wolfSSL for Renesas RA Evaluation Kit (EK-RA6M4)
=================================================

## Description

This directory contains e2studio projects targeted at the Renesas RA 32-bit MCUs.
The example projects include a wolfSSL TLS client. 
They also include benchmark and cryptography tests for the wolfCrypt library.


The wolfssl project contains both the wolfSSL and wolfCrypt libraries.
It is built as a `Renesas RA C Library Project` and contains the Renesas RA
configuration. The wolfssl project uses `Secure Cryptography Engine on RA6 Protected Mode` 
as hardware acceleration for cypto and TLS operation.


The other projects (benchmark, client, and test) are built as a
`Renesas RA C Project Using RA Library`, where the RA library is the wolfssl project.
The wolfssl Project Summary is listed below and is relevant for every project.

### Project Summary
|Item|Name/Version|
|:--|:--|
|Board|EK-RA6M4|
|Device|R7FA6M4AF3CFB|
|Toolchain|GCC ARM Embedded|
|FSP Version|3.5.0|

#### Selected software components

|Components|Version|
|:--|:--|
|Board Support Package Common Files|v3.5.0|
|Secure Cryptography Engine on RA6 Protected Mode|v3.5.0|
|I/O Port|v3.5.0|
|Arm CMSIS Version 5 - Core (M)|v5.8.0+fsp.3.5.0|
|RA6M4-EK Board Support Files|v3.5.0|
|Board support package for R7FA6M4AF3CFB|v3.5.0|
|Board support package for RA6M4|v3.5.0|
|Board support package for RA6M4 - FSP Data|v3.5.0|
|FreeRTOS|v10.4.3-LTS.Patch.2+fsp.3.5.0|
|FreeRTOS - Memory Management - Heap 4|v10.4.3-LTS.Patch.2+fsp.3.5.0|
|r_ether to FreeRTOS+TCP Wrapper|v3.5.0|
|Ethernet|v3.5.0|
|Ethernet PHY|v3.5.0|
|FreeRTOS+TCP|v2.3.2-LTS.Patch.1+fsp.3.5.0|
|FreeRTOS - Buffer Allocation 2|v2.3.2-LTS.Patch.1+fsp.3.5.0|

## Setup Steps and Build wolfSSL Library

1.) Import  projects from [File]->[Open projects from File System]

+ Select folder at /path/to/wolfssl/IDE/Renesas/e2studio/RA6M4
+ Deselect the Non-Eclipse project, RA6M4, by clicking the checkbox\
   Only the folders with 'Eclipse project' under 'Import as' need to be selected.

2.) Create a `dummy_library` Static Library.

+ Click File->New->`RA C/C++ Project`.
+ Select `EK-RA6M4` from Drop-down list.
+ Check `Static Library`.
+ Select FreeRTOS from RTOS selection. Click Next.
+ Check `FreeRTOS minimal - Static Allocation`. Click Finish.
+ Open Smart Configurator by clicking configuration.xml in the project
+ Go to `BSP` tab and increase Heap Size under `RA Common` on Properties page, e.g. 0x1000
+ Go to `Stacks` tab
+ Add `SCE Protected Mode` stack from `New Stack` -> `Security`
+ Add New thead and set properties

|Property|Value|
|:--|:--|
|Thread Symbol|sce_tst_thread|
|Thread Name|sce_tst_thread|
|Thread Stack size|increase depending on your environment<br> e.g. 0xA000|
|Thread MemoryAllocation|Dyamic|
|Common General Use Mutexes|Enabled|
|Common General Enable Backward Compatibility|Enabled|
|Common Memory Allocation Support Dynamic Allocation|Enabled|
|Common Memory Allocation Total Heap Size|increase depending on your environment<br> e.g. 0x20000|

+ Add `Heap 4` stack to sce_tst_thread from `New Stack` -> `RTOS` -> `FreeRTOS Heap 4`
+ Add `FreeRTOS + TCP` stack to sce_tst_thread from `New Stack` -> `Networking` -> `FreeRTOS+TCP` and set properties

|Property|Value|
|:--|:--|
|Network Events call vApplicationIPNetworkEventHook|Disable|
|Use DHCP|Disable|
  
+ Save `dummy_library` FSP configuration
+ Copy <u>configuration.xml</u> and pincfg under `dummy_library` to `wolfSSL_RA6M4`
+ Open Smart Configurator by clicking copied configuration.xml
+ Click `Generate Project Content` on Smart Configurator

3.) Build the wolfSSL project

4.) Create a 'dummy_application' Renesas RA C Project Using RA Library.

+ Click File->New->`RA C/C++ Project`.
+ Select `EK-RA6M4` from Drop-down list.
+ Check `Executable Using an RA Static Library`.
+ Select FreeRTOS from RTOS selection. Click Finish.
+ Enter `dummy_application` as the project name. Click Next.
+ Under `RA library project`, select `wolfSSL_RA6M4`.
+ Click Finish.
+ Copy the followng folder and file at `dummy_application` to `test_RA6M4`\
  script/\
  src/sce_tst_thread_entry.c
  
+ Add `sce_test()` call under /* TODO: add your own code here */ line at sce_tst_thread_entry.c
```
...
  /* TODO: add your own code here */
   sce_test();
...
```

5.) Prepare SEGGER_RTT to logging

+ Download J-Link software from [Segger](https://www.segger.com/downloads/jlink)
+ Choose `J-Link Software and Documentation Pack`
+ Copy sample program files below from `Installed SEGGER` folder, `e.g C:\Program Files\SEGGER\JLink\Samples\RTT`, to /path/to/wolfssl/IDE/Reenesas/e2studio/RA6M4/test/src/SEGGER_RTT\
  
    SEGGER_RTT.c\
    SEGGER_RTT.h\
    SEGGER_RTT_Conf.h\
    SEGGER_RTT_printf.c

+ To connect RTT block, you can configure RTT viewer configuration based on where RTT block is in map file\
  e.g.\
    [test_RA6M4.map]
   ```
    COMMON         0x200232a8       0xa8 ./src/SEGGER_RTT/SEGGER_RTT.o\
   ````
    you can specify "RTT control block" to 0x200232a8 by Address\
    OR\
    you can specify "RTT control block" to 0x20020000 0x10000 by Search Range
  
## Run Client
1.) Enable TLS_CLIENT definition in wolfssl_demo.h of test_RA6M4 projet

2.) Client IP address and Server IP address

+ Client IP address can be changed by the following line in wolf_client.c.
```
static const byte ucIPAddress[4]          = { 192, 168, 11, 241 };
```
+ Client IP address can be changed by the following line in wolf_client.c.
```
#define SERVER_IP    "192.168.11.40"
```

3.) Build test_RA6M4 project

4.) Prepare peer wolfssl server

+ On Linux
```
$ autogen.sh
$ ./configure --enable-extended-master=no CFLAGS="-DWOLFSSL_STATIC_RSA -DHAVE_AES_CBC"
```
Run peer wolfSSL server

RSA sign and verify use, launch server with the following option
```
$./example/server/server -b -d -i
```

You will see the following message on J-LinK RTT Viewer
```
cipher : AES128-SHA256
Received: I hear you fa shizzle!

cipher : AES256-SHA256
Received: I hear you fa shizzle!

cipher : ECDHE-RSA-AES128-SHA256
Received: I hear you fa shizzle!

cipher : ECDHE-RSA-AES128-GCM-SHA256
Received: I hear you fa shizzle!
```

ECDSA sign and verify use, launch server with the following option
```
$./examples/server/server -b -d -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
```

You will see the following message on J-LinK RTT Viewer
```
cipher : ECDHE-ECDSA-AES128-SHA256
Received: I hear you fa shizzle!

cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Received: I hear you fa shizzle!
```

5.) Run the example Client

 **Note**\
   To run "RSA verify" client, enable "#define USE_CERT_BUFFERS_2048" in wolfssl_demo.h\
   To run "ECDSA verify" client, enable "#define USE_CERT_BUFFERS_256" in wolfssl_demo.h

## Run Crypt test and Benchmark

1.) Enable CRYPT_TEST and/or BENCHMARK definition in wolfssl_demo.h

2.) Enable SCEKEY_INSTALLED definition in user_settings.h if you have installed key for AES

In the example code for benchmark, it assumes that AES key is installed at DIRECT_KEY_ADDRESS which is 0x08000000U as follows:
```
#if defined(SCEKEY_INSTALLED)
    /* aes 256 */
    memcpy(guser_PKCbInfo.sce_wrapped_key_aes256.value,
           (uint32_t *)DIRECT_KEY_ADDRESS, HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4);
    guser_PKCbInfo.sce_wrapped_key_aes256.type = SCE_KEY_INDEX_TYPE_AES256;
    guser_PKCbInfo.aes256_installedkey_set = 1;
    /* aes 128 */
    guser_PKCbInfo.aes128_installedkey_set = 0;
#endif
```

To install key, please refer [Installing and Updating Secure Keys](https://www.renesas.com/us/en/document/apn/installing-and-updating-secure-keys-ra-family).

You can update code above to handle AES128 key when you install its key.

3.) Run Benchmark and Crypto Test


## Support

For support inquiries and questions, please email support@wolfssl.com. Feel free to reach out to info@wolfssl.jp as well.