Merge pull request #6520 from miyazakh/tsip_cryptonly

Support TSIP crypt only

Author: cconlon

IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h

@@ -220,13 +220,28 @@
 
 #if defined(WOLFSSL_RENESAS_TSIP)
 
+    /*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/
+    /* Enable TSIP TLS (default)
+     *   TSIP CRYPTONLY is also enabled.
+     * Disable TSIP TLS
+     *   TSIP CRYPTONLY is only enabled.
+     */
+    #define WOLFSSL_RENESAS_TSIP_TLS
+
     #if !defined(NO_RENESAS_TSIP_CRYPT)
-        #define WOLFSSL_RENESAS_TSIP_CRYPT
-        #define WOLFSSL_RENESAS_TSIP_TLS
-        #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
+        #define WOLFSSL_RENESAS_TSIP_CRYPTONLY
         #define HAVE_PK_CALLBACKS
         #define WOLF_CRYPTO_CB
-        #define WOLF_PRIVATE_KEY_ID
+        #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+            #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
+            #define WOLF_PRIVATE_KEY_ID
+        #endif
+    #endif
+
+    #if !defined(WOLFSSL_RENESAS_TSIP_TLS) && \
+         defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+        # undef WOLFSSL_RENESAS_TSIP_TLS
+        # undef WOLFSSL_RENESAS_TSIP_CRYPT
     #endif
 
 #else
@@ -244,3 +259,8 @@
 
 
 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
+
+#if !defined(WOLFSSL_RENESAS_TSIP_TLS)
+ #define min(x,y) ((x)<(y)?(x):(y))
+#endif
+

IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c

@@ -21,7 +21,7 @@
 
 #include <wolfssl/wolfcrypt/wc_port.h>
 
-#define YEAR 2022
+#define YEAR 2023
 #define MON  6
 
 static int tick = 0;
@@ -40,3 +40,12 @@ int strncasecmp(const char *s1, const char * s2, unsigned int sz)
         return 1;
     return 0;
 }
+
+#if !defined(WOLFSSL_RENESAS_TSIP)
+/* dummy return true when char is alphanumeric character */
+int isascii(const char *s)
+{
+    return isalnum(s);
+}
+#endif
+

IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c

@@ -285,18 +285,18 @@ void wolfSSL_TLS_client( )
     #ifdef WOLFSSL_RENESAS_TSIP_TLS
 
     /* TSIP specific ECC private key */
-    if (tsip_use_PrivateKey_buffer(ssl,
+    if (tsip_use_PrivateKey_buffer_TLS(ssl,
                 (const char*)g_key_block_data.encrypted_user_ecc256_private_key,
                 sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
                 TSIP_ECCP256) != 0) {
-        printf("ERROR tsip_use_PrivateKey_buffer\n");
+        printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
         goto out;
     }
 
     #else
 
     /* DER format ECC private key */
-    if (wolfSSL_use_PrivateKey_buffer(ssl, 
+    if (wolfSSL_use_PrivateKey_buffer(ssl,
                                     ecc_clikey_der_256,
                                     sizeof_ecc_clikey_der_256, 
                                     WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
@@ -314,20 +314,20 @@ void wolfSSL_TLS_client( )
     /* Note: TSIP asks client key pair for client authentication. */
 
     /* TSIP specific RSA private key */
-    if (tsip_use_PrivateKey_buffer(ssl,
+    if (tsip_use_PrivateKey_buffer_TLS(ssl,
                (const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
                sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
                                                         TSIP_RSA2048) != 0) {
-        printf("ERROR tsip_use_PrivateKey_buffer\n");
+        printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
         goto out;
     }
 
     /* TSIP specific RSA public key */
-    if (tsip_use_PublicKey_buffer(ssl,
+    if (tsip_use_PublicKey_buffer_TLS(ssl,
                 (const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
                 sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),
                                                         TSIP_RSA2048) != 0) {
-        printf("ERROR tsip_use_PublicKey_buffer\n");
+        printf("ERROR tsip_use_PublicKey_buffer_TLS\n");
         goto out;
     }
 

IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/.project

@@ -79,6 +79,11 @@
 			<type>1</type>
 			<locationURI>PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c</locationURI>
 		</link>
+		<link>
+			<name>wolfcrypt/port/renesas_tsip_rsa.c</name>
+			<type>1</type>
+			<locationURI>PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c</locationURI>
+		</link>
 		<link>
 			<name>wolfcrypt/port/renesas_tsip_sha.c</name>
 			<type>1</type>

IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/wolfssl.rcpc

@@ -22,6 +22,7 @@
         <Category Name="port">
           <Path>..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_common.c</Path>
           <Path>..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_aes.c</Path>
+          <Path>..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_rsa.c</Path>
           <Path>..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_sha.c</Path>
           <Path>..\..\..\..\..\..\wolfcrypt\src\port\Renesas\renesas_tsip_util.c</Path>
         </Category>
@@ -143,6 +144,7 @@
           <Path>Debug\wolfio.obj</Path>
           <Path>Debug\renesas_common.obj</Path>
           <Path>Debug\renesas_tsip_aes.obj</Path>
+          <Path>Debug\renesas_tsip_rsa.obj</Path>
           <Path>Debug\renesas_tsip_sha.obj</Path>
           <Path>Debug\renesas_tsip_util.obj</Path>
           <Path>Debug\aes.obj</Path>

IDE/Renesas/e2studio/RX65N/RSK/resource/section.esi

@@ -8,18 +8,24 @@
   <sections name="R_2"/>
   <sections name="R"/>
   <sections name="RPFRAM2"/>
+  <sections name="B_ETHERNET_BUFFERS_1">
+    <sectionAddress xsi:type="com.renesas.linkersection.model:FixedAddress" fixedAddress="65536"/>
+  </sections>
+  <sections name="B_RX_DESC_1"/>
+  <sections name="B_TX_DESC_1"/>
+  <sections name="C_FIRMWARE_UPDATE_CONTROL_BLOCK">
+    <sectionAddress xsi:type="com.renesas.linkersection.model:FixedAddress" fixedAddress="1048576"/>
+  </sections>
+  <sections name="C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR"/>
   <sections name="C_PKCS11_STORAGE*">
     <sectionAddress xsi:type="com.renesas.linkersection.model:FixedAddress" fixedAddress="1050624"/>
   </sections>
   <sections name="C_SYSTEM_CONFIG*">
     <sectionAddress xsi:type="com.renesas.linkersection.model:FixedAddress" fixedAddress="1067008"/>
   </sections>
-  <sections name="B_ETHERNET_BUFFERS_1">
+  <sections name="B">
     <sectionAddress xsi:type="com.renesas.linkersection.model:FixedAddress" fixedAddress="8388608"/>
   </sections>
-  <sections name="B_RX_DESC_1"/>
-  <sections name="B_TX_DESC_1"/>
-  <sections name="B"/>
   <sections name="B_1"/>
   <sections name="B_2"/>
   <sections name="C_1">

IDE/Renesas/e2studio/RX65N/RSK/wolfssl/.project

@@ -79,6 +79,11 @@
 			<type>1</type>
 			<locationURI>PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c</locationURI>
 		</link>
+		<link>
+			<name>wolfcrypt/port/renesas_tsip_rsa.c</name>
+			<type>1</type>
+			<locationURI>PARENT-6-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c</locationURI>
+		</link>
 		<link>
 			<name>wolfcrypt/port/renesas_tsip_sha.c</name>
 			<type>1</type>

IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c

@@ -267,6 +267,4 @@ const unsigned char client_cert_der_sign[] =
 };
 const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
 
-uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 };
-uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
 #endif

IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h

@@ -224,13 +224,28 @@
 
 #if defined(WOLFSSL_RENESAS_TSIP)
 
+    /*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/
+    /* Enable TSIP TLS (default)
+     *   TSIP CRYPTONLY is also enabled.
+     * Disable TSIP TLS
+     *   TSIP CRYPTONLY is only enabled.
+     */
+    #define WOLFSSL_RENESAS_TSIP_TLS
+
     #if !defined(NO_RENESAS_TSIP_CRYPT)
-        #define WOLFSSL_RENESAS_TSIP_CRYPT
-        #define WOLFSSL_RENESAS_TSIP_TLS
-        #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
+        #define WOLFSSL_RENESAS_TSIP_CRYPTONLY
         #define HAVE_PK_CALLBACKS
         #define WOLF_CRYPTO_CB
-        #define WOLF_PRIVATE_KEY_ID
+        #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+            #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
+            #define WOLF_PRIVATE_KEY_ID
+        #endif
+    #endif
+
+    #if !defined(WOLFSSL_RENESAS_TSIP_TLS) && \
+         defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+        # undef WOLFSSL_RENESAS_TSIP_TLS
+        # undef WOLFSSL_RENESAS_TSIP_CRYPT
     #endif
 
 #else

IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c

@@ -294,22 +294,22 @@ static void Tls_client()
 
     /* TSIP specific ECC private key */
     if (ret == 0){
-        ret = tsip_use_PrivateKey_buffer(ssl,
+        ret = tsip_use_PrivateKey_buffer_TLS(ssl,
                 (const char*)g_key_block_data.encrypted_user_ecc256_private_key,
                 sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
                 TSIP_ECCP256);
         if (ret != 0) {
-            printf("ERROR tsip_use_PrivateKey_buffer\n");
+            printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
         }
     }
     # if defined(WOLFSSL_CHECK_SIG_FAULTS)
     if (ret == 0){
-        ret = tsip_use_PublicKey_buffer(ssl,
+        ret = tsip_use_PublicKey_buffer_TLS(ssl,
                 (const char*)g_key_block_data.encrypted_user_ecc256_public_key,
                 sizeof(g_key_block_data.encrypted_user_ecc256_public_key),
                 TSIP_ECCP256);
         if (ret != 0) {
-            printf("ERROR tsip_use_PublicKey_buffer\n");
+            printf("ERROR tsip_use_PublicKey_buffer_TLS\n");
         }
     }
     #endif /* WOLFSSL_CHECK_SIG_FAULTS */
@@ -339,21 +339,21 @@ static void Tls_client()
 
     /* TSIP specific RSA private key */
     if (ret == 0) {
-        ret = tsip_use_PrivateKey_buffer(ssl,
+        ret = tsip_use_PrivateKey_buffer_TLS(ssl,
                (const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
                sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
                                                         TSIP_RSA2048);
         if (ret != 0) {
-            printf("ERROR tsip_use_PrivateKey_buffer :%d\n", ret);
+            printf("ERROR tsip_use_PrivateKey_buffer_TLS :%d\n", ret);
         }
     }
     if (ret == 0) {
-        ret = tsip_use_PublicKey_buffer(ssl,
+        ret = tsip_use_PublicKey_buffer_TLS(ssl,
                 (const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
                 sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),
                                                         TSIP_RSA2048);
         if (ret != 0) {
-            printf("ERROR tsip_use_PublicKey_buffer: %d\n", ret);
+            printf("ERROR tsip_use_PublicKey_buffer_TLS: %d\n", ret);
         }
     }