mirror of
https://github.com/wiidev/usbloadergx.git
synced 2024-11-12 14:35:10 +01:00
225 lines
7.6 KiB
C
225 lines
7.6 KiB
C
|
/* renesas-sce-crypt.h
|
||
|
*
|
||
|
* Copyright (C) 2006-2022 wolfSSL Inc.
|
||
|
*
|
||
|
* This file is part of wolfSSL.
|
||
|
*
|
||
|
* wolfSSL is free software; you can redistribute it and/or modify
|
||
|
* it under the terms of the GNU General Public License as published by
|
||
|
* the Free Software Foundation; either version 2 of the License, or
|
||
|
* (at your option) any later version.
|
||
|
*
|
||
|
* wolfSSL is distributed in the hope that it will be useful,
|
||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
* GNU General Public License for more details.
|
||
|
*
|
||
|
* You should have received a copy of the GNU General Public License
|
||
|
* along with this program; if not, write to the Free Software
|
||
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||
|
*/
|
||
|
#ifndef __RENESAS_SCE_CRYPT_H__
|
||
|
#define __RENESAS_SCE_CRYPT_H__
|
||
|
|
||
|
#include "r_sce.h"
|
||
|
#include <libs/libwolfssl/wolfcrypt/settings.h>
|
||
|
#include <libs/libwolfssl/wolfcrypt/logging.h>
|
||
|
|
||
|
#ifdef __cplusplus
|
||
|
extern "C" {
|
||
|
#endif
|
||
|
|
||
|
#define SCE_SESSIONKEY_NONCE_SIZE 8
|
||
|
#define WOLFSSL_SCE_ILLEGAL_CIPHERSUITE -1
|
||
|
|
||
|
#define MAX_SCE_CBINDEX 5
|
||
|
|
||
|
typedef struct tagUser_SCEPKCbInfo {
|
||
|
/* unique number for each session */
|
||
|
int devId;
|
||
|
|
||
|
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
|
||
|
uint32_t encrypted_ephemeral_ecdh_public_key[SCE_TLS_ENCRYPTED_ECCPUBKEY_SZ];
|
||
|
/* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */
|
||
|
sce_tls_p256_ecc_wrapped_key_t ecc_p256_wrapped_key;
|
||
|
uint8_t ecc_ecdh_public_key[HW_SCE_ECC_PUBLIC_KEY_BYTE_SIZE];
|
||
|
|
||
|
uint32_t sce_masterSecret[SCE_TLS_MASTERSECRET_SIZE/4];
|
||
|
uint8_t sce_clientRandom[SCE_TLS_CLIENTRANDOM_SZ];
|
||
|
uint8_t sce_serverRandom[SCE_TLS_SERVERRANDOM_SZ];
|
||
|
uint8_t sce_cipher;
|
||
|
|
||
|
/* installed key handling */
|
||
|
sce_aes_wrapped_key_t sce_wrapped_key_aes256;
|
||
|
uint8_t aes256_installedkey_set:1;
|
||
|
sce_aes_wrapped_key_t sce_wrapped_key_aes128;
|
||
|
uint8_t aes128_installedkey_set:1;
|
||
|
|
||
|
/* flag whether encrypted ec key is set */
|
||
|
uint8_t pk_key_set:1;
|
||
|
uint8_t session_key_set:1;
|
||
|
|
||
|
} User_SCEPKCbInfo;
|
||
|
|
||
|
typedef struct tagSCE_PKCbInfo {
|
||
|
User_SCEPKCbInfo *user_PKCbInfo[MAX_SCE_CBINDEX];
|
||
|
uint32_t num_session;
|
||
|
} SCE_PKCbInfo;
|
||
|
|
||
|
typedef struct
|
||
|
{
|
||
|
uint8_t *encrypted_provisioning_key;
|
||
|
uint8_t *iv;
|
||
|
uint8_t *encrypted_user_tls_key;
|
||
|
uint32_t encrypted_user_tls_key_type;
|
||
|
sce_tls_ca_certification_public_wrapped_key_t user_rsa2048_tls_wrappedkey;
|
||
|
} sce_key_data;
|
||
|
|
||
|
struct WOLFSSL;
|
||
|
struct WOLFSSL_CTX;
|
||
|
struct ecc_key;
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_Open();
|
||
|
WOLFSSL_LOCAL void wc_sce_Close();
|
||
|
WOLFSSL_LOCAL int wc_sce_hw_lock();
|
||
|
WOLFSSL_LOCAL void wc_sce_hw_unlock( void );
|
||
|
WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl,
|
||
|
uint8_t session_key_generated);
|
||
|
|
||
|
typedef struct {
|
||
|
sce_aes_wrapped_key_t sce_wrapped_key;
|
||
|
word32 keySize;
|
||
|
byte setup;
|
||
|
} SCE_AES_CTX;
|
||
|
|
||
|
struct Aes;
|
||
|
WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in,
|
||
|
word32 sz);
|
||
|
WOLFSSL_LOCAL int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in,
|
||
|
word32 sz);
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
|
||
|
const byte* in, word32 sz,
|
||
|
byte* iv, word32 ivSz,
|
||
|
byte* authTag, word32 authTagSz,
|
||
|
const byte* authIn, word32 authInSz,
|
||
|
void* ctx);
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
|
||
|
const byte* in, word32 sz,
|
||
|
const byte* iv, word32 ivSz,
|
||
|
const byte* authTag, word32 authTagSz,
|
||
|
const byte* authIn, word32 authInSz,
|
||
|
void* ctx);
|
||
|
|
||
|
#if !defined(NO_SHA256) && !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
|
||
|
|
||
|
typedef enum {
|
||
|
SCE_SHA256 = 1,
|
||
|
} SCE_SHA_TYPE;
|
||
|
|
||
|
typedef struct {
|
||
|
byte* msg;
|
||
|
void* heap;
|
||
|
word32 used;
|
||
|
word32 len;
|
||
|
word32 sha_type;
|
||
|
#if defined(WOLF_CRYPTO_CB)
|
||
|
word32 flags;
|
||
|
int devId;
|
||
|
#endif
|
||
|
} wolfssl_SCE_Hash;
|
||
|
|
||
|
/* RAW hash function APIs are not implemented with SCE */
|
||
|
#undef WOLFSSL_NO_HASH_RAW
|
||
|
#define WOLFSSL_NO_HASH_RAW
|
||
|
|
||
|
typedef wolfssl_SCE_Hash wc_Sha256;
|
||
|
|
||
|
#endif /* NO_SHA */
|
||
|
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify(
|
||
|
const uint8_t* cert, uint32_t cert_len,
|
||
|
uint32_t key_n_start, uint32_t key_n_len,
|
||
|
uint32_t key_e_start, uint32_t key_e_len,
|
||
|
uint32_t cm_row);
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_tls_CertVerify(
|
||
|
const uint8_t* cert, uint32_t certSz,
|
||
|
const uint8_t* signature, uint32_t sigSz,
|
||
|
uint32_t key_n_start, uint32_t key_n_len,
|
||
|
uint32_t key_e_start, uint32_t key_e_len,
|
||
|
uint8_t* sce_encRsaKeyIdx);
|
||
|
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_generatePremasterSecret(
|
||
|
uint8_t* premaster,
|
||
|
uint32_t preSz);
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret(
|
||
|
struct WOLFSSL* ssl,
|
||
|
uint8_t* out,
|
||
|
uint32_t* outSz);
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac(
|
||
|
const struct WOLFSSL *ssl,
|
||
|
const uint8_t* myInner,
|
||
|
uint32_t innerSz,
|
||
|
const uint8_t* in,
|
||
|
uint32_t sz,
|
||
|
uint8_t* digest);
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac(
|
||
|
const struct WOLFSSL *ssl,
|
||
|
const uint8_t* message,
|
||
|
uint32_t messageSz,
|
||
|
uint32_t macSz,
|
||
|
uint32_t content);
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_storeKeyCtx(
|
||
|
struct WOLFSSL* ssl,
|
||
|
User_SCEPKCbInfo* info);
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_generateVerifyData(
|
||
|
const uint8_t* ms, /* master secret */
|
||
|
const uint8_t* side,
|
||
|
const uint8_t* handshake_hash,
|
||
|
uint8_t* hashes /* out */);
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_generateSessionKey(
|
||
|
struct WOLFSSL* ssl,
|
||
|
User_SCEPKCbInfo* cbInfo,
|
||
|
int devId);
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_sce_generateMasterSecret(
|
||
|
uint8_t cipherSuiteFirst,
|
||
|
uint8_t cipherSuite,
|
||
|
const uint8_t *pr, /* pre-master */
|
||
|
const uint8_t *cr, /* client random */
|
||
|
const uint8_t *sr, /* server random */
|
||
|
uint8_t *ms);
|
||
|
|
||
|
WOLFSSL_LOCAL int wc_SCE_RsaVerify(struct WOLFSSL* ssl, byte* sig, uint32_t sigSz,
|
||
|
uint8_t** out, const byte* key, uint32_t keySz, void* ctx);
|
||
|
WOLFSSL_LOCAL int wc_SCE_EccVerify(struct WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz,
|
||
|
const uint8_t* hash, uint32_t hashSz, const uint8_t* key, uint32_t keySz,
|
||
|
int* result, void* ctx);
|
||
|
/* Callback for EccShareSecret */
|
||
|
WOLFSSL_LOCAL int SCE_EccSharedSecret(struct WOLFSSL* ssl, struct ecc_key* otherKey,
|
||
|
uint8_t* pubKeyDer, unsigned int* pubKeySz,
|
||
|
uint8_t* out, unsigned int* outlen, int side, void* ctx);
|
||
|
|
||
|
/* user API */
|
||
|
WOLFSSL_API void wc_sce_inform_user_keys(
|
||
|
uint8_t* encrypted_provisioning_key,
|
||
|
uint8_t* iv,
|
||
|
uint8_t* encrypted_user_tls_key,
|
||
|
uint32_t encrypted_user_tls_key_type);
|
||
|
|
||
|
WOLFSSL_API void wc_sce_set_callbacks(struct WOLFSSL_CTX* ctx);
|
||
|
WOLFSSL_API int wc_sce_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx);
|
||
|
WOLFSSL_API void wc_sce_inform_cert_sign(const uint8_t *sign);
|
||
|
|
||
|
#endif /* __RENESAS_SCE_CRYPT_H__ */
|