Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes for Renesas RX TSIP #8595

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fixes for Renesas RX TSIP #8595

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .wolfssl_known_macro_extras
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -484,6 +484,8 @@ THREADED_SNIFFTEST
TIME_T_NOT_LONG
TI_DUMMY_BUILD
TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
TSIP_RSAES_1024
TSIP_RSAES_2048
UNICODE
USER_CA_CB
USER_CUSTOM_SNIFFX
Expand Down
3 changes: 2 additions & 1 deletion wolfcrypt/src/asn.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25451,7 +25451,8 @@ int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
#endif /* !NO_CERTS */

#if defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS12) || \
(defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT))
(defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)) || \
(!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
int SetMyVersion(word32 version, byte* output, int header)
{
int i = 0;
Expand Down
28 changes: 28 additions & 0 deletions wolfcrypt/src/port/Renesas/renesas_common.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,34 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
if (ret == 0) {
TsipUserCtx* tsipCtx = (TsipUserCtx*)ctx;
RsaKey* key = info->pk.rsakg.key;
if (info->pk.rsakg.size == 1024) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
/* export generated public key to the RsaKey structure */
ret = wc_RsaPublicKeyDecodeRaw(
tsipCtx->rsa1024pub_keyIdx->value.key_n,
R_TSIP_RSA_1024_KEY_N_LENGTH_BYTE_SIZE,
tsipCtx->rsa1024pub_keyIdx->value.key_e,
R_TSIP_RSA_1024_KEY_E_LENGTH_BYTE_SIZE,
key
);
#endif
}
if (info->pk.rsakg.size == 2048) {
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
/* export generated public key to the RsaKey structure */
ret = wc_RsaPublicKeyDecodeRaw(
tsipCtx->rsa2048pub_keyIdx->value.key_n,
R_TSIP_RSA_2048_KEY_N_LENGTH_BYTE_SIZE,
tsipCtx->rsa2048pub_keyIdx->value.key_e,
R_TSIP_RSA_2048_KEY_E_LENGTH_BYTE_SIZE,
key
);
#endif
}
}
}
#endif
/* tsip only supports PKCSV15 padding scheme */
Expand Down
148 changes: 100 additions & 48 deletions wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* renesas_sce_rsa.c
/* renesas_tsip_rsa.c
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
Expand Down Expand Up @@ -38,7 +38,13 @@
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>

#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
/* Make sure at least RSA 1024 or RSA 2048 is enabled */
#if (defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 0) && \
(defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 0)
#error Please enable TSIP RSA 1024 or 2048. \
This code assumes at least one is enabled
#endif

/* Make RSA key for TSIP and set it to callback ctx
* Assumes to be called by Crypt Callback
*
Expand All @@ -50,63 +56,84 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
{
e_tsip_err_t ret;
TsipUserCtx *info = (TsipUserCtx*)ctx;

#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
tsip_rsa1024_key_pair_index_t *tsip_pair1024_key = NULL;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
tsip_rsa2048_key_pair_index_t *tsip_pair2048_key = NULL;
#endif

/* sanity check */
if (ctx == NULL)
return BAD_FUNC_ARG;


if (size != 1024 && size != 2048) {
WOLFSSL_MSG("Failed to generate key pair by TSIP");
WOLFSSL_MSG("TSIP RSA KeyGen bit size not supported");
return CRYPTOCB_UNAVAILABLE;
}
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 0
if (size == 1024)
return CRYPTOCB_UNAVAILABLE;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 0
if (size == 2048)
return CRYPTOCB_UNAVAILABLE;
#endif

if ((ret = tsip_hw_lock()) == 0) {
if (size == 1024) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
tsip_pair1024_key =
(tsip_rsa1024_key_pair_index_t*)XMALLOC(
sizeof(tsip_rsa1024_key_pair_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tsip_pair1024_key == NULL)
(tsip_rsa1024_key_pair_index_t*)XMALLOC(
sizeof(tsip_rsa1024_key_pair_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tsip_pair1024_key == NULL) {
tsip_hw_unlock();
return MEMORY_E;

}
ret = R_TSIP_GenerateRsa1024RandomKeyIndex(tsip_pair1024_key);
#endif
}
else if (size == 2048) {
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
tsip_pair2048_key =
(tsip_rsa2048_key_pair_index_t*)XMALLOC(
sizeof(tsip_rsa2048_key_pair_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tsip_pair2048_key == NULL)
(tsip_rsa2048_key_pair_index_t*)XMALLOC(
sizeof(tsip_rsa2048_key_pair_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tsip_pair2048_key == NULL) {
tsip_hw_unlock();
return MEMORY_E;

}
ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key);
#endif
}

if (ret == TSIP_SUCCESS) {
if (size == 1024) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);

info->rsa1024pri_keyIdx =
(tsip_rsa1024_private_key_index_t*)XMALLOC(
sizeof(tsip_rsa1024_private_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
(tsip_rsa1024_private_key_index_t*)XMALLOC(
sizeof(tsip_rsa1024_private_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);

if (info->rsa1024pri_keyIdx == NULL) {
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
tsip_hw_unlock();
return MEMORY_E;
}

info->rsa1024pub_keyIdx =
(tsip_rsa1024_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa1024_public_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
(tsip_rsa1024_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa1024_public_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);

if (info->rsa1024pub_keyIdx == NULL) {
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
tsip_hw_unlock();
return MEMORY_E;
}
/* copy generated key pair and free malloced key */
Expand All @@ -121,17 +148,21 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
#endif
}
else if (size == 2048) {
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);

info->rsa2048pri_keyIdx =
(tsip_rsa2048_private_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_private_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
(tsip_rsa2048_private_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_private_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);

if (info->rsa2048pri_keyIdx == NULL) {
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
tsip_hw_unlock();
return MEMORY_E;
}

Expand All @@ -144,6 +175,7 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa2048pri_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
tsip_hw_unlock();
return MEMORY_E;
}

Expand All @@ -159,15 +191,15 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
#endif
}
}

tsip_hw_unlock();
}


return 0;
}

/* Generate TSIP key index if needed
*
* tuc struct pointer of TsipUserCtx
Expand All @@ -178,6 +210,7 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc)
int ret = 0;

switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
Expand All @@ -188,6 +221,8 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc)

}
break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
Expand All @@ -197,6 +232,7 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc)
ret = CRYPTOCB_UNAVAILABLE;
}
break;
#endif
default:
WOLFSSL_MSG("wrapped private key is not supported");
ret = CRYPTOCB_UNAVAILABLE;
Expand All @@ -220,7 +256,6 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
int type;
tsip_rsa_byte_data_t plain, cipher;


if (info == NULL || tuc == NULL) {
return BAD_FUNC_ARG;
}
Expand All @@ -230,48 +265,57 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
keySize = (int)tuc->wrappedKeyType;

if ((ret = tsip_hw_lock()) == 0) {
if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) {
if (type == RSA_PUBLIC_ENCRYPT ||
type == RSA_PUBLIC_DECRYPT)
{
plain.pdata = (uint8_t*)info->pk.rsa.in;
plain.data_length = info->pk.rsa.inLen;
cipher.pdata = (uint8_t*)info->pk.rsa.out;
cipher.data_length = *(info->pk.rsa.outLen);

if (keySize == TSIP_KEY_TYPE_RSA1024) {
switch (keySize) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,
tuc->rsa1024pub_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher,
tuc->rsa2048pub_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
break;
#endif
default:
ret = CRYPTOCB_UNAVAILABLE;
}
if (ret == 0) {
*(info->pk.rsa.outLen) = cipher.data_length;
}
}
else if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT)
else if (type == RSA_PRIVATE_DECRYPT ||
type == RSA_PRIVATE_ENCRYPT)
{
plain.pdata = (uint8_t*)info->pk.rsa.out;
plain.data_length = *(info->pk.rsa.outLen);
cipher.pdata = (uint8_t*)info->pk.rsa.in;
cipher.data_length = info->pk.rsa.inLen;

if (keySize == TSIP_KEY_TYPE_RSA1024) {
switch (keySize) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain,
tuc->rsa1024pri_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain,
tuc->rsa2048pri_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
break;
#endif
default:
ret = CRYPTOCB_UNAVAILABLE;
}
if (ret == 0) {
*(info->pk.rsa.outLen) = plain.data_length;
Expand All @@ -280,6 +324,10 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
tsip_hw_unlock();
}
}

if (ret != 0) {
WOLFSSL_MSG("RSA key size is not supported (only 1024 or 2048 bits)");
}
return ret;
}
/* Perform Rsa verify by TSIP
Expand Down Expand Up @@ -324,6 +372,7 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)

if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
err = R_TSIP_RsassaPkcs1024SignatureVerification(&sigData,
&hashData,
Expand All @@ -340,6 +389,8 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = WC_HW_E;
}
break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureVerification(&sigData,
&hashData,
Expand All @@ -356,13 +407,14 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = WC_HW_E;
}
break;
#endif
default:
ret = CRYPTOCB_UNAVAILABLE;
}
tsip_hw_unlock();
}
}

return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#endif /* WOLFSSL_RENESAS_TSIP_TLS || \
WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#endif /* !NO_RSA && WOLFSSL_RENESAS_TSIP_CRYPTONLY */
Loading
Loading