I'm evaluating the Renesas RX65N MCU EV Kit. In this post, I'm reviewing the SHA options.
source: Renesas SHA package documentation |
SHA Hardware Accelerated vs Software
The RX family has models that come with a hardware accelerator for encryption. These devices will offload many of the manipulations of the data encryption and decryption
source: e14 road test home page
In particular when you're using the device in secure communication (e.g. with AWS) this module is one you should consider.
The Envision board has R5F565NEDDFB model. That one does not have the silicon accelerator.
.
source: Renesas datasheet, annotated
Oddly, the dedicated evaluation kit for secure communication with AWS uses the R5F565NEDDFP that also doesn't sport the encryption blocks..
In the case the hardware module isn't available, the functionality is done fully in software. That's perfect for the functionality the kit is targeting.
A typical use of SHA in these type of application is inside a secure bootloader, where you validate firmware's signature when loading a new version.
That's not time-critical and can be done by the CPU itself (see the out-of box example that only accepts firmware from a USB stick if it's signed with a known key).
Example Code
The Renesas SHA download for RX contains an example. It's built for another IDE but very easy to use in e2 studio.
The example is straightforward: It has the known SHA1 and SHA256 digest values for a string of 20 zeros.
It will create a digest for such an array in code too, then verfy that the value is as exepted by comparing it with the known good outcome.
Several mechanisms are used. Single data buffer calculation and incremental calculation for segmented buffers.
Check the example for all details. I'm showing a simple buffer SHA1 and a multi-buffer SHA256 below:
Known digests for an array of 64 zeroes:
const uint8_t sha1_comp[20] = {
0xc8, 0xd7, 0xd0, 0xef, 0x0e, 0xed, 0xfa, 0x82, 0xd2, 0xea, 0x1a, 0xa5, 0x92, 0x84, 0x5b, 0x9a, 0x6d, 0x4b, 0x02, 0xb7};
const uint8_t sha256_comp[32] = {
0xf5, 0xa5, 0xfd, 0x42, 0xd1, 0x6a, 0x20, 0x30, 0x27, 0x98, 0xef, 0x6e, 0xd3, 0x09, 0x97, 0x9b, 0x43, 0x00, 0x3d, 0x23, 0x20, 0xd9, 0xf0, 0xe8, 0xea, 0x98, 0x31, 0xa9, 0x27, 0x59, 0xfb, 0x4b};
Snippet of a single-shot and incremental test, all digesting the 64 character array then comparing the resulting digest:
flag = R_SHA_INIT | R_SHA_FINISH;
length = 64;
if (R_Sha1_HashDigest(message_sha, hdat_sha1, length, flag, &work_sha1) != R_PROCESS_COMPLETE) {
fatal_error_sha(1);
}
if( memcmp( &sha1_comp[0], hdat_sha1, 20) != 0)
{
fatal_error_sha(2);
}
// ...
flag = R_SHA_INIT;
length = 20;
if (R_Sha256_HashDigest( message_sha, hdat_sha256, length, flag, &work_sha256) != R_PROCESS_COMPLETE) {
fatal_error_sha(15);
}
flag = R_SHA_ADD;
length = 20;
if (R_Sha256_HashDigest( &message_sha[20], hdat_sha256, length, flag, &work_sha256) != R_PROCESS_COMPLETE) {
fatal_error_sha(16);
}
flag = R_SHA_FINISH;
length = 24;
if (R_Sha256_HashDigest( &message_sha[40], hdat_sha256, length, flag, &work_sha256) != R_PROCESS_COMPLETE) {
fatal_error_sha(17);
}
if( memcmp( &sha256_comp[0], hdat_sha256, 32) != 0) {
fatal_error_sha(18);
}
}
Creating the Example Project in e2 studio
The example in the SHA packet is for a different IDE. Let's create a e2 studio one for it.
To create the project, se the exact same steps as in blog #1. You have to choose the CC-RX toolchain. The Renesas SHA lib is not compatible with GCC's linker.
Once it's created, do these modifications in the Properties:
Add an environment variable that points to the place where you installed Renesas' SHA lib:
Then, add the SHA include files and set RX definition (not critical, but the build will use the RX own includes where appliccable instead of pulling in the dedicated ones for this lib).
Include dir: "${SHA_INSTALL_DIR}/lib"
Macro definition: RX
Include the precompiled lib in the linker settings:
library files: "${SHA_INSTALL_DIR}/lib/sha_rx600_little.lib"
Then, copy/paste the example source into the project.
You can do that via the File -> Import menu, or just copy/pasting the file ${SHA_INSTALL_DIR}/sample/src/sha_sample.c. with your OS's file explorer.
Take care that you copy the file, when asked by Eclipse. Don't use the advanced link functionality if you plan to play with it and change it for experiments.
Then, in the main file generated by you (by following the steps of blog #1, replace the whole content by this:
/***********************************************************************
*
* FILE : RX65_ssh.c
* DATE : 2019-12-01
* DESCRIPTION : Main Program
*
* NOTE:THIS IS A TYPICAL EXAMPLE.
*
***********************************************************************/
#include "r_smc_entry.h"
void main(void);
int sha_main(void);
void main(void){
int i;
i = sha_main();
}
Debug and enjoy. You'll see the library creates the digests, then compares them with the expected value.
If your code ever falls into a fatal_errorxxxx() section, you know something is wrong. This should not happen.
For your convenience, I've attached a e2 studio project.
Before you build it, navigate to the project properties, then change the SHA_INSTALL_DIR build variable to point to the location where you installed Renesas' SHA package on your computer.
