Fixes for RSA TSIP RSA Sign/Verify. Tested on RX72N EnvisionKit. Added THREADX threading support.

dgarske · dgarske · commit d109f38cbd17 · 2024-11-20T13:08:26.000-08:00
```
Start wolf tsip crypt Test

 simple crypt test by using TSIP
 sha_test() passed
 sha256_test() passed
 tsip_aes_cbc_test()  passed
 tsip_aes256_test()  passed
 tsip_rsa_test(2048) passed
 tsip_rsa_SignVerify_test(2048) passed

End wolf tsip crypt Test
```
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
@@ -523,7 +523,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 #endif /* FREERTOS */
 #endif
 
-#if defined(WOLFSSL_AES_128)
+#if defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM)
 
 static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
 {
@@ -805,6 +805,7 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
     const char inStr2[] = TEST_STRING2;
     const word32 inLen = (word32)TEST_STRING_SZ;
     const word32 outSz = RSA_TEST_BYTES;
+    word32 signSz = 0;
     byte *in = NULL;
     byte *in2 = NULL;
     byte *out= NULL;
@@ -848,15 +849,16 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
     if (ret < 0) {
         goto out;
     }
+    signSz = ret;
 
     /* this should fail */
-    ret = wc_RsaSSL_Verify(in2, inLen, out, keySize/8, key);
+    ret = wc_RsaSSL_Verify(out, signSz, in2, inLen, key);
     if (ret != SIG_VERIFY_E) {
         ret = -1;
         goto out;
     }
     /* this should succeed */
-    ret = wc_RsaSSL_Verify(in, inLen, out, keySize/8, key);
+    ret = wc_RsaSSL_Verify(out, signSz, in, inLen, key);
     if (ret < 0) {
         ret = -1;
         goto out;
@@ -1223,6 +1225,7 @@ int tsip_crypt_test(void)
 
         }
 
+#ifdef HAVE_AESGCM
         if (ret == 0) {
 
             ret = tsip_aesgcm128_test(1, &g_user_aes128_key_index1);
@@ -1234,8 +1237,10 @@ int tsip_crypt_test(void)
             ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1);
 
         }
-   #if defined(WOLFSSL_KEY_GEN) && \
-       defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+#endif
+
+#if defined(WOLFSSL_KEY_GEN) && \
+    defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 
         if (ret == 0) {
             Clr_CallbackCtx(&userContext);
@@ -1248,20 +1253,21 @@ int tsip_crypt_test(void)
 
 #if RSA_MIN_SIZE <= 1024
         if (ret == 0) {
-        	userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
+            userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
             printf(" tsip_rsa_test(1024)");
             ret = tsip_rsa_test(1, 1024);
             RESULT_STR(ret)
         }
 #endif
         if (ret == 0) {
-        	userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
+            userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
             printf(" tsip_rsa_test(2048)");
             ret = tsip_rsa_test(1, 2048);
             RESULT_STR(ret)
         }
 
 
+#if RSA_MIN_SIZE <= 1024
         if (ret == 0) {
             printf(" tsip_rsa_SignVerify_test(1024)");
 
@@ -1274,6 +1280,7 @@ int tsip_crypt_test(void)
         }
 
         Clr_CallbackCtx(&userContext);
+#endif
 
         if (ret == 0) {
             printf(" tsip_rsa_SignVerify_test(2048)");
@@ -1287,12 +1294,11 @@ int tsip_crypt_test(void)
         }
 
         Clr_CallbackCtx(&userContext);
-   #endif
+#endif /* WOLFSSL_KEY_GEN && WOLFSSL_RENESAS_TSIP_CRYPTONLY */
     }
-    else
+    else {
         ret = -1;
-
-
+    }
     return ret;
 }
 
diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c
@@ -279,6 +279,16 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
             }
         #endif
         }
+        if (info->pk.type == WC_PK_TYPE_RSA_GET_SIZE) {
+            if (cbInfo->wrappedKeyType == TSIP_KEY_TYPE_RSA2048) {
+                *info->pk.rsa_get_size.keySize = 256;
+                ret = 0;
+            }
+            else if (cbInfo->wrappedKeyType == TSIP_KEY_TYPE_RSA1024) {
+                *info->pk.rsa_get_size.keySize = 128;
+                ret = 0;
+            }
+        }
     #endif /* !NO_RSA */
     #if defined(HAVE_ECC)
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
@@ -234,7 +234,7 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
                 plain.pdata = (uint8_t*)info->pk.rsa.in;
                 plain.data_length = info->pk.rsa.inLen;
                 cipher.pdata = (uint8_t*)info->pk.rsa.out;
-                cipher.data_length = info->pk.rsa.outLen;
+                cipher.data_length = *(info->pk.rsa.outLen);
 
                 if (keySize == TSIP_KEY_TYPE_RSA1024) {
                     ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,
@@ -250,13 +250,13 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
                     return BAD_FUNC_ARG;
                 }
                 if (ret == 0) {
-                    info->pk.rsa.outLen = cipher.data_length;
+                    *(info->pk.rsa.outLen) = cipher.data_length;
                 }
             }
             else if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT)
             {
                 plain.pdata = (uint8_t*)info->pk.rsa.out;
-                plain.data_length = info->pk.rsa.outLen;
+                plain.data_length = *(info->pk.rsa.outLen);
                 cipher.pdata = (uint8_t*)info->pk.rsa.in;
                 cipher.data_length = info->pk.rsa.inLen;
 
@@ -274,7 +274,7 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
                     return BAD_FUNC_ARG;
                 }
                 if (ret == 0) {
-                    info->pk.rsa.outLen = plain.data_length;
+                    *(info->pk.rsa.outLen) = plain.data_length;
                 }
             }
             tsip_hw_unlock();
@@ -314,13 +314,13 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
     }
 
     if (tsip_RsakeyImport(tuc) == 0) {
-        hashData.pdata = (uint8_t*)info->pk.rsa.in;
-        hashData.data_length = info->pk.rsa.inLen;
+        hashData.pdata = (uint8_t*)info->pk.rsa.out;
+        hashData.data_length = *(info->pk.rsa.outLen);
         hashData.data_type =
             tuc->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
 
-        sigData.pdata = (uint8_t*)info->pk.rsa.out;
-        sigData.data_length = info->pk.rsa.outLen;
+        sigData.pdata = (uint8_t*)info->pk.rsa.in;
+        sigData.data_length = info->pk.rsa.inLen;
 
         if ((ret = tsip_hw_lock()) == 0) {
             switch (tuc->wrappedKeyType) {
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
@@ -1497,6 +1497,10 @@ typedef struct w64wrapper {
         #if !defined(__MINGW32__)
             #define WOLFSSL_THREAD_NO_JOIN __cdecl
         #endif
+    #elif defined(THREADX)
+        typedef unsigned int   THREAD_RETURN;
+        typedef TX_THREAD      THREAD_TYPE;
+        #define WOLFSSL_THREAD
     #else
         typedef unsigned int  THREAD_RETURN;
         typedef size_t        THREAD_TYPE;

Original file line number	Diff line number	Diff line change
`@@ -234,7 +234,7 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)`
`234`	`234`	`plain.pdata = (uint8_t*)info->pk.rsa.in;`
`235`	`235`	`plain.data_length = info->pk.rsa.inLen;`
`236`	`236`	`cipher.pdata = (uint8_t*)info->pk.rsa.out;`
`237`		`- cipher.data_length = info->pk.rsa.outLen;`
	`237`	`+ cipher.data_length = *(info->pk.rsa.outLen);`
`238`	`238`
`239`	`239`	`if (keySize == TSIP_KEY_TYPE_RSA1024) {`
`240`	`240`	`ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,`
`@@ -250,13 +250,13 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)`
`250`	`250`	`return BAD_FUNC_ARG;`
`251`	`251`	`}`
`252`	`252`	`if (ret == 0) {`
`253`		`- info->pk.rsa.outLen = cipher.data_length;`
	`253`	`+ *(info->pk.rsa.outLen) = cipher.data_length;`
`254`	`254`	`}`
`255`	`255`	`}`
`256`	`256`	`else if (type == RSA_PRIVATE_DECRYPT \|\| type == RSA_PRIVATE_ENCRYPT)`
`257`	`257`	`{`
`258`	`258`	`plain.pdata = (uint8_t*)info->pk.rsa.out;`
`259`		`- plain.data_length = info->pk.rsa.outLen;`
	`259`	`+ plain.data_length = *(info->pk.rsa.outLen);`
`260`	`260`	`cipher.pdata = (uint8_t*)info->pk.rsa.in;`
`261`	`261`	`cipher.data_length = info->pk.rsa.inLen;`
`262`	`262`
`@@ -274,7 +274,7 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)`
`274`	`274`	`return BAD_FUNC_ARG;`
`275`	`275`	`}`
`276`	`276`	`if (ret == 0) {`
`277`		`- info->pk.rsa.outLen = plain.data_length;`
	`277`	`+ *(info->pk.rsa.outLen) = plain.data_length;`
`278`	`278`	`}`
`279`	`279`	`}`
`280`	`280`	`tsip_hw_unlock();`
`@@ -314,13 +314,13 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)`
`314`	`314`	`}`
`315`	`315`
`316`	`316`	`if (tsip_RsakeyImport(tuc) == 0) {`
`317`		`- hashData.pdata = (uint8_t*)info->pk.rsa.in;`
`318`		`- hashData.data_length = info->pk.rsa.inLen;`
	`317`	`+ hashData.pdata = (uint8_t*)info->pk.rsa.out;`
	`318`	`+ hashData.data_length = *(info->pk.rsa.outLen);`
`319`	`319`	`hashData.data_type =`
`320`	`320`	`tuc->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */`
`321`	`321`
`322`		`- sigData.pdata = (uint8_t*)info->pk.rsa.out;`
`323`		`- sigData.data_length = info->pk.rsa.outLen;`
	`322`	`+ sigData.pdata = (uint8_t*)info->pk.rsa.in;`
	`323`	`+ sigData.data_length = info->pk.rsa.inLen;`
`324`	`324`
`325`	`325`	`if ((ret = tsip_hw_lock()) == 0) {`
`326`	`326`	`switch (tuc->wrappedKeyType) {`