byte * iv,byte * encrypted_user_tls_key,word32 encrypted_user_tls_key_type)719 void tsip_inform_user_keys_ex(
720 byte* encrypted_provisioning_key,
721 byte* iv,
722 byte* encrypted_user_tls_key,
723 word32 encrypted_user_tls_key_type)
724 {
725 WOLFSSL_ENTER("tsip_inform_user_keys_ex");
726 g_user_key_info.encrypted_provisioning_key = NULL;
727 g_user_key_info.iv = NULL;
728
729 if ( encrypted_provisioning_key ) {
730 g_user_key_info.encrypted_provisioning_key = encrypted_provisioning_key;
731 }
732 if ( iv ) {
733 g_user_key_info.iv = iv;
734 }
735 if ( encrypted_user_tls_key ) {
736 g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key;
737 }
738
739 g_user_key_info.encrypted_user_tls_key_type = encrypted_user_tls_key_type;
740 WOLFSSL_LEAVE("tsip_inform_user_keys_ex", 0);
741 }
742 #elif (WOLFSSL_RENESAS_TSIP_VER>=106)
743 /* inform user key */
744 /* the function expects to be called from user application */
745 /* user has to create these key information by Renesas tool in advance.*/
tsip_inform_user_keys(byte * encrypted_session_key,byte * iv,byte * encrypted_user_tls_key)746 void tsip_inform_user_keys(
747 byte *encrypted_session_key,
748 byte *iv,
749 byte *encrypted_user_tls_key)
750 {
751 g_user_key_info.encrypted_session_key = NULL;
752 g_user_key_info.iv = NULL;
753 g_user_key_info.encrypted_user_tls_key = NULL;
754
755 if ( encrypted_session_key ) {
756 g_user_key_info.encrypted_session_key = encrypted_session_key;
757 }
758 if ( iv ) {
759 g_user_key_info.iv = iv;
760 }
761 if ( encrypted_user_tls_key ) {
762 g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key;
763 }
764 }
765 #endif
766
767
768
769 /* Sha1Hmac */
wc_tsip_Sha1HmacGenerate(const struct WOLFSSL * ssl,const byte * myInner,word32 innerSz,const byte * in,word32 sz,byte * digest)770 int wc_tsip_Sha1HmacGenerate(
771 const struct WOLFSSL *ssl,
772 const byte* myInner,
773 word32 innerSz,
774 const byte* in,
775 word32 sz,
776 byte* digest)
777 {
778 WOLFSSL_ENTER("wc_tsip_Sha1HmacGenerate()");
779
780 tsip_hmac_sha_handle_t _handle;
781 tsip_hmac_sha_key_index_t key_index;
782 int ret;
783
784 if ((ssl == NULL) || (myInner == NULL) || (in == NULL) ||
785 (digest == NULL)){
786 WOLFSSL_LEAVE("wc_tsip_Sha1HmacGenerate", BAD_FUNC_ARG);
787 return BAD_FUNC_ARG;
788 }
789
790 if ((ret = tsip_hw_lock()) != 0) {
791 WOLFSSL_MSG("hw lock failed");
792 WOLFSSL_LEAVE("wc_tsip_Sha1HmacGenerate", ret);
793 return ret;
794 }
795
796 key_index = ssl->keys.tsip_client_write_MAC_secret;
797
798 ret = R_TSIP_Sha1HmacGenerateInit(
799 &_handle,
800 &key_index);
801
802 if (ret == TSIP_SUCCESS)
803 ret = R_TSIP_Sha1HmacGenerateUpdate(
804 &_handle,
805 (uint8_t*)myInner,
806 (uint32_t)innerSz);
807
808 if (ret == TSIP_SUCCESS)
809 ret = R_TSIP_Sha1HmacGenerateUpdate(
810 &_handle,
811 (uint8_t*)in,
812 sz);
813
814 if (ret == TSIP_SUCCESS)
815 ret = R_TSIP_Sha1HmacGenerateFinal(
816 &_handle,
817 digest);
818
819 tsip_hw_unlock();
820
821 WOLFSSL_LEAVE("wc_tsip_Sha1HmacGenerate", ret);
822 return ret;
823 }
824
825
826 /* Sha256Hmac */
wc_tsip_Sha256HmacGenerate(const struct WOLFSSL * ssl,const byte * myInner,word32 innerSz,const byte * in,word32 sz,byte * digest)827 int wc_tsip_Sha256HmacGenerate(
828 const struct WOLFSSL *ssl,
829 const byte* myInner,
830 word32 innerSz,
831 const byte* in,
832 word32 sz,
833 byte* digest)
834 {
835 WOLFSSL_ENTER("wc_tsip_Sha256HmacGenerate");
836
837 tsip_hmac_sha_handle_t _handle;
838 tsip_hmac_sha_key_index_t key_index;
839 int ret;
840
841 if ((ssl == NULL) || (myInner == NULL) || (in == NULL) ||
842 (digest == NULL))
843 return BAD_FUNC_ARG;
844
845 key_index = ssl->keys.tsip_client_write_MAC_secret;
846
847 if ((ret = tsip_hw_lock()) != 0) {
848 WOLFSSL_MSG("hw lock failed");
849 return ret;
850 }
851
852 ret = R_TSIP_Sha256HmacGenerateInit(
853 &_handle,
854 &key_index);
855
856 if (ret == TSIP_SUCCESS) {
857 ret = R_TSIP_Sha256HmacGenerateUpdate(
858 &_handle,
859 (uint8_t*)myInner,
860 innerSz);
861 }
862 else {
863 WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed");
864 }
865
866 if (ret == TSIP_SUCCESS) {
867 ret = R_TSIP_Sha256HmacGenerateUpdate(
868 &_handle,
869 (uint8_t*)in,
870 sz);
871 }
872 else {
873 WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateUpdate: inner failed");
874 }
875 if (ret == TSIP_SUCCESS) {
876
877 ret = R_TSIP_Sha256HmacGenerateFinal(
878 &_handle,
879 digest);
880 }
881 else {
882 WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateUpdate: in failed");
883 }
884 if (ret != TSIP_SUCCESS) {
885 WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed");
886 ret = 1;
887 }
888 /* unlock hw */
889 tsip_hw_unlock();
890 WOLFSSL_LEAVE("wc_tsip_Sha256HmacGenerate", ret);
891 return ret;
892 }
893 /*
894 * Perform SHA1 and SHA256 Hmac verification
895 */
wc_tsip_ShaXHmacVerify(const struct WOLFSSL * ssl,const byte * message,word32 messageSz,word32 macSz,word32 content)896 int wc_tsip_ShaXHmacVerify(
897 const struct WOLFSSL *ssl,
898 const byte* message,
899 word32 messageSz,
900 word32 macSz,
901 word32 content)
902 {
903 WOLFSSL_ENTER("tsip_ShaXHmacVerify");
904
905 tsip_hmac_sha_handle_t handle;
906 tsip_hmac_sha_key_index_t wrapped_key;
907
908 shaHmacInitFn initFn = NULL;
909 shaHmacUpdateFn updateFn = NULL;
910 shaHmacFinalFn finalFn = NULL;
911
912 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
913 int ret;
914
915 if ((ssl == NULL) || (message == NULL)){
916 WOLFSSL_LEAVE("tsip_ShaXHmacVerify", BAD_FUNC_ARG);
917 return BAD_FUNC_ARG;
918 }
919 wrapped_key = ssl->keys.tsip_server_write_MAC_secret;
920
921 if (wrapped_key.type == TSIP_KEY_INDEX_TYPE_HMAC_SHA1_FOR_TLS) {
922 WOLFSSL_MSG("perform Sha1-Hmac verification");
923 initFn = R_TSIP_Sha1HmacVerifyInit;
924 updateFn = R_TSIP_Sha1HmacVerifyUpdate;
925 finalFn = R_TSIP_Sha1HmacVerifyFinal;
926 }
927 else if (wrapped_key.type == TSIP_KEY_INDEX_TYPE_HMAC_SHA256_FOR_TLS) {
928 WOLFSSL_MSG("perform Sha256-Hmac verification");
929 initFn = R_TSIP_Sha256HmacVerifyInit;
930 updateFn = R_TSIP_Sha256HmacVerifyUpdate;
931 finalFn = R_TSIP_Sha256HmacVerifyFinal;
932 }
933 else {
934 WOLFSSL_MSG("unsupported key type");
935 WOLFSSL_LEAVE("tsip_ShaXHmacVerify", BAD_FUNC_ARG);
936 return BAD_FUNC_ARG;
937 }
938
939 if ((ret = tsip_hw_lock()) != 0) {
940 WOLFSSL_MSG("hw lock failed\n");
941 WOLFSSL_LEAVE("tsip_ShaXHmacVerify", ret);
942 return ret;
943 }
944
945 wolfSSL_SetTlsHmacInner((struct WOLFSSL*)ssl, (byte*)myInner,
946 messageSz, content, 1);
947
948 ret = initFn(&handle, &wrapped_key);
949
950 if (ret == TSIP_SUCCESS) {
951 ret = updateFn(&handle, myInner, WOLFSSL_TLS_HMAC_INNER_SZ);
952 }
953 if (ret == TSIP_SUCCESS) {
954 ret = updateFn(&handle, (uint8_t*)message, (uint32_t)messageSz);
955 }
956 if (ret == TSIP_SUCCESS) {
957 ret = finalFn(&handle, (uint8_t*)(message + messageSz), (uint32_t)macSz);
958 }
959 if (ret != TSIP_SUCCESS) {
960 WOLFSSL_MSG("TSIP Mac verification failed");
961 }
962
963 /* unlock hw */
964 tsip_hw_unlock();
965 WOLFSSL_LEAVE("tsip_ShaXHmacVerify", ret);
966 return ret;
967 }
968
969 /* generate Verify Data based on master secret */
wc_tsip_generateVerifyData(const byte * ms,const byte * side,const byte * handshake_hash,byte * hashes)970 int wc_tsip_generateVerifyData(
971 const byte* ms, /* master secret */
972 const byte* side, /* 0:client-side 1:server-side */
973 const byte* handshake_hash,
974 byte* hashes) /* out */
975 {
976 int ret ;
977 uint32_t l_side = R_TSIP_TLS_GENERATE_CLIENT_VERIFY;
978
979 WOLFSSL_ENTER("tsip_generateVerifyData");
980
981 if ((ms == NULL) || (side == NULL) || (handshake_hash == NULL) ||
982 (hashes == NULL)) {
983 WOLFSSL_LEAVE("tsip_generateVerifyData", BAD_FUNC_ARG);
984 return BAD_FUNC_ARG;
985 }
986 if (XSTRNCMP((const char*)side, (const char*)tls_server, FINISHED_LABEL_SZ)
987 == 0)
988 {
989 l_side = R_TSIP_TLS_GENERATE_SERVER_VERIFY;
990 }
991
992 if ((ret = tsip_hw_lock()) == 0) {
993 ret = R_TSIP_TlsGenerateVerifyData(l_side, (uint32_t*)ms,
994 (uint8_t*)handshake_hash, hashes/* out */);
995 if (ret != TSIP_SUCCESS) {
996 WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed");
997 }
998 }
999 /* unlock hw */
1000 tsip_hw_unlock();
1001 WOLFSSL_LEAVE("tsip_generateVerifyData", ret);
1002 return ret;
1003 }
1004
1005 /* generate keys for TLS communication */
wc_tsip_generateSessionKey(struct WOLFSSL * ssl,TsipUserCtx * ctx,int devId)1006 int wc_tsip_generateSessionKey(
1007 struct WOLFSSL *ssl,
1008 TsipUserCtx* ctx,
1009 int devId)
1010 {
1011 int ret;
1012 Ciphers *enc;
1013 Ciphers *dec;
1014 tsip_hmac_sha_key_index_t key_client_mac;
1015 tsip_hmac_sha_key_index_t key_server_mac;
1016 tsip_aes_key_index_t key_client_aes;
1017 tsip_aes_key_index_t key_server_aes;
1018
1019 WOLFSSL_ENTER("wc_tsip_generateSessionKey()");
1020
1021 if (ssl== NULL)
1022 return BAD_FUNC_ARG;
1023
1024 if ((ret = tsip_hw_lock()) == 0) {
1025
1026 #if (WOLFSSL_RENESAS_TSIP_VER>=109)
1027
1028 uint32_t tsipCS = GetTsipCipherSuite(ssl->options.cipherSuite0,
1029 ssl->options.cipherSuite);
1030
1031 if (tsipCS == R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ||
1032 tsipCS == R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) {
1033 WOLFSSL_MSG("Session key for AES-GCM generation skipped.");
1034
1035 /* Do not release ssl-> arrays to reference the master secret and
1036 * randoms, as the AES GCM session key will be generated in
1037 * encryption or decription timing.
1038 */
1039 wolfSSL_KeepArrays(ssl);
1040 ret = TSIP_SUCCESS;
1041 }
1042 else {
1043
1044 ret = R_TSIP_TlsGenerateSessionKey(
1045 tsipCS,
1046 (uint32_t*)ssl->arrays->tsip_masterSecret,
1047 (uint8_t*) ssl->arrays->clientRandom,
1048 (uint8_t*) ssl->arrays->serverRandom,
1049 NULL, /* nonce is required only for AES-GCM key */
1050 &key_client_mac,
1051 &key_server_mac,
1052 &key_client_aes,
1053 &key_server_aes,
1054 NULL, NULL);
1055 }
1056 #else /* WOLFSSL_RENESAS_TSIP_VER < 109 */
1057
1058 ret = R_TSIP_TlsGenerateSessionKey(
1059 _tls2tsipdef(ssl->options.cipherSuite),
1060 (uint32_t*)ssl->arrays->tsip_masterSecret,
1061 (uint8_t*)ssl->arrays->clientRandom,
1062 (uint8_t*)ssl->arrays->serverRandom,
1063 &key_client_mac,
1064 &key_server_mac,
1065 &key_client_aes,
1066 &key_server_aes,
1067 NULL, NULL);
1068 #endif
1069 if (ret != TSIP_SUCCESS) {
1070 WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed");
1071 }
1072 else {
1073 /* succeeded creating session keys */
1074 /* alloc aes instance for both enc and dec */
1075 enc = &ssl->encrypt;
1076 dec = &ssl->decrypt;
1077
1078 if (enc) {
1079 if (enc->aes == NULL) {
1080 enc->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap,
1081 DYNAMIC_TYPE_CIPHER);
1082 if (enc->aes == NULL)
1083 return MEMORY_E;
1084 }
1085
1086 XMEMSET(enc->aes, 0, sizeof(Aes));
1087 }
1088 if (dec) {
1089 if (dec->aes == NULL) {
1090 dec->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap,
1091 DYNAMIC_TYPE_CIPHER);
1092 if (dec->aes == NULL) {
1093 if (enc) {
1094 XFREE(enc->aes, NULL, DYNAMIC_TYPE_CIPHER);
1095 }
1096 return MEMORY_E;
1097 }
1098 }
1099
1100 XMEMSET(dec->aes, 0, sizeof(Aes));
1101 }
1102
1103 /* copy key index into aes */
1104 if (ssl->options.side == PROVISION_CLIENT) {
1105 XMEMCPY(&enc->aes->ctx.tsip_keyIdx, &key_client_aes,
1106 sizeof(key_client_aes));
1107 XMEMCPY(&dec->aes->ctx.tsip_keyIdx, &key_server_aes,
1108 sizeof(key_server_aes));
1109 }
1110 else {
1111 XMEMCPY(&enc->aes->ctx.tsip_keyIdx, &key_server_aes,
1112 sizeof(key_server_aes));
1113 XMEMCPY(&dec->aes->ctx.tsip_keyIdx, &key_client_aes,
1114 sizeof(key_client_aes));
1115 }
1116
1117 /* copy hac key index into keys */
1118 ssl->keys.tsip_client_write_MAC_secret = key_client_mac;
1119 ssl->keys.tsip_server_write_MAC_secret = key_server_mac;
1120
1121 /* set up key size and marked ready */
1122 if (enc){
1123 enc->aes->ctx.keySize = ssl->specs.key_size;
1124 enc->aes->ctx.setup = 1;
1125 /* ready for use */
1126 enc->setup = 1;
1127 }
1128 /* set up key size and marked ready */
1129 if (dec) {
1130 dec->aes->ctx.keySize = ssl->specs.key_size;
1131 dec->aes->ctx.setup = 1;
1132 /* ready for use */
1133 dec->setup = 1;
1134 }
1135
1136 if (ctx->tsip_cipher ==
1137 R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
1138 ctx->tsip_cipher ==
1139 R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
1140 enc->aes->nonceSz = AEAD_MAX_IMP_SZ;
1141 dec->aes->nonceSz = AEAD_MAX_IMP_SZ;
1142 }
1143
1144 enc->aes->devId = devId;
1145 dec->aes->devId = devId;
1146
1147 ctx->session_key_set = 1;
1148 }
1149 /* unlock hw */
1150 tsip_hw_unlock();
1151 }
1152 else
1153 WOLFSSL_MSG("hw lock failed");
1154
1155 WOLFSSL_LEAVE("wc_tsip_generateSessionKey", ret);
1156 return ret;
1157 }
1158
1159
1160
1161 /* generate Master secrete by TSIP */
1162 #if (WOLFSSL_RENESAS_TSIP_VER>=109)
1163
wc_tsip_generateMasterSecretEx(byte cipherSuiteFirst,byte cipherSuite,const byte * pr,const byte * cr,const byte * sr,byte * ms)1164 int wc_tsip_generateMasterSecretEx(
1165 byte cipherSuiteFirst,
1166 byte cipherSuite,
1167 const byte *pr, /* pre-master */
1168 const byte *cr, /* client random */
1169 const byte *sr, /* server random */
1170 byte *ms)
1171 {
1172 int ret;
1173
1174 WOLFSSL_ENTER("tsip_generateMasterSecretEx");
1175
1176 if ((pr == NULL) || (cr == NULL) || (sr == NULL) ||
1177 (ms == NULL))
1178 return BAD_FUNC_ARG;
1179
1180 uint32_t tsipCS = GetTsipCipherSuite(cipherSuiteFirst,cipherSuite );
1181 if (tsipCS == 0xffffffff)
1182 return BAD_FUNC_ARG;
1183
1184 if ((ret = tsip_hw_lock()) == 0) {
1185 ret = R_TSIP_TlsGenerateMasterSecret(
1186 tsipCS,
1187 (uint32_t*)pr,
1188 (uint8_t*)cr, (uint8_t*)sr, (uint32_t*)ms);
1189 if (ret != TSIP_SUCCESS) {
1190 WOLFSSL_MSG("R_TSIP_TlsGenerateMasterSecret failed");
1191 }
1192 /* unlock hw */
1193 tsip_hw_unlock();
1194 }
1195 else {
1196 WOLFSSL_MSG(" hw lock failed ");
1197 }
1198 WOLFSSL_LEAVE("tsip_generateMasterSecretEx", ret);
1199 return ret;
1200 }
1201
1202 #else /* WOLFSSL_RENESAS_TSIP_VER < 109 */
1203
wc_tsip_generateMasterSecret(const byte * pr,const byte * cr,const byte * sr,byte * ms)1204 int wc_tsip_generateMasterSecret(
1205 const byte* pr, /* pre-master */
1206 const byte* cr, /* client random */
1207 const byte* sr, /* server random */
1208 byte* ms)
1209 {
1210 int ret;
1211 WOLFSSL_ENTER("tsip_generateMasterSecret");
1212 if ((pr == NULL) || (cr == NULL) || (sr == NULL) ||
1213 (ms == NULL))
1214 return BAD_FUNC_ARG;
1215
1216 if ((ret = tsip_hw_lock()) == 0) {
1217 ret = R_TSIP_TlsGenerateMasterSecret(
1218 (uint32_t*)pr,
1219 (uint8_t*)cr,
1220 (uint8_t*)sr,
1221 (uint32_t*)ms);
1222
1223 if (ret != TSIP_SUCCESS) {
1224 WOLFSSL_MSG("R_TSIP_TlsGenerateMasterSecret failed");
1225 }
1226 /* unlock hw */
1227 tsip_hw_unlock();
1228 }
1229 else {
1230 WOLFSSL_MSG(" hw lock failed ");
1231 }
1232 WOLFSSL_LEAVE("tsip_generateMasterSecret", ret);
1233 return ret;
1234 }
1235 #endif /* WOLFSSL_RENESAS_TSIP_VER */
1236
1237 /* store elements for session key generation into ssl->keys.
1238 * return 0 on success, negative value on failure
1239 */
wc_tsip_storeKeyCtx(struct WOLFSSL * ssl,TsipUserCtx * userCtx)1240 int wc_tsip_storeKeyCtx(struct WOLFSSL* ssl, TsipUserCtx* userCtx)
1241 {
1242 int ret = 0;
1243
1244 WOLFSSL_ENTER("tsip_storeKeyCtx");
1245
1246 if (ssl == NULL || userCtx == NULL)
1247 ret = BAD_FUNC_ARG;
1248
1249 if (ret == 0) {
1250 XMEMCPY(userCtx->tsip_masterSecret, ssl->arrays->tsip_masterSecret,
1251 TSIP_TLS_MASTERSECRET_SIZE);
1252 XMEMCPY(userCtx->tsip_clientRandom, ssl->arrays->clientRandom,
1253 TSIP_TLS_CLIENTRANDOM_SZ);
1254 XMEMCPY(userCtx->tsip_serverRandom, ssl->arrays->serverRandom,
1255 TSIP_TLS_SERVERRANDOM_SZ);
1256 userCtx->tsip_cipher = GetTsipCipherSuite(ssl->options.cipherSuite0,
1257 ssl->options.cipherSuite);
1258 }
1259
1260 WOLFSSL_LEAVE("tsip_storeKeyCtx", ret);
1261 return ret;
1262 }
1263
1264 /* generate pre-Master secrete by TSIP */
wc_tsip_generatePremasterSecret(byte * premaster,word32 preSz)1265 int wc_tsip_generatePremasterSecret(byte *premaster, word32 preSz )
1266 {
1267 WOLFSSL_ENTER("tsip_generatePremasterSecret");
1268 int ret;
1269
1270 if (premaster == NULL)
1271 return BAD_FUNC_ARG;
1272
1273 if ((ret = tsip_hw_lock()) == 0 && preSz >=
1274 (R_TSIP_TLS_MASTER_SECRET_WORD_SIZE*4)) {
1275 /* generate pre-master, 80 bytes */
1276 ret = R_TSIP_TlsGeneratePreMasterSecret( (uint32_t*)premaster );
1277 if (ret != TSIP_SUCCESS) {
1278 WOLFSSL_MSG(" R_TSIP_TlsGeneratePreMasterSecret failed");
1279 }
1280
1281 /* unlock hw */
1282 tsip_hw_unlock();
1283 }
1284 else {
1285 WOLFSSL_MSG(" hw lock failed or preSz is smaller than 80");
1286 }
1287 WOLFSSL_LEAVE("tsip_generatePremasterSecret", ret);
1288 return ret;
1289 }
1290
1291 /*
1292 * generate encrypted pre-Master secrete by TSIP
1293 */
wc_tsip_generateEncryptPreMasterSecret(WOLFSSL * ssl,byte * out,word32 * outSz)1294 int wc_tsip_generateEncryptPreMasterSecret(
1295 WOLFSSL* ssl,
1296 byte* out,
1297 word32* outSz)
1298 {
1299 int ret;
1300
1301 WOLFSSL_ENTER("tsip_generateEncryptPreMasterSecret");
1302
1303 if ((ssl == NULL) || (out == NULL) || (outSz == NULL))
1304 return BAD_FUNC_ARG;
1305
1306 if ((ret = tsip_hw_lock()) == 0) {
1307 if (*outSz >= 256)
1308
1309 #if (WOLFSSL_RENESAS_TSIP_VER>=109)
1310
1311 ret = R_TSIP_TlsEncryptPreMasterSecretWithRsa2048PublicKey(
1312 (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
1313 (uint32_t*)ssl->arrays->preMasterSecret,
1314 (uint8_t*)out);
1315
1316 #else
1317
1318 ret = R_TSIP_TlsEncryptPreMasterSecret(
1319 (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
1320 (uint32_t*)ssl->arrays->preMasterSecret,
1321 (uint8_t*)out);
1322
1323 #endif
1324 else
1325 ret = -1;
1326
1327 if (ret != TSIP_SUCCESS) {
1328 WOLFSSL_MSG(" R_TSIP_TlsEncryptPreMasterSecret failed");
1329 }
1330 else {
1331 *outSz = 256; /* TSIP can only handles 2048 RSA */
1332 void* ctx = wolfSSL_GetRsaVerifyCtx(ssl);
1333 wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx,
1334 Renesas_cmn_genMasterSecret);
1335 wolfSSL_SetGenMasterSecretCtx(ssl, ctx);
1336 }
1337
1338 tsip_hw_unlock();
1339
1340 }
1341 else {
1342 WOLFSSL_MSG(" hw lock failed ");
1343 }
1344 WOLFSSL_LEAVE("tsip_generateEncryptPreMasterSecret", ret);
1345 return ret;
1346 }
1347
1348
1349 /* Certificate verification by TSIP */
wc_tsip_tls_CertVerify(const uint8_t * cert,uint32_t certSz,const uint8_t * signature,uint32_t sigSz,uint32_t key_n_start,uint32_t key_n_len,uint32_t key_e_start,uint32_t key_e_len,uint8_t * tsip_encRsaKeyIndex)1350 int wc_tsip_tls_CertVerify(
1351 const uint8_t* cert, uint32_t certSz,
1352 const uint8_t* signature, uint32_t sigSz,
1353 uint32_t key_n_start, uint32_t key_n_len,
1354 uint32_t key_e_start, uint32_t key_e_len,
1355 uint8_t* tsip_encRsaKeyIndex)
1356 {
1357 int ret;
1358 uint8_t *sigforSCE;
1359 uint8_t *pSig;
1360 const byte rs_size = 0x20;
1361 byte offset = 0x3;
1362
1363 WOLFSSL_ENTER("wc_tsip_tls_CertVerify");
1364
1365 if (cert == NULL)
1366 return BAD_FUNC_ARG;
1367
1368 if (!signature) {
1369 WOLFSSL_MSG(" signature for ca verification is not set");
1370 return -1;
1371 }
1372 if (!tsip_encRsaKeyIndex) {
1373 WOLFSSL_MSG(" tsip_encRsaKeyIndex is NULL.");
1374 return -1;
1375 }
1376
1377 /* Public key type: Prime256r1 */
1378 if (g_user_key_info.encrypted_user_tls_key_type ==
1379 R_TSIP_TLS_PUBLIC_KEY_TYPE_ECDSA_P256) {
1380
1381 if ((sigforSCE = (uint8_t*)XMALLOC(R_TSIP_ECDSA_DATA_BYTE_SIZE,
1382 NULL, DYNAMIC_TYPE_ECC)) == NULL) {
1383 WOLFSSL_MSG("failed to malloc memory");
1384 return MEMORY_E;
1385 }
1386 /* initialization */
1387 XMEMCPY(sigforSCE, 0, R_TSIP_ECDSA_DATA_BYTE_SIZE);
1388
1389 if (signature[offset] == 0x20) {
1390 XMEMCPY(sigforSCE, &signature[offset+1], rs_size);
1391
1392 offset = 0x25;
1393 if (signature[offset] == 0x20) {
1394 XMEMCPY(&sigforSCE[rs_size], &signature[offset+1], rs_size);
1395 }
1396 else {
1397 XMEMCPY(&sigforSCE[rs_size], &signature[offset+2], rs_size);
1398 }
1399 }
1400 else {
1401 XMEMCPY(sigforSCE, &signature[offset+2], rs_size);
1402 offset = 0x26;
1403
1404 if (signature[offset] == rs_size) {
1405 XMEMCPY(&sigforSCE[rs_size], &signature[offset+1], rs_size);
1406 }
1407 else {
1408 XMEMCPY(&sigforSCE[rs_size], &signature[offset+2], rs_size);
1409 }
1410 }
1411 pSig = sigforSCE;
1412 }
1413 /* Public key type: RSA 2048bit */
1414 else {
1415 pSig = (uint8_t*)signature;
1416 }
1417
1418 if ((ret = tsip_hw_lock()) == 0) {
1419
1420 #if (WOLFSSL_RENESAS_TSIP_VER>=109)
1421
1422 ret = R_TSIP_TlsCertificateVerification(
1423 g_user_key_info.encrypted_user_tls_key_type,
1424 (uint32_t*)g_encrypted_publicCA_key,/* encrypted public key */
1425 (uint8_t*)cert, /* certificate der */
1426 certSz, /* length of der */
1427 (uint8_t*)pSig, /* sign data by RSA PSS */
1428 key_n_start, /* start position of public key n in bytes */
1429 (key_n_start + key_n_len), /* length of the public key n */
1430 key_e_start, /* start pos, key e in bytes */
1431 (key_e_start + key_e_len), /* length of the public key e */
1432 (uint32_t*)tsip_encRsaKeyIndex /* returned encrypted key */
1433 );
1434
1435 #elif (WOLFSSL_RENESAS_TSIP_VER>=106)
1436
1437 ret = R_TSIP_TlsCertificateVerification(
1438 (uint32_t*)g_encrypted_publicCA_key,/* encrypted public key */
1439 (uint8_t*)cert, /* certificate der */
1440 certSz, /* length of der */
1441 (uint8_t*)pSig, /* sign data by RSA PSS */
1442 key_n_start, /* start position of public key n in bytes */
1443 (key_n_start + key_n_len), /* length of the public key n */
1444 key_e_start, /* start pos, key e in bytes */
1445 (key_e_start + key_e_len), /* length of the public key e */
1446 (uint32_t*)tsip_encRsaKeyIndex /* returned encrypted key */
1447 );
1448 #endif
1449
1450 if (ret != TSIP_SUCCESS) {
1451 WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification() failed");
1452 }
1453 if (sigforSCE) {
1454 XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC);
1455 }
1456 tsip_hw_unlock();
1457 }
1458 else {
1459 WOLFSSL_MSG(" hw lock failed ");
1460 }
1461 WOLFSSL_LEAVE("wc_tsip_tls_CertVerify", ret);
1462 return ret;
1463 }
1464 /* Root Certificate verification */
wc_tsip_tls_RootCertVerify(const byte * cert,word32 cert_len,word32 key_n_start,word32 key_n_len,word32 key_e_start,word32 key_e_len,word32 cm_row)1465 int wc_tsip_tls_RootCertVerify(
1466 const byte* cert, word32 cert_len,
1467 word32 key_n_start, word32 key_n_len,
1468 word32 key_e_start, word32 key_e_len,
1469 word32 cm_row)
1470 {
1471 int ret;
1472 /* call to generate encrypted public key for certificate verification */
1473 uint8_t *signature = (uint8_t*)ca_cert_sig;
1474
1475 WOLFSSL_ENTER("wc_tsip_tls_RootCertVerify");
1476
1477 if (cert == NULL)
1478 return BAD_FUNC_ARG;
1479
1480 if (!signature) {
1481 WOLFSSL_MSG(" signature for ca verification is not set");
1482 return -1;
1483 }
1484
1485 if ((ret = tsip_hw_lock()) == 0) {
1486
1487 #if (WOLFSSL_RENESAS_TSIP_VER>=109)
1488
1489 ret = R_TSIP_TlsRootCertificateVerification(
1490 g_user_key_info.encrypted_user_tls_key_type,
1491 (uint8_t*)cert, /* CA cert */
1492 (uint32_t)cert_len, /* length of CA cert */
1493 key_n_start, /* Byte position of public key */
1494 (key_n_start + key_n_len),
1495 key_e_start,
1496 (key_e_start + key_e_len),
1497 (uint8_t*)ca_cert_sig, /* "RSA 2048 PSS with SHA256" */
1498 g_encrypted_publicCA_key); /* RSA-2048 public key 560 bytes */
1499
1500 #else /* WOLFSSL_RENESAS_TSIP_VER < 109 */
1501
1502 ret = R_TSIP_TlsRootCertificateVerification(
1503 (uint8_t*)cert,/* CA cert */
1504 (uint32_t)cert_len,/* length of CA cert */
1505 key_n_start, /* Byte position of public key */
1506 (key_n_start + key_n_len),
1507 key_e_start,
1508 (key_e_start + key_e_len),
1509 (uint8_t*)ca_cert_sig,/* "RSA 2048 PSS with SHA256" */
1510 /* RSA-2048 public key used by
1511 RSA-2048 PSS with SHA256. 560 Bytes*/
1512 g_encrypted_publicCA_key );
1513
1514 #endif
1515
1516 if (ret != TSIP_SUCCESS) {
1517 WOLFSSL_MSG(" R_TSIP_TlsRootCertificateVerification() failed");
1518 }
1519 else {
1520 g_CAscm_Idx = cm_row;
1521 }
1522
1523 tsip_hw_unlock();
1524 }
1525 else {
1526 WOLFSSL_MSG(" hw lock failed ");
1527 }
1528 WOLFSSL_LEAVE("wc_tsip_tls_RootCertVerify", ret);
1529 return ret;
1530 }
1531 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
1532
1533 #ifdef WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG
1534
1535 /* err
1536 * e_tsip_err
1537 TSIP_SUCCESS = 0,
1538 TSIP_ERR_SELF_CHECK1, // Self-check 1 fail or TSIP function internal err.
1539 TSIP_ERR_RESOURCE_CONFLICT, // A resource conflict occurred.
1540 TSIP_ERR_SELF_CHECK2, // Self-check 2 fail.
1541 TSIP_ERR_KEY_SET, // setting the invalid key.
1542 TSIP_ERR_AUTHENTICATION, // Authentication failed.
1543 TSIP_ERR_CALLBACK_UNREGIST, // Callback function is not registered.
1544 TSIP_ERR_PARAMETER, // Illegal Input data.
1545 TSIP_ERR_PROHIBIT_FUNCTION, // An invalid function call occurred.
1546 * TSIP_RESUME_FIRMWARE_GENERATE_MAC,
1547 // There is a continuation of R_TSIP_GenerateFirmwareMAC.
1548 */
1549
hexdump(const uint8_t * in,uint32_t len)1550 static void hexdump(const uint8_t* in, uint32_t len)
1551 {
1552 uint32_t i;
1553
1554 if (in == NULL)
1555 return;
1556
1557 for (i = 0; i <= len;i++, in++){
1558 printf("%02x:", *in);
1559 if (((i+1)%16)==0){
1560 printf("\n");
1561 }
1562 }
1563 printf("\n");
1564 }
1565
ret2err(word32 ret)1566 byte *ret2err(word32 ret)
1567 {
1568 switch(ret){
1569 case TSIP_SUCCESS: return "success";
1570 case TSIP_ERR_SELF_CHECK1: return "selfcheck1";
1571 case TSIP_ERR_RESOURCE_CONFLICT: return "rsconflict";
1572 case TSIP_ERR_SELF_CHECK2: return "selfcheck2";
1573 case TSIP_ERR_KEY_SET: return "keyset";
1574 case TSIP_ERR_AUTHENTICATION: return "authentication";
1575 case TSIP_ERR_CALLBACK_UNREGIST: return "callback unreg";
1576 case TSIP_ERR_PARAMETER: return "badarg";
1577 case TSIP_ERR_PROHIBIT_FUNCTION: return "prohibitfunc";
1578 case TSIP_RESUME_FIRMWARE_GENERATE_MAC: return "conti-generate-mac";
1579 default:return "unknown";
1580 }
1581 }
1582
1583 #endif /* WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG */
1584 #endif /* WOLFSSL_RENESAS_TSIP */
1585