TakayukiMatsuo cc747f0094 Add WOLFSSL_SP_NO_DYN_STACK macro to avoid compilation error in CC-RX compiler | 1 year ago | |
---|---|---|
.. | ||
README.md | 2 years ago | |
renesas_common.c | 1 year ago | |
renesas_rx64_hw_sha.c | 1 year ago | |
renesas_rx64_hw_util.c | 1 year ago | |
renesas_sce_aes.c | 1 year ago | |
renesas_sce_sha.c | 1 year ago | |
renesas_sce_util.c | 1 year ago | |
renesas_tsip_aes.c | 1 year ago | |
renesas_tsip_sha.c | 1 year ago | |
renesas_tsip_util.c | 1 year ago |
Support for TSIP FIT driver for symmetric AES, SHA1/SHA256 hardware acceleration and TLS-linked capability including Root CA, the server certificate or intermediate certificate verification.
Renesas TSIP FIT module with wolfSSL by setting WOLFSSL_RENESAS_TSIP definition.
Including the following examples:
The user_settings.h file enables some of the hardened settings.
FIT module Note : The included example program is tested with TSIP FIT version 1.06.
Note : The included example program is tested with GR-ROSE, which is classified to RX65N.
#define WOLFSSL_RENESAS_TSIP
in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
#define WOLFSSL_RENESAS_RX65N
in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
Note : Generating FIT module source files in advance are required to compile wolfSSL
when enabling WOLFSSL_RENESAS_TSIP
and WOLFSSL_RENESAS_RX65N
. Please see for
creating FIT module files at "Setup and Build and example program" in this readme below.
To disable portions of the hardware acceleration you can optionally define:
/* Disabled SHA acceleration */
#define NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH
/* Disabled TLS-linked acceleration */
#define NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION
Platform: Renesas : e2Studio v7.4.0 ToolChain : Renesas CCRX version 3.00.00 TSIP FIT : version 1.0.6 Board : GR-ROSE wolfSSL : 4.1.0
block cipher
RNG 200 KB took 1.099 seconds, 182.000 KB/s
SHA 1 MB took 1.005 seconds, 1.166 MB/s
SHA-256 425 KB took 1.038 seconds, 409.520 KB/s
TLS establishment time
TLS_RSA_WITH_AES_128_CBC_SHA : 0.651 (s)
TLS_RSA_WITH_AES_128_CBC_SHA256 : 0.651 (s)
TLS_RSA_WITH_AES_256_CBC_SHA : 0.642 (s)
TLS_RSA_WITH_AES_256_CBC_SHA256 : 0.662 (s)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 2.050 (s)
block cipher
RNG 1 MB took 1.011 seconds, 1.038 MB/s
SHA 12 MB took 1.001 seconds, 11.515 MB/s
SHA-256 13 MB took 1.001 seconds, 12.900 MB/s
TLS establishment time with TLS-linked capability Perform full TLS-linked capability
TLS_RSA_WITH_AES_128_CBC_SHA : 0.141 (s)
TLS_RSA_WITH_AES_128_CBC_SHA256 : 0.141 (s)
TLS_RSA_WITH_AES_256_CBC_SHA : 0.141 (s)
TLS_RSA_WITH_AES_256_CBC_SHA256 : 0.144 (s)
Perform certificate verification by TSIP TLS-linked API
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 1.721 (s)
An example program expects the following FIT modules:
These needed source files can be generated by creating a dummy project including Renesas Smart Configurator as steps below:
#define T4_CFG_FIXED_IP_ADDRESS_CH0 192,168,1,33
#define T4_CFG_TCP_REPID1_PORT_NUMBER 11111
Note: It would need to modify other configuration base on evaluation board.When using GR-ROSE, you can choose "GR-ROSE" from "board" tab and "board" drop-down list and then is able to follow settings below:
Go to component tab and open r_ether_rx properties: Ethernet interface : RMII The register bus of PHY0 for ETHER0/1: Use ETHER0 Resource, ETHERC: Check ETHERC0_RMII
Go to component tab and open r_t4_rx properties: Enable/Disable DHCP function : 0 IP address for ch0, when DHCP disable : 192,168,1,33 TCP REPID1 prot number : 11111
Go to pins tab and select ethernet controller Check to use pins
Enable a macro definition in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h for application type
#define CRYPT_TEST /* enable crypt test */
#define BENCHMARK /* enable benchmark application */
#define TLS_CLIENT /* enable simple tls client application */
#define TLS_SERVER /* enable simple tls server application */
#define USE_TSIP_TLS /* to inform user key and flash keying, when using TSIP */
Note: CRYPT_TEST and BENCHMARK can be enabled at the same time. TLS_CLIENT and TLS_SERVER cannot be enabled together other definitions.
When testing the embedded client or server on the device, it is recommended to test against one of the standard wolfSSL example application running on a desktop machine.
For the embedded client, an example server commands for running on a desktop machine, IP address 192.168.1.45, is as follows:
./example/server/server -b -d -i
For the embedded server, an example client commands for running on a desktop machine is as follows:
./example/client/client -h 192.168.1.33 -p 11111
To use own TSIP keys for TSIP TLS-linked API use, it needs own flash keyring, PSS signed signature and RSA key.
const uint32_t s_flash[] =
To use TSIP TLS-linked APIs, it needs RSA key pair and Root CA certificate bundle signature by RSA 2048 PSS with SHA256. Shell and Perl script program in /path/to/wolfssl/IDE/Renesas/e2studio/Projects/tools/ can be used for the purpose.
generate_rsa_keypair.sh
: generate RSA 2048 bit key pair. Show modulus and public exponent when specifying "-s" optionrsa_pss_sign.sh
: sign the file by the specified private keygenhexbuf.pl
: generate C header file including a byte array generated from the specified file in the scriptModulus and public exponent showed by generate_rsa_keypair.sh
can be used for input date to
Renesas Secure Flash Programmer to generate encrypted RSA keys for TSIP TLS-linked API use.
Please follow the instruction about how to generate RSA keys in the TSIP manual.
Generated byte array of signed signature by genhexbuf.pl
can be replaced signature data in key_data.c of an example program.
Encrypted RSA key and generated byte array of signed signature need to be informed wolfSSL library before loading CA certification.
Please see SetTsipTlskey()
function an example program about how to inform them.
In your application you must include before any other wolfSSL headers.
If building the sources directly we recommend defining WOLFSSL_USER_SETTINGS
and adding your own user_settings.h
file.
You can find a good reference for this in /path/to/Renesas/e2studio/Projects/common/user_settings.h
.
For question please email [support@wolfssl.com]