Added Renesas RX TSIP encrypted updates support using AES CTR. Requires wolfSSL/wolfssl#8854

dgarske · danielinux · commit 8e6b0af105c6 · 2025-06-16T19:05:49.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -61,8 +61,8 @@ src/ecc512_pub_key.c
 src/rsa2048_pub_key.c
 src/rsa4096_pub_key.c
 # Renesas key data files
-include/key_data.c
-include/key_data.h
+include/key_data.*
+include/enckey_data.*
 
 # keygen binaries
 tools/keytools/sign
diff --git a/arch.mk b/arch.mk
@@ -470,7 +470,8 @@ ifeq ($(ARCH),RENESAS_RX)
 
     OBJS+=./lib/wolfssl/wolfcrypt/src/cryptocb.o \
           ./lib/wolfssl/wolfcrypt/src/port/Renesas/renesas_common.o \
-          ./lib/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_util.o
+          ./lib/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_util.o \
+          ./lib/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_aes.o
 
     # RX TSIP uses pre-compiled .a library by default
     ifneq ($(RX_TSIP_SRC),1)
diff --git a/docs/Renesas.md b/docs/Renesas.md
@@ -40,6 +40,7 @@ Result is `sample.key_enc.key`. Example: `00000001 6CCB9A1C 8AA58883 B1CB02DE 6C
 
 ```sh
 # Build keytools for Renesas RX (TSIP)
+# Use RENESAS_KEY=2 for TSIP
 $ make keytools RENESAS_KEY=2
 ```
 
@@ -163,6 +164,34 @@ Output image(s) successfully created.
 
 Download files to flash using Renesas flash programmer.
 
+## RX TSIP AES Encryption (optional)
+
+Create a wrapped AES key for encrypting/decrypting the update
+
+Example key: `fwenc.key`: e07227e477450b1ca266078e217a3c89cbae827a7bb117ff851bc25300163575
+Note: `.config` must include `ENCRYPT=1` and `ENCRYPT_WITH_AES256=1`
+
+```sh
+$ C:\Renesas\SecurityKeyManagementTool\cli\skmt.exe -genkey -ufpk file=./sample.key -wufpk file=./sample.key_enc.key -key file=./fwenc.key -mcu RX-TSIP -keytype AES-256 -output include/enckey_data.c -filetype csource -keyname wrap_enc_key -iv A8B14B0F5F09D73F31D4777FC0103FB4
+Output File: C:\CPG_Controls\wolfboot\include\enckey_data.h
+Output File: C:\CPG_Controls\wolfboot\include\enckey_data.c
+UFPK: B94A2B961C75510174F0C967ECFC20B377C7FB256DB627B1BFFADEE05EE98AC4
+W-UFPK: 000000016CCB9A1C8AA58883B1CB02DE6C37DA6054FB94E206EAE7204D9CCF4C6EEB288C
+IV: A8B14B0F5F09D73F31D4777FC0103FB4
+Encrypted key: 3C39BE75E9CA5CB9D2D0BBDE111CABC894A2B13F857399B05E7B140518F35D05CD97D8DF20817CEEBA2F207CC90BAF2C
+
+$ C:\Renesas\SecurityKeyManagementTool\cli\skmt.exe -genkey -ufpk file=./sample.key -wufpk file=./sample.key_enc.key -key file=./fwenc.key -mcu RX-TSIP -keytype AES-256 -output fwenc.srec -filetype "mot" -address FFFF0100 -iv A8B14B0F5F09D73F31D4777FC0103FB4
+Output File: C:\CPG_Controls\wolfboot\fwenc.srec
+UFPK: B94A2B961C75510174F0C967ECFC20B377C7FB256DB627B1BFFADEE05EE98AC4
+W-UFPK: 000000016CCB9A1C8AA58883B1CB02DE6C37DA6054FB94E206EAE7204D9CCF4C6EEB288C
+IV: A8B14B0F5F09D73F31D4777FC0103FB4
+Encrypted key: 3C39BE75E9CA5CB9D2D0BBDE111CABC894A2B13F857399B05E7B140518F35D05CD97D8DF20817CEEBA2F207CC90BAF2C
+```
+
+The offset for the wrapped AES key is determined by `RENESAS_TSIP_INSTALLEDENCKEY_ADDR` and defaults to `RENESAS_TSIP_INSTALLEDKEY_ADDR` + 0x100
+
+The key needed for the firmware signing tool is the 32 byte AES Key + 16 byte IV.
+`echo "e07227e477450b1ca266078e217a3c89cbae827a7bb117ff851bc25300163575A8B14B0F5F09D73F31D4777FC0103FB4" | xxd -r -p - > fwkey.bin`
 
 ### RX TSIP Benchmarks
 
diff --git a/hal/renesas-rx.c b/hal/renesas-rx.c
@@ -374,6 +374,8 @@ int hal_renesas_init(void)
     int err;
     uint32_t key_type = 0;
     int tsip_key_type = -1;
+    /* This structure is generated using Renesas Security Key Management Tool
+     * See docs/Renesas.md */
     struct enc_pub_key *encrypted_user_key_data;
 
     if (sipInitDone)
diff --git a/include/encrypt.h b/include/encrypt.h
@@ -38,6 +38,9 @@
 #else
 #include <wolfssl/wolfcrypt/aes.h>
 #endif
+#ifdef WOLF_CRYPTO_CB
+#include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
 
 #include <wolfssl/wolfcrypt/pwdbased.h>
 
diff --git a/include/user_settings.h b/include/user_settings.h
@@ -502,6 +502,7 @@ extern int tolower(int c);
     #define WOLF_CRYPTO_CB_ONLY_RSA
     #define WOLFSSL_NO_SW_MATH
     #define MAX_CRYPTO_DEVID_CALLBACKS 2
+    #define WOLFSSL_AES_SMALL_TABLES
 
     #ifdef WOLFBOOT_RENESAS_TSIP
         #define WOLFSSL_RENESAS_TSIP
@@ -510,6 +511,10 @@ extern int tolower(int c);
         #define WOLFSSL_RENESAS_TSIP_CRYPTONLY
         #define NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH
         #define RENESAS_TSIP_INSTALLEDKEY_ADDR 0xFFFF0000
+        #ifndef RENESAS_TSIP_INSTALLEDENCKEY_ADDR
+            #define RENESAS_TSIP_INSTALLEDENCKEY_ADDR \
+                (RENESAS_TSIP_INSTALLEDKEY_ADDR + 0x100)
+        #endif
         #define ENCRYPTED_KEY_BYTE_SIZE ENC_PUB_KEY_SIZE
         #define RENESAS_DEVID 7890
     #endif
diff --git a/src/libwolfboot.c b/src/libwolfboot.c
@@ -1553,6 +1553,7 @@ int RAMFUNCTION chacha_init(void)
 #elif defined(ENCRYPT_WITH_AES128) || defined(ENCRYPT_WITH_AES256)
 
 Aes aes_dec, aes_enc;
+
 /**
  * @brief Initialize AES encryption.
  *
@@ -1564,6 +1565,46 @@ Aes aes_dec, aes_enc;
  */
 int aes_init(void)
 {
+#if defined(WOLFBOOT_RENESAS_TSIP)
+    /* This structure is generated using Renesas Security Key Management Tool
+     * See docs/Renesas.md */
+    #include "enckey_data.h"
+    int ret;
+    int devId = RENESAS_DEVID + 1;
+    wrap_enc_key_t* enc_key =(wrap_enc_key_t*)RENESAS_TSIP_INSTALLEDENCKEY_ADDR;
+
+    XMEMSET(&aes_enc, 0, sizeof(aes_enc));
+    XMEMSET(&aes_dec, 0, sizeof(aes_dec));
+    wc_AesInit(&aes_enc, NULL, devId);
+    wc_AesInit(&aes_dec, NULL, devId);
+
+    /* Unwrap key and get key index */
+#if ENCRYPT_KEY_SIZE == 32
+    ret = R_TSIP_GenerateAes256KeyIndex(enc_key->wufpk, enc_key->initial_vector,
+        enc_key->encrypted_user_key, &aes_enc.ctx.tsip_keyIdx);
+#else
+    ret = R_TSIP_GenerateAes128KeyIndex(enc_key->wufpk, enc_key->initial_vector,
+        enc_key->encrypted_user_key, &aes_enc.ctx.tsip_keyIdx);
+#endif
+    if (ret == TSIP_SUCCESS) {
+        /* copy to decryption key */
+        XMEMCPY(&aes_dec.ctx, &aes_enc.ctx, sizeof(aes_enc.ctx));
+
+        /* register AES crypto callback */
+        extern int wc_tsip_AesCipher(int devIdArg, struct wc_CryptoInfo* info, void* ctx);
+        wc_CryptoCb_RegisterDevice(devId, wc_tsip_AesCipher, NULL);
+
+        encrypt_initialized = 1;
+
+        /* AES_ENCRYPTION is used for both directions in CTR */
+        /* unwrapped key never leaves TSIP and is referenced by tsip_keyIdx */
+        wc_AesSetKeyDirect(&aes_enc, enc_key->encrypted_user_key,
+            ENCRYPT_KEY_SIZE, enc_key->initial_vector, AES_ENCRYPTION);
+        wc_AesSetKeyDirect(&aes_dec, enc_key->encrypted_user_key,
+            ENCRYPT_KEY_SIZE, enc_key->initial_vector, AES_ENCRYPTION);
+    }
+#else
+
 #if defined(MMU) || defined(UNIT_TEST)
     uint8_t *key = ENCRYPT_KEY;
 #else
@@ -1582,8 +1623,8 @@ int aes_init(void)
 
     XMEMSET(&aes_enc, 0, sizeof(aes_enc));
     XMEMSET(&aes_dec, 0, sizeof(aes_dec));
-    wc_AesInit(&aes_enc, NULL, 0);
-    wc_AesInit(&aes_dec, NULL, 0);
+    wc_AesInit(&aes_enc, NULL, INVALID_DEVID);
+    wc_AesInit(&aes_dec, NULL, INVALID_DEVID);
 
     /* Check against 'all 0xff' or 'all zero' cases */
     XMEMSET(ff, 0xFF, ENCRYPT_KEY_SIZE);
@@ -1599,6 +1640,7 @@ int aes_init(void)
     wc_AesSetKeyDirect(&aes_enc, key, ENCRYPT_KEY_SIZE, iv_buf, AES_ENCRYPTION);
     wc_AesSetKeyDirect(&aes_dec, key, ENCRYPT_KEY_SIZE, iv_buf, AES_ENCRYPTION);
     encrypt_initialized = 1;
+#endif
     return 0;
 }
 
