Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement TSIP RSA Public Enc/Private Dec #8122

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
+236 −50
Open

Implement TSIP RSA Public Enc/Private Dec #8122

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
32c1f8b
implement TSIP RSA Public Enc/Private Dec
miyazakh Oct 27, 2024
b07a372
Fix spaces and tabs
miyazakh Oct 29, 2024
b409967
fix spaces
miyazakh Oct 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,12 +240,17 @@
#if defined(WOLFSSL_RENESAS_TSIP)
/*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/
/* Enable TSIP TLS (default)
* TSIP CRYPTONLY is also enabled.
* TSIP CRYPT is also enabled.
* Disable TSIP TLS
* TSIP CRYPT is also disabled
* TSIP CRYPTONLY is only enabled.
*/
#define WOLFSSL_RENESAS_TSIP_TLS

/* #define WOLFSSL_RENESAS_TSIP_CRYPTONLY */
/* #define WOLFSSL_KEY_GEN */
/* #define RSA_MIN_SIZE 1024 */

#if !defined(NO_RENESAS_TSIP_CRYPT)
#define HAVE_PK_CALLBACKS
#define WOLF_CRYPTO_CB
Expand All @@ -267,13 +272,13 @@
* directly. Comment out the macro will generate random number by
* wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
*-----------------------------------------------------------------------*/
#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
#else
#define OPENSSL_EXTRA
#define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
#if !defined(min)
#define min(data1, data2) _builtin_min(data1, data2)
#endif
#if !defined(min)
#define min(data1, data2) _builtin_min(data1, data2)
#endif
#endif


Expand Down
98 changes: 98 additions & 0 deletions IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -711,6 +711,88 @@ static void tskSha256_Test(void *pvParam)
#define TEST_STRING_SZ 25
#define RSA_TEST_BYTES 256 /* up to 2048-bit key */

static int tsip_rsa_test(int prnt, int keySize)
{
int ret = 0;

RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WC_RNG rng;
const char inStr [] = TEST_STRING;
const char inStr2[] = TEST_STRING2;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
word32 out_actual_len = 0;
byte *in = NULL;
byte *in2 = NULL;
byte *out= NULL;
byte *out2 = NULL;

in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);

if (key == NULL || in == NULL || out == NULL ||
in2 == NULL || out2 == NULL) {
ret = -1;
goto out;
}

XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(key, 0, sizeof *key);
XMEMCPY(in, inStr, inLen);
XMEMCPY(in2, inStr2, inLen);
XMEMSET(out, 0, outSz);
XMEMSET(out2, 0, outSz);

ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
if (ret != 0) {
goto out;
}

if ((ret = wc_InitRng(&rng)) != 0)
goto out;

if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
goto out;

/* Set Rsa Key created by TSIP in Advance */
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
goto out;
}

ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
if (ret < 0) {
goto out;
}

ret = wc_RsaPrivateDecrypt(out, (word32)(keySize/8), out2, outSz, key);
if (ret < 0) {
ret = -1;
goto out;
}

if (XMEMCMP(in, out2, inLen) != 0) {
ret = -2;
goto out;
}

ret = 0;
out:
if (key != NULL) {
wc_FreeRsaKey(key);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);

(void) prnt;
return ret;
}


static int tsip_rsa_SignVerify_test(int prnt, int keySize)
{
int ret = 0;
Expand Down Expand Up @@ -1155,6 +1237,22 @@ int tsip_crypt_test()
ret = 0;
}

#if RSA_MIN_SIZE <= 1024
if (ret == 0) {
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
printf(" tsip_rsa_test(1024)");
ret = tsip_rsa_test(1, 1024);
RESULT_STR(ret)
}
#endif
if (ret == 0) {
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
printf(" tsip_rsa_test(2048)");
ret = tsip_rsa_test(1, 2048);
RESULT_STR(ret)
}


if (ret == 0) {
printf(" tsip_rsa_SignVerify_test(1024)");

Expand Down
29 changes: 18 additions & 11 deletions wolfcrypt/src/port/Renesas/renesas_common.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,27 +251,34 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}

if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA)
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
}
} else
#endif

/* RSA Signing
* Can handle only RSA PkCS#1v1.5 padding scheme here.
*/
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
if (info->pk.type == WC_PK_TYPE_RSA &&
(info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
info->pk.rsa.type == RSA_PUBLIC_ENCRYPT)) {
/* rsa public encrypt/private decrypt */
ret = wc_tsip_RsaFunction(info, cbInfo);
} else
#endif
if (info->pk.type == WC_PK_TYPE_RSA &&
info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
/* RSA Signing
* Can handle only RSA PkCS#1v1.5 padding scheme here.
*/
ret = tsip_SignRsaPkcs(info, cbInfo);
}
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
/* RSA Verify */
if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
else if (info->pk.type == WC_PK_TYPE_RSA &&
info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
}
#endif
#endif /* !NO_RSA */
#endif

#if defined(HAVE_ECC)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
Expand Down
144 changes: 110 additions & 34 deletions wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,7 @@
#include <wolfssl/wolfcrypt/settings.h>

#if !defined(NO_RSA) && \
(defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)

#include <string.h>
#include <stdio.h>
Expand Down Expand Up @@ -121,6 +120,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)

info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
}
else if (size == 2048) {
XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
Expand Down Expand Up @@ -158,6 +158,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)

info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
}
}

Expand All @@ -167,42 +168,14 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)

return 0;
}


/* Perform Rsa verify by TSIP
* Assumes to be called by Crypt Callback
/* Generate TSIP key index if needed
*
* in Buffer to hold plaintext
* inLen Length of plaintext in bytes
* out Buffer to hold generated signature
* outLen Length of signature in bytes
* key rsa key object
* ctx The callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
* tuc struct pointer of TsipUserCtx
* return FSP_SUCCESS(0) on Success, otherwise CRYPTOCB_UNAVAILABLE
*/

WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
static int tsip_RsakeyImport(TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData;
uint8_t tsip_hash_type;

/* sanity check */
if (info == NULL || tuc == NULL){
return BAD_FUNC_ARG;
}

if (ret == 0) {
if (tuc->sign_hash_type == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
else if (tuc->sign_hash_type == sha_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
else if (tuc->sign_hash_type == sha256_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
else
ret = CRYPTOCB_UNAVAILABLE;
}

switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024:
Expand Down Expand Up @@ -230,7 +203,110 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
break;
}

return ret;
}

/* Perform rsa encryption/decryption by TSIP
* Assumes to be called by Crypt Callback
*
* info struct pointer of wc_CryptoInfo including necessary info
* tuc struct pointer of TsipUserCtx including TSIP key info
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret;
int keySize;
int type;
tsip_rsa_byte_data_t plain, cipher;


if (info == NULL || tuc == NULL) {
return BAD_FUNC_ARG;
}

if(tsip_RsakeyImport(tuc) == 0) {
type = info->pk.rsa.type;
keySize = (int)tuc->wrappedKeyType;

if ((ret = tsip_hw_lock()) == 0) {
if (type == RSA_PUBLIC_ENCRYPT) {
plain.pdata = (uint8_t*)info->pk.rsa.in;
plain.data_length = info->pk.rsa.inLen;
cipher.pdata = (uint8_t*)info->pk.rsa.out;
cipher.data_length = info->pk.rsa.outLen;

if (keySize == TSIP_KEY_TYPE_RSA1024) {
ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,
tuc->rsa1024pub_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher,
tuc->rsa2048pub_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
}
else if (type == RSA_PRIVATE_DECRYPT) {
plain.pdata = (uint8_t*)info->pk.rsa.out;
plain.data_length = info->pk.rsa.outLen;
cipher.pdata = (uint8_t*)info->pk.rsa.in;
cipher.data_length = info->pk.rsa.inLen;

if (keySize == TSIP_KEY_TYPE_RSA1024) {
ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain,
tuc->rsa1024pri_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain,
tuc->rsa2048pri_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
}
tsip_hw_unlock();
}
}
return ret;
}
/* Perform Rsa verify by TSIP
* Assumes to be called by Crypt Callback
*
* info struct pointer of wc_CryptoInfo including necessary info
* tuc struct pointer of TsipUserCtx including TSIP key info
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/

WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData;
uint8_t tsip_hash_type;

/* sanity check */
if (info == NULL || tuc == NULL){
return BAD_FUNC_ARG;
}

if (ret == 0) {
if (tuc->sign_hash_type == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
else if (tuc->sign_hash_type == sha_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
else if (tuc->sign_hash_type == sha256_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
else
ret = CRYPTOCB_UNAVAILABLE;
}

if (tsip_RsakeyImport(tuc) == 0) {
hashData.pdata = (uint8_t*)info->pk.rsa.in;
hashData.data_length = info->pk.rsa.inLen;
hashData.data_type =
Expand Down
Loading