diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h index 06841e3191..7c03487e22 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h @@ -240,12 +240,17 @@ #if defined(WOLFSSL_RENESAS_TSIP) /*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/ /* Enable TSIP TLS (default) - * TSIP CRYPTONLY is also enabled. + * TSIP CRYPT is also enabled. * Disable TSIP TLS + * TSIP CRYPT is also disabled * TSIP CRYPTONLY is only enabled. */ #define WOLFSSL_RENESAS_TSIP_TLS + /* #define WOLFSSL_RENESAS_TSIP_CRYPTONLY */ + /* #define WOLFSSL_KEY_GEN */ + /* #define RSA_MIN_SIZE 1024 */ + #if !defined(NO_RENESAS_TSIP_CRYPT) #define HAVE_PK_CALLBACKS #define WOLF_CRYPTO_CB @@ -267,13 +272,13 @@ * directly. Comment out the macro will generate random number by * wolfSSL Hash DRBG by using a seed which is generated by TSIP API. *-----------------------------------------------------------------------*/ - #define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock + #define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock #else #define OPENSSL_EXTRA #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */ - #if !defined(min) - #define min(data1, data2) _builtin_min(data1, data2) - #endif + #if !defined(min) + #define min(data1, data2) _builtin_min(data1, data2) + #endif #endif diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c index 1b84878d3c..851c52caa0 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c @@ -711,6 +711,88 @@ static void tskSha256_Test(void *pvParam) #define TEST_STRING_SZ 25 #define RSA_TEST_BYTES 256 /* up to 2048-bit key */ +static int tsip_rsa_test(int prnt, int keySize) +{ + int ret = 0; + + RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WC_RNG rng; + const char inStr [] = TEST_STRING; + const char inStr2[] = TEST_STRING2; + const word32 inLen = (word32)TEST_STRING_SZ; + const word32 outSz = RSA_TEST_BYTES; + word32 out_actual_len = 0; + byte *in = NULL; + byte *in2 = NULL; + byte *out= NULL; + byte *out2 = NULL; + + in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (key == NULL || in == NULL || out == NULL || + in2 == NULL || out2 == NULL) { + ret = -1; + goto out; + } + + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(key, 0, sizeof *key); + XMEMCPY(in, inStr, inLen); + XMEMCPY(in2, inStr2, inLen); + XMEMSET(out, 0, outSz); + XMEMSET(out2, 0, outSz); + + ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/); + if (ret != 0) { + goto out; + } + + if ((ret = wc_InitRng(&rng)) != 0) + goto out; + + if ((ret = wc_RsaSetRNG(key, &rng)) != 0) + goto out; + + /* Set Rsa Key created by TSIP in Advance */ + if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) { + goto out; + } + + ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng); + if (ret < 0) { + goto out; + } + + ret = wc_RsaPrivateDecrypt(out, (word32)(keySize/8), out2, outSz, key); + if (ret < 0) { + ret = -1; + goto out; + } + + if (XMEMCMP(in, out2, inLen) != 0) { + ret = -2; + goto out; + } + + ret = 0; +out: + if (key != NULL) { + wc_FreeRsaKey(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + (void) prnt; + return ret; +} + + static int tsip_rsa_SignVerify_test(int prnt, int keySize) { int ret = 0; @@ -1155,6 +1237,22 @@ int tsip_crypt_test() ret = 0; } +#if RSA_MIN_SIZE <= 1024 + if (ret == 0) { + userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024; + printf(" tsip_rsa_test(1024)"); + ret = tsip_rsa_test(1, 1024); + RESULT_STR(ret) + } +#endif + if (ret == 0) { + userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048; + printf(" tsip_rsa_test(2048)"); + ret = tsip_rsa_test(1, 2048); + RESULT_STR(ret) + } + + if (ret == 0) { printf(" tsip_rsa_SignVerify_test(1024)"); diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 6924b31ebf..0d40f49816 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -251,27 +251,34 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } if (info->algo_type == WC_ALGO_TYPE_PK) { - #if !defined(NO_RSA) + #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #if defined(WOLFSSL_KEY_GEN) if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN && (info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) { ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); - } + } else #endif - - /* RSA Signing - * Can handle only RSA PkCS#1v1.5 padding scheme here. - */ - if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) { + if (info->pk.type == WC_PK_TYPE_RSA && + (info->pk.rsa.type == RSA_PRIVATE_DECRYPT || + info->pk.rsa.type == RSA_PUBLIC_ENCRYPT)) { + /* rsa public encrypt/private decrypt */ + ret = wc_tsip_RsaFunction(info, cbInfo); + } else + #endif + if (info->pk.type == WC_PK_TYPE_RSA && + info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) { + /* RSA Signing + * Can handle only RSA PkCS#1v1.5 padding scheme here. + */ ret = tsip_SignRsaPkcs(info, cbInfo); } - #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) /* RSA Verify */ - if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) { + else if (info->pk.type == WC_PK_TYPE_RSA && + info->pk.rsa.type == RSA_PUBLIC_DECRYPT) { ret = wc_tsip_RsaVerifyPkcs(info, cbInfo); } - #endif - #endif /* !NO_RSA */ + #endif #if defined(HAVE_ECC) #if defined(WOLFSSL_RENESAS_TSIP_TLS) diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c index 13db2dba12..77fc4b0a1a 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c @@ -22,8 +22,7 @@ #include #if !defined(NO_RSA) && \ - (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ - defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) + defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) #include #include @@ -121,6 +120,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) info->keyflgs_crypt.bits.rsapri1024_key_set = 1; info->keyflgs_crypt.bits.rsapub1024_key_set = 1; + info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024; } else if (size == 2048) { XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); @@ -158,6 +158,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) info->keyflgs_crypt.bits.rsapri2048_key_set = 1; info->keyflgs_crypt.bits.rsapub2048_key_set = 1; + info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048; } } @@ -167,42 +168,14 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx) return 0; } - - -/* Perform Rsa verify by TSIP - * Assumes to be called by Crypt Callback +/* Generate TSIP key index if needed * - * in Buffer to hold plaintext - * inLen Length of plaintext in bytes - * out Buffer to hold generated signature - * outLen Length of signature in bytes - * key rsa key object - * ctx The callback context - * return FSP_SUCCESS(0) on Success, otherwise negative value + * tuc struct pointer of TsipUserCtx + * return FSP_SUCCESS(0) on Success, otherwise CRYPTOCB_UNAVAILABLE */ - -WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) +static int tsip_RsakeyImport(TsipUserCtx* tuc) { int ret = 0; - e_tsip_err_t err = TSIP_SUCCESS; - tsip_rsa_byte_data_t hashData, sigData; - uint8_t tsip_hash_type; - - /* sanity check */ - if (info == NULL || tuc == NULL){ - return BAD_FUNC_ARG; - } - - if (ret == 0) { - if (tuc->sign_hash_type == md5_mac) - tsip_hash_type = R_TSIP_RSA_HASH_MD5; - else if (tuc->sign_hash_type == sha_mac) - tsip_hash_type = R_TSIP_RSA_HASH_SHA1; - else if (tuc->sign_hash_type == sha256_mac) - tsip_hash_type = R_TSIP_RSA_HASH_SHA256; - else - ret = CRYPTOCB_UNAVAILABLE; - } switch (tuc->wrappedKeyType) { case TSIP_KEY_TYPE_RSA1024: @@ -230,7 +203,110 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) break; } + return ret; +} + +/* Perform rsa encryption/decryption by TSIP + * Assumes to be called by Crypt Callback + * + * info struct pointer of wc_CryptoInfo including necessary info + * tuc struct pointer of TsipUserCtx including TSIP key info + * return FSP_SUCCESS(0) on Success, otherwise negative value + */ +WOLFSSL_LOCAL int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc) +{ + int ret; + int keySize; + int type; + tsip_rsa_byte_data_t plain, cipher; + + + if (info == NULL || tuc == NULL) { + return BAD_FUNC_ARG; + } + + if(tsip_RsakeyImport(tuc) == 0) { + type = info->pk.rsa.type; + keySize = (int)tuc->wrappedKeyType; + + if ((ret = tsip_hw_lock()) == 0) { + if (type == RSA_PUBLIC_ENCRYPT) { + plain.pdata = (uint8_t*)info->pk.rsa.in; + plain.data_length = info->pk.rsa.inLen; + cipher.pdata = (uint8_t*)info->pk.rsa.out; + cipher.data_length = info->pk.rsa.outLen; + + if (keySize == TSIP_KEY_TYPE_RSA1024) { + ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher, + tuc->rsa1024pub_keyIdx); + } + else if (keySize == TSIP_KEY_TYPE_RSA2048) { + ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher, + tuc->rsa2048pub_keyIdx); + } + else { + WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, " + "1024 or 2048 bits."); + return BAD_FUNC_ARG; + } + } + else if (type == RSA_PRIVATE_DECRYPT) { + plain.pdata = (uint8_t*)info->pk.rsa.out; + plain.data_length = info->pk.rsa.outLen; + cipher.pdata = (uint8_t*)info->pk.rsa.in; + cipher.data_length = info->pk.rsa.inLen; + + if (keySize == TSIP_KEY_TYPE_RSA1024) { + ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain, + tuc->rsa1024pri_keyIdx); + } + else if (keySize == TSIP_KEY_TYPE_RSA2048) { + ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain, + tuc->rsa2048pri_keyIdx); + } + else { + WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, " + "1024 or 2048 bits."); + return BAD_FUNC_ARG; + } + } + tsip_hw_unlock(); + } + } + return ret; +} +/* Perform Rsa verify by TSIP + * Assumes to be called by Crypt Callback + * + * info struct pointer of wc_CryptoInfo including necessary info + * tuc struct pointer of TsipUserCtx including TSIP key info + * return FSP_SUCCESS(0) on Success, otherwise negative value + */ + +WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) +{ + int ret = 0; + e_tsip_err_t err = TSIP_SUCCESS; + tsip_rsa_byte_data_t hashData, sigData; + uint8_t tsip_hash_type; + + /* sanity check */ + if (info == NULL || tuc == NULL){ + return BAD_FUNC_ARG; + } + if (ret == 0) { + if (tuc->sign_hash_type == md5_mac) + tsip_hash_type = R_TSIP_RSA_HASH_MD5; + else if (tuc->sign_hash_type == sha_mac) + tsip_hash_type = R_TSIP_RSA_HASH_SHA1; + else if (tuc->sign_hash_type == sha256_mac) + tsip_hash_type = R_TSIP_RSA_HASH_SHA256; + else + ret = CRYPTOCB_UNAVAILABLE; + } + + if (tsip_RsakeyImport(tuc) == 0) { hashData.pdata = (uint8_t*)info->pk.rsa.in; hashData.data_length = info->pk.rsa.inLen; hashData.data_type =