wolfssl-w32/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h

655 lines
21 KiB
C

/* renesas-tsip-crypt.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef __RENESAS_TSIP_CRYPT_H__
#define __RENESAS_TSIP_CRYPT_H__
#if !defined(WOLFCRYPT_ONLY) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_TSIP_IAREWRX)
#include "r_bsp/mcu/all/r_rx_compiler.h"
#include "r_bsp/platform.h"
#include "r_tsip_rx_if.h"
#endif
#if defined(WOLFSSL_RENESAS_TSIP) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#include "r_tsip_rx_if.h"
#endif
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/ssl.h>
#ifdef __cplusplus
extern "C" {
#endif
#define TSIP_SESSIONKEY_NONCE_SIZE 8
#define tsip_Sha256HmacVerify tsip_ShaXHmacVerify /* for backward compat */
#define sce_tsip_checkCA tsip_checkCA
typedef enum {
WOLFSSL_TSIP_NOERROR = 0,
WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff,
}wolfssl_tsip_error_number;
typedef enum {
tsip_Key_SESSION = 1,
tsip_Key_AES128 = 2,
tsip_Key_AES256 = 3,
tsip_Key_RSA1024 = 4,
tsip_Key_RSA2048 = 5,
tsip_Key_tls_Rsa2048 = 6,
tsip_Key_unknown = -1,
} wolfssl_TSIP_KEY_IV;
enum {
l_TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
l_TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
l_TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
l_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
l_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
l_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
l_TLS_AES_128_GCM_SHA256 = 0x01,
l_TLS_AES_128_CCM_SHA256 = 0x04,
};
enum {
ENCRYPTED_ECDHE_PUBKEY_SZ = 96,
ECCP256_PUBKEY_SZ = 64,
TSIP_TLS_CLIENTRANDOM_SZ = 32,
TSIP_TLS_SERVERRANDOM_SZ = 32,
TSIP_TLS_VERIFY_DATA_WD_SZ = 8,
TSIP_TLS_MAX_SIGDATA_SZ = 130,
TSIP_TEMP_WORK_SIZE = 128,
};
typedef enum {
TSIP_KEY_TYPE_RSA2048 = 0,
TSIP_KEY_TYPE_RSA4096 = 1,
TSIP_KEY_TYPE_ECDSAP256 = 2,
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
TSIP_KEY_TYPE_RSA1024 = 3,
#endif
} wolfssl_TSIP_KEY_TYPE;
struct WOLFSSL;
struct KeyShareEntry;
/* MsgBag stands for message bag and acts as a buffer for holding plain text
* handshake messages exchanged between client and server.
* MsgBag was introduced as a workaround for the TSIP's limitation that TSIP
* can not process multiple hash algorithms at the same time. If the
* limitation is resolved in a future TSIP, MsgBag should be removed.
* The contents in this MsgBag is used for transcript hashing. The hash value
* is used for the key derivation and Finished-message.
* The capacity of the MsgBag is defined as MSGBAG_SIZE and the actual
* size is 8KB. The size should be large enough to hold all the handshake
* messages including the server and client certificate messages.
*/
#define MSGBAG_SIZE (1024 * 8)
#define MAX_MSGBAG_MESSAGES 10
typedef struct MsgBag
{
int msgIdx;
int buffIdx;
byte msgTypes[MAX_MSGBAG_MESSAGES];
byte buff[MSGBAG_SIZE];
} MsgBag;
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
typedef void* renesas_tsip_key;
/* flags Crypt Only */
struct tsip_keyflgs_cryt {
uint8_t aes256_key_set:1;
uint8_t aes128_key_set:1;
uint8_t rsapri2048_key_set:1;
uint8_t rsapub2048_key_set:1;
uint8_t rsapri1024_key_set:1;
uint8_t rsapub1024_key_set:1;
uint8_t message_type:1;/*message 0, hashed 1*/
};
#endif
/*
* TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format.
*/
typedef struct TsipUserCtx {
/* unique number for each session */
int devId;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* 0:working as a TLS client, 1: as a server */
byte side;
/* public key index for verification of RootCA cert */
uint32_t user_key_id;
/* WOLFSSL object associated with */
struct WOLFSSL* ssl;
struct WOLFSSL_CTX* ctx;
/* HEAP_HINT */
void* heap;
/* TLSv1.3 handshake related members, mainly keys */
/* handle is used as work area for Tls13 handshake */
tsip_tls13_handle_t handle13;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* client key pair wrapped by provisioning key */
byte* wrappedPrivateKey;
byte* wrappedPublicKey;
int wrappedKeyType;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#if !defined(NO_RSA)
/* RSA-2048bit private and public key-index for client authentication */
tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx;
tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx;
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
/* ECC P256 private and public key-index for client authentication */
tsip_ecc_private_key_index_t EcdsaP256PrivateKeyIdx;
tsip_ecc_public_key_index_t EcdsaP256PublicKeyIdx;
#endif /* HAVE_ECC */
/* ECDHE private key index for Tls13 handshake */
tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx;
/* ECDHE pre-master secret */
tsip_tls13_ephemeral_shared_secret_key_index_t sharedSecret13Idx;
/* Handshake secret for Tls13 handshake */
tsip_tls13_ephemeral_handshake_secret_key_index_t handshakeSecret13Idx;
/* the key to decrypt server-finished message */
tsip_tls13_ephemeral_server_finished_key_index_t serverFinished13Idx;
/* key for Sha256-Hmac to gen "Client Finished" */
tsip_hmac_sha_key_index_t clientFinished13Idx;
/* AES decryption key for handshake */
tsip_aes_key_index_t serverWriteKey13Idx;
/* AES encryption key for handshake */
tsip_aes_key_index_t clientWriteKey13Idx;
/* Handshake verified data used for master secret */
word32 verifyData13Idx[TSIP_TLS_VERIFY_DATA_WD_SZ];
/* master secret for TLS1.3 */
tsip_tls13_ephemeral_master_secret_key_index_t masterSecret13Idx;
/* server app traffic secret */
tsip_tls13_ephemeral_app_secret_key_index_t serverAppTraffic13Secret;
/* client app traffic secret */
tsip_tls13_ephemeral_app_secret_key_index_t clientAppTraffic13Secret;
/* server write key */
tsip_aes_key_index_t serverAppWriteKey13Idx;
/* client write key */
tsip_aes_key_index_t clientAppWriteKey13Idx;
/* hash handle for transcript hash of handshake messages */
tsip_hmac_sha_handle_t hmacFinished13Handle;
/* storage for handshake messages */
MsgBag messageBag;
/* signature data area for TLS1.3 CertificateVerify message */
byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
/* ephemeral ECDH pubkey index
* got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key.
*/
tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key;
/* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit)
* got from R_TSIP_GenerateTlsP256EccKeyIndex.
* Should be sent to peer(server) in Client Key Exchange msg.
*/
uint8_t ecc_ecdh_public_key[ECCP256_PUBKEY_SZ];
#endif /* WOLFSSL_RENESAS_TSIP_VER >=109 */
/* info to generate session key */
uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* for tsip crypt only mode */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
renesas_tsip_key rsa1024pri_keyIdx;
renesas_tsip_key rsa1024pub_keyIdx;
renesas_tsip_key rsa2048pri_keyIdx;
renesas_tsip_key rsa2048pub_keyIdx;
/* sign/verify hash type :
* md5, sha1 or sha256
*/
int sing_hash_type;
/* flags shows status if tsip keys are installed */
union {
uint8_t chr;
struct tsip_keyflgs_cryt bits;
} keyflgs_crypt;
#endif
/* installed key handling */
tsip_aes_key_index_t user_aes256_key_index;
uint8_t user_aes256_key_set:1;
tsip_aes_key_index_t user_aes128_key_index;
uint8_t user_aes128_key_set:1;
/* TSIP defined cipher suite number */
uint32_t tsip_cipher;
/* flags */
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#if !defined(NO_RSA)
uint8_t ClientRsa2048PrivKey_set:1;
uint8_t ClientRsa2048PubKey_set:1;
#endif
#if defined(HAVE_ECC)
uint8_t ClientEccP256PrivKey_set:1;
uint8_t ClientEccP256PubKey_set:1;
#endif
uint8_t HmacInitialized:1;
uint8_t RootCAverified:1;
uint8_t EcdsaPrivKey_set:1;
uint8_t Dhe_key_set:1;
uint8_t SharedSecret_set:1;
uint8_t EarlySecret_set:1;
uint8_t HandshakeSecret_set:1;
uint8_t HandshakeClientTrafficKey_set:1;
uint8_t HandshakeServerTrafficKey_set:1;
uint8_t HandshakeVerifiedData_set:1;
uint8_t MasterSecret_set:1;
uint8_t ServerTrafficSecret_set:1;
uint8_t ClientTrafficSecret_set:1;
uint8_t ServerWriteTrafficKey_set:1;
uint8_t ClientWriteTrafficKey_set:1;
uint8_t session_key_set:1;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
} TsipUserCtx;
typedef TsipUserCtx RenesasUserCtx;
typedef TsipUserCtx user_PKCbInfo;
typedef struct
{
TsipUserCtx* userCtx;
} TsipPKCbInfo;
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
typedef struct
{
uint8_t * encrypted_provisioning_key;
uint8_t * iv;
uint8_t * encrypted_user_tls_key;
uint32_t encrypted_user_tls_key_type;
uint8_t * encrypted_user_private_key;
uint32_t encrypted_user_private_key_type;
uint8_t * encrypted_user_public_key;
uint32_t encrypted_user_public_key_type;
tsip_ecc_private_key_index_t client_private_key_index;
tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex;
} tsip_key_data;
#else
typedef struct
{
uint8_t* encrypted_session_key;
uint8_t* iv;
uint8_t* encrypted_user_tls_key;
tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex;
} tsip_key_data;
#endif
struct Aes;
struct WOLFSSL;
struct WOLFSSL_CTX;
struct wc_CryptoInfo;
/*----------------------------------------------------*/
/* APIs */
/*----------------------------------------------------*/
WOLFSSL_API void tsip_inform_cert_sign(const byte *sign);
WOLFSSL_API void tsip_set_callbacks(struct WOLFSSL_CTX* ctx);
WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx);
WOLFSSL_API int tsip_set_clientPrivateKeyEnc(const byte* key, int keyType);
#if defined(WOLF_PRIVATE_KEY_ID)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl,
const char* keyBuf, int keyBufLen, int keyType);
WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
const char* keyBuf, int keyBufLen, int keyType);
#endif
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
WOLFSSL_API int tsip_use_PubicKey_buffer_crypt(TsipUserCtx *uc,
const char* keyBuf, int keyBufLen, int keyType);
WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
const char* keyBuf, int keyBufLen, int keyType);
#endif
#endif /* WOLF_PRIVATE_KEY_ID */
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
#define wc_tsip_inform_user_keys_ex tsip_inform_user_keys_ex
WOLFSSL_API void tsip_inform_user_keys_ex(
byte* provisioning_key, /* key got from DLM server */
byte* iv, /* iv used for public key */
byte* encrypted_public_key,/*RSA2048 or ECDSAp256 public key*/
word32 public_key_type); /* 0: RSA-2048 2:ECDSA P-256 */
#else
WOLFSSL_API void tsip_inform_user_keys(
byte* encrypted_session_key,
byte* iv,
byte* encrypted_user_tls_key);
#endif
/*----------------------------------------------------*/
/* internal use functions */
/*----------------------------------------------------*/
WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
WOLFSSL* ssl,
unsigned char* sig, unsigned int sigSz,
unsigned char** out,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc);
#ifdef WOLF_CRYPTO_CB
struct wc_CryptoInfo;
WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
int sz);
WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
int* sz);
WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac);
WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(struct WOLFSSL* ssl,
struct KeyShareEntry* kse);
WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
struct KeyShareEntry* kse);
WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl,
int keyType, int side);
WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeTrafficKeys(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_Tls13HandleFinished(struct WOLFSSL* ssl,
const byte* input,
word32* inOutIdx,
word32 size,
word32 totalSz);
WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl,
byte* output, int outSz,
const byte* input, int inSz,
int type,
int hashOutput);
WOLFSSL_LOCAL int tsip_Tls13SendFinished(struct WOLFSSL* ssl,
byte* output,
int outSz,
const byte* input,
int hashOutput);
WOLFSSL_LOCAL int tsip_Tls13VerifyHandshake(struct WOLFSSL* ssl,
const byte* input, byte* hash,
word32* pHashSz);
WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(struct WOLFSSL* ssl,
byte* output, const byte* input, word16 sz);
WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(struct WOLFSSL* ssl,
byte* output, const byte* input, word16 sz);
WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
const byte* input, word32* inOutIdx,
word32 totalSz);
WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(struct WOLFSSL*ssl);
#endif /* WOLF_CRYPTO_CB */
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, struct wc_CryptoInfo* info,
void* ctx);
WOLFSSL_LOCAL int wc_tsip_generateMasterSecretEx(
byte cipherSuiteFirst,
byte cipherSuite,
const byte* pr, /* pre-master */
const byte* cr, /* client random */
const byte* sr, /* server random */
byte* ms);
#else
WOLFSSL_LOCAL int wc_tsip_generateMasterSecret(
const byte *pre,
const byte *cr,
const byte *sr,
byte *ms);
#endif /* WOLFSSL_RENESAS_TSIP_VER */
WOLFSSL_LOCAL int wc_tsip_storeKeyCtx(
WOLFSSL *ssl,
TsipUserCtx *userCtx);
WOLFSSL_LOCAL int wc_tsip_generateEncryptPreMasterSecret(
WOLFSSL* ssl,
byte* out,
word32* outSz);
WOLFSSL_LOCAL int wc_tsip_EccSharedSecret(
WOLFSSL* ssl,
struct ecc_key* otherKey,
unsigned char* pubKeyDer, unsigned int* pubKeySz,
unsigned char* out, unsigned int* outlen,
int side, void* ctx);
WOLFSSL_LOCAL int wc_tsip_RsaVerify(
WOLFSSL* ssl,
byte* sig,
word32 sigSz,
byte** out,
const byte* key,
word32 keySz,
void* ctx);
WOLFSSL_LOCAL int wc_tsip_EccVerify(
WOLFSSL* ssl,
const byte* sig, word32 sigSz,
const byte* hash, word32 hashSz,
const byte* key, word32 keySz,
int* result, void* ctx);
WOLFSSL_LOCAL int wc_tsip_generateVerifyData(
const uint8_t* masterSecret,
const uint8_t* side,
const uint8_t* handshake_hash,
uint8_t* hashes);
#ifndef NO_AES
WOLFSSL_LOCAL int wc_tsip_AesCbcEncrypt(
Aes* aes,
byte* out,
const byte* in,
word32 sz);
WOLFSSL_LOCAL int wc_tsip_AesCbcDecrypt(
Aes* aes,
byte* out,
const byte* in,
word32 sz);
WOLFSSL_LOCAL int wc_tsip_AesGcmEncrypt(
Aes* aes, byte* out,
const byte* in, word32 sz,
byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt(
Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
void* ctx);
#endif /* NO_AES */
WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify(
const WOLFSSL *ssl,
const byte* message,
word32 messageSz,
word32 macSz,
word32 content);
WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate(
const WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
word32 sz,
byte* digest);
WOLFSSL_LOCAL int wc_tsip_Sha256HmacGenerate(
const WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
word32 sz,
byte* digest);
WOLFSSL_LOCAL int tsip_Open();
WOLFSSL_LOCAL void tsip_Close();
WOLFSSL_LOCAL int tsip_hw_lock();
WOLFSSL_LOCAL void tsip_hw_unlock( void );
WOLFSSL_LOCAL int tsip_usable(const WOLFSSL *ssl,
uint8_t session_key_generated);
WOLFSSL_LOCAL void tsip_inform_sflash_signedcacert(
const byte* ps_flash,
const byte* psigned_ca_cert,
word32 len);
WOLFSSL_LOCAL byte tsip_rootCAverified();
WOLFSSL_LOCAL byte tsip_checkCA(word32 cmIdx);
WOLFSSL_LOCAL int wc_tsip_tls_RootCertVerify(
const byte* cert, word32 cert_len,
word32 key_n_start, word32 key_n_len,
word32 key_e_start, word32 key_e_len,
word32 cm_row);
WOLFSSL_LOCAL int wc_tsip_tls_CertVerify(
const uint8_t* cert, uint32_t certSz,
const uint8_t* signature, uint32_t sigSz,
uint32_t key_n_start, uint32_t key_n_len,
uint32_t key_e_start, uint32_t key_e_len,
uint8_t* tsip_encRsaKeyIdx);
WOLFSSL_LOCAL int wc_tsip_generatePremasterSecret(
byte* premaster,
word32 preSz);
WOLFSSL_LOCAL int wc_tsip_generateSessionKey(
WOLFSSL* ssl,
TsipUserCtx* ctx,
int devId);
WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx);
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int wc_tsip_GenerateRandBlock(byte* output, word32 size);
#if defined(WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG)
byte *ret2err(word32 ret);
#endif
#ifdef __cplusplus
}
#endif
#endif /* !WOLFCRYPT_ONLY */
#endif /* __RENESAS_TSIP_CRYPT_H__ */