luna - wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip

   1/* renesas_tsip_util.c
   2 *
   3 * Copyright (C) 2006-2026 wolfSSL Inc.
   4 *
   5 * This file is part of wolfSSL.
   6 *
   7 * wolfSSL is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 3 of the License, or
  10 * (at your option) any later version.
  11 *
  12 * wolfSSL is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20 */
  21
  22#ifdef HAVE_CONFIG_H
  23    #include <config.h>
  24#endif
  25
  26#include <wolfssl/wolfcrypt/settings.h>
  27
  28#if defined(WOLFSSL_RENESAS_TSIP)
  29
  30#include <wolfssl/wolfcrypt/wc_port.h>
  31#include <wolfssl/wolfcrypt/types.h>
  32#include <wolfssl/wolfcrypt/asn.h>
  33#include <wolfssl/wolfcrypt/memory.h>
  34#include <wolfssl/wolfcrypt/error-crypt.h>
  35#include <wolfssl/wolfcrypt/aes.h>
  36#ifdef NO_INLINE
  37    #include <wolfssl/wolfcrypt/misc.h>
  38#else
  39    #define WOLFSSL_MISC_INCLUDED
  40    #include <wolfcrypt/src/misc.c>
  41#endif
  42
  43#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
  44    #include <wolfssl/ssl.h>
  45    #include <wolfssl/internal.h>
  46    #include <wolfssl/error-ssl.h>
  47#endif
  48#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
  49#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
  50
  51#include <stdio.h>
  52
  53#define TSIP_SIGNING_DATA_PREFIX_SZ     64
  54#define TSIP_SIGNING_DATA_PREFIX_BYTE   0x20
  55#define TSIP_MAX_SIG_DATA_SZ            130
  56#define TSIP_CERT_VFY_LABEL_SZ          34
  57
  58/* function pointer typedefs for TSIP SHAxx HMAC Verification  */
  59typedef e_tsip_err_t (*shaHmacInitFn)
  60        (tsip_hmac_sha_handle_t*, tsip_hmac_sha_key_index_t*);
  61typedef e_tsip_err_t (*shaHmacUpdateFn)
  62        (tsip_hmac_sha_handle_t*, uint8_t*, uint32_t);
  63typedef e_tsip_err_t (*shaHmacFinalFn)
  64        (tsip_hmac_sha_handle_t*, uint8_t*, uint32_t);
  65
  66/* ./ca-cert.der.sign,  */
  67/* expect to have these variables defined at user application */
  68#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=109)
  69extern uint32_t     s_inst2[R_TSIP_SINST2_WORD_SIZE];
  70#elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106)
  71extern uint32_t     s_flash[];
  72extern uint32_t     s_inst1[R_TSIP_SINST_WORD_SIZE];
  73#endif
  74
  75#ifndef SINGLE_THREADED
  76wolfSSL_Mutex       tsip_mutex;
  77static int          tsip_CryptHwMutexInit_ = 0;
  78#endif
  79static tsip_key_data g_user_key_info;
  80struct WOLFSSL_HEAP_HINT*  tsip_heap_hint = NULL;
  81
  82/* tsip only keep one encrypted ca public key */
  83#if defined(WOLFSSL_RENESAS_TSIP_TLS)
  84static const byte*  ca_cert_sig = NULL;
  85static uint32_t     g_encrypted_publicCA_key[R_TSIP_SINST_WORD_SIZE];
  86
  87/* index of CM table. must be global since renesas_common access it. */
  88extern uint32_t     g_CAscm_Idx;
  89
  90#if defined(WOLFSSL_TLS13)
  91/* The server certificate verification label. */
  92static const byte serverCertVfyLabel[TSIP_CERT_VFY_LABEL_SZ] =
  93    "TLS 1.3, server CertificateVerify";
  94static const byte clientCertVfyLabel[TSIP_CERT_VFY_LABEL_SZ] =
  95    "TLS 1.3, client CertificateVerify";
  96#endif /* WOLFSSL_TLS13 */
  97
  98#endif /* WOLFSSL_RENESAS_TSIP_TLS */
  99
 100
 101
 102static int tsip_CryptHwMutexInit(wolfSSL_Mutex* mutex)
 103{
 104    return wc_InitMutex(mutex);
 105}
 106
 107static int tsip_CryptHwMutexLock(wolfSSL_Mutex* mutex)
 108{
 109    return wc_LockMutex(mutex);
 110}
 111
 112static int tsip_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
 113{
 114    return wc_UnLockMutex(mutex);
 115}
 116
 117#if defined(WOLFSSL_RENESAS_TSIP_TLS)
 118/* Set client encrypted public key data.
 119 * parameters:
 120 * ssl      WOLFSSL object
 121 * keyBuf  buffer holding wrapped key which Renesas key tool generated.
 122 * keyBufLen buffer length
 123 * keyType  0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256
 124 * return   0 on success, others on failure.
 125 */
 126WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl,
 127                                const char* keyBuf, int keyBufLen, int keyType)
 128{
 129    int ret = 0;
 130    TsipUserCtx* tuc = NULL;
 131
 132    WOLFSSL_ENTER("tsip_use_PublicKey_buffer_TLS");
 133
 134    if (ssl == NULL
 135    || keyBuf == NULL || keyBufLen == 0 || ssl->RenesasUserCtx == NULL) {
 136        ret = BAD_FUNC_ARG;
 137    }
 138
 139    if (ret == 0){
 140        tuc = ssl->RenesasUserCtx;
 141        tuc->internal->wrappedPublicKey  = (uint8_t*)keyBuf;
 142        tuc->wrappedKeyType    = keyType;
 143    }
 144
 145    WOLFSSL_LEAVE("tsip_use_PublicKey_buffer", ret);
 146    return ret;
 147}
 148/* Set client encrypted private key data.
 149 * parameters:
 150 * ssl      WOLFSSL object
 151 * keyBuf  buffer holding wrapped key which Renesas key tool generated.
 152 * keyBufLen buffer length
 153 * keyType  0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256
 154 * return   0 on success, others on failure.
 155 */
 156WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
 157                                const char* keyBuf, int keyBufLen, int keyType)
 158{
 159    int ret = 0;
 160    TsipUserCtx* tuc = NULL;
 161
 162    WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_TLS");
 163
 164    if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 ||
 165                                ssl->RenesasUserCtx == NULL) {
 166        ret = BAD_FUNC_ARG;
 167    }
 168    if (ret == 0){
 169        tuc = ssl->RenesasUserCtx;
 170
 171        tuc->internal->wrappedPrivateKey = (uint8_t*)keyBuf;
 172        tuc->wrappedKeyType    = keyType;
 173
 174        /* store keyType as Id since Id capacity is 32 bytes */
 175        ret = wolfSSL_use_PrivateKey_Id(ssl,
 176                                (const unsigned char*)keyBuf, 32,
 177                                                tuc->devId);
 178        if (ret == WOLFSSL_SUCCESS) {
 179            ret = 0;
 180        }
 181    }
 182
 183    WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer_TLS", ret);
 184    return ret;
 185}
 186#endif /* WOLFSSL_RENESAS_TSIP_TLS */
 187
 188#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 189
 190/* Set client encrypted public key data.
 191 * parameters:
 192 * uc      Tsip user context
 193 * keyBuf  buffer holding wrapped key which Renesas key tool generated.
 194 * keyBufLen buffer length
 195 * keyType  0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256
 196 * return   0 on success, others on failure.
 197 */
 198WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
 199                                const char* keyBuf, int keyBufLen, int keyType)
 200{
 201    int ret = 0;
 202
 203    WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt");
 204
 205    if (uc == NULL || keyBuf == NULL || keyBufLen == 0) {
 206        ret = BAD_FUNC_ARG;
 207    }
 208
 209    if (ret == 0){
 210        uc->internal->wrappedPublicKey  = (uint8_t*)keyBuf;
 211        uc->wrappedKeyType    = keyType;
 212    }
 213
 214    WOLFSSL_LEAVE("tsip_use_PublicKey_buffer_crypt", ret);
 215    return ret;
 216}
 217/* Set client encrypted private key data.
 218 * parameters:
 219 * uc      Tsip user context
 220 * keyBuf  buffer holding wrapped key which Renesas key tool generated.
 221 * keyBufLen buffer length
 222 * keyType  0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256
 223 * return   0 on success, others on failure.
 224 */
 225WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
 226                                const char* keyBuf, int keyBufLen, int keyType)
 227{
 228    int ret = 0;
 229
 230    WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_crypt");
 231
 232    if (uc == NULL || keyBuf == NULL || keyBufLen == 0 ) {
 233        ret = BAD_FUNC_ARG;
 234    }
 235    if (ret == 0){
 236        uc->internal->wrappedPrivateKey = (uint8_t*)keyBuf;
 237        uc->wrappedKeyType    = keyType;
 238    }
 239
 240    WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer_crypt", ret);
 241    return ret;
 242}
 243#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
 244
 245#ifdef WOLFSSL_RENESAS_TSIP_TLS
 246
 247/* Obsolete function. Use tsip_use_PrivateKey_buffer instead.
 248 * Set client encrypted private key data.
 249 * parameters:
 250 * key      Renesas Secure Flash Programmer generated key.
 251 * keyType  0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256
 252 * return   0 on success, others on failure.
 253 */
 254WOLFSSL_API int  tsip_set_clientPrivateKeyEnc(const byte* encKey, int keyType)
 255{
 256    int ret = 0;
 257
 258    WOLFSSL_ENTER("tsip_set_clientPrivateKeyEnc");
 259
 260    if (ret == 0) {
 261        g_user_key_info.encrypted_user_private_key      = (uint8_t*)encKey;
 262        g_user_key_info.encrypted_user_private_key_type = keyType;
 263    }
 264
 265    WOLFSSL_LEAVE("tsip_set_clientPrivateKeyEnc", ret);
 266    return ret;
 267}
 268
 269
 270/*  Flush raw handshake messages in MsgBag
 271 *
 272 */
 273static void tsipFlushMessages(struct WOLFSSL* ssl)
 274{
 275    TsipUserCtx* tuc = NULL;
 276    MsgBag* bag = NULL;
 277
 278    if (ssl == NULL)
 279        return;
 280
 281    /* get user context for TSIP */
 282    tuc = ssl->RenesasUserCtx;
 283    if (tuc == NULL) {
 284        return;
 285    }
 286
 287    bag = &(tuc->internal->messageBag);
 288
 289    ForceZero(bag, sizeof(MsgBag));
 290
 291}
 292
 293
 294
 295int tsip_TlsCleanup(struct WOLFSSL* ssl)
 296{
 297    int ret = 0;
 298    TsipUserCtx* tuc = NULL;
 299
 300    if (ssl == NULL)
 301        return BAD_FUNC_ARG;
 302
 303    tuc = ssl->RenesasUserCtx;
 304
 305    if (tuc == NULL)
 306        return ret;
 307
 308    /* free stored messages */
 309    tsipFlushMessages(ssl);
 310    /* free internal structure */
 311    if (tuc->internal) {
 312        XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
 313        tuc->internal = NULL;
 314    }
 315
 316    /* zero clear */
 317    ForceZero(tuc, sizeof(TsipUserCtx));
 318
 319    return ret;
 320}
 321
 322
 323
 324#if defined(WOLFSSL_TLS13)
 325/* generate ECC P265 key pair for ECDHE.
 326 * generated public key is stored in KeyShareEntry.pubkey and private key is
 327 * stored in TsipUserCtx.EcdhPrivKey13Idx as tsip specific format.
 328 * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is
 329 * expecting to fallback to S/W, other negative values on error.
 330 */
 331int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse)
 332{
 333    int ret = 0;
 334    e_tsip_err_t    err = TSIP_SUCCESS;
 335    int             isTLS13 = 0;
 336    word16          curveId;
 337    ecc_key*        ecckey = NULL;
 338    TsipUserCtx*    tuc = NULL;
 339
 340    WOLFSSL_ENTER("tsip_Tls13GenEccKeyPair");
 341
 342    if (ssl == NULL || kse == NULL)
 343        ret = BAD_FUNC_ARG;
 344
 345    if (ret == 0) {
 346        if (ssl->version.major == SSLv3_MAJOR &&
 347            ssl->version.minor == TLSv1_3_MINOR) {
 348            isTLS13 = 1;
 349        }
 350        /* TSIP works only in TLS13 client side */
 351        if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
 352            ret = CRYPTOCB_UNAVAILABLE;
 353        }
 354    }
 355
 356    if (ret == 0) {
 357        /* TSIP can handle SECP256R1 */
 358        if (kse->group != WOLFSSL_ECC_SECP256R1) {
 359            WOLFSSL_MSG("TSIP can't handle the specified ECC curve.");
 360            ret = CRYPTOCB_UNAVAILABLE;
 361        }
 362    }
 363
 364    if (ret == 0) {
 365        /* get user context for TSIP */
 366        tuc = ssl->RenesasUserCtx;
 367        if (tuc == NULL) {
 368            ret = CRYPTOCB_UNAVAILABLE;
 369        }
 370    }
 371
 372    curveId = ECC_SECP256R1;
 373
 374    /* Allocate space for the public key */
 375    if (ret == 0) {
 376        kse->pubKey = (byte*)XMALLOC(kse->pubKeyLen, ssl->heap,
 377                                                DYNAMIC_TYPE_PUBLIC_KEY);
 378        if (kse->pubKey == NULL) {
 379            WOLFSSL_MSG("Key data Memory error");
 380            ret = MEMORY_E;
 381        }
 382        else {
 383            ForceZero(kse->pubKey, kse->pubKeyLen);
 384        }
 385    }
 386
 387    /* Allocate an ECC key to hold private key. */
 388    if (ret == 0) {
 389        kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC);
 390        if (kse->key == NULL) {
 391            WOLFSSL_MSG("EccTempKey Memory error");
 392            ret = MEMORY_E;
 393        }
 394        else {
 395            ret = wc_ecc_init_ex((ecc_key*)kse->key, ssl->heap, ssl->devId);
 396        }
 397    }
 398    if (ret == 0) {
 399        ecckey = (ecc_key*)kse->key;
 400        ret = wc_ecc_set_curve(ecckey, kse->keyLen, curveId);
 401    }
 402
 403    kse->pubKey[0] = ECC_POINT_UNCOMP;
 404
 405    /* generate ecc key pair with TSIP */
 406    if (ret == 0) {
 407        if ((ret = tsip_hw_lock()) == 0) {
 408
 409            tuc->internal->Dhe_key_set  =0;
 410
 411            err = R_TSIP_GenerateTls13P256EccKeyIndex(
 412                    &(tuc->internal->handle13),
 413                    TSIP_TLS13_MODE_FULL_HANDSHAKE,
 414                    &(tuc->internal->EcdhPrivKey13Idx),/* private key index */
 415                    &(kse->pubKey[1]));              /* generated public key */
 416
 417            if (err != TSIP_SUCCESS){ret = WC_HW_E;}
 418
 419            if (ret == 0) {
 420                WOLFSSL_MSG("ECDH private key-index is stored by TSIP");
 421                tuc->internal->Dhe_key_set  =1;
 422            }
 423
 424            tsip_hw_unlock();
 425        }
 426        else {
 427            WOLFSSL_MSG("mutex locking error");
 428        }
 429    }
 430
 431    if ((ret != 0) && (ret != CRYPTOCB_UNAVAILABLE)) {
 432        XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
 433        kse->key = NULL;
 434        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
 435        kse->pubKey = NULL;
 436    }
 437    WOLFSSL_LEAVE("tsip_Tls13GenEccKeyPair", ret);
 438    return ret;
 439}
 440
 441/* generate shared secret(pre-master secret)
 442 * get peer's raw ECDHE public key from KeyShareEntry.
 443 * The pre-master secret generated by TSIP is stored into
 444 * TsipUserCtx.sharedSecret13Idx as TSIP specific format.
 445 *
 446 * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is
 447 * expecting to fallback to S/W, other negative values on error.
 448 */
 449int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
 450                                                    struct KeyShareEntry* kse)
 451{
 452    int ret = 0;
 453    e_tsip_err_t    err   = TSIP_SUCCESS;
 454    int             isTLS13   = 0;
 455    uint8_t*        pubkeyraw = NULL;
 456    TsipUserCtx*    tuc = NULL;
 457
 458    WOLFSSL_ENTER("tsip_Tls13GenSharedSecret");
 459    if (ssl == NULL || kse == NULL)
 460        ret = BAD_FUNC_ARG;
 461
 462    if (ret == 0) {
 463        if (ssl->version.major == SSLv3_MAJOR &&
 464            ssl->version.minor == TLSv1_3_MINOR) {
 465            isTLS13 = 1;
 466        }
 467        if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
 468            WOLFSSL_MSG("Not in TLS1.3 or in client");
 469            ret = CRYPTOCB_UNAVAILABLE;
 470        }
 471    }
 472
 473    if (ret == 0) {
 474        /* make sure it is in TLS13 and in client side */
 475        if (kse->group != WOLFSSL_ECC_SECP256R1) {
 476            WOLFSSL_MSG("TSIP can't handle the specified group");
 477            ret = CRYPTOCB_UNAVAILABLE;
 478        }
 479    }
 480
 481    if (ret == 0) {
 482        /* get user context for TSIP */
 483        tuc = ssl->RenesasUserCtx;
 484        if (tuc == NULL) {
 485            WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
 486            ret = CRYPTOCB_UNAVAILABLE;
 487        }
 488    }
 489
 490    if (ret == 0) {
 491        if (!tuc->internal->Dhe_key_set) {
 492            WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
 493            ret = CRYPTOCB_UNAVAILABLE;
 494        }
 495    }
 496
 497    if (ret == 0) {
 498        if ((ret = tsip_hw_lock()) == 0) {
 499
 500            tuc->internal->SharedSecret_set = 0;
 501            pubkeyraw = kse->ke + 1;        /* peer's raw public key data */
 502
 503            /* derive shared secret */
 504            err = R_TSIP_Tls13GenerateEcdheSharedSecret(
 505                TSIP_TLS13_MODE_FULL_HANDSHAKE,
 506                pubkeyraw,                 /* peer's ECDHE public key */
 507                &(tuc->internal->EcdhPrivKey13Idx),/*(out) own ECDHE priv key */
 508                &(tuc->internal->sharedSecret13Idx)); /*(out) PreMasterSecret */
 509
 510            if (err != TSIP_SUCCESS) {
 511                WOLFSSL_MSG("R_TSIP_Tls13GenerateEcdheSharedSecret error");
 512                ret = WC_HW_E;
 513            }
 514            if (ret == 0) {
 515                /* set flag for later tsip operations */
 516                tuc->internal->SharedSecret_set = 1;
 517            }
 518
 519            tsip_hw_unlock();
 520        }
 521        else {
 522            WOLFSSL_MSG("mutex locking error");
 523        }
 524    }
 525
 526    WOLFSSL_LEAVE("tsip_Tls13GenSharedSecret", ret);
 527    return ret;
 528}
 529
 530int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
 531{
 532    int ret = 0;
 533    TsipUserCtx*    tuc = NULL;
 534
 535    WOLFSSL_ENTER("tsip_Tls13DeriveEarlySecret");
 536    if (ssl == NULL)
 537        ret = BAD_FUNC_ARG;
 538
 539    if (ret == 0) {
 540        /* get user context for TSIP */
 541        tuc = ssl->RenesasUserCtx;
 542        if (tuc == NULL) {
 543            WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
 544            ret = CRYPTOCB_UNAVAILABLE;
 545        }
 546        else {
 547            tuc->internal->EarlySecret_set = 1;
 548        }
 549    }
 550
 551    WOLFSSL_LEAVE("tsip_Tls13DeriveEarlySecret", ret);
 552    return ret;
 553}
 554
 555/* derive handshake secret.
 556 * get pre-master secret stored in TsipUserCtx.sharedSecret13Idx.
 557 * Derived handshake secret is stored into TsipUserCtx.handshakeSecret13Idx
 558 * as tsip specific format.
 559 *
 560 * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is
 561 * expecting to fallback to S/W, other negative values on error.
 562 */
 563int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
 564{
 565    int ret = 0;
 566    e_tsip_err_t err = TSIP_SUCCESS;
 567    int isTLS13 = 0;
 568    TsipUserCtx*    tuc = NULL;
 569
 570    WOLFSSL_ENTER("tsip_Tls13DeriveHandshakeSecret");
 571    if (ssl == NULL)
 572        ret = BAD_FUNC_ARG;
 573
 574    if (ret == 0) {
 575        if (ssl->version.major == SSLv3_MAJOR &&
 576            ssl->version.minor == TLSv1_3_MINOR) {
 577            isTLS13 = 1;
 578        }
 579
 580        if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
 581            ret = CRYPTOCB_UNAVAILABLE;   /* expecting to fallback to S/W */
 582        }
 583    }
 584
 585    if (ret == 0) {
 586        /* get user context for TSIP */
 587        tuc = ssl->RenesasUserCtx;
 588        if (tuc == NULL) {
 589            WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
 590            ret = CRYPTOCB_UNAVAILABLE;
 591        }
 592    }
 593
 594    if (ret == 0) {
 595        /* check if pre-master secret is generated by tsip */
 596        if (!tuc->internal->SharedSecret_set) {
 597            WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
 598            ret = CRYPTOCB_UNAVAILABLE;
 599        }
 600    }
 601
 602    if (ret == 0) {
 603        if ((ret = tsip_hw_lock()) == 0) {
 604
 605            tuc->internal->HandshakeSecret_set = 0;
 606
 607            err = R_TSIP_Tls13GenerateHandshakeSecret(
 608                        &(tuc->internal->sharedSecret13Idx),
 609                        &(tuc->internal->handshakeSecret13Idx));
 610
 611            if (err != TSIP_SUCCESS) {
 612                WOLFSSL_MSG("R_TSIP_Tls13GenerateHandshakeSecret error");
 613                ret = WC_HW_E;
 614            }
 615            if (ret == 0) {
 616                tuc->internal->HandshakeSecret_set = 1;
 617            }
 618            tsip_hw_unlock();
 619        }
 620        else {
 621            WOLFSSL_MSG("mutex locking error");
 622        }
 623    }
 624
 625    WOLFSSL_LEAVE("tsip_Tls13DeriveHandshakeSecret", ret);
 626    return ret;
 627}
 628
 629static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
 630{
 631    int ret = 0;
 632    e_tsip_err_t    err = TSIP_SUCCESS;
 633    int             isTLS13 = 0;
 634    TsipUserCtx*    tuc = NULL;
 635    byte            hash[WC_SHA256_DIGEST_SIZE];
 636
 637
 638    WOLFSSL_ENTER("tsipTls13DeriveClientHandshakeKeys");
 639    if (ssl == NULL)
 640        ret = BAD_FUNC_ARG;
 641
 642    if (ret == 0) {
 643        if (ssl->version.major == SSLv3_MAJOR &&
 644            ssl->version.minor == TLSv1_3_MINOR) {
 645            isTLS13 = 1;
 646        }
 647        if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
 648            ret = CRYPTOCB_UNAVAILABLE;   /* expecting to fallback to S/W */
 649        }
 650    }
 651
 652    if (ret == 0) {
 653        /* get user context for TSIP */
 654        tuc = ssl->RenesasUserCtx;
 655        if (tuc == NULL) {
 656            WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
 657            ret = CRYPTOCB_UNAVAILABLE;
 658        }
 659    }
 660
 661    if (ret == 0) {
 662        /* make sure client handshake secret is generated by tsip */
 663        if (!tuc->internal->HandshakeSecret_set) {
 664            WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
 665            ret = CRYPTOCB_UNAVAILABLE;
 666        }
 667    }
 668
 669    if (ret == 0) {
 670        /* get digest of handshake messages */
 671        ret = tsip_GetMessageSha256(ssl, hash, NULL);
 672    }
 673
 674    if (ret == 0) {
 675        if ((ret = tsip_hw_lock()) == 0) {
 676
 677            tuc->internal->HandshakeClientTrafficKey_set = 0;
 678
 679            err = R_TSIP_Tls13GenerateClientHandshakeTrafficKey(
 680                    &(tuc->internal->handle13),
 681                    TSIP_TLS13_MODE_FULL_HANDSHAKE,
 682                    &(tuc->internal->handshakeSecret13Idx),
 683                    hash,
 684                    &(tuc->internal->clientWriteKey13Idx),
 685                    &(tuc->internal->clientFinished13Idx));
 686
 687            if (err != TSIP_SUCCESS) {
 688                WOLFSSL_MSG(
 689                    "R_TSIP_Tls13GenerateClientHandshakeTrafficKey error");
 690                ret = WC_HW_E;
 691            }
 692
 693            /* key derivation succeeded */
 694            if (ret == 0) {
 695                tuc->internal->HandshakeClientTrafficKey_set = 1;
 696            }
 697
 698            tsip_hw_unlock();
 699        }
 700        else {
 701            WOLFSSL_MSG("mutex locking error");
 702        }
 703    }
 704
 705    WOLFSSL_LEAVE("tsipTls13DeriveClientHandshakeKeys", ret);
 706    return ret;
 707}
 708
 709static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
 710{
 711    int ret = 0;
 712    e_tsip_err_t    err = TSIP_SUCCESS;
 713    int             isTLS13 = 0;
 714    TsipUserCtx*    tuc = NULL;
 715    byte            hash[WC_SHA256_DIGEST_SIZE];
 716
 717
 718    WOLFSSL_ENTER("tsipTls13DeriveServerHandshakeKeys");
 719    if (ssl == NULL)
 720        ret = BAD_FUNC_ARG;
 721
 722    if (ret == 0) {
 723        if (ssl->version.major == SSLv3_MAJOR &&
 724            ssl->version.minor == TLSv1_3_MINOR) {
 725            isTLS13 = 1;
 726        }
 727        if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
 728            ret = CRYPTOCB_UNAVAILABLE;   /* expecting to fallback to S/W */
 729        }
 730    }
 731
 732    if (ret == 0) {
 733        /* get user context for TSIP */
 734        tuc = ssl->RenesasUserCtx;
 735        if (tuc == NULL) {
 736            WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
 737            ret = CRYPTOCB_UNAVAILABLE;
 738        }
 739    }
 740
 741    if (ret == 0) {
 742        /* make sure client handshake secret is generated by tsip */
 743        if (!tuc->internal->HandshakeSecret_set) {
 744            WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
 745            ret = CRYPTOCB_UNAVAILABLE;
 746        }
 747    }
 748
 749    if (ret == 0) {
 750        /* get digest of handshake packets */
 751        ret = tsip_GetMessageSha256(ssl, hash, NULL);
 752    }
 753
 754    if (ret == 0) {
 755        if ((ret = tsip_hw_lock()) == 0) {
 756
 757            tuc->internal->HandshakeServerTrafficKey_set = 0;
 758
 759            err = R_TSIP_Tls13GenerateServerHandshakeTrafficKey(
 760                        &(tuc->internal->handle13),
 761                        TSIP_TLS13_MODE_FULL_HANDSHAKE,
 762                        &(tuc->internal->handshakeSecret13Idx),
 763                        hash,
 764                        &(tuc->internal->serverWriteKey13Idx),
 765                        &(tuc->internal->serverFinished13Idx));
 766
 767            if (err != TSIP_SUCCESS) {
 768                WOLFSSL_MSG(
 769                    "R_TSIP_Tls13GenerateServerHandshakeTrafficKey error");
 770                ret = WC_HW_E;
 771            }
 772
 773            /* key derivation succeeded */
 774            if (ret == 0) {
 775                tuc->internal->HandshakeServerTrafficKey_set = 1;
 776            }
 777
 778            tsip_hw_unlock();
 779        }
 780        else {
 781            WOLFSSL_MSG("mutex locking error");
 782        }
 783    }
 784
 785    WOLFSSL_LEAVE("tsipTls13DeriveServerHandshakeKeys", ret);
 786    return ret;
 787}
 788
 789static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
 790{
 791    int ret = 0;
 792    e_tsip_err_t    err = TSIP_SUCCESS;
 793    int             isTLS13 = 0;
 794    TsipUserCtx*    tuc = NULL;
 795    byte            hash[WC_SHA256_DIGEST_SIZE];
 796
 797
 798    WOLFSSL_ENTER("tsipTls13DeriveTrafficKeys");
 799    if (ssl == NULL)
 800        ret = BAD_FUNC_ARG;
 801
 802    if (ret == 0) {
 803        if (ssl->version.major == SSLv3_MAJOR &&
 804            ssl->version.minor == TLSv1_3_MINOR) {
 805            isTLS13 = 1;
 806        }
 807        if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
 808            ret = CRYPTOCB_UNAVAILABLE;   /* expecting to fallback to S/W */
 809        }
 810    }
 811
 812    if (ret == 0) {
 813        /* get user context for TSIP */
 814        tuc = ssl->RenesasUserCtx;
 815        if (tuc == NULL) {
 816            WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
 817            ret = CRYPTOCB_UNAVAILABLE;
 818        }
 819    }
 820
 821    if (ret == 0) {
 822        /* make sure master secret is generated by tsip */
 823        if (!tuc->internal->MasterSecret_set) {
 824            WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
 825            ret = CRYPTOCB_UNAVAILABLE;
 826        }
 827    }
 828
 829    if (ret == 0) {
 830        /* get digest of handshake messages */
 831        ret = tsip_GetMessageSha256(ssl, hash, NULL);
 832    }
 833
 834    if (ret == 0) {
 835        if ((ret = tsip_hw_lock()) == 0) {
 836
 837            tuc->internal->ServerTrafficSecret_set   = 0;
 838            tuc->internal->ClientTrafficSecret_set   = 0;
 839            tuc->internal->ServerWriteTrafficKey_set = 0;
 840            tuc->internal->ClientWriteTrafficKey_set = 0;
 841
 842            err = R_TSIP_Tls13GenerateApplicationTrafficKey(
 843                        &(tuc->internal->handle13),
 844                        TSIP_TLS13_MODE_FULL_HANDSHAKE,
 845                        &(tuc->internal->masterSecret13Idx),
 846                        (uint8_t*)hash,
 847                        &(tuc->internal->serverAppTraffic13Secret),
 848                        &(tuc->internal->clientAppTraffic13Secret),
 849                        &(tuc->internal->serverAppWriteKey13Idx),
 850                        &(tuc->internal->clientAppWriteKey13Idx));
 851
 852            if (err != TSIP_SUCCESS) {
 853                WOLFSSL_MSG(
 854                    "R_TSIP_Tls13GenerateApplicationTrafficKey error");
 855                ret = WC_HW_E;
 856            }
 857
 858            /* key derivation succeeded */
 859            if (ret == 0) {
 860                tuc->internal->ServerTrafficSecret_set   = 1;
 861                tuc->internal->ClientTrafficSecret_set   = 1;
 862                tuc->internal->ServerWriteTrafficKey_set = 1;
 863                tuc->internal->ClientWriteTrafficKey_set = 1;
 864            }
 865
 866            tsip_hw_unlock();
 867        }
 868        else {
 869            WOLFSSL_MSG("mutex locking error");
 870        }
 871    }
 872
 873    WOLFSSL_LEAVE("tsipTls13DeriveTrafficKeys", ret);
 874    return ret;
 875}
 876
 877static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
 878{
 879    int ret     = 0;
 880    e_tsip_err_t    err = TSIP_SUCCESS;
 881    int             isTLS13 = 0;
 882    TsipUserCtx*    tuc = NULL;
 883
 884     WOLFSSL_ENTER("tsipTls13UpdateClientTrafficKeys");
 885
 886    if (ssl == NULL)
 887        ret = BAD_FUNC_ARG;
 888
 889    if (ret == 0) {
 890        if (ssl->version.major == SSLv3_MAJOR &&
 891            ssl->version.minor == TLSv1_3_MINOR) {
 892            isTLS13 = 1;
 893        }
 894        if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
 895            ret = CRYPTOCB_UNAVAILABLE;   /* expecting to fallback to S/W */
 896        }
 897    }
 898
 899    if (ret == 0) {
 900        /* get user context for TSIP */
 901        tuc = ssl->RenesasUserCtx;
 902        if (tuc == NULL) {
 903            WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
 904            ret = CRYPTOCB_UNAVAILABLE;
 905        }
 906    }
 907
 908    if (ret == 0) {
 909        /* make sure application secret is generated by tsip */
 910        if (!tuc->internal->ClientTrafficSecret_set) {
 911            WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
 912            ret = CRYPTOCB_UNAVAILABLE;
 913        }
 914    }
 915    if (ret == 0) {
 916        if ((ret = tsip_hw_lock()) == 0) {
 917
 918            tuc->internal->ClientWriteTrafficKey_set = 0;
 919
 920            err = R_TSIP_Tls13UpdateApplicationTrafficKey(
 921                        &(tuc->internal->handle13),
 922                        TSIP_TLS13_MODE_FULL_HANDSHAKE,
 923                        TSIP_TLS13_UPDATE_CLIENT_KEY,
 924                        &(tuc->internal->clientAppTraffic13Secret),
 925                        &(tuc->internal->clientAppTraffic13Secret),
 926                        &(tuc->internal->clientAppWriteKey13Idx));
 927            if (err != TSIP_SUCCESS) {
 928                WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error");
 929                ret = WC_HW_E;
 930            }
 931            else {
 932                tuc->internal->ClientWriteTrafficKey_set = 1;
 933            }
 934            tsip_hw_unlock();
 935        }
 936        else {
 937            WOLFSSL_MSG("mutex locking error");
 938        }
 939    }
 940
 941    WOLFSSL_LEAVE("tsipTls13UpdateClientTrafficKeys", ret);
 942    return ret;
 943}
 944
 945static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
 946{
 947    int ret     = 0;
 948    e_tsip_err_t    err = TSIP_SUCCESS;
 949    int             isTLS13 = 0;
 950    TsipUserCtx*    tuc = NULL;
 951
 952     WOLFSSL_ENTER("tsipTls13UpdateServerTrafficKeys");
 953
 954    if (ssl == NULL)
 955        ret = BAD_FUNC_ARG;
 956
 957    if (ret == 0) {
 958        if (ssl->version.major == SSLv3_MAJOR &&
 959            ssl->version.minor == TLSv1_3_MINOR) {
 960            isTLS13 = 1;
 961        }
 962        if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
 963            ret = CRYPTOCB_UNAVAILABLE;   /* expecting to fallback to S/W */
 964        }
 965    }
 966
 967    if (ret == 0) {
 968        /* get user context for TSIP */
 969        tuc = ssl->RenesasUserCtx;
 970        if (tuc == NULL) {
 971            WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
 972            ret = CRYPTOCB_UNAVAILABLE;
 973        }
 974    }
 975
 976    if (ret == 0) {
 977        /* make sure application secret is generated by tsip */
 978        if (!tuc->internal->ServerTrafficSecret_set) {
 979            WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
 980            ret = CRYPTOCB_UNAVAILABLE;
 981        }
 982    }
 983    if (ret == 0) {
 984        if ((ret = tsip_hw_lock()) == 0) {
 985
 986            tuc->internal->ServerWriteTrafficKey_set = 0;
 987
 988            err = R_TSIP_Tls13UpdateApplicationTrafficKey(
 989                        &(tuc->internal->handle13),
 990                        TSIP_TLS13_MODE_FULL_HANDSHAKE,
 991                        TSIP_TLS13_UPDATE_SERVER_KEY,
 992                        &(tuc->internal->serverAppTraffic13Secret),
 993                        &(tuc->internal->serverAppTraffic13Secret),
 994                        &(tuc->internal->serverAppWriteKey13Idx));
 995            if (err != TSIP_SUCCESS) {
 996                WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error");
 997                ret = WC_HW_E;
 998            }
 999            else {
1000                tuc->internal->ServerWriteTrafficKey_set = 1;
1001            }
1002            tsip_hw_unlock();
1003        }
1004        else {
1005            WOLFSSL_MSG("mutex locking error");
1006        }
1007    }
1008
1009    WOLFSSL_LEAVE("tsipTls13UpdateServerTrafficKeys", ret);
1010    return ret;
1011}
1012
1013/* Derive the keys for TLS v1.3.
1014 *
1015 * ssl    The WOLFSSL object.
1016 * keyType  kind of keys to derive.
1017 *        handshake_key: when deriving keys for encrypting handshake messages.
1018 *        traffic_key: when deriving first keys for encrypting traffic messages.
1019 *        update_traffic_key: when deriving next keys for encrypting
1020 *        traffic messages.
1021 *
1022 * side   ENCRYPT_SIDE_ONLY: when only encryption secret needs to be derived.
1023 *        DECRYPT_SIDE_ONLY: when only decryption secret needs to be derived.
1024 *        ENCRYPT_AND_DECRYPT_SIDE: when both secret needs to be derived.
1025 *
1026 * returns 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is
1027 * expecting to fallback to S/W, other negative values on error.
1028 */
1029int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl,
1030                                                int keyType, int side)
1031{
1032    int ret = 0;
1033    int provision;
1034
1035    WOLFSSL_ENTER("tsip_Tls13DeriveKeys");
1036
1037    if (side == ENCRYPT_AND_DECRYPT_SIDE) {
1038        provision = PROVISION_CLIENT_SERVER;
1039    }
1040    else {
1041        provision = ((ssl->options.side != WOLFSSL_CLIENT_END) ^
1042                     (side == ENCRYPT_SIDE_ONLY)) ? PROVISION_CLIENT :
1043                                                    PROVISION_SERVER;
1044    }
1045    /* derive client key */
1046    switch (keyType) {
1047        case early_data_key:
1048            WOLFSSL_MSG("TSIP can't handle early data key");
1049            ret = CRYPTOCB_UNAVAILABLE;
1050            break;
1051
1052        case handshake_key:
1053            if (provision & PROVISION_CLIENT) {
1054                ret = tsipTls13DeriveClientHandshakeKeys(ssl);
1055            }
1056            break;
1057
1058        case traffic_key:
1059            ret = tsipTls13DeriveTrafficKeys(ssl);
1060            break;
1061
1062        case update_traffic_key:
1063            if (provision & PROVISION_CLIENT) {
1064                ret = tsipTls13UpdateClientTrafficKeys(ssl);
1065            }
1066            break;
1067
1068        default:
1069            ret = CRYPTOCB_UNAVAILABLE;
1070            break;
1071    }
1072
1073    if (ret == 0) {
1074        /* derive server key */
1075        switch (keyType) {
1076            case early_data_key:
1077                WOLFSSL_MSG("TSIP can't handle early data key");
1078                ret = CRYPTOCB_UNAVAILABLE;
1079                break;
1080
1081            case handshake_key:
1082                if (provision & PROVISION_SERVER) {
1083                    ret = tsipTls13DeriveServerHandshakeKeys(ssl);
1084                }
1085                break;
1086
1087            case traffic_key:
1088                /* traffic key for server was derived in
1089                 * tsipTls13DeriveTrafficKeys
1090                 */
1091                break;
1092
1093            case update_traffic_key:
1094                if (provision & PROVISION_SERVER) {
1095                    ret = tsipTls13UpdateServerTrafficKeys(ssl);
1096                }
1097                break;
1098
1099            default:
1100                ret = CRYPTOCB_UNAVAILABLE;
1101                break;
1102        }
1103    }
1104    WOLFSSL_LEAVE("tsip_Tls13DeriveKeys", ret);
1105    return ret;
1106}
1107
1108int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
1109{
1110    int ret = 0;
1111    e_tsip_err_t    err = TSIP_SUCCESS;
1112    int             isTLS13 = 0;
1113    TsipUserCtx*    tuc = NULL;
1114
1115    WOLFSSL_ENTER("tsip_Tls13DeriveMasterSecret");
1116
1117    if (ssl == NULL)
1118        ret = BAD_FUNC_ARG;
1119
1120    if (ret == 0) {
1121        if (ssl->version.major == SSLv3_MAJOR &&
1122            ssl->version.minor == TLSv1_3_MINOR) {
1123            isTLS13 = 1;
1124        }
1125        if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
1126            ret = CRYPTOCB_UNAVAILABLE;   /* expecting to fallback to S/W */
1127        }
1128    }
1129    if (ret == 0) {
1130        /* get user context for TSIP */
1131        tuc = ssl->RenesasUserCtx;
1132        if (tuc == NULL) {
1133            WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
1134            ret = CRYPTOCB_UNAVAILABLE;
1135        }
1136    }
1137    if (ret == 0) {
1138        /* make sure handshake secret and verify data has been set by TSIP */
1139        if (!tuc->internal->HandshakeSecret_set ||
1140            !tuc->internal->HandshakeVerifiedData_set) {
1141            WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
1142            ret = CRYPTOCB_UNAVAILABLE;
1143        }
1144    }
1145    if (ret == 0) {
1146        if ((ret = tsip_hw_lock()) == 0) {
1147
1148            tuc->internal->MasterSecret_set = 0;
1149
1150            err = R_TSIP_Tls13GenerateMasterSecret(
1151                        &(tuc->internal->handle13),
1152                        TSIP_TLS13_MODE_FULL_HANDSHAKE,
1153                        &(tuc->internal->handshakeSecret13Idx),
1154                        (uint32_t*)tuc->internal->verifyData13Idx,
1155                        &(tuc->internal->masterSecret13Idx));
1156
1157            if (err != TSIP_SUCCESS) {
1158                WOLFSSL_MSG(
1159                    "R_TSIP_Tls13GenerateMasterSecret( error");
1160                ret = WC_HW_E;
1161            }
1162
1163            if (ret == 0) {
1164                tuc->internal->MasterSecret_set = 1;
1165            }
1166
1167            tsip_hw_unlock();
1168        }
1169        else {
1170            WOLFSSL_MSG("mutex locking error");
1171        }
1172    }
1173
1174    WOLFSSL_LEAVE("tsip_Tls13DeriveMasterSecret", ret);
1175    return ret;
1176}
1177
1178/* verify handshake
1179 * ssl     WOLFSSL object
1180 * hash    buffer holding decrypted finished message content from server.
1181 *
1182 */
1183static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
1184                                    const byte* hash)/*finished message*/
1185{
1186    int             ret = 0;
1187    e_tsip_err_t    err = TSIP_SUCCESS;
1188    int             isTLS13 = 0;
1189    TsipUserCtx*    tuc = NULL;
1190    word32          msgHash[WC_SHA256_DIGEST_SIZE/sizeof(word32)];
1191
1192    WOLFSSL_ENTER("tsipTls13VerifyHandshake");
1193
1194    if (ssl == NULL)
1195        ret = BAD_FUNC_ARG;
1196
1197    if (ret == 0) {
1198        if (ssl->version.major == SSLv3_MAJOR &&
1199            ssl->version.minor == TLSv1_3_MINOR) {
1200            isTLS13 = 1;
1201        }
1202        if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
1203            ret = CRYPTOCB_UNAVAILABLE;   /* expecting to fallback to S/W */
1204        }
1205    }
1206
1207    if (ret == 0) {
1208        /* get user context for TSIP */
1209        tuc = ssl->RenesasUserCtx;
1210        if (tuc == NULL) {
1211            WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
1212            ret = CRYPTOCB_UNAVAILABLE;
1213        }
1214    }
1215
1216    if (ret == 0) {
1217        /* make sure handshake secret is generated by tsip */
1218        if (!tuc->internal->HandshakeServerTrafficKey_set) {
1219            WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
1220            ret = CRYPTOCB_UNAVAILABLE;
1221        }
1222    }
1223    /* get digest of handshake messages */
1224    if (ret == 0) {
1225        ret = tsip_GetMessageSha256(ssl, (byte*)msgHash, NULL);
1226    }
1227
1228    if (ret == 0) {
1229        if ((ret = tsip_hw_lock()) == 0) {
1230
1231            tuc->internal->HandshakeVerifiedData_set = 0;
1232
1233            err = R_TSIP_Tls13ServerHandshakeVerification(
1234                                TSIP_TLS13_MODE_FULL_HANDSHAKE,
1235                                &(tuc->internal->serverFinished13Idx),
1236                                (uint8_t*)msgHash,
1237                                (uint8_t*)hash,
1238                                (uint32_t*)(tuc->internal->verifyData13Idx));
1239
1240            if (err == TSIP_ERR_VERIFICATION_FAIL) {
1241                WOLFSSL_MSG("Handshake verification error");
1242                ret = VERIFY_FINISHED_ERROR;
1243            }
1244            else if (err != TSIP_SUCCESS) {
1245                WOLFSSL_MSG("R_TSIP_Tls13ServerHandshakeVerification error");
1246                ret = WC_HW_E;
1247            }
1248            if (ret == 0) {
1249                WOLFSSL_MSG("Verified handshake");
1250                tuc->internal->HandshakeVerifiedData_set = 1;
1251            }
1252
1253            tsip_hw_unlock();
1254        }
1255        else {
1256            WOLFSSL_MSG("mutex locking error");
1257        }
1258    }
1259
1260    WOLFSSL_LEAVE("tsipTls13VerifyHandshake", ret);
1261    return ret;
1262}
1263
1264/* handles finished message from server.
1265 * verify hmac in the message. Also output verify data to
1266 * TsipUserCtx.verifyDataIdx, which is used for deriving master secret.
1267 *
1268 *  ssl       WOLFSSL object
1269 *  input     the buffer holding decrypted finished message, type and padding
1270 *  inOutIdx  On entry, the index into the message content of Finished.
1271 *            On exit, the index of byte after the Finished message and padding.
1272 *  size      Length of message content(excluding type and padding)
1273 *  totalSz   Length in the record header. means message + type + pad.
1274 *  return    0, on success, others on failure.
1275 */
1276int tsip_Tls13HandleFinished(
1277                                            struct WOLFSSL* ssl,
1278                                            const byte*     input,
1279                                            word32*         inOutIdx,
1280                                            word32          size,
1281                                            word32          totalSz)
1282{
1283    int ret = 0;
1284
1285    WOLFSSL_ENTER("tsip_Tls13HandleFinished");
1286
1287    if (ssl == NULL || input == NULL || inOutIdx == NULL) {
1288        ret = BAD_FUNC_ARG;
1289    }
1290
1291    if (ret == 0) {
1292        ret = tsipTls13VerifyHandshake(ssl, input + *inOutIdx);
1293    }
1294
1295    if (ret == 0) {
1296        /* Force input exhaustion at ProcessReply by consuming padSz. */
1297        *inOutIdx += size + ssl->keys.padSz;
1298
1299        ssl->options.serverState = SERVER_FINISHED_COMPLETE;
1300    }
1301
1302    WOLFSSL_LEAVE("tsip_Tls13HandleFinished", ret);
1303    return ret;
1304}
1305
1306/* Build TLS v1.3 Message and make it encrypted with AEAD algorithm.
1307 * TSIP supports AES-GCM and AES-CCM.
1308 * ssl         The WOLFSSL object.
1309 * output      The buffer to write record message to.
1310 * outSz       Size of the buffer being written into.
1311 * input       The handshake message data to encrypt (excluding trailing type).
1312 * inSz        The size of the handshake message (including message header).
1313 * type        The real content type being put after the message data.
1314 * hashOutput  Whether to hash the unencrypted record data.
1315 * returns     the size of the record including header, CRYPTOCB_UNAVAILABLE
1316 *             when tsip can not handle and is expecting to fallback to S/W,
1317 *             other negative values on error.
1318 */
1319int tsip_Tls13BuildMessage(struct WOLFSSL* ssl,
1320                                         byte* output,
1321                                         int   outSz,
1322                                         const byte* input,
1323                                         int   inSz,
1324                                         int   type,
1325                                         int hashOutput)
1326{
1327    int ret = 0;
1328    int recSz;
1329    int isTLS13 = 0;
1330    RecordLayerHeader* rl = NULL;
1331    (void)outSz;
1332
1333    WOLFSSL_ENTER("tsip_Tls13BuildMessage");
1334
1335    if (ssl == NULL || output == NULL || input == NULL) {
1336        ret = BAD_FUNC_ARG;
1337    }
1338
1339    if (ret == 0) {
1340        if (ssl->version.major == SSLv3_MAJOR &&
1341            ssl->version.minor == TLSv1_3_MINOR) {
1342            isTLS13 = 1;
1343        }
1344        if (!isTLS13 || (ssl->options.side != WOLFSSL_CLIENT_END)) {
1345            ret = CRYPTOCB_UNAVAILABLE;   /* expecting to fallback to S/W */
1346        }
1347    }
1348
1349    if (ret == 0) {
1350        /* make sure hash algorithm is SHA256 */
1351        if (ssl->specs.mac_algorithm != sha256_mac ) {
1352            WOLFSSL_MSG("TSIP can't handle this hash algorithm.");
1353            ret = CRYPTOCB_UNAVAILABLE;
1354        }
1355    }
1356
1357    if (ret == 0) {
1358        if ((ssl->specs.bulk_cipher_algorithm != wolfssl_aes_gcm) &&
1359            (ssl->specs.bulk_cipher_algorithm != wolfssl_aes_ccm)) {
1360            WOLFSSL_MSG("TSIP can't handle the specified algorithm");
1361            ret = CRYPTOCB_UNAVAILABLE;
1362        }
1363    }
1364
1365    if (ret == 0) {
1366        /* set size in record header */
1367        recSz = inSz + 1 + ssl->specs.aead_mac_size;
1368
1369        /* update the record header with the new size. */
1370        rl = (RecordLayerHeader*)output;
1371        rl->type    = application_data;
1372        rl->pvMajor = ssl->version.major;
1373        rl->pvMinor = TLSv1_2_MINOR;
1374        c16toa((word16)recSz, rl->length);
1375
1376        if (input != output + RECORD_HEADER_SZ) {
1377            XMEMCPY(output + RECORD_HEADER_SZ, input, inSz);
1378        }
1379
1380        if (hashOutput) {
1381            ret = HashOutput(ssl, output, RECORD_HEADER_SZ + inSz, 0);
1382        }
1383    }
1384    if (ret == 0) {
1385        /* The real record content type goes at the end of the data. */
1386        output[RECORD_HEADER_SZ + inSz] = (byte)type;
1387
1388        ret = tsip_Tls13AesEncrypt(ssl,
1389                           output + RECORD_HEADER_SZ, /* output */
1390                           output + RECORD_HEADER_SZ, /* plain message */
1391                           inSz + 1); /* plain data size(= inSz + 1 for type) */
1392
1393        if (ret > 0) {
1394            ret = recSz + RECORD_HEADER_SZ; /* return record size */
1395        }
1396    }
1397
1398    WOLFSSL_LEAVE("tsip_Tls13BuildMessage", ret);
1399    return ret;
1400}
1401
1402/* Send finished message to the server.
1403 *
1404 * ssl     WOLFSSL object
1405 * output  buffer to output packet, including packet header and finished message
1406 * outSz   buffer size of output
1407 * input   buffer holding finished message
1408 * hashOut
1409 * return  0 on success, CRYPTOCB_UNAVAILABLE when TSIP can not handle,
1410 *         other negative values on error.
1411 */
1412int tsip_Tls13SendFinished(
1413                                struct WOLFSSL* ssl,
1414                                byte*       output,
1415                                int         outSz,
1416                                const byte* input,
1417                                int         hashOut)
1418{
1419    int ret         = 0;
1420    int finishedSz;
1421    int headerSz    = HANDSHAKE_HEADER_SZ;
1422    int recordSz;
1423
1424    WOLFSSL_ENTER("tsip_Tls13SendFinished");
1425
1426    if (ssl == NULL || output == NULL || input == NULL || outSz == 0) {
1427        ret  = BAD_FUNC_ARG;
1428    }
1429
1430    if (ret == 0) {
1431        finishedSz  = ssl->specs.hash_size;
1432
1433        ret = tsip_Tls13GetHmacMessages(ssl, (byte*)&input[headerSz]);
1434    }
1435
1436    if (ret == 0) {
1437       recordSz = WC_MAX_DIGEST_SIZE + DTLS_HANDSHAKE_HEADER_SZ + MAX_MSG_EXTRA;
1438        /* check for available size */
1439        ret = CheckAvailableSize(ssl, recordSz);
1440        recordSz = 0;
1441    }
1442
1443    if (ret == 0) {
1444        recordSz = tsip_Tls13BuildMessage(ssl,
1445                                     output, outSz,
1446                                     input, headerSz + finishedSz,
1447                                     handshake, hashOut);
1448
1449        if (recordSz > 0) {
1450            ssl->options.clientState    = CLIENT_FINISHED_COMPLETE;
1451            ssl->options.handShakeState = HANDSHAKE_DONE;
1452            ssl->options.handShakeDone  = 1;
1453            ssl->buffers.outputBuffer.length += recordSz; /* advance length */
1454
1455            ret = SendBuffered(ssl);
1456        }
1457        else {
1458            ret = recordSz;
1459        }
1460    }
1461    WOLFSSL_LEAVE("tsip_Tls13SendFinished", ret);
1462    return ret;
1463}
1464
1465/* Parse and handle a TLS v1.3 CertificateVerify message sent from a server.
1466 *
1467 * ssl       WOLFSSL object
1468 * input     buffer holding certificate verify message
1469 * inOutIdx  On entry, the index into the message buffer of
1470 *           CertificateVerify.
1471 *           On exit, the index of byte after the CertificateVerify message.
1472 * totalSz   The length of the current handshake message.
1473 * return    0 on success, CRYPTOCB_UNAVAILABLE when TSIP can not handle,
1474 *           other negative values on error.
1475 */
1476int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
1477                                            const byte* input, word32* inOutIdx,
1478                                            word32 totalSz)
1479{
1480    int     ret = 0;
1481    byte*   sigData = NULL;
1482    byte    hiAlgo,loAlgo;
1483    int     messageSz;
1484    word16  signatureLen;
1485    word16  idx;
1486    e_tsip_err_t  err = TSIP_SUCCESS;
1487    TsipUserCtx*  tuc = NULL;
1488    e_tsip_tls13_signature_scheme_type_t sig_scheme;
1489
1490    WOLFSSL_ENTER("tsip_Tls13CertificateVerify");
1491
1492
1493    if (ssl == NULL || input == NULL || inOutIdx == NULL) {
1494        ret = BAD_FUNC_ARG;
1495    }
1496
1497    if (ret == 0) {
1498        if (ENUM_LEN + ENUM_LEN > totalSz) {
1499            ret = BUFFER_ERROR;
1500        }
1501        /* parse certificate verify message to get hash-algo */
1502        hiAlgo  = *(input + *inOutIdx);
1503        loAlgo  = *(input + *inOutIdx + 1);
1504    }
1505    if (ret == 0) {
1506        /* get signature length */
1507        ato16(input + *inOutIdx + 2, &signatureLen);
1508
1509        if (ENUM_LEN + ENUM_LEN + OPAQUE16_LEN > totalSz) {
1510            ret = BUFFER_ERROR;
1511        }
1512    }
1513    if (ret == 0) {
1514        if (ENUM_LEN + ENUM_LEN + OPAQUE16_LEN + signatureLen > totalSz) {
1515            ret = BUFFER_ERROR;
1516        }
1517    }
1518    if (ret == 0) {
1519        /* check if tsip accepts signature algorithm */
1520        if (hiAlgo == NEW_SA_MAJOR && loAlgo == sha256_mac) {
1521            /* rsa_pss_rsae_sha256 0x0804 */
1522            WOLFSSL_MSG("Peer sent RSA sig");
1523            sig_scheme = TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256;
1524        }
1525        else if (hiAlgo == 0x04 && loAlgo == ecc_dsa_sa_algo) {
1526            /* ecdsa_secp256r1_sha256 0x0403 */
1527            WOLFSSL_MSG("Peer sent ECC sig");
1528            sig_scheme = TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256;
1529        }
1530        else {
1531            ret = CRYPTOCB_UNAVAILABLE;
1532        }
1533    }
1534
1535    if (ret == 0) {
1536        /* get user context for TSIP */
1537        tuc = ssl->RenesasUserCtx;
1538        if (tuc == NULL) {
1539            WOLFSSL_MSG("TsipUserCtx is not set to ssl.");
1540            ret = CRYPTOCB_UNAVAILABLE;
1541        }
1542    }
1543
1544    /* check if peer's public key is stored */
1545    if (ret == 0) {
1546        if (ssl->peerSceTsipEncRsaKeyIndex == NULL) {
1547            ret = CRYPTOCB_UNAVAILABLE;
1548        }
1549    }
1550
1551    if (ret == 0) {
1552        /* create sign data */
1553        sigData = tuc->internal->sigDataCertVerify;
1554
1555        idx = 0;
1556        ForceZero(sigData, sizeof(tuc->internal->sigDataCertVerify));
1557        XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
1558                                                TSIP_SIGNING_DATA_PREFIX_SZ);
1559
1560        idx += TSIP_SIGNING_DATA_PREFIX_SZ;
1561        XMEMCPY(&sigData[idx], serverCertVfyLabel, TSIP_CERT_VFY_LABEL_SZ);
1562
1563        idx += TSIP_CERT_VFY_LABEL_SZ;
1564        ret = tsip_GetMessageSha256(ssl, &sigData[idx], &messageSz);
1565    }
1566
1567    if (ret == 0) {
1568
1569        if ((ret = tsip_hw_lock()) == 0) {
1570            err = R_TSIP_Tls13CertificateVerifyVerification(
1571                        (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
1572                        sig_scheme,
1573                        &sigData[idx],
1574                        (uint8_t*)(input + *inOutIdx),
1575                        totalSz);
1576
1577            if (err == TSIP_SUCCESS) {
1578
1579                *inOutIdx += totalSz;
1580                *inOutIdx += ssl->keys.padSz;
1581                ssl->options.peerAuthGood = 1;
1582                ssl->options.havePeerVerify = 1;
1583            #if !defined(NO_WOLFSSL_CLIENT)
1584                if (ssl->options.side == WOLFSSL_CLIENT_END)
1585                    ssl->options.serverState = SERVER_CERT_VERIFY_COMPLETE;
1586            #endif
1587            }
1588            else {
1589                ret = WC_HW_E;
1590                if (err == TSIP_ERR_AUTHENTICATION) {
1591                    WOLFSSL_MSG("Certificate Verification failed.");
1592                }
1593            }
1594
1595            tsip_hw_unlock();
1596        }
1597        else {
1598            WOLFSSL_MSG("mutex locking error");
1599        }
1600    }
1601
1602    WOLFSSL_LEAVE("tsip_Tls13CertificateVerify", ret);
1603    return ret;
1604}
1605
1606/* Send the TLS v1.3 CertificateVerify message. A part of the message is
1607 * processed by TSIP for acceleration.
1608 *
1609 * Prior to this function call, the appropriate key-pair should be set via
1610 * tsip_use_PrivateKey_buffer_TLS and tsip_use_PublicKey_buffer_TLS APIs.
1611 * Those key pair can be generated by the tool named
1612 * "Renesas secure flash programmer".
1613 * When RSA certificate is used, both public and private keys should be set.
1614 * The public key is used for self-verify the generated certificateVerify
1615 * message. When ECC certificate is used, the self-verify will be performed only
1616 * WOLFSSL_CHECK_SIG_FAULTS is defined.
1617 *
1618 * Returns 0 on success, CRYPTOCB_UNAVAILABLE when the required key is not
1619 * provided or unsupported algo is specified and otherwise failure.
1620 */
1621int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
1622{
1623    int ret = 0;
1624    e_tsip_err_t    err = TSIP_SUCCESS;
1625    byte*           sigData = NULL;
1626    word16          idx;
1627    int             isTLS13 = 0;
1628    TsipUserCtx*    tuc     = NULL;
1629    byte*           output  = NULL;
1630    byte*           message = NULL;
1631    byte*           derSig  = NULL;
1632    int             isRsa   = -1;
1633    uint32_t        messageSz,recordSz,hashSz;
1634    byte            hash[WC_SHA256_DIGEST_SIZE];
1635    byte            sig_rs[R_TSIP_ECDSA_DATA_BYTE_SIZE];
1636    tsip_rsa_byte_data_t   rsa_sig,rsa_hash;
1637    tsip_ecdsa_byte_data_t ecdsa_sig,ecdsa_hash;
1638
1639    WOLFSSL_ENTER("tsip_Tls13SendCertVerify");
1640    (void)derSig;
1641    (void)rsa_sig;
1642    (void)rsa_hash;
1643    (void)ecdsa_sig;
1644    (void)ecdsa_hash;
1645    (void)sig_rs;
1646
1647    if (ssl == NULL) {
1648        ret = BAD_FUNC_ARG;
1649    }
1650
1651    if (ret == 0) {
1652        if (ssl->version.major == SSLv3_MAJOR &&
1653            ssl->version.minor == TLSv1_3_MINOR)
1654            isTLS13 = 1;
1655
1656        /* check if it's TLS13 and client side */
1657        if (!isTLS13 || ssl->options.side != WOLFSSL_CLIENT_END) {
1658            ret = CRYPTOCB_UNAVAILABLE;
1659        }
1660    }
1661
1662    if (ret == 0) {
1663        /* get user context for TSIP */
1664        tuc = ssl->RenesasUserCtx;
1665        if (tuc == NULL) {
1666            ret = CRYPTOCB_UNAVAILABLE;
1667        }
1668    }
1669
1670    if (ret == 0) {
1671        #if !defined(NO_RSA)
1672        if (ssl->options.haveRSA)
1673            isRsa = 1;
1674        else
1675        #endif
1676        #ifdef HAVE_ECC
1677        if (ssl->options.haveECC)
1678            isRsa = 0;
1679        else
1680        #endif /* HAVE_ECC */
1681            isRsa = -1;
1682
1683        if (isRsa != 0 && isRsa != 1) {
1684            ret = CRYPTOCB_UNAVAILABLE;
1685        }
1686    }
1687
1688    if (ret == 0) {
1689        ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
1690    }
1691
1692    if (ret == 0) {
1693        if (isRsa) {
1694            if (!tuc->internal->ClientRsa2048PrivKey_set) {
1695                ret = NO_PRIVATE_KEY;
1696            }
1697        }
1698        else {
1699            if (!tuc->internal->ClientEccPrivKey_set) {
1700                ret = NO_PRIVATE_KEY;
1701            }
1702        }
1703    }
1704
1705    if (ret == 0) {
1706        /* get message hash */
1707        ForceZero(hash, sizeof(hash));
1708        ret = tsip_GetMessageSha256(ssl, hash, (int*)&hashSz);
1709    }
1710
1711    if (ret == 0) {
1712        recordSz = WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA * 2;
1713        /* check for available size */
1714        ret = CheckAvailableSize(ssl, recordSz);
1715        recordSz = 0;
1716    }
1717
1718    if (ret == 0) {
1719        /* get output buffer for record header */
1720        output = ssl->buffers.outputBuffer.buffer +
1721                 ssl->buffers.outputBuffer.length;
1722
1723        /* buffer for message header */
1724        message = output + RECORD_HEADER_SZ;
1725    }
1726
1727    /* generate signature */
1728    if (ret == 0) {
1729        if ((ret = tsip_hw_lock()) == 0) {
1730            if (isRsa) {
1731                err = R_TSIP_Tls13CertificateVerifyGenerate(
1732                            (uint32_t*)&(tuc->internal->Rsa2048PrivateKeyIdx),
1733                            TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256,
1734                                                hash,
1735                                                message + HANDSHAKE_HEADER_SZ,
1736                                                &messageSz);
1737            }
1738            else {
1739                err = R_TSIP_Tls13CertificateVerifyGenerate(
1740                            (uint32_t*)&(tuc->internal->EcdsaPrivateKeyIdx),
1741                            TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
1742                                                hash,
1743                                                message + HANDSHAKE_HEADER_SZ,
1744                                                &messageSz);
1745            }
1746            if (err != TSIP_SUCCESS) {
1747                WOLFSSL_MSG("failed to make certificate verify message");
1748                ret = WC_HW_E;
1749            }
1750            tsip_hw_unlock();
1751        }
1752        else {
1753            WOLFSSL_MSG("mutex locking error");
1754        }
1755    }
1756
1757    if (ret == 0) {
1758        if (isRsa) {
1759            ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
1760        }
1761        else {
1762#if defined(WOLFSSL_CHECK_SIG_FAULTS)
1763            ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
1764#endif
1765        }
1766    }
1767
1768    if (ret == 0) {
1769        if (isRsa) {
1770            if (!tuc->internal->ClientRsa2048PubKey_set) {
1771                ret = NO_PRIVATE_KEY;
1772            }
1773        }
1774        else {
1775#if defined(WOLFSSL_CHECK_SIG_FAULTS)
1776            if (!tuc->ClientEccPubKey_set) {
1777                ret = NO_PRIVATE_KEY;
1778            }
1779#endif /* WOLFSSL_CHECK_SIG_FAULTS */
1780        }
1781    }
1782
1783    if (ret == 0) {
1784        sigData = tuc->internal->sigDataCertVerify;
1785
1786        idx = 0;
1787        ForceZero(sigData, sizeof(tuc->internal->sigDataCertVerify));
1788        XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
1789                                                TSIP_SIGNING_DATA_PREFIX_SZ);
1790
1791        idx += TSIP_SIGNING_DATA_PREFIX_SZ;
1792        XMEMCPY(&sigData[idx], clientCertVfyLabel, TSIP_CERT_VFY_LABEL_SZ);
1793
1794        idx += TSIP_CERT_VFY_LABEL_SZ;
1795        XMEMCPY(&sigData[idx], hash, hashSz);
1796    }
1797
1798    if (ret == 0) {
1799        /* extract signature data from generated CertificateVerify message */
1800        if (!isRsa) {
1801#if defined(WOLFSSL_CHECK_SIG_FAULTS)
1802            idx = 4;
1803            derSig = message +
1804                        HANDSHAKE_HEADER_SZ + HASH_SIG_SIZE + VERIFY_HEADER;
1805            if (derSig[idx] == 0x00)
1806                idx++;
1807            XMEMCPY(sig_rs, &derSig[idx], R_TSIP_ECDSA_DATA_BYTE_SIZE / 2);
1808            idx += (R_TSIP_ECDSA_DATA_BYTE_SIZE / 2) + ASN_TAG_SZ + 1;
1809            if (derSig[idx] == 0x00)
1810                idx++;
1811            XMEMCPY(&sig_rs[R_TSIP_ECDSA_DATA_BYTE_SIZE / 2],
1812                            &derSig[idx], R_TSIP_ECDSA_DATA_BYTE_SIZE / 2);
1813#endif /* WOLFSSL_CHECK_SIG_FAULTS */
1814        }
1815    }
1816
1817    if (ret == 0) {
1818        if ((ret = tsip_hw_lock()) == 0) {
1819            if (isRsa) {
1820                rsa_sig.pdata  = message + HANDSHAKE_HEADER_SZ +
1821                                                HASH_SIG_SIZE + VERIFY_HEADER;
1822                rsa_hash.pdata = sigData;
1823                rsa_hash.data_length = TSIP_SIGNING_DATA_PREFIX_SZ +
1824                                         TSIP_CERT_VFY_LABEL_SZ + sizeof(hash);
1825
1826                rsa_hash.data_type = 0;
1827
1828                err = R_TSIP_RsassaPss2048SignatureVerification(
1829                            &rsa_sig, &rsa_hash,
1830                            &(tuc->internal)->Rsa2048PublicKeyIdx,
1831                            R_TSIP_RSA_HASH_SHA256);
1832                WOLFSSL_MSG("Perform self-verify for rsa signature");
1833            }
1834            else {
1835                err = TSIP_SUCCESS;
1836#if defined(WOLFSSL_CHECK_SIG_FAULTS)
1837                ecdsa_sig.pdata  = sig_rs;
1838                ecdsa_hash.pdata = sigData;
1839                ecdsa_hash.data_length = TSIP_SIGNING_DATA_PREFIX_SZ +
1840                                         TSIP_CERT_VFY_LABEL_SZ + sizeof(hash);
1841                ecdsa_hash.data_type = 0;
1842
1843                err = R_TSIP_EcdsaP256SignatureVerification(
1844                            &ecdsa_sig, &ecdsa_hash,
1845                            &tuc->EcdsaPublicKeyIdx);
1846                WOLFSSL_MSG("Perform self-verify for ecc signature");
1847#endif /* WOLFSSL_CHECK_SIG_FAULTS */
1848            }
1849            if (err != TSIP_SUCCESS) {
1850                WOLFSSL_MSG("Failed to verify signature");
1851                ret = VERIFY_SIGN_ERROR;
1852            }
1853            tsip_hw_unlock();
1854        }
1855        else {
1856            WOLFSSL_MSG("mutex locking error");
1857        }
1858    }
1859
1860    /* create message header */
1861    if (ret == 0) {
1862
1863        ((HandShakeHeader*)message)->type = certificate_verify;
1864
1865        c32to24(messageSz, ((HandShakeHeader*)message)->length);
1866
1867        recordSz = tsip_Tls13BuildMessage(ssl, output, 0, message,
1868                                          messageSz + HANDSHAKE_HEADER_SZ,
1869                                                             handshake, 1);
1870
1871        if (recordSz > 0) {
1872            ssl->buffers.outputBuffer.length += recordSz;
1873            ret = SendBuffered(ssl);
1874        }
1875        else {
1876            ret = recordSz;
1877        }
1878    }
1879
1880    WOLFSSL_LEAVE("tsip_Tls13SendCertVerify", ret);
1881    return ret;
1882}
1883#endif /* WOLFSSL_TLS13 */
1884#endif /* WOLFSSL_RENESAS_TSIP_TLS */
1885
1886
1887#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109)
1888
1889static uint32_t GetTsipCipherSuite(
1890                    uint8_t cipherSuiteFirst,
1891                    uint8_t cipherSuite)
1892{
1893    WOLFSSL_ENTER("GetTsipCipherSuite");
1894    uint32_t tsipCipher;
1895
1896    if (cipherSuiteFirst == CIPHER_BYTE)
1897    {
1898        switch(cipherSuite) {
1899
1900            case TLS_RSA_WITH_AES_128_CBC_SHA: /*2F*/
1901                tsipCipher = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA; /*0*/
1902                break;
1903
1904            case TLS_RSA_WITH_AES_128_CBC_SHA256:
1905                tsipCipher = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA256;
1906                break;
1907
1908            case TLS_RSA_WITH_AES_256_CBC_SHA:
1909                tsipCipher = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA;
1910                break;
1911
1912            case TLS_RSA_WITH_AES_256_CBC_SHA256:
1913                tsipCipher = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA256;
1914                break;
1915
1916            default:
1917                tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE;
1918                break;
1919        }
1920        WOLFSSL_LEAVE("GetTsipCipherSuite", tsipCipher);
1921        return tsipCipher;
1922    }
1923    else if (cipherSuiteFirst == ECC_BYTE)
1924    {
1925        tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE;
1926
1927        switch(cipherSuite) {
1928
1929            case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
1930                tsipCipher = R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
1931                break;
1932
1933            case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
1934                tsipCipher = R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
1935                break;
1936
1937            case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
1938                tsipCipher = R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
1939                break;
1940
1941            case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
1942                tsipCipher = R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
1943                break;
1944
1945            default:
1946                tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE;
1947                break;
1948        }
1949    }
1950    else {
1951        tsipCipher = (uint32_t)WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE;
1952    }
1953
1954    WOLFSSL_LEAVE("GetTsipCipherSuite", tsipCipher);
1955
1956    return tsipCipher;
1957}
1958
1959/*  Attempt to get a public key exchanged with the peer in ECDHE.
1960 *  the public key is verified by given signature then stored into ctx.
1961 *
1962 *  return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure.
1963 */
1964static int tsip_ServerKeyExVerify(
1965    word32      type,       /* public key type 0:RSA2048 2:ECDSA P-256 */
1966    WOLFSSL*    ssl,
1967    const byte* sig,
1968    word32      sigSz,
1969    void*       ctx)
1970{
1971    int     ret = WOLFSSL_FAILURE;
1972    byte    qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
1973    byte*   peerkey = NULL;
1974    word32  qxLen = sizeof(qx), qyLen = sizeof(qy);
1975    TsipUserCtx*   userCtx = NULL;
1976
1977    WOLFSSL_ENTER("tsip_ServerKeyExVerify");
1978
1979    /* sanity check */
1980    if (ssl == NULL || sig == NULL || ctx == NULL)
1981        return ret;
1982
1983    userCtx = (TsipUserCtx*)ctx;
1984
1985    /* export public peer public key */
1986    ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen);
1987
1988    if (ret != 0) {
1989        WOLFSSL_MSG("failed to export peer ecc key");
1990        WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret);
1991        return ret;
1992    }
1993    /* make peer ecc key data for SCE */
1994    /* 0padding(24bit) || 04(8bit) || Qx(256bit) || Qy(256bit) */
1995    peerkey = (byte*)XMALLOC((3 + 1 + qxLen + qyLen), NULL,
1996                                                 DYNAMIC_TYPE_TMP_BUFFER);
1997    if (peerkey == NULL) {
1998        WOLFSSL_MSG("failed to malloc ecc key");
1999        WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret);
2000        return WOLFSSL_FAILURE;
2001    }
2002
2003    ForceZero(peerkey, (3 + 1 + qxLen + qyLen));
2004    peerkey[3] = ECC_POINT_UNCOMP;
2005    XMEMCPY(&peerkey[4], qx, qxLen);
2006    XMEMCPY(&peerkey[4+qxLen], qy, qyLen);
2007
2008    /* 0 : RSA 2048bit, 1 : Reserved, 2 : ECDSA P-256 */
2009    if ((ret = tsip_hw_lock()) == 0) {
2010        ret = R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves(
2011            type,
2012            (uint8_t*) ssl->arrays->clientRandom,
2013            (uint8_t*) ssl->arrays->serverRandom,
2014            (uint8_t*) peerkey,
2015            (uint8_t*) sig,
2016            (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
2017            (uint32_t*)userCtx->internal->encrypted_ephemeral_ecdh_public_key);
2018
2019        if (ret !=TSIP_SUCCESS) {
2020            WOLFSSL_MSG("R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves failed");
2021        }
2022        else {
2023            ret = WOLFSSL_SUCCESS;
2024        }
2025
2026        tsip_hw_unlock();
2027    }
2028    else {
2029        WOLFSSL_MSG("Failed to lock tsip hw");
2030    }
2031
2032    XFREE(peerkey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2033
2034    WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret);
2035    return ret;
2036}
2037/*
2038 *  return 0 on success
2039 */
2040int wc_tsip_RsaVerify(
2041        WOLFSSL* ssl,
2042        byte* sig,      word32 sigSz,
2043        byte** out,
2044        const byte* key,
2045        word32 keySz,
2046        void* ctx)
2047{
2048    int ret;
2049
2050    WOLFSSL_ENTER("tsip_RsaVerify");
2051
2052    if (tsip_usable(ssl, 0))
2053        ret = tsip_ServerKeyExVerify(0, ssl, sig, sigSz, ctx);
2054    else
2055        ret = CRYPTOCB_UNAVAILABLE;
2056
2057    if (ret == WOLFSSL_SUCCESS)
2058        ret = 0;
2059
2060    WOLFSSL_LEAVE("tsip_RsaVerify", ret);
2061    return ret;
2062}
2063/*  Verify signature for Server Key Exchange with TSIP
2064 *  TSIP can handle prime256v1 curve and sha256 hash
2065 *  parameters:
2066 *   ssl    WOLFSSL object
2067 *   sig    buffer holding DER encoded ecdsa signature data
2068 *   sigSz  signature data size
2069 *   hash   buffer holding sha256 hash data
2070 *   hashSz hash data size
2071 *   key    buffer holding peer's public key (NOT used in this function)
2072 *   keySz  public key size((NOT used in this function))
2073 *   result address of the variable to output result
2074 *   ctx    context
2075 *  return 0 on success, CRYPTOCB_UNAVAILABLE in case TSIP cannot handle
2076 */
2077int wc_tsip_EccVerify(
2078        WOLFSSL*  ssl,
2079        const byte* sig,    word32 sigSz,
2080        const byte* hash,   word32 hashSz,
2081        const byte* key,    word32 keySz,
2082        int*  result,       void*  ctx)
2083{
2084    int         ret = WOLFSSL_FAILURE;
2085    uint8_t     sigforSCE [R_TSIP_ECDSA_DATA_BYTE_SIZE] = {0};
2086    const byte  rs_size = R_TSIP_ECDSA_DATA_BYTE_SIZE/2;
2087    byte        offset = 0x3;
2088
2089    WOLFSSL_ENTER("wc_tsip_EccVerify");
2090
2091    /* check if TSIP can handle given cipher suite */
2092    if (!tsip_usable(ssl, 0)) {
2093        WOLFSSL_MSG("Cannot handle cipher suite by TSIP");
2094        WOLFSSL_LEAVE("wc_tsip_EccVerify", CRYPTOCB_UNAVAILABLE);
2095        return CRYPTOCB_UNAVAILABLE;
2096    }
2097
2098    /* in TLS1.3 */
2099    if (ssl->version.major == SSLv3_MAJOR &&
2100        ssl->version.minor == TLSv1_3_MINOR) {
2101        WOLFSSL_LEAVE("wc_tsip_EccVerify", CRYPTOCB_UNAVAILABLE);
2102        return CRYPTOCB_UNAVAILABLE;
2103    }
2104
2105    /* concatenate r and s parts of the signature so that TSIP can handle it */
2106    /* r */
2107    if (sig[offset] == 0x20) {
2108        XMEMCPY(sigforSCE, &sig[offset+1], rs_size);
2109
2110        offset = 0x25;
2111        /* s */
2112        if (sig[offset] == 0x20) {
2113          XMEMCPY(&sigforSCE[rs_size], &sig[offset+1], rs_size);
2114        }
2115        else {
2116          XMEMCPY(&sigforSCE[rs_size], &sig[offset+2], rs_size);
2117        }
2118    }
2119    else {
2120        XMEMCPY(sigforSCE, &sig[offset+2], rs_size);
2121
2122        offset = 0x26;
2123        /* s */
2124        if (sig[offset] == rs_size) {
2125          XMEMCPY(&sigforSCE[rs_size], &sig[offset+1], rs_size);
2126        }
2127        else {
2128          XMEMCPY(&sigforSCE[rs_size], &sig[offset+2], rs_size);
2129        }
2130    }
2131
2132    ret = tsip_ServerKeyExVerify(2, ssl, sigforSCE, 64, ctx);
2133
2134    if (ret == WOLFSSL_SUCCESS) {
2135        *result = 1;
2136        ret = 0; /* for success */
2137    }
2138    else
2139        *result = 0;
2140
2141    WOLFSSL_LEAVE("wc_tsip_EccVerify", ret);
2142    return ret;
2143}
2144
2145/*
2146 *  generate premaster secret
2147 *  1. generate P256 ECC key pair for ECDHE key exchange
2148 *  2. generate pre-master secret
2149 *  output 64 bytes premaster secret to "out" buffer.
2150 */
2151int wc_tsip_EccSharedSecret(
2152    WOLFSSL* ssl,
2153    ecc_key* otherKey,
2154    unsigned char* pubKeyDer,   unsigned int* pubKeySz,
2155    unsigned char* out,         unsigned int* outlen,
2156    int side, void* ctx)
2157{
2158    int       ret;
2159    TsipUserCtx* usrCtx = (TsipUserCtx*)ctx;
2160
2161    (void)ssl;
2162    (void)otherKey;
2163
2164    WOLFSSL_ENTER("wc_tsip_EccSharedSecret");
2165    /* sanity check */
2166    if (ssl == NULL || pubKeyDer == NULL || pubKeySz == NULL ||
2167        out == NULL || outlen == NULL || ctx == NULL) {
2168        WOLFSSL_LEAVE("wc_tsip_EccSharedSecret", WOLFSSL_FAILURE);
2169        return WOLFSSL_FAILURE;
2170    }
2171    if ((ret = tsip_hw_lock()) == 0) {
2172        /* Generate ECC public key for key exchange */
2173        ret = R_TSIP_GenerateTlsP256EccKeyIndex(
2174                    &(usrCtx->internal->ecc_p256_wrapped_key),
2175                    (uint8_t*)&(usrCtx->internal->ecc_ecdh_public_key));
2176
2177        if (ret == TSIP_SUCCESS) {
2178
2179            /* copy generated ecdh public key into buffer */
2180            pubKeyDer[0] = ECC_POINT_UNCOMP;
2181            *pubKeySz = 1 + sizeof(usrCtx->internal->ecc_ecdh_public_key);
2182            XMEMCPY(&pubKeyDer[1], &(usrCtx->internal->ecc_ecdh_public_key),
2183                        sizeof(usrCtx->internal->ecc_ecdh_public_key));
2184
2185            /* Generate Premaster Secret */
2186            ret = R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key(
2187            (uint32_t*)&(usrCtx->internal->encrypted_ephemeral_ecdh_public_key),
2188            &(usrCtx->internal->ecc_p256_wrapped_key),
2189            (uint32_t*)out/* pre-master secret 64 bytes */);
2190        }
2191        if (ret == TSIP_SUCCESS) {
2192            *outlen = 64;
2193            wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx,
2194                                                Renesas_cmn_genMasterSecret);
2195            wolfSSL_SetGenMasterSecretCtx(ssl, usrCtx);
2196
2197        }
2198
2199        tsip_hw_unlock();
2200    }
2201    else {
2202        WOLFSSL_MSG("Failed to lock tsip hw");
2203    }
2204    WOLFSSL_LEAVE("wc_tsip_EccSharedSecret", ret);
2205    return ret;
2206}
2207
2208
2209WOLFSSL_API void tsip_set_callbacks(WOLFSSL_CTX* ctx)
2210{
2211    WOLFSSL_ENTER("tsip_set_callbacks");
2212    wolfSSL_CTX_SetEccVerifyCb(ctx, (CallbackEccVerify)Renesas_cmn_EccVerify);
2213    wolfSSL_CTX_SetRsaVerifyCb(ctx, (CallbackRsaVerify)Renesas_cmn_RsaVerify);
2214    wolfSSL_CTX_SetGenPreMasterCb(ctx, Renesas_cmn_generatePremasterSecret);
2215    wolfSSL_CTX_SetRsaEncCb(ctx, Renesas_cmn_RsaEnc);
2216#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
2217    wolfSSL_CTX_SetVerifyMacCb(ctx, (CallbackVerifyMac)Renesas_cmn_VerifyHmac);
2218#endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
2219    wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
2220    /* Set ssl-> options.sendVerify to SEND_CERT by the following two
2221     * registrations. This will allow the client certificate to be sent to
2222     * the server even if the private key is empty. The two callbacks do
2223     * virtually nothing.
2224     */
2225    #ifdef WOLFSSL_TLS13
2226    #ifdef HAVE_ECC
2227    wolfSSL_CTX_SetEccSignCb(ctx, Renesas_cmn_EccSignCb);
2228    #endif
2229    #ifndef NO_RSA
2230    wolfSSL_CTX_SetRsaSignCb(ctx, Renesas_cmn_RsaSignCb);
2231    #endif
2232    #endif /* WOLFSSL_TLS13 */
2233
2234    wolfSSL_CTX_SetRsaSignCheckCb(ctx, Renesas_cmn_RsaSignCheckCb);
2235
2236    /* set heap-hint to tsip_heap_hint so that tsip sha funcs can refer it */
2237    if (ctx->heap != NULL) {
2238        tsip_heap_hint = ctx->heap;
2239    }
2240
2241    WOLFSSL_LEAVE("tsip_set_callbacks", 0);
2242}
2243
2244WOLFSSL_API int tsip_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
2245{
2246    WOLFSSL_ENTER("tsip_set_callback_ctx");
2247
2248    TsipUserCtx* uCtx = (TsipUserCtx*)user_ctx;
2249    if (user_ctx == NULL || ssl == NULL) {
2250        WOLFSSL_MSG("user ctx is null");
2251        return BAD_FUNC_ARG;
2252    }
2253
2254    ForceZero(uCtx, sizeof(TsipUserCtx));
2255
2256    uCtx->internal =
2257        (TsipUserCtx_Internal*)XMALLOC(sizeof(TsipUserCtx_Internal),
2258                                        ssl->heap,
2259                                        DYNAMIC_TYPE_TMP_BUFFER);
2260
2261    if (!uCtx->internal) {
2262        printf("Failed to allocate memory for user ctx internal");
2263        return MEMORY_E;
2264    }
2265
2266    ForceZero(uCtx->internal, sizeof(TsipUserCtx_Internal));
2267
2268    uCtx->internal->ssl  = ssl;
2269    uCtx->internal->ctx  = ssl->ctx;
2270    uCtx->internal->heap = ssl->heap;
2271    uCtx->internal->side = ssl->ctx->method->side;
2272
2273    ssl->RenesasUserCtx = user_ctx;     /* ssl doesn't own user_ctx */
2274
2275    wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
2276    wolfSSL_SetRsaEncCtx(ssl, user_ctx);
2277    wolfSSL_SetRsaVerifyCtx(ssl, user_ctx);
2278    wolfSSL_SetRsaSignCtx(ssl, user_ctx);
2279    wolfSSL_SetGenPreMasterCtx(ssl, user_ctx);
2280    wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
2281#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
2282    wolfSSL_SetVerifyMacCtx(ssl, user_ctx);
2283#endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
2284    /* set up crypt callback */
2285    wc_CryptoCb_CryptInitRenesasCmn(ssl, user_ctx);
2286    WOLFSSL_LEAVE("tsip_set_callback_ctx", 0);
2287    return 0;
2288}
2289
2290#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=106)
2291
2292/* convert def to tsip define */
2293static byte _tls2tsipdef(byte cipher)
2294{
2295    byte def = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA;
2296    switch(cipher) {
2297        case l_TLS_RSA_WITH_AES_128_CBC_SHA:
2298            break;
2299        case l_TLS_RSA_WITH_AES_128_CBC_SHA256:
2300            def = R_TSIP_TLS_RSA_WITH_AES_128_CBC_SHA256;
2301            break;
2302        case l_TLS_RSA_WITH_AES_256_CBC_SHA:
2303            def = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA;
2304            break;
2305        case l_TLS_RSA_WITH_AES_256_CBC_SHA256:
2306            def = R_TSIP_TLS_RSA_WITH_AES_256_CBC_SHA256;
2307            break;
2308        default:break;
2309    }
2310    return def;
2311}
2312#endif
2313
2314#ifdef WOLFSSL_RENESAS_TSIP_TLS
2315/*
2316 * Import wrapped private key then convert it into TSIP key_index format.
2317 * The target key should be set with tsip_use_PrivateKey_buffer in advance.
2318 * Acceptable key types are:
2319 *   TSIP_KEY_TYPE_RSA2048     rsa 2048 bit key
2320 *   TSIP_KEY_TYPE_RSA3072     rsa 3072 bit key
2321 *   TSIP_KEY_TYPE_RSA4096     rsa 4096 bit key
2322 *   TSIP_KEY_TYPE_ECDSAP256   ecdsa p256r1 key
2323 *   TSIP_KEY_TYPE_ECDSAP384   ecdsa p384r1 key
2324 */
2325int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
2326{
2327    int          ret = 0;
2328    e_tsip_err_t err = TSIP_SUCCESS;
2329    uint8_t* provisioning_key = g_user_key_info.encrypted_provisioning_key;
2330    uint8_t* iv               = g_user_key_info.iv;
2331    uint8_t* encPrivKey;
2332
2333    WOLFSSL_ENTER("tsip_ImportPrivateKey");
2334
2335    if (tuc == NULL)
2336        return BAD_FUNC_ARG;
2337
2338    encPrivKey = tuc->internal->wrappedPrivateKey;
2339
2340    if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) {
2341        WOLFSSL_MSG("Missing some key materials used for import" );
2342        return CRYPTOCB_UNAVAILABLE;
2343    }
2344
2345    if (ret == 0) {
2346        if (keyType != tuc->wrappedKeyType) {
2347            WOLFSSL_MSG("No public key of specified type is set" );
2348            return CRYPTOCB_UNAVAILABLE;
2349        }
2350    }
2351
2352    if ((ret = tsip_hw_lock()) == 0) {
2353        switch (keyType) {
2354
2355            #if !defined(NO_RSA)
2356            case TSIP_KEY_TYPE_RSA2048:
2357
2358                tuc->internal->ClientRsa2048PrivKey_set = 0;
2359                err = R_TSIP_GenerateRsa2048PrivateKeyIndex(
2360                                    provisioning_key, iv, (uint8_t*)encPrivKey,
2361                                    &(tuc->internal->Rsa2048PrivateKeyIdx));
2362                if (err == TSIP_SUCCESS) {
2363                    tuc->internal->ClientRsa2048PrivKey_set = 1;
2364                }
2365                else {
2366                    ret = WC_HW_E;
2367                }
2368                break;
2369            #endif
2370
2371            case TSIP_KEY_TYPE_RSA4096:
2372                /* not supported as of TSIPv1.15 */
2373                ret = CRYPTOCB_UNAVAILABLE;
2374                break;
2375
2376            #if defined(HAVE_ECC)
2377            case TSIP_KEY_TYPE_ECDSAP256:
2378
2379                tuc->internal->ClientEccPrivKey_set = 0;
2380                err = R_TSIP_GenerateEccP256PrivateKeyIndex(
2381                                    provisioning_key, iv, (uint8_t*)encPrivKey,
2382                                    &(tuc->internal->EcdsaPrivateKeyIdx));
2383                if (err == TSIP_SUCCESS) {
2384                    tuc->internal->ClientEccPrivKey_set = 1;
2385                }
2386                else {
2387                    ret = WC_HW_E;
2388                }
2389                break;
2390            #endif
2391
2392            default:
2393                ret = BAD_FUNC_ARG;
2394                break;
2395        }
2396        tsip_hw_unlock();
2397    }
2398    else {
2399        WOLFSSL_MSG("mutex locking error");
2400    }
2401    WOLFSSL_LEAVE("tsip_ImportPrivateKey", ret);
2402    return ret;
2403}
2404
2405#endif /* WOLFSSL_RENESAS_TSIP_TLS */
2406
2407/*
2408 * Import wrapped public key then convert it into TSIP key_index format.
2409 * The target key should be set with tsip_use_PublicKey_buffer in advance.
2410 * Acceptable key types are:
2411 *   TSIP_KEY_TYPE_RSA2048     rsa 2048 bit key
2412 *   TSIP_KEY_TYPE_RSA3072     rsa 3072 bit key
2413 *   TSIP_KEY_TYPE_RSA4096     rsa 4096 bit key
2414 *   TSIP_KEY_TYPE_ECDSAP256   ecdsa p256r1 key
2415 *   TSIP_KEY_TYPE_ECDSAP384   ecdsa p384r1 key
2416 */
2417int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
2418{
2419    int          ret = 0;
2420    e_tsip_err_t err = TSIP_SUCCESS;
2421    uint8_t* provisioning_key = g_user_key_info.encrypted_provisioning_key;
2422    uint8_t* iv               = g_user_key_info.iv;
2423    uint8_t* encPubKey;
2424
2425    WOLFSSL_ENTER("tsip_ImportPublicKey");
2426
2427    if (tuc == NULL ) {
2428        return BAD_FUNC_ARG;
2429    }
2430
2431    encPubKey = tuc->internal->wrappedPublicKey;
2432
2433    if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) {
2434        WOLFSSL_MSG("Missing some key materials used for import" );
2435        return CRYPTOCB_UNAVAILABLE;
2436    }
2437
2438    if (ret == 0) {
2439        if (keyType != tuc->wrappedKeyType) {
2440            WOLFSSL_MSG("No public key of specified type is set" );
2441            return CRYPTOCB_UNAVAILABLE;
2442        }
2443    }
2444
2445    if ((ret = tsip_hw_lock()) == 0) {
2446        switch (keyType) {
2447
2448        #if !defined(NO_RSA)
2449        #if ((defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1) || \
2450            (defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1))
2451            case TSIP_KEY_TYPE_RSA2048:
2452            #if defined(WOLFSSL_RENESAS_TSIP_TLS)
2453                tuc->internal->ClientRsa2048PubKey_set = 0;
2454            #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
2455                XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
2456                tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0;
2457                tuc->rsa2048pub_keyIdx =
2458                    (tsip_rsa2048_public_key_index_t*)XMALLOC(
2459                        sizeof(tsip_rsa2048_public_key_index_t), NULL,
2460                        DYNAMIC_TYPE_RSA_BUFFER);
2461                if (tuc->rsa2048pub_keyIdx == NULL) {
2462                    return MEMORY_E;
2463                }
2464            #endif
2465                err = R_TSIP_GenerateRsa2048PublicKeyIndex(
2466                                    provisioning_key, iv, (uint8_t*)encPubKey,
2467                                #if defined(WOLFSSL_RENESAS_TSIP_TLS)
2468                                     &(tuc->internal->Rsa2048PublicKeyIdx)
2469                                #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
2470                                     tuc->rsa2048pub_keyIdx
2471                                #endif
2472                                    );
2473                if (err == TSIP_SUCCESS) {
2474                #if defined(WOLFSSL_RENESAS_TSIP_TLS)
2475                    tuc->internal->ClientRsa2048PubKey_set = 1;
2476                #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
2477                    tuc->keyflgs_crypt.bits.rsapub2048_key_set = 1;
2478                #endif
2479                }
2480                else {
2481                    ret = WC_HW_E;
2482                }
2483                break;
2484        #endif /* TSIP_RSAES_2048 */
2485            case TSIP_KEY_TYPE_RSA4096:
2486                /* not supported as of TSIPv1.15 */
2487                ret = CRYPTOCB_UNAVAILABLE;
2488                break;
2489        #endif /* !NO_RSA */
2490
2491        #if defined(HAVE_ECC)
2492            case TSIP_KEY_TYPE_ECDSAP256:
2493            case TSIP_KEY_TYPE_ECDSAP384:
2494            #if defined(WOLFSSL_RENESAS_TSIP_TLS)
2495                tuc->internal->ClientEccPubKey_set = 0;
2496            #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
2497                tuc->keyflgs_crypt.bits.eccpub_key_set = 0;
2498            #endif
2499                if (keyType == TSIP_KEY_TYPE_ECDSAP256) {
2500                #if defined(TSIP_ECDSA_P256) && TSIP_ECDSA_P256 == 1
2501                    err = R_TSIP_GenerateEccP256PublicKeyIndex(
2502                                    provisioning_key, iv, (uint8_t*)encPubKey,
2503                            #if defined(WOLFSSL_RENESAS_TSIP_TLS)
2504                                    &(tuc->internal->EcdsaPublicKeyIdx)
2505                            #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
2506                                    &tuc->eccpub_keyIdx
2507                            #endif
2508                    );
2509                #else
2510                    err = NOT_COMPILED_IN;
2511                #endif
2512                }
2513                else if (keyType == TSIP_KEY_TYPE_ECDSAP384) {
2514                #if defined(TSIP_ECDSA_P384) && TSIP_ECDSA_P384 == 1
2515                    err = R_TSIP_GenerateEccP384PublicKeyIndex(
2516                                    provisioning_key, iv, (uint8_t*)encPubKey,
2517                            #if defined(WOLFSSL_RENESAS_TSIP_TLS)
2518                                    &(tuc->internal->EcdsaPublicKeyIdx)
2519                            #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
2520                                    &tuc->eccpub_keyIdx
2521                            #endif
2522                    );
2523                #else
2524                    err = NOT_COMPILED_IN;
2525                #endif
2526                }
2527                if (err == TSIP_SUCCESS) {
2528                #if defined(WOLFSSL_RENESAS_TSIP_TLS)
2529                    tuc->internal->ClientEccPubKey_set = 1;
2530                #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
2531                    tuc->keyflgs_crypt.bits.eccpub_key_set = 1;
2532                #endif
2533                }
2534                else {
2535                    ret = WC_HW_E;
2536                }
2537                break;
2538        #endif
2539
2540            default:
2541                ret = BAD_FUNC_ARG;
2542                break;
2543        }
2544        tsip_hw_unlock();
2545    }
2546    else {
2547        WOLFSSL_MSG("mutex locking error");
2548    }
2549    WOLFSSL_LEAVE("tsip_ImportPublicKey", ret);
2550    return ret;
2551}
2552
2553#if defined(WOLFSSL_RENESAS_TSIP_TLS)
2554/* check if tsip tls functions can be used for the cipher      */
2555/* return  :1 when tsip can be used , 0 not be used.           */
2556int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated)
2557{
2558    byte cipher0 = ssl->options.cipherSuite0;
2559    byte cipher  = ssl->options.cipherSuite;
2560    byte side    = ssl->options.side;
2561    int  ret     = WOLFSSL_SUCCESS;
2562    const Ciphers *enc;
2563    const Ciphers *dec;
2564
2565    WOLFSSL_ENTER("tsip_usable");
2566
2567    /* sanity check */
2568    if (ssl == NULL) {
2569        WOLFSSL_MSG("ssl is NULL");
2570        ret = BAD_FUNC_ARG;
2571    }
2572
2573    /* when rsa key index == NULL, tsip isn't used for cert verification. */
2574    /* in the case, we cannot use TSIP.                                   */
2575    if (ret == WOLFSSL_SUCCESS) {
2576        if (!ssl->peerSceTsipEncRsaKeyIndex) {
2577            WOLFSSL_MSG("ssl->peerSceTsipEncRsaKeyIndex is NULL");
2578            ret = WOLFSSL_FAILURE;
2579        }
2580    }
2581
2582    if (ret == WOLFSSL_SUCCESS) {
2583        if (session_key_generated) {
2584            enc = &ssl->encrypt;
2585            dec = &ssl->decrypt;
2586            if (enc == NULL || dec == NULL) {
2587                /* something wrong */
2588                ret = WOLFSSL_FAILURE;
2589            }
2590            if (enc->aes == NULL || dec->aes == NULL) {
2591                ret = WOLFSSL_FAILURE;
2592            }
2593            if (enc->aes->ctx.setup == 0) {
2594                /* session key for SCE is not created */
2595                ret = WOLFSSL_FAILURE;
2596            }
2597        }
2598    }
2599
2600    /* when enabled Extended Master Secret, we cannot use TSIP. */
2601
2602    if (ret == WOLFSSL_SUCCESS) {
2603        if (ssl->options.haveEMS) {
2604            WOLFSSL_MSG("ssl->options.haveEMS");
2605            ret = WOLFSSL_FAILURE;
2606        }
2607    }
2608    /* TSIP works only for TLS client */
2609    if (ret == WOLFSSL_SUCCESS) {
2610        if (side != WOLFSSL_CLIENT_END) {
2611            WOLFSSL_MSG("Not client side");
2612            ret = WOLFSSL_FAILURE;
2613        }
2614    }
2615    /* Check if TSIP can handle cipher suite */
2616    if (ret == WOLFSSL_SUCCESS) {
2617        if (
2618            (cipher0 == CIPHER_BYTE &&
2619            (cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA ||
2620             cipher == l_TLS_RSA_WITH_AES_128_CBC_SHA256 ||
2621             cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA ||
2622             cipher == l_TLS_RSA_WITH_AES_256_CBC_SHA256))
2623        #if (WOLFSSL_RENESAS_TSIP_VER >= 109)
2624            ||
2625            (cipher0 == ECC_BYTE &&
2626            (cipher == l_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ||
2627             cipher == l_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ||
2628             cipher == l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ||
2629             cipher == l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256))
2630        #endif
2631        #if (WOLFSSL_RENESAS_TSIP_VER >= 114)
2632            ||
2633            (cipher0 == TLS13_BYTE &&
2634            (cipher == l_TLS_AES_128_GCM_SHA256 ||
2635             cipher == l_TLS_AES_128_CCM_SHA256))
2636        #endif
2637        ) {
2638            WOLFSSL_MSG("supported cipher suite");
2639        }
2640        else {
2641            WOLFSSL_MSG("unsupported cipher suite");
2642            ret = WOLFSSL_FAILURE;;
2643        }
2644    }
2645
2646    WOLFSSL_LEAVE("tsip_usable", ret);
2647    return ret;
2648}
2649#endif /* WOLFSSL_RENESAS_TSIP_TLS */
2650
2651#ifndef SINGLE_THREADED
2652/*
2653* lock hw engine.
2654* this should be called before using engine.
2655*/
2656int tsip_hw_lock(void)
2657{
2658    int ret = 0;
2659
2660    if (tsip_CryptHwMutexInit_ == 0) {
2661
2662        ret = tsip_CryptHwMutexInit(&tsip_mutex);
2663
2664        if (ret == 0) {
2665            tsip_CryptHwMutexInit_ = 1;
2666        }
2667        else {
2668            WOLFSSL_MSG(" mutex initialization failed.");
2669            return -1;
2670        }
2671    }
2672    if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) {
2673        /* this should not happens */
2674        return -1;
2675    }
2676
2677    return ret;
2678}
2679
2680/*
2681* release hw engine
2682*/
2683void tsip_hw_unlock(void)
2684{
2685    tsip_CryptHwMutexUnLock(&tsip_mutex);
2686}
2687#endif
2688
2689/* open TSIP driver
2690 * return 0 on success.
2691 */
2692int tsip_Open(void)
2693{
2694    int ret = TSIP_SUCCESS;
2695
2696    WOLFSSL_ENTER("tsip_Open");
2697
2698    if ((ret = tsip_hw_lock()) == 0) {
2699
2700#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=109)
2701
2702        ret = R_TSIP_Open(NULL,NULL);
2703        if (ret != TSIP_SUCCESS) {
2704            WOLFSSL_MSG("RENESAS TSIP Open failed");
2705        }
2706
2707    #if defined(WOLFSSL_RENESAS_TSIP_TLS)
2708        if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
2709
2710            ret = R_TSIP_GenerateTlsRsaPublicKeyIndex(
2711                    g_user_key_info.encrypted_provisioning_key,
2712                    g_user_key_info.iv,
2713                    g_user_key_info.encrypted_user_tls_key,
2714                    &g_user_key_info.user_rsa2048_tls_pubindex); /* OUT */
2715
2716            R_TSIP_Close();       /* close once */
2717
2718            if (ret != TSIP_SUCCESS) {
2719
2720                WOLFSSL_MSG("R_TSIP_GenerateTlsRsa: NG");
2721
2722            }
2723            else {
2724
2725                /* open again with newly created TLS public key index*/
2726                ret = R_TSIP_Open(
2727                        &g_user_key_info.user_rsa2048_tls_pubindex,
2728                        (tsip_update_key_ring_t*)s_inst2);
2729
2730                if (ret != TSIP_SUCCESS) {
2731                    WOLFSSL_MSG("R_TSIP_(Re)Open: NG");
2732                }
2733
2734                /* init vars */
2735                g_CAscm_Idx = (uint32_t)-1;
2736            }
2737        }
2738    #endif
2739
2740#elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106)
2741
2742        ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
2743        if (ret != TSIP_SUCCESS) {
2744            WOLFSSL_MSG("RENESAS TSIP Open failed");
2745        }
2746       #if defined(WOLFSSL_RENESAS_TLS)
2747        /* generate TLS Rsa public key for Certificate verification */
2748        if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
2749            ret = R_TSIP_GenerateTlsRsaPublicKeyIndex(
2750                    g_user_key_info.encrypted_session_key,
2751                    g_user_key_info.iv,
2752                    g_user_key_info.encrypted_user_tls_key,
2753                    &g_user_key_info.user_rsa2048_tls_pubindex);
2754
2755            if (ret != TSIP_SUCCESS) {
2756                WOLFSSL_MSG("R_TSIP_GenerateTlsRsaPublicKeyIndex failed");
2757            }
2758            else {
2759                /* close once */
2760                tsip_Close();
2761                /* open again with s_inst[] */
2762                XMEMCPY(s_inst1,
2763                    g_user_key_info.user_rsa2048_tls_pubindex.value,
2764                    sizeof(s_inst1));
2765                ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
2766                if (ret != TSIP_SUCCESS) {
2767                    WOLFSSL_MSG("R_TSIP_(Re)Open failed");
2768                }
2769
2770                /* init vars */
2771                g_CAscm_Idx = (uint32_t)-1;
2772            }
2773        }
2774    #endif
2775#else
2776        ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
2777        if (ret != TSIP_SUCCESS) {
2778            WOLFSSL_MSG("RENESAS TSIP Open failed");
2779        }
2780#endif
2781        /* unlock hw */
2782        tsip_hw_unlock();
2783    }
2784    else
2785        WOLFSSL_MSG("Failed to lock tsip hw ");
2786
2787    WOLFSSL_LEAVE("tsip_Open", ret);
2788    return ret;
2789}
2790
2791/* close TSIP driver */
2792void tsip_Close(void)
2793{
2794    WOLFSSL_ENTER("tsip_Close");
2795    int ret;
2796
2797    if ((ret = tsip_hw_lock()) == 0) {
2798        /* close TSIP */
2799        ret = R_TSIP_Close();
2800#if defined(WOLFSSL_RENESAS_TSIP_TLS)
2801        g_CAscm_Idx = (uint32_t)-1;
2802#endif
2803        /* unlock hw */
2804        tsip_hw_unlock();
2805        if (ret != TSIP_SUCCESS) {
2806            WOLFSSL_MSG("RENESAS TSIP Close failed");
2807        }
2808    }
2809    else
2810        WOLFSSL_MSG("Failed to unlock tsip hw");
2811    WOLFSSL_LEAVE("tsip_Close", 0);
2812}
2813
2814int wc_tsip_GenerateRandBlock(byte* output, word32 sz)
2815{
2816    /* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */
2817    int ret = 0;
2818    word32 buffer[4];
2819
2820    while (sz > 0) {
2821        word32 len = sizeof(buffer);
2822
2823        if (sz < len) {
2824            len = sz;
2825        }
2826        /* return 4 words random number*/
2827        ret = R_TSIP_GenerateRandomNumber((uint32_t*)buffer);
2828        if(ret == TSIP_SUCCESS) {
2829            XMEMCPY(output, &buffer, len);
2830            output += len;
2831            sz -= len;
2832         } else
2833            return ret;
2834    }
2835    return ret;
2836}
2837
2838#if (WOLFSSL_RENESAS_TSIP_VER>=109)
2839void tsip_inform_user_keys_ex(
2840    byte*     encrypted_provisioning_key,
2841    byte*     iv,
2842    byte*     encrypted_user_tls_key,
2843    word32    encrypted_user_tls_key_type)
2844{
2845    WOLFSSL_ENTER("tsip_inform_user_keys_ex");
2846
2847    XMEMSET(&g_user_key_info, 0, sizeof(g_user_key_info));
2848    g_user_key_info.encrypted_provisioning_key = NULL;
2849    g_user_key_info.iv = NULL;
2850
2851    if (encrypted_provisioning_key) {
2852        g_user_key_info.encrypted_provisioning_key = encrypted_provisioning_key;
2853    }
2854    if (iv) {
2855        g_user_key_info.iv = iv;
2856    }
2857    if (encrypted_user_tls_key) {
2858        g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key;
2859    }
2860
2861    g_user_key_info.encrypted_user_tls_key_type = encrypted_user_tls_key_type;
2862    WOLFSSL_LEAVE("tsip_inform_user_keys_ex", 0);
2863}
2864#elif (WOLFSSL_RENESAS_TSIP_VER>=106)
2865/* inform user key                                                     */
2866/* the function expects to be called from user application             */
2867/* user has to create these key information by Renesas tool in advance.*/
2868void tsip_inform_user_keys(
2869    byte *encrypted_session_key,
2870    byte *iv,
2871    byte *encrypted_user_tls_key)
2872{
2873    g_user_key_info.encrypted_session_key = NULL;
2874    g_user_key_info.iv = NULL;
2875    g_user_key_info.encrypted_user_tls_key = NULL;
2876
2877    if (encrypted_session_key) {
2878        g_user_key_info.encrypted_session_key = encrypted_session_key;
2879    }
2880    if (iv) {
2881        g_user_key_info.iv = iv;
2882    }
2883    if (encrypted_user_tls_key) {
2884        g_user_key_info.encrypted_user_tls_key = encrypted_user_tls_key;
2885    }
2886}
2887#endif
2888
2889/* Support functions for TSIP TLS Capability */
2890#if defined(WOLFSSL_RENESAS_TSIP_TLS)
2891
2892/* to inform ca certificate sign */
2893/* signature format expects RSA 2048 PSS with SHA256 */
2894void tsip_inform_cert_sign(const byte *sign)
2895{
2896    if (sign)
2897        ca_cert_sig = sign;
2898}
2899/* Sha1Hmac */
2900int wc_tsip_Sha1HmacGenerate(
2901        const WOLFSSL *ssl,
2902        const byte* myInner,
2903        word32      innerSz,
2904        const byte* in,
2905        word32      sz,
2906        byte*       digest)
2907{
2908    WOLFSSL_ENTER("wc_tsip_Sha1HmacGenerate");
2909
2910    tsip_hmac_sha_handle_t _handle;
2911    tsip_hmac_sha_key_index_t key_index;
2912    int ret;
2913
2914    if ((ssl == NULL) || (myInner == NULL) || (in == NULL) ||
2915        (digest == NULL)) {
2916        WOLFSSL_LEAVE("wc_tsip_Sha1HmacGenerate", BAD_FUNC_ARG);
2917        return BAD_FUNC_ARG;
2918    }
2919
2920    if ((ret = tsip_hw_lock()) != 0) {
2921        WOLFSSL_MSG("hw lock failed");
2922        WOLFSSL_LEAVE("wc_tsip_Sha1HmacGenerate", ret);
2923        return ret;
2924    }
2925
2926    key_index = ssl->keys.tsip_client_write_MAC_secret;
2927
2928    ret = R_TSIP_Sha1HmacGenerateInit(
2929                    &_handle,
2930                    &key_index);
2931
2932    if (ret == TSIP_SUCCESS)
2933        ret = R_TSIP_Sha1HmacGenerateUpdate(
2934                    &_handle,
2935                    (uint8_t*)myInner,
2936                    (uint32_t)innerSz);
2937
2938    if (ret == TSIP_SUCCESS)
2939        ret = R_TSIP_Sha1HmacGenerateUpdate(
2940                    &_handle,
2941                    (uint8_t*)in,
2942                    sz);
2943
2944    if (ret == TSIP_SUCCESS)
2945        ret = R_TSIP_Sha1HmacGenerateFinal(
2946                    &_handle,
2947                    digest);
2948
2949    tsip_hw_unlock();
2950
2951    WOLFSSL_LEAVE("wc_tsip_Sha1HmacGenerate", ret);
2952    return ret;
2953}
2954
2955
2956/* Sha256Hmac */
2957int wc_tsip_Sha256HmacGenerate(
2958        const WOLFSSL *ssl,
2959        const byte* myInner,
2960        word32      innerSz,
2961        const byte* in,
2962        word32      sz,
2963        byte*       digest)
2964{
2965    WOLFSSL_ENTER("wc_tsip_Sha256HmacGenerate");
2966
2967    tsip_hmac_sha_handle_t _handle;
2968    tsip_hmac_sha_key_index_t key_index;
2969    int ret;
2970
2971    if ((ssl == NULL) || (myInner == NULL) || (in == NULL) ||
2972        (digest == NULL))
2973      return BAD_FUNC_ARG;
2974
2975    key_index = ssl->keys.tsip_client_write_MAC_secret;
2976
2977    if ((ret = tsip_hw_lock()) != 0) {
2978        WOLFSSL_MSG("hw lock failed");
2979        return ret;
2980    }
2981
2982    ret = R_TSIP_Sha256HmacGenerateInit(
2983                &_handle,
2984                &key_index);
2985
2986    if (ret == TSIP_SUCCESS) {
2987        ret = R_TSIP_Sha256HmacGenerateUpdate(
2988                &_handle,
2989                (uint8_t*)myInner,
2990                innerSz);
2991    }
2992    else {
2993        WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed");
2994    }
2995
2996    if (ret == TSIP_SUCCESS) {
2997        ret = R_TSIP_Sha256HmacGenerateUpdate(
2998                &_handle,
2999                (uint8_t*)in,
3000                sz);
3001    }
3002    else {
3003        WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateUpdate: inner failed");
3004    }
3005    if (ret == TSIP_SUCCESS) {
3006
3007        ret = R_TSIP_Sha256HmacGenerateFinal(
3008                &_handle,
3009                digest);
3010    }
3011    else {
3012        WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateUpdate: in failed");
3013    }
3014    if (ret != TSIP_SUCCESS) {
3015        WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed");
3016        ret = 1;
3017    }
3018    /* unlock hw */
3019    tsip_hw_unlock();
3020    WOLFSSL_LEAVE("wc_tsip_Sha256HmacGenerate", ret);
3021    return ret;
3022}
3023/*
3024 *  Perform SHA1 and SHA256 Hmac verification
3025 */
3026int wc_tsip_ShaXHmacVerify(
3027        const WOLFSSL *ssl,
3028        const byte* message,
3029        word32      messageSz,
3030        word32      macSz,
3031        word32      content)
3032{
3033    WOLFSSL_ENTER("tsip_ShaXHmacVerify");
3034
3035    tsip_hmac_sha_handle_t    handle;
3036    tsip_hmac_sha_key_index_t wrapped_key;
3037
3038    shaHmacInitFn   initFn   = NULL;
3039    shaHmacUpdateFn updateFn = NULL;
3040    shaHmacFinalFn  finalFn  = NULL;
3041
3042    byte   myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
3043    int ret;
3044
3045    if ((ssl == NULL) || (message == NULL)) {
3046        WOLFSSL_LEAVE("tsip_ShaXHmacVerify", BAD_FUNC_ARG);
3047        return BAD_FUNC_ARG;
3048    }
3049    wrapped_key = ssl->keys.tsip_server_write_MAC_secret;
3050
3051    if (wrapped_key.type ==
3052#if (WOLFSSL_RENESAS_TSIP_VER >= 121)
3053        TSIP_KEY_INDEX_TYPE_TLS_SERVER_HMAC_SHA1_FOR_CLIENT
3054#else
3055        TSIP_KEY_INDEX_TYPE_HMAC_SHA1_FOR_TLS
3056#endif
3057     ){
3058        WOLFSSL_MSG("perform Sha1-Hmac verification");
3059        initFn   = R_TSIP_Sha1HmacVerifyInit;
3060        updateFn = R_TSIP_Sha1HmacVerifyUpdate;
3061        finalFn  = R_TSIP_Sha1HmacVerifyFinal;
3062    }
3063    else if (wrapped_key.type ==
3064#if (WOLFSSL_RENESAS_TSIP_VER >= 121)
3065        TSIP_KEY_INDEX_TYPE_TLS_SERVER_HMAC_SHA256_FOR_CLIENT
3066#else
3067        TSIP_KEY_INDEX_TYPE_HMAC_SHA256_FOR_TLS
3068#endif
3069    ) {
3070        WOLFSSL_MSG("perform Sha256-Hmac verification");
3071        initFn   = R_TSIP_Sha256HmacVerifyInit;
3072        updateFn = R_TSIP_Sha256HmacVerifyUpdate;
3073        finalFn  = R_TSIP_Sha256HmacVerifyFinal;
3074    }
3075    else {
3076        WOLFSSL_MSG("unsupported key type");
3077        WOLFSSL_LEAVE("tsip_ShaXHmacVerify", BAD_FUNC_ARG);
3078        return BAD_FUNC_ARG;
3079    }
3080
3081    if ((ret = tsip_hw_lock()) != 0) {
3082        WOLFSSL_MSG("hw lock failed\n");
3083        WOLFSSL_LEAVE("tsip_ShaXHmacVerify", ret);
3084        return ret;
3085    }
3086
3087    wolfSSL_SetTlsHmacInner((WOLFSSL*)ssl, (byte*)myInner,
3088                                                     messageSz, content, 1);
3089
3090    ret = initFn(&handle, &wrapped_key);
3091
3092    if (ret == TSIP_SUCCESS) {
3093        ret = updateFn(&handle, myInner, WOLFSSL_TLS_HMAC_INNER_SZ);
3094    }
3095    if (ret == TSIP_SUCCESS) {
3096        ret = updateFn(&handle, (uint8_t*)message, (uint32_t)messageSz);
3097    }
3098    if (ret == TSIP_SUCCESS) {
3099        ret = finalFn(&handle, (uint8_t*)(message + messageSz), (uint32_t)macSz);
3100    }
3101    if (ret != TSIP_SUCCESS) {
3102        WOLFSSL_MSG("TSIP Mac verification failed");
3103    }
3104
3105    /* unlock hw */
3106    tsip_hw_unlock();
3107    WOLFSSL_LEAVE("tsip_ShaXHmacVerify", ret);
3108    return ret;
3109}
3110
3111/* generate Verify Data based on master secret */
3112int wc_tsip_generateVerifyData(
3113    const byte* ms,                 /* master secret */
3114    const byte* side,               /* 0:client-side 1:server-side */
3115    const byte* handshake_hash,
3116          byte* hashes)             /* out */
3117{
3118    int ret ;
3119    uint32_t l_side = R_TSIP_TLS_GENERATE_CLIENT_VERIFY;
3120
3121    WOLFSSL_ENTER("tsip_generateVerifyData");
3122
3123    if ((ms == NULL) || (side == NULL) || (handshake_hash == NULL) ||
3124        (hashes == NULL)) {
3125        WOLFSSL_LEAVE("tsip_generateVerifyData", BAD_FUNC_ARG);
3126        return BAD_FUNC_ARG;
3127    }
3128    if (XSTRNCMP((const char*)side, (const char*)kTlsServerFinStr,
3129                                                FINISHED_LABEL_SZ) == 0) {
3130        l_side = R_TSIP_TLS_GENERATE_SERVER_VERIFY;
3131    }
3132
3133    if ((ret = tsip_hw_lock()) == 0) {
3134        ret = R_TSIP_TlsGenerateVerifyData(l_side, (uint32_t*)ms,
3135                       (uint8_t*)handshake_hash, hashes/* out */);
3136        if (ret != TSIP_SUCCESS) {
3137            WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed");
3138        }
3139    }
3140    /* unlock hw */
3141    tsip_hw_unlock();
3142    WOLFSSL_LEAVE("tsip_generateVerifyData", ret);
3143    return ret;
3144}
3145
3146/* generate keys for TLS communication */
3147int wc_tsip_generateSessionKey(
3148    WOLFSSL *ssl,
3149    TsipUserCtx*    ctx,
3150    int             devId)
3151{
3152    int ret;
3153    Ciphers *enc;
3154    Ciphers *dec;
3155    tsip_hmac_sha_key_index_t key_client_mac;
3156    tsip_hmac_sha_key_index_t key_server_mac;
3157    tsip_aes_key_index_t key_client_aes;
3158    tsip_aes_key_index_t key_server_aes;
3159
3160    WOLFSSL_ENTER("wc_tsip_generateSessionKey");
3161
3162    if (ssl== NULL)
3163      return BAD_FUNC_ARG;
3164
3165    if ((ret = tsip_hw_lock()) == 0) {
3166
3167#if (WOLFSSL_RENESAS_TSIP_VER>=109)
3168
3169        uint32_t tsipCS = GetTsipCipherSuite(ssl->options.cipherSuite0,
3170                                             ssl->options.cipherSuite);
3171
3172        if (tsipCS == R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ||
3173            tsipCS == R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) {
3174            WOLFSSL_MSG("Session key for AES-GCM generation skipped.");
3175
3176            /*  Do not release ssl-> arrays to reference the master secret and
3177             *  randoms, as the AES GCM session key will be generated in
3178             *  encryption or description timing.
3179             */
3180            wolfSSL_KeepArrays(ssl);
3181            ret = TSIP_SUCCESS;
3182        }
3183        else {
3184
3185            ret = R_TSIP_TlsGenerateSessionKey(
3186                    tsipCS,
3187                    (uint32_t*)ssl->arrays->tsip_masterSecret,
3188                    (uint8_t*) ssl->arrays->clientRandom,
3189                    (uint8_t*) ssl->arrays->serverRandom,
3190                    NULL, /* nonce is required only for AES-GCM key */
3191                    &key_client_mac,
3192                    &key_server_mac,
3193                    &key_client_aes,
3194                    &key_server_aes,
3195                    NULL, NULL);
3196        }
3197#else /* WOLFSSL_RENESAS_TSIP_VER < 109 */
3198
3199        ret = R_TSIP_TlsGenerateSessionKey(
3200                    _tls2tsipdef(ssl->options.cipherSuite),
3201                    (uint32_t*)ssl->arrays->tsip_masterSecret,
3202                    (uint8_t*)ssl->arrays->clientRandom,
3203                    (uint8_t*)ssl->arrays->serverRandom,
3204                    &key_client_mac,
3205                    &key_server_mac,
3206                    &key_client_aes,
3207                    &key_server_aes,
3208                    NULL, NULL);
3209#endif
3210        if (ret != TSIP_SUCCESS) {
3211            WOLFSSL_MSG("R_TSIP_TlsGenerateSessionKey failed");
3212        }
3213        else {
3214            /* succeeded creating session keys */
3215            /* alloc aes instance for both enc and dec */
3216            enc = &ssl->encrypt;
3217            dec = &ssl->decrypt;
3218
3219            if (enc) {
3220                if (enc->aes == NULL) {
3221                    enc->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap,
3222                                                    DYNAMIC_TYPE_CIPHER);
3223                    if (enc->aes == NULL)
3224                        return MEMORY_E;
3225                }
3226
3227                ForceZero(enc->aes, sizeof(Aes));
3228            }
3229            if (dec) {
3230                if (dec->aes == NULL) {
3231                    dec->aes = (Aes*)XMALLOC(sizeof(Aes), ssl->heap,
3232                                                    DYNAMIC_TYPE_CIPHER);
3233                    if (dec->aes == NULL) {
3234                        if (enc) {
3235                            XFREE(enc->aes, NULL, DYNAMIC_TYPE_CIPHER);
3236                        }
3237                        return MEMORY_E;
3238                    }
3239                }
3240
3241                ForceZero(dec->aes, sizeof(Aes));
3242            }
3243
3244            /* copy key index into aes */
3245            if (ssl->options.side == PROVISION_CLIENT) {
3246                XMEMCPY(&enc->aes->ctx.tsip_keyIdx, &key_client_aes,
3247                                                    sizeof(key_client_aes));
3248                XMEMCPY(&dec->aes->ctx.tsip_keyIdx, &key_server_aes,
3249                                                    sizeof(key_server_aes));
3250            }
3251            else {
3252                XMEMCPY(&enc->aes->ctx.tsip_keyIdx, &key_server_aes,
3253                                                    sizeof(key_server_aes));
3254                XMEMCPY(&dec->aes->ctx.tsip_keyIdx, &key_client_aes,
3255                                                    sizeof(key_client_aes));
3256            }
3257
3258            /* copy hac key index into keys */
3259            ssl->keys.tsip_client_write_MAC_secret = key_client_mac;
3260            ssl->keys.tsip_server_write_MAC_secret = key_server_mac;
3261
3262            /* set up key size and marked ready */
3263            if (enc) {
3264                enc->aes->ctx.keySize = ssl->specs.key_size;
3265                enc->aes->ctx.setup = 1;
3266                /* ready-for-use flag will be set when SetKeySide() is called */
3267            }
3268            /* set up key size and marked ready */
3269            if (dec) {
3270                dec->aes->ctx.keySize = ssl->specs.key_size;
3271                dec->aes->ctx.setup = 1;
3272                /* ready-for-use flag will be set when SetKeySide() is called */
3273            }
3274
3275            if (ctx->internal->tsip_cipher ==
3276                            R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
3277                ctx->internal->tsip_cipher ==
3278                            R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
3279                enc->aes->nonceSz = AEAD_NONCE_SZ;
3280                dec->aes->nonceSz = AEAD_NONCE_SZ;
3281            }
3282
3283            enc->aes->devId = devId;
3284            dec->aes->devId = devId;
3285
3286            ctx->internal->session_key_set = 1;
3287        }
3288        /* unlock hw */
3289        tsip_hw_unlock();
3290    }
3291    else
3292        WOLFSSL_MSG("hw lock failed");
3293
3294    WOLFSSL_LEAVE("wc_tsip_generateSessionKey", ret);
3295    return ret;
3296}
3297
3298
3299
3300/* generate Master secrete by TSIP */
3301#if (WOLFSSL_RENESAS_TSIP_VER>=109)
3302
3303int wc_tsip_generateMasterSecretEx(
3304        byte        cipherSuiteFirst,
3305        byte        cipherSuite,
3306        const byte *pr, /* pre-master    */
3307        const byte *cr, /* client random */
3308        const byte *sr, /* server random */
3309        byte *ms)
3310{
3311    int ret;
3312
3313    WOLFSSL_ENTER("tsip_generateMasterSecretEx");
3314
3315    if ((pr == NULL) || (cr == NULL) || (sr == NULL) ||
3316        (ms == NULL))
3317      return BAD_FUNC_ARG;
3318
3319    uint32_t tsipCS = GetTsipCipherSuite(cipherSuiteFirst,cipherSuite);
3320    if (tsipCS == 0xffffffff)
3321        return BAD_FUNC_ARG;
3322
3323    if ((ret = tsip_hw_lock()) == 0) {
3324        ret = R_TSIP_TlsGenerateMasterSecret(
3325            tsipCS,
3326            (uint32_t*)pr,
3327            (uint8_t*)cr, (uint8_t*)sr, (uint32_t*)ms);
3328        if (ret != TSIP_SUCCESS) {
3329            WOLFSSL_MSG("R_TSIP_TlsGenerateMasterSecret failed");
3330        }
3331        /* unlock hw */
3332        tsip_hw_unlock();
3333    }
3334    else {
3335        WOLFSSL_MSG(" hw lock failed ");
3336    }
3337    WOLFSSL_LEAVE("tsip_generateMasterSecretEx", ret);
3338    return ret;
3339}
3340
3341#else /* WOLFSSL_RENESAS_TSIP_VER < 109 */
3342
3343int wc_tsip_generateMasterSecret(
3344        const byte* pr, /* pre-master    */
3345        const byte* cr, /* client random */
3346        const byte* sr, /* server random */
3347        byte*       ms)
3348{
3349    int ret;
3350    WOLFSSL_ENTER("tsip_generateMasterSecret");
3351    if ((pr == NULL) || (cr == NULL) || (sr == NULL) ||
3352        (ms == NULL))
3353      return BAD_FUNC_ARG;
3354
3355    if ((ret = tsip_hw_lock()) == 0) {
3356        ret = R_TSIP_TlsGenerateMasterSecret(
3357                (uint32_t*)pr,
3358                (uint8_t*)cr,
3359                (uint8_t*)sr,
3360                (uint32_t*)ms);
3361
3362        if (ret != TSIP_SUCCESS) {
3363            WOLFSSL_MSG("R_TSIP_TlsGenerateMasterSecret failed");
3364        }
3365        /* unlock hw */
3366        tsip_hw_unlock();
3367    }
3368    else {
3369        WOLFSSL_MSG(" hw lock failed ");
3370    }
3371    WOLFSSL_LEAVE("tsip_generateMasterSecret", ret);
3372    return ret;
3373}
3374#endif /* WOLFSSL_RENESAS_TSIP_VER */
3375
3376/*  store elements for session key generation into ssl->keys.
3377 *  return 0 on success, negative value on failure
3378 */
3379int wc_tsip_storeKeyCtx(WOLFSSL* ssl, TsipUserCtx* userCtx)
3380{
3381    int ret = 0;
3382
3383    WOLFSSL_ENTER("tsip_storeKeyCtx");
3384
3385    if (ssl == NULL || userCtx == NULL)
3386        ret = BAD_FUNC_ARG;
3387
3388    if (ret == 0) {
3389        XMEMCPY(userCtx->internal->tsip_masterSecret,
3390                ssl->arrays->tsip_masterSecret, TSIP_TLS_MASTERSECRET_SIZE);
3391        XMEMCPY(userCtx->internal->tsip_clientRandom,
3392                ssl->arrays->clientRandom, TSIP_TLS_CLIENTRANDOM_SZ);
3393        XMEMCPY(userCtx->internal->tsip_serverRandom,
3394                ssl->arrays->serverRandom, TSIP_TLS_SERVERRANDOM_SZ);
3395        userCtx->internal->tsip_cipher = GetTsipCipherSuite(
3396                                ssl->options.cipherSuite0,
3397                                ssl->options.cipherSuite);
3398    }
3399
3400    WOLFSSL_LEAVE("tsip_storeKeyCtx", ret);
3401    return ret;
3402}
3403
3404/* generate pre-Master secrete by TSIP */
3405int wc_tsip_generatePremasterSecret(byte *premaster, word32 preSz)
3406{
3407    WOLFSSL_ENTER("tsip_generatePremasterSecret");
3408    int ret;
3409
3410    if (premaster == NULL)
3411      return BAD_FUNC_ARG;
3412
3413    if ((ret = tsip_hw_lock()) == 0 && preSz >=
3414                                    (R_TSIP_TLS_MASTER_SECRET_WORD_SIZE*4)) {
3415        /* generate pre-master, 80 bytes */
3416        ret = R_TSIP_TlsGeneratePreMasterSecret((uint32_t*)premaster);
3417        if (ret != TSIP_SUCCESS) {
3418            WOLFSSL_MSG(" R_TSIP_TlsGeneratePreMasterSecret failed");
3419        }
3420
3421        /* unlock hw */
3422        tsip_hw_unlock();
3423    }
3424    else {
3425        WOLFSSL_MSG(" hw lock failed or preSz is smaller than 80");
3426    }
3427    WOLFSSL_LEAVE("tsip_generatePremasterSecret", ret);
3428    return ret;
3429}
3430
3431/*
3432* generate encrypted pre-Master secrete by TSIP
3433*/
3434int wc_tsip_generateEncryptPreMasterSecret(
3435        WOLFSSL*    ssl,
3436        byte*       out,
3437        word32*     outSz)
3438{
3439    int ret;
3440
3441    WOLFSSL_ENTER("tsip_generateEncryptPreMasterSecret");
3442
3443    if ((ssl == NULL) || (out == NULL) || (outSz == NULL))
3444      return BAD_FUNC_ARG;
3445
3446    if ((ret = tsip_hw_lock()) == 0) {
3447        if (*outSz >= 256)
3448
3449            #if  (WOLFSSL_RENESAS_TSIP_VER>=109)
3450
3451            ret = R_TSIP_TlsEncryptPreMasterSecretWithRsa2048PublicKey(
3452                        (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
3453                        (uint32_t*)ssl->arrays->preMasterSecret,
3454                        (uint8_t*)out);
3455
3456            #else
3457
3458            ret = R_TSIP_TlsEncryptPreMasterSecret(
3459                          (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
3460                          (uint32_t*)ssl->arrays->preMasterSecret,
3461                          (uint8_t*)out);
3462
3463            #endif
3464        else
3465            ret = -1;
3466
3467        if (ret != TSIP_SUCCESS) {
3468            WOLFSSL_MSG(" R_TSIP_TlsEncryptPreMasterSecret failed");
3469        }
3470        else {
3471            *outSz = 256; /* TSIP can only handles 2048 RSA */
3472            void* ctx = wolfSSL_GetRsaVerifyCtx(ssl);
3473            wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx,
3474                                                Renesas_cmn_genMasterSecret);
3475            wolfSSL_SetGenMasterSecretCtx(ssl, ctx);
3476        }
3477
3478        tsip_hw_unlock();
3479
3480    }
3481    else {
3482        WOLFSSL_MSG(" hw lock failed ");
3483    }
3484    WOLFSSL_LEAVE("tsip_generateEncryptPreMasterSecret", ret);
3485    return ret;
3486}
3487
3488
3489/* Certificate verification by TSIP */
3490int wc_tsip_tls_CertVerify(
3491        const uint8_t* cert,       uint32_t certSz,
3492        const uint8_t* signature,  uint32_t sigSz,
3493        uint32_t      key_n_start, uint32_t key_n_len,
3494        uint32_t      key_e_start, uint32_t key_e_len,
3495        uint8_t*      tsip_encRsaKeyIndex)
3496{
3497    int ret;
3498    uint8_t *sigforSCE = NULL;
3499    uint8_t *pSig = NULL;
3500    const byte rs_size = 0x20;
3501    byte offset = 0x3;
3502
3503    WOLFSSL_ENTER("wc_tsip_tls_CertVerify");
3504
3505    if (cert == NULL)
3506      return BAD_FUNC_ARG;
3507
3508    if (!signature) {
3509        WOLFSSL_MSG(" signature for ca verification is not set");
3510        return -1;
3511    }
3512    if (!tsip_encRsaKeyIndex) {
3513        WOLFSSL_MSG(" tsip_encRsaKeyIndex is NULL.");
3514        return -1;
3515    }
3516
3517    /* Public key type: Prime256r1 */
3518    if (g_user_key_info.encrypted_user_tls_key_type ==
3519                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_ECDSA_P256) {
3520
3521        if ((sigforSCE = (uint8_t*)XMALLOC(R_TSIP_ECDSA_DATA_BYTE_SIZE,
3522                                        NULL, DYNAMIC_TYPE_ECC)) == NULL) {
3523            WOLFSSL_MSG("failed to malloc memory");
3524            return MEMORY_E;
3525        }
3526        /* initialization */
3527        ForceZero(sigforSCE, R_TSIP_ECDSA_DATA_BYTE_SIZE);
3528
3529        if (signature[offset] == 0x20) {
3530            XMEMCPY(sigforSCE, &signature[offset+1], rs_size);
3531
3532            offset = 0x25;
3533            if (signature[offset] == 0x20) {
3534                XMEMCPY(&sigforSCE[rs_size], &signature[offset+1], rs_size);
3535            }
3536            else {
3537                XMEMCPY(&sigforSCE[rs_size], &signature[offset+2], rs_size);
3538            }
3539        }
3540        else {
3541            XMEMCPY(sigforSCE, &signature[offset+2], rs_size);
3542            offset = 0x26;
3543
3544            if (signature[offset] == rs_size) {
3545                XMEMCPY(&sigforSCE[rs_size], &signature[offset+1], rs_size);
3546            }
3547            else {
3548                XMEMCPY(&sigforSCE[rs_size], &signature[offset+2], rs_size);
3549            }
3550        }
3551        pSig = sigforSCE;
3552    }
3553    /* Public key type: RSA 2048bit */
3554    else {
3555        pSig = (uint8_t*)signature;
3556    }
3557
3558    if ((ret = tsip_hw_lock()) == 0) {
3559
3560        #if (WOLFSSL_RENESAS_TSIP_VER>=109)
3561
3562        ret = R_TSIP_TlsCertificateVerification(
3563            g_user_key_info.encrypted_user_tls_key_type,
3564            (uint32_t*)g_encrypted_publicCA_key,/* encrypted public key  */
3565            (uint8_t*)cert,                    /* certificate der        */
3566            certSz,                            /* length of der          */
3567            (uint8_t*)pSig,                    /* sign data by RSA PSS   */
3568            key_n_start,  /* start position of public key n in bytes     */
3569            (key_n_start + key_n_len),     /* length of the public key n */
3570            key_e_start,                   /* start pos, key e in bytes  */
3571            (key_e_start + key_e_len),     /* length of the public key e */
3572            (uint32_t*)tsip_encRsaKeyIndex /* returned encrypted key     */
3573        );
3574
3575        #elif (WOLFSSL_RENESAS_TSIP_VER>=106)
3576
3577        ret = R_TSIP_TlsCertificateVerification(
3578            (uint32_t*)g_encrypted_publicCA_key,/* encrypted public key  */
3579            (uint8_t*)cert,                    /* certificate der        */
3580            certSz,                            /* length of der          */
3581            (uint8_t*)pSig,                    /* sign data by RSA PSS   */
3582            key_n_start,  /* start position of public key n in bytes     */
3583            (key_n_start + key_n_len),     /* length of the public key n */
3584            key_e_start,                   /* start pos, key e in bytes  */
3585            (key_e_start + key_e_len),     /* length of the public key e */
3586            (uint32_t*)tsip_encRsaKeyIndex /* returned encrypted key     */
3587        );
3588        #endif
3589
3590        if (ret != TSIP_SUCCESS) {
3591            WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification failed");
3592        }
3593        XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC);
3594        tsip_hw_unlock();
3595    }
3596    else {
3597        WOLFSSL_MSG(" hw lock failed ");
3598    }
3599    WOLFSSL_LEAVE("wc_tsip_tls_CertVerify", ret);
3600    return ret;
3601}
3602/* Root Certificate verification */
3603int wc_tsip_tls_RootCertVerify(
3604        const byte* cert,           word32 cert_len,
3605        word32      key_n_start,    word32 key_n_len,
3606        word32      key_e_start,    word32 key_e_len,
3607        word32      cm_row)
3608{
3609    int ret;
3610    /* call to generate encrypted public key for certificate verification */
3611    uint8_t *signature = (uint8_t*)ca_cert_sig;
3612
3613    WOLFSSL_ENTER("wc_tsip_tls_RootCertVerify");
3614
3615    if (cert == NULL)
3616      return BAD_FUNC_ARG;
3617
3618    if (!signature) {
3619        WOLFSSL_MSG(" signature for ca verification is not set");
3620        return -1;
3621    }
3622
3623    if ((ret = tsip_hw_lock()) == 0) {
3624
3625    #if (WOLFSSL_RENESAS_TSIP_VER>=109)
3626        ret = R_TSIP_TlsRootCertificateVerification(
3627            g_user_key_info.encrypted_user_tls_key_type,
3628            (uint8_t*)cert,             /* CA cert */
3629            (uint32_t)cert_len,         /* length of CA cert */
3630            key_n_start,                /* Byte position of public key */
3631            (key_n_start + key_n_len),
3632            key_e_start,
3633            (key_e_start + key_e_len),
3634            (uint8_t*)ca_cert_sig,      /* RSA 2048 PSS with SHA256 */
3635            g_encrypted_publicCA_key    /* RSA-2048 public key 560 bytes */
3636        );
3637    #else /* WOLFSSL_RENESAS_TSIP_VER < 109 */
3638        ret = R_TSIP_TlsRootCertificateVerification(
3639            (uint8_t*)cert,/* CA cert */
3640            (uint32_t)cert_len,/* length of CA cert */
3641            key_n_start, /* Byte position of public key */
3642            (key_n_start + key_n_len),
3643            key_e_start,
3644            (key_e_start + key_e_len),
3645            (uint8_t*)ca_cert_sig,/* "RSA 2048 PSS with SHA256" */
3646            /* RSA-2048 public key used by RSA-2048 PSS with SHA256. 560 Bytes */
3647            g_encrypted_publicCA_key
3648        );
3649    #endif
3650
3651        if (ret != TSIP_SUCCESS) {
3652            WOLFSSL_MSG(" R_TSIP_TlsRootCertificateVerification failed");
3653        }
3654        else {
3655            g_CAscm_Idx = cm_row;
3656        }
3657
3658        tsip_hw_unlock();
3659    }
3660    else {
3661        WOLFSSL_MSG(" hw lock failed ");
3662    }
3663    WOLFSSL_LEAVE("wc_tsip_tls_RootCertVerify", ret);
3664    return ret;
3665}
3666#endif /* WOLFSSL_RENESAS_TSIP_TLS */
3667
3668#if !defined(NO_RSA)
3669/*  Perform signing with the client's RSA private key on hash value of messages
3670 *  exchanged with server.
3671 *
3672 * parameters
3673 *   info->pk.rsa.in    : not used
3674 *   info->pk.rsa.inlen : not used
3675 *   info->pk.rsa.out   : the buffer where the signature data is output to
3676 *   info->pk.rsa.outlen: the length of the pk.rsa.out
3677 *   tuc:  the pointer to the TsipUserCtx structure
3678 * returns
3679 *   0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
3680 *
3681 */
3682int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
3683{
3684    int ret = 0;
3685    e_tsip_err_t    err = TSIP_SUCCESS;
3686    tsip_rsa_byte_data_t hashData, sigData;
3687    WOLFSSL* ssl = NULL;
3688    uint8_t  tsip_hash_type;
3689
3690    WOLFSSL_ENTER("tsip_SignRsaPkcs");
3691
3692    if (info == NULL || tuc == NULL
3693    #ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
3694    || tuc->internal->ssl == NULL
3695    #endif
3696    ) {
3697            ret = BAD_FUNC_ARG;
3698    }
3699
3700#ifdef WOLFSSL_RENESAS_TSIP_TLS
3701    if (ret == 0) {
3702        ssl = tuc->internal->ssl;
3703
3704        if (ssl->version.major == SSLv3_MAJOR &&
3705            ssl->version.minor == TLSv1_3_MINOR) {
3706            ret = CRYPTOCB_UNAVAILABLE;
3707        }
3708    }
3709
3710    if (ret == 0) {
3711        /* import private key_index from wrapped key */
3712        ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
3713    }
3714
3715    if (ret == 0) {
3716        if (ssl->options.hashAlgo == md5_mac)
3717            tsip_hash_type = R_TSIP_RSA_HASH_MD5;
3718        else if (ssl->options.hashAlgo == sha_mac)
3719            tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
3720        else if (ssl->options.hashAlgo == sha256_mac)
3721            tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
3722        else
3723            ret = CRYPTOCB_UNAVAILABLE;
3724    }
3725#else
3726    (void)ssl;
3727
3728    if (ret == 0) {
3729       if (tuc->sign_hash_type == md5_mac)
3730           tsip_hash_type = R_TSIP_RSA_HASH_MD5;
3731       else if (tuc->sign_hash_type == sha_mac)
3732           tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
3733       else if (tuc->sign_hash_type == sha256_mac)
3734           tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
3735       else
3736           ret = CRYPTOCB_UNAVAILABLE;
3737    }
3738
3739    switch (tuc->wrappedKeyType) {
3740#if defined(TSIP_RSASSA_1024) && TSIP_RSASSA_1024 == 1
3741        case TSIP_KEY_TYPE_RSA1024:
3742            if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) {
3743                WOLFSSL_MSG("tsip rsa private key 1024 not set");
3744                    ret = CRYPTOCB_UNAVAILABLE;
3745            }
3746            break;
3747#endif
3748#if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
3749        case TSIP_KEY_TYPE_RSA2048:
3750            if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) {
3751                WOLFSSL_MSG("tsip rsa private key 2048 not set");
3752                    ret = CRYPTOCB_UNAVAILABLE;
3753            }
3754            break;
3755#endif
3756        default:
3757            WOLFSSL_MSG("wrapped private key is not supported");
3758            ret = CRYPTOCB_UNAVAILABLE;
3759            break;
3760    }
3761#endif
3762
3763    if (ret == 0) {
3764    #ifdef WOLFSSL_RENESAS_TSIP_TLS
3765        /* since TSIP driver adds ASN.1 input data uses raw digest */
3766        hashData.pdata      = (uint8_t*)ssl->buffers.digest.buffer;
3767        hashData.data_length= ssl->buffers.digest.length;
3768        hashData.data_type  = 1; /* hashed data */
3769        sigData.pdata       = (uint8_t*)info->pk.rsa.out;
3770        sigData.data_length = 0; /* signature size will be returned here */
3771    #else
3772        hashData.pdata      = (uint8_t*)info->pk.rsa.in;
3773        hashData.data_length= info->pk.rsa.inLen;
3774        hashData.data_type  = tuc->keyflgs_crypt.bits.message_type;
3775        sigData.pdata       = (uint8_t*)info->pk.rsa.out;
3776        sigData.data_length = 0;
3777    #endif
3778        if ((ret = tsip_hw_lock()) == 0) {
3779            switch (tuc->wrappedKeyType) {
3780#if (defined(TSIP_RSASSA_1024) && TSIP_RSASSA_1024 == 1) && \
3781                defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
3782                case TSIP_KEY_TYPE_RSA1024:
3783                    err = R_TSIP_RsassaPkcs1024SignatureGenerate(
3784                                                &hashData, &sigData,
3785                                       (tsip_rsa1024_private_key_index_t*)
3786                                                tuc->rsa1024pri_keyIdx,
3787                                                tsip_hash_type);
3788
3789                    if (err != TSIP_SUCCESS) {
3790                        ret = WC_HW_E;
3791                    }
3792                    break;
3793#endif
3794#if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
3795                case TSIP_KEY_TYPE_RSA2048:
3796                    err = R_TSIP_RsassaPkcs2048SignatureGenerate(
3797                                                &hashData, &sigData,
3798                                   #ifdef WOLFSSL_RENESAS_TSIP_TLS
3799                                    &(tuc->internal->Rsa2048PrivateKeyIdx),
3800                                   #else
3801                                    (tsip_rsa2048_private_key_index_t*)
3802                                                tuc->rsa2048pri_keyIdx,
3803                                   #endif
3804                                                tsip_hash_type);
3805
3806                    if (err != TSIP_SUCCESS) {
3807                        ret = WC_HW_E;
3808                    }
3809                    *(info->pk.rsa.outLen) = sigData.data_length;
3810                    break;
3811#endif
3812                case TSIP_KEY_TYPE_RSA4096:
3813                    ret = CRYPTOCB_UNAVAILABLE;
3814                    break;
3815
3816                default:
3817                    WOLFSSL_MSG("wrapped private key is not supported");
3818                    ret = CRYPTOCB_UNAVAILABLE;
3819                    break;
3820            }
3821
3822            tsip_hw_unlock();
3823        }
3824        else {
3825            WOLFSSL_MSG("mutex locking error");
3826        }
3827    }
3828
3829    WOLFSSL_LEAVE("tsip_SignRsaPkcs", ret);
3830    return ret;
3831}
3832#endif /* !NO_RSA */
3833
3834#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_TSIP_TLS)
3835int tsip_VerifyRsaPkcsCb(
3836                        WOLFSSL* ssl,
3837                        unsigned char* sig, unsigned int sigSz,
3838                        unsigned char** out,
3839                        const unsigned char* keyDer, unsigned int keySz,
3840                        void* ctx)
3841{
3842    int ret = 0;
3843    e_tsip_err_t    err = TSIP_SUCCESS;
3844    tsip_rsa_byte_data_t hashData, sigData;
3845    TsipUserCtx* tuc = NULL;
3846    uint8_t  tsip_hash_type;
3847    (void)keyDer;
3848    (void)keySz;
3849
3850    WOLFSSL_ENTER("tsip_VerifyRsaPkcsCb");
3851
3852    if (sig == NULL || out == NULL || ctx == NULL) {
3853            ret = BAD_FUNC_ARG;
3854    }
3855
3856    if (ssl->version.major == SSLv3_MAJOR &&
3857        ssl->version.minor == TLSv1_3_MINOR) {
3858        ret = CRYPTOCB_UNAVAILABLE;
3859    }
3860
3861    if (ret == 0) {
3862        tuc = (TsipUserCtx*)ctx;
3863        if (tuc == NULL)
3864            ret = CRYPTOCB_UNAVAILABLE;
3865    }
3866
3867    if (ret == 0) {
3868        /* import public key_index from wrapped key */
3869        ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
3870    }
3871
3872    if (ret == 0) {
3873        if (ssl->options.hashAlgo == md5_mac)
3874            tsip_hash_type = R_TSIP_RSA_HASH_MD5;
3875        else if (ssl->options.hashAlgo == sha_mac)
3876            tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
3877        else if (ssl->options.hashAlgo == sha256_mac)
3878            tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
3879        else {
3880            ret = CRYPTOCB_UNAVAILABLE;
3881        }
3882    }
3883
3884    if (ret == 0) {
3885        sigData.pdata       = (uint8_t*)sig;
3886        sigData.data_length = sigSz;
3887        /* Since TSITP driver handles ASN.1 internally,
3888         * the expected data is raw hash.
3889         */
3890        hashData.pdata      = (uint8_t*)ssl->buffers.digest.buffer;
3891        hashData.data_type  = 1;  /* hash value */
3892
3893        if ((ret = tsip_hw_lock()) == 0) {
3894
3895            switch (tuc->wrappedKeyType) {
3896#if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
3897                case TSIP_KEY_TYPE_RSA2048:
3898                    err = R_TSIP_RsassaPkcs2048SignatureVerification(
3899                                        &sigData, &hashData,
3900                                        &(tuc->internal->Rsa2048PublicKeyIdx),
3901                                        tsip_hash_type);
3902
3903                    if (err == TSIP_ERR_AUTHENTICATION) {
3904                        ret = VERIFY_CERT_ERROR;
3905                    }
3906                    else if (err == TSIP_SUCCESS) {
3907                        ret = 0;
3908                    }
3909                    else {
3910                        ret = WC_HW_E;
3911                    }
3912                    break;
3913#endif
3914                case TSIP_KEY_TYPE_RSA4096:
3915                    ret = CRYPTOCB_UNAVAILABLE;
3916                    break;
3917
3918                default:
3919                    WOLFSSL_MSG("wrapped private key is not supported");
3920                    ret = CRYPTOCB_UNAVAILABLE;
3921                    break;
3922            }
3923            tsip_hw_unlock();
3924        }
3925        else {
3926            WOLFSSL_MSG("mutex locking error");
3927        }
3928    }
3929    WOLFSSL_LEAVE("tsip_VerifyRsaPkcsCb", ret);
3930    return ret;
3931}
3932#endif /* !NO_RSA && TSIP_TLS */
3933
3934#if defined(HAVE_ECC)
3935#if defined(WOLFSSL_RENESAS_TSIP_TLS)
3936/*   Perform signing with the client's ECC private key on hash value of messages
3937 *   exchanged with server.
3938 *
3939 * parameters
3940 *   info->pk.eccsign.in    : the buffer holding hash value of messages
3941 *   info->pk.eccsign.inlen : hash data size
3942 *   info->pk.eccsign.out   : the buffer where the signature data is output to
3943 *   info->pk.eccsign.outlen: the length of the buffer pk.eccsign.out
3944 *   tuc:  the pointer to the TsipUserCtx structure
3945 * returns
3946 *   0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
3947 * note
3948 *   signature will be DER encoded and stored into out buffer.
3949 *   the private key must be imported as TSIP specific format.
3950 */
3951int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
3952{
3953    int ret = 0;
3954    e_tsip_err_t    err = TSIP_SUCCESS;
3955    tsip_ecdsa_byte_data_t hashData, sigData;
3956    byte  offsetForWork;
3957    byte* out = NULL;
3958    byte* sig = NULL;
3959    int   rSz = 0;
3960    int   sSz = 0;
3961    int   idx = 0;
3962    int   sz = 0;
3963    WOLFSSL* ssl = NULL;
3964
3965    WOLFSSL_ENTER("tsip_SignEcdsa");
3966
3967    if (info == NULL || tuc == NULL) {
3968        ret = CRYPTOCB_UNAVAILABLE;
3969    }
3970
3971    if (ret == 0) {
3972        ssl = tuc->internal->ssl;
3973
3974        if (ssl->version.major == SSLv3_MAJOR &&
3975            ssl->version.minor == TLSv1_3_MINOR) {
3976            ret = CRYPTOCB_UNAVAILABLE;
3977        }
3978    }
3979
3980    if (ret == 0) {
3981        /* import private key_index from wrapped key */
3982        ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
3983    }
3984
3985    if (ret == 0) {
3986        hashData.pdata      = (uint8_t*)info->pk.eccsign.in;
3987        hashData.data_type  = 1;
3988        sigData.pdata       = (uint8_t*)info->pk.eccsign.out;
3989        sigData.data_length = 0; /* signature size will be returned here */
3990
3991        if ((ret = tsip_hw_lock()) == 0) {
3992            switch (tuc->wrappedKeyType) {
3993
3994                #if !defined(NO_ECC256)
3995                case TSIP_KEY_TYPE_ECDSAP256:
3996                    offsetForWork = R_TSIP_ECDSA_DATA_BYTE_SIZE + 32;
3997                    if (*(info->pk.eccsign.outlen) <
3998                                R_TSIP_ECDSA_DATA_BYTE_SIZE + offsetForWork) {
3999                        ret = BUFFER_E;
4000                        break;
4001                    }
4002
4003                    sigData.pdata = (uint8_t*)info->pk.eccsign.out +
4004                                                            offsetForWork;
4005                    err = R_TSIP_EcdsaP256SignatureGenerate(
4006                                        &hashData, &sigData,
4007                                        &(tuc->internal->EcdsaPrivateKeyIdx));
4008                    if (err != TSIP_SUCCESS) {
4009                        ret = WC_HW_E;
4010                        break;
4011                    }
4012
4013                    out = info->pk.eccsign.out;
4014                    sig = sigData.pdata;
4015
4016                    rSz =  sSz = R_TSIP_ECDSA_DATA_BYTE_SIZE / 2;
4017                    rSz += (sig[0] & 0x80)?1:0;
4018                    sSz += (sig[sSz] & 0x80)?1:0;
4019                    sz  =  (ASN_TAG_SZ + 1) * 2 + rSz + sSz;
4020
4021                    /* encode ASN sequence */
4022                    out[idx++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
4023                    out[idx++] = sz;
4024
4025                    /* copy r part */
4026                    out[idx++] = ASN_INTEGER;
4027                    out[idx++] = rSz;
4028                    if (rSz > R_TSIP_ECDSA_DATA_BYTE_SIZE / 2)
4029                        out[idx++] = 0x00;
4030                    XMEMCPY(&out[idx], sig, R_TSIP_ECDSA_DATA_BYTE_SIZE / 2);
4031                    idx += R_TSIP_ECDSA_DATA_BYTE_SIZE / 2;
4032                    sig += R_TSIP_ECDSA_DATA_BYTE_SIZE / 2;
4033                    /* copy s part */
4034                    out[idx++] = ASN_INTEGER;
4035                    out[idx++] = sSz;
4036                    if (sSz > R_TSIP_ECDSA_DATA_BYTE_SIZE / 2)
4037                        out[idx++] = 0x00;
4038                    XMEMCPY(&out[idx], sig, R_TSIP_ECDSA_DATA_BYTE_SIZE / 2);
4039
4040                    /* out size */
4041                    *(info->pk.eccsign.outlen) = ASN_TAG_SZ + 1 + sz;
4042                    break;
4043                #endif
4044
4045                #if defined(HAVE_ECC384)
4046                case TSIP_KEY_TYPE_ECDSAP384:
4047                    ret = CRYPTOCB_UNAVAILABLE;
4048                    break;
4049                #endif
4050
4051                default:
4052                    WOLFSSL_MSG("wrapped private key is not supported");
4053                    ret = CRYPTOCB_UNAVAILABLE;
4054                    break;
4055            }
4056            tsip_hw_unlock();
4057        }
4058        else {
4059            WOLFSSL_MSG("mutex locking error");
4060        }
4061    }
4062    WOLFSSL_LEAVE("tsip_SignEcdsa", ret);
4063    return ret;
4064}
4065#endif /* WOLFSSL_RENESAS_TSIP_TLS */
4066
4067#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
4068/* zero pad or truncate hash */
4069static int tsip_HashPad(int curveSz, uint8_t* hash,
4070    const uint8_t* hashIn, int hashSz)
4071{
4072    if (hashSz > curveSz)
4073        hashSz = curveSz;
4074    XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
4075    return curveSz;
4076}
4077
4078/* Perform verify with the wrapped public key, provided hash and signature r+s
4079 *
4080 * parameters
4081 *   info->pk.eccverify.in    : the buffer holding hash value of messages
4082 *   info->pk.eccverify.inlen : hash data size
4083 *   info->pk.eccverify.out   : the buffer where the signature data is output to
4084 *   info->pk.eccverify.outlen: the length of the buffer pk.eccsign.out
4085 *   tuc:  the pointer to the TsipUserCtx structure
4086 * returns
4087 *   0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
4088 */
4089int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
4090{
4091    int ret = 0;
4092    e_tsip_err_t    err = TSIP_SUCCESS;
4093    tsip_ecdsa_byte_data_t hashData, sigData;
4094    /* hard coding largest digest size, since WC_MAX_DIGEST_SZ could be 32
4095     * if using SHA2-256 with ECDSA SECP384R1 */
4096    uint8_t hash[TSIP_MAX_ECC_BYTES];
4097
4098    WOLFSSL_ENTER("tsip_VerifyEcdsa");
4099
4100    if (info == NULL || tuc == NULL) {
4101        ret = CRYPTOCB_UNAVAILABLE;
4102    }
4103
4104    XMEMSET(hash, 0, sizeof(hash));
4105
4106    if (ret == 0) {
4107        /* import public key_index from wrapped key */
4108        ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
4109    }
4110
4111    if (ret == 0) {
4112        int curveSz = info->pk.eccverify.key->dp->size;
4113        hashData.pdata      = (uint8_t*)hash;
4114        hashData.data_type  = tuc->keyflgs_crypt.bits.message_type;
4115        sigData.pdata       = (uint8_t*)info->pk.eccverify.sig;
4116        sigData.data_length = info->pk.eccverify.siglen;
4117
4118        if ((ret = tsip_hw_lock()) == 0) {
4119            switch (tuc->wrappedKeyType) {
4120            #if !defined(NO_ECC256)
4121                case TSIP_KEY_TYPE_ECDSAP256:
4122                    /* zero pad or truncate */
4123                    hashData.data_length = tsip_HashPad(curveSz,
4124                        hash, info->pk.eccverify.hash,
4125                        info->pk.eccverify.hashlen);
4126
4127                    err = R_TSIP_EcdsaP256SignatureVerification(&sigData,
4128                        &hashData, &tuc->eccpub_keyIdx);
4129                    if (err == TSIP_SUCCESS) {
4130                        *info->pk.eccverify.res = 1; /* success */
4131                    }
4132                    else {
4133                        ret = WC_HW_E;
4134                    }
4135                    break;
4136                    break;
4137            #endif
4138
4139            #if defined(HAVE_ECC384)
4140                case TSIP_KEY_TYPE_ECDSAP384:
4141                    /* zero pad or truncate */
4142                    hashData.data_length = tsip_HashPad(curveSz,
4143                        hash, info->pk.eccverify.hash,
4144                        info->pk.eccverify.hashlen);
4145
4146                    err = R_TSIP_EcdsaP384SignatureVerification(&sigData,
4147                        &hashData, &tuc->eccpub_keyIdx);
4148                    if (err == TSIP_SUCCESS) {
4149                        *info->pk.eccverify.res = 1; /* success */
4150                    }
4151                    else {
4152                        ret = WC_HW_E;
4153                    }
4154                    break;
4155            #endif
4156
4157                default:
4158                    WOLFSSL_MSG("ECDSA public key size not available");
4159                    ret = CRYPTOCB_UNAVAILABLE;
4160                    break;
4161            }
4162            tsip_hw_unlock();
4163        }
4164        else {
4165            WOLFSSL_MSG("mutex locking error");
4166        }
4167    }
4168    WOLFSSL_LEAVE("tsip_VerifyEcdsa", ret);
4169    return ret;
4170}
4171#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
4172#endif /* HAVE_ECC */
4173
4174
4175#ifdef WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG
4176
4177#if 0
4178   /* this is here for documentation purposes. */
4179   enum e_tsip_err {
4180    TSIP_SUCCESS = 0,
4181    TSIP_ERR_SELF_CHECK1,       /* Self-check 1 fail or TSIP function internal err. */
4182    TSIP_ERR_RESOURCE_CONFLICT, /* A resource conflict occurred. */
4183    TSIP_ERR_SELF_CHECK2,       /* Self-check 2 fail. */
4184    TSIP_ERR_KEY_SET,           /* setting the invalid key. */
4185    TSIP_ERR_AUTHENTICATION,    /* Authentication failed. */
4186    TSIP_ERR_CALLBACK_UNREGIST, /* Callback function is not registered. */
4187    TSIP_ERR_PARAMETER,         /* Illegal Input data. */
4188    TSIP_ERR_PROHIBIT_FUNCTION, /* An invalid function call occurred. */
4189    TSIP_RESUME_FIRMWARE_GENERATE_MAC
4190                  /* There is a continuation of R_TSIP_GenerateFirmwareMAC. */
4191   };
4192#endif
4193
4194static void hexdump(const uint8_t* in, uint32_t len)
4195{
4196    uint32_t i;
4197
4198    if (in == NULL)
4199        return;
4200
4201    for (i = 0; i <= len;i++, in++) {
4202        printf("%02x:", *in);
4203        if (((i+1)%16)==0) {
4204            printf("\n");
4205        }
4206    }
4207    printf("\n");
4208}
4209
4210byte *ret2err(word32 ret)
4211{
4212    switch(ret) {
4213        case TSIP_SUCCESS: return "success";
4214        case TSIP_ERR_SELF_CHECK1: return "selfcheck1";
4215        case TSIP_ERR_RESOURCE_CONFLICT: return "rsconflict";
4216        case TSIP_ERR_SELF_CHECK2: return "selfcheck2";
4217        case TSIP_ERR_KEY_SET: return "keyset";
4218        case TSIP_ERR_AUTHENTICATION: return "authentication";
4219        case TSIP_ERR_CALLBACK_UNREGIST: return "callback unreg";
4220        case TSIP_ERR_PARAMETER: return "badarg";
4221        case TSIP_ERR_PROHIBIT_FUNCTION: return "prohibitfunc";
4222        case TSIP_RESUME_FIRMWARE_GENERATE_MAC: return "conti-generate-mac";
4223        default:return "unknown";
4224    }
4225}
4226
4227#endif /* WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG */
4228#endif /* WOLFSSL_RENESAS_TSIP */