|
@@ -1,4 +1,4 @@
|
|
|
-/* renesas_sce_util.c
|
|
|
+/* renesas_fspsm_util.c
|
|
|
*
|
|
|
* Copyright (C) 2006-2023 wolfSSL Inc.
|
|
|
*
|
|
@@ -20,13 +20,14 @@
|
|
|
*/
|
|
|
#include <wolfssl/wolfcrypt/types.h>
|
|
|
|
|
|
-#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
|
|
|
- defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
|
|
|
+#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
|
|
|
+ defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
|
|
|
+
|
|
|
|
|
|
#include <wolfssl/wolfcrypt/wc_port.h>
|
|
|
#include <wolfssl/wolfcrypt/error-crypt.h>
|
|
|
|
|
|
-#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
|
|
|
+#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
|
|
|
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
|
|
|
#include <wolfssl/wolfcrypt/memory.h>
|
|
|
#include <wolfssl/wolfcrypt/error-crypt.h>
|
|
@@ -42,35 +43,38 @@
|
|
|
#define WOLFSSL_PKMSG(_f_, ...) WC_DO_NOTHING
|
|
|
#endif
|
|
|
|
|
|
-#if defined(WOLFSSL_RENESAS_SCEPROTECT_ECC)
|
|
|
-WOLFSSL_GLOBAL SCE_PKCbInfo gSCE_PKCbInfo;
|
|
|
+#if defined(WOLFSSL_RENESAS_FSPSM_ECC)
|
|
|
+WOLFSSL_GLOBAL FSPSM_ST_PKC gPKCbInfo;
|
|
|
#endif
|
|
|
|
|
|
/* expect to have these variables defined at user application */
|
|
|
-extern sce_instance_ctrl_t sce_ctrl;
|
|
|
-extern sce_cfg_t sce_cfg;
|
|
|
+extern FSPSM_INSTANCE gFSPSM_ctrl;
|
|
|
+extern FSPSM_CONFIG gFSPSM_cfg;
|
|
|
|
|
|
+#ifdef WOLFSSL_RENESAS_FSPSM_TLS
|
|
|
static const byte* ca_cert_sig;
|
|
|
-static sce_key_data g_user_key_info;
|
|
|
+static fspsm_key_data g_user_key_info;
|
|
|
|
|
|
static uint32_t g_encrypted_publicCA_key[HW_SCE_SINST_WORD_SIZE];
|
|
|
extern uint32_t g_CAscm_Idx; /* index of CM table */
|
|
|
-wolfSSL_Mutex sce_mutex;
|
|
|
-static int sce_CryptHwMutexInit_ = 0;
|
|
|
-static uint32_t sce_sess_idx = 0;
|
|
|
+#endif
|
|
|
+
|
|
|
+wolfSSL_Mutex fspsm_mutex;
|
|
|
+static int fspsm_CryptHwMutexInit_ = 0;
|
|
|
+static uint32_t fspsm_sess_idx = 0;
|
|
|
|
|
|
/* Mutex Init */
|
|
|
-static int sce_CryptHwMutexInit(wolfSSL_Mutex* mutex)
|
|
|
+static int fspsm_CryptHwMutexInit(wolfSSL_Mutex* mutex)
|
|
|
{
|
|
|
return wc_InitMutex(mutex);
|
|
|
}
|
|
|
/* Mutex Lock */
|
|
|
-static int sce_CryptHwMutexLock(wolfSSL_Mutex* mutex)
|
|
|
+static int fspsm_CryptHwMutexLock(wolfSSL_Mutex* mutex)
|
|
|
{
|
|
|
return wc_LockMutex(mutex);
|
|
|
}
|
|
|
/* Mutex Unlock */
|
|
|
-static int sce_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
|
|
|
+static int fspsm_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
|
|
|
{
|
|
|
return wc_UnLockMutex(mutex);
|
|
|
}
|
|
@@ -79,23 +83,23 @@ static int sce_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
|
|
|
* lock hw engine
|
|
|
* this should be called before using engine.
|
|
|
*/
|
|
|
-WOLFSSL_LOCAL int wc_sce_hw_lock()
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_hw_lock()
|
|
|
{
|
|
|
int ret = 0;
|
|
|
|
|
|
- if (sce_CryptHwMutexInit_ == 0) {
|
|
|
+ if (fspsm_CryptHwMutexInit_ == 0) {
|
|
|
|
|
|
- ret = sce_CryptHwMutexInit(&sce_mutex);
|
|
|
+ ret = fspsm_CryptHwMutexInit(&fspsm_mutex);
|
|
|
|
|
|
if (ret == 0) {
|
|
|
- sce_CryptHwMutexInit_ = 1;
|
|
|
+ fspsm_CryptHwMutexInit_ = 1;
|
|
|
}
|
|
|
else {
|
|
|
WOLFSSL_MSG(" mutex initialization failed.");
|
|
|
return -1;
|
|
|
}
|
|
|
}
|
|
|
- if (sce_CryptHwMutexLock(&sce_mutex) != 0) {
|
|
|
+ if (fspsm_CryptHwMutexLock(&fspsm_mutex) != 0) {
|
|
|
/* this should not happens */
|
|
|
return -1;
|
|
|
}
|
|
@@ -106,26 +110,28 @@ WOLFSSL_LOCAL int wc_sce_hw_lock()
|
|
|
/*
|
|
|
* release hw engine
|
|
|
*/
|
|
|
-WOLFSSL_LOCAL void wc_sce_hw_unlock(void)
|
|
|
+WOLFSSL_LOCAL void wc_fspsm_hw_unlock(void)
|
|
|
{
|
|
|
- sce_CryptHwMutexUnLock(&sce_mutex);
|
|
|
+ fspsm_CryptHwMutexUnLock(&fspsm_mutex);
|
|
|
}
|
|
|
|
|
|
/* Open sce driver for use */
|
|
|
-WOLFSSL_LOCAL int wc_sce_Open()
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_Open()
|
|
|
{
|
|
|
- WOLFSSL_ENTER("wc_sce_Open");
|
|
|
+ WOLFSSL_ENTER("wc_fspsm_Open");
|
|
|
int ret;
|
|
|
- if ((ret = wc_sce_hw_lock()) == 0) {
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) == 0) {
|
|
|
|
|
|
- ret = R_SCE_Open(&sce_ctrl, &sce_cfg);
|
|
|
+ ret = FSPSM_OPEN(&gFSPSM_ctrl, &gFSPSM_cfg);
|
|
|
|
|
|
if (ret != FSP_SUCCESS) {
|
|
|
WOLFSSL_MSG("RENESAS SCE Open failed");
|
|
|
}
|
|
|
+
|
|
|
+ #if defined(WOLFSSL_RENESAS_FSPSM_TLS)
|
|
|
if (ret == FSP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
|
|
|
|
|
|
- ret = R_SCE_TLS_RootCertificateRSA2048PublicKeyInstall(
|
|
|
+ ret = FSPSM_ROOTCA_RSA2048(
|
|
|
g_user_key_info.encrypted_provisioning_key,
|
|
|
g_user_key_info.iv,
|
|
|
g_user_key_info.encrypted_user_tls_key,
|
|
@@ -138,28 +144,28 @@ WOLFSSL_LOCAL int wc_sce_Open()
|
|
|
else {
|
|
|
WOLFSSL_MSG("Failed to lock sce hw ");
|
|
|
}
|
|
|
-
|
|
|
+ #endif
|
|
|
}
|
|
|
|
|
|
/* unlock hw */
|
|
|
- wc_sce_hw_unlock();
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
|
|
|
- WOLFSSL_LEAVE("wc_sce_Open", ret);
|
|
|
+ WOLFSSL_LEAVE("wc_fspsm_Open", ret);
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
/* close SCE driver */
|
|
|
-WOLFSSL_LOCAL void wc_sce_Close()
|
|
|
+WOLFSSL_LOCAL void wc_fspsm_Close()
|
|
|
{
|
|
|
WOLFSSL_ENTER("sce Close");
|
|
|
int ret;
|
|
|
|
|
|
- if ((ret = wc_sce_hw_lock()) == 0) {
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) == 0) {
|
|
|
/* close SCE */
|
|
|
- ret = R_SCE_Close(&sce_ctrl);
|
|
|
+ ret = FSPSM_CLOSE(&gFSPSM_ctrl);
|
|
|
|
|
|
/* unlock hw */
|
|
|
- wc_sce_hw_unlock();
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
if (ret != FSP_SUCCESS) {
|
|
|
WOLFSSL_MSG("RENESAS SCE Close failed");
|
|
|
}
|
|
@@ -169,15 +175,16 @@ WOLFSSL_LOCAL void wc_sce_Close()
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-#ifndef WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY
|
|
|
+#ifdef WOLFSSL_RENESAS_FSPSM_TLS
|
|
|
|
|
|
-#if defined(WOLFSSL_RENESAS_SCEPROTECT_ECC)
|
|
|
+#if defined(WOLFSSL_RENESAS_FSPSM_ECC)
|
|
|
/* Verify Server Key Exchange while doing ECDH key exchange */
|
|
|
-static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig,
|
|
|
- uint32_t sigSz, void* ctx)
|
|
|
+static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
|
|
|
+ const uint8_t* sig,
|
|
|
+ uint32_t sigSz, void* ctx)
|
|
|
{
|
|
|
int ret = WOLFSSL_FAILURE;
|
|
|
- User_SCEPKCbInfo* cbInfo;
|
|
|
+ FSPSM_ST* cbInfo;
|
|
|
byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
|
|
|
byte *peerkey = NULL;
|
|
|
|
|
@@ -188,7 +195,7 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
|
|
|
if (ssl == NULL || sig == NULL || ctx == NULL)
|
|
|
return ret;
|
|
|
|
|
|
- cbInfo = (User_SCEPKCbInfo*)ctx;
|
|
|
+ cbInfo = (FSPSM_ST*)ctx;
|
|
|
|
|
|
/* export public peer public key */
|
|
|
ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen);
|
|
@@ -210,9 +217,9 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
|
|
|
XMEMCPY(&peerkey[4], qx, qxLen);
|
|
|
XMEMCPY(&peerkey[4+qxLen], qy, qyLen);
|
|
|
|
|
|
- if ((ret = wc_sce_hw_lock()) == 0) {
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) == 0) {
|
|
|
/* 0 : RSA 2048bit, 1 : Reserved, 2 : ECDSA P-256 */
|
|
|
- ret = R_SCE_TLS_ServerKeyExchangeVerify(
|
|
|
+ ret = FSPSM_TLS_SVRKEYExVfy(
|
|
|
type,
|
|
|
(uint8_t*) ssl->arrays->clientRandom,
|
|
|
(uint8_t*) ssl->arrays->serverRandom,
|
|
@@ -222,7 +229,7 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
|
|
|
(uint32_t*)cbInfo->encrypted_ephemeral_ecdh_public_key);
|
|
|
|
|
|
if (ret != FSP_SUCCESS) {
|
|
|
- WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
|
|
|
+ WOLFSSL_MSG("failed R_fspsm_TLS_ServerKeyExchangeVerify");
|
|
|
cbInfo->keyflgs_tls.bits.pk_key_set = 0;
|
|
|
}
|
|
|
else {
|
|
@@ -235,13 +242,13 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
|
|
|
}
|
|
|
|
|
|
/* unlock hw */
|
|
|
- wc_sce_hw_unlock();
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
|
|
|
XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER);
|
|
|
return ret;
|
|
|
}
|
|
|
/* Callback for Rsa Verify */
|
|
|
-WOLFSSL_LOCAL int wc_SCE_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
|
|
|
uint8_t** out, const byte* key, uint32_t keySz, void* ctx)
|
|
|
{
|
|
|
int ret = WOLFSSL_FAILURE;
|
|
@@ -251,8 +258,8 @@ WOLFSSL_LOCAL int wc_SCE_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
|
|
|
|
|
|
WOLFSSL_PKMSG("SCE RSA Verify: sigSz %d, keySz %d\n", sigSz, keySz);
|
|
|
|
|
|
- if (wc_sce_usable(ssl, 0))
|
|
|
- ret = SCE_ServerKeyExVerify(0, ssl, sig, sigSz, ctx);
|
|
|
+ if (wc_fspsm_usable(ssl, 0))
|
|
|
+ ret = fspsm_ServerKeyExVerify(0, ssl, sig, sigSz, ctx);
|
|
|
else
|
|
|
ret = CRYPTOCB_UNAVAILABLE;
|
|
|
|
|
@@ -264,7 +271,7 @@ WOLFSSL_LOCAL int wc_SCE_RsaVerify(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
|
|
|
return ret;
|
|
|
}
|
|
|
/* Callback for Ecc Verify */
|
|
|
-WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
|
|
|
uint32_t sigSz, const uint8_t* hash, uint32_t hashSz,
|
|
|
const uint8_t* key, uint32_t keySz, int* result, void* ctx)
|
|
|
{
|
|
@@ -283,7 +290,7 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
|
|
|
WOLFSSL_PKMSG("SCE ECC Verify: ssl->options.serverState = %d sigSz %d, hashSz %d, keySz %d\n",
|
|
|
ssl->options.serverState, sigSz, hashSz, keySz);
|
|
|
|
|
|
- if (!wc_sce_usable(ssl, 0)) {
|
|
|
+ if (!wc_fspsm_usable(ssl, 0)) {
|
|
|
WOLFSSL_PKMSG("Cannot handle cipher suite by SCE");
|
|
|
return CRYPTOCB_UNAVAILABLE;
|
|
|
}
|
|
@@ -322,7 +329,7 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- ret = SCE_ServerKeyExVerify(2, ssl, sigforSCE, 64, ctx);
|
|
|
+ ret = fspsm_ServerKeyExVerify(2, ssl, sigforSCE, 64, ctx);
|
|
|
|
|
|
if (sigforSCE)
|
|
|
XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP);
|
|
@@ -340,7 +347,7 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig,
|
|
|
}
|
|
|
|
|
|
/* Callback for ECC shared secret */
|
|
|
-WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
|
|
+WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
|
|
uint8_t* pubKeyDer, unsigned int* pubKeySz,
|
|
|
uint8_t* out, unsigned int* outlen, int side, void* ctx)
|
|
|
{
|
|
@@ -348,7 +355,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
|
|
(void) otherKey;
|
|
|
(void) side;
|
|
|
|
|
|
- User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
|
|
|
+ FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
|
|
|
|
|
|
(void)ssl;
|
|
|
(void)cbInfo;
|
|
@@ -362,9 +369,9 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
|
|
side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
|
|
|
|
|
|
if (cbInfo->keyflgs_tls.bits.pk_key_set == 1) {
|
|
|
- if ((ret = wc_sce_hw_lock()) == 0) {
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) == 0) {
|
|
|
/* Generate ECC PUblic key pair */
|
|
|
- ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate(
|
|
|
+ ret = FSPSM_TLS_ECCS256R1_KPG(
|
|
|
&cbInfo->ecc_p256_wrapped_key,
|
|
|
(uint8_t*)&cbInfo->ecc_ecdh_public_key/* Qx 32 bytes and Qy 32 bytes*/ );
|
|
|
if (ret != FSP_SUCCESS) {
|
|
@@ -379,7 +386,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
|
|
sizeof(cbInfo->ecc_ecdh_public_key));
|
|
|
|
|
|
/* Generate Premaster Secret */
|
|
|
- ret = R_SCE_TLS_PreMasterSecretGenerateForECC_secp256r1(
|
|
|
+ ret = FSPSM_TLS_PREMASTERGEN(
|
|
|
(uint32_t*)&cbInfo->encrypted_ephemeral_ecdh_public_key,
|
|
|
&cbInfo->ecc_p256_wrapped_key,
|
|
|
(uint32_t*)out/* pre-master secret 64 bytes */);
|
|
@@ -398,7 +405,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
|
|
}
|
|
|
|
|
|
/* unlock hw */
|
|
|
- wc_sce_hw_unlock();
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
|
|
|
*outlen = 64;
|
|
|
WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
|
|
@@ -428,7 +435,7 @@ static uint32_t GetSceCipherSuite(
|
|
|
break;
|
|
|
|
|
|
default:
|
|
|
- sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE;
|
|
|
+ sceCipher = (uint32_t)WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE;
|
|
|
break;
|
|
|
}
|
|
|
WOLFSSL_MSG("<< GetSceCipherSuite");
|
|
@@ -436,7 +443,7 @@ static uint32_t GetSceCipherSuite(
|
|
|
}
|
|
|
else if (cipherSuiteFirst == ECC_BYTE)
|
|
|
{
|
|
|
- sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE;
|
|
|
+ sceCipher = (uint32_t)WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE;
|
|
|
/* comment out until implementation completes */
|
|
|
switch(cipherSuite) {
|
|
|
|
|
@@ -457,12 +464,12 @@ static uint32_t GetSceCipherSuite(
|
|
|
break;
|
|
|
|
|
|
default:
|
|
|
- sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE;
|
|
|
+ sceCipher = (uint32_t)WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE;
|
|
|
break;
|
|
|
}
|
|
|
}
|
|
|
else{
|
|
|
- sceCipher = (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE;
|
|
|
+ sceCipher = (uint32_t)WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE;
|
|
|
}
|
|
|
|
|
|
WOLFSSL_MSG("<< GetSceCipherSuite");
|
|
@@ -474,10 +481,10 @@ static uint32_t GetSceCipherSuite(
|
|
|
/* ssl : a pointer to WOLFSSL object */
|
|
|
/* session_key_generated : if session key has been generated */
|
|
|
/* return 1 for usable, 0 for unusable */
|
|
|
-WOLFSSL_LOCAL int wc_sce_usable(const WOLFSSL *ssl,
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_usable(const WOLFSSL *ssl,
|
|
|
uint8_t session_key_generated)
|
|
|
{
|
|
|
- WOLFSSL_ENTER("sce_usable");
|
|
|
+ WOLFSSL_ENTER("fspsm_usable");
|
|
|
uint32_t sceCipher;
|
|
|
byte side;
|
|
|
const Ciphers *enc;
|
|
@@ -518,7 +525,7 @@ WOLFSSL_LOCAL int wc_sce_usable(const WOLFSSL *ssl,
|
|
|
ssl->options.cipherSuite);
|
|
|
side = ssl->options.side;
|
|
|
|
|
|
- if (sceCipher != (uint32_t)WOLFSSL_SCE_ILLEGAL_CIPHERSUITE
|
|
|
+ if (sceCipher != (uint32_t)WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE
|
|
|
&& side == WOLFSSL_CLIENT_END)
|
|
|
return 1;
|
|
|
else
|
|
@@ -526,44 +533,45 @@ WOLFSSL_LOCAL int wc_sce_usable(const WOLFSSL *ssl,
|
|
|
}
|
|
|
|
|
|
/* Generate Hmac by sha256*/
|
|
|
-WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(const WOLFSSL *ssl,const uint8_t* myInner,
|
|
|
- uint32_t innerSz,const uint8_t* in, uint32_t sz, byte* digest)
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl,
|
|
|
+ const uint8_t* myInner, uint32_t innerSz,const uint8_t* in,
|
|
|
+ uint32_t sz, byte* digest)
|
|
|
{
|
|
|
- WOLFSSL_ENTER("sce_Sha256HmacGenerate");
|
|
|
+ WOLFSSL_ENTER("fspsm_Sha256HmacGenerate");
|
|
|
|
|
|
- sce_hmac_sha_handle_t _handle;
|
|
|
- sce_hmac_sha_wrapped_key_t wrapped_key;
|
|
|
+ FSPSM_HMAC_HANDLE _handle;
|
|
|
+ FSPSM_HMAC_WKEY wrapped_key;
|
|
|
int ret;
|
|
|
|
|
|
if ((ssl == NULL) || (myInner == NULL) || (in == NULL) ||
|
|
|
(digest == NULL))
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
|
- wrapped_key = ssl->keys.sce_client_write_MAC_secret;
|
|
|
+ wrapped_key = ssl->keys.fspsm_client_write_MAC_secret;
|
|
|
|
|
|
- if ((ret = wc_sce_hw_lock()) != 0) {
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) != 0) {
|
|
|
WOLFSSL_MSG("hw lock failed");
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
- ret = R_SCE_SHA256HMAC_GenerateInit(
|
|
|
+ ret = FSPSM_S256HMAC_GInt(
|
|
|
&_handle,
|
|
|
&wrapped_key);
|
|
|
|
|
|
if (ret == FSP_SUCCESS)
|
|
|
- ret = R_SCE_SHA256HMAC_GenerateUpdate(
|
|
|
+ ret = FSPSM_S256HMAC_GUp(
|
|
|
&_handle,
|
|
|
(uint8_t*)myInner,
|
|
|
innerSz);
|
|
|
|
|
|
if (ret == FSP_SUCCESS)
|
|
|
- ret = R_SCE_SHA256HMAC_GenerateUpdate(
|
|
|
+ ret = FSPSM_S256HMAC_GUp(
|
|
|
&_handle,
|
|
|
(uint8_t*)in,
|
|
|
sz);
|
|
|
|
|
|
if (ret == FSP_SUCCESS)
|
|
|
- ret = R_SCE_SHA256HMAC_GenerateFinal(
|
|
|
+ ret = FSPSM_S256HMAC_GFnl(
|
|
|
&_handle,
|
|
|
digest);
|
|
|
|
|
@@ -571,29 +579,29 @@ WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(const WOLFSSL *ssl,const uint8_t* my
|
|
|
ret = WOLFSSL_FAILURE;
|
|
|
|
|
|
/* unlock hw */
|
|
|
- wc_sce_hw_unlock();
|
|
|
- WOLFSSL_LEAVE("sce_Sha256HmacGenerate", ret);
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
+ WOLFSSL_LEAVE("fspsm_Sha256HmacGenerate", ret);
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
/* Verify hmac */
|
|
|
-WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const WOLFSSL *ssl,
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl,
|
|
|
const uint8_t* message, uint32_t messageSz,
|
|
|
uint32_t macSz, uint32_t content)
|
|
|
{
|
|
|
- WOLFSSL_ENTER("sce_Sha256HmacVerify");
|
|
|
+ WOLFSSL_ENTER("fspsm_Sha256HmacVerify");
|
|
|
|
|
|
- sce_hmac_sha_handle_t _handle;
|
|
|
- sce_hmac_sha_wrapped_key_t wrapped_key;
|
|
|
+ FSPSM_HMAC_HANDLE _handle;
|
|
|
+ FSPSM_HMAC_WKEY wrapped_key;
|
|
|
byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
|
|
|
int ret;
|
|
|
|
|
|
if ((ssl == NULL) || (message == NULL))
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
|
- wrapped_key = ssl->keys.sce_server_write_MAC_secret;
|
|
|
+ wrapped_key = ssl->keys.fspsm_server_write_MAC_secret;
|
|
|
|
|
|
- if ((ret = wc_sce_hw_lock()) != 0) {
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) != 0) {
|
|
|
WOLFSSL_MSG("hw lock failed");
|
|
|
return ret;
|
|
|
}
|
|
@@ -601,44 +609,45 @@ WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(const WOLFSSL *ssl,
|
|
|
wolfSSL_SetTlsHmacInner((WOLFSSL*)ssl, myInner,
|
|
|
(word32)messageSz, (int)content, 1);
|
|
|
|
|
|
- ret = R_SCE_SHA256HMAC_VerifyInit(
|
|
|
+ ret = FSPSM_S256HMAC_VInt(
|
|
|
&_handle,
|
|
|
&wrapped_key);
|
|
|
|
|
|
if (ret == FSP_SUCCESS)
|
|
|
- ret = R_SCE_SHA256HMAC_VerifyUpdate(
|
|
|
+ ret = FSPSM_S256HMAC_VUp(
|
|
|
&_handle,
|
|
|
(uint8_t*)myInner,
|
|
|
WOLFSSL_TLS_HMAC_INNER_SZ);
|
|
|
|
|
|
if (ret == FSP_SUCCESS)
|
|
|
- ret = R_SCE_SHA256HMAC_VerifyUpdate(
|
|
|
+ ret = FSPSM_S256HMAC_VUp(
|
|
|
&_handle,
|
|
|
(uint8_t*)message,
|
|
|
(uint32_t)messageSz);
|
|
|
|
|
|
if (ret == FSP_SUCCESS)
|
|
|
- ret = R_SCE_SHA256HMAC_VerifyFinal(
|
|
|
+ ret = FSPSM_S256HMAC_VFnl(
|
|
|
&_handle,
|
|
|
(uint8_t*)(message+messageSz),
|
|
|
(uint32_t)macSz);
|
|
|
|
|
|
if (ret != FSP_SUCCESS) {
|
|
|
- WOLFSSL_MSG("SCE Mac verification failed");
|
|
|
+ WOLFSSL_MSG("FSP SM Mac verification failed");
|
|
|
}
|
|
|
|
|
|
/* unlock hw */
|
|
|
- wc_sce_hw_unlock();
|
|
|
- WOLFSSL_LEAVE("sce_Sha256HmacVerify", ret);
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
+ WOLFSSL_LEAVE("fspsm_Sha256HmacVerify", ret);
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
/* generate Verify Data based on master secret */
|
|
|
-WOLFSSL_LOCAL int wc_sce_generateVerifyData(const uint8_t *ms, /* master secret */
|
|
|
- const uint8_t *side, const uint8_t *handshake_hash,
|
|
|
- uint8_t *hashes /* out */)
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
|
|
|
+ const uint8_t *ms, /* master secret */
|
|
|
+ const uint8_t *side, const uint8_t *handshake_hash,
|
|
|
+ uint8_t *hashes /* out */)
|
|
|
{
|
|
|
- WOLFSSL_ENTER("sce_generateVerifyData");
|
|
|
+ WOLFSSL_ENTER("fspsm_generateVerifyData");
|
|
|
int ret ;
|
|
|
uint32_t l_side = SCE_TLS_GENERATE_CLIENT_VERIFY;
|
|
|
|
|
@@ -652,31 +661,32 @@ WOLFSSL_LOCAL int wc_sce_generateVerifyData(const uint8_t *ms, /* master secret
|
|
|
l_side = SCE_TLS_GENERATE_SERVER_VERIFY;
|
|
|
}
|
|
|
|
|
|
- if ((ret = wc_sce_hw_lock()) == 0) {
|
|
|
- ret = R_SCE_TLS_VerifyDataGenerate(l_side, (uint32_t*)ms,
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) == 0) {
|
|
|
+ ret = FSPSM_VERIFY_DATA_FUNC(l_side, (uint32_t*)ms,
|
|
|
(uint8_t*)handshake_hash, hashes/* out */);
|
|
|
if (ret != FSP_SUCCESS) {
|
|
|
- WOLFSSL_MSG("R_SCE_TLS_VerifyDataGenerate failed");
|
|
|
+ WOLFSSL_MSG("R_fspsm_TLS_VerifyDataGenerate failed");
|
|
|
}
|
|
|
}
|
|
|
/* unlock hw */
|
|
|
- wc_sce_hw_unlock();
|
|
|
- WOLFSSL_LEAVE("sce_generateVerifyData", ret);
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
+ WOLFSSL_LEAVE("fspsm_generateVerifyData", ret);
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
/* generate keys for TLS communication */
|
|
|
-WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
|
|
|
- User_SCEPKCbInfo* cbInfo, int devId)
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
|
|
|
+ FSPSM_ST* cbInfo, int devId)
|
|
|
{
|
|
|
- WOLFSSL_MSG("sce_generateSessionKey()");
|
|
|
+ WOLFSSL_MSG("fspsm_generateSessionKey()");
|
|
|
int ret;
|
|
|
Ciphers *enc;
|
|
|
Ciphers *dec;
|
|
|
- sce_hmac_sha_wrapped_key_t key_client_mac;
|
|
|
- sce_hmac_sha_wrapped_key_t key_server_mac;
|
|
|
- sce_aes_wrapped_key_t key_client_aes;
|
|
|
- sce_aes_wrapped_key_t key_server_aes;
|
|
|
+ FSPSM_HMAC_WKEY key_client_mac;
|
|
|
+ FSPSM_HMAC_WKEY key_server_mac;
|
|
|
+
|
|
|
+ FSPSM_AES_WKEY key_client_aes;
|
|
|
+ FSPSM_AES_WKEY key_server_aes;
|
|
|
uint32_t sceCS = GetSceCipherSuite(ssl->options.cipherSuite0,
|
|
|
ssl->options.cipherSuite);
|
|
|
|
|
@@ -684,7 +694,7 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
|
|
|
|
- if ((ret = wc_sce_hw_lock()) == 0) {
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) == 0) {
|
|
|
if (sceCS == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ||
|
|
|
sceCS == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
|
|
|
{
|
|
@@ -695,11 +705,11 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
|
|
|
|
|
|
}
|
|
|
else {
|
|
|
- ret = R_SCE_TLS_SessionKeyGenerate(
|
|
|
+ ret = FSPSM_SESSIONKEY_GEN_FUNC(
|
|
|
GetSceCipherSuite(
|
|
|
ssl->options.cipherSuite0,
|
|
|
ssl->options.cipherSuite),
|
|
|
- (uint32_t*)ssl->arrays->sce_masterSecret,
|
|
|
+ (uint32_t*)ssl->arrays->fspsm_masterSecret,
|
|
|
(uint8_t*) ssl->arrays->clientRandom,
|
|
|
(uint8_t*) ssl->arrays->serverRandom,
|
|
|
NULL,
|
|
@@ -711,7 +721,7 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
|
|
|
}
|
|
|
|
|
|
if (ret != FSP_SUCCESS) {
|
|
|
- WOLFSSL_MSG("R_SCE_TLS_SessionKeyGenerate failed");
|
|
|
+ WOLFSSL_MSG("R_fspsm_TLS_SessionKeyGenerate failed");
|
|
|
}
|
|
|
else {
|
|
|
/* succeeded creating session keys */
|
|
@@ -745,20 +755,20 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
|
|
|
}
|
|
|
/* copy key index into aes */
|
|
|
if (ssl->options.side == PROVISION_CLIENT) {
|
|
|
- XMEMCPY(&enc->aes->ctx.sce_wrapped_key, &key_client_aes,
|
|
|
+ XMEMCPY(&enc->aes->ctx.wrapped_key, &key_client_aes,
|
|
|
sizeof(key_client_aes));
|
|
|
- XMEMCPY(&dec->aes->ctx.sce_wrapped_key, &key_server_aes,
|
|
|
+ XMEMCPY(&dec->aes->ctx.wrapped_key, &key_server_aes,
|
|
|
sizeof(key_server_aes));
|
|
|
}
|
|
|
else {
|
|
|
- XMEMCPY(&enc->aes->ctx.sce_wrapped_key, &key_server_aes,
|
|
|
+ XMEMCPY(&enc->aes->ctx.wrapped_key, &key_server_aes,
|
|
|
sizeof(key_server_aes));
|
|
|
- XMEMCPY(&dec->aes->ctx.sce_wrapped_key, &key_client_aes,
|
|
|
+ XMEMCPY(&dec->aes->ctx.wrapped_key, &key_client_aes,
|
|
|
sizeof(key_client_aes));
|
|
|
}
|
|
|
/* copy mac key index into keys */
|
|
|
- ssl->keys.sce_client_write_MAC_secret = key_client_mac;
|
|
|
- ssl->keys.sce_server_write_MAC_secret = key_server_mac;
|
|
|
+ ssl->keys.fspsm_client_write_MAC_secret = key_client_mac;
|
|
|
+ ssl->keys.fspsm_server_write_MAC_secret = key_server_mac;
|
|
|
|
|
|
/* set up key size and marked ready */
|
|
|
if (enc) {
|
|
@@ -775,8 +785,8 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
|
|
|
dec->setup = 1;
|
|
|
}
|
|
|
|
|
|
- if (cbInfo->sce_cipher == SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
|
|
|
- cbInfo->sce_cipher == SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
|
|
|
+ if (cbInfo->cipher == SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
|
|
|
+ cbInfo->cipher == SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
|
|
|
enc->aes->nonceSz = AEAD_MAX_IMP_SZ;
|
|
|
dec->aes->nonceSz = AEAD_MAX_IMP_SZ;
|
|
|
}
|
|
@@ -787,18 +797,18 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
|
|
|
cbInfo->keyflgs_tls.bits.session_key_set = 1;
|
|
|
}
|
|
|
/* unlock hw */
|
|
|
- wc_sce_hw_unlock();
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
}
|
|
|
else {
|
|
|
WOLFSSL_LEAVE("hw lock failed", ret);
|
|
|
}
|
|
|
|
|
|
- WOLFSSL_LEAVE("sce_generateSessionKey", ret);
|
|
|
+ WOLFSSL_LEAVE("fspsm_generateSessionKey", ret);
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
/* generate master secret based on pre-master which is generated by SCE */
|
|
|
-WOLFSSL_LOCAL int wc_sce_generateMasterSecret(
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
|
|
|
uint8_t cipherSuiteFirst,
|
|
|
uint8_t cipherSuite,
|
|
|
const uint8_t *pr, /* pre-master */
|
|
@@ -806,7 +816,7 @@ WOLFSSL_LOCAL int wc_sce_generateMasterSecret(
|
|
|
const uint8_t *sr, /* server random */
|
|
|
uint8_t *ms)
|
|
|
{
|
|
|
- WOLFSSL_ENTER("sce_generateMasterSecretEx");
|
|
|
+ WOLFSSL_ENTER("fspsm_generateMasterSecretEx");
|
|
|
int ret;
|
|
|
|
|
|
if ((pr == NULL) || (cr == NULL) || (sr == NULL) ||
|
|
@@ -817,49 +827,49 @@ WOLFSSL_LOCAL int wc_sce_generateMasterSecret(
|
|
|
if (sceCS == 0xffffffff)
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
|
- if ((ret = wc_sce_hw_lock()) == 0) {
|
|
|
- ret = R_SCE_TLS_MasterSecretGenerate(
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) == 0) {
|
|
|
+ ret = FSPSM_MASTERSECRET_GEN_FUNC(
|
|
|
sceCS,
|
|
|
(uint32_t*)pr,
|
|
|
(uint8_t*)cr, (uint8_t*)sr, (uint32_t*)ms);
|
|
|
if (ret != FSP_SUCCESS) {
|
|
|
- WOLFSSL_MSG("R_SCE_TLS_MasterSecretGenerate failed");
|
|
|
+ WOLFSSL_MSG("R_fspsm_TLS_MasterSecretGenerate failed");
|
|
|
}
|
|
|
/* unlock hw */
|
|
|
- wc_sce_hw_unlock();
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
}
|
|
|
else {
|
|
|
WOLFSSL_MSG(" hw lock failed ");
|
|
|
}
|
|
|
- WOLFSSL_LEAVE("sce_generateMasterSecret", ret);
|
|
|
+ WOLFSSL_LEAVE("fspsm_generateMasterSecret", ret);
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
/* generate pre-Master secrete by SCE */
|
|
|
-WOLFSSL_LOCAL int wc_sce_generatePremasterSecret(uint8_t *premaster,
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(uint8_t *premaster,
|
|
|
uint32_t preSz)
|
|
|
{
|
|
|
- WOLFSSL_ENTER("sce_generatePremasterSecret");
|
|
|
+ WOLFSSL_ENTER("fspsm_generatePremasterSecret");
|
|
|
int ret;
|
|
|
|
|
|
if (premaster == NULL)
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
|
- if ((ret = wc_sce_hw_lock()) == 0 && preSz >=
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) == 0 && preSz >=
|
|
|
(SCE_TLS_MASTER_SECRET_WORD_SIZE*4)) {
|
|
|
/* generate pre-master, 80 bytes */
|
|
|
- ret = R_SCE_TLS_PreMasterSecretGenerateForRSA2048((uint32_t*)premaster);
|
|
|
+ ret = FSPSM_PREGEN_FUNC((uint32_t*)premaster);
|
|
|
if (ret != FSP_SUCCESS) {
|
|
|
- WOLFSSL_MSG(" R_SCE_TLS_GeneratePreMasterSecret failed");
|
|
|
+ WOLFSSL_MSG(" R_fspsm_TLS_GeneratePreMasterSecret failed");
|
|
|
}
|
|
|
/* unlock hw */
|
|
|
- wc_sce_hw_unlock();
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
}
|
|
|
else {
|
|
|
WOLFSSL_MSG(" hw lock failed or preSz is smaller than 80");
|
|
|
}
|
|
|
|
|
|
- WOLFSSL_LEAVE("sce_generatePremasterSecret", ret);
|
|
|
+ WOLFSSL_LEAVE("fspsm_generatePremasterSecret", ret);
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
@@ -867,20 +877,20 @@ WOLFSSL_LOCAL int wc_sce_generatePremasterSecret(uint8_t *premaster,
|
|
|
/*
|
|
|
* generate encrypted pre-Master secrete by SCE
|
|
|
*/
|
|
|
-WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret(
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret(
|
|
|
WOLFSSL* ssl,
|
|
|
uint8_t* out,
|
|
|
uint32_t* outSz)
|
|
|
{
|
|
|
- WOLFSSL_MSG("sce_generateEncryptPreMasterSecret");
|
|
|
+ WOLFSSL_MSG("fspsm_generateEncryptPreMasterSecret");
|
|
|
int ret;
|
|
|
|
|
|
if ((ssl == NULL) || (out == NULL) || (outSz == NULL))
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
|
- if ((ret = wc_sce_hw_lock()) == 0) {
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) == 0) {
|
|
|
if (*outSz >= 256)
|
|
|
- ret = R_SCE_TLS_PreMasterSecretEncryptWithRSA2048(
|
|
|
+ ret = FSPSM_PREGENENC_FUNC(
|
|
|
(uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
|
|
|
(uint32_t*)ssl->arrays->preMasterSecret,
|
|
|
(uint8_t*)out);
|
|
@@ -888,7 +898,7 @@ WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret(
|
|
|
ret = -1;
|
|
|
|
|
|
if (ret != FSP_SUCCESS) {
|
|
|
- WOLFSSL_MSG("R_SCE_TLS_PreMasterSecretEncryptWithRSA2048 failed");
|
|
|
+ WOLFSSL_MSG("R_fspsm_TLS_PreMasterSecretEncryptWithRSA2048 failed");
|
|
|
}
|
|
|
else {
|
|
|
*outSz = 256; /* SCE can only handles 2048 RSA */
|
|
@@ -898,26 +908,26 @@ WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret(
|
|
|
Renesas_cmn_genMasterSecret);
|
|
|
wolfSSL_SetGenMasterSecretCtx(ssl, ctx);
|
|
|
}
|
|
|
- wc_sce_hw_unlock();
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
|
|
|
}
|
|
|
else {
|
|
|
WOLFSSL_MSG(" hw lock failed ");
|
|
|
}
|
|
|
- WOLFSSL_LEAVE("sce_generateEncryptPreMasterSecret", ret);
|
|
|
+ WOLFSSL_LEAVE("fspsm_generateEncryptPreMasterSecret", ret);
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
|
|
|
/* Certificate verification by SCE */
|
|
|
-WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
|
|
|
const uint8_t* cert, uint32_t certSz,
|
|
|
const uint8_t* signature, uint32_t sigSz,
|
|
|
uint32_t key_n_start,uint32_t key_n_len,
|
|
|
uint32_t key_e_start,uint32_t key_e_len,
|
|
|
- uint8_t* sce_encPublickey)
|
|
|
+ uint8_t* fspsm_encPublickey)
|
|
|
{
|
|
|
- WOLFSSL_ENTER("sce_tls_CertVerify");
|
|
|
+ WOLFSSL_ENTER("fspsm_tls_CertVerify");
|
|
|
int ret;
|
|
|
uint8_t *sigforSCE;
|
|
|
uint8_t *pSig;
|
|
@@ -935,8 +945,8 @@ WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
|
|
|
WOLFSSL_MSG(" signature for ca verification is not set");
|
|
|
return -1;
|
|
|
}
|
|
|
- if (!sce_encPublickey) {
|
|
|
- WOLFSSL_MSG(" sce_encPublickey is NULL.");
|
|
|
+ if (!fspsm_encPublickey) {
|
|
|
+ WOLFSSL_MSG(" fspsm_encPublickey is NULL.");
|
|
|
return -1;
|
|
|
}
|
|
|
|
|
@@ -980,36 +990,36 @@ WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
|
|
|
}
|
|
|
|
|
|
|
|
|
- if ((ret = wc_sce_hw_lock()) == 0) {
|
|
|
- ret = R_SCE_TLS_CertificateVerify(
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) == 0) {
|
|
|
+ ret = FSPSM_TLSCERT_VRY(
|
|
|
g_user_key_info.encrypted_user_tls_key_type,
|
|
|
(uint32_t*)g_encrypted_publicCA_key,/* encrypted public key */
|
|
|
- (uint8_t*)cert, /* certificate der */
|
|
|
- certSz, /* length of der */
|
|
|
+ (uint8_t*)cert, /* certificate der */
|
|
|
+ certSz, /* length of der */
|
|
|
(uint8_t*)pSig, /* sign data by RSA PSS */
|
|
|
key_n_start, /* start position of public key n in bytes */
|
|
|
(key_n_start + key_n_len), /* length of the public key n */
|
|
|
key_e_start, /* start pos, key e in bytes */
|
|
|
(key_e_start + key_e_len), /* length of the public key e */
|
|
|
- (uint32_t*)sce_encPublickey /* returned encrypted key */
|
|
|
+ (uint32_t*)fspsm_encPublickey /* returned encrypted key */
|
|
|
);
|
|
|
if (ret != FSP_SUCCESS) {
|
|
|
- WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification() failed");
|
|
|
+ WOLFSSL_MSG(" R_XXX_TlsCertificateVerification() failed");
|
|
|
}
|
|
|
if (sigforSCE) {
|
|
|
XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP);
|
|
|
}
|
|
|
- wc_sce_hw_unlock();
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
}
|
|
|
else {
|
|
|
WOLFSSL_MSG(" hw lock failed ");
|
|
|
}
|
|
|
- WOLFSSL_LEAVE("sce_tls_CertVerify", ret);
|
|
|
+ WOLFSSL_LEAVE("fspsm_tls_CertVerify", ret);
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
/* Root Certificate verification */
|
|
|
-WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify(
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify(
|
|
|
const uint8_t* cert, uint32_t cert_len,
|
|
|
uint32_t key_n_start, uint32_t key_n_len,
|
|
|
uint32_t key_e_start, uint32_t key_e_len,
|
|
@@ -1019,7 +1029,7 @@ WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify(
|
|
|
/* call to generate encrypted public key for certificate verification */
|
|
|
uint8_t *signature = (uint8_t*)ca_cert_sig;
|
|
|
|
|
|
- WOLFSSL_ENTER("wc_sce_tls_RootCertVerify");
|
|
|
+ WOLFSSL_ENTER("wc_fspsm_tls_RootCertVerify");
|
|
|
|
|
|
if (cert == NULL)
|
|
|
return BAD_FUNC_ARG;
|
|
@@ -1029,8 +1039,8 @@ WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify(
|
|
|
return -1;
|
|
|
}
|
|
|
|
|
|
- if ((ret = wc_sce_hw_lock()) == 0) {
|
|
|
- ret = R_SCE_TLS_RootCertificateVerify(
|
|
|
+ if ((ret = wc_fspsm_hw_lock()) == 0) {
|
|
|
+ ret = FSPSM_TLSROOTCERT_VRY(
|
|
|
g_user_key_info.encrypted_user_tls_key_type,
|
|
|
(uint8_t*)cert, /* CA cert */
|
|
|
(uint32_t)cert_len, /* length of CA cert */
|
|
@@ -1042,55 +1052,63 @@ WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify(
|
|
|
g_encrypted_publicCA_key); /* RSA-2048 public key 560 bytes */
|
|
|
/* ECDSA 96 bytes */
|
|
|
if (ret != FSP_SUCCESS) {
|
|
|
- WOLFSSL_MSG(" R_SCE_TLS_RootCertificateVerify() failed");
|
|
|
+ WOLFSSL_MSG(" R_fspsm_TLS_RootCertificateVerify() failed");
|
|
|
}
|
|
|
else {
|
|
|
g_CAscm_Idx = cm_row;
|
|
|
}
|
|
|
- wc_sce_hw_unlock();
|
|
|
+ wc_fspsm_hw_unlock();
|
|
|
}
|
|
|
else {
|
|
|
WOLFSSL_MSG(" hw lock failed ");
|
|
|
}
|
|
|
- WOLFSSL_LEAVE("wc_sce_tls_RootCertVerify", ret);
|
|
|
+ WOLFSSL_LEAVE("wc_fspsm_tls_RootCertVerify", ret);
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
/* store elements for session key generation into ssl->keys.
|
|
|
* return 0 on success, negative value on failure
|
|
|
*/
|
|
|
-WOLFSSL_LOCAL int wc_sce_storeKeyCtx(WOLFSSL* ssl, User_SCEPKCbInfo* info)
|
|
|
+WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(WOLFSSL* ssl, FSPSM_ST* info)
|
|
|
{
|
|
|
int ret = 0;
|
|
|
|
|
|
- WOLFSSL_ENTER("sce_storeKeyCtx");
|
|
|
+ WOLFSSL_ENTER("fspsm_storeKeyCtx");
|
|
|
|
|
|
if (ssl == NULL || info == NULL)
|
|
|
ret = BAD_FUNC_ARG;
|
|
|
|
|
|
if (ret == 0) {
|
|
|
- XMEMCPY(info->sce_masterSecret, ssl->arrays->sce_masterSecret,
|
|
|
- SCE_TLS_MASTERSECRET_SIZE);
|
|
|
- XMEMCPY(info->sce_clientRandom, ssl->arrays->clientRandom, 32);
|
|
|
- XMEMCPY(info->sce_serverRandom, ssl->arrays->serverRandom, 32);
|
|
|
+ XMEMCPY(info->masterSecret, ssl->arrays->fspsm_masterSecret,
|
|
|
+ FSPSM_TLS_MASTERSECRET_SIZE);
|
|
|
+ XMEMCPY(info->clientRandom, ssl->arrays->clientRandom, 32);
|
|
|
+ XMEMCPY(info->serverRandom, ssl->arrays->serverRandom, 32);
|
|
|
|
|
|
- info->sce_cipher = (uint8_t)GetSceCipherSuite(ssl->options.cipherSuite0,
|
|
|
+ info->cipher = (uint8_t)GetSceCipherSuite(ssl->options.cipherSuite0,
|
|
|
ssl->options.cipherSuite);
|
|
|
}
|
|
|
- WOLFSSL_LEAVE("sce_storeKeyCtx", ret);
|
|
|
+ WOLFSSL_LEAVE("fspsm_storeKeyCtx", ret);
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
/* to inform ca certificate sign */
|
|
|
/* signature format expects RSA 2048 PSS with SHA256 */
|
|
|
+#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
|
|
WOLFSSL_API void wc_sce_inform_cert_sign(const uint8_t *sign)
|
|
|
+#else
|
|
|
+WOLFSSL_API void wc_fspsm_inform_cert_sign(const uint8_t *sign)
|
|
|
+#endif
|
|
|
{
|
|
|
if (sign)
|
|
|
ca_cert_sig = sign;
|
|
|
}
|
|
|
|
|
|
/* let wolfSSL know user key information using TLS operation by SCE */
|
|
|
+#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
|
|
WOLFSSL_API void wc_sce_inform_user_keys(
|
|
|
+#else
|
|
|
+WOLFSSL_API void wc_fspsm_inform_user_keys(
|
|
|
+#endif
|
|
|
uint8_t* encrypted_provisioning_key,
|
|
|
uint8_t* iv,
|
|
|
uint8_t* encrypted_user_tls_key,
|
|
@@ -1119,7 +1137,11 @@ WOLFSSL_API void wc_sce_inform_user_keys(
|
|
|
|
|
|
|
|
|
/* Set callbacks needed for sce TLS api handling */
|
|
|
+#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
|
|
WOLFSSL_API void wc_sce_set_callbacks(WOLFSSL_CTX* ctx)
|
|
|
+#else
|
|
|
+WOLFSSL_API void wc_fspsm_set_callbacks(WOLFSSL_CTX* ctx)
|
|
|
+#endif
|
|
|
{
|
|
|
wolfSSL_CTX_SetEccVerifyCb(ctx, Renesas_cmn_EccVerify);
|
|
|
wolfSSL_CTX_SetRsaVerifyCb(ctx, Renesas_cmn_RsaVerify);
|
|
@@ -1131,15 +1153,20 @@ WOLFSSL_API void wc_sce_set_callbacks(WOLFSSL_CTX* ctx)
|
|
|
wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
|
|
|
}
|
|
|
/* Set callback contexts needed for sce TLS api handling */
|
|
|
+#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
|
|
WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
|
|
|
+#else
|
|
|
+WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
|
|
|
+#endif
|
|
|
{
|
|
|
- if (sce_sess_idx > MAX_SCE_CBINDEX) {
|
|
|
+ if (fspsm_sess_idx > MAX_FSPSM_CBINDEX) {
|
|
|
WOLFSSL_MSG("exceeds maximum session index");
|
|
|
return -1;
|
|
|
}
|
|
|
- gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx] = (User_SCEPKCbInfo*)user_ctx;
|
|
|
- gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.pk_key_set = 0;
|
|
|
- gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.session_key_set = 0;
|
|
|
+ gPKCbInfo.user_PKCbInfo[fspsm_sess_idx] = (FSPSM_ST*)user_ctx;
|
|
|
+ gPKCbInfo.user_PKCbInfo[fspsm_sess_idx]->keyflgs_tls.bits.pk_key_set = 0;
|
|
|
+ gPKCbInfo.user_PKCbInfo[fspsm_sess_idx]->keyflgs_tls.bits.session_key_set
|
|
|
+ = 0;
|
|
|
|
|
|
wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
|
|
|
wolfSSL_SetRsaEncCtx(ssl, user_ctx);
|
|
@@ -1151,10 +1178,10 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
|
|
|
/* set up crypt callback */
|
|
|
wc_CryptoCb_CryptInitRenesasCmn(ssl, user_ctx);
|
|
|
|
|
|
- gSCE_PKCbInfo.num_session = ++sce_sess_idx;
|
|
|
+ gPKCbInfo.num_session = ++fspsm_sess_idx;
|
|
|
|
|
|
return 0;
|
|
|
}
|
|
|
-#endif /* !WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
|
|
|
+#endif /* !WOLFSSL_RENESAS_FSPSM_CRYPTONLY */
|
|
|
|
|
|
-#endif /* WOLFSSL_RENESAS_SCEPROTECT || WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
|
|
|
+#endif /* WOLFSSL_RENESAS_FSPSM_TLS || WOLFSSL_RENESAS_FSPSM_CRYPTONLY */
|