wolfSSL for Renesas RA Evaluation Kit (EK-RA6M4)
=================================================
## Description
This directory contains e2studio projects targeted at the Renesas RA 32-bit MCUs.
The example projects include a wolfSSL TLS client.
They also include benchmark and cryptography tests for the wolfCrypt library.
The wolfssl project contains both the wolfSSL and wolfCrypt libraries.
It is built as a `Renesas RA C Library Project` and contains the Renesas RA
configuration. The wolfssl project uses `Secure Cryptography Engine on RA6 Protected Mode`
as hardware acceleration for cypto and TLS operation.
The other projects (benchmark, client, and test) are built as a
`Renesas RA C Project Using RA Library`, where the RA library is the wolfssl project.
The wolfssl Project Summary is listed below and is relevant for every project.
### Project Summary
|Item|Name/Version|
|:--|:--|
|Board|EK-RA6M4|
|Device|R7FA6M4AF3CFB|
|Toolchain|GCC ARM Embedded|
|FSP Version|3.5.0|
#### Selected software components
|Components|Version|
|:--|:--|
|Board Support Package Common Files|v3.5.0|
|Secure Cryptography Engine on RA6 Protected Mode|v3.5.0|
|I/O Port|v3.5.0|
|Arm CMSIS Version 5 - Core (M)|v5.8.0+fsp.3.5.0|
|RA6M4-EK Board Support Files|v3.5.0|
|Board support package for R7FA6M4AF3CFB|v3.5.0|
|Board support package for RA6M4|v3.5.0|
|Board support package for RA6M4 - FSP Data|v3.5.0|
|FreeRTOS|v10.4.3-LTS.Patch.2+fsp.3.5.0|
|FreeRTOS - Memory Management - Heap 4|v10.4.3-LTS.Patch.2+fsp.3.5.0|
|r_ether to FreeRTOS+TCP Wrapper|v3.5.0|
|Ethernet|v3.5.0|
|Ethernet PHY|v3.5.0|
|FreeRTOS+TCP|v2.3.2-LTS.Patch.1+fsp.3.5.0|
|FreeRTOS - Buffer Allocation 2|v2.3.2-LTS.Patch.1+fsp.3.5.0|
## Setup Steps and Build wolfSSL Library
1.) Import projects from [File]->[Open projects from File System]
+ Select folder at /path/to/wolfssl/IDE/Renesas/e2studio/RA6M4
+ Deselect the Non-Eclipse project, RA6M4, by clicking the checkbox\
Only the folders with 'Eclipse project' under 'Import as' need to be selected.
2.) Create a `dummy_library` Static Library.
+ Click File->New->`RA C/C++ Project`.
+ Select `EK-RA6M4` from Drop-down list.
+ Check `Static Library`.
+ Select FreeRTOS from RTOS selection. Click Next.
+ Check `FreeRTOS minimal - Static Allocation`. Click Finish.
+ Open Smart Configurator by clicking configuration.xml in the project
+ Go to `BSP` tab and increase Heap Size under `RA Common` on Properties page, e.g. 0x1000
+ Go to `Stacks` tab
+ Add `SCE Protected Mode` stack from `New Stack` -> `Security`
+ Add New thead and set properties
|Property|Value|
|:--|:--|
|Thread Symbol|sce_tst_thread|
|Thread Name|sce_tst_thread|
|Thread Stack size|increase depending on your environment
e.g. 0xA000|
|Thread MemoryAllocation|Dyamic|
|Common General Use Mutexes|Enabled|
|Common General Enable Backward Compatibility|Enabled|
|Common Memory Allocation Support Dynamic Allocation|Enabled|
|Common Memory Allocation Total Heap Size|increase depending on your environment
e.g. 0x20000|
+ Add `Heap 4` stack to sce_tst_thread from `New Stack` -> `RTOS` -> `FreeRTOS Heap 4`
+ Add `FreeRTOS + TCP` stack to sce_tst_thread from `New Stack` -> `Networking` -> `FreeRTOS+TCP` and set properties
|Property|Value|
|:--|:--|
|Network Events call vApplicationIPNetworkEventHook|Disable|
|Use DHCP|Disable|
+ Save `dummy_library` FSP configuration
+ Copy configuration.xml and pincfg under `dummy_library` to `wolfSSL_RA6M4`
+ Open Smart Configurator by clicking copied configuration.xml
+ Click `Generate Project Content` on Smart Configurator
3.) Build the wolfSSL project
4.) Create a 'dummy_application' Renesas RA C Project Using RA Library.
+ Click File->New->`RA C/C++ Project`.
+ Select `EK-RA6M4` from Drop-down list.
+ Check `Executable Using an RA Static Library`.
+ Select FreeRTOS from RTOS selection. Click Finish.
+ Enter `dummy_application` as the project name. Click Next.
+ Under `RA library project`, select `wolfSSL_RA6M4`.
+ Click Finish.
+ Copy the followng folder and file at `dummy_application` to `test_RA6M4`\
script/\
src/sce_tst_thread_entry.c
+ Add `sce_test()` call under /* TODO: add your own code here */ line at sce_tst_thread_entry.c
```
...
/* TODO: add your own code here */
sce_test();
...
```
5.) Prepare SEGGER_RTT to logging
+ Download J-Link software from [Segger](https://www.segger.com/downloads/jlink)
+ Choose `J-Link Software and Documentation Pack`
+ Copy sample program files below from `Installed SEGGER` folder, `e.g C:\Program Files\SEGGER\JLink\Samples\RTT`, to /path/to/wolfssl/IDE/Reenesas/e2studio/RA6M4/test/src/SEGGER_RTT\
SEGGER_RTT.c\
SEGGER_RTT.h\
SEGGER_RTT_Conf.h\
SEGGER_RTT_printf.c
+ To connect RTT block, you can configure RTT viewer configuration based on where RTT block is in map file\
e.g.\
[test_RA6M4.map]
```
COMMON 0x200232a8 0xa8 ./src/SEGGER_RTT/SEGGER_RTT.o\
````
you can specify "RTT control block" to 0x200232a8 by Address\
OR\
you can specify "RTT control block" to 0x20020000 0x10000 by Search Range
## Run Client
1.) Enable TLS_CLIENT definition in wolfssl_demo.h of test_RA6M4 projet
2.) Client IP address and Server IP address
+ Client IP address can be changed by the following line in wolf_client.c.
```
static const byte ucIPAddress[4] = { 192, 168, 11, 241 };
```
+ Client IP address can be changed by the following line in wolf_client.c.
```
#define SERVER_IP "192.168.11.40"
```
3.) Build test_RA6M4 project
4.) Prepare peer wolfssl server
+ On Linux
```
$ autogen.sh
$ ./configure --enable-extended-master=no CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVE_AES_CBC"
```
Run peer wolfSSL server
RSA sign and verify use, launch server with the following option
```
$./example/server/server -b -d -i
```
You will see the following message on J-LinK RTT Viewer
```
cipher : AES128-SHA256
Received: I hear you fa shizzle!
cipher : AES256-SHA256
Received: I hear you fa shizzle!
cipher : ECDHE-RSA-AES128-SHA256
Received: I hear you fa shizzle!
cipher : ECDHE-RSA-AES128-GCM-SHA256
Received: I hear you fa shizzle!
```
ECDSA sign and verify use, launch server with the following option
```
$./examples/server/server -b -d -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
```
You will see the following message on J-LinK RTT Viewer
```
cipher : ECDHE-ECDSA-AES128-SHA256
Received: I hear you fa shizzle!
cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Received: I hear you fa shizzle!
```
5.) Run the example Client
**Note**\
To run "RSA verify" client, enable "#define USE_CERT_BUFFERS_2048" in wolfssl_demo.h\
To run "ECDSA verify" client, enable "#define USE_CERT_BUFFERS_256" in wolfssl_demo.h
## Run Crypt test and Benchmark
1.) Enable CRYPT_TEST and/or BENCHMARK definition in wolfssl_demo.h
2.) Enable SCEKEY_INSTALLED definition in user_settings.h if you have installed key for AES
In the example code for benchmark, it assumes that AES key is installed at DIRECT_KEY_ADDRESS which is 0x08000000U as follows:
```
#if defined(SCEKEY_INSTALLED)
/* aes 256 */
memcpy(guser_PKCbInfo.sce_wrapped_key_aes256.value,
(uint32_t *)DIRECT_KEY_ADDRESS, HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4);
guser_PKCbInfo.sce_wrapped_key_aes256.type = SCE_KEY_INDEX_TYPE_AES256;
guser_PKCbInfo.aes256_installedkey_set = 1;
/* aes 128 */
guser_PKCbInfo.aes128_installedkey_set = 0;
#endif
```
To install key, please refer [Installing and Updating Secure Keys](https://www.renesas.com/us/en/document/apn/installing-and-updating-secure-keys-ra-family).
You can update code above to handle AES128 key when you install its key.
3.) Run Benchmark and Crypto Test
## Support
For support inquiries and questions, please email support@wolfssl.com. Feel free to reach out to info@wolfssl.jp as well.