Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement TSIP RSA Public Enc/Private Dec #8122

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -240,11 +240,16 @@
#if defined(WOLFSSL_RENESAS_TSIP)
/*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/
/* Enable TSIP TLS (default)
* TSIP CRYPTONLY is also enabled.
* TSIP CRYPT is also enabled.
* Disable TSIP TLS
* TSIP CRYPT is also disabled
* TSIP CRYPTONLY is only enabled.
*/
#define WOLFSSL_RENESAS_TSIP_TLS

/* #define WOLFSSL_RENESAS_TSIP_CRYPTONLY */
/* #define WOLFSSL_KEY_GEN */
/* #define RSA_MIN_SIZE 1024 */

#if !defined(NO_RENESAS_TSIP_CRYPT)
#define HAVE_PK_CALLBACKS
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -711,6 +711,88 @@ static void tskSha256_Test(void *pvParam)
#define TEST_STRING_SZ 25
#define RSA_TEST_BYTES 256 /* up to 2048-bit key */

static int tsip_rsa_test(int prnt, int keySize)
{
int ret = 0;

RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WC_RNG rng;
const char inStr [] = TEST_STRING;
const char inStr2[] = TEST_STRING2;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
word32 out_actual_len = 0;
byte *in = NULL;
byte *in2 = NULL;
byte *out= NULL;
byte *out2 = NULL;

in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);

if (key == NULL || in == NULL || out == NULL ||
in2 == NULL || out2 == NULL) {
ret = -1;
goto out;
}

XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(key, 0, sizeof *key);
XMEMCPY(in, inStr, inLen);
XMEMCPY(in2, inStr2, inLen);
XMEMSET(out, 0, outSz);
XMEMSET(out2, 0, outSz);

ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
if (ret != 0) {
goto out;
}

if ((ret = wc_InitRng(&rng)) != 0)
goto out;

if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
goto out;

/* Set Rsa Key created by TSIP in Advance */
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
goto out;
}

ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
if (ret < 0) {
goto out;
}

ret = wc_RsaPrivateDecrypt(out, (word32)(keySize/8), out2, outSz, key);
if (ret < 0) {
ret = -1;
goto out;
}

if (XMEMCMP(in, out2, inLen) != 0) {
ret = -2;
goto out;
}

ret = 0;
out:
if (key != NULL) {
wc_FreeRsaKey(key);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);

(void) prnt;
return ret;
}


static int tsip_rsa_SignVerify_test(int prnt, int keySize)
{
int ret = 0;
Expand Down Expand Up @@ -1155,6 +1237,22 @@ int tsip_crypt_test()
ret = 0;
}

#if RSA_MIN_SIZE <= 1024
if (ret == 0) {
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
printf(" tsip_rsa_test(1024)");
ret = tsip_rsa_test(1, 1024);
RESULT_STR(ret)
}
#endif
if (ret == 0) {
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
printf(" tsip_rsa_test(2048)");
ret = tsip_rsa_test(1, 2048);
RESULT_STR(ret)
}


if (ret == 0) {
printf(" tsip_rsa_SignVerify_test(1024)");

Expand Down
29 changes: 18 additions & 11 deletions wolfcrypt/src/port/Renesas/renesas_common.c
Original file line number Diff line number Diff line change
Expand Up @@ -251,27 +251,34 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}

if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA)
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
}
} else
#endif

/* RSA Signing
* Can handle only RSA PkCS#1v1.5 padding scheme here.
*/
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
if (info->pk.type == WC_PK_TYPE_RSA &&
(info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
info->pk.rsa.type == RSA_PUBLIC_ENCRYPT)) {
/* rsa public encrypt/private decrypt */
ret = wc_tsip_RsaFunction(info, cbInfo);
} else
#endif
if (info->pk.type == WC_PK_TYPE_RSA &&
info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
/* RSA Signing
* Can handle only RSA PkCS#1v1.5 padding scheme here.
*/
ret = tsip_SignRsaPkcs(info, cbInfo);
}
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
/* RSA Verify */
if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
else if (info->pk.type == WC_PK_TYPE_RSA &&
info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
}
#endif
#endif /* !NO_RSA */
#endif

#if defined(HAVE_ECC)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
Expand Down
144 changes: 110 additions & 34 deletions wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,7 @@
#include <wolfssl/wolfcrypt/settings.h>

#if !defined(NO_RSA) && \
(defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)

#include <string.h>
#include <stdio.h>
Expand Down Expand Up @@ -121,6 +120,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)

info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
}
else if (size == 2048) {
XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
Expand Down Expand Up @@ -158,6 +158,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)

info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
}
}

Expand All @@ -167,42 +168,14 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)

return 0;
}


/* Perform Rsa verify by TSIP
* Assumes to be called by Crypt Callback
/* Generate TSIP key index if needed
*
* in Buffer to hold plaintext
* inLen Length of plaintext in bytes
* out Buffer to hold generated signature
* outLen Length of signature in bytes
* key rsa key object
* ctx The callback context
* return FSP_SUCCESS(0) on Success, otherwise negative value
* tuc struct pointer of TsipUserCtx
* return FSP_SUCCESS(0) on Success, otherwise CRYPTOCB_UNAVAILABLE
*/

WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
static int tsip_RsakeyImport(TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData;
uint8_t tsip_hash_type;

/* sanity check */
if (info == NULL || tuc == NULL){
return BAD_FUNC_ARG;
}

if (ret == 0) {
if (tuc->sign_hash_type == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
else if (tuc->sign_hash_type == sha_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
else if (tuc->sign_hash_type == sha256_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
else
ret = CRYPTOCB_UNAVAILABLE;
}

switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024:
Expand Down Expand Up @@ -230,7 +203,110 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
break;
}

return ret;
}

/* Perform rsa encryption/decryption by TSIP
* Assumes to be called by Crypt Callback
*
* info struct pointer of wc_CryptoInfo including necessary info
* tuc struct pointer of TsipUserCtx including TSIP key info
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/
WOLFSSL_LOCAL int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret;
int keySize;
int type;
tsip_rsa_byte_data_t plain, cipher;


if (info == NULL || tuc == NULL) {
return BAD_FUNC_ARG;
}

if(tsip_RsakeyImport(tuc) == 0) {
type = info->pk.rsa.type;
keySize = (int)tuc->wrappedKeyType;

if ((ret = tsip_hw_lock()) == 0) {
if (type == RSA_PUBLIC_ENCRYPT) {
plain.pdata = (uint8_t*)info->pk.rsa.in;
plain.data_length = info->pk.rsa.inLen;
cipher.pdata = (uint8_t*)info->pk.rsa.out;
cipher.data_length = info->pk.rsa.outLen;

if (keySize == TSIP_KEY_TYPE_RSA1024) {
ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,
tuc->rsa1024pub_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher,
tuc->rsa2048pub_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
}
else if (type == RSA_PRIVATE_DECRYPT) {
plain.pdata = (uint8_t*)info->pk.rsa.out;
plain.data_length = info->pk.rsa.outLen;
cipher.pdata = (uint8_t*)info->pk.rsa.in;
cipher.data_length = info->pk.rsa.inLen;

if (keySize == TSIP_KEY_TYPE_RSA1024) {
ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain,
tuc->rsa1024pri_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain,
tuc->rsa2048pri_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
}
}
tsip_hw_unlock();
}
}
return ret;
}
/* Perform Rsa verify by TSIP
* Assumes to be called by Crypt Callback
*
* info struct pointer of wc_CryptoInfo including necessary info
* tuc struct pointer of TsipUserCtx including TSIP key info
* return FSP_SUCCESS(0) on Success, otherwise negative value
*/

WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData;
uint8_t tsip_hash_type;

/* sanity check */
if (info == NULL || tuc == NULL){
return BAD_FUNC_ARG;
}

if (ret == 0) {
if (tuc->sign_hash_type == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
else if (tuc->sign_hash_type == sha_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
else if (tuc->sign_hash_type == sha256_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
else
ret = CRYPTOCB_UNAVAILABLE;
}

if (tsip_RsakeyImport(tuc) == 0) {
hashData.pdata = (uint8_t*)info->pk.rsa.in;
hashData.data_length = info->pk.rsa.inLen;
hashData.data_type =
Expand Down
Loading