RI600V4 (ITRON) RTOS用BSPパッケージ
第8章：セキュリティ機能の評価
評価ボード：Renesas RX72N Envision Kit

emSecure：不正改造・不正量産を防ぐセキュリティゲートウェイ

テストサンプル

Demo Sample Application Folder：

Application
 └ _Exclude
     ├ SECURE  ....... emSecureライブラリのデモサンプル

Sample	説明
SECURE_RSA_Bench_Performance	RSA鍵のデジタル署名を使用してメッセージのSign・Verifyパフォーマンスを確認します

emSecure：ビルド・動作確認方法

プロジェクト設定では「\Application\_Exclude\SECURE」フォルダはビルド対象外に設定しています。

「\Application\_Exclude\SECURE」フォルダ下のテストサンプルファイルをビルド対象設定の「\Application」フォルダ下にコピーします。
プロジェクトを再ビルドし、評価ボードに接続してデバッグセッションを開始します。
デバッガのIOコンソールのログ画面から結果を確認します。

テストレポート（emSecure）

Sample: SECURE_RSA_Bench_Performance

Debug IO Console:

Eval Board: RX72N Envision Kit
Base: Renesas RI600V4 RTOS
------------------------------------------------
emSecure-RSA Performance Benchmark compiled May  3 2024 16:06:18

Compiler: CC-RX V3.05.00
System:   Processor speed             = 240.000 MHz
Config:   CRYPTO_VERSION              = 24001 [2.40a]
Config:   SECURE_RSA_VERSION          = 24600 [2.46]
Config:   CRYPTO_MPI_BITS_PER_LIMB    = 32
Config:   SECURE_RSA_MAX_KEY_LENGTH   = 2048 bits
Config:   SECURE_RSA_HASH_FUNCTION    = SHA1
Config:   SECURE_RSA_SIGNATURE_SCHEME = PSS

Sign/Verify Performance
=======================

+----------+----------+----------+----------+
|  Modulus |  Message |     Sign |   Verify |
|    /bits |   /bytes |      /ms |      /ms |
+----------+----------+----------+----------+
|      512 |        0 |    10.73 |     0.73 |
|      512 |     1024 |    10.88 |     0.92 |
|      512 |   102400 |    27.83 |    17.88 |
+----------+----------+----------+----------+
|     1024 |        0 |    56.78 |     2.03 |
|     1024 |     1024 |    56.94 |     2.21 |
|     1024 |   102400 |    73.86 |    19.19 |
+----------+----------+----------+----------+
|     2048 |        0 |   358.00 |     7.63 |
|     2048 |     1024 |   357.33 |     7.79 |
|     2048 |   102400 |   374.33 |    24.73 |
+----------+----------+----------+----------+

Benchmark complete

STOP.

emSSL：SSL/TLSセキュア通信

テストサンプル

SSL Application Folder：

Application
 └ _Exclude
     ├ SSL  ....... emSSLライブラリのデモサンプル

Sample	説明
SSL_OS_Scan	指定WEBサーバー対応の暗号スイートをスキャンして結果を表示します
SSL_OS_SimpleWebClient	SSLクライアントから指定WEBサーバーに接続します
SSL_OS_SimpleWebServer	簡単なセキュアWEBサーバー（HTTPS）を実装します

emSSL：ビルド・動作確認方法

プロジェクト設定では「\Application\_Exclude\SSL」フォルダはビルド対象外に設定しています。

「\_Exclude\SSL」フォルダ下の動作確認を行うテストサンプルファイルをビルド対象設定の「\Application」フォルダ下にコピーします。
プロジェクトを再ビルドし、評価ボードに接続してデバッグセッションを開始します。
デバッガのIOコンソールのログ画面から結果を確認します。

テストレポート（emSSL）

Sample: SSL_OS_Scan

File: SSL_OS_Scan.c （サーバーIPアドレス設定）

#define HOST         "www.google.co.jp"
#define PORT         443

Debug IO Console:

4:026 DHCPc: Sending Request.
4:032 DHCPc: IFace 0: Using IP: 192.168.0.4, Mask: 255.255.255.0, GW: 192.168.0.1.
4:048 Scanning cipher suites on www.google.co.jp:443
4:069 C008  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA         Received Handshake Failure alert
4:321 C009  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA          TLS 1.2   199 ms processing,    52 ms socket,   251 ms total
4:334 C023  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256       Received Handshake Failure alert
4:347 C0AC  TLS_ECDHE_ECDSA_WITH_AES_128_CCM              Received Handshake Failure alert
4:359 C0AE  TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8            Received Handshake Failure alert
4:610 C02B  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       TLS 1.2   199 ms processing,    50 ms socket,   249 ms total
4:863 C00A  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA          TLS 1.2   200 ms processing,    51 ms socket,   251 ms total
4:875 C024  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384       Received Handshake Failure alert
4:886 C0AD  TLS_ECDHE_ECDSA_WITH_AES_256_CCM              Received Handshake Failure alert
4:900 C0AF  TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8            Received Handshake Failure alert
5:156 C02C  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       TLS 1.2   202 ms processing,    52 ms socket,   254 ms total
5:169 C048  TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256      Received Handshake Failure alert
5:180 C05C  TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256      Received Handshake Failure alert
5:192 C049  TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384      Received Handshake Failure alert
5:203 C05D  TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384      Received Handshake Failure alert
5:216 C072  TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  Received Handshake Failure alert
5:228 C086  TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  Received Handshake Failure alert
5:241 C073  TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  Received Handshake Failure alert
5:254 C087  TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  Received Handshake Failure alert
5:265 C007  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA              Received Handshake Failure alert
5:517 CCA9  TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2   200 ms processing,    51 ms socket,   251 ms total
5:530 C012  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA           Received Handshake Failure alert
5:729 C013  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA            TLS 1.2   145 ms processing,    53 ms socket,   198 ms total
5:742 C027  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256         Received Handshake Failure alert
5:941 C02F  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         TLS 1.2   145 ms processing,    53 ms socket,   198 ms total
6:139 C014  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA            TLS 1.2   144 ms processing,    52 ms socket,   196 ms total
6:151 C028  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384         Received Handshake Failure alert
6:351 C030  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         TLS 1.2   146 ms processing,    52 ms socket,   198 ms total
6:364 C04C  TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256        Received Handshake Failure alert
6:488 C060  TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256        Received Handshake Failure alert
6:501 C04D  TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384        Received Handshake Failure alert
6:513 C061  TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384        Received Handshake Failure alert
6:526 C076  TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256    Received Handshake Failure alert
6:538 C08A  TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256    Received Handshake Failure alert
6:549 C077  TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384    Received Handshake Failure alert
6:561 C08B  TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384    Received Handshake Failure alert
6:573 C011  TLS_ECDHE_RSA_WITH_RC4_128_SHA                Received Handshake Failure alert
6:773 CCA8  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   TLS 1.2   145 ms processing,    53 ms socket,   198 ms total
6:786 C002  TLS_ECDH_ECDSA_WITH_RC4_128_SHA               Received Handshake Failure alert
6:798 C003  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA          Received Handshake Failure alert
6:810 C004  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA           Received Handshake Failure alert
6:823 C025  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256        Received Handshake Failure alert
6:835 C02D  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256        Received Handshake Failure alert
6:848 C005  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA           Received Handshake Failure alert
6:861 C026  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384        Received Handshake Failure alert
6:872 C02E  TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384        Received Handshake Failure alert
6:885 C04A  TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256       Received Handshake Failure alert
6:897 C05E  TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256       Received Handshake Failure alert
6:909 C04B  TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384       Received Handshake Failure alert
6:921 C05F  TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384       Received Handshake Failure alert
6:936 C074  TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256   Received Handshake Failure alert
6:949 C088  TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256   Received Handshake Failure alert
6:962 C075  TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384   Received Handshake Failure alert
6:975 C089  TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384   Received Handshake Failure alert
6:987 C00D  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA            Received Handshake Failure alert
7:000 C00E  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA             Received Handshake Failure alert
7:012 C029  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256          Received Handshake Failure alert
7:025 C031  TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256          Received Handshake Failure alert
7:039 C00F  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA             Received Handshake Failure alert
7:052 C02A  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384          Received Handshake Failure alert
7:066 C032  TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384          Received Handshake Failure alert
7:077 C04E  TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256         Received Handshake Failure alert
7:091 C062  TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256         Received Handshake Failure alert
7:102 C04F  TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384         Received Handshake Failure alert
7:114 C063  TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384         Received Handshake Failure alert
7:125 C078  TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256     Received Handshake Failure alert
7:137 C08C  TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256     Received Handshake Failure alert
7:149 C079  TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384     Received Handshake Failure alert
7:169 C08D  TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384     Received Handshake Failure alert
7:185 C00C  TLS_ECDH_RSA_WITH_RC4_128_SHA                 Received Handshake Failure alert
7:287 000A  TLS_RSA_WITH_3DES_EDE_CBC_SHA                 TLS 1.2    52 ms processing,    48 ms socket,   100 ms total
7:300 0096  TLS_RSA_WITH_SEED_CBC_SHA                     Received Handshake Failure alert
7:406 002F  TLS_RSA_WITH_AES_128_CBC_SHA                  TLS 1.2    51 ms processing,    53 ms socket,   104 ms total
7:419 003C  TLS_RSA_WITH_AES_128_CBC_SHA256               Received Handshake Failure alert
7:432 C09C  TLS_RSA_WITH_AES_128_CCM                      Received Handshake Failure alert
7:555 009C  TLS_RSA_WITH_AES_128_GCM_SHA256               TLS 1.2    52 ms processing,    69 ms socket,   121 ms total
7:661 0035  TLS_RSA_WITH_AES_256_CBC_SHA                  TLS 1.2    52 ms processing,    52 ms socket,   104 ms total
7:674 003D  TLS_RSA_WITH_AES_256_CBC_SHA256               Received Handshake Failure alert
7:686 C09D  TLS_RSA_WITH_AES_256_CCM                      Received Handshake Failure alert
7:789 009D  TLS_RSA_WITH_AES_256_GCM_SHA384               TLS 1.2    53 ms processing,    48 ms socket,   101 ms total
7:801 0041  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA             Received Handshake Failure alert
7:819 0084  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA             Received Handshake Failure alert
7:831 00BA  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256          Received Handshake Failure alert
7:843 00C0  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256          Received Handshake Failure alert
7:856 C07A  TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256          Received Handshake Failure alert
7:868 C07B  TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384          Received Handshake Failure alert
7:882 C03C  TLS_RSA_WITH_ARIA_128_CBC_SHA256              Received Handshake Failure alert
7:896 C03D  TLS_RSA_WITH_ARIA_256_CBC_SHA384              Received Handshake Failure alert
7:910 C050  TLS_RSA_WITH_ARIA_128_GCM_SHA256              Received Handshake Failure alert
7:968 C051  TLS_RSA_WITH_ARIA_256_GCM_SHA384              Received Handshake Failure alert
7:979 0004  TLS_RSA_WITH_RC4_128_MD5                      Received Handshake Failure alert
7:991 0005  TLS_RSA_WITH_RC4_128_SHA                      Received Handshake Failure alert
15 common cipher suites out of 92 tested

Sample: SSL_OS_SimpleWebClient

HOST: https://www.segger.com/emssl-testpage.php

Debug IO Console:

3:026 DHCPc: Sending Request.
3:032 DHCPc: IFace 0: Using IP: 192.168.0.4, Mask: 255.255.255.0, GW: 192.168.0.1.
4:213 Data: HTTP/1.1 200 OK..date: Fri, 03 May 2024 07:34:56 GMT..server: Apache..vary: Accept-Encoding..x-xss-protection: 1; mode=block..x-content-type-options: nosniff..x-ua-compatible: IE=edge..content-type: text/html; charset=UTF-8..strict-transport-security: max
4:216 Data: -age=31536000; includeSubDomains; preload;..connection: close....Welcome to www.segger.com/emssl-testpage.php!...Successfully connected via SSL...Current date is 2024-05-03...Current time is 09:34:56..
4:218 Data received, socket closed: done

Sample: SSL_OS_SimpleWebServer

Debug IO Console:

3:026 DHCPc: Sending Request.
3:032 DHCPc: IFace 0: Using IP: 192.168.0.4, Mask: 255.255.255.0, GW: 192.168.0.1.
3:079 Awaiting connection
137:048 Connection made, attempting to upgrade to secure
137:260 Session is now secured, cipher suite follows
137:263 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
137:272 Session closed
137:274 Awaiting connection

PC WebServer: https://192.168.1.12

前の章

暗号・サイファーライブラリ

次の章

USB-Hostインターフェース

目次

RI600V4 (ITRON) RTOS用BSPパッケージ
第8章：セキュリティ機能の評価
評価ボード：Renesas RX72N Envision Kit

emSecure：不正改造・不正量産を防ぐセキュリティゲートウェイ

テストサンプル

関連設定ファイル（emSecure）：

emSecure：ビルド・動作確認方法

テストレポート（emSecure）

Sample: SECURE_RSA_Bench_Performance

emSSL：SSL/TLSセキュア通信

テストサンプル

関連設定ファイル（emSSL）：

emSSL：ビルド・動作確認方法

テストレポート（emSSL）

Sample: SSL_OS_Scan

Sample: SSL_OS_SimpleWebClient

Sample: SSL_OS_SimpleWebServer

目次

RI600V4 (ITRON) RTOS用BSPパッケージ 第8章： セキュリティ機能の評価評価ボード：Renesas RX72N Envision Kit

emSecure：不正改造・不正量産を防ぐセキュリティゲートウェイ

テストサンプル

関連設定ファイル（emSecure）：

emSecure：ビルド・動作確認方法

テストレポート（emSecure）

Sample: SECURE_RSA_Bench_Performance

emSSL：SSL/TLSセキュア通信

テストサンプル

関連設定ファイル（emSSL）：

emSSL：ビルド・動作確認方法

テストレポート（emSSL）

Sample: SSL_OS_Scan

Sample: SSL_OS_SimpleWebClient

Sample: SSL_OS_SimpleWebServer

RI600V4 (ITRON) RTOS用BSPパッケージ
第8章：セキュリティ機能の評価
評価ボード：Renesas RX72N Envision Kit