Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. | 3 luni în urmă | |
---|---|---|
.. | ||
common | 4 luni în urmă | |
test | 3 luni în urmă | |
README.md | 7 luni în urmă | |
include.am | 3 luni în urmă |
This directory contains e2studio projects targeted at the Renesas RZ MCUs. The example projects include a wolfSSL TLS client and server. They also include benchmark and cryptography tests for the wolfCrypt library.
The example project contains both the wolfSSL and wolfCrypt libraries.
It is built as a Renesas RZ/N C/C++ FSP Project
and contains the Renesas RZ
configuration. The wolfssl project uses Renesas Secure IP on RZ
as hardware acceleration for cryptography.
Limitation
Due to lacking of TLS related feature on RSIP driver version, TLS connection examples below use SHA
and Random generation
of RSIP driver.
The example project summary is listed below and is relevant for every project.
Item | Name/Version |
---|---|
Board | RZN2L |
Device | R9A07G084M08GBG |
Toolchain | GCC for Renesas RZ |
Toolchain Version | 10.3.1.20210824 |
FSP Version | 1.2.0 |
Components | Version | Note |
---|---|---|
Board Support Package Common Files | v1.20 | |
I/O Port | v1.2.0 | |
Arm CMSIS Version 5 - Core (M) | v5.7.0+renesas.1 | |
Board support package for R9A07G084M04GBG | v1.2.0 | Note1 |
Board support package for RZN2L | v1.2.0 | |
Board support package for RZN2L - FSP Data | v1.2.0 | |
RSK+RZN2L Board Support Files (RAM execution without flash memory) | v1.2.0 | |
FreeRTOS - Buffer Allocation 2 | v1.2.0 | |
FreeRTOS - Memory Management - Heap 4 | v1.2.0 | |
FreeRTOS+TCP | v1.2.0 | |
Ethernet PHY | v1.2.0 | |
Ethernet Selector | v1.2.0 | |
Ethernet | v1.2.0 | |
Ethernet Switch | v1.2.0 | |
SCI UART | v1.2.0 | |
r_ether to FreeRTOS+TCP Wrapper | v1.2.0 | |
Renesas Secure IP Driver | v1.3.0+fsp.1.2.0 | Need to contact Renesas to get RSIP module |
RSIP Engine for RZ/N2L | v1.3.0+fsp.1.2.0 | Need to contact Renesas to get RSIP module |
Note1:\
To use RSIP driver, a device type should be R9A07G084M04GBG
. However, choosing R9A07G084M04GBG
won't allow to select RSK+RZN2L
board. This example uses LED and external flash memory on RSK + RZN2L
board. Therefore, the example temporary R9A07G084M04GBG
for the device type. Updating e2studio or fsp could resolve the issue.
1.) Import projects from [File]->[Open projects from File System]
2.) Create a dummy_application
Renesas RZ/N C/C++ FSP Project.
RZ/N C/C++ FSP Project
.dummy_application
.RSK+RZN2L (RAM execution without flash memory)
.R9A07G084M04GBG
. Click Next.Executable
FreeRTOS minimal - Static Allocation
. Click Finish.Stacks
tabNew Thread
, and set properties belowProperty | Value |
---|---|
Thread Symbol | rzn2l_tst_thread |
Thread Name | rzn2l_tst_thread |
Thread Stack size | increase depending on your environment e.g. 0xA000 |
Thread MemoryAllocation | Dynamic |
Common General Use Mutexes | Enabled |
Common General Enable Backward Compatibility | Enabled |
Common Memory Allocation Support Dynamic Allocation | Enabled |
Common Memory Allocation Total Heap Size | increase depending on your environment e.g. 0x20000 |
Heap 4
stack to rzn2l_tst_thread from New Stack
-> FreeRTOS
-> FreeRTOS Heap 4
UART Driver
stack to rzn2l_tst_thread from New Stack
-> Connectivity
-> UART Driver
Add FreeRTOS + TCP
stack to rzn2l_tst_thread from New Stack
-> -> FreeRTOS
-> Libraries
-> FreeRTOS+TCP
and set properties
Save dummy_application
FSP configuration
Copy configuration.xml under dummy_application
to test_RZN2L
Open FSP configuration by clicking copied configuration.xml at test_RZN2L
Click Generate Project Content
on FSP configuration GUI
3.) Prepare UART to logging
Copy the following C source files from the project to src/serial_io folder of test_RZN2L
\
um_serial_io_uart.c\
um_serial_io_task_writer.c\
um_serial_io_cfg.h\
um_common_api.h\
um_common_cfg.h\
um_serial_io.c\
um_serial_io.h\
um_serial_io_api.h\
um_serial_io_internal.h
Open um_serial_io_task_writer.c and re-name printf to uart_printf
3.) Build test_RZN2L
project
test_RZN2L
1). Right click the project and Select menu Debug
-> Renesas GDB Hardware debugging
2). Select J-Link ARM and R9A07G084M04
3). Break at Entry point. Change cpsr
register value from 0xXXXXX1yy to 0xXXXXX1da
1.) Enable WOLFSSL_TLS13
macro in user_settings.h
2.) Enable TLS_CLIENT
macro in wolfssl_demo.h
of test_RZN2L project
3.) Client IP address and Server IP address
Client IP address can be changed by the following line in rzn2l_tst_thread_entry.c
.
static const byte ucIPAddress[4] = { 192, 168, 11, 241 };
Server IP address can be changed by the following line in wolf_client.c.
#define SERVER_IP "192.168.11.65"
3.) Build test_RZN2L project
4.) Prepare peer wolfssl server
Clone wolfssl from github repository
$ ./autogen.sh
$ ./configure
$ make
Run peer wolfSSL server
RSA sign and verify use, launch server with the following option
$./examples/server/server -b -d -i -v 4
For ECDSA sign and verify use,
Enable the USE_CERT_BUFFER_256
macro in wolfssl_demo.h
Disable the USE_CERT_BUFFER_2048
macro in wolfssl_demo.h
launch server with the following option.
$./examples/server/server -b -d -i -v 4 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
5.) Run the example Client
You will see the following message on a UART terminal when using RSA sign and verify or ECDSA sign and verify.
Started Serial I/O interface.
Start TLS Connection to 192.168.11.65 port(11111)
Error [-116]: FreeRTOS_connect. <-- A number of messages will be showed by depending on number of connection failures.
Start to connect to the server.
Cipher : TLS13-AES128-GCM-SHA256
Received: I hear you fa shizzle!
Start to connect to the server.
Cipher : TLS13-AES256-GCM-SHA384
Received: I hear you fa shizzle!
End of Client Example
1.) Disable WOLFSSL_TLS13
macro in user_settings.h
2.) Enable TLS_CLIENT
macro in wolfssl_demo.h
of test_RZN2L project
3.) Client IP address and Server IP address
Client IP address can be changed by the following line in rzn2l_tst_thread_entry.c
.
static const byte ucIPAddress[4] = { 192, 168, 11, 241 };
Server IP address can be changed by the following line in wolf_client.c.
#define SERVER_IP "192.168.11.65"
3.) Build test_RZN2L project
4.) Prepare peer wolfssl server
Clone wolfssl from github repository
$ ./autogen.sh
$ ./configure
$ make
Run peer wolfSSL server
RSA sign and verify use, launch server with the following option
$./examples/server/server -b -d -i -v 3
For ECDSA sign and verify use,
Enable the USE_CERT_BUFFER_256
macro in wolfssl_demo.h
Disable the USE_CERT_BUFFER_2048
macro in wolfssl_demo.h
launch server with the following option.
$./examples/server/server -b -d -i -v 3 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
5.) Run the example Client
You will see the following message on a UART terminal when using RSA sign and verify.
Started Serial I/O interface.
Start TLS Connection to 192.168.11.65 port(11111)
Error [-116]: FreeRTOS_connect.
Start to connect to the server.
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Received: I hear you fa shizzle!
Start to connect to the server.
Cipher : ECDHE-RSA-AES256-SHA
Received: I hear you fa shizzle!
Start to connect to the server.
Cipher : ECDHE-RSA-AES128-SHA256
Received: I hear you fa shizzle!
End of Client Example
You will see the following message on a UART terminal when using ECDSA sign and verify.
Started Serial I/O interface.
Start TLS Connection to 192.168.11.65 port(11111)
Error [-116]: FreeRTOS_connect.
Start to connect to the server.
Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Received: I hear you fa shizzle!
Start to connect to the server.
Cipher : ECDHE-ECDSA-AES256-SHA
Received: I hear you fa shizzle!
Start to connect to the server.
Cipher : ECDHE-ECDSA-AES128-SHA256
Received: I hear you fa shizzle!
End of Client Example
1.) Enable WOLFSSL_TLS13
macro in user_settings.h
2.) Enable TLS_SERVER
macro in wolfssl_demo.h
of test_RZN2L project
3.) Client IP address and Server IP address
Server IP address can be changed by the following line in rzn2l_tst_thread_entry.c
.
static const byte ucIPAddress[4] = { 192, 168, 11, 241 };
3.) Build test_RZN2L project
For ECDSA sign and verify use,
Enable the USE_CERT_BUFFER_256
macro in wolfssl_demo.h
Disable the USE_CERT_BUFFER_2048
macro in wolfssl_demo.h
launch server from e2studio
4.) Prepare peer wolfssl client
Clone wolfssl from github repository
$ ./autogen.sh
$ ./configure
$ make
5.) Run peer wolfSSL client
RSA sign and verify use, run peer client with the following option
$./examples/client/client -h 192.168.11.241 -p 11111 -v 4
You will see the following message on a UART terminal when using RSA sign and verify.
Started Serial I/O interface.
Start TLS Accept at 192.168.011.241 port(11111)
Received: hello wolfssl!
Cleaning up socket and wolfSSL objects.
Waiting connection....
You will see the following message on Linux terminal.
$ ./examples/client/client -h 192.168.11.241 -p 11111 -v 4
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_128_GCM_SHA256
SSL curve name is SECP256R1
I hear ya fa s
ECDSA sign and verify use, run peer client with the following option
$./examples/client/client -h 192.168.11.241 -p 11111 -v 3 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem -k ./certs/ecc-client-key.pem
You will see the following message on a UART terminal when using ECDSA sign and verify.
Started Serial I/O interface.
Start TLS Accept at 192.168.011.241 port(11111)
Received: hello wolfssl!
Cleaning up socket and wolfSSL objects.
Waiting connection....
You will see the following message on Linux terminal.
$ ./examples/client/client -h 192.168.11.241 -p 11111 -v 4 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem -k ./cert
s/ecc-client-key.pem
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_128_GCM_SHA256
SSL curve name is SECP256R1
I hear ya fa s
1.) Disable WOLFSSL_TLS13
macro in user_settings.h
2.) Enable TLS_SERVER
macro in wolfssl_demo.h
of test_RZN2L project
3.) Client IP address and Server IP address
Server IP address can be changed by the following line in rzn2l_tst_thread_entry.c
.
static const byte ucIPAddress[4] = { 192, 168, 11, 241 };
3.) Build test_RZN2L project
For ECDSA sign and verify use,
Enable the USE_CERT_BUFFER_256
macro in wolfssl_demo.h
Disable the USE_CERT_BUFFER_2048
macro in wolfssl_demo.h
launch server from e2studio
4.) Prepare peer wolfssl client
Clone wolfssl from github repository
$ ./autogen.sh
$ ./configure
$ make
5.) Run peer wolfSSL client
RSA sign and verify use, run peer client with the following option
$./examples/client/client -h 192.168.11.241 -p 11111 -v 4
You will see the following message on a UART terminal when using RSA sign and verify.
Started Serial I/O interface.
Start TLS Accept at 192.168.011.241 port(11111)
Received: hello wolfssl!
Cleaning up socket and wolfSSL objects.
Waiting connection....
You will see the following message on Linux terminal.
$ ./examples/client/client -h 192.168.11.241 -p 11111 -v 3
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL curve name is SECP256R1
I hear ya fa s
ECDSA sign and verify use, run peer client with the following option
$./examples/client/client -h 192.168.11.241 -p 11111 -v 3 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem -k ./certs/ecc-client-key.pem
You will see the following message on a UART terminal when using ECDSA sign and verify.
Started Serial I/O interface.
Start TLS Accept at 192.168.011.241 port(11111)
Received: hello wolfssl!
Cleaning up socket and wolfSSL objects.
Waiting connection....
You will see the following message on Linux terminal.
$ ./examples/client/client -h 192.168.11.241 -p 11111 -v 3 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem -k ./certs/ecc-client-key.pem
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
SSL curve name is SECP256R1
I hear ya fa s
1.) Enable CRYPT_TEST
macro in wolfssl_demo.h
2.) Run test_RZN2L
from e2studio
Sample Output
------------------------------------------------------------------------------
wolfSSL version 5.6.3
------------------------------------------------------------------------------
error test passed!
MEMORY test passed!
base64 test passed!
asn test passed!
RANDOM test passed!
MD5 test passed!
MD4 test passed!
SHA test passed!
SHA-224 test passed!
SHA-256 test passed!
SHA-384 test passed!
SHA-512 test passed!
SHA-512/224 test passed!
SHA-512/256 test passed!
Hash test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA224 test passed!
HMAC-SHA256 test passed!
HMAC-SHA384 test passed!
HMAC-SHA512 test passed!
HMAC-KDF test passed!
TLSv1.3 KDF test passed!
DES test passed!
DES3 test passed!
AES test passed!
AES256 test passed!
AES-GCM test passed!
RSA test passed!
PWDBASED test passed!
ECC test passed!
ECC buffer test passed!
CURVE25519 test passed!
logging test passed!
time test passed!
mutex test passed!
crypto callback test passed!
Test complete
End wolfCrypt Test
Note
SHA1/224/256/384/512
and Random generation
of RSIP driver are enabled at the sample output above while running wolfCrypt test.
1.) Enable BENCHMARK
macro in wolfssl_demo.h
2.) Run test_RZN2L
from e2studio
Sample Output
Started Serial I/O interface. Start wolfCrypt Benchmark
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 2.0 MiB took 1.000 seconds, 2.393 MiB/s
AES-128-CBC-enc 2.0 MiB took 1.009 seconds, 2.032 MiB/s
AES-128-CBC-dec 2.0 MiB took 1.002 seconds, 2.022 MiB/s
AES-192-CBC-enc 1.1 MiB took 1.001 seconds, 1.732 MiB/s
AES-192-CBC-dec 1.1 MiB took 1.008 seconds, 1.720 MiB/s
AES-256-CBC-enc 1.1 MiB took 1.014 seconds, 1.517 MiB/s
AES-256-CBC-dec 1.1 MiB took 1.008 seconds, 1.502 MiB/s
AES-128-GCM-enc 675.0 KiB took 1.023 seconds, 659.824 KiB/s
AES-128-GCM-dec 675.0 KiB took 1.022 seconds, 660.470 KiB/s
AES-192-GCM-enc 625.0 KiB took 1.000 seconds, 625.000 KiB/s
AES-192-GCM-dec 650.0 KiB took 1.039 seconds, 625.602 KiB/s
AES-256-GCM-enc 600.0 KiB took 1.008 seconds, 595.238 KiB/s
AES-256-GCM-dec 600.0 KiB took 1.007 seconds, 595.829 KiB/s
AES-128-GCM-enc-no_AAD 675.0 KiB took 1.012 seconds, 666.996 KiB/s
AES-128-GCM-dec-no_AAD 675.0 KiB took 1.011 seconds, 667.656 KiB/s
AES-192-GCM-enc-no_AAD 650.0 KiB took 1.029 seconds, 631.681 KiB/s
AES-192-GCM-dec-no_AAD 650.0 KiB took 1.028 seconds, 632.296 KiB/s
AES-256-GCM-enc-no_AAD 625.0 KiB took 1.040 seconds, 600.962 KiB/s
AES-256-GCM-dec-no_AAD 625.0 KiB took 1.039 seconds, 601.540 KiB/s
GMAC Default 977.0 KiB took 1.000 seconds, 977.000 KiB/s
3DES 450.0 KiB took 1.022 seconds, 440.313 KiB/s
MD5 12.1 MiB took 1.001 seconds, 12.756 MiB/s
SHA 21.0 MiB took 1.000 seconds, 21.240 MiB/s
SHA-224 21.0 MiB took 1.000 seconds, 21.069 MiB/s
SHA-256 20.1 MiB took 1.000 seconds, 20.923 MiB/s
SHA-384 19.1 MiB took 1.000 seconds, 19.604 MiB/s
SHA-512 19.1 MiB took 1.001 seconds, 19.561 MiB/s
SHA-512/224 19.1 MiB took 1.000 seconds, 19.873 MiB/s
SHA-512/256 19.1 MiB took 1.000 seconds, 19.751 MiB/s
HMAC-MD5 12.0 MiB took 1.000 seconds, 12.451 MiB/s
HMAC-SHA 19.1 MiB took 1.001 seconds, 19.512 MiB/s
HMAC-SHA224 19.0 MiB took 1.000 seconds, 19.385 MiB/s
HMAC-SHA256 19.0 MiB took 1.001 seconds, 19.219 MiB/s
HMAC-SHA384 18.0 MiB took 1.000 seconds, 18.018 MiB/s
HMAC-SHA512 17.1 MiB took 1.000 seconds, 17.944 MiB/s
PBKDF2 224.0 bytes took 1.044 seconds, 214.559 bytes/s
RSA 2048 public 40 ops took 1.020 sec, avg 25.500 ms, 39.216 ops/sec
RSA 2048 private 2 ops took 3.196 sec, avg 1598.000 ms, 0.626 ops/sec
ECC [ SECP256R1] 256 key gen 2 ops took 2.196 sec, avg 1097.1000 ms, 0.911 ops/sec
ECDHE [ SECP256R1] 256 agree 2 ops took 2.186 sec, avg 1093.000 ms, 0.915 ops/sec
ECDSA [ SECP256R1] 256 sign 2 ops took 2.215 sec, avg 1107.500 ms, 0.903 ops/sec
ECDSA [ SECP256R1] 256 verify 2 ops took 4.210 sec, avg 2105.000 ms, 0.475 ops/sec
CURVE 25519 key gen 3 ops took 1.255 sec, avg 418.333 ms, 2.390 ops/sec
CURVE 25519 agree 4 ops took 1.672 sec, avg 418.000 ms, 2.392 ops/sec
Benchmark complete
End wolfCrypt Benchmark
Note
SHA1/224/256/384/512
and Random generation
of RSIP driver are enabled at the sample output above.
For support inquiries and questions, please email support@wolfssl.com. Feel free to reach out to info@wolfssl.jp as well.