Fix RSA TSIP to return the actual cipher or plain length on success. Fix crypto callback to properly support PKCSv1.5 sign/verify and encrypt/decrypt based on padding info.

Author: dgarske

wolfcrypt/src/cryptocb.c

@@ -445,8 +445,8 @@ int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
 
 #ifdef WOLF_CRYPTO_CB_RSA_PAD
 int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
-                    word32* outLen, int type, RsaKey* key, WC_RNG* rng,
-                           RsaPadding *padding)
+                       word32* outLen, int type, RsaKey* key, WC_RNG* rng,
+                       RsaPadding *padding)
 {
     int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
@@ -458,9 +458,8 @@ int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
     /* locate registered callback */
     dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
 
-    if (padding) {
-        switch(padding->pad_type) {
-#ifndef NO_PKCS11_RSA_PKCS
+    if (padding != NULL) {
+        switch (padding->pad_type) {
         case WC_RSA_PKCSV15_PAD:
             pk_type = WC_PK_TYPE_RSA_PKCS;
             break;
@@ -470,7 +469,6 @@ int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
         case WC_RSA_OAEP_PAD:
             pk_type = WC_PK_TYPE_RSA_OAEP;
             break;
-#endif /* NO_PKCS11_RSA_PKCS */
         default:
             pk_type = WC_PK_TYPE_RSA;
         }
@@ -497,7 +495,7 @@ int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
 
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
-#endif
+#endif /* WOLF_CRYPTO_CB_RSA_PAD */
 
 #ifdef WOLFSSL_KEY_GEN
 int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)

wolfcrypt/src/port/Renesas/renesas_common.c

@@ -251,35 +251,33 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
     }
 
     if (info->algo_type == WC_ALGO_TYPE_PK) {
-    #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-        #if defined(WOLFSSL_KEY_GEN)
-        if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
-            (info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) {
+    #if !defined(NO_RSA)
+    #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+        if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
             ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
-        } else
-        #endif
-        if (info->pk.type == WC_PK_TYPE_RSA &&
-            (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
-             info->pk.rsa.type == RSA_PUBLIC_ENCRYPT)) {
-            /* rsa public encrypt/private decrypt */
-           ret = wc_tsip_RsaFunction(info, cbInfo);
-        } else
-    #endif
-        if (info->pk.type == WC_PK_TYPE_RSA &&
-            info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
-            /* RSA Signing
-            * Can handle only RSA PkCS#1v1.5 padding scheme here.
-            */
-            ret = tsip_SignRsaPkcs(info, cbInfo);
-        }
-    #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-        /* RSA Verify */
-        else if (info->pk.type == WC_PK_TYPE_RSA &&
-                 info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
-            ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
         }
     #endif
-
+        /* tsip only supports PKCSV15 padding scheme */
+        if (info->pk.type == WC_PK_TYPE_RSA_PKCS) {
+            RsaPadding* pad = info->pk.rsa.padding;
+            if (pad && pad->pad_value == RSA_BLOCK_TYPE_1) {
+                /* sign / verify */
+                if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT ||
+                    info->pk.rsa.type == RSA_PRIVATE_DECRYPT) {
+                    ret = tsip_SignRsaPkcs(info, cbInfo);
+                }
+                else {
+                    ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
+                }
+            }
+        #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+            else if (pad && pad->pad_value == RSA_BLOCK_TYPE_2) {
+                /* encrypt/decrypt */
+                ret = wc_tsip_RsaFunction(info, cbInfo);
+            }
+        #endif
+        }
+    #endif /* !NO_RSA */
     #if defined(HAVE_ECC)
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
         if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
@@ -468,7 +466,7 @@ int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated)
  * Get Callback ctx by devId
  *
  * devId   : devId to get its CTX
- * return  asocciated CTX when the method is successfully called.
+ * return  associated CTX when the method is successfully called.
  *         otherwise, NULL
  */
 WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)

wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c

@@ -67,7 +67,7 @@ WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(RsaKey *key)
 /* Set Rsa key by pre-created wrapped user key
  *
  * key    RsaKey object
- * size   desired keylenth, in bits. supports 1024 or 2048 bits
+ * size   desired key length, in bits. supports 1024 or 2048 bits
  * ctx    Callback context including pointer to hold generated key
  * return FSP_SUCCESS(0) on Success, otherwise negative value
  */

wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c

@@ -42,11 +42,11 @@
 /* Make RSA key for TSIP and set it to callback ctx
  * Assumes to be called by Crypt Callback
  *
- * size   desired keylenth, in bits. supports 1024 or 2048 bits
+ * size   desired key length, in bits. supports 1024 or 2048 bits
  * ctx    Callback context including pointer to hold generated key
  * return TSIP_SUCCESS(0) on Success, otherwise negative value
  */
-WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
+int wc_tsip_MakeRsaKey(int size, void* ctx)
 {
     e_tsip_err_t     ret;
     TsipUserCtx     *info = (TsipUserCtx*)ctx;
@@ -249,6 +249,9 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
                                                           "1024 or 2048 bits.");
                     return BAD_FUNC_ARG;
                 }
+                if (ret == 0) {
+                    info->pk.rsa.outLen = cipher.data_length;
+                }
             }
             else if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT)
             {
@@ -270,6 +273,9 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
                                                           "1024 or 2048 bits.");
                     return BAD_FUNC_ARG;
                 }
+                if (ret == 0) {
+                    info->pk.rsa.outLen = plain.data_length;
+                }
             }
             tsip_hw_unlock();
         }

wolfcrypt/src/port/Renesas/renesas_tsip_util.c

@@ -3632,6 +3632,7 @@ int wc_tsip_tls_RootCertVerify(
     return ret;
 }
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
+
 #if !defined(NO_RSA)
 /*  Perform signing with the client's RSA private key on hash value of messages
  *  exchanged with server.
@@ -3646,7 +3647,7 @@ int wc_tsip_tls_RootCertVerify(
  *   0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
  *
  */
-WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
+int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 {
     int ret = 0;
     e_tsip_err_t    err = TSIP_SUCCESS;
@@ -3724,18 +3725,18 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 #endif
 
     if (ret == 0) {
-       #ifdef WOLFSSL_RENESAS_TSIP_TLS
+    #ifdef WOLFSSL_RENESAS_TSIP_TLS
         hashData.pdata      = (uint8_t*)ssl->buffers.digest.buffer;
         hashData.data_type  = 1;
         sigData.pdata       = (uint8_t*)info->pk.rsa.in;
         sigData.data_length = 0; /* signature size will be returned here */
-       #else
+    #else
         hashData.pdata      = (uint8_t*)info->pk.rsa.in;
         hashData.data_length= info->pk.rsa.inLen;
         hashData.data_type  = tuc->keyflgs_crypt.bits.message_type;
         sigData.pdata       = (uint8_t*)info->pk.rsa.out;
         sigData.data_length = 0;
-       #endif
+    #endif
         if ((ret = tsip_hw_lock()) == 0) {
             switch (tuc->wrappedKeyType) {
             #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
@@ -3752,7 +3753,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
                     break;
             #endif
                 case TSIP_KEY_TYPE_RSA2048:
-
                     err = R_TSIP_RsassaPkcs2048SignatureGenerate(
                                                 &hashData, &sigData,
                                    #ifdef WOLFSSL_RENESAS_TSIP_TLS

wolfcrypt/src/rsa.c

@@ -277,14 +277,14 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
     key->handle = NULL;
 #endif
 
-
 #if defined(WOLFSSL_RENESAS_FSPSM)
     key->ctx.wrapped_pri1024_key = NULL;
     key->ctx.wrapped_pub1024_key = NULL;
     key->ctx.wrapped_pri2048_key = NULL;
     key->ctx.wrapped_pub2048_key = NULL;
     key->ctx.keySz = 0;
 #endif
+
     return ret;
 }
 
@@ -3374,24 +3374,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
                                   pad_value, pad_type, hash, mgf, label,
                                   labelSz, sz);
         }
-    #elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
-          (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
-            defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
-           /* SCE needs wrapped key which is passed via
-            * user ctx object of crypt-call back.
-            */
-       #ifdef WOLF_CRYPTO_CB
-            if (key->devId != INVALID_DEVID) {
-                /* SCE supports 1024 and 2048 bits */
-                ret = wc_CryptoCb_Rsa(in, inLen, out,
-                                    &outLen, rsa_type, key, rng);
-                if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
-                    return ret;
-                /* fall-through when unavailable */
-                ret = 0; /* reset error code and try using software */
-            }
-       #endif
-    #endif /* WOLFSSL_SE050 */
+    #endif /* RSA CRYPTO HW */
 
     #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
         if (key->devId != INVALID_DEVID) {
@@ -3561,21 +3544,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
             }
             return ret;
         }
-    #elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
-          (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
-            defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
-           #ifdef WOLF_CRYPTO_CB
-                if (key->devId != INVALID_DEVID) {
-                    ret = wc_CryptoCb_Rsa(in, inLen, out,
-                                        &outLen, rsa_type, key, rng);
-                    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
-                      return ret;
-                    /* fall-through when unavailable */
-                    ret = 0; /* reset error code and try using software */
-                }
-           #endif
-
-    #endif /* WOLFSSL_CRYPTOCELL */
+    #endif /* RSA CRYPTO HW */
 
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \

wolfcrypt/src/wc_pkcs11.c

@@ -2198,7 +2198,7 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
     case WC_PK_TYPE_RSA_OAEP:
         mechanism = CKM_RSA_PKCS_OAEP;
         break;
-#endif /* NO_PKCS11_RSA_PKCS */
+#endif /* !NO_PKCS11_RSA_PKCS */
     case WC_PK_TYPE_RSA:
         mechanism = CKM_RSA_X_509;
         break;

wolfssl/wolfcrypt/settings.h

@@ -994,6 +994,11 @@
     #define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64
     #define TSIP_TLS_MASTERSECRET_SIZE       80   /* 20 words */
     #define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte  */
+
+    #ifdef WOLF_CRYPTO_CB
+        /* make sure RSA padding callbacks are enabled */
+        #define WOLF_CRYPTO_CB_RSA_PAD
+    #endif
 #endif /* WOLFSSL_RENESAS_TSIP */
 
 #if !defined(WOLFSSL_NO_HASH_RAW) && defined(WOLFSSL_RENESAS_RX64_HASH)